{ "0004db27-9ea6-4387-ab1d-b95558784ed9": { "id": "0004db27-9ea6-4387-ab1d-b95558784ed9", "title": "We\u2019re Open! <= 1.37 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "We\u2019re Open!", "slug": "opening-hours", "affected_versions": { "* - 1.37": { "from_version": "*", "from_inclusive": true, "to_version": "1.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0004db27-9ea6-4387-ab1d-b95558784ed9?source=api-scan" ], "published": "2022-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0007d830-2e68-4c2f-8fac-f4363bc2d73d": { "id": "0007d830-2e68-4c2f-8fac-f4363bc2d73d", "title": "Gift Cards (Gift Vouchers and Packages) <= 4.3.5 - Cross-Site Request Forgery in new_voucher_template.php", "software": [ { "type": "plugin", "name": "Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)", "slug": "gift-voucher", "affected_versions": { "* - 4.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0007d830-2e68-4c2f-8fac-f4363bc2d73d?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00086b84-c1ec-447a-a536-1c73eac1cc85": { "id": "00086b84-c1ec-447a-a536-1c73eac1cc85", "title": "MOLIE <= 0.5 - SQL Injection", "software": [ { "type": "plugin", "name": "MOLIE \u2013 Instructure Canvas Linking tool", "slug": "molie-instructure-canvas-linking-tool", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00086b84-c1ec-447a-a536-1c73eac1cc85?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0008b460-0c28-4e72-9c87-eda91989e39a": { "id": "0008b460-0c28-4e72-9c87-eda91989e39a", "title": "Site Favicon <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Favicon", "slug": "site-favicon", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0008b460-0c28-4e72-9c87-eda91989e39a?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "000bf956-1781-4596-ac12-81691fdd789c": { "id": "000bf956-1781-4596-ac12-81691fdd789c", "title": "PWA \u2014 easy way to Progressive Web App <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "PWA \u2014 easy way to Progressive Web App", "slug": "iworks-pwa", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/000bf956-1781-4596-ac12-81691fdd789c?source=api-scan" ], "published": "2024-10-01 19:03:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0016c624-9c0c-4157-8597-8b374dff7f14": { "id": "0016c624-9c0c-4157-8597-8b374dff7f14", "title": "WP Socializer \u2013 Simple & Easy Social Media Share Icons <= 7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Socializer \u2013 Simple & Easy Social Media Share Icons", "slug": "wp-socializer", "affected_versions": { "* - 7.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0016c624-9c0c-4157-8597-8b374dff7f14?source=api-scan" ], "published": "2022-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00187815-6706-4ec9-a566-4836de0d17c6": { "id": "00187815-6706-4ec9-a566-4836de0d17c6", "title": "Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00187815-6706-4ec9-a566-4836de0d17c6?source=api-scan" ], "published": "2019-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "001a7d43-4b00-42e9-bb0c-94a9d5721166": { "id": "001a7d43-4b00-42e9-bb0c-94a9d5721166", "title": "BuddyPress <= 7.2.0 - Authorization Bypass to Private Message Disclosure", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 7.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/001a7d43-4b00-42e9-bb0c-94a9d5721166?source=api-scan" ], "published": "2021-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "001e066f-6add-4426-8cd7-32229a9188d1": { "id": "001e066f-6add-4426-8cd7-32229a9188d1", "title": "User Activity Log <= 1.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/001e066f-6add-4426-8cd7-32229a9188d1?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "001f25c8-d9b5-4b24-9cd1-be726916079c": { "id": "001f25c8-d9b5-4b24-9cd1-be726916079c", "title": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery <= 3.59.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Gallery", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.59.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.59.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.59.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/001f25c8-d9b5-4b24-9cd1-be726916079c?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00234d96-cece-4217-89c9-1a329887e8da": { "id": "00234d96-cece-4217-89c9-1a329887e8da", "title": "WidgetShortcode <= 0.3.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WidgetShortcode", "slug": "widgetshortcode", "affected_versions": { "* - 0.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00234d96-cece-4217-89c9-1a329887e8da?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00243844-a2ec-42fd-84d9-03e89619e361": { "id": "00243844-a2ec-42fd-84d9-03e89619e361", "title": "Abandoned Cart Lite for WooCommerce < 1.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00243844-a2ec-42fd-84d9-03e89619e361?source=api-scan" ], "published": "2015-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00272fe2-52aa-4183-8b57-6b51ad57c657": { "id": "00272fe2-52aa-4183-8b57-6b51ad57c657", "title": "Forminator <= 1.24.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.24.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00272fe2-52aa-4183-8b57-6b51ad57c657?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00274313-9079-4877-b72e-310e312aa814": { "id": "00274313-9079-4877-b72e-310e312aa814", "title": "Backup Migration <= 1.2.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00274313-9079-4877-b72e-310e312aa814?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "002c6fea-4b76-47a6-9a39-1195f18aa6f6": { "id": "002c6fea-4b76-47a6-9a39-1195f18aa6f6", "title": "Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Live Scores for SportsPress", "slug": "live-scores-for-sportspress", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/002c6fea-4b76-47a6-9a39-1195f18aa6f6?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00323c12-151d-42e4-a85c-76400bce1ec8": { "id": "00323c12-151d-42e4-a85c-76400bce1ec8", "title": "Header Footer Code Manager <= 1.1.13 - Authenticated SQL Injections", "software": [ { "type": "plugin", "name": "Header Footer Code Manager", "slug": "header-footer-code-manager", "affected_versions": { "[*, 1.1.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00323c12-151d-42e4-a85c-76400bce1ec8?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "003694f8-23be-4c94-899d-76b9b8488202": { "id": "003694f8-23be-4c94-899d-76b9b8488202", "title": "kk Star Ratings <= 5.4.5 - Race Condition to Multiple User Voting", "software": [ { "type": "plugin", "name": "kk Star Ratings \u2013 Rate Post & Collect User Feedbacks", "slug": "kk-star-ratings", "affected_versions": { "* - 5.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/003694f8-23be-4c94-899d-76b9b8488202?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00376356-4a85-4898-a101-710e1cb5c6bb": { "id": "00376356-4a85-4898-a101-710e1cb5c6bb", "title": "WordPress Core <= 3.3 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00376356-4a85-4898-a101-710e1cb5c6bb?source=api-scan" ], "published": "2012-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "004206fd-c46e-48d7-93f1-884b3261fdb6": { "id": "004206fd-c46e-48d7-93f1-884b3261fdb6", "title": "AccessPress Social Icons <= 1.6.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AccessPress Social Icons", "slug": "accesspress-social-icons", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/004206fd-c46e-48d7-93f1-884b3261fdb6?source=api-scan" ], "published": "2017-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0042d5ba-62de-404e-9516-67cae618f684": { "id": "0042d5ba-62de-404e-9516-67cae618f684", "title": "Fastly <= 0.97 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fastly", "slug": "fastly", "affected_versions": { "* - 0.97": { "from_version": "*", "from_inclusive": true, "to_version": "0.97", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.98" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0042d5ba-62de-404e-9516-67cae618f684?source=api-scan" ], "published": "2015-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0045c5a4-0807-4e89-8639-0802e54ce6ab": { "id": "0045c5a4-0807-4e89-8639-0802e54ce6ab", "title": "SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget", "software": [ { "type": "plugin", "name": "SiteOrigin Widgets Bundle", "slug": "so-widgets-bundle", "affected_versions": { "* - 1.62.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.62.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.62.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0045c5a4-0807-4e89-8639-0802e54ce6ab?source=api-scan" ], "published": "2024-07-30 07:35:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00500322-0984-49f5-8a6f-8cf72d125e6a": { "id": "00500322-0984-49f5-8a6f-8cf72d125e6a", "title": "WP-DBManager <= 2.80.7 - Authenticated (Admin+) Remote Code Execution on Multi-Site", "software": [ { "type": "plugin", "name": "WP-DBManager", "slug": "wp-dbmanager", "affected_versions": { "* - 2.80.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.80.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.80.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00500322-0984-49f5-8a6f-8cf72d125e6a?source=api-scan" ], "published": "2022-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "005032e2-b5aa-44d8-855f-2aceee9e740f": { "id": "005032e2-b5aa-44d8-855f-2aceee9e740f", "title": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End <= 20240319 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "slug": "user-submitted-posts", "affected_versions": { "* - 20240319": { "from_version": "*", "from_inclusive": true, "to_version": "20240319", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240516" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/005032e2-b5aa-44d8-855f-2aceee9e740f?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0051e869-47b1-42ea-911a-49a4462d33ca": { "id": "0051e869-47b1-42ea-911a-49a4462d33ca", "title": "WP-Contact <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Contact", "slug": "wp-contact-sidebar-widget", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0051e869-47b1-42ea-911a-49a4462d33ca?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "005234f9-8ae2-455a-8dcd-5d29a6051270": { "id": "005234f9-8ae2-455a-8dcd-5d29a6051270", "title": "Image Slider <= 1.1.119 - Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "Image Slider", "slug": "image-slider-widget", "affected_versions": { "* - 1.1.119": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.119", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.121" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/005234f9-8ae2-455a-8dcd-5d29a6051270?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00599865-9091-46e1-b2a9-78cbd10f6f22": { "id": "00599865-9091-46e1-b2a9-78cbd10f6f22", "title": "W3 Total Cache <= 0.9.2.4 - Password Hash Extraction", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00599865-9091-46e1-b2a9-78cbd10f6f22?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "005a27c6-b9eb-466c-b0c3-ce52c25bb321": { "id": "005a27c6-b9eb-466c-b0c3-ce52c25bb321", "title": "XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Waitlist Woocommerce ( Back in stock notifier )", "slug": "waitlist-woocommerce", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] }, { "type": "plugin", "name": "Side Cart Woocommerce | Woocommerce Cart", "slug": "side-cart-woocommerce", "affected_versions": { "2.5": { "from_version": "2.5", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] }, { "type": "plugin", "name": "Login\/Signup Popup ( Inline Form + Woocommerce )", "slug": "easy-login-woocommerce", "affected_versions": { "2.7.1 - 2.7.2": { "from_version": "2.7.1", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] }, { "type": "plugin", "name": "OTP Login Woocommerce (Login with OTP)", "slug": "mobile-login-woocommerce", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=api-scan" ], "published": "2024-06-05 13:11:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "005b22a5-9899-4d67-8353-5322ed0b4ae6": { "id": "005b22a5-9899-4d67-8353-5322ed0b4ae6", "title": "Tabs For WPBakery Page Builder <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tabs For WPBakery Page Builder (formerly Visual Composer)", "slug": "tabs-for-visual-composer", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/005b22a5-9899-4d67-8353-5322ed0b4ae6?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "005b56c7-55ae-4db0-9ab2-3e22bd8a08ae": { "id": "005b56c7-55ae-4db0-9ab2-3e22bd8a08ae", "title": "Spiffy Calendar <= 4.9.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/005b56c7-55ae-4db0-9ab2-3e22bd8a08ae?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "005bf2f0-892f-4248-afe3-263ae3d2ac54": { "id": "005bf2f0-892f-4248-afe3-263ae3d2ac54", "title": "Comments \u2013 wpDiscuz <= 7.6.18 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.18": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/005bf2f0-892f-4248-afe3-263ae3d2ac54?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "005fa621-3c49-4c23-add5-d6b7a9110055": { "id": "005fa621-3c49-4c23-add5-d6b7a9110055", "title": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 - 2.8.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "2.1.3 - 2.8.2": { "from_version": "2.1.3", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/005fa621-3c49-4c23-add5-d6b7a9110055?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "005fc05c-6d82-49ca-b114-a3e64a3a572f": { "id": "005fc05c-6d82-49ca-b114-a3e64a3a572f", "title": "Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.36": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/005fc05c-6d82-49ca-b114-a3e64a3a572f?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00622a39-7230-4263-8e25-b0917df80191": { "id": "00622a39-7230-4263-8e25-b0917df80191", "title": "Edit Comments XT <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Edit Comments XT", "slug": "edit-comments-xt", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00622a39-7230-4263-8e25-b0917df80191?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0064244b-72a4-486d-aaad-be1f57e4a8a1": { "id": "0064244b-72a4-486d-aaad-be1f57e4a8a1", "title": "Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure", "software": [ { "type": "plugin", "name": "Add Admin CSS", "slug": "add-admin-css", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0064244b-72a4-486d-aaad-be1f57e4a8a1?source=api-scan" ], "published": "2024-07-26 13:03:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "006544c9-09ed-4cda-a903-4e3959fdb676": { "id": "006544c9-09ed-4cda-a903-4e3959fdb676", "title": "Appointment Booking Calendar <= 1.3.34 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "[*, 1.3.35)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/006544c9-09ed-4cda-a903-4e3959fdb676?source=api-scan" ], "published": "2020-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00687370-8374-44cc-8fd1-53b462acd061": { "id": "00687370-8374-44cc-8fd1-53b462acd061", "title": "iPanorama 360 \u2013 WordPress Virtual Tour Builder <= 1.7.3 - Authenticated (Admin+) SQL injection", "software": [ { "type": "plugin", "name": "iPanorama 360 \u2013 WordPress Virtual Tour Builder", "slug": "ipanorama-360-virtual-tour-builder-lite", "affected_versions": { "[*, 1.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00687370-8374-44cc-8fd1-53b462acd061?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "007af51b-95b5-4b12-9f74-abf31f6de341": { "id": "007af51b-95b5-4b12-9f74-abf31f6de341", "title": "Real Estate 7 <= 3.3.4 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Real Estate 7 WordPress", "slug": "realestate-7", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/007af51b-95b5-4b12-9f74-abf31f6de341?source=api-scan" ], "published": "2023-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "007d8935-974f-4bc4-833e-25ca50a50a29": { "id": "007d8935-974f-4bc4-833e-25ca50a50a29", "title": "Button contact VR <= 4.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Button contact VR", "slug": "button-contact-vr", "affected_versions": { "* - 4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/007d8935-974f-4bc4-833e-25ca50a50a29?source=api-scan" ], "published": "2024-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "007ec879-7241-4dd2-9b81-93e44786bbcb": { "id": "007ec879-7241-4dd2-9b81-93e44786bbcb", "title": "Catch Themes Demo Import <= 1.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Catch Themes Demo Import", "slug": "catch-themes-demo-import", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/007ec879-7241-4dd2-9b81-93e44786bbcb?source=api-scan" ], "published": "2021-10-21 16:05:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0089498d-c4b3-4167-8bf4-8d9f68a4cbd0": { "id": "0089498d-c4b3-4167-8bf4-8d9f68a4cbd0", "title": "Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timely All-in-One Events Calendar", "slug": "all-in-one-event-calendar", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0089498d-c4b3-4167-8bf4-8d9f68a4cbd0?source=api-scan" ], "published": "2012-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "009084cf-0a49-41ab-8b3b-fe46c00a889b": { "id": "009084cf-0a49-41ab-8b3b-fe46c00a889b", "title": "Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Titan Framework", "slug": "titan-framework", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/009084cf-0a49-41ab-8b3b-fe46c00a889b?source=api-scan" ], "published": "2014-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "009899d4-4139-43ea-a7a1-dc3a1a9ea1e6": { "id": "009899d4-4139-43ea-a7a1-dc3a1a9ea1e6", "title": "Cross-Linker <= 3.0.1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Cross-Linker", "slug": "cross-linker", "affected_versions": { "* - 3.0.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/009899d4-4139-43ea-a7a1-dc3a1a9ea1e6?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "009a6ae4-e9b5-4199-be25-b60e06dc136b": { "id": "009a6ae4-e9b5-4199-be25-b60e06dc136b", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/009a6ae4-e9b5-4199-be25-b60e06dc136b?source=api-scan" ], "published": "2022-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00a1b66d-d81c-4539-846b-ff66301a94ca": { "id": "00a1b66d-d81c-4539-846b-ff66301a94ca", "title": "SearchWP Premium <= 4.2.5 - Authenticated (Subscriber+) Nonce Leakage and Authorization Bypass", "software": [ { "type": "plugin", "name": "SearchWP Premium", "slug": "searchwp", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00a1b66d-d81c-4539-846b-ff66301a94ca?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00a3d8e3-17b1-488b-9c42-2479932c9bf7": { "id": "00a3d8e3-17b1-488b-9c42-2479932c9bf7", "title": "Shariff Wrapper <= 4.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shariff Wrapper", "slug": "shariff", "affected_versions": { "* - 4.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00a3d8e3-17b1-488b-9c42-2479932c9bf7?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00a7768f-5fd6-49ff-bcd6-e44dd59ae8d9": { "id": "00a7768f-5fd6-49ff-bcd6-e44dd59ae8d9", "title": "Photo Engine <= 6.3.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Engine (Media Organizer & Lightroom)", "slug": "wplr-sync", "affected_versions": { "* - 6.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00a7768f-5fd6-49ff-bcd6-e44dd59ae8d9?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00a96f3c-a6c9-4305-82ec-fa35570ac2af": { "id": "00a96f3c-a6c9-4305-82ec-fa35570ac2af", "title": "Appmaker \u2013 Convert WooCommerce to Android & iOS Native Mobile Apps <= 1.36.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appmaker \u2013 Convert WooCommerce to Android & iOS Native Mobile Apps", "slug": "appmaker-woocommerce-mobile-app-manager", "affected_versions": { "* - 1.36.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.36.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00a96f3c-a6c9-4305-82ec-fa35570ac2af?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00aba7b3-4d4a-4aba-8e4e-2e8a928f6143": { "id": "00aba7b3-4d4a-4aba-8e4e-2e8a928f6143", "title": "Leopard - WordPress offload media <= 2.0.36 - Authenticated (Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Leopard - WordPress Offload Media", "slug": "leopard-wordpress-offload-media", "affected_versions": { "* - 2.0.36": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00aba7b3-4d4a-4aba-8e4e-2e8a928f6143?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00b4b903-4682-458b-9681-751179460b75": { "id": "00b4b903-4682-458b-9681-751179460b75", "title": "Ultimate Member <= 2.0.39 - Unauthorized Profile Modification", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.39": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00b4b903-4682-458b-9681-751179460b75?source=api-scan" ], "published": "2019-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00b60b53-77bf-4640-bf2b-84e011014623": { "id": "00b60b53-77bf-4640-bf2b-84e011014623", "title": "Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple Blocks", "software": [ { "type": "plugin", "name": "Ultimate Blocks \u2013 WordPress Blocks Plugin", "slug": "ultimate-blocks", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00b60b53-77bf-4640-bf2b-84e011014623?source=api-scan" ], "published": "2024-07-01 21:45:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00b81467-8d00-4816-895a-89d67c541c17": { "id": "00b81467-8d00-4816-895a-89d67c541c17", "title": "Passster \u2013 Password Protect Pages and Content <= 4.2.6.2 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Passster \u2013 Password Protect Pages and Content", "slug": "content-protector", "affected_versions": { "* - 4.2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00b81467-8d00-4816-895a-89d67c541c17?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00ba5eae-668a-4452-9562-9f49b730daaa": { "id": "00ba5eae-668a-4452-9562-9f49b730daaa", "title": "Contact Form Builder, Contact Widget <= 2.1.7 - Authentication Request Bypass", "software": [ { "type": "plugin", "name": "Contact Form Builder, Contact Widget", "slug": "contact-forms-builder", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00ba5eae-668a-4452-9562-9f49b730daaa?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00bf8f2f-6ab4-4430-800b-5b97abe7589e": { "id": "00bf8f2f-6ab4-4430-800b-5b97abe7589e", "title": "Modern Events Calendar <= 7.12.1 - Authenticated (Subscriber+) Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Modern Events Calendar", "slug": "modern-events-calendar", "affected_versions": { "* - 7.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.0" ] }, { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 7.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00bf8f2f-6ab4-4430-800b-5b97abe7589e?source=api-scan" ], "published": "2024-08-06 21:57:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00c022a9-2062-4e99-8911-8cfad929a783": { "id": "00c022a9-2062-4e99-8911-8cfad929a783", "title": "PowerPress <= 6.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 6.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00c022a9-2062-4e99-8911-8cfad929a783?source=api-scan" ], "published": "2015-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00c44ede-326d-48f5-8c78-fe5d566018f3": { "id": "00c44ede-326d-48f5-8c78-fe5d566018f3", "title": "AWSM Team <= 1.3.1 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "AWSM Team \u2013 Team Showcase Plugin", "slug": "awsm-team", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00c44ede-326d-48f5-8c78-fe5d566018f3?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00cb5ce9-cca2-4e41-8d00-1d2ca7770dce": { "id": "00cb5ce9-cca2-4e41-8d00-1d2ca7770dce", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting via p_name parameter", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "[*, 1.5.63)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.63", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00cb5ce9-cca2-4e41-8d00-1d2ca7770dce?source=api-scan" ], "published": "2015-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00d69e80-36fa-4b74-8138-56c0bf576e44": { "id": "00d69e80-36fa-4b74-8138-56c0bf576e44", "title": "WP Maintenance Mode <= 2.0.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder", "slug": "wp-maintenance-mode", "affected_versions": { "[*, 2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00d69e80-36fa-4b74-8138-56c0bf576e44?source=api-scan" ], "published": "2016-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00ec14d4-d97b-40b1-b61b-05e911f49bb0": { "id": "00ec14d4-d97b-40b1-b61b-05e911f49bb0", "title": "Tutor LMS \u2013 eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00ec14d4-d97b-40b1-b61b-05e911f49bb0?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00ec2f57-48ee-49ea-ae8f-e7b24bf4535c": { "id": "00ec2f57-48ee-49ea-ae8f-e7b24bf4535c", "title": "Booster for WooCommerce <= 7.1.2 - Missing Authorization to Product Creation\/Modification", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00ec2f57-48ee-49ea-ae8f-e7b24bf4535c?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00f33681-7edb-40a8-a1b4-433765ef7585": { "id": "00f33681-7edb-40a8-a1b4-433765ef7585", "title": "Novelist <= 1.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Novelist", "slug": "novelist", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00f33681-7edb-40a8-a1b4-433765ef7585?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00f5812d-661e-4206-8c3d-127bc3d48961": { "id": "00f5812d-661e-4206-8c3d-127bc3d48961", "title": "Woocommerce Tabs Plugin, Add Custom Product Tabs <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Woocommerce Tabs Plugin, Add Custom Product Tabs", "slug": "fma-products-tabs-pro", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00f5812d-661e-4206-8c3d-127bc3d48961?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00f9fd4b-4730-4fa5-80b2-00d97dc72b8e": { "id": "00f9fd4b-4730-4fa5-80b2-00d97dc72b8e", "title": "WP-ContactForm <= 1.5.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-ContactForm", "slug": "wp-contactform", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00f9fd4b-4730-4fa5-80b2-00d97dc72b8e?source=api-scan" ], "published": "2008-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00fa12c7-5814-45f3-a35e-363cd0920e43": { "id": "00fa12c7-5814-45f3-a35e-363cd0920e43", "title": "Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00fa12c7-5814-45f3-a35e-363cd0920e43?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00fa2ca1-a1bd-4b58-ae64-1b61534c1e3d": { "id": "00fa2ca1-a1bd-4b58-ae64-1b61534c1e3d", "title": "WF Cookie Consent <= 1.1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WF Cookie Consent", "slug": "wf-cookie-consent", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00fa2ca1-a1bd-4b58-ae64-1b61534c1e3d?source=api-scan" ], "published": "2018-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00fbbd00-c98e-41b3-9777-3a0d1295c24b": { "id": "00fbbd00-c98e-41b3-9777-3a0d1295c24b", "title": "Math Comment Spam Protection <= 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Math Comment Spam Protection", "slug": "math-comment-spam-protection", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00fbbd00-c98e-41b3-9777-3a0d1295c24b?source=api-scan" ], "published": "2008-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "00fe4d88-0481-4861-ad26-a2493ffacdc6": { "id": "00fe4d88-0481-4861-ad26-a2493ffacdc6", "title": "my flatonica <= 0.0.8 & my wooden under construction <= 2.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "my flatonica", "slug": "my-flatonica", "affected_versions": { "* - 0.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "my wooden under construction", "slug": "my-wooden-under-construction", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/00fe4d88-0481-4861-ad26-a2493ffacdc6?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "010300f9-adef-4958-ac77-6ff981833e9e": { "id": "010300f9-adef-4958-ac77-6ff981833e9e", "title": "Blaze Slide Show <= 2.7 - Arbitrary File upload", "software": [ { "type": "plugin", "name": "Blaze Slideshow", "slug": "blaze-slide-show-for-wordpress", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/010300f9-adef-4958-ac77-6ff981833e9e?source=api-scan" ], "published": "2016-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "010ce1c3-dd07-4ed6-8908-0909c0842be8": { "id": "010ce1c3-dd07-4ed6-8908-0909c0842be8", "title": "Duplicator <= 1.2.32 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 1.2.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/010ce1c3-dd07-4ed6-8908-0909c0842be8?source=api-scan" ], "published": "2018-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "010df788-42cf-4455-9f5f-b23d03905afb": { "id": "010df788-42cf-4455-9f5f-b23d03905afb", "title": "Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Facebook for WooCommerce", "slug": "facebook-for-woocommerce", "affected_versions": { "* - 1.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/010df788-42cf-4455-9f5f-b23d03905afb?source=api-scan" ], "published": "2019-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01105d96-e181-4228-b785-074a4b49ce18": { "id": "01105d96-e181-4228-b785-074a4b49ce18", "title": "WP Google Map Plugin < 3.0.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 3.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01105d96-e181-4228-b785-074a4b49ce18?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01139cbd-1116-4cf8-bdcb-cb182588d093": { "id": "01139cbd-1116-4cf8-bdcb-cb182588d093", "title": "BlogVault WordPress Backup Plugin 1.40 - 1.44 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "BlogVault WordPress Backup Plugin \u2013 Migration, Staging, and Backups", "slug": "blogvault-real-time-backup", "affected_versions": { "1.40 - 1.44": { "from_version": "1.40", "from_inclusive": true, "to_version": "1.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01139cbd-1116-4cf8-bdcb-cb182588d093?source=api-scan" ], "published": "2017-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0114f098-713d-4eef-8643-901f607375de": { "id": "0114f098-713d-4eef-8643-901f607375de", "title": "WordPress Core < 5.8.3 - SQL Injection via WP_Meta_Query", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[4.1, 4.1.34)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.34", "to_inclusive": false }, "[4.2, 4.2.31)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.31", "to_inclusive": false }, "[4.3, 4.3.27)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.27", "to_inclusive": false }, "[4.4, 4.4.26)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.26", "to_inclusive": false }, "[4.5, 4.5.25)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.25", "to_inclusive": false }, "[4.6, 4.6.22)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.22", "to_inclusive": false }, "[4.7, 4.7.22)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.22", "to_inclusive": false }, "[4.8, 4.8.18)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.18", "to_inclusive": false }, "[4.9, 4.9.19)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.19", "to_inclusive": false }, "[5.0, 5.0.15)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.15", "to_inclusive": false }, "[5.1, 5.1.12)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.12", "to_inclusive": false }, "[5.2, 5.2.14)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.14", "to_inclusive": false }, "[5.3, 5.3.11)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.11", "to_inclusive": false }, "[5.4, 5.4.9)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": false }, "[5.5, 5.5.8)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.8", "to_inclusive": false }, "[5.6, 5.6.7)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.7", "to_inclusive": false }, "[5.7, 5.7.5)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": false }, "[5.8, 5.8.3)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.34", "4.2.31", "4.3.27", "4.4.26", "4.5.25", "4.6.22", "4.7.22", "4.8.18", "4.9.19", "5.0.15", "5.1.12", "5.2.14", "5.3.11", "5.4.9", "5.5.8", "5.6.7", "5.7.5", "5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0114f098-713d-4eef-8643-901f607375de?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01170186-3384-494b-83d3-86ba3cf74837": { "id": "01170186-3384-494b-83d3-86ba3cf74837", "title": "Aiomatic <= 1.9.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit", "slug": "aiomatic-automatic-ai-content-writer", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01170186-3384-494b-83d3-86ba3cf74837?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01179ac2-ad68-4a5d-af67-70d57ed611d2": { "id": "01179ac2-ad68-4a5d-af67-70d57ed611d2", "title": "Easy Digital Downloads \u2013 Simple Shipping <= 2.1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Simple Shipping", "slug": "simple-shipping-edd", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01179ac2-ad68-4a5d-af67-70d57ed611d2?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "011c8a06-298e-4a53-9ef8-552585426d79": { "id": "011c8a06-298e-4a53-9ef8-552585426d79", "title": "Sitekit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe' shortcode", "software": [ { "type": "plugin", "name": "Sitekit", "slug": "sitekit", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/011c8a06-298e-4a53-9ef8-552585426d79?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "011fad07-0235-41e1-83b5-09588dd63d50": { "id": "011fad07-0235-41e1-83b5-09588dd63d50", "title": "Free counter <= 1.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Free counter", "slug": "free-counter", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/011fad07-0235-41e1-83b5-09588dd63d50?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "012946d4-82ce-48b9-9b9a-1fc49846dca6": { "id": "012946d4-82ce-48b9-9b9a-1fc49846dca6", "title": "VK Filter Search <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "VK Filter Search", "slug": "vk-filter-search", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/012946d4-82ce-48b9-9b9a-1fc49846dca6?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "012a558c-1f80-4f36-85d9-905f4ed0b6cb": { "id": "012a558c-1f80-4f36-85d9-905f4ed0b6cb", "title": "Contact Form builder with drag & drop - Kali Forms <= 2.3.36 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms", "slug": "kali-forms", "affected_versions": { "* - 2.3.36": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/012a558c-1f80-4f36-85d9-905f4ed0b6cb?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "012b5334-afdc-47bd-8eaf-967b40fef59b": { "id": "012b5334-afdc-47bd-8eaf-967b40fef59b", "title": "Popup Anything <= 2.8.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Popup Anything \u2013 Popup for opt-ins and Lead Generation Conversions", "slug": "popup-anything-on-click", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/012b5334-afdc-47bd-8eaf-967b40fef59b?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "012e019f-9146-45bc-b4d7-aa724dbebdc6": { "id": "012e019f-9146-45bc-b4d7-aa724dbebdc6", "title": "Visual Link Preview <= 2.2.2 - Unauthorised AJAX Calls", "software": [ { "type": "plugin", "name": "Visual Link Preview", "slug": "visual-link-preview", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/012e019f-9146-45bc-b4d7-aa724dbebdc6?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0131921b-6f60-4da1-b5d9-d44a33d35cae": { "id": "0131921b-6f60-4da1-b5d9-d44a33d35cae", "title": "JS Job Manager <= 2.0.0 - Cross-Site Request Forgery via multiple functions", "software": [ { "type": "plugin", "name": "JS Job Manager", "slug": "js-jobs", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0131921b-6f60-4da1-b5d9-d44a33d35cae?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01370a71-2611-4826-b08b-485839ca606a": { "id": "01370a71-2611-4826-b08b-485839ca606a", "title": "Booking Ultra Pro <= 1.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01370a71-2611-4826-b08b-485839ca606a?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "013f7c26-8348-4c54-af61-473a720a5095": { "id": "013f7c26-8348-4c54-af61-473a720a5095", "title": "Ivory Search \u2013 WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form", "software": [ { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "* - 5.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/013f7c26-8348-4c54-af61-473a720a5095?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01486af8-b378-4663-a9c5-167b8580db94": { "id": "01486af8-b378-4663-a9c5-167b8580db94", "title": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions", "software": [ { "type": "plugin", "name": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation", "slug": "menu-ordering-reservations", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01486af8-b378-4663-a9c5-167b8580db94?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "014ccad9-a836-4a40-92d3-8c3320fbead8": { "id": "014ccad9-a836-4a40-92d3-8c3320fbead8", "title": "PDQ CSV <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "PDQ CSV", "slug": "pdq-csv", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/014ccad9-a836-4a40-92d3-8c3320fbead8?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "014da588-9494-493e-8659-590b8e8c14a6": { "id": "014da588-9494-493e-8659-590b8e8c14a6", "title": "Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spreadsheet Integration \u2013 Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.", "slug": "wpgsi", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] }, { "type": "plugin", "name": "wpgsi-professional", "slug": "wpgsi-professional", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/014da588-9494-493e-8659-590b8e8c14a6?source=api-scan" ], "published": "2021-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "014dcf08-1968-4a3f-a772-2248e65dfb07": { "id": "014dcf08-1968-4a3f-a772-2248e65dfb07", "title": "Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscribe To Comments Reloaded", "slug": "subscribe-to-comments-reloaded", "affected_versions": { "* - 140129": { "from_version": "*", "from_inclusive": true, "to_version": "140129", "to_inclusive": true } }, "patched": true, "patched_versions": [ "140219" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/014dcf08-1968-4a3f-a772-2248e65dfb07?source=api-scan" ], "published": "2014-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "014f1aae-10a0-4bc8-b176-dbdad94a6ad8": { "id": "014f1aae-10a0-4bc8-b176-dbdad94a6ad8", "title": "Essential Addons for Elementor <= 5.0.4 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "1.0.0 - 5.0.4": { "from_version": "1.0.0", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/014f1aae-10a0-4bc8-b176-dbdad94a6ad8?source=api-scan" ], "published": "2022-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0152bcc9-6d24-4475-848d-71fe88aa7e2a": { "id": "0152bcc9-6d24-4475-848d-71fe88aa7e2a", "title": "Leyka <= 3.30.2 - Privilege Escalation via Admin Password Reset", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "* - 3.30.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.30.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.30.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0152bcc9-6d24-4475-848d-71fe88aa7e2a?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "016462cf-abe9-4c90-abd2-b5bb69348d7e": { "id": "016462cf-abe9-4c90-abd2-b5bb69348d7e", "title": "3D FlipBook <= 1.15.4 - Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL", "software": [ { "type": "plugin", "name": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery", "slug": "interactive-3d-flipbook-powered-physics-engine", "affected_versions": { "* - 1.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/016462cf-abe9-4c90-abd2-b5bb69348d7e?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc": { "id": "0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc", "title": "Hash Form \u2013 Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Hash Form \u2013 Drag & Drop Form Builder", "slug": "hash-form", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01707346-86c2-45c8-a2c9-81a147506fa4": { "id": "01707346-86c2-45c8-a2c9-81a147506fa4", "title": "Remember Me Controls <= 2.0.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Remember Me Controls", "slug": "remember-me-controls", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01707346-86c2-45c8-a2c9-81a147506fa4?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0173e2a3-452d-490b-8ed7-a049a476d137": { "id": "0173e2a3-452d-490b-8ed7-a049a476d137", "title": "Masteriyo - LMS <= 1.7.3 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress", "slug": "learning-management-system", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0173e2a3-452d-490b-8ed7-a049a476d137?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01762804-df33-4c4d-b8f6-d94a1e5b5fc9": { "id": "01762804-df33-4c4d-b8f6-d94a1e5b5fc9", "title": "Slideshow Gallery <= 1.5.3.1 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01762804-df33-4c4d-b8f6-d94a1e5b5fc9?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "017fe804-a1a5-4f8d-a531-e928d668dbc4": { "id": "017fe804-a1a5-4f8d-a531-e928d668dbc4", "title": "WP Photo Album Plus <= 8.5.02.005 - IP Spoofing", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.5.02.005": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.02.005", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.01.005" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/017fe804-a1a5-4f8d-a531-e928d668dbc4?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0182ca6c-23f8-4212-bfd8-cb898e98b37b": { "id": "0182ca6c-23f8-4212-bfd8-cb898e98b37b", "title": "Category Post List Widget <= 2.0 - Unauthenticated Stored Cross-Site Scripting via custom_css", "software": [ { "type": "plugin", "name": "Category Post List Widget", "slug": "category-post-list-widget", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0182ca6c-23f8-4212-bfd8-cb898e98b37b?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0183625a-611c-4353-9d2a-7a25ae12709a": { "id": "0183625a-611c-4353-9d2a-7a25ae12709a", "title": "Silesia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Silesia", "slug": "silesia", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0183625a-611c-4353-9d2a-7a25ae12709a?source=api-scan" ], "published": "2024-06-27 18:53:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01836c2c-0976-493e-8b13-1c7c702d1d2c": { "id": "01836c2c-0976-493e-8b13-1c7c702d1d2c", "title": "AliExpress Dropshipping with AliNext Lite <= 3.3.6 - Missing Authorization via Several Functions", "software": [ { "type": "plugin", "name": "AliExpress Dropshipping Plugin for WooCommerce \u2013 AliNext", "slug": "ali2woo-lite", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=api-scan" ], "published": "2024-06-18 14:28:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01857d1d-4b6c-4ab0-b2ef-6a948daedbe0": { "id": "01857d1d-4b6c-4ab0-b2ef-6a948daedbe0", "title": "myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.6.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01857d1d-4b6c-4ab0-b2ef-6a948daedbe0?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01878991-37c7-4c7b-b68c-d59ca66521e7": { "id": "01878991-37c7-4c7b-b68c-d59ca66521e7", "title": "The Awesome Feed \u2013 Custom Feed <= 2.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Awesome Feed \u2013 Custom Feed", "slug": "wp-facebook-feed", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01878991-37c7-4c7b-b68c-d59ca66521e7?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01889c7b-f47b-4caf-8e35-4f8af188426e": { "id": "01889c7b-f47b-4caf-8e35-4f8af188426e", "title": "Smash Balloon Social Post Feed <= 4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smash Balloon Social Post Feed \u2013 Simple Social Feeds for WordPress", "slug": "custom-facebook-feed", "affected_versions": { "[*, 4.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01889c7b-f47b-4caf-8e35-4f8af188426e?source=api-scan" ], "published": "2021-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "018912c2-befc-403c-8e60-161580e84f55": { "id": "018912c2-befc-403c-8e60-161580e84f55", "title": "Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event <= 1.1.20 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event", "slug": "event-monster", "affected_versions": { "* - 1.1.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/018912c2-befc-403c-8e60-161580e84f55?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0189d8cf-237f-4b5b-89f7-6346455d35a9": { "id": "0189d8cf-237f-4b5b-89f7-6346455d35a9", "title": "G Meta Keywords <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "G Meta Keywords", "slug": "g-meta-keywords", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0189d8cf-237f-4b5b-89f7-6346455d35a9?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0191e5b0-b669-439b-8ad4-9f860e6ee637": { "id": "0191e5b0-b669-439b-8ad4-9f860e6ee637", "title": "Smart Slider 3 <= 3.5.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Slider 3", "slug": "smart-slider-3", "affected_versions": { "* - 3.5.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0191e5b0-b669-439b-8ad4-9f860e6ee637?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01940eeb-b4a6-450d-b646-84f415ca92c9": { "id": "01940eeb-b4a6-450d-b646-84f415ca92c9", "title": "NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 7.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01940eeb-b4a6-450d-b646-84f415ca92c9?source=api-scan" ], "published": "2020-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01943559-e05b-4dca-b322-d880b2729ee7": { "id": "01943559-e05b-4dca-b322-d880b2729ee7", "title": "Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01943559-e05b-4dca-b322-d880b2729ee7?source=api-scan" ], "published": "2023-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0195bddf-eafe-45f2-9424-ffa235d9b4dc": { "id": "0195bddf-eafe-45f2-9424-ffa235d9b4dc", "title": "Elegant Themes Monarch < 1.2.7 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Bloom Email Opt-In", "slug": "bloom", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Divi Builder", "slug": "divi-builder", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Monarch Social Sharing", "slug": "monarch", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0195bddf-eafe-45f2-9424-ffa235d9b4dc?source=api-scan" ], "published": "2016-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "019c5e06-1345-4c8e-abb9-dc0ea5d55ef5": { "id": "019c5e06-1345-4c8e-abb9-dc0ea5d55ef5", "title": "Ideal Interactive Map <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ideal Interactive Map", "slug": "ideal-interactive-map", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/019c5e06-1345-4c8e-abb9-dc0ea5d55ef5?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "019cfdff-c67b-4451-984d-a7b6973ab61d": { "id": "019cfdff-c67b-4451-984d-a7b6973ab61d", "title": "Blogpoet <= 1.0.2 - Missing Authorization via blogpoet_install_and_activate_plugins()", "software": [ { "type": "theme", "name": "Blogpoet", "slug": "blogpoet", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/019cfdff-c67b-4451-984d-a7b6973ab61d?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "019f4735-a25c-46c7-8a7d-55351197bdf2": { "id": "019f4735-a25c-46c7-8a7d-55351197bdf2", "title": "Easing Slider <= 2.2.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easing Slider", "slug": "easing-slider", "affected_versions": { "[*, 2.2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/019f4735-a25c-46c7-8a7d-55351197bdf2?source=api-scan" ], "published": "2015-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01a120f0-fbdb-4836-a341-31452cc7ed0c": { "id": "01a120f0-fbdb-4836-a341-31452cc7ed0c", "title": "Send email only on Reply to My Comment <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Send email only on Reply to My Comment", "slug": "send-email-only-on-reply-to-my-comment", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01a120f0-fbdb-4836-a341-31452cc7ed0c?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01a3b9ba-b18a-48d9-8365-d10f79fc6a6b": { "id": "01a3b9ba-b18a-48d9-8365-d10f79fc6a6b", "title": "User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update", "software": [ { "type": "plugin", "name": "User Profile Picture", "slug": "metronet-profile-picture", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01a3b9ba-b18a-48d9-8365-d10f79fc6a6b?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01a6dcf2-6f0b-494b-a18c-04bd9c44e0ce": { "id": "01a6dcf2-6f0b-494b-a18c-04bd9c44e0ce", "title": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode", "software": [ { "type": "plugin", "name": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", "slug": "wp-event-manager", "affected_versions": { "* - 3.1.43": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01a6dcf2-6f0b-494b-a18c-04bd9c44e0ce?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01aa00db-43e5-4c8a-a005-77a39ec89c94": { "id": "01aa00db-43e5-4c8a-a005-77a39ec89c94", "title": "MemberPress Downloads <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MemberPress Downloads", "slug": "memberpress-downloads", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01aa00db-43e5-4c8a-a005-77a39ec89c94?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6": { "id": "01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6", "title": "Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - Authenticated(Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Recipe Cards For Your Food Blog from Zip Recipes", "slug": "zip-recipes", "affected_versions": { "[*, 8.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01b3013f-60b9-449b-a2a9-64e37a1454ef": { "id": "01b3013f-60b9-449b-a2a9-64e37a1454ef", "title": "JM Twitter Cards < 6.2 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "JM Twitter Cards", "slug": "jm-twitter-cards", "affected_versions": { "[*, 6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01b3013f-60b9-449b-a2a9-64e37a1454ef?source=api-scan" ], "published": "2015-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01b55b59-3107-4711-8be2-8b0803c0fa69": { "id": "01b55b59-3107-4711-8be2-8b0803c0fa69", "title": "Share on Diaspora < 0.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Share on Diaspora", "slug": "share-on-diaspora", "affected_versions": { "[*, 0.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01b55b59-3107-4711-8be2-8b0803c0fa69?source=api-scan" ], "published": "2017-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01b90498-0ddb-4eb3-b76d-de30ed03d7d0": { "id": "01b90498-0ddb-4eb3-b76d-de30ed03d7d0", "title": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "[*, 1.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01b90498-0ddb-4eb3-b76d-de30ed03d7d0?source=api-scan" ], "published": "2020-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01b9f536-cdab-4e38-b935-008cbd899a98": { "id": "01b9f536-cdab-4e38-b935-008cbd899a98", "title": "Ruven Toolkit <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ruven Toolkit", "slug": "ruven-toolkit", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01b9f536-cdab-4e38-b935-008cbd899a98?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01ba4259-e76a-4876-b910-fd2688680739": { "id": "01ba4259-e76a-4876-b910-fd2688680739", "title": "IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "IP Blacklist Cloud", "slug": "ip-blacklist-cloud", "affected_versions": { "* - 5.00": { "from_version": "*", "from_inclusive": true, "to_version": "5.00", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01ba4259-e76a-4876-b910-fd2688680739?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01bd8a24-5580-4b16-94b3-c231d5fe7a01": { "id": "01bd8a24-5580-4b16-94b3-c231d5fe7a01", "title": "WooDiscuz \u2013 WooCommerce Comments <= 2.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooDiscuz \u2013 WooCommerce Comments", "slug": "woodiscuz-woocommerce-comments", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01bd8a24-5580-4b16-94b3-c231d5fe7a01?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01c1458d-3e38-4dbf-bb65-80465ea6d0ad": { "id": "01c1458d-3e38-4dbf-bb65-80465ea6d0ad", "title": "Complianz | GDPR\/CCPA Cookie Consent <= 6.5.5 - Authenticated(Administrator+) Stored Cross-site Scripting via settings", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01c1458d-3e38-4dbf-bb65-80465ea6d0ad?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01c1dd65-4cf9-487f-ae3f-9cfaea177385": { "id": "01c1dd65-4cf9-487f-ae3f-9cfaea177385", "title": "Companion Sitemap Generator \u2013 HTML & XML <= 3.6.6 - Cross-Site Request Forgery and Local File Inclusion", "software": [ { "type": "plugin", "name": "Companion Sitemap Generator \u2013 HTML & XML", "slug": "companion-sitemap-generator", "affected_versions": { "* - 3.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01c1dd65-4cf9-487f-ae3f-9cfaea177385?source=api-scan" ], "published": "2019-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01c3c913-2296-4ec3-b7cb-6418ab2f0ea1": { "id": "01c3c913-2296-4ec3-b7cb-6418ab2f0ea1", "title": "WP Event Manager \u2013 Easily Build your Calendar of Events! <= 3.1.27 - Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", "slug": "wp-event-manager", "affected_versions": { "[*, 3.1.28)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.28", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01c3c913-2296-4ec3-b7cb-6418ab2f0ea1?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01c9f196-bcf1-401b-992a-e7a60f9447f7": { "id": "01c9f196-bcf1-401b-992a-e7a60f9447f7", "title": "Simple Custom CSS and JS <= 3.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Custom CSS and JS", "slug": "custom-css-js", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01c9f196-bcf1-401b-992a-e7a60f9447f7?source=api-scan" ], "published": "2017-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01cb63ab-2198-443a-8eee-ee4f1cf2fdc4": { "id": "01cb63ab-2198-443a-8eee-ee4f1cf2fdc4", "title": "Testimonials <= 3.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Super Testimonials", "slug": "super-testimonial", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01cb63ab-2198-443a-8eee-ee4f1cf2fdc4?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01cc3955-ef2f-4e2b-8dc6-b26f5a3d2f89": { "id": "01cc3955-ef2f-4e2b-8dc6-b26f5a3d2f89", "title": "Dynamics 365 Integration <= 1.3.13 - Missing Authorization via init", "software": [ { "type": "plugin", "name": "Dynamics 365 Integration", "slug": "integration-dynamics", "affected_versions": { "* - 1.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01cc3955-ef2f-4e2b-8dc6-b26f5a3d2f89?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01cc613a-d0b5-4c8f-8961-8f8aaf63b8ac": { "id": "01cc613a-d0b5-4c8f-8961-8f8aaf63b8ac", "title": "Intrepidity <= 1.5.1 - Cross-Site Request Forgery via mytheme_add_admin", "software": [ { "type": "theme", "name": "intrepidity", "slug": "intrepidity", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01cc613a-d0b5-4c8f-8961-8f8aaf63b8ac?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01cce0b2-b43c-4b79-89a0-c1842cab1edc": { "id": "01cce0b2-b43c-4b79-89a0-c1842cab1edc", "title": "Max Addons Pro for Bricks <= 1.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Max Addons Pro for Bricks", "slug": "max-addons-pro-bricks", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01cce0b2-b43c-4b79-89a0-c1842cab1edc?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01cfd7db-f62d-4110-b9a4-49ff1e4e5e68": { "id": "01cfd7db-f62d-4110-b9a4-49ff1e4e5e68", "title": "ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01cfd7db-f62d-4110-b9a4-49ff1e4e5e68?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01cfe0da-0ffc-4046-b58a-a31f5d10d1bd": { "id": "01cfe0da-0ffc-4046-b58a-a31f5d10d1bd", "title": "WPForms Pro <= 1.7.6 - CSV Injection", "software": [ { "type": "plugin", "name": "WPForms Pro", "slug": "wpforms", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01cfe0da-0ffc-4046-b58a-a31f5d10d1bd?source=api-scan" ], "published": "2022-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01d0016c-f693-426a-94cb-5611760fd2d0": { "id": "01d0016c-f693-426a-94cb-5611760fd2d0", "title": "Kormosala <= 1.0.22 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Kormosola", "slug": "kormosala", "affected_versions": { "* - 1.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01d0016c-f693-426a-94cb-5611760fd2d0?source=api-scan" ], "published": "2020-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01d19333-d315-4715-8365-719260ae0ee4": { "id": "01d19333-d315-4715-8365-719260ae0ee4", "title": "Email Subscribers & Newsletters < 2.9.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "[*, 2.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01d19333-d315-4715-8365-719260ae0ee4?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01d31d8a-4459-488a-9cbe-92761faa58b4": { "id": "01d31d8a-4459-488a-9cbe-92761faa58b4", "title": "Image vertical reel scroll slideshow <= 9.0 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Image vertical reel scroll slideshow", "slug": "image-vertical-reel-scroll-slideshow", "affected_versions": { "* - 9.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01d31d8a-4459-488a-9cbe-92761faa58b4?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01d5e5b5-033c-4690-9857-3339e2831340": { "id": "01d5e5b5-033c-4690-9857-3339e2831340", "title": "BerqWP \u2013 Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript <= 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BerqWP \u2013 Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript", "slug": "searchpro", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01d5e5b5-033c-4690-9857-3339e2831340?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01d5f559-d784-4399-9009-6edc584f8f09": { "id": "01d5f559-d784-4399-9009-6edc584f8f09", "title": "Newsletters <= 4.9.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01d5f559-d784-4399-9009-6edc584f8f09?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01da1829-e3f4-4246-ae3d-72377c4b232e": { "id": "01da1829-e3f4-4246-ae3d-72377c4b232e", "title": "Easy Testimonial Slider and Form <= 1.0.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Easy Testimonial Slider and Form", "slug": "easy-testimonial-rotator", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01da1829-e3f4-4246-ae3d-72377c4b232e?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01def852-367b-4f64-9c5a-58dcc3478b2e": { "id": "01def852-367b-4f64-9c5a-58dcc3478b2e", "title": "Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clipr", "slug": "clipr", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01def852-367b-4f64-9c5a-58dcc3478b2e?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01e1b22f-9622-433f-bada-23d118dc3800": { "id": "01e1b22f-9622-433f-bada-23d118dc3800", "title": "Simple Admin Language Change <= 2.0.1 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Simple Admin Language Change", "slug": "simple-admin-language-change", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01e1b22f-9622-433f-bada-23d118dc3800?source=api-scan" ], "published": "2021-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01e21584-949b-4d2b-b0e8-2f4abe8416b2": { "id": "01e21584-949b-4d2b-b0e8-2f4abe8416b2", "title": "Tooltip CK <= 2.2.15 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tooltip CK", "slug": "tooltip-ck", "affected_versions": { "* - 2.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01e21584-949b-4d2b-b0e8-2f4abe8416b2?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01e41573-9329-48e1-9191-e8e1532f7afc": { "id": "01e41573-9329-48e1-9191-e8e1532f7afc", "title": "Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Input Fields for WooCommerce", "slug": "product-input-fields-for-woocommerce", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01e41573-9329-48e1-9191-e8e1532f7afc?source=api-scan" ], "published": "2020-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01e8e53c-8d23-4bd3-9291-29f97df7c984": { "id": "01e8e53c-8d23-4bd3-9291-29f97df7c984", "title": "Backup Guard <= 1.5.9 - Authenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01e8e53c-8d23-4bd3-9291-29f97df7c984?source=api-scan" ], "published": "2021-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01ebc1b1-2dd3-4e91-93b2-fc8e5e93e925": { "id": "01ebc1b1-2dd3-4e91-93b2-fc8e5e93e925", "title": "WordPress Core < 4.9.2 - Authenticated Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.24": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.24", "to_inclusive": true }, "3.8 - 3.8.24": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.24", "to_inclusive": true }, "3.9 - 3.9.22": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.22", "to_inclusive": true }, "4.0 - 4.0.21": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.21", "to_inclusive": true }, "4.1 - 4.1.21": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.21", "to_inclusive": true }, "4.2 - 4.2.18": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.18", "to_inclusive": true }, "4.3 - 4.3.14": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.14", "to_inclusive": true }, "4.4 - 4.4.13": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.13", "to_inclusive": true }, "4.5 - 4.5.12": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.12", "to_inclusive": true }, "4.6 - 4.6.9": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true }, "4.7 - 4.7.8": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.8", "to_inclusive": true }, "4.8 - 4.8.4": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": true }, "4.9 - 4.9.1": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.25", "3.8.25", "3.9.23", "4.0.22", "4.1.22", "4.2.19", "4.3.15", "4.4.14", "4.5.13", "4.6.10", "4.7.9", "4.8.5", "4.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01ebc1b1-2dd3-4e91-93b2-fc8e5e93e925?source=api-scan" ], "published": "2018-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01eef49c-79c1-40a0-9b4b-05a699d47a41": { "id": "01eef49c-79c1-40a0-9b4b-05a699d47a41", "title": "Safe SVG <= 1.9.4 - Denial of Service", "software": [ { "type": "plugin", "name": "Safe SVG", "slug": "safe-svg", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01eef49c-79c1-40a0-9b4b-05a699d47a41?source=api-scan" ], "published": "2019-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01ef62c8-e862-422c-948d-6d376d021c82": { "id": "01ef62c8-e862-422c-948d-6d376d021c82", "title": "File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload", "software": [ { "type": "plugin", "name": "File Manager Pro", "slug": "wp-file-manager-pro", "affected_versions": { "* - 8.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01ef62c8-e862-422c-948d-6d376d021c82?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01f038d7-2efd-41b2-8f4c-77bab80d8e91": { "id": "01f038d7-2efd-41b2-8f4c-77bab80d8e91", "title": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles < 1.6.1 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01f038d7-2efd-41b2-8f4c-77bab80d8e91?source=api-scan" ], "published": "2016-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01f0b785-418e-468c-b9f8-53cd46aca881": { "id": "01f0b785-418e-468c-b9f8-53cd46aca881", "title": "Mingle Forum < 1.0.34 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Mingle Forum", "slug": "mingle-forum", "affected_versions": { "[*, 1.0.34)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01f0b785-418e-468c-b9f8-53cd46aca881?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01f0f734-b22e-4cd6-be99-ce6c2cd6f2c9": { "id": "01f0f734-b22e-4cd6-be99-ce6c2cd6f2c9", "title": "Indeed Membership Pro <= 7.5 - Remote Image File Inclusion", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01f0f734-b22e-4cd6-be99-ce6c2cd6f2c9?source=api-scan" ], "published": "2019-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01f4318f-b56b-4a34-987b-05edeee5da69": { "id": "01f4318f-b56b-4a34-987b-05edeee5da69", "title": "wpForo Forum <= 2.2.3 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01f4318f-b56b-4a34-987b-05edeee5da69?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "01f60df7-0602-4a00-9905-a91348811dfe": { "id": "01f60df7-0602-4a00-9905-a91348811dfe", "title": "Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/01f60df7-0602-4a00-9905-a91348811dfe?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "020052ba-dece-4e70-88e7-8bd8918b8376": { "id": "020052ba-dece-4e70-88e7-8bd8918b8376", "title": "Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.32": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/020052ba-dece-4e70-88e7-8bd8918b8376?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02066dcd-1f2f-4ed3-b1f4-7ea8711918e8": { "id": "02066dcd-1f2f-4ed3-b1f4-7ea8711918e8", "title": "All In One WP Security 5.1.9 - Plaintext Storage of Credentials", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "5.1.9": { "from_version": "5.1.9", "from_inclusive": true, "to_version": "5.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02066dcd-1f2f-4ed3-b1f4-7ea8711918e8?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0206aead-d146-453d-99ed-3870f7dfdae9": { "id": "0206aead-d146-453d-99ed-3870f7dfdae9", "title": "Maspik \u2013 Spam blacklist <= 0.7.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Maspik \u2013 Advanced Spam Protection", "slug": "contact-forms-anti-spam", "affected_versions": { "* - 0.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0206aead-d146-453d-99ed-3870f7dfdae9?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02073716-4f6a-4a51-933f-c5ab8dfbc08c": { "id": "02073716-4f6a-4a51-933f-c5ab8dfbc08c", "title": "Robo Gallery <= 3.2.17 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02073716-4f6a-4a51-933f-c5ab8dfbc08c?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "020d14f8-e8e2-4da2-9a4b-4d15cb0994c8": { "id": "020d14f8-e8e2-4da2-9a4b-4d15cb0994c8", "title": "Page Builder Gutenberg Blocks \u2013 CoBlocks <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles", "software": [ { "type": "plugin", "name": "Page Builder Gutenberg Blocks \u2013 CoBlocks", "slug": "coblocks", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/020d14f8-e8e2-4da2-9a4b-4d15cb0994c8?source=api-scan" ], "published": "2024-05-31 13:33:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "020df8cb-a9ce-4f04-b88f-ceb988beeb75": { "id": "020df8cb-a9ce-4f04-b88f-ceb988beeb75", "title": "WPCal.io \u2013 Easy Meeting Scheduler <= 0.9.5.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPCal.io \u2013 Easy Meeting Scheduler", "slug": "wpcal", "affected_versions": { "* - 0.9.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/020df8cb-a9ce-4f04-b88f-ceb988beeb75?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0219851f-7fce-42e0-ba82-77af84b17d9f": { "id": "0219851f-7fce-42e0-ba82-77af84b17d9f", "title": "WpStream \u2013 Live Streaming, Video on Demand, Pay Per View <= 4.4.10 - Cross-Site Request Forgery via wpstream_settings", "software": [ { "type": "plugin", "name": "WpStream \u2013 Live Streaming, Video on Demand, Pay Per View", "slug": "wpstream", "affected_versions": { "* - 4.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.10.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0219851f-7fce-42e0-ba82-77af84b17d9f?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "021a25c9-7fad-425f-8104-bb4852603613": { "id": "021a25c9-7fad-425f-8104-bb4852603613", "title": "WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion", "software": [ { "type": "plugin", "name": "miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)", "slug": "miniorange-login-openid", "affected_versions": { "* - 7.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/021a25c9-7fad-425f-8104-bb4852603613?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0227e5f0-61fa-4e78-9bd4-918fdde7ab58": { "id": "0227e5f0-61fa-4e78-9bd4-918fdde7ab58", "title": "WordPress Leads < 1.6.3 - Authorization Bypass", "software": [ { "type": "plugin", "name": "WordPress Leads", "slug": "leads", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0227e5f0-61fa-4e78-9bd4-918fdde7ab58?source=api-scan" ], "published": "2015-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02282e33-7e3e-42e1-a7b0-9b5ad326600d": { "id": "02282e33-7e3e-42e1-a7b0-9b5ad326600d", "title": "WPAMS - Apartment Management System for wordpress Theme < 17-07-2019 - SQL Injection", "software": [ { "type": "plugin", "name": "WPAMS - Apartment Management System for wordpress", "slug": "apartment-management", "affected_versions": { "[*, 17-07-2019)": { "from_version": "*", "from_inclusive": true, "to_version": "17-07-2019", "to_inclusive": false } }, "patched": true, "patched_versions": [ "17-07-2019" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02282e33-7e3e-42e1-a7b0-9b5ad326600d?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0229b20f-65d7-4f55-a773-fd8da479723c": { "id": "0229b20f-65d7-4f55-a773-fd8da479723c", "title": "Car Rental by BestWebSoft < 1.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Car Rental by BestWebSoft", "slug": "car-rental", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0229b20f-65d7-4f55-a773-fd8da479723c?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "022dcd52-0e6f-4979-9088-d257b6a5fc11": { "id": "022dcd52-0e6f-4979-9088-d257b6a5fc11", "title": "Poll Maker <= 3.2.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "[*, 3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/022dcd52-0e6f-4979-9088-d257b6a5fc11?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "022e4506-fe49-469d-ae48-641f121fc53b": { "id": "022e4506-fe49-469d-ae48-641f121fc53b", "title": "Countdown & Clock <= 2.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "slug": "countdown-builder", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/022e4506-fe49-469d-ae48-641f121fc53b?source=api-scan" ], "published": "2022-04-28 11:30:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "022f6239-67f2-4680-aeed-34c98c953bea": { "id": "022f6239-67f2-4680-aeed-34c98c953bea", "title": "BJ Lazy Load < 1.0 - Remote File Inclusion via TimThumb", "software": [ { "type": "plugin", "name": "BJ Lazy Load", "slug": "bj-lazy-load", "affected_versions": { "0.7.5": { "from_version": "0.7.5", "from_inclusive": true, "to_version": "0.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/022f6239-67f2-4680-aeed-34c98c953bea?source=api-scan" ], "published": "2015-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02325b2a-af00-4b99-91ae-64163a8980fc": { "id": "02325b2a-af00-4b99-91ae-64163a8980fc", "title": "YouSayToo auto-publishing plugin <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YouSayToo auto-publishing plugin", "slug": "yousaytoo-auto-publishing-plugin", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02325b2a-af00-4b99-91ae-64163a8980fc?source=api-scan" ], "published": "2012-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0232a3a5-e91e-4213-8c21-900fc805bad7": { "id": "0232a3a5-e91e-4213-8c21-900fc805bad7", "title": "Contact Builder by Themify <= 1.4.5 - Email Injection", "software": [ { "type": "plugin", "name": "Contact Builder by Themify", "slug": "builder-contact", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0232a3a5-e91e-4213-8c21-900fc805bad7?source=api-scan" ], "published": "2020-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0234419b-9e39-4153-a3b7-bb913f2b6bcd": { "id": "0234419b-9e39-4153-a3b7-bb913f2b6bcd", "title": "WP phpMyAdmin <= 5.2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP phpMyAdmin", "slug": "wp-phpmyadmin-extension", "affected_versions": { "* - 5.2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0234419b-9e39-4153-a3b7-bb913f2b6bcd?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "023910d0-c2eb-41cd-9d42-606c4cbb8059": { "id": "023910d0-c2eb-41cd-9d42-606c4cbb8059", "title": "Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.3.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload \u2013 Contact Form 7", "slug": "drag-and-drop-multiple-file-upload-contact-form-7", "affected_versions": { "* - 1.3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/023910d0-c2eb-41cd-9d42-606c4cbb8059?source=api-scan" ], "published": "2020-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02399fc5-fe74-4ee5-ac63-78d971d2f99e": { "id": "02399fc5-fe74-4ee5-ac63-78d971d2f99e", "title": "XStore Core <= 5.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XStore Core", "slug": "et-core-plugin", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02399fc5-fe74-4ee5-ac63-78d971d2f99e?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02402620-89db-448d-9028-379856735a2a": { "id": "02402620-89db-448d-9028-379856735a2a", "title": "Woocommerce Vietnam Checkout <= 2.0.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Vietnam Checkout", "slug": "woo-vietnam-checkout", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02402620-89db-448d-9028-379856735a2a?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02409698-5421-4760-afcd-e53939082bfc": { "id": "02409698-5421-4760-afcd-e53939082bfc", "title": "Bubble Menu \u2013 circle floating menu <= 3.0.1 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Bubble Menu \u2013 Sticky Navigation with Floating Button Menu Solution", "slug": "bubble-menu", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02409698-5421-4760-afcd-e53939082bfc?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0241a9fc-ce42-4a97-9f33-f07cf53c0f52": { "id": "0241a9fc-ce42-4a97-9f33-f07cf53c0f52", "title": "Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0241a9fc-ce42-4a97-9f33-f07cf53c0f52?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0248f829-84de-40b9-bb63-354fbf06472d": { "id": "0248f829-84de-40b9-bb63-354fbf06472d", "title": "WordPress Core < 6.0.2 - Authenticated SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.38": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.38", "to_inclusive": true }, "3.8 - 3.8.38": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.38", "to_inclusive": true }, "3.9 - 3.9.36": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.36", "to_inclusive": true }, "4.0 - 4.0.35": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.35", "to_inclusive": true }, "4.1 - 4.1.35": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.35", "to_inclusive": true }, "4.2 - 4.2.32": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.32", "to_inclusive": true }, "4.3 - 4.3.28": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.28", "to_inclusive": true }, "4.4 - 4.4.27": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.27", "to_inclusive": true }, "4.5 - 4.5.26": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.26", "to_inclusive": true }, "4.6 - 4.6.23": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.23", "to_inclusive": true }, "4.7 - 4.7.23": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.23", "to_inclusive": true }, "4.8 - 4.8.19": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.19", "to_inclusive": true }, "4.9 - 4.9.20": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.20", "to_inclusive": true }, "5.0 - 5.0.16": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.16", "to_inclusive": true }, "5.1 - 5.1.13": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.13", "to_inclusive": true }, "5.2 - 5.2.15": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.15", "to_inclusive": true }, "5.3 - 5.3.12": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.12", "to_inclusive": true }, "5.4 - 5.4.10": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.10", "to_inclusive": true }, "5.5 - 5.5.9": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.9", "to_inclusive": true }, "5.6 - 5.6.8": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.8", "to_inclusive": true }, "5.7 - 5.7.6": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.6", "to_inclusive": true }, "5.8 - 5.8.4": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.4", "to_inclusive": true }, "5.9 - 5.9.3": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.3", "to_inclusive": true }, "6.0 - 6.0.1": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.39", "3.8.39", "3.9.37", "4.0.36", "4.1.36", "4.2.33", "4.3.29", "4.4.28", "4.5.27", "4.6.24", "4.7.24", "4.8.20", "4.9.21", "5.0.17", "5.1.14", "5.2.16", "5.3.13", "5.4.11", "5.5.10", "5.6.9", "5.7.7", "5.8.5", "5.9.4", "6.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0248f829-84de-40b9-bb63-354fbf06472d?source=api-scan" ], "published": "2022-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02490a4b-b2c0-4921-bbf2-678c44c96a5b": { "id": "02490a4b-b2c0-4921-bbf2-678c44c96a5b", "title": "Fastly <= 1.2.25 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Fastly", "slug": "fastly", "affected_versions": { "* - 1.2.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02490a4b-b2c0-4921-bbf2-678c44c96a5b?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "024f4058-065b-48b4-a08a-d9732d4375cd": { "id": "024f4058-065b-48b4-a08a-d9732d4375cd", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/024f4058-065b-48b4-a08a-d9732d4375cd?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "024fa9ff-d1ba-4c1f-aa51-1dbf5a5713d8": { "id": "024fa9ff-d1ba-4c1f-aa51-1dbf5a5713d8", "title": "ShortPixel Image Optimizer <= 5.6.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "ShortPixel Image Optimizer \u2013 Optimize Images, Convert WebP & AVIF", "slug": "shortpixel-image-optimiser", "affected_versions": { "* - 5.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/024fa9ff-d1ba-4c1f-aa51-1dbf5a5713d8?source=api-scan" ], "published": "2024-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0252d07a-cf84-479d-a71b-a9b13a9765d5": { "id": "0252d07a-cf84-479d-a71b-a9b13a9765d5", "title": "WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter", "software": [ { "type": "plugin", "name": "WP Reset \u2013 Most Advanced WordPress Reset Tool", "slug": "wp-reset", "affected_versions": { "* - 1.86": { "from_version": "*", "from_inclusive": true, "to_version": "1.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0252d07a-cf84-479d-a71b-a9b13a9765d5?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02540fe4-b690-46ab-b79b-a90c8d796ec4": { "id": "02540fe4-b690-46ab-b79b-a90c8d796ec4", "title": "Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02540fe4-b690-46ab-b79b-a90c8d796ec4?source=api-scan" ], "published": "2022-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02551726-672d-481a-8b77-ec7bf33a22c1": { "id": "02551726-672d-481a-8b77-ec7bf33a22c1", "title": "WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Booklet", "slug": "wp-booklet", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02551726-672d-481a-8b77-ec7bf33a22c1?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "025a13e6-5f0a-49ca-bd63-44e4095072bd": { "id": "025a13e6-5f0a-49ca-bd63-44e4095072bd", "title": "Rate Star Review <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rate Star Review Vote \u2013 AJAX Reviews, Votes, Star Ratings", "slug": "rate-star-review", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/025a13e6-5f0a-49ca-bd63-44e4095072bd?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "025d576b-7342-4863-ac30-f1ff0205d638": { "id": "025d576b-7342-4863-ac30-f1ff0205d638", "title": "TS Webfonts for \u3055\u304f\u3089\u306e\u30ec\u30f3\u30bf\u30eb\u30b5\u30fc\u30d0 <= 3.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TS Webfonts for \u3055\u304f\u3089\u306e\u30ec\u30f3\u30bf\u30eb\u30b5\u30fc\u30d0", "slug": "ts-webfonts-for-sakura", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/025d576b-7342-4863-ac30-f1ff0205d638?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "026443b6-4ab5-4f31-8a8d-2019097bde4c": { "id": "026443b6-4ab5-4f31-8a8d-2019097bde4c", "title": "Attorney <= 3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Attorney", "slug": "attorney", "affected_versions": { "* - 3": { "from_version": "*", "from_inclusive": true, "to_version": "3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/026443b6-4ab5-4f31-8a8d-2019097bde4c?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02649a9e-036a-47fe-ab1a-26caf4f2be27": { "id": "02649a9e-036a-47fe-ab1a-26caf4f2be27", "title": "Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 5.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02649a9e-036a-47fe-ab1a-26caf4f2be27?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02665811-15ba-434c-a4d0-df5402a128f4": { "id": "02665811-15ba-434c-a4d0-df5402a128f4", "title": "Simple Ads Manager <= 2.9.8.125 - Unauthenticated PHP Objection Injection", "software": [ { "type": "plugin", "name": "Simple Ads Manager", "slug": "simple-ads-manager", "affected_versions": { "[*, 2.10.0.130)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.0.130", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.0.130" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02665811-15ba-434c-a4d0-df5402a128f4?source=api-scan" ], "published": "2017-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02699ada-f4bf-45c4-89e8-018dfff40ac1": { "id": "02699ada-f4bf-45c4-89e8-018dfff40ac1", "title": "Gallery - Video Gallery and YouTube Gallery <= 2.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Gallery - Video Gallery and YouTube Gallery", "slug": "gallery-video", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02699ada-f4bf-45c4-89e8-018dfff40ac1?source=api-scan" ], "published": "2016-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "026f8d9b-a66b-4a59-8375-fba587a4eef7": { "id": "026f8d9b-a66b-4a59-8375-fba587a4eef7", "title": "ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion", "software": [ { "type": "plugin", "name": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "slug": "arforms-form-builder", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/026f8d9b-a66b-4a59-8375-fba587a4eef7?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "026ff6f4-077e-4fee-8fbe-8176f8ca5af3": { "id": "026ff6f4-077e-4fee-8fbe-8176f8ca5af3", "title": "wpDiscuz <= 7.6.11 - Unauthenticated Stored Cross-Site Scripting via Comment Uploaded Image Filename", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/026ff6f4-077e-4fee-8fbe-8176f8ca5af3?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02737f71-7ea6-4ce7-87e8-3988e3759f00": { "id": "02737f71-7ea6-4ce7-87e8-3988e3759f00", "title": "Gutenberg Blocks \u2013 Unlimited blocks For Gutenberg <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenberg Blocks \u2013 Unlimited blocks For Gutenberg", "slug": "unlimited-blocks", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02737f71-7ea6-4ce7-87e8-3988e3759f00?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "027fa70f-8777-4a0b-b2aa-18bcdcd99cbf": { "id": "027fa70f-8777-4a0b-b2aa-18bcdcd99cbf", "title": "RSVPMaker <= 8.7.2 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "[*, 8.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "8.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/027fa70f-8777-4a0b-b2aa-18bcdcd99cbf?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "028a90c7-ded7-45ad-90ea-9f1a7d3743a0": { "id": "028a90c7-ded7-45ad-90ea-9f1a7d3743a0", "title": "Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ChatBot Conversational Forms", "slug": "conversational-forms", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/028a90c7-ded7-45ad-90ea-9f1a7d3743a0?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02930a65-91b6-475e-9673-063ba5929b6c": { "id": "02930a65-91b6-475e-9673-063ba5929b6c", "title": "NextGEN Gallery <= 3.59.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.59.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.59.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.59.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02930a65-91b6-475e-9673-063ba5929b6c?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0295711d-5da6-4e28-9151-b0ce762c7eb7": { "id": "0295711d-5da6-4e28-9151-b0ce762c7eb7", "title": "Free Booking Plugin for Hotels, Restaurant and Car Rental \u2013 eaSYNC <= 1.1.15 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Free Booking Plugin for Hotels, Restaurants and Car Rentals \u2013 eaSYNC Booking", "slug": "easync-booking", "affected_versions": { "* - 1.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0295711d-5da6-4e28-9151-b0ce762c7eb7?source=api-scan" ], "published": "2022-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0298f5e6-36b6-4005-b6ef-d38f2f86f0b1": { "id": "0298f5e6-36b6-4005-b6ef-d38f2f86f0b1", "title": "ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "ENL Newsletter", "slug": "enl-newsletter", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0298f5e6-36b6-4005-b6ef-d38f2f86f0b1?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "029c3606-caba-4964-aefd-6000a1b4832d": { "id": "029c3606-caba-4964-aefd-6000a1b4832d", "title": "WORDPRESS VIDEO GALLERY <= 3.0 - Improper Access Control", "software": [ { "type": "plugin", "name": "WORDPRESS VIDEO GALLERY", "slug": "contus-video-gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/029c3606-caba-4964-aefd-6000a1b4832d?source=api-scan" ], "published": "2015-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02a6428f-beef-4491-ab5f-130a9e7924c2": { "id": "02a6428f-beef-4491-ab5f-130a9e7924c2", "title": "Bit File Manager \u2013 100% free file manager for WordPress <= 5.2.2 - Subscriber+ Arbitrary File Creation\/Upload\/Deletion", "software": [ { "type": "plugin", "name": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress", "slug": "file-manager", "affected_versions": { "* - 5.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02a6428f-beef-4491-ab5f-130a9e7924c2?source=api-scan" ], "published": "2022-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02ac8b9e-bc59-4c46-9f9c-23e3b6ae615c": { "id": "02ac8b9e-bc59-4c46-9f9c-23e3b6ae615c", "title": "Picture Factory (Unspecified Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Picture Factory", "slug": "picturefactory", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02ac8b9e-bc59-4c46-9f9c-23e3b6ae615c?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02af50bf-d0f3-4dd7-89bd-dd60c33b5097": { "id": "02af50bf-d0f3-4dd7-89bd-dd60c33b5097", "title": "HUSKY <= 1.3.6.1 - Authenticated (Shop Manager+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02af50bf-d0f3-4dd7-89bd-dd60c33b5097?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02b24735-0310-4b00-9acc-a05557238697": { "id": "02b24735-0310-4b00-9acc-a05557238697", "title": "Auto Poster <= 1.2 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Auto Poster", "slug": "auto-poster", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02b24735-0310-4b00-9acc-a05557238697?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02b336ce-be41-4343-9817-0437bd2685c2": { "id": "02b336ce-be41-4343-9817-0437bd2685c2", "title": "MyBookTable Bookstore <= 3.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MyBookTable Bookstore by Stormhill Media", "slug": "mybooktable", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02b336ce-be41-4343-9817-0437bd2685c2?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02b5aefe-ba27-4273-927c-7779df83eb18": { "id": "02b5aefe-ba27-4273-927c-7779df83eb18", "title": "WPMobile.App <= 11.20 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPMobile.App \u2014 Android and iOS Mobile Application", "slug": "wpappninja", "affected_versions": { "* - 11.20": { "from_version": "*", "from_inclusive": true, "to_version": "11.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02b5aefe-ba27-4273-927c-7779df83eb18?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02b61eb1-a93f-4437-87de-d698af8ef9f6": { "id": "02b61eb1-a93f-4437-87de-d698af8ef9f6", "title": "Blog2Social <= 6.9.3 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 6.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02b61eb1-a93f-4437-87de-d698af8ef9f6?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02b75034-8db1-465b-837e-014e2c2e8b4d": { "id": "02b75034-8db1-465b-837e-014e2c2e8b4d", "title": "Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status", "software": [ { "type": "plugin", "name": "Asgaros Forum", "slug": "asgaros-forum", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02b75034-8db1-465b-837e-014e2c2e8b4d?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02b9a40a-2fb6-4d75-b4b4-a83b95df90e1": { "id": "02b9a40a-2fb6-4d75-b4b4-a83b95df90e1", "title": "Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Contact Form Solution", "slug": "easy-contact-form-solution", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02b9a40a-2fb6-4d75-b4b4-a83b95df90e1?source=api-scan" ], "published": "2014-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02bb12db-0bc9-4c13-918f-1f90b500c165": { "id": "02bb12db-0bc9-4c13-918f-1f90b500c165", "title": "PropertyHive < 1.4.26 - Remote Code Execution", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "[*, 1.4.26)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.26", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02bb12db-0bc9-4c13-918f-1f90b500c165?source=api-scan" ], "published": "2018-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02bfc849-0f36-4647-9290-eddbacdb419b": { "id": "02bfc849-0f36-4647-9290-eddbacdb419b", "title": "Updraft <= 0.6.1 - Reflected Cross-Site Scripting via 'backup_timestamp'", "software": [ { "type": "plugin", "name": "Updraft", "slug": "updraft", "affected_versions": { "* - 0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02bfc849-0f36-4647-9290-eddbacdb419b?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02c6ec97-50cc-4c61-9bb7-b94250d5dda3": { "id": "02c6ec97-50cc-4c61-9bb7-b94250d5dda3", "title": "CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "CRM Perks Forms \u2013 WordPress Form Builder", "slug": "crm-perks-forms", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02c6ec97-50cc-4c61-9bb7-b94250d5dda3?source=api-scan" ], "published": "2024-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02cf711b-69af-4869-9ebd-31c657be1bc3": { "id": "02cf711b-69af-4869-9ebd-31c657be1bc3", "title": "All In One SEO Pack <= 3.2.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02cf711b-69af-4869-9ebd-31c657be1bc3?source=api-scan" ], "published": "2019-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02cff893-4f41-4bb0-9fb0-344a3a8afa0b": { "id": "02cff893-4f41-4bb0-9fb0-344a3a8afa0b", "title": "Rotating Tweets (Twitter widget and shortcode) <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Rotating Tweets (Twitter widget and shortcode)", "slug": "rotatingtweets", "affected_versions": { "* - 1.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02cff893-4f41-4bb0-9fb0-344a3a8afa0b?source=api-scan" ], "published": "2024-06-05 15:44:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02cffe63-dad2-4f6b-9530-7f494e3071d7": { "id": "02cffe63-dad2-4f6b-9530-7f494e3071d7", "title": "YouTube Playlist Player <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YouTube Playlist Player", "slug": "youtube-playlist-player", "affected_versions": { "* - 4.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02cffe63-dad2-4f6b-9530-7f494e3071d7?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02d11be0-2e2e-4c76-8a8e-f3f637b99809": { "id": "02d11be0-2e2e-4c76-8a8e-f3f637b99809", "title": "WooCommerce Easy Duplicate Product <= 0.3.0.7 - Missing Authorization via wedp_duplicate_product_action", "software": [ { "type": "plugin", "name": "WooCommerce Easy Duplicate Product", "slug": "woo-easy-duplicate-product", "affected_versions": { "* - 0.3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02d11be0-2e2e-4c76-8a8e-f3f637b99809?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02d4bc64-d05d-4151-bc38-523cbb2ef60c": { "id": "02d4bc64-d05d-4151-bc38-523cbb2ef60c", "title": "Filr \u2013 Secure document library <= 1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Filr \u2013 Secure document library", "slug": "filr-protection", "affected_versions": { "[*, 1.2.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02d4bc64-d05d-4151-bc38-523cbb2ef60c?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02d6e9c3-f040-4a41-a803-4bbe5f86c29b": { "id": "02d6e9c3-f040-4a41-a803-4bbe5f86c29b", "title": "Woffice <= 5.4.10 - Unauthenticated Privilege Escalation", "software": [ { "type": "theme", "name": "Woffice CRM", "slug": "woffice", "affected_versions": { "* - 5.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02d6e9c3-f040-4a41-a803-4bbe5f86c29b?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02d994b7-2891-47d0-92d3-c33c4eac54f0": { "id": "02d994b7-2891-47d0-92d3-c33c4eac54f0", "title": "Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Unauthenticated Arbitrary Content Deletion", "software": [ { "type": "plugin", "name": "SharkDropship and Affiliate for AliExpress, Temu, eBay, Amazon and Etsy to woocommerce", "slug": "woo-aliexpress-dropshipping", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02d994b7-2891-47d0-92d3-c33c4eac54f0?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02dcf609-e8ef-4ff5-a61e-6c513af04ca2": { "id": "02dcf609-e8ef-4ff5-a61e-6c513af04ca2", "title": "Remove Duplicate Posts <= 1.3.5 - Missing Authorization to Post Deletion", "software": [ { "type": "plugin", "name": "Remove Duplicate Posts", "slug": "remove-duplicate-posts", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02dcf609-e8ef-4ff5-a61e-6c513af04ca2?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02ddfc75-8a9e-4a8e-8339-52348a963c69": { "id": "02ddfc75-8a9e-4a8e-8339-52348a963c69", "title": "KP Fastest Tawk.to Chat <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "KP Fastest Tawk.to Chat", "slug": "kp-fastest-tawk-to-chat", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02ddfc75-8a9e-4a8e-8339-52348a963c69?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02e8a576-bf00-4da9-9795-bd6b22bb0b19": { "id": "02e8a576-bf00-4da9-9795-bd6b22bb0b19", "title": "AS \u2013 Create Pinterest Pinboard Pages <= 1.0 - Authenticated Options Change to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AS \u2013 Create Pinterest Pinboard Pages", "slug": "as-create-pinterest-pinboard-pages", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02e8a576-bf00-4da9-9795-bd6b22bb0b19?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02eadae8-7aa6-42f5-b807-9ed82332fa72": { "id": "02eadae8-7aa6-42f5-b807-9ed82332fa72", "title": "Essential Grid <= 3.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Grid Portfolio \u2013 Photo Gallery", "slug": "essential-grid", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02eadae8-7aa6-42f5-b807-9ed82332fa72?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02ecd818-4c96-463e-b9ab-5900c1d01a39": { "id": "02ecd818-4c96-463e-b9ab-5900c1d01a39", "title": "Photoxhibit <= 2.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PhotoXhibit", "slug": "photoxhibit", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02ecd818-4c96-463e-b9ab-5900c1d01a39?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02f8faff-8629-490b-9bc7-378ebffcfd0f": { "id": "02f8faff-8629-490b-9bc7-378ebffcfd0f", "title": "All In One WP Security & Firewall <= 4.4.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 4.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02f8faff-8629-490b-9bc7-378ebffcfd0f?source=api-scan" ], "published": "2020-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02f957f6-2327-41e0-99f5-7a6893eeb614": { "id": "02f957f6-2327-41e0-99f5-7a6893eeb614", "title": "DethemeKit For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DethemeKit For Elementor", "slug": "dethemekit-for-elementor", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02f957f6-2327-41e0-99f5-7a6893eeb614?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02fceb91-7691-4629-b18b-57959e9f3f62": { "id": "02fceb91-7691-4629-b18b-57959e9f3f62", "title": "Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget", "software": [ { "type": "plugin", "name": "Beaver Builder Addons by WPZOOM", "slug": "wpzoom-addons-for-beaver-builder", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02fceb91-7691-4629-b18b-57959e9f3f62?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02fd8469-cd99-42dc-9a28-c0ea08512bb0": { "id": "02fd8469-cd99-42dc-9a28-c0ea08512bb0", "title": "WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_activate_product", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02fd8469-cd99-42dc-9a28-c0ea08512bb0?source=api-scan" ], "published": "2023-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02fde6b1-d709-4329-ae9c-fea444c1aec8": { "id": "02fde6b1-d709-4329-ae9c-fea444c1aec8", "title": "Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update", "software": [ { "type": "theme", "name": "Woodmart", "slug": "woodmart", "affected_versions": { "* - 7.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02fde6b1-d709-4329-ae9c-fea444c1aec8?source=api-scan" ], "published": "2023-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "02fe4a33-d059-461c-a03f-b7306ce6193f": { "id": "02fe4a33-d059-461c-a03f-b7306ce6193f", "title": "GeoPlaces <= 4 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Geo Places 4 Theme beta", "slug": "geoplaces4beta", "affected_versions": { "* - 4beta": { "from_version": "*", "from_inclusive": true, "to_version": "4beta", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5" ] }, { "type": "theme", "name": "Geo Places 4 Theme", "slug": "geoplaces4", "affected_versions": { "* - 4": { "from_version": "*", "from_inclusive": true, "to_version": "4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/02fe4a33-d059-461c-a03f-b7306ce6193f?source=api-scan" ], "published": "2013-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0306c785-0dc3-44fb-a3cc-9afb5ab81651": { "id": "0306c785-0dc3-44fb-a3cc-9afb5ab81651", "title": "WP Admin UI Customize <= 1.5.12 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Admin UI Customize", "slug": "wp-admin-ui-customize", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0306c785-0dc3-44fb-a3cc-9afb5ab81651?source=api-scan" ], "published": "2022-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03073726-58d0-45b3-b7a6-7d12dbede919": { "id": "03073726-58d0-45b3-b7a6-7d12dbede919", "title": "Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline)", "slug": "timeline-widget-addon-for-elementor", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03073726-58d0-45b3-b7a6-7d12dbede919?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "030def71-2949-46d5-a545-f3472433324e": { "id": "030def71-2949-46d5-a545-f3472433324e", "title": "WP Google Fonts <= 3.1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Google Fonts", "slug": "wp-google-fonts", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/030def71-2949-46d5-a545-f3472433324e?source=api-scan" ], "published": "2015-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "030ec6bb-f19d-4145-b3fb-bd647c154666": { "id": "030ec6bb-f19d-4145-b3fb-bd647c154666", "title": "Blocksy <= 2.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blocksy", "slug": "blocksy", "affected_versions": { "* - 2.0.33": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/030ec6bb-f19d-4145-b3fb-bd647c154666?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03123f2f-1241-445c-8d28-cb02e85795e3": { "id": "03123f2f-1241-445c-8d28-cb02e85795e3", "title": "TOCHAT.BE <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TOCHAT.BE", "slug": "tochat-be", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03123f2f-1241-445c-8d28-cb02e85795e3?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03155b4e-a148-4990-8d47-ab77ae7736c5": { "id": "03155b4e-a148-4990-8d47-ab77ae7736c5", "title": "ContentLock <= 1.0.3 - Cross-Site Request Forgery to Group\/Email Deletion", "software": [ { "type": "plugin", "name": "ContentLock", "slug": "contentlock", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03155b4e-a148-4990-8d47-ab77ae7736c5?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0315f5de-7a46-4e16-b080-557ddfd180a2": { "id": "0315f5de-7a46-4e16-b080-557ddfd180a2", "title": "Moment.js <= 2.29.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0315f5de-7a46-4e16-b080-557ddfd180a2?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03177018-94cb-4e14-9476-e2d369414c38": { "id": "03177018-94cb-4e14-9476-e2d369414c38", "title": "Product Catalog Enquiry <= 5.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "CatalogX \u2013 Product Catalog Mode For WooCommerce", "slug": "woocommerce-catalog-enquiry", "affected_versions": { "[*, 5.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03177018-94cb-4e14-9476-e2d369414c38?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0318ec4a-185a-405d-90f8-008ba373114b": { "id": "0318ec4a-185a-405d-90f8-008ba373114b", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in enableOptimization", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0318ec4a-185a-405d-90f8-008ba373114b?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "031995fb-48c4-4f56-8b64-d66a47b2fbe9": { "id": "031995fb-48c4-4f56-8b64-d66a47b2fbe9", "title": "Sensei LMS <= 4.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sensei LMS \u2013 Online Courses, Quizzes, & Learning", "slug": "sensei-lms", "affected_versions": { "* - 4.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.18.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/031995fb-48c4-4f56-8b64-d66a47b2fbe9?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "031a1203-6b0d-453b-be8a-12e7f55cb401": { "id": "031a1203-6b0d-453b-be8a-12e7f55cb401", "title": "Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice", "software": [ { "type": "plugin", "name": "Under Construction", "slug": "under-construction-page", "affected_versions": { "* - 3.96": { "from_version": "*", "from_inclusive": true, "to_version": "3.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.97" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/031a1203-6b0d-453b-be8a-12e7f55cb401?source=api-scan" ], "published": "2023-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "031c2a61-3547-4c33-8ab8-c52585c8066a": { "id": "031c2a61-3547-4c33-8ab8-c52585c8066a", "title": "OpenInviter for WordPress <= 1.7.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "OpenInviter for WordPress", "slug": "openinviter-for-wordpress", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/031c2a61-3547-4c33-8ab8-c52585c8066a?source=api-scan" ], "published": "2013-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "031c31b2-6e27-47bb-9f63-2bbaa1edbbb2": { "id": "031c31b2-6e27-47bb-9f63-2bbaa1edbbb2", "title": "PowerPress <= 11.0.6 - Authenticated (Contributor+) Server-Side Request Forgery via wp_ajax_powerpress_media_info", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 11.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/031c31b2-6e27-47bb-9f63-2bbaa1edbbb2?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0323b54b-c15b-4d2d-9e8f-3df87c84dd49": { "id": "0323b54b-c15b-4d2d-9e8f-3df87c84dd49", "title": "WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0323b54b-c15b-4d2d-9e8f-3df87c84dd49?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0324852f-9e19-467c-9b0b-4c9fe2dd1cc0": { "id": "0324852f-9e19-467c-9b0b-4c9fe2dd1cc0", "title": "WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0324852f-9e19-467c-9b0b-4c9fe2dd1cc0?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "032e775a-97be-4d93-bac3-094e35be4b11": { "id": "032e775a-97be-4d93-bac3-094e35be4b11", "title": "WP GDPR <= 2.1.1 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "WP GDPR", "slug": "wp-gdpr-core", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/032e775a-97be-4d93-bac3-094e35be4b11?source=api-scan" ], "published": "2020-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "032f3363-83c0-4548-81f0-724a71931add": { "id": "032f3363-83c0-4548-81f0-724a71931add", "title": "WP Time Slots Booking Form <= 1.1.76 - Cross-Site Request Forgery to Feedback Submission", "software": [ { "type": "plugin", "name": "WP Time Slots Booking Form", "slug": "wp-time-slots-booking-form", "affected_versions": { "* - 1.1.76": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/032f3363-83c0-4548-81f0-724a71931add?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "033069d2-8e0f-4c67-b18c-fdd471d85f87": { "id": "033069d2-8e0f-4c67-b18c-fdd471d85f87", "title": "WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "* - 3.4.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/033069d2-8e0f-4c67-b18c-fdd471d85f87?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03329efa-6ffd-42e1-ab7e-cc21cb48866f": { "id": "03329efa-6ffd-42e1-ab7e-cc21cb48866f", "title": "WP Cerber Security <= 8.9.5.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "* - 8.9.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.9.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03329efa-6ffd-42e1-ab7e-cc21cb48866f?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03354f47-ebf7-4242-89d0-1b937d418c6f": { "id": "03354f47-ebf7-4242-89d0-1b937d418c6f", "title": "AFI \u2013 The Easiest Integration Plugin <= 1.89.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AFI \u2013 The Easiest Integration Plugin", "slug": "advanced-form-integration", "affected_versions": { "* - 1.89.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.89.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.89.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03354f47-ebf7-4242-89d0-1b937d418c6f?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "033b0f16-02fb-44b9-9e07-2393afe14cc5": { "id": "033b0f16-02fb-44b9-9e07-2393afe14cc5", "title": "User Rights Access Manager <= 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Rights Access Manager", "slug": "user-rights-access-manager", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/033b0f16-02fb-44b9-9e07-2393afe14cc5?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "034246b2-e123-480d-afaf-cce9d42f1f03": { "id": "034246b2-e123-480d-afaf-cce9d42f1f03", "title": "Credova_Financial <= 1.4.8 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Credova Financial", "slug": "credova-financial", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/034246b2-e123-480d-afaf-cce9d42f1f03?source=api-scan" ], "published": "2021-09-29 16:39:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0348d465-f351-4c52-b293-8b3b058292b9": { "id": "0348d465-f351-4c52-b293-8b3b058292b9", "title": "Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0348d465-f351-4c52-b293-8b3b058292b9?source=api-scan" ], "published": "2024-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "034bb19b-1ee6-4ded-b907-a3f182745e67": { "id": "034bb19b-1ee6-4ded-b907-a3f182745e67", "title": "WP Post Author <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Post Author \u2013 Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder", "slug": "wp-post-author", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/034bb19b-1ee6-4ded-b907-a3f182745e67?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "034e77ef-fb3f-4e62-be1b-c56c454c5ba8": { "id": "034e77ef-fb3f-4e62-be1b-c56c454c5ba8", "title": "JivoChat Live Chat \u2013 WP live chat plugin for WordPress <= 1.3.5.3 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JivoChat Live Chat \u2013 WP live chat plugin for WordPress", "slug": "jivochat", "affected_versions": { "* - 1.3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/034e77ef-fb3f-4e62-be1b-c56c454c5ba8?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03564cae-df90-454b-8379-6ad9f22b7389": { "id": "03564cae-df90-454b-8379-6ad9f22b7389", "title": "Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget", "software": [ { "type": "plugin", "name": "Beaver Builder Addons by WPZOOM", "slug": "wpzoom-addons-for-beaver-builder", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03564cae-df90-454b-8379-6ad9f22b7389?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0358d8f8-f7fd-487e-b75c-08e1cfdeeeec": { "id": "0358d8f8-f7fd-487e-b75c-08e1cfdeeeec", "title": "Unite Gallery Lite <= 1.7.62 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Unite Gallery Lite", "slug": "unite-gallery-lite", "affected_versions": { "* - 1.7.62": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.62", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0358d8f8-f7fd-487e-b75c-08e1cfdeeeec?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0359434b-9d88-4a40-8e9f-ec354c8de816": { "id": "0359434b-9d88-4a40-8e9f-ec354c8de816", "title": "Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Read More Excerpt Link", "slug": "read-more-excerpt-link", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0359434b-9d88-4a40-8e9f-ec354c8de816?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "035ada56-541d-47b3-8348-3401d94bb509": { "id": "035ada56-541d-47b3-8348-3401d94bb509", "title": "Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "Cost Calculator Builder PRO", "slug": "cost-calculator-builder-pro", "affected_versions": { "* - 3.1.75": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/035ada56-541d-47b3-8348-3401d94bb509?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "035d5f4a-1145-48e0-8388-e319088ebd52": { "id": "035d5f4a-1145-48e0-8388-e319088ebd52", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/035d5f4a-1145-48e0-8388-e319088ebd52?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "035d9433-08db-4849-aae3-735be9f82f52": { "id": "035d9433-08db-4849-aae3-735be9f82f52", "title": "GigPress <= 2.3.29 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GigPress", "slug": "gigpress", "affected_versions": { "* - 2.3.29": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.29", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/035d9433-08db-4849-aae3-735be9f82f52?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "036cf299-80c2-48a8-befc-02899ab96e3c": { "id": "036cf299-80c2-48a8-befc-02899ab96e3c", "title": "PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.7.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/036cf299-80c2-48a8-befc-02899ab96e3c?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03725477-7d7b-4ec9-8b9f-5ce9f8905243": { "id": "03725477-7d7b-4ec9-8b9f-5ce9f8905243", "title": "Jetpack Boost <= 3.4.6 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Jetpack Boost \u2013 Website Speed, Performance and Critical CSS", "slug": "jetpack-boost", "affected_versions": { "* - 3.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03725477-7d7b-4ec9-8b9f-5ce9f8905243?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0372efe4-b5be-4601-be43-5c12332ea1a5": { "id": "0372efe4-b5be-4601-be43-5c12332ea1a5", "title": "UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0372efe4-b5be-4601-be43-5c12332ea1a5?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03733eb8-63c7-4798-9d87-e80a6112da6e": { "id": "03733eb8-63c7-4798-9d87-e80a6112da6e", "title": "Daily Inspiration Generator <= 2.0 - Open Redirect", "software": [ { "type": "plugin", "name": "Daily Inspiration Generator", "slug": "daily-inspiration-generator", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03733eb8-63c7-4798-9d87-e80a6112da6e?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "037882e8-4d66-47b9-8ca5-3fa3866b9125": { "id": "037882e8-4d66-47b9-8ca5-3fa3866b9125", "title": "ND Shortcodes <= 6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ND Shortcodes", "slug": "nd-shortcodes", "affected_versions": { "* - 6.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/037882e8-4d66-47b9-8ca5-3fa3866b9125?source=api-scan" ], "published": "2022-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "037a8b06-18be-4443-b54c-22f50c89d5b4": { "id": "037a8b06-18be-4443-b54c-22f50c89d5b4", "title": "All In One WP Security & Firewall <= 4.0.8 - SQL Injection", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 4.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/037a8b06-18be-4443-b54c-22f50c89d5b4?source=api-scan" ], "published": "2019-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "037ff4f5-7855-43e8-af25-9a0fcd5f0b64": { "id": "037ff4f5-7855-43e8-af25-9a0fcd5f0b64", "title": "WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments", "slug": "heateor-social-comments", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/037ff4f5-7855-43e8-af25-9a0fcd5f0b64?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "038742d8-3da9-4e2a-bbd4-9ed6b31e8767": { "id": "038742d8-3da9-4e2a-bbd4-9ed6b31e8767", "title": "Fix My Feed RSS Repair <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fix My Feed RSS Repair", "slug": "fix-my-feed-rss-repair", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/038742d8-3da9-4e2a-bbd4-9ed6b31e8767?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0388853e-4bf8-4627-876a-b842e7016de3": { "id": "0388853e-4bf8-4627-876a-b842e7016de3", "title": "MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 8.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0388853e-4bf8-4627-876a-b842e7016de3?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "038d1144-81b8-4e4b-b0d5-60516f02dbdf": { "id": "038d1144-81b8-4e4b-b0d5-60516f02dbdf", "title": "WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Airbnb Review Slider", "slug": "wp-airbnb-review-slider", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/038d1144-81b8-4e4b-b0d5-60516f02dbdf?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03926855-d2cc-4105-9927-5871002cb7a0": { "id": "03926855-d2cc-4105-9927-5871002cb7a0", "title": "Pie Register <= 3.7.1.5 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 3.7.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03926855-d2cc-4105-9927-5871002cb7a0?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0395b775-a89d-45f5-ac38-d5786f4b4d1b": { "id": "0395b775-a89d-45f5-ac38-d5786f4b4d1b", "title": "Gravityforms <= 1.9.3.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Gravity Forms", "slug": "gravityforms", "affected_versions": { "* - 1.9.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0395b775-a89d-45f5-ac38-d5786f4b4d1b?source=api-scan" ], "published": "2015-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "039ac1d9-ccb5-43d0-8b17-10d12b7df90e": { "id": "039ac1d9-ccb5-43d0-8b17-10d12b7df90e", "title": "Fluent Support <= 1.8.0 - Insufficient Authorization on Email Verification", "software": [ { "type": "plugin", "name": "Fluent Support \u2013 Helpdesk & Customer Support Ticket System", "slug": "fluent-support", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/039ac1d9-ccb5-43d0-8b17-10d12b7df90e?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "039b7dcc-fad6-4bc1-b0f9-7e888eb54412": { "id": "039b7dcc-fad6-4bc1-b0f9-7e888eb54412", "title": "Visual Email Designer for WooCommerce <= 1.7.1 - Authenticated (Author+) SQL Injection", "software": [ { "type": "plugin", "name": "Visual Email Designer for WooCommerce", "slug": "email-customizer-woocommerce", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/039b7dcc-fad6-4bc1-b0f9-7e888eb54412?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "039d2a35-fbd9-467b-ae98-2d47ff03fb2e": { "id": "039d2a35-fbd9-467b-ae98-2d47ff03fb2e", "title": "AJAX Thumbnail Rebuild <= 1.13 - Missing Authorization", "software": [ { "type": "plugin", "name": "AJAX Thumbnail Rebuild", "slug": "ajax-thumbnail-rebuild", "affected_versions": { "* - 1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/039d2a35-fbd9-467b-ae98-2d47ff03fb2e?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03a1724c-8fea-4e9f-a4a1-9de236e1f15a": { "id": "03a1724c-8fea-4e9f-a4a1-9de236e1f15a", "title": "Export Users Data Distinct <= 1.3 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "Export Users Data Distinct", "slug": "export-users-data-distinct", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03a1724c-8fea-4e9f-a4a1-9de236e1f15a?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03a64a72-6643-4747-a916-000197cc2794": { "id": "03a64a72-6643-4747-a916-000197cc2794", "title": "All in One SEO <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03a64a72-6643-4747-a916-000197cc2794?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03ad3677-1b02-4f22-af50-e88b2ec83f54": { "id": "03ad3677-1b02-4f22-af50-e88b2ec83f54", "title": "Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cost Calculator Builder", "slug": "cost-calculator-builder", "affected_versions": { "* - 3.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03ad3677-1b02-4f22-af50-e88b2ec83f54?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03b1376e-8ef3-4bd2-904b-6819aa21d144": { "id": "03b1376e-8ef3-4bd2-904b-6819aa21d144", "title": "Computer Repair Shop < 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CRM WordPress Plugin \u2013 RepairBuddy", "slug": "computer-repair-shop", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03b1376e-8ef3-4bd2-904b-6819aa21d144?source=api-scan" ], "published": "2020-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03b37c90-4bb5-4003-a440-3fb57a5c1cae": { "id": "03b37c90-4bb5-4003-a440-3fb57a5c1cae", "title": "ShareThis Share Buttons <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via sharethis-inline-buttons Shortcode", "software": [ { "type": "plugin", "name": "ShareThis Share Buttons", "slug": "sharethis-share-buttons", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03b37c90-4bb5-4003-a440-3fb57a5c1cae?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03b9187e-022a-48c1-a79c-c4629357de5a": { "id": "03b9187e-022a-48c1-a79c-c4629357de5a", "title": "DTracker <= 1.5 - SQL Injection", "software": [ { "type": "plugin", "name": "DTracker", "slug": "dtracker", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03b9187e-022a-48c1-a79c-c4629357de5a?source=api-scan" ], "published": "2017-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03be4344-d388-4357-8a2e-c3b9c8b83017": { "id": "03be4344-d388-4357-8a2e-c3b9c8b83017", "title": "e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "e-signature", "slug": "e-signature", "affected_versions": { "[*, 1.5.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03be4344-d388-4357-8a2e-c3b9c8b83017?source=api-scan" ], "published": "2021-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03bf84e2-c101-416d-a953-c63ecd1dba7d": { "id": "03bf84e2-c101-416d-a953-c63ecd1dba7d", "title": "All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03bf84e2-c101-416d-a953-c63ecd1dba7d?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03c8a13e-7484-40f1-907f-f3a5ace9f7e9": { "id": "03c8a13e-7484-40f1-907f-f3a5ace9f7e9", "title": "Falang multilanguage <= 1.3.47 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Falang multilanguage for WordPress", "slug": "falang", "affected_versions": { "* - 1.3.47": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.47", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03c8a13e-7484-40f1-907f-f3a5ace9f7e9?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03c8ec0a-f75f-450f-86e7-a18dfbae9461": { "id": "03c8ec0a-f75f-450f-86e7-a18dfbae9461", "title": "Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Twitch Player", "slug": "ttv-easy-embed-player", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03c8ec0a-f75f-450f-86e7-a18dfbae9461?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03c9e4c4-c680-474e-b172-d34d3eba2183": { "id": "03c9e4c4-c680-474e-b172-d34d3eba2183", "title": "Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03c9e4c4-c680-474e-b172-d34d3eba2183?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03ccd474-42f4-4cbb-823e-93fe4db1bf80": { "id": "03ccd474-42f4-4cbb-823e-93fe4db1bf80", "title": "WP Cerber Security <= 9.4 - IP Protection Bypass", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "* - 9.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03ccd474-42f4-4cbb-823e-93fe4db1bf80?source=api-scan" ], "published": "2024-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03cd1f6e-2400-44e7-b2b0-32c9890e1c1b": { "id": "03cd1f6e-2400-44e7-b2b0-32c9890e1c1b", "title": "Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Product Tabs for WooCommerce", "slug": "yikes-inc-easy-custom-woocommerce-product-tabs", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03cd1f6e-2400-44e7-b2b0-32c9890e1c1b?source=api-scan" ], "published": "2022-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03d02297-0cc6-4935-b282-9b95d8292954": { "id": "03d02297-0cc6-4935-b282-9b95d8292954", "title": "WP Dialog <= 1.2.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Dialog", "slug": "wp-dialog", "affected_versions": { "* - 1.2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03d02297-0cc6-4935-b282-9b95d8292954?source=api-scan" ], "published": "2021-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03d05c74-da50-4175-86f5-f39a89dbffd4": { "id": "03d05c74-da50-4175-86f5-f39a89dbffd4", "title": "VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Post", "software": [ { "type": "plugin", "name": "VK Blocks Pro", "slug": "vk-blocks-pro", "affected_versions": { "* - 1.53.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.53.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.54.0" ] }, { "type": "plugin", "name": "VK Blocks", "slug": "vk-blocks", "affected_versions": { "* - 1.53.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.53.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.54.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03d05c74-da50-4175-86f5-f39a89dbffd4?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03d8b8e7-5702-42d4-8cd9-ae3ff1a74a7e": { "id": "03d8b8e7-5702-42d4-8cd9-ae3ff1a74a7e", "title": "Zero Spam for WordPress <= 5.4.4 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Zero Spam for WordPress", "slug": "zero-spam", "affected_versions": { "[*, 5.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03d8b8e7-5702-42d4-8cd9-ae3ff1a74a7e?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03ddef11-04cb-4639-afb0-f123b339b9ae": { "id": "03ddef11-04cb-4639-afb0-f123b339b9ae", "title": "All in One SEO <= 2.2.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "[*, 2.2.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03ddef11-04cb-4639-afb0-f123b339b9ae?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03e23a91-530b-44c6-be54-04cbf35a8cda": { "id": "03e23a91-530b-44c6-be54-04cbf35a8cda", "title": "Custom Layouts \u2013 Post + Product grids made easy <= 1.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Layouts \u2013 Post + Product grids made easy", "slug": "custom-layouts", "affected_versions": { "* - 1.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03e23a91-530b-44c6-be54-04cbf35a8cda?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03e6fa1d-0d6a-43e9-97ff-da874a51474a": { "id": "03e6fa1d-0d6a-43e9-97ff-da874a51474a", "title": "ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities <= 4.7.4 - Stored Cross-Site Scripting via Profile", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 4.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03e6fa1d-0d6a-43e9-97ff-da874a51474a?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03e96aea-30a2-4cd3-8967-52e1870cc293": { "id": "03e96aea-30a2-4cd3-8967-52e1870cc293", "title": "WooCommerce Warranty Requests <= 2.2.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Warranty Requests", "slug": "woocommerce-warranty", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03e96aea-30a2-4cd3-8967-52e1870cc293?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03eed366-c018-44b9-bb72-56911e9957b8": { "id": "03eed366-c018-44b9-bb72-56911e9957b8", "title": "Robots.txt optimization <= 1.4.5 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Robots.txt optimizer (+ XML Sitemap) \u2013 Boost SEO, Traffic & Rankings", "slug": "better-robots-txt", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03eed366-c018-44b9-bb72-56911e9957b8?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03f9d9bb-6a87-4da9-bbb0-65203d7250e9": { "id": "03f9d9bb-6a87-4da9-bbb0-65203d7250e9", "title": "Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation", "software": [ { "type": "plugin", "name": "Five Star Restaurant Menu and Food Ordering", "slug": "food-and-drink-menu", "affected_versions": { "* - 2.4.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03f9d9bb-6a87-4da9-bbb0-65203d7250e9?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03faec37-2cce-4e14-92f2-d941ab1b4ce9": { "id": "03faec37-2cce-4e14-92f2-d941ab1b4ce9", "title": "E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "E2Pdf \u2013 Export Pdf Tool for WordPress", "slug": "e2pdf", "affected_versions": { "* - 1.20.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.20.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03faec37-2cce-4e14-92f2-d941ab1b4ce9?source=api-scan" ], "published": "2023-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03fba6bb-ff30-42bb-936b-93c009a7e3f7": { "id": "03fba6bb-ff30-42bb-936b-93c009a7e3f7", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03fba6bb-ff30-42bb-936b-93c009a7e3f7?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "03fd0c97-7b50-4930-99ca-c9b37d7e4ade": { "id": "03fd0c97-7b50-4930-99ca-c9b37d7e4ade", "title": "Map Block for Google Maps <= 1.31 - Unprotected AJAX Action", "software": [ { "type": "plugin", "name": "Map Block for Google Maps", "slug": "map-block-gutenberg", "affected_versions": { "[*, 1.32)": { "from_version": "*", "from_inclusive": true, "to_version": "1.32", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/03fd0c97-7b50-4930-99ca-c9b37d7e4ade?source=api-scan" ], "published": "2021-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "040005bc-bdc3-4085-8192-cd0a7e38fee0": { "id": "040005bc-bdc3-4085-8192-cd0a7e38fee0", "title": "WP Bootstrap Gallery <= 1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Bootstrap Gallery", "slug": "wp-bootstrap-gallery", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/040005bc-bdc3-4085-8192-cd0a7e38fee0?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04003542-fd62-4587-9834-70e7fe8f08ef": { "id": "04003542-fd62-4587-9834-70e7fe8f08ef", "title": "WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation", "software": [ { "type": "plugin", "name": "WordPress Mega Menu \u2013 QuadMenu", "slug": "quadmenu", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04003542-fd62-4587-9834-70e7fe8f08ef?source=api-scan" ], "published": "2021-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04045ec3-dd8e-4ac5-bd73-eef6205ecc62": { "id": "04045ec3-dd8e-4ac5-bd73-eef6205ecc62", "title": "Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Miniorange OTP Verification with Firebase", "slug": "miniorange-firebase-sms-otp-verification", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04045ec3-dd8e-4ac5-bd73-eef6205ecc62?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04057d0b-f831-4629-af74-393bb77689e3": { "id": "04057d0b-f831-4629-af74-393bb77689e3", "title": "Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login Logout Register Menu", "slug": "login-logout-register-menu", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04057d0b-f831-4629-af74-393bb77689e3?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0406b7a0-517d-4462-9b65-d4f708cf364d": { "id": "0406b7a0-517d-4462-9b65-d4f708cf364d", "title": "HMS Testimonials <= 2.0.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HMS Testimonials", "slug": "hms-testimonials", "affected_versions": { "[*, 2.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0406b7a0-517d-4462-9b65-d4f708cf364d?source=api-scan" ], "published": "2013-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "040ae20d-93e3-4c65-ba74-4ff0b5c1afc7": { "id": "040ae20d-93e3-4c65-ba74-4ff0b5c1afc7", "title": "WordPress Infinite Scroll \u2013 Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/040ae20d-93e3-4c65-ba74-4ff0b5c1afc7?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0417e2d7-0c0a-48e1-bf18-3f5e16b1b8a0": { "id": "0417e2d7-0c0a-48e1-bf18-3f5e16b1b8a0", "title": "AnnounceKit <= 2.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AnnounceKit", "slug": "announcekit", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0417e2d7-0c0a-48e1-bf18-3f5e16b1b8a0?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "041807ab-9354-4438-8e8a-77140f41eedb": { "id": "041807ab-9354-4438-8e8a-77140f41eedb", "title": "Ultimate Form Builder Lite <= 1.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form for WordPress \u2013 Ultimate Form Builder Lite", "slug": "ultimate-form-builder-lite", "affected_versions": { "[*, 1.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/041807ab-9354-4438-8e8a-77140f41eedb?source=api-scan" ], "published": "2017-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "041830b8-f059-46f5-961b-3ba908d161f9": { "id": "041830b8-f059-46f5-961b-3ba908d161f9", "title": "WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/041830b8-f059-46f5-961b-3ba908d161f9?source=api-scan" ], "published": "2023-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "041851d8-99ce-48a6-8ff5-85418d8807be": { "id": "041851d8-99ce-48a6-8ff5-85418d8807be", "title": "Document Embedder < 1.7.6 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Document Embedder \u2013 Document Embedder Plugin", "slug": "document-emberdder", "affected_versions": { "[*, 1.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/041851d8-99ce-48a6-8ff5-85418d8807be?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "041c21fb-f2f0-45cb-b3ae-20f3ae22c947": { "id": "041c21fb-f2f0-45cb-b3ae-20f3ae22c947", "title": "WP Builder <= 3.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "WP Builder", "slug": "cssjockey-add-ons", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/041c21fb-f2f0-45cb-b3ae-20f3ae22c947?source=api-scan" ], "published": "2024-10-09 13:35:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "041c4d44-28ee-49a4-8407-367ad2960cf6": { "id": "041c4d44-28ee-49a4-8407-367ad2960cf6", "title": "Weather Effect \u2013 Christmas Santa Snow Falling <= 1.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Weather Effect \u2013 Christmas, Santa, Snow Falling, Snowflake Effect", "slug": "weather-effect", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/041c4d44-28ee-49a4-8407-367ad2960cf6?source=api-scan" ], "published": "2021-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "041e635a-9f97-4f54-8ecb-57bbbc321cfc": { "id": "041e635a-9f97-4f54-8ecb-57bbbc321cfc", "title": "ProfilePress <= 4.10.3 - Reflected Cross-Site Scripting via error message", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "[*, 4.11.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.11.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/041e635a-9f97-4f54-8ecb-57bbbc321cfc?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "042f7090-2eab-44d2-82b2-ecabdb1d3f99": { "id": "042f7090-2eab-44d2-82b2-ecabdb1d3f99", "title": "Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.2.15)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/042f7090-2eab-44d2-82b2-ecabdb1d3f99?source=api-scan" ], "published": "2018-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "043263a1-ce87-45a2-83ee-4b826c7ffd7d": { "id": "043263a1-ce87-45a2-83ee-4b826c7ffd7d", "title": "Slider by 10Web <= 1.2.55 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider by 10Web \u2013 Responsive Image Slider", "slug": "slider-wd", "affected_versions": { "* - 1.2.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/043263a1-ce87-45a2-83ee-4b826c7ffd7d?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0435ae14-c1fd-4611-acbe-5f3bafd4bb6a": { "id": "0435ae14-c1fd-4611-acbe-5f3bafd4bb6a", "title": "Google Tag Manager for WordPress <= 1.15 - Reflected Cross-Site Scripting via Site Search", "software": [ { "type": "plugin", "name": "GTM4WP \u2013 A Google Tag Manager (GTM) plugin for WordPress", "slug": "duracelltomi-google-tag-manager", "affected_versions": { "* - 1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0435ae14-c1fd-4611-acbe-5f3bafd4bb6a?source=api-scan" ], "published": "2022-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04383919-dae0-4865-b0ff-88049f8cd4db": { "id": "04383919-dae0-4865-b0ff-88049f8cd4db", "title": "Hide My WP <= 6.2.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Hide My WP - Amazing Security Plugin for WordPress!", "slug": "hide_my_wp", "affected_versions": { "* - 6.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04383919-dae0-4865-b0ff-88049f8cd4db?source=api-scan" ], "published": "2021-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0439d2ee-7742-4aa7-ba4e-db55c6b2718e": { "id": "0439d2ee-7742-4aa7-ba4e-db55c6b2718e", "title": "WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0439d2ee-7742-4aa7-ba4e-db55c6b2718e?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "043d64ed-78dd-442e-87c9-92b5b64260b8": { "id": "043d64ed-78dd-442e-87c9-92b5b64260b8", "title": "WordPress Core < 4.7.5 - Stored Cross-Site Scripting via filenames", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.7.20": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.20", "to_inclusive": true }, "3.8 - 3.8.20": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.20", "to_inclusive": true }, "3.9 - 3.9.18": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.18", "to_inclusive": true }, "4.0 - 4.0.17": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.17", "to_inclusive": true }, "4.1 - 4.1.17": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.17", "to_inclusive": true }, "4.2 - 4.2.14": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.14", "to_inclusive": true }, "4.3 - 4.3.10": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.10", "to_inclusive": true }, "4.4 - 4.4.9": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true }, "4.5 - 4.5.8": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": true }, "4.6 - 4.6.5": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": true }, "4.7 - 4.7.4": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.21", "3.8.21", "3.9.19", "4.0.18", "4.1.18", "4.2.15", "4.3.11", "4.4.10", "4.5.9", "4.6.6", "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/043d64ed-78dd-442e-87c9-92b5b64260b8?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "043ed446-3af3-4d90-8da7-b1fe73e06bba": { "id": "043ed446-3af3-4d90-8da7-b1fe73e06bba", "title": "NextGen GalleryView <= 0.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress NextGen GalleryView", "slug": "wordpress-nextgen-galleryview", "affected_versions": { "* - 0.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/043ed446-3af3-4d90-8da7-b1fe73e06bba?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "043f5052-6606-4f0e-a6f2-d7276eb50106": { "id": "043f5052-6606-4f0e-a6f2-d7276eb50106", "title": "Visitor Traffic Real Time Statistics <= 1.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Visitor Traffic Real Time Statistics", "slug": "visitors-traffic-real-time-statistics", "affected_versions": { "* - 1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/043f5052-6606-4f0e-a6f2-d7276eb50106?source=api-scan" ], "published": "2019-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04401d7e-996d-4b46-b391-bfb0b065900b": { "id": "04401d7e-996d-4b46-b391-bfb0b065900b", "title": "Flo Forms <= 1.0.41 - Missing Authorization via flo_send_test_email", "software": [ { "type": "plugin", "name": "Flo Forms \u2013 Easy Drag & Drop Form Builder", "slug": "flo-forms", "affected_versions": { "* - 1.0.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04401d7e-996d-4b46-b391-bfb0b065900b?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0444eff7-88bd-4933-94c5-bcb21a044b88": { "id": "0444eff7-88bd-4933-94c5-bcb21a044b88", "title": "Woocommerce Customers Manager < 26.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "* - 26.5": { "from_version": "*", "from_inclusive": true, "to_version": "26.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0444eff7-88bd-4933-94c5-bcb21a044b88?source=api-scan" ], "published": "2021-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0448eb1c-1a4a-465e-aa30-e4af10d27560": { "id": "0448eb1c-1a4a-465e-aa30-e4af10d27560", "title": "Mini Cart <= 1.00.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "mini-cart", "slug": "mini-cart", "affected_versions": { "* - 1.00.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.00.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0448eb1c-1a4a-465e-aa30-e4af10d27560?source=api-scan" ], "published": "2016-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "044babea-8c04-4461-be53-80f2171da619": { "id": "044babea-8c04-4461-be53-80f2171da619", "title": "WordPress Core <= 2.3 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/044babea-8c04-4461-be53-80f2171da619?source=api-scan" ], "published": "2007-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "044c34da-ee4e-4c18-bf9e-96a49a5ea7d9": { "id": "044c34da-ee4e-4c18-bf9e-96a49a5ea7d9", "title": "Restaurant Menu and Food Ordering by Five Star Plugins <= 2.4.6 - Cross-Site Request Forgery via maybe_duplicate_item", "software": [ { "type": "plugin", "name": "Five Star Restaurant Menu and Food Ordering", "slug": "food-and-drink-menu", "affected_versions": { "[*, 2.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/044c34da-ee4e-4c18-bf9e-96a49a5ea7d9?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "044d7480-ccd7-4ce8-bb5d-367ba5d0217c": { "id": "044d7480-ccd7-4ce8-bb5d-367ba5d0217c", "title": "Alma \u2013 Pay in installments or later for WooCommerce <= 5.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alma \u2013 Pay in installments or later for WooCommerce", "slug": "alma-gateway-for-woocommerce", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/044d7480-ccd7-4ce8-bb5d-367ba5d0217c?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "044e110d-2435-41b8-8aec-917c329b944c": { "id": "044e110d-2435-41b8-8aec-917c329b944c", "title": "Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID'", "software": [ { "type": "plugin", "name": "Live Chat by Formilla \u2013 Real-time Chat & Chatbots Plugin", "slug": "formilla-live-chat", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/044e110d-2435-41b8-8aec-917c329b944c?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04516d92-7f66-47b3-aeae-6752e03c1f95": { "id": "04516d92-7f66-47b3-aeae-6752e03c1f95", "title": "WordPress Core < 4.0.1 - Cross-Site Scripting via CSS", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.2": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5", "3.8.5", "3.9.3", "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04516d92-7f66-47b3-aeae-6752e03c1f95?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0451a7b8-7657-4b73-9ef1-cc3791349e59": { "id": "0451a7b8-7657-4b73-9ef1-cc3791349e59", "title": "Selio - Real Estate Directory <= 1.1 - SQL Injection", "software": [ { "type": "theme", "name": "Selio", "slug": "selio", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0451a7b8-7657-4b73-9ef1-cc3791349e59?source=api-scan" ], "published": "2019-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04567872-d4e3-43e9-88ca-6f60d135bb9c": { "id": "04567872-d4e3-43e9-88ca-6f60d135bb9c", "title": "Resend Welcome Email <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Resend Welcome Email", "slug": "resend-welcome-email", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04567872-d4e3-43e9-88ca-6f60d135bb9c?source=api-scan" ], "published": "2015-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "045717f4-0e31-41f8-b0c3-8118c768b648": { "id": "045717f4-0e31-41f8-b0c3-8118c768b648", "title": "underConstruction <= 1.20 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "underConstruction", "slug": "underconstruction", "affected_versions": { "[*, 1.21)": { "from_version": "*", "from_inclusive": true, "to_version": "1.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/045717f4-0e31-41f8-b0c3-8118c768b648?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04597908-7086-4158-ae2b-8aa634a217c6": { "id": "04597908-7086-4158-ae2b-8aa634a217c6", "title": "Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia Pro", "slug": "amelia", "affected_versions": { "* - 7.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] }, { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04597908-7086-4158-ae2b-8aa634a217c6?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0459a6bd-334d-43b7-b289-271108564a53": { "id": "0459a6bd-334d-43b7-b289-271108564a53", "title": "Easy Digital Downloads \u2013 Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0459a6bd-334d-43b7-b289-271108564a53?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0459d852-4d6b-4457-ad8d-47a3cddded8b": { "id": "0459d852-4d6b-4457-ad8d-47a3cddded8b", "title": "WP Comment Remix < 1.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Comment Remix", "slug": "wp-comment-remix", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0459d852-4d6b-4457-ad8d-47a3cddded8b?source=api-scan" ], "published": "2008-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "045fbe5b-0e63-4820-97a7-017dd72eb73a": { "id": "045fbe5b-0e63-4820-97a7-017dd72eb73a", "title": "Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Cross-Site Request Forgery to Post Creation and Limited Data Loss", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/045fbe5b-0e63-4820-97a7-017dd72eb73a?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04601634-d707-44a7-9b5f-46c4b9687469": { "id": "04601634-d707-44a7-9b5f-46c4b9687469", "title": "BuddyPress <= 7.2.0 - Authorization Bypass to Friend Invite", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 7.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04601634-d707-44a7-9b5f-46c4b9687469?source=api-scan" ], "published": "2021-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04641506-5b0e-48bc-ad50-c81dda996ecf": { "id": "04641506-5b0e-48bc-ad50-c81dda996ecf", "title": "Organization chart <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters", "software": [ { "type": "plugin", "name": "Organization chart", "slug": "organization-chart", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04641506-5b0e-48bc-ad50-c81dda996ecf?source=api-scan" ], "published": "2024-08-07 00:01:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "046526ef-3db9-47e4-b454-472def7935e6": { "id": "046526ef-3db9-47e4-b454-472def7935e6", "title": "Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "[*, 4.1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/046526ef-3db9-47e4-b454-472def7935e6?source=api-scan" ], "published": "2015-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "046ecbe5-4b2f-40d3-8585-4d4230ba33f0": { "id": "046ecbe5-4b2f-40d3-8585-4d4230ba33f0", "title": "Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dave's WordPress Live Search", "slug": "daves-wordpress-live-search", "affected_versions": { "* - 4.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/046ecbe5-4b2f-40d3-8585-4d4230ba33f0?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "046f11b6-7d1a-4bd3-8250-4c5a50fab3ff": { "id": "046f11b6-7d1a-4bd3-8250-4c5a50fab3ff", "title": "Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Default Thumbnail Plus", "slug": "default-thumbnail-plus", "affected_versions": { "* - 1.0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/046f11b6-7d1a-4bd3-8250-4c5a50fab3ff?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "046fde5c-9f11-4f09-a4eb-83c289680a18": { "id": "046fde5c-9f11-4f09-a4eb-83c289680a18", "title": "Unite Gallery Lite <= 1.4.6 - Cross-Site Request Forgery & Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Unite Gallery Lite", "slug": "unite-gallery-lite", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/046fde5c-9f11-4f09-a4eb-83c289680a18?source=api-scan" ], "published": "2015-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0472804e-00cc-4c4c-97aa-86f433f65782": { "id": "0472804e-00cc-4c4c-97aa-86f433f65782", "title": "Maps Widget for Google Maps <= 4.23 - Cross-Site Request Forgery via dismiss_notice", "software": [ { "type": "plugin", "name": "Maps Widget for Google Maps", "slug": "google-maps-widget", "affected_versions": { "* - 4.23": { "from_version": "*", "from_inclusive": true, "to_version": "4.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0472804e-00cc-4c4c-97aa-86f433f65782?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "047aa84b-6e6a-4975-8a3f-3f8b4518704e": { "id": "047aa84b-6e6a-4975-8a3f-3f8b4518704e", "title": "Slideshow SE <= 2.5.5 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow SE", "slug": "slideshow-se", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/047aa84b-6e6a-4975-8a3f-3f8b4518704e?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "047cd34e-f2a1-4643-a1c5-3ead926b83ca": { "id": "047cd34e-f2a1-4643-a1c5-3ead926b83ca", "title": "iThemes Security <= 8.1.4 - Open Redirection via redirect_to_https", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 8.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/047cd34e-f2a1-4643-a1c5-3ead926b83ca?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04802c63-4a5d-4948-9ef1-cf89c4cc757e": { "id": "04802c63-4a5d-4948-9ef1-cf89c4cc757e", "title": "Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04802c63-4a5d-4948-9ef1-cf89c4cc757e?source=api-scan" ], "published": "2024-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "048077bc-30da-472c-97ea-24317dbde712": { "id": "048077bc-30da-472c-97ea-24317dbde712", "title": "WPSOLR \u2013 Elasticsearch and Solr search <= 8.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPSOLR \u2013 Elasticsearch and Solr search", "slug": "wpsolr-search-engine", "affected_versions": { "* - 8.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/048077bc-30da-472c-97ea-24317dbde712?source=api-scan" ], "published": "2016-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "048277c4-f313-484d-a330-420e0682eee2": { "id": "048277c4-f313-484d-a330-420e0682eee2", "title": "WP ERP <= 1.12.6 - Missing Authorization via admin notice dismissal", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.12.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.7" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/048277c4-f313-484d-a330-420e0682eee2?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0482d9c6-aa74-4d47-885c-17f14b38be6f": { "id": "0482d9c6-aa74-4d47-885c-17f14b38be6f", "title": "Request a Quote <= 2.3.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Request a Quote", "slug": "request-a-quote", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0482d9c6-aa74-4d47-885c-17f14b38be6f?source=api-scan" ], "published": "2021-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0485eed3-4ee9-4b22-99d6-67e6eec1c0ff": { "id": "0485eed3-4ee9-4b22-99d6-67e6eec1c0ff", "title": "NEX-Forms - Ultimate Form Builder <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0485eed3-4ee9-4b22-99d6-67e6eec1c0ff?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "048768bf-326c-455e-919c-9691d6537062": { "id": "048768bf-326c-455e-919c-9691d6537062", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateCommonToProductOnly function", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/048768bf-326c-455e-919c-9691d6537062?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0488a421-e725-4b64-94ee-3a81f4bc5451": { "id": "0488a421-e725-4b64-94ee-3a81f4bc5451", "title": "App Builder <= 3.8.7 - Open Redirection", "software": [ { "type": "plugin", "name": "App Builder \u2013 Create Native Android & iOS Apps On The Flight", "slug": "app-builder", "affected_versions": { "* - 3.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0488a421-e725-4b64-94ee-3a81f4bc5451?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "048bc117-88df-44b3-a30c-692bad23050f": { "id": "048bc117-88df-44b3-a30c-692bad23050f", "title": "Manage Notification E-mails <= 1.8.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Manage Notification E-mails", "slug": "manage-notification-emails", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/048bc117-88df-44b3-a30c-692bad23050f?source=api-scan" ], "published": "2023-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "048c37c2-0ace-4bf1-8cb8-554c4645be21": { "id": "048c37c2-0ace-4bf1-8cb8-554c4645be21", "title": "WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "* - 5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/048c37c2-0ace-4bf1-8cb8-554c4645be21?source=api-scan" ], "published": "2022-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "048ea84c-0d53-434b-ae49-d804ec1de8c4": { "id": "048ea84c-0d53-434b-ae49-d804ec1de8c4", "title": "Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Front End Users", "slug": "front-end-only-users", "affected_versions": { "* - 3.2.28": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/048ea84c-0d53-434b-ae49-d804ec1de8c4?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0490667e-4b82-4687-9354-205c37f13331": { "id": "0490667e-4b82-4687-9354-205c37f13331", "title": "BestWebSoft Captcha <= 4.0.6 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "Captcha by BestWebSoft \u2013 Spam Protection, Security Plugin for WordPress Forms", "slug": "captcha-bws", "affected_versions": { "[*, 4.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0490667e-4b82-4687-9354-205c37f13331?source=api-scan" ], "published": "2014-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04917cfe-2bfb-48cf-a060-ca3bfde8eba1": { "id": "04917cfe-2bfb-48cf-a060-ca3bfde8eba1", "title": "Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Falang multilanguage for WordPress", "slug": "falang", "affected_versions": { "[*, 1.3.18)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04917cfe-2bfb-48cf-a060-ca3bfde8eba1?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04970416-06db-4339-ac22-34fde5a48f2a": { "id": "04970416-06db-4339-ac22-34fde5a48f2a", "title": "WP SMS <= 6.1.4 - Reflected Cross-Site Scripting via 'delete_mobile'", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04970416-06db-4339-ac22-34fde5a48f2a?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "049ec264-3ed1-4741-937d-8a633ef0a627": { "id": "049ec264-3ed1-4741-937d-8a633ef0a627", "title": "BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.87": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/049ec264-3ed1-4741-937d-8a633ef0a627?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "049ec60a-fa84-4c03-a766-7f2a56e5295a": { "id": "049ec60a-fa84-4c03-a766-7f2a56e5295a", "title": "Relevanssi \u2013 A Better Search <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "* - 4.23.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.23.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/049ec60a-fa84-4c03-a766-7f2a56e5295a?source=api-scan" ], "published": "2024-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "049efe5a-3f68-46ad-b73a-1892f03c9d1d": { "id": "049efe5a-3f68-46ad-b73a-1892f03c9d1d", "title": "Triton Lite <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Triton Lite", "slug": "triton-lite", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/049efe5a-3f68-46ad-b73a-1892f03c9d1d?source=api-scan" ], "published": "2024-09-12 21:33:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04a46249-b5b2-4082-b520-cdc4a1370bb1": { "id": "04a46249-b5b2-4082-b520-cdc4a1370bb1", "title": "Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=api-scan" ], "published": "2022-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04a64a52-f0a0-4559-834d-88d3edd1bb6a": { "id": "04a64a52-f0a0-4559-834d-88d3edd1bb6a", "title": "WP Ultimate CSV Importer <= 6.5.7 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 6.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04a64a52-f0a0-4559-834d-88d3edd1bb6a?source=api-scan" ], "published": "2022-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04a6f9f1-1a59-482c-8a42-6f41e4c41cb4": { "id": "04a6f9f1-1a59-482c-8a42-6f41e4c41cb4", "title": "CBX Bookmark & Favorite <= 1.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CBX Bookmark & Favorite", "slug": "cbxwpbookmark", "affected_versions": { "* - 1.7.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04a6f9f1-1a59-482c-8a42-6f41e4c41cb4?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04a79a78-a6d3-40ef-9b26-8e2e00534b7a": { "id": "04a79a78-a6d3-40ef-9b26-8e2e00534b7a", "title": "ChatBot <= 4.2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Settings Reset", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04a79a78-a6d3-40ef-9b26-8e2e00534b7a?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04a79c2c-8178-4311-9c1f-f4eb5128dec9": { "id": "04a79c2c-8178-4311-9c1f-f4eb5128dec9", "title": "Tooltipy (tooltips for WP) <= 5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tooltipy (tooltips for WP)", "slug": "bluet-keywords-tooltip-generator", "affected_versions": { "[*, 5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04a79c2c-8178-4311-9c1f-f4eb5128dec9?source=api-scan" ], "published": "2018-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04a937d0-9844-49d1-bcb5-0ee6026c3947": { "id": "04a937d0-9844-49d1-bcb5-0ee6026c3947", "title": "Floating Chat Widget - Chaty <= 3.0.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04a937d0-9844-49d1-bcb5-0ee6026c3947?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04a99e67-6af2-43c5-a21b-052eb683945c": { "id": "04a99e67-6af2-43c5-a21b-052eb683945c", "title": "NewStatPress <= 1.3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04a99e67-6af2-43c5-a21b-052eb683945c?source=api-scan" ], "published": "2022-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04aa7307-03c6-42f9-8219-fb6002c85050": { "id": "04aa7307-03c6-42f9-8219-fb6002c85050", "title": "Culture Object <= 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Culture Object", "slug": "culture-object", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04aa7307-03c6-42f9-8219-fb6002c85050?source=api-scan" ], "published": "2022-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04ad816b-0ac0-44b5-928a-5bb3e36523b2": { "id": "04ad816b-0ac0-44b5-928a-5bb3e36523b2", "title": "Advance Menu Manager <= 3.0.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Advance Menu Manager", "slug": "advance-menu-manager", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04ad816b-0ac0-44b5-928a-5bb3e36523b2?source=api-scan" ], "published": "2023-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04afce48-88a0-4d46-af19-a534f89f70d7": { "id": "04afce48-88a0-4d46-af19-a534f89f70d7", "title": "Compfight < 1.5 - Cross-Site Scrpting", "software": [ { "type": "plugin", "name": "Compfight", "slug": "compfight", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04afce48-88a0-4d46-af19-a534f89f70d7?source=api-scan" ], "published": "2014-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04b7a2ba-e299-4781-8ee6-644938bf9629": { "id": "04b7a2ba-e299-4781-8ee6-644938bf9629", "title": "MStore API < 3.4.5 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "[*, 3.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04b7a2ba-e299-4781-8ee6-644938bf9629?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04bdc2ef-a7aa-45a7-b600-be832eefa32e": { "id": "04bdc2ef-a7aa-45a7-b600-be832eefa32e", "title": "Better Click To Tweet <= 5.10.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Better Click To Tweet", "slug": "better-click-to-tweet", "affected_versions": { "* - 5.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04bdc2ef-a7aa-45a7-b600-be832eefa32e?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04bfad0d-9c6d-41b6-8c59-516eceef9a36": { "id": "04bfad0d-9c6d-41b6-8c59-516eceef9a36", "title": "Portable phpMyAdmin <= 1.5.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Portable phpMyAdmin", "slug": "portable-phpmyadmin", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04bfad0d-9c6d-41b6-8c59-516eceef9a36?source=api-scan" ], "published": "2013-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04cd8da4-9da3-4c80-a77e-c2f792391593": { "id": "04cd8da4-9da3-4c80-a77e-c2f792391593", "title": "Ultimate Member \u2013 User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "1.0 - 2.5.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04cd8da4-9da3-4c80-a77e-c2f792391593?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04d7a97c-c2f8-4c9e-b913-343c8e3dec26": { "id": "04d7a97c-c2f8-4c9e-b913-343c8e3dec26", "title": "WP Chat App <= 3.6.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Chat App", "slug": "wp-whatsapp", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04d7a97c-c2f8-4c9e-b913-343c8e3dec26?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04d8b1bf-d514-4908-a30e-6ff7b8e03f82": { "id": "04d8b1bf-d514-4908-a30e-6ff7b8e03f82", "title": "Sharebar <= 1.2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Sharebar", "slug": "sharebar", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04d8b1bf-d514-4908-a30e-6ff7b8e03f82?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04d9c206-b40d-436a-93f3-bd7e3bb49892": { "id": "04d9c206-b40d-436a-93f3-bd7e3bb49892", "title": "Crypto Converter Widget <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Crypto Converter \u26a1 Widget", "slug": "crypto-converter-widget", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04d9c206-b40d-436a-93f3-bd7e3bb49892?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04df6505-46c1-4e66-a363-4ccebacb5e42": { "id": "04df6505-46c1-4e66-a363-4ccebacb5e42", "title": "Call Now Accessibility Button <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Call Now Accessibility Button", "slug": "accessibility-help-button", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04df6505-46c1-4e66-a363-4ccebacb5e42?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04e0b17e-efab-4b08-8c8a-93e3e4baffaa": { "id": "04e0b17e-efab-4b08-8c8a-93e3e4baffaa", "title": "WordPress Core < 5.2.4 - Type Confusion", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.30": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.30", "to_inclusive": true }, "3.8 - 3.8.30": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.30", "to_inclusive": true }, "3.9 - 3.9.28": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.28", "to_inclusive": true }, "4.0 - 4.0.27": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true }, "4.1 - 4.1.27": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.27", "to_inclusive": true }, "4.2 - 4.2.24": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.24", "to_inclusive": true }, "4.3 - 4.3.20": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true }, "4.4 - 4.4.19": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.19", "to_inclusive": true }, "4.5 - 4.5.18": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.18", "to_inclusive": true }, "4.6 - 4.6.15": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.8 - 4.8.10": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.10", "to_inclusive": true }, "4.9 - 4.9.11": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.11", "to_inclusive": true }, "5.0 - 5.0.6": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true }, "5.1 - 5.1.2": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true }, "5.2 - 5.2.3": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.31", "3.8.31", "3.9.29", "4.0.28", "4.1.28", "4.2.25", "4.3.21", "4.4.20", "4.5.19", "4.6.16", "4.7.14", "4.8.11", "4.9.12", "5.0.7", "5.1.3", "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04e0b17e-efab-4b08-8c8a-93e3e4baffaa?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04e0ddff-16af-4c85-b5b0-cf767684ee08": { "id": "04e0ddff-16af-4c85-b5b0-cf767684ee08", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04e0ddff-16af-4c85-b5b0-cf767684ee08?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04e2f1f3-95c9-4a90-8c76-7b405a3815f7": { "id": "04e2f1f3-95c9-4a90-8c76-7b405a3815f7", "title": "WatchTowerHQ <= 3.6.15 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "WatchTowerHQ", "slug": "watchtowerhq", "affected_versions": { "* - 3.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04e2f1f3-95c9-4a90-8c76-7b405a3815f7?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04f37062-da7e-4c26-ab15-50dcef8ca301": { "id": "04f37062-da7e-4c26-ab15-50dcef8ca301", "title": "Diplomat Theme <= 1.0.1 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Diplomat | Political Campaign, Party, Blog Responsive WordPress Theme", "slug": "diplomat", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04f37062-da7e-4c26-ab15-50dcef8ca301?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "04ffc248-2b5c-4c64-8bfd-361a8ff6a8af": { "id": "04ffc248-2b5c-4c64-8bfd-361a8ff6a8af", "title": "Category Post List Widget <= 2.0 - Cross-Site Request Forgery via get_cplw_settings", "software": [ { "type": "plugin", "name": "Category Post List Widget", "slug": "category-post-list-widget", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/04ffc248-2b5c-4c64-8bfd-361a8ff6a8af?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0500c57a-3983-46e4-92fa-85f7fd47eba8": { "id": "0500c57a-3983-46e4-92fa-85f7fd47eba8", "title": "XCloner <= 4.7.3 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "* - 4.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0500c57a-3983-46e4-92fa-85f7fd47eba8?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "050152d0-a99a-42ae-93fa-b6f9f1eddffc": { "id": "050152d0-a99a-42ae-93fa-b6f9f1eddffc", "title": "SP Project & Document Manager <= 4.71 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.71": { "from_version": "*", "from_inclusive": true, "to_version": "4.71", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/050152d0-a99a-42ae-93fa-b6f9f1eddffc?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0502c622-975f-4218-8b53-efd776fe9d99": { "id": "0502c622-975f-4218-8b53-efd776fe9d99", "title": "NewStatPress < 1.0.6 - SQL Injection", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0502c622-975f-4218-8b53-efd776fe9d99?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "050301c3-3236-43d2-9ecc-4469697d4c05": { "id": "050301c3-3236-43d2-9ecc-4469697d4c05", "title": "SKT Addons for Elementor <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SKT Addons for Elementor", "slug": "skt-addons-for-elementor", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/050301c3-3236-43d2-9ecc-4469697d4c05?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05042006-aff6-4ba6-ae67-249dc0dcbb93": { "id": "05042006-aff6-4ba6-ae67-249dc0dcbb93", "title": "Broken Link Manager <= 0.6.5 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Broken Link Manager", "slug": "broken-link-manager", "affected_versions": { "* - 0.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05042006-aff6-4ba6-ae67-249dc0dcbb93?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0505d023-a5b9-4c86-aa9b-57ce2335f127": { "id": "0505d023-a5b9-4c86-aa9b-57ce2335f127", "title": "Language Translate Widget for WordPress \u2013 ConveyThis <= 234 - Missing Authorization to Limited Option Update", "software": [ { "type": "plugin", "name": "Translate WordPress with ConveyThis", "slug": "conveythis-translate", "affected_versions": { "* - 234": { "from_version": "*", "from_inclusive": true, "to_version": "234", "to_inclusive": true } }, "patched": true, "patched_versions": [ "235" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0505d023-a5b9-4c86-aa9b-57ce2335f127?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "050647a8-6743-46e4-b31c-0b5bd4a1007f": { "id": "050647a8-6743-46e4-b31c-0b5bd4a1007f", "title": "Tutor LMS \u2013 eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0506f360-17c3-4cc8-9ac7-988c056c3caf": { "id": "0506f360-17c3-4cc8-9ac7-988c056c3caf", "title": "Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0506f360-17c3-4cc8-9ac7-988c056c3caf?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "050b6ad4-f1e4-403f-9e0e-7fc18504f661": { "id": "050b6ad4-f1e4-403f-9e0e-7fc18504f661", "title": "XStore Core <= 5.3.8 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "XStore Core", "slug": "et-core-plugin", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/050b6ad4-f1e4-403f-9e0e-7fc18504f661?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "050ca18d-7596-4094-b24a-752857f5e478": { "id": "050ca18d-7596-4094-b24a-752857f5e478", "title": "WP BrowserUpdate <= 4.4.1 - Cross-Site Request Forgery via wpbu_administration", "software": [ { "type": "plugin", "name": "WP BrowserUpdate", "slug": "wp-browser-update", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/050ca18d-7596-4094-b24a-752857f5e478?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0512e478-210f-42a9-86ea-a892cd6cfcd1": { "id": "0512e478-210f-42a9-86ea-a892cd6cfcd1", "title": "Internal Links Manager <= 2.1.0 - Multiple Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Internal Links Manager", "slug": "seo-automated-link-building", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0512e478-210f-42a9-86ea-a892cd6cfcd1?source=api-scan" ], "published": "2020-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05131b5d-3837-4679-920b-8fadf74a69c9": { "id": "05131b5d-3837-4679-920b-8fadf74a69c9", "title": "Easy Digital Downloads \u2013 Recommended Products <= 1.2.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recommended Products - EDD", "slug": "recommended-products-edd", "affected_versions": { "* - 1.2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05131b5d-3837-4679-920b-8fadf74a69c9?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05144b8d-2dad-4a40-abe7-ecde837ec350": { "id": "05144b8d-2dad-4a40-abe7-ecde837ec350", "title": "Extensions For CF7 <= 2.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)", "slug": "extensions-for-cf7", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05144b8d-2dad-4a40-abe7-ecde837ec350?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0519d77a-2fbd-48d5-bc2b-9efb84f9e559": { "id": "0519d77a-2fbd-48d5-bc2b-9efb84f9e559", "title": "Simple Baseball Scoreboard <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Baseball Scoreboard", "slug": "simple-baseball-scoreboard", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0519d77a-2fbd-48d5-bc2b-9efb84f9e559?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "051a987a-944a-4898-872b-0456f0f59b27": { "id": "051a987a-944a-4898-872b-0456f0f59b27", "title": "litespeed cache <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 6.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/051a987a-944a-4898-872b-0456f0f59b27?source=api-scan" ], "published": "2024-09-24 20:10:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05206a31-033e-49b9-9b66-5a6165782643": { "id": "05206a31-033e-49b9-9b66-5a6165782643", "title": "Table of Contents Plus <= 2302 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Table of Contents Plus", "slug": "table-of-contents-plus", "affected_versions": { "[*, 2309)": { "from_version": "*", "from_inclusive": true, "to_version": "2309", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2309" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05206a31-033e-49b9-9b66-5a6165782643?source=api-scan" ], "published": "2023-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05220967-dd42-4cb9-9c2f-9c7ac3c0926b": { "id": "05220967-dd42-4cb9-9c2f-9c7ac3c0926b", "title": "Fusion Builder <= 3.11.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fusion Builder", "slug": "fusion-builder", "affected_versions": { "* - 3.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05220967-dd42-4cb9-9c2f-9c7ac3c0926b?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "052b345a-7b71-4de5-9bf8-8b81cc1b4e77": { "id": "052b345a-7b71-4de5-9bf8-8b81cc1b4e77", "title": "GDPR Compliance & Cookie Consent <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GDPR Compliance & Cookie Consent", "slug": "gdpr-compliance-cookie-consent", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/052b345a-7b71-4de5-9bf8-8b81cc1b4e77?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "052dce55-c02d-4e66-b500-bf6160a5b188": { "id": "052dce55-c02d-4e66-b500-bf6160a5b188", "title": "demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "demon image annotation", "slug": "demon-image-annotation", "affected_versions": { "1.0 - 4.7": { "from_version": "1.0", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/052dce55-c02d-4e66-b500-bf6160a5b188?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "052ea3af-96d8-4e83-b4e7-3db30b556d0d": { "id": "052ea3af-96d8-4e83-b4e7-3db30b556d0d", "title": "NextGen GalleryView <= 0.5.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress NextGen GalleryView", "slug": "wordpress-nextgen-galleryview", "affected_versions": { "* - 0.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/052ea3af-96d8-4e83-b4e7-3db30b556d0d?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0531ca34-5d7b-4071-a1aa-934f14b87728": { "id": "0531ca34-5d7b-4071-a1aa-934f14b87728", "title": "Jquery accordion slideshow <= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Jquery accordion slideshow", "slug": "jquery-accordion-slideshow", "affected_versions": { "* - 8.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0531ca34-5d7b-4071-a1aa-934f14b87728?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0534bc03-5d7d-47fe-9c07-c9a61af38df2": { "id": "0534bc03-5d7d-47fe-9c07-c9a61af38df2", "title": "WordPress Core < 0.72 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 0.72)": { "from_version": "*", "from_inclusive": true, "to_version": "0.72", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0534bc03-5d7d-47fe-9c07-c9a61af38df2?source=api-scan" ], "published": "2003-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "053b72c6-07bb-4e9f-ae25-da4bce91ae6e": { "id": "053b72c6-07bb-4e9f-ae25-da4bce91ae6e", "title": "Simple SEO <= 2.0.25 - Cross-Site Request Forgery via multiple admin_post functions", "software": [ { "type": "plugin", "name": "Simple SEO", "slug": "cds-simple-seo", "affected_versions": { "* - 2.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/053b72c6-07bb-4e9f-ae25-da4bce91ae6e?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "053bb01c-9e87-4836-ae1c-567272b21118": { "id": "053bb01c-9e87-4836-ae1c-567272b21118", "title": "Registration Forms \u2013 User Profile, Custom Registration Form, Login Form, Invitation-Based Registrations for WordPress 2.0.14 - 2.0.15 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "2.0.14 - 2.0.15": { "from_version": "2.0.14", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/053bb01c-9e87-4836-ae1c-567272b21118?source=api-scan" ], "published": "2015-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "053d374e-68b2-4d48-af6d-45087d5ce211": { "id": "053d374e-68b2-4d48-af6d-45087d5ce211", "title": "Webriti SMTP Mail <= 1.0 - Cross-Site Request Forgery to options update", "software": [ { "type": "plugin", "name": "Webriti SMTP Mail", "slug": "webriti-smtp-mail", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/053d374e-68b2-4d48-af6d-45087d5ce211?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0542f8bf-8fb1-4c47-89b7-106a6feacca1": { "id": "0542f8bf-8fb1-4c47-89b7-106a6feacca1", "title": "WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Mail Log", "slug": "wp-mail-log", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0542f8bf-8fb1-4c47-89b7-106a6feacca1?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05431aaa-5d8f-422c-b7ce-955a778f7f55": { "id": "05431aaa-5d8f-422c-b7ce-955a778f7f55", "title": "Showbiz Pro Responsive Teaser WordPress Plugin <= 1.7.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Showbiz Pro Responsive Teaser WordPress Plugin", "slug": "showbizpro", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05431aaa-5d8f-422c-b7ce-955a778f7f55?source=api-scan" ], "published": "2014-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05448e64-6179-4409-a197-7cdc3c4f1563": { "id": "05448e64-6179-4409-a197-7cdc3c4f1563", "title": "DrawBlog < 0.81 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DrawBlog", "slug": "drawblog", "affected_versions": { "[*, 0.81)": { "from_version": "*", "from_inclusive": true, "to_version": "0.81", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05448e64-6179-4409-a197-7cdc3c4f1563?source=api-scan" ], "published": "2013-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05481984-7c18-4ec7-8d7c-831809c3e86b": { "id": "05481984-7c18-4ec7-8d7c-831809c3e86b", "title": "Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Filter for WooCommerce", "slug": "prdctfltr", "affected_versions": { "[*, 8.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.2.0" ] }, { "type": "plugin", "name": "Improved Sale Badges for WooCommerce", "slug": "improved-sale-badges", "affected_versions": { "[*, 4.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.0" ] }, { "type": "plugin", "name": "XforWooCommerce", "slug": "xforwoocommerce", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] }, { "type": "plugin", "name": "Live Product Editor for WooCommerce", "slug": "woocommerce-frontend-shop-manager", "affected_versions": { "[*, 4.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.0" ] }, { "type": "plugin", "name": "Warranties and Returns for WooCommerce", "slug": "woocommerce-warranties-and-returns", "affected_versions": { "[*, 5.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.0" ] }, { "type": "plugin", "name": "Price Commander for WooCommerce", "slug": "price-commander-xforwc", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "Improved Product Options for WooCommerce", "slug": "improved-variable-product-attributes", "affected_versions": { "[*, 5.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.0" ] }, { "type": "plugin", "name": "Comment and Review Spam Control for WooCommerce", "slug": "spam-control-xforwc", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Package Quantity Discount", "slug": "package-quantity-xforwc", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Share, Print and PDF Products for WooCommerce", "slug": "share-print-pdf-woocommerce", "affected_versions": { "[*, 2.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.0" ] }, { "type": "plugin", "name": "Bulk Add to Cart for WooCommerce", "slug": "bulk-add-to-cart-xforwc", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "Live Search for WooCommerce", "slug": "live-search-xforwc", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] }, { "type": "plugin", "name": "Floating Cart for WooCommerce", "slug": "floating-cart-xforwc", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "Add Product Tabs for WooCommerce", "slug": "add-tabs-xforwc", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Product Loops for WooCommerce", "slug": "product-loops", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] }, { "type": "plugin", "name": "Autopilot SEO for WooCommerce", "slug": "seo-for-woocommerce", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan" ], "published": "2021-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0549acd5-686b-4505-af68-f3f854096f63": { "id": "0549acd5-686b-4505-af68-f3f854096f63", "title": "Ultimate Member <= 1.3.88 - Cross Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 1.3.88": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.88", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0549acd5-686b-4505-af68-f3f854096f63?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "054bb123-132c-4c32-9fd1-a9f289cfdc35": { "id": "054bb123-132c-4c32-9fd1-a9f289cfdc35", "title": "Ad Blocking Detector <= 1.2.1 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Ad Blocking Detector", "slug": "ad-blocking-detector", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/054bb123-132c-4c32-9fd1-a9f289cfdc35?source=api-scan" ], "published": "2014-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "054f6ed4-75fc-4431-9249-48f41860d682": { "id": "054f6ed4-75fc-4431-9249-48f41860d682", "title": "Content Cards <= 0.9.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Cards", "slug": "content-cards", "affected_versions": { "* - 0.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/054f6ed4-75fc-4431-9249-48f41860d682?source=api-scan" ], "published": "2017-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0551a2ca-b920-4a60-9c16-0bb14fd63a23": { "id": "0551a2ca-b920-4a60-9c16-0bb14fd63a23", "title": "wp-forecast <= 7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-forecast", "slug": "wp-forecast", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0551a2ca-b920-4a60-9c16-0bb14fd63a23?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05529ca0-09f5-4047-9972-c0a2872ea857": { "id": "05529ca0-09f5-4047-9972-c0a2872ea857", "title": "Media File Manager <= 1.4.2 - Directory Traversal to Directory Listing", "software": [ { "type": "plugin", "name": "Media File Manager", "slug": "media-file-manager", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05529ca0-09f5-4047-9972-c0a2872ea857?source=api-scan" ], "published": "2018-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05544f69-bc9b-4270-80c9-96afe4793cb6": { "id": "05544f69-bc9b-4270-80c9-96afe4793cb6", "title": "FireStats < 1.6.2 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "firestats", "slug": "firestats", "affected_versions": { "[*, 1.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05544f69-bc9b-4270-80c9-96afe4793cb6?source=api-scan" ], "published": "2009-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "055979ad-84d9-4f72-872d-ee86b9b062af": { "id": "055979ad-84d9-4f72-872d-ee86b9b062af", "title": "GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GDPR Cookie Consent", "slug": "webtoffee-gdpr-cookie-consent", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/055979ad-84d9-4f72-872d-ee86b9b062af?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "055a891b-ee05-431f-aaff-612b3fd1513d": { "id": "055a891b-ee05-431f-aaff-612b3fd1513d", "title": "WP Affiliate Platform <= 6.5.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "* - 6.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/055a891b-ee05-431f-aaff-612b3fd1513d?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "055b7ed5-268a-485e-ac7d-8082dc9fb2ad": { "id": "055b7ed5-268a-485e-ac7d-8082dc9fb2ad", "title": "Thumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Thumbnail Slider With Lightbox", "slug": "wp-responsive-slider-with-lightbox", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/055b7ed5-268a-485e-ac7d-8082dc9fb2ad?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "055cc26b-1e24-4e39-89c8-bdc4a69ce938": { "id": "055cc26b-1e24-4e39-89c8-bdc4a69ce938", "title": "Rocket Maintenance Mode & Coming Soon Page <= 4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rocket Maintenance Mode & Coming Soon Page", "slug": "rocket-maintenance-mode", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/055cc26b-1e24-4e39-89c8-bdc4a69ce938?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05614ee6-ce14-44fe-a819-8f116563dbdd": { "id": "05614ee6-ce14-44fe-a819-8f116563dbdd", "title": "EZP Coming Soon Page <= 1.0.7.3 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "EZP Coming Soon Page", "slug": "easy-pie-coming-soon", "affected_versions": { "* - 1.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05614ee6-ce14-44fe-a819-8f116563dbdd?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0563d2f0-fb29-4030-8d01-c257dda78241": { "id": "0563d2f0-fb29-4030-8d01-c257dda78241", "title": "Booking Calendar Contact Form <= 1.2.34 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission", "software": [ { "type": "plugin", "name": "Booking Calendar Contact Form", "slug": "booking-calendar-contact-form", "affected_versions": { "* - 1.2.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0563d2f0-fb29-4030-8d01-c257dda78241?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0564a9a1-a767-4192-8cb0-65c6fc4d064d": { "id": "0564a9a1-a767-4192-8cb0-65c6fc4d064d", "title": "SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.59": { "from_version": "*", "from_inclusive": true, "to_version": "4.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0564a9a1-a767-4192-8cb0-65c6fc4d064d?source=api-scan" ], "published": "2022-08-10 12:34:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "056819fb-7087-4794-9936-312ab54c96cd": { "id": "056819fb-7087-4794-9936-312ab54c96cd", "title": "Disable User Login <= 1.3.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Disable User Login", "slug": "disable-user-login", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/056819fb-7087-4794-9936-312ab54c96cd?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "056d26da-6e43-4cc6-b2fd-13a5947a814e": { "id": "056d26da-6e43-4cc6-b2fd-13a5947a814e", "title": "SAICO <= 1.0.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "saico", "slug": "saico", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/056d26da-6e43-4cc6-b2fd-13a5947a814e?source=api-scan" ], "published": "2013-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0576737d-8330-4a80-af70-4f0eab6657ed": { "id": "0576737d-8330-4a80-af70-4f0eab6657ed", "title": "WP Dummy Content Generator <= 2.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Dummy Content Generator", "slug": "wp-dummy-content-generator", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0576737d-8330-4a80-af70-4f0eab6657ed?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0578c49e-f820-42dd-bd53-f4a281843e69": { "id": "0578c49e-f820-42dd-bd53-f4a281843e69", "title": "Happyforms <= 1.25.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms", "slug": "happyforms", "affected_versions": { "* - 1.25.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0578c49e-f820-42dd-bd53-f4a281843e69?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0578f4d1-5953-4fbe-8bc3-0569bee57a1a": { "id": "0578f4d1-5953-4fbe-8bc3-0569bee57a1a", "title": "Houzez <= 2.7.1 - Privilege Escalation", "software": [ { "type": "theme", "name": "Houzez", "slug": "houzez", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0578f4d1-5953-4fbe-8bc3-0569bee57a1a?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "057a440e-4917-45c5-90ab-bb8654eae68f": { "id": "057a440e-4917-45c5-90ab-bb8654eae68f", "title": "Quick Restaurant Menu <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Restaurant Menu", "slug": "quick-restaurant-menu", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/057a440e-4917-45c5-90ab-bb8654eae68f?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "057ab824-8071-4c3c-9a57-f9a0043a9ad5": { "id": "057ab824-8071-4c3c-9a57-f9a0043a9ad5", "title": "Feed Them Social <= 4.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 4.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/057ab824-8071-4c3c-9a57-f9a0043a9ad5?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05828bdc-74aa-4477-9178-f8cc6a34da42": { "id": "05828bdc-74aa-4477-9178-f8cc6a34da42", "title": "CALL ME NOW <= 3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CALL ME NOW", "slug": "lokalyze-call-now", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05828bdc-74aa-4477-9178-f8cc6a34da42?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0585969d-dd08-4058-9d72-138a55a2cdf1": { "id": "0585969d-dd08-4058-9d72-138a55a2cdf1", "title": "Active Directory Integration \/ LDAP Integration <= 4.1.10 - LDAP Passback", "software": [ { "type": "plugin", "name": "Active Directory Integration \/ LDAP Integration", "slug": "ldap-login-for-intranet-sites", "affected_versions": { "* - 4.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0585969d-dd08-4058-9d72-138a55a2cdf1?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05873114-ceed-404c-9cc2-d85aa92ef6f3": { "id": "05873114-ceed-404c-9cc2-d85aa92ef6f3", "title": "Wordpress Core < 4.0.1 - Hash Collision", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.2": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5", "3.8.5", "3.9.3", "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05873114-ceed-404c-9cc2-d85aa92ef6f3?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0587bf5f-96cf-4a59-9209-6b559a013517": { "id": "0587bf5f-96cf-4a59-9209-6b559a013517", "title": "Login with phone number <= 1.7.35 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.7.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0587bf5f-96cf-4a59-9209-6b559a013517?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "058d1aa0-2ef6-49a4-b978-43a91c8e55f3": { "id": "058d1aa0-2ef6-49a4-b978-43a91c8e55f3", "title": "Elementor Addons by Livemesh <= 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=api-scan" ], "published": "2024-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0590d3ad-8dd0-428e-aadd-581e53e83edb": { "id": "0590d3ad-8dd0-428e-aadd-581e53e83edb", "title": "WordPress Jitsi Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Jitsi Shortcode", "slug": "wp-jitsi-shortcodes", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0590d3ad-8dd0-428e-aadd-581e53e83edb?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0593311a-54d7-42b2-ad5e-185938b42452": { "id": "0593311a-54d7-42b2-ad5e-185938b42452", "title": "Portfolio Gallery <= 1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Portfolio Gallery", "slug": "unitegallery", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0593311a-54d7-42b2-ad5e-185938b42452?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0594ed62-0a41-4819-89b8-ea31afbcac73": { "id": "0594ed62-0a41-4819-89b8-ea31afbcac73", "title": "Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0594ed62-0a41-4819-89b8-ea31afbcac73?source=api-scan" ], "published": "2024-07-17 13:49:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05991bf2-ee61-4bf7-89df-c2f66db7caec": { "id": "05991bf2-ee61-4bf7-89df-c2f66db7caec", "title": "All In One WP Security <= 5.2.6 - Cross-Site Request Forgery to IP Blocking", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 5.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05991bf2-ee61-4bf7-89df-c2f66db7caec?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "059e262b-ee63-4f8b-82ab-c12bcf70f879": { "id": "059e262b-ee63-4f8b-82ab-c12bcf70f879", "title": "Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Optima Express + MarketBoost IDX Plugin", "slug": "optima-express", "affected_versions": { "* - 7.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/059e262b-ee63-4f8b-82ab-c12bcf70f879?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "059e5358-6a29-4cae-96b4-23897797b367": { "id": "059e5358-6a29-4cae-96b4-23897797b367", "title": "underConstruction <= 1.18 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "underConstruction", "slug": "underconstruction", "affected_versions": { "* - 1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/059e5358-6a29-4cae-96b4-23897797b367?source=api-scan" ], "published": "2021-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "059f526f-6769-4092-92b0-2ef6248963ee": { "id": "059f526f-6769-4092-92b0-2ef6248963ee", "title": "Icegram <= 3.1.21 - Missing Authorization", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 3.1.21": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/059f526f-6769-4092-92b0-2ef6248963ee?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05a81b0e-2d25-44b5-b791-5b2aed94bbab": { "id": "05a81b0e-2d25-44b5-b791-5b2aed94bbab", "title": "MyFTP <= 1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "myftp-ftp-like-plugin-for-wordpress", "slug": "myftp-ftp-like-plugin-for-wordpress", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05a81b0e-2d25-44b5-b791-5b2aed94bbab?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05b051bc-3b1c-412e-b3d0-98ff2c8bc06e": { "id": "05b051bc-3b1c-412e-b3d0-98ff2c8bc06e", "title": "Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers \u2013 Promolayer <= 1.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers \u2013 Promolayer", "slug": "promolayer-popup-builder", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05b051bc-3b1c-412e-b3d0-98ff2c8bc06e?source=api-scan" ], "published": "2024-06-19 12:18:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05b434f7-6bce-4ad0-bd12-db5b01f14953": { "id": "05b434f7-6bce-4ad0-bd12-db5b01f14953", "title": "Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05b434f7-6bce-4ad0-bd12-db5b01f14953?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05c2707c-c737-4f95-83e0-b0a4e0883d4b": { "id": "05c2707c-c737-4f95-83e0-b0a4e0883d4b", "title": "Publish Confirm Message <= 1.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Publish Confirm Message", "slug": "publish-confirm-message", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05c2707c-c737-4f95-83e0-b0a4e0883d4b?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05c40628-b8fc-48ff-8819-c0955d69fce0": { "id": "05c40628-b8fc-48ff-8819-c0955d69fce0", "title": "Pipdig Power Pack (P3) <= 4.7.3 - Backdoor", "software": [ { "type": "plugin", "name": "Pipdig Power Pack (P3)", "slug": "p3", "affected_versions": { "* - 4.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05c40628-b8fc-48ff-8819-c0955d69fce0?source=api-scan" ], "published": "2019-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05c4d7e3-f8a8-4c11-b962-38922b0801f9": { "id": "05c4d7e3-f8a8-4c11-b962-38922b0801f9", "title": "s2Framework <= 4.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "s2Framework", "slug": "s2Framework", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05c4d7e3-f8a8-4c11-b962-38922b0801f9?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05c68377-feb6-442d-a3a0-1fbc246c7cbf": { "id": "05c68377-feb6-442d-a3a0-1fbc246c7cbf", "title": "Media Library Assistant <= 3.09 - Unauthenticated Local\/Remote File Inclusion & Remote Code Execution", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.09": { "from_version": "*", "from_inclusive": true, "to_version": "3.09", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05cac571-6689-4a69-b600-3cfeaa1d3c47": { "id": "05cac571-6689-4a69-b600-3cfeaa1d3c47", "title": "Popup Cart Lite for WooCommerce <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Popup Cart Lite for WooCommerce", "slug": "woocommerce-woocart-popup-lite", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05cac571-6689-4a69-b600-3cfeaa1d3c47?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05cd8f96-533a-4036-a01f-6ba1ad2d2b5e": { "id": "05cd8f96-533a-4036-a01f-6ba1ad2d2b5e", "title": "WPBITS Addons For Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBITS Addons For Elementor Page Builder", "slug": "wpbits-addons-for-elementor", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05cd8f96-533a-4036-a01f-6ba1ad2d2b5e?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05d26003-ae7e-480a-bd63-1c5f5e9c3cab": { "id": "05d26003-ae7e-480a-bd63-1c5f5e9c3cab", "title": "Image Hover Effects \u2013 Elementor Addon <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'eihe_align'", "software": [ { "type": "plugin", "name": "Image Hover Effects \u2013 Elementor Addon", "slug": "image-hover-effects-addon-for-elementor", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05d26003-ae7e-480a-bd63-1c5f5e9c3cab?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05d32a0f-b299-4dfd-8d92-4bd0a9872a0b": { "id": "05d32a0f-b299-4dfd-8d92-4bd0a9872a0b", "title": "ABCApp Creator <= 1.1.2 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "ABC APP CREATOR", "slug": "abcapp-creator", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05d32a0f-b299-4dfd-8d92-4bd0a9872a0b?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05d6b27f-b1e5-4bb8-b7db-f8295a5e0d5b": { "id": "05d6b27f-b1e5-4bb8-b7db-f8295a5e0d5b", "title": "404 to 301 <= 3.0.7 - Missing Authorization to Redirect Creation", "software": [ { "type": "plugin", "name": "404 to 301 \u2013 Redirect, Log and Notify 404 Errors", "slug": "404-to-301", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05d6b27f-b1e5-4bb8-b7db-f8295a5e0d5b?source=api-scan" ], "published": "2021-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05d86f94-1a1c-42d6-b0db-e19c5cbd1766": { "id": "05d86f94-1a1c-42d6-b0db-e19c5cbd1766", "title": "PDF & Print by BestWebSoft \u2013 WordPress Posts and Pages PDF Generator Plugin < 1.7.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF & Print by BestWebSoft \u2013 WordPress Posts and Pages PDF Generator Plugin", "slug": "pdf-print", "affected_versions": { "[*, 1.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05d86f94-1a1c-42d6-b0db-e19c5cbd1766?source=api-scan" ], "published": "2014-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05da4808-385c-4e9f-96f8-5d5c04e7371b": { "id": "05da4808-385c-4e9f-96f8-5d5c04e7371b", "title": "MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "MainWP Wordfence Extension", "slug": "mainwp-wordfence-extension", "affected_versions": { "* - 4.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05da4808-385c-4e9f-96f8-5d5c04e7371b?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05dcfd2d-6488-4f82-b20b-4968e4a00796": { "id": "05dcfd2d-6488-4f82-b20b-4968e4a00796", "title": "VikRentCar Car Rental Management System <= 1.3.0 - Authenticated (Admin+) Cross Site Scripting", "software": [ { "type": "plugin", "name": "VikRentCar Car Rental Management System", "slug": "vikrentcar", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05dcfd2d-6488-4f82-b20b-4968e4a00796?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05dd7c96-7880-44a8-a06f-037bc627fd8d": { "id": "05dd7c96-7880-44a8-a06f-037bc627fd8d", "title": "VK Blocks <= 1.63.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block", "software": [ { "type": "plugin", "name": "VK Blocks", "slug": "vk-blocks", "affected_versions": { "* - 1.63.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.63.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.64.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05dd7c96-7880-44a8-a06f-037bc627fd8d?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05de06b1-52bb-47f7-af5e-e9320cf0437f": { "id": "05de06b1-52bb-47f7-af5e-e9320cf0437f", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.5.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05de06b1-52bb-47f7-af5e-e9320cf0437f?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05ea5a3c-084a-458f-b0b1-8a9b82e4656a": { "id": "05ea5a3c-084a-458f-b0b1-8a9b82e4656a", "title": "Comment Rating <= 2.9.32 - SQL Injection", "software": [ { "type": "plugin", "name": "Comment Rating", "slug": "comment-rating", "affected_versions": { "* - 2.9.32": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.32", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05ea5a3c-084a-458f-b0b1-8a9b82e4656a?source=api-scan" ], "published": "2013-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05eb85a9-ee82-44d0-b9d4-a369e408dbd9": { "id": "05eb85a9-ee82-44d0-b9d4-a369e408dbd9", "title": "HL Twitter <= 2014.1.18 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "HL Twitter", "slug": "hl-twitter", "affected_versions": { "* - 2014.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "2014.1.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05eb85a9-ee82-44d0-b9d4-a369e408dbd9?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05ebdcca-ef90-4bbd-ac5e-05f57bf0c7d7": { "id": "05ebdcca-ef90-4bbd-ac5e-05f57bf0c7d7", "title": "Featured Posts with Multiple Custom Groups (FPMCG) <= 4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Featured Posts with Multiple Custom Groups (FPMCG)", "slug": "featured-posts-with-multiple-custom-groups-fpmcg", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05ebdcca-ef90-4bbd-ac5e-05f57bf0c7d7?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05ee4692-451b-4ff4-9bf0-8a16d39404ea": { "id": "05ee4692-451b-4ff4-9bf0-8a16d39404ea", "title": "Top Bar <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Top Bar", "slug": "top-bar", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05ee4692-451b-4ff4-9bf0-8a16d39404ea?source=api-scan" ], "published": "2022-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05f5addb-ab1d-4b67-b969-3b95d43be790": { "id": "05f5addb-ab1d-4b67-b969-3b95d43be790", "title": "wSecure Lite <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "wSecure Lite", "slug": "wsecure", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05f5addb-ab1d-4b67-b969-3b95d43be790?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946": { "id": "05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946", "title": "Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05fe1929-9e39-4b2f-a3fc-e692267d731b": { "id": "05fe1929-9e39-4b2f-a3fc-e692267d731b", "title": "DSGVO All in one for WP <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DSGVO All in one for WP", "slug": "dsgvo-all-in-one-for-wp", "affected_versions": { "* - 4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05fe1929-9e39-4b2f-a3fc-e692267d731b?source=api-scan" ], "published": "2022-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05ff1b1e-f7ba-485d-9421-9bb38f6831ef": { "id": "05ff1b1e-f7ba-485d-9421-9bb38f6831ef", "title": "Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Photo Gallery Slideshow & Masonry Tiled Gallery", "slug": "wp-responsive-photo-gallery", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05ff1b1e-f7ba-485d-9421-9bb38f6831ef?source=api-scan" ], "published": "2024-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "05ff8080-59e5-4d48-a69b-275a89eef758": { "id": "05ff8080-59e5-4d48-a69b-275a89eef758", "title": "Advanced Local Pickup for WooCommerce <= 1.5.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Advanced Local Pickup for WooCommerce", "slug": "advanced-local-pickup-for-woocommerce", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/05ff8080-59e5-4d48-a69b-275a89eef758?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "060f31ab-cfa4-4ca8-846a-de76848b28fb": { "id": "060f31ab-cfa4-4ca8-846a-de76848b28fb", "title": "Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription'", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/060f31ab-cfa4-4ca8-846a-de76848b28fb?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "060ff8af-738f-448a-8aa9-bc00bc2bfbeb": { "id": "060ff8af-738f-448a-8aa9-bc00bc2bfbeb", "title": "Linked Variation for WooCommerce <= 1.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Linked Variation for WooCommerce", "slug": "linked-variation-for-woocommerce", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/060ff8af-738f-448a-8aa9-bc00bc2bfbeb?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1": { "id": "0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1", "title": "Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints", "software": [ { "type": "plugin", "name": "Wheel of Life: Coaching and Assessment Tool for Life Coach", "slug": "wheel-of-life", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1?source=api-scan" ], "published": "2024-06-19 12:15:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06187bf0-7e3b-49c0-9f34-3d717e8d8ece": { "id": "06187bf0-7e3b-49c0-9f34-3d717e8d8ece", "title": "Lazy Load < 0.6.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lazy Load", "slug": "lazy-load", "affected_versions": { "[*, 0.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06187bf0-7e3b-49c0-9f34-3d717e8d8ece?source=api-scan" ], "published": "2016-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "061ada09-932f-4d2c-aa9e-c53f1d711c85": { "id": "061ada09-932f-4d2c-aa9e-c53f1d711c85", "title": "Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget", "software": [ { "type": "plugin", "name": "Qi Addons For Elementor", "slug": "qi-addons-for-elementor", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/061ada09-932f-4d2c-aa9e-c53f1d711c85?source=api-scan" ], "published": "2024-06-05 14:59:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06294c35-6d58-4270-b143-757831fc5da6": { "id": "06294c35-6d58-4270-b143-757831fc5da6", "title": "Campaign URL Builder <= 1.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Create Link", "software": [ { "type": "plugin", "name": "Campaign URL Builder", "slug": "campaign-url-builder", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06294c35-6d58-4270-b143-757831fc5da6?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0629798c-ede2-43ac-9ec4-2cd99cd34ae2": { "id": "0629798c-ede2-43ac-9ec4-2cd99cd34ae2", "title": "MaxGalleria <= 6.4.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "MaxGalleria", "slug": "maxgalleria", "affected_versions": { "* - 6.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0629798c-ede2-43ac-9ec4-2cd99cd34ae2?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "062d906d-5a6e-4180-a2f2-18411334b9a1": { "id": "062d906d-5a6e-4180-a2f2-18411334b9a1", "title": "Autotitle for WordPress <= 1.0.3 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Autotitle for WordPress", "slug": "autotitle-for-wordpress", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/062d906d-5a6e-4180-a2f2-18411334b9a1?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "062f5bc7-9d53-4a28-b603-9901ce2175d8": { "id": "062f5bc7-9d53-4a28-b603-9901ce2175d8", "title": "Smash Balloon Social Photo Feed <= 1.4.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smash Balloon Social Photo Feed \u2013 Easy Social Feeds Plugin", "slug": "instagram-feed", "affected_versions": { "* - 1.4.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/062f5bc7-9d53-4a28-b603-9901ce2175d8?source=api-scan" ], "published": "2016-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "063224fe-3cf8-40b6-8645-86c8e8dc876e": { "id": "063224fe-3cf8-40b6-8645-86c8e8dc876e", "title": "Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget", "slug": "post-grid-carousel-ultimate", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/063224fe-3cf8-40b6-8645-86c8e8dc876e?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06334fad-eb1d-4abe-b183-a9e11eedd3d2": { "id": "06334fad-eb1d-4abe-b183-a9e11eedd3d2", "title": "Rezgo Online Booking < 1.8.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rezgo Online Booking", "slug": "rezgo", "affected_versions": { "[*, 1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06334fad-eb1d-4abe-b183-a9e11eedd3d2?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "063457b6-b02b-4f4c-b746-576b7b919e67": { "id": "063457b6-b02b-4f4c-b746-576b7b919e67", "title": "iThemes Builder Depot Theme < 5.0.30 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "BuilderChild-Depot", "slug": "BuilderChild-Depot", "affected_versions": { "[*, 5.0.30)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/063457b6-b02b-4f4c-b746-576b7b919e67?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "063826cc-7ff3-4869-9831-f6a4a4bbe74c": { "id": "063826cc-7ff3-4869-9831-f6a4a4bbe74c", "title": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security", "slug": "wp-simple-firewall", "affected_versions": { "* - 18.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "18.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "18.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0638c8f3-070a-4b42-ba58-396f3f259b9d": { "id": "0638c8f3-070a-4b42-ba58-396f3f259b9d", "title": "Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Responsive Owl Carousel for Elementor", "slug": "responsive-owl-carousel-elementor", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0638c8f3-070a-4b42-ba58-396f3f259b9d?source=api-scan" ], "published": "2024-05-30 14:04:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06424d9f-0064-4101-b819-688489a18eee": { "id": "06424d9f-0064-4101-b819-688489a18eee", "title": "Telephone Number Linker <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Telephone Number Linker", "slug": "telephone-number-linker", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06424d9f-0064-4101-b819-688489a18eee?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0644cfb3-04ff-4c6f-8a1a-aa416f044e4e": { "id": "0644cfb3-04ff-4c6f-8a1a-aa416f044e4e", "title": "Sender \u2013 Newsletter, SMS and Email Marketing Automation for WooCommerce <= 2.6.18 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sender \u2013 Newsletter, SMS and Email Marketing Automation for WooCommerce", "slug": "sender-net-automated-emails", "affected_versions": { "* - 2.6.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0644cfb3-04ff-4c6f-8a1a-aa416f044e4e?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0646fcba-afe5-49a2-acd5-e15d009926c4": { "id": "0646fcba-afe5-49a2-acd5-e15d009926c4", "title": "Send PDF for Contact Form 7 <= 1.0.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Send PDF for Contact Form 7", "slug": "send-pdf-for-contact-form-7", "affected_versions": { "* - 1.0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0646fcba-afe5-49a2-acd5-e15d009926c4?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06511129-fb43-4ac1-9f5d-c637c9577293": { "id": "06511129-fb43-4ac1-9f5d-c637c9577293", "title": "Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Juice Keeper", "slug": "link-juice-keeper", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06511129-fb43-4ac1-9f5d-c637c9577293?source=api-scan" ], "published": "2023-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06513dfe-f263-48b7-ba01-2c205247095b": { "id": "06513dfe-f263-48b7-ba01-2c205247095b", "title": "Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Audio Merchant", "slug": "audio-merchant", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06513dfe-f263-48b7-ba01-2c205247095b?source=api-scan" ], "published": "2023-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0652b19c-52c8-4d77-973f-1e93a5ba811c": { "id": "0652b19c-52c8-4d77-973f-1e93a5ba811c", "title": "Facebook Members < 5.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Facebook Members", "slug": "facebook-members", "affected_versions": { "[*, 5.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0652b19c-52c8-4d77-973f-1e93a5ba811c?source=api-scan" ], "published": "2013-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0654ddef-0a6e-4241-b226-947b5b0415b1": { "id": "0654ddef-0a6e-4241-b226-947b5b0415b1", "title": "WP Media Cleaner <= 2.2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Media Cleaner", "slug": "wp-media-cleaner", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0654ddef-0a6e-4241-b226-947b5b0415b1?source=api-scan" ], "published": "2015-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0655cd61-8ebe-47f8-a21b-6311c98a7193": { "id": "0655cd61-8ebe-47f8-a21b-6311c98a7193", "title": "Directorist <= 7.8.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0655cd61-8ebe-47f8-a21b-6311c98a7193?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0660d753-177e-419a-9e81-3ee2d08cfbc0": { "id": "0660d753-177e-419a-9e81-3ee2d08cfbc0", "title": "WooCommerce Square <= 3.8.1 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "WooCommerce Square", "slug": "woocommerce-square", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0660d753-177e-419a-9e81-3ee2d08cfbc0?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "066b3b77-7888-4037-b443-a3c6fb540cf7": { "id": "066b3b77-7888-4037-b443-a3c6fb540cf7", "title": "WPML 2.9.3-3.2.6 - Cross-Site Scripting in Accept-Language Header", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "2.9.3 - 3.2.6": { "from_version": "2.9.3", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/066b3b77-7888-4037-b443-a3c6fb540cf7?source=api-scan" ], "published": "2015-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "066c9327-6d72-41f9-895e-d14fe6471832": { "id": "066c9327-6d72-41f9-895e-d14fe6471832", "title": "Export All URLs <= 4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Export All URLs", "slug": "export-all-urls", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/066c9327-6d72-41f9-895e-d14fe6471832?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "066dfb01-4f3c-4d5a-8fbf-7e58dfc7ac91": { "id": "066dfb01-4f3c-4d5a-8fbf-7e58dfc7ac91", "title": "Testimonials <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Super Testimonials", "slug": "super-testimonial", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/066dfb01-4f3c-4d5a-8fbf-7e58dfc7ac91?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "066e9f46-83a5-4a2f-ae09-6d06c5c66817": { "id": "066e9f46-83a5-4a2f-ae09-6d06c5c66817", "title": "Form Vibes <= 1.4.5 - Authenticated (Admininstrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Form Vibes \u2013 Database Manager for Forms", "slug": "form-vibes", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/066e9f46-83a5-4a2f-ae09-6d06c5c66817?source=api-scan" ], "published": "2022-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06738434-ccd4-4e87-8163-d56ff3b4b5c8": { "id": "06738434-ccd4-4e87-8163-d56ff3b4b5c8", "title": "Download Manager <= 3.1.17 - Missing Authorization", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.1.18)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06738434-ccd4-4e87-8163-d56ff3b4b5c8?source=api-scan" ], "published": "2021-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06781d74-ed45-432d-8d80-d90918b85e04": { "id": "06781d74-ed45-432d-8d80-d90918b85e04", "title": "Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06781d74-ed45-432d-8d80-d90918b85e04?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "067a5f6c-7ad1-49ac-a581-b50fa89a5f39": { "id": "067a5f6c-7ad1-49ac-a581-b50fa89a5f39", "title": "Admin Columns Free < 4.3 and Pro < 5.5.1 Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Columns", "slug": "codepress-admin-columns", "affected_versions": { "* - 4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3" ] }, { "type": "plugin", "name": "Admin Columns Pro", "slug": "admin-columns-pro", "affected_versions": { "[*, 5.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/067a5f6c-7ad1-49ac-a581-b50fa89a5f39?source=api-scan" ], "published": "2021-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "067bfeaf-f3dd-4188-b53a-72b2d81a87eb": { "id": "067bfeaf-f3dd-4188-b53a-72b2d81a87eb", "title": "PB oEmbed HTML5 Audio <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "PB oEmbed HTML5 Audio \u2013 with Cache Support", "slug": "pb-oembed-html5-audio-with-cache-support", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/067bfeaf-f3dd-4188-b53a-72b2d81a87eb?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "067ce322-9d37-4d90-92f3-ca5ada591797": { "id": "067ce322-9d37-4d90-92f3-ca5ada591797", "title": "ADIF Log Search Widget <= 1.0f - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ADIF Log Search Widget", "slug": "adif-log-search-widget", "affected_versions": { "* - 1.0f": { "from_version": "*", "from_inclusive": true, "to_version": "1.0f", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/067ce322-9d37-4d90-92f3-ca5ada591797?source=api-scan" ], "published": "2013-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06863974-e428-418b-891a-ade59ee46c4f": { "id": "06863974-e428-418b-891a-ade59ee46c4f", "title": "SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 6.5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06863974-e428-418b-891a-ade59ee46c4f?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0687e101-3c96-4c9b-941a-1b0fed2f76e2": { "id": "0687e101-3c96-4c9b-941a-1b0fed2f76e2", "title": "Awesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 Widget", "software": [ { "type": "plugin", "name": "Awesome Contact Form7 for Elementor", "slug": "awesome-contact-form7-for-elementor", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0687e101-3c96-4c9b-941a-1b0fed2f76e2?source=api-scan" ], "published": "2024-05-22 12:55:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06881386-3c92-426b-948d-58e8a8bee624": { "id": "06881386-3c92-426b-948d-58e8a8bee624", "title": "Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Wechat Social login \u5fae\u4fe1QQ\u9489\u9489\u767b\u5f55\u63d2\u4ef6", "slug": "wechat-social-login", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06881386-3c92-426b-948d-58e8a8bee624?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "068cb509-7451-4f2f-a65c-ed7686c6f6d7": { "id": "068cb509-7451-4f2f-a65c-ed7686c6f6d7", "title": "Slideshow Gallery < 1.4.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "[*, 1.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/068cb509-7451-4f2f-a65c-ed7686c6f6d7?source=api-scan" ], "published": "2014-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "068cb545-8ced-45a1-a50a-1b6a38e99741": { "id": "068cb545-8ced-45a1-a50a-1b6a38e99741", "title": "Scoutnet Kalender <= 1.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scoutnet Kalender", "slug": "scoutnet-kalender", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/068cb545-8ced-45a1-a50a-1b6a38e99741?source=api-scan" ], "published": "2019-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "068d9502-705e-45dc-a7fb-e75866226fdd": { "id": "068d9502-705e-45dc-a7fb-e75866226fdd", "title": "Videos sync PDF <= 1.7.4 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Videos sync PDF", "slug": "video-synchro-pdf", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/068d9502-705e-45dc-a7fb-e75866226fdd?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "068da172-629d-422a-bcd5-1b73af2a5933": { "id": "068da172-629d-422a-bcd5-1b73af2a5933", "title": "Recip.ly <= 1.1.7 - Unauthenticated Arbitrary File Upload in uploadImage.php", "software": [ { "type": "plugin", "name": "Recip.ly Plugin", "slug": "reciply", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/068da172-629d-422a-bcd5-1b73af2a5933?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06905738-7e1c-4d1a-97d2-f68f978ad8ed": { "id": "06905738-7e1c-4d1a-97d2-f68f978ad8ed", "title": "Duplicator <= 0.5.26 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "[*, 0.5.28)": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.28", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.5.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06905738-7e1c-4d1a-97d2-f68f978ad8ed?source=api-scan" ], "published": "2015-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0691cff0-86ed-47d3-9492-5ebc930d3eb7": { "id": "0691cff0-86ed-47d3-9492-5ebc930d3eb7", "title": "Jetpack \u2013 WP Security, Backup, Speed, & Growth <= 3.9.1 - Cross-Site Scripting via LaTeX markup within HTML elements", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0691cff0-86ed-47d3-9492-5ebc930d3eb7?source=api-scan" ], "published": "2016-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0694b4f7-c28d-4456-8157-d20446790f3c": { "id": "0694b4f7-c28d-4456-8157-d20446790f3c", "title": "Breadcrumbs by menu < 1.0.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Breadcrumbs by menu", "slug": "breadcrumbs-by-menu", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0694b4f7-c28d-4456-8157-d20446790f3c?source=api-scan" ], "published": "2019-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "069bd7ab-1b78-4465-8e13-5ef903f7e45f": { "id": "069bd7ab-1b78-4465-8e13-5ef903f7e45f", "title": "Woody Ad Snippets <= 2.2.5 - Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads", "slug": "insert-php", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/069bd7ab-1b78-4465-8e13-5ef903f7e45f?source=api-scan" ], "published": "2019-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06a7e784-49c3-44fd-882b-c76ab8d871e2": { "id": "06a7e784-49c3-44fd-882b-c76ab8d871e2", "title": "Simple Ajax Chat <= 20220115 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box", "slug": "simple-ajax-chat", "affected_versions": { "* - 20220115": { "from_version": "*", "from_inclusive": true, "to_version": "20220115", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20220216" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06a7e784-49c3-44fd-882b-c76ab8d871e2?source=api-scan" ], "published": "2022-04-15 10:48:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06a92619-5281-414e-8846-be0db38df89d": { "id": "06a92619-5281-414e-8846-be0db38df89d", "title": "Appointment Calendar <= 2.9.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Appointment Calendar", "slug": "appointment-calendar", "affected_versions": { "* - 2.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06a92619-5281-414e-8846-be0db38df89d?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06b332de-4f94-47dc-a573-53514adaf5c0": { "id": "06b332de-4f94-47dc-a573-53514adaf5c0", "title": "affiliate-toolkit \u2013 WordPress Affiliate Plugin <= 3.3.9 - Open Redirect via atkpout.php", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06b332de-4f94-47dc-a573-53514adaf5c0?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06b6c668-5f5d-4cf6-a3c6-4af755c72bca": { "id": "06b6c668-5f5d-4cf6-a3c6-4af755c72bca", "title": "Panda Pods Repeater Field <= 1.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Panda Pods Repeater Field", "slug": "panda-pods-repeater-field", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06b6c668-5f5d-4cf6-a3c6-4af755c72bca?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06b8d1ce-fd4d-423d-aadf-f114f8a92add": { "id": "06b8d1ce-fd4d-423d-aadf-f114f8a92add", "title": "WP-Testimonials <= 3.4.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WP-Testimonials", "slug": "wp-testimonials", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06b8d1ce-fd4d-423d-aadf-f114f8a92add?source=api-scan" ], "published": "2017-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06b92517-5431-43ed-ad3b-80bfd0981b93": { "id": "06b92517-5431-43ed-ad3b-80bfd0981b93", "title": "All In One WP Security & Firewall <= 4.0.6 - SQL Injection", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 4.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06b92517-5431-43ed-ad3b-80bfd0981b93?source=api-scan" ], "published": "2016-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06bc7a24-eafc-4b06-852e-9b596f107805": { "id": "06bc7a24-eafc-4b06-852e-9b596f107805", "title": "Contact Form by WPForms <= 1.6.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More", "slug": "wpforms-lite", "affected_versions": { "[*, 1.6.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06bc7a24-eafc-4b06-852e-9b596f107805?source=api-scan" ], "published": "2020-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06c63f82-fe0f-435c-9cf8-5db6a7ce0677": { "id": "06c63f82-fe0f-435c-9cf8-5db6a7ce0677", "title": "Tickera <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tickera \u2013 WordPress Event Ticketing", "slug": "tickera-event-ticketing-system", "affected_versions": { "* - 3.4.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06c63f82-fe0f-435c-9cf8-5db6a7ce0677?source=api-scan" ], "published": "2021-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06c86c87-840c-4ca6-9582-98254194eb1b": { "id": "06c86c87-840c-4ca6-9582-98254194eb1b", "title": "Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Vertical marquee plugin", "slug": "vertical-marquee-plugin", "affected_versions": { "* - 7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06c86c87-840c-4ca6-9582-98254194eb1b?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06ccfd81-065f-4151-97ea-dd6d4fc79337": { "id": "06ccfd81-065f-4151-97ea-dd6d4fc79337", "title": "Presto Player <= 3.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "The Ultimate Video Player For WordPress \u2013 by Presto Player", "slug": "presto-player", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06ccfd81-065f-4151-97ea-dd6d4fc79337?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06d374b0-a4a6-4f0e-af85-66b3a50b1354": { "id": "06d374b0-a4a6-4f0e-af85-66b3a50b1354", "title": "Portfolio Responsive Gallery <= 1.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Portfolio Responsive Gallery", "slug": "portfolio-responsive-gallery", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06d374b0-a4a6-4f0e-af85-66b3a50b1354?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06daef36-0873-444f-88eb-3ede68f3afdd": { "id": "06daef36-0873-444f-88eb-3ede68f3afdd", "title": "Social Auto Poster <= 2.1.4 - Cross-Site Request Forgery to Plugin Settings Reset", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "accesspress-facebook-auto-post", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06daef36-0873-444f-88eb-3ede68f3afdd?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06dcb84f-8293-403d-a3f2-7c5bea7aaae3": { "id": "06dcb84f-8293-403d-a3f2-7c5bea7aaae3", "title": "Construct <= 1.4 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Construct", "slug": "construct", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06dcb84f-8293-403d-a3f2-7c5bea7aaae3?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06e408f3-3d10-4454-ab71-64f7acd4c850": { "id": "06e408f3-3d10-4454-ab71-64f7acd4c850", "title": "pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pagebar2", "slug": "pagebar", "affected_versions": { "* - 2.65": { "from_version": "*", "from_inclusive": true, "to_version": "2.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06e408f3-3d10-4454-ab71-64f7acd4c850?source=api-scan" ], "published": "2022-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06e48355-6932-4401-8787-e6432444930f": { "id": "06e48355-6932-4401-8787-e6432444930f", "title": "Video Conferencing with Zoom <= 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Video Conferencing with Zoom", "slug": "video-conferencing-with-zoom-api", "affected_versions": { "* - 4.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06e48355-6932-4401-8787-e6432444930f?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06e4d7e3-c800-4b3d-9504-c69aa9a918fb": { "id": "06e4d7e3-c800-4b3d-9504-c69aa9a918fb", "title": "WordPress Core < 2.0.2 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06e4d7e3-c800-4b3d-9504-c69aa9a918fb?source=api-scan" ], "published": "2006-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06e90f64-f64e-4871-9106-1d7af02f13d2": { "id": "06e90f64-f64e-4871-9106-1d7af02f13d2", "title": "Nuance <= 1.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Nuance", "slug": "nuance", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06e90f64-f64e-4871-9106-1d7af02f13d2?source=api-scan" ], "published": "2013-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06eaf73f-273c-4733-9ff9-2d8034221814": { "id": "06eaf73f-273c-4733-9ff9-2d8034221814", "title": "Stock Ticker <= 3.23.3 - Reflected Cross-Site Scripting in ajax_stockticker_load", "software": [ { "type": "plugin", "name": "Stock Ticker", "slug": "stock-ticker", "affected_versions": { "* - 3.23.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.23.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06eaf73f-273c-4733-9ff9-2d8034221814?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06ec9ff7-1dd5-4b9b-8f15-cd9523a708a1": { "id": "06ec9ff7-1dd5-4b9b-8f15-cd9523a708a1", "title": "ALO EasyMail Newsletter <= 2.9.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ALO EasyMail Newsletter", "slug": "alo-easymail", "affected_versions": { "[*, 2.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06ec9ff7-1dd5-4b9b-8f15-cd9523a708a1?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06ef1f0c-fdcc-4aaf-9e48-19b5be52351d": { "id": "06ef1f0c-fdcc-4aaf-9e48-19b5be52351d", "title": "Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21 - Authenticated (Author+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block Gallery", "slug": "gt3-photo-video-gallery", "affected_versions": { "* - 2.7.7.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.7.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06ef1f0c-fdcc-4aaf-9e48-19b5be52351d?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06ef69f0-34d3-4389-8a81-a4d9922f1468": { "id": "06ef69f0-34d3-4389-8a81-a4d9922f1468", "title": "Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor Pro", "slug": "happy-elementor-addons-pro", "affected_versions": { "* - 2.9.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.0" ] }, { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.9.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06ef69f0-34d3-4389-8a81-a4d9922f1468?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06f33e18-0bdd-4c56-a8df-fc1969b9ecf8": { "id": "06f33e18-0bdd-4c56-a8df-fc1969b9ecf8", "title": "Realia <= 1.4.0 - Cross-Site Request Forgery to User Email Change", "software": [ { "type": "plugin", "name": "Realia", "slug": "realia", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06f33e18-0bdd-4c56-a8df-fc1969b9ecf8?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06f3c08a-9791-4c66-a173-8bbbb38d05ab": { "id": "06f3c08a-9791-4c66-a173-8bbbb38d05ab", "title": "DeepL Pro API Translation <= 1.7.4 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "DeepL API translation plugin", "slug": "wpdeepl", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06f3c08a-9791-4c66-a173-8bbbb38d05ab?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06f56834-e1e9-4a02-988a-df4c563182c4": { "id": "06f56834-e1e9-4a02-988a-df4c563182c4", "title": "Ultimate Taxonomy Manager <= 2.0 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Taxonomy Manager", "slug": "ultimate-taxonomy-manager", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06f56834-e1e9-4a02-988a-df4c563182c4?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06fee60a-e96c-49ce-9007-0d402ef46d72": { "id": "06fee60a-e96c-49ce-9007-0d402ef46d72", "title": "Chocolate WP \u2013 Responsive Photography Theme (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Chocolate WP \u2013 Responsive Photography Theme | Photography", "slug": "dt-chocolate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06fee60a-e96c-49ce-9007-0d402ef46d72?source=api-scan" ], "published": "2013-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "06ff683d-b3ef-4cae-84f4-be6ada37d5bf": { "id": "06ff683d-b3ef-4cae-84f4-be6ada37d5bf", "title": "Visitor Maps <= 1.5.8.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "visitor-maps", "slug": "visitor-maps", "affected_versions": { "* - 1.5.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/06ff683d-b3ef-4cae-84f4-be6ada37d5bf?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07067eb5-d15e-4342-914f-5e2a08ea8bb4": { "id": "07067eb5-d15e-4342-914f-5e2a08ea8bb4", "title": "WP Live Chat Support <= 4.3.5 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 4.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07067eb5-d15e-4342-914f-5e2a08ea8bb4?source=api-scan" ], "published": "2015-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "070a5d26-9126-4d0e-9421-739090bea421": { "id": "070a5d26-9126-4d0e-9421-739090bea421", "title": "Rich Counter < 1.2.0 - JavaScript Injection", "software": [ { "type": "plugin", "name": "Rich Counter", "slug": "rich-counter", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/070a5d26-9126-4d0e-9421-739090bea421?source=api-scan" ], "published": "2014-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "070f6820-e70c-4325-b5cb-d2010da34dce": { "id": "070f6820-e70c-4325-b5cb-d2010da34dce", "title": "Simple Like Page Plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Like Page Plugin", "slug": "simple-facebook-plugin", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/070f6820-e70c-4325-b5cb-d2010da34dce?source=api-scan" ], "published": "2024-05-29 21:40:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "070f6a8e-a06d-4f48-9703-933515a3098c": { "id": "070f6a8e-a06d-4f48-9703-933515a3098c", "title": "Youtube Channel Gallery <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Youtube Channel Gallery", "slug": "youtube-channel-gallery", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/070f6a8e-a06d-4f48-9703-933515a3098c?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "070fd387-c0ca-47bf-a37a-530c1ffdb6ed": { "id": "070fd387-c0ca-47bf-a37a-530c1ffdb6ed", "title": "Connections Business Directory < 8.5.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Connections Business Directory", "slug": "connections", "affected_versions": { "[*, 8.5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/070fd387-c0ca-47bf-a37a-530c1ffdb6ed?source=api-scan" ], "published": "2016-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "071195d6-3452-4241-a8d3-92efc84e4850": { "id": "071195d6-3452-4241-a8d3-92efc84e4850", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/071195d6-3452-4241-a8d3-92efc84e4850?source=api-scan" ], "published": "2024-05-17 19:02:43", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0716471e-388c-43e5-abc3-84c78569e61a": { "id": "0716471e-388c-43e5-abc3-84c78569e61a", "title": "Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button - Chaty <= 2.8.2 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0716471e-388c-43e5-abc3-84c78569e61a?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0719db26-da88-4bda-ae83-f489591c8128": { "id": "0719db26-da88-4bda-ae83-f489591c8128", "title": "WhyDoWork AdSense <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WhyDoWork AdSense", "slug": "whydowork-adsense", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0719db26-da88-4bda-ae83-f489591c8128?source=api-scan" ], "published": "2014-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "071b5c32-b6ac-402a-af74-6ecd05279d93": { "id": "071b5c32-b6ac-402a-af74-6ecd05279d93", "title": "Kanban Boards for WordPress <= 2.5.21 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kanban Boards for WordPress", "slug": "kanban", "affected_versions": { "* - 2.5.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/071b5c32-b6ac-402a-af74-6ecd05279d93?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "072092ef-17bc-4b8b-bf8b-bd69a761c56a": { "id": "072092ef-17bc-4b8b-bf8b-bd69a761c56a", "title": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/072092ef-17bc-4b8b-bf8b-bd69a761c56a?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0724ba92-c895-4698-b48d-61dd6353d4da": { "id": "0724ba92-c895-4698-b48d-61dd6353d4da", "title": "WishList Member X <= 3.25.1 - Unauthenticated Denial of Service", "software": [ { "type": "plugin", "name": "Wishlist Member", "slug": "wishlist-member-x", "affected_versions": { "* - 3.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.25.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0724ba92-c895-4698-b48d-61dd6353d4da?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0725c0ac-91a7-4359-b911-a450635b09bb": { "id": "0725c0ac-91a7-4359-b911-a450635b09bb", "title": "EditorsKit <= 1.31.5 - Authenticated (Contributor+) Code Injection", "software": [ { "type": "plugin", "name": "Gutenberg Block Editor Toolkit \u2013 EditorsKit", "slug": "block-options", "affected_versions": { "* - 1.31.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.31.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.31.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0725c0ac-91a7-4359-b911-a450635b09bb?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07287a85-df00-408a-8b02-978fd3116155": { "id": "07287a85-df00-408a-8b02-978fd3116155", "title": "Seraphinite Accelerator <= 2.20.52 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck", "software": [ { "type": "plugin", "name": "Seraphinite Accelerator", "slug": "seraphinite-accelerator", "affected_versions": { "* - 2.20.52": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07287a85-df00-408a-8b02-978fd3116155?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0728e7ac-2091-41de-90a0-e231c4b99ab0": { "id": "0728e7ac-2091-41de-90a0-e231c4b99ab0", "title": "WooThemes WooFramework < 5.3.10 - Remote Code Execution via Shortcodes", "software": [ { "type": "theme", "name": "Wootique", "slug": "wootique", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] }, { "type": "theme", "name": "Canvas", "slug": "canvas", "affected_versions": { "* - 4.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.11" ] }, { "type": "theme", "name": "WooStore", "slug": "woostore", "affected_versions": { "* - 1.3.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] }, { "type": "theme", "name": "Sentient", "slug": "sentient", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0728e7ac-2091-41de-90a0-e231c4b99ab0?source=api-scan" ], "published": "2012-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "072b66dd-a5d3-46b5-92ec-9cc83b8ea8ef": { "id": "072b66dd-a5d3-46b5-92ec-9cc83b8ea8ef", "title": "WP Testimonial Widget <= 3.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Testimonial Widget", "slug": "wp-testimonial-widget", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/072b66dd-a5d3-46b5-92ec-9cc83b8ea8ef?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "072fbfe7-37df-412e-bddb-68837473b3d6": { "id": "072fbfe7-37df-412e-bddb-68837473b3d6", "title": "Pool <= 1.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Pool", "slug": "pool", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/072fbfe7-37df-412e-bddb-68837473b3d6?source=api-scan" ], "published": "2007-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07300429-c445-4d2a-90aa-5072a17f8113": { "id": "07300429-c445-4d2a-90aa-5072a17f8113", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via maybe_install_suggested_plugins", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07300429-c445-4d2a-90aa-5072a17f8113?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07357de3-bbf5-40d3-a171-3b624b572e6c": { "id": "07357de3-bbf5-40d3-a171-3b624b572e6c", "title": "Advanced Post List <= 0.5.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Post List", "slug": "advanced-post-list", "affected_versions": { "* - 0.5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07357de3-bbf5-40d3-a171-3b624b572e6c?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07372843-f7d3-4ae4-96b4-ef3f475504ff": { "id": "07372843-f7d3-4ae4-96b4-ef3f475504ff", "title": "Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yatra \u2013 Tour and Travel Booking Solution", "slug": "yatra", "affected_versions": { "* - 2.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07372843-f7d3-4ae4-96b4-ef3f475504ff?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "073a3b48-7c21-4511-a8e4-3443ef05fd0b": { "id": "073a3b48-7c21-4511-a8e4-3443ef05fd0b", "title": "MainWP Broken Link Checker <= 4.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "MainWP Broken Link Checker", "slug": "mainwp-broken-links-checker-extension", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/073a3b48-7c21-4511-a8e4-3443ef05fd0b?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0741bbf2-1098-41f4-a6d4-7e5c8f75f30b": { "id": "0741bbf2-1098-41f4-a6d4-7e5c8f75f30b", "title": "WP Dashboard Notes <= 1.0.11 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Dashboard Notes", "slug": "wp-dashboard-notes", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0741bbf2-1098-41f4-a6d4-7e5c8f75f30b?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07422361-3c7c-4e3c-bbfb-097c7fe5f2b4": { "id": "07422361-3c7c-4e3c-bbfb-097c7fe5f2b4", "title": "Gutenberg Template and Pattern Library & Redux Framework <= 4.1.20 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Redux Framework", "slug": "redux-framework", "affected_versions": { "* - 4.1.20": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07422361-3c7c-4e3c-bbfb-097c7fe5f2b4?source=api-scan" ], "published": "2020-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0747b104-5be6-44eb-b62c-0026f810573c": { "id": "0747b104-5be6-44eb-b62c-0026f810573c", "title": "SEO Plugin by Squirrly SEO < 6.1.5 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "[*, 6.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0747b104-5be6-44eb-b62c-0026f810573c?source=api-scan" ], "published": "2016-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "074d7b46-60e0-4d4a-904a-696ac7948a35": { "id": "074d7b46-60e0-4d4a-904a-696ac7948a35", "title": "EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "EWWW Image Optimizer", "slug": "ewww-image-optimizer", "affected_versions": { "* - 7.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/074d7b46-60e0-4d4a-904a-696ac7948a35?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "074d995e-42cc-42f0-bdbe-de181180b511": { "id": "074d995e-42cc-42f0-bdbe-de181180b511", "title": "Dashboard To-Do List <= 1.2.0 - Missing Authorization via ardtdw_widgetsetup()", "software": [ { "type": "plugin", "name": "Dashboard To-Do List", "slug": "dashboard-to-do-list", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/074d995e-42cc-42f0-bdbe-de181180b511?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "074e8e37-147d-47ea-93ed-652d7de7be9e": { "id": "074e8e37-147d-47ea-93ed-652d7de7be9e", "title": "TheGem < 5.8.1.1 - Missing Authorization", "software": [ { "type": "theme", "name": "TheGem", "slug": "thegem", "affected_versions": { "[*, 5.8.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/074e8e37-147d-47ea-93ed-652d7de7be9e?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0752b4f3-b9f0-4c39-8e4c-2db188600087": { "id": "0752b4f3-b9f0-4c39-8e4c-2db188600087", "title": "Schema & Structured Data for WP & AMP <= 1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Schema & Structured Data for WP & AMP", "slug": "schema-and-structured-data-for-wp", "affected_versions": { "* - 1.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0752b4f3-b9f0-4c39-8e4c-2db188600087?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07534aa5-a7c4-4dc7-82ac-7e9c568f524c": { "id": "07534aa5-a7c4-4dc7-82ac-7e9c568f524c", "title": "WP Mail Catcher <= 2.1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mail logging \u2013 WP Mail Catcher", "slug": "wp-mail-catcher", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07534aa5-a7c4-4dc7-82ac-7e9c568f524c?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0753bd90-0f1a-4efa-9cbd-7cc80d91e84f": { "id": "0753bd90-0f1a-4efa-9cbd-7cc80d91e84f", "title": "WP Job Openings <= 3.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Job Openings \u2013 Job Listing, Career Page and Recruitment Plugin", "slug": "wp-job-openings", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0753bd90-0f1a-4efa-9cbd-7cc80d91e84f?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0753e172-3ff7-42a9-8651-d12573406d11": { "id": "0753e172-3ff7-42a9-8651-d12573406d11", "title": "WP eCommerce <= 3.8.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "* - 3.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0753e172-3ff7-42a9-8651-d12573406d11?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "075d6557-8fb4-4e69-924f-feff3d2827ed": { "id": "075d6557-8fb4-4e69-924f-feff3d2827ed", "title": "Bradmax Player <= 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bradmax Player", "slug": "bradmax-player", "affected_versions": { "* - 1.1.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/075d6557-8fb4-4e69-924f-feff3d2827ed?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "075e64fb-acaf-4f0f-bbc8-db7855184970": { "id": "075e64fb-acaf-4f0f-bbc8-db7855184970", "title": "MailPoet \u2013 emails and newsletters in WordPress <= 3.23.1 - Reflected Cross-Site Scripting via URL parameter", "software": [ { "type": "plugin", "name": "MailPoet \u2013 Newsletters, Email Marketing, and Automation", "slug": "mailpoet", "affected_versions": { "[*, 3.23.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.23.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.23.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/075e64fb-acaf-4f0f-bbc8-db7855184970?source=api-scan" ], "published": "2019-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0764d59b-c9bc-4f3c-98df-69ccb7f4bc2d": { "id": "0764d59b-c9bc-4f3c-98df-69ccb7f4bc2d", "title": "Membership Simplified <= 1.58 Beta - SQL Injection", "software": [ { "type": "plugin", "name": "Membership Simplified", "slug": "membership-simplified-for-oap-members-only", "affected_versions": { "[*, 1.58)": { "from_version": "*", "from_inclusive": true, "to_version": "1.58", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0764d59b-c9bc-4f3c-98df-69ccb7f4bc2d?source=api-scan" ], "published": "2017-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07663fae-53e9-45d2-834c-6e1392484e0a": { "id": "07663fae-53e9-45d2-834c-6e1392484e0a", "title": "Who Hit The Page \u2013 Hit Counter <= 1.4.14.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Who Hit The Page \u2013 Hit Counter", "slug": "who-hit-the-page-hit-counter", "affected_versions": { "* - 1.4.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.14.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07663fae-53e9-45d2-834c-6e1392484e0a?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07693689-2f61-41dc-9fa1-b6e5f0073dc5": { "id": "07693689-2f61-41dc-9fa1-b6e5f0073dc5", "title": "Church Admin <= 4.0.27 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07693689-2f61-41dc-9fa1-b6e5f0073dc5?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "076d1b28-bc43-4e70-995c-71b236e7f698": { "id": "076d1b28-bc43-4e70-995c-71b236e7f698", "title": "Kodex Posts likes <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kodex Posts likes", "slug": "kodex-posts-likes", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/076d1b28-bc43-4e70-995c-71b236e7f698?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07712191-03b6-4de4-b0a4-e6f03ce9dc81": { "id": "07712191-03b6-4de4-b0a4-e6f03ce9dc81", "title": "Restaurant & Cafe Addon for Elementor <= 1.5.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Restaurant & Cafe Addon for Elementor", "slug": "restaurant-cafe-addon-for-elementor", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07712191-03b6-4de4-b0a4-e6f03ce9dc81?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0775b36b-d543-41f9-a20d-f629b40c70d7": { "id": "0775b36b-d543-41f9-a20d-f629b40c70d7", "title": "Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page()", "software": [ { "type": "plugin", "name": "Configurable Tag Cloud (CTC)", "slug": "configurable-tag-cloud-widget", "affected_versions": { "* - 5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0775b36b-d543-41f9-a20d-f629b40c70d7?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "077b3483-ab1c-401d-aa67-c4da5fca90b4": { "id": "077b3483-ab1c-401d-aa67-c4da5fca90b4", "title": "File Manager <= 4.8 - Missing Authorization on AJAX Actions", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/077b3483-ab1c-401d-aa67-c4da5fca90b4?source=api-scan" ], "published": "2019-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "077ec165-edd3-4c2c-b1ea-01ca5b80f779": { "id": "077ec165-edd3-4c2c-b1ea-01ca5b80f779", "title": "UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UTM Tracker", "slug": "utm-tracker", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/077ec165-edd3-4c2c-b1ea-01ca5b80f779?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07847ba1-cbce-4d81-bd24-46887ac31a5d": { "id": "07847ba1-cbce-4d81-bd24-46887ac31a5d", "title": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection via getLogHistory Function", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "2.0 - 2.13.9": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.13.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07847ba1-cbce-4d81-bd24-46887ac31a5d?source=api-scan" ], "published": "2024-08-19 15:12:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0788659e-be5b-413d-b4fb-d60df07075e1": { "id": "0788659e-be5b-413d-b4fb-d60df07075e1", "title": "WordPress Core < 4.7.3 - Authenticated Cross-Site Scripting in Youtube URL Embeds", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.18": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.18", "to_inclusive": true }, "3.8 - 3.8.18": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.18", "to_inclusive": true }, "3.9 - 3.9.16": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.16", "to_inclusive": true }, "4.0 - 4.0.15": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.15", "to_inclusive": true }, "4.1 - 4.1.15": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.15", "to_inclusive": true }, "4.2 - 4.2.12": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.12", "to_inclusive": true }, "4.3 - 4.3.8": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.8", "to_inclusive": true }, "4.4 - 4.4.7": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true }, "4.5 - 4.5.6": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": true }, "4.6 - 4.6.3": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true }, "4.7 - 4.7.2": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.19", "3.8.19", "3.9.17", "4.0.16", "4.1.16", "4.2.13", "4.3.9", "4.4.8", "4.5.7", "4.6.4", "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0788659e-be5b-413d-b4fb-d60df07075e1?source=api-scan" ], "published": "2017-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "078a0647-fc3a-436c-bf00-8776b16e66ff": { "id": "078a0647-fc3a-436c-bf00-8776b16e66ff", "title": "WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure", "software": [ { "type": "plugin", "name": "WPFront User Role Editor", "slug": "wpfront-user-role-editor", "affected_versions": { "* - 3.2.1.11184": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1.11184", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/078a0647-fc3a-436c-bf00-8776b16e66ff?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "078d06ad-555b-4de4-a032-d81440c7dfb5": { "id": "078d06ad-555b-4de4-a032-d81440c7dfb5", "title": "Smart SEO Tool-WordPress SEO\u4f18\u5316\u63d2\u4ef6 <= 4.0.1 - Cross-Site Request Forgery via 'wp_ajax_wb_smart_seo_tool'", "software": [ { "type": "plugin", "name": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6", "slug": "smart-seo-tool", "affected_versions": { "[*, 4.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/078d06ad-555b-4de4-a032-d81440c7dfb5?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0793a054-b213-4519-bc30-ce835979248b": { "id": "0793a054-b213-4519-bc30-ce835979248b", "title": "Custom Field Suite <= 2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0793a054-b213-4519-bc30-ce835979248b?source=api-scan" ], "published": "2015-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "079d60c1-a15a-4d3e-b295-8c1e024b74ef": { "id": "079d60c1-a15a-4d3e-b295-8c1e024b74ef", "title": "Web3 <= 2.8.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Web3 \u2013 Crypto wallet Login & NFT token gating", "slug": "web3-authentication", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/079d60c1-a15a-4d3e-b295-8c1e024b74ef?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07a31d5c-b8c5-4523-8883-ba1e919c0ab1": { "id": "07a31d5c-b8c5-4523-8883-ba1e919c0ab1", "title": "Download Manager <= 3.2.61 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.61": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.61", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07a31d5c-b8c5-4523-8883-ba1e919c0ab1?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07a3db33-3787-4b63-835d-8e3026206842": { "id": "07a3db33-3787-4b63-835d-8e3026206842", "title": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07a3db33-3787-4b63-835d-8e3026206842?source=api-scan" ], "published": "2024-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07a82335-d738-4c14-b385-04843f12e4ef": { "id": "07a82335-d738-4c14-b385-04843f12e4ef", "title": "WP Users Media <= 4.2.3 - Cross-Site Request Forgery in wpusme_save_settings", "software": [ { "type": "plugin", "name": "WP Users Media", "slug": "wp-users-media", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07a82335-d738-4c14-b385-04843f12e4ef?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07abe182-370f-4241-9631-387a7930f2f6": { "id": "07abe182-370f-4241-9631-387a7930f2f6", "title": "Gecka Terms Thumbnails <= 1.1 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Gecka Terms Thumbnails", "slug": "gecka-terms-thumbnails", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07abe182-370f-4241-9631-387a7930f2f6?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07ac1921-6d3b-44b3-ad8d-66e18698c025": { "id": "07ac1921-6d3b-44b3-ad8d-66e18698c025", "title": "Note Press < 0.1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Note Press", "slug": "note-press", "affected_versions": { "[*, 0.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07ac1921-6d3b-44b3-ad8d-66e18698c025?source=api-scan" ], "published": "2017-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07aee352-dfef-4762-a93d-e131737d0535": { "id": "07aee352-dfef-4762-a93d-e131737d0535", "title": "Image Slider by NextCode <= 1.1.2 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Image Slider by NextCode \u2013 Photo & Video Slider", "slug": "baslider", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07aee352-dfef-4762-a93d-e131737d0535?source=api-scan" ], "published": "2022-05-26 10:08:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07aee46a-a32d-4d31-9541-4e183299b09c": { "id": "07aee46a-a32d-4d31-9541-4e183299b09c", "title": "Zedna eBook download < 1.2 - Directory Traversal", "software": [ { "type": "plugin", "name": "Zedna eBook download", "slug": "ebook-download", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07aee46a-a32d-4d31-9541-4e183299b09c?source=api-scan" ], "published": "2016-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07aeed92-f3e9-4a25-a7e0-b364cb98f5dd": { "id": "07aeed92-f3e9-4a25-a7e0-b364cb98f5dd", "title": "Icegram <= 2.0.4 - Reflected Cross-Site Scripting via message_id", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07aeed92-f3e9-4a25-a7e0-b364cb98f5dd?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07b075a6-2339-4562-a096-0a46b58f1e9f": { "id": "07b075a6-2339-4562-a096-0a46b58f1e9f", "title": "IP Vault \u2013 WP Firewall <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Two-factor authentication (formerly IP Vault)", "slug": "ip-vault-wp-firewall", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07b075a6-2339-4562-a096-0a46b58f1e9f?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07b1efbd-0caf-412d-ac1b-ab1b27c32b8c": { "id": "07b1efbd-0caf-412d-ac1b-ab1b27c32b8c", "title": "LearnDash 3.0.0-3.1.1 - Reflected Cross Site Scripting issue on the [ld_profile] search field", "software": [ { "type": "plugin", "name": "LearnDash LMS", "slug": "sfwd-lms", "affected_versions": { "3.0.0 - 3.1.1": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07b1efbd-0caf-412d-ac1b-ab1b27c32b8c?source=api-scan" ], "published": "2020-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07b34541-25df-407b-8d56-16e3e510d83a": { "id": "07b34541-25df-407b-8d56-16e3e510d83a", "title": "guzzlehttp\/psr7 <= 1.84 and 2.0.0-2.1.0 - Improper Input Validation", "software": [ { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07b34541-25df-407b-8d56-16e3e510d83a?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07b6aad4-fbaf-4c0c-b2b7-6e264a1afb9b": { "id": "07b6aad4-fbaf-4c0c-b2b7-6e264a1afb9b", "title": "IgnitionDeck Crowdfunding Platform <= 1.9.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "IgnitionDeck Crowdfunding Platform", "slug": "ignitiondeck", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07b6aad4-fbaf-4c0c-b2b7-6e264a1afb9b?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07bb17bd-c534-4b11-a1dd-7d2f2786ffec": { "id": "07bb17bd-c534-4b11-a1dd-7d2f2786ffec", "title": "Meow Gallery (+ Gallery Block) <= 4.1.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Meow Gallery", "slug": "meow-gallery", "affected_versions": { "[*, 4.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07bb17bd-c534-4b11-a1dd-7d2f2786ffec?source=api-scan" ], "published": "2021-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07bccf56-99b2-42e6-93ab-606af65e6cac": { "id": "07bccf56-99b2-42e6-93ab-606af65e6cac", "title": "Site5 Various Affected Themes (Various Versions) - Email Spoofing", "software": [ { "type": "theme", "name": "boldy", "slug": "boldy", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "rockwell", "slug": "rockwell", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "webfolio", "slug": "webfolio", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "simplo", "slug": "simplo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Wise", "slug": "wise", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "prosume", "slug": "prosume", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "diary", "slug": "diary", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "designpile", "slug": "designpile", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "journalcrunch", "slug": "journalcrunch", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "alltuts", "slug": "alltuts", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "colorbold", "slug": "colorbold", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "xmas", "slug": "xmas", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07bccf56-99b2-42e6-93ab-606af65e6cac?source=api-scan" ], "published": "2012-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c": { "id": "07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c", "title": "wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07c0516b-ee3a-4a80-8db7-e6372bb294a1": { "id": "07c0516b-ee3a-4a80-8db7-e6372bb294a1", "title": "AdRotate \u2013 Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Group Names", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "[*, 5.8.23)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07c0516b-ee3a-4a80-8db7-e6372bb294a1?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07c0b4c5-d76e-4bdc-87d1-3144a1466c77": { "id": "07c0b4c5-d76e-4bdc-87d1-3144a1466c77", "title": "SupportCandy <= 3.1.3 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07c0b4c5-d76e-4bdc-87d1-3144a1466c77?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07c0f5a5-3455-4f06-b481-f4d678309c50": { "id": "07c0f5a5-3455-4f06-b481-f4d678309c50", "title": "Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 5.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07c0f5a5-3455-4f06-b481-f4d678309c50?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07c3c8d9-64c9-4d16-9a35-8477b358123f": { "id": "07c3c8d9-64c9-4d16-9a35-8477b358123f", "title": "CRM Memberships <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "CRM Memberships", "slug": "crm-memberships", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07c3c8d9-64c9-4d16-9a35-8477b358123f?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07c719fd-690e-42e6-90ac-c4d55553a7cc": { "id": "07c719fd-690e-42e6-90ac-c4d55553a7cc", "title": "Error Log Viewer <= 1.1.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Error Log Viewer by BestWebSoft", "slug": "error-log-viewer", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07c719fd-690e-42e6-90ac-c4d55553a7cc?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07ca231c-5b88-4721-a01f-8c135d4cf50b": { "id": "07ca231c-5b88-4721-a01f-8c135d4cf50b", "title": "Booster for WooCommerce <= 5.6.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07ca231c-5b88-4721-a01f-8c135d4cf50b?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07cdc2db-e748-40c9-a2fe-31aef0725dad": { "id": "07cdc2db-e748-40c9-a2fe-31aef0725dad", "title": "WP Human Resource Management < 2.2.6 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "WP Human Resource Management", "slug": "hrm", "affected_versions": { "[*, 2.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07cdc2db-e748-40c9-a2fe-31aef0725dad?source=api-scan" ], "published": "2019-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07d1c715-3620-4b82-a883-57b24c8cd031": { "id": "07d1c715-3620-4b82-a883-57b24c8cd031", "title": "Crafty Social Buttons < 1.5.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crafty Social Buttons", "slug": "crafty-social-buttons", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07d1c715-3620-4b82-a883-57b24c8cd031?source=api-scan" ], "published": "2017-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07e013b5-40e1-4187-951f-ee3b02371727": { "id": "07e013b5-40e1-4187-951f-ee3b02371727", "title": "Inline Related Posts <= 3.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Inline Related Posts", "slug": "intelly-related-posts", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07e013b5-40e1-4187-951f-ee3b02371727?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07e110b3-ef10-482d-a564-c9f23631e5f3": { "id": "07e110b3-ef10-482d-a564-c9f23631e5f3", "title": "CopySafe Web Protection <= 3.13 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CopySafe Web Protection", "slug": "wp-copysafe-web", "affected_versions": { "* - 3.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07e110b3-ef10-482d-a564-c9f23631e5f3?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07e7f03e-0d5d-4405-a0e7-9547fc762f0e": { "id": "07e7f03e-0d5d-4405-a0e7-9547fc762f0e", "title": "130+ Widgets | Best Addons For Elementor \u2013 FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "140+ Widgets | Xpro Addons For Elementor \u2013 FREE", "slug": "xpro-elementor-addons", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07e7f03e-0d5d-4405-a0e7-9547fc762f0e?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07e9ae6a-7734-40ee-9287-ae0a99b1fc31": { "id": "07e9ae6a-7734-40ee-9287-ae0a99b1fc31", "title": "Anti-Malware Security and Brute-Force Firewall <= 4.21.74 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Malware Security and Brute-Force Firewall", "slug": "gotmls", "affected_versions": { "* - 4.21.74": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.74", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.21.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07e9ae6a-7734-40ee-9287-ae0a99b1fc31?source=api-scan" ], "published": "2022-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07ea9b9b-e28f-484f-9338-8d40f3f8d6d2": { "id": "07ea9b9b-e28f-484f-9338-8d40f3f8d6d2", "title": "Block WP Login <= 1.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Block wp-login", "slug": "block-wp-login", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07ea9b9b-e28f-484f-9338-8d40f3f8d6d2?source=api-scan" ], "published": "2019-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07eab536-6f20-45ec-9f9e-70ab35555db2": { "id": "07eab536-6f20-45ec-9f9e-70ab35555db2", "title": "WappPress <= 5.0.3 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WappPress \u2013 Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute", "slug": "wapppress-builds-android-app-for-website", "affected_versions": { "* - 5.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07eab536-6f20-45ec-9f9e-70ab35555db2?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07ebb174-656b-4761-ada0-557e0384d003": { "id": "07ebb174-656b-4761-ada0-557e0384d003", "title": "i-transform <= 3.0.9 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "i-transform", "slug": "i-transform", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07ebb174-656b-4761-ada0-557e0384d003?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07ede585-c0d2-4643-9c36-7b5da5f721bd": { "id": "07ede585-c0d2-4643-9c36-7b5da5f721bd", "title": "Membership Database <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Membership Database", "slug": "member-database", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07ede585-c0d2-4643-9c36-7b5da5f721bd?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07eec594-6c46-4df0-92f1-f090e510d79d": { "id": "07eec594-6c46-4df0-92f1-f090e510d79d", "title": "Noo JobMonster <= 4.6.6 - Sensitive Information Disclosure via Directory Listing", "software": [ { "type": "theme", "name": "Noo JobMonster", "slug": "noo-jobmonster", "affected_versions": { "* - 4.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07eec594-6c46-4df0-92f1-f090e510d79d?source=api-scan" ], "published": "2020-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07f97b57-4258-4bd0-88f0-851e87dfd061": { "id": "07f97b57-4258-4bd0-88f0-851e87dfd061", "title": "Contact Form Plugin <= 4.0.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin", "slug": "contact-form-lite", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07f97b57-4258-4bd0-88f0-851e87dfd061?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07fa7b1a-9137-4049-a20a-8eb6df7ca578": { "id": "07fa7b1a-9137-4049-a20a-8eb6df7ca578", "title": "Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions", "software": [ { "type": "plugin", "name": "Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking", "slug": "tourfic", "affected_versions": { "* - 2.11.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07fa7b1a-9137-4049-a20a-8eb6df7ca578?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "07fc1249-a50d-4038-8cbe-35ff7a3d28b3": { "id": "07fc1249-a50d-4038-8cbe-35ff7a3d28b3", "title": "WP Fastest Cache <= 0.8.9.5 - Directory Traversal", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/07fc1249-a50d-4038-8cbe-35ff7a3d28b3?source=api-scan" ], "published": "2019-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08021121-94a1-4569-b8ab-417eec2be993": { "id": "08021121-94a1-4569-b8ab-417eec2be993", "title": "Backup Database <= 4.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Backup Database", "slug": "backup-database", "affected_versions": { "* - 4.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08021121-94a1-4569-b8ab-417eec2be993?source=api-scan" ], "published": "2024-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08115f30-f38b-4c13-803e-5de873f83a17": { "id": "08115f30-f38b-4c13-803e-5de873f83a17", "title": "Custom Post Type UI <= 1.7.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Post Type UI", "slug": "custom-post-type-ui", "affected_versions": { "[*, 1.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08115f30-f38b-4c13-803e-5de873f83a17?source=api-scan" ], "published": "2020-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08139129-8d9b-4cb7-b7c9-6fd0e2cb740a": { "id": "08139129-8d9b-4cb7-b7c9-6fd0e2cb740a", "title": "Patricia Lite <= 1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Patricia Lite", "slug": "patricia-lite", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08139129-8d9b-4cb7-b7c9-6fd0e2cb740a?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0814c64e-f786-4cc3-85ee-c8cfbebf7e2c": { "id": "0814c64e-f786-4cc3-85ee-c8cfbebf7e2c", "title": "WP-Lister Lite for Amazon <= 2.6.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Lister Lite for Amazon", "slug": "wp-lister-for-amazon", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0814c64e-f786-4cc3-85ee-c8cfbebf7e2c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0814e7b3-404a-4db5-b564-46c9086ec048": { "id": "0814e7b3-404a-4db5-b564-46c9086ec048", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0814e7b3-404a-4db5-b564-46c9086ec048?source=api-scan" ], "published": "2024-05-17 19:02:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08159865-1411-4a07-b5db-f4ba5bf2d633": { "id": "08159865-1411-4a07-b5db-f4ba5bf2d633", "title": "Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.276": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.276", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.277" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08159865-1411-4a07-b5db-f4ba5bf2d633?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "081a5fda-abe2-4f20-bea2-3f7dd3c3a6cf": { "id": "081a5fda-abe2-4f20-bea2-3f7dd3c3a6cf", "title": "WP Cerber Security <= 9.0 - User Enumeration Bypass", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "* - 9.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/081a5fda-abe2-4f20-bea2-3f7dd3c3a6cf?source=api-scan" ], "published": "2022-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "081bd3a9-2139-416f-bb36-b86aef6fa6db": { "id": "081bd3a9-2139-416f-bb36-b86aef6fa6db", "title": "Patreon WordPress < 1.7.0 - Local File Disclosure", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/081bd3a9-2139-416f-bb36-b86aef6fa6db?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "081e76e4-60ec-496d-979b-d128771af475": { "id": "081e76e4-60ec-496d-979b-d128771af475", "title": "Radio Player <= 2.0.73 - Missing Authorization via get_players", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/081e76e4-60ec-496d-979b-d128771af475?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "081f2603-229b-42f2-b5b1-f89d105a31d5": { "id": "081f2603-229b-42f2-b5b1-f89d105a31d5", "title": "ListingPro Plugin <= 2.9.3 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "ListingPro Plugin", "slug": "listingpro-plugin", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/081f2603-229b-42f2-b5b1-f89d105a31d5?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08208cb1-2d57-49f9-8ac7-b59caa0cf5fa": { "id": "08208cb1-2d57-49f9-8ac7-b59caa0cf5fa", "title": "Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08208cb1-2d57-49f9-8ac7-b59caa0cf5fa?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08220b23-d6fa-4005-bbbb-019412d328a5": { "id": "08220b23-d6fa-4005-bbbb-019412d328a5", "title": "Tab Ultimate <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Tab Ultimate", "slug": "tabs-pro", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08220b23-d6fa-4005-bbbb-019412d328a5?source=api-scan" ], "published": "2023-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0828a4a4-2dd5-4dff-8563-c81d6b24b949": { "id": "0828a4a4-2dd5-4dff-8563-c81d6b24b949", "title": "YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH Custom Login", "slug": "yith-custom-login", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0828a4a4-2dd5-4dff-8563-c81d6b24b949?source=api-scan" ], "published": "2024-09-12 18:13:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "082b57a9-4703-4908-9119-47fc4034c35d": { "id": "082b57a9-4703-4908-9119-47fc4034c35d", "title": "WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "[*, 5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/082b57a9-4703-4908-9119-47fc4034c35d?source=api-scan" ], "published": "2022-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "082efb3c-dbe4-49b5-abec-da91f2d463eb": { "id": "082efb3c-dbe4-49b5-abec-da91f2d463eb", "title": "Opensea <= 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Opensea", "slug": "opensea", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/082efb3c-dbe4-49b5-abec-da91f2d463eb?source=api-scan" ], "published": "2022-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0837ba20-4b47-4cc8-9eb3-322289513d79": { "id": "0837ba20-4b47-4cc8-9eb3-322289513d79", "title": "Easy Digital Downloads \u2013 Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0837ba20-4b47-4cc8-9eb3-322289513d79?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08396330-4fb8-4df0-b7eb-3d3b847cb9b0": { "id": "08396330-4fb8-4df0-b7eb-3d3b847cb9b0", "title": "PictoBrowser Gallery <= 0.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PictoBrowser", "slug": "pictobrowser-gallery", "affected_versions": { "* - 0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08396330-4fb8-4df0-b7eb-3d3b847cb9b0?source=api-scan" ], "published": "2014-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "083cc89e-0352-44ff-abcb-87f3c5375a31": { "id": "083cc89e-0352-44ff-abcb-87f3c5375a31", "title": "Email Subscribers & Newsletters <= 3.4.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 3.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/083cc89e-0352-44ff-abcb-87f3c5375a31?source=api-scan" ], "published": "2018-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "083d368c-ba38-433a-b499-c00d205bd331": { "id": "083d368c-ba38-433a-b499-c00d205bd331", "title": "Funnel Builder by CartFlows <= 1.6.12 - Authenticated Stored Cross-Site scripting via FB Pixel ID and Google Analytics ID", "software": [ { "type": "plugin", "name": "WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce", "slug": "cartflows", "affected_versions": { "[*, 1.6.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/083d368c-ba38-433a-b499-c00d205bd331?source=api-scan" ], "published": "2021-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0848d526-9530-40f3-8430-499d96b9a1b1": { "id": "0848d526-9530-40f3-8430-499d96b9a1b1", "title": "WordPress Core <= 2.2.1 - Arbitrary File Upload", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0848d526-9530-40f3-8430-499d96b9a1b1?source=api-scan" ], "published": "2007-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0849d86b-5cf1-4346-a9e9-a54768837969": { "id": "0849d86b-5cf1-4346-a9e9-a54768837969", "title": "Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval", "software": [ { "type": "plugin", "name": "Admin Notices Manager", "slug": "admin-notices-manager", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0849d86b-5cf1-4346-a9e9-a54768837969?source=api-scan" ], "published": "2024-06-03 16:41:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "084a209f-c67b-4df9-9f4b-c537ea065a50": { "id": "084a209f-c67b-4df9-9f4b-c537ea065a50", "title": "Emails & Newsletters with Jackmail <= 1.2.22 - Authenticated (Subscriber+) CSV Injecton", "software": [ { "type": "plugin", "name": "Emails & Newsletters with Jackmail", "slug": "jackmail-newsletters", "affected_versions": { "* - 1.2.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/084a209f-c67b-4df9-9f4b-c537ea065a50?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08511020-6129-4f55-a25e-7ed86efa721d": { "id": "08511020-6129-4f55-a25e-7ed86efa721d", "title": "Syncee \u2013 Global Dropshipping <= 1.0.9 - Missing Authorization.", "software": [ { "type": "plugin", "name": "Syncee Collective Dropshipping", "slug": "syncee-global-dropshipping", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08511020-6129-4f55-a25e-7ed86efa721d?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08593415-bbc9-4159-b5d5-84e4dde6c2c9": { "id": "08593415-bbc9-4159-b5d5-84e4dde6c2c9", "title": "Open User Map | Everybody can add locations <= 1.3.26 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Open User Map", "slug": "open-user-map", "affected_versions": { "* - 1.3.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08593415-bbc9-4159-b5d5-84e4dde6c2c9?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "085b39e4-2e38-4e9d-af1a-f8981d5c6ed5": { "id": "085b39e4-2e38-4e9d-af1a-f8981d5c6ed5", "title": "Social Buttons Pack by BestWebSoft < 1.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Buttons Pack by BestWebSoft", "slug": "social-buttons-pack", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/085b39e4-2e38-4e9d-af1a-f8981d5c6ed5?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "085da0fa-9487-4938-94ea-c1593be7c023": { "id": "085da0fa-9487-4938-94ea-c1593be7c023", "title": "WPQA - Builder forms Addon For WordPress (<= 5.9.2), Himer (<= 1.9.3) and Discy (<= 5.5.3) - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "theme", "name": "Himer - Social Questions and Answers WordPress Theme", "slug": "himer", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "* - 5.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.3" ] }, { "type": "theme", "name": "Discy - Social Questions and Answers WordPress Theme", "slug": "discy", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/085da0fa-9487-4938-94ea-c1593be7c023?source=api-scan" ], "published": "2022-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "085ea0e9-5b00-4038-a01b-2aebd0aa0809": { "id": "085ea0e9-5b00-4038-a01b-2aebd0aa0809", "title": "JS Multi Hotel <= 2.2.1 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "JS Multi Hotel", "slug": "js-multihotel", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/085ea0e9-5b00-4038-a01b-2aebd0aa0809?source=api-scan" ], "published": "2014-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08630dfd-df43-4a5a-8fc7-ba8ff753db3d": { "id": "08630dfd-df43-4a5a-8fc7-ba8ff753db3d", "title": "Ditty <= 3.1.24 - Missing Authorization via save_ditty_permissions_check", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "* - 3.1.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08630dfd-df43-4a5a-8fc7-ba8ff753db3d?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0868b6ba-3b73-4b8a-a8b4-3cea8771ba33": { "id": "0868b6ba-3b73-4b8a-a8b4-3cea8771ba33", "title": "EasyEvent <= 1.0.0 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EasyEvent", "slug": "easyevent", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0868b6ba-3b73-4b8a-a8b4-3cea8771ba33?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "086b51b5-c9f6-4b30-8fa1-4bcc005c66ab": { "id": "086b51b5-c9f6-4b30-8fa1-4bcc005c66ab", "title": "WPML <= 3.1.9 - SQL Injection via lang Parameter", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/086b51b5-c9f6-4b30-8fa1-4bcc005c66ab?source=api-scan" ], "published": "2015-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "086cd6a0-adb6-4e12-b34c-630297f036f3": { "id": "086cd6a0-adb6-4e12-b34c-630297f036f3", "title": "Popup Builder <= 4.3.4 - Sensitive Information Exposure via Imported Subscribers CSV File", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/086cd6a0-adb6-4e12-b34c-630297f036f3?source=api-scan" ], "published": "2024-08-28 23:41:29", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "086eea65-9669-4397-9e35-76df4ee31e70": { "id": "086eea65-9669-4397-9e35-76df4ee31e70", "title": "Similarity <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Similarity", "slug": "similarity", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/086eea65-9669-4397-9e35-76df4ee31e70?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0870de2d-bca5-4d57-a07f-877a416ce0d5": { "id": "0870de2d-bca5-4d57-a07f-877a416ce0d5", "title": "WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace", "slug": "wc-multivendor-membership", "affected_versions": { "* - 2.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0870de2d-bca5-4d57-a07f-877a416ce0d5?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08746755-9abe-4120-8ffb-90f2f9f1b7cf": { "id": "08746755-9abe-4120-8ffb-90f2f9f1b7cf", "title": "WP-Lister Lite for Amazon <= 2.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Lister Lite for Amazon", "slug": "wp-lister-for-amazon", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08746755-9abe-4120-8ffb-90f2f9f1b7cf?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08801f53-3c57-41a3-a637-4b52637cc612": { "id": "08801f53-3c57-41a3-a637-4b52637cc612", "title": "Backup Migration <= 1.3.6 - Unauthenticated Arbitrary Backup Download to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08801f53-3c57-41a3-a637-4b52637cc612?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08814d06-0039-49cc-bcbb-96cb01129e3c": { "id": "08814d06-0039-49cc-bcbb-96cb01129e3c", "title": "Booking Calendar <= 9.7.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "[*, 9.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08814d06-0039-49cc-bcbb-96cb01129e3c?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0886fa16-4292-4223-af01-9aa1f36490f7": { "id": "0886fa16-4292-4223-af01-9aa1f36490f7", "title": "Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Calendar", "slug": "calendar", "affected_versions": { "* - 1.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0886fa16-4292-4223-af01-9aa1f36490f7?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "088aead8-37bb-4277-81e0-b7e2c13e9072": { "id": "088aead8-37bb-4277-81e0-b7e2c13e9072", "title": "WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP FEvents Book", "slug": "wp-fevents-book", "affected_versions": { "* - 0.46": { "from_version": "*", "from_inclusive": true, "to_version": "0.46", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/088aead8-37bb-4277-81e0-b7e2c13e9072?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "088e0d77-06bf-4420-88fb-2c6f8051ece5": { "id": "088e0d77-06bf-4420-88fb-2c6f8051ece5", "title": "Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Shortcode IMDB", "slug": "shortcode-imdb", "affected_versions": { "* - 6.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/088e0d77-06bf-4420-88fb-2c6f8051ece5?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08916934-c9b8-4bc0-8b8c-991ed0b78be2": { "id": "08916934-c9b8-4bc0-8b8c-991ed0b78be2", "title": "Ooorl <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ooorl", "slug": "ooorl", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08916934-c9b8-4bc0-8b8c-991ed0b78be2?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08940eaf-48fb-4e40-9667-cde710738542": { "id": "08940eaf-48fb-4e40-9667-cde710738542", "title": "Multisite Content Copier\/Updater <= 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Multisite Content Copier\/Updater", "slug": "wp-multisite-content-copier", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08940eaf-48fb-4e40-9667-cde710738542?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0897d622-8e73-4bc0-a5f9-77bf8ddb4f93": { "id": "0897d622-8e73-4bc0-a5f9-77bf8ddb4f93", "title": "BulletProof Security < .51.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "[*, .51.1)": { "from_version": "*", "from_inclusive": true, "to_version": ".51.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ ".51.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0897d622-8e73-4bc0-a5f9-77bf8ddb4f93?source=api-scan" ], "published": "2014-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "089cde8a-2896-4e4c-90c1-30605ccc919d": { "id": "089cde8a-2896-4e4c-90c1-30605ccc919d", "title": "JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion", "software": [ { "type": "theme", "name": "Jupiter", "slug": "jupiter", "affected_versions": { "* - 6.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.10.2" ] }, { "type": "theme", "name": "JupiterX", "slug": "jupiterx", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/089cde8a-2896-4e4c-90c1-30605ccc919d?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "089ffe9a-e222-4630-b889-2b1e527dac6f": { "id": "089ffe9a-e222-4630-b889-2b1e527dac6f", "title": "PayHere Payment Gateway <= 2.2.11 - Information Disclosure via Log Files", "software": [ { "type": "plugin", "name": "PayHere Payment Gateway Plugin for WooCommerce", "slug": "payhere-payment-gateway", "affected_versions": { "* - 2.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/089ffe9a-e222-4630-b889-2b1e527dac6f?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08a98c08-cddc-4bc3-bc07-15d084070abd": { "id": "08a98c08-cddc-4bc3-bc07-15d084070abd", "title": "WooCommerce Subscription < 4.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Subscription", "slug": "woocommerce-subscriptions", "affected_versions": { "[*, 4.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08a98c08-cddc-4bc3-bc07-15d084070abd?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08aa24a3-4306-4857-88ac-ecdcc578cdf5": { "id": "08aa24a3-4306-4857-88ac-ecdcc578cdf5", "title": "WP Hide & Security Enhancer <= 1.7.9.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Hide & Security Enhancer", "slug": "wp-hide-security-enhancer", "affected_versions": { "* - 1.7.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08aa24a3-4306-4857-88ac-ecdcc578cdf5?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08ab3d7d-b58a-4dec-a085-84a9938be328": { "id": "08ab3d7d-b58a-4dec-a085-84a9938be328", "title": "Tickera \u2013 WordPress Event Ticketing <= 3.5.2.4 - Insecure Direct Object Reference to Information Exposure", "software": [ { "type": "plugin", "name": "Tickera \u2013 WordPress Event Ticketing", "slug": "tickera-event-ticketing-system", "affected_versions": { "* - 3.5.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08ab3d7d-b58a-4dec-a085-84a9938be328?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08b5f399-018c-4e0b-aefc-55463d4ac48d": { "id": "08b5f399-018c-4e0b-aefc-55463d4ac48d", "title": "Sermon'e <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Sermon'e \u2013 Sermons Online", "slug": "sermone-online-sermons-management", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08b5f399-018c-4e0b-aefc-55463d4ac48d?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08b75cac-7b1d-4bed-a1b7-bd1e872f2b4f": { "id": "08b75cac-7b1d-4bed-a1b7-bd1e872f2b4f", "title": "Fatal Error Notify <= 1.5.2 - Cross-Site Request Forgery to Test Error Email Sending", "software": [ { "type": "plugin", "name": "Fatal Error Notify", "slug": "fatal-error-notify", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08b75cac-7b1d-4bed-a1b7-bd1e872f2b4f?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08b8f1ad-f616-4ceb-9c53-9d53aac370c9": { "id": "08b8f1ad-f616-4ceb-9c53-9d53aac370c9", "title": "Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Loan Repayment Calculator and Application Form", "slug": "quick-interest-slider", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08b8f1ad-f616-4ceb-9c53-9d53aac370c9?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08ba0f2a-f3eb-4d79-abba-99e64df0fe4b": { "id": "08ba0f2a-f3eb-4d79-abba-99e64df0fe4b", "title": "Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Setting Modification", "software": [ { "type": "plugin", "name": "Responsive Menu \u2013 Create Mobile-Friendly Menu", "slug": "responsive-menu", "affected_versions": { "[*, 4.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08ba0f2a-f3eb-4d79-abba-99e64df0fe4b?source=api-scan" ], "published": "2021-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08bbde25-bb9a-469c-83de-b680bb501ad6": { "id": "08bbde25-bb9a-469c-83de-b680bb501ad6", "title": "Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Generate Images \u2013 Magic Post Thumbnail", "slug": "magic-post-thumbnail", "affected_versions": { "* - 4.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08bbde25-bb9a-469c-83de-b680bb501ad6?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08bd24ca-eec6-4b62-af49-192496e65a5b": { "id": "08bd24ca-eec6-4b62-af49-192496e65a5b", "title": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08bd24ca-eec6-4b62-af49-192496e65a5b?source=api-scan" ], "published": "2024-06-19 12:20:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08bebfbd-08f4-45d9-9570-46f5c848afca": { "id": "08bebfbd-08f4-45d9-9570-46f5c848afca", "title": "User Meta \u2013 User Profile Builder and User management plugin 1.1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "User Meta \u2013 User Profile Builder and User management plugin", "slug": "user-meta", "affected_versions": { "1.1.1": { "from_version": "1.1.1", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08bebfbd-08f4-45d9-9570-46f5c848afca?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08c0ea6c-7e2f-482f-b30c-0e3bcd992159": { "id": "08c0ea6c-7e2f-482f-b30c-0e3bcd992159", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08c0ea6c-7e2f-482f-b30c-0e3bcd992159?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08c14611-c785-484d-9fdf-7d71c39f63df": { "id": "08c14611-c785-484d-9fdf-7d71c39f63df", "title": "Global Flash Gallery <= 0.15.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Global Flash Gallery", "slug": "global-flash-galleries", "affected_versions": { "* - 0.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.15.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.15.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08c14611-c785-484d-9fdf-7d71c39f63df?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08c79118-9dad-44fd-b683-7950276d3808": { "id": "08c79118-9dad-44fd-b683-7950276d3808", "title": "Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08c79118-9dad-44fd-b683-7950276d3808?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08c957fb-05e8-489e-846e-1afb0ca6750f": { "id": "08c957fb-05e8-489e-846e-1afb0ca6750f", "title": "Gallery PhotoBlocks <= 1.2.8 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Gallery PhotoBlocks", "slug": "photoblocks-grid-gallery", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08c957fb-05e8-489e-846e-1afb0ca6750f?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08ca186a-2486-4a58-9c53-03e9eba13e66": { "id": "08ca186a-2486-4a58-9c53-03e9eba13e66", "title": "WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass", "software": [ { "type": "plugin", "name": "miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)", "slug": "miniorange-login-openid", "affected_versions": { "* - 7.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08ca186a-2486-4a58-9c53-03e9eba13e66?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08cb2162-fac3-47af-9292-116095ee40dc": { "id": "08cb2162-fac3-47af-9292-116095ee40dc", "title": "WP SMS <= 6.9.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08cb2162-fac3-47af-9292-116095ee40dc?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08ccd4a3-ea1f-49b3-b4ce-ab1e247e1f76": { "id": "08ccd4a3-ea1f-49b3-b4ce-ab1e247e1f76", "title": "Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Country State City Dropdown CF7", "slug": "country-state-city-auto-dropdown", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08ccd4a3-ea1f-49b3-b4ce-ab1e247e1f76?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08d18e18-b9f2-4a4d-bf9b-4a64a7881a4f": { "id": "08d18e18-b9f2-4a4d-bf9b-4a64a7881a4f", "title": "F8 Lite <= 4.2.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "F8 Lite", "slug": "f8-lite", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08d18e18-b9f2-4a4d-bf9b-4a64a7881a4f?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08d43c67-df40-4f1a-a351-803e59edee13": { "id": "08d43c67-df40-4f1a-a351-803e59edee13", "title": "Display custom fields in the frontend \u2013 Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure", "software": [ { "type": "plugin", "name": "Display custom fields in the frontend \u2013 Post and User Profile Fields", "slug": "shortcode-to-display-post-and-user-data", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08d43c67-df40-4f1a-a351-803e59edee13?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08d4bf7e-fae9-4be6-9e97-e8b6532523ff": { "id": "08d4bf7e-fae9-4be6-9e97-e8b6532523ff", "title": "Ninja Forms - File Uploads <= 3.0.22 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Ninja Forms - File Uploads", "slug": "ninja-forms-uploads", "affected_versions": { "[*, 3.0.23)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08d4bf7e-fae9-4be6-9e97-e8b6532523ff?source=api-scan" ], "published": "2019-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08ded669-7e43-4da4-87e7-c7d75fa53d8b": { "id": "08ded669-7e43-4da4-87e7-c7d75fa53d8b", "title": "WP Mail <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Mail", "slug": "wp-mail", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08ded669-7e43-4da4-87e7-c7d75fa53d8b?source=api-scan" ], "published": "2016-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08dee232-7373-4da4-9c2c-c3aa52f9b588": { "id": "08dee232-7373-4da4-9c2c-c3aa52f9b588", "title": "Defender Security <= 4.0.2 - Hide Login Page Feature Protection Bypass", "software": [ { "type": "plugin", "name": "Defender Security \u2013 Malware Scanner, Login Security & Firewall", "slug": "defender-security", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08dee232-7373-4da4-9c2c-c3aa52f9b588?source=api-scan" ], "published": "2023-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08e7125a-0fab-4a4c-8428-127f71847810": { "id": "08e7125a-0fab-4a4c-8428-127f71847810", "title": "WP Simple Adsense Insertion <= 2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Simple Adsense Insertion", "slug": "wordpress-plugin-for-simple-google-adsense-insertion", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08e7125a-0fab-4a4c-8428-127f71847810?source=api-scan" ], "published": "2022-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08e9e7f4-0f25-4bc1-85b7-4b504ed38582": { "id": "08e9e7f4-0f25-4bc1-85b7-4b504ed38582", "title": "Coditor <= 1.1 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Coditor \u2013 Code Editor", "slug": "coditor", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08e9e7f4-0f25-4bc1-85b7-4b504ed38582?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08eb1d49-9928-43f8-97fc-14105e3a4a25": { "id": "08eb1d49-9928-43f8-97fc-14105e3a4a25", "title": "CTHthemes CityBook < 2.3.4, TownHub < 1.0.6, EasyBook < 1.2.2 Themes - Authenticated Post Deleition via IDOR", "software": [ { "type": "theme", "name": "EasyBook \u2013 Hotel & Tour Booking WordPress Theme", "slug": "easybook", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "theme", "name": "TownHub - Directory & Listing WordPress Theme", "slug": "townhub", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "CityBook - Directory & Listing WordPress Theme", "slug": "citybook", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08eb1d49-9928-43f8-97fc-14105e3a4a25?source=api-scan" ], "published": "2019-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08f4445b-9c79-42e3-be45-d07f72c00a01": { "id": "08f4445b-9c79-42e3-be45-d07f72c00a01", "title": "ReviewX <= 1.6.21 - Missing Authorization", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "* - 1.6.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08f4445b-9c79-42e3-be45-d07f72c00a01?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08f55882-d19f-43a3-a370-17d041493944": { "id": "08f55882-d19f-43a3-a370-17d041493944", "title": "BookingPress <= 1.0.74 - Booking Price Manipulation via bookingpress_confirm_booking", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.74": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.74", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.75" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08f55882-d19f-43a3-a370-17d041493944?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08f59eb8-8865-401f-bb02-3192184e0415": { "id": "08f59eb8-8865-401f-bb02-3192184e0415", "title": "White Label MS <= 2.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "White Label CMS", "slug": "white-label-cms", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08f59eb8-8865-401f-bb02-3192184e0415?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08f83fd1-5e8c-472f-819a-6078a5d2a56b": { "id": "08f83fd1-5e8c-472f-819a-6078a5d2a56b", "title": "WordPress Core & WordPress MU < 2.8.1 - Username Enumeration", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08f83fd1-5e8c-472f-819a-6078a5d2a56b?source=api-scan" ], "published": "2009-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08f8606a-d590-4836-b634-fa9bd3e59bf4": { "id": "08f8606a-d590-4836-b634-fa9bd3e59bf4", "title": "Houzez <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "theme", "name": "Houzez", "slug": "houzez", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08f8606a-d590-4836-b634-fa9bd3e59bf4?source=api-scan" ], "published": "2024-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08fb51d6-30c1-4a48-b626-a8c6f203ac83": { "id": "08fb51d6-30c1-4a48-b626-a8c6f203ac83", "title": "Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Clockwork SMS Notfications", "slug": "mediaburst-email-to-sms", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08fb51d6-30c1-4a48-b626-a8c6f203ac83?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08fb698f-c87c-4200-85fe-3fe72745633e": { "id": "08fb698f-c87c-4200-85fe-3fe72745633e", "title": "Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Image horizontal reel scroll slideshow", "slug": "image-horizontal-reel-scroll-slideshow", "affected_versions": { "* - 13.2": { "from_version": "*", "from_inclusive": true, "to_version": "13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08fb698f-c87c-4200-85fe-3fe72745633e?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "08ffb478-7280-4fbc-bc5f-482c1348091e": { "id": "08ffb478-7280-4fbc-bc5f-482c1348091e", "title": "Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login for Google Apps", "slug": "google-apps-login", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/08ffb478-7280-4fbc-bc5f-482c1348091e?source=api-scan" ], "published": "2022-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09023fe2-52dd-43af-ae4f-1fb46654f305": { "id": "09023fe2-52dd-43af-ae4f-1fb46654f305", "title": "Import WP \u2013 Export and Import CSV and XML files to WordPress <= 2.13.0 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Import WP \u2013 Export and Import CSV and XML files to WordPress", "slug": "jc-importer", "affected_versions": { "* - 2.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09023fe2-52dd-43af-ae4f-1fb46654f305?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0903bd2b-240f-4791-bfa6-f727d193af4a": { "id": "0903bd2b-240f-4791-bfa6-f727d193af4a", "title": "Booster for WooCommerce 7.0.0 - Authenticated (Shop Manager+) Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "7.0.0": { "from_version": "7.0.0", "from_inclusive": true, "to_version": "7.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0903bd2b-240f-4791-bfa6-f727d193af4a?source=api-scan" ], "published": "2023-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09050c1e-26e0-46e7-b5f0-ebaff4066b0a": { "id": "09050c1e-26e0-46e7-b5f0-ebaff4066b0a", "title": "Optimize Database after Deleting Revisions <= 5.0.110 - Missing Authorization via 'odb_csv_download'", "software": [ { "type": "plugin", "name": "Optimize Database after Deleting Revisions", "slug": "rvg-optimize-database", "affected_versions": { "* - 5.0.110": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.110", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09050c1e-26e0-46e7-b5f0-ebaff4066b0a?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0907c74e-0bb8-4761-aabf-79d880c78415": { "id": "0907c74e-0bb8-4761-aabf-79d880c78415", "title": "Comparison Slider <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comparison Slider", "slug": "comparison-slider", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0907c74e-0bb8-4761-aabf-79d880c78415?source=api-scan" ], "published": "2024-05-29 19:51:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "090c1ba1-1b73-4c83-a17f-993293c5621b": { "id": "090c1ba1-1b73-4c83-a17f-993293c5621b", "title": "Easy Digital Downloads \u2013 htaccess Editor < 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 htaccess Editor", "slug": "easy-digital-downloads-htaccess-editor", "affected_versions": { "1.0.0": { "from_version": "1.0.0", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/090c1ba1-1b73-4c83-a17f-993293c5621b?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09152aa7-5c10-416a-aa77-a0cde1b6442e": { "id": "09152aa7-5c10-416a-aa77-a0cde1b6442e", "title": "Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "* - 2.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09152aa7-5c10-416a-aa77-a0cde1b6442e?source=api-scan" ], "published": "2020-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "091b2d1d-983a-45ab-935e-635991e8bc8b": { "id": "091b2d1d-983a-45ab-935e-635991e8bc8b", "title": "WP Marketplace \u2013 Complete Shopping Cart \/ eCommerce Solution <= 2.4.0 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "WP Marketplace \u2013 Complete Shopping Cart \/ eCommerce Solution", "slug": "wpmarketplace", "affected_versions": { "[*, 2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/091b2d1d-983a-45ab-935e-635991e8bc8b?source=api-scan" ], "published": "2015-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "091c6cb3-dc5a-4fb8-a1a5-770b2361401f": { "id": "091c6cb3-dc5a-4fb8-a1a5-770b2361401f", "title": "WPMobile.App \u2014 Android and iOS Mobile Application <= 11.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "WPMobile.App \u2014 Android and iOS Mobile Application", "slug": "wpappninja", "affected_versions": { "* - 11.13": { "from_version": "*", "from_inclusive": true, "to_version": "11.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/091c6cb3-dc5a-4fb8-a1a5-770b2361401f?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "091d306d-cce4-426e-a18f-38bdaa802264": { "id": "091d306d-cce4-426e-a18f-38bdaa802264", "title": "Gallery \u2013 Image and Video Gallery with Thumbnails <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/091d306d-cce4-426e-a18f-38bdaa802264?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0922d221-70c6-41d3-9da2-aa16d67e7c14": { "id": "0922d221-70c6-41d3-9da2-aa16d67e7c14", "title": "Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider, Gallery, and Carousel by MetaSlider \u2013 Image Sliders, Video Sliders", "slug": "ml-slider", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0922d221-70c6-41d3-9da2-aa16d67e7c14?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0926bcf2-9cce-420d-a02f-52675224a71b": { "id": "0926bcf2-9cce-420d-a02f-52675224a71b", "title": "Easy Forms for Mailchimp <= 6.8.10 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "* - 6.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0926bcf2-9cce-420d-a02f-52675224a71b?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09277f30-9b6a-4cc9-bc8c-09c360da917a": { "id": "09277f30-9b6a-4cc9-bc8c-09c360da917a", "title": "Team Members <= 5.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Members", "slug": "team-members", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09277f30-9b6a-4cc9-bc8c-09c360da917a?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09316a23-3a99-47f2-9c3f-795dc0a4a792": { "id": "09316a23-3a99-47f2-9c3f-795dc0a4a792", "title": "Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.16.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09316a23-3a99-47f2-9c3f-795dc0a4a792?source=api-scan" ], "published": "2024-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0931f279-2dac-4663-9344-df27b43a7e64": { "id": "0931f279-2dac-4663-9344-df27b43a7e64", "title": "Page and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Page and Post Clone", "slug": "page-or-post-clone", "affected_versions": { "* - 6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0931f279-2dac-4663-9344-df27b43a7e64?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0933ea77-2de0-4cd5-a589-a4c1d474f119": { "id": "0933ea77-2de0-4cd5-a589-a4c1d474f119", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'rawdata' parameter", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0933ea77-2de0-4cd5-a589-a4c1d474f119?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "093af92e-bbc2-463a-8547-0e48fb356655": { "id": "093af92e-bbc2-463a-8547-0e48fb356655", "title": "Language Translate Widget for WordPress \u2013 ConveyThis <= 223 - Unauthenticated Stored Cross-Site Scripting via api_key", "software": [ { "type": "plugin", "name": "Translate WordPress with ConveyThis", "slug": "conveythis-translate", "affected_versions": { "* - 223": { "from_version": "*", "from_inclusive": true, "to_version": "223", "to_inclusive": true } }, "patched": true, "patched_versions": [ "224" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/093af92e-bbc2-463a-8547-0e48fb356655?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "093dc35d-3d7d-4fa4-af57-835b96df8984": { "id": "093dc35d-3d7d-4fa4-af57-835b96df8984", "title": "eShop <= 6.3.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eShop", "slug": "eshop", "affected_versions": { "[*, 6.3.12)": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/093dc35d-3d7d-4fa4-af57-835b96df8984?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09437329-f01a-4998-90ec-e4b2e271e896": { "id": "09437329-f01a-4998-90ec-e4b2e271e896", "title": "Shortcodes and extra features for Phlox theme <= 2.14.0 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09437329-f01a-4998-90ec-e4b2e271e896?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09467946-0ee7-45e7-969e-ec30863bfa3e": { "id": "09467946-0ee7-45e7-969e-ec30863bfa3e", "title": "Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 1.8.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09467946-0ee7-45e7-969e-ec30863bfa3e?source=api-scan" ], "published": "2015-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09479df1-ff7e-4df8-9aea-8c7622ecea4e": { "id": "09479df1-ff7e-4df8-9aea-8c7622ecea4e", "title": "f(x) TOC <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "f(x) TOC", "slug": "fx-toc", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09479df1-ff7e-4df8-9aea-8c7622ecea4e?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "094aa8ea-42f0-484f-80fe-a0bf3a110adc": { "id": "094aa8ea-42f0-484f-80fe-a0bf3a110adc", "title": "Search & Replace <= 3.2.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Search & Replace", "slug": "search-and-replace", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/094aa8ea-42f0-484f-80fe-a0bf3a110adc?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "094bf4e2-b774-4015-b6c6-c829c16556eb": { "id": "094bf4e2-b774-4015-b6c6-c829c16556eb", "title": "WP Pipes <= 1.4.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP Pipes", "slug": "wp-pipes", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/094bf4e2-b774-4015-b6c6-c829c16556eb?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "094c0952-4e28-4ed0-80ae-14fcf10cf2e1": { "id": "094c0952-4e28-4ed0-80ae-14fcf10cf2e1", "title": "Survey Maker \u2013 Best WordPress Survey Plugin <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/094c0952-4e28-4ed0-80ae-14fcf10cf2e1?source=api-scan" ], "published": "2022-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "094c5011-41f6-420b-b566-e77fd55d9011": { "id": "094c5011-41f6-420b-b566-e77fd55d9011", "title": "Gmedia Photo Gallery < 1.2.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Gmedia Photo Gallery", "slug": "grand-media", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/094c5011-41f6-420b-b566-e77fd55d9011?source=api-scan" ], "published": "2014-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09547dae-85dc-481d-9eb1-423d8faadc80": { "id": "09547dae-85dc-481d-9eb1-423d8faadc80", "title": "Product Catalog Feed by PixelYourSite <= 2.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Product Catalog Feed by PixelYourSite", "slug": "product-catalog-feed", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09547dae-85dc-481d-9eb1-423d8faadc80?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09551d22-c8c2-435c-9d00-bb4833497c16": { "id": "09551d22-c8c2-435c-9d00-bb4833497c16", "title": "Ashe Extra <= 1.2.9 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Ashe Extra", "slug": "ashe-extra", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09551d22-c8c2-435c-9d00-bb4833497c16?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "095724bb-9949-4c62-9a11-02f1cd4c6043": { "id": "095724bb-9949-4c62-9a11-02f1cd4c6043", "title": "3DPrint <= 3.5.6.8 - Cross-Site Request Forgery to Arbitrary File Download", "software": [ { "type": "plugin", "name": "3DPrint", "slug": "3dprint", "affected_versions": { "* - 3.5.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.6.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/095724bb-9949-4c62-9a11-02f1cd4c6043?source=api-scan" ], "published": "2022-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09597618-8695-4631-8c3b-4e7580d58c86": { "id": "09597618-8695-4631-8c3b-4e7580d58c86", "title": "License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "License Manager for WooCommerce", "slug": "license-manager-for-woocommerce", "affected_versions": { "* - 2.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09597618-8695-4631-8c3b-4e7580d58c86?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "095a2262-1da2-4f79-896c-6d48eb079a7b": { "id": "095a2262-1da2-4f79-896c-6d48eb079a7b", "title": "AffiEasy <= 1.1.6 - Cross-Site Request Forgery to Various Actions", "software": [ { "type": "plugin", "name": "AffiEasy", "slug": "affieasy", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/095a2262-1da2-4f79-896c-6d48eb079a7b?source=api-scan" ], "published": "2024-05-29 15:52:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "095b23b7-71ab-41eb-b666-73df2e1a7eb4": { "id": "095b23b7-71ab-41eb-b666-73df2e1a7eb4", "title": "Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Breakdance", "slug": "breakdance", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/095b23b7-71ab-41eb-b666-73df2e1a7eb4?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "095bee95-d3a7-4203-96eb-90f1f0eab84f": { "id": "095bee95-d3a7-4203-96eb-90f1f0eab84f", "title": "AMP for WP \u2013 Accelerated Mobile Pages <= 1.0.77.31 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 1.0.77.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.77.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.77.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/095bee95-d3a7-4203-96eb-90f1f0eab84f?source=api-scan" ], "published": "2021-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "095cc3dc-7a3e-473f-a762-de327c7ef28b": { "id": "095cc3dc-7a3e-473f-a762-de327c7ef28b", "title": "WordPress Slider Block Gutenslider <= 5.1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Slider Block Gutenslider", "slug": "gutenslider", "affected_versions": { "[*, 5.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/095cc3dc-7a3e-473f-a762-de327c7ef28b?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09613e4a-0dbe-430a-ab75-725038218803": { "id": "09613e4a-0dbe-430a-ab75-725038218803", "title": "Any Hostname <= 1.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Any Hostname", "slug": "any-hostname", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09613e4a-0dbe-430a-ab75-725038218803?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09618198-06fd-438b-a526-c7bf5b2570a8": { "id": "09618198-06fd-438b-a526-c7bf5b2570a8", "title": "WP Retina 2x <= 5.2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina)", "slug": "wp-retina-2x", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09618198-06fd-438b-a526-c7bf5b2570a8?source=api-scan" ], "published": "2017-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "096257a4-6ee9-41e1-8a59-4ffcd309f83c": { "id": "096257a4-6ee9-41e1-8a59-4ffcd309f83c", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/096257a4-6ee9-41e1-8a59-4ffcd309f83c?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09631637-55e2-4e1e-9dcb-bba205be5f43": { "id": "09631637-55e2-4e1e-9dcb-bba205be5f43", "title": "Page Builder: Live Composer <= 1.5.23 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Live Composer \u2013 Free WordPress Website Builder", "slug": "live-composer-page-builder", "affected_versions": { "* - 1.5.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09631637-55e2-4e1e-9dcb-bba205be5f43?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0966057b-8a3c-4d3c-84cb-cf36f1d97922": { "id": "0966057b-8a3c-4d3c-84cb-cf36f1d97922", "title": "Video Conferencing with Zoom <= 4.4.5 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Video Conferencing with Zoom", "slug": "video-conferencing-with-zoom-api", "affected_versions": { "* - 4.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0966057b-8a3c-4d3c-84cb-cf36f1d97922?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09679bd2-c416-4037-bfa4-d56ba862113c": { "id": "09679bd2-c416-4037-bfa4-d56ba862113c", "title": "Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 2.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09679bd2-c416-4037-bfa4-d56ba862113c?source=api-scan" ], "published": "2022-01-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "096ea1e3-a6c3-43c7-94f0-6c5617dd3fa9": { "id": "096ea1e3-a6c3-43c7-94f0-6c5617dd3fa9", "title": "LearnPress Export Import <= 4.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress Export Import \u2013 WordPress extension for LearnPress", "slug": "learnpress-import-export", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/096ea1e3-a6c3-43c7-94f0-6c5617dd3fa9?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0975cc9d-7130-4802-bba2-b52d4b79edcd": { "id": "0975cc9d-7130-4802-bba2-b52d4b79edcd", "title": "Counterpoint <= 1.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Counterpoint", "slug": "counterpoint", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0975cc9d-7130-4802-bba2-b52d4b79edcd?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09768e37-7ba8-43b6-93df-3d201fe780ba": { "id": "09768e37-7ba8-43b6-93df-3d201fe780ba", "title": "Woostify <= 1.9.1 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Woostify", "slug": "woostify", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09768e37-7ba8-43b6-93df-3d201fe780ba?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09773141-883b-40e3-bd20-d3115c02e023": { "id": "09773141-883b-40e3-bd20-d3115c02e023", "title": "Login Lockdown <= 2.06 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Login Lockdown & Protection", "slug": "login-lockdown", "affected_versions": { "* - 2.06": { "from_version": "*", "from_inclusive": true, "to_version": "2.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09773141-883b-40e3-bd20-d3115c02e023?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "097f6887-e15f-4e35-ab12-1115630e13cc": { "id": "097f6887-e15f-4e35-ab12-1115630e13cc", "title": "Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ebook Store", "slug": "ebook-store", "affected_versions": { "[*, 5.78)": { "from_version": "*", "from_inclusive": true, "to_version": "5.78", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.78" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/097f6887-e15f-4e35-ab12-1115630e13cc?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "097fdc88-9424-4de9-9a03-d4ea724da13f": { "id": "097fdc88-9424-4de9-9a03-d4ea724da13f", "title": "CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "* - 15.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "15.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/097fdc88-9424-4de9-9a03-d4ea724da13f?source=api-scan" ], "published": "2024-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09814382-476b-4686-b3e8-d80aade92b1f": { "id": "09814382-476b-4686-b3e8-d80aade92b1f", "title": "Category Posts Widget <= 4.9.16 & Pro < 4.9.13 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Category Posts Widget", "slug": "category-posts", "affected_versions": { "* - 4.9.16": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.17" ] }, { "type": "plugin", "name": "Terms and Category Based Posts Widget", "slug": "term-and-category-based-posts-widget", "affected_versions": { "* - 4.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09814382-476b-4686-b3e8-d80aade92b1f?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09870d90-80b1-4650-9b00-0dc005702aee": { "id": "09870d90-80b1-4650-9b00-0dc005702aee", "title": "NextGEN Smooth Gallery <= 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "nextgen-smooth-gallery", "slug": "nextgen-smooth-gallery", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09870d90-80b1-4650-9b00-0dc005702aee?source=api-scan" ], "published": "2013-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0987285b-4daf-4979-934b-7fa4a0ded99f": { "id": "0987285b-4daf-4979-934b-7fa4a0ded99f", "title": "WordPress Core < 4.5.2 - Cross-Site Scripting via MediaElement.js", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.13": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.13", "to_inclusive": true }, "3.8 - 3.8.13": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.13", "to_inclusive": true }, "3.9 - 3.9.11": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.11", "to_inclusive": true }, "4.0 - 4.0.10": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true }, "4.1 - 4.1.10": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.10", "to_inclusive": true }, "4.2 - 4.2.7": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true }, "4.3 - 4.3.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true }, "4.4 - 4.4.2": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true }, "4.5 - 4.5.1": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.14", "3.8.14", "3.9.12", "4.0.11", "4.1.11", "4.2.8", "4.3.4", "4.4.3", "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0987285b-4daf-4979-934b-7fa4a0ded99f?source=api-scan" ], "published": "2016-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0987f9a5-eb11-4756-a09a-26dc66a8c690": { "id": "0987f9a5-eb11-4756-a09a-26dc66a8c690", "title": "UpdraftPlus WordPress Backup Plugin < 1.6.59 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "[*, 1.6.59)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.59", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0987f9a5-eb11-4756-a09a-26dc66a8c690?source=api-scan" ], "published": "2021-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "098dfee2-ba0b-420f-89ed-8ad1e41faec4": { "id": "098dfee2-ba0b-420f-89ed-8ad1e41faec4", "title": "SportsPress \u2013 Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update", "software": [ { "type": "plugin", "name": "SportsPress \u2013 Sports Club & League Manager", "slug": "sportspress", "affected_versions": { "* - 2.7.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/098dfee2-ba0b-420f-89ed-8ad1e41faec4?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "098efef9-f5e0-4827-bd4e-88867b7dc3b7": { "id": "098efef9-f5e0-4827-bd4e-88867b7dc3b7", "title": "SEOPress \u2013 On-site SEO <= 7.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 7.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/098efef9-f5e0-4827-bd4e-88867b7dc3b7?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "098f219d-77e5-46f9-b8c2-fa8ccdc5af38": { "id": "098f219d-77e5-46f9-b8c2-fa8ccdc5af38", "title": "MainWP Maintenance Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "MainWP Maintenance Extension", "slug": "mainwp-maintenance-extension", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/098f219d-77e5-46f9-b8c2-fa8ccdc5af38?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0992ac60-14c6-4432-bd6e-c11c6a7bf603": { "id": "0992ac60-14c6-4432-bd6e-c11c6a7bf603", "title": "Themify \u2013 WooCommerce Product Filter <= 1.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify \u2013 WooCommerce Product Filter", "slug": "themify-wc-product-filter", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0992ac60-14c6-4432-bd6e-c11c6a7bf603?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09932277-8af3-4790-96f0-fe5af0a0ed29": { "id": "09932277-8af3-4790-96f0-fe5af0a0ed29", "title": "Booking Calendar Contact Form <= 1.2.34 - Cross-Site Request Forgery via cpdexbccf_feedback", "software": [ { "type": "plugin", "name": "Booking Calendar Contact Form", "slug": "booking-calendar-contact-form", "affected_versions": { "* - 1.2.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09932277-8af3-4790-96f0-fe5af0a0ed29?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09935fd1-5a95-411a-a820-60888be7b059": { "id": "09935fd1-5a95-411a-a820-60888be7b059", "title": "WordPress Core < 3.8.2 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "3.8.1": { "from_version": "3.8.1", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09935fd1-5a95-411a-a820-60888be7b059?source=api-scan" ], "published": "2014-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09952b56-a064-46f9-b037-be86cf6df781": { "id": "09952b56-a064-46f9-b037-be86cf6df781", "title": "Cimatti Contact Forms <= 1.4.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Contact Forms by Cimatti", "slug": "contact-forms", "affected_versions": { "[*, 1.4.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09952b56-a064-46f9-b037-be86cf6df781?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0999a738-9fae-4043-99eb-ff222a7608fa": { "id": "0999a738-9fae-4043-99eb-ff222a7608fa", "title": "Chilexpress woo oficial <= 1.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chilexpress woo oficial", "slug": "chilexpress-oficial", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0999a738-9fae-4043-99eb-ff222a7608fa?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "099af779-ab6f-4fad-a4a9-832e5a892fdd": { "id": "099af779-ab6f-4fad-a4a9-832e5a892fdd", "title": "Collapse-O-Matic <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Collapse-O-Matic", "slug": "jquery-collapse-o-matic", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/099af779-ab6f-4fad-a4a9-832e5a892fdd?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "099b2244-1371-4418-b5ef-b28ac030dedd": { "id": "099b2244-1371-4418-b5ef-b28ac030dedd", "title": "Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Share Buttons Adder", "slug": "simple-share-buttons-adder", "affected_versions": { "[*, 6.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/099b2244-1371-4418-b5ef-b28ac030dedd?source=api-scan" ], "published": "2015-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "099c8e23-31e3-47de-a33a-fe5812ca14d3": { "id": "099c8e23-31e3-47de-a33a-fe5812ca14d3", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 1.25.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 1.25.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/099c8e23-31e3-47de-a33a-fe5812ca14d3?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "099cc754-6a56-498f-848a-a242733e7fb0": { "id": "099cc754-6a56-498f-848a-a242733e7fb0", "title": "WP Mail Log <= 1.1.2 - Authenticated (Contributor+) SQL Injection via id", "software": [ { "type": "plugin", "name": "WP Mail Log", "slug": "wp-mail-log", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/099cc754-6a56-498f-848a-a242733e7fb0?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "099dfb18-fc73-4a19-b017-1675c9acfa2f": { "id": "099dfb18-fc73-4a19-b017-1675c9acfa2f", "title": "WordPress Tables <= 1.3.9 - Reflected Cross-Site Scripting via error_msg", "software": [ { "type": "plugin", "name": "WordPress Tables", "slug": "wptables", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/099dfb18-fc73-4a19-b017-1675c9acfa2f?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09a052a1-6e69-4972-9dab-802754cfb93a": { "id": "09a052a1-6e69-4972-9dab-802754cfb93a", "title": "RSSImport <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "RSSImport", "slug": "rss-import", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09a052a1-6e69-4972-9dab-802754cfb93a?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09a0639e-4b14-4dc9-a50c-d18234faa7b1": { "id": "09a0639e-4b14-4dc9-a50c-d18234faa7b1", "title": "Login and Logout Redirect <= 2.0.2 - Open Redirect", "software": [ { "type": "plugin", "name": "Login and Logout Redirect", "slug": "login-and-logout-redirect", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09a0639e-4b14-4dc9-a50c-d18234faa7b1?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09a1388e-6c87-44cd-a137-4212b569423b": { "id": "09a1388e-6c87-44cd-a137-4212b569423b", "title": "Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'putler_connector_sync_complete'", "software": [ { "type": "plugin", "name": "Analytics for Woo \u2013 Putler Accurate Analytics and Reports for your WooCommerce Store", "slug": "woocommerce-putler-connector", "affected_versions": { "* - 2.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09a1388e-6c87-44cd-a137-4212b569423b?source=api-scan" ], "published": "2023-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09aa2a44-8665-4f70-97a5-2e869c4610a4": { "id": "09aa2a44-8665-4f70-97a5-2e869c4610a4", "title": "ActiveCampaign for WooCommerce <= 1.9.6 - Missing Authorization to Error Log Deletion", "software": [ { "type": "plugin", "name": "ActiveCampaign for WooCommerce", "slug": "activecampaign-for-woocommerce", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09aa2a44-8665-4f70-97a5-2e869c4610a4?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09ac7546-0572-4446-99f7-fe84f76fac9b": { "id": "09ac7546-0572-4446-99f7-fe84f76fac9b", "title": "PageLayer <= 1.8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09ac7546-0572-4446-99f7-fe84f76fac9b?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09ac96f8-e138-48fe-bd95-5356fc222004": { "id": "09ac96f8-e138-48fe-bd95-5356fc222004", "title": "Bold Page Builder <= 3.1.5 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09ac96f8-e138-48fe-bd95-5356fc222004?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09b0bfd3-93a7-4f13-828d-772f54085a60": { "id": "09b0bfd3-93a7-4f13-828d-772f54085a60", "title": "Interactive World Map <= 3.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Interactive World Map", "slug": "interactive-world-map", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09b0bfd3-93a7-4f13-828d-772f54085a60?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09b26b78-b587-42f6-a9e3-c2945e91d29e": { "id": "09b26b78-b587-42f6-a9e3-c2945e91d29e", "title": "ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09b26b78-b587-42f6-a9e3-c2945e91d29e?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09b315e6-d973-467d-8b8d-4b7b4a7ca3f8": { "id": "09b315e6-d973-467d-8b8d-4b7b4a7ca3f8", "title": "WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09b315e6-d973-467d-8b8d-4b7b4a7ca3f8?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09bc815e-cf79-4d94-a934-366c251be551": { "id": "09bc815e-cf79-4d94-a934-366c251be551", "title": "WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09bc815e-cf79-4d94-a934-366c251be551?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09bdfade-85d0-4922-a83a-3e213adfa4ed": { "id": "09bdfade-85d0-4922-a83a-3e213adfa4ed", "title": "WooCommerce Product Stock Alert <= 2.0.1 - Missing Authorization via API", "software": [ { "type": "plugin", "name": "Product Stock Waitlist Manager for WooCommerce \u2013 Back In Stock Notifier, Sync, bulk edit", "slug": "woocommerce-product-stock-alert", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09bdfade-85d0-4922-a83a-3e213adfa4ed?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09bef3c5-991d-4eb1-b613-0b7d45ab5329": { "id": "09bef3c5-991d-4eb1-b613-0b7d45ab5329", "title": "HL Twitter <= 2014.1.18 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HL Twitter", "slug": "hl-twitter", "affected_versions": { "* - 2014.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "2014.1.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09bef3c5-991d-4eb1-b613-0b7d45ab5329?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09c59fb5-8264-4277-a821-dbfee0900f64": { "id": "09c59fb5-8264-4277-a821-dbfee0900f64", "title": "Complete Gallery Manager <= 3.3.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Complete Gallery Manager for WordPress | Galleries", "slug": "complete-gallery-manager", "affected_versions": { "[*, 3.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09c59fb5-8264-4277-a821-dbfee0900f64?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09c60d0a-bc1f-407f-aa0e-2ae0b7db5ae3": { "id": "09c60d0a-bc1f-407f-aa0e-2ae0b7db5ae3", "title": "WP-FlyBox <= 6.46 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-FlyBox", "slug": "wp-flybox", "affected_versions": { "* - 6.46": { "from_version": "*", "from_inclusive": true, "to_version": "6.46", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09c60d0a-bc1f-407f-aa0e-2ae0b7db5ae3?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09cff621-3cf3-496e-ab91-66d088fe79dc": { "id": "09cff621-3cf3-496e-ab91-66d088fe79dc", "title": "Super Socializer <= 7.13.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "* - 7.13.44": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09cff621-3cf3-496e-ab91-66d088fe79dc?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09e28b72-55c6-4f2f-b689-a8989945651b": { "id": "09e28b72-55c6-4f2f-b689-a8989945651b", "title": "WP Report Post <= 2.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Report Post", "slug": "wp-report-post", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09e28b72-55c6-4f2f-b689-a8989945651b?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09e5aa34-ab28-4349-ac5f-6a0479e641e5": { "id": "09e5aa34-ab28-4349-ac5f-6a0479e641e5", "title": "Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "* - 6.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09e5aa34-ab28-4349-ac5f-6a0479e641e5?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09ec4633-7639-4d46-8070-9fc6909bc610": { "id": "09ec4633-7639-4d46-8070-9fc6909bc610", "title": "Types <= 3.4.17 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Toolset Types \u2013 Custom Post Types, Custom Fields and Taxonomies", "slug": "types", "affected_versions": { "* - 3.4.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09ec4633-7639-4d46-8070-9fc6909bc610?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09ed1806-31b9-4851-99b1-a30eef4979a1": { "id": "09ed1806-31b9-4851-99b1-a30eef4979a1", "title": "Featured Image from URL (FIFU) <= 3.9.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Featured Image from URL (FIFU)", "slug": "featured-image-from-url", "affected_versions": { "* - 3.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09ed1806-31b9-4851-99b1-a30eef4979a1?source=api-scan" ], "published": "2022-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09ee0155-7424-42ff-bfd6-244912857009": { "id": "09ee0155-7424-42ff-bfd6-244912857009", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 2.8.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09ee0155-7424-42ff-bfd6-244912857009?source=api-scan" ], "published": "2014-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09ee6179-8071-4628-9d2b-dfbb32ef1804": { "id": "09ee6179-8071-4628-9d2b-dfbb32ef1804", "title": "Relevant \u2013 Related, Featured, Latest, and Popular Posts by BestWebSoft <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Relevant \u2013 Related, Featured, Latest, and Popular Posts by BestWebSoft", "slug": "relevant", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09ee6179-8071-4628-9d2b-dfbb32ef1804?source=api-scan" ], "published": "2015-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed": { "id": "09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed", "title": "Prime Slider \u2013 Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09f328f6-8a66-46bf-80d9-3ffeaecfec32": { "id": "09f328f6-8a66-46bf-80d9-3ffeaecfec32", "title": "Email Encoder Bundle <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers", "slug": "email-encoder-bundle", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09f328f6-8a66-46bf-80d9-3ffeaecfec32?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09f450bb-28c1-4c1e-ae13-afd53759e02f": { "id": "09f450bb-28c1-4c1e-ae13-afd53759e02f", "title": "FameTheme Demo Importer <= 1.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FameTheme Demo Importer", "slug": "famethemes-demo-importer", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09f450bb-28c1-4c1e-ae13-afd53759e02f?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09f590ad-c99a-4577-a709-98c88d3acc87": { "id": "09f590ad-c99a-4577-a709-98c88d3acc87", "title": "Authors List <= 2.0.2 - Reflected Cross-Site Scripting via al_id", "software": [ { "type": "plugin", "name": "Authors List", "slug": "authors-list", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09f590ad-c99a-4577-a709-98c88d3acc87?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09fb88e4-4846-40d3-8a79-a6a867bfb59f": { "id": "09fb88e4-4846-40d3-8a79-a6a867bfb59f", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09fb88e4-4846-40d3-8a79-a6a867bfb59f?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "09fc8d80-8231-4183-9626-c90f4fee5eb4": { "id": "09fc8d80-8231-4183-9626-c90f4fee5eb4", "title": "article2pdf <= 0.27 - Denial of Service", "software": [ { "type": "plugin", "name": "article2pdf", "slug": "article2pdf", "affected_versions": { "0.24": { "from_version": "0.24", "from_inclusive": true, "to_version": "0.24", "to_inclusive": true }, "0.25": { "from_version": "0.25", "from_inclusive": true, "to_version": "0.25", "to_inclusive": true }, "0.26": { "from_version": "0.26", "from_inclusive": true, "to_version": "0.26", "to_inclusive": true }, "0.27": { "from_version": "0.27", "from_inclusive": true, "to_version": "0.27", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/09fc8d80-8231-4183-9626-c90f4fee5eb4?source=api-scan" ], "published": "2019-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a00efc3-59a8-4601-a869-7455edabdeed": { "id": "0a00efc3-59a8-4601-a869-7455edabdeed", "title": "WooCommerce Customers Manager <= 30.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "* - 30.1": { "from_version": "*", "from_inclusive": true, "to_version": "30.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "30.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a00efc3-59a8-4601-a869-7455edabdeed?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a0ced4d-368d-4f12-9099-1f8c0b0fe245": { "id": "0a0ced4d-368d-4f12-9099-1f8c0b0fe245", "title": "123.chat <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "123.chat \u2013 1:1 Live Video Chat Tool Plugin", "slug": "123-chat-videochat", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a0ced4d-368d-4f12-9099-1f8c0b0fe245?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a13e87d-51cd-43b0-a658-900a174738fc": { "id": "0a13e87d-51cd-43b0-a658-900a174738fc", "title": "Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update", "software": [ { "type": "plugin", "name": "Cliengo \u2013 Chatbot", "slug": "cliengo", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a13e87d-51cd-43b0-a658-900a174738fc?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a158653-f80c-48a3-840e-20ee7e85925a": { "id": "0a158653-f80c-48a3-840e-20ee7e85925a", "title": "Floating Chat Widget - Chaty <= 3.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a158653-f80c-48a3-840e-20ee7e85925a?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a16651c-613b-462b-9d73-10a74892ecdc": { "id": "0a16651c-613b-462b-9d73-10a74892ecdc", "title": "WordPress Core < 2.5.1 - Authentication Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a16651c-613b-462b-9d73-10a74892ecdc?source=api-scan" ], "published": "2008-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a1e0d55-2894-450b-afaf-134a13512403": { "id": "0a1e0d55-2894-450b-afaf-134a13512403", "title": "FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FTP Access", "slug": "ftp-access", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a1e0d55-2894-450b-afaf-134a13512403?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a23e40d-9b9e-42ee-9319-c088e1024313": { "id": "0a23e40d-9b9e-42ee-9319-c088e1024313", "title": "Fonts <= 3.7.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts", "slug": "olympus-google-fonts", "affected_versions": { "* - 3.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a23e40d-9b9e-42ee-9319-c088e1024313?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a2740bc-5d4a-4449-b28a-5bf84b03c878": { "id": "0a2740bc-5d4a-4449-b28a-5bf84b03c878", "title": "Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gwyn's Imagemap Selector", "slug": "gwyns-imagemap-selector", "affected_versions": { "* - 0.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a2740bc-5d4a-4449-b28a-5bf84b03c878?source=api-scan" ], "published": "2022-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a281774-226a-4cb7-ba4a-ebb76f20eb47": { "id": "0a281774-226a-4cb7-ba4a-ebb76f20eb47", "title": "Ibtana \u2013 WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute", "software": [ { "type": "plugin", "name": "Ibtana \u2013 WordPress Website Builder", "slug": "ibtana-visual-editor", "affected_versions": { "* - 1.2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a281774-226a-4cb7-ba4a-ebb76f20eb47?source=api-scan" ], "published": "2024-10-01 21:17:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0": { "id": "0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0", "title": "Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.10.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a2a29ea-3ff3-4b80-8a40-1a00491076ff": { "id": "0a2a29ea-3ff3-4b80-8a40-1a00491076ff", "title": "Magazine Edge <= 1.13 - Authenticated (Subscriber+) Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Magazine Edge", "slug": "magazine-edge", "affected_versions": { "* - 1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a2a29ea-3ff3-4b80-8a40-1a00491076ff?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a2f60a9-c061-4ef9-a582-c82eb1311e5a": { "id": "0a2f60a9-c061-4ef9-a582-c82eb1311e5a", "title": "GreenMart \u2013 Organic & Food WooCommerce WordPress Theme < 2.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "GreenMart \u2013 Organic & Food WooCommerce WordPress Theme", "slug": "greenmart", "affected_versions": { "[*, 2.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a2f60a9-c061-4ef9-a582-c82eb1311e5a?source=api-scan" ], "published": "2020-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a308fde-1c44-4c34-ace5-6820dc949f53": { "id": "0a308fde-1c44-4c34-ace5-6820dc949f53", "title": "BoldGrid Easy SEO \u2013 Simple and Effective SEO <= 1.6.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description", "software": [ { "type": "plugin", "name": "BoldGrid Easy SEO \u2013 Simple and Effective SEO", "slug": "boldgrid-easy-seo", "affected_versions": { "* - 1.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a308fde-1c44-4c34-ace5-6820dc949f53?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a30d35c-9883-4b0f-83a2-494401c45d8e": { "id": "0a30d35c-9883-4b0f-83a2-494401c45d8e", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a30d35c-9883-4b0f-83a2-494401c45d8e?source=api-scan" ], "published": "2024-07-26 23:27:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a33282c-2adb-4f26-8fc4-918a48bfd040": { "id": "0a33282c-2adb-4f26-8fc4-918a48bfd040", "title": "WordPress prettyPhoto <= 1.1 - DOM Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress prettyPhoto", "slug": "prettyphoto", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a33282c-2adb-4f26-8fc4-918a48bfd040?source=api-scan" ], "published": "2015-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a397025-ada7-4a59-80b9-5a778ea27776": { "id": "0a397025-ada7-4a59-80b9-5a778ea27776", "title": "Easy Pixels by JEVNET <= 2.13 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Pixels", "slug": "easy-pixels-by-jevnet", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a397025-ada7-4a59-80b9-5a778ea27776?source=api-scan" ], "published": "2024-07-08 19:40:05", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a3ae696-f67d-4ed2-b307-d2f36b6f188c": { "id": "0a3ae696-f67d-4ed2-b307-d2f36b6f188c", "title": "Backup Migration <= 1.3.9 - Unauthenticated Path Traversal to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a3ae696-f67d-4ed2-b307-d2f36b6f188c?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a3cfa87-ad48-401c-b823-f61d5a7af680": { "id": "0a3cfa87-ad48-401c-b823-f61d5a7af680", "title": "WP Rollback < 1.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Rollback \u2013 Rollback Plugins and Themes", "slug": "wp-rollback", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a3cfa87-ad48-401c-b823-f61d5a7af680?source=api-scan" ], "published": "2015-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a42449f-aef1-42b8-af58-4f4aab7008f3": { "id": "0a42449f-aef1-42b8-af58-4f4aab7008f3", "title": "WP HTML Mail <= 3.0.9 - Missing Authorization on Rest Route", "software": [ { "type": "plugin", "name": "Email Template Designer \u2013 WP HTML Mail", "slug": "wp-html-mail", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a42449f-aef1-42b8-af58-4f4aab7008f3?source=api-scan" ], "published": "2022-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a434d66-ac97-4801-8985-047dcc7c3eb4": { "id": "0a434d66-ac97-4801-8985-047dcc7c3eb4", "title": "Convert Post Types <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Convert Post Types", "slug": "convert-post-types", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a434d66-ac97-4801-8985-047dcc7c3eb4?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a439cd6-c9d1-42d0-9067-4b425f2869a9": { "id": "0a439cd6-c9d1-42d0-9067-4b425f2869a9", "title": "Portfolio Gallery <= 1.5.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Portfolio Gallery \u2013 Photo Gallery", "slug": "portfolio-gallery", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a439cd6-c9d1-42d0-9067-4b425f2869a9?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a45d62f-bd41-4a69-be61-c4d6a7ec555c": { "id": "0a45d62f-bd41-4a69-be61-c4d6a7ec555c", "title": "FlagEm (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FlagEm", "slug": "FlagEm", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a45d62f-bd41-4a69-be61-c4d6a7ec555c?source=api-scan" ], "published": "2013-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a46420e-8ca5-43ac-8475-786e24185f55": { "id": "0a46420e-8ca5-43ac-8475-786e24185f55", "title": "Rockhoist Badges <= 1.2.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wordpress plugin rockhoist-badges", "slug": "rockhoist-badges", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a46420e-8ca5-43ac-8475-786e24185f55?source=api-scan" ], "published": "2017-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a49a22e-d54e-461d-83c2-8278494eac13": { "id": "0a49a22e-d54e-461d-83c2-8278494eac13", "title": "Tutor LMS \u2013 Migration Tool <= 2.2.2 - Missing Authorization in tutor_import_from_xml", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 Migration Tool", "slug": "tutor-lms-migration-tool", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a49a22e-d54e-461d-83c2-8278494eac13?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a49c8df-0524-41af-b095-b5953e6f68d8": { "id": "0a49c8df-0524-41af-b095-b5953e6f68d8", "title": "iThemes Security <= 5.6.1 - Sensitive Information Exposure via Diff Response", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a49c8df-0524-41af-b095-b5953e6f68d8?source=api-scan" ], "published": "2016-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a49d74a-01a6-4bd9-bc93-0006f9fe9503": { "id": "0a49d74a-01a6-4bd9-bc93-0006f9fe9503", "title": "BuddyForms Hook Fields <= 1.3.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress\/ BuddyBoss", "slug": "buddyforms-hook-fields", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a49d74a-01a6-4bd9-bc93-0006f9fe9503?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a540897-694a-43d1-bdd8-5aeb07389a51": { "id": "0a540897-694a-43d1-bdd8-5aeb07389a51", "title": "HDW Player Plugin (Video Player & Video Gallery) <= 2.4.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "HDW Player Plugin (Video Player & Video Gallery)", "slug": "hdw-player-video-player-video-gallery", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a540897-694a-43d1-bdd8-5aeb07389a51?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a58d45b-c91b-4141-992e-336650d7252b": { "id": "0a58d45b-c91b-4141-992e-336650d7252b", "title": "Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Automatic YouTube Gallery", "slug": "automatic-youtube-gallery", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a58d45b-c91b-4141-992e-336650d7252b?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a598274-3c67-4751-94d6-49abed38422c": { "id": "0a598274-3c67-4751-94d6-49abed38422c", "title": "Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_galleries", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a598274-3c67-4751-94d6-49abed38422c?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a5a0ca6-f355-4110-a533-04e46c741ec9": { "id": "0a5a0ca6-f355-4110-a533-04e46c741ec9", "title": "a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "plugin", "name": "a3 Portfolio", "slug": "a3-portfolio", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] }, { "type": "plugin", "name": "Dynamic Product Gallery for WooCommerce", "slug": "woocommerce-dynamic-gallery", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] }, { "type": "plugin", "name": "Contact Us Page \u2013 Contact People", "slug": "contact-us-page-contact-people", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.2" ] }, { "type": "plugin", "name": "Products Quick View for WooCommerce", "slug": "woocommerce-products-quick-view", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] }, { "type": "plugin", "name": "a3 Responsive Slider", "slug": "a3-responsive-slider", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] }, { "type": "plugin", "name": "Product Widget Slider for WooCommerce", "slug": "woo-widget-product-slideshow", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] }, { "type": "plugin", "name": "Compare Products for WooCommerce", "slug": "woocommerce-compare-products", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] }, { "type": "plugin", "name": "Product Sort and Display for WooCommerce", "slug": "woocommerce-product-sort-and-display", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] }, { "type": "plugin", "name": "a3 Lazy Load", "slug": "a3-lazy-load", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] }, { "type": "plugin", "name": "WP Email Template", "slug": "wp-email-template", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a5a0ca6-f355-4110-a533-04e46c741ec9?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a5a547c-6b24-4cb6-ad0e-b12a8f37472a": { "id": "0a5a547c-6b24-4cb6-ad0e-b12a8f37472a", "title": "Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Authenticated (Admin+) Arbitrary System File Read", "software": [ { "type": "plugin", "name": "Contact Forms \u2013 Drag & Drop Contact Form Builder", "slug": "lastform", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a5a547c-6b24-4cb6-ad0e-b12a8f37472a?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a5ac584-61e4-4318-9e8d-9b5a7f1daf3d": { "id": "0a5ac584-61e4-4318-9e8d-9b5a7f1daf3d", "title": "Social Tape <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Tape", "slug": "social-tape", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a5ac584-61e4-4318-9e8d-9b5a7f1daf3d?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a64e3b3-338d-4cf8-91f3-0ff4732549b4": { "id": "0a64e3b3-338d-4cf8-91f3-0ff4732549b4", "title": "Pay With Tweet <= 1.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Pay With Tweet", "slug": "pay-with-tweet", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a64e3b3-338d-4cf8-91f3-0ff4732549b4?source=api-scan" ], "published": "2012-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a656052-3b8a-4a93-b4f8-372b448a8373": { "id": "0a656052-3b8a-4a93-b4f8-372b448a8373", "title": "Countdown Block <= 1.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Countdown Block", "slug": "wp-countdown-block", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a656052-3b8a-4a93-b4f8-372b448a8373?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a6615fd-7c37-45d9-a657-0ba00df840e5": { "id": "0a6615fd-7c37-45d9-a657-0ba00df840e5", "title": "uListing <= 1.6.6 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a6615fd-7c37-45d9-a657-0ba00df840e5?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a6627e5-8831-4724-a427-aaf5ebb67f57": { "id": "0a6627e5-8831-4724-a427-aaf5ebb67f57", "title": "Ocean Extra <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a6627e5-8831-4724-a427-aaf5ebb67f57?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a6707ef-aab7-449c-8160-034bc188a998": { "id": "0a6707ef-aab7-449c-8160-034bc188a998", "title": "WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": false }, "4.1 - 4.1.39": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.39", "to_inclusive": true }, "4.2 - 4.2.36": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.36", "to_inclusive": true }, "4.3 - 4.3.32": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.32", "to_inclusive": true }, "4.4 - 4.4.31": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.31", "to_inclusive": true }, "4.5 - 4.5.30": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.30", "to_inclusive": true }, "4.6 - 4.6.27": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.27", "to_inclusive": true }, "4.7 - 4.7.27": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.27", "to_inclusive": true }, "4.8 - 4.8.23": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.23", "to_inclusive": true }, "4.9 - 4.9.24": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.24", "to_inclusive": true }, "5.0 - 5.0.20": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.20", "to_inclusive": true }, "5.1 - 5.1.17": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.17", "to_inclusive": true }, "5.2 - 5.2.19": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.19", "to_inclusive": true }, "5.3 - 5.3.16": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.16", "to_inclusive": true }, "5.4 - 5.4.14": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.14", "to_inclusive": true }, "5.5 - 5.5.13": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.13", "to_inclusive": true }, "5.6 - 5.6.12": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.12", "to_inclusive": true }, "5.7 - 5.7.10": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.10", "to_inclusive": true }, "5.8 - 5.8.8": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.8", "to_inclusive": true }, "5.9 - 5.9.8": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.8", "to_inclusive": true }, "6.0 - 6.0.6": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.6", "to_inclusive": true }, "6.1 - 6.1.4": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true }, "6.2 - 6.2.3": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.3", "to_inclusive": true }, "6.3 - 6.3.2": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.2", "to_inclusive": true }, "6.4 - 6.4.2": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.40", "4.2.37", "4.3.33", "4.4.32", "4.5.31", "4.6.28", "4.7.28", "4.8.24", "4.9.25", "5.0.21", "5.1.18", "5.2.20", "5.3.17", "5.4.15", "5.5.14", "5.6.13", "5.7.11", "5.8.9", "5.9.9", "6.0.7", "6.1.5", "6.2.4", "6.3.3", "6.4.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a6707ef-aab7-449c-8160-034bc188a998?source=api-scan" ], "published": "2018-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a6b87a8-2ebf-4db6-bf09-e9642708b2aa": { "id": "0a6b87a8-2ebf-4db6-bf09-e9642708b2aa", "title": "Easy Digital Downloads \u2013 Simple eCommerce for Selling Digital Files <= 2.10.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 2.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a6b87a8-2ebf-4db6-bf09-e9642708b2aa?source=api-scan" ], "published": "2021-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a6c5e9a-754f-41c8-b27b-caa133b5070f": { "id": "0a6c5e9a-754f-41c8-b27b-caa133b5070f", "title": "Corner Ad <= 1.0.56 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Corner Ad", "slug": "corner-ad", "affected_versions": { "* - 1.0.56": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a6c5e9a-754f-41c8-b27b-caa133b5070f?source=api-scan" ], "published": "2022-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a714536-c6fd-495b-b774-104657329a74": { "id": "0a714536-c6fd-495b-b774-104657329a74", "title": "Premium Packages \u2013 Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Premium Packages \u2013 Sell Digital Products Securely", "slug": "wpdm-premium-packages", "affected_versions": { "* - 5.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a714536-c6fd-495b-b774-104657329a74?source=api-scan" ], "published": "2024-09-24 12:16:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a73d326-cd27-4719-8c26-3aa5dce837c0": { "id": "0a73d326-cd27-4719-8c26-3aa5dce837c0", "title": "WordPress Download Manager <= 3.2.15 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.2.16)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a73d326-cd27-4719-8c26-3aa5dce837c0?source=api-scan" ], "published": "2021-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a769f8a-c1c1-4be1-b7ae-e1cb6eeda28c": { "id": "0a769f8a-c1c1-4be1-b7ae-e1cb6eeda28c", "title": "Store Toolkit for WooCommerce <= 2.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Toolkit \u2013 WooCommerce Extensions, Quick Enhancements & Handy Tools", "slug": "woocommerce-store-toolkit", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a769f8a-c1c1-4be1-b7ae-e1cb6eeda28c?source=api-scan" ], "published": "2022-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a79eb25-a7d1-4102-97e6-8fa8db9ed03e": { "id": "0a79eb25-a7d1-4102-97e6-8fa8db9ed03e", "title": "Branda \u2013 White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Branda \u2013 White Label & Branding, Custom Login Page Customizer", "slug": "branda-white-labeling", "affected_versions": { "* - 3.4.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a79eb25-a7d1-4102-97e6-8fa8db9ed03e?source=api-scan" ], "published": "2024-07-10 14:57:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a8089e1-51ca-4e27-930c-d0bb57bbd641": { "id": "0a8089e1-51ca-4e27-930c-d0bb57bbd641", "title": "Arkhe Blocks <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arkhe Blocks", "slug": "arkhe-blocks", "affected_versions": { "* - 2.23.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a8089e1-51ca-4e27-930c-d0bb57bbd641?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a8127e5-b5e6-4545-9e38-f3fa9daabcf2": { "id": "0a8127e5-b5e6-4545-9e38-f3fa9daabcf2", "title": "Access Code Feeder <= 1.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Access Code Feeder", "slug": "access-code-feeder", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a8127e5-b5e6-4545-9e38-f3fa9daabcf2?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a86f6ed-9755-4265-bc0d-2d0e18e9982f": { "id": "0a86f6ed-9755-4265-bc0d-2d0e18e9982f", "title": "AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=api-scan" ], "published": "2024-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a8aa964-d18c-420d-864b-9ee5cb5e2f0f": { "id": "0a8aa964-d18c-420d-864b-9ee5cb5e2f0f", "title": "Instant Chat Floating Button for WordPress Websites <= 1.0.5 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Instant Chat Floating Button for WordPress Websites", "slug": "instant-chat-wp", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a8aa964-d18c-420d-864b-9ee5cb5e2f0f?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f": { "id": "0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f", "title": "Tutor LMS <= 2.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a8de5b1-fefc-40b0-8f4d-435e6bd2f452": { "id": "0a8de5b1-fefc-40b0-8f4d-435e6bd2f452", "title": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds < 3.0 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds", "slug": "another-wordpress-classifieds-plugin", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a8de5b1-fefc-40b0-8f4d-435e6bd2f452?source=api-scan" ], "published": "2014-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a941aef-85f6-4719-b6ab-ace77a03e93e": { "id": "0a941aef-85f6-4719-b6ab-ace77a03e93e", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a941aef-85f6-4719-b6ab-ace77a03e93e?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d": { "id": "0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d", "title": "Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Active Products Tables for WooCommerce. Use constructor to create tables\u00a0", "slug": "profit-products-tables-for-woocommerce", "affected_versions": { "* - 1.0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a95f73a-eaf7-4b8c-b127-0ceef87c80fb": { "id": "0a95f73a-eaf7-4b8c-b127-0ceef87c80fb", "title": "CF7 Invisible reCAPTCHA < 1.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CF7 Invisible reCAPTCHA", "slug": "cf7-invisible-recaptcha", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a95f73a-eaf7-4b8c-b127-0ceef87c80fb?source=api-scan" ], "published": "2018-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a99ccde-4c8c-4c77-9199-c21dba35c19f": { "id": "0a99ccde-4c8c-4c77-9199-c21dba35c19f", "title": "Mega Menu <= 3.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mega Menu Plugin for WordPress \u2013 AP Mega Menu", "slug": "ap-mega-menu", "affected_versions": { "[*, 3.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a99ccde-4c8c-4c77-9199-c21dba35c19f?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a9b4c03-e7ec-48d6-87fe-67e8a5780703": { "id": "0a9b4c03-e7ec-48d6-87fe-67e8a5780703", "title": "a3 Responsive Slider <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "a3 Responsive Slider", "slug": "a3-responsive-slider", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a9b4c03-e7ec-48d6-87fe-67e8a5780703?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0a9dd9b6-28c7-4f7d-95bb-e93ccc6abc30": { "id": "0a9dd9b6-28c7-4f7d-95bb-e93ccc6abc30", "title": "WP Silverlight Media Player <= 0.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-media-player", "slug": "wp-media-player", "affected_versions": { "* - 0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0a9dd9b6-28c7-4f7d-95bb-e93ccc6abc30?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aa3bee5-a194-4618-8f32-a0a781fe8dc6": { "id": "0aa3bee5-a194-4618-8f32-a0a781fe8dc6", "title": "Spot.IM Comments < 4.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spot.IM Comments", "slug": "spotim-comments", "affected_versions": { "[*, 4.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aa3bee5-a194-4618-8f32-a0a781fe8dc6?source=api-scan" ], "published": "2017-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aa3ec9b-80d5-4e31-8045-43c8d151cab8": { "id": "0aa3ec9b-80d5-4e31-8045-43c8d151cab8", "title": "Elementor Addons by Livemesh <= 8.4 - Authenticated (Contributor+) Limited Local File Inclusion via Widgets", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aa3ec9b-80d5-4e31-8045-43c8d151cab8?source=api-scan" ], "published": "2024-07-03 14:51:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aac81b0-8d40-4c16-99b0-558ad7132698": { "id": "0aac81b0-8d40-4c16-99b0-558ad7132698", "title": "Call Now Button <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Call Now Button \u2013 The #1 Click to Call Button for WordPress", "slug": "call-now-button", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aac81b0-8d40-4c16-99b0-558ad7132698?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aad7f55-d1f0-45f9-ba8b-74170c32374f": { "id": "0aad7f55-d1f0-45f9-ba8b-74170c32374f", "title": "EventPrime <= 3.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aad7f55-d1f0-45f9-ba8b-74170c32374f?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ab546cc-b099-4d26-bf42-785952fcfd8c": { "id": "0ab546cc-b099-4d26-bf42-785952fcfd8c", "title": "Custom Field Suite <= 2.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ab546cc-b099-4d26-bf42-785952fcfd8c?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ab82117-73dd-4257-8dfc-01dadcc3a83f": { "id": "0ab82117-73dd-4257-8dfc-01dadcc3a83f", "title": "WP JS <= 2.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP JS", "slug": "wp-js", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ab82117-73dd-4257-8dfc-01dadcc3a83f?source=api-scan" ], "published": "2022-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0abad47f-a806-4cdd-a11f-015b997b5e86": { "id": "0abad47f-a806-4cdd-a11f-015b997b5e86", "title": "Admin and Site Enhancements (ASE) <= 5.7.1 - Password Protection Mode Security Feature Bypass", "software": [ { "type": "plugin", "name": "Admin and Site Enhancements (ASE)", "slug": "admin-site-enhancements", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0abad47f-a806-4cdd-a11f-015b997b5e86?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0abd2533-5cb3-4568-8ad2-f2852ab3a8db": { "id": "0abd2533-5cb3-4568-8ad2-f2852ab3a8db", "title": "HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id", "software": [ { "type": "plugin", "name": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block", "slug": "html5-video-player", "affected_versions": { "* - 2.5.24": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0abd2533-5cb3-4568-8ad2-f2852ab3a8db?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ac31c39-abbc-427f-aba3-d9ec3b51c4d2": { "id": "0ac31c39-abbc-427f-aba3-d9ec3b51c4d2", "title": "Post Gallery <= 2.3.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Post Gallery", "slug": "simple-post-gallery", "affected_versions": { "* - 2.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ac31c39-abbc-427f-aba3-d9ec3b51c4d2?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ac6603f-7eed-424e-a56b-f45d4a7f7b2a": { "id": "0ac6603f-7eed-424e-a56b-f45d4a7f7b2a", "title": "Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.1.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ac6603f-7eed-424e-a56b-f45d4a7f7b2a?source=api-scan" ], "published": "2014-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ac7a936-70fa-41ce-89f7-ec6a77964c96": { "id": "0ac7a936-70fa-41ce-89f7-ec6a77964c96", "title": "WordPress Core <= 3.3.2 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ac7a936-70fa-41ce-89f7-ec6a77964c96?source=api-scan" ], "published": "2012-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aced5de-e9df-4ffe-9d10-93dc3897ef4c": { "id": "0aced5de-e9df-4ffe-9d10-93dc3897ef4c", "title": "Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aced5de-e9df-4ffe-9d10-93dc3897ef4c?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0acf3219-1443-42cc-b3c9-cffb8fd8af07": { "id": "0acf3219-1443-42cc-b3c9-cffb8fd8af07", "title": "Busiprof <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Busiprof", "slug": "busiprof", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0acf3219-1443-42cc-b3c9-cffb8fd8af07?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ad0eed1-777a-432b-a190-b8a7ed10d71a": { "id": "0ad0eed1-777a-432b-a190-b8a7ed10d71a", "title": "Gmedia Photo Gallery <= 1.6.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gmedia Photo Gallery", "slug": "grand-media", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ad0eed1-777a-432b-a190-b8a7ed10d71a?source=api-scan" ], "published": "2015-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ad44770-91da-4265-b292-e6e41538d0f4": { "id": "0ad44770-91da-4265-b292-e6e41538d0f4", "title": "Cooked Pro < 1.8.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Cooked Pro", "slug": "cooked-pro", "affected_versions": { "[*, 1.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ad44770-91da-4265-b292-e6e41538d0f4?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ad806df-0a5c-4ef0-a335-2e34c9b62662": { "id": "0ad806df-0a5c-4ef0-a335-2e34c9b62662", "title": "Advanced Product Labels for WooCommerce <= 1.2.3.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Product Labels for WooCommerce", "slug": "advanced-product-labels-for-woocommerce", "affected_versions": { "[*, 1.2.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ad806df-0a5c-4ef0-a335-2e34c9b62662?source=api-scan" ], "published": "2022-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ae243af-619f-4405-b1e0-9b44c1869501": { "id": "0ae243af-619f-4405-b1e0-9b44c1869501", "title": "Ultimate Member < 1.0.84 - Authorization Bypass to Arbitrary File Upload\/Delete", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 1.0.84)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.84", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.84" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ae243af-619f-4405-b1e0-9b44c1869501?source=api-scan" ], "published": "2015-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aea5564-b1b9-4d57-9f7e-81dd791c8d48": { "id": "0aea5564-b1b9-4d57-9f7e-81dd791c8d48", "title": "Community by PeepSo <= 6.1.6.0 - Cross-Site Request Forgery via delete", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aea5564-b1b9-4d57-9f7e-81dd791c8d48?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aeaf421-513b-4c9d-bd36-58af28c86bc1": { "id": "0aeaf421-513b-4c9d-bd36-58af28c86bc1", "title": "WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Magazine Modules Lite", "slug": "wp-magazine-modules-lite", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aeaf421-513b-4c9d-bd36-58af28c86bc1?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aeb63e7-a24d-4d76-a8c7-f082dad87a55": { "id": "0aeb63e7-a24d-4d76-a8c7-f082dad87a55", "title": "Themify Shortcodes <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Shortcodes", "slug": "themify-shortcodes", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aeb63e7-a24d-4d76-a8c7-f082dad87a55?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0aeef472-0f09-458f-a0dc-b7de190b9b6d": { "id": "0aeef472-0f09-458f-a0dc-b7de190b9b6d", "title": "EmbedSocial \u2013 Social Media Feeds, Reviews and Galleries = 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EmbedSocial \u2013 Social Media Feeds, Reviews and Galleries", "slug": "embedalbum-pro", "affected_versions": { "* - 1.1.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0aeef472-0f09-458f-a0dc-b7de190b9b6d?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0af451be-2477-453c-a230-7f3fb804398b": { "id": "0af451be-2477-453c-a230-7f3fb804398b", "title": "WP 2FA \u2013 Two-factor authentication for WordPress <= 2.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP 2FA \u2013 Two-factor authentication for WordPress", "slug": "wp-2fa", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0af451be-2477-453c-a230-7f3fb804398b?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0af6e55d-def9-4bb1-ade9-56aa8184961c": { "id": "0af6e55d-def9-4bb1-ade9-56aa8184961c", "title": "Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "* - 6.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1" ] }, { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 6.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1" ] }, { "type": "plugin", "name": "Booster Elite for WooCommerce", "slug": "booster-elite-for-woocommerce", "affected_versions": { "* - 6.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0af6e55d-def9-4bb1-ade9-56aa8184961c?source=api-scan" ], "published": "2023-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0af80be2-b80b-4a25-9df6-a8ae75ad9cdd": { "id": "0af80be2-b80b-4a25-9df6-a8ae75ad9cdd", "title": "article2pdf 0.24 - 0.27 - Information Disclosure", "software": [ { "type": "plugin", "name": "article2pdf", "slug": "article2pdf", "affected_versions": { "0.24": { "from_version": "0.24", "from_inclusive": true, "to_version": "0.24", "to_inclusive": true }, "0.25": { "from_version": "0.25", "from_inclusive": true, "to_version": "0.25", "to_inclusive": true }, "0.26": { "from_version": "0.26", "from_inclusive": true, "to_version": "0.26", "to_inclusive": true }, "0.27": { "from_version": "0.27", "from_inclusive": true, "to_version": "0.27", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0af80be2-b80b-4a25-9df6-a8ae75ad9cdd?source=api-scan" ], "published": "2019-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0afc98b1-e1ee-4c77-89fc-9ccb045c6733": { "id": "0afc98b1-e1ee-4c77-89fc-9ccb045c6733", "title": "Secure Copy Content Protection and Content Locking <= 3.9.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Secure Copy Content Protection and Content Locking", "slug": "secure-copy-content-protection", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0afc98b1-e1ee-4c77-89fc-9ccb045c6733?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0afcdec7-dd22-4f10-b8f9-96a1e57d8f0b": { "id": "0afcdec7-dd22-4f10-b8f9-96a1e57d8f0b", "title": "Thinkun Remind <= 1.1.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "Thinkun Remind", "slug": "thinkun-remind", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0afcdec7-dd22-4f10-b8f9-96a1e57d8f0b?source=api-scan" ], "published": "2012-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0afd981e-3ae8-4450-9750-23ff6fe612dc": { "id": "0afd981e-3ae8-4450-9750-23ff6fe612dc", "title": "Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.276": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.276", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.277" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0afd981e-3ae8-4450-9750-23ff6fe612dc?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b04ab77-880b-423a-bba6-59822f0463bc": { "id": "0b04ab77-880b-423a-bba6-59822f0463bc", "title": "NextMove Lite <= 2.17.0 - Missing Authorization to Authenticated(Subscriber+) Plugin Activation", "software": [ { "type": "plugin", "name": "NextMove Lite \u2013 Thank You Page for WooCommerce", "slug": "woo-thank-you-page-nextmove-lite", "affected_versions": { "* - 2.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b04ab77-880b-423a-bba6-59822f0463bc?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b04ea62-8e6b-4876-a9f8-7bc342e837f4": { "id": "0b04ea62-8e6b-4876-a9f8-7bc342e837f4", "title": "Jannah - Newspaper Magazine News BuddyPress AMP < 5.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Jannah - Newspaper Magazine News BuddyPress AMP", "slug": "jannah", "affected_versions": { "[*, 5.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b04ea62-8e6b-4876-a9f8-7bc342e837f4?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b08fe5c-dbf4-4c22-a403-f5a6495de2f5": { "id": "0b08fe5c-dbf4-4c22-a403-f5a6495de2f5", "title": "Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sharebar", "slug": "sharebar", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b08fe5c-dbf4-4c22-a403-f5a6495de2f5?source=api-scan" ], "published": "2022-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b09d496-0e03-48a4-acf7-57febe18ed0a": { "id": "0b09d496-0e03-48a4-acf7-57febe18ed0a", "title": "Ibtana \u2013 WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ibtana \u2013 WordPress Website Builder", "slug": "ibtana-visual-editor", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b09d496-0e03-48a4-acf7-57febe18ed0a?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b20d638-82cb-48ce-96fa-fd42d06f649f": { "id": "0b20d638-82cb-48ce-96fa-fd42d06f649f", "title": "Sydney Toolbox <= 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id", "software": [ { "type": "plugin", "name": "Sydney Toolbox", "slug": "sydney-toolbox", "affected_versions": { "* - 1.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b20d638-82cb-48ce-96fa-fd42d06f649f?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b2132db-761f-48ff-a737-115e07c77425": { "id": "0b2132db-761f-48ff-a737-115e07c77425", "title": "BizPrint <= 4.3.39 - Missing Authorization via showTemplatePreview()", "software": [ { "type": "plugin", "name": "Print Anywhere & Create PDFs of Order Receipts, Invoices, Labels & More.", "slug": "print-google-cloud-print-gcp-woocommerce", "affected_versions": { "* - 4.3.39": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b2132db-761f-48ff-a737-115e07c77425?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b230ff1-4971-4ec5-a0e9-21df90fc6e98": { "id": "0b230ff1-4971-4ec5-a0e9-21df90fc6e98", "title": "Code Snippets <= 2.13.3 - Cross-Site Request Forgery to Remote Code Execution", "software": [ { "type": "plugin", "name": "Code Snippets", "slug": "code-snippets", "affected_versions": { "* - 2.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b230ff1-4971-4ec5-a0e9-21df90fc6e98?source=api-scan" ], "published": "2020-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b238414-b8fa-4251-8ad4-1bb693b90a27": { "id": "0b238414-b8fa-4251-8ad4-1bb693b90a27", "title": "Magn WP Drag And Drop Media Uploader <= 1.2.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Magn WP Drag And Drop Media Uploader", "slug": "magn-html5-drag-and-drop-media-uploader", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b238414-b8fa-4251-8ad4-1bb693b90a27?source=api-scan" ], "published": "2013-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b25252b-fad3-4212-be72-94e94779ef67": { "id": "0b25252b-fad3-4212-be72-94e94779ef67", "title": "Structured Content <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Structured Content (JSON-LD) #wpsc", "slug": "structured-content", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b25252b-fad3-4212-be72-94e94779ef67?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b270ec6-8dc1-432b-bf68-671966a9761a": { "id": "0b270ec6-8dc1-432b-bf68-671966a9761a", "title": "SULly <= 4.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SULly", "slug": "sully", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b270ec6-8dc1-432b-bf68-671966a9761a?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b3acc5f-b2a5-4e7b-a596-9a934fe6ff87": { "id": "0b3acc5f-b2a5-4e7b-a596-9a934fe6ff87", "title": "Quiz Maker <= 6.2.0.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "[*, 6.2.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b3acc5f-b2a5-4e7b-a596-9a934fe6ff87?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b3fa78c-d97f-43bf-b3e9-47d6aa41b458": { "id": "0b3fa78c-d97f-43bf-b3e9-47d6aa41b458", "title": "Advanced Local Pickup for WooCommerce <= 1.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Local Pickup for WooCommerce", "slug": "advanced-local-pickup-for-woocommerce", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b3fa78c-d97f-43bf-b3e9-47d6aa41b458?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b458e27-331b-4ae2-ade8-8b14aeffb1e2": { "id": "0b458e27-331b-4ae2-ade8-8b14aeffb1e2", "title": "WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Super Popup", "slug": "wp-super-popup", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b458e27-331b-4ae2-ade8-8b14aeffb1e2?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b4651d8-dad7-4f6f-a47d-2095b9d2bdca": { "id": "0b4651d8-dad7-4f6f-a47d-2095b9d2bdca", "title": "Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos", "software": [ { "type": "plugin", "name": "Continuous Image Carousel With Lightbox", "slug": "continuous-image-carousel-with-lightbox", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b4651d8-dad7-4f6f-a47d-2095b9d2bdca?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b493316-511d-479f-b65c-c04ecd17171f": { "id": "0b493316-511d-479f-b65c-c04ecd17171f", "title": "jQuery T(-) Countdown Widget <= 2.3.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde", "software": [ { "type": "plugin", "name": "jQuery T(-) Countdown Widget", "slug": "jquery-t-countdown-widget", "affected_versions": { "* - 2.3.23": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b493316-511d-479f-b65c-c04ecd17171f?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b4a0dff-1054-4f50-8ff5-e3cc2b45d77b": { "id": "0b4a0dff-1054-4f50-8ff5-e3cc2b45d77b", "title": "Image Optimizer by 10web <= 1.0.25 - Directory Traversal to Information Exposure", "software": [ { "type": "plugin", "name": "Image Optimizer by 10web \u2013 Image Optimizer and Compression plugin", "slug": "image-optimizer-wd", "affected_versions": { "[*, 1.0.26)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.26", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b4a0dff-1054-4f50-8ff5-e3cc2b45d77b?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b4b0cd0-dcc2-4790-8aeb-a304088dea3c": { "id": "0b4b0cd0-dcc2-4790-8aeb-a304088dea3c", "title": "Xerte Online <= 0.35 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Xerte Online", "slug": "xerte-online", "affected_versions": { "* - 0.35": { "from_version": "*", "from_inclusive": true, "to_version": "0.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b4b0cd0-dcc2-4790-8aeb-a304088dea3c?source=api-scan" ], "published": "2013-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b4e6dae-f38c-4f5b-ae1d-cf998946c675": { "id": "0b4e6dae-f38c-4f5b-ae1d-cf998946c675", "title": "Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms \u2013 CRM, Bigin", "slug": "cf7-zoho", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b4e6dae-f38c-4f5b-ae1d-cf998946c675?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b4ec57a-c52a-40c1-897a-db67efbd7177": { "id": "0b4ec57a-c52a-40c1-897a-db67efbd7177", "title": "WordPress Core < 4.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.23": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.23", "to_inclusive": true }, "3.8 - 3.8.23": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.23", "to_inclusive": true }, "3.9 - 3.9.21": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.21", "to_inclusive": true }, "4.0 - 4.0.20": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.20", "to_inclusive": true }, "4.1 - 4.1.20": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.20", "to_inclusive": true }, "4.2 - 4.2.17": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.17", "to_inclusive": true }, "4.3 - 4.3.13": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.13", "to_inclusive": true }, "4.4 - 4.4.12": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.12", "to_inclusive": true }, "4.5 - 4.5.11": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.11", "to_inclusive": true }, "4.6 - 4.6.8": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.8", "to_inclusive": true }, "4.7 - 4.7.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true }, "4.8 - 4.8.3": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": true }, "4.9": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.24", "3.8.24", "3.9.22", "4.0.21", "4.1.21", "4.2.18", "4.3.14", "4.4.13", "4.5.12", "4.6.9", "4.7.8", "4.8.4", "4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b4ec57a-c52a-40c1-897a-db67efbd7177?source=api-scan" ], "published": "2017-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b51caf3-eff4-491f-b354-7d8939548a64": { "id": "0b51caf3-eff4-491f-b354-7d8939548a64", "title": "File Gallery <= 1.8.5.4 - Reflected Cross-Site Scripting via post_id", "software": [ { "type": "plugin", "name": "File Gallery", "slug": "file-gallery", "affected_versions": { "* - 1.8.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b51caf3-eff4-491f-b354-7d8939548a64?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b52cc2a-c511-4801-8a95-f90d8d980c85": { "id": "0b52cc2a-c511-4801-8a95-f90d8d980c85", "title": "Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Secure Copy Content Protection and Content Locking", "slug": "secure-copy-content-protection", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b52cc2a-c511-4801-8a95-f90d8d980c85?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b540fed-e358-485f-8c12-f2241078459a": { "id": "0b540fed-e358-485f-8c12-f2241078459a", "title": "Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery and to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blue Wrench Video Widget", "slug": "blue-wrench-videos-widget", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b540fed-e358-485f-8c12-f2241078459a?source=api-scan" ], "published": "2013-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b668f45-c7fb-481b-bc8e-115e5b7248c9": { "id": "0b668f45-c7fb-481b-bc8e-115e5b7248c9", "title": "GD Mail Queue <= 3.9.3 - Unauthenticated Stored Cross-Site Scripting via Email", "software": [ { "type": "plugin", "name": "GD Mail Queue", "slug": "gd-mail-queue", "affected_versions": { "* - 3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b668f45-c7fb-481b-bc8e-115e5b7248c9?source=api-scan" ], "published": "2023-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b6e9430-bb78-47c3-9958-4f40028c3d93": { "id": "0b6e9430-bb78-47c3-9958-4f40028c3d93", "title": "Quick Page\/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Page\/Post Redirect Plugin", "slug": "quick-pagepost-redirect-plugin", "affected_versions": { "[*, 5.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b6e9430-bb78-47c3-9958-4f40028c3d93?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b7073e8-10cf-4fe0-9eb6-f9acd509598c": { "id": "0b7073e8-10cf-4fe0-9eb6-f9acd509598c", "title": "Geo Mashup < 1.8.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Geo Mashup", "slug": "geo-mashup", "affected_versions": { "[*, 1.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b7073e8-10cf-4fe0-9eb6-f9acd509598c?source=api-scan" ], "published": "2015-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b7234b0-edfc-417c-8ef4-394d62cf83f7": { "id": "0b7234b0-edfc-417c-8ef4-394d62cf83f7", "title": "Interface <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Interface", "slug": "interface", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b7234b0-edfc-417c-8ef4-394d62cf83f7?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b72cf6f-4924-4fa5-8e1a-4054dfe73be0": { "id": "0b72cf6f-4924-4fa5-8e1a-4054dfe73be0", "title": "Up down image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Up down image slideshow gallery", "slug": "up-down-image-slideshow-gallery", "affected_versions": { "* - 12.0": { "from_version": "*", "from_inclusive": true, "to_version": "12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b748dc9-4d44-41dd-b159-380214e7646a": { "id": "0b748dc9-4d44-41dd-b159-380214e7646a", "title": "BSK PDF Manager <= 1.4 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "BSK PDF Manager", "slug": "bsk-pdf-manager", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b748dc9-4d44-41dd-b159-380214e7646a?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b75c681-ecd2-4603-8819-07b2e9b8d547": { "id": "0b75c681-ecd2-4603-8819-07b2e9b8d547", "title": "WPGateway <= 3.5 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "WPGateway", "slug": "wpgateway", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b75c681-ecd2-4603-8819-07b2e9b8d547?source=api-scan" ], "published": "2022-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b768777-d502-47b4-bf78-03c4cd525063": { "id": "0b768777-d502-47b4-bf78-03c4cd525063", "title": "WP MyLinks <= 1.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP MyLinks", "slug": "wp-mylinks", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b768777-d502-47b4-bf78-03c4cd525063?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b79a851-1212-4a9c-89fe-b5f2d50ec18c": { "id": "0b79a851-1212-4a9c-89fe-b5f2d50ec18c", "title": "FluentForms <= 4.3.24 - Authenticated(Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 4.3.24": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b79a851-1212-4a9c-89fe-b5f2d50ec18c?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b7d7b64-8194-4b81-83f5-1f3b23109455": { "id": "0b7d7b64-8194-4b81-83f5-1f3b23109455", "title": "Guest Author <= 2.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Guest Author", "slug": "guest-author", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b7d7b64-8194-4b81-83f5-1f3b23109455?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b7da6f7-d486-44e5-9eeb-21feb119a48b": { "id": "0b7da6f7-d486-44e5-9eeb-21feb119a48b", "title": "Add Shortcodes Actions And Filters <= 2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Shortcodes Actions And Filters", "slug": "add-actions-and-filters", "affected_versions": { "* - 2.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b7da6f7-d486-44e5-9eeb-21feb119a48b?source=api-scan" ], "published": "2022-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b80e90d-72bd-4253-b84b-d2706e1abd4c": { "id": "0b80e90d-72bd-4253-b84b-d2706e1abd4c", "title": "LiveChat <= 4.5.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LiveChat \u2013 WP live chat plugin for WordPress", "slug": "wp-live-chat-software-for-wordpress", "affected_versions": { "* - 4.5.15": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b80e90d-72bd-4253-b84b-d2706e1abd4c?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b82f5da-42ef-40b4-bfa4-26b88a3328db": { "id": "0b82f5da-42ef-40b4-bfa4-26b88a3328db", "title": "Easy Modal < 2.1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Easy Modal", "slug": "easy-modal", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b82f5da-42ef-40b4-bfa4-26b88a3328db?source=api-scan" ], "published": "2017-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b82fae0-4eec-41ea-90e2-9d08258805b3": { "id": "0b82fae0-4eec-41ea-90e2-9d08258805b3", "title": "Sp*tify Play Button for WordPress <= 2.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sp*tify Play Button for WordPress", "slug": "spotify-play-button-for-wordpress", "affected_versions": { "* - 2.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b82fae0-4eec-41ea-90e2-9d08258805b3?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b8a9c85-a7cd-469c-834b-d1d89387cf63": { "id": "0b8a9c85-a7cd-469c-834b-d1d89387cf63", "title": "Pods <= 2.4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b8a9c85-a7cd-469c-834b-d1d89387cf63?source=api-scan" ], "published": "2015-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b8af407-b49d-4d3f-a7a5-c3ad3d56fcba": { "id": "0b8af407-b49d-4d3f-a7a5-c3ad3d56fcba", "title": "WP Statistics <= 8.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 8.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b8af407-b49d-4d3f-a7a5-c3ad3d56fcba?source=api-scan" ], "published": "2014-12-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b8d337b-2d2c-4769-9ac0-6e22ba39a42f": { "id": "0b8d337b-2d2c-4769-9ac0-6e22ba39a42f", "title": "IP2Location Country Blocker <= 2.26.4 - Ban Bypass", "software": [ { "type": "plugin", "name": "IP2Location Country Blocker", "slug": "ip2location-country-blocker", "affected_versions": { "* - 2.26.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.26.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.26.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b8d337b-2d2c-4769-9ac0-6e22ba39a42f?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b8dcab4-dd13-4c08-8623-37a50dcbda1b": { "id": "0b8dcab4-dd13-4c08-8623-37a50dcbda1b", "title": "Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "* - 3.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b8dcab4-dd13-4c08-8623-37a50dcbda1b?source=api-scan" ], "published": "2021-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b90503b-6186-48b5-a85a-3602f318872e": { "id": "0b90503b-6186-48b5-a85a-3602f318872e", "title": "flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_id", "software": [ { "type": "plugin", "name": "flickrRSS", "slug": "flickr-rss", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b90503b-6186-48b5-a85a-3602f318872e?source=api-scan" ], "published": "2018-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b95749b-c522-42cd-aa99-36bdf15541c3": { "id": "0b95749b-c522-42cd-aa99-36bdf15541c3", "title": "Eventify <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Eventify\u2122 \u2013 Simple Events", "slug": "eventify", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b95749b-c522-42cd-aa99-36bdf15541c3?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0b9f4615-278f-4762-98ce-5c9d806da1a5": { "id": "0b9f4615-278f-4762-98ce-5c9d806da1a5", "title": "Education Zone <= 1.3.4 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Education Zone", "slug": "education-zone", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0b9f4615-278f-4762-98ce-5c9d806da1a5?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ba551a4-109d-4e28-b497-539264095134": { "id": "0ba551a4-109d-4e28-b497-539264095134", "title": "WordPress Core < 5.8.2 - ca-bundle.crt contains expired certificate DST Root CA X3", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": false }, "5.2 - 5.2.12": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.12", "to_inclusive": true }, "5.3 - 5.3.9": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.9", "to_inclusive": true }, "5.4 - 5.4.7": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.7", "to_inclusive": true }, "5.5 - 5.5.6": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": true }, "5.6 - 5.6.5": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.5", "to_inclusive": true }, "5.7 - 5.7.3": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.3", "to_inclusive": true }, "5.8 - 5.8.1": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.13", "5.3.10", "5.4.8", "5.5.7", "5.6.6", "5.7.4", "5.8.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ba551a4-109d-4e28-b497-539264095134?source=api-scan" ], "published": "2021-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ba5da2b-6944-4243-a4f2-0f887abf7a66": { "id": "0ba5da2b-6944-4243-a4f2-0f887abf7a66", "title": "WP eCommerce <= 3.15.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "* - 3.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.15.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ba5da2b-6944-4243-a4f2-0f887abf7a66?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bb13936-cbc0-4cba-bd62-ef6d9728a65a": { "id": "0bb13936-cbc0-4cba-bd62-ef6d9728a65a", "title": "AJAX Random Post <= 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ajax-random-post", "slug": "ajax-random-post", "affected_versions": { "* - 2.00": { "from_version": "*", "from_inclusive": true, "to_version": "2.00", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bb13936-cbc0-4cba-bd62-ef6d9728a65a?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bb43b6c-4f14-401c-9964-1c4c19fc9e51": { "id": "0bb43b6c-4f14-401c-9964-1c4c19fc9e51", "title": "Title Field Validation <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Title Field Validation", "slug": "title-field-validation", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bb43b6c-4f14-401c-9964-1c4c19fc9e51?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bb7920b-2999-4bd3-bfef-3b9971f845e9": { "id": "0bb7920b-2999-4bd3-bfef-3b9971f845e9", "title": "Galleries by Angie Makes <= 1.67 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Shortcodes by Angie Makes", "slug": "wc-shortcodes", "affected_versions": { "* - 1.67": { "from_version": "*", "from_inclusive": true, "to_version": "1.67", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bb7920b-2999-4bd3-bfef-3b9971f845e9?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bb90162-314a-4d49-8fd3-2b1b42c5ad63": { "id": "0bb90162-314a-4d49-8fd3-2b1b42c5ad63", "title": "Calendarista Basic Edition <= 3.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Calendarista Basic Edition \u2013 WordPress appointment booking system", "slug": "calendarista-basic-edition", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bb90162-314a-4d49-8fd3-2b1b42c5ad63?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bba9e06-4c5b-43e4-a51b-af57c5390c8a": { "id": "0bba9e06-4c5b-43e4-a51b-af57c5390c8a", "title": "wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 2.1.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bba9e06-4c5b-43e4-a51b-af57c5390c8a?source=api-scan" ], "published": "2022-05-06 13:37:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bbbefce-4451-410d-bc19-f489318dda4a": { "id": "0bbbefce-4451-410d-bc19-f489318dda4a", "title": "WP Clone Menu <= 1.0.1 - Missing Authorization to Menu Clone", "software": [ { "type": "plugin", "name": "WP Clone Menu", "slug": "clone-menu", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bbbefce-4451-410d-bc19-f489318dda4a?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bbdbd0f-19cc-4a1e-9167-fbdb6d45ffbe": { "id": "0bbdbd0f-19cc-4a1e-9167-fbdb6d45ffbe", "title": "GNUCommerce < 1.4.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GNUCommerce", "slug": "gnucommerce", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bbdbd0f-19cc-4a1e-9167-fbdb6d45ffbe?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bc1ebf6-2797-43cc-8c7a-930da29d6c78": { "id": "0bc1ebf6-2797-43cc-8c7a-930da29d6c78", "title": "Popup Anything \u2013 A Marketing Popup and Lead Generation Conversions <= 2.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Anything \u2013 Popup for opt-ins and Lead Generation Conversions", "slug": "popup-anything-on-click", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bc1ebf6-2797-43cc-8c7a-930da29d6c78?source=api-scan" ], "published": "2022-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bc1f99e-1aa8-431a-a2ab-bdee5ece602f": { "id": "0bc1f99e-1aa8-431a-a2ab-bdee5ece602f", "title": "5 Anker Connect <= 1.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "5 Anker Connect", "slug": "5-anker-connect", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bc1f99e-1aa8-431a-a2ab-bdee5ece602f?source=api-scan" ], "published": "2022-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bc772a6-95a1-4420-bd97-1778002e2168": { "id": "0bc772a6-95a1-4420-bd97-1778002e2168", "title": "TK Google Fonts GDPR Compliant <= 2.2.11 - Missing Authorization to Font Deletion", "software": [ { "type": "plugin", "name": "TK Google Fonts GDPR Compliant", "slug": "tk-google-fonts", "affected_versions": { "* - 2.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bc772a6-95a1-4420-bd97-1778002e2168?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bc7ad47-aac9-4192-af04-234962f46f49": { "id": "0bc7ad47-aac9-4192-af04-234962f46f49", "title": "All Bootstrap Blocks <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All Bootstrap Blocks", "slug": "all-bootstrap-blocks", "affected_versions": { "* - 1.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bc7ad47-aac9-4192-af04-234962f46f49?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bc7f5dd-a1eb-442d-9913-e391208e7f26": { "id": "0bc7f5dd-a1eb-442d-9913-e391208e7f26", "title": "Ajax Pagination and Infinite Scroll <= 2.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ajax Pagination and Infinite Scroll", "slug": "malinky-ajax-pagination", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bc7f5dd-a1eb-442d-9913-e391208e7f26?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bcc1457-abbc-4bd9-a0a8-80e3d5624d95": { "id": "0bcc1457-abbc-4bd9-a0a8-80e3d5624d95", "title": "YITH WooCommerce Waiting List <= 2.6.0 - Cross-Site Request forgery via 'save_mail_status'", "software": [ { "type": "plugin", "name": "YITH WooCommerce Waitlist", "slug": "yith-woocommerce-waiting-list", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bcc1457-abbc-4bd9-a0a8-80e3d5624d95?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bd35ef1-ed28-44db-a1f6-74bc83974c71": { "id": "0bd35ef1-ed28-44db-a1f6-74bc83974c71", "title": "Hummingbird <= 3.7.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Hummingbird Performance \u2013 Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN", "slug": "hummingbird-performance", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bd35ef1-ed28-44db-a1f6-74bc83974c71?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bde3052-ae8e-4434-962a-88d3c8328a9c": { "id": "0bde3052-ae8e-4434-962a-88d3c8328a9c", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'redirectionPageContent' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bde3052-ae8e-4434-962a-88d3c8328a9c?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0be21ac7-4f61-44fc-9ffc-ab65faa549f6": { "id": "0be21ac7-4f61-44fc-9ffc-ab65faa549f6", "title": "tencentcloud-cos <= 1.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "tencentcloud-cos", "slug": "tencentcloud-cos", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0be21ac7-4f61-44fc-9ffc-ab65faa549f6?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0be418fa-f1cf-4aaf-bc94-c8e04186a54b": { "id": "0be418fa-f1cf-4aaf-bc94-c8e04186a54b", "title": "LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook()", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0be418fa-f1cf-4aaf-bc94-c8e04186a54b?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0be428ae-40ae-4cc0-82ad-d121b6d2d27e": { "id": "0be428ae-40ae-4cc0-82ad-d121b6d2d27e", "title": "Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0be428ae-40ae-4cc0-82ad-d121b6d2d27e?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0be84866-2a49-42da-b498-962fc1bcb811": { "id": "0be84866-2a49-42da-b498-962fc1bcb811", "title": "Product Code for WooCommerce <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Code for WooCommerce", "slug": "product-code-for-woocommerce", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0be84866-2a49-42da-b498-962fc1bcb811?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0be8c668-0f1c-4f83-8a71-49c8bb9b67ae": { "id": "0be8c668-0f1c-4f83-8a71-49c8bb9b67ae", "title": "Essential Blocks <= 4.0.6 - Missing Authorization via get", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0beaa7ce-40aa-429e-80fd-d04e75489b92": { "id": "0beaa7ce-40aa-429e-80fd-d04e75489b92", "title": "Custom Header Images <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Header Images", "slug": "custom-header-images", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0beaa7ce-40aa-429e-80fd-d04e75489b92?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bf1fe22-2cee-4828-bd68-7269b66152b3": { "id": "0bf1fe22-2cee-4828-bd68-7269b66152b3", "title": "WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Cost Estimation & Payment Forms Builder", "slug": "wp-estimation-form", "affected_versions": { "* - 10.1.75": { "from_version": "*", "from_inclusive": true, "to_version": "10.1.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.1.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bf1fe22-2cee-4828-bd68-7269b66152b3?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bf67b6d-5e72-433d-9e41-9fdf8d99a3ae": { "id": "0bf67b6d-5e72-433d-9e41-9fdf8d99a3ae", "title": "Broken Link Manager <= 0.4.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Manager", "slug": "broken-link-manager", "affected_versions": { "* - 0.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bf67b6d-5e72-433d-9e41-9fdf8d99a3ae?source=api-scan" ], "published": "2015-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0bf85146-8d82-4101-a914-b6d632460366": { "id": "0bf85146-8d82-4101-a914-b6d632460366", "title": "Last.fm Rotation <= 1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "lastfm-rotation", "slug": "lastfm-rotation", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0bf85146-8d82-4101-a914-b6d632460366?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c007090-9d9b-4ee7-8f77-91abd4373051": { "id": "0c007090-9d9b-4ee7-8f77-91abd4373051", "title": "Modern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Modern Events Calendar", "slug": "modern-events-calendar", "affected_versions": { "* - 7.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.12.0" ] }, { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 7.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c007090-9d9b-4ee7-8f77-91abd4373051?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c00f3c0-8374-4966-9496-dd62f183f75a": { "id": "0c00f3c0-8374-4966-9496-dd62f183f75a", "title": "Call Now Button <= 1.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Call Now Button \u2013 The #1 Click to Call Button for WordPress", "slug": "call-now-button", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c00f3c0-8374-4966-9496-dd62f183f75a?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c06d868-ac71-401a-9b8e-ee04a099c095": { "id": "0c06d868-ac71-401a-9b8e-ee04a099c095", "title": "Support Board <= 3.4.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Support Board", "slug": "supportboard", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c06d868-ac71-401a-9b8e-ee04a099c095?source=api-scan" ], "published": "2022-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c0c1e62-1a1c-4a76-bd99-7ede232dc965": { "id": "0c0c1e62-1a1c-4a76-bd99-7ede232dc965", "title": "NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "[*, 4.3.24)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c0c1e62-1a1c-4a76-bd99-7ede232dc965?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c0c698e-a5c2-473c-8dfb-31745b7d7c38": { "id": "0c0c698e-a5c2-473c-8dfb-31745b7d7c38", "title": "Predictive Search for WooCommerce <= 1.0.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Predictive Search for WooCommerce", "slug": "woocommerce-predictive-search", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c0c698e-a5c2-473c-8dfb-31745b7d7c38?source=api-scan" ], "published": "2012-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c0dd466-a78a-4b79-b9bd-5363f69d9a4c": { "id": "0c0dd466-a78a-4b79-b9bd-5363f69d9a4c", "title": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.6.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c0e9a09-0362-4046-a409-41a88154c7ba": { "id": "0c0e9a09-0362-4046-a409-41a88154c7ba", "title": "sourceAFRICA <= 0.1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "sourceAFRICA", "slug": "sourceafrica", "affected_versions": { "* - 0.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c0e9a09-0362-4046-a409-41a88154c7ba?source=api-scan" ], "published": "2015-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c157d70-1d4d-482e-8996-bc047a801681": { "id": "0c157d70-1d4d-482e-8996-bc047a801681", "title": "Event Timeline <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Timeline \u2013 Vertical Timeline", "slug": "rich-event-timeline", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c157d70-1d4d-482e-8996-bc047a801681?source=api-scan" ], "published": "2022-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c1c8310-76c3-4505-9504-993e594804a4": { "id": "0c1c8310-76c3-4505-9504-993e594804a4", "title": "WP LinkedIn Auto Publish <= 8.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP LinkedIn Auto Publish", "slug": "wp-linkedin-auto-publish", "affected_versions": { "* - 8.11": { "from_version": "*", "from_inclusive": true, "to_version": "8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c1c8310-76c3-4505-9504-993e594804a4?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c1ebc88-0987-46d6-9e80-6f3aa50d10af": { "id": "0c1ebc88-0987-46d6-9e80-6f3aa50d10af", "title": "Popup by Supsystic <= 1.10.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup by Supsystic", "slug": "popup-by-supsystic", "affected_versions": { "* - 1.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c1ebc88-0987-46d6-9e80-6f3aa50d10af?source=api-scan" ], "published": "2021-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c20f87e-3670-444c-aa8a-28988dfe2fd9": { "id": "0c20f87e-3670-444c-aa8a-28988dfe2fd9", "title": "WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Register Profile With Shortcode", "slug": "wp-register-profile-with-shortcode", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c20f87e-3670-444c-aa8a-28988dfe2fd9?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c2925c1-f5c6-45b9-bc61-96f325c0372f": { "id": "0c2925c1-f5c6-45b9-bc61-96f325c0372f", "title": "Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter", "software": [ { "type": "plugin", "name": "Unite Gallery Lite", "slug": "unite-gallery-lite", "affected_versions": { "* - 1.7.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c2925c1-f5c6-45b9-bc61-96f325c0372f?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c2c5b41-bc56-428f-9edc-2a8fd8212310": { "id": "0c2c5b41-bc56-428f-9edc-2a8fd8212310", "title": "Wise Agent Capture Forms <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wise Agent Lead Forms", "slug": "wiseagentleadform", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c2c5b41-bc56-428f-9edc-2a8fd8212310?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c3fe714-94c9-47ea-b073-a082e4713977": { "id": "0c3fe714-94c9-47ea-b073-a082e4713977", "title": "CYSTEME Finder <= 1.3 - Arbitrary File Upload\/Read", "software": [ { "type": "plugin", "name": "CYSTEME Finder, the admin files explorer", "slug": "cysteme-finder", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c3fe714-94c9-47ea-b073-a082e4713977?source=api-scan" ], "published": "2016-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c410d91-08cc-496d-9c8e-c57f107399da": { "id": "0c410d91-08cc-496d-9c8e-c57f107399da", "title": "LearnPress <= 4.2.6.3 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c410d91-08cc-496d-9c8e-c57f107399da?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c43a88c-6374-414f-97ae-26ba15d75cdc": { "id": "0c43a88c-6374-414f-97ae-26ba15d75cdc", "title": "Featured Image Caption <= 0.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Featured Image Caption", "slug": "featured-image-caption", "affected_versions": { "* - 0.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c43a88c-6374-414f-97ae-26ba15d75cdc?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c458644-a799-4bea-abcb-06a946dc19df": { "id": "0c458644-a799-4bea-abcb-06a946dc19df", "title": "wpDataTables - Tables & Table Charts <= 2.1.65 - Authenticated(Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "[*, 2.1.66)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.66", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c458644-a799-4bea-abcb-06a946dc19df?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c4d2829-9f99-4a2d-9bde-476fae2c99a4": { "id": "0c4d2829-9f99-4a2d-9bde-476fae2c99a4", "title": "Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager Pro", "slug": "events-manager-pro", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] }, { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c4d2829-9f99-4a2d-9bde-476fae2c99a4?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c4e0d48-fde1-45dd-8e06-4582cf677579": { "id": "0c4e0d48-fde1-45dd-8e06-4582cf677579", "title": "Login by Auth0 <= 4.6.0 - Reflected Cross-Site Scripting via wle", "software": [ { "type": "plugin", "name": "Login by Auth0", "slug": "auth0", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c4e0d48-fde1-45dd-8e06-4582cf677579?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c4eb735-46bc-4eed-9d9a-b3bd42d18eed": { "id": "0c4eb735-46bc-4eed-9d9a-b3bd42d18eed", "title": "Freesoul Deactivate Plugins <= 1.9.4.0 - Information Disclosure", "software": [ { "type": "plugin", "name": "Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup", "slug": "freesoul-deactivate-plugins", "affected_versions": { "* - 1.9.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c4eb735-46bc-4eed-9d9a-b3bd42d18eed?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c533277-5cea-419f-93ec-e510c0fbd75d": { "id": "0c533277-5cea-419f-93ec-e510c0fbd75d", "title": "Env\u00edaloSimple <= 2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Env\u00edaloSimple: Email Marketing y Newsletters", "slug": "envialosimple-email-marketing-y-newsletters-gratis", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c533277-5cea-419f-93ec-e510c0fbd75d?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c54bbfe-f505-4c93-89fb-1a624bfcfe10": { "id": "0c54bbfe-f505-4c93-89fb-1a624bfcfe10", "title": "WP Construction Mode <= 1.91 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Construction Mode", "slug": "wp-construction-mode", "affected_versions": { "* - 1.91": { "from_version": "*", "from_inclusive": true, "to_version": "1.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c54bbfe-f505-4c93-89fb-1a624bfcfe10?source=api-scan" ], "published": "2014-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c58c1c6-cdda-463c-9a76-4ace96138dcb": { "id": "0c58c1c6-cdda-463c-9a76-4ace96138dcb", "title": "Google Forms < 0.92 - Unauthenticated Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Google Forms", "slug": "wpgform", "affected_versions": { "[*, 0.92)": { "from_version": "*", "from_inclusive": true, "to_version": "0.92", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c58c1c6-cdda-463c-9a76-4ace96138dcb?source=api-scan" ], "published": "2018-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c676a46-3e3f-4dc0-ba7f-acf1f100fb4a": { "id": "0c676a46-3e3f-4dc0-ba7f-acf1f100fb4a", "title": "MultiParcels Shipping For WooCommerce < 1.16.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MultiParcels Shipping For WooCommerce", "slug": "multiparcels-shipping-for-woocommerce", "affected_versions": { "[*, 1.16.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.16.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c676a46-3e3f-4dc0-ba7f-acf1f100fb4a?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c6a49d1-633b-47aa-8390-5df3bf8f71a5": { "id": "0c6a49d1-633b-47aa-8390-5df3bf8f71a5", "title": "WooCommerce <= 4.6.1 & WooCommerce Blocks <= 3.7.0 - Settings Bypass leading to Account Creation", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 4.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.2" ] }, { "type": "plugin", "name": "WooCommerce Blocks", "slug": "woo-gutenberg-products-block", "affected_versions": { "[*, 3.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c6a49d1-633b-47aa-8390-5df3bf8f71a5?source=api-scan" ], "published": "2020-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c6bc786-341a-4ab6-b86e-d21bb3dbf298": { "id": "0c6bc786-341a-4ab6-b86e-d21bb3dbf298", "title": "WP VK-\u4ed8\u8d39\u5185\u5bb9\u63d2\u4ef6 <= 1.3.3 - Cross-Site Request Forgery via AJAX actions", "software": [ { "type": "plugin", "name": "WP VK-\u4ed8\u8d39\u5185\u5bb9\u63d2\u4ef6\uff08\u4ed8\u8d39\u9605\u8bfb\/\u8d44\u6599\/\u5de5\u5177\u8f6f\u4ef6\u8d44\u6e90\u7ba1\u7406\uff09", "slug": "wp-vk", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c6bc786-341a-4ab6-b86e-d21bb3dbf298?source=api-scan" ], "published": "2023-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c6f44ba-a8c1-4248-8f54-ee86d4b5aa20": { "id": "0c6f44ba-a8c1-4248-8f54-ee86d4b5aa20", "title": "WP-RecentComments <= 2.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-RecentComments", "slug": "wp-recentcomments", "affected_versions": { "[*, 2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c6f44ba-a8c1-4248-8f54-ee86d4b5aa20?source=api-scan" ], "published": "2011-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c70206d-5c4a-4068-8182-e93378c26350": { "id": "0c70206d-5c4a-4068-8182-e93378c26350", "title": "Custom Menu <= 1.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Menu Plugin", "slug": "custom-sub-menus", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c70206d-5c4a-4068-8182-e93378c26350?source=api-scan" ], "published": "2021-09-08 20:09:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c747bc9-582c-4b9f-85a4-469c446d50f5": { "id": "0c747bc9-582c-4b9f-85a4-469c446d50f5", "title": "AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function", "software": [ { "type": "plugin", "name": "AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress", "slug": "acymailing", "affected_versions": { "* - 9.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c747bc9-582c-4b9f-85a4-469c446d50f5?source=api-scan" ], "published": "2024-08-21 13:54:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c7497fc-e42c-49a6-99ee-6ec774cc4617": { "id": "0c7497fc-e42c-49a6-99ee-6ec774cc4617", "title": "Smart App Banner <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart App Banner", "slug": "smart-app-banner", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c7497fc-e42c-49a6-99ee-6ec774cc4617?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c788d06-6a80-4e34-92bb-b87f21916810": { "id": "0c788d06-6a80-4e34-92bb-b87f21916810", "title": "Data Tables Generator By Supsystic <= 1.10.19 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Data Tables Generator by Supsystic", "slug": "data-tables-generator-by-supsystic", "affected_versions": { "* - 1.10.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c788d06-6a80-4e34-92bb-b87f21916810?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c799ee5-d8ee-4aec-b9a5-f93c150de6bd": { "id": "0c799ee5-d8ee-4aec-b9a5-f93c150de6bd", "title": "BigBlueButton <= 3.0.0-beta.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BigBlueButton", "slug": "bigbluebutton", "affected_versions": { "[*, 3.0.0-beta.4]": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0-beta.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c799ee5-d8ee-4aec-b9a5-f93c150de6bd?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c7b4263-0c7b-4a1a-b168-88e6591c82bb": { "id": "0c7b4263-0c7b-4a1a-b168-88e6591c82bb", "title": "dsSearchAgent: WordPress Edition <= 1.0-beta10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "dsSearchAgent: WordPress Edition", "slug": "dssearchagent-wordpress-edition", "affected_versions": { "[*, 1.0-beta10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0-beta10", "to_inclusive": false } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c7b4263-0c7b-4a1a-b168-88e6591c82bb?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c7beb26-a4ac-47a3-9ee1-64f399e3218b": { "id": "0c7beb26-a4ac-47a3-9ee1-64f399e3218b", "title": "User Rights Access Manager <= 1.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "User Rights Access Manager", "slug": "user-rights-access-manager", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c7beb26-a4ac-47a3-9ee1-64f399e3218b?source=api-scan" ], "published": "2021-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c80cbad-39ea-4f75-a025-6b9667560845": { "id": "0c80cbad-39ea-4f75-a025-6b9667560845", "title": "Float to Top Button <= 2.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Float to Top Button", "slug": "float-to-top-button", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c80cbad-39ea-4f75-a025-6b9667560845?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c829230-7527-4ae2-a5c8-db2371e4cd5a": { "id": "0c829230-7527-4ae2-a5c8-db2371e4cd5a", "title": "Amministrazione Aperta <= 3.7.3 - Admin+ Local File Inclusion", "software": [ { "type": "plugin", "name": "Amministrazione Aperta", "slug": "amministrazione-aperta", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c829230-7527-4ae2-a5c8-db2371e4cd5a?source=api-scan" ], "published": "2022-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c84075b-4685-4706-91d0-05ce6cd276ca": { "id": "0c84075b-4685-4706-91d0-05ce6cd276ca", "title": "Accordion Shortcodes <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Accordion Shortcodes", "slug": "accordion-shortcodes", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c84075b-4685-4706-91d0-05ce6cd276ca?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c944e08-1b70-4b56-80eb-f588c0fab5b6": { "id": "0c944e08-1b70-4b56-80eb-f588c0fab5b6", "title": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 3.4.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c944e08-1b70-4b56-80eb-f588c0fab5b6?source=api-scan" ], "published": "2024-05-22 14:10:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c976e5a-2f6c-4632-99a7-a512b3dd38e6": { "id": "0c976e5a-2f6c-4632-99a7-a512b3dd38e6", "title": "WP MultiTasking - WP Utilities <= 0.1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP MultiTasking \u2013 WP Utilities", "slug": "wp-multitasking", "affected_versions": { "* - 0.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c976e5a-2f6c-4632-99a7-a512b3dd38e6?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0c98026c-28a9-4c69-9f34-4c3bd4f75d85": { "id": "0c98026c-28a9-4c69-9f34-4c3bd4f75d85", "title": "Mollie Payments for WooCommerce <= 7.7.0 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Mollie Payments for WooCommerce", "slug": "mollie-payments-for-woocommerce", "affected_versions": { "* - 7.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0c98026c-28a9-4c69-9f34-4c3bd4f75d85?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ca9e920-3c7a-4991-8c24-2e55c4f4767c": { "id": "0ca9e920-3c7a-4991-8c24-2e55c4f4767c", "title": "Motors \u2013 Car Dealer & Classified Ads <= 1.4.5 - Cross-Site Request Forgery via Multiple Functions", "software": [ { "type": "plugin", "name": "Motors \u2013 Car Dealer, Classifieds & Listing", "slug": "motors-car-dealership-classified-listings", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ca9e920-3c7a-4991-8c24-2e55c4f4767c?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cac1dc0-87dc-43eb-9db1-638a91200b43": { "id": "0cac1dc0-87dc-43eb-9db1-638a91200b43", "title": "WP Popup Builder \u2013 Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add", "software": [ { "type": "plugin", "name": "WP Popup Builder \u2013 Popup Forms and Marketing Lead Generation", "slug": "wp-popup-builder", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cac1dc0-87dc-43eb-9db1-638a91200b43?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cac7f96-eb64-427d-9a95-b8bf1c675af0": { "id": "0cac7f96-eb64-427d-9a95-b8bf1c675af0", "title": "Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "[*, 8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cac7f96-eb64-427d-9a95-b8bf1c675af0?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cae2bb8-33e7-47b0-861d-b976a67660ae": { "id": "0cae2bb8-33e7-47b0-861d-b976a67660ae", "title": "Blue Triad EZAnalytics <= 1.0 - Reflected Cross-Site Scripting via 'bt_webid'", "software": [ { "type": "plugin", "name": "Blue Triad EZAnalytics", "slug": "blue-triad-ezanalytics", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cae2bb8-33e7-47b0-861d-b976a67660ae?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0caf1660-b85e-46e1-9270-a8e14c6bbf52": { "id": "0caf1660-b85e-46e1-9270-a8e14c6bbf52", "title": "SpiderVPlayer < 1.5.18 - Multiple Blind Authenticated SQL Injections", "software": [ { "type": "plugin", "name": "SpiderVPlayer", "slug": "player", "affected_versions": { "[*, 1.5.18)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0caf1660-b85e-46e1-9270-a8e14c6bbf52?source=api-scan" ], "published": "2016-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cb43deb-63f6-42d8-8dd6-55a59fca31ae": { "id": "0cb43deb-63f6-42d8-8dd6-55a59fca31ae", "title": "Ultimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget", "software": [ { "type": "plugin", "name": "Ultimate Bootstrap Elements for Elementor", "slug": "ultimate-bootstrap-elements-for-elementor", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cb43deb-63f6-42d8-8dd6-55a59fca31ae?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cb48233-0885-4634-9298-b42c45219ee6": { "id": "0cb48233-0885-4634-9298-b42c45219ee6", "title": "3D FlipBook \u2013 PDF Flipbook Viewer, Flipbook Image Gallery <= 1.15.6 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery", "slug": "interactive-3d-flipbook-powered-physics-engine", "affected_versions": { "* - 1.15.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cb48233-0885-4634-9298-b42c45219ee6?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cb5df54-a6a7-4c2e-8df0-5d050218622e": { "id": "0cb5df54-a6a7-4c2e-8df0-5d050218622e", "title": "rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization via export_settings", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "* - 4.6.14": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cb5df54-a6a7-4c2e-8df0-5d050218622e?source=api-scan" ], "published": "2023-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cb67f55-6d21-4a4e-9651-fcf671788d16": { "id": "0cb67f55-6d21-4a4e-9651-fcf671788d16", "title": "Tutor LMS \u2013 Migration Tool <= 2.2.2 - Missing Authorization in tutor_lp_export_xml", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 Migration Tool", "slug": "tutor-lms-migration-tool", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cb67f55-6d21-4a4e-9651-fcf671788d16?source=api-scan" ], "published": "2024-07-26 13:10:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cb8bd81-72a4-4b53-850b-78cc5e05043f": { "id": "0cb8bd81-72a4-4b53-850b-78cc5e05043f", "title": "Organization chart <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Organization chart", "slug": "organization-chart", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cb8bd81-72a4-4b53-850b-78cc5e05043f?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cba362e-c1e3-4840-941f-b8af8469f771": { "id": "0cba362e-c1e3-4840-941f-b8af8469f771", "title": "Elementor Pro <= 3.13.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cba362e-c1e3-4840-941f-b8af8469f771?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cbc3828-7fdc-4128-bd6e-79911756eae4": { "id": "0cbc3828-7fdc-4128-bd6e-79911756eae4", "title": "Timeline Module for Beaver Builder <= 1.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timeline Module for Beaver Builder", "slug": "timeline-for-beaver-builder", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cbc3828-7fdc-4128-bd6e-79911756eae4?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cbdf679-1657-4249-a433-8fe0cddd94be": { "id": "0cbdf679-1657-4249-a433-8fe0cddd94be", "title": "Event Manager, Events Calendar, Events Tickets for WooCommerce \u2013 Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export", "software": [ { "type": "plugin", "name": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin", "slug": "wp-event-solution", "affected_versions": { "* - 3.3.50": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cbdf679-1657-4249-a433-8fe0cddd94be?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cd1ded8-d8e8-48d2-bf6a-7041bd220fb2": { "id": "0cd1ded8-d8e8-48d2-bf6a-7041bd220fb2", "title": "WP Fast Total Search <= 1.69.234 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Fast Total Search \u2013 The Power of Indexed Search", "slug": "fulltext-search", "affected_versions": { "* - 1.69.234": { "from_version": "*", "from_inclusive": true, "to_version": "1.69.234", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.70.236" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cd1ded8-d8e8-48d2-bf6a-7041bd220fb2?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cd4d88d-0a88-4b81-a2f6-a98a0ddfdfb6": { "id": "0cd4d88d-0a88-4b81-a2f6-a98a0ddfdfb6", "title": "WordPress MU < 2.7 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "[*, 2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cd4d88d-0a88-4b81-a2f6-a98a0ddfdfb6?source=api-scan" ], "published": "2009-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cd6350c-6da8-4d5a-8ceb-d587ddf40d1d": { "id": "0cd6350c-6da8-4d5a-8ceb-d587ddf40d1d", "title": "Promotion Slider <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Promotion Slider", "slug": "promotion-slider", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cd6350c-6da8-4d5a-8ceb-d587ddf40d1d?source=api-scan" ], "published": "2022-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cd6474f-72e1-4ec2-a056-3c05a0dfa173": { "id": "0cd6474f-72e1-4ec2-a056-3c05a0dfa173", "title": "Newsletters <= 4.8.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cd6474f-72e1-4ec2-a056-3c05a0dfa173?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cd72420-dca1-455d-92a6-a178b4b26eab": { "id": "0cd72420-dca1-455d-92a6-a178b4b26eab", "title": "ConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update", "software": [ { "type": "plugin", "name": "ConvertPlus", "slug": "convertplug", "affected_versions": { "* - 3.5.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cd72420-dca1-455d-92a6-a178b4b26eab?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cde6b5b-f760-467b-940f-06a1f983ddc4": { "id": "0cde6b5b-f760-467b-940f-06a1f983ddc4", "title": "Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cde6b5b-f760-467b-940f-06a1f983ddc4?source=api-scan" ], "published": "2016-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ce2786e-2918-4dc0-99c4-db447216e140": { "id": "0ce2786e-2918-4dc0-99c4-db447216e140", "title": "Resize Image After Upload <= 1.8.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Resize Image After Upload", "slug": "resize-image-after-upload", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ce2786e-2918-4dc0-99c4-db447216e140?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ce2a9fe-3364-46b5-a6ae-b4feb3e20647": { "id": "0ce2a9fe-3364-46b5-a6ae-b4feb3e20647", "title": "GDPR-Extensions-com \u2013 Consent Manager <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "GDPR-Extensions-com \u2013 Consent Manager", "slug": "gdpr-consent-manager", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ce2a9fe-3364-46b5-a6ae-b4feb3e20647?source=api-scan" ], "published": "2024-10-09 13:28:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ce2dc45-0e23-4fba-8ef3-543db2a02eda": { "id": "0ce2dc45-0e23-4fba-8ef3-543db2a02eda", "title": "Co-marquage service-public.fr <= 0.5.72 - Reflected Cross-Site Scripting via search_term", "software": [ { "type": "plugin", "name": "Co-marquage service-public.fr", "slug": "co-marquage-service-public", "affected_versions": { "* - 0.5.72": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ce2dc45-0e23-4fba-8ef3-543db2a02eda?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ce738ee-bbb6-462a-aeae-0523200e320f": { "id": "0ce738ee-bbb6-462a-aeae-0523200e320f", "title": "EmbedPress <= 3.9.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ce738ee-bbb6-462a-aeae-0523200e320f?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ce8ed18-2164-4b5a-b1d3-fda8d348ebf9": { "id": "0ce8ed18-2164-4b5a-b1d3-fda8d348ebf9", "title": "True Ranker <= 2.2.2 - Directory Traversal\/Arbitrary File Read", "software": [ { "type": "plugin", "name": "True Ranker", "slug": "seo-local-rank", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ce8ed18-2164-4b5a-b1d3-fda8d348ebf9?source=api-scan" ], "published": "2021-12-13 12:43:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cef43a2-7917-4abd-b8f5-4a7604eadb70": { "id": "0cef43a2-7917-4abd-b8f5-4a7604eadb70", "title": "WebinarIgnition <= 3.05.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Webinar Solution: Create live\/evergreen\/automated\/instant webinars, stream & Zoom Meetings | WebinarIgnition", "slug": "webinar-ignition", "affected_versions": { "* - 3.05.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.05.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.06.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cef43a2-7917-4abd-b8f5-4a7604eadb70?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cefa293-c934-413e-b946-07e3060472ee": { "id": "0cefa293-c934-413e-b946-07e3060472ee", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculatePrice function", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cefa293-c934-413e-b946-07e3060472ee?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cf65972-a651-41b0-8f57-709e0ff685fa": { "id": "0cf65972-a651-41b0-8f57-709e0ff685fa", "title": "WP Crowdfunding <= 2.1.10 - Missing Authorization to Authenticated (Subscriber+) to Enable\/Disable Addons", "software": [ { "type": "plugin", "name": "WP Crowdfunding", "slug": "wp-crowdfunding", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cf65972-a651-41b0-8f57-709e0ff685fa?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cf7ec81-625b-4abf-9304-256701e933ee": { "id": "0cf7ec81-625b-4abf-9304-256701e933ee", "title": "WholesaleX <= 1.3.2 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "WholesaleX \u2013 WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)", "slug": "wholesalex", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cf7ec81-625b-4abf-9304-256701e933ee?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cf9c390-81d7-45d4-a6df-22b16235d11b": { "id": "0cf9c390-81d7-45d4-a6df-22b16235d11b", "title": "Recent Posts Slider <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Recent Posts Slider", "slug": "recent-posts-slider", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cf9c390-81d7-45d4-a6df-22b16235d11b?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0cfdb6de-41f8-4bea-a017-5708fceee762": { "id": "0cfdb6de-41f8-4bea-a017-5708fceee762", "title": "Social Share Button <= 2.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Share Button", "slug": "social-share-button", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0cfdb6de-41f8-4bea-a017-5708fceee762?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d00e477-8e01-4144-86e6-f1cc00fb1d0a": { "id": "0d00e477-8e01-4144-86e6-f1cc00fb1d0a", "title": "TranslatePress <= 2.0.8 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translate Multilingual sites \u2013 TranslatePress", "slug": "translatepress-multilingual", "affected_versions": { "[*, 2.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d00e477-8e01-4144-86e6-f1cc00fb1d0a?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d017b2c-1e15-401a-ae57-4653ca41b7e6": { "id": "0d017b2c-1e15-401a-ae57-4653ca41b7e6", "title": "MainWP Buddy Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP Buddy Extension", "slug": "mainwp-buddy-extension", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d017b2c-1e15-401a-ae57-4653ca41b7e6?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d041b14-0d05-4bfe-bd5c-7e06d7b108b8": { "id": "0d041b14-0d05-4bfe-bd5c-7e06d7b108b8", "title": "RegistrationMagic <= 5.2.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d041b14-0d05-4bfe-bd5c-7e06d7b108b8?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d04b822-a48a-485e-b9b5-f5a213307c71": { "id": "0d04b822-a48a-485e-b9b5-f5a213307c71", "title": "Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.29.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d04b822-a48a-485e-b9b5-f5a213307c71?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d10f5cd-d449-46f1-a347-f45a1db65999": { "id": "0d10f5cd-d449-46f1-a347-f45a1db65999", "title": "Post Snippets <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'snippet_content'", "software": [ { "type": "plugin", "name": "Post Snippets \u2013 Custom WordPress Code Snippets Customizer", "slug": "post-snippets", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d10f5cd-d449-46f1-a347-f45a1db65999?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d1a12b9-ac2e-4c60-8dd5-484944bb0ab8": { "id": "0d1a12b9-ac2e-4c60-8dd5-484944bb0ab8", "title": "Custom Permalinks <= 1.1 -Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Permalinks", "slug": "custom-permalinks", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d1a12b9-ac2e-4c60-8dd5-484944bb0ab8?source=api-scan" ], "published": "2018-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d1b2539-bff0-4185-8162-9e8b75183bb8": { "id": "0d1b2539-bff0-4185-8162-9e8b75183bb8", "title": "Hyperlink Group Block <= 1.17.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hyperlink Group Block", "slug": "hyperlink-group-block", "affected_versions": { "* - 1.17.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d1b2539-bff0-4185-8162-9e8b75183bb8?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d20bae1-5a94-402b-9001-725b433c9d55": { "id": "0d20bae1-5a94-402b-9001-725b433c9d55", "title": "Advanced Booking Calendar <= 1.6.6 - Reflected Cross-Site Scripting via calId Parameter", "software": [ { "type": "plugin", "name": "Advanced Booking Calendar", "slug": "advanced-booking-calendar", "affected_versions": { "[*, 1.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d20bae1-5a94-402b-9001-725b433c9d55?source=api-scan" ], "published": "2021-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d2309cd-625e-4508-8d60-25817023aa15": { "id": "0d2309cd-625e-4508-8d60-25817023aa15", "title": "Online Lesson Booking <= 0.8.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Lesson Booking", "slug": "online-lesson-booking-system", "affected_versions": { "* - 0.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d2309cd-625e-4508-8d60-25817023aa15?source=api-scan" ], "published": "2019-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d2daa67-50b6-4850-92bf-49f29b1d8eb7": { "id": "0d2daa67-50b6-4850-92bf-49f29b1d8eb7", "title": "Trust Form <= 2.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "trust-form", "slug": "trust-form", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d2daa67-50b6-4850-92bf-49f29b1d8eb7?source=api-scan" ], "published": "2018-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d2dc86e-f937-429f-9baa-0eb0a8715513": { "id": "0d2dc86e-f937-429f-9baa-0eb0a8715513", "title": "WP Reset <= 2.02 - Missing Authorization to License Key Modification", "software": [ { "type": "plugin", "name": "WP Reset \u2013 Most Advanced WordPress Reset Tool", "slug": "wp-reset", "affected_versions": { "* - 2.01": { "from_version": "*", "from_inclusive": true, "to_version": "2.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d2dc86e-f937-429f-9baa-0eb0a8715513?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d3010a9-10fa-40ec-9791-3ac993123f93": { "id": "0d3010a9-10fa-40ec-9791-3ac993123f93", "title": "All In One WP Security & Firewall <= 3.8.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 3.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d3010a9-10fa-40ec-9791-3ac993123f93?source=api-scan" ], "published": "2015-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d3aa440-29a8-47cd-98f4-cf1cbdf92f66": { "id": "0d3aa440-29a8-47cd-98f4-cf1cbdf92f66", "title": "WordPress Button Plugin MaxButtons <= 9.7.7 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 9.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d3aa440-29a8-47cd-98f4-cf1cbdf92f66?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d3f7676-5ab0-4fe0-a0be-786f4cf84056": { "id": "0d3f7676-5ab0-4fe0-a0be-786f4cf84056", "title": "WordPress Brute Force Protection \u2013 Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby", "software": [ { "type": "plugin", "name": "WordPress Brute Force Protection \u2013 Stop Brute Force Attacks", "slug": "guardgiant", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d3f7676-5ab0-4fe0-a0be-786f4cf84056?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d3fa716-6f11-428c-b2da-2bb768a92fe0": { "id": "0d3fa716-6f11-428c-b2da-2bb768a92fe0", "title": "WP BrowserUpdate <= 4.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP BrowserUpdate", "slug": "wp-browser-update", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d3fa716-6f11-428c-b2da-2bb768a92fe0?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d4420bf-1095-44ca-8fa6-dd5ea11c7489": { "id": "0d4420bf-1095-44ca-8fa6-dd5ea11c7489", "title": "Findgo <= 1.3.31 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Findgo - Directory Listing WordPress Theme", "slug": "findgo", "affected_versions": { "[*, 1.3.32)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.32", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d4420bf-1095-44ca-8fa6-dd5ea11c7489?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d443d5f-ccf7-4eed-a5cb-ead0466a9d42": { "id": "0d443d5f-ccf7-4eed-a5cb-ead0466a9d42", "title": "Simpel Reserveren 3 <= 3.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simpel Reserveren 3", "slug": "simpel-reserveren", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d443d5f-ccf7-4eed-a5cb-ead0466a9d42?source=api-scan" ], "published": "2016-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d4c5ff9-d4aa-4270-b00b-41353b32c8e5": { "id": "0d4c5ff9-d4aa-4270-b00b-41353b32c8e5", "title": "404 to Start <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "404 to Start", "slug": "404-to-start", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d4c5ff9-d4aa-4270-b00b-41353b32c8e5?source=api-scan" ], "published": "2022-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d4e3560-2208-4122-812e-0c506fe45126": { "id": "0d4e3560-2208-4122-812e-0c506fe45126", "title": "Autoptimize <= 2.1.0 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d4e3560-2208-4122-812e-0c506fe45126?source=api-scan" ], "published": "2017-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d50eda3-20d8-436b-968c-9d8eeccaa0c9": { "id": "0d50eda3-20d8-436b-968c-9d8eeccaa0c9", "title": "Sparky <= 1.0 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Sparky", "slug": "sparky", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d50eda3-20d8-436b-968c-9d8eeccaa0c9?source=api-scan" ], "published": "2012-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d50f217-7a53-49bf-9ce9-9922d0b3e18b": { "id": "0d50f217-7a53-49bf-9ce9-9922d0b3e18b", "title": "WP Ultimate CSV Importer <= 3.7 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d50f217-7a53-49bf-9ce9-9922d0b3e18b?source=api-scan" ], "published": "2015-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d517094-8038-4951-b16a-db7bf2c31851": { "id": "0d517094-8038-4951-b16a-db7bf2c31851", "title": "CM Download Manager <= 2.0.3 - Code Injection", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d517094-8038-4951-b16a-db7bf2c31851?source=api-scan" ], "published": "2014-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d54e5ad-0a97-4dd4-b53b-ad3f885dc506": { "id": "0d54e5ad-0a97-4dd4-b53b-ad3f885dc506", "title": "Tracking Code Manager <= 2.1.0 - Missing Authorization via change_order()", "software": [ { "type": "plugin", "name": "Tracking Code Manager", "slug": "tracking-code-manager", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d54e5ad-0a97-4dd4-b53b-ad3f885dc506?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d594e40-ae4d-43f7-b57e-8070a68d1c94": { "id": "0d594e40-ae4d-43f7-b57e-8070a68d1c94", "title": "WP Cleanfix <= 3.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP CleanFix", "slug": "wp-cleanfix", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d594e40-ae4d-43f7-b57e-8070a68d1c94?source=api-scan" ], "published": "2012-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d5a0c05-736f-4fb9-9358-894977664bf4": { "id": "0d5a0c05-736f-4fb9-9358-894977664bf4", "title": "Event Calendar <= 1.1.44 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Calendar WD version", "slug": "event-calendar-wd", "affected_versions": { "[*, 1.1.45)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.45", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d5a0c05-736f-4fb9-9358-894977664bf4?source=api-scan" ], "published": "2021-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d5d4571-f6a1-4994-9763-84578b65941c": { "id": "0d5d4571-f6a1-4994-9763-84578b65941c", "title": "Social Media Widget <= 4.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Widget", "slug": "social-media-widget", "affected_versions": { "* - 4.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d5d4571-f6a1-4994-9763-84578b65941c?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d5d47bd-4f05-4dc7-84c1-f7bc1196ee16": { "id": "0d5d47bd-4f05-4dc7-84c1-f7bc1196ee16", "title": "Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.21.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d5d47bd-4f05-4dc7-84c1-f7bc1196ee16?source=api-scan" ], "published": "2024-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d5e4dae-7964-4b24-bab2-db523de5f1f4": { "id": "0d5e4dae-7964-4b24-bab2-db523de5f1f4", "title": "Zephyr Project Manager <= 3.3.99 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.99": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.99", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.100" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d5e4dae-7964-4b24-bab2-db523de5f1f4?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d627ee7-1175-4621-a477-1e9ec2d05eee": { "id": "0d627ee7-1175-4621-a477-1e9ec2d05eee", "title": "Reusable Text Blocks <= 1.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Reusable Text Blocks", "slug": "reusable-text-blocks", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d627ee7-1175-4621-a477-1e9ec2d05eee?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d6adf41-6cb1-4c11-940d-fabc9298f3af": { "id": "0d6adf41-6cb1-4c11-940d-fabc9298f3af", "title": "RomethemeForm For Elementor <= 1.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "RomethemeForm For Elementor", "slug": "romethemeform", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d6adf41-6cb1-4c11-940d-fabc9298f3af?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d6af3cd-1a92-428f-a51c-f01a3ba6ebae": { "id": "0d6af3cd-1a92-428f-a51c-f01a3ba6ebae", "title": "Enfold - Responsive Multi-Purpose Theme < 4.2.1 - Information Exposure", "software": [ { "type": "theme", "name": "Enfold - Responsive Multi-Purpose Theme", "slug": "enfold", "affected_versions": { "[*, 4.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d6af3cd-1a92-428f-a51c-f01a3ba6ebae?source=api-scan" ], "published": "2018-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d794052-1ba2-4772-bc15-5d9732e015e1": { "id": "0d794052-1ba2-4772-bc15-5d9732e015e1", "title": "Easy Registration Forms <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Registration Forms", "slug": "easy-registration-forms", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d794052-1ba2-4772-bc15-5d9732e015e1?source=api-scan" ], "published": "2021-11-18 16:42:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d7b3f2a-0a82-4cd4-96a9-2b1257d7b13c": { "id": "0d7b3f2a-0a82-4cd4-96a9-2b1257d7b13c", "title": "StreamWeasels Twitch Integration <= 1.7.8 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "StreamWeasels Twitch Integration", "slug": "streamweasels-twitch-integration", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d7b3f2a-0a82-4cd4-96a9-2b1257d7b13c?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d7fec5d-895e-4366-a31c-248a3daf8937": { "id": "0d7fec5d-895e-4366-a31c-248a3daf8937", "title": "Adminimize <= 1.7.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Adminimize", "slug": "adminimize", "affected_versions": { "* - 1.7.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d7fec5d-895e-4366-a31c-248a3daf8937?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d806853-48c7-4c1c-9a9f-37d493695682": { "id": "0d806853-48c7-4c1c-9a9f-37d493695682", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d806853-48c7-4c1c-9a9f-37d493695682?source=api-scan" ], "published": "2022-04-18 10:14:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d82ab22-da6d-4526-a70a-519589b29187": { "id": "0d82ab22-da6d-4526-a70a-519589b29187", "title": "Compact WP Audio Player <= 1.9.6 - Setting Change via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Compact WP Audio Player", "slug": "compact-wp-audio-player", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d82ab22-da6d-4526-a70a-519589b29187?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d8a8aa7-8344-4ca7-8194-9bc679d18661": { "id": "0d8a8aa7-8344-4ca7-8194-9bc679d18661", "title": "Popup Builder <= 3.63 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 3.63": { "from_version": "*", "from_inclusive": true, "to_version": "3.63", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.64.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d8a8aa7-8344-4ca7-8194-9bc679d18661?source=api-scan" ], "published": "2020-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d8c043c-e347-4dc8-8a72-943a7e6c4394": { "id": "0d8c043c-e347-4dc8-8a72-943a7e6c4394", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d8ea1c2-7c6e-43b3-97ca-a06438d51d11": { "id": "0d8ea1c2-7c6e-43b3-97ca-a06438d51d11", "title": "JetFormBuilder <= 3.3.4.1 - Authenticated (Administrator+) Privilege Escalation", "software": [ { "type": "plugin", "name": "JetFormBuilder \u2014 Dynamic Blocks Form Builder", "slug": "jetformbuilder", "affected_versions": { "* - 3.3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d8ea1c2-7c6e-43b3-97ca-a06438d51d11?source=api-scan" ], "published": "2024-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d9077cf-10cc-47cd-aca8-8f2110ccc407": { "id": "0d9077cf-10cc-47cd-aca8-8f2110ccc407", "title": "Name Directory <= 1.25.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Name Directory", "slug": "name-directory", "affected_versions": { "* - 1.25.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d9077cf-10cc-47cd-aca8-8f2110ccc407?source=api-scan" ], "published": "2022-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d943691-66cf-4018-9eb6-5f20db0a95a9": { "id": "0d943691-66cf-4018-9eb6-5f20db0a95a9", "title": "Premium WordPress Form Builder <= 3.2.31 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FormCraft", "slug": "formcraft3", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d943691-66cf-4018-9eb6-5f20db0a95a9?source=api-scan" ], "published": "2017-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d98c849-4178-4cee-846b-2c136bc56daf": { "id": "0d98c849-4178-4cee-846b-2c136bc56daf", "title": "WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce", "slug": "cartflows", "affected_versions": { "[*, 1.5.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d98c849-4178-4cee-846b-2c136bc56daf?source=api-scan" ], "published": "2020-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d999ef8-303e-4707-ace8-64563e899651": { "id": "0d999ef8-303e-4707-ace8-64563e899651", "title": "AppPresser <= 4.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "AppPresser \u2013 Mobile App Framework", "slug": "apppresser", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d999ef8-303e-4707-ace8-64563e899651?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0d9cea4e-b619-4935-bb7c-a64ddf52d480": { "id": "0d9cea4e-b619-4935-bb7c-a64ddf52d480", "title": "Stylish Price List <= 7.0.17 - Missing Authorization", "software": [ { "type": "plugin", "name": "Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu", "slug": "stylish-price-list", "affected_versions": { "* - 7.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0d9cea4e-b619-4935-bb7c-a64ddf52d480?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0da1cc3b-5d6b-4ca0-9d8a-31c63ab5b9c9": { "id": "0da1cc3b-5d6b-4ca0-9d8a-31c63ab5b9c9", "title": "WordPress Core < 6.2.1 - Cross-Site Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": false }, "[4.1, 4.1.38)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.38", "to_inclusive": false }, "[4.2, 4.2.35)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.35", "to_inclusive": false }, "[4.3, 4.3.31)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.31", "to_inclusive": false }, "[4.4, 4.4.30)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.30", "to_inclusive": false }, "[4.5, 4.5.29)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.29", "to_inclusive": false }, "[4.6, 4.6.26)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.26", "to_inclusive": false }, "[4.7, 4.7.26)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.26", "to_inclusive": false }, "[4.8, 4.8.22)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.22", "to_inclusive": false }, "[4.9, 4.9.23)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": false }, "[5.0, 5.0.19)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.19", "to_inclusive": false }, "[5.1, 5.1.16)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": false }, "[5.2, 5.2.18)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.18", "to_inclusive": false }, "[5.3, 5.3.15)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": false }, "[5.4, 5.4.13)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": false }, "[5.5, 5.5.12)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.12", "to_inclusive": false }, "[5.6, 5.6.11)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": false }, "[5.7, 5.7.9)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": false }, "[5.8, 5.8.7)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": false }, "[5.9, 5.9.6)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.6", "to_inclusive": false }, "[6.0, 6.0.4)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": false }, "[6.1, 6.1.2)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": false }, "[6.2, 6.2.1)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.38", "4.2.35", "4.3.31", "4.4.30", "4.5.29", "4.6.26", "4.7.26", "4.8.22", "4.9.23", "5.0.19", "5.1.16", "5.2.18", "5.3.15", "5.4.13", "5.5.12", "5.6.11", "5.7.9", "5.8.7", "5.9.6", "6.0.4", "6.1.2", "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0da1cc3b-5d6b-4ca0-9d8a-31c63ab5b9c9?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dad759d-9b44-47ca-8410-e39f65dc919c": { "id": "0dad759d-9b44-47ca-8410-e39f65dc919c", "title": "Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dad759d-9b44-47ca-8410-e39f65dc919c?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0db32d66-4def-4356-96d8-74ba49e7604a": { "id": "0db32d66-4def-4356-96d8-74ba49e7604a", "title": "Social Ring (Facebook Like, Google +1, ReTweet, LinkedIn and Pin It) <= 1.1.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Ring (Facebook Like, Google +1, ReTweet, LinkedIn and Pin It)", "slug": "wordpress-social-ring", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0db32d66-4def-4356-96d8-74ba49e7604a?source=api-scan" ], "published": "2014-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0db3f234-111f-4c79-bb54-1a21e4fedb8c": { "id": "0db3f234-111f-4c79-bb54-1a21e4fedb8c", "title": "WPML < 4.3.7 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "[*, 4.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0db3f234-111f-4c79-bb54-1a21e4fedb8c?source=api-scan" ], "published": "2020-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dbaf893-e117-448f-a1b3-9c4b4caea7e7": { "id": "0dbaf893-e117-448f-a1b3-9c4b4caea7e7", "title": "Import CSV Files <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import CSV Files", "slug": "import-csv-files", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dbaf893-e117-448f-a1b3-9c4b4caea7e7?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dbed7a2-730d-42f2-9d57-3f07900d33e3": { "id": "0dbed7a2-730d-42f2-9d57-3f07900d33e3", "title": "Video Player for YouTube <= 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Player for YouTube", "slug": "yt-player", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dbed7a2-730d-42f2-9d57-3f07900d33e3?source=api-scan" ], "published": "2021-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dc20a45-15b5-42d3-a484-988a394ee658": { "id": "0dc20a45-15b5-42d3-a484-988a394ee658", "title": "Minimal Coming Soon & Maintenance Mode <= 2.16 - Missing Authorization to Export Settings\/Theme Change", "software": [ { "type": "plugin", "name": "Minimal Coming Soon \u2013 Coming Soon Page", "slug": "minimal-coming-soon-maintenance-mode", "affected_versions": { "[*, 2.17)": { "from_version": "*", "from_inclusive": true, "to_version": "2.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dc20a45-15b5-42d3-a484-988a394ee658?source=api-scan" ], "published": "2020-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dc82635-e3c4-4a15-93ef-e2cacbfae799": { "id": "0dc82635-e3c4-4a15-93ef-e2cacbfae799", "title": "Weather Widget Pro <= 1.1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Weather Widget Pro", "slug": "weather-in-any-city-widget", "affected_versions": { "* - 1.1.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dc82635-e3c4-4a15-93ef-e2cacbfae799?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda": { "id": "0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda", "title": "WP Simple Galleries <= 1.34 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "WP Simple Galleries", "slug": "wp-simple-galleries", "affected_versions": { "* - 1.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.34", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dca168f-a383-42fc-91ba-d78a5d7e6724": { "id": "0dca168f-a383-42fc-91ba-d78a5d7e6724", "title": "Import and export users and customers <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.26.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dca168f-a383-42fc-91ba-d78a5d7e6724?source=api-scan" ], "published": "2024-05-14 12:08:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dd1706c-fb3b-4a5d-947a-435954eb0b15": { "id": "0dd1706c-fb3b-4a5d-947a-435954eb0b15", "title": "Add Hierarchy (parent) to post <= 3.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Hierarchy (parent) to post", "slug": "add-hierarchy-parent-to-post", "affected_versions": { "* - 3.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dd1706c-fb3b-4a5d-947a-435954eb0b15?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dd1ded1-8966-4247-ab75-17980f00f9b9": { "id": "0dd1ded1-8966-4247-ab75-17980f00f9b9", "title": "EXMAGE \u2013 WordPress Image Links <= 1.0.6 - Admin+ Blind SSRF", "software": [ { "type": "plugin", "name": "EXMAGE \u2013 WordPress Image Links", "slug": "exmage-wp-image-links", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dd1ded1-8966-4247-ab75-17980f00f9b9?source=api-scan" ], "published": "2022-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dd2705e-d78c-4f31-b28f-1ba8b2495c80": { "id": "0dd2705e-d78c-4f31-b28f-1ba8b2495c80", "title": "Cloak & Encrypt < 3.8.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "URL Cloak & Encrypt", "slug": "url-cloak-encrypt", "affected_versions": { "[*, 3.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dd2705e-d78c-4f31-b28f-1ba8b2495c80?source=api-scan" ], "published": "2014-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dda8e76-22aa-400b-b4c1-b24e6e1141ac": { "id": "0dda8e76-22aa-400b-b4c1-b24e6e1141ac", "title": "Google Maps Anywhere <= 1.2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Maps Anywhere", "slug": "google-maps-anywhere", "affected_versions": { "* - 1.2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dda8e76-22aa-400b-b4c1-b24e6e1141ac?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ddb582a-e966-4c0b-a743-29d8943f846b": { "id": "0ddb582a-e966-4c0b-a743-29d8943f846b", "title": "WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[5.9, 5.9.2)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ddb582a-e966-4c0b-a743-29d8943f846b?source=api-scan" ], "published": "2022-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ddc7488-4cc0-4e17-8c81-26cbcbe8bdae": { "id": "0ddc7488-4cc0-4e17-8c81-26cbcbe8bdae", "title": "silverOrchid <= 1.5.0 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "silverOrchid", "slug": "silverorchid", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ddc7488-4cc0-4e17-8c81-26cbcbe8bdae?source=api-scan" ], "published": "2013-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0de0e5d5-7023-4026-ad82-3c2443569326": { "id": "0de0e5d5-7023-4026-ad82-3c2443569326", "title": "Accessibility <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accessibility", "slug": "accessibility", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0de0e5d5-7023-4026-ad82-3c2443569326?source=api-scan" ], "published": "2022-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0de75f3f-1e6b-42ea-9f08-54c32e37b4c7": { "id": "0de75f3f-1e6b-42ea-9f08-54c32e37b4c7", "title": "Exxp <= 2.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exxp", "slug": "exxp-wp", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0de75f3f-1e6b-42ea-9f08-54c32e37b4c7?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0de79672-f0ba-42d3-a44a-01b93801d7de": { "id": "0de79672-f0ba-42d3-a44a-01b93801d7de", "title": "CalculatorPro Calculators <= 1.1.7 - Reflected Cross-Site Scripting via CP_preview_calc", "software": [ { "type": "plugin", "name": "CalculatorPro Calculators", "slug": "calculatorpro-calculators", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0de79672-f0ba-42d3-a44a-01b93801d7de?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0def2dcf-2874-4159-a2e0-e747a1be1b79": { "id": "0def2dcf-2874-4159-a2e0-e747a1be1b79", "title": "Integrate Google Drive <= 1.3.93 - Missing Authorization", "software": [ { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "* - 1.3.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0def2dcf-2874-4159-a2e0-e747a1be1b79?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0df493cb-2b5e-4a16-b6d8-4cd9a473540d": { "id": "0df493cb-2b5e-4a16-b6d8-4cd9a473540d", "title": "Spectra <= 2.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0df493cb-2b5e-4a16-b6d8-4cd9a473540d?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0df6f15f-308f-4397-9a67-6a6dab992568": { "id": "0df6f15f-308f-4397-9a67-6a6dab992568", "title": "Spam protection, AntiSpam, FireWall by CleanTalk <= 5.173 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "* - 5.173": { "from_version": "*", "from_inclusive": true, "to_version": "5.173", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.174.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0df6f15f-308f-4397-9a67-6a6dab992568?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0dfc8957-78b8-4c55-ba95-52d95b086341": { "id": "0dfc8957-78b8-4c55-ba95-52d95b086341", "title": "Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Order Attachments for WooCommerce", "slug": "order-attachments-for-woocommerce", "affected_versions": { "2.0 - 2.4.1": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0dfc8957-78b8-4c55-ba95-52d95b086341?source=api-scan" ], "published": "2024-10-11 17:52:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e03aeed-abb3-4ac8-8ff5-72ddc2430b94": { "id": "0e03aeed-abb3-4ac8-8ff5-72ddc2430b94", "title": "WP Matterport Shortcode <= 2.1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Matterport Shortcode", "slug": "shortcode-gallery-for-matterport-showcase", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e03aeed-abb3-4ac8-8ff5-72ddc2430b94?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e05142e-04a3-483e-a4af-035df3609b9d": { "id": "0e05142e-04a3-483e-a4af-035df3609b9d", "title": "Chained Quiz < 1.2.7.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "[*, 1.2.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e05142e-04a3-483e-a4af-035df3609b9d?source=api-scan" ], "published": "2021-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e0e0c15-caf6-4166-a365-a2a73cd9ebc4": { "id": "0e0e0c15-caf6-4166-a365-a2a73cd9ebc4", "title": "WoodMart <= 7.2.1 - Missing Authorization", "software": [ { "type": "theme", "name": "Woodmart", "slug": "woodmart", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e0e0c15-caf6-4166-a365-a2a73cd9ebc4?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e1193b1-6e5a-4ecc-ae97-1a3129ad330e": { "id": "0e1193b1-6e5a-4ecc-ae97-1a3129ad330e", "title": "APIExperts Square for WooCommerce <= 4.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WC Shop Sync \u2013 Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin", "slug": "woosquare", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e1193b1-6e5a-4ecc-ae97-1a3129ad330e?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e1300be-07e3-44b6-9ced-a16825274d22": { "id": "0e1300be-07e3-44b6-9ced-a16825274d22", "title": "Porto Theme - Functionality <= 2.11.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Porto Theme - Functionality", "slug": "porto-functionality", "affected_versions": { "* - 2.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e1300be-07e3-44b6-9ced-a16825274d22?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e14b479-07bb-46f7-8542-577cb1b60d27": { "id": "0e14b479-07bb-46f7-8542-577cb1b60d27", "title": "WP Search Analytics <= 1.4.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Search Analytics for WP", "slug": "search-analytics", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e14b479-07bb-46f7-8542-577cb1b60d27?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e170f98-692b-48f1-92b0-530cbe21440b": { "id": "0e170f98-692b-48f1-92b0-530cbe21440b", "title": "Appointment Booking Calendar <= - Authenticated (Admin+) Stored Cross-Site Scripting via Notification Settings", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.6.7.53": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e170f98-692b-48f1-92b0-530cbe21440b?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e1915d9-8ea9-4ab2-9746-3c49bc0bd7c8": { "id": "0e1915d9-8ea9-4ab2-9746-3c49bc0bd7c8", "title": "Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 4.23.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.23.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e1915d9-8ea9-4ab2-9746-3c49bc0bd7c8?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e1bfb29-80e7-4122-ab61-ef7c1dd8ebaa": { "id": "0e1bfb29-80e7-4122-ab61-ef7c1dd8ebaa", "title": "Sermon'e <= 1.0.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Sermon'e \u2013 Sermons Online", "slug": "sermone-online-sermons-management", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e1bfb29-80e7-4122-ab61-ef7c1dd8ebaa?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e1d9c22-dcd3-47f9-aac0-c9626aa2821c": { "id": "0e1d9c22-dcd3-47f9-aac0-c9626aa2821c", "title": "WPQA Builder <= 6.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "* - 6.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e1d9c22-dcd3-47f9-aac0-c9626aa2821c?source=api-scan" ], "published": "2024-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e1fce43-03c0-4863-bf0c-60a3c510a01d": { "id": "0e1fce43-03c0-4863-bf0c-60a3c510a01d", "title": "ProfileGrid <= 5.8.2 - Bypass Group Members Limit", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e1fce43-03c0-4863-bf0c-60a3c510a01d?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e2268fc-5f29-4c69-9585-81240354ae77": { "id": "0e2268fc-5f29-4c69-9585-81240354ae77", "title": "User Activity Tracking and Log <= 4.1.3 - IP Spoofing", "software": [ { "type": "plugin", "name": "User Activity Tracking and Log", "slug": "user-activity-tracking-and-log", "affected_versions": { "* - 4.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e2268fc-5f29-4c69-9585-81240354ae77?source=api-scan" ], "published": "2024-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e22815e-1f06-4a46-90eb-98125ae97ba4": { "id": "0e22815e-1f06-4a46-90eb-98125ae97ba4", "title": "Like Button Rating \u2665 LikeBtn < 2.6.32 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Like Button Rating \u2665 LikeBtn", "slug": "likebtn-like-button", "affected_versions": { "[*, 2.6.32)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.32", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e22815e-1f06-4a46-90eb-98125ae97ba4?source=api-scan" ], "published": "2021-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e230f9f-5eda-4362-973b-ada9cf425697": { "id": "0e230f9f-5eda-4362-973b-ada9cf425697", "title": "Archivist \u2013 Custom Archive Templates <= 1.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Archivist \u2013 Custom Archive Templates", "slug": "archivist-custom-archive-templates", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e230f9f-5eda-4362-973b-ada9cf425697?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e240f4b-dfdf-4954-af39-34e24a05a2ed": { "id": "0e240f4b-dfdf-4954-af39-34e24a05a2ed", "title": "Modern Events Calendar Lite <= 5.22.2 - Authenticated Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 5.22.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.22.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.22.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e240f4b-dfdf-4954-af39-34e24a05a2ed?source=api-scan" ], "published": "2021-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e24c8f4-32c9-4c21-88d9-588913cbb474": { "id": "0e24c8f4-32c9-4c21-88d9-588913cbb474", "title": "Elementor ImageBox <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor ImageBox", "slug": "fd-elementor-imagebox", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e24c8f4-32c9-4c21-88d9-588913cbb474?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e27a9cb-0df8-4570-b7b5-7aa6c15d2e43": { "id": "0e27a9cb-0df8-4570-b7b5-7aa6c15d2e43", "title": "WordPress\u652f\u4ed8\u5b9dAlipay|\u8d22\u4ed8\u901aTenpay|\u8d1d\u5b9dPayPal\u96c6\u6210\u63d2\u4ef6 <= 3.7.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WordPress\u652f\u4ed8\u5b9dAlipay|\u8d22\u4ed8\u901aTenpay|\u8d1d\u5b9dPayPal\u96c6\u6210\u63d2\u4ef6", "slug": "alipay", "affected_versions": { "* - 3.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e27a9cb-0df8-4570-b7b5-7aa6c15d2e43?source=api-scan" ], "published": "2021-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e27b0a8-e052-49ed-8744-a2376aa386f5": { "id": "0e27b0a8-e052-49ed-8744-a2376aa386f5", "title": "BSK Contact Form 7 Blacklist <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BSK Contact Form 7 Blacklist", "slug": "bsk-contact-form-7-blacklist", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e27b0a8-e052-49ed-8744-a2376aa386f5?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e2cf779-2355-461f-a289-11612e15acc6": { "id": "0e2cf779-2355-461f-a289-11612e15acc6", "title": "Podlove Web Player <= 5.7.3 - Missing Authorization to Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Podlove Web Player", "slug": "podlove-web-player", "affected_versions": { "* - 5.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e2cf779-2355-461f-a289-11612e15acc6?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e3034ae-957f-410d-80ef-4dc2b0e91ff5": { "id": "0e3034ae-957f-410d-80ef-4dc2b0e91ff5", "title": "Photo Gallery by 10Web <= 1.3.37 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.3.38)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.38", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e3034ae-957f-410d-80ef-4dc2b0e91ff5?source=api-scan" ], "published": "2017-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e30d2ca-1918-4fcf-979e-7cae0d84529e": { "id": "0e30d2ca-1918-4fcf-979e-7cae0d84529e", "title": "Ultimate Category Excluder <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Category Excluder", "slug": "ultimate-category-excluder", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e30d2ca-1918-4fcf-979e-7cae0d84529e?source=api-scan" ], "published": "2020-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e346146-1c00-4e03-a6c7-372566d7ffc9": { "id": "0e346146-1c00-4e03-a6c7-372566d7ffc9", "title": "Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure", "software": [ { "type": "plugin", "name": "Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid", "slug": "boldgrid-backup", "affected_versions": { "* - 1.14.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e346146-1c00-4e03-a6c7-372566d7ffc9?source=api-scan" ], "published": "2022-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e38b567-9567-4b08-8fab-3971547394b0": { "id": "0e38b567-9567-4b08-8fab-3971547394b0", "title": "Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "Skippy WP-DB Backup (Legacy Core Plugin)", "slug": "wp-db-backup.php", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e38b567-9567-4b08-8fab-3971547394b0?source=api-scan" ], "published": "2006-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e3adbc2-fa45-4c35-a214-2b101e8c9748": { "id": "0e3adbc2-fa45-4c35-a214-2b101e8c9748", "title": "WPComplete <= 2.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPComplete", "slug": "wpcomplete", "affected_versions": { "[*, 2.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e3adbc2-fa45-4c35-a214-2b101e8c9748?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e3f8108-6b1b-4720-a450-e58b1833b608": { "id": "0e3f8108-6b1b-4720-a450-e58b1833b608", "title": "Order Export for WooCommerce <= 3.23 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Order Export for WooCommerce", "slug": "order-export-and-more-for-woocommerce", "affected_versions": { "* - 3.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e3f8108-6b1b-4720-a450-e58b1833b608?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e407409-989d-48f8-8135-6071015a6064": { "id": "0e407409-989d-48f8-8135-6071015a6064", "title": "Analytify <= 5.3.1 - Cross-Site Request Forgery to Opt-out", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e407409-989d-48f8-8135-6071015a6064?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e41384f-1dec-418b-be48-fc61def5ca28": { "id": "0e41384f-1dec-418b-be48-fc61def5ca28", "title": "Elementor Website Builder <= 2.7.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e41384f-1dec-418b-be48-fc61def5ca28?source=api-scan" ], "published": "2020-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e430180-5b89-4d06-b729-d0fdbefa8185": { "id": "0e430180-5b89-4d06-b729-d0fdbefa8185", "title": "MWB Point of Sale (POS) for WooCommerce <= 1.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "MWB Point of Sale (POS) for WooCommerce- Generate Barcodes, Process your Bills, Synchronize, Your Online-Offline Orders", "slug": "mwb-point-of-sale-pos-for-woocommerce", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e430180-5b89-4d06-b729-d0fdbefa8185?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e43d6fc-28f1-4208-a529-f264304fe8aa": { "id": "0e43d6fc-28f1-4208-a529-f264304fe8aa", "title": "Subscribe2 <= 10.37 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters", "slug": "subscribe2", "affected_versions": { "* - 10.37": { "from_version": "*", "from_inclusive": true, "to_version": "10.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e43d6fc-28f1-4208-a529-f264304fe8aa?source=api-scan" ], "published": "2022-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e454573-4b34-40e3-b4c3-10eb71dfa03e": { "id": "0e454573-4b34-40e3-b4c3-10eb71dfa03e", "title": "Paid Memberships Pro - Courses for Membership Add On <= 1.2.3 - Cross-Site Request Forgery to Course Modifications", "software": [ { "type": "plugin", "name": "Premium Courses & eLearning with Paid Memberships Pro for LearnDash, LifterLMS, Sensei LMS & TutorLMS", "slug": "pmpro-courses", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e454573-4b34-40e3-b4c3-10eb71dfa03e?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e4588d1-f21e-48ba-a8cb-d18c421f000a": { "id": "0e4588d1-f21e-48ba-a8cb-d18c421f000a", "title": "Nextend Social Login Pro <= 3.1.14 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Nextend Social Login Pro", "slug": "nextend-social-login-pro", "affected_versions": { "* - 3.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e4588d1-f21e-48ba-a8cb-d18c421f000a?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e4aee28-d0cc-4705-9be6-fe5299f2e0fc": { "id": "0e4aee28-d0cc-4705-9be6-fe5299f2e0fc", "title": "IP2Location Country Blocker <= 2.33.3 - Unauthenticated Sensitive Information Exposure via Debug Log File", "software": [ { "type": "plugin", "name": "IP2Location Country Blocker", "slug": "ip2location-country-blocker", "affected_versions": { "* - 2.33.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.33.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e4aee28-d0cc-4705-9be6-fe5299f2e0fc?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e4c0500-9081-446e-b34b-968c718dfce0": { "id": "0e4c0500-9081-446e-b34b-968c718dfce0", "title": "Ultimate TinyMCE < 3.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate TinyMCE", "slug": "ultimate-tinymce", "affected_versions": { "[*, 3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e4c0500-9081-446e-b34b-968c718dfce0?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e4f6305-d003-478e-a8ef-0b254084f56f": { "id": "0e4f6305-d003-478e-a8ef-0b254084f56f", "title": "Bulk NoIndex & NoFollow Toolkit <= 1.42 - Reflected Cross-Site Scripting via 's'", "software": [ { "type": "plugin", "name": "Bulk NoIndex & NoFollow Toolkit", "slug": "bulk-noindex-nofollow-toolkit-by-mad-fish", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e4f6305-d003-478e-a8ef-0b254084f56f?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e4fec06-13d3-49ce-afe5-8dca15cf1f0a": { "id": "0e4fec06-13d3-49ce-afe5-8dca15cf1f0a", "title": "Custom Field Suite <= 2.5.14 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.5.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e4fec06-13d3-49ce-afe5-8dca15cf1f0a?source=api-scan" ], "published": "2019-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e556ca2-1b83-4589-bff8-64323eb594e7": { "id": "0e556ca2-1b83-4589-bff8-64323eb594e7", "title": "Coupon Referral Program <= 1.7.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Coupon Referral Program", "slug": "coupon-referral-program", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e556ca2-1b83-4589-bff8-64323eb594e7?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e5674e2-593a-4f53-bb03-9184eccc3244": { "id": "0e5674e2-593a-4f53-bb03-9184eccc3244", "title": "WP Spell Check <= 9.12 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Spell Check", "slug": "wp-spell-check", "affected_versions": { "* - 9.12": { "from_version": "*", "from_inclusive": true, "to_version": "9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e5674e2-593a-4f53-bb03-9184eccc3244?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e604d56-572f-4d60-b5ad-14c02ba9cc94": { "id": "0e604d56-572f-4d60-b5ad-14c02ba9cc94", "title": "DSubscribers < 1.2.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "DSubscribers", "slug": "dsubscribers", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e604d56-572f-4d60-b5ad-14c02ba9cc94?source=api-scan" ], "published": "2017-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e630401-0409-443c-944d-553a372d150d": { "id": "0e630401-0409-443c-944d-553a372d150d", "title": "WP Events Calendar Plugin <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Events Calendar Plugin", "slug": "events", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e630401-0409-443c-944d-553a372d150d?source=api-scan" ], "published": "2018-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e6616d0-0690-4bf4-9228-33679b926b90": { "id": "0e6616d0-0690-4bf4-9228-33679b926b90", "title": "Image Hover Effects Css3 <= 4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Hover Effects Css3", "slug": "image-hover-effects-css3", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e6616d0-0690-4bf4-9228-33679b926b90?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e67ce3b-144f-4ce1-b658-47d865312c6a": { "id": "0e67ce3b-144f-4ce1-b658-47d865312c6a", "title": "Powr Pack <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Contact Form \u2013 Custom Builder, Payment Form, and More", "slug": "powr-pack", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e67ce3b-144f-4ce1-b658-47d865312c6a?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e725ec0-4897-4ba7-a803-80e8aafacbd1": { "id": "0e725ec0-4897-4ba7-a803-80e8aafacbd1", "title": "WPCargo Track & Trace <= 7.0.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WPCargo Track & Trace", "slug": "wpcargo", "affected_versions": { "* - 7.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e725ec0-4897-4ba7-a803-80e8aafacbd1?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e7ac22f-cb50-46b6-b244-22b5e8dc8142": { "id": "0e7ac22f-cb50-46b6-b244-22b5e8dc8142", "title": "Points and Rewards for WooCommerce <= 1.5.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Points and Rewards for WooCommerce \u2013 Create Loyalty Programs, Reward Customer Purchases, Point Rewards, Referral Points, Reward for Points, User Badges, and Gamification", "slug": "points-and-rewards-for-woocommerce", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e7ac22f-cb50-46b6-b244-22b5e8dc8142?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e7b694f-8926-4bba-be77-42ade5d1c3b4": { "id": "0e7b694f-8926-4bba-be77-42ade5d1c3b4", "title": "cformsII <= 10.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "cforms", "slug": "cforms", "affected_versions": { "[*, 10.5)": { "from_version": "*", "from_inclusive": true, "to_version": "10.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e7b694f-8926-4bba-be77-42ade5d1c3b4?source=api-scan" ], "published": "2014-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e7e7c70-4d07-4550-9cf8-5135b87b67ca": { "id": "0e7e7c70-4d07-4550-9cf8-5135b87b67ca", "title": "Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication", "software": [ { "type": "plugin", "name": "Accordion", "slug": "accordions", "affected_versions": { "* - 2.2.96": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e7e7c70-4d07-4550-9cf8-5135b87b67ca?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e828fbc-d465-4d69-b7d6-42e2ad87f73d": { "id": "0e828fbc-d465-4d69-b7d6-42e2ad87f73d", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to Plugin Activation", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e828fbc-d465-4d69-b7d6-42e2ad87f73d?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e8f63e3-6392-4152-94a5-eb953d7e53fb": { "id": "0e8f63e3-6392-4152-94a5-eb953d7e53fb", "title": "IgniteUp \u2013 Coming Soon and Maintenance Mode <= 3.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IgniteUp \u2013 Coming Soon and Maintenance Mode", "slug": "igniteup", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e8f63e3-6392-4152-94a5-eb953d7e53fb?source=api-scan" ], "published": "2019-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e926467-51f5-4fb4-a9d8-3cb72f212cd6": { "id": "0e926467-51f5-4fb4-a9d8-3cb72f212cd6", "title": "Integrate Google Drive <= 1.3.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e926467-51f5-4fb4-a9d8-3cb72f212cd6?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e9324ba-1cbf-4326-80b5-7b9d969441ad": { "id": "0e9324ba-1cbf-4326-80b5-7b9d969441ad", "title": "Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.15.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e9324ba-1cbf-4326-80b5-7b9d969441ad?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e99531c-8742-4f91-8525-65bb3cb06644": { "id": "0e99531c-8742-4f91-8525-65bb3cb06644", "title": "Web Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Web Application Firewall \u2013 website security", "slug": "web-application-firewall", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e99531c-8742-4f91-8525-65bb3cb06644?source=api-scan" ], "published": "2024-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e9bac4c-3a07-4a76-b2bd-365aae455086": { "id": "0e9bac4c-3a07-4a76-b2bd-365aae455086", "title": "Easy Plugin for AdSense < 6.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Plugin for AdSense", "slug": "easy-adsense-lite", "affected_versions": { "[*, 6.10)": { "from_version": "*", "from_inclusive": true, "to_version": "6.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e9bac4c-3a07-4a76-b2bd-365aae455086?source=api-scan" ], "published": "2013-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e9cd38a-b2cd-4801-a06b-4e965fa72e04": { "id": "0e9cd38a-b2cd-4801-a06b-4e965fa72e04", "title": "Flipbox Builder <= 1.5 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Flipbox Builder", "slug": "flipbox-builder", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e9cd38a-b2cd-4801-a06b-4e965fa72e04?source=api-scan" ], "published": "2024-07-26 13:04:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e9d5382-d37d-4a40-8f22-e32b8ee98859": { "id": "0e9d5382-d37d-4a40-8f22-e32b8ee98859", "title": "YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post\/Page Creation", "software": [ { "type": "plugin", "name": "YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plugin for WordPress", "slug": "youtube-showcase", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e9d5382-d37d-4a40-8f22-e32b8ee98859?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0e9e2864-6624-497f-8bec-df8360ed3f4a": { "id": "0e9e2864-6624-497f-8bec-df8360ed3f4a", "title": "(Simply) Guest Author Name <= 4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "(Simply) Guest Author Name", "slug": "guest-author-name", "affected_versions": { "* - 4.34": { "from_version": "*", "from_inclusive": true, "to_version": "4.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ea0f826-5ae9-4dad-89d0-9fc9f10f526b": { "id": "0ea0f826-5ae9-4dad-89d0-9fc9f10f526b", "title": "Testimonial Rotator <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial Rotator", "slug": "testimonial-rotator", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ea0f826-5ae9-4dad-89d0-9fc9f10f526b?source=api-scan" ], "published": "2021-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ea99921-5dda-42aa-99f8-43e52f3362c8": { "id": "0ea99921-5dda-42aa-99f8-43e52f3362c8", "title": "WP Cookie Law Info <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Cookie Law Info", "slug": "wp-cookie-law-info", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ea99921-5dda-42aa-99f8-43e52f3362c8?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0eae9c5a-8a11-4293-a7e1-2c5d77c75284": { "id": "0eae9c5a-8a11-4293-a7e1-2c5d77c75284", "title": "Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Asgaros Forum", "slug": "asgaros-forum", "affected_versions": { "* - 1.15.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0eae9c5a-8a11-4293-a7e1-2c5d77c75284?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0eafe473-9177-47c4-aa1e-2350cb827447": { "id": "0eafe473-9177-47c4-aa1e-2350cb827447", "title": "Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings", "software": [ { "type": "plugin", "name": "Starbox \u2013 the Author Box for Humans", "slug": "starbox", "affected_versions": { "* - 3.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0eafe473-9177-47c4-aa1e-2350cb827447?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6": { "id": "0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6", "title": "Html5 Video Player <= 2.5.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block", "slug": "html5-video-player", "affected_versions": { "* - 2.5.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6?source=api-scan" ], "published": "2023-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0eb875d6-03ff-441e-9a4e-69aa577c8587": { "id": "0eb875d6-03ff-441e-9a4e-69aa577c8587", "title": "Taskbuilder <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Taskbuilder \u2013 WordPress Project & Task Management plugin", "slug": "taskbuilder", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0eb875d6-03ff-441e-9a4e-69aa577c8587?source=api-scan" ], "published": "2022-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0eb90948-b2b6-4e30-b903-95b7bce5d734": { "id": "0eb90948-b2b6-4e30-b903-95b7bce5d734", "title": "Paid Memberships Pro \u2013 Restrict Member Access to Content, Courses, Communities \u2013 Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 2.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0eb90948-b2b6-4e30-b903-95b7bce5d734?source=api-scan" ], "published": "2021-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ebc4c47-a286-4135-90ee-eccad8579661": { "id": "0ebc4c47-a286-4135-90ee-eccad8579661", "title": "Favicon by RealFaviconGenerator <= 1.3.22 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Favicon by RealFaviconGenerator", "slug": "favicon-by-realfavicongenerator", "affected_versions": { "[*, 1.3.23)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ebc4c47-a286-4135-90ee-eccad8579661?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ec64507-b77e-4685-978f-7408fe8db5ee": { "id": "0ec64507-b77e-4685-978f-7408fe8db5ee", "title": "EazyDocs <= 2.3.5 - Missing Authorization via doc_one_page and edit_doc_one_page", "software": [ { "type": "plugin", "name": "EazyDocs \u2013 Most Powerful Knowledge base, wiki, Documentation Builder Plugin", "slug": "eazydocs", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ec64507-b77e-4685-978f-7408fe8db5ee?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ec8a72e-0153-4c2b-bdda-c6474cc2aadb": { "id": "0ec8a72e-0153-4c2b-bdda-c6474cc2aadb", "title": "bbPress <= 2.5.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bbPress", "slug": "bbpress", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ec8a72e-0153-4c2b-bdda-c6474cc2aadb?source=api-scan" ], "published": "2016-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ec90144-bfd8-4840-8b0f-73340386b7d5": { "id": "0ec90144-bfd8-4840-8b0f-73340386b7d5", "title": "Donations via PayPal <= 1.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donations via PayPal", "slug": "paypal-donations", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ec90144-bfd8-4840-8b0f-73340386b7d5?source=api-scan" ], "published": "2022-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ed5a9c4-5148-4c3f-81fd-78bdde31f258": { "id": "0ed5a9c4-5148-4c3f-81fd-78bdde31f258", "title": "TFO Graphviz <= 1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TFO Graphviz", "slug": "tfo-graphviz", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ed5a9c4-5148-4c3f-81fd-78bdde31f258?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ed683bf-be49-43e9-a1ba-9af7c2bf97b1": { "id": "0ed683bf-be49-43e9-a1ba-9af7c2bf97b1", "title": "Shopping Cart & eCommerce Store < 3.0.16 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "[*, 3.0.16)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ed683bf-be49-43e9-a1ba-9af7c2bf97b1?source=api-scan" ], "published": "2015-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ed74f7f-d629-4d07-b73e-eaa78f11ea70": { "id": "0ed74f7f-d629-4d07-b73e-eaa78f11ea70", "title": "Find and Replace All <= 1.3 - Cross-Site Request Forgery to Arbitrary Content Replacement", "software": [ { "type": "plugin", "name": "Find and Replace All", "slug": "find-and-replace-all", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ed74f7f-d629-4d07-b73e-eaa78f11ea70?source=api-scan" ], "published": "2022-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ed8ee65-d910-42a4-b6de-3229346dc59e": { "id": "0ed8ee65-d910-42a4-b6de-3229346dc59e", "title": "WordPress Core < 4.7.3 - Bypass URL Validation", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.18": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.18", "to_inclusive": true }, "3.8 - 3.8.18": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.18", "to_inclusive": true }, "3.9 - 3.9.16": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.16", "to_inclusive": true }, "4.0 - 4.0.15": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.15", "to_inclusive": true }, "4.1 - 4.1.15": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.15", "to_inclusive": true }, "4.2 - 4.2.12": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.12", "to_inclusive": true }, "4.3 - 4.3.8": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.8", "to_inclusive": true }, "4.4 - 4.4.7": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true }, "4.5 - 4.5.6": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": true }, "4.6 - 4.6.3": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true }, "4.7 - 4.7.2": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.19", "3.8.19", "3.9.17", "4.0.16", "4.1.16", "4.2.13", "4.3.9", "4.4.8", "4.5.7", "4.6.4", "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ed8ee65-d910-42a4-b6de-3229346dc59e?source=api-scan" ], "published": "2017-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ee4fe34-e6ae-4f37-a1a7-ebb153ae7a67": { "id": "0ee4fe34-e6ae-4f37-a1a7-ebb153ae7a67", "title": "Realia <= 1.4.0 - Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Realia", "slug": "realia", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ee4fe34-e6ae-4f37-a1a7-ebb153ae7a67?source=api-scan" ], "published": "2020-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ee60943-b583-4a99-8e62-846b380c98aa": { "id": "0ee60943-b583-4a99-8e62-846b380c98aa", "title": "Donation Forms by Charitable \u2013 Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "* - 1.8.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ee60943-b583-4a99-8e62-846b380c98aa?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ee7b30f-9d06-421c-af30-f20b774d389e": { "id": "0ee7b30f-9d06-421c-af30-f20b774d389e", "title": "ARForms Form Builder <= 1.5.6 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "slug": "arforms-form-builder", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ee7b30f-9d06-421c-af30-f20b774d389e?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0eec9744-6dbd-42bd-b9c5-c9d792cecf4b": { "id": "0eec9744-6dbd-42bd-b9c5-c9d792cecf4b", "title": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.6.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ef23749-21de-4c99-8fd6-4488ab16887e": { "id": "0ef23749-21de-4c99-8fd6-4488ab16887e", "title": "WPC Frequently Bought Together for WooCommerce <= 7.1.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "WPC Frequently Bought Together for WooCommerce", "slug": "woo-bought-together", "affected_versions": { "* - 7.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ef23749-21de-4c99-8fd6-4488ab16887e?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ef7d891-0efa-45e5-ad16-2f34fc017c8f": { "id": "0ef7d891-0efa-45e5-ad16-2f34fc017c8f", "title": "ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ELEX WooCommerce Google Shopping (Google Product Feed)", "slug": "elex-woocommerce-google-product-feed-plugin-basic", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ef7d891-0efa-45e5-ad16-2f34fc017c8f?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ef8024c-d5e5-4921-a161-01507cb4f2bd": { "id": "0ef8024c-d5e5-4921-a161-01507cb4f2bd", "title": "Crafthemes Demo Import <= 3.3 - Missing Authorization to Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "Crafthemes Demo Import", "slug": "crafthemes-demo-import", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ef8024c-d5e5-4921-a161-01507cb4f2bd?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0efc41ea-701d-44ce-9fec-b4d1459f63b1": { "id": "0efc41ea-701d-44ce-9fec-b4d1459f63b1", "title": "Optinly <= 1.0.18 - Missing Authorization", "software": [ { "type": "plugin", "name": "Optinly \u2013 Exit Intent, Newsletter Popups, Gamification & Opt-in Forms", "slug": "optinly", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0efc41ea-701d-44ce-9fec-b4d1459f63b1?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0efebdcb-c3fb-435a-8687-6abdd5f9334b": { "id": "0efebdcb-c3fb-435a-8687-6abdd5f9334b", "title": "Donations Made Easy \u2013 Smart Donations <= 4.0.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "Donations Made Easy \u2013 Smart Donations", "slug": "smart-donations", "affected_versions": { "* - 4.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0efebdcb-c3fb-435a-8687-6abdd5f9334b?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0eff89a8-07b7-49fc-b68d-9efd87fcac3c": { "id": "0eff89a8-07b7-49fc-b68d-9efd87fcac3c", "title": "WordPress Core < 3.0.3 - Access Control Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0eff89a8-07b7-49fc-b68d-9efd87fcac3c?source=api-scan" ], "published": "2010-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0efff314-b14f-4af4-b225-ba7e41d01b2e": { "id": "0efff314-b14f-4af4-b225-ba7e41d01b2e", "title": "Smash Balloon Plugins (Various Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feeds for YouTube (YouTube video, channel, and gallery plugin)", "slug": "feeds-for-youtube", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "plugin", "name": "Smash Balloon Social Photo Feed \u2013 Easy Social Feeds Plugin", "slug": "instagram-feed", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.2" ] }, { "type": "plugin", "name": "Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget", "slug": "custom-twitter-feeds", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] }, { "type": "plugin", "name": "Smash Balloon Social Post Feed \u2013 Simple Social Feeds for WordPress", "slug": "custom-facebook-feed", "affected_versions": { "* - 2.19.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.19.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.19.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0efff314-b14f-4af4-b225-ba7e41d01b2e?source=api-scan" ], "published": "2021-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f0051d5-b236-420c-ae65-14610d05c6d1": { "id": "0f0051d5-b236-420c-ae65-14610d05c6d1", "title": "WP Statistics <= 13.1.5 - Unauthenticated Blind SQL Injection via current_page_type", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f0051d5-b236-420c-ae65-14610d05c6d1?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f00b138-5c4b-4f75-94b1-82721cba2668": { "id": "0f00b138-5c4b-4f75-94b1-82721cba2668", "title": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "* - 3.1.38": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f00b138-5c4b-4f75-94b1-82721cba2668?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f01c9c8-acd4-44c0-8866-a0a819828006": { "id": "0f01c9c8-acd4-44c0-8866-a0a819828006", "title": "All 404 Redirect to Homepage & Broken images Redirection <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All 404 Redirect to Homepage", "slug": "all-404-redirect-to-homepage", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f01c9c8-acd4-44c0-8866-a0a819828006?source=api-scan" ], "published": "2021-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f01ee24-544b-45cb-9cf3-7db8263d8e54": { "id": "0f01ee24-544b-45cb-9cf3-7db8263d8e54", "title": "WP Directory Kit <= 1.1.9 - Open Redirect", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f01ee24-544b-45cb-9cf3-7db8263d8e54?source=api-scan" ], "published": "2023-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f02cc66-7782-45fe-ae5e-340ff7ae1fe9": { "id": "0f02cc66-7782-45fe-ae5e-340ff7ae1fe9", "title": "Ecwid Ecommerce Shopping Cart <= 6.11.3 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Ecwid by Lightspeed Ecommerce Shopping Cart", "slug": "ecwid-shopping-cart", "affected_versions": { "* - 6.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.11.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f02cc66-7782-45fe-ae5e-340ff7ae1fe9?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f0f50e0-7015-4f00-880b-6eb94961177f": { "id": "0f0f50e0-7015-4f00-880b-6eb94961177f", "title": "Form Store to DB <= 1.1.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Store to DB", "slug": "cf7-store-to-db-lite", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f0f50e0-7015-4f00-880b-6eb94961177f?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f10c476-ce0c-4204-8f68-46c12dac1ade": { "id": "0f10c476-ce0c-4204-8f68-46c12dac1ade", "title": "Featured Posts by BestWebSoft < 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Featured Posts by BestWebSoft", "slug": "bws-featured-posts", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f10c476-ce0c-4204-8f68-46c12dac1ade?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f13b2dd-4832-4646-828c-ba2df1eb7d33": { "id": "0f13b2dd-4832-4646-828c-ba2df1eb7d33", "title": "WP OAuth Server <= 3.0.4 - Authentication Bypass", "software": [ { "type": "plugin", "name": "WP OAuth Server ( Login with WordPress )", "slug": "miniorange-oauth-20-server", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f13b2dd-4832-4646-828c-ba2df1eb7d33?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f18a1c5-a0b7-49f9-acc1-5604304fd72f": { "id": "0f18a1c5-a0b7-49f9-acc1-5604304fd72f", "title": "ICS Calendar <= 10.12.0.1 - Authenticated(Contributor+) Directory Traversal via _url_get_contents", "software": [ { "type": "plugin", "name": "ICS Calendar", "slug": "ics-calendar", "affected_versions": { "[*, 10.12.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "10.12.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "10.12.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f18a1c5-a0b7-49f9-acc1-5604304fd72f?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f19194c-dbe8-455d-bee7-2f7d4ce9224f": { "id": "0f19194c-dbe8-455d-bee7-2f7d4ce9224f", "title": "WordPress Core < 4.6.1 - Authenticated Directory Traversal to Arbitrary File Access", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.15": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.15", "to_inclusive": true }, "3.8 - 3.8.15": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.15", "to_inclusive": true }, "3.9 - 3.9.13": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.13", "to_inclusive": true }, "4.0 - 4.0.12": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true }, "4.1 - 4.1.12": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.12", "to_inclusive": true }, "4.2 - 4.2.9": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.9", "to_inclusive": true }, "4.3 - 4.3.5": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true }, "4.4 - 4.4.4": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true }, "4.5 - 4.5.3": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true }, "4.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.16", "3.8.16", "3.9.14", "4.0.13", "4.1.13", "4.2.10", "4.3.6", "4.4.5", "4.5.4", "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f19194c-dbe8-455d-bee7-2f7d4ce9224f?source=api-scan" ], "published": "2016-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f1cce87-3e59-48c1-9d38-adaa739f20db": { "id": "0f1cce87-3e59-48c1-9d38-adaa739f20db", "title": "Realia <= 0.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Realia", "slug": "realia", "affected_versions": { "[*, 0.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f1cce87-3e59-48c1-9d38-adaa739f20db?source=api-scan" ], "published": "2016-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f20c7d3-8987-4dc0-9d97-98a29adbab85": { "id": "0f20c7d3-8987-4dc0-9d97-98a29adbab85", "title": "WP Shopping Pages <= 1.14 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shopping Pages", "slug": "shopping-pages", "affected_versions": { "* - 1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f20c7d3-8987-4dc0-9d97-98a29adbab85?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f210f6b-091f-45bf-be1e-872db3ab7b59": { "id": "0f210f6b-091f-45bf-be1e-872db3ab7b59", "title": "Contact Form DB <= 2.8.19 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form DB", "slug": "contact-form-7-to-database-extension", "affected_versions": { "* - 2.8.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f210f6b-091f-45bf-be1e-872db3ab7b59?source=api-scan" ], "published": "2014-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f218010-8429-4a8a-b7f6-e45945a2a1ba": { "id": "0f218010-8429-4a8a-b7f6-e45945a2a1ba", "title": "Mass Email To users <= 1.1.4 - Unauthenticated Reflected Cross-Site Scripting via 'entrant'", "software": [ { "type": "plugin", "name": "Mass Email To users", "slug": "mass-email-to-users", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f218010-8429-4a8a-b7f6-e45945a2a1ba?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f2371df-8ee0-4a26-a33d-337c129dc7d3": { "id": "0f2371df-8ee0-4a26-a33d-337c129dc7d3", "title": "SEO Rank Reporter <= 2.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Rank Reporter", "slug": "seo-rank-reporter", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f2371df-8ee0-4a26-a33d-337c129dc7d3?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f23aa0e-eb1f-4310-9615-d67eb39389fe": { "id": "0f23aa0e-eb1f-4310-9615-d67eb39389fe", "title": "Welcart e-Commerce <= 2.9.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f23aa0e-eb1f-4310-9615-d67eb39389fe?source=api-scan" ], "published": "2014-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f281ef5-bb2e-42f9-be51-6f7bd3069f59": { "id": "0f281ef5-bb2e-42f9-be51-6f7bd3069f59", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f281ef5-bb2e-42f9-be51-6f7bd3069f59?source=api-scan" ], "published": "2024-08-01 20:56:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f2c46f7-b7c9-41a5-8cf9-61a683c3922c": { "id": "0f2c46f7-b7c9-41a5-8cf9-61a683c3922c", "title": "Contact Form 7 Database Addon \u2013 CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form 7 Database Addon \u2013 CFDB7", "slug": "contact-form-cfdb7", "affected_versions": { "* - 1.2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f2c46f7-b7c9-41a5-8cf9-61a683c3922c?source=api-scan" ], "published": "2021-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f2e39b3-c18c-4660-b23d-00790156bc7f": { "id": "0f2e39b3-c18c-4660-b23d-00790156bc7f", "title": "Ultimate Product Catalog < 3.1.3 - Multiple Vulnerabilities", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f2e39b3-c18c-4660-b23d-00790156bc7f?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f2ebd89-d34f-4f08-9654-049355fdfa3f": { "id": "0f2ebd89-d34f-4f08-9654-049355fdfa3f", "title": "WPCode <= 2.0.13 - Unauthenticated Reflected Cross-Site Scripting via Tag Filter Links", "software": [ { "type": "plugin", "name": "WPCode \u2013 Insert Headers and Footers + Custom Code Snippets \u2013 WordPress Code Manager", "slug": "insert-headers-and-footers", "affected_versions": { "* - 2.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f2ebd89-d34f-4f08-9654-049355fdfa3f?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f325945-8394-4ff5-8868-2b1c464cd91f": { "id": "0f325945-8394-4ff5-8868-2b1c464cd91f", "title": "YellowPencil Visual CSS Style Editor <= 7.6.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual CSS Style Editor", "slug": "yellow-pencil-visual-theme-customizer", "affected_versions": { "* - 7.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f325945-8394-4ff5-8868-2b1c464cd91f?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f3303db-9ba6-4638-ba96-151cf91db85b": { "id": "0f3303db-9ba6-4638-ba96-151cf91db85b", "title": "Complete Open Graph <= 3.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Complete Open Graph", "slug": "complete-open-graph", "affected_versions": { "* - 3.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f3303db-9ba6-4638-ba96-151cf91db85b?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f35cc8b-11be-4664-be48-12a8db872d66": { "id": "0f35cc8b-11be-4664-be48-12a8db872d66", "title": "Title Experiments Free <= 9.0.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Title Experiments Free", "slug": "wp-experiments-free", "affected_versions": { "[*, 9.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f35cc8b-11be-4664-be48-12a8db872d66?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f36a924-6a68-40ff-bf1a-9ebcad1c2fc6": { "id": "0f36a924-6a68-40ff-bf1a-9ebcad1c2fc6", "title": "Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "2.9.36 - 2.9.42": { "from_version": "2.9.36", "from_inclusive": true, "to_version": "2.9.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.42.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f36a924-6a68-40ff-bf1a-9ebcad1c2fc6?source=api-scan" ], "published": "2016-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f3b74db-22a4-4638-8662-0c8cfbee6493": { "id": "0f3b74db-22a4-4638-8662-0c8cfbee6493", "title": "Import and export users and customers <= 1.14.2.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.14.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f3b74db-22a4-4638-8662-0c8cfbee6493?source=api-scan" ], "published": "2019-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f3c3629-b7a9-4f83-a821-64119ed662ce": { "id": "0f3c3629-b7a9-4f83-a821-64119ed662ce", "title": "Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Portfolio Post", "slug": "themify-portfolio-post", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f3c3629-b7a9-4f83-a821-64119ed662ce?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f3df75e-cf2f-4076-b5ff-b8540408044a": { "id": "0f3df75e-cf2f-4076-b5ff-b8540408044a", "title": "Album Gallery \u2013 WordPress Gallery <= 1.4.9 - Cross-Site Request Forgery via album-gallery-column-settings.php", "software": [ { "type": "plugin", "name": "Album Gallery \u2013 WordPress Gallery", "slug": "new-album-gallery", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f3df75e-cf2f-4076-b5ff-b8540408044a?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f45738b-fff6-438e-8870-508c622c1752": { "id": "0f45738b-fff6-438e-8870-508c622c1752", "title": "affiliate-toolkit \u2013 WordPress Affiliate Plugin <= 3.4.3 - Reflected Cross-Site Scripting via keyword", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f45738b-fff6-438e-8870-508c622c1752?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f4aa403-5a8e-4e4d-a009-3f7bfdc7ada3": { "id": "0f4aa403-5a8e-4e4d-a009-3f7bfdc7ada3", "title": "Love Travel 1.0 - 1.9 - Reflected Cross-Site Scripting and Cross-Frame Scripting", "software": [ { "type": "theme", "name": "Love Travel", "slug": "lovetravel", "affected_versions": { "1.0 - 1.9": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f4aa403-5a8e-4e4d-a009-3f7bfdc7ada3?source=api-scan" ], "published": "2020-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f4bb514-80bd-4d66-a60f-0a6a287af5de": { "id": "0f4bb514-80bd-4d66-a60f-0a6a287af5de", "title": "WP Image Carousel WordPress - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Image Carousel", "slug": "wp-image-carousel", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f4bb514-80bd-4d66-a60f-0a6a287af5de?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f4bba27-efdc-4b2d-80be-4a5c17ef5e7c": { "id": "0f4bba27-efdc-4b2d-80be-4a5c17ef5e7c", "title": "Rife Elementor Extensions & Templates <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rife Elementor Extensions & Templates", "slug": "rife-elementor-extensions", "affected_versions": { "[*, 1.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f4bba27-efdc-4b2d-80be-4a5c17ef5e7c?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f537479-d5ec-46bb-a04e-2c33a2abc759": { "id": "0f537479-d5ec-46bb-a04e-2c33a2abc759", "title": "WordPress Tag and Category Manager \u2013 AI Autotagger <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Tag, Category, and Taxonomy Manager \u2013 AI Autotagger", "slug": "simple-tags", "affected_versions": { "* - 3.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f537479-d5ec-46bb-a04e-2c33a2abc759?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f57458b-0cd2-4958-8190-c89076771e86": { "id": "0f57458b-0cd2-4958-8190-c89076771e86", "title": "VideoWhisper Video Presentation <= 3.25 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VideoWhisper Video Presentation", "slug": "videowhisper-video-presentation", "affected_versions": { "* - 3.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f57458b-0cd2-4958-8190-c89076771e86?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f5f8bd5-435a-4a53-8fa2-55674f39b78b": { "id": "0f5f8bd5-435a-4a53-8fa2-55674f39b78b", "title": "ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f5f8bd5-435a-4a53-8fa2-55674f39b78b?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f64cbff-96a2-45e6-b37a-a7d4702fdf09": { "id": "0f64cbff-96a2-45e6-b37a-a7d4702fdf09", "title": "AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization to Unauthenticated Ad Status Update", "software": [ { "type": "plugin", "name": "AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt", "slug": "adfoxly", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f64cbff-96a2-45e6-b37a-a7d4702fdf09?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f6bc166-8489-44bc-862e-dd4dcc1dcff8": { "id": "0f6bc166-8489-44bc-862e-dd4dcc1dcff8", "title": "WP Super Cache <= 1.7.1 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f6bc166-8489-44bc-862e-dd4dcc1dcff8?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f6e7fcd-f5f5-47a0-9d8a-74e2f67d10b5": { "id": "0f6e7fcd-f5f5-47a0-9d8a-74e2f67d10b5", "title": "HUSKY \u2013 Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f6e7fcd-f5f5-47a0-9d8a-74e2f67d10b5?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f6fa9c6-8a2b-49ca-ad7f-3aa51d671422": { "id": "0f6fa9c6-8a2b-49ca-ad7f-3aa51d671422", "title": "SEO Link Rotator <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "seolinkrotator", "slug": "seolinkrotator", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f6fa9c6-8a2b-49ca-ad7f-3aa51d671422?source=api-scan" ], "published": "2014-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f70e1b6-2963-43f6-b60f-65830d030d79": { "id": "0f70e1b6-2963-43f6-b60f-65830d030d79", "title": "Global Multisite Search <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Global Multisite Search", "slug": "global-multisite-search", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f70e1b6-2963-43f6-b60f-65830d030d79?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f75c6bf-1b93-49d5-b5fb-e59b4e67432f": { "id": "0f75c6bf-1b93-49d5-b5fb-e59b4e67432f", "title": "CRM and Lead Management by vcita <= 2.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CRM and Lead Management by vcita", "slug": "crm-customer-relationship-management-by-vcita", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f75c6bf-1b93-49d5-b5fb-e59b4e67432f?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f77d41a-8b72-412f-9560-267bc50f9aec": { "id": "0f77d41a-8b72-412f-9560-267bc50f9aec", "title": "Active Directory Integration \/ LDAP Integration <= 3.6.94 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Active Directory Integration \/ LDAP Integration", "slug": "ldap-login-for-intranet-sites", "affected_versions": { "[*, 3.6.95)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.95", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.95" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f77d41a-8b72-412f-9560-267bc50f9aec?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f7c43d4-cf21-4324-bc77-50bdc2c24661": { "id": "0f7c43d4-cf21-4324-bc77-50bdc2c24661", "title": "uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "uContext for Amazon", "slug": "ucontext-for-amazon", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f7c43d4-cf21-4324-bc77-50bdc2c24661?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f7f91f6-9fe6-4bbf-ba3c-380ba2e97dcd": { "id": "0f7f91f6-9fe6-4bbf-ba3c-380ba2e97dcd", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f7f91f6-9fe6-4bbf-ba3c-380ba2e97dcd?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f7f9d85-c376-45c5-91ab-559864f598c5": { "id": "0f7f9d85-c376-45c5-91ab-559864f598c5", "title": "Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Better Font Awesome", "slug": "better-font-awesome", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f7f9d85-c376-45c5-91ab-559864f598c5?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f803e16-7f47-4696-927f-450aaa5fda5e": { "id": "0f803e16-7f47-4696-927f-450aaa5fda5e", "title": "PickPlugins Product Slider for WooCommerce <= 1.13.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Slider for WooCommerce by PickPlugins", "slug": "woocommerce-products-slider", "affected_versions": { "* - 1.13.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f803e16-7f47-4696-927f-450aaa5fda5e?source=api-scan" ], "published": "2021-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f831d48-733a-4e79-8559-92b03b8d0356": { "id": "0f831d48-733a-4e79-8559-92b03b8d0356", "title": "KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle", "software": [ { "type": "plugin", "name": "KD Coming Soon", "slug": "kd-coming-soon", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f831d48-733a-4e79-8559-92b03b8d0356?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f86e1ef-c898-4a54-8204-a9ec4caab586": { "id": "0f86e1ef-c898-4a54-8204-a9ec4caab586", "title": "WordPress Importer <= 1.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Smart Import : Import any XML File to WordPress", "slug": "wp-smart-import", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f86e1ef-c898-4a54-8204-a9ec4caab586?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f87d37a-879f-4506-a651-8c965a558e28": { "id": "0f87d37a-879f-4506-a651-8c965a558e28", "title": "Thumbnail carousel slider < 1.0.1 - Stored Cross-Site Scripting and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Thumbnail carousel slider", "slug": "wp-responsive-thumbnail-slider", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f87d37a-879f-4506-a651-8c965a558e28?source=api-scan" ], "published": "2020-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f8aa38b-85c5-45a7-b5cd-9ecd43a3c340": { "id": "0f8aa38b-85c5-45a7-b5cd-9ecd43a3c340", "title": "Customily Product Personalizer <= 1.23.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Customily Product Personalizer", "slug": "customily-v2", "affected_versions": { "* - 1.23.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f8aa38b-85c5-45a7-b5cd-9ecd43a3c340?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f8cc16d-4e42-47b0-8ba0-df3252071826": { "id": "0f8cc16d-4e42-47b0-8ba0-df3252071826", "title": "XStore <= 9.3.8 - Missing Authorization", "software": [ { "type": "theme", "name": "XStore", "slug": "xstore", "affected_versions": { "* - 9.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f8cc16d-4e42-47b0-8ba0-df3252071826?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f8e1495-c5e1-4bb9-92e9-b27b9b997a5f": { "id": "0f8e1495-c5e1-4bb9-92e9-b27b9b997a5f", "title": "SVG Complete <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "SVG Complete", "slug": "svg-complete", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f8e1495-c5e1-4bb9-92e9-b27b9b997a5f?source=api-scan" ], "published": "2024-09-30 19:26:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f9229f2-e7dd-43c9-9c15-9b76c13e895b": { "id": "0f9229f2-e7dd-43c9-9c15-9b76c13e895b", "title": "iThemes Sync <= 2.1.13 - Cross-Site Request Forgery and Missing Authorization via 'hide_authenticate_notice'", "software": [ { "type": "plugin", "name": "Solid Central \u2013 Site Management, Backups, Security, and Reporting", "slug": "ithemes-sync", "affected_versions": { "[*, 2.1.14)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f9229f2-e7dd-43c9-9c15-9b76c13e895b?source=api-scan" ], "published": "2023-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f963cd2-0069-4e58-a5e5-8a9bfea65168": { "id": "0f963cd2-0069-4e58-a5e5-8a9bfea65168", "title": "User Profile Picture < 2.6.0 - Authenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "User Profile Picture", "slug": "users-profile-picture", "affected_versions": { "[*, 2.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f963cd2-0069-4e58-a5e5-8a9bfea65168?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f986535-efc2-470e-bb50-e0964bb775b3": { "id": "0f986535-efc2-470e-bb50-e0964bb775b3", "title": "Smart Blocks <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Blocks", "slug": "smart-blocks", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f986535-efc2-470e-bb50-e0964bb775b3?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f9c5bed-a399-43e2-be40-d669e90d3736": { "id": "0f9c5bed-a399-43e2-be40-d669e90d3736", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size'", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f9c5bed-a399-43e2-be40-d669e90d3736?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6": { "id": "0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6", "title": "Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.16": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fa0b67b-edc8-4f91-bf67-167df63cf7bd": { "id": "0fa0b67b-edc8-4f91-bf67-167df63cf7bd", "title": "BuddyPress Extended Friendship Request < 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress Extended Friendship Request", "slug": "buddypress-extended-friendship-request", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fa0b67b-edc8-4f91-bf67-167df63cf7bd?source=api-scan" ], "published": "2013-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fa4585d-9ffa-4a32-aeb7-60cdad63187b": { "id": "0fa4585d-9ffa-4a32-aeb7-60cdad63187b", "title": "WP Backup+ (Unknown Versions) - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "WP Backup+", "slug": "wp-backup-plus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fa4585d-9ffa-4a32-aeb7-60cdad63187b?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fa49df8-6989-4099-be06-8b232c4f90ef": { "id": "0fa49df8-6989-4099-be06-8b232c4f90ef", "title": "WP Time Slots Booking Form <= 1.2.10 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Time Slots Booking Form", "slug": "wp-time-slots-booking-form", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fa49df8-6989-4099-be06-8b232c4f90ef?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fa5b6f2-94cc-47b8-986a-a3c525a7e777": { "id": "0fa5b6f2-94cc-47b8-986a-a3c525a7e777", "title": "URL Shortener by MyShop <= 1.0.17 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "URL Shortener by MyThemeShop", "slug": "mts-url-shortener", "affected_versions": { "* - 1.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fa5b6f2-94cc-47b8-986a-a3c525a7e777?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fad1834-0ee1-4542-a5a7-55a32861c81d": { "id": "0fad1834-0ee1-4542-a5a7-55a32861c81d", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fad1834-0ee1-4542-a5a7-55a32861c81d?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fae8440-ce36-45ba-bed2-af30162e4c1b": { "id": "0fae8440-ce36-45ba-bed2-af30162e4c1b", "title": "Subscribe to Category <= 2.7.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Subscribe to Category", "slug": "subscribe-to-category", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fae8440-ce36-45ba-bed2-af30162e4c1b?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fb06de8-97d6-46c3-83ef-93a209540259": { "id": "0fb06de8-97d6-46c3-83ef-93a209540259", "title": "User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access", "software": [ { "type": "plugin", "name": "User Private Files \u2013 File Upload & Download Manager with Secure File Sharing", "slug": "user-private-files", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fb06de8-97d6-46c3-83ef-93a209540259?source=api-scan" ], "published": "2024-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fb82b48-3cf8-47a5-b68d-e37a1823a125": { "id": "0fb82b48-3cf8-47a5-b68d-e37a1823a125", "title": "Auto Login New User After Registration <= 1.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via alnuar_auto_login_new_user_after_registration_redirect", "software": [ { "type": "plugin", "name": "Auto Login New User After Registration", "slug": "auto-login-new-user-after-registration", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fb82b48-3cf8-47a5-b68d-e37a1823a125?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fb8e956-3a95-4e55-9816-be7eddb5835d": { "id": "0fb8e956-3a95-4e55-9816-be7eddb5835d", "title": "Theme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Theme My Login", "slug": "theme-my-login", "affected_versions": { "* - 7.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fb8e956-3a95-4e55-9816-be7eddb5835d?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fb9b039-eb04-4c27-89eb-1932c9c31962": { "id": "0fb9b039-eb04-4c27-89eb-1932c9c31962", "title": "Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization", "software": [ { "type": "plugin", "name": "Security & Malware scan by CleanTalk", "slug": "security-malware-firewall", "affected_versions": { "* - 2.50": { "from_version": "*", "from_inclusive": true, "to_version": "2.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=api-scan" ], "published": "2020-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fbb1044-dd42-469d-9299-135ef2e609e0": { "id": "0fbb1044-dd42-469d-9299-135ef2e609e0", "title": "WordPress Core < 4.5 - Cross-Site Request Forgery via wp_ajax_wp_compression_test", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fbb1044-dd42-469d-9299-135ef2e609e0?source=api-scan" ], "published": "2016-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fc2b6cb-cca1-4d90-a229-12ec9d1f4b8b": { "id": "0fc2b6cb-cca1-4d90-a229-12ec9d1f4b8b", "title": "WP Live Chat Support <= 7.1.04 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 7.1.04": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.04", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fc2b6cb-cca1-4d90-a229-12ec9d1f4b8b?source=api-scan" ], "published": "2017-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fc675e8-8ba1-40b0-829e-7a48d5eb586d": { "id": "0fc675e8-8ba1-40b0-829e-7a48d5eb586d", "title": "Japanized For WooCommerce <= 2.6.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Japanized For WooCommerce", "slug": "woocommerce-for-japan", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fc675e8-8ba1-40b0-829e-7a48d5eb586d?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fcb1237-5d96-47f6-9f0c-3a0fd72ca91f": { "id": "0fcb1237-5d96-47f6-9f0c-3a0fd72ca91f", "title": "ZoomSounds <= 2.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ZoomSounds - WordPress Wave Audio Player with Playlist", "slug": "dzs-zoomsounds", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fcb1237-5d96-47f6-9f0c-3a0fd72ca91f?source=api-scan" ], "published": "2015-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fcdd6b5-a273-4916-a894-a753be0a7921": { "id": "0fcdd6b5-a273-4916-a894-a753be0a7921", "title": "Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Be POPIA Compliant", "slug": "be-popia-compliant", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fcdd6b5-a273-4916-a894-a753be0a7921?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fcdfba2-aa19-4d0c-8880-5ee2c0680555": { "id": "0fcdfba2-aa19-4d0c-8880-5ee2c0680555", "title": "WordPress Core < 6.0.3 - Shared User Instance Weakness", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fcdfba2-aa19-4d0c-8880-5ee2c0680555?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fd1cbbe-68b8-4a19-aea9-1e943d97c9c3": { "id": "0fd1cbbe-68b8-4a19-aea9-1e943d97c9c3", "title": "Banner Effect Header < 1.2.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Banner Effect Header", "slug": "banner-effect-header", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fd1cbbe-68b8-4a19-aea9-1e943d97c9c3?source=api-scan" ], "published": "2015-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fda86d9-2b80-47f9-bfb5-4bdb780a718f": { "id": "0fda86d9-2b80-47f9-bfb5-4bdb780a718f", "title": "Goftino <= 1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Goftino", "slug": "goftino", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fda86d9-2b80-47f9-bfb5-4bdb780a718f?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fdc2dac-b3ea-40bd-987b-e6c47e74aefc": { "id": "0fdc2dac-b3ea-40bd-987b-e6c47e74aefc", "title": "CMP \u2013 Coming Soon & Maintenance <= 4.1.10 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "CMP \u2013 Coming Soon & Maintenance Plugin by NiteoThemes", "slug": "cmp-coming-soon-maintenance", "affected_versions": { "* - 4.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fdc2dac-b3ea-40bd-987b-e6c47e74aefc?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fddf084-2be2-4359-b318-a483dee0bd4e": { "id": "0fddf084-2be2-4359-b318-a483dee0bd4e", "title": "Google Analyticator <= 6.4.9.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Analyticator", "slug": "google-analyticator", "affected_versions": { "[*, 6.4.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.4.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fddf084-2be2-4359-b318-a483dee0bd4e?source=api-scan" ], "published": "2015-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fe28cf5-466d-4a28-b6bd-6d77c54b97f9": { "id": "0fe28cf5-466d-4a28-b6bd-6d77c54b97f9", "title": "WordPress Tooltips <= 9.4.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Tooltips", "slug": "wordpress-tooltips", "affected_versions": { "* - 9.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "9.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fe28cf5-466d-4a28-b6bd-6d77c54b97f9?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fe551db-2073-4eeb-83da-9ce8c2c031e1": { "id": "0fe551db-2073-4eeb-83da-9ce8c2c031e1", "title": "Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Blox Page Builder", "slug": "blox-page-builder", "affected_versions": { "* - 1.0.65": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.65", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fe551db-2073-4eeb-83da-9ce8c2c031e1?source=api-scan" ], "published": "2024-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fe5a834-487e-4da8-8b30-384427e26e6b": { "id": "0fe5a834-487e-4da8-8b30-384427e26e6b", "title": "Booster for WooCommerce <= 5.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fe5a834-487e-4da8-8b30-384427e26e6b?source=api-scan" ], "published": "2022-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fe79ca5-2811-44eb-a340-a41383f9d42e": { "id": "0fe79ca5-2811-44eb-a340-a41383f9d42e", "title": "Easy Google Maps <= 1.9.31 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Google Maps", "slug": "google-maps-easy", "affected_versions": { "* - 1.9.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fe79ca5-2811-44eb-a340-a41383f9d42e?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0feaff52-062f-45d3-bece-b2c78bdd720e": { "id": "0feaff52-062f-45d3-bece-b2c78bdd720e", "title": "WP 2FA \u2013 Two-factor authentication for WordPress <= 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP 2FA \u2013 Two-factor authentication for WordPress", "slug": "wp-2fa", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0feaff52-062f-45d3-bece-b2c78bdd720e?source=api-scan" ], "published": "2022-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0febc283-6c4a-472a-a211-0df853d63f7b": { "id": "0febc283-6c4a-472a-a211-0df853d63f7b", "title": "Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )", "slug": "magical-addons-for-elementor", "affected_versions": { "* - 1.1.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0febc283-6c4a-472a-a211-0df853d63f7b?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0fee990a-8ac0-40a2-9f25-96defd62263d": { "id": "0fee990a-8ac0-40a2-9f25-96defd62263d", "title": "Theme My Login <= 6.3.9 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Theme My Login", "slug": "theme-my-login", "affected_versions": { "[*, 6.3.10)": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0fee990a-8ac0-40a2-9f25-96defd62263d?source=api-scan" ], "published": "2014-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0feeca6b-b611-44d3-90a6-569e4d2ccf5a": { "id": "0feeca6b-b611-44d3-90a6-569e4d2ccf5a", "title": "Icegram <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Message", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 3.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0feeca6b-b611-44d3-90a6-569e4d2ccf5a?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ff001c2-95f9-42a2-b5a3-74937be41756": { "id": "0ff001c2-95f9-42a2-b5a3-74937be41756", "title": "Menu Image, Icons made easy <= 3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Menu Image, Icons made easy", "slug": "menu-image", "affected_versions": { "* - 3.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ff001c2-95f9-42a2-b5a3-74937be41756?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ff464d0-7aa4-4a79-a8d2-ea51398c40f9": { "id": "0ff464d0-7aa4-4a79-a8d2-ea51398c40f9", "title": "SMTP by BestWebSoft <= 1.0.9 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SMTP by BestWebSoft", "slug": "bws-smtp", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ff464d0-7aa4-4a79-a8d2-ea51398c40f9?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ff67beb-638e-4d74-8d0e-6aece9207bb9": { "id": "0ff67beb-638e-4d74-8d0e-6aece9207bb9", "title": "About Author <= 1.3.9 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "About Author", "slug": "about-author", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ff67beb-638e-4d74-8d0e-6aece9207bb9?source=api-scan" ], "published": "2019-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ff96c12-1388-48a9-adf4-feca77a37ba7": { "id": "0ff96c12-1388-48a9-adf4-feca77a37ba7", "title": "Sliced Invoices < 3.8.4 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Sliced Invoices \u2013 WordPress Invoice Plugin", "slug": "sliced-invoices", "affected_versions": { "[*, 3.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ff96c12-1388-48a9-adf4-feca77a37ba7?source=api-scan" ], "published": "2019-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ffd60d2-ae8d-4738-a4f4-6df6e0ffa8c6": { "id": "0ffd60d2-ae8d-4738-a4f4-6df6e0ffa8c6", "title": "WP Statistics <= 13.2.16 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "13.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ffd60d2-ae8d-4738-a4f4-6df6e0ffa8c6?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "0ffd695b-33e3-49b6-ad3a-98b2a645f827": { "id": "0ffd695b-33e3-49b6-ad3a-98b2a645f827", "title": "Archives Calendar Widget <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Archives Calendar Widget", "slug": "archives-calendar-widget", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/0ffd695b-33e3-49b6-ad3a-98b2a645f827?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10021498-73c8-4767-b059-f282ddc35963": { "id": "10021498-73c8-4767-b059-f282ddc35963", "title": "Popup by Supsystic <= 1.10.19 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Popup by Supsystic", "slug": "popup-by-supsystic", "affected_versions": { "* - 1.10.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10021498-73c8-4767-b059-f282ddc35963?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1009c839-849f-47ce-bfab-c297aacbc23c": { "id": "1009c839-849f-47ce-bfab-c297aacbc23c", "title": "Image Zoom <= 1.8.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Image Zoom", "slug": "image-zoom", "affected_versions": { "* - 1.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1009c839-849f-47ce-bfab-c297aacbc23c?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "100b6786-7cad-4d65-b457-9beb179e293a": { "id": "100b6786-7cad-4d65-b457-9beb179e293a", "title": "Simple Job Board <= 2.10.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/100b6786-7cad-4d65-b457-9beb179e293a?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "100b700f-8812-48be-8a04-28f60a57b35f": { "id": "100b700f-8812-48be-8a04-28f60a57b35f", "title": "Enfold <= 5.6.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Enfold - Responsive Multi-Purpose Theme", "slug": "enfold", "affected_versions": { "* - 5.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/100b700f-8812-48be-8a04-28f60a57b35f?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10101e3f-8c8a-4a62-bf41-809983a3b610": { "id": "10101e3f-8c8a-4a62-bf41-809983a3b610", "title": "Heateor Social Login WordPress <= 1.1.32 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Heateor Social Login WordPress", "slug": "heateor-social-login", "affected_versions": { "* - 1.1.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10101e3f-8c8a-4a62-bf41-809983a3b610?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1012f06d-2306-44bc-9235-528c1632be16": { "id": "1012f06d-2306-44bc-9235-528c1632be16", "title": "BlogLentor <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BlogLentor \u2013 Blog Designer Pack for Elementor", "slug": "bloglentor-for-elementor", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1012f06d-2306-44bc-9235-528c1632be16?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1016f16c-0ab2-4cac-a7a5-8d93a37e7894": { "id": "1016f16c-0ab2-4cac-a7a5-8d93a37e7894", "title": "Social Sharing Plugin \u2013 Social Warfare <= 4.4.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Social Warfare", "slug": "social-warfare", "affected_versions": { "* - 4.4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1016f16c-0ab2-4cac-a7a5-8d93a37e7894?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "101945f6-d709-4c99-8c80-def9dd2fa636": { "id": "101945f6-d709-4c99-8c80-def9dd2fa636", "title": "ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "ANAC XML Bandi di Gara", "slug": "avcp", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/101945f6-d709-4c99-8c80-def9dd2fa636?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "101a3dfd-101e-4ae2-85d1-a6b3c9d6ca71": { "id": "101a3dfd-101e-4ae2-85d1-a6b3c9d6ca71", "title": "Shortcodes and extra features for Phlox theme <= 2.9.7 - Reflected Cross-Site-Scripting", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "[*, 2.9.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/101a3dfd-101e-4ae2-85d1-a6b3c9d6ca71?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "101dd211-c3eb-4d27-9194-841bc2a968e6": { "id": "101dd211-c3eb-4d27-9194-841bc2a968e6", "title": "Super Socializer <= 7.13.54 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "* - 7.13.54": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.54", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/101dd211-c3eb-4d27-9194-841bc2a968e6?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "101edd24-3f9e-4055-8547-9cd7e2b626b5": { "id": "101edd24-3f9e-4055-8547-9cd7e2b626b5", "title": "Invite Anyone < 1.3.16 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Invite Anyone", "slug": "invite-anyone", "affected_versions": { "[*, 1.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/101edd24-3f9e-4055-8547-9cd7e2b626b5?source=api-scan" ], "published": "2017-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "101f8390-7fd1-427d-a62e-83c527adedec": { "id": "101f8390-7fd1-427d-a62e-83c527adedec", "title": "DZS Video Gallery <= 8.60 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DZS Video Gallery", "slug": "dzs-videogallery", "affected_versions": { "* - 8.60": { "from_version": "*", "from_inclusive": true, "to_version": "8.60", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/101f8390-7fd1-427d-a62e-83c527adedec?source=api-scan" ], "published": "2016-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1023edcb-9879-4dde-b62e-3ce65d7fef2f": { "id": "1023edcb-9879-4dde-b62e-3ce65d7fef2f", "title": "WooCommerce PayPal Payments <= 2.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce PayPal Payments", "slug": "woocommerce-paypal-payments", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1023edcb-9879-4dde-b62e-3ce65d7fef2f?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1026b753-e82b-4fa3-9023-c36ab9863b29": { "id": "1026b753-e82b-4fa3-9023-c36ab9863b29", "title": "Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.18": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1026b753-e82b-4fa3-9023-c36ab9863b29?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "102ab838-9011-4da6-bc24-179be1328bcc": { "id": "102ab838-9011-4da6-bc24-179be1328bcc", "title": "PhotoCrati Theme <= 4.0 - SQL Injection", "software": [ { "type": "theme", "name": "Photocrati", "slug": "photocrati-theme", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/102ab838-9011-4da6-bc24-179be1328bcc?source=api-scan" ], "published": "2011-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "102bab51-2dc7-4013-8273-21e2ff6cdf79": { "id": "102bab51-2dc7-4013-8273-21e2ff6cdf79", "title": "myStickymenu <= 2.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Lead Deletion", "software": [ { "type": "plugin", "name": "Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme \u2013 My Sticky Bar (formerly myStickymenu)", "slug": "mystickymenu", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/102bab51-2dc7-4013-8273-21e2ff6cdf79?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "102e17f3-2c56-48c0-b8f5-992a69abfacc": { "id": "102e17f3-2c56-48c0-b8f5-992a69abfacc", "title": "Justified Image Grid <= 4.6.1 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Justified Image Grid - Premium WordPress Gallery", "slug": "justified-image-grid", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/102e17f3-2c56-48c0-b8f5-992a69abfacc?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "102ed3c9-33ed-462a-83df-5a57f2621780": { "id": "102ed3c9-33ed-462a-83df-5a57f2621780", "title": "Count per Day <= 3.1 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/102ed3c9-33ed-462a-83df-5a57f2621780?source=api-scan" ], "published": "2012-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1032227b-f2bc-4fc5-bc8d-91a84c631680": { "id": "1032227b-f2bc-4fc5-bc8d-91a84c631680", "title": "EnvialoSimple: Email Marketing y Newsletters < 1.98 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Env\u00edaloSimple: Email Marketing y Newsletters", "slug": "envialosimple-email-marketing-y-newsletters-gratis", "affected_versions": { "* - 1.97": { "from_version": "*", "from_inclusive": true, "to_version": "1.97", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.98" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1032227b-f2bc-4fc5-bc8d-91a84c631680?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1032f7b0-db98-4b25-bdff-dcaf2758f266": { "id": "1032f7b0-db98-4b25-bdff-dcaf2758f266", "title": "SAML Single Sign On \u2013 SAML SSO Login <= 4.8.83 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SAML Single Sign On \u2013 SSO Login", "slug": "miniorange-saml-20-single-sign-on", "affected_versions": { "* - 4.8.83": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.83", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.84" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1032f7b0-db98-4b25-bdff-dcaf2758f266?source=api-scan" ], "published": "2020-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10339a77-7c1a-4030-9061-15c699545b16": { "id": "10339a77-7c1a-4030-9061-15c699545b16", "title": "WOLF <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via profile_title", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10339a77-7c1a-4030-9061-15c699545b16?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1034f0f4-52e4-4f4c-81fc-51b4720f306a": { "id": "1034f0f4-52e4-4f4c-81fc-51b4720f306a", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_save", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1034f0f4-52e4-4f4c-81fc-51b4720f306a?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "103a7e7b-74bb-4691-8670-c66ed2144596": { "id": "103a7e7b-74bb-4691-8670-c66ed2144596", "title": "Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/103a7e7b-74bb-4691-8670-c66ed2144596?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "103b7db9-1571-4fce-852f-68d5df7ee4ba": { "id": "103b7db9-1571-4fce-852f-68d5df7ee4ba", "title": "wpDataTables (Premium) <= 3.4.1 - Improper Access Control leading to Table Permission Takeover", "software": [ { "type": "plugin", "name": "wpDataTables (Premium)", "slug": "wpdatatables", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/103b7db9-1571-4fce-852f-68d5df7ee4ba?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "103cbd07-4698-4b64-820d-d2df3fce95da": { "id": "103cbd07-4698-4b64-820d-d2df3fce95da", "title": "Age Gate <= 2.16.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Age Gate", "slug": "age-gate", "affected_versions": { "[*, 2.16.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.16.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/103cbd07-4698-4b64-820d-d2df3fce95da?source=api-scan" ], "published": "2021-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "103ce24e-1c21-4c25-b3d0-6f595bf58979": { "id": "103ce24e-1c21-4c25-b3d0-6f595bf58979", "title": "Welcart e-Commerce <= 1.8.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/103ce24e-1c21-4c25-b3d0-6f595bf58979?source=api-scan" ], "published": "2016-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "103db583-9399-4a45-a316-808b55fc6a6c": { "id": "103db583-9399-4a45-a316-808b55fc6a6c", "title": "POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/103db583-9399-4a45-a316-808b55fc6a6c?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "103dea33-0c30-460e-80e4-fead18928a62": { "id": "103dea33-0c30-460e-80e4-fead18928a62", "title": "WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter", "software": [ { "type": "plugin", "name": "WPB Elementor Addons", "slug": "wpb-elementor-addons", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/103dea33-0c30-460e-80e4-fead18928a62?source=api-scan" ], "published": "2024-05-21 20:15:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "103e7658-78d6-414d-ad68-e9adf77f1c60": { "id": "103e7658-78d6-414d-ad68-e9adf77f1c60", "title": "My Favorites <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Favorites", "slug": "my-favorites", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/103e7658-78d6-414d-ad68-e9adf77f1c60?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "104b3c01-4623-43cb-aed4-16e3be62e1f9": { "id": "104b3c01-4623-43cb-aed4-16e3be62e1f9", "title": "WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group_tag'", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/104b3c01-4623-43cb-aed4-16e3be62e1f9?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "104badec-6e6e-44bb-936b-d135dd80890d": { "id": "104badec-6e6e-44bb-936b-d135dd80890d", "title": "LiteSpeed Cache <= 6.3.0.1 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 6.3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/104badec-6e6e-44bb-936b-d135dd80890d?source=api-scan" ], "published": "2024-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1053ff60-469f-4940-a865-35ed28fc769a": { "id": "1053ff60-469f-4940-a865-35ed28fc769a", "title": "Easy Coming Soon <= 1.6.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Coming Soon", "slug": "easy-coming-soon", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1053ff60-469f-4940-a865-35ed28fc769a?source=api-scan" ], "published": "2015-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1056804b-c317-4b9f-85ce-41b4ed0ac40a": { "id": "1056804b-c317-4b9f-85ce-41b4ed0ac40a", "title": "YaMaps <= 0.6.25 - Authenticaterd (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "YaMaps for WordPress Plugin", "slug": "yamaps", "affected_versions": { "* - 0.6.25": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1056804b-c317-4b9f-85ce-41b4ed0ac40a?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10590944-e08e-4980-846d-7a88880b2dcd": { "id": "10590944-e08e-4980-846d-7a88880b2dcd", "title": "Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Accessibility Suite by Ability, Inc", "slug": "online-accessibility", "affected_versions": { "* - 4.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10590944-e08e-4980-846d-7a88880b2dcd?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "105ae6be-2cb7-4ab2-8e4c-5d3ff84c5b9f": { "id": "105ae6be-2cb7-4ab2-8e4c-5d3ff84c5b9f", "title": "Download Monitor <= 4.9.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "[*, 4.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/105ae6be-2cb7-4ab2-8e4c-5d3ff84c5b9f?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "105dcbbb-9ee2-4a5a-9b65-bbac931d1080": { "id": "105dcbbb-9ee2-4a5a-9b65-bbac931d1080", "title": "Wp Social <= 1.9.0 - Authenticated (Subscriber+) Information Disclosure", "software": [ { "type": "plugin", "name": "Wp Social Login and Register Social Counter", "slug": "wp-social", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/105dcbbb-9ee2-4a5a-9b65-bbac931d1080?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1063ecb4-a0a0-47d9-8629-f4f6a29bf5c9": { "id": "1063ecb4-a0a0-47d9-8629-f4f6a29bf5c9", "title": "Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image and Video Lightbox, Image PopUp", "slug": "lightbox-popup", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1063ecb4-a0a0-47d9-8629-f4f6a29bf5c9?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1069434a-b8cb-4e29-995d-f31b18d1843f": { "id": "1069434a-b8cb-4e29-995d-f31b18d1843f", "title": "Font Uploader <= 1.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress Font Uploader", "slug": "font-uploader", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1069434a-b8cb-4e29-995d-f31b18d1843f?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1069c845-30b9-4aca-8a60-8b66c48365af": { "id": "1069c845-30b9-4aca-8a60-8b66c48365af", "title": "Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure", "software": [ { "type": "plugin", "name": "Add Admin JavaScript", "slug": "add-admin-javascript", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1069c845-30b9-4aca-8a60-8b66c48365af?source=api-scan" ], "published": "2024-07-26 13:03:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "106a604f-0bff-444e-9d76-f6508bcc0cea": { "id": "106a604f-0bff-444e-9d76-f6508bcc0cea", "title": "Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elastic Email Sender", "slug": "elastic-email-sender", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/106a604f-0bff-444e-9d76-f6508bcc0cea?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1072ad88-5760-4f2a-82b3-d515d6f73e52": { "id": "1072ad88-5760-4f2a-82b3-d515d6f73e52", "title": "WP All Import <= 3.6.7 - Admin+ Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1072ad88-5760-4f2a-82b3-d515d6f73e52?source=api-scan" ], "published": "2022-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "107548a1-3b5b-4838-815b-32b86e1b7ff5": { "id": "107548a1-3b5b-4838-815b-32b86e1b7ff5", "title": "Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Linkify Text", "slug": "linkify-text", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/107548a1-3b5b-4838-815b-32b86e1b7ff5?source=api-scan" ], "published": "2024-08-08 20:36:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "107918e4-fb21-40df-818d-a71b78b26928": { "id": "107918e4-fb21-40df-818d-a71b78b26928", "title": "Sunshine Photo Cart <= 2.9.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 2.9.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/107918e4-fb21-40df-818d-a71b78b26928?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1079282d-3183-4190-8a54-d6085d27935a": { "id": "1079282d-3183-4190-8a54-d6085d27935a", "title": "Arkhe Blocks <= 2.22.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arkhe Blocks", "slug": "arkhe-blocks", "affected_versions": { "* - 2.22.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.22.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.23.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1079282d-3183-4190-8a54-d6085d27935a?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "107a0612-5e58-428b-a097-1c4012e89449": { "id": "107a0612-5e58-428b-a097-1c4012e89449", "title": "ACF Images Search And Insert <= 1.1.4 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ACF Images Search And Insert", "slug": "acf-images-search-and-insert", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/107a0612-5e58-428b-a097-1c4012e89449?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "107afaa6-6c0b-43fb-9713-ebc4f1189ea6": { "id": "107afaa6-6c0b-43fb-9713-ebc4f1189ea6", "title": "Timeline Event History <= 3.1 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Timeline Event History", "slug": "timeline-event-history", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/107afaa6-6c0b-43fb-9713-ebc4f1189ea6?source=api-scan" ], "published": "2024-07-17 14:02:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "107c82fa-fcb1-40df-9c53-bc8f23810f2a": { "id": "107c82fa-fcb1-40df-9c53-bc8f23810f2a", "title": "BA Book Everything <= 1.6.4 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "BA Book Everything", "slug": "ba-book-everything", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/107c82fa-fcb1-40df-9c53-bc8f23810f2a?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1080810b-ec9a-44fb-b4da-49b28646a441": { "id": "1080810b-ec9a-44fb-b4da-49b28646a441", "title": "FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "FooEvents for WooCommerce", "slug": "fooevents", "affected_versions": { "* - 1.19.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.19.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1080810b-ec9a-44fb-b4da-49b28646a441?source=api-scan" ], "published": "2024-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10818590-6412-458f-a473-b24dc0b293dd": { "id": "10818590-6412-458f-a473-b24dc0b293dd", "title": "GamePress \u2013 The Game Database Plugin <= 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GamePress \u2013 The Game Database Plugin", "slug": "gamepress", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10818590-6412-458f-a473-b24dc0b293dd?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1081eeb1-3240-478d-8679-7bf9293b5a95": { "id": "1081eeb1-3240-478d-8679-7bf9293b5a95", "title": "Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Roles", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1081eeb1-3240-478d-8679-7bf9293b5a95?source=api-scan" ], "published": "2020-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1087f744-44c2-4fa1-92d9-872a5bfd571d": { "id": "1087f744-44c2-4fa1-92d9-872a5bfd571d", "title": "Use-Your-Drive < 1.18.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Use-Your-Drive", "slug": "use-your-drive", "affected_versions": { "[*, 1.18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1087f744-44c2-4fa1-92d9-872a5bfd571d?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1088f498-e718-41bc-866e-7027352a2a5b": { "id": "1088f498-e718-41bc-866e-7027352a2a5b", "title": "Splashscreen <= 0.20 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Splashscreen", "slug": "splashscreen", "affected_versions": { "* - 0.20": { "from_version": "*", "from_inclusive": true, "to_version": "0.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1088f498-e718-41bc-866e-7027352a2a5b?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1089ab17-b780-4840-8dcd-c50258513634": { "id": "1089ab17-b780-4840-8dcd-c50258513634", "title": "Schema App Structured Data <= 2.2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Schema App Structured Data", "slug": "schema-app-structured-data-for-schemaorg", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1089ab17-b780-4840-8dcd-c50258513634?source=api-scan" ], "published": "2024-05-23 18:14:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "108a2ea3-a612-46a2-b29a-7ae794f8470c": { "id": "108a2ea3-a612-46a2-b29a-7ae794f8470c", "title": "FeedWordPress < 2015.0514 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FeedWordPress", "slug": "feedwordpress", "affected_versions": { "[*, 2015.0514)": { "from_version": "*", "from_inclusive": true, "to_version": "2015.0514", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2015.0514" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/108a2ea3-a612-46a2-b29a-7ae794f8470c?source=api-scan" ], "published": "2015-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "108e9578-e586-4ed8-b0b2-dc6c26bf530e": { "id": "108e9578-e586-4ed8-b0b2-dc6c26bf530e", "title": "Meteor Slides <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meteor Slides", "slug": "meteor-slides", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/108e9578-e586-4ed8-b0b2-dc6c26bf530e?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "108f3e7b-f4c1-445c-914c-97960b21b5fa": { "id": "108f3e7b-f4c1-445c-914c-97960b21b5fa", "title": "WP Dark Mode <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing", "slug": "wp-dark-mode", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/108f3e7b-f4c1-445c-914c-97960b21b5fa?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1090acfc-5b0c-478a-ac71-db54fdaefdf5": { "id": "1090acfc-5b0c-478a-ac71-db54fdaefdf5", "title": "Boostify Header Footer Builder for Elementor <= 1.3.5 - Missing Authorization to Page\/Post Creation", "software": [ { "type": "plugin", "name": "Boostify Header Footer Builder for Elementor", "slug": "boostify-header-footer-builder", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1090acfc-5b0c-478a-ac71-db54fdaefdf5?source=api-scan" ], "published": "2024-06-05 12:57:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1091862b-784b-496f-a951-6784544cb51b": { "id": "1091862b-784b-496f-a951-6784544cb51b", "title": "YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion", "software": [ { "type": "plugin", "name": "YARPP \u2013 Yet Another Related Posts Plugin", "slug": "yet-another-related-posts-plugin", "affected_versions": { "* - 5.30.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.30.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.30.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1091862b-784b-496f-a951-6784544cb51b?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "109427de-3b8a-46cc-a888-6fea4f72a31a": { "id": "109427de-3b8a-46cc-a888-6fea4f72a31a", "title": "Mailchimp for WooCommerce <= 2.7.1 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Mailchimp for WooCommerce", "slug": "mailchimp-for-woocommerce", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/109427de-3b8a-46cc-a888-6fea4f72a31a?source=api-scan" ], "published": "2022-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "109a99ca-1173-4367-b8a7-c3d8cffcfcaf": { "id": "109a99ca-1173-4367-b8a7-c3d8cffcfcaf", "title": "Chatbot with ChatGPT <= 2.4.4 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chatbot with ChatGPT WordPress", "slug": "smartsearchwp", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/109a99ca-1173-4367-b8a7-c3d8cffcfcaf?source=api-scan" ], "published": "2024-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "109b4947-f690-4158-9e6a-00f2005a6938": { "id": "109b4947-f690-4158-9e6a-00f2005a6938", "title": "Adminer <= 1.4.5 - Security Bypass to Database Login", "software": [ { "type": "plugin", "name": "adminer", "slug": "adminer", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/109b4947-f690-4158-9e6a-00f2005a6938?source=api-scan" ], "published": "2017-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10a0abd6-1905-4a90-8488-29d44df7aeb9": { "id": "10a0abd6-1905-4a90-8488-29d44df7aeb9", "title": "All-in-One WP Migration <= 6.97 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "[*, 7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10a0abd6-1905-4a90-8488-29d44df7aeb9?source=api-scan" ], "published": "2019-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10a36e37-4188-403f-9b17-d7e79b8b8a6d": { "id": "10a36e37-4188-403f-9b17-d7e79b8b8a6d", "title": "String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization", "software": [ { "type": "plugin", "name": "String locator", "slug": "string-locator", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10a36e37-4188-403f-9b17-d7e79b8b8a6d?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10a54a3b-db6d-45c5-9280-7042ccc17ccd": { "id": "10a54a3b-db6d-45c5-9280-7042ccc17ccd", "title": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters < 8.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters", "slug": "subscribe2", "affected_versions": { "[*, 8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10a54a3b-db6d-45c5-9280-7042ccc17ccd?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10a811f3-0c5b-4e06-a9bb-338d36d0b5eb": { "id": "10a811f3-0c5b-4e06-a9bb-338d36d0b5eb", "title": "WordPress Core < 4.5.3 - Revision History Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.14": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.14", "to_inclusive": true }, "3.8 - 3.8.14": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true }, "3.9 - 3.9.12": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true }, "4.0 - 4.0.11": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true }, "4.1 - 4.1.11": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true }, "4.2 - 4.2.8": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.15", "3.8.15", "3.9.13", "4.0.12", "4.1.12", "4.2.9", "4.3.5", "4.4.4", "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10a811f3-0c5b-4e06-a9bb-338d36d0b5eb?source=api-scan" ], "published": "2016-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10aa1dd7-f909-4ebe-b29b-2f2743b3e08a": { "id": "10aa1dd7-f909-4ebe-b29b-2f2743b3e08a", "title": "Yet Another Related Posts Plugin (YARPP) <= 5.30.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "YARPP \u2013 Yet Another Related Posts Plugin", "slug": "yet-another-related-posts-plugin", "affected_versions": { "* - 5.30.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.30.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.30.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10ac9e80-7aa9-4cc5-ad37-f15f8d12ed16": { "id": "10ac9e80-7aa9-4cc5-ad37-f15f8d12ed16", "title": "GD Rating System < 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10ac9e80-7aa9-4cc5-ad37-f15f8d12ed16?source=api-scan" ], "published": "2017-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10b08a05-3561-4d05-985b-6a2339a547a7": { "id": "10b08a05-3561-4d05-985b-6a2339a547a7", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10b08a05-3561-4d05-985b-6a2339a547a7?source=api-scan" ], "published": "2024-05-21 16:40:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10b46c11-1b34-4da4-a24d-103c663ca315": { "id": "10b46c11-1b34-4da4-a24d-103c663ca315", "title": "Download Manager <= 3.2.59 - Refleced Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.59": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10b46c11-1b34-4da4-a24d-103c663ca315?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10b47054-29cc-4859-bdfc-4dde1437c037": { "id": "10b47054-29cc-4859-bdfc-4dde1437c037", "title": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker <= 9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 9.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10b47054-29cc-4859-bdfc-4dde1437c037?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10b7a88f-ce46-42aa-ab5a-81f38288a659": { "id": "10b7a88f-ce46-42aa-ab5a-81f38288a659", "title": "uListing <= 1.6.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=api-scan" ], "published": "2021-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10bad8bc-ee0a-48e6-b7f9-6651a7ab3049": { "id": "10bad8bc-ee0a-48e6-b7f9-6651a7ab3049", "title": "ARForms Form Builder <= 6.5 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 6.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10bad8bc-ee0a-48e6-b7f9-6651a7ab3049?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10c1402d-613d-4d72-b488-c0af2bee4d59": { "id": "10c1402d-613d-4d72-b488-c0af2bee4d59", "title": "MathJax-LaTeX < 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MathJax-LaTeX", "slug": "mathjax-latex", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10c1402d-613d-4d72-b488-c0af2bee4d59?source=api-scan" ], "published": "2013-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10c1b000-537a-4009-a740-19666505989e": { "id": "10c1b000-537a-4009-a740-19666505989e", "title": "Ultimate Dashboard <= 3.7.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Ultimate Dashboard \u2013 Custom WordPress Dashboard", "slug": "ultimate-dashboard", "affected_versions": { "* - 3.7.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10c1b000-537a-4009-a740-19666505989e?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10c41b59-c83e-4f72-8b20-10db731e23c2": { "id": "10c41b59-c83e-4f72-8b20-10db731e23c2", "title": "EELV Newsletter < 4.6.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EELV Newsletter", "slug": "eelv-newsletter", "affected_versions": { "[*, 4.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10c41b59-c83e-4f72-8b20-10db731e23c2?source=api-scan" ], "published": "2017-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10ccb769-b186-41c4-b0e8-84b9c4d5e7b0": { "id": "10ccb769-b186-41c4-b0e8-84b9c4d5e7b0", "title": "YITH WooCommerce Tab Manager <= 1.35.0 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Tab Manager", "slug": "yith-woocommerce-tab-manager", "affected_versions": { "* - 1.35.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.35.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.35.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10ccb769-b186-41c4-b0e8-84b9c4d5e7b0?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10cfc6e2-1502-45cb-b868-32228b3ccdd9": { "id": "10cfc6e2-1502-45cb-b868-32228b3ccdd9", "title": "Custom Add to Cart Button Label and Link <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Add to Cart Button Label and Link", "slug": "woo-custom-cart-button", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10cfc6e2-1502-45cb-b868-32228b3ccdd9?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10d861c2-8ebf-4ba8-a493-0ab3aa43aa76": { "id": "10d861c2-8ebf-4ba8-a493-0ab3aa43aa76", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 2.1.15 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10d861c2-8ebf-4ba8-a493-0ab3aa43aa76?source=api-scan" ], "published": "2015-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10d926d7-bcc9-4424-8422-90edc36f0ad4": { "id": "10d926d7-bcc9-4424-8422-90edc36f0ad4", "title": "Scrollsequence <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scrollsequence \u2013 Cinematic Scroll Image Animation Plugin", "slug": "scrollsequence", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10d926d7-bcc9-4424-8422-90edc36f0ad4?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10d92d5e-1c23-4f6a-bfab-0756876190a5": { "id": "10d92d5e-1c23-4f6a-bfab-0756876190a5", "title": "WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password", "software": [ { "type": "plugin", "name": "WooCommerce - Social Login", "slug": "woo-social-login", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10e05707-02cb-42de-8399-4556d76b01b3": { "id": "10e05707-02cb-42de-8399-4556d76b01b3", "title": "Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10e05707-02cb-42de-8399-4556d76b01b3?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10e1b3ac-f002-4108-9682-5fe300f07adb": { "id": "10e1b3ac-f002-4108-9682-5fe300f07adb", "title": "HT Easy GA4 \u2013 Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update", "software": [ { "type": "plugin", "name": "HT Easy GA4 \u2013 Google Analytics WordPress Plugin", "slug": "ht-easy-google-analytics", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10e1b3ac-f002-4108-9682-5fe300f07adb?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10e49bdd-3a72-4bb7-ba31-21ba4a5b377f": { "id": "10e49bdd-3a72-4bb7-ba31-21ba4a5b377f", "title": "SAML Single Sign On \u2013 SAML SSO Login <= 4.8.75 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SAML Single Sign On \u2013 SSO Login", "slug": "miniorange-saml-20-single-sign-on", "affected_versions": { "* - 4.8.75": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10e49bdd-3a72-4bb7-ba31-21ba4a5b377f?source=api-scan" ], "published": "2019-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10e98088-423d-45bb-ae90-51e895d2929b": { "id": "10e98088-423d-45bb-ae90-51e895d2929b", "title": "WordPress Infinite Scroll \u2013 Ajax Load More <= 2.8.1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 2.8.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10e98088-423d-45bb-ae90-51e895d2929b?source=api-scan" ], "published": "2015-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10ea8f3a-35d6-494e-90f6-9165320cf99c": { "id": "10ea8f3a-35d6-494e-90f6-9165320cf99c", "title": "Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Print-O-Matic", "slug": "print-o-matic", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10ea8f3a-35d6-494e-90f6-9165320cf99c?source=api-scan" ], "published": "2024-05-21 19:14:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10ed13e9-f196-47cc-9e45-a7646444cc5b": { "id": "10ed13e9-f196-47cc-9e45-a7646444cc5b", "title": "WP-Invoice \u2013 Web Invoice and Billing <= 4.1.0 - Unauthorized Settings Change", "software": [ { "type": "plugin", "name": "WP-Invoice \u2013 Web Invoice and Billing", "slug": "wp-invoice", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10ed13e9-f196-47cc-9e45-a7646444cc5b?source=api-scan" ], "published": "2016-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10ede689-4434-47fc-bf94-ca6da678ae01": { "id": "10ede689-4434-47fc-bf94-ca6da678ae01", "title": "Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Contact Form Pro", "slug": "easy-contact-form-pro", "affected_versions": { "[*, 1.1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10ede689-4434-47fc-bf94-ca6da678ae01?source=api-scan" ], "published": "2021-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10ee015a-c60b-4236-bb7a-9d3ffd944bf9": { "id": "10ee015a-c60b-4236-bb7a-9d3ffd944bf9", "title": "OneLogin SAML SSO < 2.2.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "OneLogin SAML SSO", "slug": "onelogin-saml-sso", "affected_versions": { "[*, 2.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10ee015a-c60b-4236-bb7a-9d3ffd944bf9?source=api-scan" ], "published": "2016-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10ef8475-4ec5-4412-97f6-3abdb4442b92": { "id": "10ef8475-4ec5-4412-97f6-3abdb4442b92", "title": "alfred24 Click & Collect <= 1.1.7 - Authenticated (Administrator+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "alfred24 Click & Collect", "slug": "alfred-click-collect", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10ef8475-4ec5-4412-97f6-3abdb4442b92?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10f00859-3adf-40ff-8f33-827bbb1f62df": { "id": "10f00859-3adf-40ff-8f33-827bbb1f62df", "title": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page", "software": [ { "type": "plugin", "name": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction", "slug": "paid-member-subscriptions", "affected_versions": { "* - 2.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10f00859-3adf-40ff-8f33-827bbb1f62df?source=api-scan" ], "published": "2024-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10f28404-acd0-40de-af42-2970b5b25bde": { "id": "10f28404-acd0-40de-af42-2970b5b25bde", "title": "Aajoda Testimonials <= 2.2.1 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Aajoda Testimonials", "slug": "aajoda-testimonials", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10f28404-acd0-40de-af42-2970b5b25bde?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10fcfddf-0ed7-471d-86bf-c38e7021c6a4": { "id": "10fcfddf-0ed7-471d-86bf-c38e7021c6a4", "title": "Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clio Grow", "slug": "clio-grow-form", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10fcfddf-0ed7-471d-86bf-c38e7021c6a4?source=api-scan" ], "published": "2024-10-03 13:31:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "10ffe689-143a-4232-8094-45844dc5262b": { "id": "10ffe689-143a-4232-8094-45844dc5262b", "title": "FreshMail For WordPress <= 2.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FreshMail For WordPress", "slug": "freshmail-integration", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/10ffe689-143a-4232-8094-45844dc5262b?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1101bfe6-2075-4f44-933b-6d9f372100a2": { "id": "1101bfe6-2075-4f44-933b-6d9f372100a2", "title": "Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule", "software": [ { "type": "plugin", "name": "Pricing Deals for WooCommerce", "slug": "pricing-deals-for-woocommerce", "affected_versions": { "* - 2.0.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1101bfe6-2075-4f44-933b-6d9f372100a2?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11043029-1b77-4e18-bdd8-fca2eadc6901": { "id": "11043029-1b77-4e18-bdd8-fca2eadc6901", "title": "Register Plus <= 3.5.11 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Register Plus", "slug": "register-plus", "affected_versions": { "* - 3.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11043029-1b77-4e18-bdd8-fca2eadc6901?source=api-scan" ], "published": "2010-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1106e7b2-eac7-459d-8eb3-fe84c76f3b67": { "id": "1106e7b2-eac7-459d-8eb3-fe84c76f3b67", "title": "Custom 404 Pro <= 3.10.0 - Unauthenticated Stored Cross-Site Scripting via logging", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "* - 3.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1106e7b2-eac7-459d-8eb3-fe84c76f3b67?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "110c6d41-e814-41c9-a3e7-d94ec3d953e6": { "id": "110c6d41-e814-41c9-a3e7-d94ec3d953e6", "title": "Star CloudPRNT for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Star CloudPRNT for WooCommerce", "slug": "star-cloudprnt-for-woocommerce", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/110c6d41-e814-41c9-a3e7-d94ec3d953e6?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "110e5e67-b318-4ab2-9b4d-59aabcf7db7c": { "id": "110e5e67-b318-4ab2-9b4d-59aabcf7db7c", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.12.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "110f4ca6-3e59-4348-bb45-6e5fcfa81491": { "id": "110f4ca6-3e59-4348-bb45-6e5fcfa81491", "title": "W3 Total Cache <= 0.9.2.4 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/110f4ca6-3e59-4348-bb45-6e5fcfa81491?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11177270-cc73-4c65-9f72-8c0a0a89bed5": { "id": "11177270-cc73-4c65-9f72-8c0a0a89bed5", "title": "404 to 301 \u2013 Redirect, Log and Notify 404 Errors <= 3.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "404 to 301 \u2013 Redirect, Log and Notify 404 Errors", "slug": "404-to-301", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11177270-cc73-4c65-9f72-8c0a0a89bed5?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "111c46c3-7c70-454b-8e99-1552cf0104e2": { "id": "111c46c3-7c70-454b-8e99-1552cf0104e2", "title": "WP Front-End Repository Manager <= 1.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Front-End Repository Manager", "slug": "wp-front-end-repository", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/111c46c3-7c70-454b-8e99-1552cf0104e2?source=api-scan" ], "published": "2015-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "112564b7-bf3c-4c17-8113-e05ab75edf6a": { "id": "112564b7-bf3c-4c17-8113-e05ab75edf6a", "title": "ImageLinks Interactive Image Builder <= 1.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ImageLinks Interactive Image Builder for WordPress", "slug": "imagelinks-interactive-image-builder-lite", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/112564b7-bf3c-4c17-8113-e05ab75edf6a?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1127a5f3-1698-45e9-85bd-4eebfdbe56d4": { "id": "1127a5f3-1698-45e9-85bd-4eebfdbe56d4", "title": "Product Delivery Date for WooCommerce \u2013 Lite <= 2.7.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Delivery Date for WooCommerce \u2013 Lite", "slug": "product-delivery-date-for-woocommerce-lite", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1127a5f3-1698-45e9-85bd-4eebfdbe56d4?source=api-scan" ], "published": "2024-10-03 13:40:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1127fe1e-4359-4dff-93a7-392a8bfded51": { "id": "1127fe1e-4359-4dff-93a7-392a8bfded51", "title": "WP Courses LMS <= 3.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, Courses Solution, Education Courses", "slug": "wp-courses", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1127fe1e-4359-4dff-93a7-392a8bfded51?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11280431-ee39-45da-909a-e9efc0e6266f": { "id": "11280431-ee39-45da-909a-e9efc0e6266f", "title": "Avada <= 7.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11280431-ee39-45da-909a-e9efc0e6266f?source=api-scan" ], "published": "2021-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "112e4abe-aac7-4fac-b03f-b998374846c4": { "id": "112e4abe-aac7-4fac-b03f-b998374846c4", "title": "WP Custom Cursors <= 3.0 - Cross-Site Request Forgery to Cursor Manipulation", "software": [ { "type": "plugin", "name": "WP Custom Cursors | WordPress Cursor Plugin", "slug": "wp-custom-cursors", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/112e4abe-aac7-4fac-b03f-b998374846c4?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "112ed4f2-fe91-4d83-a3f7-eaf889870af4": { "id": "112ed4f2-fe91-4d83-a3f7-eaf889870af4", "title": "WordPress Core - All known versions - Unauthenticated Blind Server Side Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/112ed4f2-fe91-4d83-a3f7-eaf889870af4?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11305d35-07d6-4c61-a0c7-035671229f07": { "id": "11305d35-07d6-4c61-a0c7-035671229f07", "title": "bbPress Toolkit <= 1.0.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bbPress Toolkit", "slug": "bbp-toolkit", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11305d35-07d6-4c61-a0c7-035671229f07?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11349bc4-b432-4225-82a4-30bc9d0057f9": { "id": "11349bc4-b432-4225-82a4-30bc9d0057f9", "title": "Leaflet Maps Marker Pro < 1.5.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "leaflet-maps-marker-pro", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11349bc4-b432-4225-82a4-30bc9d0057f9?source=api-scan" ], "published": "2014-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "113554f9-b8f0-4bdd-be90-0093fb520022": { "id": "113554f9-b8f0-4bdd-be90-0093fb520022", "title": "Duplicate Page and Post <= 2.1.1 - Malicious Backdoor", "software": [ { "type": "plugin", "name": "Duplicate Page and Post", "slug": "duplicate-page-and-post", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/113554f9-b8f0-4bdd-be90-0093fb520022?source=api-scan" ], "published": "2017-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11386b6a-632c-451a-b726-846f74b6f42d": { "id": "11386b6a-632c-451a-b726-846f74b6f42d", "title": "PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11386b6a-632c-451a-b726-846f74b6f42d?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "113c154d-94a0-41da-a5ed-d9b2617e1c2c": { "id": "113c154d-94a0-41da-a5ed-d9b2617e1c2c", "title": "BuddyPress <= 12.4.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 12.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "12.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/113c154d-94a0-41da-a5ed-d9b2617e1c2c?source=api-scan" ], "published": "2024-06-11 12:16:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "113dcd4d-e62f-44dc-8087-28d265ef66be": { "id": "113dcd4d-e62f-44dc-8087-28d265ef66be", "title": "WPGlobus \u2013 Multilingual Everything! <= 1.9.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPGlobus \u2013 Multilingual WordPress", "slug": "wpglobus", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/113dcd4d-e62f-44dc-8087-28d265ef66be?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "113f0cb7-a5eb-42d5-ad42-871c0381b617": { "id": "113f0cb7-a5eb-42d5-ad42-871c0381b617", "title": "Keap Landing Pages <= 1.4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Keap Landing Pages", "slug": "infusionsoft-landing-pages", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/113f0cb7-a5eb-42d5-ad42-871c0381b617?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11401ad7-6064-475c-92f6-ce72a56e9a83": { "id": "11401ad7-6064-475c-92f6-ce72a56e9a83", "title": "Cookie Bar <= 1.8.8 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Bar", "slug": "cookie-bar", "affected_versions": { "* - 1.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11401ad7-6064-475c-92f6-ce72a56e9a83?source=api-scan" ], "published": "2021-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1148b18d-7af1-41c6-bd7f-1b2d53cb44e6": { "id": "1148b18d-7af1-41c6-bd7f-1b2d53cb44e6", "title": "UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation", "software": [ { "type": "plugin", "name": "User registration & user profile \u2013 UserPlus", "slug": "userplus", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1148b18d-7af1-41c6-bd7f-1b2d53cb44e6?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "114cf149-e923-4e21-9eb0-e38941799304": { "id": "114cf149-e923-4e21-9eb0-e38941799304", "title": "Post View Count <= 2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Post View Count", "slug": "wp-simple-post-view", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/114cf149-e923-4e21-9eb0-e38941799304?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "114e8ba9-b6b0-4b54-982c-8e9efaa616c7": { "id": "114e8ba9-b6b0-4b54-982c-8e9efaa616c7", "title": "Spiffy Calendar <= 4.9.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/114e8ba9-b6b0-4b54-982c-8e9efaa616c7?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "114ea55e-a3a4-420e-9202-73ebbd95d7b4": { "id": "114ea55e-a3a4-420e-9202-73ebbd95d7b4", "title": "ThirstyAffiliates Affiliate Link Manager <= 3.9.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ThirstyAffiliates \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "thirstyaffiliates", "affected_versions": { "* - 3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/114ea55e-a3a4-420e-9202-73ebbd95d7b4?source=api-scan" ], "published": "2020-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "114ff636-6b51-43a2-b2c8-19e01e94176f": { "id": "114ff636-6b51-43a2-b2c8-19e01e94176f", "title": "Vithy (Unknown Versions) - Full Path Disclosure", "software": [ { "type": "theme", "name": "Vithy", "slug": "vithy", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/114ff636-6b51-43a2-b2c8-19e01e94176f?source=api-scan" ], "published": "2012-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11542fc6-33e2-40b9-be74-9fbb788f6915": { "id": "11542fc6-33e2-40b9-be74-9fbb788f6915", "title": "MX Time Zone Clocks <= 3.4 - Contributor+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MX Time Zone Clocks", "slug": "mx-time-zone-clocks", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11542fc6-33e2-40b9-be74-9fbb788f6915?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1158081c-97da-4026-be16-994f4e41c92f": { "id": "1158081c-97da-4026-be16-994f4e41c92f", "title": "Getwid \u2013 Gutenberg Blocks <= 2.0.2 - Improper Input Validation to Arbitrary Email Sending to Admin", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1158081c-97da-4026-be16-994f4e41c92f?source=api-scan" ], "published": "2023-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "115ad0b2-febe-485a-8fb5-9bd6edc37ef7": { "id": "115ad0b2-febe-485a-8fb5-9bd6edc37ef7", "title": "EventON <= 2.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/115ad0b2-febe-485a-8fb5-9bd6edc37ef7?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "115d549c-2dea-4d94-9c50-75b8149be1e4": { "id": "115d549c-2dea-4d94-9c50-75b8149be1e4", "title": "Content Copy Protection & Prevent Image Save <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Copy Protection & Prevent Image Save", "slug": "prevent-content-copy-image-save", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/115d549c-2dea-4d94-9c50-75b8149be1e4?source=api-scan" ], "published": "2021-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "115f966d-b0f4-46c0-af05-48dd5bf72098": { "id": "115f966d-b0f4-46c0-af05-48dd5bf72098", "title": "WP Shop <= 3.4.3.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shop", "slug": "wp-shop-original", "affected_versions": { "[*, 3.4.3.19)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.3.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/115f966d-b0f4-46c0-af05-48dd5bf72098?source=api-scan" ], "published": "2015-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1161f41b-1594-4b1b-8a89-44a5a5a9dca6": { "id": "1161f41b-1594-4b1b-8a89-44a5a5a9dca6", "title": "Brizy Page Builder <= 2.3.11 - Incorrect Authorization Checks Allowing Post Modification", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 1.0.125": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.125", "to_inclusive": true }, "1.0.127 - 2.3.11": { "from_version": "1.0.127", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.126", "2.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1161f41b-1594-4b1b-8a89-44a5a5a9dca6?source=api-scan" ], "published": "2020-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11653fa1-c6f5-4bcc-81d2-dd469300b40a": { "id": "11653fa1-c6f5-4bcc-81d2-dd469300b40a", "title": "Virtual Robots.txt < 1.10 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Virtual Robots.txt", "slug": "virtual-robotstxt-littlebizzy", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11653fa1-c6f5-4bcc-81d2-dd469300b40a?source=api-scan" ], "published": "2021-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1165c68d-3da4-45f3-b054-4904e54d18ac": { "id": "1165c68d-3da4-45f3-b054-4904e54d18ac", "title": "Google XML Sitemap for Images <= 2.1.3 - Cross-Site Request Forgery via image_sitemap_generate", "software": [ { "type": "plugin", "name": "Google XML Sitemap for Images", "slug": "google-image-sitemap", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1165c68d-3da4-45f3-b054-4904e54d18ac?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11681152-e4f0-4cea-8fc8-f297368e4b15": { "id": "11681152-e4f0-4cea-8fc8-f297368e4b15", "title": "Woody Ad Snippets <= 2.2.8 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads", "slug": "insert-php", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11681152-e4f0-4cea-8fc8-f297368e4b15?source=api-scan" ], "published": "2019-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1171a510-ae5c-4f8e-99a2-aa98cf54d82e": { "id": "1171a510-ae5c-4f8e-99a2-aa98cf54d82e", "title": "ElasticPress <= 5.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1171a510-ae5c-4f8e-99a2-aa98cf54d82e?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1173e2ad-c53d-4d37-9c77-4b63f04ff335": { "id": "1173e2ad-c53d-4d37-9c77-4b63f04ff335", "title": "Pz-LinkCard <= 2.5.2 - Sever-Side Request Forgery", "software": [ { "type": "plugin", "name": "Pz-LinkCard", "slug": "pz-linkcard", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1173e2ad-c53d-4d37-9c77-4b63f04ff335?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11795557-74c0-469a-9751-adc759f9214b": { "id": "11795557-74c0-469a-9751-adc759f9214b", "title": "Download canvasio3D Light <= 2.5.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "canvasio3D Light", "slug": "canvasio3d-light", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11795557-74c0-469a-9751-adc759f9214b?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "117e797a-1878-4b5f-9846-4a73b5396ece": { "id": "117e797a-1878-4b5f-9846-4a73b5396ece", "title": "Wp-FileManager <= 1.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "wp-FileManager", "slug": "wp-filemanager", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/117e797a-1878-4b5f-9846-4a73b5396ece?source=api-scan" ], "published": "2008-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "118b9d85-1246-47f7-bdef-af47075576f2": { "id": "118b9d85-1246-47f7-bdef-af47075576f2", "title": "FV Flowplayer Video Player <= 1.2.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/118b9d85-1246-47f7-bdef-af47075576f2?source=api-scan" ], "published": "2011-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "118e1a8c-a638-4571-9ce9-cf2cba4b9b06": { "id": "118e1a8c-a638-4571-9ce9-cf2cba4b9b06", "title": "Simple URLs <= 117 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Simple URLs \u2013 Link Cloaking, Product Displays, and Affiliate Link Management", "slug": "simple-urls", "affected_versions": { "* - 117": { "from_version": "*", "from_inclusive": true, "to_version": "117", "to_inclusive": true } }, "patched": true, "patched_versions": [ "118" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/118e1a8c-a638-4571-9ce9-cf2cba4b9b06?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11938a57-3eb7-4e7d-99ae-c6cf508cb4c7": { "id": "11938a57-3eb7-4e7d-99ae-c6cf508cb4c7", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_url'", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11938a57-3eb7-4e7d-99ae-c6cf508cb4c7?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1197a66e-4557-458f-b8fd-b7a8e7586817": { "id": "1197a66e-4557-458f-b8fd-b7a8e7586817", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio < 2.53 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "[*, 2.53)": { "from_version": "*", "from_inclusive": true, "to_version": "2.53", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1197a66e-4557-458f-b8fd-b7a8e7586817?source=api-scan" ], "published": "2012-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "119f87d0-dcd7-487a-bee5-ebcfbcb0a62a": { "id": "119f87d0-dcd7-487a-bee5-ebcfbcb0a62a", "title": "Music Request Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Music Request Manager", "slug": "music-request-manager", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/119f87d0-dcd7-487a-bee5-ebcfbcb0a62a?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11aa7971-9770-47fc-960e-44fe43321b53": { "id": "11aa7971-9770-47fc-960e-44fe43321b53", "title": "Calendar_plugin <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calendar_plugin", "slug": "calendar-plugin", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11aa7971-9770-47fc-960e-44fe43321b53?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11aaec16-930d-44f6-abe5-4f7fdc32f252": { "id": "11aaec16-930d-44f6-abe5-4f7fdc32f252", "title": "LayerSlider <= 6.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "[*, 6.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11aaec16-930d-44f6-abe5-4f7fdc32f252?source=api-scan" ], "published": "2017-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11ad65cd-941f-4605-8b69-59146b2d59db": { "id": "11ad65cd-941f-4605-8b69-59146b2d59db", "title": "SEO Redirection <= 4.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "[*, 4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11ad65cd-941f-4605-8b69-59146b2d59db?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11aec50c-2531-4d30-92da-8513fdca741e": { "id": "11aec50c-2531-4d30-92da-8513fdca741e", "title": "Checkout Fields Manager for WooCommerce <= 5.5.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Checkout Field Manager (Checkout Manager) for WooCommerce", "slug": "woocommerce-checkout-manager", "affected_versions": { "* - 5.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11aec50c-2531-4d30-92da-8513fdca741e?source=api-scan" ], "published": "2022-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11b5f0a1-bf22-46be-a165-c62f1077da0f": { "id": "11b5f0a1-bf22-46be-a165-c62f1077da0f", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.5 - Authenticated (Contributor+) Directory Traversal", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11b5f0a1-bf22-46be-a165-c62f1077da0f?source=api-scan" ], "published": "2024-05-23 16:06:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11b640a9-a031-4061-a4d2-93decd634acf": { "id": "11b640a9-a031-4061-a4d2-93decd634acf", "title": "WP HTML Author Bio <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP HTML Author Bio", "slug": "wp-html-author-bio-by-ahmad-awais", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11b640a9-a031-4061-a4d2-93decd634acf?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11b8c13b-2167-4fca-a981-a331fadc0439": { "id": "11b8c13b-2167-4fca-a981-a331fadc0439", "title": "Olive One Click Demo Import <= 1.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Olive One Click Demo Import", "slug": "olive-one-click-demo-import", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11b8c13b-2167-4fca-a981-a331fadc0439?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11bdcf58-be0c-4fdb-ac15-ee4c3afe7275": { "id": "11bdcf58-be0c-4fdb-ac15-ee4c3afe7275", "title": "Loginizer <= 1.7.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Loginizer", "slug": "loginizer", "affected_versions": { "[*, 1.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11bdcf58-be0c-4fdb-ac15-ee4c3afe7275?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11c369eb-7e5b-4fcf-a526-23466ebad420": { "id": "11c369eb-7e5b-4fcf-a526-23466ebad420", "title": "Simple Retail Menus <= 4.0.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Simple Retail Menus", "slug": "simple-retail-menus", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11c369eb-7e5b-4fcf-a526-23466ebad420?source=api-scan" ], "published": "2015-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11c4b855-8589-4ad2-b414-566ac8eb4632": { "id": "11c4b855-8589-4ad2-b414-566ac8eb4632", "title": "Quick Page\/Post Redirect Plugin <= 5.1.9 - Redirect Security Bypass", "software": [ { "type": "plugin", "name": "Quick Page\/Post Redirect Plugin", "slug": "quick-pagepost-redirect-plugin", "affected_versions": { "* - 5.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11c4b855-8589-4ad2-b414-566ac8eb4632?source=api-scan" ], "published": "2020-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11c7abc5-1a41-4eab-b603-064baf978ddd": { "id": "11c7abc5-1a41-4eab-b603-064baf978ddd", "title": "Leaflet Maps Marker Pro < 1.5.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "leaflet-maps-marker-pro", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11c7abc5-1a41-4eab-b603-064baf978ddd?source=api-scan" ], "published": "2014-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11c9124d-80e0-435d-9eb4-901c4f481a6f": { "id": "11c9124d-80e0-435d-9eb4-901c4f481a6f", "title": "FileOrganizer <= 1.0.3 - Authenticated (Admin+) Arbitrary File Access", "software": [ { "type": "plugin", "name": "FileOrganizer \u2013 Manage WordPress and Website Files", "slug": "fileorganizer", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11c9124d-80e0-435d-9eb4-901c4f481a6f?source=api-scan" ], "published": "2023-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11cc8c6e-b60e-46b3-966e-07b1fb2bf8e9": { "id": "11cc8c6e-b60e-46b3-966e-07b1fb2bf8e9", "title": "WP Affiliate Disclosure <= 1.2.6 - Cross-Site Request Forgery via check_capability", "software": [ { "type": "plugin", "name": "WP Affiliate Disclosure", "slug": "wp-affiliate-disclosure", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11cc8c6e-b60e-46b3-966e-07b1fb2bf8e9?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11d4c028-94c1-4b78-92f8-0f3303725651": { "id": "11d4c028-94c1-4b78-92f8-0f3303725651", "title": "Flatsome | Multi-Purpose Responsive WooCommerce Theme <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes", "software": [ { "type": "theme", "name": "Flatsome", "slug": "flatsome", "affected_versions": { "* - 3.18.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.18.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11d4c028-94c1-4b78-92f8-0f3303725651?source=api-scan" ], "published": "2024-06-21 13:15:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11d53df8-f7b3-467c-8b3a-515974f1ea69": { "id": "11d53df8-f7b3-467c-8b3a-515974f1ea69", "title": "WordPress Core < 1.5.1.3 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 1.5.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11d53df8-f7b3-467c-8b3a-515974f1ea69?source=api-scan" ], "published": "2005-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11dbc647-fa96-4c63-8f13-0c8ea6f33919": { "id": "11dbc647-fa96-4c63-8f13-0c8ea6f33919", "title": "WP-PostRatings <= 1.91.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-PostRatings", "slug": "wp-postratings", "affected_versions": { "* - 1.91.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.91.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.91.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11dbc647-fa96-4c63-8f13-0c8ea6f33919?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11dceac7-7ff8-4384-9046-919c38947c32": { "id": "11dceac7-7ff8-4384-9046-919c38947c32", "title": "Jetpack \u2013 WP Security, Backup, Speed, & Growth <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 13.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "13.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11dceac7-7ff8-4384-9046-919c38947c32?source=api-scan" ], "published": "2024-05-13 20:29:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11deeb2a-db8c-4380-a541-0c78781f78c6": { "id": "11deeb2a-db8c-4380-a541-0c78781f78c6", "title": "WP Travel Engine <= 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator Software", "slug": "wp-travel-engine", "affected_versions": { "* - 5.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11deeb2a-db8c-4380-a541-0c78781f78c6?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11e31621-295a-4d34-8f11-65408bc75260": { "id": "11e31621-295a-4d34-8f11-65408bc75260", "title": "Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.82 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", "slug": "mailin", "affected_versions": { "* - 3.1.82": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11e31621-295a-4d34-8f11-65408bc75260?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11e97adc-b402-4d82-ae39-4dccbd70bcf2": { "id": "11e97adc-b402-4d82-ae39-4dccbd70bcf2", "title": "Elementor Addon Elements <= 1.11.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.11.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11e97adc-b402-4d82-ae39-4dccbd70bcf2?source=api-scan" ], "published": "2021-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11ea3e40-8802-43ea-9816-973a15d7904d": { "id": "11ea3e40-8802-43ea-9816-973a15d7904d", "title": "WP OnlineSupport, Essential Plugin Popup Anything <= 2.2.1 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Popup Anything \u2013 Popup for opt-ins and Lead Generation Conversions", "slug": "popup-anything-on-click", "affected_versions": { "[*, 2.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11ea3e40-8802-43ea-9816-973a15d7904d?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11f74b86-a050-4247-b310-045bf48fd4bd": { "id": "11f74b86-a050-4247-b310-045bf48fd4bd", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'attach_rule'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11f74b86-a050-4247-b310-045bf48fd4bd?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11f883d2-c183-4cc9-a330-6c50610a5c39": { "id": "11f883d2-c183-4cc9-a330-6c50610a5c39", "title": "Shariff Sharing < 1.0.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shariff for WordPress", "slug": "shariff-sharing", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11f883d2-c183-4cc9-a330-6c50610a5c39?source=api-scan" ], "published": "2014-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11fb823c-c3d3-456d-b606-b01a8307c25a": { "id": "11fb823c-c3d3-456d-b606-b01a8307c25a", "title": "Simple Image Popup Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Image Popup Shortcode", "slug": "simple-image-popup-shortcode", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11fb823c-c3d3-456d-b606-b01a8307c25a?source=api-scan" ], "published": "2024-06-05 13:02:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11fc48b0-cee2-4392-866b-5c0f366e5d98": { "id": "11fc48b0-cee2-4392-866b-5c0f366e5d98", "title": "Language <= 1.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WordPress Language", "slug": "wordpress-language", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11fc48b0-cee2-4392-866b-5c0f366e5d98?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11fd8768-0168-4e3b-9c2d-659fc4101a73": { "id": "11fd8768-0168-4e3b-9c2d-659fc4101a73", "title": "MainWP Google Analytics Extension <= 4.0.4 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "MainWP Google Analytics Extension", "slug": "mainwp-google-analytics-extension", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11fd8768-0168-4e3b-9c2d-659fc4101a73?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc": { "id": "11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc", "title": "Auto Amazon Links <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via style", "software": [ { "type": "plugin", "name": "Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin", "slug": "amazon-auto-links", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1200d2b3-2c1b-44a4-bf87-2d9b0121d6cb": { "id": "1200d2b3-2c1b-44a4-bf87-2d9b0121d6cb", "title": "3xSocializer <= 0.98.22 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "3xSocializer", "slug": "3xsocializer", "affected_versions": { "* - 0.98.22": { "from_version": "*", "from_inclusive": true, "to_version": "0.98.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1200d2b3-2c1b-44a4-bf87-2d9b0121d6cb?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "120313be-9f98-4448-9f5d-a77186a6ff08": { "id": "120313be-9f98-4448-9f5d-a77186a6ff08", "title": "Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/120313be-9f98-4448-9f5d-a77186a6ff08?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "120514af-41d8-49ca-be87-28c7d4777fee": { "id": "120514af-41d8-49ca-be87-28c7d4777fee", "title": "Cryptographp <= 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cryptographp", "slug": "cryptographp", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/120514af-41d8-49ca-be87-28c7d4777fee?source=api-scan" ], "published": "2007-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12072b77-fe68-4304-8230-7c137a8d05ac": { "id": "12072b77-fe68-4304-8230-7c137a8d05ac", "title": "WordPress Core < 3.0.2 - Spam Protection Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12072b77-fe68-4304-8230-7c137a8d05ac?source=api-scan" ], "published": "2010-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12081e8c-7aec-4450-a1a6-15250e7037f4": { "id": "12081e8c-7aec-4450-a1a6-15250e7037f4", "title": "Debug Bar <= 1.85 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Debug Bar \u2013 Enable WP_DEBUG from admin dashboard", "slug": "enable-wp-debug-from-admin-dashboard", "affected_versions": { "* - 1.85": { "from_version": "*", "from_inclusive": true, "to_version": "1.85", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.86" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12081e8c-7aec-4450-a1a6-15250e7037f4?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "120a75c5-4fff-4a77-b376-d6968853b40e": { "id": "120a75c5-4fff-4a77-b376-d6968853b40e", "title": "WP Social Bookmark Menu <= 1.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP SOCIAL BOOKMARK MENU", "slug": "wp-social-bookmark-menu", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/120a75c5-4fff-4a77-b376-d6968853b40e?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "120e6a19-fae3-4083-a72e-36867e7eb18a": { "id": "120e6a19-fae3-4083-a72e-36867e7eb18a", "title": "Advanced XML Reader <= 0.3.4 - External Entity Injection", "software": [ { "type": "plugin", "name": "Advanced XML Reader", "slug": "advanced-xml-reader", "affected_versions": { "* - 0.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/120e6a19-fae3-4083-a72e-36867e7eb18a?source=api-scan" ], "published": "2013-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "120fa415-81e3-4084-8943-df83cde334c5": { "id": "120fa415-81e3-4084-8943-df83cde334c5", "title": "WordPress Core < 2.8.3 - Missing Authorization", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/120fa415-81e3-4084-8943-df83cde334c5?source=api-scan" ], "published": "2009-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "121022ad-a569-4a80-96ee-c7911db81a30": { "id": "121022ad-a569-4a80-96ee-c7911db81a30", "title": "eID Easy <= 4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eID Easy", "slug": "smart-id", "affected_versions": { "* - 4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/121022ad-a569-4a80-96ee-c7911db81a30?source=api-scan" ], "published": "2021-09-17 18:48:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "121160a3-b090-4a33-9615-fa4626631bec": { "id": "121160a3-b090-4a33-9615-fa4626631bec", "title": "Mailster <= 4.0.6 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Mailster - Email Newsletter Plugin for WordPress", "slug": "mailster", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/121160a3-b090-4a33-9615-fa4626631bec?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1212dfc7-41d4-4c16-960a-7afc882ec4db": { "id": "1212dfc7-41d4-4c16-960a-7afc882ec4db", "title": "Booking.com Product Helper <= 1.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking.com Product Helper", "slug": "bookingcom-product-helper", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1212dfc7-41d4-4c16-960a-7afc882ec4db?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12188a74-b1a6-4aa4-88b4-2d0d0dd32916": { "id": "12188a74-b1a6-4aa4-88b4-2d0d0dd32916", "title": "BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4.2" ] }, { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12188a74-b1a6-4aa4-88b4-2d0d0dd32916?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1218ed3b-badc-464e-adbc-76fb4f6af008": { "id": "1218ed3b-badc-464e-adbc-76fb4f6af008", "title": "Google Calendar Events <= 3.2.5 - Cross-Site Request Forgery via bulk_actions", "software": [ { "type": "plugin", "name": "Simple Calendar \u2013 Google Calendar Plugin", "slug": "google-calendar-events", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1218ed3b-badc-464e-adbc-76fb4f6af008?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "121a3b46-0b31-4f28-b98e-fc06760548ae": { "id": "121a3b46-0b31-4f28-b98e-fc06760548ae", "title": "Data Tables Generator by Supsystic <= 1.9.99 - Time-Based Blind SQL Injection", "software": [ { "type": "plugin", "name": "Data Tables Generator by Supsystic", "slug": "data-tables-generator-by-supsystic", "affected_versions": { "* - 1.9.99": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.99", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/121a3b46-0b31-4f28-b98e-fc06760548ae?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "121afcc4-754c-4f4b-8b02-9b5a4a248041": { "id": "121afcc4-754c-4f4b-8b02-9b5a4a248041", "title": "N5 Upload Form <= 1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "N5 Upload Form", "slug": "n5-uploadform", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/121afcc4-754c-4f4b-8b02-9b5a4a248041?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "121cad41-d3cd-4042-b568-3d91909a38d3": { "id": "121cad41-d3cd-4042-b568-3d91909a38d3", "title": "Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/121cad41-d3cd-4042-b568-3d91909a38d3?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "121d5d4d-cf15-4c20-afb5-aa3375f2ef62": { "id": "121d5d4d-cf15-4c20-afb5-aa3375f2ef62", "title": "WordPress Gallery Plugin \u2013 Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Limb Gallery | Create Beautiful Image & Video Galleries", "slug": "limb-gallery", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/121d5d4d-cf15-4c20-afb5-aa3375f2ef62?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12263ca7-41d8-4ef2-b644-ddfcae8c9665": { "id": "12263ca7-41d8-4ef2-b644-ddfcae8c9665", "title": "Brafton < 3.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brafton", "slug": "BraftonWordpressPlugin", "affected_versions": { "[*, 3.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12263ca7-41d8-4ef2-b644-ddfcae8c9665?source=api-scan" ], "published": "2016-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1227f3bc-0bb3-4b80-ad69-2d4314fafbe4": { "id": "1227f3bc-0bb3-4b80-ad69-2d4314fafbe4", "title": "Sydney Toolbox <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sydney Toolbox", "slug": "sydney-toolbox", "affected_versions": { "* - 1.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "122b75d2-e882-45b9-baf1-acf847f8d60a": { "id": "122b75d2-e882-45b9-baf1-acf847f8d60a", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/122b75d2-e882-45b9-baf1-acf847f8d60a?source=api-scan" ], "published": "2024-06-04 14:20:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1237f0b3-540a-4734-8966-4798799fef65": { "id": "1237f0b3-540a-4734-8966-4798799fef65", "title": "Slugs Manager <= 2.6.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Slugs Manager: Delete Old Permalinks from WordPress Database", "slug": "remove-old-slugspermalinks", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1237f0b3-540a-4734-8966-4798799fef65?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "123c2958-3335-4212-8ed0-b2a56a5272f3": { "id": "123c2958-3335-4212-8ed0-b2a56a5272f3", "title": "OSM - OpenStreetMap <= 6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "OSM \u2013 OpenStreetMap", "slug": "osm", "affected_versions": { "* - 6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/123c2958-3335-4212-8ed0-b2a56a5272f3?source=api-scan" ], "published": "2022-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "123d6216-3174-40c9-bdb9-405e5a5ca129": { "id": "123d6216-3174-40c9-bdb9-405e5a5ca129", "title": "Print Page block <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Print Page block \u2013 Print the entire page or Section.", "slug": "print-page", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/123d6216-3174-40c9-bdb9-405e5a5ca129?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12515236-753e-49e8-b8c8-b0c8831c6005": { "id": "12515236-753e-49e8-b8c8-b0c8831c6005", "title": "Relogo <= 0.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Relogo", "slug": "relogo", "affected_versions": { "* - 0.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12515236-753e-49e8-b8c8-b0c8831c6005?source=api-scan" ], "published": "2024-09-30 19:22:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12532f84-bc76-4968-a01f-f879ab41b901": { "id": "12532f84-bc76-4968-a01f-f879ab41b901", "title": "Restrict Usernames Emails Characters <= 3.1.3 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restrict Usernames Emails Characters", "slug": "restrict-usernames-emails-characters", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12532f84-bc76-4968-a01f-f879ab41b901?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1254e0ad-852e-4fd4-8317-61bfbbc9f737": { "id": "1254e0ad-852e-4fd4-8317-61bfbbc9f737", "title": "External Links <= 2.55 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "External Links \u2013 nofollow, noopener & new window", "slug": "wp-external-links", "affected_versions": { "* - 2.55": { "from_version": "*", "from_inclusive": true, "to_version": "2.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1254e0ad-852e-4fd4-8317-61bfbbc9f737?source=api-scan" ], "published": "2022-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12560b8e-9c47-4f7f-ac9c-d86f17914ba3": { "id": "12560b8e-9c47-4f7f-ac9c-d86f17914ba3", "title": "Feather Login Page 1.0.7 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation", "software": [ { "type": "plugin", "name": "Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha", "slug": "feather-login-page", "affected_versions": { "1.0.7 - 1.1.1": { "from_version": "1.0.7", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12560b8e-9c47-4f7f-ac9c-d86f17914ba3?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1257da54-e008-4e25-bc83-36246f00960e": { "id": "1257da54-e008-4e25-bc83-36246f00960e", "title": "WP Upload Restriction <= 2.2.4 \u2013 Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Upload Restriction", "slug": "wp-upload-restriction", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1257da54-e008-4e25-bc83-36246f00960e?source=api-scan" ], "published": "2021-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12589b0a-5067-4368-a5a8-639cf381c0a6": { "id": "12589b0a-5067-4368-a5a8-639cf381c0a6", "title": "Save as PDF Plugin by Pdfcrowd <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Save as PDF Plugin by Pdfcrowd", "slug": "save-as-pdf-by-pdfcrowd", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12589b0a-5067-4368-a5a8-639cf381c0a6?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "125e11a3-c497-484e-940b-2bcdf7f2c1ab": { "id": "125e11a3-c497-484e-940b-2bcdf7f2c1ab", "title": "Share-one-Drive <= 1.15.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Share-one-Drive", "slug": "share-one-drive", "affected_versions": { "[*, 1.15.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/125e11a3-c497-484e-940b-2bcdf7f2c1ab?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "125e7ea3-574a-4760-b10b-7a98d94c87a5": { "id": "125e7ea3-574a-4760-b10b-7a98d94c87a5", "title": "Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Local Pickup for WooCommerce", "slug": "advanced-local-pickup-for-woocommerce", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=api-scan" ], "published": "2023-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1261ad29-e4c1-4385-9f41-d3f3eecbb7dc": { "id": "1261ad29-e4c1-4385-9f41-d3f3eecbb7dc", "title": "Feather12 (Unkown Versions) - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Feather12", "slug": "feather12", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1261ad29-e4c1-4385-9f41-d3f3eecbb7dc?source=api-scan" ], "published": "2013-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12660851-c899-4ec2-b40e-e62391dafdbf": { "id": "12660851-c899-4ec2-b40e-e62391dafdbf", "title": "Lead Generated <= 1.23 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Lead Generated", "slug": "lead-generated", "affected_versions": { "* - 1.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12660851-c899-4ec2-b40e-e62391dafdbf?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12660e7a-51fc-42c5-8a09-49df1db51efb": { "id": "12660e7a-51fc-42c5-8a09-49df1db51efb", "title": "Better RSS Widget <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better RSS Widget", "slug": "better-rss-widget", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12660e7a-51fc-42c5-8a09-49df1db51efb?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1266c6df-214b-4b6b-8f1d-a67385469bf5": { "id": "1266c6df-214b-4b6b-8f1d-a67385469bf5", "title": "oik <= 4.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "oik", "slug": "oik", "affected_versions": { "* - 4.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1266c6df-214b-4b6b-8f1d-a67385469bf5?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1268604c-08eb-4d86-8e97-9cdaa3e19c1f": { "id": "1268604c-08eb-4d86-8e97-9cdaa3e19c1f", "title": "WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1268604c-08eb-4d86-8e97-9cdaa3e19c1f?source=api-scan" ], "published": "2023-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1268bdb9-7f80-4fdc-a95a-d51b0ab83e17": { "id": "1268bdb9-7f80-4fdc-a95a-d51b0ab83e17", "title": "The School Management \u2013 Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "The School Management \u2013 Education & Learning Management", "slug": "school-management-system", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1268bdb9-7f80-4fdc-a95a-d51b0ab83e17?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12772ebe-b146-4cff-bc95-3ec7045f15ab": { "id": "12772ebe-b146-4cff-bc95-3ec7045f15ab", "title": "Website Content in Page or Post <= 2024.03.27 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Website Content in Page or Post", "slug": "show-website-content-in-wordpress-page-or-post", "affected_versions": { "* - 2024.03.27": { "from_version": "*", "from_inclusive": true, "to_version": "2024.03.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2024.04.09" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12772ebe-b146-4cff-bc95-3ec7045f15ab?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "127b20c4-cd7c-4d04-b32f-bcc26beb2c35": { "id": "127b20c4-cd7c-4d04-b32f-bcc26beb2c35", "title": "Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Snippet Shortcodes", "slug": "shortcode-variables", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/127b20c4-cd7c-4d04-b32f-bcc26beb2c35?source=api-scan" ], "published": "2024-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1281a4d8-fa77-45b4-b0b4-e3bed1b4a4ea": { "id": "1281a4d8-fa77-45b4-b0b4-e3bed1b4a4ea", "title": "Euclid <= All Versions - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Euclid - Tech Corporate Multilingual WP Theme | Business", "slug": "euclid", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1281a4d8-fa77-45b4-b0b4-e3bed1b4a4ea?source=api-scan" ], "published": "2013-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12837ce3-eeeb-4034-a90d-fc615056a818": { "id": "12837ce3-eeeb-4034-a90d-fc615056a818", "title": "WP Security Audit Log <= 3.1.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12837ce3-eeeb-4034-a90d-fc615056a818?source=api-scan" ], "published": "2018-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12849d7e-1685-4e03-be0c-0672545fcd2b": { "id": "12849d7e-1685-4e03-be0c-0672545fcd2b", "title": "Express Shop <= 4.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Express Shop", "slug": "express-shop", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12849d7e-1685-4e03-be0c-0672545fcd2b?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1289ead7-1af1-417d-aa47-7d07268f956c": { "id": "1289ead7-1af1-417d-aa47-7d07268f956c", "title": "Popup Box <= 3.7.0 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "[*, 3.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1289ead7-1af1-417d-aa47-7d07268f956c?source=api-scan" ], "published": "2023-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "128d3046-94a0-465c-9225-a3ce652f5282": { "id": "128d3046-94a0-465c-9225-a3ce652f5282", "title": "Insert or Embed Articulate Content into WordPress <= 4.3000000021 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Insert or Embed Articulate Content into WordPress", "slug": "insert-or-embed-articulate-content-into-wordpress", "affected_versions": { "* - 4.3000000021": { "from_version": "*", "from_inclusive": true, "to_version": "4.3000000021", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3000000023" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/128d3046-94a0-465c-9225-a3ce652f5282?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "128d45ec-941c-414c-b341-9964dc748132": { "id": "128d45ec-941c-414c-b341-9964dc748132", "title": "WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 10.6": { "from_version": "*", "from_inclusive": true, "to_version": "10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/128d45ec-941c-414c-b341-9964dc748132?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "128f0e5e-96c7-474e-bfc9-ea18536b4a54": { "id": "128f0e5e-96c7-474e-bfc9-ea18536b4a54", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'layouts' parameter", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/128f0e5e-96c7-474e-bfc9-ea18536b4a54?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12946a87-0b61-45ea-aae3-385d860b0db8": { "id": "12946a87-0b61-45ea-aae3-385d860b0db8", "title": "Easy Digital Downloads (EDD) Twenty-Twelve < 1.1.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Twenty Twelve EDD", "slug": "twenty-twelve-edd", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12946a87-0b61-45ea-aae3-385d860b0db8?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1295f1a0-1f5a-4707-96cc-c408a6819e87": { "id": "1295f1a0-1f5a-4707-96cc-c408a6819e87", "title": "Elegant Themes (Various Versions) - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Divi Builder", "slug": "divi-builder", "affected_versions": { "* - 2.17.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.17.3" ] }, { "type": "theme", "name": "Divi", "slug": "Divi", "affected_versions": { "* - 3.17.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.17.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.17.3" ] }, { "type": "theme", "name": "Divi Extra", "slug": "extra", "affected_versions": { "* - 2.17.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.17.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1295f1a0-1f5a-4707-96cc-c408a6819e87?source=api-scan" ], "published": "2018-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "129cc3b0-4f48-4846-902e-be5cd339f537": { "id": "129cc3b0-4f48-4846-902e-be5cd339f537", "title": "FileBird \u2013 WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FileBird \u2013 WordPress Media Library Folders & File Manager", "slug": "filebird", "affected_versions": { "* - 5.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/129cc3b0-4f48-4846-902e-be5cd339f537?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12a195a0-f992-462d-9b4e-69e8a2975635": { "id": "12a195a0-f992-462d-9b4e-69e8a2975635", "title": "Webba Booking <= 4.5.33 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Appointment & Event Booking Calendar Plugin \u2013 Webba Booking", "slug": "webba-booking-lite", "affected_versions": { "* - 4.5.33": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12a195a0-f992-462d-9b4e-69e8a2975635?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12a576ee-f8a9-4740-b87b-091a46970d53": { "id": "12a576ee-f8a9-4740-b87b-091a46970d53", "title": "WP Quick Post Duplicator <= 2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Quick Post Duplicator", "slug": "wp-quick-post-duplicator", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12a576ee-f8a9-4740-b87b-091a46970d53?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12a94f5b-bc30-4a65-b397-54488c836ec3": { "id": "12a94f5b-bc30-4a65-b397-54488c836ec3", "title": "VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update", "software": [ { "type": "plugin", "name": "VK Blocks", "slug": "vk-blocks", "affected_versions": { "* - 1.57.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.57.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.57.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12a94f5b-bc30-4a65-b397-54488c836ec3?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12a9fbe8-445a-478a-b6ce-cd669ccb6a2d": { "id": "12a9fbe8-445a-478a-b6ce-cd669ccb6a2d", "title": "Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Icons Font Loader \u2013 Load Various Web Fonts & Icons on WP", "slug": "icons-font-loader", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12a9fbe8-445a-478a-b6ce-cd669ccb6a2d?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12acf651-6476-491b-84b3-afbc6c655b17": { "id": "12acf651-6476-491b-84b3-afbc6c655b17", "title": "Popup by Supsystic <= 1.10.18 - Prototype Pollution", "software": [ { "type": "plugin", "name": "Popup by Supsystic", "slug": "popup-by-supsystic", "affected_versions": { "[*, 1.10.19)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12acf651-6476-491b-84b3-afbc6c655b17?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12ad3c6c-9a01-4801-b754-79e6e1b2d2a3": { "id": "12ad3c6c-9a01-4801-b754-79e6e1b2d2a3", "title": "WooCommerce Product Carousel, Slider & Grid Ultimate <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Carousel Slider & Grid Ultimate for WooCommerce", "slug": "woo-product-carousel-slider-and-grid-ultimate", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12ad3c6c-9a01-4801-b754-79e6e1b2d2a3?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12adf619-4be8-4ecf-8f67-284fc44d87d0": { "id": "12adf619-4be8-4ecf-8f67-284fc44d87d0", "title": "Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation", "software": [ { "type": "plugin", "name": "WordPress Automatic Plugin", "slug": "wp-automatic", "affected_versions": { "* - 3.92.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.92.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.92.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12adf619-4be8-4ecf-8f67-284fc44d87d0?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12b4d9e6-761f-4857-a701-7d22d4ee0288": { "id": "12b4d9e6-761f-4857-a701-7d22d4ee0288", "title": "Make, formerly Integromat Connector <= 1.5.1 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Make Connector", "slug": "integromat-connector", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12b4d9e6-761f-4857-a701-7d22d4ee0288?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12b81441-d22c-4211-a8da-811182de622d": { "id": "12b81441-d22c-4211-a8da-811182de622d", "title": "Laposta Signup Embed <= 1.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Laposta Signup Embed", "slug": "laposta-signup-embed", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12b81441-d22c-4211-a8da-811182de622d?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12ce97ba-8053-481f-bcd7-05d5e8292adb": { "id": "12ce97ba-8053-481f-bcd7-05d5e8292adb", "title": "Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Builder by vcita", "slug": "contact-form-with-a-meeting-scheduler-by-vcita", "affected_versions": { "* - 4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12ce97ba-8053-481f-bcd7-05d5e8292adb?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12cfebb8-ae89-410b-a492-340f1553e83e": { "id": "12cfebb8-ae89-410b-a492-340f1553e83e", "title": "Absolute Reviews <= 1.1.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria Name", "software": [ { "type": "plugin", "name": "Absolute Reviews", "slug": "absolute-reviews", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12cfebb8-ae89-410b-a492-340f1553e83e?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12d7a152-90cd-4c92-90c4-81c594e6c9ac": { "id": "12d7a152-90cd-4c92-90c4-81c594e6c9ac", "title": "Booking Ultra Pro <= 1.1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12d7a152-90cd-4c92-90c4-81c594e6c9ac?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12d84de4-d97e-40cc-9805-fc9b7de8fa21": { "id": "12d84de4-d97e-40cc-9805-fc9b7de8fa21", "title": "Interactive SVG Image Map Builder <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Interactive Image Map Builder", "slug": "interactive-image-map-builder", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12d84de4-d97e-40cc-9805-fc9b7de8fa21?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12dc9e63-17bb-4755-be3c-ae8b26edd3cd": { "id": "12dc9e63-17bb-4755-be3c-ae8b26edd3cd", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12dc9e63-17bb-4755-be3c-ae8b26edd3cd?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12ddef9e-6aa3-4b0b-bbee-6ac985f6865a": { "id": "12ddef9e-6aa3-4b0b-bbee-6ac985f6865a", "title": "Slider by Soliloquy <= 2.7.6 - Missing Authorization to Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider by Soliloquy \u2013 Responsive Image Slider for WordPress", "slug": "soliloquy-lite", "affected_versions": { "* - 2.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12ddef9e-6aa3-4b0b-bbee-6ac985f6865a?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12e2645c-7df1-4fbe-baa1-6b932062682b": { "id": "12e2645c-7df1-4fbe-baa1-6b932062682b", "title": "Real3D Flipbook <= 1.0.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "Real3D Flipbook", "slug": "real3d-flipbook", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12e2645c-7df1-4fbe-baa1-6b932062682b?source=api-scan" ], "published": "2016-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12e74e1a-71d0-4447-ac77-62073af5de88": { "id": "12e74e1a-71d0-4447-ac77-62073af5de88", "title": "KingComposer <= 2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme", "slug": "kingcomposer", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12e74e1a-71d0-4447-ac77-62073af5de88?source=api-scan" ], "published": "2019-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12ea26be-93e4-43de-bb32-21cdc2f80569": { "id": "12ea26be-93e4-43de-bb32-21cdc2f80569", "title": "Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "* - 3.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12ea26be-93e4-43de-bb32-21cdc2f80569?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12ecf3d5-1457-405a-8856-517c7d2f2db1": { "id": "12ecf3d5-1457-405a-8856-517c7d2f2db1", "title": "eCommerce Product Catalog Plugin for WordPress <= 3.0.17 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "[*, 3.0.18)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12ecf3d5-1457-405a-8856-517c7d2f2db1?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12f314c5-ba73-4204-b276-904d9de7c099": { "id": "12f314c5-ba73-4204-b276-904d9de7c099", "title": "Indeed Membership Pro <= 12.6 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "* - 12.6": { "from_version": "*", "from_inclusive": true, "to_version": "12.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12f314c5-ba73-4204-b276-904d9de7c099?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12f3dc64-322d-4015-8c57-eaa41c9a1829": { "id": "12f3dc64-322d-4015-8c57-eaa41c9a1829", "title": "EventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings Updates", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12f3dc64-322d-4015-8c57-eaa41c9a1829?source=api-scan" ], "published": "2024-07-08 19:38:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12f7f9a0-96b0-4a61-b763-12ff679bf43d": { "id": "12f7f9a0-96b0-4a61-b763-12ff679bf43d", "title": "Coru LFMember <= 1.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Coru LFMember", "slug": "coru-lfmember", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12f7f9a0-96b0-4a61-b763-12ff679bf43d?source=api-scan" ], "published": "2022-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "12fe64ad-2998-4f41-b8d7-aa5921b0d0d9": { "id": "12fe64ad-2998-4f41-b8d7-aa5921b0d0d9", "title": "WP Fast Total Search <= 1.68.232 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Fast Total Search \u2013 The Power of Indexed Search", "slug": "fulltext-search", "affected_versions": { "* - 1.68.232": { "from_version": "*", "from_inclusive": true, "to_version": "1.68.232", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.69.234" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/12fe64ad-2998-4f41-b8d7-aa5921b0d0d9?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1301c8af-d81a-40f1-96fa-e8252309d8a4": { "id": "1301c8af-d81a-40f1-96fa-e8252309d8a4", "title": "Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.89": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=api-scan" ], "published": "2024-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13031db7-aeac-4d44-94f9-1cdb84781a55": { "id": "13031db7-aeac-4d44-94f9-1cdb84781a55", "title": "Ultimate Form Builder Lite <= 1.3.6 - SQL Injection to PHP Object Injection", "software": [ { "type": "plugin", "name": "Contact Form for WordPress \u2013 Ultimate Form Builder Lite", "slug": "ultimate-form-builder-lite", "affected_versions": { "[*, 1.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13031db7-aeac-4d44-94f9-1cdb84781a55?source=api-scan" ], "published": "2017-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13033a3c-f020-4821-a7ad-bfcfca407df0": { "id": "13033a3c-f020-4821-a7ad-bfcfca407df0", "title": "Ultimate Member < 2.0.4 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13033a3c-f020-4821-a7ad-bfcfca407df0?source=api-scan" ], "published": "2018-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13046019-f390-48ae-bf08-53293c41f178": { "id": "13046019-f390-48ae-bf08-53293c41f178", "title": "NOO Timetable <= 2.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "NOO Timetable", "slug": "noo-timetable", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13046019-f390-48ae-bf08-53293c41f178?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "130637ce-d70a-4831-8b88-a2a6e8a95c42": { "id": "130637ce-d70a-4831-8b88-a2a6e8a95c42", "title": "Colibri Page Builder <= 1.0.260 - Missing Authorization", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.260": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.260", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.263" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/130637ce-d70a-4831-8b88-a2a6e8a95c42?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13088645-8233-40fb-8755-cbdf44c0eaf7": { "id": "13088645-8233-40fb-8755-cbdf44c0eaf7", "title": "CTT Expresso para WooCommerce <= 3.2.12 - Information Exposure via Unprotected Directory", "software": [ { "type": "plugin", "name": "CTT Expresso para WooCommerce", "slug": "ctt-expresso-para-woocommerce", "affected_versions": { "* - 3.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13088645-8233-40fb-8755-cbdf44c0eaf7?source=api-scan" ], "published": "2024-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "130b069d-d224-44af-b2b4-26be7e081f6b": { "id": "130b069d-d224-44af-b2b4-26be7e081f6b", "title": "Slide Anything <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slide Anything \u2013 Responsive Content \/ HTML Slider and Carousel", "slug": "slide-anything", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/130b069d-d224-44af-b2b4-26be7e081f6b?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "130c3bbf-19a9-4e11-b6f2-5a08bbf7b123": { "id": "130c3bbf-19a9-4e11-b6f2-5a08bbf7b123", "title": "Mega Main Menu <= 2.2.2 - Information Disclosure", "software": [ { "type": "plugin", "name": "Mega Main Menu", "slug": "mega_main_menu", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/130c3bbf-19a9-4e11-b6f2-5a08bbf7b123?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13101551-d62e-4b27-9156-5b3d022f0e55": { "id": "13101551-d62e-4b27-9156-5b3d022f0e55", "title": "RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 9.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13101551-d62e-4b27-9156-5b3d022f0e55?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1312ad63-02ed-414d-b807-1a0666da7cf1": { "id": "1312ad63-02ed-414d-b807-1a0666da7cf1", "title": "Typebot <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Typebot | Create advanced chat experiences without coding", "slug": "typebot", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1312ad63-02ed-414d-b807-1a0666da7cf1?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1313c714-d4d4-4ec8-bae8-99af0cee2f43": { "id": "1313c714-d4d4-4ec8-bae8-99af0cee2f43", "title": "Contact Form Check Tester <= 1.0.2 - Authenticated (Subscriber+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Check Tester", "slug": "contact-form-check-tester", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1313c714-d4d4-4ec8-bae8-99af0cee2f43?source=api-scan" ], "published": "2021-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13159a71-c183-4fc2-98af-8b9e60508a1c": { "id": "13159a71-c183-4fc2-98af-8b9e60508a1c", "title": "Doofinder for WooCommerce <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "DOOFINDER Search and Discovery for WP & WooCommerce", "slug": "doofinder-for-woocommerce", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13159a71-c183-4fc2-98af-8b9e60508a1c?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1322e229-5e0b-4c3d-ae96-e211a2831842": { "id": "1322e229-5e0b-4c3d-ae96-e211a2831842", "title": "LearnPress - Export\/Import Courses <= 4.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress Export Import \u2013 WordPress extension for LearnPress", "slug": "learnpress-import-export", "affected_versions": { "[*, 4.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1322e229-5e0b-4c3d-ae96-e211a2831842?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13245eab-9a72-44d7-bbcd-a0d3e2879814": { "id": "13245eab-9a72-44d7-bbcd-a0d3e2879814", "title": "Env\u00edaloSimple <= 2.1 Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Env\u00edaloSimple: Email Marketing y Newsletters", "slug": "envialosimple-email-marketing-y-newsletters-gratis", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13245eab-9a72-44d7-bbcd-a0d3e2879814?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "132a6661-c21b-4ba6-955a-2c905425de6a": { "id": "132a6661-c21b-4ba6-955a-2c905425de6a", "title": "WP Offload SES Lite <= 1.4.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Offload SES Lite", "slug": "wp-ses", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/132a6661-c21b-4ba6-955a-2c905425de6a?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "133057a1-4cd5-4e46-9407-d01d80859991": { "id": "133057a1-4cd5-4e46-9407-d01d80859991", "title": "HeartThis <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HeartThis", "slug": "heart-this", "affected_versions": { "* - 0.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/133057a1-4cd5-4e46-9407-d01d80859991?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13344366-feb0-4987-9543-222e3d35dab3": { "id": "13344366-feb0-4987-9543-222e3d35dab3", "title": "Custom Dash <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Dash", "slug": "custom-dash", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13344366-feb0-4987-9543-222e3d35dab3?source=api-scan" ], "published": "2024-06-05 13:00:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13389191-cbda-4c39-8598-7c2b41f31da7": { "id": "13389191-cbda-4c39-8598-7c2b41f31da7", "title": "Simple Image Popup <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Image Popup", "slug": "simple-image-popup", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13389191-cbda-4c39-8598-7c2b41f31da7?source=api-scan" ], "published": "2024-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "133a6fe8-e011-4749-b95d-e41a03a50aab": { "id": "133a6fe8-e011-4749-b95d-e41a03a50aab", "title": "Debug Log Manager <= 2.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Debug Log Manager", "slug": "debug-log-manager", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/133a6fe8-e011-4749-b95d-e41a03a50aab?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13436238-f14a-445b-9a9b-fbcf23b7b498": { "id": "13436238-f14a-445b-9a9b-fbcf23b7b498", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13436238-f14a-445b-9a9b-fbcf23b7b498?source=api-scan" ], "published": "2024-06-06 21:15:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "134a3615-a9fa-48b5-8cd1-4c3fb24a777a": { "id": "134a3615-a9fa-48b5-8cd1-4c3fb24a777a", "title": "ProfileGrid <= 5.7.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/134a3615-a9fa-48b5-8cd1-4c3fb24a777a?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "134ad095-b0a0-4f0f-832d-3e558d4a250a": { "id": "134ad095-b0a0-4f0f-832d-3e558d4a250a", "title": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads", "slug": "insert-php", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/134ad095-b0a0-4f0f-832d-3e558d4a250a?source=api-scan" ], "published": "2024-06-14 20:26:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "134b6e4d-c38f-4d52-b6dd-fd49ea0e6581": { "id": "134b6e4d-c38f-4d52-b6dd-fd49ea0e6581", "title": "Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "[*, 3.3.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/134b6e4d-c38f-4d52-b6dd-fd49ea0e6581?source=api-scan" ], "published": "2013-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "134e09a8-f89a-4282-b2e8-09b84f04aae7": { "id": "134e09a8-f89a-4282-b2e8-09b84f04aae7", "title": "wptf-image-gallery <= 1.0.3 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "wptf-image-gallery", "slug": "wptf-image-gallery", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/134e09a8-f89a-4282-b2e8-09b84f04aae7?source=api-scan" ], "published": "2015-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13517c2f-43ce-4e9a-81c4-d422b0e7273a": { "id": "13517c2f-43ce-4e9a-81c4-d422b0e7273a", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.8.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13517c2f-43ce-4e9a-81c4-d422b0e7273a?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1351cd6b-ae22-4363-b36b-f892c504f5d9": { "id": "1351cd6b-ae22-4363-b36b-f892c504f5d9", "title": "WordPress Core < 4.4.2 - Server-Side Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.12": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.12", "to_inclusive": true }, "3.8 - 3.8.12": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.12", "to_inclusive": true }, "3.9 - 3.9.10": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true }, "4.0 - 4.0.9": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true }, "4.1 - 4.1.9": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": true }, "4.2 - 4.2.6": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.6", "to_inclusive": true }, "4.3 - 4.3.2": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true }, "4.4 - 4.4.1": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.13", "3.8.13", "3.9.11", "4.0.10", "4.1.10", "4.2.7", "4.3.3", "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1351cd6b-ae22-4363-b36b-f892c504f5d9?source=api-scan" ], "published": "2016-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "135213d6-8058-4573-a97d-a95b0708d807": { "id": "135213d6-8058-4573-a97d-a95b0708d807", "title": "Ptengine \u2013 Heatmap Analytics < 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ptengine \u2013 Heatmap Analytics", "slug": "ptengine-real-time-web-analytics-and-heatmap", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/135213d6-8058-4573-a97d-a95b0708d807?source=api-scan" ], "published": "2015-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1355bc94-7110-4d61-855e-78889e58dcad": { "id": "1355bc94-7110-4d61-855e-78889e58dcad", "title": "WordPress Photo Gallery \u2013 Image Gallery <= 1.0.6 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WordPress Photo Gallery \u2013 Image Gallery", "slug": "photo-contest", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1355bc94-7110-4d61-855e-78889e58dcad?source=api-scan" ], "published": "2021-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "135ab17b-5b91-484a-8bec-6f77d694ae62": { "id": "135ab17b-5b91-484a-8bec-6f77d694ae62", "title": "WPE Indoshipping <= 2.5.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WPE Indoshipping", "slug": "wpe-indoshipping", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/135ab17b-5b91-484a-8bec-6f77d694ae62?source=api-scan" ], "published": "2015-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13617b70-9b57-4873-9942-12bffed411e2": { "id": "13617b70-9b57-4873-9942-12bffed411e2", "title": "WooCommerce Payments <= 6.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooPayments: Integrated WooCommerce Payments", "slug": "woocommerce-payments", "affected_versions": { "* - 6.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13617b70-9b57-4873-9942-12bffed411e2?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13629598-d45d-4ff5-aeb5-6ac881d25183": { "id": "13629598-d45d-4ff5-aeb5-6ac881d25183", "title": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.25": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13629598-d45d-4ff5-aeb5-6ac881d25183?source=api-scan" ], "published": "2024-07-01 18:34:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13657ad7-7185-4be2-98e2-aeaf8514ad4d": { "id": "13657ad7-7185-4be2-98e2-aeaf8514ad4d", "title": "Salon booking system < 6.3.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "[*, 6.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13657ad7-7185-4be2-98e2-aeaf8514ad4d?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "136bf4c5-5309-479e-8d6b-f8a7334da9b0": { "id": "136bf4c5-5309-479e-8d6b-f8a7334da9b0", "title": "WP CSV to Database <= 2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP CSV to Database \u2013 Insert CSV file content into WordPress database", "slug": "wp-csv-to-database", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/136bf4c5-5309-479e-8d6b-f8a7334da9b0?source=api-scan" ], "published": "2022-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13703cee-a277-4f8a-ad45-53c82118682b": { "id": "13703cee-a277-4f8a-ad45-53c82118682b", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.28": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13703cee-a277-4f8a-ad45-53c82118682b?source=api-scan" ], "published": "2024-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1374b266-4b20-4706-a4d2-482122964693": { "id": "1374b266-4b20-4706-a4d2-482122964693", "title": "WordPress Gallery Plugin <= 1.4 - Unauthenticated Remote File Inclusion", "software": [ { "type": "plugin", "name": "WordPress Gallery Plugin", "slug": "wordpress-gallery-plugin", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1374b266-4b20-4706-a4d2-482122964693?source=api-scan" ], "published": "2013-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1375ac68-31e4-4473-9757-bd86411c716f": { "id": "1375ac68-31e4-4473-9757-bd86411c716f", "title": "Related YouTube Videos <= 1.9.8 - Cross-site Request Forgery", "software": [ { "type": "plugin", "name": "Related YouTube Videos", "slug": "related-youtube-videos", "affected_versions": { "[*, 1.9.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1375ac68-31e4-4473-9757-bd86411c716f?source=api-scan" ], "published": "2019-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1375c43c-498f-4d68-ac9c-201592d26919": { "id": "1375c43c-498f-4d68-ac9c-201592d26919", "title": "Disabler <= 3.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Disabler", "slug": "disabler", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1375c43c-498f-4d68-ac9c-201592d26919?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13843a16-7ae3-412d-a2ac-7a5ee556b6e2": { "id": "13843a16-7ae3-412d-a2ac-7a5ee556b6e2", "title": "API Bearer Auth < 20190907 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "API Bearer Auth", "slug": "api-bearer-auth", "affected_versions": { "[*, 20190907)": { "from_version": "*", "from_inclusive": true, "to_version": "20190907", "to_inclusive": false } }, "patched": true, "patched_versions": [ "20190907" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13843a16-7ae3-412d-a2ac-7a5ee556b6e2?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1384c53a-9c6f-4372-98e4-14c9ba213968": { "id": "1384c53a-9c6f-4372-98e4-14c9ba213968", "title": "Caxton \u2013 Create Pro page layouts in Gutenberg <= 1.30.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Caxton \u2013 Create Pro page layouts in Gutenberg", "slug": "caxton", "affected_versions": { "* - 1.30.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.30.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1384c53a-9c6f-4372-98e4-14c9ba213968?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13874012-09b4-4e6a-a364-07321dbd0167": { "id": "13874012-09b4-4e6a-a364-07321dbd0167", "title": "Very Simple Breadcrumb <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Very Simple Breadcrumb", "slug": "very-simple-breadcrumb", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13874012-09b4-4e6a-a364-07321dbd0167?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1388873f-8053-4ba9-8707-093bc0e8f2f5": { "id": "1388873f-8053-4ba9-8707-093bc0e8f2f5", "title": "WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "* - 2.1.78": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.78", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.79" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1388873f-8053-4ba9-8707-093bc0e8f2f5?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "138c636b-27fb-4d76-b01c-60a10749913d": { "id": "138c636b-27fb-4d76-b01c-60a10749913d", "title": "Smart Maintenance Mode <= 1.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Smart Maintenance Mode", "slug": "smart-maintenance-mode", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/138c636b-27fb-4d76-b01c-60a10749913d?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "138e0a38-c922-44d1-9fe6-2439ec32cf39": { "id": "138e0a38-c922-44d1-9fe6-2439ec32cf39", "title": "Rank Math SEO <= 1.0.42.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "[*, 1.0.42.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.42.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.42.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/138e0a38-c922-44d1-9fe6-2439ec32cf39?source=api-scan" ], "published": "2020-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13968257-593d-433e-9583-5bb5d6c6b2d5": { "id": "13968257-593d-433e-9583-5bb5d6c6b2d5", "title": "Podlove Podcast Publisher < 2.3.16 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "[*, 2.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13968257-593d-433e-9583-5bb5d6c6b2d5?source=api-scan" ], "published": "2016-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13981037-e698-42a7-9471-e27486cf1a4e": { "id": "13981037-e698-42a7-9471-e27486cf1a4e", "title": "WP Super Cache <= 1.4.4 - Directory Listing", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13981037-e698-42a7-9471-e27486cf1a4e?source=api-scan" ], "published": "2015-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1398e296-9b20-4f8e-85f2-896888abc67e": { "id": "1398e296-9b20-4f8e-85f2-896888abc67e", "title": "Theme My Login 2FA < 1.2 - 2FA Bypass via Brute Force", "software": [ { "type": "plugin", "name": "Theme My Login 2fa", "slug": "tml-2fa", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1398e296-9b20-4f8e-85f2-896888abc67e?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "139b081d-17b1-4e1f-9d22-cf3f9de123f5": { "id": "139b081d-17b1-4e1f-9d22-cf3f9de123f5", "title": "Add Posts to Pages <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Add Posts to Pages", "slug": "add-posts-to-pages", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/139b081d-17b1-4e1f-9d22-cf3f9de123f5?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "139d4ec2-1147-4332-a56d-633890f32560": { "id": "139d4ec2-1147-4332-a56d-633890f32560", "title": "WOOCS \u2013 WooCommerce Currency Switcher <= 1.4.1.4 - Cross-Site Request Forgery via delete_profiles_data", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/139d4ec2-1147-4332-a56d-633890f32560?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13a0dd72-1124-4b5d-9bad-fe4fea8e3e68": { "id": "13a0dd72-1124-4b5d-9bad-fe4fea8e3e68", "title": "WP VR <= 8.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13a0dd72-1124-4b5d-9bad-fe4fea8e3e68?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13a1e293-f539-4d19-8fe8-392c126fd1c4": { "id": "13a1e293-f539-4d19-8fe8-392c126fd1c4", "title": "intouch <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "intouch", "slug": "intouch", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13a1e293-f539-4d19-8fe8-392c126fd1c4?source=api-scan" ], "published": "2014-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13a206ea-0890-4535-9da7-54a7a45f0452": { "id": "13a206ea-0890-4535-9da7-54a7a45f0452", "title": "White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset", "software": [ { "type": "plugin", "name": "White Label CMS", "slug": "white-label-cms", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13a206ea-0890-4535-9da7-54a7a45f0452?source=api-scan" ], "published": "2024-05-09 16:34:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13b0f306-cfd1-4c36-b694-de7968f0ae1c": { "id": "13b0f306-cfd1-4c36-b694-de7968f0ae1c", "title": "Optinly <= 1.0.18 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "Optinly \u2013 Exit Intent, Newsletter Popups, Gamification & Opt-in Forms", "slug": "optinly", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13b0f306-cfd1-4c36-b694-de7968f0ae1c?source=api-scan" ], "published": "2022-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13b2fb59-35ef-40de-a48a-2972777d2682": { "id": "13b2fb59-35ef-40de-a48a-2972777d2682", "title": "WordPress Contact Form, Drag and Drop Form Builder Plugin \u2013 Live Forms < 3.2.0 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Contact Form, Drag and Drop Form Builder Plugin \u2013 Live Forms", "slug": "liveforms", "affected_versions": { "[*, 3.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13b2fb59-35ef-40de-a48a-2972777d2682?source=api-scan" ], "published": "2015-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13b4efa1-3f52-476c-80fe-b36ccb62a24b": { "id": "13b4efa1-3f52-476c-80fe-b36ccb62a24b", "title": "Podcasting Plugin by TSG < 3.0.5 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Podcasting Plugin by TSG", "slug": "podcasting", "affected_versions": { "* - 3.0.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13b4efa1-3f52-476c-80fe-b36ccb62a24b?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13b5292f-4484-498b-b6b7-2895871ab794": { "id": "13b5292f-4484-498b-b6b7-2895871ab794", "title": "WP 2FA with Telegram <= 3.0 - Authenticated (Subscriber+) Authentication Bypass", "software": [ { "type": "plugin", "name": "WP 2FA with Telegram", "slug": "two-factor-login-telegram", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13b5292f-4484-498b-b6b7-2895871ab794?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13ba9152-b9a0-4201-ba91-c41686b4d953": { "id": "13ba9152-b9a0-4201-ba91-c41686b4d953", "title": "Ninja Forms Contact Form <= 3.4.33 - Administrator Open Redirect", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.4.34)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13ba9152-b9a0-4201-ba91-c41686b4d953?source=api-scan" ], "published": "2021-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13be8a88-bcd3-4ce9-9538-e93c78323456": { "id": "13be8a88-bcd3-4ce9-9538-e93c78323456", "title": "EAN for WooCommerce <= 4.8.9 - Authenticated (Shop Manager+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce", "slug": "ean-for-woocommerce", "affected_versions": { "* - 4.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13be8a88-bcd3-4ce9-9538-e93c78323456?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13c03af2-0bd8-4e81-8ae9-2d702da71fc8": { "id": "13c03af2-0bd8-4e81-8ae9-2d702da71fc8", "title": "Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Simple Photo Gallery", "slug": "simple-photo-gallery", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13c03af2-0bd8-4e81-8ae9-2d702da71fc8?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13c07b63-f436-45ae-9c00-d1e593a32754": { "id": "13c07b63-f436-45ae-9c00-d1e593a32754", "title": "WP 2FA \u2013 Two-factor authentication for WordPress <= 2.1.0 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WP 2FA \u2013 Two-factor authentication for WordPress", "slug": "wp-2fa", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13c07b63-f436-45ae-9c00-d1e593a32754?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13c22ad6-eecb-4f05-9dce-76a721b4744c": { "id": "13c22ad6-eecb-4f05-9dce-76a721b4744c", "title": "FooGallery <= 2.0.34 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "[*, 2.0.35)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13c22ad6-eecb-4f05-9dce-76a721b4744c?source=api-scan" ], "published": "2021-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13c607d9-a8fe-4a03-972c-d0c1b752c7d8": { "id": "13c607d9-a8fe-4a03-972c-d0c1b752c7d8", "title": "My Site Audit <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Site Audit", "slug": "site-audit", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13c607d9-a8fe-4a03-972c-d0c1b752c7d8?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13c66a8f-b35f-4943-8880-0799b0d150f7": { "id": "13c66a8f-b35f-4943-8880-0799b0d150f7", "title": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13c66a8f-b35f-4943-8880-0799b0d150f7?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13c9a71f-ec0a-4d4a-be08-787aa22a0fae": { "id": "13c9a71f-ec0a-4d4a-be08-787aa22a0fae", "title": "Appointment Booking Calendar <= 1.2.24 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "* - 1.2.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13c9a71f-ec0a-4d4a-be08-787aa22a0fae?source=api-scan" ], "published": "2016-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13cb5c62-34fb-4bbc-b42a-cc8a16d51258": { "id": "13cb5c62-34fb-4bbc-b42a-cc8a16d51258", "title": "Email Artillery (MASS EMAIL) <= 4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Artillery (MASS EMAIL)", "slug": "email-artillery", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13cb5c62-34fb-4bbc-b42a-cc8a16d51258?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13cfa202-ab90-46c0-ab53-00995bfdcaa3": { "id": "13cfa202-ab90-46c0-ab53-00995bfdcaa3", "title": "Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.27.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.27.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.28.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13cfa202-ab90-46c0-ab53-00995bfdcaa3?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13cfcc7a-8529-4bd5-9842-b9ad8eb5f4b3": { "id": "13cfcc7a-8529-4bd5-9842-b9ad8eb5f4b3", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'current_url'", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13cfcc7a-8529-4bd5-9842-b9ad8eb5f4b3?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2": { "id": "13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2", "title": "CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization", "software": [ { "type": "plugin", "name": "Calendar Event Multi View", "slug": "cp-multi-view-calendar", "affected_versions": { "* - 1.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13d16955-056d-45c5-b0d1-891767e866b2": { "id": "13d16955-056d-45c5-b0d1-891767e866b2", "title": "CMS Tree Page View < 1.4 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "CMS Tree Page View", "slug": "cms-tree-page-view", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13d16955-056d-45c5-b0d1-891767e866b2?source=api-scan" ], "published": "2017-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13d2a333-1f45-457e-a48b-38c1e0793eeb": { "id": "13d2a333-1f45-457e-a48b-38c1e0793eeb", "title": "OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)", "slug": "stepbyteservice-openstreetmap", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13d2a333-1f45-457e-a48b-38c1e0793eeb?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13d31af8-c606-4c83-be15-4446c4f330aa": { "id": "13d31af8-c606-4c83-be15-4446c4f330aa", "title": "Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 2.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13d31af8-c606-4c83-be15-4446c4f330aa?source=api-scan" ], "published": "2021-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13d544ae-fbca-42d9-9d74-5e018092e097": { "id": "13d544ae-fbca-42d9-9d74-5e018092e097", "title": "Appointment Booking Calendar <= 1.6.7.53 - Authenticated (Admin+) Stored Cross-Site Scripting via Appointment Settings", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.6.7.53": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13d544ae-fbca-42d9-9d74-5e018092e097?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13e77d77-8f09-4fb9-8ff9-a8e66afe0393": { "id": "13e77d77-8f09-4fb9-8ff9-a8e66afe0393", "title": "WordPress Social Login <= 2.1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Social Login", "slug": "wordpress-social-login", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13e77d77-8f09-4fb9-8ff9-a8e66afe0393?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13e7c4ab-7856-41a5-8cd9-4f8118af534d": { "id": "13e7c4ab-7856-41a5-8cd9-4f8118af534d", "title": "Gallery Bank \u2013 WordPress Photo Gallery <= 3.0.101 - SQL Injection", "software": [ { "type": "plugin", "name": "Gallery Bank \u2013 WordPress Photo Gallery Plugin", "slug": "gallery-bank", "affected_versions": { "* - 3.0.101": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.101", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.102" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13e7c4ab-7856-41a5-8cd9-4f8118af534d?source=api-scan" ], "published": "2015-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13e8f16b-b5a3-4be1-9557-e11cd9ffaea7": { "id": "13e8f16b-b5a3-4be1-9557-e11cd9ffaea7", "title": "Enhanced Admin Plugin < 1.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enhanced Plugin Admin", "slug": "enhanced-plugin-admin", "affected_versions": { "[*, 1.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13e8f16b-b5a3-4be1-9557-e11cd9ffaea7?source=api-scan" ], "published": "2017-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13e939ed-8c4f-43f0-b19b-3f6a48242cb4": { "id": "13e939ed-8c4f-43f0-b19b-3f6a48242cb4", "title": "YITH WooCommerce Ajax Search <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Ajax Search", "slug": "yith-woocommerce-ajax-search", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13e939ed-8c4f-43f0-b19b-3f6a48242cb4?source=api-scan" ], "published": "2024-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13f33422-13ba-4696-a473-cf8ca00d4b0c": { "id": "13f33422-13ba-4696-a473-cf8ca00d4b0c", "title": "Molongui <= 4.7.7 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui", "slug": "molongui-authorship", "affected_versions": { "* - 4.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13f33422-13ba-4696-a473-cf8ca00d4b0c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13f6bf06-2c24-43ac-9412-08b3d4914a21": { "id": "13f6bf06-2c24-43ac-9412-08b3d4914a21", "title": "wp-tmkm-amazon < 1.5.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-tmkm-amazon", "slug": "wp-tmkm-amazon", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13f6bf06-2c24-43ac-9412-08b3d4914a21?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13fb725f-cb16-49e3-b545-14266538c604": { "id": "13fb725f-cb16-49e3-b545-14266538c604", "title": "RokIntroScroller <= 1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RokIntroScroller", "slug": "wp_rokintroscroller", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13fb725f-cb16-49e3-b545-14266538c604?source=api-scan" ], "published": "2013-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13fb7904-8641-43ae-bcfe-00ca5416e949": { "id": "13fb7904-8641-43ae-bcfe-00ca5416e949", "title": "LoginPress Pro < 3.0 - Missing Authorization to License Status Update", "software": [ { "type": "plugin", "name": "LoginPress Pro", "slug": "loginpress-pro", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13fb7904-8641-43ae-bcfe-00ca5416e949?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13fb8d16-2904-4c04-9ea6-5bafdf30f563": { "id": "13fb8d16-2904-4c04-9ea6-5bafdf30f563", "title": "Enhanced Search Box <= 0.6.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Enhanced Search Box", "slug": "extended-search-plugin", "affected_versions": { "* - 0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13fb8d16-2904-4c04-9ea6-5bafdf30f563?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "13fd7509-6d61-4eb0-9f85-cc40e074b819": { "id": "13fd7509-6d61-4eb0-9f85-cc40e074b819", "title": "Autocomplete Location field Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Autocomplete Location field Contact Form 7", "slug": "autocomplete-location-field-contact-form-7", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/13fd7509-6d61-4eb0-9f85-cc40e074b819?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14026e96-7e21-45db-b258-13b014ec478c": { "id": "14026e96-7e21-45db-b258-13b014ec478c", "title": "WP Private Message < 1.0.6 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WP Private Message", "slug": "wp-private-message", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14026e96-7e21-45db-b258-13b014ec478c?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14039d7d-bd5a-4c6b-96b0-46f86536e085": { "id": "14039d7d-bd5a-4c6b-96b0-46f86536e085", "title": "Contact Bank \u2013 Contact Form Builder for WordPress <= 2.0.19 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Bank \u2013 Contact Form Builder for WordPress", "slug": "contact-bank", "affected_versions": { "* - 2.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14039d7d-bd5a-4c6b-96b0-46f86536e085?source=api-scan" ], "published": "2014-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1405d8e3-3aa8-4a32-ac55-a260eda3d68c": { "id": "1405d8e3-3aa8-4a32-ac55-a260eda3d68c", "title": "Academy LMS <= 2.0.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution", "slug": "academy", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1405d8e3-3aa8-4a32-ac55-a260eda3d68c?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "140a6fd3-e446-44ea-94eb-9c8d12f7b7ed": { "id": "140a6fd3-e446-44ea-94eb-9c8d12f7b7ed", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirect' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/140a6fd3-e446-44ea-94eb-9c8d12f7b7ed?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "140b1f50-7c04-4396-ab0a-098bd06c80a8": { "id": "140b1f50-7c04-4396-ab0a-098bd06c80a8", "title": "Zotpress <= 7.3.4 - Reflected Cross-Site Scripting via 'PHP_SELF'", "software": [ { "type": "plugin", "name": "Zotpress", "slug": "zotpress", "affected_versions": { "* - 7.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/140b1f50-7c04-4396-ab0a-098bd06c80a8?source=api-scan" ], "published": "2023-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "140c0d22-dc26-4100-a5c0-a2f8a6f98d97": { "id": "140c0d22-dc26-4100-a5c0-a2f8a6f98d97", "title": "Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Maximum Products per User for WooCommerce", "slug": "maximum-products-per-user-for-woocommerce", "affected_versions": { "* - 4.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/140c0d22-dc26-4100-a5c0-a2f8a6f98d97?source=api-scan" ], "published": "2024-10-09 13:47:01", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1410d37a-fa8d-41e1-bed7-1c1436b52a83": { "id": "1410d37a-fa8d-41e1-bed7-1c1436b52a83", "title": "WPSchoolPress <= 2.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "School Management System \u2013 WPSchoolPress", "slug": "wpschoolpress", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1410d37a-fa8d-41e1-bed7-1c1436b52a83?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1417fad0-51a0-4091-8f7b-4e8925fd71a0": { "id": "1417fad0-51a0-4091-8f7b-4e8925fd71a0", "title": "AppPresser <= 4.3.0 - Cross-Site Request Forgery via force_logging_off()", "software": [ { "type": "plugin", "name": "AppPresser \u2013 Mobile App Framework", "slug": "apppresser", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1417fad0-51a0-4091-8f7b-4e8925fd71a0?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1419f089-7656-43a1-aeee-c33eef604c84": { "id": "1419f089-7656-43a1-aeee-c33eef604c84", "title": "Ultimate Product Catalog < 2.1.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1419f089-7656-43a1-aeee-c33eef604c84?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "141e5e08-efc3-4da7-ada3-4774dac88884": { "id": "141e5e08-efc3-4da7-ada3-4774dac88884", "title": "Podlove Web Player <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Podlove Web Player", "slug": "podlove-web-player", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/141e5e08-efc3-4da7-ada3-4774dac88884?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14250ff2-66e4-48f9-8f73-7f245079134c": { "id": "14250ff2-66e4-48f9-8f73-7f245079134c", "title": "Popularis Verse <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Popularis Verse", "slug": "popularis-verse", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14250ff2-66e4-48f9-8f73-7f245079134c?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1426bebe-d3c4-4f83-9b50-fae8c2373209": { "id": "1426bebe-d3c4-4f83-9b50-fae8c2373209", "title": "Duplicator Pro <= 4.5.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicator Pro", "slug": "duplicator-pro", "affected_versions": { "* - 4.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1426bebe-d3c4-4f83-9b50-fae8c2373209?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "142bcbdd-7495-49be-a5b3-8ba1674cd64d": { "id": "142bcbdd-7495-49be-a5b3-8ba1674cd64d", "title": "All Video Gallery Plugin for WordPress <= 1.2 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "All Video Gallery Plugin for WordPress", "slug": "all-video-gallery", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/142bcbdd-7495-49be-a5b3-8ba1674cd64d?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1432907e-bcd0-498f-9356-f269a252bc4b": { "id": "1432907e-bcd0-498f-9356-f269a252bc4b", "title": "GD Star Rating <= 1.9.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GD Star Rating", "slug": "gd-star-rating", "affected_versions": { "* - 1.9.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1432907e-bcd0-498f-9356-f269a252bc4b?source=api-scan" ], "published": "2014-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14351561-bd31-4aaa-931a-e72917458013": { "id": "14351561-bd31-4aaa-931a-e72917458013", "title": "The Moneytizer <= 9.6.3 - Cross-Site Request Forgery via multiple AJAX actions", "software": [ { "type": "plugin", "name": "The Moneytizer", "slug": "the-moneytizer", "affected_versions": { "* - 9.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14351561-bd31-4aaa-931a-e72917458013?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14376064-13c4-4874-afea-395af2a1933d": { "id": "14376064-13c4-4874-afea-395af2a1933d", "title": "vSlider Multi Image Slider <= 4.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "vSlider Multi Image Slider for WordPress", "slug": "vslider", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14376064-13c4-4874-afea-395af2a1933d?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "143e28b0-56cf-4d8d-9147-60a85a595290": { "id": "143e28b0-56cf-4d8d-9147-60a85a595290", "title": "WP eMember <= 10.3.8 - Reflected Cross-Site Scripting via 'fieldId'", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "10.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/143e28b0-56cf-4d8d-9147-60a85a595290?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "144895c9-5800-435e-9f75-a8de17ca2d93": { "id": "144895c9-5800-435e-9f75-a8de17ca2d93", "title": "Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/144895c9-5800-435e-9f75-a8de17ca2d93?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "144df910-67d2-4e3b-9ccf-04ebd5d1bf8b": { "id": "144df910-67d2-4e3b-9ccf-04ebd5d1bf8b", "title": "Participants Database < 1.5.4.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "[*, 1.5.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/144df910-67d2-4e3b-9ccf-04ebd5d1bf8b?source=api-scan" ], "published": "2014-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1453815d-4e28-41ec-9aa4-4fd2899c619a": { "id": "1453815d-4e28-41ec-9aa4-4fd2899c619a", "title": "Happy Elementor Addons <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1453815d-4e28-41ec-9aa4-4fd2899c619a?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1454af30-319a-44b7-a83e-2d774cfbc8d1": { "id": "1454af30-319a-44b7-a83e-2d774cfbc8d1", "title": "PDF Image Generator <= 1.5.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Image Generator", "slug": "pdf-image-generator", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1454af30-319a-44b7-a83e-2d774cfbc8d1?source=api-scan" ], "published": "2024-09-30 19:45:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "145a2ba1-67c1-4446-9269-cdbfdce77ef9": { "id": "145a2ba1-67c1-4446-9269-cdbfdce77ef9", "title": "Cookie Scanner <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Scanner \u2013 automated cookie list", "slug": "cookie-scanner", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/145a2ba1-67c1-4446-9269-cdbfdce77ef9?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "145fec62-87a7-4641-9ce4-dca5afb47d69": { "id": "145fec62-87a7-4641-9ce4-dca5afb47d69", "title": "Add to home screen WP Plugin <= 2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add to home screen WP Plugin", "slug": "add-to-home-screen-wp", "affected_versions": { "* - 2": { "from_version": "*", "from_inclusive": true, "to_version": "2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/145fec62-87a7-4641-9ce4-dca5afb47d69?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1460dc44-dd64-4fd6-952b-1f5d4285bfa4": { "id": "1460dc44-dd64-4fd6-952b-1f5d4285bfa4", "title": "Ninja Forms <= 3.6.25 - Reflected Cross-Site Scripting via 'data'", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1460dc44-dd64-4fd6-952b-1f5d4285bfa4?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1465dbb6-1ec3-425f-9b7e-6dff6b120606": { "id": "1465dbb6-1ec3-425f-9b7e-6dff6b120606", "title": "RD Station <= 5.1.3 - Cross-Site Request Forgery to Plugin Log Deletion", "software": [ { "type": "plugin", "name": "RD Station", "slug": "integracao-rd-station", "affected_versions": { "* - 5.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1465dbb6-1ec3-425f-9b7e-6dff6b120606?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14667d93-4fba-4c50-8228-737ae91f2789": { "id": "14667d93-4fba-4c50-8228-737ae91f2789", "title": "MailPoet Newsletters <= 2.6.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "[*, 2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14667d93-4fba-4c50-8228-737ae91f2789?source=api-scan" ], "published": "2016-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14689386-fca5-48a6-9494-4a79b920d5f8": { "id": "14689386-fca5-48a6-9494-4a79b920d5f8", "title": "WordPress Core < 3.4.2 - Missing Authorization Checks on create_post", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14689386-fca5-48a6-9494-4a79b920d5f8?source=api-scan" ], "published": "2012-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "146b4d69-70bc-4843-b76c-d91de0cefc9d": { "id": "146b4d69-70bc-4843-b76c-d91de0cefc9d", "title": "Asgaros Forum <= 2.8.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Asgaros Forum", "slug": "asgaros-forum", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/146b4d69-70bc-4843-b76c-d91de0cefc9d?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "146c8783-ba59-41da-9e95-7401865b7b8c": { "id": "146c8783-ba59-41da-9e95-7401865b7b8c", "title": "Google Doc Embedder < 2.5.17 - SQL Injection", "software": [ { "type": "plugin", "name": "Google Doc Embedder", "slug": "google-document-embedder", "affected_versions": { "[*, 2.5.17)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/146c8783-ba59-41da-9e95-7401865b7b8c?source=api-scan" ], "published": "2015-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "147ad116-04fa-4dfa-9b96-26f361e19256": { "id": "147ad116-04fa-4dfa-9b96-26f361e19256", "title": "BabelZ \u2013 Google Translate Widget <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BabelZ \u2013 Google Translate Widget", "slug": "babelz", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/147ad116-04fa-4dfa-9b96-26f361e19256?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "147b7be2-8bbe-4e95-bfcb-1c4ff8a41a3b": { "id": "147b7be2-8bbe-4e95-bfcb-1c4ff8a41a3b", "title": "JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] }, { "type": "theme", "name": "JupiterX", "slug": "jupiterx", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/147b7be2-8bbe-4e95-bfcb-1c4ff8a41a3b?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "147bada2-036d-4e35-9ba2-59ad382afeb9": { "id": "147bada2-036d-4e35-9ba2-59ad382afeb9", "title": "Plexx Elementor Extension <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plexx Elementor Extension", "slug": "plexx-elementor-extension", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/147bada2-036d-4e35-9ba2-59ad382afeb9?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "147e47f8-c40b-4ae7-8627-b32b36e4d14f": { "id": "147e47f8-c40b-4ae7-8627-b32b36e4d14f", "title": "Product Category Tree <= 2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Product Category Tree", "slug": "product-category-tree", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/147e47f8-c40b-4ae7-8627-b32b36e4d14f?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1485dda6-bf83-4076-80c9-dc7ea9d58155": { "id": "1485dda6-bf83-4076-80c9-dc7ea9d58155", "title": "EventON <= 2.1 - Insecure Direct Object Reference to Unauthorized Post Access", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "[*, 4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1485dda6-bf83-4076-80c9-dc7ea9d58155?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "148794ea-3bc9-4084-bdb9-6ee63a781a39": { "id": "148794ea-3bc9-4084-bdb9-6ee63a781a39", "title": "Funnelforms Free <= 3.4 - Missing Authorization to Category Update", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/148794ea-3bc9-4084-bdb9-6ee63a781a39?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14894c36-f657-4368-bc7f-60121ec08c13": { "id": "14894c36-f657-4368-bc7f-60121ec08c13", "title": "Photo Gallery <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Shortcode", "software": [ { "type": "plugin", "name": "Photo Gallery \u2013 Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery", "slug": "new-photo-gallery", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14894c36-f657-4368-bc7f-60121ec08c13?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "148ca1d5-c20d-40dc-b078-ecd76d4d6c0b": { "id": "148ca1d5-c20d-40dc-b078-ecd76d4d6c0b", "title": "Business Card <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Card Deletion", "software": [ { "type": "plugin", "name": "Business Card", "slug": "business-card-by-esterox-100", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/148ca1d5-c20d-40dc-b078-ecd76d4d6c0b?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "148cc174-c6cf-46d7-98d7-1a07e19055e1": { "id": "148cc174-c6cf-46d7-98d7-1a07e19055e1", "title": "Page Restrict <= 2.2.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Restrict", "slug": "pagerestrict", "affected_versions": { "[*, 2.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/148cc174-c6cf-46d7-98d7-1a07e19055e1?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1492440d-c6c8-46c0-bc88-c9e3f9933ad4": { "id": "1492440d-c6c8-46c0-bc88-c9e3f9933ad4", "title": "Easy Restaurant Table Booking <= 1.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Restaurant Table Booking", "slug": "easy-table-booking", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1492440d-c6c8-46c0-bc88-c9e3f9933ad4?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14958861-305e-4a9b-b428-de204cd6781e": { "id": "14958861-305e-4a9b-b428-de204cd6781e", "title": "404 Solution <= 2.33.2 - Authenticated (Administrator+) SQL Injection via orderby", "software": [ { "type": "plugin", "name": "404 Solution", "slug": "404-solution", "affected_versions": { "[*, 2.34.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.34.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.34.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14958861-305e-4a9b-b428-de204cd6781e?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1496ce98-ee19-4f37-9ec7-eb0fafb5df19": { "id": "1496ce98-ee19-4f37-9ec7-eb0fafb5df19", "title": "Add to Feedly <= 1.2.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Add to Feedly", "slug": "add-to-feedly", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1496ce98-ee19-4f37-9ec7-eb0fafb5df19?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14993c04-7fe3-4c42-a605-2e431df14d79": { "id": "14993c04-7fe3-4c42-a605-2e431df14d79", "title": "Restrict for Elementor <= 1.0.7 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Restrict for Elementor", "slug": "restrict-for-elementor", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14993c04-7fe3-4c42-a605-2e431df14d79?source=api-scan" ], "published": "2024-06-05 13:10:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "149eb7ef-be96-442e-925e-01d8d76e3a1a": { "id": "149eb7ef-be96-442e-925e-01d8d76e3a1a", "title": "WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.31": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.31", "to_inclusive": true }, "3.8 - 3.8.31": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.31", "to_inclusive": true }, "3.9 - 3.9.29": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.29", "to_inclusive": true }, "4.0 - 4.0.28": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.28", "to_inclusive": true }, "4.1 - 4.1.28": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.28", "to_inclusive": true }, "4.2 - 4.2.25": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.25", "to_inclusive": true }, "4.3 - 4.3.21": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.21", "to_inclusive": true }, "4.4 - 4.4.20": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.20", "to_inclusive": true }, "4.5 - 4.5.19": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.19", "to_inclusive": true }, "4.6 - 4.6.16": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.16", "to_inclusive": true }, "4.7 - 4.7.15": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.15", "to_inclusive": true }, "4.8 - 4.8.11": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.11", "to_inclusive": true }, "4.9 - 4.9.12": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.12", "to_inclusive": true }, "5.0 - 5.0.7": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true }, "5.1 - 5.1.3": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true }, "5.2 - 5.2.4": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.32", "3.8.32", "3.9.30", "4.0.29", "4.1.29", "4.2.26", "4.3.22", "4.4.21", "4.5.20", "4.6.17", "4.7.16", "4.8.12", "4.9.13", "5.0.8", "5.1.4", "5.2.5", "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/149eb7ef-be96-442e-925e-01d8d76e3a1a?source=api-scan" ], "published": "2019-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14a1b8af-bd32-4245-92d6-549cae68c626": { "id": "14a1b8af-bd32-4245-92d6-549cae68c626", "title": "WPCargo <= 6.8.9 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "WPCargo Track & Trace", "slug": "wpcargo", "affected_versions": { "[*, 6.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14a1b8af-bd32-4245-92d6-549cae68c626?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14a20f9c-cf5a-4d57-b723-ad29a12c8881": { "id": "14a20f9c-cf5a-4d57-b723-ad29a12c8881", "title": "Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter", "software": [ { "type": "plugin", "name": "Easy Slider", "slug": "easy-slider-revolution", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14a20f9c-cf5a-4d57-b723-ad29a12c8881?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14ab5d7c-ab46-4a53-b0d2-8b331e204cf3": { "id": "14ab5d7c-ab46-4a53-b0d2-8b331e204cf3", "title": "Slider comparison image before and after <= 0.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider comparison image before and after", "slug": "slider-comparison-image-before-and-after", "affected_versions": { "* - 0.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14ab5d7c-ab46-4a53-b0d2-8b331e204cf3?source=api-scan" ], "published": "2024-09-09 20:41:34", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14acb770-9a32-4308-993d-a3d3dec91f78": { "id": "14acb770-9a32-4308-993d-a3d3dec91f78", "title": "DirectoryPress \u2013 Business Directory And Classified Ad Listing <= 3.6.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DirectoryPress \u2013 Business Directory And Classified Ad Listing", "slug": "directorypress", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14acb770-9a32-4308-993d-a3d3dec91f78?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14ad420b-df09-48de-8e36-d8edf0647837": { "id": "14ad420b-df09-48de-8e36-d8edf0647837", "title": "Easy Digital Downloads <= 2.11.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "[*, 2.11.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.11.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14ad420b-df09-48de-8e36-d8edf0647837?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14ae1f7a-be81-4f4f-8cea-7afb824186aa": { "id": "14ae1f7a-be81-4f4f-8cea-7afb824186aa", "title": "Meks Easy Ads Widget <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meks Easy Ads Widget", "slug": "meks-easy-ads-widget", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14ae1f7a-be81-4f4f-8cea-7afb824186aa?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14b2fa77-dc51-47b4-913a-9129f95ba766": { "id": "14b2fa77-dc51-47b4-913a-9129f95ba766", "title": "Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add", "software": [ { "type": "plugin", "name": "SoundCloud Is Gold", "slug": "soundcloud-is-gold", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14b2fa77-dc51-47b4-913a-9129f95ba766?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14b334ee-ab3b-4b18-a776-c0831c4ff855": { "id": "14b334ee-ab3b-4b18-a776-c0831c4ff855", "title": "Responsive Tabs <= 4.0.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Tabs", "slug": "responsive-tabs", "affected_versions": { "* - 4.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14b334ee-ab3b-4b18-a776-c0831c4ff855?source=api-scan" ], "published": "2022-04-11 10:38:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14b6f5b6-66ab-4c47-853e-7551fad39478": { "id": "14b6f5b6-66ab-4c47-853e-7551fad39478", "title": "Simple Ajax Chat Plugin <= 20220115 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box", "slug": "simple-ajax-chat", "affected_versions": { "* - 20220115": { "from_version": "*", "from_inclusive": true, "to_version": "20220115", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20220216" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14b6f5b6-66ab-4c47-853e-7551fad39478?source=api-scan" ], "published": "2022-04-15 10:14:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14b7fd1e-6e2d-49bb-8492-b072afeebd88": { "id": "14b7fd1e-6e2d-49bb-8492-b072afeebd88", "title": "WordPress Core < 4.7.1 - Weak Multi-Site Activation Key for User and Site Signup", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.16": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.16", "to_inclusive": true }, "3.8 - 3.8.16": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.16", "to_inclusive": true }, "3.9 - 3.9.14": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true }, "4.0 - 4.0.13": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.13", "to_inclusive": true }, "4.1 - 4.1.13": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true }, "4.2 - 4.2.10": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.10", "to_inclusive": true }, "4.3 - 4.3.6": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true }, "4.4 - 4.4.5": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true }, "4.5 - 4.5.4": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true }, "4.6 - 4.6.1": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true }, "4.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.17", "3.8.17", "3.9.15", "4.0.14", "4.1.14", "4.2.11", "4.3.7", "4.4.6", "4.5.5", "4.6.2", "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14b7fd1e-6e2d-49bb-8492-b072afeebd88?source=api-scan" ], "published": "2017-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14bf654e-c4f1-4267-811e-6d796c14834a": { "id": "14bf654e-c4f1-4267-811e-6d796c14834a", "title": "Floating Action Button <= <=1.2.1 - Cross-Site Request Forgery to Settings Modification", "software": [ { "type": "plugin", "name": "Floating Action Button", "slug": "floating-action-button", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14bf654e-c4f1-4267-811e-6d796c14834a?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14c07d55-285b-4c7c-bed6-4c5224a7044a": { "id": "14c07d55-285b-4c7c-bed6-4c5224a7044a", "title": "Extra Charges To Payment Gateway For WooCommerce <= 2.0.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Extra Charges To Payment Gateway For WooCommerce (Standard)", "slug": "woocommerce-extra-charges-to-payment-gateways", "affected_versions": { "* - 2.0.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14c07d55-285b-4c7c-bed6-4c5224a7044a?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14c94d47-c911-4874-a897-58f4c0800329": { "id": "14c94d47-c911-4874-a897-58f4c0800329", "title": "Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Userlike \u2013 WordPress Live Chat plugin", "slug": "userlike", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14c94d47-c911-4874-a897-58f4c0800329?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14c9dc08-6965-4a22-a97a-5afc8152887d": { "id": "14c9dc08-6965-4a22-a97a-5afc8152887d", "title": "SportsPress <= 2.7.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SportsPress \u2013 Sports Club & League Manager", "slug": "sportspress", "affected_versions": { "[*, 2.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14c9dc08-6965-4a22-a97a-5afc8152887d?source=api-scan" ], "published": "2020-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14ccd915-a513-45a4-84d3-b2b1fb893f1c": { "id": "14ccd915-a513-45a4-84d3-b2b1fb893f1c", "title": "Anti-Malware Security and Brute-Force Firewall <= 4.15.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Anti-Malware Security and Brute-Force Firewall", "slug": "gotmls", "affected_versions": { "[*, 4.15.23)": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.15.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14ccd915-a513-45a4-84d3-b2b1fb893f1c?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14d3b859-def9-4949-95bc-f25067674811": { "id": "14d3b859-def9-4949-95bc-f25067674811", "title": "Netgsm <= 2.9.28 - Missing Authorization", "software": [ { "type": "plugin", "name": "Netgsm", "slug": "netgsm", "affected_versions": { "* - 2.9.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.28", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14d3b859-def9-4949-95bc-f25067674811?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14d44753-fbfb-4538-b8ae-0e2a13b14c8e": { "id": "14d44753-fbfb-4538-b8ae-0e2a13b14c8e", "title": "CrossSlide jQuery Plugin <= 2.0.5 - Multiple Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cross Slide", "slug": "crossslide-jquery-plugin-for-wordpress", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14d44753-fbfb-4538-b8ae-0e2a13b14c8e?source=api-scan" ], "published": "2015-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14d48a81-c6b5-415f-8c82-5fd40b2e790a": { "id": "14d48a81-c6b5-415f-8c82-5fd40b2e790a", "title": "Advanced Contact Form 7 DB <= 1.6.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Contact form 7 DB", "slug": "advanced-cf7-db", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14d48a81-c6b5-415f-8c82-5fd40b2e790a?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14d71220-be60-498d-92ca-055f1c237060": { "id": "14d71220-be60-498d-92ca-055f1c237060", "title": "Just Custom Fields <= 3.3.2 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Just Custom Fields", "slug": "just-custom-fields", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14d71220-be60-498d-92ca-055f1c237060?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14d81210-9360-4153-9b5a-35d12cc0cbf0": { "id": "14d81210-9360-4153-9b5a-35d12cc0cbf0", "title": "User Access Manager < 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "User Access Manager", "slug": "user-access-manager", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14d81210-9360-4153-9b5a-35d12cc0cbf0?source=api-scan" ], "published": "2011-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14d84ad4-904b-4000-af82-b1b68c724aa2": { "id": "14d84ad4-904b-4000-af82-b1b68c724aa2", "title": "Elegance <= 2.4 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Elegance", "slug": "elegance", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14d84ad4-904b-4000-af82-b1b68c724aa2?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14da4735-894e-408a-864b-cdc76feacde9": { "id": "14da4735-894e-408a-864b-cdc76feacde9", "title": "Video Conferencing with Zoom <= 4.4.4 - Open Redirect", "software": [ { "type": "plugin", "name": "Video Conferencing with Zoom", "slug": "video-conferencing-with-zoom-api", "affected_versions": { "* - 4.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14da4735-894e-408a-864b-cdc76feacde9?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14dd84e5-69fa-4de9-b72c-dfedfd85582c": { "id": "14dd84e5-69fa-4de9-b72c-dfedfd85582c", "title": "Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_html_tag", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14dd84e5-69fa-4de9-b72c-dfedfd85582c?source=api-scan" ], "published": "2021-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14e6e06c-edc0-44ef-ba07-50fcfc4fd7b1": { "id": "14e6e06c-edc0-44ef-ba07-50fcfc4fd7b1", "title": "WooCommerce Pre-Orders <= 2.0.2 - Cross-Site Request Forgery to Order Cancellation", "software": [ { "type": "plugin", "name": "WooCommerce Pre-Orders", "slug": "woocommerce-pre-orders", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14e6e06c-edc0-44ef-ba07-50fcfc4fd7b1?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14e832ec-7181-44d9-8d26-2f77e6111763": { "id": "14e832ec-7181-44d9-8d26-2f77e6111763", "title": "Top 10 \u2013 Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14e832ec-7181-44d9-8d26-2f77e6111763?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14e897f0-11e6-43b1-908c-be4ecdc7fd58": { "id": "14e897f0-11e6-43b1-908c-be4ecdc7fd58", "title": "WP Ultimate Post Grid <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-text Shortcode", "software": [ { "type": "plugin", "name": "WP Ultimate Post Grid", "slug": "wp-ultimate-post-grid", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14e897f0-11e6-43b1-908c-be4ecdc7fd58?source=api-scan" ], "published": "2024-05-22 17:51:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14e9d0a2-a1cb-4d3e-b6df-fba01d476936": { "id": "14e9d0a2-a1cb-4d3e-b6df-fba01d476936", "title": "Zoho CRM Lead Magnet <= 1.7.9.0 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Zoho CRM Lead Magnet", "slug": "zoho-crm-forms", "affected_versions": { "* - 1.7.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14e9d0a2-a1cb-4d3e-b6df-fba01d476936?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14ee389b-8f98-4991-9a61-9da596013fea": { "id": "14ee389b-8f98-4991-9a61-9da596013fea", "title": "Social Login by BestWebSoft <= 0.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Login by BestWebSoft", "slug": "social-login-bws", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14ee389b-8f98-4991-9a61-9da596013fea?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14f030bd-8d8d-4152-817d-d72c9b7a0152": { "id": "14f030bd-8d8d-4152-817d-d72c9b7a0152", "title": "VK Poster Group <= 2.0.3 - Reflected Cross-Site Scripting via vkp_repost", "software": [ { "type": "plugin", "name": "VK Poster Group", "slug": "vk-poster-group", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14f030bd-8d8d-4152-817d-d72c9b7a0152?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14f0df3e-4333-49d8-a318-6f9fa614c23e": { "id": "14f0df3e-4333-49d8-a318-6f9fa614c23e", "title": "HM Multiple Roles <= 1.2 - Privilege Escalation via Arbitrary Role Change", "software": [ { "type": "plugin", "name": "HM Multiple Roles", "slug": "hm-multiple-roles", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14f0df3e-4333-49d8-a318-6f9fa614c23e?source=api-scan" ], "published": "2021-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14f86410-a21c-43ee-8d78-6fcce3a5b99b": { "id": "14f86410-a21c-43ee-8d78-6fcce3a5b99b", "title": "Uploader <= 1.0.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Uploader", "slug": "uploader", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14f86410-a21c-43ee-8d78-6fcce3a5b99b?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14fb6cde-3ab5-4360-add2-c0b0fa4ca114": { "id": "14fb6cde-3ab5-4360-add2-c0b0fa4ca114", "title": "Social Sharing Toolkit < 2.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Sharing Toolkit", "slug": "social-sharing-toolkit", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14fb6cde-3ab5-4360-add2-c0b0fa4ca114?source=api-scan" ], "published": "2013-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14feb451-2ece-467b-abf0-7abac26e40c1": { "id": "14feb451-2ece-467b-abf0-7abac26e40c1", "title": "Slider Revolution <= 6.6.20 - Missing Authorization", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14feb451-2ece-467b-abf0-7abac26e40c1?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14fede14-bdf1-41e1-8ea9-188acbb41aa1": { "id": "14fede14-bdf1-41e1-8ea9-188acbb41aa1", "title": "Move Addons for Elementor <= 1.2.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Move Addons for Elementor", "slug": "move-addons", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14fede14-bdf1-41e1-8ea9-188acbb41aa1?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14ff5609-2345-4073-8239-0ce27fa0957c": { "id": "14ff5609-2345-4073-8239-0ce27fa0957c", "title": "Slider by Supsystic <= 1.8.10 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Slider by Supsystic", "slug": "slider-by-supsystic", "affected_versions": { "* - 1.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14ff5609-2345-4073-8239-0ce27fa0957c?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "14ffe10e-e1a6-4752-9ff9-d2b01a49521e": { "id": "14ffe10e-e1a6-4752-9ff9-d2b01a49521e", "title": "Email Subscription Popup <= 1.2.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Subscription Popup", "slug": "email-subscribe", "affected_versions": { "* - 1.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/14ffe10e-e1a6-4752-9ff9-d2b01a49521e?source=api-scan" ], "published": "2023-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "150021d3-71bb-41c0-bb1c-5843e94ec0b6": { "id": "150021d3-71bb-41c0-bb1c-5843e94ec0b6", "title": "Quasar form <= 6.1 - Authenticated (Subscriber+) SQL Injection via 'id'", "software": [ { "type": "plugin", "name": "Quasar form free \u2013 Contact Form Builder for WordPress", "slug": "quasar-form", "affected_versions": { "* - 6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/150021d3-71bb-41c0-bb1c-5843e94ec0b6?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1507628c-4a81-47de-a06f-a5d573eebffb": { "id": "1507628c-4a81-47de-a06f-a5d573eebffb", "title": "PayPal Pro Add-on for iThemes Exchange < 1.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PayPal Pro Add-on for iThemes Exchange", "slug": "exchange-addon-paypal-pro", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1507628c-4a81-47de-a06f-a5d573eebffb?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "150a6dda-84de-49b1-9a8a-fcc1e0ba73d1": { "id": "150a6dda-84de-49b1-9a8a-fcc1e0ba73d1", "title": "PDF & Print Button Joliprint <= 1.3.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF & Print Button Joliprint", "slug": "joliprint", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/150a6dda-84de-49b1-9a8a-fcc1e0ba73d1?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "150d9d64-6f7f-4646-b03f-dbc63fd0e791": { "id": "150d9d64-6f7f-4646-b03f-dbc63fd0e791", "title": "Nelio Content <= 3.2.0 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Nelio Content \u2013 Editorial Calendar & Social Media Scheduling", "slug": "nelio-content", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/150d9d64-6f7f-4646-b03f-dbc63fd0e791?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15123d5f-eb24-46e3-81ec-7dd4f108a42d": { "id": "15123d5f-eb24-46e3-81ec-7dd4f108a42d", "title": "Google Maps v3 Shortcode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Google Maps v3 Shortcode", "slug": "google-maps-v3-shortcode", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15123d5f-eb24-46e3-81ec-7dd4f108a42d?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1512d911-167f-4653-ab20-cb057b83dab1": { "id": "1512d911-167f-4653-ab20-cb057b83dab1", "title": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.85": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.85", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.86" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1512d911-167f-4653-ab20-cb057b83dab1?source=api-scan" ], "published": "2024-07-31 21:17:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1516280e-796e-4011-b15f-b754860ad414": { "id": "1516280e-796e-4011-b15f-b754860ad414", "title": "Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags", "software": [ { "type": "plugin", "name": "Themesflat Addons For Elementor", "slug": "themesflat-addons-for-elementor", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1516280e-796e-4011-b15f-b754860ad414?source=api-scan" ], "published": "2024-06-05 15:28:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15178478-5208-4869-a9f0-07e8e11ef0d5": { "id": "15178478-5208-4869-a9f0-07e8e11ef0d5", "title": "Void Elementor Post Grid Addon for Elementor Page builder <= 2.3 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Void Elementor Post Grid Addon for Elementor Page builder", "slug": "void-elementor-post-grid-addon-for-elementor-page-builder", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15178478-5208-4869-a9f0-07e8e11ef0d5?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1518653c-e64d-4aba-b7f8-a928b8f2cbe3": { "id": "1518653c-e64d-4aba-b7f8-a928b8f2cbe3", "title": "Social Login WP <= 5.0.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Login WP", "slug": "social-login-wp", "affected_versions": { "* - 5.0.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1518653c-e64d-4aba-b7f8-a928b8f2cbe3?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1522d23b-7655-4fde-a18b-b46c6625185f": { "id": "1522d23b-7655-4fde-a18b-b46c6625185f", "title": "UsersWP \u2013 User Registration & User Profile <= 1.2.2.28 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "* - 1.2.2.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1522d23b-7655-4fde-a18b-b46c6625185f?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1523db36-fdc6-4a9d-bb2c-d9b28668a3fc": { "id": "1523db36-fdc6-4a9d-bb2c-d9b28668a3fc", "title": "Real Estate by Templatic (Unknown Version) - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "theme", "name": "Real Estate by Templatic", "slug": "realestate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1523db36-fdc6-4a9d-bb2c-d9b28668a3fc?source=api-scan" ], "published": "2014-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15253d0c-3425-4065-94d2-969939e858ca": { "id": "15253d0c-3425-4065-94d2-969939e858ca", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_id'", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15253d0c-3425-4065-94d2-969939e858ca?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1525e1c9-4b94-4f9f-92c5-fc69fe000771": { "id": "1525e1c9-4b94-4f9f-92c5-fc69fe000771", "title": "WP Mail Catcher <= 2.1.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "Mail logging \u2013 WP Mail Catcher", "slug": "wp-mail-catcher", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1525e1c9-4b94-4f9f-92c5-fc69fe000771?source=api-scan" ], "published": "2023-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15349295-4ee7-4746-ae34-200ffd24aa82": { "id": "15349295-4ee7-4746-ae34-200ffd24aa82", "title": "Wp Ultimate Review <= 2.2.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Ultimate Review", "slug": "wp-ultimate-review", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15349295-4ee7-4746-ae34-200ffd24aa82?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1534f67d-cf3f-4185-9aa6-01ae5dee4f26": { "id": "1534f67d-cf3f-4185-9aa6-01ae5dee4f26", "title": "Photo Gallery <= 1.8.15 - Missing Authorization", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.8.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1534f67d-cf3f-4185-9aa6-01ae5dee4f26?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "153a9a08-66b3-40fd-963d-93058c863a80": { "id": "153a9a08-66b3-40fd-963d-93058c863a80", "title": "Email Queue by BestWebSoft < 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Queue by BestWebSoft", "slug": "email-queue", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/153a9a08-66b3-40fd-963d-93058c863a80?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "153cb585-4eea-4959-85b1-2487be11f116": { "id": "153cb585-4eea-4959-85b1-2487be11f116", "title": "Drag and Drop Multiple File Upload \u2013 Contact Form 7 <= 1.3.7.7 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload \u2013 Contact Form 7", "slug": "drag-and-drop-multiple-file-upload-contact-form-7", "affected_versions": { "* - 1.3.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/153cb585-4eea-4959-85b1-2487be11f116?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "153e435b-9986-4242-a89b-12e8f1552803": { "id": "153e435b-9986-4242-a89b-12e8f1552803", "title": "Zendrop \u2013 Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData", "software": [ { "type": "plugin", "name": "Zendrop \u2013 Global Dropshipping", "slug": "zendrop-dropshipping-and-fulfillment", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/153e435b-9986-4242-a89b-12e8f1552803?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "154a838c-f8bb-4568-b066-a78264c75eea": { "id": "154a838c-f8bb-4568-b066-a78264c75eea", "title": "Multiple Themes (Various Versions) - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Viral News", "slug": "viral-news", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] }, { "type": "theme", "name": "HashOne", "slug": "hashone", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "theme", "name": "Viral", "slug": "viral", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/154a838c-f8bb-4568-b066-a78264c75eea?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15517a81-0913-4922-be2b-aaf9abc52a84": { "id": "15517a81-0913-4922-be2b-aaf9abc52a84", "title": "Slideshow Gallery <= 1.6.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15517a81-0913-4922-be2b-aaf9abc52a84?source=api-scan" ], "published": "2018-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1559fb43-cc5e-4dd2-80d8-06a137c7276d": { "id": "1559fb43-cc5e-4dd2-80d8-06a137c7276d", "title": "Wp Ultimate Review <= 2.3.0 - Cross-Site Request Forgery via wur_settings_view", "software": [ { "type": "plugin", "name": "WP Ultimate Review", "slug": "wp-ultimate-review", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1559fb43-cc5e-4dd2-80d8-06a137c7276d?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "155e3de1-e115-4683-bb4d-a0c5667dc3d3": { "id": "155e3de1-e115-4683-bb4d-a0c5667dc3d3", "title": "WP Post Author <= 3.2.3 - Privilege Escalation", "software": [ { "type": "plugin", "name": "WP Post Author \u2013 Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder", "slug": "wp-post-author", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/155e3de1-e115-4683-bb4d-a0c5667dc3d3?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "155e43f2-d46f-413f-bedd-7ab8905c1c35": { "id": "155e43f2-d46f-413f-bedd-7ab8905c1c35", "title": "Login by Auth0 <= 3.11.3 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Login by Auth0", "slug": "auth0", "affected_versions": { "* - 3.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/155e43f2-d46f-413f-bedd-7ab8905c1c35?source=api-scan" ], "published": "2020-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "155f765c-65ab-443a-a4b7-50d916e2903c": { "id": "155f765c-65ab-443a-a4b7-50d916e2903c", "title": "Multiple Page Generator Plugin \u2013 MPG <= 3.4.0 - Authenticated (Editor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/155f765c-65ab-443a-a4b7-50d916e2903c?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1560b740-4018-4b08-9399-2fc87e16ea7b": { "id": "1560b740-4018-4b08-9399-2fc87e16ea7b", "title": "Limit Attempts by BestWebSoft \u2013 WordPress Anti-Bot and Security Plugin for Login and Forms < 1.1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Limit Attempts by BestWebSoft \u2013 WordPress Anti-Bot and Security Plugin for Login and Forms", "slug": "limit-attempts", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1560b740-4018-4b08-9399-2fc87e16ea7b?source=api-scan" ], "published": "2015-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15654ff3-2e61-44d2-ae3f-4a353db320cb": { "id": "15654ff3-2e61-44d2-ae3f-4a353db320cb", "title": "Smush \u2013 Lazy Load Images, Optimize & Compress Images <= 3.0.0 - Authenticated PHAR Deserialization", "software": [ { "type": "plugin", "name": "Smush Image Optimization \u2013 Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN", "slug": "wp-smushit", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15654ff3-2e61-44d2-ae3f-4a353db320cb?source=api-scan" ], "published": "2018-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15655362-b77f-4ba4-a823-17085de55f85": { "id": "15655362-b77f-4ba4-a823-17085de55f85", "title": "Simple Popup Newsletter <= 1.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Popup Newsletter", "slug": "simple-popup-newsletter", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15655362-b77f-4ba4-a823-17085de55f85?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15672f90-3192-452c-a4f2-be6db00b7888": { "id": "15672f90-3192-452c-a4f2-be6db00b7888", "title": "Custom Add User <= 2.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Add User", "slug": "custom-add-user", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15672f90-3192-452c-a4f2-be6db00b7888?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15679ce4-984a-4933-86c5-c8349b03abf9": { "id": "15679ce4-984a-4933-86c5-c8349b03abf9", "title": "Contact Form 7 Database Addon <= 1.2.6.3 - CSV Injection", "software": [ { "type": "plugin", "name": "Contact Form 7 Database Addon \u2013 CFDB7", "slug": "contact-form-cfdb7", "affected_versions": { "* - 1.2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15679ce4-984a-4933-86c5-c8349b03abf9?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15681d8b-df7b-48c5-bba8-658baf9b9bf1": { "id": "15681d8b-df7b-48c5-bba8-658baf9b9bf1", "title": "Core Tweaks WP Setup <= 4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Core Tweaks WP Setup", "slug": "seo-automatic-wp-core-tweaks", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15681d8b-df7b-48c5-bba8-658baf9b9bf1?source=api-scan" ], "published": "2021-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "156b955d-e978-4ff5-ab56-35af257b3199": { "id": "156b955d-e978-4ff5-ab56-35af257b3199", "title": "MailerLite \u2013 Signup forms (official) <= 1.5.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MailerLite \u2013 Signup forms (official)", "slug": "official-mailerlite-sign-up-forms", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/156b955d-e978-4ff5-ab56-35af257b3199?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "156b9e3f-0a99-4fbc-88a4-1ed5e5e6b896": { "id": "156b9e3f-0a99-4fbc-88a4-1ed5e5e6b896", "title": "Landing Page Builder <= 1.5.1.8 - Reflected Cross-Site Scripting via pageType", "software": [ { "type": "plugin", "name": "Landing Page Builder \u2013 Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages", "slug": "page-builder-add", "affected_versions": { "* - 1.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/156b9e3f-0a99-4fbc-88a4-1ed5e5e6b896?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "156e64f2-87a4-40a0-bac8-3dc1f702b0a1": { "id": "156e64f2-87a4-40a0-bac8-3dc1f702b0a1", "title": "Events Manager <= 5.9.7.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 5.9.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/156e64f2-87a4-40a0-bac8-3dc1f702b0a1?source=api-scan" ], "published": "2020-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15705cf2-f396-4b19-b58a-144b000f61e5": { "id": "15705cf2-f396-4b19-b58a-144b000f61e5", "title": "Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button \u2013 Chaty <= 2.8.3 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15705cf2-f396-4b19-b58a-144b000f61e5?source=api-scan" ], "published": "2022-04-07 22:27:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1575e301-a26f-485e-bdf3-526b71c8306a": { "id": "1575e301-a26f-485e-bdf3-526b71c8306a", "title": "Better Font Awesome <= 2.0.1 - Missing Authorization to Plugin Options Update", "software": [ { "type": "plugin", "name": "Better Font Awesome", "slug": "better-font-awesome", "affected_versions": { "2.0.1": { "from_version": "2.0.1", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1575e301-a26f-485e-bdf3-526b71c8306a?source=api-scan" ], "published": "2022-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1575f0ad-0a77-4047-844c-48db4c8b4e91": { "id": "1575f0ad-0a77-4047-844c-48db4c8b4e91", "title": "Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.3.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1575f0ad-0a77-4047-844c-48db4c8b4e91?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "157a02dc-542e-4b2b-a847-9abccccda20c": { "id": "157a02dc-542e-4b2b-a847-9abccccda20c", "title": "Save as PDF Plugin by Pdfcrowd <= 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Save as PDF Plugin by Pdfcrowd", "slug": "save-as-pdf-by-pdfcrowd", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/157a02dc-542e-4b2b-a847-9abccccda20c?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "157b3095-b662-465e-a975-5b71b5d4ba2a": { "id": "157b3095-b662-465e-a975-5b71b5d4ba2a", "title": "Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features", "software": [ { "type": "theme", "name": "Real Estate 7 WordPress", "slug": "realestate-7", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/157b3095-b662-465e-a975-5b71b5d4ba2a?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "157eddd4-67f0-4a07-b3ab-11dbfb9f12aa": { "id": "157eddd4-67f0-4a07-b3ab-11dbfb9f12aa", "title": "HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "HTML filter and csv-file search", "slug": "hk-filter-and-search", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "158a63c1-1b2e-4fbf-ac86-43471ba8ebc2": { "id": "158a63c1-1b2e-4fbf-ac86-43471ba8ebc2", "title": "GDPR Cookie Consent by Supsystic <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GDPR Cookie Consent by Supsystic", "slug": "gdpr-compliance-by-supsystic", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/158a63c1-1b2e-4fbf-ac86-43471ba8ebc2?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15947764-a070-4715-bd44-cb79b62ed59d": { "id": "15947764-a070-4715-bd44-cb79b62ed59d", "title": "Font Awesome More Icons <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Font Awesome More Icons", "slug": "font-awesome-more-icons", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15947764-a070-4715-bd44-cb79b62ed59d?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15967a0f-2512-4418-b503-b9d53032d40f": { "id": "15967a0f-2512-4418-b503-b9d53032d40f", "title": "wpForo Forum <= 1.6.5 - Cross-Site Scripting via langid parameter", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15967a0f-2512-4418-b503-b9d53032d40f?source=api-scan" ], "published": "2020-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1597859c-2808-4e0f-aa8d-4e2727728e22": { "id": "1597859c-2808-4e0f-aa8d-4e2727728e22", "title": "Dokan <=3.7.19 - Authenticated(Shop Manager+) PHP Object Injection via create_dummy_vendor", "software": [ { "type": "plugin", "name": "Dokan \u2013 Powerful WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy", "slug": "dokan-lite", "affected_versions": { "[*, 3.7.20)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1597859c-2808-4e0f-aa8d-4e2727728e22?source=api-scan" ], "published": "2023-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "159b5565-f4d8-4514-9397-20b6a0890475": { "id": "159b5565-f4d8-4514-9397-20b6a0890475", "title": "WordPress Core < 2.0.4 - Full Path Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/159b5565-f4d8-4514-9397-20b6a0890475?source=api-scan" ], "published": "2006-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "159ddb06-e7c4-4279-a8a1-c78a02e15891": { "id": "159ddb06-e7c4-4279-a8a1-c78a02e15891", "title": "Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/159ddb06-e7c4-4279-a8a1-c78a02e15891?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "159e14fc-0512-421a-8bbe-d16c0b04ddf9": { "id": "159e14fc-0512-421a-8bbe-d16c0b04ddf9", "title": "Total Upkeep <= 1.15.8 - Improper Authorization to Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid", "slug": "boldgrid-backup", "affected_versions": { "* - 1.15.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/159e14fc-0512-421a-8bbe-d16c0b04ddf9?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15aba6ee-8345-401d-adf9-3fde0f5169bc": { "id": "15aba6ee-8345-401d-adf9-3fde0f5169bc", "title": "Buttonizer - Smart Floating Action Button <= 2.5.4 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Floating \/ Sticky Buttons \u2013 Call, Sharing, Chat Widgets & More \u2013 Buttonizer", "slug": "buttonizer-multifunctional-button", "affected_versions": { "* - 2.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15aba6ee-8345-401d-adf9-3fde0f5169bc?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15abde72-515a-4e1c-af4c-d9da56a5cbe2": { "id": "15abde72-515a-4e1c-af4c-d9da56a5cbe2", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15abde72-515a-4e1c-af4c-d9da56a5cbe2?source=api-scan" ], "published": "2014-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b2a08f-2122-4eaf-ab46-1945cf6a68ca": { "id": "15b2a08f-2122-4eaf-ab46-1945cf6a68ca", "title": "Special Text Boxes <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Special Text Boxes", "slug": "wp-special-textboxes", "affected_versions": { "* - 6.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b2a08f-2122-4eaf-ab46-1945cf6a68ca?source=api-scan" ], "published": "2024-09-24 12:19:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b30ecb-e3ce-4092-841b-3a1b2553596a": { "id": "15b30ecb-e3ce-4092-841b-3a1b2553596a", "title": "Enhanced Media Library <= 2.8.9 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enhanced Media Library", "slug": "enhanced-media-library", "affected_versions": { "* - 2.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b30ecb-e3ce-4092-841b-3a1b2553596a?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b4b132-1e27-454d-9ba0-9d1a552e1844": { "id": "15b4b132-1e27-454d-9ba0-9d1a552e1844", "title": "BuddyPress <= 7.2.1 - Missing Authorization to Group Creation", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b4b132-1e27-454d-9ba0-9d1a552e1844?source=api-scan" ], "published": "2021-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b57809-6062-48ca-8572-26032928cd16": { "id": "15b57809-6062-48ca-8572-26032928cd16", "title": "Survey Maker <= 3.4.6 - Reflected Cross-Site Scripting via 'page' parameter", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 3.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b57809-6062-48ca-8572-26032928cd16?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b7008f-07fc-4f8a-b214-8ac0c4cf6d99": { "id": "15b7008f-07fc-4f8a-b214-8ac0c4cf6d99", "title": "Animated Rotating Words <= 5.4 - Cross-Site Request Forgery via save_admin_options", "software": [ { "type": "plugin", "name": "Dynamic Word Spinner: CSS3 Animated Rotation", "slug": "css3-rotating-words", "affected_versions": { "* - 5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b7008f-07fc-4f8a-b214-8ac0c4cf6d99?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b831eb-ab28-4e42-940b-6943d836d230": { "id": "15b831eb-ab28-4e42-940b-6943d836d230", "title": "Calendarista Basic Edition <= 3.0.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Calendarista Basic Edition \u2013 WordPress appointment booking system", "slug": "calendarista-basic-edition", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b831eb-ab28-4e42-940b-6943d836d230?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b86ae0-93f0-4035-80c3-b3a713077b32": { "id": "15b86ae0-93f0-4035-80c3-b3a713077b32", "title": "Genki Pre-Publish Reminder <= 1.4.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Genki Pre-Publish Reminder", "slug": "genki-pre-publish-reminder", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b86ae0-93f0-4035-80c3-b3a713077b32?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b93e63-5ef2-4fb1-8c6b-28fcfab8e34d": { "id": "15b93e63-5ef2-4fb1-8c6b-28fcfab8e34d", "title": "WIP Custom Login <= 1.2.9 - Cross-Site Request Forgery via save_option", "software": [ { "type": "plugin", "name": "WIP Custom Login", "slug": "wip-custom-login", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b93e63-5ef2-4fb1-8c6b-28fcfab8e34d?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15b9d69c-012d-4a28-b8b1-15e6dd22979e": { "id": "15b9d69c-012d-4a28-b8b1-15e6dd22979e", "title": "Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 3.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15b9d69c-012d-4a28-b8b1-15e6dd22979e?source=api-scan" ], "published": "2022-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15c11a0e-6185-4072-88c6-303090adf898": { "id": "15c11a0e-6185-4072-88c6-303090adf898", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery < 2.0.77.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "[*, 2.0.77.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.77.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.77.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15c11a0e-6185-4072-88c6-303090adf898?source=api-scan" ], "published": "2015-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15c1d7e1-e510-4cba-8da1-79e18b2eed22": { "id": "15c1d7e1-e510-4cba-8da1-79e18b2eed22", "title": "ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "* - 1.6.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15c1d7e1-e510-4cba-8da1-79e18b2eed22?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15c2cc20-8d10-4e77-8009-df91e171183f": { "id": "15c2cc20-8d10-4e77-8009-df91e171183f", "title": "Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)", "slug": "image-hover-effects-ultimate", "affected_versions": { "* - 9.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15c2cc20-8d10-4e77-8009-df91e171183f?source=api-scan" ], "published": "2022-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15c35ed2-a614-4cac-8a2e-b1a2417919d7": { "id": "15c35ed2-a614-4cac-8a2e-b1a2417919d7", "title": "Simple Popup Images <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "simple-popup-images", "slug": "simple-popup-images", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15c35ed2-a614-4cac-8a2e-b1a2417919d7?source=api-scan" ], "published": "2014-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15c8addc-e40b-4ad2-9e7b-c721d10164d6": { "id": "15c8addc-e40b-4ad2-9e7b-c721d10164d6", "title": "GS Insever Portfolio <= 1.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GS Insever Portfolio", "slug": "gs-instagram-portfolio", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15c8addc-e40b-4ad2-9e7b-c721d10164d6?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15ccc672-f692-4d6b-abe6-15f6ea42902b": { "id": "15ccc672-f692-4d6b-abe6-15f6ea42902b", "title": "Robin image optimizer <= 1.6.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Robin image optimizer \u2014 save money on image compression", "slug": "robin-image-optimizer", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15ccc672-f692-4d6b-abe6-15f6ea42902b?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15ce2e54-ca5a-4dbc-9795-6e989e85b330": { "id": "15ce2e54-ca5a-4dbc-9795-6e989e85b330", "title": "Order Export & Order Import for WooCommerce <= 2.4.3 - Authenticated (Shop Manager+) Arbitrary File Upload via upload_import_file", "software": [ { "type": "plugin", "name": "Order Export & Order Import for WooCommerce", "slug": "order-import-export-for-woocommerce", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15ce2e54-ca5a-4dbc-9795-6e989e85b330?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15ce5666-f020-4264-989d-713e4520e012": { "id": "15ce5666-f020-4264-989d-713e4520e012", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "[*, 0.9.69)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.69", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15ce5666-f020-4264-989d-713e4520e012?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15cf34d8-256b-495e-9385-a5d526bfb335": { "id": "15cf34d8-256b-495e-9385-a5d526bfb335", "title": "Addon Library <= 1.3.76 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Addon Library", "slug": "addon-library", "affected_versions": { "* - 1.3.76": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.76", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15cf34d8-256b-495e-9385-a5d526bfb335?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15d29d58-9e28-4e18-aeb9-9c63cb308673": { "id": "15d29d58-9e28-4e18-aeb9-9c63cb308673", "title": "QA Analytics <= 4.1.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "QA Analytics \u2013 Web Analytics Tool with Heatmaps & Session Replay Across All Pages", "slug": "qa-heatmap-analytics", "affected_versions": { "* - 4.1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15d29d58-9e28-4e18-aeb9-9c63cb308673?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15d479e7-f0b8-4175-84b0-cd611b73233a": { "id": "15d479e7-f0b8-4175-84b0-cd611b73233a", "title": "Portfolio \u2013 WordPress Portfolio Plugin <= 2.8.8 - Cross-Site Request Forgery in rtport_spare_me", "software": [ { "type": "plugin", "name": "Portfolio \u2013 WordPress Portfolio Plugin", "slug": "tlp-portfolio", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15d479e7-f0b8-4175-84b0-cd611b73233a?source=api-scan" ], "published": "2022-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15d61530-5ef9-4dce-8ace-6d8cc07c7b5e": { "id": "15d61530-5ef9-4dce-8ace-6d8cc07c7b5e", "title": "WP Category Post List Widget <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WP Category Post List Widget", "slug": "wp-category-posts-list", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15d61530-5ef9-4dce-8ace-6d8cc07c7b5e?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15d66474-e215-4d28-b6fb-259c90053212": { "id": "15d66474-e215-4d28-b6fb-259c90053212", "title": "Portrait-Archiv.com Photostore < 3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Portrait-Archiv.com Photostore", "slug": "portrait-archiv-shop", "affected_versions": { "[*, 3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15d66474-e215-4d28-b6fb-259c90053212?source=api-scan" ], "published": "2019-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15d66a77-d650-4209-9ad4-b2e157cd123a": { "id": "15d66a77-d650-4209-9ad4-b2e157cd123a", "title": "3D FlipBook <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery", "slug": "interactive-3d-flipbook-powered-physics-engine", "affected_versions": { "[*, 1.12.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15d66a77-d650-4209-9ad4-b2e157cd123a?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15d9c743-5700-482a-a6bc-ecf541ea9e7d": { "id": "15d9c743-5700-482a-a6bc-ecf541ea9e7d", "title": "leads5050-visitor-insights <= 1.0.5 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Leads and Visitor Insights", "slug": "leads-5050-visitor-insights", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15d9c743-5700-482a-a6bc-ecf541ea9e7d?source=api-scan" ], "published": "2021-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15deb0db-5a13-4018-88e5-5f5cb61bd495": { "id": "15deb0db-5a13-4018-88e5-5f5cb61bd495", "title": "Export WordPress Data with Advanced Filters < 1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Export All Posts, Products, Orders, Refunds & Users", "slug": "wp-ultimate-exporter", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15deb0db-5a13-4018-88e5-5f5cb61bd495?source=api-scan" ], "published": "2016-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15e06f6e-2a13-490e-8e41-d9f7db8e78e0": { "id": "15e06f6e-2a13-490e-8e41-d9f7db8e78e0", "title": "wp-football <= 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-football", "slug": "wp-football", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15e06f6e-2a13-490e-8e41-d9f7db8e78e0?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15e86f80-b18c-42f7-bc41-6a3112cbb162": { "id": "15e86f80-b18c-42f7-bc41-6a3112cbb162", "title": "Form Builder CP <= 1.2.31 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Builder CP", "slug": "cp-easy-form-builder", "affected_versions": { "* - 1.2.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15e86f80-b18c-42f7-bc41-6a3112cbb162?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15ec3b68-0461-4b99-81e1-0d776b97a4eb": { "id": "15ec3b68-0461-4b99-81e1-0d776b97a4eb", "title": "EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EU Cookie Law for GDPR\/CCPA", "slug": "eu-cookie-law", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15ec3b68-0461-4b99-81e1-0d776b97a4eb?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15edf742-61e4-4b4f-915d-99e6b3332f5f": { "id": "15edf742-61e4-4b4f-915d-99e6b3332f5f", "title": "Heateor Social Login WordPress <= 1.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Heateor Social Login WordPress", "slug": "heateor-social-login", "affected_versions": { "* - 1.1.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15edf742-61e4-4b4f-915d-99e6b3332f5f?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15f00b65-8304-4132-a2cf-8145444ecfb1": { "id": "15f00b65-8304-4132-a2cf-8145444ecfb1", "title": "NextScripts <= 4.4.2 - Reflected Cross-Site Scripting via code", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15f00b65-8304-4132-a2cf-8145444ecfb1?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15f03dc6-2881-4f70-925c-80ef9ce40be2": { "id": "15f03dc6-2881-4f70-925c-80ef9ce40be2", "title": "Helpful <= 4.4.58 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Helpful", "slug": "helpful", "affected_versions": { "[*, 4.4.59)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.59", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15f03dc6-2881-4f70-925c-80ef9ce40be2?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15f38932-2687-4d71-8793-843058a657d1": { "id": "15f38932-2687-4d71-8793-843058a657d1", "title": "Absolutely Glamorous Custom Admin <= 6.8 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AGCA \u2013 Custom Dashboard & Login Page", "slug": "ag-custom-admin", "affected_versions": { "* - 6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15f38932-2687-4d71-8793-843058a657d1?source=api-scan" ], "published": "2021-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15f3a6e1-6126-4825-b2b1-e40dc5694f43": { "id": "15f3a6e1-6126-4825-b2b1-e40dc5694f43", "title": "Atarim - Client Interface <= 3.9.1 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "[*, 3.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15f3a6e1-6126-4825-b2b1-e40dc5694f43?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15f3ca33-50b8-4cd3-bcd1-5a73a3a06fc3": { "id": "15f3ca33-50b8-4cd3-bcd1-5a73a3a06fc3", "title": "CKEditor for WordPress <= 4.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CKEditor for WordPress", "slug": "ckeditor-for-wordpress", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15f3ca33-50b8-4cd3-bcd1-5a73a3a06fc3?source=api-scan" ], "published": "2015-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "15fecefa-f1f1-47f3-8ad7-ec7772ecafc4": { "id": "15fecefa-f1f1-47f3-8ad7-ec7772ecafc4", "title": "Holding Pattern <= 0.6 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Holding Pattern", "slug": "holding_pattern", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/15fecefa-f1f1-47f3-8ad7-ec7772ecafc4?source=api-scan" ], "published": "2015-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1603c61b-11a3-41e5-b339-a9411b02f383": { "id": "1603c61b-11a3-41e5-b339-a9411b02f383", "title": "Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themesflat Addons For Elementor", "slug": "themesflat-addons-for-elementor", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1603c61b-11a3-41e5-b339-a9411b02f383?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16073ffd-d95a-4e1e-9593-c2e5ae57f303": { "id": "16073ffd-d95a-4e1e-9593-c2e5ae57f303", "title": "CB (legacy) <= 0.9.4.18 - Cross-Site Request Forgery to Code\/Timeframe\/Booking Deletion", "software": [ { "type": "plugin", "name": "CB (legacy)", "slug": "commons-booking", "affected_versions": { "* - 0.9.4.18": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16073ffd-d95a-4e1e-9593-c2e5ae57f303?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "160740a2-f5e1-49d6-a380-e6bf33646300": { "id": "160740a2-f5e1-49d6-a380-e6bf33646300", "title": "IBPS Online Exam <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IBPS Online Exam Plugin for WordPress", "slug": "examapp", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/160740a2-f5e1-49d6-a380-e6bf33646300?source=api-scan" ], "published": "2017-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "160dd5b9-ed70-4617-9bff-59e33f9ea2d8": { "id": "160dd5b9-ed70-4617-9bff-59e33f9ea2d8", "title": "Carousel Slider <= 2.2.10 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Carousel Slider", "slug": "carousel-slider", "affected_versions": { "* - 2.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/160dd5b9-ed70-4617-9bff-59e33f9ea2d8?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16102d4c-86d6-471e-b787-54e4bc14b5a2": { "id": "16102d4c-86d6-471e-b787-54e4bc14b5a2", "title": "WordPress Core < 4.5.3 - Cross-Site Scripting via Customizer", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.14": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.14", "to_inclusive": true }, "3.8 - 3.8.14": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true }, "3.9 - 3.9.12": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true }, "4.0 - 4.0.11": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true }, "4.1 - 4.1.11": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true }, "4.2 - 4.2.8": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.15", "3.8.15", "3.9.13", "4.0.12", "4.1.12", "4.2.9", "4.3.5", "4.4.4", "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16102d4c-86d6-471e-b787-54e4bc14b5a2?source=api-scan" ], "published": "2016-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1610b3dd-582e-4ff2-956a-95845361c66b": { "id": "1610b3dd-582e-4ff2-956a-95845361c66b", "title": "Dyslexiefont Free <= 0.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dyslexiefont Free", "slug": "dyslexiefont", "affected_versions": { "* - 0.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1610b3dd-582e-4ff2-956a-95845361c66b?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1612b10d-1ee7-4ea1-93f3-bde2f1667e1b": { "id": "1612b10d-1ee7-4ea1-93f3-bde2f1667e1b", "title": "RokStories <= 1.25 - Denial of Service", "software": [ { "type": "plugin", "name": "RokStories", "slug": "wp_rokstories", "affected_versions": { "* - 1.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1612b10d-1ee7-4ea1-93f3-bde2f1667e1b?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16130c5d-9865-4953-b078-0b448722e36d": { "id": "16130c5d-9865-4953-b078-0b448722e36d", "title": "Molongui <= 4.6.19 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui", "slug": "molongui-authorship", "affected_versions": { "* - 4.6.19": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16130c5d-9865-4953-b078-0b448722e36d?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "162595bb-d41b-4dfd-bfda-3a1e5794eaaf": { "id": "162595bb-d41b-4dfd-bfda-3a1e5794eaaf", "title": "Simple Ticker <= 3.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Ticker", "slug": "simple-ticker", "affected_versions": { "* - 3.05": { "from_version": "*", "from_inclusive": true, "to_version": "3.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/162595bb-d41b-4dfd-bfda-3a1e5794eaaf?source=api-scan" ], "published": "2023-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1625a77d-bbca-4d18-ae6f-03030ac51d5b": { "id": "1625a77d-bbca-4d18-ae6f-03030ac51d5b", "title": "Rich Reviews by Starfish <= 1.9.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Rich Reviews by Starfish", "slug": "rich-reviews", "affected_versions": { "[*, 1.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1625a77d-bbca-4d18-ae6f-03030ac51d5b?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1627ec2a-f91d-4ed7-acb8-a3fb63b45731": { "id": "1627ec2a-f91d-4ed7-acb8-a3fb63b45731", "title": "Video Player <= 1.5.22 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpiderVPlayer", "slug": "player", "affected_versions": { "* - 1.5.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1627ec2a-f91d-4ed7-acb8-a3fb63b45731?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "162a194c-a7de-44c4-a659-8188e303b6a2": { "id": "162a194c-a7de-44c4-a659-8188e303b6a2", "title": "WooCommerce <= 3.6.4 - Missing File Type Validation", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/162a194c-a7de-44c4-a659-8188e303b6a2?source=api-scan" ], "published": "2019-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "162a9203-d169-4d96-9839-110f6a9e4ad3": { "id": "162a9203-d169-4d96-9839-110f6a9e4ad3", "title": "Poll, Survey, Questionnaire and Voting system <= 1.5.2 - Unauthenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "Poll, Survey, Questionnaire and Voting system", "slug": "polls-widget", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/162a9203-d169-4d96-9839-110f6a9e4ad3?source=api-scan" ], "published": "2021-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "162afd58-3534-401b-9119-c1c26e15cd0f": { "id": "162afd58-3534-401b-9119-c1c26e15cd0f", "title": "Welcart e-Commerce <= 2.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/162afd58-3534-401b-9119-c1c26e15cd0f?source=api-scan" ], "published": "2023-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "162dff28-94ea-4a47-a6cb-a13317cf1a04": { "id": "162dff28-94ea-4a47-a6cb-a13317cf1a04", "title": "Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security", "slug": "wp-simple-firewall", "affected_versions": { "[*, 17.0.18)": { "from_version": "*", "from_inclusive": true, "to_version": "17.0.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "17.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/162dff28-94ea-4a47-a6cb-a13317cf1a04?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16320b5e-1cb5-4e6d-ad2e-8ccd9cfa45ef": { "id": "16320b5e-1cb5-4e6d-ad2e-8ccd9cfa45ef", "title": "Elementor Addons, Widgets and Enhancements \u2013 Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addons, Widgets and Enhancements \u2013 Stax", "slug": "stax-addons-for-elementor", "affected_versions": { "* - 1.4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16320b5e-1cb5-4e6d-ad2e-8ccd9cfa45ef?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "163328e9-2918-4bc0-8bbc-90d7e992754d": { "id": "163328e9-2918-4bc0-8bbc-90d7e992754d", "title": "WooCommerce Ship to Multiple Addresses <= 3.8.3 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WooCommerce Ship to Multiple Addresses", "slug": "woocommerce-shipping-multiple-addresses", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/163328e9-2918-4bc0-8bbc-90d7e992754d?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1638145c-2bc8-45d4-904e-b1aba124a0e3": { "id": "1638145c-2bc8-45d4-904e-b1aba124a0e3", "title": "Motors \u2013 Car Dealer, Classifieds & Listing <= 1.4.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Motors \u2013 Car Dealer, Classifieds & Listing", "slug": "motors-car-dealership-classified-listings", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1638145c-2bc8-45d4-904e-b1aba124a0e3?source=api-scan" ], "published": "2019-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "163fc78a-753e-4aa4-80d5-1b2a5f68e65a": { "id": "163fc78a-753e-4aa4-80d5-1b2a5f68e65a", "title": "Flaming Forms <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flaming Forms", "slug": "flaming-forms", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/163fc78a-753e-4aa4-80d5-1b2a5f68e65a?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1641758d-a7d7-4677-98a6-cb4a6fea0c63": { "id": "1641758d-a7d7-4677-98a6-cb4a6fea0c63", "title": "PCA Predict <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PCA Predict", "slug": "address-email-and-phone-validation", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1641758d-a7d7-4677-98a6-cb4a6fea0c63?source=api-scan" ], "published": "2022-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1644c2c3-11fa-48d6-ad99-416f27df4483": { "id": "1644c2c3-11fa-48d6-ad99-416f27df4483", "title": "Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Simple URLs \u2013 Link Cloaking, Product Displays, and Affiliate Link Management", "slug": "simple-urls", "affected_versions": { "* - 114": { "from_version": "*", "from_inclusive": true, "to_version": "114", "to_inclusive": true } }, "patched": true, "patched_versions": [ "115" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1644c2c3-11fa-48d6-ad99-416f27df4483?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1647ac13-d9d1-46ae-93e7-855f55160e03": { "id": "1647ac13-d9d1-46ae-93e7-855f55160e03", "title": "Organization chart <= 1.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Organization chart", "slug": "organization-chart", "affected_versions": { "1.4.1": { "from_version": "1.4.1", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1647ac13-d9d1-46ae-93e7-855f55160e03?source=api-scan" ], "published": "2022-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "164a1e09-e967-450c-8938-84c18ebf267d": { "id": "164a1e09-e967-450c-8938-84c18ebf267d", "title": "Element Pack Elementor Addons <= 5.4.11 - Missing Authorization via bdt_duplicate_as_draft", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/164a1e09-e967-450c-8938-84c18ebf267d?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "164ec659-e1a6-4267-b6e9-4e37a402e503": { "id": "164ec659-e1a6-4267-b6e9-4e37a402e503", "title": "Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_slides", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/164ec659-e1a6-4267-b6e9-4e37a402e503?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1653c4e0-c5e5-44c6-a84d-cdd070696ac4": { "id": "1653c4e0-c5e5-44c6-a84d-cdd070696ac4", "title": "Mail Masta <= 1.0 - SQL Injection via id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1653c4e0-c5e5-44c6-a84d-cdd070696ac4?source=api-scan" ], "published": "2017-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1653de8f-62eb-488b-9e97-8b30221b509f": { "id": "1653de8f-62eb-488b-9e97-8b30221b509f", "title": "Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1653de8f-62eb-488b-9e97-8b30221b509f?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "165a3c28-ea89-44bd-9de0-38d931f98de2": { "id": "165a3c28-ea89-44bd-9de0-38d931f98de2", "title": "Newsletter <= 8.2.0 - IP Spoofing", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 8.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/165a3c28-ea89-44bd-9de0-38d931f98de2?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "165bf4d4-0f97-4c51-bc55-ad14f3e4aae9": { "id": "165bf4d4-0f97-4c51-bc55-ad14f3e4aae9", "title": "Gestion-Pymes <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gestion-Pymes", "slug": "gestion-pymes", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/165bf4d4-0f97-4c51-bc55-ad14f3e4aae9?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16630c5a-802e-404a-b90b-be7b906345b0": { "id": "16630c5a-802e-404a-b90b-be7b906345b0", "title": "All in One SEO 4.0.0 - 4.1.5.2 Authorization Bypass", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "4.0.0 - 4.1.5.2": { "from_version": "4.0.0", "from_inclusive": true, "to_version": "4.1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16630c5a-802e-404a-b90b-be7b906345b0?source=api-scan" ], "published": "2021-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1664fef3-6416-4678-9ee7-bed2184d7490": { "id": "1664fef3-6416-4678-9ee7-bed2184d7490", "title": "Simple Membership <= 4.0.3 - Authenticated (Admin+) SQL Injections", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1664fef3-6416-4678-9ee7-bed2184d7490?source=api-scan" ], "published": "2021-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1665fda6-005d-42ba-883d-2e3ad7abe0ba": { "id": "1665fda6-005d-42ba-883d-2e3ad7abe0ba", "title": "WooCommerce Warranty Requests <= 2.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Warranty Requests", "slug": "woocommerce-warranty", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1665fda6-005d-42ba-883d-2e3ad7abe0ba?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1666170c-6489-4fbb-8356-f1a7790d74d6": { "id": "1666170c-6489-4fbb-8356-f1a7790d74d6", "title": "CartBounty \u2013 Save and recover abandoned carts for WooCommerce <= 8.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CartBounty \u2013 Save and recover abandoned carts for WooCommerce", "slug": "woo-save-abandoned-carts", "affected_versions": { "* - 8.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1666170c-6489-4fbb-8356-f1a7790d74d6?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1671e437-09f0-46bc-87ef-3a5712c3dc98": { "id": "1671e437-09f0-46bc-87ef-3a5712c3dc98", "title": "Dynamics 365 Integration <= 1.3.12 - Missing Authorization via wp_ajax_wpcrm_log & wp_ajax_wpcrm_log_verbosity", "software": [ { "type": "plugin", "name": "Dynamics 365 Integration", "slug": "integration-dynamics", "affected_versions": { "* - 1.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1671e437-09f0-46bc-87ef-3a5712c3dc98?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "167436b7-3d2b-46fc-a1bc-2bcfd899182e": { "id": "167436b7-3d2b-46fc-a1bc-2bcfd899182e", "title": "Jobmonster <= 4.7.0 - Unauthenticated Privilege Escalation", "software": [ { "type": "theme", "name": "Noo JobMonster", "slug": "noo-jobmonster", "affected_versions": { "* - 4.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/167436b7-3d2b-46fc-a1bc-2bcfd899182e?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1674e81e-6a75-436c-b219-8ec0a484a134": { "id": "1674e81e-6a75-436c-b219-8ec0a484a134", "title": "Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Mercado Pago payments for WooCommerce", "slug": "woocommerce-mercadopago", "affected_versions": { "7.3.0 - 7.6.1": { "from_version": "7.3.0", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1674e81e-6a75-436c-b219-8ec0a484a134?source=api-scan" ], "published": "2024-07-19 15:14:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "167ae586-1f18-43ac-a7c1-e67a00ce8787": { "id": "167ae586-1f18-43ac-a7c1-e67a00ce8787", "title": "Tiny carousel horizontal slider plus <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tiny carousel horizontal slider plus", "slug": "tiny-carousel-horizontal-slider-plus", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/167ae586-1f18-43ac-a7c1-e67a00ce8787?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1680078c-0dbe-4586-b793-3bf2ddea96ba": { "id": "1680078c-0dbe-4586-b793-3bf2ddea96ba", "title": "jRSS Widget <= 1.2 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "jRSS Widget", "slug": "jrss-widget", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1680078c-0dbe-4586-b793-3bf2ddea96ba?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16800ece-da9c-431b-a015-42bd30b646e2": { "id": "16800ece-da9c-431b-a015-42bd30b646e2", "title": "Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings", "software": [ { "type": "theme", "name": "Bricks", "slug": "bricks", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16800ece-da9c-431b-a015-42bd30b646e2?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "168e8512-d551-47f9-bc2b-c458180a6d13": { "id": "168e8512-d551-47f9-bc2b-c458180a6d13", "title": "External Videos <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "External Videos", "slug": "external-videos", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/168e8512-d551-47f9-bc2b-c458180a6d13?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "168ff5ec-52f2-4234-aee4-6d460b72d6c5": { "id": "168ff5ec-52f2-4234-aee4-6d460b72d6c5", "title": "Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Hide Admin Bar", "slug": "auto-hide-admin-bar", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/168ff5ec-52f2-4234-aee4-6d460b72d6c5?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1690631b-0e5d-45d1-9db6-6ac426874762": { "id": "1690631b-0e5d-45d1-9db6-6ac426874762", "title": "HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update", "software": [ { "type": "plugin", "name": "HelloAsso", "slug": "helloasso", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1690631b-0e5d-45d1-9db6-6ac426874762?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16919724-e495-492e-8cc7-639e6d8473c2": { "id": "16919724-e495-492e-8cc7-639e6d8473c2", "title": "WebP Converter for Media <= 4.0.2 - Unauthenticated Open Redirect", "software": [ { "type": "plugin", "name": "Converter for Media \u2013 Optimize images | Convert WebP & AVIF", "slug": "webp-converter-for-media", "affected_versions": { "[*, 4.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16919724-e495-492e-8cc7-639e6d8473c2?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16988713-a4d4-4d6a-bafb-3441ab54f14b": { "id": "16988713-a4d4-4d6a-bafb-3441ab54f14b", "title": "Newspack Blocks <= 3.0.8 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Newspack Blocks", "slug": "newspack-blocks", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16988713-a4d4-4d6a-bafb-3441ab54f14b?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "169cb1b8-8a37-4a8b-b824-c31ef132b88a": { "id": "169cb1b8-8a37-4a8b-b824-c31ef132b88a", "title": "bbp style pack <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "bbp style pack", "slug": "bbp-style-pack", "affected_versions": { "[*, 5.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/169cb1b8-8a37-4a8b-b824-c31ef132b88a?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "169f2767-da20-4199-9997-438a62f6aee4": { "id": "169f2767-da20-4199-9997-438a62f6aee4", "title": "reCaptcha by BestWebSoft < 1.28 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "reCaptcha by BestWebSoft", "slug": "google-captcha", "affected_versions": { "[*, 1.28)": { "from_version": "*", "from_inclusive": true, "to_version": "1.28", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/169f2767-da20-4199-9997-438a62f6aee4?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16a3469d-6264-4ed7-b6ae-fdd7a80c8ca5": { "id": "16a3469d-6264-4ed7-b6ae-fdd7a80c8ca5", "title": "Chronopost & Mondial relay pour WooCommerce - WCMultiShipping <= 2.3.7 - Incorrect Authorization", "software": [ { "type": "plugin", "name": "Mondial Relay & Chronopost plugin for WooCommerce \u2013 WCMultiShipping", "slug": "wc-multishipping", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16a3469d-6264-4ed7-b6ae-fdd7a80c8ca5?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16a4ebde-7c92-4ad2-9c8d-3bef0a8c600b": { "id": "16a4ebde-7c92-4ad2-9c8d-3bef0a8c600b", "title": "Welcart e-Commerce < 1.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16a4ebde-7c92-4ad2-9c8d-3bef0a8c600b?source=api-scan" ], "published": "2012-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16af4d96-e7e0-4b13-90a5-ddf62909271a": { "id": "16af4d96-e7e0-4b13-90a5-ddf62909271a", "title": "Contus Video Comments <= 1.0 - Remote File Upload", "software": [ { "type": "plugin", "name": "contus-video-comments", "slug": "contus-video-comments", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16af4d96-e7e0-4b13-90a5-ddf62909271a?source=api-scan" ], "published": "2016-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16af8724-595c-4daa-80bd-8125a32cc502": { "id": "16af8724-595c-4daa-80bd-8125a32cc502", "title": "Clever Fox <= 25.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clever Fox", "slug": "clever-fox", "affected_versions": { "* - 25.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "25.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "25.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16af8724-595c-4daa-80bd-8125a32cc502?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16b0947e-3bb2-4150-b810-2e77de3e75da": { "id": "16b0947e-3bb2-4150-b810-2e77de3e75da", "title": "WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WHA Crossword", "slug": "wha-crossword", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16b0947e-3bb2-4150-b810-2e77de3e75da?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16b37992-a87e-42bb-ab0f-cb32506874e9": { "id": "16b37992-a87e-42bb-ab0f-cb32506874e9", "title": "WPFront Notification Bar <= 3.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFront Notification Bar", "slug": "wpfront-notification-bar", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16b37992-a87e-42bb-ab0f-cb32506874e9?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16b407ab-9687-4a10-b458-ad39661e4fb0": { "id": "16b407ab-9687-4a10-b458-ad39661e4fb0", "title": "wpDataTables (Premium) <= 3.4.1 - Blind SQL Injection via length Parameter", "software": [ { "type": "plugin", "name": "wpDataTables (Premium)", "slug": "wpdatatables", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16b407ab-9687-4a10-b458-ad39661e4fb0?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16bce38a-07fa-43b7-aacb-6c932c3d0987": { "id": "16bce38a-07fa-43b7-aacb-6c932c3d0987", "title": "Simple Link Directory <= 7.7.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Simple Link Directory", "slug": "simple-link-directory", "affected_versions": { "[*, 7.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16bce38a-07fa-43b7-aacb-6c932c3d0987?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16bd14a1-e69b-4b7d-8c0e-a294e120d2a6": { "id": "16bd14a1-e69b-4b7d-8c0e-a294e120d2a6", "title": "XML for Google Merchant Center <= 3.0.1 - Reflected Cross-Site Scripting via page parameter", "software": [ { "type": "plugin", "name": "XML for Google Merchant Center", "slug": "xml-for-google-merchant-center", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16bd14a1-e69b-4b7d-8c0e-a294e120d2a6?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16c0a3b7-25b0-457e-b883-a780bc6a29a7": { "id": "16c0a3b7-25b0-457e-b883-a780bc6a29a7", "title": "Member Hero <= 1.0.9 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Member Hero", "slug": "member-hero", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16c0a3b7-25b0-457e-b883-a780bc6a29a7?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16c70597-32a0-4771-877b-c57cf7550ee7": { "id": "16c70597-32a0-4771-877b-c57cf7550ee7", "title": "AFS Analytics <= 4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AFS Analytics", "slug": "addfreestats", "affected_versions": { "* - 4.15": { "from_version": "*", "from_inclusive": true, "to_version": "4.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16c70597-32a0-4771-877b-c57cf7550ee7?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16c7813c-7814-43f1-b051-e7e8690de21e": { "id": "16c7813c-7814-43f1-b051-e7e8690de21e", "title": "AppPresser <= 4.3.0 - Cross-Site Request Forgery via toggle_logging_callback()", "software": [ { "type": "plugin", "name": "AppPresser \u2013 Mobile App Framework", "slug": "apppresser", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16c7813c-7814-43f1-b051-e7e8690de21e?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16d1eb4a-c68a-43b9-a514-d8751687709a": { "id": "16d1eb4a-c68a-43b9-a514-d8751687709a", "title": "Debug Log Manager <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Debug Log Manager", "slug": "debug-log-manager", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16d1eb4a-c68a-43b9-a514-d8751687709a?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16d8eab2-953a-46bf-a0f6-296bcea86305": { "id": "16d8eab2-953a-46bf-a0f6-296bcea86305", "title": "Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode", "software": [ { "type": "plugin", "name": "Content Blocks (Custom Post Widget)", "slug": "custom-post-widget", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16d8eab2-953a-46bf-a0f6-296bcea86305?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16dc1927-2171-4234-805b-6e4eed99fa90": { "id": "16dc1927-2171-4234-805b-6e4eed99fa90", "title": "Contact Form by Supsystic <= 1.7.27 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form by Supsystic", "slug": "contact-form-by-supsystic", "affected_versions": { "* - 1.7.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16dc1927-2171-4234-805b-6e4eed99fa90?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16e2c051-6ec6-4b09-8802-adb537fa9af0": { "id": "16e2c051-6ec6-4b09-8802-adb537fa9af0", "title": "Visual Form Builder <= 2.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Form Builder", "slug": "visual-form-builder", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16e2c051-6ec6-4b09-8802-adb537fa9af0?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16e3ca1b-817d-4f03-92ae-346a56271c47": { "id": "16e3ca1b-817d-4f03-92ae-346a56271c47", "title": "MStore API <= 3.1.9 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16e3ca1b-817d-4f03-92ae-346a56271c47?source=api-scan" ], "published": "2021-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16e63535-28bc-4a3d-a201-4216dc786d98": { "id": "16e63535-28bc-4a3d-a201-4216dc786d98", "title": "Poll Maker <= 4.0.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16e63535-28bc-4a3d-a201-4216dc786d98?source=api-scan" ], "published": "2022-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16e6dc49-5edf-4ce4-95c9-19ef04a77379": { "id": "16e6dc49-5edf-4ce4-95c9-19ef04a77379", "title": "Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes", "software": [ { "type": "plugin", "name": "Pricing Table by Supsystic", "slug": "pricing-table-by-supsystic", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16e6dc49-5edf-4ce4-95c9-19ef04a77379?source=api-scan" ], "published": "2020-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16e7a7c5-b845-4f28-bee6-fde54d003e13": { "id": "16e7a7c5-b845-4f28-bee6-fde54d003e13", "title": "WP SEO Tags <= 2.2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP SEO Tags", "slug": "wp-seo-tags", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16e7a7c5-b845-4f28-bee6-fde54d003e13?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16e8e097-a332-4c8e-87fb-aabe5d00ae05": { "id": "16e8e097-a332-4c8e-87fb-aabe5d00ae05", "title": "Kanban Boards for WordPress <= 2.5.20 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kanban Boards for WordPress", "slug": "kanban", "affected_versions": { "* - 2.5.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16e8e097-a332-4c8e-87fb-aabe5d00ae05?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16f183a6-b8db-461e-b17d-2faa528ff0ff": { "id": "16f183a6-b8db-461e-b17d-2faa528ff0ff", "title": "Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booqable Rental Plugin", "slug": "booqable-rental-reservations", "affected_versions": { "* - 2.4.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16f183a6-b8db-461e-b17d-2faa528ff0ff?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16f5a104-dce0-4249-91b9-67f99cce16d3": { "id": "16f5a104-dce0-4249-91b9-67f99cce16d3", "title": "ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "ConvertPlus", "slug": "convertplug", "affected_versions": { "* - 3.5.26": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.26.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16f5a104-dce0-4249-91b9-67f99cce16d3?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "16fd140b-c976-4425-8ac5-a524b8cf1a42": { "id": "16fd140b-c976-4425-8ac5-a524b8cf1a42", "title": "Custom Query Blocks <= 5.2.0 - Missing Authorization via REST Routes", "software": [ { "type": "plugin", "name": "Custom Query Blocks", "slug": "post-type-archive-mapping", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/16fd140b-c976-4425-8ac5-a524b8cf1a42?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17031e21-e697-4e01-8848-c3957f5dac7f": { "id": "17031e21-e697-4e01-8848-c3957f5dac7f", "title": "Real Estate Directory <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Real Estate Directory", "slug": "real-estate-directory", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17031e21-e697-4e01-8848-c3957f5dac7f?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1714c26f-775a-4ccc-8b55-e85ca1fb3a84": { "id": "1714c26f-775a-4ccc-8b55-e85ca1fb3a84", "title": "Popup Builder <= 4.0.6 - Authenticated SQL Injection via order & orderby Parameters", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "[*, 4.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1714c26f-775a-4ccc-8b55-e85ca1fb3a84?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17150263-261d-422f-8b36-a2981d4aaad3": { "id": "17150263-261d-422f-8b36-a2981d4aaad3", "title": "tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "tagDiv Opt-In Builder", "slug": "td-subscription", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17150263-261d-422f-8b36-a2981d4aaad3?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1716ef84-759e-4b40-aaa3-ae6ead41fcb5": { "id": "1716ef84-759e-4b40-aaa3-ae6ead41fcb5", "title": "Login with phone number <= 1.3.6 - Unauthenticated Remote Plugin Deletion", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "[*, 1.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1716ef84-759e-4b40-aaa3-ae6ead41fcb5?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1718f2eb-6235-498f-8c1e-402c1caf7d02": { "id": "1718f2eb-6235-498f-8c1e-402c1caf7d02", "title": "Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.2.20.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.20.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.20.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1718f2eb-6235-498f-8c1e-402c1caf7d02?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "171ee69a-d0d6-4d1e-b477-4d285be918f4": { "id": "171ee69a-d0d6-4d1e-b477-4d285be918f4", "title": "BulletProof Security < .52.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "[*, .52.5)": { "from_version": "*", "from_inclusive": true, "to_version": ".52.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ ".52.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/171ee69a-d0d6-4d1e-b477-4d285be918f4?source=api-scan" ], "published": "2014-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "171faddd-c60c-4d07-834e-d8149703513b": { "id": "171faddd-c60c-4d07-834e-d8149703513b", "title": "Testimonial WordPress Plugin < 1.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial WordPress Plugin \u2013 AP Custom Testimonial", "slug": "ap-custom-testimonial", "affected_versions": { "[*, 1.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/171faddd-c60c-4d07-834e-d8149703513b?source=api-scan" ], "published": "2022-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1723a465-75ca-4fea-ad9c-d96ffb5625a8": { "id": "1723a465-75ca-4fea-ad9c-d96ffb5625a8", "title": "Ultimate Addons for Contact Form 7 <= 3.1.28 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for Contact Form 7", "slug": "ultimate-addons-for-contact-form-7", "affected_versions": { "[*, 3.1.29)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.29", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1723a465-75ca-4fea-ad9c-d96ffb5625a8?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17240c75-4e2a-45d2-8114-414c7e81af87": { "id": "17240c75-4e2a-45d2-8114-414c7e81af87", "title": "Dropshipping & Affiliation with Amazon <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Dropshipping & Affiliation with Amazon", "slug": "wp-amazon-shop", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17240c75-4e2a-45d2-8114-414c7e81af87?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1725c7f3-2fac-4714-a63e-6c43694483fc": { "id": "1725c7f3-2fac-4714-a63e-6c43694483fc", "title": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import", "software": [ { "type": "plugin", "name": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin", "slug": "wp-event-solution", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1725c7f3-2fac-4714-a63e-6c43694483fc?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "172b2191-6595-47dd-bf2d-97dc3d17e5ca": { "id": "172b2191-6595-47dd-bf2d-97dc3d17e5ca", "title": "Admin side data storage for Contact Form 7 <= 1.1.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin side data storage for Contact Form 7", "slug": "admin-side-data-storage-for-contact-form-7", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/172b2191-6595-47dd-bf2d-97dc3d17e5ca?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "172d8ffc-7ed3-43a6-942c-93b476a4fb50": { "id": "172d8ffc-7ed3-43a6-942c-93b476a4fb50", "title": "OneClick Chat to Order <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "OneClick Chat to Order", "slug": "oneclick-whatsapp-order", "affected_versions": { "* - 1.0.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/172d8ffc-7ed3-43a6-942c-93b476a4fb50?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "173661aa-6895-41d6-8869-6abfd2eadf31": { "id": "173661aa-6895-41d6-8869-6abfd2eadf31", "title": "Yandex Metrica Counter <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yandex Metrica Counter", "slug": "counter-yandex-metrica", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/173661aa-6895-41d6-8869-6abfd2eadf31?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "173c8c8a-a015-4522-b957-1805f520a77d": { "id": "173c8c8a-a015-4522-b957-1805f520a77d", "title": "WooCommerce Menu Extension <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Menu Extension", "slug": "woocommerce-menu-extension", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/173c8c8a-a015-4522-b957-1805f520a77d?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17422c79-494a-4c90-a48c-1aad9e0fa4c2": { "id": "17422c79-494a-4c90-a48c-1aad9e0fa4c2", "title": "WP Database Backup <= 4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "[*, 4.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17422c79-494a-4c90-a48c-1aad9e0fa4c2?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17453fa5-af14-477b-9b3d-b245511ad8ce": { "id": "17453fa5-af14-477b-9b3d-b245511ad8ce", "title": "Auto Affiliate Links <= 6.4.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "* - 6.4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17453fa5-af14-477b-9b3d-b245511ad8ce?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17457ff2-917d-4cc4-8c5e-c80cd320cc90": { "id": "17457ff2-917d-4cc4-8c5e-c80cd320cc90", "title": "SEO Manager <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta", "software": [ { "type": "plugin", "name": "SEO Manager", "slug": "seo-manager", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17457ff2-917d-4cc4-8c5e-c80cd320cc90?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1746da3b-397d-4027-b76d-4c57fadf32c4": { "id": "1746da3b-397d-4027-b76d-4c57fadf32c4", "title": "Image Export < 1.1.1 - Path Traversal", "software": [ { "type": "plugin", "name": "Image Export", "slug": "image-export", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1746da3b-397d-4027-b76d-4c57fadf32c4?source=api-scan" ], "published": "2015-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "174c4050-8eed-4641-85d2-4b66702e03a6": { "id": "174c4050-8eed-4641-85d2-4b66702e03a6", "title": "SAML Single Sign On \u2013 SAML SSO Login < 4.8.73 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SAML Single Sign On \u2013 SSO Login", "slug": "miniorange-saml-20-single-sign-on", "affected_versions": { "[*, 4.8.73)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.73", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/174c4050-8eed-4641-85d2-4b66702e03a6?source=api-scan" ], "published": "2019-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "174e2bf3-2531-4a53-ade6-3df7e976ed29": { "id": "174e2bf3-2531-4a53-ade6-3df7e976ed29", "title": "MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/174e2bf3-2531-4a53-ade6-3df7e976ed29?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "174e6344-3919-4c73-8810-33de379ff463": { "id": "174e6344-3919-4c73-8810-33de379ff463", "title": "LayerSlider <= 6.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "* - 6.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/174e6344-3919-4c73-8810-33de379ff463?source=api-scan" ], "published": "2017-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "174eae70-15d7-4772-8fcd-dc4c0fca5b7d": { "id": "174eae70-15d7-4772-8fcd-dc4c0fca5b7d", "title": "AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AnyMind Widget", "slug": "anymind-widget", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/174eae70-15d7-4772-8fcd-dc4c0fca5b7d?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17508063-3cd7-4b61-b7be-23a71b75f6a2": { "id": "17508063-3cd7-4b61-b7be-23a71b75f6a2", "title": "Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi Builder <= 2.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi Builder", "slug": "supreme-modules-for-divi", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17508063-3cd7-4b61-b7be-23a71b75f6a2?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1754cced-d3e4-40af-b0e9-9089a92db3dc": { "id": "1754cced-d3e4-40af-b0e9-9089a92db3dc", "title": "Base64 Encoder\/Decoder <= 0.9.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Base64 Encoder\/Decoder", "slug": "base64-encoderdecoder", "affected_versions": { "* - 0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1754cced-d3e4-40af-b0e9-9089a92db3dc?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "175b64d3-0abd-4a65-b419-d6248a7deb2f": { "id": "175b64d3-0abd-4a65-b419-d6248a7deb2f", "title": "Elementor Website Builder <= 3.4.7 - DOM-based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "0.1.0 - 3.4.7": { "from_version": "0.1.0", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/175b64d3-0abd-4a65-b419-d6248a7deb2f?source=api-scan" ], "published": "2021-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "175cb977-dcba-429f-814c-6de078e23472": { "id": "175cb977-dcba-429f-814c-6de078e23472", "title": "Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.31": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/175cb977-dcba-429f-814c-6de078e23472?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "175d8dc0-fc12-464b-b651-50a060851eb2": { "id": "175d8dc0-fc12-464b-b651-50a060851eb2", "title": "Trust Payments Gateway (3DS2) <= 1.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Trust Payments Gateway for WooCommerce (JavaScript Library)", "slug": "trust-payments-gateway-3ds2", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/175d8dc0-fc12-464b-b651-50a060851eb2?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "175dd04d-ce06-45a0-8cfe-14498e2f9198": { "id": "175dd04d-ce06-45a0-8cfe-14498e2f9198", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in enableOptimization", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "175e08ce-aec2-427a-90e0-f955711d58b2": { "id": "175e08ce-aec2-427a-90e0-f955711d58b2", "title": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/175e08ce-aec2-427a-90e0-f955711d58b2?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "175eba7e-454b-4ba3-bbb5-22bd56734f5c": { "id": "175eba7e-454b-4ba3-bbb5-22bd56734f5c", "title": "Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Skitter Slideshow", "slug": "wp-skitter-slideshow", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/175eba7e-454b-4ba3-bbb5-22bd56734f5c?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17646179-47ad-4846-a581-3e713df43c32": { "id": "17646179-47ad-4846-a581-3e713df43c32", "title": "WordPress Core < 4.5.3 - Denial of Service via oEmbed Protocol", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.14": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.14", "to_inclusive": true }, "3.8 - 3.8.14": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true }, "3.9 - 3.9.12": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true }, "4.0 - 4.0.11": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true }, "4.1 - 4.1.11": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true }, "4.2 - 4.2.8": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.15", "3.8.15", "3.9.13", "4.0.12", "4.1.12", "4.2.9", "4.3.5", "4.4.4", "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17646179-47ad-4846-a581-3e713df43c32?source=api-scan" ], "published": "2016-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "176798cc-9f5f-4524-9172-8f0497e4fc11": { "id": "176798cc-9f5f-4524-9172-8f0497e4fc11", "title": "Media File Renamer < 1.9.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media File Renamer: Rename for better SEO (AI-Powered)", "slug": "media-file-renamer", "affected_versions": { "[*, 1.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/176798cc-9f5f-4524-9172-8f0497e4fc11?source=api-scan" ], "published": "2014-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1774b9b6-b98b-410c-98eb-326eda53adca": { "id": "1774b9b6-b98b-410c-98eb-326eda53adca", "title": "Download Monitor < 3.3.6.2 - Cross-Site Scripting via sort Parameter", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "[*, 3.3.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1774b9b6-b98b-410c-98eb-326eda53adca?source=api-scan" ], "published": "2013-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1775a56e-3590-499e-89b6-79d69d80fa0e": { "id": "1775a56e-3590-499e-89b6-79d69d80fa0e", "title": "qTranslate X < 3.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "qTranslate X", "slug": "qtranslate-x", "affected_versions": { "[*, 3.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1775a56e-3590-499e-89b6-79d69d80fa0e?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "177929c5-d32f-4f0a-afc1-6d4a7091dfd5": { "id": "177929c5-d32f-4f0a-afc1-6d4a7091dfd5", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/177929c5-d32f-4f0a-afc1-6d4a7091dfd5?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "177a2bda-6c40-4ff6-a53f-e6b2a8408d8a": { "id": "177a2bda-6c40-4ff6-a53f-e6b2a8408d8a", "title": "Fontific | Google Fonts <= 0.1.6 - Cross-Site Request Forgery via ajax_fontific_save_all", "software": [ { "type": "plugin", "name": "Fontific | Google Fonts", "slug": "fontific", "affected_versions": { "* - 0.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/177a2bda-6c40-4ff6-a53f-e6b2a8408d8a?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "177f7111-b487-4e52-9106-54e0095a5dd4": { "id": "177f7111-b487-4e52-9106-54e0095a5dd4", "title": "underConstruction <= 1.21 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "underConstruction", "slug": "underconstruction", "affected_versions": { "* - 1.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/177f7111-b487-4e52-9106-54e0095a5dd4?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "178911d9-0552-4f44-aae5-06fc9734cfac": { "id": "178911d9-0552-4f44-aae5-06fc9734cfac", "title": "Event post <= 5.9.5 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Event post", "slug": "event-post", "affected_versions": { "* - 5.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/178911d9-0552-4f44-aae5-06fc9734cfac?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17906039-0130-4e24-b932-1ba19d3d58ff": { "id": "17906039-0130-4e24-b932-1ba19d3d58ff", "title": "Maintenance Mode by helderk <= 3.0.1 - Unauthenticated IP Spoofing", "software": [ { "type": "plugin", "name": "Maintenance Mode", "slug": "hkdev-maintenance-mode", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17906039-0130-4e24-b932-1ba19d3d58ff?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1793922f-c03a-4b66-a2e0-5729f0d4c4d2": { "id": "1793922f-c03a-4b66-a2e0-5729f0d4c4d2", "title": "Free Downloads WooCommerce <= 3.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Free Downloads WooCommerce", "slug": "download-now-for-woocommerce", "affected_versions": { "* - 3.5.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1793922f-c03a-4b66-a2e0-5729f0d4c4d2?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17941fbb-c5da-4f5c-a617-3792eb4ef395": { "id": "17941fbb-c5da-4f5c-a617-3792eb4ef395", "title": "Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Instant Images \u2013 One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels", "slug": "instant-images", "affected_versions": { "* - 6.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=api-scan" ], "published": "2024-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "179751c8-a634-4a2e-be29-46be0aad79c8": { "id": "179751c8-a634-4a2e-be29-46be0aad79c8", "title": "ShortPixel Adaptive Images <= 3.3.1 - Subscriber+ Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "ShortPixel Adaptive Images \u2013 WebP, AVIF, CDN, Image Optimization", "slug": "shortpixel-adaptive-images", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/179751c8-a634-4a2e-be29-46be0aad79c8?source=api-scan" ], "published": "2022-04-25 10:45:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "179821bb-5b0d-4c41-a410-db433987a870": { "id": "179821bb-5b0d-4c41-a410-db433987a870", "title": "ProfilePress <= 3.1.7 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "[*, 3.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/179821bb-5b0d-4c41-a410-db433987a870?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "179c4920-5a03-4cf4-9e77-a814c3004769": { "id": "179c4920-5a03-4cf4-9e77-a814c3004769", "title": "Display Widgets <= 2.03 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Display Widgets", "slug": "display-widgets", "affected_versions": { "* - 2.03": { "from_version": "*", "from_inclusive": true, "to_version": "2.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/179c4920-5a03-4cf4-9e77-a814c3004769?source=api-scan" ], "published": "2015-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17a4bd5c-0cd3-46e4-b6ee-edf87f0e92ca": { "id": "17a4bd5c-0cd3-46e4-b6ee-edf87f0e92ca", "title": "WCP Contact Form <= 3.1.0 - Missing Authorization via downloadCsv", "software": [ { "type": "plugin", "name": "WCP Contact Form", "slug": "wcp-contact-form", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17a4bd5c-0cd3-46e4-b6ee-edf87f0e92ca?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17a787da-5630-42ec-b5b0-47435db765a7": { "id": "17a787da-5630-42ec-b5b0-47435db765a7", "title": "User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17a787da-5630-42ec-b5b0-47435db765a7?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17ab4800-0afd-4c39-970a-bd8dcc6a8b93": { "id": "17ab4800-0afd-4c39-970a-bd8dcc6a8b93", "title": "Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Complianz Premium \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr-premium", "affected_versions": { "* - 6.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.8" ] }, { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17ab4800-0afd-4c39-970a-bd8dcc6a8b93?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17ae3f22-6426-48f7-93e6-c0ad515b329a": { "id": "17ae3f22-6426-48f7-93e6-c0ad515b329a", "title": "Simple Calendar \u2013 Google Calendar Plugin <= 3.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Calendar \u2013 Google Calendar Plugin", "slug": "google-calendar-events", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17ae3f22-6426-48f7-93e6-c0ad515b329a?source=api-scan" ], "published": "2024-09-24 12:31:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17b0366c-f170-420d-b0d5-5c2f9f9e1cca": { "id": "17b0366c-f170-420d-b0d5-5c2f9f9e1cca", "title": "Chatbot with ChatGPT <= 2.4.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Chatbot with ChatGPT WordPress", "slug": "smartsearchwp", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17b0366c-f170-420d-b0d5-5c2f9f9e1cca?source=api-scan" ], "published": "2024-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17b20df5-4adf-47ce-bddf-2ec0b9499de8": { "id": "17b20df5-4adf-47ce-bddf-2ec0b9499de8", "title": "EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode", "software": [ { "type": "plugin", "name": "EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce", "slug": "ean-for-woocommerce", "affected_versions": { "* - 4.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17b20df5-4adf-47ce-bddf-2ec0b9499de8?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17bc3a9f-2bf9-44e3-81ef-bfa932085da9": { "id": "17bc3a9f-2bf9-44e3-81ef-bfa932085da9", "title": "System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)", "software": [ { "type": "plugin", "name": "System Dashboard", "slug": "system-dashboard", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17bc3a9f-2bf9-44e3-81ef-bfa932085da9?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17c06c83-6707-4233-a1c3-ef4cdcf93982": { "id": "17c06c83-6707-4233-a1c3-ef4cdcf93982", "title": "PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17c06c83-6707-4233-a1c3-ef4cdcf93982?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17c6a91c-e2a6-4f17-b145-145e9e7a0079": { "id": "17c6a91c-e2a6-4f17-b145-145e9e7a0079", "title": "Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "theme", "name": "Themify Ultra", "slug": "themify-ultra", "affected_versions": { "* - 7.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17c6a91c-e2a6-4f17-b145-145e9e7a0079?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17c7c61d-c110-448e-ad8a-bc1c00393524": { "id": "17c7c61d-c110-448e-ad8a-bc1c00393524", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17c7c61d-c110-448e-ad8a-bc1c00393524?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17cb080f-83f5-4917-af76-bfcc741ae053": { "id": "17cb080f-83f5-4917-af76-bfcc741ae053", "title": "Coupon Affiliates <= 5.12.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce", "slug": "woo-coupon-usage", "affected_versions": { "* - 5.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17cb080f-83f5-4917-af76-bfcc741ae053?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17cb7420-b4e1-4959-beae-d3c0a8c4b1ff": { "id": "17cb7420-b4e1-4959-beae-d3c0a8c4b1ff", "title": "VR Calendar <= 2.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VR Calendar", "slug": "vr-calendar-sync", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17cb7420-b4e1-4959-beae-d3c0a8c4b1ff?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17cbcf67-f10d-41bc-acf7-98e5d99b50af": { "id": "17cbcf67-f10d-41bc-acf7-98e5d99b50af", "title": "EventPrime <= 3.3.9 - Improper Input Validation via save_event_booking", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17cbcf67-f10d-41bc-acf7-98e5d99b50af?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17ccf3f5-ac71-4827-bf11-9a5199f8752e": { "id": "17ccf3f5-ac71-4827-bf11-9a5199f8752e", "title": "AJAX Random Posts <= 0.3.3 - PHP Object Injection", "software": [ { "type": "plugin", "name": "AJAX Random Posts", "slug": "ajax-random-posts", "affected_versions": { "* - 0.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17ccf3f5-ac71-4827-bf11-9a5199f8752e?source=api-scan" ], "published": "2017-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17cffc76-7b41-4dc0-90cc-695b6f5474ce": { "id": "17cffc76-7b41-4dc0-90cc-695b6f5474ce", "title": "Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clio Grow", "slug": "clio-grow-form", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17cffc76-7b41-4dc0-90cc-695b6f5474ce?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17d11c96-fd3c-478e-9b0e-ba58116ee27f": { "id": "17d11c96-fd3c-478e-9b0e-ba58116ee27f", "title": "UpdraftPlus WordPress Backup Plugin <= 1.16.65 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "[*, 1.16.66)": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.66", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.16.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17d11c96-fd3c-478e-9b0e-ba58116ee27f?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17d12a35-35a1-4f7b-aa03-33ddafe17f5b": { "id": "17d12a35-35a1-4f7b-aa03-33ddafe17f5b", "title": "Waiting: One-click countdowns <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'pbc_down[meta][id]'", "software": [ { "type": "plugin", "name": "Waiting: One-click countdowns", "slug": "waiting", "affected_versions": { "* - 0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17d12a35-35a1-4f7b-aa03-33ddafe17f5b?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17d3a2e4-d6f3-4302-91b0-2408ccd8958a": { "id": "17d3a2e4-d6f3-4302-91b0-2408ccd8958a", "title": "WP Google Maps <= 6.0.26 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "[*, 6.0.27)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17d3a2e4-d6f3-4302-91b0-2408ccd8958a?source=api-scan" ], "published": "2014-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17d4002d-3e87-46a7-9be6-c36e40c31c4a": { "id": "17d4002d-3e87-46a7-9be6-c36e40c31c4a", "title": "Meta pixel for WordPress <= 2.2.2 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Meta pixel for WordPress", "slug": "official-facebook-pixel", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17d4002d-3e87-46a7-9be6-c36e40c31c4a?source=api-scan" ], "published": "2021-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17d8e2e9-5e3f-433b-be1a-6ea765eba547": { "id": "17d8e2e9-5e3f-433b-be1a-6ea765eba547", "title": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud <= 4.14.7 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 4.14.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17d8e2e9-5e3f-433b-be1a-6ea765eba547?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17dbfb82-e380-464a-bfaf-2d0f6bf07f25": { "id": "17dbfb82-e380-464a-bfaf-2d0f6bf07f25", "title": "Podcast Subscribe Buttons <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Podcast Subscribe Buttons", "slug": "podcast-subscribe-buttons", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17dbfb82-e380-464a-bfaf-2d0f6bf07f25?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17dcacaf-0e2a-4bef-b944-fb7e43d25777": { "id": "17dcacaf-0e2a-4bef-b944-fb7e43d25777", "title": "Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Country State City Dropdown CF7", "slug": "country-state-city-auto-dropdown", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17dcacaf-0e2a-4bef-b944-fb7e43d25777?source=api-scan" ], "published": "2024-05-21 19:38:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17dcb057-6fa6-488c-9d59-22dcdba3fd2f": { "id": "17dcb057-6fa6-488c-9d59-22dcdba3fd2f", "title": "Popup Builder <= 3.73 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 3.73": { "from_version": "*", "from_inclusive": true, "to_version": "3.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17dcb057-6fa6-488c-9d59-22dcdba3fd2f?source=api-scan" ], "published": "2021-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17dd97b6-a186-4351-b08b-1eff696e25b1": { "id": "17dd97b6-a186-4351-b08b-1eff696e25b1", "title": "Fancy Product Designer <= 4.7.4 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "* - 4.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17dd97b6-a186-4351-b08b-1eff696e25b1?source=api-scan" ], "published": "2022-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17e4376e-2b77-4c86-b962-ea4d7d8f534d": { "id": "17e4376e-2b77-4c86-b962-ea4d7d8f534d", "title": "Inspirational Quote Rotator <= 1.0.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Inspirational Quote Rotator", "slug": "inspirational-quote-rotator", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17e4376e-2b77-4c86-b962-ea4d7d8f534d?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17e6537a-37b6-4f13-8bf0-e47e54062979": { "id": "17e6537a-37b6-4f13-8bf0-e47e54062979", "title": "Animated Typed JS Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Animated Typed JS Shortcode", "slug": "animated-typed-js-shortcode", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17e6537a-37b6-4f13-8bf0-e47e54062979?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17f118c5-c485-448b-8ab7-3f7fd44be583": { "id": "17f118c5-c485-448b-8ab7-3f7fd44be583", "title": "WP Responsive Testimonials Slider And Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Responsive Testimonials Slider And Widget", "slug": "wp-responsive-testimonials-slider-and-widget", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17f118c5-c485-448b-8ab7-3f7fd44be583?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17f2a0d5-6640-4ef9-a219-93a92571a5d3": { "id": "17f2a0d5-6640-4ef9-a219-93a92571a5d3", "title": "Pinboard <= 1.1.10 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Pinboard", "slug": "pinboard", "affected_versions": { "* - 1.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17f2a0d5-6640-4ef9-a219-93a92571a5d3?source=api-scan" ], "published": "2013-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17f2b07d-82de-4e25-9b17-ef4a1132e6c0": { "id": "17f2b07d-82de-4e25-9b17-ef4a1132e6c0", "title": "Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17f2b07d-82de-4e25-9b17-ef4a1132e6c0?source=api-scan" ], "published": "2023-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17f85a52-7f55-4e11-8be3-f088eaad41b3": { "id": "17f85a52-7f55-4e11-8be3-f088eaad41b3", "title": "Visitor Traffic Real Time Statistics <= 3.8 - Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "Visitor Traffic Real Time Statistics", "slug": "visitors-traffic-real-time-statistics", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17f85a52-7f55-4e11-8be3-f088eaad41b3?source=api-scan" ], "published": "2021-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17f8e2a0-b23f-4706-8438-7a6573a29933": { "id": "17f8e2a0-b23f-4706-8438-7a6573a29933", "title": "Rank Math SEO <= 1.0.95 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.95": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.95", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.95.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17f8e2a0-b23f-4706-8438-7a6573a29933?source=api-scan" ], "published": "2022-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17fa37ae-5683-4b5f-995f-934f469141a5": { "id": "17fa37ae-5683-4b5f-995f-934f469141a5", "title": "Crowdsignal Dashboard \u2013 Polls, Surveys & more <= 3.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17fa37ae-5683-4b5f-995f-934f469141a5?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "17ffdd6d-3c6c-4f47-9f1c-a0f4c0f5fcdf": { "id": "17ffdd6d-3c6c-4f47-9f1c-a0f4c0f5fcdf", "title": "Restrict User Access \u2013 Membership Plugin with Force <= 2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restrict User Access \u2013 Ultimate Membership & Content Protection", "slug": "restrict-user-access", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/17ffdd6d-3c6c-4f47-9f1c-a0f4c0f5fcdf?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "180711f3-1a3b-4b10-9046-e63c0e1b9ab5": { "id": "180711f3-1a3b-4b10-9046-e63c0e1b9ab5", "title": "MP3 jPlayer <= 2.7.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MP3-jPlayer", "slug": "mp3-jplayer", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/180711f3-1a3b-4b10-9046-e63c0e1b9ab5?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1810cea5-cfca-4699-bf09-0e474d04acb6": { "id": "1810cea5-cfca-4699-bf09-0e474d04acb6", "title": "Advanced Page Visit Counter <= 7.1.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress", "slug": "advanced-page-visit-counter", "affected_versions": { "* - 7.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1810cea5-cfca-4699-bf09-0e474d04acb6?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1811827d-88ae-45e0-a41e-d15fd0adf44a": { "id": "1811827d-88ae-45e0-a41e-d15fd0adf44a", "title": "WooCommerce Payments <= 5.9.0 - Missing Authorization via redirect_pay_for_order_to_update_payment_method", "software": [ { "type": "plugin", "name": "WooPayments: Integrated WooCommerce Payments", "slug": "woocommerce-payments", "affected_versions": { "* - 5.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1811827d-88ae-45e0-a41e-d15fd0adf44a?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1813aaca-3d5a-4650-8a8d-6b54311670f4": { "id": "1813aaca-3d5a-4650-8a8d-6b54311670f4", "title": "Active Products Tables for WooCommerce <= 1.0.6.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Active Products Tables for WooCommerce. Use constructor to create tables\u00a0", "slug": "profit-products-tables-for-woocommerce", "affected_versions": { "* - 1.0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1813aaca-3d5a-4650-8a8d-6b54311670f4?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "181403fe-42be-4136-8ff5-5ef40904124b": { "id": "181403fe-42be-4136-8ff5-5ef40904124b", "title": "WP Directory Kit <= 1.3.6 - Authenticated (Admin+) HTML Injection", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/181403fe-42be-4136-8ff5-5ef40904124b?source=api-scan" ], "published": "2024-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1814537d-8307-4d1f-86c8-801519172be5": { "id": "1814537d-8307-4d1f-86c8-801519172be5", "title": "uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1814537d-8307-4d1f-86c8-801519172be5?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1814ad55-0807-4def-b584-6dbbc5d6eb72": { "id": "1814ad55-0807-4def-b584-6dbbc5d6eb72", "title": "rtMedia for WordPress, BuddyPress and bbPress < 3.7.19 - Local File Inclusion", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "* - 3.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1814ad55-0807-4def-b584-6dbbc5d6eb72?source=api-scan" ], "published": "2014-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1814d2ad-73b1-4440-9cd6-7c5c569c4fb2": { "id": "1814d2ad-73b1-4440-9cd6-7c5c569c4fb2", "title": "Contact Form 7 <= 5.0.3 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Contact Form 7", "slug": "contact-form-7", "affected_versions": { "[*, 5.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1814d2ad-73b1-4440-9cd6-7c5c569c4fb2?source=api-scan" ], "published": "2018-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1816a385-0b50-4f0d-848c-f583c247c8fc": { "id": "1816a385-0b50-4f0d-848c-f583c247c8fc", "title": "MapSVG <= 6.2.19 - SQL Injection", "software": [ { "type": "plugin", "name": "MapSVG", "slug": "mapsvg", "affected_versions": { "[*, 6.2.20)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1816a385-0b50-4f0d-848c-f583c247c8fc?source=api-scan" ], "published": "2022-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "181be35c-0aec-48b0-a43b-181284cdb2e2": { "id": "181be35c-0aec-48b0-a43b-181284cdb2e2", "title": "Event Notifier <= 1.2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Notifier", "slug": "event-notifier", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/181be35c-0aec-48b0-a43b-181284cdb2e2?source=api-scan" ], "published": "2017-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "181e41d6-1599-4229-ace8-0bdb5735858f": { "id": "181e41d6-1599-4229-ace8-0bdb5735858f", "title": "Google Alert and Twitter Plugin <= 3.1.5 - Multiple Vulnerabilities", "software": [ { "type": "plugin", "name": "Google Alert and Twitter Plugin", "slug": "GoogleAlertandtwitterplugin", "affected_versions": { "3.1.5": { "from_version": "3.1.5", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/181e41d6-1599-4229-ace8-0bdb5735858f?source=api-scan" ], "published": "2013-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "181e6f3a-dbcf-44a6-b725-6325d9e56453": { "id": "181e6f3a-dbcf-44a6-b725-6325d9e56453", "title": "ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsKit Pro", "slug": "elementskit", "affected_versions": { "* - 3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/181e6f3a-dbcf-44a6-b725-6325d9e56453?source=api-scan" ], "published": "2024-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "181eb0e4-3529-4069-91b4-6f6c6ee2c786": { "id": "181eb0e4-3529-4069-91b4-6f6c6ee2c786", "title": "Users Control <= 1.0.16 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "UsersControl \u2013 Users Profile, Free or Paid Subscriptions, User Access Restriction & Members Directory", "slug": "users-control", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/181eb0e4-3529-4069-91b4-6f6c6ee2c786?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "181edcec-a57d-4516-935d-6777d2de77ae": { "id": "181edcec-a57d-4516-935d-6777d2de77ae", "title": "RSS Aggregator by Feedzy <= 4.4.2 - Missing Authorization to Arbitrary Page Creation and Publication", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/181edcec-a57d-4516-935d-6777d2de77ae?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1822fd58-0dba-4b15-9702-32e3aa4405b3": { "id": "1822fd58-0dba-4b15-9702-32e3aa4405b3", "title": "ElementsKit Elementor addons <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1822fd58-0dba-4b15-9702-32e3aa4405b3?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "182370f5-0f56-4757-8276-1399606c1a2d": { "id": "182370f5-0f56-4757-8276-1399606c1a2d", "title": "WP-Table <= 1.43 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WP-Table", "slug": "wp-table", "affected_versions": { "* - 1.43": { "from_version": "*", "from_inclusive": true, "to_version": "1.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/182370f5-0f56-4757-8276-1399606c1a2d?source=api-scan" ], "published": "2007-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1829b4b7-5042-4972-ad05-e9a7adbf3026": { "id": "1829b4b7-5042-4972-ad05-e9a7adbf3026", "title": "Simple Ads Manager < 2.7.97 - Multiple SQL Injections", "software": [ { "type": "plugin", "name": "Simple Ads Manager", "slug": "simple-ads-manager", "affected_versions": { "[*, 2.7.97)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.97", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1829b4b7-5042-4972-ad05-e9a7adbf3026?source=api-scan" ], "published": "2015-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1832b11a-0706-438a-9a25-d384ac49d2bf": { "id": "1832b11a-0706-438a-9a25-d384ac49d2bf", "title": "Flat Preloader < 1.5.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flat Preloader", "slug": "flat-preloader", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1832b11a-0706-438a-9a25-d384ac49d2bf?source=api-scan" ], "published": "2021-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1833720c-e714-4ec5-9ebb-24a4612195d6": { "id": "1833720c-e714-4ec5-9ebb-24a4612195d6", "title": "Work The Flow <= 2.3.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Work The Flow File Upload", "slug": "work-the-flow-file-upload", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1833720c-e714-4ec5-9ebb-24a4612195d6?source=api-scan" ], "published": "2014-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18368ad4-4c35-4b08-8297-2ebdf1bb6e46": { "id": "18368ad4-4c35-4b08-8297-2ebdf1bb6e46", "title": "Ezoic <= 2.8.8 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ezoic", "slug": "ezoic-integration", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18368ad4-4c35-4b08-8297-2ebdf1bb6e46?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18455e08-6593-4835-bd72-beb04bda2930": { "id": "18455e08-6593-4835-bd72-beb04bda2930", "title": "Responsive Gallery Grid <= 2.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Gallery Grid", "slug": "responsive-gallery-grid", "affected_versions": { "* - 2.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18455e08-6593-4835-bd72-beb04bda2930?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18458883-6cca-46d1-8437-4e646f4eafda": { "id": "18458883-6cca-46d1-8437-4e646f4eafda", "title": "Quiz and Survey Master <= 7.0.0 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "[*, 7.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18458883-6cca-46d1-8437-4e646f4eafda?source=api-scan" ], "published": "2020-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5": { "id": "18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5", "title": "5280 Bootstrap Modal Contact Form <= 1.0 - Cross-Site Request Forgery to Bulk Delete Messages", "software": [ { "type": "plugin", "name": "5280 Bootstrap Modal Contact Form", "slug": "5280-bootstrap-modal-contact-form", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "184885b0-66cd-433d-bfea-d7e8bbb02731": { "id": "184885b0-66cd-433d-bfea-d7e8bbb02731", "title": "Simple Download Monitor <= 3.9.5 - Contributor+ Arbitrary Thumbnail Removal", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "[*, 3.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/184885b0-66cd-433d-bfea-d7e8bbb02731?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18498171-7db1-4ebb-8fe0-a66d9343cb46": { "id": "18498171-7db1-4ebb-8fe0-a66d9343cb46", "title": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education <= 3.3.23 - Unauthenticated Limited Privilege Escalation to Instructor", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.3.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18498171-7db1-4ebb-8fe0-a66d9343cb46?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "184b9ae4-945a-4602-99da-679ff9db3029": { "id": "184b9ae4-945a-4602-99da-679ff9db3029", "title": "RegistrationMagic <= 6.0.1.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 6.0.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/184b9ae4-945a-4602-99da-679ff9db3029?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "184c07ad-e0d9-47c9-9582-828947cc97f9": { "id": "184c07ad-e0d9-47c9-9582-828947cc97f9", "title": "WP STAGING \u2013 Backup Duplicator & Migration <= 2.9.17 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "slug": "wp-staging", "affected_versions": { "* - 2.9.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/184c07ad-e0d9-47c9-9582-828947cc97f9?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "184ee992-1479-4528-9ff7-036affaecdbb": { "id": "184ee992-1479-4528-9ff7-036affaecdbb", "title": "WP Mega Menu <= 1.3.6 - Unauthenticated Settings Update to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Mega Menu", "slug": "wp-megamenu", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/184ee992-1479-4528-9ff7-036affaecdbb?source=api-scan" ], "published": "2020-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18530601-a294-448c-a1b2-c3995f9042ac": { "id": "18530601-a294-448c-a1b2-c3995f9042ac", "title": "Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification", "software": [ { "type": "plugin", "name": "Interactive Image Map Plugin \u2013 Draw Attention", "slug": "draw-attention", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18530601-a294-448c-a1b2-c3995f9042ac?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18531eed-3150-424c-970c-5975afe7546a": { "id": "18531eed-3150-424c-970c-5975afe7546a", "title": "Display Custom Post <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Display Custom Post", "slug": "display-custom-post", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18531eed-3150-424c-970c-5975afe7546a?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18557f4a-05b2-4cb4-afef-19c5c63c37a4": { "id": "18557f4a-05b2-4cb4-afef-19c5c63c37a4", "title": "LB Mixed Slideshow for WordPress <= 1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "LB Mixed Slideshow for WordPress", "slug": "lb-mixed-slideshow", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18557f4a-05b2-4cb4-afef-19c5c63c37a4?source=api-scan" ], "published": "2012-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18592ba2-cacb-461d-bacd-bc8f44a6126f": { "id": "18592ba2-cacb-461d-bacd-bc8f44a6126f", "title": "leenk.me <= 2.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "leenk.me", "slug": "leenkme", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18592ba2-cacb-461d-bacd-bc8f44a6126f?source=api-scan" ], "published": "2016-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "185c9962-aa4a-4049-acdb-3f439c420c5a": { "id": "185c9962-aa4a-4049-acdb-3f439c420c5a", "title": "Photo Gallery by Supsystic <= 1.15.16 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by Supsystic", "slug": "gallery-by-supsystic", "affected_versions": { "* - 1.15.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/185c9962-aa4a-4049-acdb-3f439c420c5a?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "185d692c-bc67-44de-82c7-bcbe454dc178": { "id": "185d692c-bc67-44de-82c7-bcbe454dc178", "title": "Contact Form 7 Campaign Monitor Extension <= 0.4.67 - Missing Authorization to Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Contact Form 7 Campaign Monitor Extension", "slug": "contact-form-7-campaign-monitor-extension", "affected_versions": { "* - 0.4.67": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.67", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/185d692c-bc67-44de-82c7-bcbe454dc178?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "185f9dc4-39e6-422a-97e2-7e8814ccf64a": { "id": "185f9dc4-39e6-422a-97e2-7e8814ccf64a", "title": "Real Estate 7 <= 3.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Real Estate 7 WordPress", "slug": "realestate-7", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/185f9dc4-39e6-422a-97e2-7e8814ccf64a?source=api-scan" ], "published": "2020-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "186180ed-321f-4618-8828-65b93fa054a4": { "id": "186180ed-321f-4618-8828-65b93fa054a4", "title": "Theme Demo Import <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Theme Demo Import", "slug": "theme-demo-import", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/186180ed-321f-4618-8828-65b93fa054a4?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1861d943-ac58-4a44-ab50-e39101e82013": { "id": "1861d943-ac58-4a44-ab50-e39101e82013", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.12.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1861d943-ac58-4a44-ab50-e39101e82013?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1862242a-9a00-4e6b-94a2-5599200f1040": { "id": "1862242a-9a00-4e6b-94a2-5599200f1040", "title": "WP MultiTasking <= 0.1.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP MultiTasking \u2013 WP Utilities", "slug": "wp-multitasking", "affected_versions": { "* - 0.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1862242a-9a00-4e6b-94a2-5599200f1040?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18643abb-171c-43d9-ad62-3414679eb402": { "id": "18643abb-171c-43d9-ad62-3414679eb402", "title": "WordPress Plugin Tournamatch < 4.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tournamatch", "slug": "tournamatch", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18643abb-171c-43d9-ad62-3414679eb402?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "186517cd-e444-457a-9e10-583f41595511": { "id": "186517cd-e444-457a-9e10-583f41595511", "title": "Easy Digital Downloads \u2013 Upload File <= 1.0.4 - Arbitrary File Upload\/Deletion", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Upload File", "slug": "edd-upload-file", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/186517cd-e444-457a-9e10-583f41595511?source=api-scan" ], "published": "2015-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1867be0d-c91a-47a4-a5f2-4948749cfeaf": { "id": "1867be0d-c91a-47a4-a5f2-4948749cfeaf", "title": "Participants Database <= 2.5.9.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "* - 2.5.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1867be0d-c91a-47a4-a5f2-4948749cfeaf?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "186e4147-4cb4-4337-9c3c-d47589b06b20": { "id": "186e4147-4cb4-4337-9c3c-d47589b06b20", "title": "Hide Dashboard Notifications <= 1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hide Dashboard Notifications", "slug": "wp-hide-backed-notices", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/186e4147-4cb4-4337-9c3c-d47589b06b20?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1877f94c-3761-4af2-b093-cd2a4e60d63b": { "id": "1877f94c-3761-4af2-b093-cd2a4e60d63b", "title": "Conversion Ninja (Unspecified Version) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Conversion Ninja", "slug": "conversionninja", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1877f94c-3761-4af2-b093-cd2a4e60d63b?source=api-scan" ], "published": "2014-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1878f40e-18f4-448c-bf70-61b4eed1c0ff": { "id": "1878f40e-18f4-448c-bf70-61b4eed1c0ff", "title": "Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Admin Management Xtended", "slug": "admin-management-xtended", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1878f40e-18f4-448c-bf70-61b4eed1c0ff?source=api-scan" ], "published": "2022-05-27 12:53:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "187df8e0-80f0-4805-823b-80627b76db2a": { "id": "187df8e0-80f0-4805-823b-80627b76db2a", "title": "Facebook Survey Pro <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Facebook Survey Pro", "slug": "fbsurveypro", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/187df8e0-80f0-4805-823b-80627b76db2a?source=api-scan" ], "published": "2012-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1882bb92-8e4e-484f-bded-05802de9a64e": { "id": "1882bb92-8e4e-484f-bded-05802de9a64e", "title": "Wp EMember < 10.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "[*, 10.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "10.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "10.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1882bb92-8e4e-484f-bded-05802de9a64e?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "188b6da2-1d4f-44af-82e1-a642170bcb36": { "id": "188b6da2-1d4f-44af-82e1-a642170bcb36", "title": "WP Domain Redirect <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Domain Redirect", "slug": "wp-domain-redirect", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/188b6da2-1d4f-44af-82e1-a642170bcb36?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "188c4417-962a-4b28-b215-1c567b39ba7a": { "id": "188c4417-962a-4b28-b215-1c567b39ba7a", "title": "Nexter Extension <= 2.0.3 - Authenticated(Editor+) Remote Code Execution via metabox", "software": [ { "type": "plugin", "name": "Nexter Extension", "slug": "nexter-extension", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/188c4417-962a-4b28-b215-1c567b39ba7a?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "189430b2-cf7f-46e3-b5b0-c9515b64e731": { "id": "189430b2-cf7f-46e3-b5b0-c9515b64e731", "title": "OnePress Social Locker <= 5.6.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "OnePress Social Locker", "slug": "social-locker", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/189430b2-cf7f-46e3-b5b0-c9515b64e731?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1899e5ec-ad87-4182-81b6-3b777d117e93": { "id": "1899e5ec-ad87-4182-81b6-3b777d117e93", "title": "All In One WP Security & Firewall <= 3.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 3.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1899e5ec-ad87-4182-81b6-3b777d117e93?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "189d22e0-c16a-48ab-a278-a132cd1057b6": { "id": "189d22e0-c16a-48ab-a278-a132cd1057b6", "title": "Huge-IT gallery-images <= 1.8.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Image Gallery - Responsive Photo Gallery", "slug": "gallery-images", "affected_versions": { "* - 1.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/189d22e0-c16a-48ab-a278-a132cd1057b6?source=api-scan" ], "published": "2016-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18a0b8f2-4512-46a5-92a6-66d375c986dd": { "id": "18a0b8f2-4512-46a5-92a6-66d375c986dd", "title": "Upload Media By URL <= 1.0.7 - Cross-Site Request Forgery via 'umbu_download'", "software": [ { "type": "plugin", "name": "Upload Media By URL", "slug": "upload-media-by-url", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18a0b8f2-4512-46a5-92a6-66d375c986dd?source=api-scan" ], "published": "2023-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18a37063-31aa-4b1f-b1a5-1ea921a20686": { "id": "18a37063-31aa-4b1f-b1a5-1ea921a20686", "title": "Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Redux Framework", "slug": "redux-framework", "affected_versions": { "4.4.12 - 4.4.17": { "from_version": "4.4.12", "from_inclusive": true, "to_version": "4.4.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18a37063-31aa-4b1f-b1a5-1ea921a20686?source=api-scan" ], "published": "2024-07-22 12:05:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18a41bef-feed-4096-a1f4-9c99caac6ce9": { "id": "18a41bef-feed-4096-a1f4-9c99caac6ce9", "title": "Redirection <= 1.1.4 - Cross-Site Request Forgery to Plugin Reset", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18a41bef-feed-4096-a1f4-9c99caac6ce9?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18a58071-b394-4dc0-9759-6373a5f22f47": { "id": "18a58071-b394-4dc0-9759-6373a5f22f47", "title": "ElementInvader Addons for Elementor <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementInvader Addons for Elementor", "slug": "elementinvader-addons-for-elementor", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18a58071-b394-4dc0-9759-6373a5f22f47?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18a9953c-e3a0-46ee-9a53-984c411ce408": { "id": "18a9953c-e3a0-46ee-9a53-984c411ce408", "title": "DX-Watermark <= 1.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DX-Watermark", "slug": "dx-watermark", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18a9953c-e3a0-46ee-9a53-984c411ce408?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18aa817d-80e0-4c6f-852f-c8a91c9507c4": { "id": "18aa817d-80e0-4c6f-852f-c8a91c9507c4", "title": "Slideshow Gallery <= 1.5.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "[*, 1.5.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18aa817d-80e0-4c6f-852f-c8a91c9507c4?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18acd104-a5a5-4811-9aea-abc227a1712c": { "id": "18acd104-a5a5-4811-9aea-abc227a1712c", "title": "Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer", "software": [ { "type": "plugin", "name": "Basic Log Viewer", "slug": "wpsimpletools-log-viewer", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18acd104-a5a5-4811-9aea-abc227a1712c?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18afd787-2b1f-452c-90d8-75e0df9322fa": { "id": "18afd787-2b1f-452c-90d8-75e0df9322fa", "title": "WP Super Cache <= 1.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "[*, 1.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18afd787-2b1f-452c-90d8-75e0df9322fa?source=api-scan" ], "published": "2021-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18b2d99a-f55c-4a05-8442-e1fddd59181f": { "id": "18b2d99a-f55c-4a05-8442-e1fddd59181f", "title": "Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.24": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18b2d99a-f55c-4a05-8442-e1fddd59181f?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18b5777c-d176-4214-81ac-b92188704196": { "id": "18b5777c-d176-4214-81ac-b92188704196", "title": "ElegantThemes <= 1.2.3 - Privilege Escalation", "software": [ { "type": "theme", "name": "Divi Extra", "slug": "extra", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18b5777c-d176-4214-81ac-b92188704196?source=api-scan" ], "published": "2016-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18c0ecc5-b3e2-4ac0-b901-dae397e2d57c": { "id": "18c0ecc5-b3e2-4ac0-b901-dae397e2d57c", "title": "Simple Popup Images <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple PopUp", "slug": "simple-popup", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18c0ecc5-b3e2-4ac0-b901-dae397e2d57c?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18cbf346-91a3-4856-930e-7753eb1470d9": { "id": "18cbf346-91a3-4856-930e-7753eb1470d9", "title": "Chart Builder <= 1.9.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chartify \u2013 WordPress Chart Plugin", "slug": "chart-builder", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18cbf346-91a3-4856-930e-7753eb1470d9?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18d1ba80-ddf6-4076-bc78-78647b964bcf": { "id": "18d1ba80-ddf6-4076-bc78-78647b964bcf", "title": "CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "CataBlog", "slug": "catablog", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18d1ba80-ddf6-4076-bc78-78647b964bcf?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18d1feee-347c-4f43-a01b-67b3d0a5b2d6": { "id": "18d1feee-347c-4f43-a01b-67b3d0a5b2d6", "title": "Product Customizer Light <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Product Customizer Light", "slug": "product-customizer-light", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18d1feee-347c-4f43-a01b-67b3d0a5b2d6?source=api-scan" ], "published": "2024-10-17 15:48:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18d33d68-9719-4e74-a594-bc4add38ceee": { "id": "18d33d68-9719-4e74-a594-bc4add38ceee", "title": "Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'page'", "software": [ { "type": "plugin", "name": "Product Catalog Feed by PixelYourSite", "slug": "product-catalog-feed", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18d33d68-9719-4e74-a594-bc4add38ceee?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18dacb4b-7eb7-4de2-b889-e36c11ad4a04": { "id": "18dacb4b-7eb7-4de2-b889-e36c11ad4a04", "title": "Nexos - Real Estate <= 1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Nexos - Real Estate WordPress Theme", "slug": "nexos", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18dacb4b-7eb7-4de2-b889-e36c11ad4a04?source=api-scan" ], "published": "2020-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18dd1b86-3206-4cd7-a20b-33240c139aa5": { "id": "18dd1b86-3206-4cd7-a20b-33240c139aa5", "title": "MailChimp Forms by MailMunch <= 3.1.4 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "MailChimp Forms by MailMunch", "slug": "mailchimp-forms-by-mailmunch", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18dd1b86-3206-4cd7-a20b-33240c139aa5?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18e0140e-ac24-48c6-aea0-bb0da203a817": { "id": "18e0140e-ac24-48c6-aea0-bb0da203a817", "title": "String Locator <= 2.6.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "String locator", "slug": "string-locator", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18e0140e-ac24-48c6-aea0-bb0da203a817?source=api-scan" ], "published": "2024-08-23 13:40:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18e24a2e-cbc6-4285-b846-bea513b6ff69": { "id": "18e24a2e-cbc6-4285-b846-bea513b6ff69", "title": "TeraWallet \u2013 Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.4.10 - Missing Authorization to Authenticated (Subscriber+) User Email Export", "software": [ { "type": "plugin", "name": "Wallet for WooCommerce", "slug": "woo-wallet", "affected_versions": { "* - 1.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18e24a2e-cbc6-4285-b846-bea513b6ff69?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18e2e0e5-495f-4f55-b7d8-94193fc2ad12": { "id": "18e2e0e5-495f-4f55-b7d8-94193fc2ad12", "title": "Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18e2e0e5-495f-4f55-b7d8-94193fc2ad12?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18e51b35-90fa-4ea0-95f9-644ab864b406": { "id": "18e51b35-90fa-4ea0-95f9-644ab864b406", "title": "WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent < 2.14.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Real Cookie Banner: GDPR & ePrivacy Cookie Consent", "slug": "real-cookie-banner", "affected_versions": { "[*, 2.14.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.14.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18e51b35-90fa-4ea0-95f9-644ab864b406?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18e562fb-9035-4f2d-a2d3-9a74ff1e4e32": { "id": "18e562fb-9035-4f2d-a2d3-9a74ff1e4e32", "title": "Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Ketchup Restaurant Reservations", "slug": "ketchup-restaurant-reservations", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18e562fb-9035-4f2d-a2d3-9a74ff1e4e32?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18e8f72b-daa0-4a9f-a67b-d9be9a0862d2": { "id": "18e8f72b-daa0-4a9f-a67b-d9be9a0862d2", "title": "Dokan <= 3.6.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Dokan \u2013 Powerful WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy", "slug": "dokan-lite", "affected_versions": { "* - 3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18e8f72b-daa0-4a9f-a67b-d9be9a0862d2?source=api-scan" ], "published": "2022-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18eb8b2a-8e08-4f78-9501-927c025ea574": { "id": "18eb8b2a-8e08-4f78-9501-927c025ea574", "title": "Mesmerize <= 1.6.120 - Cross-Site Request Forgery to Cache Clearing", "software": [ { "type": "theme", "name": "Mesmerize", "slug": "mesmerize", "affected_versions": { "* - 1.6.120": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.120", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.124" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18eb8b2a-8e08-4f78-9501-927c025ea574?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18f04566-3a63-41f3-aa9b-766304d56499": { "id": "18f04566-3a63-41f3-aa9b-766304d56499", "title": "TH Side Cart and Menu Cart for Woocommerce <= 1.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Cart & Floating Cart", "slug": "th-all-in-one-woo-cart", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18f04566-3a63-41f3-aa9b-766304d56499?source=api-scan" ], "published": "2023-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18f0d0fd-3d1a-4e93-8e06-9cae7d64faf7": { "id": "18f0d0fd-3d1a-4e93-8e06-9cae7d64faf7", "title": "Plugin Notes Plus <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plugin Notes Plus", "slug": "plugin-notes-plus", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18f0d0fd-3d1a-4e93-8e06-9cae7d64faf7?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18f16148-b4a8-4f89-af0d-c0baba8f9ccf": { "id": "18f16148-b4a8-4f89-af0d-c0baba8f9ccf", "title": "PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18f16148-b4a8-4f89-af0d-c0baba8f9ccf?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18fd631d-9e9b-46ee-953f-61ad3458e1dd": { "id": "18fd631d-9e9b-46ee-953f-61ad3458e1dd", "title": "MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18fd631d-9e9b-46ee-953f-61ad3458e1dd?source=api-scan" ], "published": "2022-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18fe9769-3681-4a5e-866a-640b4cc76199": { "id": "18fe9769-3681-4a5e-866a-640b4cc76199", "title": "Simple Membership <= 4.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "[*, 4.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18fe9769-3681-4a5e-866a-640b4cc76199?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "18ff2556-9e20-42f6-a8fb-b81473c42576": { "id": "18ff2556-9e20-42f6-a8fb-b81473c42576", "title": "Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Auto Featured Image (Auto Post Thumbnail)", "slug": "auto-post-thumbnail", "affected_versions": { "* - 3.9.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/18ff2556-9e20-42f6-a8fb-b81473c42576?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1900941d-cbb6-4384-977e-6c40f65b2789": { "id": "1900941d-cbb6-4384-977e-6c40f65b2789", "title": "My Private Site <= 3.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "My Private Site", "slug": "jonradio-private-site", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1900941d-cbb6-4384-977e-6c40f65b2789?source=api-scan" ], "published": "2022-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "190106bd-05ac-4a8f-b7a5-a042092a5713": { "id": "190106bd-05ac-4a8f-b7a5-a042092a5713", "title": "WP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Forum Server", "slug": "forum-server", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/190106bd-05ac-4a8f-b7a5-a042092a5713?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1903354e-f53a-4005-b93b-c91d268f7a5d": { "id": "1903354e-f53a-4005-b93b-c91d268f7a5d", "title": "Pro Quoter Plugin <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "proquoter", "slug": "proquoter", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1903354e-f53a-4005-b93b-c91d268f7a5d?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1903527e-d7d9-48a0-b59d-65ec5e14def2": { "id": "1903527e-d7d9-48a0-b59d-65ec5e14def2", "title": "Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL", "software": [ { "type": "plugin", "name": "Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin", "slug": "bdthemes-element-pack", "affected_versions": { "* - 7.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1903527e-d7d9-48a0-b59d-65ec5e14def2?source=api-scan" ], "published": "2024-07-31 16:46:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19062e84-7ce5-400e-a404-2bb4286cc09e": { "id": "19062e84-7ce5-400e-a404-2bb4286cc09e", "title": "miniOrange Discord Integration <= 2.1.5 - Missing Authorization to Plugin Options Update", "software": [ { "type": "plugin", "name": "miniOrange Discord Integration", "slug": "miniorange-discord-integration", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19062e84-7ce5-400e-a404-2bb4286cc09e?source=api-scan" ], "published": "2022-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19071f16-fa14-447c-ac71-73e1b4c783e1": { "id": "19071f16-fa14-447c-ac71-73e1b4c783e1", "title": "12 Step Meeting List <= 3.14.33 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "12 Step Meeting List", "slug": "12-step-meeting-list", "affected_versions": { "* - 3.14.33": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19071f16-fa14-447c-ac71-73e1b4c783e1?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "190edd82-840d-4468-8f5a-127cce049336": { "id": "190edd82-840d-4468-8f5a-127cce049336", "title": "YITH Request a Quote for WooCommerce <= 1.6.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "YITH Request a Quote for WooCommerce", "slug": "yith-woocommerce-request-a-quote", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/190edd82-840d-4468-8f5a-127cce049336?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "191759f5-8801-4483-933c-77811b63eb4f": { "id": "191759f5-8801-4483-933c-77811b63eb4f", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/191759f5-8801-4483-933c-77811b63eb4f?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1917eabd-0ba2-4878-87ea-8c0c9c00b6f5": { "id": "1917eabd-0ba2-4878-87ea-8c0c9c00b6f5", "title": "Shortcode For Current Date <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcode for Current Date", "slug": "shortcode-for-current-date", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1917eabd-0ba2-4878-87ea-8c0c9c00b6f5?source=api-scan" ], "published": "2022-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "191c3c86-0704-4d3c-b7ba-22cefbdc65f1": { "id": "191c3c86-0704-4d3c-b7ba-22cefbdc65f1", "title": "WishList Member X <= 3.25.1 - Unauthenticated Arbitrary SQL Execution", "software": [ { "type": "plugin", "name": "Wishlist Member", "slug": "wishlist-member-x", "affected_versions": { "* - 3.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.25.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/191c3c86-0704-4d3c-b7ba-22cefbdc65f1?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "191d5bcc-70d8-430b-9215-00ffdc04be87": { "id": "191d5bcc-70d8-430b-9215-00ffdc04be87", "title": "JSM file_get_contents() Shortcode <= 2.7.0 - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode", "software": [ { "type": "plugin", "name": "JSM file_get_contents() Shortcode", "slug": "wp-file-get-contents", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/191d5bcc-70d8-430b-9215-00ffdc04be87?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19202eb5-9a04-4484-8ca2-746610c31fe6": { "id": "19202eb5-9a04-4484-8ca2-746610c31fe6", "title": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation", "slug": "menu-ordering-reservations", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19202eb5-9a04-4484-8ca2-746610c31fe6?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1921dcf9-d23b-4566-a0e5-9e9d5875ef82": { "id": "1921dcf9-d23b-4566-a0e5-9e9d5875ef82", "title": "Carousel Anything For WPBakery Page Builder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Carousel Anything For WPBakery Page Builder \u2013 Touch Slider and Carousel", "slug": "carousel-anything", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1921dcf9-d23b-4566-a0e5-9e9d5875ef82?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "192335c4-b244-4308-bd3a-cf96c1461309": { "id": "192335c4-b244-4308-bd3a-cf96c1461309", "title": "Multi Step Form <= 1.7.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multi Step Form", "slug": "multi-step-form", "affected_versions": { "* - 1.7.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/192335c4-b244-4308-bd3a-cf96c1461309?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "192728d1-786d-41eb-9133-ad8517052478": { "id": "192728d1-786d-41eb-9133-ad8517052478", "title": "ALD - AliExpress Dropshipping and Fulfillment for WooCommerce Premium <= 1.1.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "ALD - AliExpress Dropshipping and Fulfillment for WooCommerce Premium", "slug": "woocommerce-alidropship", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/192728d1-786d-41eb-9133-ad8517052478?source=api-scan" ], "published": "2022-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19276873-0626-4ad7-a198-ed3312effbee": { "id": "19276873-0626-4ad7-a198-ed3312effbee", "title": "Stockholm Core <= 2.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stockholm Core", "slug": "stockholm-core", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19276873-0626-4ad7-a198-ed3312effbee?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19286e18-f30d-40e8-80fa-cd1b4d065f80": { "id": "19286e18-f30d-40e8-80fa-cd1b4d065f80", "title": "WooCommerce PDF Vouchers <= 4.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce - PDF Vouchers", "slug": "woocommerce-pdf-vouchers", "affected_versions": { "* - 4.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19286e18-f30d-40e8-80fa-cd1b4d065f80?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1928f8e4-8bbe-4a3f-8284-aa12ca2f5176": { "id": "1928f8e4-8bbe-4a3f-8284-aa12ca2f5176", "title": "File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=api-scan" ], "published": "2024-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "192b5920-5405-49b8-8224-3afb36f3f816": { "id": "192b5920-5405-49b8-8224-3afb36f3f816", "title": "Show-Hide \/ Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Show-Hide \/ Collapse-Expand", "slug": "show-hidecollapse-expand", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/192b5920-5405-49b8-8224-3afb36f3f816?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "193eeb92-f0af-4c6a-ac44-3166023a3006": { "id": "193eeb92-f0af-4c6a-ac44-3166023a3006", "title": "Formula <= 0.5.1 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugins", "software": [ { "type": "theme", "name": "Formula", "slug": "formula", "affected_versions": { "* - 0.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/193eeb92-f0af-4c6a-ac44-3166023a3006?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19418da4-bef4-4cbc-901c-f2aeee39b3cf": { "id": "19418da4-bef4-4cbc-901c-f2aeee39b3cf", "title": "Ajax Search Lite <= 4.11.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ajax Search Lite", "slug": "ajax-search-lite", "affected_versions": { "* - 4.11.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.11.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.11.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19418da4-bef4-4cbc-901c-f2aeee39b3cf?source=api-scan" ], "published": "2024-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19439622-6396-4f10-ab71-aa243b6812fa": { "id": "19439622-6396-4f10-ab71-aa243b6812fa", "title": "Forminator \u2013 Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.29.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19439622-6396-4f10-ab71-aa243b6812fa?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "194f71d8-43d7-4a1f-8390-2c1efd0b0a23": { "id": "194f71d8-43d7-4a1f-8390-2c1efd0b0a23", "title": "ActiveDEMAND <= 0.2.27 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "ActiveDEMAND", "slug": "activedemand", "affected_versions": { "* - 0.2.27": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/194f71d8-43d7-4a1f-8390-2c1efd0b0a23?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "194face3-36ac-4137-af9a-0b98f60e3afb": { "id": "194face3-36ac-4137-af9a-0b98f60e3afb", "title": "Import \/ Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Import \/ Export Customizer Settings", "slug": "astra-import-export", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/194face3-36ac-4137-af9a-0b98f60e3afb?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1951ad6c-17b5-44ae-85e2-376b99df742e": { "id": "1951ad6c-17b5-44ae-85e2-376b99df742e", "title": "SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.70": { "from_version": "*", "from_inclusive": true, "to_version": "4.70", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1951ad6c-17b5-44ae-85e2-376b99df742e?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "195788de-129e-4112-bcab-a7835c8164ca": { "id": "195788de-129e-4112-bcab-a7835c8164ca", "title": "Smart Online Order for Clover <= 1.5.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/195788de-129e-4112-bcab-a7835c8164ca?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1958c166-282d-4469-b79d-4e959e0492c1": { "id": "1958c166-282d-4469-b79d-4e959e0492c1", "title": "Post Meta Data Manager <= 1.2.0 - Missing Authorization to Post, Term, and User Meta Deletion", "software": [ { "type": "plugin", "name": "Post Meta Data Manager", "slug": "post-meta-data-manager", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1958c166-282d-4469-b79d-4e959e0492c1?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "196cbc3f-b794-49e2-8769-b5277c2b8f76": { "id": "196cbc3f-b794-49e2-8769-b5277c2b8f76", "title": "Ibtana \u2013 WordPress Website Builder <= 1.1.4.7 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ibtana \u2013 WordPress Website Builder", "slug": "ibtana-visual-editor", "affected_versions": { "[*, 1.1.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/196cbc3f-b794-49e2-8769-b5277c2b8f76?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1972c2f5-636e-4891-a0fb-e80207787e43": { "id": "1972c2f5-636e-4891-a0fb-e80207787e43", "title": "IdeaPush <= 8.69 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "IdeaPush", "slug": "ideapush", "affected_versions": { "* - 8.69": { "from_version": "*", "from_inclusive": true, "to_version": "8.69", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1972c2f5-636e-4891-a0fb-e80207787e43?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19796773-3d5f-458d-aab1-743b6835c71b": { "id": "19796773-3d5f-458d-aab1-743b6835c71b", "title": "CMS Tree Page View <= 1.6.7 - Reflected Cross-Site Scripting via 'post_type'", "software": [ { "type": "plugin", "name": "CMS Tree Page View", "slug": "cms-tree-page-view", "affected_versions": { "[*, 1.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19796773-3d5f-458d-aab1-743b6835c71b?source=api-scan" ], "published": "2023-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "197efd6a-b0f4-459d-b7e5-f8ff5b5e3003": { "id": "197efd6a-b0f4-459d-b7e5-f8ff5b5e3003", "title": "MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion", "software": [ { "type": "plugin", "name": "Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber \u2013 MailOptin", "slug": "mailoptin", "affected_versions": { "* - 1.2.49.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.49.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.50.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/197efd6a-b0f4-459d-b7e5-f8ff5b5e3003?source=api-scan" ], "published": "2022-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1983cc82-c527-47d9-84ba-f903dda1b1ca": { "id": "1983cc82-c527-47d9-84ba-f903dda1b1ca", "title": "WP Guppy < 1.3 - Information Disclosure", "software": [ { "type": "plugin", "name": "WP Guppy", "slug": "wp-guppy", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1983cc82-c527-47d9-84ba-f903dda1b1ca?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "198a24e6-af98-42ed-bf58-73b7ec99838b": { "id": "198a24e6-af98-42ed-bf58-73b7ec99838b", "title": "Portfolio Plugin <= 2.04 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Portfolio Plugin", "slug": "portfolio-by-lisa-westlund", "affected_versions": { "* - 2.04": { "from_version": "*", "from_inclusive": true, "to_version": "2.04", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/198a24e6-af98-42ed-bf58-73b7ec99838b?source=api-scan" ], "published": "2012-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "198ad1bf-7ce1-4367-bef7-1f58113c0719": { "id": "198ad1bf-7ce1-4367-bef7-1f58113c0719", "title": "Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection", "software": [ { "type": "plugin", "name": "Media Library Folders", "slug": "media-library-plus", "affected_versions": { "* - 8.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/198ad1bf-7ce1-4367-bef7-1f58113c0719?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "198cb3bb-73fe-45ae-b8e0-b7ee8dda9547": { "id": "198cb3bb-73fe-45ae-b8e0-b7ee8dda9547", "title": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "198e8f56-5354-4e5d-af51-54e95d34e25c": { "id": "198e8f56-5354-4e5d-af51-54e95d34e25c", "title": "Recently <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recently", "slug": "recently", "affected_versions": { "[*, 3.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/198e8f56-5354-4e5d-af51-54e95d34e25c?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19958187-7eb1-479e-bd36-d40974ae65ca": { "id": "19958187-7eb1-479e-bd36-d40974ae65ca", "title": "Block IPs for Gravity Forms <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Block IPs for Gravity Forms", "slug": "gf-block-ips", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19958187-7eb1-479e-bd36-d40974ae65ca?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19983f79-b439-4bb0-8f29-8312f1ff9791": { "id": "19983f79-b439-4bb0-8f29-8312f1ff9791", "title": "gAppointments - Appointment booking addon for Gravity Forms <= 1.9.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "gAppointments - Appointment booking addon for Gravity Forms", "slug": "gAppointments", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19983f79-b439-4bb0-8f29-8312f1ff9791?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1998cadb-2eb3-4819-aa7c-59e4f777c7f8": { "id": "1998cadb-2eb3-4819-aa7c-59e4f777c7f8", "title": "Stop Spammers Security | Block Spam Users, Comments, Forms <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process", "software": [ { "type": "plugin", "name": "Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms", "slug": "stop-spammer-registrations-plugin", "affected_versions": { "* - 2024.4": { "from_version": "*", "from_inclusive": true, "to_version": "2024.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2024.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1998cadb-2eb3-4819-aa7c-59e4f777c7f8?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "199a280f-a629-44f5-8ebe-399d86b5e0f1": { "id": "199a280f-a629-44f5-8ebe-399d86b5e0f1", "title": "Social Media Widget by Acurax < 2.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Widget by Acurax", "slug": "acurax-social-media-widget", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/199a280f-a629-44f5-8ebe-399d86b5e0f1?source=api-scan" ], "published": "2015-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "199d3a1f-bfde-4081-bb68-ebb6f9d360b2": { "id": "199d3a1f-bfde-4081-bb68-ebb6f9d360b2", "title": "tagDiv Composer < 4.4 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "[*, 4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/199d3a1f-bfde-4081-bb68-ebb6f9d360b2?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19a5a9f3-637c-42af-9775-5651a14cf516": { "id": "19a5a9f3-637c-42af-9775-5651a14cf516", "title": "WPFront Notification Bar <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class]", "software": [ { "type": "plugin", "name": "WPFront Notification Bar", "slug": "wpfront-notification-bar", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19a5a9f3-637c-42af-9775-5651a14cf516?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19a70aa0-7075-4922-8feb-25b7fbe9da42": { "id": "19a70aa0-7075-4922-8feb-25b7fbe9da42", "title": "Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Auto Location for WP Job Manager", "slug": "auto-location-for-wp-job-manager", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19a70aa0-7075-4922-8feb-25b7fbe9da42?source=api-scan" ], "published": "2023-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19b21013-136a-41b0-a667-39f23ccedf2e": { "id": "19b21013-136a-41b0-a667-39f23ccedf2e", "title": "Contact Form to DB <= 1.7.0 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress", "slug": "contact-form-to-db", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19b21013-136a-41b0-a667-39f23ccedf2e?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19b4a27d-d9de-4567-86cd-8ec821ee299a": { "id": "19b4a27d-d9de-4567-86cd-8ec821ee299a", "title": "Pods <= 2.4.3 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19b4a27d-d9de-4567-86cd-8ec821ee299a?source=api-scan" ], "published": "2015-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19b7cadd-b1b9-4f1d-ab30-78e0b46ad21a": { "id": "19b7cadd-b1b9-4f1d-ab30-78e0b46ad21a", "title": "Click to Chat <= 3.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Click to Chat \u2013 HoliThemes", "slug": "click-to-chat-for-whatsapp", "affected_versions": { "* - 3.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.18.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19b7cadd-b1b9-4f1d-ab30-78e0b46ad21a?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19bd105a-823d-4a85-87e1-54291274a842": { "id": "19bd105a-823d-4a85-87e1-54291274a842", "title": "Export to Text <= 2.4 - Unauthenticated Post Export", "software": [ { "type": "plugin", "name": "Export to Text", "slug": "export-to-text", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19bd105a-823d-4a85-87e1-54291274a842?source=api-scan" ], "published": "2022-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19bdbde1-1414-4113-890e-b6c96b8a6e11": { "id": "19bdbde1-1414-4113-890e-b6c96b8a6e11", "title": "DethemeKit For Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute", "software": [ { "type": "plugin", "name": "DethemeKit For Elementor", "slug": "dethemekit-for-elementor", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19bdbde1-1414-4113-890e-b6c96b8a6e11?source=api-scan" ], "published": "2024-05-30 14:31:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19bf984d-fb2b-4a7e-828c-4f75175b4c1f": { "id": "19bf984d-fb2b-4a7e-828c-4f75175b4c1f", "title": "Universal Analytics <= 1.3.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Universal Analytics", "slug": "universal-analytics", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19bf984d-fb2b-4a7e-828c-4f75175b4c1f?source=api-scan" ], "published": "2016-02-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19c2d455-ae47-49bd-9bb8-1f87b0c76c32": { "id": "19c2d455-ae47-49bd-9bb8-1f87b0c76c32", "title": "Image Hover Effects Plugin - Caption Hover with Carousel <= 2.8 - Unauthenticated Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Image Hover Effects for Elementor with Lightbox and Flipbox", "slug": "image-hover-effects-with-carousel", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19c2d455-ae47-49bd-9bb8-1f87b0c76c32?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19c370f1-322b-4c35-b100-244547373e1a": { "id": "19c370f1-322b-4c35-b100-244547373e1a", "title": "User Post Gallery - UPG <= 2.19 - Missing Authorization to Remote Command Execution", "software": [ { "type": "plugin", "name": "User Post Gallery \u2013 UPG", "slug": "wp-upg", "affected_versions": { "2.19": { "from_version": "2.19", "from_inclusive": true, "to_version": "2.19", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19c370f1-322b-4c35-b100-244547373e1a?source=api-scan" ], "published": "2022-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19c463d1-41fa-4386-b755-a14d1e68c5bd": { "id": "19c463d1-41fa-4386-b755-a14d1e68c5bd", "title": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19c463d1-41fa-4386-b755-a14d1e68c5bd?source=api-scan" ], "published": "2024-10-09 13:31:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19c88a9a-1f97-4a46-b759-9ca030d577e7": { "id": "19c88a9a-1f97-4a46-b759-9ca030d577e7", "title": "WordPress Core < 6.0.3 - Open Redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19c88a9a-1f97-4a46-b759-9ca030d577e7?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19c9cf3e-553b-4cbd-9f2c-803e188a2581": { "id": "19c9cf3e-553b-4cbd-9f2c-803e188a2581", "title": "UniConsent Cookie Consent CMP for GDPR \/ CCPA <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UniConsent CMP for IAB TCF GPP Consent Mode", "slug": "uniconsent-cmp", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19c9cf3e-553b-4cbd-9f2c-803e188a2581?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19cb39d4-f2b4-4f94-8896-ba714567e1ed": { "id": "19cb39d4-f2b4-4f94-8896-ba714567e1ed", "title": "Quiz And Survey Master <= 8.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Question Title", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19cb39d4-f2b4-4f94-8896-ba714567e1ed?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19d08a16-51c1-4255-b0e0-01307e1783ca": { "id": "19d08a16-51c1-4255-b0e0-01307e1783ca", "title": "LH Password Changer <= 1.55 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LH Password Changer", "slug": "lh-password-changer", "affected_versions": { "* - 1.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.55", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19d08a16-51c1-4255-b0e0-01307e1783ca?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19d394d8-bdc5-4cb5-b210-269197294020": { "id": "19d394d8-bdc5-4cb5-b210-269197294020", "title": "Post Grid <= 2.2.74 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.74": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.74", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19d394d8-bdc5-4cb5-b210-269197294020?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19d724f3-96fb-4834-aa56-6b8d30f0e34d": { "id": "19d724f3-96fb-4834-aa56-6b8d30f0e34d", "title": "HD Quiz <= 1.8.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HD Quiz", "slug": "hd-quiz", "affected_versions": { "[*, 1.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19d724f3-96fb-4834-aa56-6b8d30f0e34d?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19db591b-1e59-4ff7-b339-bea869083bbc": { "id": "19db591b-1e59-4ff7-b339-bea869083bbc", "title": "ReviveNews <= 1.0.2 - Missing Authorization via revivenews_install_and_activate_plugins()", "software": [ { "type": "theme", "name": "ReviveNews", "slug": "revivenews", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19db591b-1e59-4ff7-b339-bea869083bbc?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19dc0b31-9e34-493c-ab38-6cae64c75162": { "id": "19dc0b31-9e34-493c-ab38-6cae64c75162", "title": "WP Js External Link Info <= 1.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Js External Link Info", "slug": "wp-js-external-link-info", "affected_versions": { "* - 1.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19dc0b31-9e34-493c-ab38-6cae64c75162?source=api-scan" ], "published": "2014-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19dd6670-2813-4944-abcd-c26fb9b82092": { "id": "19dd6670-2813-4944-abcd-c26fb9b82092", "title": "Spam protection, AntiSpam, FireWall by CleanTalk <= 6.20 - Cross-Site Request Forgery via apbct_settings__update_account_email", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "* - 6.20": { "from_version": "*", "from_inclusive": true, "to_version": "6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19dd6670-2813-4944-abcd-c26fb9b82092?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19e6bd3b-8d03-4617-8be2-3cdaeb85fac0": { "id": "19e6bd3b-8d03-4617-8be2-3cdaeb85fac0", "title": "WP Google Map <= 1.8.0 - Subscriber+ Arbitrary Post Deletion and Plugin Settings Update", "software": [ { "type": "plugin", "name": "Maps Plugin using Google Maps for WordPress \u2013 WP Google Map", "slug": "gmap-embed", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19e6bd3b-8d03-4617-8be2-3cdaeb85fac0?source=api-scan" ], "published": "2021-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19e7a841-e7b0-410d-ae33-f31811efd919": { "id": "19e7a841-e7b0-410d-ae33-f31811efd919", "title": "ArtPlacer Widget <= 2.21.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ArtPlacer Widget", "slug": "artplacer-widget", "affected_versions": { "* - 2.21.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.21.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19e7a841-e7b0-410d-ae33-f31811efd919?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19e9735c-ddaa-4b38-ad21-b2f13c0d4461": { "id": "19e9735c-ddaa-4b38-ad21-b2f13c0d4461", "title": "WP-Spreadplugin <= 4.8.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Spreadplugin", "slug": "wp-spreadplugin", "affected_versions": { "* - 4.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19e9735c-ddaa-4b38-ad21-b2f13c0d4461?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19e9a9f7-d2e3-4ebb-b121-99c7c81ede4f": { "id": "19e9a9f7-d2e3-4ebb-b121-99c7c81ede4f", "title": "WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 4.16.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.16.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19e9a9f7-d2e3-4ebb-b121-99c7c81ede4f?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19f126f8-1d59-44b5-8e0e-c37f1fbedf5a": { "id": "19f126f8-1d59-44b5-8e0e-c37f1fbedf5a", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19f2fe7c-f702-4db6-9914-2839a62ffdd5": { "id": "19f2fe7c-f702-4db6-9914-2839a62ffdd5", "title": "Discy - Social Questions and Answers WordPress Theme <= 4.9 - Missing Authorization", "software": [ { "type": "theme", "name": "Discy - Social Questions and Answers WordPress Theme", "slug": "discy", "affected_versions": { "* - 4.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19f2fe7c-f702-4db6-9914-2839a62ffdd5?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19f3d3a4-1742-4e3f-97c5-acf960c3cdb5": { "id": "19f3d3a4-1742-4e3f-97c5-acf960c3cdb5", "title": "Ultimate Form Builder Lite <= 1.3.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form for WordPress \u2013 Ultimate Form Builder Lite", "slug": "ultimate-form-builder-lite", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19f3d3a4-1742-4e3f-97c5-acf960c3cdb5?source=api-scan" ], "published": "2018-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19f737a8-21e6-49d3-95b9-24fb6e5d7af7": { "id": "19f737a8-21e6-49d3-95b9-24fb6e5d7af7", "title": "InPost Gallery < 2.1.2.1 - Local File Inclusion", "software": [ { "type": "plugin", "name": "InPost Gallery", "slug": "inpost-gallery", "affected_versions": { "[*, 2.1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19f737a8-21e6-49d3-95b9-24fb6e5d7af7?source=api-scan" ], "published": "2016-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19f8a656-696c-4e4f-a0a6-c71010a1ee12": { "id": "19f8a656-696c-4e4f-a0a6-c71010a1ee12", "title": "Wallet System for WooCommerce <= 2.5.13 - Information Exposure via Log Files", "software": [ { "type": "plugin", "name": "Wallet System for WooCommerce \u2013 Wallet, Secure Online Payments, Cashback, Refunds, Partial Payment, Wallet Restriction, WooCommerce Payment", "slug": "wallet-system-for-woocommerce", "affected_versions": { "* - 2.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19f8a656-696c-4e4f-a0a6-c71010a1ee12?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19f8eb9b-f416-4ef4-bb75-f561579ce22f": { "id": "19f8eb9b-f416-4ef4-bb75-f561579ce22f", "title": "Ultimate Classified Listings <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Classified Listings", "slug": "ultimate-classified-listings", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19f8eb9b-f416-4ef4-bb75-f561579ce22f?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19f94c4f-145b-4058-aabd-06525fce3cea": { "id": "19f94c4f-145b-4058-aabd-06525fce3cea", "title": "EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19f94c4f-145b-4058-aabd-06525fce3cea?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19f97cc8-4a35-44fd-b9f5-978f5997d08a": { "id": "19f97cc8-4a35-44fd-b9f5-978f5997d08a", "title": "Appointment Booking Calendar <= 1.1.7 - Multiple Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19f97cc8-4a35-44fd-b9f5-978f5997d08a?source=api-scan" ], "published": "2015-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19fbb332-f660-4572-82a3-c68e0bc7efcf": { "id": "19fbb332-f660-4572-82a3-c68e0bc7efcf", "title": "ListingPro - WordPress Directory & Listing Theme < 2.5.4 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "[*, 2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19fbb332-f660-4572-82a3-c68e0bc7efcf?source=api-scan" ], "published": "2020-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "19fe28c0-c0ef-49aa-91c1-2e273201babd": { "id": "19fe28c0-c0ef-49aa-91c1-2e273201babd", "title": "XStore <= 9.3.8 - Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "theme", "name": "XStore", "slug": "xstore", "affected_versions": { "* - 9.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/19fe28c0-c0ef-49aa-91c1-2e273201babd?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a081788-007e-463b-b757-afefcf4c6e17": { "id": "1a081788-007e-463b-b757-afefcf4c6e17", "title": "All In One Favicon <= 4.7 - Authenticated(Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "All In One Favicon", "slug": "all-in-one-favicon", "affected_versions": { "* - 4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a081788-007e-463b-b757-afefcf4c6e17?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a09dcc4-37ee-425d-b824-a593c22d711f": { "id": "1a09dcc4-37ee-425d-b824-a593c22d711f", "title": "Auto iFrame <= 1.7 - Authenticated (Author+) Stored Cross-Site Scripting via tag Parameter", "software": [ { "type": "plugin", "name": "Auto iFrame", "slug": "auto-iframe", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a09dcc4-37ee-425d-b824-a593c22d711f?source=api-scan" ], "published": "2024-10-08 17:35:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a0ba31d-d2d8-4614-8f77-a041c25c0519": { "id": "1a0ba31d-d2d8-4614-8f77-a041c25c0519", "title": "SMTP Mailing Queue <= 1.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SMTP Mailing Queue", "slug": "smtp-mailing-queue", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a0ba31d-d2d8-4614-8f77-a041c25c0519?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a0e93cb-4311-4b38-8eb4-17152e1f3475": { "id": "1a0e93cb-4311-4b38-8eb4-17152e1f3475", "title": "Vertical scroll recent post <= 14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Vertical scroll recent post", "slug": "vertical-scroll-recent-post", "affected_versions": { "* - 14.0": { "from_version": "*", "from_inclusive": true, "to_version": "14.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a0e93cb-4311-4b38-8eb4-17152e1f3475?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a0fa7f6-cc1a-45fe-881d-694c81b841c7": { "id": "1a0fa7f6-cc1a-45fe-881d-694c81b841c7", "title": "Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5.1" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a0fa7f6-cc1a-45fe-881d-694c81b841c7?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a0fcd50-e9d6-49a5-979f-61f953b1a1cd": { "id": "1a0fcd50-e9d6-49a5-979f-61f953b1a1cd", "title": "Safe SVG <= 1.9.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Safe SVG", "slug": "safe-svg", "affected_versions": { "* - 1.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a0fcd50-e9d6-49a5-979f-61f953b1a1cd?source=api-scan" ], "published": "2019-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a10af61-6451-4dda-aeda-ba8fa44bee35": { "id": "1a10af61-6451-4dda-aeda-ba8fa44bee35", "title": "SupportCandy \u2013 Helpdesk & Support Ticket System <= 2.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "[*, 2.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a10af61-6451-4dda-aeda-ba8fa44bee35?source=api-scan" ], "published": "2022-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a12f472-0ae1-4c3c-b7e3-85f637fe58c5": { "id": "1a12f472-0ae1-4c3c-b7e3-85f637fe58c5", "title": "Easy Maintenance Mode <= 1.4.2 - Information Exposure", "software": [ { "type": "plugin", "name": "Easy Maintenance Mode", "slug": "easy-maintenance-mode-coming-soon", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a12f472-0ae1-4c3c-b7e3-85f637fe58c5?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a14b674-620e-4247-a200-92d9f23acbca": { "id": "1a14b674-620e-4247-a200-92d9f23acbca", "title": "ThemeREX Addons (Various Versions) - Missing Authorization", "software": [ { "type": "plugin", "name": "ThemeREX Addons", "slug": "trx_addons", "affected_versions": { "[*, 1.6.49.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.49.6", "to_inclusive": false }, "[1.6.49.6.2, 1.6.49.6.3)": { "from_version": "1.6.49.6.2", "from_inclusive": true, "to_version": "1.6.49.6.3", "to_inclusive": false }, "[1.6.49.8, 1.6.49.9)": { "from_version": "1.6.49.8", "from_inclusive": true, "to_version": "1.6.49.9", "to_inclusive": false }, "[1.6.50, 1.6.50.2)": { "from_version": "1.6.50", "from_inclusive": true, "to_version": "1.6.50.2", "to_inclusive": false }, "[1.6.51, 1.6.51.4)": { "from_version": "1.6.51", "from_inclusive": true, "to_version": "1.6.51.4", "to_inclusive": false }, "[1.6.52, 1.6.52.3)": { "from_version": "1.6.52", "from_inclusive": true, "to_version": "1.6.52.3", "to_inclusive": false }, "[1.6.53, 1.6.53.4)": { "from_version": "1.6.53", "from_inclusive": true, "to_version": "1.6.53.4", "to_inclusive": false }, "[1.6.54, 1.6.54.1)": { "from_version": "1.6.54", "from_inclusive": true, "to_version": "1.6.54.1", "to_inclusive": false }, "[1.6.55, 1.6.55.8)": { "from_version": "1.6.55", "from_inclusive": true, "to_version": "1.6.55.8", "to_inclusive": false }, "[1.6.56, 1.6.56.1)": { "from_version": "1.6.56", "from_inclusive": true, "to_version": "1.6.56.1", "to_inclusive": false }, "[1.6.57, 1.6.57.4)": { "from_version": "1.6.57", "from_inclusive": true, "to_version": "1.6.57.4", "to_inclusive": false }, "[1.6.58.2, 1.6.58.3)": { "from_version": "1.6.58.2", "from_inclusive": true, "to_version": "1.6.58.3", "to_inclusive": false }, "1.6.59": { "from_version": "1.6.59", "from_inclusive": true, "to_version": "1.6.59", "to_inclusive": true }, "1.6.59.1": { "from_version": "1.6.59.1", "from_inclusive": true, "to_version": "1.6.59.1", "to_inclusive": true }, "[1.6.59.1.1, 1.6.59.1.2)": { "from_version": "1.6.59.1.1", "from_inclusive": true, "to_version": "1.6.59.1.2", "to_inclusive": false }, "[1.6.59.2, 1.6.59.4)": { "from_version": "1.6.59.2", "from_inclusive": true, "to_version": "1.6.59.4", "to_inclusive": false }, "[1.6.60, 1.6.60.1)": { "from_version": "1.6.60", "from_inclusive": true, "to_version": "1.6.60.1", "to_inclusive": false }, "1.6.61": { "from_version": "1.6.61", "from_inclusive": true, "to_version": "1.6.61", "to_inclusive": true }, "1.6.61.1": { "from_version": "1.6.61.1", "from_inclusive": true, "to_version": "1.6.61.1", "to_inclusive": true }, "[1.6.61.1.0, 1.6.61.1.1)": { "from_version": "1.6.61.1.0", "from_inclusive": true, "to_version": "1.6.61.1.1", "to_inclusive": false }, "[1.6.61.2, 1.6.61.2.1)": { "from_version": "1.6.61.2", "from_inclusive": true, "to_version": "1.6.61.2.1", "to_inclusive": false }, "[1.6.65, 1.6.65.1)": { "from_version": "1.6.65", "from_inclusive": true, "to_version": "1.6.65.1", "to_inclusive": false }, "[1.6.66, 1.6.66.1)": { "from_version": "1.6.66", "from_inclusive": true, "to_version": "1.6.66.1", "to_inclusive": false }, "[1.6.67, 1.6.67.1)": { "from_version": "1.6.67", "from_inclusive": true, "to_version": "1.6.67.1", "to_inclusive": false }, "1.70.3": { "from_version": "1.70.3", "from_inclusive": true, "to_version": "1.70.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.49.10", "1.6.49.6", "1.6.49.6.3", "1.6.49.7", "1.6.50.2", "1.6.51.4", "1.6.52.3", "1.6.53.4", "1.6.54.1", "1.6.55.8", "1.6.56.1", "1.6.57.4", "1.6.58.3", "1.6.59.1.2", "1.6.59.4", "1.6.60.1", "1.6.61.1.1", "1.6.61.2.1", "1.6.62.4", "1.6.65.1", "1.6.66.1", "1.6.67.1", "1.70.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a14b674-620e-4247-a200-92d9f23acbca?source=api-scan" ], "published": "2020-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a14b86f-a5c8-4ec2-9940-68a37a6c4a86": { "id": "1a14b86f-a5c8-4ec2-9940-68a37a6c4a86", "title": "Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "theme", "name": "Unseen Blog", "slug": "unseen-blog", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a14b86f-a5c8-4ec2-9940-68a37a6c4a86?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a1af528-79c6-4197-b247-9789b290a642": { "id": "1a1af528-79c6-4197-b247-9789b290a642", "title": "Bridge - Creative Multipurpose WordPress Theme < 11.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Bridge - Creative Multipurpose WordPress Theme", "slug": "bridge", "affected_versions": { "[*, 11.2)": { "from_version": "*", "from_inclusive": true, "to_version": "11.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a1af528-79c6-4197-b247-9789b290a642?source=api-scan" ], "published": "2017-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a1fc6c9-50cd-40fd-a777-9eed98aab797": { "id": "1a1fc6c9-50cd-40fd-a777-9eed98aab797", "title": "NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization", "software": [ { "type": "plugin", "name": "NinjaFirewall (WP Edition) \u2013 Advanced Security Plugin and Firewall", "slug": "ninjafirewall", "affected_versions": { "[*, 4.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=api-scan" ], "published": "2021-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a2fb050-1a7c-45cc-86c7-02331d47f780": { "id": "1a2fb050-1a7c-45cc-86c7-02331d47f780", "title": "WPSchoolPress <= 2.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "School Management System \u2013 WPSchoolPress", "slug": "wpschoolpress", "affected_versions": { "[*, 2.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a2fb050-1a7c-45cc-86c7-02331d47f780?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a304e9a-9518-4a6a-b36a-963cb329f5c3": { "id": "1a304e9a-9518-4a6a-b36a-963cb329f5c3", "title": "Login\/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure", "software": [ { "type": "plugin", "name": "Login\/Signup Popup ( Inline Form + Woocommerce )", "slug": "easy-login-woocommerce", "affected_versions": { "2.7.1 - 2.7.2": { "from_version": "2.7.1", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a304e9a-9518-4a6a-b36a-963cb329f5c3?source=api-scan" ], "published": "2024-06-05 19:24:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a3137a1-8e46-44c6-8edd-ad9fc4d66e0b": { "id": "1a3137a1-8e46-44c6-8edd-ad9fc4d66e0b", "title": "Fuse Social Floating Sidebar <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload", "software": [ { "type": "plugin", "name": "Fuse Social Floating Sidebar", "slug": "fuse-social-floating-sidebar", "affected_versions": { "* - 5.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a3137a1-8e46-44c6-8edd-ad9fc4d66e0b?source=api-scan" ], "published": "2024-08-07 17:11:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a367b5a-cfba-41fa-9243-256a391a4661": { "id": "1a367b5a-cfba-41fa-9243-256a391a4661", "title": "Contact Bank <= 3.0.30 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Bank \u2013 Contact Form Builder for WordPress", "slug": "contact-bank", "affected_versions": { "* - 3.0.30": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.30", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a367b5a-cfba-41fa-9243-256a391a4661?source=api-scan" ], "published": "2022-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a374d8a-3754-4228-95ed-dc0ba1df40da": { "id": "1a374d8a-3754-4228-95ed-dc0ba1df40da", "title": "Broken Link Checker <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a374d8a-3754-4228-95ed-dc0ba1df40da?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a3ebfba-7523-48a4-a315-4395be2cebef": { "id": "1a3ebfba-7523-48a4-a315-4395be2cebef", "title": "Heateor Social Login <= 1.1.30 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Heateor Social Login WordPress", "slug": "heateor-social-login", "affected_versions": { "* - 1.1.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a3ebfba-7523-48a4-a315-4395be2cebef?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a46da16-2442-45cf-858f-0681b1106cc2": { "id": "1a46da16-2442-45cf-858f-0681b1106cc2", "title": "SEO Plugin by Squirrly SEO < 6.1.5 - Directory Traversal", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "[*, 6.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a46da16-2442-45cf-858f-0681b1106cc2?source=api-scan" ], "published": "2016-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a46fd57-4cb9-4d98-89b6-926d74b2ab33": { "id": "1a46fd57-4cb9-4d98-89b6-926d74b2ab33", "title": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026 <= 4.4 - Cross-Site Request Forgery via init_endpoint", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a46fd57-4cb9-4d98-89b6-926d74b2ab33?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a4bc52d-5771-4e7b-a394-772f2a5edbd7": { "id": "1a4bc52d-5771-4e7b-a394-772f2a5edbd7", "title": "WP Scraper <= 5.7 - Missing Authorization to Arbitrary Page\/Post Creation", "software": [ { "type": "plugin", "name": "WP Scraper", "slug": "wp-scraper", "affected_versions": { "* - 5.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a4bc52d-5771-4e7b-a394-772f2a5edbd7?source=api-scan" ], "published": "2024-05-21 18:42:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a4cc739-0563-4ca2-931d-818a0c285257": { "id": "1a4cc739-0563-4ca2-931d-818a0c285257", "title": "BuddyPress - 1.5-1.5.4 - SQL Injection", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "1.5 - 1.5.4": { "from_version": "1.5", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a4cc739-0563-4ca2-931d-818a0c285257?source=api-scan" ], "published": "2012-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a507489-f337-4b47-9506-daea1b426798": { "id": "1a507489-f337-4b47-9506-daea1b426798", "title": "Quick Paypal Payments <= 5.7.26.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Paypal Payments", "slug": "quick-paypal-payments", "affected_versions": { "* - 5.7.26.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.26.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.26.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a507489-f337-4b47-9506-daea1b426798?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a576033-d3f5-48cf-b0b9-b11ea388a6d9": { "id": "1a576033-d3f5-48cf-b0b9-b11ea388a6d9", "title": "Page Builder: Live Composer <= 1.5.42 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Live Composer \u2013 Free WordPress Website Builder", "slug": "live-composer-page-builder", "affected_versions": { "* - 1.5.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a576033-d3f5-48cf-b0b9-b11ea388a6d9?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a5d9290-b480-45f7-9ac7-a20475b805e8": { "id": "1a5d9290-b480-45f7-9ac7-a20475b805e8", "title": "Related Posts for WordPress <= 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Related Posts for WordPress", "slug": "related-posts-for-wp", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a5d9290-b480-45f7-9ac7-a20475b805e8?source=api-scan" ], "published": "2021-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a67d846-d27c-4a82-a30d-813d9b37da1d": { "id": "1a67d846-d27c-4a82-a30d-813d9b37da1d", "title": "Link Library <= 7.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a67d846-d27c-4a82-a30d-813d9b37da1d?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a684ca7-0856-418e-9229-3e74dafb5c89": { "id": "1a684ca7-0856-418e-9229-3e74dafb5c89", "title": "WP Database Backup < 3.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a684ca7-0856-418e-9229-3e74dafb5c89?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a697391-f30d-403f-9046-8fa219a49302": { "id": "1a697391-f30d-403f-9046-8fa219a49302", "title": "GP Premium <= 2.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GP Premium", "slug": "gp-premium", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a697391-f30d-403f-9046-8fa219a49302?source=api-scan" ], "published": "2024-06-04 19:49:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a6bc58f-9cf3-4d3f-a10e-0ccde0b890a3": { "id": "1a6bc58f-9cf3-4d3f-a10e-0ccde0b890a3", "title": "Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update", "software": [ { "type": "plugin", "name": "Injection Guard", "slug": "injection-guard", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a6bc58f-9cf3-4d3f-a10e-0ccde0b890a3?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a6fbb60-811a-4763-b301-694bc8d387e7": { "id": "1a6fbb60-811a-4763-b301-694bc8d387e7", "title": "Forminator <= 1.29.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.29.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a6fbb60-811a-4763-b301-694bc8d387e7?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a7298ae-e1e6-4d3f-b4fb-9f9db9f3832d": { "id": "1a7298ae-e1e6-4d3f-b4fb-9f9db9f3832d", "title": "Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via id", "software": [ { "type": "plugin", "name": "Five Minute Webshop", "slug": "five-minute-webshop", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a7298ae-e1e6-4d3f-b4fb-9f9db9f3832d?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a76571a-f820-4902-afa9-287b59a11d14": { "id": "1a76571a-f820-4902-afa9-287b59a11d14", "title": "Nested Pages <= 3.0.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Nested Pages", "slug": "wp-nested-pages", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a76571a-f820-4902-afa9-287b59a11d14?source=api-scan" ], "published": "2019-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a766b5b-e21e-4009-86d9-7f0a5c91ed51": { "id": "1a766b5b-e21e-4009-86d9-7f0a5c91ed51", "title": "Easy SVG Allow <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Easy SVG Allow", "slug": "easy-svg-image-allow", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a766b5b-e21e-4009-86d9-7f0a5c91ed51?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a7687fe-6246-4bd3-9d4f-e7fa6398f265": { "id": "1a7687fe-6246-4bd3-9d4f-e7fa6398f265", "title": "User Activation Email <= 1.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Activation Email", "slug": "user-activation-email", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a7687fe-6246-4bd3-9d4f-e7fa6398f265?source=api-scan" ], "published": "2021-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a849338-8dd9-49d2-ab7c-29d4b729877b": { "id": "1a849338-8dd9-49d2-ab7c-29d4b729877b", "title": "Hash Elements <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hash Elements", "slug": "hash-elements", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a849338-8dd9-49d2-ab7c-29d4b729877b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a850176-973c-49aa-a420-e379223b6dc3": { "id": "1a850176-973c-49aa-a420-e379223b6dc3", "title": "SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO by 10Web", "slug": "seo-by-10web", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a850176-973c-49aa-a420-e379223b6dc3?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a8b194c-371f-4adc-98fa-8f4e47a38ee7": { "id": "1a8b194c-371f-4adc-98fa-8f4e47a38ee7", "title": "Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a8b22b4-151c-4f42-a0a0-966dc5eb7a9d": { "id": "1a8b22b4-151c-4f42-a0a0-966dc5eb7a9d", "title": "PayGreen \u2013 Ancienne version <= 4.10.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PayGreen \u2013 Ancienne version", "slug": "paygreen-woocommerce", "affected_versions": { "* - 4.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a8b22b4-151c-4f42-a0a0-966dc5eb7a9d?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1a91e973-f669-49a6-8c74-f6fbc4dc8db9": { "id": "1a91e973-f669-49a6-8c74-f6fbc4dc8db9", "title": "Clean Login 1.12.6.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clean Login", "slug": "clean-login", "affected_versions": { "1.12.6.3": { "from_version": "1.12.6.3", "from_inclusive": true, "to_version": "1.12.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1a91e973-f669-49a6-8c74-f6fbc4dc8db9?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1aa0fd9d-6c9f-4110-92a0-064fa4b9b589": { "id": "1aa0fd9d-6c9f-4110-92a0-064fa4b9b589", "title": "WP Open Street Map <= 1.25 - Cross-Site Request Forgery via wp_openstreetmaps", "software": [ { "type": "plugin", "name": "WP Open Street Map", "slug": "wp-open-street-map", "affected_versions": { "* - 1.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1aa0fd9d-6c9f-4110-92a0-064fa4b9b589?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1aa7a7f9-f331-4d06-94ea-182535080a90": { "id": "1aa7a7f9-f331-4d06-94ea-182535080a90", "title": "Newsletters <= 4.6.18 - Directory Traversal", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "[*, 4.6.19)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1aa7a7f9-f331-4d06-94ea-182535080a90?source=api-scan" ], "published": "2019-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1aa7d0c2-27ec-47ad-8baa-c281c273078e": { "id": "1aa7d0c2-27ec-47ad-8baa-c281c273078e", "title": "Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "[*, 2.7.31)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.31", "to_inclusive": false }, "[2.8, 2.8.23.2)": { "from_version": "2.8", "from_inclusive": true, "to_version": "2.8.23.2", "to_inclusive": false }, "[3, 3.0.10.2)": { "from_version": "3", "from_inclusive": true, "to_version": "3.0.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.31.2", "2.8.23.2", "2.9.19.2", "3.0.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1aa7d0c2-27ec-47ad-8baa-c281c273078e?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1aac7677-53f4-4944-9bdc-7e07b09c6c13": { "id": "1aac7677-53f4-4944-9bdc-7e07b09c6c13", "title": "ND Restaurant Reservations <= 1.3 - Options Change", "software": [ { "type": "plugin", "name": "Restaurant Reservations", "slug": "nd-restaurant-reservations", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1aac7677-53f4-4944-9bdc-7e07b09c6c13?source=api-scan" ], "published": "2019-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1aadb04c-a483-4f9b-8246-3dd7e158fcc2": { "id": "1aadb04c-a483-4f9b-8246-3dd7e158fcc2", "title": "Ready! Ecommerce Shopping Cart < 0.5.1 - Cross-Site Request Forgery and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ready! Ecommerce Shopping Cart", "slug": "ready-ecommerce", "affected_versions": { "[*, 0.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1aadb04c-a483-4f9b-8246-3dd7e158fcc2?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ab05954-9999-43ff-8e3c-a987e2da1956": { "id": "1ab05954-9999-43ff-8e3c-a987e2da1956", "title": "Event Registration Calendar By vcita <= 1.3.1 & Online Payments \u2013 Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Registration Calendar By vcita", "slug": "event-registration-calendar-by-vcita", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Online Payments \u2013 Get Paid with PayPal, Square & Stripe", "slug": "paypal-payment-button-by-vcita", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ab05954-9999-43ff-8e3c-a987e2da1956?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ab0d9f3-0185-41f1-bab5-f47f828fa79c": { "id": "1ab0d9f3-0185-41f1-bab5-f47f828fa79c", "title": "MiwoFTP < 1.0.6 - Cross-Site Request Forgery to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "miwoftp", "slug": "miwoftp", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ab0d9f3-0185-41f1-bab5-f47f828fa79c?source=api-scan" ], "published": "2015-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ab4dc20-ce50-4ad0-aff4-9fc529d1911f": { "id": "1ab4dc20-ce50-4ad0-aff4-9fc529d1911f", "title": "WordPress Core <= 3.3.1 - Same Origin Policy Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ab4dc20-ce50-4ad0-aff4-9fc529d1911f?source=api-scan" ], "published": "2012-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1abdc53b-7abe-422b-aeea-5bf31733bdad": { "id": "1abdc53b-7abe-422b-aeea-5bf31733bdad", "title": "Toggle The Title <= 1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Toggle The Title", "slug": "toggle-the-title", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1abdc53b-7abe-422b-aeea-5bf31733bdad?source=api-scan" ], "published": "2019-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1abf0bbd-c502-4db8-9e01-413517082dd8": { "id": "1abf0bbd-c502-4db8-9e01-413517082dd8", "title": "WordPress Exit Box Lite <= 1.06 - Full Path Dislcosure", "software": [ { "type": "plugin", "name": "WordPress Exit Box Lite", "slug": "wordpress-exit-box-lite", "affected_versions": { "1.06": { "from_version": "1.06", "from_inclusive": true, "to_version": "1.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1abf0bbd-c502-4db8-9e01-413517082dd8?source=api-scan" ], "published": "2013-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ac39498-3171-4d91-a911-381c8ed751dc": { "id": "1ac39498-3171-4d91-a911-381c8ed751dc", "title": "WordPress Core <= 3.9.1 - XML External Entity (XXE) Weakness", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ac39498-3171-4d91-a911-381c8ed751dc?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ac58649-4c1a-4c2c-a94b-a3cf08ecb4df": { "id": "1ac58649-4c1a-4c2c-a94b-a3cf08ecb4df", "title": "CarSpot \u2013 Dealership Wordpress Classified Theme < 2.1.7 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "CarSpot \u2013 Dealership Wordpress Classified Theme", "slug": "carspot", "affected_versions": { "[*, 2.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ac58649-4c1a-4c2c-a94b-a3cf08ecb4df?source=api-scan" ], "published": "2019-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ac8fb0b-21a9-4b94-bb24-b349a7fe3305": { "id": "1ac8fb0b-21a9-4b94-bb24-b349a7fe3305", "title": "The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "* - 5.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ac8fb0b-21a9-4b94-bb24-b349a7fe3305?source=api-scan" ], "published": "2024-06-20 14:04:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1accc41e-41d2-49e3-a80a-6b95b02cb42e": { "id": "1accc41e-41d2-49e3-a80a-6b95b02cb42e", "title": "Site Reviews <= 6.10.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "[*, 6.10.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1accc41e-41d2-49e3-a80a-6b95b02cb42e?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1acfa5d1-c1ba-4ba5-9511-0f4adbe5b9ca": { "id": "1acfa5d1-c1ba-4ba5-9511-0f4adbe5b9ca", "title": "BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BP Profile Search", "slug": "bp-profile-search", "affected_versions": { "* - 5.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1acfa5d1-c1ba-4ba5-9511-0f4adbe5b9ca?source=api-scan" ], "published": "2024-08-19 13:39:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ad2b168-5874-4b0f-8710-d9ed9afc54bf": { "id": "1ad2b168-5874-4b0f-8710-d9ed9afc54bf", "title": "FAQs Manager <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "FAQs Manager", "slug": "faqs-manager", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ad2b168-5874-4b0f-8710-d9ed9afc54bf?source=api-scan" ], "published": "2013-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ad366f1-2369-4fb2-aeda-301c85cf6801": { "id": "1ad366f1-2369-4fb2-aeda-301c85cf6801", "title": "Layer Slider <= 1.1.9.7 - Cross-Site Request Forgery via save_slide_ajax", "software": [ { "type": "plugin", "name": "Layer Slider", "slug": "slider-slideshow", "affected_versions": { "* - 1.1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ad366f1-2369-4fb2-aeda-301c85cf6801?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ad38d18-689c-41ab-9e33-fccbf6791cdb": { "id": "1ad38d18-689c-41ab-9e33-fccbf6791cdb", "title": "Wordpress Plugin Mobile App Native 3.0 <= 3.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Wordpress Plugin Mobile App Native 3.0", "slug": "zen-mobile-app-native", "affected_versions": { "3.0": { "from_version": "3.0", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ad38d18-689c-41ab-9e33-fccbf6791cdb?source=api-scan" ], "published": "2017-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ad889f7-41cb-461f-8dc1-69236b06fb63": { "id": "1ad889f7-41cb-461f-8dc1-69236b06fb63", "title": "Add Any Extension to Pages <= 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Any Extension to Pages", "slug": "add-any-extension-to-pages", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ad889f7-41cb-461f-8dc1-69236b06fb63?source=api-scan" ], "published": "2017-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1adcc627-c371-452b-95b7-25c659117116": { "id": "1adcc627-c371-452b-95b7-25c659117116", "title": "SAML Single Sign On \u2013 SSO Login Premium Multisite < 20.0.7 - Open Redirect", "software": [ { "type": "plugin", "name": "SAML Single Sign On \u2013 SSO Login Standard", "slug": "miniorange-saml-20-single-sign-on", "affected_versions": { "[16, 16.0.8)": { "from_version": "16", "from_inclusive": true, "to_version": "16.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "16.0.8" ] }, { "type": "plugin", "name": "SAML Single Sign On \u2013 SSO Login Premium", "slug": "miniorange-saml-20-single-sign-on", "affected_versions": { "[12, 12.1.0)": { "from_version": "12", "from_inclusive": true, "to_version": "12.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "12.1.0" ] }, { "type": "plugin", "name": "SAML Single Sign On \u2013 SSO Login Premium Multisite", "slug": "miniorange-saml-20-single-sign-on", "affected_versions": { "[20, 20.0.7)": { "from_version": "20", "from_inclusive": true, "to_version": "20.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "20.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1adcc627-c371-452b-95b7-25c659117116?source=api-scan" ], "published": "2023-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1add47ea-6a7b-443a-b31d-3bb6c0d5d72d": { "id": "1add47ea-6a7b-443a-b31d-3bb6c0d5d72d", "title": "Drag and Drop Multiple File Upload PRO <= 2.10.9 - Directory Traversal", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard", "slug": "drag-n-drop-upload-cf7-pro", "affected_versions": { "* - 2.10.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1add47ea-6a7b-443a-b31d-3bb6c0d5d72d?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ae01053-e6cd-4ddf-9e2a-4658cdb60f8e": { "id": "1ae01053-e6cd-4ddf-9e2a-4658cdb60f8e", "title": "PHPRelativePath Library - Various Plugins (Various Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MPL-Publisher \u2014 Ebook & Audiobook Creator", "slug": "mpl-publisher", "affected_versions": { "* - 1.29.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.2" ] }, { "type": "plugin", "name": "WooCommerce PDF Invoice Bulk Download", "slug": "woo-pdf-invoices-bulk-download", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Read Offline", "slug": "read-offline", "affected_versions": { "* - 0.9.17": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ae01053-e6cd-4ddf-9e2a-4658cdb60f8e?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1aea4732-9e7d-406f-b848-ff223104f176": { "id": "1aea4732-9e7d-406f-b848-ff223104f176", "title": "WPMobile.App <= 11.50 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPMobile.App \u2014 Android and iOS Mobile Application", "slug": "wpappninja", "affected_versions": { "* - 11.50": { "from_version": "*", "from_inclusive": true, "to_version": "11.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1aea4732-9e7d-406f-b848-ff223104f176?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1aea8fe3-7c75-4d3a-847a-ce0d1f9700f1": { "id": "1aea8fe3-7c75-4d3a-847a-ce0d1f9700f1", "title": "Button Builder \u2013 Buttons X <= 0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Button Builder \u2013 Buttons X", "slug": "buttons-x", "affected_versions": { "* - 0.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1aea8fe3-7c75-4d3a-847a-ce0d1f9700f1?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87": { "id": "1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87", "title": "MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1af442f7-b57c-47bd-9733-5e6bb5c89443": { "id": "1af442f7-b57c-47bd-9733-5e6bb5c89443", "title": "kk Star Ratings <= 5.4.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "kk Star Ratings \u2013 Rate Post & Collect User Feedbacks", "slug": "kk-star-ratings", "affected_versions": { "* - 5.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1af442f7-b57c-47bd-9733-5e6bb5c89443?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1af5f7be-cfe2-4e0b-ae84-e44095644d84": { "id": "1af5f7be-cfe2-4e0b-ae84-e44095644d84", "title": "Easy Form Builder <= 1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Easy Form Builder", "slug": "easy-form-builder-by-bitware", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1af5f7be-cfe2-4e0b-ae84-e44095644d84?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b000835-7f9d-44b4-92a3-ffce6e06d2ec": { "id": "1b000835-7f9d-44b4-92a3-ffce6e06d2ec", "title": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b000835-7f9d-44b4-92a3-ffce6e06d2ec?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b00e42b-9c03-4a3c-86b7-1552f7700b2f": { "id": "1b00e42b-9c03-4a3c-86b7-1552f7700b2f", "title": "CRM Perks Forms <= 1.1.5 - Missing Authorization to Unauthenticated Form Submission", "software": [ { "type": "plugin", "name": "CRM Perks Forms \u2013 WordPress Form Builder", "slug": "crm-perks-forms", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b00e42b-9c03-4a3c-86b7-1552f7700b2f?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b038c9e-9053-43aa-99f2-cba660d2a7ff": { "id": "1b038c9e-9053-43aa-99f2-cba660d2a7ff", "title": "Min and Max Purchase for WooCommerce <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Min and Max Purchase for WooCommerce", "slug": "min-and-max-purchase-for-woocommerce", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b038c9e-9053-43aa-99f2-cba660d2a7ff?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b05191b-4f4a-487a-9fbf-843a4787511e": { "id": "1b05191b-4f4a-487a-9fbf-843a4787511e", "title": "CGC Maintenance Mode <= 1.2 - IP Spoofing", "software": [ { "type": "plugin", "name": "CGC Maintenance Mode", "slug": "cgc-maintenance-mode", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b05191b-4f4a-487a-9fbf-843a4787511e?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b097ab2-7675-4409-b22a-ad70cee35ab1": { "id": "1b097ab2-7675-4409-b22a-ad70cee35ab1", "title": "GamiPress <= 2.5.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", "slug": "gamipress", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b097ab2-7675-4409-b22a-ad70cee35ab1?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b0c1afc-0e77-4a56-89cb-84e2fcc8aa21": { "id": "1b0c1afc-0e77-4a56-89cb-84e2fcc8aa21", "title": "WP Crontrol <= 1.16.1 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Crontrol", "slug": "wp-crontrol", "affected_versions": { "* - 1.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b0c1afc-0e77-4a56-89cb-84e2fcc8aa21?source=api-scan" ], "published": "2024-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b162ef2-7428-47cc-91c6-c8f66512c5dc": { "id": "1b162ef2-7428-47cc-91c6-c8f66512c5dc", "title": "Slider Revolution <= 4.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b162ef2-7428-47cc-91c6-c8f66512c5dc?source=api-scan" ], "published": "2014-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b1d4180-091c-4679-a8d2-a6915ec05772": { "id": "1b1d4180-091c-4679-a8d2-a6915ec05772", "title": "BestWebSoft's Twitter < 2.55 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BestWebSoft's Twitter", "slug": "twitter-plugin", "affected_versions": { "[*, 2.55)": { "from_version": "*", "from_inclusive": true, "to_version": "2.55", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b1d4180-091c-4679-a8d2-a6915ec05772?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b1db6b8-f005-488f-b2cc-667acc700b0a": { "id": "1b1db6b8-f005-488f-b2cc-667acc700b0a", "title": "Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b1db6b8-f005-488f-b2cc-667acc700b0a?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b245791-6aac-4ee3-9278-5b7c01f13263": { "id": "1b245791-6aac-4ee3-9278-5b7c01f13263", "title": "WP Fusion Lite \u2013 Marketing Automation and CRM Integration for WordPress <= 3.42.10 - Information Exposure", "software": [ { "type": "plugin", "name": "WP Fusion Lite \u2013 Marketing Automation and CRM Integration for WordPress", "slug": "wp-fusion-lite", "affected_versions": { "* - 3.42.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.42.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.43.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b245791-6aac-4ee3-9278-5b7c01f13263?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b25df18-dd9a-4b24-8187-283d5f3f334e": { "id": "1b25df18-dd9a-4b24-8187-283d5f3f334e", "title": "Happy Addons for Elementor <= 3.10.1 - Missing Authorization via add_row_actions", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b25df18-dd9a-4b24-8187-283d5f3f334e?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b29048e-cf06-463c-82e0-f1d973e50232": { "id": "1b29048e-cf06-463c-82e0-f1d973e50232", "title": "Ultimate Addons for Beaver Builder <= 1.35.14 - Authenticated(Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder", "slug": "bb-ultimate-addon", "affected_versions": { "* - 1.35.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.35.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.35.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b29048e-cf06-463c-82e0-f1d973e50232?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b2ac807-c6e1-43de-8385-240ccae87e81": { "id": "1b2ac807-c6e1-43de-8385-240ccae87e81", "title": "Amazon Einzeltitellinks <= 1.3.3 - Cross-Site Request Forgery to Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "Amazon Einzeltitellinks", "slug": "amazon-einzeltitellinks", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b2ac807-c6e1-43de-8385-240ccae87e81?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b2b49af-1bed-4c81-95c2-f8b80c06a829": { "id": "1b2b49af-1bed-4c81-95c2-f8b80c06a829", "title": "Posterity <= 3.3 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Posterity", "slug": "posterity", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b2b49af-1bed-4c81-95c2-f8b80c06a829?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b313177-d329-40a4-8a90-ce14b5cb90a9": { "id": "1b313177-d329-40a4-8a90-ce14b5cb90a9", "title": "Alpine PhotoTile For Instagram < 1.2.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alpine Photo Tile for Instagram", "slug": "alpine-photo-tile-for-instagram", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b313177-d329-40a4-8a90-ce14b5cb90a9?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b34a4aa-bcaa-4be5-a059-6f2efa3a8198": { "id": "1b34a4aa-bcaa-4be5-a059-6f2efa3a8198", "title": "Responsive Tabs <= 4.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Tabs", "slug": "responsive-tabs", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b34a4aa-bcaa-4be5-a059-6f2efa3a8198?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b377236-bb56-4d31-837a-c5064d46a6c6": { "id": "1b377236-bb56-4d31-837a-c5064d46a6c6", "title": "WhitePage <= 1.1.5 - Cross-Site Request Forgery via params_api_form.php", "software": [ { "type": "plugin", "name": "WhitePage", "slug": "white-page-publication", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b377236-bb56-4d31-837a-c5064d46a6c6?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b38e7ec-6663-4253-9c60-61ed34be22c1": { "id": "1b38e7ec-6663-4253-9c60-61ed34be22c1", "title": "Lightweight Accordion <= 1.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Lightweight Accordion", "slug": "lightweight-accordion", "affected_versions": { "* - 1.5.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b38e7ec-6663-4253-9c60-61ed34be22c1?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b3b4b45-5964-490a-991b-c9eb79c670e2": { "id": "1b3b4b45-5964-490a-991b-c9eb79c670e2", "title": "WPO365 | Mail Integration for Office 365 \/ Outlook <= 1.9.0 - reflected Cross-Site Scripting via error_description", "software": [ { "type": "plugin", "name": "WPO365 | Mail Integration for Office 365 \/ Outlook", "slug": "mail-integration-365", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b3b4b45-5964-490a-991b-c9eb79c670e2?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b3be300-5b7f-4844-8637-1bb8c939ed4c": { "id": "1b3be300-5b7f-4844-8637-1bb8c939ed4c", "title": "Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload \u2013 Contact Form 7", "slug": "drag-and-drop-multiple-file-upload-contact-form-7", "affected_versions": { "* - 1.3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b3be300-5b7f-4844-8637-1bb8c939ed4c?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b3df470-d0b7-49e8-bcb2-ac999e0b71d1": { "id": "1b3df470-d0b7-49e8-bcb2-ac999e0b71d1", "title": "Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Ultimate SMS Notifications for WooCommerce", "slug": "ultimate-sms-notifications", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b3df470-d0b7-49e8-bcb2-ac999e0b71d1?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b423aca-e0d2-487d-a861-a2b589c2a62e": { "id": "1b423aca-e0d2-487d-a861-a2b589c2a62e", "title": "Import users from CSV with meta <= 1.12 - Import Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "[*, 1.12.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b423aca-e0d2-487d-a861-a2b589c2a62e?source=api-scan" ], "published": "2018-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b4630f7-74db-46c4-bf86-f1ff64be3463": { "id": "1b4630f7-74db-46c4-bf86-f1ff64be3463", "title": "BERTHA AI Plugin <= 1.11.10.7 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "BERTHA AI. Your AI co-pilot for WordPress and Chrome", "slug": "bertha-ai-free", "affected_versions": { "[*, 1.11.10.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.10.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b4630f7-74db-46c4-bf86-f1ff64be3463?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b4eb0a1-69ad-4e0d-9760-752ec0589314": { "id": "1b4eb0a1-69ad-4e0d-9760-752ec0589314", "title": "JetPack <= 9.7 - Information Disclosure", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[2.0, 2.0.8)": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": false }, "[2.1, 2.1.6)": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": false }, "[2.2, 2.2.9)": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false }, "[2.3, 2.3.9)": { "from_version": "2.3", "from_inclusive": true, "to_version": "2.3.9", "to_inclusive": false }, "[2.4, 2.4.6)": { "from_version": "2.4", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": false }, "[2.5, 2.5.4)": { "from_version": "2.5", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": false }, "[2.6, 2.6.5)": { "from_version": "2.6", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": false }, "[2.7, 2.7.4)": { "from_version": "2.7", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": false }, "[2.8, 2.8.4)": { "from_version": "2.8", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": false }, "[2.9, 2.9.5)": { "from_version": "2.9", "from_inclusive": true, "to_version": "2.9.5", "to_inclusive": false }, "[3.0, 3.0.5)": { "from_version": "3.0", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": false }, "[3.1, 3.1.4)": { "from_version": "3.1", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false }, "[3.2, 3.2.4)": { "from_version": "3.2", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": false }, "[3.3, 3.3.5)": { "from_version": "3.3", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": false }, "[3.4, 3.4.5)": { "from_version": "3.4", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": false }, "[3.5, 3.5.5)": { "from_version": "3.5", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": false }, "[3.6, 3.6.3)": { "from_version": "3.6", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": false }, "[3.7, 3.7.4)": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": false }, "[3.8, 3.8.4)": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": false }, "[3.9, 3.9.8)": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": false }, "[4.0, 4.0.5)": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": false }, "[4.1, 4.1.2)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": false }, "[4.2, 4.2.3)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": false }, "[4.3, 4.3.3)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": false }, "[4.4, 4.4.3)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": false }, "[4.5, 4.5.1)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": false }, "[4.6, 4.6.1)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": false }, "[4.7, 4.7.2)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": false }, "[4.8, 4.8.3)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": false }, "[4.9, 4.9.1)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": false }, "[5.0, 5.0.1)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": false }, "[5.1, 5.1.2)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": false }, "[5.2, 5.2.3)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": false }, "[5.3, 5.3.2)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": false }, "[5.4, 5.4.2)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": false }, "[5.5, 5.5.3)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": false }, "[5.6, 5.6.3)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": false }, "[5.7, 5.7.3)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.3", "to_inclusive": false }, "[5.8, 5.8.2)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": false }, "[5.9, 5.9.2)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.2", "to_inclusive": false }, "[6.0, 6.0.2)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": false }, "[6.1, 6.1.3)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": false }, "[6.2, 6.2.3)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.3", "to_inclusive": false }, "[6.3, 6.3.5)": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.5", "to_inclusive": false }, "[6.4, 6.4.4)": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": false }, "[6.5, 6.5.2)": { "from_version": "6.5", "from_inclusive": true, "to_version": "6.5.2", "to_inclusive": false }, "[6.6, 6.6.3)": { "from_version": "6.6", "from_inclusive": true, "to_version": "6.6.3", "to_inclusive": false }, "[6.7, 6.7.2)": { "from_version": "6.7", "from_inclusive": true, "to_version": "6.7.2", "to_inclusive": false }, "[6.8, 6.8.3)": { "from_version": "6.8", "from_inclusive": true, "to_version": "6.8.3", "to_inclusive": false }, "[6.9, 6.9.2)": { "from_version": "6.9", "from_inclusive": true, "to_version": "6.9.2", "to_inclusive": false }, "[7.0, 7.0.3)": { "from_version": "7.0", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": false }, "[7.1, 7.1.3)": { "from_version": "7.1", "from_inclusive": true, "to_version": "7.1.3", "to_inclusive": false }, "[7.2, 7.2.3)": { "from_version": "7.2", "from_inclusive": true, "to_version": "7.2.3", "to_inclusive": false }, "[7.3, 7.3.3)": { "from_version": "7.3", "from_inclusive": true, "to_version": "7.3.3", "to_inclusive": false }, "[7.4, 7.4.3)": { "from_version": "7.4", "from_inclusive": true, "to_version": "7.4.3", "to_inclusive": false }, "[7.5, 7.5.5)": { "from_version": "7.5", "from_inclusive": true, "to_version": "7.5.5", "to_inclusive": false }, "[7.6, 7.6.2)": { "from_version": "7.6", "from_inclusive": true, "to_version": "7.6.2", "to_inclusive": false }, "[7.7, 7.7.4)": { "from_version": "7.7", "from_inclusive": true, "to_version": "7.7.4", "to_inclusive": false }, "[7.8, 7.8.2)": { "from_version": "7.8", "from_inclusive": true, "to_version": "7.8.2", "to_inclusive": false }, "[7.9, 7.9.2)": { "from_version": "7.9", "from_inclusive": true, "to_version": "7.9.2", "to_inclusive": false }, "[8.0, 8.0.1)": { "from_version": "8.0", "from_inclusive": true, "to_version": "8.0.1", "to_inclusive": false }, "[8.1, 8.1.2)": { "from_version": "8.1", "from_inclusive": true, "to_version": "8.1.2", "to_inclusive": false }, "[8.2, 8.2.4)": { "from_version": "8.2", "from_inclusive": true, "to_version": "8.2.4", "to_inclusive": false }, "[8.3, 8.3.1)": { "from_version": "8.3", "from_inclusive": true, "to_version": "8.3.1", "to_inclusive": false }, "[8.4, 8.4.3)": { "from_version": "8.4", "from_inclusive": true, "to_version": "8.4.3", "to_inclusive": false }, "[8.5, 8.5.1)": { "from_version": "8.5", "from_inclusive": true, "to_version": "8.5.1", "to_inclusive": false }, "[8.6, 8.6.2)": { "from_version": "8.6", "from_inclusive": true, "to_version": "8.6.2", "to_inclusive": false }, "[8.7, 8.7.2)": { "from_version": "8.7", "from_inclusive": true, "to_version": "8.7.2", "to_inclusive": false }, "[8.8, 8.8.3)": { "from_version": "8.8", "from_inclusive": true, "to_version": "8.8.3", "to_inclusive": false }, "[8.9, 8.9.2)": { "from_version": "8.9", "from_inclusive": true, "to_version": "8.9.2", "to_inclusive": false }, "[9.0, 9.0.3)": { "from_version": "9.0", "from_inclusive": true, "to_version": "9.0.3", "to_inclusive": false }, "[9.1, 9.1.1)": { "from_version": "9.1", "from_inclusive": true, "to_version": "9.1.1", "to_inclusive": false }, "[9.2, 9.2.2)": { "from_version": "9.2", "from_inclusive": true, "to_version": "9.2.2", "to_inclusive": false }, "[9.3, 9.3.3)": { "from_version": "9.3", "from_inclusive": true, "to_version": "9.3.3", "to_inclusive": false }, "[9.4, 9.4.2)": { "from_version": "9.4", "from_inclusive": true, "to_version": "9.4.2", "to_inclusive": false }, "[9.5, 9.5.3)": { "from_version": "9.5", "from_inclusive": true, "to_version": "9.5.3", "to_inclusive": false }, "[9.6, 9.6.2)": { "from_version": "9.6", "from_inclusive": true, "to_version": "9.6.2", "to_inclusive": false }, "[9.7, 9.7.1)": { "from_version": "9.7", "from_inclusive": true, "to_version": "9.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.8", "2.1.6", "2.2.9", "2.3.9", "2.4.6", "2.5.4", "2.6.5", "2.7.4", "2.8.4", "2.9.5", "3.0.5", "3.1.4", "3.2.4", "3.3.5", "3.4.5", "3.5.5", "3.6.3", "3.7.4", "3.8.4", "3.9.8", "4.0.5", "4.1.2", "4.2.3", "4.3.3", "4.4.3", "4.5.1", "4.6.1", "4.7.2", "4.8.3", "4.9.1", "5.0.1", "5.1.2", "5.2.3", "5.3.2", "5.4.2", "5.5.3", "5.6.3", "5.7.3", "5.8.2", "5.9.2", "6.0.2", "6.1.3", "6.2.3", "6.3.5", "6.4.4", "6.5.2", "6.6.3", "6.7.2", "6.8.3", "6.9.2", "7.0.3", "7.1.3", "7.2.3", "7.3.3", "7.4.3", "7.5.5", "7.6.2", "7.7.4", "7.8.2", "7.9.2", "8.0.1", "8.1.2", "8.2.4", "8.3.1", "8.4.3", "8.5.1", "8.6.2", "8.7.2", "8.8.3", "8.9.2", "9.0.3", "9.1.1", "9.2.2", "9.3.3", "9.4.2", "9.5.3", "9.6.2", "9.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b4eb0a1-69ad-4e0d-9760-752ec0589314?source=api-scan" ], "published": "2021-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b5a4289-6228-4b77-9929-864b88c34dbe": { "id": "1b5a4289-6228-4b77-9929-864b88c34dbe", "title": "Fusion <= 2.1 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Fusion", "slug": "fushion-theme", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b5a4289-6228-4b77-9929-864b88c34dbe?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b631b92-b8fb-4f9b-ae2a-bbfd16440ebb": { "id": "1b631b92-b8fb-4f9b-ae2a-bbfd16440ebb", "title": "twitterDash <= 2.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "twitterDash", "slug": "twitterdash", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b631b92-b8fb-4f9b-ae2a-bbfd16440ebb?source=api-scan" ], "published": "2014-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b645d0e-daee-4926-af47-05cacf811fbf": { "id": "1b645d0e-daee-4926-af47-05cacf811fbf", "title": "Review Stream <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Review Stream", "slug": "review-stream", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b645d0e-daee-4926-af47-05cacf811fbf?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b660260-e335-4be0-a266-0cdc9a4d7504": { "id": "1b660260-e335-4be0-a266-0cdc9a4d7504", "title": "Qubely <= 1.7.7 - Missing Authorization to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Qubely \u2013 Advanced Gutenberg Blocks", "slug": "qubely", "affected_versions": { "[*, 1.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b660260-e335-4be0-a266-0cdc9a4d7504?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b69831e-19ab-4812-b657-dc4febe15077": { "id": "1b69831e-19ab-4812-b657-dc4febe15077", "title": "Duplicator \u2013 WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 0.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b69831e-19ab-4812-b657-dc4febe15077?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4": { "id": "1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4", "title": "User Registration \u2013 Custom Registration Form, Login Form And User Profile For WordPress <= 3.0.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 3.0.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b71eae9-9727-49c9-9926-85689286983f": { "id": "1b71eae9-9727-49c9-9926-85689286983f", "title": "Social Slider Feed <= 2.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Slider Feed", "slug": "instagram-slider-widget", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b71eae9-9727-49c9-9926-85689286983f?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b73402b-444c-47ad-9c05-7be6e6440123": { "id": "1b73402b-444c-47ad-9c05-7be6e6440123", "title": "The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b73402b-444c-47ad-9c05-7be6e6440123?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b75da76-1a58-4f8e-9b4f-d2e40d09f9ea": { "id": "1b75da76-1a58-4f8e-9b4f-d2e40d09f9ea", "title": "Instant Images \u2013 One Click Unsplash, Pixabay and Pexels Uploads <= 4.4.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Instant Images \u2013 One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels", "slug": "instant-images", "affected_versions": { "* - 4.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b75da76-1a58-4f8e-9b4f-d2e40d09f9ea?source=api-scan" ], "published": "2021-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b847857-5dc9-4793-b9d6-759f27377fe3": { "id": "1b847857-5dc9-4793-b9d6-759f27377fe3", "title": "Void Elementor Post Grid Addon for Elementor Page builder <= 2.1.10 - Missing Authorization to Review Notice Dismissal", "software": [ { "type": "plugin", "name": "Void Elementor Post Grid Addon for Elementor Page builder", "slug": "void-elementor-post-grid-addon-for-elementor-page-builder", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b847857-5dc9-4793-b9d6-759f27377fe3?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b85306d-ffb6-487d-a981-6fc04b27e751": { "id": "1b85306d-ffb6-487d-a981-6fc04b27e751", "title": "Easy Fancybox <= 1.8.17 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Firelight Lightbox", "slug": "easy-fancybox", "affected_versions": { "* - 1.8.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b85306d-ffb6-487d-a981-6fc04b27e751?source=api-scan" ], "published": "2019-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b87fe3d-a88d-477a-8d91-4d7c2dba4a43": { "id": "1b87fe3d-a88d-477a-8d91-4d7c2dba4a43", "title": "Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b8b0f14-f31a-45cd-bb98-0b717059aa80": { "id": "1b8b0f14-f31a-45cd-bb98-0b717059aa80", "title": "Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Everse", "slug": "everse", "affected_versions": { "* - 1.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.12" ] }, { "type": "theme", "name": "Nokke", "slug": "nokke", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "theme", "name": "MedikAid | Medical Health Care RTL WordPress Theme", "slug": "medikaid", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "theme", "name": "Arendelle", "slug": "arendelle", "affected_versions": { "* - 1.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] }, { "type": "theme", "name": "Amela", "slug": "amela", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b8d866e-e187-4ff5-bed7-b03e2a213c11": { "id": "1b8d866e-e187-4ff5-bed7-b03e2a213c11", "title": "Church Admin <= 4.4.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b8d866e-e187-4ff5-bed7-b03e2a213c11?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b8ef792-c2a8-4fc5-bee7-4de3b6b007c9": { "id": "1b8ef792-c2a8-4fc5-bee7-4de3b6b007c9", "title": "All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery", "software": [ { "type": "plugin", "name": "All in One SEO Pro \u2013 Best WordPress SEO Plugin \u2013 Easily Improve SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack-pro", "affected_versions": { "* - 4.2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b8ef792-c2a8-4fc5-bee7-4de3b6b007c9?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b94583f-405e-4fd3-849e-33563b72f698": { "id": "1b94583f-405e-4fd3-849e-33563b72f698", "title": "Sirv <= 7.2.2 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 7.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b94583f-405e-4fd3-849e-33563b72f698?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b996e76-770f-41cc-9601-4e1a3e0127bf": { "id": "1b996e76-770f-41cc-9601-4e1a3e0127bf", "title": "Contact Form X <= 2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form X", "slug": "contact-form-x", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b996e76-770f-41cc-9601-4e1a3e0127bf?source=api-scan" ], "published": "2022-02-25 15:41:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1b9ed184-814d-46cb-979c-908bc9359fae": { "id": "1b9ed184-814d-46cb-979c-908bc9359fae", "title": "Swift SMTP <= 5.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Swift SMTP (formerly Welcome Email Editor)", "slug": "welcome-email-editor", "affected_versions": { "* - 5.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1b9ed184-814d-46cb-979c-908bc9359fae?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ba1844f-96fb-458e-b428-bbc896977cd1": { "id": "1ba1844f-96fb-458e-b428-bbc896977cd1", "title": "EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EZ Form Calculator", "slug": "ez-form-calculator", "affected_versions": { "* - 2.14.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ba1844f-96fb-458e-b428-bbc896977cd1?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ba33c84-5198-4c77-8995-d0a315d68990": { "id": "1ba33c84-5198-4c77-8995-d0a315d68990", "title": "360 Javascript Viewer <= 1.7.12 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "360 Javascript Viewer", "slug": "360deg-javascript-viewer", "affected_versions": { "* - 1.7.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ba33c84-5198-4c77-8995-d0a315d68990?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ba56d68-e104-4a79-b5b4-627f9617043b": { "id": "1ba56d68-e104-4a79-b5b4-627f9617043b", "title": "CP Contact Form with Paypal <= 1.3.34 - Authenticated Feedback Submission", "software": [ { "type": "plugin", "name": "CP Contact Form with PayPal", "slug": "cp-contact-form-with-paypal", "affected_versions": { "* - 1.3.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ba56d68-e104-4a79-b5b4-627f9617043b?source=api-scan" ], "published": "2023-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1baa7b7a-49b5-48bd-b45f-31fae707c199": { "id": "1baa7b7a-49b5-48bd-b45f-31fae707c199", "title": "Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Missing Authorization in upload and delete_file", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload for WooCommerce", "slug": "drag-and-drop-multiple-file-upload-for-woocommerce", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1baa7b7a-49b5-48bd-b45f-31fae707c199?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1baa93da-9b55-45e7-b9a9-db331b5d0584": { "id": "1baa93da-9b55-45e7-b9a9-db331b5d0584", "title": "Bridge Core <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Bridge Core", "slug": "bridge-core", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1baa93da-9b55-45e7-b9a9-db331b5d0584?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bad3803-77c3-4c9f-906c-ba5b1886c997": { "id": "1bad3803-77c3-4c9f-906c-ba5b1886c997", "title": "GB Team Stats <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GB Team Stats", "slug": "gbteamstats", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bad3803-77c3-4c9f-906c-ba5b1886c997?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bae23a4-0f25-430f-8bad-6ec7b2de3dbe": { "id": "1bae23a4-0f25-430f-8bad-6ec7b2de3dbe", "title": "WooCommerce \u2013 Store Exporter <= 2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More", "slug": "woocommerce-exporter", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bae23a4-0f25-430f-8bad-6ec7b2de3dbe?source=api-scan" ], "published": "2022-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bae6d3a-40eb-4af6-be4e-9bc6be1a4b07": { "id": "1bae6d3a-40eb-4af6-be4e-9bc6be1a4b07", "title": "Shortcodes Ultimate <= 7.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_color' Shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bae6d3a-40eb-4af6-be4e-9bc6be1a4b07?source=api-scan" ], "published": "2024-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1baf7c7e-b5e9-40b5-9c96-abe6ebcf2b2a": { "id": "1baf7c7e-b5e9-40b5-9c96-abe6ebcf2b2a", "title": "Document Embedder <= 1.7.8 - Subscriber+ Arbitrary Private\/Draft Post Title Disclosure", "software": [ { "type": "plugin", "name": "Document Embedder \u2013 Document Embedder Plugin", "slug": "document-emberdder", "affected_versions": { "[*, 1.7.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1baf7c7e-b5e9-40b5-9c96-abe6ebcf2b2a?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bb2b1f9-fd76-440e-a64c-ff11622efec1": { "id": "1bb2b1f9-fd76-440e-a64c-ff11622efec1", "title": "Media File Manager <= 1.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media File Manager", "slug": "media-file-manager", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bb2b1f9-fd76-440e-a64c-ff11622efec1?source=api-scan" ], "published": "2018-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bb4674e-71e4-43db-ad9e-36ab15432149": { "id": "1bb4674e-71e4-43db-ad9e-36ab15432149", "title": "Fancy Product Designer <= 4.6.8 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "[*, 4.6.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bb4674e-71e4-43db-ad9e-36ab15432149?source=api-scan" ], "published": "2021-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bb55b22-a0d0-424f-8e4f-57d3f239c149": { "id": "1bb55b22-a0d0-424f-8e4f-57d3f239c149", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bb55b22-a0d0-424f-8e4f-57d3f239c149?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bbba961-a1e6-440a-9b39-919363f7031d": { "id": "1bbba961-a1e6-440a-9b39-919363f7031d", "title": "WP Portfolio <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "WP Portfolio", "slug": "wp-portfolio", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bbba961-a1e6-440a-9b39-919363f7031d?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bc0aa64-57a6-44ef-974a-70991cc3820f": { "id": "1bc0aa64-57a6-44ef-974a-70991cc3820f", "title": "WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.31": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.31", "to_inclusive": true }, "3.8 - 3.8.31": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.31", "to_inclusive": true }, "3.9 - 3.9.29": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.29", "to_inclusive": true }, "4.0 - 4.0.28": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.28", "to_inclusive": true }, "4.1 - 4.1.28": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.28", "to_inclusive": true }, "4.2 - 4.2.25": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.25", "to_inclusive": true }, "4.3 - 4.3.21": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.21", "to_inclusive": true }, "4.4 - 4.4.20": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.20", "to_inclusive": true }, "4.5 - 4.5.19": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.19", "to_inclusive": true }, "4.6 - 4.6.16": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.16", "to_inclusive": true }, "4.7 - 4.7.15": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.15", "to_inclusive": true }, "4.8 - 4.8.11": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.11", "to_inclusive": true }, "4.9 - 4.9.12": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.12", "to_inclusive": true }, "5.0 - 5.0.7": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true }, "5.1 - 5.1.3": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true }, "5.2 - 5.2.4": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": true }, "5.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.32", "3.8.32", "3.9.30", "4.0.29", "4.1.29", "4.2.26", "4.3.22", "4.4.21", "4.5.20", "4.6.17", "4.7.16", "4.8.12", "4.9.13", "5.0.8", "5.1.4", "5.2.5", "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bc0aa64-57a6-44ef-974a-70991cc3820f?source=api-scan" ], "published": "2019-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bc19bfa-ce44-4654-b074-c8126b60a155": { "id": "1bc19bfa-ce44-4654-b074-c8126b60a155", "title": "Hybrid Composer <= 1.4.6 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "hybrid-composer", "slug": "hybrid-composer", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bc19bfa-ce44-4654-b074-c8126b60a155?source=api-scan" ], "published": "2019-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bc697b3-20f6-46df-a250-f2009a60200e": { "id": "1bc697b3-20f6-46df-a250-f2009a60200e", "title": "VK All in One Expansion Unit <= 9.96.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className", "software": [ { "type": "plugin", "name": "VK All in One Expansion Unit", "slug": "vk-all-in-one-expansion-unit", "affected_versions": { "* - 9.96.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.96.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.97.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bc697b3-20f6-46df-a250-f2009a60200e?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bc9d02d-7916-4845-bb9d-f5eb2666b772": { "id": "1bc9d02d-7916-4845-bb9d-f5eb2666b772", "title": "CBI Referral Manager <= 1.2.1 Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CBI Referral Manager", "slug": "cbi-referral-manager", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bc9d02d-7916-4845-bb9d-f5eb2666b772?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bcc6192-b9fa-4444-b06d-2b44d53d9cfe": { "id": "1bcc6192-b9fa-4444-b06d-2b44d53d9cfe", "title": "WP Elegant Testimonial <= 1.1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Elegant Testimonial", "slug": "wp-elegant-testimonial", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bcc6192-b9fa-4444-b06d-2b44d53d9cfe?source=api-scan" ], "published": "2020-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bce11fa-428d-4f44-9ce4-e12e79c43ff1": { "id": "1bce11fa-428d-4f44-9ce4-e12e79c43ff1", "title": "Allure Real Estate Theme for Placester <= 0.1.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Allure Real Estate Theme for Placester", "slug": "allure-real-estate-theme-for-placester", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bce11fa-428d-4f44-9ce4-e12e79c43ff1?source=api-scan" ], "published": "2013-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bd007fd-eee9-4c3c-b509-63e180e3fd28": { "id": "1bd007fd-eee9-4c3c-b509-63e180e3fd28", "title": "English WordPress Admin <= 1.5.1.1 - Unauthenticated Open Redirect", "software": [ { "type": "plugin", "name": "English WordPress Admin", "slug": "english-wp-admin", "affected_versions": { "* - 1.5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bd007fd-eee9-4c3c-b509-63e180e3fd28?source=api-scan" ], "published": "2022-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bd0f172-2cd3-4839-9df9-64475554d3b2": { "id": "1bd0f172-2cd3-4839-9df9-64475554d3b2", "title": "Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.34": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bd0f172-2cd3-4839-9df9-64475554d3b2?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bd308a4-7157-4bc6-a55b-c6a4a62510a9": { "id": "1bd308a4-7157-4bc6-a55b-c6a4a62510a9", "title": "Big File Uploads <= 2.1.2 - Authenticated (Author+) Full Path Disclosure", "software": [ { "type": "plugin", "name": "Big File Uploads \u2013 Increase Maximum File Upload Size", "slug": "tuxedo-big-file-uploads", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bd308a4-7157-4bc6-a55b-c6a4a62510a9?source=api-scan" ], "published": "2024-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bd44471-1a9c-4465-a52a-be64d51e7ea1": { "id": "1bd44471-1a9c-4465-a52a-be64d51e7ea1", "title": "Wechat Social login <= 1.3.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Wechat Social login \u5fae\u4fe1QQ\u9489\u9489\u767b\u5f55\u63d2\u4ef6", "slug": "wechat-social-login", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bd44471-1a9c-4465-a52a-be64d51e7ea1?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bd80ab9-260a-46c5-949e-c1d5dcb32523": { "id": "1bd80ab9-260a-46c5-949e-c1d5dcb32523", "title": "Profile Builder <= 2.1.3 - Missing Access Controls", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bd80ab9-260a-46c5-949e-c1d5dcb32523?source=api-scan" ], "published": "2015-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bda01a0-e995-4642-81e3-4a72e6754af6": { "id": "1bda01a0-e995-4642-81e3-4a72e6754af6", "title": "Simple Social Media Share Buttons 2.0.4 - 2.0.21 - Missing Authorization", "software": [ { "type": "plugin", "name": "Simple Social Media Share Buttons \u2013 Social Sharing for Everyone", "slug": "simple-social-buttons", "affected_versions": { "2.0.4 - 2.0.21": { "from_version": "2.0.4", "from_inclusive": true, "to_version": "2.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bda01a0-e995-4642-81e3-4a72e6754af6?source=api-scan" ], "published": "2019-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bdba04e-df4d-4094-877e-611d69e2e25d": { "id": "1bdba04e-df4d-4094-877e-611d69e2e25d", "title": "Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control", "software": [ { "type": "plugin", "name": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme", "slug": "kingcomposer", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bdba04e-df4d-4094-877e-611d69e2e25d?source=api-scan" ], "published": "2020-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1be5da88-723a-4386-a73e-3fe90eefb6ba": { "id": "1be5da88-723a-4386-a73e-3fe90eefb6ba", "title": "Easy Forms for MailChimp <= 6.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "* - 6.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1be5da88-723a-4386-a73e-3fe90eefb6ba?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1be686d3-16b1-4ec7-b304-848ca4d7162c": { "id": "1be686d3-16b1-4ec7-b304-848ca4d7162c", "title": "MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1be686d3-16b1-4ec7-b304-848ca4d7162c?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1be68c82-c22c-4d45-8c7f-a7aa21fe3ddf": { "id": "1be68c82-c22c-4d45-8c7f-a7aa21fe3ddf", "title": "Rank Math SEO <= 1.0.27 - Authenticated Settings Reset via reset-cmb Parameter", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "[*, 1.0.27.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.27.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.27.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1be68c82-c22c-4d45-8c7f-a7aa21fe3ddf?source=api-scan" ], "published": "2019-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bea55b5-b2d7-4eaf-8868-d2645ce18619": { "id": "1bea55b5-b2d7-4eaf-8868-d2645ce18619", "title": "WP Booking System \u2013 Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking System \u2013 Booking Calendar", "slug": "wp-booking-system", "affected_versions": { "* - 2.0.19.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.19.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.19.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bea55b5-b2d7-4eaf-8868-d2645ce18619?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1beb2a35-0346-4aa1-8cc3-a18a47e82eb3": { "id": "1beb2a35-0346-4aa1-8cc3-a18a47e82eb3", "title": "WP Customer Reviews <= 3.7.0 - Authenticated (Contributor+) Malicious Redirect via HTTP-EQUIV Injection", "software": [ { "type": "plugin", "name": "WP Customer Reviews", "slug": "wp-customer-reviews", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1beb2a35-0346-4aa1-8cc3-a18a47e82eb3?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bebb24c-c141-4fcf-8288-9b8faaaf69c9": { "id": "1bebb24c-c141-4fcf-8288-9b8faaaf69c9", "title": "WordPress Team Manager <= 2.1.12 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Team Manager \u2013 WordPress Showcase Team Members", "slug": "wp-team-manager", "affected_versions": { "* - 2.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bebb24c-c141-4fcf-8288-9b8faaaf69c9?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bee1eeb-5354-47c9-9ae1-b1608d87d7bb": { "id": "1bee1eeb-5354-47c9-9ae1-b1608d87d7bb", "title": "WP Easy Post Types <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta", "software": [ { "type": "plugin", "name": "WP Easy Post Types", "slug": "easy-post-types", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bee1eeb-5354-47c9-9ae1-b1608d87d7bb?source=api-scan" ], "published": "2024-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bf798b5-2a5c-42d9-a4b3-d3ed056e1fdb": { "id": "1bf798b5-2a5c-42d9-a4b3-d3ed056e1fdb", "title": "Arigato Autoresponder and Newsletter <= 2.7.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.7.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bf798b5-2a5c-42d9-a4b3-d3ed056e1fdb?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bf805fc-4b27-47c4-b24e-79158cffaac4": { "id": "1bf805fc-4b27-47c4-b24e-79158cffaac4", "title": "Stop Spammers Security <= 2021.17 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms", "slug": "stop-spammer-registrations-plugin", "affected_versions": { "[*, 2021.18)": { "from_version": "*", "from_inclusive": true, "to_version": "2021.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2021.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bf805fc-4b27-47c4-b24e-79158cffaac4?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1bfb5d34-738d-4842-be93-9668fceb3334": { "id": "1bfb5d34-738d-4842-be93-9668fceb3334", "title": "Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1bfb5d34-738d-4842-be93-9668fceb3334?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c025fc0-5dac-4a18-8338-fefb2a1fca5a": { "id": "1c025fc0-5dac-4a18-8338-fefb2a1fca5a", "title": "Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Link Pages: link-in-bio landing pages for your social media profiles", "slug": "social-link-pages", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c025fc0-5dac-4a18-8338-fefb2a1fca5a?source=api-scan" ], "published": "2024-06-03 17:10:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c051bfd-2754-4faf-8062-91752555166c": { "id": "1c051bfd-2754-4faf-8062-91752555166c", "title": "TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Tag, Category, and Taxonomy Manager \u2013 AI Autotagger", "slug": "simple-tags", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c051bfd-2754-4faf-8062-91752555166c?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf": { "id": "1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf", "title": "AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 5.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c074e03-b452-4aea-aa1d-36657ba311e1": { "id": "1c074e03-b452-4aea-aa1d-36657ba311e1", "title": "MailChimp for WordPress <= 4.0.10 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "[*, 4.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c074e03-b452-4aea-aa1d-36657ba311e1?source=api-scan" ], "published": "2016-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c08b7a7-297b-4ad7-b829-3ccbae7b2e41": { "id": "1c08b7a7-297b-4ad7-b829-3ccbae7b2e41", "title": "wp-publications < 1.1 - Local File Inclusion", "software": [ { "type": "plugin", "name": "wp-publications", "slug": "wp-publications", "affected_versions": { "* - 0.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c08b7a7-297b-4ad7-b829-3ccbae7b2e41?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c09743a-cf0a-4eaa-8508-ecde32de4fce": { "id": "1c09743a-cf0a-4eaa-8508-ecde32de4fce", "title": "WP Product Review Lite <= 3.7.5 - Unauthenticated Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Product Review Lite", "slug": "wp-product-review", "affected_versions": { "[*, 3.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c09743a-cf0a-4eaa-8508-ecde32de4fce?source=api-scan" ], "published": "2020-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c0d18d3-8758-41ae-b104-dac69eee4ac9": { "id": "1c0d18d3-8758-41ae-b104-dac69eee4ac9", "title": "TH Side Cart and Menu Cart for Woocommerce <= 1.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Cart & Floating Cart", "slug": "th-all-in-one-woo-cart", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c0d18d3-8758-41ae-b104-dac69eee4ac9?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c13f00e-3048-44cf-8979-2b0b0c508f3a": { "id": "1c13f00e-3048-44cf-8979-2b0b0c508f3a", "title": "All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 4.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c13f00e-3048-44cf-8979-2b0b0c508f3a?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c2153f5-1c8b-4095-a0a8-849a7ee967c1": { "id": "1c2153f5-1c8b-4095-a0a8-849a7ee967c1", "title": "SMSmaster \u2013 Multipurpose SMS Gateway for Wordpress (All Versions) - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "SMSmaster \u2013 Multipurpose SMS Gateway for Wordpress", "slug": "smsmaster", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c2153f5-1c8b-4095-a0a8-849a7ee967c1?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c225bea-78db-4f4c-a201-833436c1df78": { "id": "1c225bea-78db-4f4c-a201-833436c1df78", "title": "Insert or Embed Articulate Content into WordPress < 4.29991 - Directory Traversal", "software": [ { "type": "plugin", "name": "Insert or Embed Articulate Content into WordPress", "slug": "insert-or-embed-articulate-content-into-wordpress", "affected_versions": { "[*, 4.29991)": { "from_version": "*", "from_inclusive": true, "to_version": "4.29991", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.29991" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c225bea-78db-4f4c-a201-833436c1df78?source=api-scan" ], "published": "2019-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c22717f-494e-4f62-9691-ee5a3366a487": { "id": "1c22717f-494e-4f62-9691-ee5a3366a487", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'deleteRedirect' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c22717f-494e-4f62-9691-ee5a3366a487?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c23d163-1053-403f-80bc-ea8f76fff4e2": { "id": "1c23d163-1053-403f-80bc-ea8f76fff4e2", "title": "RegistrationMagic \u2013 Custom Registration Forms and User Login <= 4.6.0.3 - Cross-Site Request Forgery to Settings Modification", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "[*, 4.6.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c23d163-1053-403f-80bc-ea8f76fff4e2?source=api-scan" ], "published": "2020-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c24a03a-95d8-4354-bb26-8575d70f2253": { "id": "1c24a03a-95d8-4354-bb26-8575d70f2253", "title": "Coming Soon <= 1.1.18 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "[*, 1.1.19)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c24a03a-95d8-4354-bb26-8575d70f2253?source=api-scan" ], "published": "2018-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c24f881-52bc-4210-9037-bcdd1e4aa895": { "id": "1c24f881-52bc-4210-9037-bcdd1e4aa895", "title": "Best Restaurant Menu by PriceListo <= 1.3.1 - Cross-Site Request Forgery via menu_page", "software": [ { "type": "plugin", "name": "Great Restaurant Menu WP", "slug": "best-restaurant-menu-by-pricelisto", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c24f881-52bc-4210-9037-bcdd1e4aa895?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c2b9858-eb0c-42bd-bc32-c58c0f809fc8": { "id": "1c2b9858-eb0c-42bd-bc32-c58c0f809fc8", "title": "Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization", "software": [ { "type": "theme", "name": "Networker - Tech News WordPress Theme with Dark Mode", "slug": "networker", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c2b9858-eb0c-42bd-bc32-c58c0f809fc8?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c2f4b74-2568-4e5a-b55f-0130096bc19f": { "id": "1c2f4b74-2568-4e5a-b55f-0130096bc19f", "title": "Sassy Social Share <= 3.3.56 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Sassy Social Share", "slug": "sassy-social-share", "affected_versions": { "* - 3.3.56": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c2f4b74-2568-4e5a-b55f-0130096bc19f?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c307340-2911-46b9-9c90-0a7ebad8a0e9": { "id": "1c307340-2911-46b9-9c90-0a7ebad8a0e9", "title": "Smash Balloon Social Photo Feed <= 1.11.3 - Cross-Site Request Forgery to Back-Up Deletion", "software": [ { "type": "plugin", "name": "Smash Balloon Social Photo Feed \u2013 Easy Social Feeds Plugin", "slug": "instagram-feed", "affected_versions": { "[*, 1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c307340-2911-46b9-9c90-0a7ebad8a0e9?source=api-scan" ], "published": "2019-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c387b07-baf6-4c62-943e-4bd121160ceb": { "id": "1c387b07-baf6-4c62-943e-4bd121160ceb", "title": "Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action", "software": [ { "type": "plugin", "name": "Contact Form by Supsystic", "slug": "contact-form-by-supsystic", "affected_versions": { "* - 1.7.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c387b07-baf6-4c62-943e-4bd121160ceb?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c3d4c96-63a7-4f3b-a9ac-095be241f840": { "id": "1c3d4c96-63a7-4f3b-a9ac-095be241f840", "title": "Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Go Pricing - WordPress Responsive Pricing Tables", "slug": "go_pricing", "affected_versions": { "* - 3.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c3d4c96-63a7-4f3b-a9ac-095be241f840?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c3e1a05-ae8c-4438-afd9-d1d0a39484c2": { "id": "1c3e1a05-ae8c-4438-afd9-d1d0a39484c2", "title": "WPPizza \u2013 A Restaurant Plugin <= 3.18.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPPizza \u2013 A Restaurant Plugin", "slug": "wppizza", "affected_versions": { "* - 3.18.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.18.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.18.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c3e1a05-ae8c-4438-afd9-d1d0a39484c2?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c40c28f-554f-42d0-9f6d-a899d8f61519": { "id": "1c40c28f-554f-42d0-9f6d-a899d8f61519", "title": "PowerPress <= 10.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 10.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "10.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c40c28f-554f-42d0-9f6d-a899d8f61519?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c432dbe-8542-41de-966a-b2699d1685ce": { "id": "1c432dbe-8542-41de-966a-b2699d1685ce", "title": "Increase upload file size & Maximum Execution Time limit <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Increase upload file size & Maximum Execution Time limit", "slug": "increase-upload-file-size-maximum-execution-time-limit", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c432dbe-8542-41de-966a-b2699d1685ce?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c4fcaa5-357a-4b70-8653-3874a234f07d": { "id": "1c4fcaa5-357a-4b70-8653-3874a234f07d", "title": "kk Star Ratings <= 5.4.3 - IP Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "kk Star Ratings \u2013 Rate Post & Collect User Feedbacks", "slug": "kk-star-ratings", "affected_versions": { "* - 5.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c4fcaa5-357a-4b70-8653-3874a234f07d?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c51a3f8-dee1-4744-8353-864312c89021": { "id": "1c51a3f8-dee1-4744-8353-864312c89021", "title": "WP 2FA \u2013 Two-factor authentication for WordPress <= 2.2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP 2FA \u2013 Two-factor authentication for WordPress", "slug": "wp-2fa", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c51a3f8-dee1-4744-8353-864312c89021?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c544990-9fd2-4f1b-a02c-a13959d68580": { "id": "1c544990-9fd2-4f1b-a02c-a13959d68580", "title": "Buddypress Moderation <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress Moderation", "slug": "youzify-moderation", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c544990-9fd2-4f1b-a02c-a13959d68580?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c5d214e-65e2-4158-a88f-58bef7c9952b": { "id": "1c5d214e-65e2-4158-a88f-58bef7c9952b", "title": "HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting via channel parameter", "software": [ { "type": "plugin", "name": "HDW WordPress Video Gallery", "slug": "hdw-tube", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c5d214e-65e2-4158-a88f-58bef7c9952b?source=api-scan" ], "published": "2016-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c61b3a7-25a9-4890-a294-378883ebe11d": { "id": "1c61b3a7-25a9-4890-a294-378883ebe11d", "title": "Data Tables Generator by Supsystic <= 1.10.31 - Missing Authorization", "software": [ { "type": "plugin", "name": "Data Tables Generator by Supsystic", "slug": "data-tables-generator-by-supsystic", "affected_versions": { "* - 1.10.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c61b3a7-25a9-4890-a294-378883ebe11d?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c63eaea-0a0f-412b-9f1a-3091de3a653a": { "id": "1c63eaea-0a0f-412b-9f1a-3091de3a653a", "title": "Social Slider Feed <= 2.0.4 - Missing Authorization to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Slider Feed", "slug": "instagram-slider-widget", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c63eaea-0a0f-412b-9f1a-3091de3a653a?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c648de5-14b3-4c7f-a1c2-46d91b56b0ff": { "id": "1c648de5-14b3-4c7f-a1c2-46d91b56b0ff", "title": "Myflash < 1.11 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Myflash", "slug": "myflash", "affected_versions": { "* - 1.00": { "from_version": "*", "from_inclusive": true, "to_version": "1.00", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c648de5-14b3-4c7f-a1c2-46d91b56b0ff?source=api-scan" ], "published": "2007-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c649083-d311-42ce-83be-9aca5933ed47": { "id": "1c649083-d311-42ce-83be-9aca5933ed47", "title": "WP Prayer II <= 2.4.7 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Prayer", "slug": "wp-prayers-request", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c649083-d311-42ce-83be-9aca5933ed47?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c667631-7934-467e-baa2-7c3b0160c3a5": { "id": "1c667631-7934-467e-baa2-7c3b0160c3a5", "title": "Active Directory Integration \/ LDAP Integration <= 4.1.9 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Active Directory Integration \/ LDAP Integration", "slug": "ldap-login-for-intranet-sites", "affected_versions": { "* - 4.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c667631-7934-467e-baa2-7c3b0160c3a5?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c6b2c4b-5ea5-471d-9114-d2b469b6c59b": { "id": "1c6b2c4b-5ea5-471d-9114-d2b469b6c59b", "title": "CF7 Google Sheets Connector <= 5.0.1 - Reflected Cross-Site Scripting via 'code'", "software": [ { "type": "plugin", "name": "CF7 Google Sheets Connector Pro", "slug": "cf7-google-sheets-connector-pro", "affected_versions": { "[*, 2.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.7" ] }, { "type": "plugin", "name": "CF7 Google Sheets Connector", "slug": "cf7-google-sheets-connector", "affected_versions": { "* - 5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c6b2c4b-5ea5-471d-9114-d2b469b6c59b?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c6bf45b-b02d-43bb-b682-7f1ae994e1d3": { "id": "1c6bf45b-b02d-43bb-b682-7f1ae994e1d3", "title": "uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c6bf45b-b02d-43bb-b682-7f1ae994e1d3?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c6d5a66-0eec-4a73-ad78-2b66a688c67a": { "id": "1c6d5a66-0eec-4a73-ad78-2b66a688c67a", "title": "SP Project & Document Manager <= 4.69 - Missing Authorization", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.69": { "from_version": "*", "from_inclusive": true, "to_version": "4.69", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c6d5a66-0eec-4a73-ad78-2b66a688c67a?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c6dd146-a99e-4317-a703-de34735317c8": { "id": "1c6dd146-a99e-4317-a703-de34735317c8", "title": "Suki Sites Import <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Suki Sites Import", "slug": "suki-sites-import", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c6dd146-a99e-4317-a703-de34735317c8?source=api-scan" ], "published": "2024-10-17 15:45:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c703856-9519-4181-9312-dcf862840bd9": { "id": "1c703856-9519-4181-9312-dcf862840bd9", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.2.1 - 4.2.12 - Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "4.2.1 - 4.2.12": { "from_version": "4.2.1", "from_inclusive": true, "to_version": "4.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.153" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c703856-9519-4181-9312-dcf862840bd9?source=api-scan" ], "published": "2020-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c75edd2-fc38-48b1-b58c-1d19c95c3db8": { "id": "1c75edd2-fc38-48b1-b58c-1d19c95c3db8", "title": "WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Forms Puzzle Captcha", "slug": "wp-forms-puzzle-captcha", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c75edd2-fc38-48b1-b58c-1d19c95c3db8?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c7c0c35-5f44-488f-9fe1-269ea4a73854": { "id": "1c7c0c35-5f44-488f-9fe1-269ea4a73854", "title": "MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 4.10.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c7c74cf-a109-4f77-a740-5a43ccd4e96a": { "id": "1c7c74cf-a109-4f77-a740-5a43ccd4e96a", "title": "Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c8034ff-cf36-498f-9efc-a4e6bbb92b2c": { "id": "1c8034ff-cf36-498f-9efc-a4e6bbb92b2c", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c8152c5-7d72-48a1-9140-8b0341c86023": { "id": "1c8152c5-7d72-48a1-9140-8b0341c86023", "title": "Wbcom Designs \u2013 BuddyPress Activity Social Share <= 3.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Activity Social Share", "slug": "bp-activity-social-share", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c8152c5-7d72-48a1-9140-8b0341c86023?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c85e5e0-d8ee-46d3-99b1-df6c6744f020": { "id": "1c85e5e0-d8ee-46d3-99b1-df6c6744f020", "title": "Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "JetSearch", "slug": "jet-search", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2.1" ] }, { "type": "plugin", "name": "JetTabs for Elementor", "slug": "jet-tabs", "affected_versions": { "* - 2.1.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.25.2" ] }, { "type": "plugin", "name": "JetBlog for Elementor", "slug": "jet-blog", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5.1" ] }, { "type": "plugin", "name": "JetThemeCore for Elementor", "slug": "jet-theme-core", "affected_versions": { "* - 2.1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2.2" ] }, { "type": "plugin", "name": "JetCompareWishlist for Elementor", "slug": "jet-compare-wishlist", "affected_versions": { "* - 1.5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5.2" ] }, { "type": "plugin", "name": "JetElements", "slug": "jet-elements", "affected_versions": { "* - 2.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.13.1" ] }, { "type": "plugin", "name": "JetPopup", "slug": "jet-popup", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2.1" ] }, { "type": "plugin", "name": "JetWooBuilder for Elementor", "slug": "jet-woo-builder", "affected_versions": { "* - 2.1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7.3" ] }, { "type": "plugin", "name": "JetReviews for Elementor", "slug": "jet-reviews", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2.1" ] }, { "type": "plugin", "name": "JetEngine", "slug": "jet-engine", "affected_versions": { "* - 3.2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5.2" ] }, { "type": "plugin", "name": "JetTricks for Elementor", "slug": "jet-tricks", "affected_versions": { "* - 1.4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6.2" ] }, { "type": "plugin", "name": "JetMenu for Elementor", "slug": "jet-menu", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] }, { "type": "plugin", "name": "JetBlocks for Elementor", "slug": "jet-blocks", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8.1" ] }, { "type": "plugin", "name": "JetProductGallery", "slug": "jet-woo-product-gallery", "affected_versions": { "* - 2.1.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.13.2" ] }, { "type": "plugin", "name": "JetSmartFilters for Elementor", "slug": "jet-smart-filters", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c866d8d-399c-4bda-a3c9-17c7e5d2ffb8": { "id": "1c866d8d-399c-4bda-a3c9-17c7e5d2ffb8", "title": "Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c866d8d-399c-4bda-a3c9-17c7e5d2ffb8?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c894de0-2ea7-4002-9c26-0e3e59744a5e": { "id": "1c894de0-2ea7-4002-9c26-0e3e59744a5e", "title": "Responsive Blocks \u2013 WordPress Gutenberg Blocks <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Blocks \u2013 WordPress Gutenberg Blocks", "slug": "responsive-block-editor-addons", "affected_versions": { "* - 1.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c894de0-2ea7-4002-9c26-0e3e59744a5e?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c8b8391-8d18-49ad-a5ee-2ba7a9090e6b": { "id": "1c8b8391-8d18-49ad-a5ee-2ba7a9090e6b", "title": "Video Gallery \u2013 Api Gallery, YouTube and Vimeo, Link Gallery <= 1.5.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 Api Gallery, YouTube and Vimeo, Link Gallery", "slug": "new-video-gallery", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c8b8391-8d18-49ad-a5ee-2ba7a9090e6b?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c9266b8-cf27-4a55-ae5a-0beda19f0fbf": { "id": "1c9266b8-cf27-4a55-ae5a-0beda19f0fbf", "title": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce <= 1.6.28 - Insufficient Input Validation", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "* - 1.6.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c9266b8-cf27-4a55-ae5a-0beda19f0fbf?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c93c412-541a-429f-b18e-7b75c8ebdf67": { "id": "1c93c412-541a-429f-b18e-7b75c8ebdf67", "title": "Location Weather <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Location Weather \u2013 Hourly, Daily Weather Forecast Widget and Weather Map", "slug": "location-weather", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c93c412-541a-429f-b18e-7b75c8ebdf67?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c94028c-a774-45ac-817d-ad9b966a3b51": { "id": "1c94028c-a774-45ac-817d-ad9b966a3b51", "title": "Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "* - 2.7.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c94028c-a774-45ac-817d-ad9b966a3b51?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1c995da3-83c4-4734-8d4f-24c34f12919c": { "id": "1c995da3-83c4-4734-8d4f-24c34f12919c", "title": "Olevmedia Shortcodes <= 1.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Olevmedia Shortcodes", "slug": "olevmedia-shortcodes", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1c995da3-83c4-4734-8d4f-24c34f12919c?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cab1bef-c8c5-45ee-921e-0d01736e74c6": { "id": "1cab1bef-c8c5-45ee-921e-0d01736e74c6", "title": "postMash \u2013 custom post order <= 1.2.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "postMash \u2013 custom post order", "slug": "postmash", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cab1bef-c8c5-45ee-921e-0d01736e74c6?source=api-scan" ], "published": "2024-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cb1d8a3-91dd-419e-bc4e-57842afeb7b1": { "id": "1cb1d8a3-91dd-419e-bc4e-57842afeb7b1", "title": "Appointment Booking Calendar <= 1.3.69 - Missing Authorization", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "* - 1.3.69": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.69", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cb1d8a3-91dd-419e-bc4e-57842afeb7b1?source=api-scan" ], "published": "2022-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cb265d8-eb18-42ee-9141-2fe81c0c4585": { "id": "1cb265d8-eb18-42ee-9141-2fe81c0c4585", "title": "WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Google Tag Manager", "slug": "wp-google-tag-manager", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cb265d8-eb18-42ee-9141-2fe81c0c4585?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cbad810-530c-4160-af5d-7e57ecc40dac": { "id": "1cbad810-530c-4160-af5d-7e57ecc40dac", "title": "Loops & Logic <= 4.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Loops & Logic", "slug": "tangible-loops-and-logic", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cbad810-530c-4160-af5d-7e57ecc40dac?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cbb309c-015b-4bdb-917a-a67e028484e6": { "id": "1cbb309c-015b-4bdb-917a-a67e028484e6", "title": "Email Artillery (MASS EMAIL) <= 4.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Email Artillery (MASS EMAIL)", "slug": "email-artillery", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cbb309c-015b-4bdb-917a-a67e028484e6?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cbd298c-cba3-4986-b44c-a75b005b4340": { "id": "1cbd298c-cba3-4986-b44c-a75b005b4340", "title": "The Hacker's Diet <= 0.9.6b - SQL Injection", "software": [ { "type": "plugin", "name": "The Hacker's Diet", "slug": "the-hackers-diet", "affected_versions": { "* - 0.9.6b": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.6b", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.7b" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cbd298c-cba3-4986-b44c-a75b005b4340?source=api-scan" ], "published": "2007-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cbd95bb-6f13-48c9-a51e-5f7bf7a296df": { "id": "1cbd95bb-6f13-48c9-a51e-5f7bf7a296df", "title": "Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive WordPress Slideshows <= 3.70.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode", "software": [ { "type": "plugin", "name": "Slider, Gallery, and Carousel by MetaSlider \u2013 Image Sliders, Video Sliders", "slug": "ml-slider", "affected_versions": { "* - 3.70.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.70.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.70.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cbd95bb-6f13-48c9-a51e-5f7bf7a296df?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cc2bc18-8182-4716-bb34-ffb574d8c874": { "id": "1cc2bc18-8182-4716-bb34-ffb574d8c874", "title": "CM Tooltip Glossary <= 4.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Tooltip Glossary", "slug": "enhanced-tooltipglossary", "affected_versions": { "* - 4.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cc2bc18-8182-4716-bb34-ffb574d8c874?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cc50245-365a-419d-a85c-fbd658d004ae": { "id": "1cc50245-365a-419d-a85c-fbd658d004ae", "title": "ChatBot <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cc50245-365a-419d-a85c-fbd658d004ae?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cd5fa89-ed3b-4ac1-9200-9f5eb26cb534": { "id": "1cd5fa89-ed3b-4ac1-9200-9f5eb26cb534", "title": "CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "CGC Maintenance Mode", "slug": "cgc-maintenance-mode", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cd5fa89-ed3b-4ac1-9200-9f5eb26cb534?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cd877e6-e000-437d-ba9f-0640350277e4": { "id": "1cd877e6-e000-437d-ba9f-0640350277e4", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.12.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cd877e6-e000-437d-ba9f-0640350277e4?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cda31a4-4c79-4567-a527-6510c31d2843": { "id": "1cda31a4-4c79-4567-a527-6510c31d2843", "title": "webpack JS package <= 5.75.0 - Sandbox Bypass", "software": [ { "type": "plugin", "name": "Restricted Site Access", "slug": "restricted-site-access", "affected_versions": { "* - 7.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.0" ] }, { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cda31a4-4c79-4567-a527-6510c31d2843?source=api-scan" ], "published": "2023-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cda411b-b277-4b4d-9087-dadede4b67dd": { "id": "1cda411b-b277-4b4d-9087-dadede4b67dd", "title": "Contact Form Manager <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Manager", "slug": "contact-form-manager", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cda411b-b277-4b4d-9087-dadede4b67dd?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cdfbc7a-e3c2-44c1-af83-b2b78be01e5e": { "id": "1cdfbc7a-e3c2-44c1-af83-b2b78be01e5e", "title": "WordPress Tag Cloud Plugin \u2013 Tag Groups <= 2.0.3 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "Tag Groups is the Advanced Way to Display Your Taxonomy Terms", "slug": "tag-groups", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cdfbc7a-e3c2-44c1-af83-b2b78be01e5e?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ce1316b-674a-4436-968f-9ffca4e8f726": { "id": "1ce1316b-674a-4436-968f-9ffca4e8f726", "title": "Abandoned Cart Lite for WooCommerce <= 5.16.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "* - 5.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ce1316b-674a-4436-968f-9ffca4e8f726?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ce15d38-c5bc-441b-976a-60a3e90b5a30": { "id": "1ce15d38-c5bc-441b-976a-60a3e90b5a30", "title": "Download Monitor <= 4.5.9 - Authenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ce15d38-c5bc-441b-976a-60a3e90b5a30?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ce7c895-e94c-46bd-9de1-f5fde29c3475": { "id": "1ce7c895-e94c-46bd-9de1-f5fde29c3475", "title": "Cool Timeline (Horizontal & Vertical Timeline) <= 2.0.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Cool Timeline (Horizontal & Vertical Timeline)", "slug": "cool-timeline", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ceae0dc-205a-4a24-a912-b632c9ca7e6f": { "id": "1ceae0dc-205a-4a24-a912-b632c9ca7e6f", "title": "WP eMember <= 10.6.6 - Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI']", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ceae0dc-205a-4a24-a912-b632c9ca7e6f?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cec03d3-0e80-4025-b782-1ce9c3237569": { "id": "1cec03d3-0e80-4025-b782-1ce9c3237569", "title": "Contact Us Page \u2013 Contact People <= 3.7.0 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Us Page \u2013 Contact People", "slug": "contact-us-page-contact-people", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cec03d3-0e80-4025-b782-1ce9c3237569?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cefe584-c1b0-418c-bade-ca4092807b1b": { "id": "1cefe584-c1b0-418c-bade-ca4092807b1b", "title": "Yoast Duplicate Post <= 2.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Yoast Duplicate Post", "slug": "duplicate-post", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cefe584-c1b0-418c-bade-ca4092807b1b?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cf2739f-9001-409a-9b7f-024931729da3": { "id": "1cf2739f-9001-409a-9b7f-024931729da3", "title": "Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "* - 3.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cf2739f-9001-409a-9b7f-024931729da3?source=api-scan" ], "published": "2021-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cf3190c-e247-4bcc-99e0-2ab2d2fa0590": { "id": "1cf3190c-e247-4bcc-99e0-2ab2d2fa0590", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cf3190c-e247-4bcc-99e0-2ab2d2fa0590?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1cf44639-60ce-4a3c-aa4a-550dd9327039": { "id": "1cf44639-60ce-4a3c-aa4a-550dd9327039", "title": "Booking Calendar - Clockwork SMS <= 1.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Calendar \u2013 Clockwork SMS", "slug": "booking-sms", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1cf44639-60ce-4a3c-aa4a-550dd9327039?source=api-scan" ], "published": "2017-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d0166c9-1349-45df-9e0f-ff4bc1a67c73": { "id": "1d0166c9-1349-45df-9e0f-ff4bc1a67c73", "title": "FormFacade <= 1.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FormFacade \u2013 WordPress plugin for Google Forms", "slug": "formfacade", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d0166c9-1349-45df-9e0f-ff4bc1a67c73?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d063d01-5f67-4c7f-ab71-01708456e82b": { "id": "1d063d01-5f67-4c7f-ab71-01708456e82b", "title": "WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPMK Ajax Finder", "slug": "find-any-think", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d063d01-5f67-4c7f-ab71-01708456e82b?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d07eefc-f406-4da4-addb-559caa6dc208": { "id": "1d07eefc-f406-4da4-addb-559caa6dc208", "title": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d07eefc-f406-4da4-addb-559caa6dc208?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d0a40f8-4c31-447d-ac28-73cfe7a07687": { "id": "1d0a40f8-4c31-447d-ac28-73cfe7a07687", "title": "EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email", "software": [ { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d0a40f8-4c31-447d-ac28-73cfe7a07687?source=api-scan" ], "published": "2024-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d119ee0-4c16-46b1-ae45-8e0c6de0081b": { "id": "1d119ee0-4c16-46b1-ae45-8e0c6de0081b", "title": "El mejor Cluster <= 1.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "El mejor Cluster", "slug": "mejorcluster", "affected_versions": { "* - 1.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d119ee0-4c16-46b1-ae45-8e0c6de0081b?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d14779f-3ee5-4a55-b49d-e9162db2f4a2": { "id": "1d14779f-3ee5-4a55-b49d-e9162db2f4a2", "title": "WP Statistics < 8.3.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "[*, 8.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d14779f-3ee5-4a55-b49d-e9162db2f4a2?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d17d3ce-2478-498b-8364-75d2449a9b58": { "id": "1d17d3ce-2478-498b-8364-75d2449a9b58", "title": "Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "* - 2.4.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d17d3ce-2478-498b-8364-75d2449a9b58?source=api-scan" ], "published": "2019-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d24dbdf-8fb0-41c3-8c35-e0d65c6b96f5": { "id": "1d24dbdf-8fb0-41c3-8c35-e0d65c6b96f5", "title": "Watu Quiz <= 3.3.9.2 - Reflected Cross-Site Scripting via 'question'", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 3.3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d24dbdf-8fb0-41c3-8c35-e0d65c6b96f5?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d261e25-7355-4220-882c-f3266c64252a": { "id": "1d261e25-7355-4220-882c-f3266c64252a", "title": "Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting via id Parameter", "software": [ { "type": "plugin", "name": "Awesome Weather Widget", "slug": "awesome-weather", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d261e25-7355-4220-882c-f3266c64252a?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d2b78e0-1b82-4074-8051-e44dcfe3ac51": { "id": "1d2b78e0-1b82-4074-8051-e44dcfe3ac51", "title": "Compute Links <= 1.2.1 - Unauthenticated Remote File Inclusion", "software": [ { "type": "plugin", "name": "Compute Links", "slug": "compute-links", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d2b78e0-1b82-4074-8051-e44dcfe3ac51?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d2ba8ea-a75f-4069-b67d-f832acb1deef": { "id": "1d2ba8ea-a75f-4069-b67d-f832acb1deef", "title": "MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "4.9.9 - 4.9.16": { "from_version": "4.9.9", "from_inclusive": true, "to_version": "4.9.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d2ba8ea-a75f-4069-b67d-f832acb1deef?source=api-scan" ], "published": "2024-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d2c6f19-025e-4c17-b5d9-4bbddbaf66d1": { "id": "1d2c6f19-025e-4c17-b5d9-4bbddbaf66d1", "title": "iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "iframe popup", "slug": "iframe-popup", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d2c6f19-025e-4c17-b5d9-4bbddbaf66d1?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d2da608-81a4-47b5-b23d-d18ab7bc2aa9": { "id": "1d2da608-81a4-47b5-b23d-d18ab7bc2aa9", "title": "AI WP Writer <= 3.6.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "AI WP Writer \u2013 \u0430\u0432\u0442\u043e\u043d\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u0430\u0439\u0442\u0430 ChatGPT, GPT-4 \u0438 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u043b\u0443\u0447\u0448\u0438\u0445 \u043d\u0435\u0439\u0440\u043e\u0441\u0435\u0442\u0435\u0439", "slug": "ai-wp-writer", "affected_versions": { "* - 3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d2da608-81a4-47b5-b23d-d18ab7bc2aa9?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d2ebbc4-dc8b-47e5-b8d9-758424de4426": { "id": "1d2ebbc4-dc8b-47e5-b8d9-758424de4426", "title": "WP 2FA <= 2.2.1 - Time-Based TOTP attack to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WP 2FA \u2013 Two-factor authentication for WordPress", "slug": "wp-2fa", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d2ebbc4-dc8b-47e5-b8d9-758424de4426?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d2f973a-1fb3-4c75-8c33-6d1fadf9c906": { "id": "1d2f973a-1fb3-4c75-8c33-6d1fadf9c906", "title": "WordPress Core <= 1.5 - Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d2f973a-1fb3-4c75-8c33-6d1fadf9c906?source=api-scan" ], "published": "2005-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d305711-7a84-46c2-b333-02f5a745d76c": { "id": "1d305711-7a84-46c2-b333-02f5a745d76c", "title": "WordPress Core < 2.0.4 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d305711-7a84-46c2-b333-02f5a745d76c?source=api-scan" ], "published": "2007-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d3771ee-b664-4416-93b7-96ab1e3510cc": { "id": "1d3771ee-b664-4416-93b7-96ab1e3510cc", "title": "Comments - wpDiscuz <= 7.3.11 Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d3771ee-b664-4416-93b7-96ab1e3510cc?source=api-scan" ], "published": "2022-02-10 08:34:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d3e476d-0885-4e8c-a682-bd64d9f13b53": { "id": "1d3e476d-0885-4e8c-a682-bd64d9f13b53", "title": "XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "XPlainer \u2013 Product FAQs for WooCommerce & AI FAQ Generator", "slug": "faq-for-woocommerce", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d3e476d-0885-4e8c-a682-bd64d9f13b53?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d430b33-1607-46b3-8780-ac5cfbb7d6ec": { "id": "1d430b33-1607-46b3-8780-ac5cfbb7d6ec", "title": "EventCalendar <= 1.1.45 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Calendar WD version", "slug": "event-calendar-wd", "affected_versions": { "* - 1.1.45": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d430b33-1607-46b3-8780-ac5cfbb7d6ec?source=api-scan" ], "published": "2021-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d4469e4-5d99-4a56-bde8-9a0aaca7794f": { "id": "1d4469e4-5d99-4a56-bde8-9a0aaca7794f", "title": "123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "123.chat - Video Chat", "slug": "123-chat-videochat", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d4469e4-5d99-4a56-bde8-9a0aaca7794f?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d45bd32-d693-40e6-9b30-9e0b91eb4660": { "id": "1d45bd32-d693-40e6-9b30-9e0b91eb4660", "title": "WooCommerce Composite Products <= 8.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Composite Products", "slug": "woocommerce-composite-products", "affected_versions": { "* - 8.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d45bd32-d693-40e6-9b30-9e0b91eb4660?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d5987cd-1304-487c-8d1c-cab0510fbb84": { "id": "1d5987cd-1304-487c-8d1c-cab0510fbb84", "title": "WordPress Core < 5.0 - Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d5987cd-1304-487c-8d1c-cab0510fbb84?source=api-scan" ], "published": "2018-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d5ac3df-ddaf-4c78-acd3-baddea42443f": { "id": "1d5ac3df-ddaf-4c78-acd3-baddea42443f", "title": "Accredible Certificates & Open Badges <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Accredible Certificates & Open Badges", "slug": "accredible-certificates", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d5ac3df-ddaf-4c78-acd3-baddea42443f?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d5d2217-306c-4ea2-9727-5c02f7d67c2d": { "id": "1d5d2217-306c-4ea2-9727-5c02f7d67c2d", "title": "Cart All In One For WooCommerce <= 1.1.10 - Cross-Site Request Forgery to Cart Changes", "software": [ { "type": "plugin", "name": "Cart All In One For WooCommerce", "slug": "woo-cart-all-in-one", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d5d2217-306c-4ea2-9727-5c02f7d67c2d?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d5d4264-a293-43fc-98a9-b490a37b0c6b": { "id": "1d5d4264-a293-43fc-98a9-b490a37b0c6b", "title": "Light Poll <= 1.0.0 - Cross-Site Request Forgery to Poll Answers Deletion", "software": [ { "type": "plugin", "name": "Light Poll", "slug": "light-poll", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d5d4264-a293-43fc-98a9-b490a37b0c6b?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d5f9fc7-fc85-4326-9295-470e8208c35a": { "id": "1d5f9fc7-fc85-4326-9295-470e8208c35a", "title": "Solid Affiliate <= 1.9.1 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Solid Affiliate", "slug": "solid-affiliate", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d5f9fc7-fc85-4326-9295-470e8208c35a?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d641e9e-e690-48ff-a28b-f4068d372aab": { "id": "1d641e9e-e690-48ff-a28b-f4068d372aab", "title": "LatePoint <= 4.9.91 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LatePoint Plugin", "slug": "latepoint", "affected_versions": { "* - 4.9.91": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.91", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d641e9e-e690-48ff-a28b-f4068d372aab?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d667556-4cab-4f92-aa43-75e7722b3af6": { "id": "1d667556-4cab-4f92-aa43-75e7722b3af6", "title": "Interactive Geo Maps <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "MapGeo \u2013 Interactive Geo Maps", "slug": "interactive-geo-maps", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d667556-4cab-4f92-aa43-75e7722b3af6?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d68ea19-9592-483a-a5fd-635819f9b863": { "id": "1d68ea19-9592-483a-a5fd-635819f9b863", "title": "Easy Custom JS And CSS <= 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Easy Custom Js And Css Plugin", "slug": "easy-custom-js-and-css", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d68ea19-9592-483a-a5fd-635819f9b863?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d6c9765-6936-4b22-835e-e899f62c14c9": { "id": "1d6c9765-6936-4b22-835e-e899f62c14c9", "title": "Tutor LMS <= 2.2.0 - Missing Authorization via REST API", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d6c9765-6936-4b22-835e-e899f62c14c9?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d6e97cd-7da7-43ab-bd88-ebd442d50aa3": { "id": "1d6e97cd-7da7-43ab-bd88-ebd442d50aa3", "title": "Broken Images <= 0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Broken Images", "slug": "wp-broken-images", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d6e97cd-7da7-43ab-bd88-ebd442d50aa3?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d6faee0-716e-4aa9-a841-5231c7aaff21": { "id": "1d6faee0-716e-4aa9-a841-5231c7aaff21", "title": "Easy EU Value Added (VAT) Taxes < 1.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy EU Value Added (VAT) Taxes Add-on", "slug": "exchange-addon-easy-eu-vat-taxes", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d6faee0-716e-4aa9-a841-5231c7aaff21?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d72ff0c-cbee-42a6-8bee-29a5e522a18d": { "id": "1d72ff0c-cbee-42a6-8bee-29a5e522a18d", "title": "Restaurant Reservations <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restaurant Reservations", "slug": "nd-restaurant-reservations", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d72ff0c-cbee-42a6-8bee-29a5e522a18d?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d73f773-f084-40da-b18f-8b30b0d0c08a": { "id": "1d73f773-f084-40da-b18f-8b30b0d0c08a", "title": "VideoJS (Various Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "S3 Video Plugin", "slug": "s3-video", "affected_versions": { "[*, 0.98)": { "from_version": "*", "from_inclusive": true, "to_version": "0.98", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.98" ] }, { "type": "plugin", "name": "EasySqueezePage", "slug": "EasySqueezePage", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "External \"Video for Everybody\"", "slug": "external-video-for-everybody", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] }, { "type": "plugin", "name": "Videopack", "slug": "video-embed-thumbnail-generator", "affected_versions": { "[*, 4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1" ] }, { "type": "plugin", "name": "1player", "slug": "1player", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d73f773-f084-40da-b18f-8b30b0d0c08a?source=api-scan" ], "published": "2015-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d7440ae-f939-478c-8861-57020537dd44": { "id": "1d7440ae-f939-478c-8861-57020537dd44", "title": "Attendance Manager <= 0.5.6 - Cross-site Request Forgery", "software": [ { "type": "plugin", "name": "Attendance Manager", "slug": "attendance-manager", "affected_versions": { "* - 0.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d7440ae-f939-478c-8861-57020537dd44?source=api-scan" ], "published": "2019-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d7860bf-3f3d-4bd2-82b0-7bb94d00ff30": { "id": "1d7860bf-3f3d-4bd2-82b0-7bb94d00ff30", "title": "Paypal Donation <= 1.3.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accept Donations with PayPal & Stripe", "slug": "easy-paypal-donation", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d7860bf-3f3d-4bd2-82b0-7bb94d00ff30?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d79432d-7977-4279-ac69-8e9db682800e": { "id": "1d79432d-7977-4279-ac69-8e9db682800e", "title": "LearnPress <= 3.2.6.7 - SQL Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 3.2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d79432d-7977-4279-ac69-8e9db682800e?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d7d8e85-c9cb-4fa5-9632-61f33048838d": { "id": "1d7d8e85-c9cb-4fa5-9632-61f33048838d", "title": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via button_text_link parameter", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d7d8e85-c9cb-4fa5-9632-61f33048838d?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d7d9521-4814-411d-859f-c7645551d3c5": { "id": "1d7d9521-4814-411d-859f-c7645551d3c5", "title": "2kb Amazon Affiliates Store <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "2kb Amazon Affiliates Store", "slug": "2kb-amazon-affiliates-store", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d7d9521-4814-411d-859f-c7645551d3c5?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d7f1283-a274-49a2-8bec-da178771b13a": { "id": "1d7f1283-a274-49a2-8bec-da178771b13a", "title": "Hotel Booking Lite <= 4.11.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Hotel Booking Lite", "slug": "motopress-hotel-booking-lite", "affected_versions": { "* - 4.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d7f1283-a274-49a2-8bec-da178771b13a?source=api-scan" ], "published": "2024-05-10 09:13:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d8331ce-666d-4d5a-b9cd-08562e3eea43": { "id": "1d8331ce-666d-4d5a-b9cd-08562e3eea43", "title": "Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wonder PDF Embed", "slug": "wonderplugin-pdf-embed", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d8331ce-666d-4d5a-b9cd-08562e3eea43?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d87d225-7de4-49f8-9cba-391d718af7fd": { "id": "1d87d225-7de4-49f8-9cba-391d718af7fd", "title": "Arigato Autoresponder and Newsletter <= 2.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d87d225-7de4-49f8-9cba-391d718af7fd?source=api-scan" ], "published": "2018-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d8c5b14-6a4c-4d66-85cc-b6ab3b886ff7": { "id": "1d8c5b14-6a4c-4d66-85cc-b6ab3b886ff7", "title": "Zippy <= 1.6.9 - Authenticated (Editor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Zippy", "slug": "zippy", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d8c5b14-6a4c-4d66-85cc-b6ab3b886ff7?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d92ce83-03de-4981-8d90-0b8d2a2d16ef": { "id": "1d92ce83-03de-4981-8d90-0b8d2a2d16ef", "title": "Core Control <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Core Control", "slug": "core-control", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d92ce83-03de-4981-8d90-0b8d2a2d16ef?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d93db2c-7baf-42d8-9b4a-be91b27221a7": { "id": "1d93db2c-7baf-42d8-9b4a-be91b27221a7", "title": "UX Flat <= 4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "UX Flat", "slug": "ux-flat", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d93db2c-7baf-42d8-9b4a-be91b27221a7?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d9c4c5c-78cd-4c58-911a-fb67de0c1dca": { "id": "1d9c4c5c-78cd-4c58-911a-fb67de0c1dca", "title": "WP Font Awesome <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Font Awesome", "slug": "wp-font-awesome", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d9c4c5c-78cd-4c58-911a-fb67de0c1dca?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d9e80da-4cc6-425c-892f-1ff34b07583f": { "id": "1d9e80da-4cc6-425c-892f-1ff34b07583f", "title": "Preview E-mails for WooCommerce <= 2.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Preview E-mails for WooCommerce", "slug": "woo-preview-emails", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d9e80da-4cc6-425c-892f-1ff34b07583f?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1d9ffbf3-520a-4563-85e1-27c1cc544856": { "id": "1d9ffbf3-520a-4563-85e1-27c1cc544856", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1d9ffbf3-520a-4563-85e1-27c1cc544856?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1da39f3d-512c-49e0-89cb-672783e5ca4e": { "id": "1da39f3d-512c-49e0-89cb-672783e5ca4e", "title": "VK All in One Expansion Unit <= 9.88.1.0 - Stored (Contributor+) Cross-Site Scripting in CTA Post", "software": [ { "type": "plugin", "name": "VK All in One Expansion Unit", "slug": "vk-all-in-one-expansion-unit", "affected_versions": { "* - 9.88.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.88.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.88.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1da39f3d-512c-49e0-89cb-672783e5ca4e?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1da53718-c2a2-45d0-ad43-daff3c68342d": { "id": "1da53718-c2a2-45d0-ad43-daff3c68342d", "title": "Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update", "software": [ { "type": "plugin", "name": "Word Replacer Pro", "slug": "word-replacer-ultra", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1da53718-c2a2-45d0-ad43-daff3c68342d?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1da8894c-fd19-4ea1-9c05-e519c0131061": { "id": "1da8894c-fd19-4ea1-9c05-e519c0131061", "title": "Team Showcase <= 1.22.15 - Object Injection", "software": [ { "type": "plugin", "name": "Team Showcase", "slug": "team", "affected_versions": { "[*, 1.22.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.22.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1da8894c-fd19-4ea1-9c05-e519c0131061?source=api-scan" ], "published": "2020-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1daaab1a-ce0e-461d-940e-27b5b3f60e32": { "id": "1daaab1a-ce0e-461d-940e-27b5b3f60e32", "title": "Contact Form Email <= 1.3.44 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.3.44": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1daaab1a-ce0e-461d-940e-27b5b3f60e32?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dab93f3-8068-4655-aa3d-a9f4c8dc9d61": { "id": "1dab93f3-8068-4655-aa3d-a9f4c8dc9d61", "title": "Easy Accordion <= 2.1.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Accordion \u2013 Responsive Accordion FAQ Builder and Product FAQ", "slug": "easy-accordion-free", "affected_versions": { "* - 2.1.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dab93f3-8068-4655-aa3d-a9f4c8dc9d61?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dad9de0-5e43-4dfd-a56c-5e9efff35c0a": { "id": "1dad9de0-5e43-4dfd-a56c-5e9efff35c0a", "title": "Store Locator WordPress <= 1.4.9 - Authenticated (Editor+) Stored Cross-Site Scripting via 'category_name', 'description', 'description_2' parameters", "software": [ { "type": "plugin", "name": "Store Locator WordPress", "slug": "agile-store-locator", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dad9de0-5e43-4dfd-a56c-5e9efff35c0a?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1db1c415-7c57-47bb-82d9-44168259ae1a": { "id": "1db1c415-7c57-47bb-82d9-44168259ae1a", "title": "WPC Badge Management for WooCommerce <= 2.4.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WPC Badge Management for WooCommerce", "slug": "wpc-badge-management", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1db1c415-7c57-47bb-82d9-44168259ae1a?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dba61bb-2d26-483e-835f-c3841f07efe6": { "id": "1dba61bb-2d26-483e-835f-c3841f07efe6", "title": "Contest Gallery <= 23.1.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 23.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "23.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "23.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dba61bb-2d26-483e-835f-c3841f07efe6?source=api-scan" ], "published": "2024-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dbdc673-b0ee-4d1d-8cd9-603056f41cda": { "id": "1dbdc673-b0ee-4d1d-8cd9-603056f41cda", "title": "SiteOrigin Widgets Bundle < 1.51.0 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "SiteOrigin Widgets Bundle", "slug": "so-widgets-bundle", "affected_versions": { "* - 1.50.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.50.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.51.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dbdc673-b0ee-4d1d-8cd9-603056f41cda?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dc1a20a-6e7e-4f5c-b0a0-cc79d6e4b0c4": { "id": "1dc1a20a-6e7e-4f5c-b0a0-cc79d6e4b0c4", "title": "Inline Related Posts <= 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Inline Related Posts", "slug": "intelly-related-posts", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dc1a20a-6e7e-4f5c-b0a0-cc79d6e4b0c4?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dc4acdc-754f-4ee0-947d-ff0c277e8181": { "id": "1dc4acdc-754f-4ee0-947d-ff0c277e8181", "title": "Category Icon <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Category Icon", "slug": "category-icon", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dc4acdc-754f-4ee0-947d-ff0c277e8181?source=api-scan" ], "published": "2024-10-11 20:10:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dc733ec-6cc8-40fc-b4c4-1fad4bcd9f21": { "id": "1dc733ec-6cc8-40fc-b4c4-1fad4bcd9f21", "title": "Email Tracker \u2013 Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) < 5.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Tracker \u2013 Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)", "slug": "email-tracker", "affected_versions": { "[*, 5.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dc733ec-6cc8-40fc-b4c4-1fad4bcd9f21?source=api-scan" ], "published": "2021-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dccb69e-b3d8-44b5-8f5e-931e5afe2bd1": { "id": "1dccb69e-b3d8-44b5-8f5e-931e5afe2bd1", "title": "JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "3.0.0 - 3.3.0": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dccb69e-b3d8-44b5-8f5e-931e5afe2bd1?source=api-scan" ], "published": "2023-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dccdbbd-fd3c-4d76-a05a-42f1c7f7132f": { "id": "1dccdbbd-fd3c-4d76-a05a-42f1c7f7132f", "title": "NAB Transact < 2.1.2 - Payment System Bypass", "software": [ { "type": "plugin", "name": "NAB Transact", "slug": "woocommerce-gateway-nab-dp", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dccdbbd-fd3c-4d76-a05a-42f1c7f7132f?source=api-scan" ], "published": "2020-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dcfbdad-a70b-4244-b89d-ddd13d7397a0": { "id": "1dcfbdad-a70b-4244-b89d-ddd13d7397a0", "title": "codoc <= 0.9.51.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "codoc", "slug": "codoc", "affected_versions": { "* - 0.9.51.12": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.51.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dcfbdad-a70b-4244-b89d-ddd13d7397a0?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dd3e203-dcc4-47b5-ab65-324bcff5b91b": { "id": "1dd3e203-dcc4-47b5-ab65-324bcff5b91b", "title": "Search Everything <= 7.0.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Search Everything", "slug": "search-everything", "affected_versions": { "[*, 7.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dd3e203-dcc4-47b5-ab65-324bcff5b91b?source=api-scan" ], "published": "2014-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dd928cb-5466-424e-a87a-3a9618edb56b": { "id": "1dd928cb-5466-424e-a87a-3a9618edb56b", "title": "Phone Orders for WooCommerce <= 3.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Phone Orders for WooCommerce", "slug": "phone-orders-for-woocommerce", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dd928cb-5466-424e-a87a-3a9618edb56b?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ddb9fc8-bed4-42ff-9664-6ea8fb136ec0": { "id": "1ddb9fc8-bed4-42ff-9664-6ea8fb136ec0", "title": "HTML5 Webcam Microphone Recorder Forms < 1.55 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML5 Webcam\/Screen\/Mic Recorder for Video Comments and Forms", "slug": "video-comments-webcam-recorder", "affected_versions": { "* - 1.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.55.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ddb9fc8-bed4-42ff-9664-6ea8fb136ec0?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734": { "id": "1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734", "title": "MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 2.9.34": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ddfd5d9-a7e4-42a8-8419-9a35b4781d3c": { "id": "1ddfd5d9-a7e4-42a8-8419-9a35b4781d3c", "title": "Essential Blocks for Gutenberg <= 3.8.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 3.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ddfd5d9-a7e4-42a8-8419-9a35b4781d3c?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1de36458-d7e5-43cf-af40-0fd7a6eea5bb": { "id": "1de36458-d7e5-43cf-af40-0fd7a6eea5bb", "title": "WP Support Plus Responsive Ticket System <= 8.0.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "[*, 8.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1de36458-d7e5-43cf-af40-0fd7a6eea5bb?source=api-scan" ], "published": "2017-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1de41980-93bb-4831-bb31-50675499f648": { "id": "1de41980-93bb-4831-bb31-50675499f648", "title": "Permalink Manager Lite <= 2.2.12 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1de41980-93bb-4831-bb31-50675499f648?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1de69b7e-944a-4d89-a7de-2fae5ab83171": { "id": "1de69b7e-944a-4d89-a7de-2fae5ab83171", "title": "Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Raygun", "slug": "raygun4wp", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1de69b7e-944a-4d89-a7de-2fae5ab83171?source=api-scan" ], "published": "2017-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1de6c0d9-efa8-4c86-9d57-7aa92a0eda96": { "id": "1de6c0d9-efa8-4c86-9d57-7aa92a0eda96", "title": "Cliengo \u2013 Chatbot <= 3.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Cliengo \u2013 Chatbot", "slug": "cliengo", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1de6c0d9-efa8-4c86-9d57-7aa92a0eda96?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1decdfd8-a2e8-49af-ade8-01d19814b6fb": { "id": "1decdfd8-a2e8-49af-ade8-01d19814b6fb", "title": "Flagallery-skins <= 1.1.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Flagallery-skins", "slug": "flagallery-skins", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1decdfd8-a2e8-49af-ade8-01d19814b6fb?source=api-scan" ], "published": "2013-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1df04293-87e9-4ab4-975d-54d36a993ab0": { "id": "1df04293-87e9-4ab4-975d-54d36a993ab0", "title": "WordPress File Sharing Plugin <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Private Files \u2013 File Upload & Download Manager with Secure File Sharing", "slug": "user-private-files", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1df04293-87e9-4ab4-975d-54d36a993ab0?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1df16802-c102-4ff2-b8ff-8a588905d3f7": { "id": "1df16802-c102-4ff2-b8ff-8a588905d3f7", "title": "Sensei LMS \u2013 Online Courses, Quizzes, & Learning <= 4.24.1 - Unauthenticated Email Template Disclosure", "software": [ { "type": "plugin", "name": "Sensei LMS \u2013 Online Courses, Quizzes, & Learning", "slug": "sensei-lms", "affected_versions": { "* - 4.24.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1df16802-c102-4ff2-b8ff-8a588905d3f7?source=api-scan" ], "published": "2024-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1df1e56e-7a1f-4e89-8df2-bda9dc1ec1dc": { "id": "1df1e56e-7a1f-4e89-8df2-bda9dc1ec1dc", "title": "Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Smart Post Show \u2013 Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More", "slug": "post-carousel", "affected_versions": { "* - 2.4.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1df1e56e-7a1f-4e89-8df2-bda9dc1ec1dc?source=api-scan" ], "published": "2023-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1df31843-0af7-486c-b0aa-4eaf72a7e70f": { "id": "1df31843-0af7-486c-b0aa-4eaf72a7e70f", "title": "Limit Login Attempts Reloaded <= 2.25.25 - Missing Authorization", "software": [ { "type": "plugin", "name": "Limit Login Attempts Reloaded", "slug": "limit-login-attempts-reloaded", "affected_versions": { "* - 2.25.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1df31843-0af7-486c-b0aa-4eaf72a7e70f?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1df421ac-c8fc-4505-989e-1d822ca6de7a": { "id": "1df421ac-c8fc-4505-989e-1d822ca6de7a", "title": "WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WP Social Widget", "slug": "wp-social-widget", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1df421ac-c8fc-4505-989e-1d822ca6de7a?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1df6d436-c183-4ace-bd6c-1f22fbe7240f": { "id": "1df6d436-c183-4ace-bd6c-1f22fbe7240f", "title": "Import and export users and customers <= 1.16.3.5 - CSV injection via a customer's profile", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.16.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1df6d436-c183-4ace-bd6c-1f22fbe7240f?source=api-scan" ], "published": "2020-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1df74d3d-b7c9-4cf8-b1a7-d2b0b4f706d2": { "id": "1df74d3d-b7c9-4cf8-b1a7-d2b0b4f706d2", "title": "Popup Like box \u2013 Page Plugin < 3.5.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Popup Like box \u2013 Page Plugin", "slug": "ays-facebook-popup-likebox", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1df74d3d-b7c9-4cf8-b1a7-d2b0b4f706d2?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1dffbb2d-69d1-495c-8c96-64c5fd878fcd": { "id": "1dffbb2d-69d1-495c-8c96-64c5fd878fcd", "title": "Stock Quotes List <= 2.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stock Quotes List", "slug": "stock-quotes-list", "affected_versions": { "* - 2.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1dffbb2d-69d1-495c-8c96-64c5fd878fcd?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e0426e9-f6d8-40aa-9ceb-a3e5515ac316": { "id": "1e0426e9-f6d8-40aa-9ceb-a3e5515ac316", "title": "Easy Testimonial Manager <= 1.2.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Easy Testimonial Manager", "slug": "easy-testimonial-manager", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e0426e9-f6d8-40aa-9ceb-a3e5515ac316?source=api-scan" ], "published": "2021-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e07562d-ab3a-47bc-9bb1-b952f769f5e5": { "id": "1e07562d-ab3a-47bc-9bb1-b952f769f5e5", "title": "Quotes llama <= 0.7 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quotes llama", "slug": "quotes-llama", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e07562d-ab3a-47bc-9bb1-b952f769f5e5?source=api-scan" ], "published": "2022-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e07593a-3d12-4afe-a21e-fc85bd6d4bef": { "id": "1e07593a-3d12-4afe-a21e-fc85bd6d4bef", "title": "Responsive Image Gallery, Gallery Album <= 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e07593a-3d12-4afe-a21e-fc85bd6d4bef?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e07e570-e4c0-472c-b582-40a87a6507bf": { "id": "1e07e570-e4c0-472c-b582-40a87a6507bf", "title": "WP SMS <= 6.6.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e07e570-e4c0-472c-b582-40a87a6507bf?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e0c77a6-08fd-4d54-8ecd-6e5fe0e03e14": { "id": "1e0c77a6-08fd-4d54-8ecd-6e5fe0e03e14", "title": "WP ERP <= 1.12.3 - Authenticated (Administrator+) SQL Injection via 'type'", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "[*, 1.12.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e0c77a6-08fd-4d54-8ecd-6e5fe0e03e14?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e0fd85a-2164-4b83-822e-845662591a78": { "id": "1e0fd85a-2164-4b83-822e-845662591a78", "title": "Get Custom Field Values <= 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin widget", "software": [ { "type": "plugin", "name": "Get Custom Field Values", "slug": "get-custom-field-values", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e0fd85a-2164-4b83-822e-845662591a78?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e177e54-1a17-49d3-85b5-e4c6bf154320": { "id": "1e177e54-1a17-49d3-85b5-e4c6bf154320", "title": "Quiz Maker <= 6.5.0.5 - Denial of Service", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e177e54-1a17-49d3-85b5-e4c6bf154320?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e1d8afa-0a38-434b-b3d8-04019010ab21": { "id": "1e1d8afa-0a38-434b-b3d8-04019010ab21", "title": "Transposh WordPress Translation <= 1.0.8.1 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e1d8afa-0a38-434b-b3d8-04019010ab21?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e1db52a-3966-4e04-b0ed-08bda9ba1ff6": { "id": "1e1db52a-3966-4e04-b0ed-08bda9ba1ff6", "title": "Republish Old Posts <= 1.21 - Cross-Site Request Forgery via rop_options_page", "software": [ { "type": "plugin", "name": "Republish Old Posts", "slug": "republish-old-posts", "affected_versions": { "* - 1.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e1db52a-3966-4e04-b0ed-08bda9ba1ff6?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e223e0e-959f-498e-8c0e-daae36bd28cb": { "id": "1e223e0e-959f-498e-8c0e-daae36bd28cb", "title": "WP Easy Gallery <= 2.7 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e223e0e-959f-498e-8c0e-daae36bd28cb?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e257954-9e44-4939-8e01-efceb3c0953a": { "id": "1e257954-9e44-4939-8e01-efceb3c0953a", "title": "Ninja Beaver Add-ons for Beaver Builder <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets", "software": [ { "type": "plugin", "name": "Ninja Beaver Add-ons for Beaver Builder", "slug": "ninja-beaver-lite-addons-for-beaver-builder", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e257954-9e44-4939-8e01-efceb3c0953a?source=api-scan" ], "published": "2024-05-21 19:30:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e25a0df-c548-45d0-8672-c35fbc71e0c3": { "id": "1e25a0df-c548-45d0-8672-c35fbc71e0c3", "title": "Bold Page Builder <= 4.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "[*, 4.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e25a0df-c548-45d0-8672-c35fbc71e0c3?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e2c40ea-5d0a-4f1c-99e8-ef0b54bbd20a": { "id": "1e2c40ea-5d0a-4f1c-99e8-ef0b54bbd20a", "title": "Community Events <= 1.4.8 - Authenticated (Administrator+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Community Events", "slug": "community-events", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e2c40ea-5d0a-4f1c-99e8-ef0b54bbd20a?source=api-scan" ], "published": "2022-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e3110ae-5e82-4176-bf9d-6c56b13f9c27": { "id": "1e3110ae-5e82-4176-bf9d-6c56b13f9c27", "title": "ShortPixel Adaptive Images <= 3.8.2 - Missing Authorization in activate_ai_handler and deactivate_ai_handler", "software": [ { "type": "plugin", "name": "ShortPixel Adaptive Images \u2013 WebP, AVIF, CDN, Image Optimization", "slug": "shortpixel-adaptive-images", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e3110ae-5e82-4176-bf9d-6c56b13f9c27?source=api-scan" ], "published": "2024-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e340264-7cc0-4598-972f-aaa1fda2096b": { "id": "1e340264-7cc0-4598-972f-aaa1fda2096b", "title": "Image Slider by NextCode <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Slider by NextCode \u2013 Photo & Video Slider", "slug": "baslider", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e340264-7cc0-4598-972f-aaa1fda2096b?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e35b077-8bb4-49fb-bd79-d9086d9a26dc": { "id": "1e35b077-8bb4-49fb-bd79-d9086d9a26dc", "title": "TeraWallet \u2013 Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.5.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wallet for WooCommerce", "slug": "woo-wallet", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e35b077-8bb4-49fb-bd79-d9086d9a26dc?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e37e54b-9c00-4d04-9c81-791242d45d6c": { "id": "1e37e54b-9c00-4d04-9c81-791242d45d6c", "title": "iDump iPhone to WordPress Photo Uploader <= 1.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Windows Desktop and iPhone Photo Uploader", "slug": "i-dump-iphone-to-wordpress-photo-uploader", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e37e54b-9c00-4d04-9c81-791242d45d6c?source=api-scan" ], "published": "2015-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7": { "id": "1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7", "title": "Image Optimizer, Resizer and CDN \u2013 Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 7.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=api-scan" ], "published": "2024-08-21 17:42:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e47528d-993c-434c-a077-9c614e56f39f": { "id": "1e47528d-993c-434c-a077-9c614e56f39f", "title": "PWGRandom <= 1.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PWGRandom", "slug": "pwgrandom", "affected_versions": { "* - 1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e47528d-993c-434c-a077-9c614e56f39f?source=api-scan" ], "published": "2014-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e48639e-01bb-4980-be6f-bcea3dd16fc5": { "id": "1e48639e-01bb-4980-be6f-bcea3dd16fc5", "title": "Download Plugin <= 2.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Download Plugin", "slug": "download-plugin", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e48639e-01bb-4980-be6f-bcea3dd16fc5?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e4c655c-9cdf-4106-9cf5-fc153de12d14": { "id": "1e4c655c-9cdf-4106-9cf5-fc153de12d14", "title": "Table of Contents Plus <= 2106 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Table of Contents Plus", "slug": "table-of-contents-plus", "affected_versions": { "* - 2106": { "from_version": "*", "from_inclusive": true, "to_version": "2106", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e4c655c-9cdf-4106-9cf5-fc153de12d14?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e4d03f0-408c-47da-bae9-38614603f02b": { "id": "1e4d03f0-408c-47da-bae9-38614603f02b", "title": "SimpleDark <= 1.2.11 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "SimpleDark", "slug": "simpledark", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e4d03f0-408c-47da-bae9-38614603f02b?source=api-scan" ], "published": "2011-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e4f0d78-caa0-4575-a090-e1c12d4ed8fd": { "id": "1e4f0d78-caa0-4575-a090-e1c12d4ed8fd", "title": "Popup Maker \u2013 Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More", "slug": "popup-maker-wp", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e4f0d78-caa0-4575-a090-e1c12d4ed8fd?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e518d40-deda-438a-9787-b3cf7faad7a4": { "id": "1e518d40-deda-438a-9787-b3cf7faad7a4", "title": "Import WP \u2013 Import and Export WordPress data to XML or CSV files <= 2.4.5 - Authenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Import WP \u2013 Export and Import CSV and XML files to WordPress", "slug": "jc-importer", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e518d40-deda-438a-9787-b3cf7faad7a4?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e5381fe-940b-404e-b2f2-1fd1c4ee5d78": { "id": "1e5381fe-940b-404e-b2f2-1fd1c4ee5d78", "title": "Flexible Elementor Panel <= 2.3.8 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Flexible Elementor Panel", "slug": "flexible-elementor-panel", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e5381fe-940b-404e-b2f2-1fd1c4ee5d78?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e567aec-07e5-494a-936d-93b40d3e3043": { "id": "1e567aec-07e5-494a-936d-93b40d3e3043", "title": "WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e567aec-07e5-494a-936d-93b40d3e3043?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e5cbe1f-0a16-4301-a83c-af9456afe44d": { "id": "1e5cbe1f-0a16-4301-a83c-af9456afe44d", "title": "WP To Do <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP To Do", "slug": "wp-todo", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e5cbe1f-0a16-4301-a83c-af9456afe44d?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e5e16c9-53d2-4fdd-8370-920b22f52033": { "id": "1e5e16c9-53d2-4fdd-8370-920b22f52033", "title": "WooCommerce <= 2.6.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 2.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e5e16c9-53d2-4fdd-8370-920b22f52033?source=api-scan" ], "published": "2016-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e6327b0-a047-4f8c-8e95-88f2e4b7089f": { "id": "1e6327b0-a047-4f8c-8e95-88f2e4b7089f", "title": "BP Better Messages <= 2.4.32 - Missing Authorization", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "* - 2.4.32": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e6327b0-a047-4f8c-8e95-88f2e4b7089f?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e65922a-3498-4946-8415-3d922e85e46a": { "id": "1e65922a-3498-4946-8415-3d922e85e46a", "title": "GEO my WordPress <= 4.5.0.1 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "GEO my WP", "slug": "geo-my-wp", "affected_versions": { "* - 4.5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e65922a-3498-4946-8415-3d922e85e46a?source=api-scan" ], "published": "2024-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e6c1e98-72a2-4e74-bfd4-4054187d4d19": { "id": "1e6c1e98-72a2-4e74-bfd4-4054187d4d19", "title": "WooCommerce <= 6.2.0 - Incorrect Authorization Checks on REST API Endpoints", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 6.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e6c1e98-72a2-4e74-bfd4-4054187d4d19?source=api-scan" ], "published": "2022-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e72d5c7-c601-4775-a825-4786bbd1b5f0": { "id": "1e72d5c7-c601-4775-a825-4786bbd1b5f0", "title": "Share This Image <= 2.03 - Open Redirect via link Parameter", "software": [ { "type": "plugin", "name": "Share This Image", "slug": "share-this-image", "affected_versions": { "* - 2.03": { "from_version": "*", "from_inclusive": true, "to_version": "2.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e72d5c7-c601-4775-a825-4786bbd1b5f0?source=api-scan" ], "published": "2024-09-16 19:55:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e77760b-4e61-462c-9245-0e40f161d565": { "id": "1e77760b-4e61-462c-9245-0e40f161d565", "title": "YITH WooCommerce Gift Cards Premium <= 3.23.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "YITH WooCommerce Gift Cards Premium", "slug": "yith-woocommerce-gift-cards-premium", "affected_versions": { "* - 3.23.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.23.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e77760b-4e61-462c-9245-0e40f161d565?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e7c1eab-78d7-48f8-810b-db6cea668d92": { "id": "1e7c1eab-78d7-48f8-810b-db6cea668d92", "title": "WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e7c1eab-78d7-48f8-810b-db6cea668d92?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e8060bc-900f-4f2d-a24e-13dc1d830fc1": { "id": "1e8060bc-900f-4f2d-a24e-13dc1d830fc1", "title": "Social Rocket <= 1.2.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Rocket \u2013 Social Sharing Plugin", "slug": "social-rocket", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e8060bc-900f-4f2d-a24e-13dc1d830fc1?source=api-scan" ], "published": "2020-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e81208c-771f-409e-b665-b07def0ca774": { "id": "1e81208c-771f-409e-b665-b07def0ca774", "title": "Uji Popup <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via uji_popup_code shortcode", "software": [ { "type": "plugin", "name": "Uji Popup", "slug": "uji-popup", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e81208c-771f-409e-b665-b07def0ca774?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e84fbbf-05b0-497b-81d8-1b029d24cddd": { "id": "1e84fbbf-05b0-497b-81d8-1b029d24cddd", "title": "Business Directory Plugin <= 5.11 - Authenticated PHP4 Upload", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 5.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e84fbbf-05b0-497b-81d8-1b029d24cddd?source=api-scan" ], "published": "2021-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e855031-eddd-45bc-9ed2-80cae03a45df": { "id": "1e855031-eddd-45bc-9ed2-80cae03a45df", "title": "SMSA Shipping for WooCommerce <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "SMSA Shipping for WooCommerce", "slug": "smsa-shipping-for-woocommerce", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e855031-eddd-45bc-9ed2-80cae03a45df?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e8abfd1-6e16-4c86-b430-44cec21a5267": { "id": "1e8abfd1-6e16-4c86-b430-44cec21a5267", "title": "Widget Shortcode <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widget Shortcode", "slug": "widget-shortcode", "affected_versions": { "* - 0.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e8abfd1-6e16-4c86-b430-44cec21a5267?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e8e0257-a745-495f-a103-c032b95209fc": { "id": "1e8e0257-a745-495f-a103-c032b95209fc", "title": "File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "File Manager Pro", "slug": "wp-file-manager-pro", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e8e0257-a745-495f-a103-c032b95209fc?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e9458e4-570e-4871-84ac-380107037b1c": { "id": "1e9458e4-570e-4871-84ac-380107037b1c", "title": "Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms \u2013 Advanced Form Integration <= 1.62.0 - Authenticated (Admin+) Cross Site Scripting", "software": [ { "type": "plugin", "name": "AFI \u2013 The Easiest Integration Plugin", "slug": "advanced-form-integration", "affected_versions": { "* - 1.62.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.62.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.63.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e9458e4-570e-4871-84ac-380107037b1c?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e9506bd-10a6-40ab-8162-cf4fad9cb882": { "id": "1e9506bd-10a6-40ab-8162-cf4fad9cb882", "title": "Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 1.6.3 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coming Soon, Under Construction & Maintenance Mode By Dazzler", "slug": "coming-soon-wp", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e9506bd-10a6-40ab-8162-cf4fad9cb882?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e9641e2-fe33-4e22-895e-7974b4da6866": { "id": "1e9641e2-fe33-4e22-895e-7974b4da6866", "title": "Torro Forms <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Torro Forms", "slug": "torro-forms", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e9641e2-fe33-4e22-895e-7974b4da6866?source=api-scan" ], "published": "2022-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e98b763-29b9-435d-a436-d4df64234b4d": { "id": "1e98b763-29b9-435d-a436-d4df64234b4d", "title": "BlossomThemes Email Newsletter <= 2.2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "BlossomThemes Email Newsletter", "slug": "blossomthemes-email-newsletter", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e98b763-29b9-435d-a436-d4df64234b4d?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1e99c10d-6632-4520-9239-9b831becd103": { "id": "1e99c10d-6632-4520-9239-9b831becd103", "title": "Vision Interactive <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Vision \u2013 Interactive Image Map Builder", "slug": "vision", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1e99c10d-6632-4520-9239-9b831becd103?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ea40b96-4693-4f98-8e6e-2ed8186cedd8": { "id": "1ea40b96-4693-4f98-8e6e-2ed8186cedd8", "title": "Staff \/ Employee Business Directory for Active Directory <= 1.2.3 - Authenticated (Admin+) LDAP Passback", "software": [ { "type": "plugin", "name": "Staff \/ Employee Business Directory for Active Directory", "slug": "ldap-ad-staff-employee-directory-search", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ea4b216-0b29-45eb-bd61-962f76265ba6": { "id": "1ea4b216-0b29-45eb-bd61-962f76265ba6", "title": "Youzify <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ea4b216-0b29-45eb-bd61-962f76265ba6?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ead1a18-9429-472e-9e88-e792eaa23ae9": { "id": "1ead1a18-9429-472e-9e88-e792eaa23ae9", "title": "Simple:Press <= 6.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Modification", "software": [ { "type": "plugin", "name": "Simple:Press Forum", "slug": "simplepress", "affected_versions": { "* - 6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ead1a18-9429-472e-9e88-e792eaa23ae9?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ead46fd-5744-4fbb-9efd-980f9216abbc": { "id": "1ead46fd-5744-4fbb-9efd-980f9216abbc", "title": "FeedWordPress <= 2022.0222 - Insecure Direct Object Referece", "software": [ { "type": "plugin", "name": "FeedWordPress", "slug": "feedwordpress", "affected_versions": { "* - 2022.0222": { "from_version": "*", "from_inclusive": true, "to_version": "2022.0222", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2024.0428" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ead6a38-b495-47d2-8d40-1f17e64fd1ff": { "id": "1ead6a38-b495-47d2-8d40-1f17e64fd1ff", "title": "Contextual Related Posts < 1.8.10.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Contextual Related Posts", "slug": "contextual-related-posts", "affected_versions": { "[*, 1.8.10.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ead6a38-b495-47d2-8d40-1f17e64fd1ff?source=api-scan" ], "published": "2014-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1eb25ef3-28ea-4f8f-932a-e90ca1914e8d": { "id": "1eb25ef3-28ea-4f8f-932a-e90ca1914e8d", "title": "Advanced Access Manager <= 6.9.18 - Authenticated (Author+) Open Redirect", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "* - 6.9.18": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1eb25ef3-28ea-4f8f-932a-e90ca1914e8d?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ebb6ebe-3a66-4ad8-9bba-c09354810159": { "id": "1ebb6ebe-3a66-4ad8-9bba-c09354810159", "title": "GridKit Portfolio <= 2.0.0 - Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Portfolio, Gallery, Product Catalog \u2013 Grid KIT Portfolio", "slug": "portfolio-wp", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ebb6ebe-3a66-4ad8-9bba-c09354810159?source=api-scan" ], "published": "2022-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ec0f7d1-a8d0-4dfd-96f5-aee0329bb8ca": { "id": "1ec0f7d1-a8d0-4dfd-96f5-aee0329bb8ca", "title": "Bloglo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Bloglo", "slug": "bloglo", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ec0f7d1-a8d0-4dfd-96f5-aee0329bb8ca?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ec186b0-72f0-4017-ad24-1c82247a23ec": { "id": "1ec186b0-72f0-4017-ad24-1c82247a23ec", "title": "Pinterest RSS Widget <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Pinterest RSS Widget", "slug": "pinterest-rss-widget", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ec186b0-72f0-4017-ad24-1c82247a23ec?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ec207cd-cae5-4950-bbc8-d28f108b4ae7": { "id": "1ec207cd-cae5-4950-bbc8-d28f108b4ae7", "title": "Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ec45848-33b1-4088-ba06-9a12d291120e": { "id": "1ec45848-33b1-4088-ba06-9a12d291120e", "title": "Better WP Security <= 3.5.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ec45848-33b1-4088-ba06-9a12d291120e?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ecf2247-5861-4206-9329-f0389a35076b": { "id": "1ecf2247-5861-4206-9329-f0389a35076b", "title": "Contact Form 7 Newsletter <= 2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Newsletter", "slug": "contact-form-7-newsletter", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ecf2247-5861-4206-9329-f0389a35076b?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ed98565-3f86-46c0-a696-13d678f2d523": { "id": "1ed98565-3f86-46c0-a696-13d678f2d523", "title": "Rank Math SEO <= 1.0.26 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ed98565-3f86-46c0-a696-13d678f2d523?source=api-scan" ], "published": "2019-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ede7a25-9bb2-408e-b7fb-e5bd4f594351": { "id": "1ede7a25-9bb2-408e-b7fb-e5bd4f594351", "title": "Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products", "software": [ { "type": "plugin", "name": "Essential Blocks Pro", "slug": "essential-blocks-pro", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ededa54-654f-48dc-87d5-7321e041e6fb": { "id": "1ededa54-654f-48dc-87d5-7321e041e6fb", "title": "Whizzy <= 1.1.18 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Whizzy", "slug": "whizzy", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ededa54-654f-48dc-87d5-7321e041e6fb?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ee1a4de-25be-46fa-907e-1856862ae52e": { "id": "1ee1a4de-25be-46fa-907e-1856862ae52e", "title": "WP Live Chat Support <= 7.1.02 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 7.1.02": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ee1a4de-25be-46fa-907e-1856862ae52e?source=api-scan" ], "published": "2017-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ee41498-f5c6-48c3-a0db-55a1fe6e7f92": { "id": "1ee41498-f5c6-48c3-a0db-55a1fe6e7f92", "title": "infolinks Ad Wrap <= 1.0.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "infolinks Ad Wrap", "slug": "infolinks-ad-wrap", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ee41498-f5c6-48c3-a0db-55a1fe6e7f92?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ee47f62-93f5-40ed-8c1d-555a21eb714a": { "id": "1ee47f62-93f5-40ed-8c1d-555a21eb714a", "title": "Insert Pages <= 3.6.1 - Contributor+ Arbitrary Posts\/Pages Access", "software": [ { "type": "plugin", "name": "Insert Pages", "slug": "insert-pages", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ee47f62-93f5-40ed-8c1d-555a21eb714a?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ee7fe5f-0939-4604-99fb-2ddd06f30c88": { "id": "1ee7fe5f-0939-4604-99fb-2ddd06f30c88", "title": "LetterPress \u2013 Elevate Your WordPress Site's E-Mail Campaigns and Marketing <= 1.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LetterPress \u2013 Elevate Your WordPress Site's E-Mail Campaigns and Marketing", "slug": "letterpress", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ee7fe5f-0939-4604-99fb-2ddd06f30c88?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1eeea385-734c-4403-8886-e3ad6dc47140": { "id": "1eeea385-734c-4403-8886-e3ad6dc47140", "title": "Fast Flow <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fast Flow", "slug": "fast-flow-dashboard", "affected_versions": { "* - 1.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1eeea385-734c-4403-8886-e3ad6dc47140?source=api-scan" ], "published": "2022-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ef02ecc-6a7b-4782-a891-a1d66d770c81": { "id": "1ef02ecc-6a7b-4782-a891-a1d66d770c81", "title": "Amministrazione Trasparente <= 8.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Amministrazione Trasparente", "slug": "amministrazione-trasparente", "affected_versions": { "* - 8.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ef02ecc-6a7b-4782-a891-a1d66d770c81?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ef82f14-f6e3-4e9a-9656-d2d15fbfefb8": { "id": "1ef82f14-f6e3-4e9a-9656-d2d15fbfefb8", "title": "WP-DownloadManager <= 1.68.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-DownloadManager", "slug": "wp-downloadmanager", "affected_versions": { "* - 1.68.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.68.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.68.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ef82f14-f6e3-4e9a-9656-d2d15fbfefb8?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1efb9215-542b-46a1-b358-f3d27339a920": { "id": "1efb9215-542b-46a1-b358-f3d27339a920", "title": "Featured Image Pro Post Grid <= 5.14 - Reflected Cross-Site Scripting via page", "software": [ { "type": "plugin", "name": "Featured Image Pro Post Grid", "slug": "featured-image-pro", "affected_versions": { "* - 5.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1efb9215-542b-46a1-b358-f3d27339a920?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f06b855-c1e1-4378-a340-9dda2919fb83": { "id": "1f06b855-c1e1-4378-a340-9dda2919fb83", "title": "Motors \u2013 Car Dealer & Classified Ads <= 1.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Motors \u2013 Car Dealer, Classifieds & Listing", "slug": "motors-car-dealership-classified-listings", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f06b855-c1e1-4378-a340-9dda2919fb83?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f092dae-e298-42e3-b494-fc7b7669b300": { "id": "1f092dae-e298-42e3-b494-fc7b7669b300", "title": "All In One WP Security & Firewall <= 4.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f092dae-e298-42e3-b494-fc7b7669b300?source=api-scan" ], "published": "2020-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f0a3c78-ba3e-445c-9612-94e80ef9d018": { "id": "1f0a3c78-ba3e-445c-9612-94e80ef9d018", "title": "ParcelPanel <= 4.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ParcelPanel (Free to install) \u2013 Shipment Tracking, Tracking, and Order Tracking for WooCommerce", "slug": "parcelpanel", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f0a3c78-ba3e-445c-9612-94e80ef9d018?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f13a1c9-db26-4243-b8ee-f25eac51afa2": { "id": "1f13a1c9-db26-4243-b8ee-f25eac51afa2", "title": "Font Awesome 4 Menus <= 4.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Font Awesome 4 Menus", "slug": "font-awesome-4-menus", "affected_versions": { "* - 4.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f13a1c9-db26-4243-b8ee-f25eac51afa2?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f18147d-60e6-447d-a6f5-6ad7b633e62c": { "id": "1f18147d-60e6-447d-a6f5-6ad7b633e62c", "title": "Active Products Tables for WooCommerce <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Active Products Tables for WooCommerce. Use constructor to create tables\u00a0", "slug": "profit-products-tables-for-woocommerce", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f18147d-60e6-447d-a6f5-6ad7b633e62c?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f1dcec6-1fcf-40e8-a15b-647b7161b6b5": { "id": "1f1dcec6-1fcf-40e8-a15b-647b7161b6b5", "title": "Eupago Gateway For Woocommerce <= 3.1.9 - Cross-Site Request Forgery via eupago_page_content", "software": [ { "type": "plugin", "name": "Eupago Gateway For Woocommerce", "slug": "eupago-gateway-for-woocommerce", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f1dcec6-1fcf-40e8-a15b-647b7161b6b5?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f2135ab-ef76-4539-81ad-51abc4e051ce": { "id": "1f2135ab-ef76-4539-81ad-51abc4e051ce", "title": "Gratisfaction <= 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program", "slug": "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce", "affected_versions": { "* - 4.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f2135ab-ef76-4539-81ad-51abc4e051ce?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f25cabc-8886-4d30-af16-07d344db2fff": { "id": "1f25cabc-8886-4d30-af16-07d344db2fff", "title": "WordPress Landing Pages <= 1.9.0 - Unauthenticated Remote Command Execution", "software": [ { "type": "plugin", "name": "WordPress Landing Pages", "slug": "landing-pages", "affected_versions": { "[*, 1.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f25cabc-8886-4d30-af16-07d344db2fff?source=api-scan" ], "published": "2015-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f2845a5-7572-4533-8949-08bee99fca20": { "id": "1f2845a5-7572-4533-8949-08bee99fca20", "title": "WordPress < 2.0.6 - Username Enumeration via Error Messages", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f2845a5-7572-4533-8949-08bee99fca20?source=api-scan" ], "published": "2007-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f286857-2fd3-4884-982f-47773f7af636": { "id": "1f286857-2fd3-4884-982f-47773f7af636", "title": "Fusion <= 3.1 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Fusion", "slug": "fusion-delisted", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f286857-2fd3-4884-982f-47773f7af636?source=api-scan" ], "published": "2015-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f2cfb14-1076-492f-8a1b-ae04b47dc6fa": { "id": "1f2cfb14-1076-492f-8a1b-ae04b47dc6fa", "title": "Chatbot with ChatGPT <= 2.4.5 - Missing Authorization to Unauthenticated OpenAI API Key Exposure", "software": [ { "type": "plugin", "name": "Chatbot with ChatGPT WordPress", "slug": "smartsearchwp", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f2cfb14-1076-492f-8a1b-ae04b47dc6fa?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f2d149b-fe63-4fa3-b840-02dc8c5f9323": { "id": "1f2d149b-fe63-4fa3-b840-02dc8c5f9323", "title": "Food Store < 1.3.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Food Store \u2013 Online Food Delivery & Pickup", "slug": "food-store", "affected_versions": { "[*, 1.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f2d149b-fe63-4fa3-b840-02dc8c5f9323?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214": { "id": "1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214", "title": "Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f34302c-b08c-4542-9aa9-c66fe1f0288d": { "id": "1f34302c-b08c-4542-9aa9-c66fe1f0288d", "title": "WP-CopyProtect [Protect your blog posts] <= 3.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-CopyProtect [Protect your blog posts]", "slug": "wp-copyprotect", "affected_versions": { "[*, 3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f34302c-b08c-4542-9aa9-c66fe1f0288d?source=api-scan" ], "published": "2015-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f36ff03-b599-4f2c-859e-751ac51b652d": { "id": "1f36ff03-b599-4f2c-859e-751ac51b652d", "title": "WordPress Contact Form, Drag and Drop Form Builder Plugin \u2013 Live Forms <= 3.2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Contact Form, Drag and Drop Form Builder Plugin \u2013 Live Forms", "slug": "liveforms", "affected_versions": { "[*, 3.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f36ff03-b599-4f2c-859e-751ac51b652d?source=api-scan" ], "published": "2017-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f37ed0e-3e03-4f00-9967-16047beab1cf": { "id": "1f37ed0e-3e03-4f00-9967-16047beab1cf", "title": "MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "MSync", "slug": "msync", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f37ed0e-3e03-4f00-9967-16047beab1cf?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f38aca5-0d69-421e-a3f2-d12cd593a88a": { "id": "1f38aca5-0d69-421e-a3f2-d12cd593a88a", "title": "Easy Social Icons <= 3.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f38aca5-0d69-421e-a3f2-d12cd593a88a?source=api-scan" ], "published": "2021-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f39c2db-cf9a-4abf-bb43-f7e860b656d4": { "id": "1f39c2db-cf9a-4abf-bb43-f7e860b656d4", "title": "Create by Mediavine <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Create by Mediavine", "slug": "mediavine-create", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f39c2db-cf9a-4abf-bb43-f7e860b656d4?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f413fc2-8543-4478-987d-d983581027bf": { "id": "1f413fc2-8543-4478-987d-d983581027bf", "title": "Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings", "software": [ { "type": "plugin", "name": "Starbox \u2013 the Author Box for Humans", "slug": "starbox", "affected_versions": { "* - 3.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f413fc2-8543-4478-987d-d983581027bf?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f42b3fc-cb2a-4e95-a55b-608ae64d8b58": { "id": "1f42b3fc-cb2a-4e95-a55b-608ae64d8b58", "title": "WordPress Popular Posts <= 6.0.5 - Unauthenticated Views Changes", "software": [ { "type": "plugin", "name": "WordPress Popular Posts", "slug": "wordpress-popular-posts", "affected_versions": { "* - 6.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f42b3fc-cb2a-4e95-a55b-608ae64d8b58?source=api-scan" ], "published": "2022-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f463ed1-06ad-430f-b450-1a73dc54f8a7": { "id": "1f463ed1-06ad-430f-b450-1a73dc54f8a7", "title": "WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f4bd246-5632-4701-aa57-3855e73e6eb6": { "id": "1f4bd246-5632-4701-aa57-3855e73e6eb6", "title": "Listing, Classified Ads & Business Directory \u2013 uListing <= 2.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f4bd246-5632-4701-aa57-3855e73e6eb6?source=api-scan" ], "published": "2021-07-27 04:29:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f533dbd-4dd0-48ec-b083-e6284acab067": { "id": "1f533dbd-4dd0-48ec-b083-e6284acab067", "title": "Slimstat Analytics <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 4.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f533dbd-4dd0-48ec-b083-e6284acab067?source=api-scan" ], "published": "2022-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f545c20-5be1-42bc-9268-640590ee4bf2": { "id": "1f545c20-5be1-42bc-9268-640590ee4bf2", "title": "WordPress Mobile Pack <= 3.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps", "slug": "wordpress-mobile-pack", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f545c20-5be1-42bc-9268-640590ee4bf2?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f589345-a081-4d27-ac4a-6edc44b96f91": { "id": "1f589345-a081-4d27-ac4a-6edc44b96f91", "title": "Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update", "software": [ { "type": "plugin", "name": "Testimonial Carousel For Elementor", "slug": "testimonials-carousel-elementor", "affected_versions": { "* - 10.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "10.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f589345-a081-4d27-ac4a-6edc44b96f91?source=api-scan" ], "published": "2024-05-24 14:43:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f5b4f9a-4067-4514-9027-b645921d807f": { "id": "1f5b4f9a-4067-4514-9027-b645921d807f", "title": "Easy2Map <= 1.2.9 - Directory Traversal and Local File Inclusion", "software": [ { "type": "plugin", "name": "Easy2Map", "slug": "easy2map", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f5b4f9a-4067-4514-9027-b645921d807f?source=api-scan" ], "published": "2015-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f622e20-2f7e-44ed-8237-fbf25323d2ce": { "id": "1f622e20-2f7e-44ed-8237-fbf25323d2ce", "title": "Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Text Widget", "slug": "advanced-text-widget", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f622e20-2f7e-44ed-8237-fbf25323d2ce?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f628801-8c11-4464-a440-879f97949bf6": { "id": "1f628801-8c11-4464-a440-879f97949bf6", "title": "F4 Improvements <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "F4 Improvements", "slug": "f4-improvements", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f628801-8c11-4464-a440-879f97949bf6?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f714f97-5e1a-498a-9722-1e4bb883c5c7": { "id": "1f714f97-5e1a-498a-9722-1e4bb883c5c7", "title": "Minimist <= 1.2.5 - Prototype Pollution", "software": [ { "type": "plugin", "name": "Convert to Blocks", "slug": "convert-to-blocks", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] }, { "type": "plugin", "name": "Ad Refresh Control", "slug": "ad-refresh-control", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] }, { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f714f97-5e1a-498a-9722-1e4bb883c5c7?source=api-scan" ], "published": "2022-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f7e2323-42e9-4cc7-b3f4-d133e0073b7b": { "id": "1f7e2323-42e9-4cc7-b3f4-d133e0073b7b", "title": "CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f7e2323-42e9-4cc7-b3f4-d133e0073b7b?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f81d9f2-f7a1-4085-aa20-d991cecacd23": { "id": "1f81d9f2-f7a1-4085-aa20-d991cecacd23", "title": "SP Project & Document Manager <= 4.21 - Authenticated Shell Upload", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "[*, 4.22)": { "from_version": "*", "from_inclusive": true, "to_version": "4.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f81d9f2-f7a1-4085-aa20-d991cecacd23?source=api-scan" ], "published": "2021-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f82845c-55db-491a-90c1-326884abb5d6": { "id": "1f82845c-55db-491a-90c1-326884abb5d6", "title": "WebEngage Feedback, Survey and Notification < 2.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WebEngage Feedback, Survey and Notification", "slug": "webengage", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f82845c-55db-491a-90c1-326884abb5d6?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f846ffa-0dfa-4549-845a-7884a390462a": { "id": "1f846ffa-0dfa-4549-845a-7884a390462a", "title": "WordPress Core < 5.0.1 - PHAR Unserialization", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f846ffa-0dfa-4549-845a-7884a390462a?source=api-scan" ], "published": "2018-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f862575-afd8-4e38-8780-40e86ad9b5da": { "id": "1f862575-afd8-4e38-8780-40e86ad9b5da", "title": "Translate WordPress - Google Language Translator <= 6.0.11 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translate WordPress \u2013 Google Language Translator", "slug": "google-language-translator", "affected_versions": { "[*, 6.0.12)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f862575-afd8-4e38-8780-40e86ad9b5da?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f8634d1-9201-4af5-9e06-c28ffcb51046": { "id": "1f8634d1-9201-4af5-9e06-c28ffcb51046", "title": "RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.107.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.107.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.107.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f8634d1-9201-4af5-9e06-c28ffcb51046?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f87135a-4018-4985-bfff-4c59736af26d": { "id": "1f87135a-4018-4985-bfff-4c59736af26d", "title": "Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f87135a-4018-4985-bfff-4c59736af26d?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f8a69ba-2663-4c54-8aef-4c5b0f851186": { "id": "1f8a69ba-2663-4c54-8aef-4c5b0f851186", "title": "Form Builder <= 1.9.9.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Form Builder | Create Responsive Contact Forms", "slug": "contact-form-add", "affected_versions": { "* - 1.9.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f8a69ba-2663-4c54-8aef-4c5b0f851186?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f8f8378-676e-455a-aaad-b80c1a4dc717": { "id": "1f8f8378-676e-455a-aaad-b80c1a4dc717", "title": "Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element URL", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f8f8378-676e-455a-aaad-b80c1a4dc717?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f93ecf7-ba49-47f6-abe3-33e3bc6e7054": { "id": "1f93ecf7-ba49-47f6-abe3-33e3bc6e7054", "title": "CP Reservation Calendar < 1.1.7 - SQL Injection", "software": [ { "type": "plugin", "name": "CP Reservation Calendar", "slug": "cp-reservation-calendar", "affected_versions": { "[*, 1.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f93ecf7-ba49-47f6-abe3-33e3bc6e7054?source=api-scan" ], "published": "2015-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f955d88-ab4c-4cf4-a23b-91119d412716": { "id": "1f955d88-ab4c-4cf4-a23b-91119d412716", "title": "Backuply - Backup, Restore, Migrate and Clone <= 1.2.6 - Denial of Service", "software": [ { "type": "plugin", "name": "Backuply \u2013 Backup, Restore, Migrate and Clone", "slug": "backuply", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f955d88-ab4c-4cf4-a23b-91119d412716?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f95bd2d-c835-4824-b241-f645b4a8fdb2": { "id": "1f95bd2d-c835-4824-b241-f645b4a8fdb2", "title": "YouTube Embed <= 3.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YouTube Embed", "slug": "youtube-embed", "affected_versions": { "[*, 3.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f95bd2d-c835-4824-b241-f645b4a8fdb2?source=api-scan" ], "published": "2015-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f9760f8-459d-4dcf-941d-f8f3f1e266ce": { "id": "1f9760f8-459d-4dcf-941d-f8f3f1e266ce", "title": "Captcha! <= 2.5d - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Captcha!", "slug": "captcha-offrepo", "affected_versions": { "* - 2.5d": { "from_version": "*", "from_inclusive": true, "to_version": "2.5d", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f9760f8-459d-4dcf-941d-f8f3f1e266ce?source=api-scan" ], "published": "2007-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f9b02c1-2cd7-48ee-b568-4c42bc0ded96": { "id": "1f9b02c1-2cd7-48ee-b568-4c42bc0ded96", "title": "Customize Login Image <= 3.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Customize Login Image", "slug": "customize-login-image", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f9b02c1-2cd7-48ee-b568-4c42bc0ded96?source=api-scan" ], "published": "2021-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f9d4d86-9d5f-4888-9cc4-d55c117ae4ea": { "id": "1f9d4d86-9d5f-4888-9cc4-d55c117ae4ea", "title": "Different Menu in Different Pages \u2013 Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication", "software": [ { "type": "plugin", "name": "Different Menu in Different Pages \u2013 Control Menu Visibility (All in One)", "slug": "different-menus-in-different-pages", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f9d4d86-9d5f-4888-9cc4-d55c117ae4ea?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1f9d8bbe-205f-44b6-a0c6-89b9135e6363": { "id": "1f9d8bbe-205f-44b6-a0c6-89b9135e6363", "title": "Contest Gallery \u2013 Files Upload and Contest Plugin for WordPress <= 17.0.4 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 17.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "17.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "17.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1f9d8bbe-205f-44b6-a0c6-89b9135e6363?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fa39169-1cba-43ce-aa29-adf7ce09ce75": { "id": "1fa39169-1cba-43ce-aa29-adf7ce09ce75", "title": "Bello - Directory & Listing <= 1.5.9 - Unauthenticated SQL Injection", "software": [ { "type": "theme", "name": "Bello - Directory & Listing", "slug": "bello", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fa39169-1cba-43ce-aa29-adf7ce09ce75?source=api-scan" ], "published": "2021-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fa45912-3d26-4284-8957-5977aaf36a03": { "id": "1fa45912-3d26-4284-8957-5977aaf36a03", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fa45912-3d26-4284-8957-5977aaf36a03?source=api-scan" ], "published": "2020-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fa45fa7-b1da-42f0-945b-2a6b0db5ba91": { "id": "1fa45fa7-b1da-42f0-945b-2a6b0db5ba91", "title": "Enable\/Disable Auto Login when Register <= 1.1.0 Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Enable\/Disable Auto Login when Register", "slug": "auto-login-when-resister", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fa45fa7-b1da-42f0-945b-2a6b0db5ba91?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fa87357-09c0-4e99-8ceb-41a7987c4a57": { "id": "1fa87357-09c0-4e99-8ceb-41a7987c4a57", "title": "Open RDW kenteken voertuiginformatie <= 2.0.14 - Reflected Cross-Site Scripting via open_data_rdw_kenteken", "software": [ { "type": "plugin", "name": "Tussendoor \u2013 Open RDW", "slug": "open-rdw-kenteken-voertuiginformatie", "affected_versions": { "* - 2.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fa87357-09c0-4e99-8ceb-41a7987c4a57?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fab5d06-ff39-4b7c-808b-bd199c2a3329": { "id": "1fab5d06-ff39-4b7c-808b-bd199c2a3329", "title": "WPBakery Page Builder for WordPress <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBakery Page Builder for WordPress", "slug": "js_composer", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fab5d06-ff39-4b7c-808b-bd199c2a3329?source=api-scan" ], "published": "2020-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fc3f65e-5fbe-403b-b7cd-dde16a7e5778": { "id": "1fc3f65e-5fbe-403b-b7cd-dde16a7e5778", "title": "WordPress Core < 6.3.2 \u2013 Authenticated (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 4.1.38": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.38", "to_inclusive": true }, "4.2 - 4.2.35": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.35", "to_inclusive": true }, "4.3 - 4.3.31": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.31", "to_inclusive": true }, "4.4 - 4.4.30": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.30", "to_inclusive": true }, "4.5 - 4.5.29": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.29", "to_inclusive": true }, "4.6 - 4.6.26": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.26", "to_inclusive": true }, "4.7 - 4.7.26": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.26", "to_inclusive": true }, "4.8 - 4.8.22": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.22", "to_inclusive": true }, "4.9 - 4.9.23": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": true }, "5.0 - 5.0.19": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.19", "to_inclusive": true }, "5.1 - 5.1.16": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": true }, "5.2 - 5.2.18": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.18", "to_inclusive": true }, "5.3 - 5.3.15": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": true }, "5.4 - 5.4.13": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": true }, "5.5 - 5.5.12": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.12", "to_inclusive": true }, "5.6 - 5.6.11": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true }, "5.7 - 5.7.9": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true }, "5.8 - 5.8.7": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": true }, "5.9 - 5.9.7": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.7", "to_inclusive": true }, "6.0 - 6.0.5": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true }, "6.1 - 6.1.3": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true }, "6.2 - 6.2.2": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": true }, "6.3 - 6.3.1": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.39", "4.2.36", "4.3.32", "4.4.31", "4.5.30", "4.6.27", "4.7.27", "4.8.23", "4.9.24", "5.0.20", "5.1.17", "5.2.19", "5.3.16", "5.4.14", "5.5.13", "5.6.12", "5.7.10", "5.8.8", "5.9.8", "6.0.6", "6.1.4", "6.2.3", "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fc3f65e-5fbe-403b-b7cd-dde16a7e5778?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fc447bc-841c-443f-9949-a0d852762fd9": { "id": "1fc447bc-841c-443f-9949-a0d852762fd9", "title": "Happy Addons for Elementor <= 3.12.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fc447bc-841c-443f-9949-a0d852762fd9?source=api-scan" ], "published": "2024-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fc58078-7520-4ee7-b5a1-d6a362ac1860": { "id": "1fc58078-7520-4ee7-b5a1-d6a362ac1860", "title": "DeepL Pro API translation <= 2.1.4 - Cross-Site Request Forgery via saveSettings", "software": [ { "type": "plugin", "name": "DeepL API translation plugin", "slug": "wpdeepl", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fc58078-7520-4ee7-b5a1-d6a362ac1860?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fc67bb9-178e-466d-a6c2-adaa377924bd": { "id": "1fc67bb9-178e-466d-a6c2-adaa377924bd", "title": "HTML2WP <= 1.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HTML2WP", "slug": "html2wp", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fc67bb9-178e-466d-a6c2-adaa377924bd?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fc860d4-fa26-489a-acd5-edbf7116d817": { "id": "1fc860d4-fa26-489a-acd5-edbf7116d817", "title": "CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CBX Map for Google Map & OpenStreetMap", "slug": "cbxgooglemap", "affected_versions": { "* - 1.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fc860d4-fa26-489a-acd5-edbf7116d817?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fcbe3d1-449c-4135-bbf5-9ea9236e5328": { "id": "1fcbe3d1-449c-4135-bbf5-9ea9236e5328", "title": "Feed Them Social \u2013 Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "[*, 2.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fcbe3d1-449c-4135-bbf5-9ea9236e5328?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fcd3eec-057a-44f9-a255-e6814a22471b": { "id": "1fcd3eec-057a-44f9-a255-e6814a22471b", "title": "Banner Effect Header <= 1.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Banner Effect Header", "slug": "banner-effect-header", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fcd3eec-057a-44f9-a255-e6814a22471b?source=api-scan" ], "published": "2015-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fcd44c2-5b06-4c3c-b6b2-c58771245fe2": { "id": "1fcd44c2-5b06-4c3c-b6b2-c58771245fe2", "title": "WordPress Importer : Import any XML File to WordPress < 1.0.1 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WP Smart Import : Import any XML File to WordPress", "slug": "wp-smart-import", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fcd44c2-5b06-4c3c-b6b2-c58771245fe2?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fce54b1-e1e6-4742-9eb3-bbfb613ccd70": { "id": "1fce54b1-e1e6-4742-9eb3-bbfb613ccd70", "title": "Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Maintenance Page", "slug": "maintenance-page", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fce54b1-e1e6-4742-9eb3-bbfb613ccd70?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fd0b13c-7447-45da-9608-80b7629d9bbf": { "id": "1fd0b13c-7447-45da-9608-80b7629d9bbf", "title": "Stackable \u2013 Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection", "software": [ { "type": "plugin", "name": "Stackable \u2013 Page Builder Gutenberg Blocks", "slug": "stackable-ultimate-gutenberg-blocks", "affected_versions": { "* - 3.13.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fd0b13c-7447-45da-9608-80b7629d9bbf?source=api-scan" ], "published": "2024-10-11 20:24:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fd566e5-90f5-4f67-8998-85cabea33e93": { "id": "1fd566e5-90f5-4f67-8998-85cabea33e93", "title": "Soledad <= 8.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fd566e5-90f5-4f67-8998-85cabea33e93?source=api-scan" ], "published": "2022-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fd76c2b-ce5d-49a8-8c37-bd204e42d3c0": { "id": "1fd76c2b-ce5d-49a8-8c37-bd204e42d3c0", "title": "Website Contact Form With File Upload < 1.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Website Contact Form With File Upload", "slug": "website-contact-form-with-file-upload", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fd76c2b-ce5d-49a8-8c37-bd204e42d3c0?source=api-scan" ], "published": "2015-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85": { "id": "1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85", "title": "EventPrime <= 2.8.6 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fe257e6-4bdf-49ef-adbb-f82ce378e3e7": { "id": "1fe257e6-4bdf-49ef-adbb-f82ce378e3e7", "title": "Five Star Restaurant Reservations <= 2.4.11 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Five Star Restaurant Reservations \u2013 WordPress Booking Plugin", "slug": "restaurant-reservations", "affected_versions": { "* - 2.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fe257e6-4bdf-49ef-adbb-f82ce378e3e7?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fe961c5-de2b-4494-9d89-6bcc7f6d8cd9": { "id": "1fe961c5-de2b-4494-9d89-6bcc7f6d8cd9", "title": "AgentEasy Properties <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AgentEasy Properties", "slug": "agenteasy-properties", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fe961c5-de2b-4494-9d89-6bcc7f6d8cd9?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40": { "id": "1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40", "title": "WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials", "software": [ { "type": "plugin", "name": "WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100", "slug": "wp2speed", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=api-scan" ], "published": "2024-07-08 19:47:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1feb3fa0-5fd9-443a-830c-cb1700ff30df": { "id": "1feb3fa0-5fd9-443a-830c-cb1700ff30df", "title": "Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Layouts for Elementor", "slug": "layouts-for-elementor", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1feb3fa0-5fd9-443a-830c-cb1700ff30df?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1febe2d8-d354-4c78-a611-c1bb0937e53d": { "id": "1febe2d8-d354-4c78-a611-c1bb0937e53d", "title": "Graphina \u2013 Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "Graphina \u2013 Elementor Charts and Graphs", "slug": "graphina-elementor-charts-and-graphs", "affected_versions": { "* - 1.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=api-scan" ], "published": "2024-05-10 10:03:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ff77089-c6c9-49af-8b08-0977a526fa23": { "id": "1ff77089-c6c9-49af-8b08-0977a526fa23", "title": "WP Telegram Widget and Join Link <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Telegram Widget and Join Link", "slug": "wptelegram-widget", "affected_versions": { "* - 2.1.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ff77089-c6c9-49af-8b08-0977a526fa23?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ffb9a8e-b08f-451b-bdb5-268d7b618b66": { "id": "1ffb9a8e-b08f-451b-bdb5-268d7b618b66", "title": "WordPress Social Login and Register <=7.5.12 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)", "slug": "miniorange-login-openid", "affected_versions": { "7.5.12": { "from_version": "7.5.12", "from_inclusive": true, "to_version": "7.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ffb9a8e-b08f-451b-bdb5-268d7b618b66?source=api-scan" ], "published": "2022-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "1ffbff82-85ba-4f6f-b2de-9ba99003d981": { "id": "1ffbff82-85ba-4f6f-b2de-9ba99003d981", "title": "Consulting Elementor Widgets <= 1.3.0 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Consulting Elementor Widgets", "slug": "consulting-elementor-widgets", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1ffbff82-85ba-4f6f-b2de-9ba99003d981?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2001d14c-2738-4d34-b465-0a76c2f772e6": { "id": "2001d14c-2738-4d34-b465-0a76c2f772e6", "title": "Elementor Pro <= 3.21.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.21.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.21.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.21.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2001d14c-2738-4d34-b465-0a76c2f772e6?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2002fa81-3a4f-4a88-ba52-ed06969d51a3": { "id": "2002fa81-3a4f-4a88-ba52-ed06969d51a3", "title": "Careerfy - Job Board WordPress Theme <= 3.9.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2002fa81-3a4f-4a88-ba52-ed06969d51a3?source=api-scan" ], "published": "2020-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20033eb0-512f-48ea-8ef7-e22701a2c5d7": { "id": "20033eb0-512f-48ea-8ef7-e22701a2c5d7", "title": "SEO Redirection <= 8.1 - Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "* - 8.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20033eb0-512f-48ea-8ef7-e22701a2c5d7?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2003cef3-06b0-4012-9629-19c0765553dd": { "id": "2003cef3-06b0-4012-9629-19c0765553dd", "title": "Site Reviews <= 6.11.6 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 6.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2003cef3-06b0-4012-9629-19c0765553dd?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2006dbb8-2aa8-4890-b6ce-18257c64b970": { "id": "2006dbb8-2aa8-4890-b6ce-18257c64b970", "title": "JobSearch WP Job Board <= 1.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "[*, 1.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2006dbb8-2aa8-4890-b6ce-18257c64b970?source=api-scan" ], "published": "2020-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20077e55-fe75-49c7-ba3f-ccd683a3f722": { "id": "20077e55-fe75-49c7-ba3f-ccd683a3f722", "title": "Vithy (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Vithy", "slug": "vithy", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20077e55-fe75-49c7-ba3f-ccd683a3f722?source=api-scan" ], "published": "2014-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "200b3446-6107-434b-b46d-2078461f3f94": { "id": "200b3446-6107-434b-b46d-2078461f3f94", "title": "ImagePress \u2013 Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "ImagePress \u2013 Image Gallery", "slug": "image-gallery", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/200b3446-6107-434b-b46d-2078461f3f94?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "200b579a-0287-4e2a-afb2-3b77b94dad25": { "id": "200b579a-0287-4e2a-afb2-3b77b94dad25", "title": "Spiffy Calendar <= 4.9.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/200b579a-0287-4e2a-afb2-3b77b94dad25?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "200baebd-7fd1-4df6-99ab-71f999b4e85a": { "id": "200baebd-7fd1-4df6-99ab-71f999b4e85a", "title": "Bosa Elementor Addons and Templates for WooCommerce <= 1.0.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "Bosa Elementor Addons and Templates for WooCommerce", "slug": "bosa-elementor-for-woocommerce", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/200baebd-7fd1-4df6-99ab-71f999b4e85a?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "200fbfc1-df21-43b0-8eb1-b2ba0cc0c0df": { "id": "200fbfc1-df21-43b0-8eb1-b2ba0cc0c0df", "title": "WooCommerce PDF Invoice Builder <= 1.2.89 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "PDF Builder for WooCommerce. Create invoices,packing slips and more", "slug": "woo-pdf-invoice-builder", "affected_versions": { "* - 1.2.91": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/200fbfc1-df21-43b0-8eb1-b2ba0cc0c0df?source=api-scan" ], "published": "2023-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2012090d-fd96-4609-aef1-0e3ec5dd2e38": { "id": "2012090d-fd96-4609-aef1-0e3ec5dd2e38", "title": "Pagination by BestWebSoft <= 1.0.6 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pagination by BestWebSoft \u2013 Customizable WordPress Content Splitter and Navigation Plugin", "slug": "pagination", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2012090d-fd96-4609-aef1-0e3ec5dd2e38?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20140f76-b369-4191-bfd1-0f508112ce0a": { "id": "20140f76-b369-4191-bfd1-0f508112ce0a", "title": "WordPress Renaming Tool by Vlajo <= 1.0 - Path Traversal", "software": [ { "type": "plugin", "name": "WordPress Renaming Tool by Vlajo", "slug": "wp-instance-rename", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20140f76-b369-4191-bfd1-0f508112ce0a?source=api-scan" ], "published": "2015-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20151f80-c25f-482e-a2b0-34607dba9d1e": { "id": "20151f80-c25f-482e-a2b0-34607dba9d1e", "title": "Floating Button <= 6.0 - Cross-Site Request Forgery via process_bulk_action", "software": [ { "type": "plugin", "name": "Floating Button", "slug": "floating-button", "affected_versions": { "* - 6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20151f80-c25f-482e-a2b0-34607dba9d1e?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2016224c-a9f9-4161-885f-310830f48038": { "id": "2016224c-a9f9-4161-885f-310830f48038", "title": "WP Timed Popout <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timed Popup WordPress Plugin", "slug": "wp-timed-popup", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2016224c-a9f9-4161-885f-310830f48038?source=api-scan" ], "published": "2014-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20199c88-1800-4d18-a0ee-0219be77b429": { "id": "20199c88-1800-4d18-a0ee-0219be77b429", "title": "Annual Archive <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Annual Archive", "slug": "anual-archive", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20199c88-1800-4d18-a0ee-0219be77b429?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20227433-a2f0-4a00-b6cc-95708135c0b8": { "id": "20227433-a2f0-4a00-b6cc-95708135c0b8", "title": "MailUp newsletter sign-up form < 1.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailUp newsletter sign-up form", "slug": "wp-mailup", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20227433-a2f0-4a00-b6cc-95708135c0b8?source=api-scan" ], "published": "2013-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2022fa8b-2b2a-43a3-9447-90eed326f187": { "id": "2022fa8b-2b2a-43a3-9447-90eed326f187", "title": "Welcart e-Commerce < 1.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2022fa8b-2b2a-43a3-9447-90eed326f187?source=api-scan" ], "published": "2012-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20283c28-6640-4082-82ca-7f8769e4ccc0": { "id": "20283c28-6640-4082-82ca-7f8769e4ccc0", "title": "WordPress MU < 2.6 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "[*, 2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20283c28-6640-4082-82ca-7f8769e4ccc0?source=api-scan" ], "published": "2008-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "202a8724-14da-4edb-870e-2fee205b1d53": { "id": "202a8724-14da-4edb-870e-2fee205b1d53", "title": "Vision Interactive For WordPress <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Vision \u2013 Interactive Image Map Builder", "slug": "vision", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/202a8724-14da-4edb-870e-2fee205b1d53?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "202c14d0-9207-47cb-9410-ca4c70d7b6d2": { "id": "202c14d0-9207-47cb-9410-ca4c70d7b6d2", "title": "Google Tag Manager for WordPress (GTM4WP) <= 1.15.1 - Stored Cross-Site Scripting via Content Element ID", "software": [ { "type": "plugin", "name": "GTM4WP \u2013 A Google Tag Manager (GTM) plugin for WordPress", "slug": "duracelltomi-google-tag-manager", "affected_versions": { "* - 1.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2030698f-1180-432b-9a66-3039fdda79fd": { "id": "2030698f-1180-432b-9a66-3039fdda79fd", "title": "Booster for WooCommerce <= 5.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2030698f-1180-432b-9a66-3039fdda79fd?source=api-scan" ], "published": "2022-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "203ab09f-7344-4cab-86bf-0c1ec545d78f": { "id": "203ab09f-7344-4cab-86bf-0c1ec545d78f", "title": "Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/203ab09f-7344-4cab-86bf-0c1ec545d78f?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "203ba9ca-2054-465f-ad93-ff103cade8aa": { "id": "203ba9ca-2054-465f-ad93-ff103cade8aa", "title": "wpDataTables (Premium) <= 3.4.1 - Improper Access Control leading to Table Data Deletion", "software": [ { "type": "plugin", "name": "wpDataTables (Premium)", "slug": "wpdatatables", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/203ba9ca-2054-465f-ad93-ff103cade8aa?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2046c6cf-32fa-4fac-a4bc-00f11f739d14": { "id": "2046c6cf-32fa-4fac-a4bc-00f11f739d14", "title": "Website File Changes Monitor <= 1.8.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Melapress File Monitor", "slug": "website-file-changes-monitor", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2046c6cf-32fa-4fac-a4bc-00f11f739d14?source=api-scan" ], "published": "2022-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2052278d-f1df-4a31-8688-11c7c8d20e07": { "id": "2052278d-f1df-4a31-8688-11c7c8d20e07", "title": "Groundhogg <= 2.0.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2052278d-f1df-4a31-8688-11c7c8d20e07?source=api-scan" ], "published": "2019-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "205a3e43-8ac6-4a0d-86d3-bb433a992e3d": { "id": "205a3e43-8ac6-4a0d-86d3-bb433a992e3d", "title": "RokIntroScroller <= 1.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "RokIntroScroller", "slug": "wp_rokintroscroller", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/205a3e43-8ac6-4a0d-86d3-bb433a992e3d?source=api-scan" ], "published": "2013-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "205a6972-b49f-4b6d-b0de-7a047d5ee496": { "id": "205a6972-b49f-4b6d-b0de-7a047d5ee496", "title": "WP Upload Restriction <= 2.2.4 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "WP Upload Restriction", "slug": "wp-upload-restriction", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/205a6972-b49f-4b6d-b0de-7a047d5ee496?source=api-scan" ], "published": "2021-07-02 15:05:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "205d639c-6fc9-425c-b7ec-89217e02a028": { "id": "205d639c-6fc9-425c-b7ec-89217e02a028", "title": "Database Peek <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Database Peek", "slug": "database-peek", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/205d639c-6fc9-425c-b7ec-89217e02a028?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "205e0b90-0d84-4b16-b968-8ec7770f0695": { "id": "205e0b90-0d84-4b16-b968-8ec7770f0695", "title": "ACF Frontend Display <= 2.0.6 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "acf-frontend-display", "slug": "acf-frontend-display", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/205e0b90-0d84-4b16-b968-8ec7770f0695?source=api-scan" ], "published": "2015-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2061a442-eccd-4a57-a5c5-a432fcea8394": { "id": "2061a442-eccd-4a57-a5c5-a432fcea8394", "title": "Administrator Z <= 2022.9.28 - Unauthorized File Upload via ACF", "software": [ { "type": "plugin", "name": "Administrator Z", "slug": "administrator-z", "affected_versions": { "* - 2022.9.28": { "from_version": "*", "from_inclusive": true, "to_version": "2022.9.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2022.9.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2061a442-eccd-4a57-a5c5-a432fcea8394?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "206261fa-58b6-4407-b8e1-2315836b6c88": { "id": "206261fa-58b6-4407-b8e1-2315836b6c88", "title": "Chat Bubble <= 2.3 - Cross-Site Request Forgery via cbb_submit_settings_data", "software": [ { "type": "plugin", "name": "Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back", "slug": "chat-bubble", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/206261fa-58b6-4407-b8e1-2315836b6c88?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "206c3f15-72d2-4aac-9500-0f794485639e": { "id": "206c3f15-72d2-4aac-9500-0f794485639e", "title": "Total Donations <= 2.0.5 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Total Donations", "slug": "total-donations", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/206c3f15-72d2-4aac-9500-0f794485639e?source=api-scan" ], "published": "2019-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "206c5736-d9d9-4029-afdf-d76251cc81ac": { "id": "206c5736-d9d9-4029-afdf-d76251cc81ac", "title": "Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/206c5736-d9d9-4029-afdf-d76251cc81ac?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "206d343d-6ed6-461c-bf7d-cf5011ed956f": { "id": "206d343d-6ed6-461c-bf7d-cf5011ed956f", "title": "AI Engine <= 2.1.4 - Authenticated (Editor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/206d343d-6ed6-461c-bf7d-cf5011ed956f?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20746c92-6e63-47dd-b0f7-9d20bdbdd9cb": { "id": "20746c92-6e63-47dd-b0f7-9d20bdbdd9cb", "title": "DesignFolio Plus Theme (Unkown Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "DesignFolio Pllus", "slug": "designfolio-plus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20746c92-6e63-47dd-b0f7-9d20bdbdd9cb?source=api-scan" ], "published": "2015-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2077bd81-52bd-4aa7-85f6-9abb02aec65b": { "id": "2077bd81-52bd-4aa7-85f6-9abb02aec65b", "title": "JCH Optimize <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification", "software": [ { "type": "plugin", "name": "JCH Optimize", "slug": "jch-optimize", "affected_versions": { "[*, 4.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2077bd81-52bd-4aa7-85f6-9abb02aec65b?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20793de1-468f-4b9d-8e1f-b05dc204c0fb": { "id": "20793de1-468f-4b9d-8e1f-b05dc204c0fb", "title": "Post, Registration and Profile Form Builder \u2013 FrontEnd Editor BuddyForms \u2013 Easy WordPress Forms <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20793de1-468f-4b9d-8e1f-b05dc204c0fb?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "207b40fa-2062-48d6-990b-f05cbbf8fb8e": { "id": "207b40fa-2062-48d6-990b-f05cbbf8fb8e", "title": "Event Registration Calendar By vcita <= 1.3.1 & Online Payments \u2013 Get Paid with PayPal, Square & Stripe <= 3.9.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Registration Calendar By vcita", "slug": "event-registration-calendar-by-vcita", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Online Payments \u2013 Get Paid with PayPal, Square & Stripe", "slug": "paypal-payment-button-by-vcita", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/207b40fa-2062-48d6-990b-f05cbbf8fb8e?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "207f7684-aeee-4267-ba29-ca9aacc0a690": { "id": "207f7684-aeee-4267-ba29-ca9aacc0a690", "title": "Events Manager < 5.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/207f7684-aeee-4267-ba29-ca9aacc0a690?source=api-scan" ], "published": "2012-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20813a6f-672e-4c06-a5a6-737483f4d402": { "id": "20813a6f-672e-4c06-a5a6-737483f4d402", "title": "Featured Image from URL <= 4.8.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Featured Image from URL (FIFU)", "slug": "featured-image-from-url", "affected_versions": { "* - 4.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20813a6f-672e-4c06-a5a6-737483f4d402?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20835df3-677c-4136-af50-46bc272e4f9e": { "id": "20835df3-677c-4136-af50-46bc272e4f9e", "title": "Pie Register \u2013 User Registration Forms. Invitation based registrations, Custom Login, Payments <= 3.7.2.3 - Open Redirect", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 3.7.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20835df3-677c-4136-af50-46bc272e4f9e?source=api-scan" ], "published": "2021-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2083fdf7-e251-4162-b38f-8dab4395a8a7": { "id": "2083fdf7-e251-4162-b38f-8dab4395a8a7", "title": "WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPvivid Backup for MainWP", "slug": "wpvivid-backup-mainwp", "affected_versions": { "* - 0.9.33": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2083fdf7-e251-4162-b38f-8dab4395a8a7?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20842e95-4b91-4138-9e32-7c090724bf64": { "id": "20842e95-4b91-4138-9e32-7c090724bf64", "title": "WP Recipe Maker <= 9.1.0 - Reflected Cross-Site Scripting via Referer", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20842e95-4b91-4138-9e32-7c090724bf64?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2085c9a3-1cc7-4750-875e-d20c7f94bb78": { "id": "2085c9a3-1cc7-4750-875e-d20c7f94bb78", "title": "Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2085c9a3-1cc7-4750-875e-d20c7f94bb78?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "208c5ed1-879f-45ea-833e-d2e54c4f063f": { "id": "208c5ed1-879f-45ea-833e-d2e54c4f063f", "title": "WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.32": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/208c5ed1-879f-45ea-833e-d2e54c4f063f?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20910787-b99d-475e-acc9-cc2bb669aa56": { "id": "20910787-b99d-475e-acc9-cc2bb669aa56", "title": "Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.2 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "plugin", "name": "Waitlist Woocommerce ( Back in stock notifier )", "slug": "waitlist-woocommerce", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20910787-b99d-475e-acc9-cc2bb669aa56?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2097ab8b-6f7b-4a64-b31a-be3a09ae12bf": { "id": "2097ab8b-6f7b-4a64-b31a-be3a09ae12bf", "title": "WP Translate <= 5.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Translate \u2013 WordPress Translation Plugin", "slug": "wp-translate", "affected_versions": { "* - 5.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2097ab8b-6f7b-4a64-b31a-be3a09ae12bf?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20989781-def0-4ffd-bf24-40ed34b3e922": { "id": "20989781-def0-4ffd-bf24-40ed34b3e922", "title": "WP Fastest Cache <= 0.9.1.6 - Authenticated (Admin+) Directory Traversal to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "[*, 0.9.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20989781-def0-4ffd-bf24-40ed34b3e922?source=api-scan" ], "published": "2021-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20a6a58f-b6c0-4132-932b-c6def8e9e7c0": { "id": "20a6a58f-b6c0-4132-932b-c6def8e9e7c0", "title": "gAppointments <= 1.9.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "gAppointments - Appointment booking addon for Gravity Forms", "slug": "gAppointments", "affected_versions": { "* - 1.9.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20a6a58f-b6c0-4132-932b-c6def8e9e7c0?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20b3cd2a-ee32-49e0-8281-16afb8e42448": { "id": "20b3cd2a-ee32-49e0-8281-16afb8e42448", "title": "Jetpack CRM <= 5.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack CRM \u2013 Clients, Leads, Invoices, Billing, Email Marketing, & Automation", "slug": "zero-bs-crm", "affected_versions": { "* - 5.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20b3cd2a-ee32-49e0-8281-16afb8e42448?source=api-scan" ], "published": "2023-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20be9a37-9e9f-4791-a27c-e0db007be787": { "id": "20be9a37-9e9f-4791-a27c-e0db007be787", "title": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20be9a37-9e9f-4791-a27c-e0db007be787?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20cd08ac-826f-40dd-804a-546b0c334b66": { "id": "20cd08ac-826f-40dd-804a-546b0c334b66", "title": "WP Table Builder \u2013 WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Table Builder \u2013 WordPress Table Plugin", "slug": "wp-table-builder", "affected_versions": { "* - 1.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20cd08ac-826f-40dd-804a-546b0c334b66?source=api-scan" ], "published": "2024-05-20 21:19:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20cd3fff-0488-4bc2-961b-2427925e6a96": { "id": "20cd3fff-0488-4bc2-961b-2427925e6a96", "title": "Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20cd3fff-0488-4bc2-961b-2427925e6a96?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20d16cc4-3bc2-4f1b-b7ba-17993199a997": { "id": "20d16cc4-3bc2-4f1b-b7ba-17993199a997", "title": "User profile <= 2.0.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User profile", "slug": "user-profile", "affected_versions": { "* - 2.0.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20d16cc4-3bc2-4f1b-b7ba-17993199a997?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20d30931-bfaf-47bb-9265-b326c959b871": { "id": "20d30931-bfaf-47bb-9265-b326c959b871", "title": "Contact Form by Supsystic <= 1.7.28 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Contact Form by Supsystic", "slug": "contact-form-by-supsystic", "affected_versions": { "* - 1.7.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20d30931-bfaf-47bb-9265-b326c959b871?source=api-scan" ], "published": "2024-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20d5848e-7772-45dc-ad6f-edb9164c8d44": { "id": "20d5848e-7772-45dc-ad6f-edb9164c8d44", "title": "MP3-jPlayer <= 2.4.2 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "MP3-jPlayer", "slug": "mp3-jplayer", "affected_versions": { "[*, 2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20d5848e-7772-45dc-ad6f-edb9164c8d44?source=api-scan" ], "published": "2015-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20d5ff9e-9920-47c7-aa8d-e4f9f1646080": { "id": "20d5ff9e-9920-47c7-aa8d-e4f9f1646080", "title": "ARForms Form Builder <= 1.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "slug": "arforms-form-builder", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20d5ff9e-9920-47c7-aa8d-e4f9f1646080?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20d989d9-6bf0-4f9f-acf4-b4c3452855cc": { "id": "20d989d9-6bf0-4f9f-acf4-b4c3452855cc", "title": "Custom 404 Pro <= 3.7.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20d989d9-6bf0-4f9f-acf4-b4c3452855cc?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20daf751-176d-48f2-ac68-480fda89cee1": { "id": "20daf751-176d-48f2-ac68-480fda89cee1", "title": "WordPress Pinterest Plugin <= 1.6.1 - Stored (Contributor+) Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Pinterest Plugin \u2013 Make a Popup, User Profile, Masonry and Gallery Layout", "slug": "gs-pinterest-portfolio", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20daf751-176d-48f2-ac68-480fda89cee1?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20de9544-b2fe-470c-a7a4-b662b59d6d31": { "id": "20de9544-b2fe-470c-a7a4-b662b59d6d31", "title": "Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Cart66 Lite :: WordPress Ecommerce", "slug": "cart66-lite", "affected_versions": { "[*, 1.5.1.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20de9544-b2fe-470c-a7a4-b662b59d6d31?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20deedff-8980-4ac2-a74e-c52cfe57e839": { "id": "20deedff-8980-4ac2-a74e-c52cfe57e839", "title": "Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "[*, 2.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20deedff-8980-4ac2-a74e-c52cfe57e839?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20df30e2-7e59-479c-946d-e0128b7d8401": { "id": "20df30e2-7e59-479c-946d-e0128b7d8401", "title": "I Recommend This < 3.7.3 - SQL Injection", "software": [ { "type": "plugin", "name": "I Recommend This", "slug": "i-recommend-this", "affected_versions": { "[*, 3.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20df30e2-7e59-479c-946d-e0128b7d8401?source=api-scan" ], "published": "2014-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20eff8fc-0572-40b9-ab28-758c7ab8ed73": { "id": "20eff8fc-0572-40b9-ab28-758c7ab8ed73", "title": "Ajax Load More plugin < 5.3.2 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "[*, 5.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20eff8fc-0572-40b9-ab28-758c7ab8ed73?source=api-scan" ], "published": "2020-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20f31e48-0dbb-498a-a400-681cacea7c9c": { "id": "20f31e48-0dbb-498a-a400-681cacea7c9c", "title": "Contact Form for Plugin by Fluent Forms <= 5.0.8 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "[*, 5.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20f31e48-0dbb-498a-a400-681cacea7c9c?source=api-scan" ], "published": "2023-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "20fdbe6b-45a8-41f4-8dde-35a0f9ea04a1": { "id": "20fdbe6b-45a8-41f4-8dde-35a0f9ea04a1", "title": "Easy Digital Downloads <= 3.2.12 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/20fdbe6b-45a8-41f4-8dde-35a0f9ea04a1?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2100071c-aa66-445b-acef-7655e64f47e0": { "id": "2100071c-aa66-445b-acef-7655e64f47e0", "title": "H5P <= 1.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Interactive Content \u2013 H5P", "slug": "h5p", "affected_versions": { "* - 1.15.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2100071c-aa66-445b-acef-7655e64f47e0?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "210fd125-285d-4d07-bd39-b5ea222025ea": { "id": "210fd125-285d-4d07-bd39-b5ea222025ea", "title": "Starbox \u2013 the Author Box for Humans <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Starbox \u2013 the Author Box for Humans", "slug": "starbox", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/210fd125-285d-4d07-bd39-b5ea222025ea?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2111df14-63a3-4e3c-87b8-d0e71812d32c": { "id": "2111df14-63a3-4e3c-87b8-d0e71812d32c", "title": "Nextend Social Login and Register <= 1.5.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nextend Social Login and Register", "slug": "nextend-facebook-connect", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2111df14-63a3-4e3c-87b8-d0e71812d32c?source=api-scan" ], "published": "2014-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "211350ac-24c4-4aa7-aea6-5dc44f753185": { "id": "211350ac-24c4-4aa7-aea6-5dc44f753185", "title": "Database Backup for WordPress <= 2.5.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Database Backup for WordPress", "slug": "wp-db-backup", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/211350ac-24c4-4aa7-aea6-5dc44f753185?source=api-scan" ], "published": "2022-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "211634f6-afc4-4841-8851-6c56a248af95": { "id": "211634f6-afc4-4841-8851-6c56a248af95", "title": "GD Star Rating <= 1.9.22 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "GD Star Rating", "slug": "gd-star-rating", "affected_versions": { "* - 1.9.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/211634f6-afc4-4841-8851-6c56a248af95?source=api-scan" ], "published": "2014-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "211aa83e-e97b-4fd7-8cfe-308ac698c17e": { "id": "211aa83e-e97b-4fd7-8cfe-308ac698c17e", "title": "Search Exclude <= 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Search Exclude", "slug": "search-exclude", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/211aa83e-e97b-4fd7-8cfe-308ac698c17e?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "211ffeb3-6f6b-4b90-b229-acdee49a801a": { "id": "211ffeb3-6f6b-4b90-b229-acdee49a801a", "title": "Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content <= 0.6.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content", "slug": "brave-popup-builder", "affected_versions": { "* - 0.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/211ffeb3-6f6b-4b90-b229-acdee49a801a?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21238925-b87c-43ea-b4ab-9b5d311d3a0a": { "id": "21238925-b87c-43ea-b4ab-9b5d311d3a0a", "title": "WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Eggdrop", "slug": "wp-eggdrop", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21238925-b87c-43ea-b4ab-9b5d311d3a0a?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2123a3cc-08f1-4e30-ac61-275d45cd1227": { "id": "2123a3cc-08f1-4e30-ac61-275d45cd1227", "title": "Product Input Fields for WooCommerce <= 1.7.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Product Input Fields for WooCommerce", "slug": "product-input-fields-for-woocommerce", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2123a3cc-08f1-4e30-ac61-275d45cd1227?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21291ed7-cdc0-4698-9ec4-8417160845ed": { "id": "21291ed7-cdc0-4698-9ec4-8417160845ed", "title": "LearnPress <= 4.2.5.7 - Command Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21291ed7-cdc0-4698-9ec4-8417160845ed?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "212b7da7-bd3e-42df-8b50-a3eb472cf440": { "id": "212b7da7-bd3e-42df-8b50-a3eb472cf440", "title": "Zendesk Support for WordPress <= 1.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Zendesk Support for WordPress", "slug": "zendesk", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/212b7da7-bd3e-42df-8b50-a3eb472cf440?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "212dd123-42d4-4dd2-a2e2-bf0c43e805bf": { "id": "212dd123-42d4-4dd2-a2e2-bf0c43e805bf", "title": "Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons", "software": [ { "type": "plugin", "name": "Forget About Shortcode Buttons", "slug": "forget-about-shortcode-buttons", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/212dd123-42d4-4dd2-a2e2-bf0c43e805bf?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "212e33f8-438b-4781-913f-a4f9f6d24a89": { "id": "212e33f8-438b-4781-913f-a4f9f6d24a89", "title": "Dropdown Multisite selector <= 0.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Dropdown multisite selector", "slug": "dropdown-multisite-selector", "affected_versions": { "* - 0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/212e33f8-438b-4781-913f-a4f9f6d24a89?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2131e418-bd95-4bd1-868f-0bd3b4abdf78": { "id": "2131e418-bd95-4bd1-868f-0bd3b4abdf78", "title": "Tainacan <= 0.18.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.18.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.18.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.18.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2131e418-bd95-4bd1-868f-0bd3b4abdf78?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21322495-a709-45a9-b8df-c3a3aeb1f260": { "id": "21322495-a709-45a9-b8df-c3a3aeb1f260", "title": "Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21322495-a709-45a9-b8df-c3a3aeb1f260?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2132d5b4-583d-46c0-be5e-6664bee9cad2": { "id": "2132d5b4-583d-46c0-be5e-6664bee9cad2", "title": "DethemeKit For Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DethemeKit For Elementor", "slug": "dethemekit-for-elementor", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2132d5b4-583d-46c0-be5e-6664bee9cad2?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21340ccf-eae5-4089-876f-60c3d6510d4a": { "id": "21340ccf-eae5-4089-876f-60c3d6510d4a", "title": "PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Viewer for Elementor", "slug": "pdf-viewer-for-elementor", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21340ccf-eae5-4089-876f-60c3d6510d4a?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21341d9c-9f04-4bc6-b9fc-6fa8afd3cf5c": { "id": "21341d9c-9f04-4bc6-b9fc-6fa8afd3cf5c", "title": "Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper'", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.216": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.216", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.217" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21341d9c-9f04-4bc6-b9fc-6fa8afd3cf5c?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "213b6dec-a64d-4597-a079-8fb82df9c8b4": { "id": "213b6dec-a64d-4597-a079-8fb82df9c8b4", "title": "Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via orderby", "software": [ { "type": "plugin", "name": "Five Minute Webshop", "slug": "five-minute-webshop", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/213b6dec-a64d-4597-a079-8fb82df9c8b4?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "213fde1b-13dc-442a-8f48-4b1074155a6f": { "id": "213fde1b-13dc-442a-8f48-4b1074155a6f", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/213fde1b-13dc-442a-8f48-4b1074155a6f?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2144ba9f-cb0a-4b54-a23f-3ecb2548a490": { "id": "2144ba9f-cb0a-4b54-a23f-3ecb2548a490", "title": "WordPress Core < 5.2.4 - Cache Poisoning", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.30": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.30", "to_inclusive": true }, "3.8 - 3.8.30": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.30", "to_inclusive": true }, "3.9 - 3.9.28": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.28", "to_inclusive": true }, "4.0 - 4.0.27": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true }, "4.1 - 4.1.27": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.27", "to_inclusive": true }, "4.2 - 4.2.24": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.24", "to_inclusive": true }, "4.3 - 4.3.20": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true }, "4.4 - 4.4.19": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.19", "to_inclusive": true }, "4.5 - 4.5.18": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.18", "to_inclusive": true }, "4.6 - 4.6.15": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true }, "4.7 - 4.7.14": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.14", "to_inclusive": true }, "4.8 - 4.8.10": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.10", "to_inclusive": true }, "4.9 - 4.9.11": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.11", "to_inclusive": true }, "5.0 - 5.0.6": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true }, "5.1 - 5.1.2": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true }, "5.2 - 5.2.3": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.31", "3.8.31", "3.9.29", "4.0.28", "4.1.28", "4.2.25", "4.3.21", "4.4.20", "4.5.19", "4.6.16", "4.7.15", "4.8.11", "4.9.12", "5.0.7", "5.1.3", "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2144ba9f-cb0a-4b54-a23f-3ecb2548a490?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21456889-058c-46a5-80c3-a0c8f90cd3bf": { "id": "21456889-058c-46a5-80c3-a0c8f90cd3bf", "title": "Media Library Assistant <= 2.81 - Remote Code Execution via tax_query, meta_query, date_query Parameters", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 2.81": { "from_version": "*", "from_inclusive": true, "to_version": "2.81", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.82" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21456889-058c-46a5-80c3-a0c8f90cd3bf?source=api-scan" ], "published": "2019-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2148809e-b7fe-4104-b70f-d4137c85e92f": { "id": "2148809e-b7fe-4104-b70f-d4137c85e92f", "title": "eaSYNC <= 1.3.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Free Booking Plugin for Hotels, Restaurants and Car Rentals \u2013 eaSYNC Booking", "slug": "easync-booking", "affected_versions": { "* - 1.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2148809e-b7fe-4104-b70f-d4137c85e92f?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2153f7e2-0d39-4784-a1f5-aa77959306a7": { "id": "2153f7e2-0d39-4784-a1f5-aa77959306a7", "title": "Jetpack <= 4.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 4.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2153f7e2-0d39-4784-a1f5-aa77959306a7?source=api-scan" ], "published": "2017-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21542a9e-efa2-4655-b076-d282e3678fdf": { "id": "21542a9e-efa2-4655-b076-d282e3678fdf", "title": "Goods Catalog <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Goods Catalog", "slug": "goods-catalog", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21542a9e-efa2-4655-b076-d282e3678fdf?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2154383e-eabb-4964-8991-423dd68d5efb": { "id": "2154383e-eabb-4964-8991-423dd68d5efb", "title": "WP RSS Aggregator <= 4.23.5 - Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source", "software": [ { "type": "plugin", "name": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging", "slug": "wp-rss-aggregator", "affected_versions": { "4.23.5": { "from_version": "4.23.5", "from_inclusive": true, "to_version": "4.23.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.23.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2154383e-eabb-4964-8991-423dd68d5efb?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2156af57-d98b-4d0a-b7aa-0281c951c82f": { "id": "2156af57-d98b-4d0a-b7aa-0281c951c82f", "title": "HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting via playlist parameter", "software": [ { "type": "plugin", "name": "HDW WordPress Video Gallery", "slug": "hdw-tube", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2156af57-d98b-4d0a-b7aa-0281c951c82f?source=api-scan" ], "published": "2016-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "215937d9-739b-4198-b375-6d171bbac64a": { "id": "215937d9-739b-4198-b375-6d171bbac64a", "title": "WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/215937d9-739b-4198-b375-6d171bbac64a?source=api-scan" ], "published": "2021-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21597f22-2690-4a3d-965f-bc99326b7e64": { "id": "21597f22-2690-4a3d-965f-bc99326b7e64", "title": "Fancy Comments WordPress <= 1.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Fancy Comments WordPress", "slug": "fancy-facebook-comments", "affected_versions": { "* - 1.2.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21597f22-2690-4a3d-965f-bc99326b7e64?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "215d5d9e-dabb-462d-8c51-952f8c497b78": { "id": "215d5d9e-dabb-462d-8c51-952f8c497b78", "title": "LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/215d5d9e-dabb-462d-8c51-952f8c497b78?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "215ea2de-538b-4f24-98f8-67b8314453cd": { "id": "215ea2de-538b-4f24-98f8-67b8314453cd", "title": "SMS Alert Order Notifications \u2013 WooCommerce <= 3.4.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SMS Alert Order Notifications \u2013 WooCommerce", "slug": "sms-alert", "affected_versions": { "[*, 3.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/215ea2de-538b-4f24-98f8-67b8314453cd?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21614b80-f632-466b-9612-f616bbbc267d": { "id": "21614b80-f632-466b-9612-f616bbbc267d", "title": "Activity Log <= 2.4.0 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Activity Log \u2013 Monitor & Record User Changes", "slug": "aryo-activity-log", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21614b80-f632-466b-9612-f616bbbc267d?source=api-scan" ], "published": "2018-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21618fba-3f57-43b2-b9ea-13484301755d": { "id": "21618fba-3f57-43b2-b9ea-13484301755d", "title": "Profile Builder <= 3.11.2 - Restricted Email Bypass", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.11.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21618fba-3f57-43b2-b9ea-13484301755d?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2162601a-3b94-4d6b-959e-99ba68d1271a": { "id": "2162601a-3b94-4d6b-959e-99ba68d1271a", "title": "EleForms <= 2.9.9.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "EleForms \u2013 All In One Form Integration including DB for Elementor", "slug": "all-contact-form-integration-for-elementor", "affected_versions": { "* - 2.9.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2162601a-3b94-4d6b-959e-99ba68d1271a?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2163af55-1ea4-4c60-b9f0-baf99297c6bc": { "id": "2163af55-1ea4-4c60-b9f0-baf99297c6bc", "title": "Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Quttera Web Malware Scanner", "slug": "quttera-web-malware-scanner", "affected_versions": { "* - 3.4.1.48": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2163af55-1ea4-4c60-b9f0-baf99297c6bc?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2178b39c-5341-4f53-82be-668b400d7f25": { "id": "2178b39c-5341-4f53-82be-668b400d7f25", "title": "Userback <= 1.0.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Userback", "slug": "userback", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2178b39c-5341-4f53-82be-668b400d7f25?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "217b1213-de46-4c1d-baea-41a859bfcc60": { "id": "217b1213-de46-4c1d-baea-41a859bfcc60", "title": "WP User Manager <= 2.9.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP User Manager \u2013 User Profile Builder & Membership", "slug": "wp-user-manager", "affected_versions": { "* - 2.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/217b1213-de46-4c1d-baea-41a859bfcc60?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "217b4ed7-90d3-4871-b034-7e1b324dc6a2": { "id": "217b4ed7-90d3-4871-b034-7e1b324dc6a2", "title": "WP Contact Slider <= 2.4.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Contact Slider \u2013 Slide Out Contact Form for WordPress to display Contact Form 7, Gravity Forms, WP Forms, Ninja Forms, plain text\/HTML & other shortcodes", "slug": "wp-contact-slider", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/217b4ed7-90d3-4871-b034-7e1b324dc6a2?source=api-scan" ], "published": "2022-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "217cc880-8400-4a97-a024-7b55e6ab69dd": { "id": "217cc880-8400-4a97-a024-7b55e6ab69dd", "title": "WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Wishlist Member", "slug": "wishlist-member-x", "affected_versions": { "* - 3.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.25.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/217cc880-8400-4a97-a024-7b55e6ab69dd?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "217d3148-d411-4fff-a4f6-d5d02ef207af": { "id": "217d3148-d411-4fff-a4f6-d5d02ef207af", "title": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-blocks", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/217d3148-d411-4fff-a4f6-d5d02ef207af?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "217d68dc-6133-4b7e-9d8f-bb8fc18f1c12": { "id": "217d68dc-6133-4b7e-9d8f-bb8fc18f1c12", "title": "001 Prime Strategy Translate Accelerator <= 1.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "001 Prime Strategy Translate Accelerator", "slug": "001-prime-strategy-translate-accelerator", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/217d68dc-6133-4b7e-9d8f-bb8fc18f1c12?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "217da4de-38df-41ff-b138-f12d4f8999cd": { "id": "217da4de-38df-41ff-b138-f12d4f8999cd", "title": "Simple Popup Plugin <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Popup Plugin", "slug": "simple-popup-plugin", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/217da4de-38df-41ff-b138-f12d4f8999cd?source=api-scan" ], "published": "2024-09-27 13:55:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2180dc08-25a8-474b-b382-5ce359de04b5": { "id": "2180dc08-25a8-474b-b382-5ce359de04b5", "title": "Popup Manager <= 1.6.6 - Missing Authorization to Arbitrary Popup Deletion", "software": [ { "type": "plugin", "name": "Popup Manager", "slug": "popup-manager", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2180dc08-25a8-474b-b382-5ce359de04b5?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2181ede3-d8ac-4b62-98e5-7f4448a8cee4": { "id": "2181ede3-d8ac-4b62-98e5-7f4448a8cee4", "title": "Easy Logo <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Logo", "slug": "easylogo", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2181ede3-d8ac-4b62-98e5-7f4448a8cee4?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "218b4564-bfaf-4e65-94c4-b6b15b60b707": { "id": "218b4564-bfaf-4e65-94c4-b6b15b60b707", "title": "Activity Reactions For Buddypress <= 1.0.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Activity Reactions For Buddypress", "slug": "activity-reactions-for-buddypress", "affected_versions": { "* - 1.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/218b4564-bfaf-4e65-94c4-b6b15b60b707?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "218f08d5-c1cb-462c-abc5-d5b41044f8aa": { "id": "218f08d5-c1cb-462c-abc5-d5b41044f8aa", "title": "Activity Log <= 2.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Activity Log \u2013 Monitor & Record User Changes", "slug": "aryo-activity-log", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/218f08d5-c1cb-462c-abc5-d5b41044f8aa?source=api-scan" ], "published": "2016-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21930a4f-2f78-42c5-8ffa-2993333db2fe": { "id": "21930a4f-2f78-42c5-8ffa-2993333db2fe", "title": "Ultimate Product Catalogue < 3.1.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21930a4f-2f78-42c5-8ffa-2993333db2fe?source=api-scan" ], "published": "2015-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "219614b7-2394-490c-baf4-14a12249c4b5": { "id": "219614b7-2394-490c-baf4-14a12249c4b5", "title": "Simple CSV\/XLS Exporter <= 1.5.8 - CSV Injection", "software": [ { "type": "plugin", "name": "Simple CSV\/XLS Exporter", "slug": "simple-csv-xls-exporter", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/219614b7-2394-490c-baf4-14a12249c4b5?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21990e54-c3a2-4bca-b164-132ad456e651": { "id": "21990e54-c3a2-4bca-b164-132ad456e651", "title": "Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced iFrame", "slug": "advanced-iframe", "affected_versions": { "* - 2024.3": { "from_version": "*", "from_inclusive": true, "to_version": "2024.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2024.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21990e54-c3a2-4bca-b164-132ad456e651?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "219de193-32d0-40b0-a471-bf8bf6e2bb62": { "id": "219de193-32d0-40b0-a471-bf8bf6e2bb62", "title": "Cab fare calculator <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cab fare calculator", "slug": "cab-fare-calculator", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/219de193-32d0-40b0-a471-bf8bf6e2bb62?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21a15a21-1d35-4fbc-9c01-ded68287fc65": { "id": "21a15a21-1d35-4fbc-9c01-ded68287fc65", "title": "Reality | Estate Multipurpose WordPress Theme <= 2.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Reality | Estate Multipurpose WordPress Theme", "slug": "reality", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21a15a21-1d35-4fbc-9c01-ded68287fc65?source=api-scan" ], "published": "2020-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21a1a6c2-0eb1-4ee3-abf0-76b84adca01b": { "id": "21a1a6c2-0eb1-4ee3-abf0-76b84adca01b", "title": "iThemes Security < 7.9.1 and iThemes Security Pro < 6.8.4 - Hidden Login Bypass", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 7.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "7.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.9.1" ] }, { "type": "plugin", "name": "iThemes Security Pro", "slug": "ithemes-security-pro", "affected_versions": { "[*, 6.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21a1a6c2-0eb1-4ee3-abf0-76b84adca01b?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21a1b117-945f-49bc-9ea1-313afa93bf32": { "id": "21a1b117-945f-49bc-9ea1-313afa93bf32", "title": "EmbedPress <= 4.0.9 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 4.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21a1b117-945f-49bc-9ea1-313afa93bf32?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21a31d61-84eb-47bf-a4d3-e14089127e6c": { "id": "21a31d61-84eb-47bf-a4d3-e14089127e6c", "title": "Rich Table of Contents <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Rich Table of Contents", "slug": "rich-table-of-content", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21a31d61-84eb-47bf-a4d3-e14089127e6c?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21ab1a1e-53f5-4cd2-a9c5-0b0065f14a6a": { "id": "21ab1a1e-53f5-4cd2-a9c5-0b0065f14a6a", "title": "Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Code Snippets Extended", "slug": "code-snippets-extended", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21ab1a1e-53f5-4cd2-a9c5-0b0065f14a6a?source=api-scan" ], "published": "2022-05-17 14:51:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21ae9136-a60c-483d-bdf4-b0c55796560d": { "id": "21ae9136-a60c-483d-bdf4-b0c55796560d", "title": "Content Repeater <= 1.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Repeater \u2013 Custom Posts Simplified", "slug": "content-repeater", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21ae9136-a60c-483d-bdf4-b0c55796560d?source=api-scan" ], "published": "2022-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21b4d1a1-55fe-4241-820c-203991d724c4": { "id": "21b4d1a1-55fe-4241-820c-203991d724c4", "title": "Photo Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21b4d1a1-55fe-4241-820c-203991d724c4?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21b8fcfe-bdae-414a-a0d2-f20bfd604037": { "id": "21b8fcfe-bdae-414a-a0d2-f20bfd604037", "title": "JetWidgets For Elementor <= 1.0.8 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JetWidgets For Elementor", "slug": "jetwidgets-for-elementor", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21b8fcfe-bdae-414a-a0d2-f20bfd604037?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21bc2595-0760-42a6-b11b-3f7609223d8b": { "id": "21bc2595-0760-42a6-b11b-3f7609223d8b", "title": "SellKit <= 1.8.1 - Authenticated (Subscriber+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "SellKit \u2013 Funnel builder and checkout optimizer for WooCommerce to sell more, faster", "slug": "sellkit", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21bc2595-0760-42a6-b11b-3f7609223d8b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21bcb740-6340-4ff7-815f-539175936ca1": { "id": "21bcb740-6340-4ff7-815f-539175936ca1", "title": "Cwicly <= 1.4.0.2 - Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Cwicly", "slug": "cwicly", "affected_versions": { "* - 1.4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21bcb740-6340-4ff7-815f-539175936ca1?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21be2215-8ce0-438e-94e0-6a350b8cc952": { "id": "21be2215-8ce0-438e-94e0-6a350b8cc952", "title": "Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id]", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.22": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21be2215-8ce0-438e-94e0-6a350b8cc952?source=api-scan" ], "published": "2024-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21c31df6-7515-48f5-ad74-fe116e836da8": { "id": "21c31df6-7515-48f5-ad74-fe116e836da8", "title": "MagicForm <= 0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MagicForm", "slug": "magicform", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21c31df6-7515-48f5-ad74-fe116e836da8?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21c87602-bbe7-4fde-8ba2-031120212a8b": { "id": "21c87602-bbe7-4fde-8ba2-031120212a8b", "title": "WP Symposium < 15.8 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "[*, 15.8)": { "from_version": "*", "from_inclusive": true, "to_version": "15.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21c87602-bbe7-4fde-8ba2-031120212a8b?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21cb424c-4efd-4c12-a08a-6d574f118c28": { "id": "21cb424c-4efd-4c12-a08a-6d574f118c28", "title": "UserPro <= 5.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "5.1.5": { "from_version": "5.1.5", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21cb424c-4efd-4c12-a08a-6d574f118c28?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21cc3f71-7591-4111-a58a-d863df74587f": { "id": "21cc3f71-7591-4111-a58a-d863df74587f", "title": "Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation\/Deletion", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "* - 5.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.6" ] }, { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.7" ] }, { "type": "plugin", "name": "Booster Elite for WooCommerce", "slug": "booster-elite-for-woocommerce", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21cc3f71-7591-4111-a58a-d863df74587f?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21cc5aec-ab5f-412b-aed0-bb41584a84cf": { "id": "21cc5aec-ab5f-412b-aed0-bb41584a84cf", "title": "wpShopGermany - Protected Shops <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpShopGermany \u2013 Protected Shops", "slug": "wpshopgermany-protectedshops", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21cc5aec-ab5f-412b-aed0-bb41584a84cf?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21cd81aa-c3f2-4413-8a07-06c065f47569": { "id": "21cd81aa-c3f2-4413-8a07-06c065f47569", "title": "Branda <= 3.4.17 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Branda \u2013 White Label & Branding, Custom Login Page Customizer", "slug": "branda-white-labeling", "affected_versions": { "* - 3.4.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21cd81aa-c3f2-4413-8a07-06c065f47569?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21cf5a39-831b-4423-b901-98bf15416fc8": { "id": "21cf5a39-831b-4423-b901-98bf15416fc8", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery 1.9.10 - 1.9.11 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "1.9.10 - 1.9.11": { "from_version": "1.9.10", "from_inclusive": true, "to_version": "1.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21cf5a39-831b-4423-b901-98bf15416fc8?source=api-scan" ], "published": "2013-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21d0af22-ecce-4533-ba5d-46d6f49fff52": { "id": "21d0af22-ecce-4533-ba5d-46d6f49fff52", "title": "Flowerplayer Video Player <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flowplayer Video Player", "slug": "flowplayer6-video-player", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21d0af22-ecce-4533-ba5d-46d6f49fff52?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21d1feae-e70f-439d-8992-f136211fdde0": { "id": "21d1feae-e70f-439d-8992-f136211fdde0", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.7.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21d1feae-e70f-439d-8992-f136211fdde0?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21d244f4-f0cd-4d4d-8c6a-edea6b7b8145": { "id": "21d244f4-f0cd-4d4d-8c6a-edea6b7b8145", "title": "WordPress Poll <= 34.05 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Poll", "slug": "cardoza-wordpress-poll", "affected_versions": { "* - 34.05": { "from_version": "*", "from_inclusive": true, "to_version": "34.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "34.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21d244f4-f0cd-4d4d-8c6a-edea6b7b8145?source=api-scan" ], "published": "2013-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21da3c10-72b9-4c04-8586-dcf6dcf55852": { "id": "21da3c10-72b9-4c04-8586-dcf6dcf55852", "title": "Woocommerce OpenPos <= 6.4.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Openpos - WooCommerce Point Of Sale(POS)", "slug": "woocommerce-openpos", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21da3c10-72b9-4c04-8586-dcf6dcf55852?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21dbe11c-8c9f-4b4c-98ef-3ba6eb5bb686": { "id": "21dbe11c-8c9f-4b4c-98ef-3ba6eb5bb686", "title": "Universal Star Rating <= 1.10.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Universal Star Rating", "slug": "universal-star-rating", "affected_versions": { "* - 1.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21dbe11c-8c9f-4b4c-98ef-3ba6eb5bb686?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21dd21cb-35b7-47df-a9f0-6fd92c45a8ce": { "id": "21dd21cb-35b7-47df-a9f0-6fd92c45a8ce", "title": "WTI Like Post <= 1.4.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WTI Like Post", "slug": "wti-like-post", "affected_versions": { "[*, 1.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21dd21cb-35b7-47df-a9f0-6fd92c45a8ce?source=api-scan" ], "published": "2020-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21dd2899-cb2d-4266-be79-bdf00e60e9a7": { "id": "21dd2899-cb2d-4266-be79-bdf00e60e9a7", "title": "Newspaper Lite < 11.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Newspaper Lite", "slug": "newspaper-lite", "affected_versions": { "* - 10.3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "10.3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21dd2899-cb2d-4266-be79-bdf00e60e9a7?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21dd96e0-8c1c-4593-8a75-079125192001": { "id": "21dd96e0-8c1c-4593-8a75-079125192001", "title": "CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "[*, 2.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21dd96e0-8c1c-4593-8a75-079125192001?source=api-scan" ], "published": "2020-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21e06220-c8f0-4754-ba19-8df519be4038": { "id": "21e06220-c8f0-4754-ba19-8df519be4038", "title": "AntiSpam by CleanTalk <= 5.185 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "* - 5.185": { "from_version": "*", "from_inclusive": true, "to_version": "5.185", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.185.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21e06220-c8f0-4754-ba19-8df519be4038?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21e12c72-7898-4896-9852-ebb10e5f9a3b": { "id": "21e12c72-7898-4896-9852-ebb10e5f9a3b", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21e12c72-7898-4896-9852-ebb10e5f9a3b?source=api-scan" ], "published": "2024-05-09 19:32:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21e3d4a5-aaf3-4f42-8868-cd8c9bccd026": { "id": "21e3d4a5-aaf3-4f42-8868-cd8c9bccd026", "title": "iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip", "software": [ { "type": "plugin", "name": "iQ Block Country", "slug": "iq-block-country", "affected_versions": { "[*, 1.2.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21e3d4a5-aaf3-4f42-8868-cd8c9bccd026?source=api-scan" ], "published": "2022-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21e49adb-01a7-41d9-bb51-bac60d49e293": { "id": "21e49adb-01a7-41d9-bb51-bac60d49e293", "title": "Spotlight Social Media Feeds <= 1.6.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Spotlight Social Feeds \u2013 Block, Shortcode, and Widget", "slug": "spotlight-social-photo-feeds", "affected_versions": { "* - 1.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21e49adb-01a7-41d9-bb51-bac60d49e293?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21e4b1fe-993b-4898-a523-e0a858c30a38": { "id": "21e4b1fe-993b-4898-a523-e0a858c30a38", "title": "TagGator Plugin < 1.33 - SQL Injection", "software": [ { "type": "plugin", "name": "TagGator", "slug": "taggator", "affected_versions": { "[*, 1.33)": { "from_version": "*", "from_inclusive": true, "to_version": "1.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21e4b1fe-993b-4898-a523-e0a858c30a38?source=api-scan" ], "published": "2012-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21ec0fc9-4fb2-43fd-aba5-8f452d35d7b8": { "id": "21ec0fc9-4fb2-43fd-aba5-8f452d35d7b8", "title": "WP-Cumulus <= 1.20 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WP Cumulus", "slug": "wp-cumulus", "affected_versions": { "* - 1.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21ec0fc9-4fb2-43fd-aba5-8f452d35d7b8?source=api-scan" ], "published": "2009-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21f710ee-5040-4916-9fde-efc6d3b90943": { "id": "21f710ee-5040-4916-9fde-efc6d3b90943", "title": "Photo Gallery by Ays <= 5.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", "slug": "gallery-photo-gallery", "affected_versions": { "* - 5.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21f710ee-5040-4916-9fde-efc6d3b90943?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21f8908c-bcfc-4ca1-bc8b-80a80c4a5a4f": { "id": "21f8908c-bcfc-4ca1-bc8b-80a80c4a5a4f", "title": "JetBlocks <= 1.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JetBlocks for Elementor", "slug": "jet-blocks", "affected_versions": { "* - 1.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21f8908c-bcfc-4ca1-bc8b-80a80c4a5a4f?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21f917a4-efee-421b-98b1-a9b18c7527d2": { "id": "21f917a4-efee-421b-98b1-a9b18c7527d2", "title": "AtomChat <= 1.1.4 - Missing Authorization via credits REST API Endpoint", "software": [ { "type": "plugin", "name": "Group Chat & Video Chat by AtomChat", "slug": "atomchat", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21f917a4-efee-421b-98b1-a9b18c7527d2?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21fb5a51-f1e6-49d2-8289-4f4146bc9b28": { "id": "21fb5a51-f1e6-49d2-8289-4f4146bc9b28", "title": "Twitter Cards Meta \u2013 Best Twitter Card Plugin for WordPress < 2.5.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Twitter Cards Meta \u2013 Best Twitter Card Plugin for WordPress", "slug": "twitter-cards-meta", "affected_versions": { "[*, 2.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21fb5a51-f1e6-49d2-8289-4f4146bc9b28?source=api-scan" ], "published": "2017-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "21fed5a3-1bb2-4581-95b4-badff98bed42": { "id": "21fed5a3-1bb2-4581-95b4-badff98bed42", "title": "Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/21fed5a3-1bb2-4581-95b4-badff98bed42?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "220055ff-683c-47a4-8817-b3e70bb9dc81": { "id": "220055ff-683c-47a4-8817-b3e70bb9dc81", "title": "Adapta RGPD <= 1.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Adapta RGPD", "slug": "adapta-rgpd", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/220055ff-683c-47a4-8817-b3e70bb9dc81?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "220133fe-ebf3-4cfe-8882-1c961b384ff3": { "id": "220133fe-ebf3-4cfe-8882-1c961b384ff3", "title": "3CX Live Chat <= 8.0.07 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 8.0.07": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.07", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.08" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/220133fe-ebf3-4cfe-8882-1c961b384ff3?source=api-scan" ], "published": "2018-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2204017a-0363-4f2f-909a-e0826463477c": { "id": "2204017a-0363-4f2f-909a-e0826463477c", "title": "Church Admin <= 3.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 3.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2204017a-0363-4f2f-909a-e0826463477c?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4": { "id": "22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4", "title": "Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Basic Contact Form", "slug": "simple-basic-contact-form", "affected_versions": { "* - 20221201": { "from_version": "*", "from_inclusive": true, "to_version": "20221201", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240502" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "220766ef-29a6-46f6-8c67-d1879db79400": { "id": "220766ef-29a6-46f6-8c67-d1879db79400", "title": "wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpShopGermany IT-RECHT KANZLEI", "slug": "wpshopgermany-it-recht-kanzlei", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/220766ef-29a6-46f6-8c67-d1879db79400?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "220ca462-6a5b-440e-badf-d253e2b6b1f0": { "id": "220ca462-6a5b-440e-badf-d253e2b6b1f0", "title": "EventON - WordPress Virtual Event Calendar Plugin <= 4.5.8 (Pro) & <= 2.2.7 (Free) - Missing Authorization via eventon_save_virtual_event_settings", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/220ca462-6a5b-440e-badf-d253e2b6b1f0?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2210b056-49d4-4212-8e65-1215c71b7e9a": { "id": "2210b056-49d4-4212-8e65-1215c71b7e9a", "title": "Himalayas <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Himalayas", "slug": "himalayas", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2210b056-49d4-4212-8e65-1215c71b7e9a?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2211d0d0-e7ab-485f-81b0-f52f87b7d01e": { "id": "2211d0d0-e7ab-485f-81b0-f52f87b7d01e", "title": "WP Favorite Posts <= 1.6.5 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Favorite Posts", "slug": "wp-favorite-posts", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2211d0d0-e7ab-485f-81b0-f52f87b7d01e?source=api-scan" ], "published": "2016-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2214264d-0f3e-455b-9420-c6a1e0d7562c": { "id": "2214264d-0f3e-455b-9420-c6a1e0d7562c", "title": "Simple Job Board <= 2.10.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.10.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2214264d-0f3e-455b-9420-c6a1e0d7562c?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "221872e2-7929-4fba-8a57-7d9fd73a76db": { "id": "221872e2-7929-4fba-8a57-7d9fd73a76db", "title": "WordPress Core < 3.0.1 - Missing Authorization", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/221872e2-7929-4fba-8a57-7d9fd73a76db?source=api-scan" ], "published": "2010-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "221a8ff6-1f6e-41a0-82ef-eaa14ff84a26": { "id": "221a8ff6-1f6e-41a0-82ef-eaa14ff84a26", "title": "WordPress Responsive Preview <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Responsive Preview", "slug": "wp-responsive-preview", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/221a8ff6-1f6e-41a0-82ef-eaa14ff84a26?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "221be0f2-61ee-4130-be4a-0df72d3e0197": { "id": "221be0f2-61ee-4130-be4a-0df72d3e0197", "title": "CM Pop-Up Banners <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Pop-Up Banners for WordPress", "slug": "cm-pop-up-banners", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/221be0f2-61ee-4130-be4a-0df72d3e0197?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "221f9cbb-7988-4671-8f14-da3e63c280e6": { "id": "221f9cbb-7988-4671-8f14-da3e63c280e6", "title": "Ninja Forms Contact Form <= 3.3.19 - Authenticated Open Redirect", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.19.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/221f9cbb-7988-4671-8f14-da3e63c280e6?source=api-scan" ], "published": "2018-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "222325e9-3048-45f7-9a66-a713d096d44e": { "id": "222325e9-3048-45f7-9a66-a713d096d44e", "title": "Auto Featured Image <= 3.9.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Featured Image (Auto Post Thumbnail)", "slug": "auto-post-thumbnail", "affected_versions": { "* - 3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/222325e9-3048-45f7-9a66-a713d096d44e?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2224b17e-e327-4b86-85db-ad878f989839": { "id": "2224b17e-e327-4b86-85db-ad878f989839", "title": "QAEngine <= 1.4 - Privilege Escalation", "software": [ { "type": "theme", "name": "QAEngine", "slug": "qaengine", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2224b17e-e327-4b86-85db-ad878f989839?source=api-scan" ], "published": "2015-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "222678d0-cb1f-43c6-a6f0-37ea0be8cd3d": { "id": "222678d0-cb1f-43c6-a6f0-37ea0be8cd3d", "title": "Ninja Ninja Forms Contact Form <= 3.6.10 - Authenticated (Admin+) Stored Cross-Site Scripting via import", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/222678d0-cb1f-43c6-a6f0-37ea0be8cd3d?source=api-scan" ], "published": "2022-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2227cde8-5ed6-44dd-80cc-2a85aaa172c1": { "id": "2227cde8-5ed6-44dd-80cc-2a85aaa172c1", "title": "WPCS <= 1.2.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPCS \u2013 WordPress Currency Switcher Professional", "slug": "currency-switcher", "affected_versions": { "* - 1.2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2227cde8-5ed6-44dd-80cc-2a85aaa172c1?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22283650-36bf-43e5-a57e-a91025fb2af7": { "id": "22283650-36bf-43e5-a57e-a91025fb2af7", "title": "Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.26": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22283650-36bf-43e5-a57e-a91025fb2af7?source=api-scan" ], "published": "2024-07-16 18:52:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "222aa8cb-95f4-4fe1-82c8-3acf82960cc0": { "id": "222aa8cb-95f4-4fe1-82c8-3acf82960cc0", "title": "Simply Static <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simply Static \u2013 The WordPress Static Site Generator", "slug": "simply-static", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/222aa8cb-95f4-4fe1-82c8-3acf82960cc0?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "223373fc-9d78-47f0-b283-109f8e00b802": { "id": "223373fc-9d78-47f0-b283-109f8e00b802", "title": "Transposh WordPress Translation <= 1.0.8.1 - Unauthorized Settings Change", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/223373fc-9d78-47f0-b283-109f8e00b802?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22356f42-af5e-4479-919c-9ceac42e686f": { "id": "22356f42-af5e-4479-919c-9ceac42e686f", "title": "cformsII < 14.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "[*, 14.8)": { "from_version": "*", "from_inclusive": true, "to_version": "14.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "14.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22356f42-af5e-4479-919c-9ceac42e686f?source=api-scan" ], "published": "2014-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2238c9ba-6d00-4a21-a050-7b8a5f307964": { "id": "2238c9ba-6d00-4a21-a050-7b8a5f307964", "title": "WordPress Facebook <= 1.0.13 - SQL Injection", "software": [ { "type": "plugin", "name": "WDSocialWidgets", "slug": "spider-facebook", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2238c9ba-6d00-4a21-a050-7b8a5f307964?source=api-scan" ], "published": "2017-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "223a6c35-712a-458c-8708-6981c9041fe1": { "id": "223a6c35-712a-458c-8708-6981c9041fe1", "title": "Woocommerce Category Banner Management <= 2.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Banner Management For WooCommerce", "slug": "banner-management-for-woocommerce", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/223a6c35-712a-458c-8708-6981c9041fe1?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "223ace0a-5a98-4714-90d5-06fe96bc9a2d": { "id": "223ace0a-5a98-4714-90d5-06fe96bc9a2d", "title": "SimpleFlickr <= 3.0.3 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "simpleflickr", "slug": "simpleflickr", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/223ace0a-5a98-4714-90d5-06fe96bc9a2d?source=api-scan" ], "published": "2015-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2240b2d3-b4cc-445f-b207-0ccbd527a0f3": { "id": "2240b2d3-b4cc-445f-b207-0ccbd527a0f3", "title": "RokStories <= 1.25 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "RokStories", "slug": "wp_rokstories", "affected_versions": { "* - 1.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2240b2d3-b4cc-445f-b207-0ccbd527a0f3?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2241fa07-b6b7-4e5d-8951-ae844a7b88e8": { "id": "2241fa07-b6b7-4e5d-8951-ae844a7b88e8", "title": "WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP BaiDu Submit", "slug": "wp-baidu-submit", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2241fa07-b6b7-4e5d-8951-ae844a7b88e8?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22420c2d-788c-4577-ae54-7b48f6063f5d": { "id": "22420c2d-788c-4577-ae54-7b48f6063f5d", "title": "Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22420c2d-788c-4577-ae54-7b48f6063f5d?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "224233bc-68f3-40e4-8182-4831ccce93fb": { "id": "224233bc-68f3-40e4-8182-4831ccce93fb", "title": "Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.29.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/224233bc-68f3-40e4-8182-4831ccce93fb?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22476135-8951-4012-845b-46a5dfbfc1f5": { "id": "22476135-8951-4012-845b-46a5dfbfc1f5", "title": "Gallery PhotoBlocks <= 1.1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery PhotoBlocks", "slug": "photoblocks-grid-gallery", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22476135-8951-4012-845b-46a5dfbfc1f5?source=api-scan" ], "published": "2020-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22479c6a-83ea-4c09-b192-4384ffbdcbf7": { "id": "22479c6a-83ea-4c09-b192-4384ffbdcbf7", "title": "EventPrime <= 2.8.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22479c6a-83ea-4c09-b192-4384ffbdcbf7?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "224a2d6d-7fdc-43a8-a8c9-26213b604433": { "id": "224a2d6d-7fdc-43a8-a8c9-26213b604433", "title": "WordPress Picture \/ Portfolio \/ Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Picture \/ Portfolio \/ Media Gallery", "slug": "nimble-portfolio", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/224a2d6d-7fdc-43a8-a8c9-26213b604433?source=api-scan" ], "published": "2024-06-18 14:30:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "224a9234-2cf3-48ca-878e-3d7207629beb": { "id": "224a9234-2cf3-48ca-878e-3d7207629beb", "title": "Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description", "software": [ { "type": "plugin", "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)", "slug": "image-hover-effects-ultimate", "affected_versions": { "* - 9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/224a9234-2cf3-48ca-878e-3d7207629beb?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "224bf516-fac7-492f-87b9-912472ca01c9": { "id": "224bf516-fac7-492f-87b9-912472ca01c9", "title": "WP Armour Extended <= 1.26 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Armour Extended", "slug": "wp-armour-extended", "affected_versions": { "* - 1.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/224bf516-fac7-492f-87b9-912472ca01c9?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22506d45-40db-47c4-91b2-ab4f49703bf9": { "id": "22506d45-40db-47c4-91b2-ab4f49703bf9", "title": "Groundhogg <= 2.7.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22506d45-40db-47c4-91b2-ab4f49703bf9?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2250d512-dfe0-47d3-a61f-4e501d105f30": { "id": "2250d512-dfe0-47d3-a61f-4e501d105f30", "title": "Adifier (Premium Theme) < 3.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "adifier", "slug": "adifier", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2250d512-dfe0-47d3-a61f-4e501d105f30?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2250fa2d-82f5-4553-a52e-0c43d215aaba": { "id": "2250fa2d-82f5-4553-a52e-0c43d215aaba", "title": "BackUpWordPress <= 0.4.2b - Remote File Inclusion", "software": [ { "type": "plugin", "name": "BackUpWordPress", "slug": "backupwordpress", "affected_versions": { "[*, 0.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2250fa2d-82f5-4553-a52e-0c43d215aaba?source=api-scan" ], "published": "2007-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "225123aa-1ef9-4431-b4b1-b5ac5e034ef4": { "id": "225123aa-1ef9-4431-b4b1-b5ac5e034ef4", "title": "Simple Quotation <= 1.3.2 - SQL injection", "software": [ { "type": "plugin", "name": "Simple Quotation", "slug": "simple-quotation", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/225123aa-1ef9-4431-b4b1-b5ac5e034ef4?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2253cb38-3688-4e4d-afd1-582c8743c89a": { "id": "2253cb38-3688-4e4d-afd1-582c8743c89a", "title": "301 Redirects - Easy Redirect Manager <= 2.72 - Cross-Site Request Forgery via dismiss_notice", "software": [ { "type": "plugin", "name": "301 Redirects \u2013 Easy Redirect Manager", "slug": "eps-301-redirects", "affected_versions": { "* - 2.72": { "from_version": "*", "from_inclusive": true, "to_version": "2.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2253cb38-3688-4e4d-afd1-582c8743c89a?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "225900ea-ab59-4864-a65b-583730d2703f": { "id": "225900ea-ab59-4864-a65b-583730d2703f", "title": "AP Custom Testimonial <= 1.4.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Testimonial WordPress Plugin \u2013 AP Custom Testimonial", "slug": "ap-custom-testimonial", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/225900ea-ab59-4864-a65b-583730d2703f?source=api-scan" ], "published": "2022-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "225ac126-7448-4faf-92c7-ee96831b272e": { "id": "225ac126-7448-4faf-92c7-ee96831b272e", "title": "WPPizza <= 3.17.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPPizza \u2013 A Restaurant Plugin", "slug": "wppizza", "affected_versions": { "* - 3.17.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.17.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.17.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/225ac126-7448-4faf-92c7-ee96831b272e?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "225ea5b3-08a9-40c2-a755-7783475946c4": { "id": "225ea5b3-08a9-40c2-a755-7783475946c4", "title": "Crayon Syntax Highlighter <= 2.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Crayon Syntax Highlighter", "slug": "crayon-syntax-highlighter", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/225ea5b3-08a9-40c2-a755-7783475946c4?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22602d63-235a-4bdb-b907-e61be04e96c5": { "id": "22602d63-235a-4bdb-b907-e61be04e96c5", "title": "WP Easy Gallery <= 1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22602d63-235a-4bdb-b907-e61be04e96c5?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "226e772e-6973-4ff0-9a02-5be503f292c8": { "id": "226e772e-6973-4ff0-9a02-5be503f292c8", "title": "Kognetiks Chatbot for WordPress <= 2.0.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Kognetiks Chatbot for WordPress", "slug": "chatbot-chatgpt", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/226e772e-6973-4ff0-9a02-5be503f292c8?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22713937-d834-46cf-83ec-6f9f61b548e3": { "id": "22713937-d834-46cf-83ec-6f9f61b548e3", "title": "Conditional Marketing Mailer for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "WP Maintenance Mode & Site Under Construction", "slug": "wp-maintenance-mode-site-under-construction", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22713937-d834-46cf-83ec-6f9f61b548e3?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22755d65-d187-438a-9a3f-e7d38497282b": { "id": "22755d65-d187-438a-9a3f-e7d38497282b", "title": "MainWP Maintenance Extension <= 4.1.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "MainWP Maintenance Extension", "slug": "mainwp-maintenance-extension", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22755d65-d187-438a-9a3f-e7d38497282b?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "227886e8-99d9-49b3-a1a8-b06b02d331bc": { "id": "227886e8-99d9-49b3-a1a8-b06b02d331bc", "title": "Like Button Rating <= 2.5.3 - Arbitrary Settings Change", "software": [ { "type": "plugin", "name": "Like Button Rating \u2665 LikeBtn", "slug": "likebtn-like-button", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/227886e8-99d9-49b3-a1a8-b06b02d331bc?source=api-scan" ], "published": "2017-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "227cf3fe-4e76-4827-ac92-788bca450b52": { "id": "227cf3fe-4e76-4827-ac92-788bca450b52", "title": "WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Brutal AI", "slug": "wpbrutalai", "affected_versions": { "[*, 2.06)": { "from_version": "*", "from_inclusive": true, "to_version": "2.06", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/227cf3fe-4e76-4827-ac92-788bca450b52?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "227fb6d1-3515-4172-9d7c-57a66d17858f": { "id": "227fb6d1-3515-4172-9d7c-57a66d17858f", "title": "WP Live Chat Support Pro <= 8.0.26 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "wp-live-chat-support-pro", "slug": "wp-live-chat-support-pro", "affected_versions": { "* - 8.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/227fb6d1-3515-4172-9d7c-57a66d17858f?source=api-scan" ], "published": "2019-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "228079da-3c69-423c-b69b-f1a670258772": { "id": "228079da-3c69-423c-b69b-f1a670258772", "title": "Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Obfuscate Email", "slug": "obfuscate-email", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/228079da-3c69-423c-b69b-f1a670258772?source=api-scan" ], "published": "2024-08-08 20:36:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "228147c2-97c6-4910-b9b2-d6ca62fc1760": { "id": "228147c2-97c6-4910-b9b2-d6ca62fc1760", "title": "Download Manager <= 3.2.48 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.48": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/228147c2-97c6-4910-b9b2-d6ca62fc1760?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22842e7a-9cbb-4b29-b4cb-7d9b8d6b7b1a": { "id": "22842e7a-9cbb-4b29-b4cb-7d9b8d6b7b1a", "title": "LifterLMS <= 7.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "* - 7.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22842e7a-9cbb-4b29-b4cb-7d9b8d6b7b1a?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "228a3c72-fbb0-48bc-8066-6ca954a14421": { "id": "228a3c72-fbb0-48bc-8066-6ca954a14421", "title": "Push Notification for Post and BuddyPress <= 1.63 - Missing Authorization to Unauthenticated Admin Notice Dismissal", "software": [ { "type": "plugin", "name": "Push Notification for Post and BuddyPress", "slug": "push-notification-for-post-and-buddypress", "affected_versions": { "[*, 1.64)": { "from_version": "*", "from_inclusive": true, "to_version": "1.64", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/228a3c72-fbb0-48bc-8066-6ca954a14421?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "228de538-90c7-4f7d-a076-dd0a01458e38": { "id": "228de538-90c7-4f7d-a076-dd0a01458e38", "title": "Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Shortcodes Actions And Filters", "slug": "add-actions-and-filters", "affected_versions": { "* - 2.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/228de538-90c7-4f7d-a076-dd0a01458e38?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "228fab65-e5c2-41d1-ad41-fac4862894f2": { "id": "228fab65-e5c2-41d1-ad41-fac4862894f2", "title": "Feeds for YouTube (YouTube video, channel, and gallery plugin) <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feeds for YouTube (YouTube video, channel, and gallery plugin)", "slug": "feeds-for-youtube", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/228fab65-e5c2-41d1-ad41-fac4862894f2?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2290b13e-a5c6-4ec7-86c0-f2cd2a880e8e": { "id": "2290b13e-a5c6-4ec7-86c0-f2cd2a880e8e", "title": "Hubbub Lite <= 1.31.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons", "slug": "social-pug", "affected_versions": { "* - 1.31.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.31.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.32.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2290b13e-a5c6-4ec7-86c0-f2cd2a880e8e?source=api-scan" ], "published": "2024-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "229235de-03c6-4560-b0ea-ab21fde256be": { "id": "229235de-03c6-4560-b0ea-ab21fde256be", "title": "HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection", "software": [ { "type": "plugin", "name": "HTML5 SoundCloud Player with Playlist Free", "slug": "html5-soundcloud-player-with-playlist", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/229235de-03c6-4560-b0ea-ab21fde256be?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "229245a5-468d-47b9-8f26-d23d593e91da": { "id": "229245a5-468d-47b9-8f26-d23d593e91da", "title": "10Web AI Assistant \u2013 AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "10Web AI Assistant \u2013 AI content writing assistant", "slug": "ai-assistant-by-10web", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/229245a5-468d-47b9-8f26-d23d593e91da?source=api-scan" ], "published": "2024-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2294251f-ef51-4ef7-ad7a-905cc2bc00b3": { "id": "2294251f-ef51-4ef7-ad7a-905cc2bc00b3", "title": "Yet Another Stars Rating <= 3.3.8 - Missing Authorization to Vote Tampering", "software": [ { "type": "plugin", "name": "YASR \u2013 Yet Another Star Rating Plugin for WordPress", "slug": "yet-another-stars-rating", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2294251f-ef51-4ef7-ad7a-905cc2bc00b3?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2294565a-987e-4837-ab22-6e7bff498044": { "id": "2294565a-987e-4837-ab22-6e7bff498044", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2294565a-987e-4837-ab22-6e7bff498044?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "229490c3-d820-4831-b105-a429512c2c60": { "id": "229490c3-d820-4831-b105-a429512c2c60", "title": "Image Optimizer, Resizer and CDN \u2013 Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 7.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/229490c3-d820-4831-b105-a429512c2c60?source=api-scan" ], "published": "2024-07-11 09:29:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2295b532-7833-4f5d-9778-de26390b04bd": { "id": "2295b532-7833-4f5d-9778-de26390b04bd", "title": "Protect WP Admin <= 3.6 - Unauthenticated Plugin Deactivation", "software": [ { "type": "plugin", "name": "Protect WP Admin", "slug": "protect-wp-admin", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2295b532-7833-4f5d-9778-de26390b04bd?source=api-scan" ], "published": "2021-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22a0f10f-0a67-4f4a-99db-a625bec20bdc": { "id": "22a0f10f-0a67-4f4a-99db-a625bec20bdc", "title": "Image Gallery - Responsive Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting via thumbtext", "software": [ { "type": "plugin", "name": "Image Gallery - Responsive Photo Gallery", "slug": "gallery-images", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22a0f10f-0a67-4f4a-99db-a625bec20bdc?source=api-scan" ], "published": "2015-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22a1920e-2a3f-4996-873d-26e3930e6929": { "id": "22a1920e-2a3f-4996-873d-26e3930e6929", "title": "Advanced Local Pickup for WooCommerce <= 1.6.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Advanced Local Pickup for WooCommerce", "slug": "advanced-local-pickup-for-woocommerce", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22a1920e-2a3f-4996-873d-26e3930e6929?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22a32bb6-fe22-4c5e-91f6-de3c38d7d19e": { "id": "22a32bb6-fe22-4c5e-91f6-de3c38d7d19e", "title": "Viet Nam Affiliate <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Viet Nam Affiliate", "slug": "viet-nam-affiliate", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22a32bb6-fe22-4c5e-91f6-de3c38d7d19e?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22a42dc3-0b9b-47c8-9236-5dc3b58149c5": { "id": "22a42dc3-0b9b-47c8-9236-5dc3b58149c5", "title": "WP People <= 3.4.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WP People", "slug": "wp-people", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22a42dc3-0b9b-47c8-9236-5dc3b58149c5?source=api-scan" ], "published": "2008-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22a5020a-ab81-43be-b160-082347a2a2d9": { "id": "22a5020a-ab81-43be-b160-082347a2a2d9", "title": "Custom Field Template <= 2.5.7 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22a5020a-ab81-43be-b160-082347a2a2d9?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22a9c0f6-7a20-4ed1-9afa-887adc790c80": { "id": "22a9c0f6-7a20-4ed1-9afa-887adc790c80", "title": "pageMash > Page Management <= 1.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "pageMash > Page Management", "slug": "pagemash", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22a9c0f6-7a20-4ed1-9afa-887adc790c80?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22b16275-f46b-4338-b95f-1939ec85316d": { "id": "22b16275-f46b-4338-b95f-1939ec85316d", "title": "Coupon Tab for DirectoryPress (pp-coupon-tab) <= 0.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coupon Tab for DirectoryPress (pp-coupon-tab)", "slug": "coupon-tab-for-directorypress-pp", "affected_versions": { "* - 0.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22b16275-f46b-4338-b95f-1939ec85316d?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22b17fcb-0c97-462d-b67c-6da2919478d5": { "id": "22b17fcb-0c97-462d-b67c-6da2919478d5", "title": "Social Pug <= 1.30.0 - Missing Authorization via multiple admin_init actions", "software": [ { "type": "plugin", "name": "Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons", "slug": "social-pug", "affected_versions": { "* - 1.30.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.30.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.30.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22b17fcb-0c97-462d-b67c-6da2919478d5?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22b18a9c-89e5-43e1-9553-5862df25bf47": { "id": "22b18a9c-89e5-43e1-9553-5862df25bf47", "title": "Pie Register <= 3.8.1.2 - Missing Authorization to Arbitrary User Deletion", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "* - 3.8.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22b18a9c-89e5-43e1-9553-5862df25bf47?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22b33944-443e-48fe-9fd0-4d48fe03072b": { "id": "22b33944-443e-48fe-9fd0-4d48fe03072b", "title": "New Year Firework <= 1.1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "new-year-firework", "slug": "new-year-firework", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22b33944-443e-48fe-9fd0-4d48fe03072b?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22b3ee70-7ba6-4f8a-add4-3c7f4765b3d1": { "id": "22b3ee70-7ba6-4f8a-add4-3c7f4765b3d1", "title": "WordPress Core < 4.2.4 - Stored Cross-Site Scripting via accessibility-helper Title", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.9": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true }, "3.8 - 3.8.9": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true }, "3.9 - 3.9.7": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": true }, "4.0 - 4.0.6": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true }, "4.1 - 4.1.6": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true }, "4.2 - 4.2.3": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.10", "3.8.10", "3.9.8", "4.0.7", "4.1.7", "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22b3ee70-7ba6-4f8a-add4-3c7f4765b3d1?source=api-scan" ], "published": "2015-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22b539c8-a6f1-4543-9e63-08ee4d468ee0": { "id": "22b539c8-a6f1-4543-9e63-08ee4d468ee0", "title": "Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.4 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login with TOTP (Google Authenticator, Microsoft Authenticator)", "slug": "miniorange-google-authenticator", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22b539c8-a6f1-4543-9e63-08ee4d468ee0?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22b59b36-ba47-4c10-8f43-a29ae3b9d446": { "id": "22b59b36-ba47-4c10-8f43-a29ae3b9d446", "title": "Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22b59b36-ba47-4c10-8f43-a29ae3b9d446?source=api-scan" ], "published": "2024-09-30 18:27:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22b742d7-e9fe-48ea-ae7f-579bd3c32c44": { "id": "22b742d7-e9fe-48ea-ae7f-579bd3c32c44", "title": "Easy Social Share Buttons <= 9.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Easy Social Share Buttons for WordPress", "slug": "easy-social-share-buttons3", "affected_versions": { "* - 9.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22b742d7-e9fe-48ea-ae7f-579bd3c32c44?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22ba0eaf-f514-420a-9680-8126f6dcdde9": { "id": "22ba0eaf-f514-420a-9680-8126f6dcdde9", "title": "Premium Addons for Elementor <= 4.10.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Link Wrapper", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22bc7a0c-8a89-461b-8838-788dd6d5c63b": { "id": "22bc7a0c-8a89-461b-8838-788dd6d5c63b", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS)", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.48": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22bc7a0c-8a89-461b-8838-788dd6d5c63b?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22bf2719-335d-4331-8c59-648f6f903ffa": { "id": "22bf2719-335d-4331-8c59-648f6f903ffa", "title": "WordPress Core <= 3.0.4 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22bf2719-335d-4331-8c59-648f6f903ffa?source=api-scan" ], "published": "2007-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22bf5b65-8ec4-477c-a6bd-c90b99f560a8": { "id": "22bf5b65-8ec4-477c-a6bd-c90b99f560a8", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 1.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22bf5b65-8ec4-477c-a6bd-c90b99f560a8?source=api-scan" ], "published": "2010-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22c4b981-6135-4c44-aa68-f0d51704a68c": { "id": "22c4b981-6135-4c44-aa68-f0d51704a68c", "title": "PowerPack Addons for Elementor <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag*", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.7.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22c4b981-6135-4c44-aa68-f0d51704a68c?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22c63226-2bc6-40be-a5d1-1bd169fc78b8": { "id": "22c63226-2bc6-40be-a5d1-1bd169fc78b8", "title": "Slick Contact Forms <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Slick Contact Forms", "slug": "slick-contact-forms", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22c63226-2bc6-40be-a5d1-1bd169fc78b8?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22cb2bc4-ddf1-4e23-af1c-4f59ff88e9e1": { "id": "22cb2bc4-ddf1-4e23-af1c-4f59ff88e9e1", "title": "Spider Calendar < 1.1.3 - Multiple Vulnerabilities", "software": [ { "type": "plugin", "name": "spider-calendar", "slug": "spider-calendar", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22cb2bc4-ddf1-4e23-af1c-4f59ff88e9e1?source=api-scan" ], "published": "2012-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22cfbaa1-5412-4944-899c-7ae41d017384": { "id": "22cfbaa1-5412-4944-899c-7ae41d017384", "title": "Arya Multipurpose Pro <= 1.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Arya Multipurpose Pro", "slug": "arya-multipurpose-pro", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22cfbaa1-5412-4944-899c-7ae41d017384?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22d1ccf3-ac1a-4dfc-81c3-b8eb88795bc1": { "id": "22d1ccf3-ac1a-4dfc-81c3-b8eb88795bc1", "title": "Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blocksy", "slug": "blocksy", "affected_versions": { "* - 2.0.42": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22d1ccf3-ac1a-4dfc-81c3-b8eb88795bc1?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22d50526-e21f-412d-9eed-b9b1f48c3358": { "id": "22d50526-e21f-412d-9eed-b9b1f48c3358", "title": "Zephyr Project Manager <= 3.2.40 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true }, "3.2.40": { "from_version": "3.2.40", "from_inclusive": true, "to_version": "3.2.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.41", "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22d50526-e21f-412d-9eed-b9b1f48c3358?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22d58028-a12c-4d72-b275-ba37a58dc10d": { "id": "22d58028-a12c-4d72-b275-ba37a58dc10d", "title": "Dashicons + Custom Post Types <= 1.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Dashicons + Custom Post Types", "slug": "dashicons-cpt", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22d58028-a12c-4d72-b275-ba37a58dc10d?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22d5a45b-41bd-4f65-b8b7-d7efb2b9cecf": { "id": "22d5a45b-41bd-4f65-b8b7-d7efb2b9cecf", "title": "External featured image from bing <= 1.0.2 - Authenticated (Subscriber+) Remote Code Execution", "software": [ { "type": "plugin", "name": "External featured image from bing", "slug": "external-featured-image-from-bing", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22d5a45b-41bd-4f65-b8b7-d7efb2b9cecf?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22d8847d-f73f-40ad-8b8c-8e602d226be5": { "id": "22d8847d-f73f-40ad-8b8c-8e602d226be5", "title": "Blockspare <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites \u2013 Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed", "slug": "blockspare", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22d8847d-f73f-40ad-8b8c-8e602d226be5?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22d9ccd6-24fb-4863-b5ac-b22b9958007b": { "id": "22d9ccd6-24fb-4863-b5ac-b22b9958007b", "title": "Church Admin <= 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22d9ccd6-24fb-4863-b5ac-b22b9958007b?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22dbd787-2b9a-4883-9203-c79fc241596d": { "id": "22dbd787-2b9a-4883-9203-c79fc241596d", "title": "WordPress Importer: Import any XML File to WordPress <= 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Smart Import : Import any XML File to WordPress", "slug": "wp-smart-import", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22dbd787-2b9a-4883-9203-c79fc241596d?source=api-scan" ], "published": "2022-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22dcdd92-75d1-44aa-aaae-434ec4bdc20f": { "id": "22dcdd92-75d1-44aa-aaae-434ec4bdc20f", "title": "Auberge < 1.4.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Auberge", "slug": "auberge", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22dcdd92-75d1-44aa-aaae-434ec4bdc20f?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22de2da7-f7db-46de-9305-52bce6e56937": { "id": "22de2da7-f7db-46de-9305-52bce6e56937", "title": "WP LESS to CSS <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP LESS to CSS", "slug": "wp-less-to-css", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22de2da7-f7db-46de-9305-52bce6e56937?source=api-scan" ], "published": "2022-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22e09431-dd71-4a90-84ba-4b676ec8ccb3": { "id": "22e09431-dd71-4a90-84ba-4b676ec8ccb3", "title": "CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CRM Perks Forms \u2013 WordPress Form Builder", "slug": "crm-perks-forms", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22e09431-dd71-4a90-84ba-4b676ec8ccb3?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22e4eb2a-2c2b-4f4f-821e-8d2d7e558364": { "id": "22e4eb2a-2c2b-4f4f-821e-8d2d7e558364", "title": "Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22e4eb2a-2c2b-4f4f-821e-8d2d7e558364?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22f58318-90ce-4f98-991c-1270d6768f5c": { "id": "22f58318-90ce-4f98-991c-1270d6768f5c", "title": "Register Plus <= 3.5.11 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Register Plus", "slug": "register-plus", "affected_versions": { "* - 3.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22f58318-90ce-4f98-991c-1270d6768f5c?source=api-scan" ], "published": "2010-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22f79a03-9195-4d5d-a189-9b5e1d3307c8": { "id": "22f79a03-9195-4d5d-a189-9b5e1d3307c8", "title": "Contact Form 7 Database Addon <= 1.2.5.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form 7 Database Addon \u2013 CFDB7", "slug": "contact-form-cfdb7", "affected_versions": { "[*, 1.2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22f79a03-9195-4d5d-a189-9b5e1d3307c8?source=api-scan" ], "published": "2021-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22f98afa-eb14-4326-9971-49092c711249": { "id": "22f98afa-eb14-4326-9971-49092c711249", "title": "WPFavicon <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFavicon", "slug": "wpfavicon", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22f98afa-eb14-4326-9971-49092c711249?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22fa9343-0b6e-47d5-9ebc-2c8902428b8b": { "id": "22fa9343-0b6e-47d5-9ebc-2c8902428b8b", "title": "Limit Login Attempts Plus <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limit Login Attempts Plus \u2013 WordPress Limit Login Attempts By Felix", "slug": "limit-login-attempts-plus", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22fa9343-0b6e-47d5-9ebc-2c8902428b8b?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22faab6d-a63f-4052-b7c6-92e11e4ca723": { "id": "22faab6d-a63f-4052-b7c6-92e11e4ca723", "title": "Securimage-WP Plugin < 3.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Securimage-WP", "slug": "securimage-wp", "affected_versions": { "[*, 3.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22faab6d-a63f-4052-b7c6-92e11e4ca723?source=api-scan" ], "published": "2013-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22fd58a6-2bcb-4190-8440-a7df7848ad9e": { "id": "22fd58a6-2bcb-4190-8440-a7df7848ad9e", "title": "PowerPack Addons for Elementor <= 2.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22fd58a6-2bcb-4190-8440-a7df7848ad9e?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22ff0b0c-ffd9-4aae-9e49-069fd1b47f17": { "id": "22ff0b0c-ffd9-4aae-9e49-069fd1b47f17", "title": "Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "[*, 3.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22ff0b0c-ffd9-4aae-9e49-069fd1b47f17?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "22ff4b09-063b-425e-9d59-be2e5d283186": { "id": "22ff4b09-063b-425e-9d59-be2e5d283186", "title": "Give - Donation Plugin <= 2.33.0 - Authenticated(Give Manager+) Privilege Escalation", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.33.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.33.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/22ff4b09-063b-425e-9d59-be2e5d283186?source=api-scan" ], "published": "2023-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2304e4dc-0dc6-4ded-b8e6-8d76d70f63d7": { "id": "2304e4dc-0dc6-4ded-b8e6-8d76d70f63d7", "title": "Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX action", "software": [ { "type": "plugin", "name": "WordPress Flipbook by Supsystic", "slug": "digital-publications-by-supsystic", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2304e4dc-0dc6-4ded-b8e6-8d76d70f63d7?source=api-scan" ], "published": "2023-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "230b6a10-1505-4f66-ba98-df6257a80668": { "id": "230b6a10-1505-4f66-ba98-df6257a80668", "title": "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership <= 1.9.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MicroPayments \u2013 Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet", "slug": "paid-membership", "affected_versions": { "* - 1.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/230b6a10-1505-4f66-ba98-df6257a80668?source=api-scan" ], "published": "2022-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "230f40c1-a8a9-4932-a3f1-ecddc52acca9": { "id": "230f40c1-a8a9-4932-a3f1-ecddc52acca9", "title": "Icegram <= 3.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 3.1.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/230f40c1-a8a9-4932-a3f1-ecddc52acca9?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23132298-f1de-4085-a76f-f007b8b7de15": { "id": "23132298-f1de-4085-a76f-f007b8b7de15", "title": "WordPress Geolocation Plugin \u2013 CF Geo Plugin <= 7.13.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Geo Controller", "slug": "cf-geoplugin", "affected_versions": { "* - 7.13.11": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23132298-f1de-4085-a76f-f007b8b7de15?source=api-scan" ], "published": "2021-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2314cfeb-52e4-40c5-91e9-ebd7d7eab809": { "id": "2314cfeb-52e4-40c5-91e9-ebd7d7eab809", "title": "The Events Calendar <= 4.8.1 - Cross-Site Scripting via tribe_paged Parameter", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "[*, 4.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2314cfeb-52e4-40c5-91e9-ebd7d7eab809?source=api-scan" ], "published": "2019-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2318b3e1-268d-45fa-83bf-c6e88f1b9013": { "id": "2318b3e1-268d-45fa-83bf-c6e88f1b9013", "title": "LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change", "software": [ { "type": "plugin", "name": "LearnDash LMS", "slug": "sfwd-lms", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2318b3e1-268d-45fa-83bf-c6e88f1b9013?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "231dbf87-2e17-4b4b-9eac-34a8b4a791ba": { "id": "231dbf87-2e17-4b4b-9eac-34a8b4a791ba", "title": "Elements For Elementor <= 1.9 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elements For Elementor", "slug": "nd-elements", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/231dbf87-2e17-4b4b-9eac-34a8b4a791ba?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "231f1e11-661d-40e4-a139-0ee2be95d551": { "id": "231f1e11-661d-40e4-a139-0ee2be95d551", "title": "MasterStudy LMS <= 3.2.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/231f1e11-661d-40e4-a139-0ee2be95d551?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23239fc1-8683-446e-bc61-03d819edf99d": { "id": "23239fc1-8683-446e-bc61-03d819edf99d", "title": "DiveBook <= 1.1.4 - SQL Injection", "software": [ { "type": "plugin", "name": "DiveBook", "slug": "divebook", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23239fc1-8683-446e-bc61-03d819edf99d?source=api-scan" ], "published": "2020-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "232a274f-c194-4c5b-a1a8-899a822e47fc": { "id": "232a274f-c194-4c5b-a1a8-899a822e47fc", "title": "Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "* - 4.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/232a274f-c194-4c5b-a1a8-899a822e47fc?source=api-scan" ], "published": "2022-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "232cdd3b-4683-4e95-bdfd-acf0f32aeb2a": { "id": "232cdd3b-4683-4e95-bdfd-acf0f32aeb2a", "title": "VikRentCar Car Rental Management System <= 1.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "VikRentCar Car Rental Management System", "slug": "vikrentcar", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/232cdd3b-4683-4e95-bdfd-acf0f32aeb2a?source=api-scan" ], "published": "2024-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "232dd4fa-748e-4b65-8b78-7b2d8e9831aa": { "id": "232dd4fa-748e-4b65-8b78-7b2d8e9831aa", "title": "FV Flowplayer Video Player <= 7.3.18.727 - SQL Injection", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.3.18.727": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.18.727", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.19.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/232dd4fa-748e-4b65-8b78-7b2d8e9831aa?source=api-scan" ], "published": "2019-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "232e6464-bd6c-4086-989a-00b84056c431": { "id": "232e6464-bd6c-4086-989a-00b84056c431", "title": "Evergreen Content Poster <= 1.4.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media", "slug": "evergreen-content-poster", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/232e6464-bd6c-4086-989a-00b84056c431?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2330005e-c3ab-4556-aba9-f194a1ace329": { "id": "2330005e-c3ab-4556-aba9-f194a1ace329", "title": "WP Events <= 2.3.4 - SQL Injection", "software": [ { "type": "plugin", "name": "Events", "slug": "wp-events", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2330005e-c3ab-4556-aba9-f194a1ace329?source=api-scan" ], "published": "2017-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2330b18e-0907-47e1-b91f-1fe466bcf76b": { "id": "2330b18e-0907-47e1-b91f-1fe466bcf76b", "title": "Sprout Invoices <= 20.5.3 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Client Invoicing by Sprout Invoices \u2013 Easy Estimates and Invoices for WordPress", "slug": "sprout-invoices", "affected_versions": { "[*, 20.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "20.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "20.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2330b18e-0907-47e1-b91f-1fe466bcf76b?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23311ce1-0e94-4bff-8d92-388ccc600506": { "id": "23311ce1-0e94-4bff-8d92-388ccc600506", "title": "Football Pool < 2.6.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Football Pool", "slug": "football-pool", "affected_versions": { "[*, 2.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23311ce1-0e94-4bff-8d92-388ccc600506?source=api-scan" ], "published": "2017-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2331a587-b731-43d9-b813-9f08efc60bfc": { "id": "2331a587-b731-43d9-b813-9f08efc60bfc", "title": "GetResponse <= 5.5.19 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GetResponse for WordPress", "slug": "getresponse-integration", "affected_versions": { "* - 5.5.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2331a587-b731-43d9-b813-9f08efc60bfc?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "233319cc-10fc-4a15-be35-df772e700639": { "id": "233319cc-10fc-4a15-be35-df772e700639", "title": "Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation <= 3.6.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation", "slug": "gs-logo-slider", "affected_versions": { "* - 3.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/233319cc-10fc-4a15-be35-df772e700639?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23334d94-e5b8-4c88-8765-02ad19e17248": { "id": "23334d94-e5b8-4c88-8765-02ad19e17248", "title": "WordPress File Upload \/ WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.19.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.19.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.19.2" ] }, { "type": "plugin", "name": "WordPress File Upload Pro", "slug": "wordpress-file-upload-pro", "affected_versions": { "* - 4.19.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.19.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.19.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23334d94-e5b8-4c88-8765-02ad19e17248?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23399606-20b6-4d0b-b613-06dc838dc1e7": { "id": "23399606-20b6-4d0b-b613-06dc838dc1e7", "title": "Welcart e-Commerce <= 2.9.4 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23399606-20b6-4d0b-b613-06dc838dc1e7?source=api-scan" ], "published": "2023-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2339c392-49bc-4744-b82a-d40f3bb4a81e": { "id": "2339c392-49bc-4744-b82a-d40f3bb4a81e", "title": "Ultimate Appointment Booking & Scheduling < 1.1.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Appointment Booking & Scheduling", "slug": "ultimate-appointment-scheduling", "affected_versions": { "[*, 1.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2339c392-49bc-4744-b82a-d40f3bb4a81e?source=api-scan" ], "published": "2020-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2339ebbf-2302-4e83-9743-ca79fda20f05": { "id": "2339ebbf-2302-4e83-9743-ca79fda20f05", "title": "Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion", "software": [ { "type": "plugin", "name": "Wbcom Designs \u2013 Custom Font Uploader", "slug": "custom-font-uploader", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2339ebbf-2302-4e83-9743-ca79fda20f05?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "233a29f5-12bf-4849-9b28-4458a0b0c940": { "id": "233a29f5-12bf-4849-9b28-4458a0b0c940", "title": "Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via extend_builder", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.253": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.253", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.260" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/233a29f5-12bf-4849-9b28-4458a0b0c940?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2345c972-9fd4-4709-8bde-315ab54f60e2": { "id": "2345c972-9fd4-4709-8bde-315ab54f60e2", "title": "Contact Form and Calls To Action by vcita <= 2.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Builder by vcita", "slug": "contact-form-with-a-meeting-scheduler-by-vcita", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2345c972-9fd4-4709-8bde-315ab54f60e2?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "234a847b-3ffa-4c5c-9bba-39df227de0bc": { "id": "234a847b-3ffa-4c5c-9bba-39df227de0bc", "title": "Tutor LMS <= 1.9.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/234a847b-3ffa-4c5c-9bba-39df227de0bc?source=api-scan" ], "published": "2021-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "234df0e5-d1be-4354-8bfc-761bed1e9aa9": { "id": "234df0e5-d1be-4354-8bfc-761bed1e9aa9", "title": "Gravity Forms <= 2.7.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gravity Forms", "slug": "gravityforms", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/234df0e5-d1be-4354-8bfc-761bed1e9aa9?source=api-scan" ], "published": "2023-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23521bba-8f3a-4d87-901a-cf2d666eefa4": { "id": "23521bba-8f3a-4d87-901a-cf2d666eefa4", "title": "Ubigeo de Per\u00fa para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Ubigeo de Per\u00fa para Woocommerce y WordPress", "slug": "ubigeo-peru", "affected_versions": { "[*, 3.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23521bba-8f3a-4d87-901a-cf2d666eefa4?source=api-scan" ], "published": "2022-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2352dce7-5302-4892-9ae2-bf814f029af4": { "id": "2352dce7-5302-4892-9ae2-bf814f029af4", "title": "Classified Listing <= 2.4.5 - Cross-Site Request Forgery via rtcl_ajax_thumbnail_delete", "software": [ { "type": "plugin", "name": "Classified Listing \u2013 Classified ads & Business Directory Plugin", "slug": "classified-listing", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2352dce7-5302-4892-9ae2-bf814f029af4?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "235b197f-030e-4da2-8edf-e263fab6df14": { "id": "235b197f-030e-4da2-8edf-e263fab6df14", "title": "ExS Widgets <= 0.3.1 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "ExS Widgets", "slug": "exs-widgets", "affected_versions": { "* - 0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/235b197f-030e-4da2-8edf-e263fab6df14?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "235c9967-808f-45f2-85cf-7ee7a523593d": { "id": "235c9967-808f-45f2-85cf-7ee7a523593d", "title": "Users Ultra <= 1.5.15 - Multiple SQL Injection", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "* - 1.5.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/235c9967-808f-45f2-85cf-7ee7a523593d?source=api-scan" ], "published": "2015-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "236387f0-b58e-4ef1-b370-a0703a7902eb": { "id": "236387f0-b58e-4ef1-b370-a0703a7902eb", "title": "Zephyr Project Manager <= 3.3.93 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.93": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/236387f0-b58e-4ef1-b370-a0703a7902eb?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "236876d4-7838-400d-839a-ce257bf42645": { "id": "236876d4-7838-400d-839a-ce257bf42645", "title": "Cooked \u2013 Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.7.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/236876d4-7838-400d-839a-ce257bf42645?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "236dd639-7f05-4fe8-bb81-5d023ebe7962": { "id": "236dd639-7f05-4fe8-bb81-5d023ebe7962", "title": "Advance Search for WooCommerce <= 1.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advance Search for WooCommerce", "slug": "woo-advance-search", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/236dd639-7f05-4fe8-bb81-5d023ebe7962?source=api-scan" ], "published": "2018-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2375027c-9619-40fc-811d-7f4ba02bee53": { "id": "2375027c-9619-40fc-811d-7f4ba02bee53", "title": "aBitGone CommentSafe <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "aBitGone CommentSafe", "slug": "abitgone-commentsafe", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2375027c-9619-40fc-811d-7f4ba02bee53?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2379a029-cc0d-4fa2-9aeb-47a4abd6b51a": { "id": "2379a029-cc0d-4fa2-9aeb-47a4abd6b51a", "title": "GiveWP <= 2.25.1 - Authenticated (Admin+) Server-Side Request Forgery via give_get_content_by_ajax_handler", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2379a029-cc0d-4fa2-9aeb-47a4abd6b51a?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "237fcdb7-aef9-4d35-baf4-7d382e8b7f3c": { "id": "237fcdb7-aef9-4d35-baf4-7d382e8b7f3c", "title": "Tagbox \u2013 UGC Galleries, Social Media Widgets, User Reviews & Analytics <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tagbox \u2013 UGC Galleries, Social Media Widgets, User Reviews & Analytics", "slug": "taggbox-widget", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/237fcdb7-aef9-4d35-baf4-7d382e8b7f3c?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2389068b-b61d-4598-9a8a-8316a7421907": { "id": "2389068b-b61d-4598-9a8a-8316a7421907", "title": "HelloAsso <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HelloAsso", "slug": "helloasso", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2389068b-b61d-4598-9a8a-8316a7421907?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2389f614-a9e6-479c-a713-71271d3a35c6": { "id": "2389f614-a9e6-479c-a713-71271d3a35c6", "title": "Sign-up Sheets <= 2.2.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sign-up Sheets", "slug": "sign-up-sheets", "affected_versions": { "* - 2.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2389f614-a9e6-479c-a713-71271d3a35c6?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "238dc80f-0d82-44e2-a950-321defb2361b": { "id": "238dc80f-0d82-44e2-a950-321defb2361b", "title": "Exquisite - Ultimate Newspaper Theme <= 1.3.3 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Exquisite - Ultimate Newspaper Theme", "slug": "exquisite-wp", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/238dc80f-0d82-44e2-a950-321defb2361b?source=api-scan" ], "published": "2015-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "238f6d81-78ba-426c-866a-31f9279e4f99": { "id": "238f6d81-78ba-426c-866a-31f9279e4f99", "title": "WP Private Content Plus <= 3.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP Private Content Plus", "slug": "wp-private-content-plus", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/238f6d81-78ba-426c-866a-31f9279e4f99?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23924342-3b1d-4360-bd87-104091283e35": { "id": "23924342-3b1d-4360-bd87-104091283e35", "title": "BuddyBuilder - BuddyPress Builder for Elementor <= 1.7.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "BuddyPress Builder for Elementor \u2013 BuddyBuilder", "slug": "stax-buddy-builder", "affected_versions": { "[*, 1.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23924342-3b1d-4360-bd87-104091283e35?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23980e13-b632-43ec-938e-8171884cb87b": { "id": "23980e13-b632-43ec-938e-8171884cb87b", "title": "LIQUID SPEECH BALLOON <= 1.1.8 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "LIQUID SPEECH BALLOON", "slug": "liquid-speech-balloon", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23980e13-b632-43ec-938e-8171884cb87b?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "239bdac1-c14b-42ff-bee5-130d0bf3394c": { "id": "239bdac1-c14b-42ff-bee5-130d0bf3394c", "title": "Custom Sidebars < 2.1.0.2 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Custom Sidebars \u2013 Dynamic Sidebar Widget Area Manager", "slug": "custom-sidebars", "affected_versions": { "[*, 2.1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/239bdac1-c14b-42ff-bee5-130d0bf3394c?source=api-scan" ], "published": "2015-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23a003aa-d929-4ec3-9d6f-da97222342dc": { "id": "23a003aa-d929-4ec3-9d6f-da97222342dc", "title": "Sassy Social Share <= 3.3.44 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Sassy Social Share", "slug": "sassy-social-share", "affected_versions": { "* - 3.3.44": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23a003aa-d929-4ec3-9d6f-da97222342dc?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23a01c60-d843-4fc5-a5fa-677f452008b5": { "id": "23a01c60-d843-4fc5-a5fa-677f452008b5", "title": "Charitable \u2013 Donation Plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "* - 1.6.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23a01c60-d843-4fc5-a5fa-677f452008b5?source=api-scan" ], "published": "2021-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23a20e57-0228-4e37-a105-e693c05a0a24": { "id": "23a20e57-0228-4e37-a105-e693c05a0a24", "title": "Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Plugin Deactivation", "software": [ { "type": "plugin", "name": "Creative Mail \u2013 Easier WordPress & WooCommerce Email Marketing", "slug": "creative-mail-by-constant-contact", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23a20e57-0228-4e37-a105-e693c05a0a24?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23a2b1ac-2183-48ae-8376-fb950fe83fd9": { "id": "23a2b1ac-2183-48ae-8376-fb950fe83fd9", "title": "Custom Post Type Generator <= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Custom Post Type Generator", "slug": "custom-post-type-generator", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23a2b1ac-2183-48ae-8376-fb950fe83fd9?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23a2fd80-65cb-4e92-978d-c365f08b4c0b": { "id": "23a2fd80-65cb-4e92-978d-c365f08b4c0b", "title": "Subpages Extended <= 1.6.6 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subpages Extended", "slug": "subpages-extended", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23a2fd80-65cb-4e92-978d-c365f08b4c0b?source=api-scan" ], "published": "2022-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23a3a4c5-0af0-4b5f-b3c7-bf670efea84f": { "id": "23a3a4c5-0af0-4b5f-b3c7-bf670efea84f", "title": "Analytics Insights <= 6.2 - Open Redirect", "software": [ { "type": "plugin", "name": "Analytics Insights \u2013 Google Analytics Dashboard for WordPress", "slug": "analytics-insights", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23a3a4c5-0af0-4b5f-b3c7-bf670efea84f?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23a66e6b-cec0-4110-9bef-a5d41ce1c954": { "id": "23a66e6b-cec0-4110-9bef-a5d41ce1c954", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.17": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23a66e6b-cec0-4110-9bef-a5d41ce1c954?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23a94578-f395-4ec1-8a08-52ca233cc832": { "id": "23a94578-f395-4ec1-8a08-52ca233cc832", "title": "Meks Easy Photo Feed Widget < 1.2.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meks Easy Photo Feed Widget", "slug": "meks-easy-instagram-widget", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23a94578-f395-4ec1-8a08-52ca233cc832?source=api-scan" ], "published": "2021-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23aa8a2f-9238-4d93-b2d2-de7838ccb156": { "id": "23aa8a2f-9238-4d93-b2d2-de7838ccb156", "title": "Tune Library < 1.5.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Tune Library", "slug": "tune-library", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23aa8a2f-9238-4d93-b2d2-de7838ccb156?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23ad80bd-3e35-4610-b917-7242a4292adf": { "id": "23ad80bd-3e35-4610-b917-7242a4292adf", "title": "Generate Images \u2013 Magic Post Thumbnail <= 5.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Generate Images \u2013 Magic Post Thumbnail", "slug": "magic-post-thumbnail", "affected_versions": { "* - 5.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23ad80bd-3e35-4610-b917-7242a4292adf?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23ae17a6-a745-42c4-8627-ad1c41b66e0e": { "id": "23ae17a6-a745-42c4-8627-ad1c41b66e0e", "title": "MDx <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdx_list_item Shortcode", "software": [ { "type": "theme", "name": "MDx", "slug": "MDx", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23ae17a6-a745-42c4-8627-ad1c41b66e0e?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23af50ec-e293-4c06-be64-474057e25845": { "id": "23af50ec-e293-4c06-be64-474057e25845", "title": "Travelers' Map <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Travelers' Map", "slug": "travelers-map", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23af50ec-e293-4c06-be64-474057e25845?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23b018d3-3451-4ae8-b571-07e931ad23df": { "id": "23b018d3-3451-4ae8-b571-07e931ad23df", "title": "Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard", "software": [ { "type": "plugin", "name": "Schema \u2013 All In One Schema Rich Snippets", "slug": "all-in-one-schemaorg-rich-snippets", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23b018d3-3451-4ae8-b571-07e931ad23df?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23b2fc40-d8e3-4b84-ab8d-ff82a6f21842": { "id": "23b2fc40-d8e3-4b84-ab8d-ff82a6f21842", "title": "WordPress Core < 4.5 - Cross-Site Scripting via Network Settings Page", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23b2fc40-d8e3-4b84-ab8d-ff82a6f21842?source=api-scan" ], "published": "2016-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23b33b77-2e72-4959-bdce-646e968f2a73": { "id": "23b33b77-2e72-4959-bdce-646e968f2a73", "title": "Appointment & Event Booking Calendar Plugin \u2013 Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update", "software": [ { "type": "plugin", "name": "Appointment & Event Booking Calendar Plugin \u2013 Webba Booking", "slug": "webba-booking-lite", "affected_versions": { "* - 5.0.48": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23b33b77-2e72-4959-bdce-646e968f2a73?source=api-scan" ], "published": "2024-09-23 13:28:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23b46e5b-ce1e-4215-921c-edea7fd6c56a": { "id": "23b46e5b-ce1e-4215-921c-edea7fd6c56a", "title": "Delete Usermetas <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Delete Usermetas", "slug": "delete-usermetas", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23b46e5b-ce1e-4215-921c-edea7fd6c56a?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23b5cc65-70d2-46b1-a37a-97af231aff51": { "id": "23b5cc65-70d2-46b1-a37a-97af231aff51", "title": "Featured Comments < 1.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Featured Comments", "slug": "feature-comments", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23b5cc65-70d2-46b1-a37a-97af231aff51?source=api-scan" ], "published": "2014-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23b6e418-5560-4543-9042-5f338df315e5": { "id": "23b6e418-5560-4543-9042-5f338df315e5", "title": "ShopBuilder \u2013 Elementor WooCommerce Builder Addons <= 2.1.12 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "ShopBuilder \u2013 Elementor WooCommerce Builder Addons", "slug": "shopbuilder", "affected_versions": { "* - 2.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23b6e418-5560-4543-9042-5f338df315e5?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23b75226-e7c9-4b22-aa1b-1a7d400856d2": { "id": "23b75226-e7c9-4b22-aa1b-1a7d400856d2", "title": "Careerfy - Job Board WordPress Theme <= 3.9.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23b75226-e7c9-4b22-aa1b-1a7d400856d2?source=api-scan" ], "published": "2020-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23bfcdd1-b99d-47eb-9f88-96f9ecc53b32": { "id": "23bfcdd1-b99d-47eb-9f88-96f9ecc53b32", "title": "Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23bfcdd1-b99d-47eb-9f88-96f9ecc53b32?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23caef95-36b6-40aa-8dd7-51a376790a40": { "id": "23caef95-36b6-40aa-8dd7-51a376790a40", "title": "User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.10.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23caef95-36b6-40aa-8dd7-51a376790a40?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23d5e2ba-3a8a-4ded-aba9-fa0a7228a398": { "id": "23d5e2ba-3a8a-4ded-aba9-fa0a7228a398", "title": "Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23d5e2ba-3a8a-4ded-aba9-fa0a7228a398?source=api-scan" ], "published": "2024-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23d762e9-d43f-4520-a6f1-c920417a2436": { "id": "23d762e9-d43f-4520-a6f1-c920417a2436", "title": "BuddyForms <= 2.8.8 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23d762e9-d43f-4520-a6f1-c920417a2436?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23d8c56b-01f1-48b4-a58d-958457be738f": { "id": "23d8c56b-01f1-48b4-a58d-958457be738f", "title": "SEO Plugin LiveOptim <= 1.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SEO Plugin LiveOptim", "slug": "liveoptim", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23d8c56b-01f1-48b4-a58d-958457be738f?source=api-scan" ], "published": "2014-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23da892a-62c1-4c4b-8b86-4b55018c309b": { "id": "23da892a-62c1-4c4b-8b86-4b55018c309b", "title": "WPSPX <= 1.0.2 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "WPSPX", "slug": "wpspx", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23da892a-62c1-4c4b-8b86-4b55018c309b?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23e04283-5644-4e23-bc42-0a0963a38b71": { "id": "23e04283-5644-4e23-bc42-0a0963a38b71", "title": "Piotnet Addons For Elementor Pro <= 7.1.17 - Missing Authorization to Arbitrary Post\/Page Deletion", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor Pro", "slug": "piotnet-addons-for-elementor-pro", "affected_versions": { "* - 7.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23e04283-5644-4e23-bc42-0a0963a38b71?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23e0f61b-f122-46f7-83c8-7fcb022c45e9": { "id": "23e0f61b-f122-46f7-83c8-7fcb022c45e9", "title": "Photo Gallery <= 1.5.74 - File Upload Path Traversal", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.75)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.75", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.75" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23e0f61b-f122-46f7-83c8-7fcb022c45e9?source=api-scan" ], "published": "2021-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23e39019-c322-4027-84f2-faabd9ca4983": { "id": "23e39019-c322-4027-84f2-faabd9ca4983", "title": "Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23e39019-c322-4027-84f2-faabd9ca4983?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23ee5d94-5a51-4ee3-945c-422f3f07634e": { "id": "23ee5d94-5a51-4ee3-945c-422f3f07634e", "title": "Recencio Book Reviews <= 1.66.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recencio Book Reviews", "slug": "recencio-book-reviews", "affected_versions": { "* - 1.66.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.66.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23ee5d94-5a51-4ee3-945c-422f3f07634e?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23f0315f-5523-4e16-8adf-f9fe9254032a": { "id": "23f0315f-5523-4e16-8adf-f9fe9254032a", "title": "Super Store Finder <= 6.1, Super Interactive Maps <= 1.9, Super Logo Showcase <= 2.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Super Store Finder", "slug": "superstorefinder-wp", "affected_versions": { "* - 6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2" ] }, { "type": "plugin", "name": "Super Logos Showcase for WordPress", "slug": "superlogoshowcase-wp", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "Super Interactive Maps", "slug": "super-interactive-maps", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23f0315f-5523-4e16-8adf-f9fe9254032a?source=api-scan" ], "published": "2020-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23f1b1da-2ac0-49c1-bb32-2fe2cfd56192": { "id": "23f1b1da-2ac0-49c1-bb32-2fe2cfd56192", "title": "Real Testimonials <= 2.1.6 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real Testimonials \u2013 Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider", "slug": "testimonial-free", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23f1b1da-2ac0-49c1-bb32-2fe2cfd56192?source=api-scan" ], "published": "2020-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23f58949-6cc7-45a3-a6a0-58213bb03679": { "id": "23f58949-6cc7-45a3-a6a0-58213bb03679", "title": "Price Table <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Price Table", "slug": "pricetable", "affected_versions": { "* - 0.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23f58949-6cc7-45a3-a6a0-58213bb03679?source=api-scan" ], "published": "2022-01-27 11:22:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23f7f4ad-f9d5-44b7-8354-5145b003fd20": { "id": "23f7f4ad-f9d5-44b7-8354-5145b003fd20", "title": "WordPress Custom Settings <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Custom Settings", "slug": "custom-settings", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23f7f4ad-f9d5-44b7-8354-5145b003fd20?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23f8e757-a4ed-4929-9647-dfe5a21689aa": { "id": "23f8e757-a4ed-4929-9647-dfe5a21689aa", "title": "Spiffy Calendar <= 4.9.12 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23f8e757-a4ed-4929-9647-dfe5a21689aa?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23f9d758-4b5e-44e5-9f58-a37b01c4ffdb": { "id": "23f9d758-4b5e-44e5-9f58-a37b01c4ffdb", "title": "WP Security Question <= 1.0.5 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP Security Question", "slug": "wp-security-questions", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23f9d758-4b5e-44e5-9f58-a37b01c4ffdb?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23fbb011-cf60-4c75-ac68-b5d0dfa3c356": { "id": "23fbb011-cf60-4c75-ac68-b5d0dfa3c356", "title": "Print My Blog <= 1.6.6 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Print My Blog \u2013 Print, PDF, & eBook Converter WordPress Plugin", "slug": "print-my-blog", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23fbb011-cf60-4c75-ac68-b5d0dfa3c356?source=api-scan" ], "published": "2019-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23feb72c-7e6f-436b-b56e-dc6185302d31": { "id": "23feb72c-7e6f-436b-b56e-dc6185302d31", "title": "Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.29.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23feb72c-7e6f-436b-b56e-dc6185302d31?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "23ff12f0-eb9d-4bb3-8db0-0e794c0f0594": { "id": "23ff12f0-eb9d-4bb3-8db0-0e794c0f0594", "title": "WPBakery <= 7.7 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBakery Visual Composer", "slug": "js_composer", "affected_versions": { "* - 7.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/23ff12f0-eb9d-4bb3-8db0-0e794c0f0594?source=api-scan" ], "published": "2024-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "240691c4-35c5-40e1-b1ab-a500ffcdac73": { "id": "240691c4-35c5-40e1-b1ab-a500ffcdac73", "title": "Simple Giveaways <= 2.45.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Form, Prize, and Sharing Method Fields", "software": [ { "type": "plugin", "name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests", "slug": "giveasap", "affected_versions": { "* - 2.45.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.45.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.45.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/240691c4-35c5-40e1-b1ab-a500ffcdac73?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24092cd1-cf89-49c1-a607-4d5d06d0c804": { "id": "24092cd1-cf89-49c1-a607-4d5d06d0c804", "title": "IP Loc8 <= 1.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "IP Loc8", "slug": "ip-loc8", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24092cd1-cf89-49c1-a607-4d5d06d0c804?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "240cc19a-9bae-4e69-a16f-46901daaa945": { "id": "240cc19a-9bae-4e69-a16f-46901daaa945", "title": "Brandfolder \u2013 Digital Asset Management Simplified. < 3.0.1 - Local\/Remote File Inclusion", "software": [ { "type": "plugin", "name": "Brandfolder \u2013 Digital Asset Management Simplified.", "slug": "brandfolder", "affected_versions": { "[*, 3.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/240cc19a-9bae-4e69-a16f-46901daaa945?source=api-scan" ], "published": "2016-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "241073e4-b8f2-4dd3-ad66-6dda8c61b42c": { "id": "241073e4-b8f2-4dd3-ad66-6dda8c61b42c", "title": "AB Google Map Travel (AB-MAP) < 4.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AB Google Map Travel (AB-MAP)", "slug": "ab-google-map-travel", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/241073e4-b8f2-4dd3-ad66-6dda8c61b42c?source=api-scan" ], "published": "2015-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24123a4f-da33-4d50-9e82-18f910de6619": { "id": "24123a4f-da33-4d50-9e82-18f910de6619", "title": "Portfolio Responsive Gallery <= 1.1.7 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "Portfolio Responsive Gallery", "slug": "portfolio-responsive-gallery", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24123a4f-da33-4d50-9e82-18f910de6619?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24142874-95f9-448d-8cf2-14a65fc946ab": { "id": "24142874-95f9-448d-8cf2-14a65fc946ab", "title": "Paid Memberships Pro - Member Directory Add On < 1.2.6 - Authenticated (Contributor+) Information Exposure", "software": [ { "type": "plugin", "name": "Paid Memberships Pro - Member Directory Add On", "slug": "pmpro-member-directory", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24142874-95f9-448d-8cf2-14a65fc946ab?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24142bf8-15e7-460d-83a3-52dc57537498": { "id": "24142bf8-15e7-460d-83a3-52dc57537498", "title": "WP Affiliate Platform <= 6.5.1 - Cross-Site Request Forgery to Afilliate Deletion", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "* - 6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24142bf8-15e7-460d-83a3-52dc57537498?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24184443-9737-4117-89cf-02cf1e2a07f2": { "id": "24184443-9737-4117-89cf-02cf1e2a07f2", "title": "Logo Manager For Enamad <= 0.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Manager For Enamad", "slug": "logo-manager-for-enamad", "affected_versions": { "* - 0.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24184443-9737-4117-89cf-02cf1e2a07f2?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "241da621-b892-4263-8409-a40ac5a1ade3": { "id": "241da621-b892-4263-8409-a40ac5a1ade3", "title": "Add Local Avatar <= 12.1 - Cross-Site Request Forgery via manage_avatar_cache", "software": [ { "type": "plugin", "name": "Add Local Avatar", "slug": "add-local-avatar", "affected_versions": { "* - 12.1": { "from_version": "*", "from_inclusive": true, "to_version": "12.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/241da621-b892-4263-8409-a40ac5a1ade3?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "241dc2e4-b079-407b-b610-c40b23d038cb": { "id": "241dc2e4-b079-407b-b610-c40b23d038cb", "title": "RegistrationMagic \u2013 Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "[*, 4.6.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/241dc2e4-b079-407b-b610-c40b23d038cb?source=api-scan" ], "published": "2020-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24226595-6ae7-44c2-a159-5b69808273fa": { "id": "24226595-6ae7-44c2-a159-5b69808273fa", "title": "Product Labels For Woocommerce <= 1.5.3 - Authenticated (Shop manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Labels For Woocommerce (Sale Badges)", "slug": "aco-product-labels-for-woocommerce", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24226595-6ae7-44c2-a159-5b69808273fa?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "242e99d1-db27-45fa-a90d-5a26c2d1901b": { "id": "242e99d1-db27-45fa-a90d-5a26c2d1901b", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/242e99d1-db27-45fa-a90d-5a26c2d1901b?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24349a73-d543-433b-9f7c-b12f914fc80f": { "id": "24349a73-d543-433b-9f7c-b12f914fc80f", "title": "Forym <= 1.5.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forym", "slug": "forym", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24349a73-d543-433b-9f7c-b12f914fc80f?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24458c37-ebcc-471b-9044-78f24667f7a6": { "id": "24458c37-ebcc-471b-9044-78f24667f7a6", "title": "Bit File Manager <= 5.2.7 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress", "slug": "file-manager", "affected_versions": { "* - 5.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24458c37-ebcc-471b-9044-78f24667f7a6?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24486605-9324-4f19-9ca3-340d006432db": { "id": "24486605-9324-4f19-9ca3-340d006432db", "title": "Page Builder by AZEXO <= 1.27.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Page Builder with Image Map by AZEXO", "slug": "page-builder-by-azexo", "affected_versions": { "* - 1.27.133": { "from_version": "*", "from_inclusive": true, "to_version": "1.27.133", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24486605-9324-4f19-9ca3-340d006432db?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "244a23a2-8899-4ab4-8f8d-62756e4ea56b": { "id": "244a23a2-8899-4ab4-8f8d-62756e4ea56b", "title": "Ultimate Member <= 2.0.10 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/244a23a2-8899-4ab4-8f8d-62756e4ea56b?source=api-scan" ], "published": "2018-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "244d4c73-3b50-4426-9730-f854372d2ba5": { "id": "244d4c73-3b50-4426-9730-f854372d2ba5", "title": "ShortPixel Adaptive Images <= 3.8.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ShortPixel Adaptive Images \u2013 WebP, AVIF, CDN, Image Optimization", "slug": "shortpixel-adaptive-images", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/244d4c73-3b50-4426-9730-f854372d2ba5?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2450277e-589d-4153-bd3f-ffed1a8b4340": { "id": "2450277e-589d-4153-bd3f-ffed1a8b4340", "title": "Epic Church by Organized Themes <= 3.6 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Epic Church by Organized Themes", "slug": "epic-church", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2450277e-589d-4153-bd3f-ffed1a8b4340?source=api-scan" ], "published": "2014-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24517dc6-4995-48ee-9b02-5c7c29d359f6": { "id": "24517dc6-4995-48ee-9b02-5c7c29d359f6", "title": "WebinarIgnition <= 3.05.0 - Missing Authorization to Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Webinar Solution: Create live\/evergreen\/automated\/instant webinars, stream & Zoom Meetings | WebinarIgnition", "slug": "webinar-ignition", "affected_versions": { "* - 3.05.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.05.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.05.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24517dc6-4995-48ee-9b02-5c7c29d359f6?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "245ae6f7-3539-4c91-89f1-29d1e12493b7": { "id": "245ae6f7-3539-4c91-89f1-29d1e12493b7", "title": "Abandoned Cart Recovery for WooCommerce by Autonami <= 2.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit", "slug": "wp-marketing-automations", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/245ae6f7-3539-4c91-89f1-29d1e12493b7?source=api-scan" ], "published": "2022-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "245d89e5-52cc-44b1-a858-0ca0aacb4e26": { "id": "245d89e5-52cc-44b1-a858-0ca0aacb4e26", "title": "Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping", "software": [ { "type": "plugin", "name": "Custom Searchable Data Entry System", "slug": "custom-searchable-data-entry-system", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/245d89e5-52cc-44b1-a858-0ca0aacb4e26?source=api-scan" ], "published": "2020-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "245e43e0-3391-486d-9ecf-3e745bceaa1f": { "id": "245e43e0-3391-486d-9ecf-3e745bceaa1f", "title": "Personalized WooCommerce Cart Page <= 2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GoHero Store Customizer for WooCommerce", "slug": "personalize-woocommerce-cart-page", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/245e43e0-3391-486d-9ecf-3e745bceaa1f?source=api-scan" ], "published": "2019-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "245e9117-ca63-458e-a094-60a759f5ec19": { "id": "245e9117-ca63-458e-a094-60a759f5ec19", "title": "Getnet Argentina para Woocommerce 0.0.1 - 0.0.4 - Authorization Bypass via webhook", "software": [ { "type": "plugin", "name": "Getnet Argentina para WooCommerce", "slug": "integrar-getnet-con-woo", "affected_versions": { "0.0.1 - 0.0.4": { "from_version": "0.0.1", "from_inclusive": true, "to_version": "0.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/245e9117-ca63-458e-a094-60a759f5ec19?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "245f8eec-d496-4298-800d-ea1120640e2d": { "id": "245f8eec-d496-4298-800d-ea1120640e2d", "title": "Captchinoo, admin login page protection with Google recaptcha <= 2.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Captchinoo, admin login page protection with Google recaptcha", "slug": "captchinoo-captcha-for-login-form-protection", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/245f8eec-d496-4298-800d-ea1120640e2d?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "246eea09-abe5-41e9-811e-5cddedbbe01e": { "id": "246eea09-abe5-41e9-811e-5cddedbbe01e", "title": "iThemes Security <= 5.3.5 - Missing Capabilities Check", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 5.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/246eea09-abe5-41e9-811e-5cddedbbe01e?source=api-scan" ], "published": "2016-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2471d06b-7d9a-41b9-b38c-3f40322d8a5b": { "id": "2471d06b-7d9a-41b9-b38c-3f40322d8a5b", "title": "Bricks 1.2 - 1.5.3 - Remote Code Execution", "software": [ { "type": "theme", "name": "Bricks", "slug": "bricks", "affected_versions": { "1.2 - 1.5.3": { "from_version": "1.2", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2471d06b-7d9a-41b9-b38c-3f40322d8a5b?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24741fa0-5075-445b-91fe-d896a9101b45": { "id": "24741fa0-5075-445b-91fe-d896a9101b45", "title": "Classic Editor and Classic Widgets <= 1.4.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Classic Editor and Classic Widgets", "slug": "classic-editor-and-classic-widgets", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24741fa0-5075-445b-91fe-d896a9101b45?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24747507-8f24-499e-a257-d379dc171e18": { "id": "24747507-8f24-499e-a257-d379dc171e18", "title": "Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24747507-8f24-499e-a257-d379dc171e18?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24759d97-2b00-4812-8407-640b545a235a": { "id": "24759d97-2b00-4812-8407-640b545a235a", "title": "WordPress to Freshsales Integration <= 1.3.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress to Freshsales Integration", "slug": "codup-wp-freshsales", "affected_versions": { "* - 1.3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24759d97-2b00-4812-8407-640b545a235a?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "247a095b-0a92-4fee-85cf-c3041a061d62": { "id": "247a095b-0a92-4fee-85cf-c3041a061d62", "title": "HTML5 Responsive FAQ <= 2.8.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML5 Responsive FAQ", "slug": "html5-responsive-faq", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/247a095b-0a92-4fee-85cf-c3041a061d62?source=api-scan" ], "published": "2021-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "247aaa80-344b-43a9-b8f9-d1a7b5af6065": { "id": "247aaa80-344b-43a9-b8f9-d1a7b5af6065", "title": "Hello Agency <= 1.0.5 - Missing Authorization to Notice Dismissal", "software": [ { "type": "theme", "name": "Hello Agency", "slug": "hello-agency", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/247aaa80-344b-43a9-b8f9-d1a7b5af6065?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "247e599a-74e2-41d5-a1ba-978a807e6544": { "id": "247e599a-74e2-41d5-a1ba-978a807e6544", "title": "Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution", "software": [ { "type": "plugin", "name": "Time Clock Pro", "slug": "time-clock-pro", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] }, { "type": "plugin", "name": "Time Clock \u2013 A WordPress Employee & Volunteer Time Clock Plugin", "slug": "time-clock", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/247e599a-74e2-41d5-a1ba-978a807e6544?source=api-scan" ], "published": "2024-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "247f6b86-767b-479f-90d4-79345699dd59": { "id": "247f6b86-767b-479f-90d4-79345699dd59", "title": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress <= 7.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/247f6b86-767b-479f-90d4-79345699dd59?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2480091f-2b5d-440c-9617-934d097b3a63": { "id": "2480091f-2b5d-440c-9617-934d097b3a63", "title": "InFocus <= 3.3 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "InFocus", "slug": "infocus", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2480091f-2b5d-440c-9617-934d097b3a63?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2481f37b-a220-435d-9b43-6e7c5f42034f": { "id": "2481f37b-a220-435d-9b43-6e7c5f42034f", "title": "WordPress Core < 4.7.2 - Arbitrary Page Modification", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.17": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.17", "to_inclusive": true }, "3.8 - 3.8.17": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.17", "to_inclusive": true }, "3.9 - 3.9.15": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.15", "to_inclusive": true }, "4.0 - 4.0.14": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": true }, "4.1 - 4.1.14": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.14", "to_inclusive": true }, "4.2 - 4.2.11": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.11", "to_inclusive": true }, "4.3 - 4.3.7": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true }, "4.4 - 4.4.6": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true }, "4.5 - 4.5.5": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.5", "to_inclusive": true }, "4.6 - 4.6.2": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true }, "4.7 - 4.7.1": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.18", "3.8.18", "3.9.16", "4.0.15", "4.1.15", "4.2.12", "4.3.8", "4.4.7", "4.5.6", "4.6.3", "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2481f37b-a220-435d-9b43-6e7c5f42034f?source=api-scan" ], "published": "2017-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2482ef4b-697a-45a0-b45e-85b2af5b4735": { "id": "2482ef4b-697a-45a0-b45e-85b2af5b4735", "title": "Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Material Design Icons for Page Builders", "slug": "material-design-icons-for-elementor", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2482ef4b-697a-45a0-b45e-85b2af5b4735?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "248750b0-0fed-4c31-aeeb-709da3e7e2a1": { "id": "248750b0-0fed-4c31-aeeb-709da3e7e2a1", "title": "Academy LMS <= 1.9.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution", "slug": "academy", "affected_versions": { "* - 1.9.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/248750b0-0fed-4c31-aeeb-709da3e7e2a1?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2489e649-27f7-4ca0-8655-0957016fa89a": { "id": "2489e649-27f7-4ca0-8655-0957016fa89a", "title": "UserPlus <= 2.0 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "User registration & user profile \u2013 UserPlus", "slug": "userplus", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2489e649-27f7-4ca0-8655-0957016fa89a?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "248a9cb2-24e8-46b2-9ef8-23a8444a922d": { "id": "248a9cb2-24e8-46b2-9ef8-23a8444a922d", "title": "Gutenberg Blocks, Page Builder \u2013 ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.84": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.84", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/248a9cb2-24e8-46b2-9ef8-23a8444a922d?source=api-scan" ], "published": "2024-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "248b74d3-5228-473d-a79a-743566898606": { "id": "248b74d3-5228-473d-a79a-743566898606", "title": "Simple Calendar <= 3.1.42 - Cross-Site Request Forgery to Transient Cache Clearing", "software": [ { "type": "plugin", "name": "Simple Calendar \u2013 Google Calendar Plugin", "slug": "google-calendar-events", "affected_versions": { "* - 3.1.42": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/248b74d3-5228-473d-a79a-743566898606?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2490a51c-718f-463b-ab80-82d48deb2f1a": { "id": "2490a51c-718f-463b-ab80-82d48deb2f1a", "title": "External Links in New Window \/ New Tab <= 1.42 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "External Links in New Window \/ New Tab", "slug": "open-external-links-in-a-new-window", "affected_versions": { "* - 1.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2490a51c-718f-463b-ab80-82d48deb2f1a?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2491d502-8087-4e95-b047-a3b196322d94": { "id": "2491d502-8087-4e95-b047-a3b196322d94", "title": "Filebird 4.7.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "FileBird \u2013 WordPress Media Library Folders & File Manager", "slug": "filebird", "affected_versions": { "4.7.3": { "from_version": "4.7.3", "from_inclusive": true, "to_version": "4.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2491d502-8087-4e95-b047-a3b196322d94?source=api-scan" ], "published": "2021-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2493a2f8-d4e4-4c42-b748-5632b96b085e": { "id": "2493a2f8-d4e4-4c42-b748-5632b96b085e", "title": "Export All URLs <= 4.3 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Export All URLs", "slug": "export-all-urls", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2493a2f8-d4e4-4c42-b748-5632b96b085e?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2497837d-dec6-4a1d-be88-5c0e659eeb46": { "id": "2497837d-dec6-4a1d-be88-5c0e659eeb46", "title": "Kraken.io Image Optimizer <= 2.6.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update", "software": [ { "type": "plugin", "name": "Kraken.io Image Optimizer", "slug": "kraken-image-optimizer", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2497837d-dec6-4a1d-be88-5c0e659eeb46?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "249ac834-e7de-42cc-9ac1-82e7c18eac31": { "id": "249ac834-e7de-42cc-9ac1-82e7c18eac31", "title": "WP-Members <= 3.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/249ac834-e7de-42cc-9ac1-82e7c18eac31?source=api-scan" ], "published": "2019-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "249acca6-49b4-4ddf-af75-31f68921fc19": { "id": "249acca6-49b4-4ddf-af75-31f68921fc19", "title": "Events Manager <= 5.9.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 5.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/249acca6-49b4-4ddf-af75-31f68921fc19?source=api-scan" ], "published": "2019-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "249ad768-3706-47c6-ad1d-f11900b87608": { "id": "249ad768-3706-47c6-ad1d-f11900b87608", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.7 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/249ad768-3706-47c6-ad1d-f11900b87608?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "249b08c5-7429-4690-9f08-fc3f049aa62c": { "id": "249b08c5-7429-4690-9f08-fc3f049aa62c", "title": "MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles <= 1.9.2 - Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "MaxiBlocks: 2300+ Patterns, 280+ Pages, 14.3K Icons & 100 Styles", "slug": "maxi-blocks", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/249b08c5-7429-4690-9f08-fc3f049aa62c?source=api-scan" ], "published": "2024-07-22 13:02:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "249caa5b-c1b0-4b72-98f3-31bbb574c834": { "id": "249caa5b-c1b0-4b72-98f3-31bbb574c834", "title": "Elementor Website Builder <= 2.9.5 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 2.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/249caa5b-c1b0-4b72-98f3-31bbb574c834?source=api-scan" ], "published": "2020-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "249ccc77-0daf-41bc-b5c5-991bf17d645d": { "id": "249ccc77-0daf-41bc-b5c5-991bf17d645d", "title": "PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "PowerPack Pro for Elementor", "slug": "powerpack-elements", "affected_versions": { "* - 2.10.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=api-scan" ], "published": "2024-06-07 16:16:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24a041d0-d443-453d-bd7d-65cceee48b14": { "id": "24a041d0-d443-453d-bd7d-65cceee48b14", "title": "WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFrom Email", "slug": "wpfrom-email", "affected_versions": { "* - 1.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24a041d0-d443-453d-bd7d-65cceee48b14?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24a88f20-ddc4-4544-ac18-ed538ecfa1c7": { "id": "24a88f20-ddc4-4544-ac18-ed538ecfa1c7", "title": "Csv2WPeC Coupon <= 1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Csv2WPeC Coupon", "slug": "csv2wpec-coupon", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24a88f20-ddc4-4544-ac18-ed538ecfa1c7?source=api-scan" ], "published": "2016-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24aadf0c-0266-4c39-ac7b-d6f09053d903": { "id": "24aadf0c-0266-4c39-ac7b-d6f09053d903", "title": "CardGate Payments for WooCommerce <= 3.1.15 - Lack of Origin Validation", "software": [ { "type": "plugin", "name": "CardGate Payments for WooCommerce", "slug": "cardgate", "affected_versions": { "[*, 3.1.16)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24aadf0c-0266-4c39-ac7b-d6f09053d903?source=api-scan" ], "published": "2020-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24ac60fe-d751-43c7-89c1-5c0c9651e8f8": { "id": "24ac60fe-d751-43c7-89c1-5c0c9651e8f8", "title": "SocialDriver < 2024 - Prototype Pollution", "software": [ { "type": "plugin", "name": "Socialdriver", "slug": "socialdriver", "affected_versions": { "[*, 2024)": { "from_version": "*", "from_inclusive": true, "to_version": "2024", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2024" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24ac60fe-d751-43c7-89c1-5c0c9651e8f8?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24b26f17-f973-4a0e-85e2-a70a394246e2": { "id": "24b26f17-f973-4a0e-85e2-a70a394246e2", "title": "Schedulicity - Easy Online Scheduling <= 2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Schedulicity \u2013 Easy Online Scheduling", "slug": "schedulicity-online-appointment-booking", "affected_versions": { "* - 2.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24b26f17-f973-4a0e-85e2-a70a394246e2?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24b319e6-1903-44a9-9f69-0e5ebe891870": { "id": "24b319e6-1903-44a9-9f69-0e5ebe891870", "title": "History Collection <=1.1.1 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "History Collection", "slug": "history-collection", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24b319e6-1903-44a9-9f69-0e5ebe891870?source=api-scan" ], "published": "2015-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24b7e8d7-a9f2-4192-97c0-b7cbc1669a2a": { "id": "24b7e8d7-a9f2-4192-97c0-b7cbc1669a2a", "title": "WP Timeline \u2013 Vertical and Horizontal timeline plugin <= 3.6.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Timeline \u2013 Vertical and Horizontal timeline plugin", "slug": "wp-timelines", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24b7e8d7-a9f2-4192-97c0-b7cbc1669a2a?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24b89ed2-9dfb-4068-8459-cb2e708c7778": { "id": "24b89ed2-9dfb-4068-8459-cb2e708c7778", "title": "WordPress Core < 4.3.1 - Authenticated Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.10": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.10", "to_inclusive": true }, "3.8 - 3.8.10": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.10", "to_inclusive": true }, "3.9 - 3.9.8": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true }, "4.0 - 4.0.7": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true }, "4.1 - 4.1.7": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true }, "4.2 - 4.2.4": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.4", "to_inclusive": true }, "4.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.11", "3.8.11", "3.9.9", "4.0.8", "4.1.8", "4.2.5", "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24b89ed2-9dfb-4068-8459-cb2e708c7778?source=api-scan" ], "published": "2015-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24b9984c-ec33-4492-815b-67a21ac4da0e": { "id": "24b9984c-ec33-4492-815b-67a21ac4da0e", "title": "WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WP Customer Reviews", "slug": "wp-customer-reviews", "affected_versions": { "* - 3.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24b9984c-ec33-4492-815b-67a21ac4da0e?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24ba85a0-dbc7-4c9d-a67f-d449c1d275ab": { "id": "24ba85a0-dbc7-4c9d-a67f-d449c1d275ab", "title": "WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WHMCS Bridge", "slug": "whmcs-bridge", "affected_versions": { "* - 6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24ba85a0-dbc7-4c9d-a67f-d449c1d275ab?source=api-scan" ], "published": "2022-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24ba8d30-843f-4178-9b10-3c3dc720205c": { "id": "24ba8d30-843f-4178-9b10-3c3dc720205c", "title": "Countdown & Clock <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "slug": "countdown-builder", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24ba8d30-843f-4178-9b10-3c3dc720205c?source=api-scan" ], "published": "2022-04-28 10:50:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24be03a7-4632-4bb1-beb9-d83abdd363b9": { "id": "24be03a7-4632-4bb1-beb9-d83abdd363b9", "title": "Libsyn Publisher Hub <= 1.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Libsyn Publisher Hub", "slug": "libsyn-podcasting", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24be03a7-4632-4bb1-beb9-d83abdd363b9?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24c3d004-da8b-40ec-b52e-6923d4c824e8": { "id": "24c3d004-da8b-40ec-b52e-6923d4c824e8", "title": "Daily Edition <= 1.6.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Daily Edition", "slug": "dailyedition", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24c3d004-da8b-40ec-b52e-6923d4c824e8?source=api-scan" ], "published": "2015-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24c4449e-0f20-4c77-a83c-05f547a9d853": { "id": "24c4449e-0f20-4c77-a83c-05f547a9d853", "title": "Vision Interactive <= 1.7.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Vision \u2013 Interactive Image Map Builder", "slug": "vision", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24c4449e-0f20-4c77-a83c-05f547a9d853?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24c67243-0452-4820-bfb4-b7ac4804aa4b": { "id": "24c67243-0452-4820-bfb4-b7ac4804aa4b", "title": "The7 <= 11.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "The7 \u2014 Website and eCommerce Builder for WordPress", "slug": "dt-the7", "affected_versions": { "* - 11.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "11.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24c67243-0452-4820-bfb4-b7ac4804aa4b?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24c78d62-c2d0-4699-bd80-e8deef301eb3": { "id": "24c78d62-c2d0-4699-bd80-e8deef301eb3", "title": "CP Image Store with Slideshow < 1.0.6 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "CP Image Store with Slideshow", "slug": "cp-image-store", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24c78d62-c2d0-4699-bd80-e8deef301eb3?source=api-scan" ], "published": "2015-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24c7e7da-39b4-4969-b24f-be7a8628236b": { "id": "24c7e7da-39b4-4969-b24f-be7a8628236b", "title": "Easy Social Feed <= 6.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.7" ] }, { "type": "plugin", "name": "Easy Social Feed Pro", "slug": "easy-facebook-likebox-premium", "affected_versions": { "* - 6.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24c7e7da-39b4-4969-b24f-be7a8628236b?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24cad8ef-f0c4-4306-bd8e-4ce59baa424d": { "id": "24cad8ef-f0c4-4306-bd8e-4ce59baa424d", "title": "Integration for Contact Form 7 and Salesforce <= <=1.3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms", "slug": "cf7-salesforce", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24cad8ef-f0c4-4306-bd8e-4ce59baa424d?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24d0229c-0f1b-42df-b89a-ce0b8a3fda7e": { "id": "24d0229c-0f1b-42df-b89a-ce0b8a3fda7e", "title": "Mailtree Log Mail <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "Mailtree Log Mail", "slug": "mailtree-log-mail", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24d0229c-0f1b-42df-b89a-ce0b8a3fda7e?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24d050ad-0816-46a3-a37e-17356acf88d2": { "id": "24d050ad-0816-46a3-a37e-17356acf88d2", "title": "yURL ReTwitt <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "yurl-retwitt", "slug": "yurl-retwitt", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24d050ad-0816-46a3-a37e-17356acf88d2?source=api-scan" ], "published": "2014-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24d08127-67b6-434a-8dbe-233a47854f9b": { "id": "24d08127-67b6-434a-8dbe-233a47854f9b", "title": "Add Post URL <= 2.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Add Post URL", "slug": "wp-posturl", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24d08127-67b6-434a-8dbe-233a47854f9b?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24d081e3-4291-427c-bf2c-726d93aa00ac": { "id": "24d081e3-4291-427c-bf2c-726d93aa00ac", "title": "filedownload < 1.4 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "filedownload", "slug": "filedownload", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24d081e3-4291-427c-bf2c-726d93aa00ac?source=api-scan" ], "published": "2015-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24d14261-e295-4397-bad0-7a4b69b06908": { "id": "24d14261-e295-4397-bad0-7a4b69b06908", "title": "TablePress <= 1.14 - Authenticated (Author+) CSV Injection", "software": [ { "type": "plugin", "name": "TablePress \u2013 Tables in WordPress made easy", "slug": "tablepress", "affected_versions": { "* - 1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24d14261-e295-4397-bad0-7a4b69b06908?source=api-scan" ], "published": "2020-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24ddc594-e06b-4559-acb0-9a3277579bb1": { "id": "24ddc594-e06b-4559-acb0-9a3277579bb1", "title": "ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ELEX WooCommerce Dynamic Pricing and Discounts", "slug": "elex-woocommerce-dynamic-pricing-and-discounts", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24ddc594-e06b-4559-acb0-9a3277579bb1?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24e00c0d-08ff-4c68-a1dd-77b513545efd": { "id": "24e00c0d-08ff-4c68-a1dd-77b513545efd", "title": "Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24e2b96c-665f-4616-ac99-1a2b1b0a9ccd": { "id": "24e2b96c-665f-4616-ac99-1a2b1b0a9ccd", "title": "DoLogin Security <= 3.7 - Missing Authorization on Dashboard Widget", "software": [ { "type": "plugin", "name": "DoLogin Security", "slug": "dologin", "affected_versions": { "[*, 3.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24e2b96c-665f-4616-ac99-1a2b1b0a9ccd?source=api-scan" ], "published": "2023-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24e8513c-f8d4-4e32-8212-191f5b5893b5": { "id": "24e8513c-f8d4-4e32-8212-191f5b5893b5", "title": "Contact Form 7 Captcha <= 0.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Captcha", "slug": "contact-form-7-simple-recaptcha", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24e8513c-f8d4-4e32-8212-191f5b5893b5?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24e8d1a4-9853-4f60-a371-7fdbe86d554b": { "id": "24e8d1a4-9853-4f60-a371-7fdbe86d554b", "title": "tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "* - 12.3": { "from_version": "*", "from_inclusive": true, "to_version": "12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.4" ] }, { "type": "plugin", "name": "tagDiv Cloud Library", "slug": "td-cloud-library", "affected_versions": { "[*, 2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24e8d1a4-9853-4f60-a371-7fdbe86d554b?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24eb524c-1705-43a5-8041-4549ebb49155": { "id": "24eb524c-1705-43a5-8041-4549ebb49155", "title": "IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IP Blacklist Cloud", "slug": "ip-blacklist-cloud", "affected_versions": { "* - 5.00": { "from_version": "*", "from_inclusive": true, "to_version": "5.00", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24eb524c-1705-43a5-8041-4549ebb49155?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24ebaf12-cf7c-4bc3-b028-27ee4b6b2a45": { "id": "24ebaf12-cf7c-4bc3-b028-27ee4b6b2a45", "title": "FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.41.7212": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.41.7212", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.44.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24ebaf12-cf7c-4bc3-b028-27ee4b6b2a45?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24ef5844-93d6-4ba3-bd0a-b8837bbd7baf": { "id": "24ef5844-93d6-4ba3-bd0a-b8837bbd7baf", "title": "Frontier Post <= 6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Frontier Post", "slug": "frontier-post", "affected_versions": { "* - 6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24ef5844-93d6-4ba3-bd0a-b8837bbd7baf?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24f13f9a-b240-4e32-9f12-117dbe7ecac4": { "id": "24f13f9a-b240-4e32-9f12-117dbe7ecac4", "title": "Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24f13f9a-b240-4e32-9f12-117dbe7ecac4?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24f23230-7012-48c0-85e7-71518340cf95": { "id": "24f23230-7012-48c0-85e7-71518340cf95", "title": "Consulting Elementor Widgets <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Consulting Elementor Widgets", "slug": "consulting-elementor-widgets", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24f23230-7012-48c0-85e7-71518340cf95?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24f2eafc-c8eb-4d78-af5e-1a589d7e4d21": { "id": "24f2eafc-c8eb-4d78-af5e-1a589d7e4d21", "title": "RegistrationMagic <= 5.3.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24f2eafc-c8eb-4d78-af5e-1a589d7e4d21?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "24fc2554-375a-4216-91bf-41921cc4b436": { "id": "24fc2554-375a-4216-91bf-41921cc4b436", "title": "WP Roadmap <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Roadmap \u2013 Product Feedback Board", "slug": "wp-roadmap", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/24fc2554-375a-4216-91bf-41921cc4b436?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25031afe-5c23-45e2-a6b5-61189bfe5047": { "id": "25031afe-5c23-45e2-a6b5-61189bfe5047", "title": "adstxt Plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "adstxt Plugin", "slug": "adstxt", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25031afe-5c23-45e2-a6b5-61189bfe5047?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2505ffdd-d697-4c69-8f75-0bc4d09e1b1f": { "id": "2505ffdd-d697-4c69-8f75-0bc4d09e1b1f", "title": "Inline Related Posts <= 3.0.4 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Inline Related Posts", "slug": "intelly-related-posts", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2505ffdd-d697-4c69-8f75-0bc4d09e1b1f?source=api-scan" ], "published": "2021-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "250788a8-55d1-416b-bf1c-2170e8483ccc": { "id": "250788a8-55d1-416b-bf1c-2170e8483ccc", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/250788a8-55d1-416b-bf1c-2170e8483ccc?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2508adc4-2a2f-4b6c-9b5a-da85d94226a0": { "id": "2508adc4-2a2f-4b6c-9b5a-da85d94226a0", "title": "WordPress Fancy Comments <= 1.2.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Fancy Comments WordPress", "slug": "fancy-facebook-comments", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2508adc4-2a2f-4b6c-9b5a-da85d94226a0?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "250edcf8-b56e-4714-9207-25bab2adaf9c": { "id": "250edcf8-b56e-4714-9207-25bab2adaf9c", "title": "SVG Support <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SVG Support", "slug": "svg-support", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/250edcf8-b56e-4714-9207-25bab2adaf9c?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25122475-fc2c-4a8c-90d3-f4a85fb3a8cc": { "id": "25122475-fc2c-4a8c-90d3-f4a85fb3a8cc", "title": "Enhanced Text Widget <= 1.6.3 - Missing Authorization via etw_hide_admin_notification_callback", "software": [ { "type": "plugin", "name": "Enhanced Text Widget", "slug": "enhanced-text-widget", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25122475-fc2c-4a8c-90d3-f4a85fb3a8cc?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2513a199-30a8-45a9-80b3-1f6e51534c88": { "id": "2513a199-30a8-45a9-80b3-1f6e51534c88", "title": "Nightlife Theme (All Known Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "nightlife", "slug": "nightlife", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2513a199-30a8-45a9-80b3-1f6e51534c88?source=api-scan" ], "published": "2014-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25199281-5286-4d75-8d27-26ce215e0993": { "id": "25199281-5286-4d75-8d27-26ce215e0993", "title": "AI ChatBot <= 4.8.9 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9.2": { "from_version": "4.9.2", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.1", "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25199281-5286-4d75-8d27-26ce215e0993?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25200656-a6a2-42f2-a607-26d4ff502cbf": { "id": "25200656-a6a2-42f2-a607-26d4ff502cbf", "title": "Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25200656-a6a2-42f2-a607-26d4ff502cbf?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25205cb9-6d8b-456a-82b8-7257668f2972": { "id": "25205cb9-6d8b-456a-82b8-7257668f2972", "title": "WP Logs Book <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Logs Book", "slug": "wp-logs-book", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25205cb9-6d8b-456a-82b8-7257668f2972?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "252153ec-3811-484a-984f-eeb6ed9229a5": { "id": "252153ec-3811-484a-984f-eeb6ed9229a5", "title": "CSV Importer <= 0.3.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CSV Importer", "slug": "csv-importer", "affected_versions": { "* - 0.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/252153ec-3811-484a-984f-eeb6ed9229a5?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2523f85d-be90-4334-b8d5-8021ec05283d": { "id": "2523f85d-be90-4334-b8d5-8021ec05283d", "title": "Poll Maker <= 3.2.8 \u2013 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "* - 3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2523f85d-be90-4334-b8d5-8021ec05283d?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25250755-0d22-44f4-8930-3a60efd61e32": { "id": "25250755-0d22-44f4-8930-3a60efd61e32", "title": "Truemag (Unknown Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Truemag", "slug": "truemag", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25250755-0d22-44f4-8930-3a60efd61e32?source=api-scan" ], "published": "2016-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2540bd75-ba5e-4aaf-9e65-8fc22c8b87cf": { "id": "2540bd75-ba5e-4aaf-9e65-8fc22c8b87cf", "title": "Social Media Widget <= 2.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Widget by Acurax", "slug": "acurax-social-media-widget", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2540bd75-ba5e-4aaf-9e65-8fc22c8b87cf?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "254291b3-a30d-44ff-9df4-6ba700a9efc9": { "id": "254291b3-a30d-44ff-9df4-6ba700a9efc9", "title": "Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Schema App Structured Data", "slug": "schema-app-structured-data-for-schemaorg", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25462492-59d2-44b7-81c3-93ac04a08bcc": { "id": "25462492-59d2-44b7-81c3-93ac04a08bcc", "title": "Enfold <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters", "software": [ { "type": "theme", "name": "Enfold - Responsive Multi-Purpose Theme", "slug": "enfold", "affected_versions": { "* - 6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25462492-59d2-44b7-81c3-93ac04a08bcc?source=api-scan" ], "published": "2024-08-29 14:54:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2546ea7e-133a-44b8-9cdb-1b345a45d583": { "id": "2546ea7e-133a-44b8-9cdb-1b345a45d583", "title": "WP Crowdfunding <= 2.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Crowdfunding", "slug": "wp-crowdfunding", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2546ea7e-133a-44b8-9cdb-1b345a45d583?source=api-scan" ], "published": "2023-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2548d5b0-1f1a-4847-a5ea-e3bb6f7a5013": { "id": "2548d5b0-1f1a-4847-a5ea-e3bb6f7a5013", "title": "Astra Bulk Edit <= 1.2.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Astra Bulk Edit", "slug": "astra-bulk-edit", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2548d5b0-1f1a-4847-a5ea-e3bb6f7a5013?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "254b5dd2-c3d9-45d9-8328-6cc8ef29c9db": { "id": "254b5dd2-c3d9-45d9-8328-6cc8ef29c9db", "title": "Wordpress Core < 5.5 - Unauthorized Password Reset via Interception", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/254b5dd2-c3d9-45d9-8328-6cc8ef29c9db?source=api-scan" ], "published": "2017-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "254f3a1c-0d5d-499b-9da7-129f21ba70af": { "id": "254f3a1c-0d5d-499b-9da7-129f21ba70af", "title": "Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/254f3a1c-0d5d-499b-9da7-129f21ba70af?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2553a858-bbea-4ef2-8d45-e0a665123065": { "id": "2553a858-bbea-4ef2-8d45-e0a665123065", "title": "Peadig's Twitter Feed: Embedded Timeline WordPress Plugin <= 2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Peadig's Twitter Feed: Embedded Timeline WordPress Plugin", "slug": "wp-twitter-feed", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2553a858-bbea-4ef2-8d45-e0a665123065?source=api-scan" ], "published": "2010-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25543955-15b0-4dda-9636-c116db7f2838": { "id": "25543955-15b0-4dda-9636-c116db7f2838", "title": "GD bbPress Attachments < 2.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "GD bbPress Attachments", "slug": "gd-bbpress-attachments", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25543955-15b0-4dda-9636-c116db7f2838?source=api-scan" ], "published": "2015-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "255a50f0-0213-4de5-92f1-d71dbb5caeff": { "id": "255a50f0-0213-4de5-92f1-d71dbb5caeff", "title": "Nimble Page Builder <= 3.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nimble Page Builder", "slug": "nimble-builder", "affected_versions": { "[*, 3.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/255a50f0-0213-4de5-92f1-d71dbb5caeff?source=api-scan" ], "published": "2022-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "255cdf64-93cd-434c-9a3c-3b8e49593ffe": { "id": "255cdf64-93cd-434c-9a3c-3b8e49593ffe", "title": "NextGen Gallery <= 2.1.10 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/255cdf64-93cd-434c-9a3c-3b8e49593ffe?source=api-scan" ], "published": "2015-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "255f0fc4-5023-4039-9418-2f28363dbfc4": { "id": "255f0fc4-5023-4039-9418-2f28363dbfc4", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.55 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.55": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/255f0fc4-5023-4039-9418-2f28363dbfc4?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25627b5c-958c-45ad-8450-8dfccdfdac31": { "id": "25627b5c-958c-45ad-8450-8dfccdfdac31", "title": "Radykal Fancy Gallery <= 1.2.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Fancy Gallery - Wordpress plugin | Galleries", "slug": "radykal-fancy-gallery", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25627b5c-958c-45ad-8450-8dfccdfdac31?source=api-scan" ], "published": "2012-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2565852f-43df-41b1-949e-6c02a8946407": { "id": "2565852f-43df-41b1-949e-6c02a8946407", "title": "Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Sitepact's Contact Form 7 Extension For Klaviyo", "slug": "sitepact-klaviyo-contact-form-7", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2565852f-43df-41b1-949e-6c02a8946407?source=api-scan" ], "published": "2024-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2567ecc4-1346-4092-8c99-ffa5064e6a3f": { "id": "2567ecc4-1346-4092-8c99-ffa5064e6a3f", "title": "Social Icons Widget & Block <= 4.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Icons Widget & Block by WPZOOM", "slug": "social-icons-widget-by-wpzoom", "affected_versions": { "* - 4.2.17": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2567ecc4-1346-4092-8c99-ffa5064e6a3f?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2568018b-29f3-4261-ae0d-658ca9d96846": { "id": "2568018b-29f3-4261-ae0d-658ca9d96846", "title": "Active Directory Integration \/ LDAP Integration <= 4.1.0 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Active Directory Integration \/ LDAP Integration", "slug": "ldap-login-for-intranet-sites", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2568018b-29f3-4261-ae0d-658ca9d96846?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "256b4818-290b-4660-8e83-c18b068a8959": { "id": "256b4818-290b-4660-8e83-c18b068a8959", "title": "Royal Elementor Addons and Templates <= 1.3.87 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.87": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/256b4818-290b-4660-8e83-c18b068a8959?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "256fb7f0-174a-4766-afd5-bc61e358da85": { "id": "256fb7f0-174a-4766-afd5-bc61e358da85", "title": "Advanced Testimonial Carousel for Elementor <= 3.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Advanced Testimonial Carousel for Elementor", "slug": "advanced-testimonial-carousel-for-elementor", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/256fb7f0-174a-4766-afd5-bc61e358da85?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "257052f4-2b0a-4604-befd-651dc338b3d5": { "id": "257052f4-2b0a-4604-befd-651dc338b3d5", "title": "LOGIN AND REGISTRATION ATTEMPTS LIMIT <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LOGIN AND REGISTRATION ATTEMPTS LIMIT", "slug": "login-attempts-limit-wp", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/257052f4-2b0a-4604-befd-651dc338b3d5?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25762427-8d31-4fef-8b93-1065d15cd918": { "id": "25762427-8d31-4fef-8b93-1065d15cd918", "title": "Slideshow < 2.1.13 - Cross-Site Scripting and Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Slideshow", "slug": "slideshow-jquery-image-gallery", "affected_versions": { "* - 2.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25762427-8d31-4fef-8b93-1065d15cd918?source=api-scan" ], "published": "2012-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2577102f-6355-4483-bd3d-1948497cb843": { "id": "2577102f-6355-4483-bd3d-1948497cb843", "title": "Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2577102f-6355-4483-bd3d-1948497cb843?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "257aba03-bb41-4798-b62c-b51310d70264": { "id": "257aba03-bb41-4798-b62c-b51310d70264", "title": "Chatbot with IBM Watson < 0.8.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chatbot with IBM Watson", "slug": "conversation-watson", "affected_versions": { "[*, 0.8.21)": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.8.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/257aba03-bb41-4798-b62c-b51310d70264?source=api-scan" ], "published": "2020-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "257c47d4-811c-49ce-8d56-a595bc2aa26e": { "id": "257c47d4-811c-49ce-8d56-a595bc2aa26e", "title": "Themify Shortcodes <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Shortcodes", "slug": "themify-shortcodes", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/257c47d4-811c-49ce-8d56-a595bc2aa26e?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "257eb4c5-ca32-42ac-9f04-21adddcc96f0": { "id": "257eb4c5-ca32-42ac-9f04-21adddcc96f0", "title": "Popup4Phone <= 1.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup4Phone", "slug": "popup4phone", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/257eb4c5-ca32-42ac-9f04-21adddcc96f0?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "258177c4-d3d4-4465-8b73-0af1b02485b0": { "id": "258177c4-d3d4-4465-8b73-0af1b02485b0", "title": "WP Ultimate CSV Importer <= 6.5.2 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 6.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/258177c4-d3d4-4465-8b73-0af1b02485b0?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25838724-42b6-41e1-9546-78e6da2e95e1": { "id": "25838724-42b6-41e1-9546-78e6da2e95e1", "title": "Post Grid <= 2.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25838724-42b6-41e1-9546-78e6da2e95e1?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2586662d-c80b-4b6f-85eb-fb472655ea34": { "id": "2586662d-c80b-4b6f-85eb-fb472655ea34", "title": "Docket (WooCommerce Collections \/ Wishlist \/ Watchlist) < 1.7.0 - Missing Authorization to Unauthenticated Arbitrary Post\/Page Deletion", "software": [ { "type": "plugin", "name": "Docket (WooCommerce Collections \/ Wishlist \/ Watchlist)", "slug": "woocommerce-collections", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2586662d-c80b-4b6f-85eb-fb472655ea34?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "259158f0-390a-458f-9d8e-262006c4c18d": { "id": "259158f0-390a-458f-9d8e-262006c4c18d", "title": "Really Simple Guest Post <= 1.0.6 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Really Simple Guest Post", "slug": "really-simple-guest-post", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/259158f0-390a-458f-9d8e-262006c4c18d?source=api-scan" ], "published": "2015-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2591af6b-e057-4c17-aeba-5c31efbae622": { "id": "2591af6b-e057-4c17-aeba-5c31efbae622", "title": "DejaVu <= 2.4 - Arbitrary File Download", "software": [ { "type": "theme", "name": "DejaVu", "slug": "dejavu", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2591af6b-e057-4c17-aeba-5c31efbae622?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25971f3f-4816-416c-9de9-feb6326fe948": { "id": "25971f3f-4816-416c-9de9-feb6326fe948", "title": "Super Store Finder <= 6.4, Super Interactive Maps <= 2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Super Store Finder", "slug": "superstorefinder-wp", "affected_versions": { "[*, 6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5" ] }, { "type": "plugin", "name": "Super Interactive Maps", "slug": "super-interactive-maps", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25971f3f-4816-416c-9de9-feb6326fe948?source=api-scan" ], "published": "2021-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2598795e-ea66-4c73-8fcb-6a832f65de52": { "id": "2598795e-ea66-4c73-8fcb-6a832f65de52", "title": "IP Blocker Lite <= 11.1.1 - IP Spoofing", "software": [ { "type": "plugin", "name": "LionScripts: IP Blocker Lite", "slug": "ip-address-blocker", "affected_versions": { "* - 11.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "11.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2598795e-ea66-4c73-8fcb-6a832f65de52?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2598ae85-5e91-47e6-b3f5-0d977fe80dd5": { "id": "2598ae85-5e91-47e6-b3f5-0d977fe80dd5", "title": "Stop Spammers <= 2021.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms", "slug": "stop-spammer-registrations-plugin", "affected_versions": { "[*, 2021.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2021.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2021.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2598ae85-5e91-47e6-b3f5-0d977fe80dd5?source=api-scan" ], "published": "2021-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25999d1f-9085-4410-b76a-3570f2517bdd": { "id": "25999d1f-9085-4410-b76a-3570f2517bdd", "title": "Docket (WooCommerce Collections \/ Wishlist \/ Watchlist) < 1.7.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Docket (WooCommerce Collections \/ Wishlist \/ Watchlist)", "slug": "woocommerce-collections", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25999d1f-9085-4410-b76a-3570f2517bdd?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "259e80a0-21e8-4482-89dc-899a08669e91": { "id": "259e80a0-21e8-4482-89dc-899a08669e91", "title": "WP Logs Book <= 1.0.1 - Cross-Site Request Forgery to Log Disabling", "software": [ { "type": "plugin", "name": "WP Logs Book", "slug": "wp-logs-book", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/259e80a0-21e8-4482-89dc-899a08669e91?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "259ed1a0-1bfa-4d38-845c-e5655c330702": { "id": "259ed1a0-1bfa-4d38-845c-e5655c330702", "title": "WordPress Countdown Widget <= 3.1.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Countdown Widget", "slug": "wordpress-countdown-widget", "affected_versions": { "* - 3.1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/259ed1a0-1bfa-4d38-845c-e5655c330702?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25a05249-d899-429b-a7d3-c283c03a48a2": { "id": "25a05249-d899-429b-a7d3-c283c03a48a2", "title": "WPCHURCH - Church Management System for Wordpress Theme < 13-07-2019 - SQL Injection", "software": [ { "type": "plugin", "name": "WPCHURCH - Church Management System for Wordpress", "slug": "church-management", "affected_versions": { "[*, 13-07-2019)": { "from_version": "*", "from_inclusive": true, "to_version": "13-07-2019", "to_inclusive": false } }, "patched": true, "patched_versions": [ "13-07-2019" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25a05249-d899-429b-a7d3-c283c03a48a2?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25a25dae-578b-40d6-95c3-8428ca545ac3": { "id": "25a25dae-578b-40d6-95c3-8428ca545ac3", "title": "Yasr \u2013 Yet Another Stars Rating < 0.9.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "YASR \u2013 Yet Another Star Rating Plugin for WordPress", "slug": "yet-another-stars-rating", "affected_versions": { "[*, 0.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25a25dae-578b-40d6-95c3-8428ca545ac3?source=api-scan" ], "published": "2015-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25a566ed-9ed6-4c72-9728-49a0edfb5ba5": { "id": "25a566ed-9ed6-4c72-9728-49a0edfb5ba5", "title": "Auto Rename Media On Upload <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Rename Media On Upload", "slug": "auto-rename-media-on-upload", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25a566ed-9ed6-4c72-9728-49a0edfb5ba5?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25a80b0b-2636-45c1-92e5-bd62c8a4ab20": { "id": "25a80b0b-2636-45c1-92e5-bd62c8a4ab20", "title": "Appointment and Event Booking Calendar for WordPress \u2013 Amelia < 1.0.49 - Arbitrary Booking Update and Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "[*, 1.0.49)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.49", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25a80b0b-2636-45c1-92e5-bd62c8a4ab20?source=api-scan" ], "published": "2022-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25a8169d-1057-4cf2-9048-fb85f62d6ead": { "id": "25a8169d-1057-4cf2-9048-fb85f62d6ead", "title": "360 Javascript Viewer <= 1.7.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "360 Javascript Viewer", "slug": "360deg-javascript-viewer", "affected_versions": { "* - 1.7.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25a8169d-1057-4cf2-9048-fb85f62d6ead?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25a8b9c9-da25-48b9-ada1-ca8a5941b2c2": { "id": "25a8b9c9-da25-48b9-ada1-ca8a5941b2c2", "title": "Very Simple Contact Form <= 11.5 - Captcha Bypass", "software": [ { "type": "plugin", "name": "VS Contact Form", "slug": "very-simple-contact-form", "affected_versions": { "* - 11.5": { "from_version": "*", "from_inclusive": true, "to_version": "11.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25a8b9c9-da25-48b9-ada1-ca8a5941b2c2?source=api-scan" ], "published": "2022-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25a9fd76-15aa-43f9-bb11-9825b847a4e3": { "id": "25a9fd76-15aa-43f9-bb11-9825b847a4e3", "title": "Contact Form 7 \u2013 PayPal & Stripe Add-on <= 2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 \u2013 PayPal & Stripe Add-on", "slug": "contact-form-7-paypal-add-on", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25a9fd76-15aa-43f9-bb11-9825b847a4e3?source=api-scan" ], "published": "2024-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25acd3d9-0c1a-426e-b670-b842f031bdc5": { "id": "25acd3d9-0c1a-426e-b670-b842f031bdc5", "title": "Propovoice CRM <= 1.7.6.4 - Unauthenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Propovoice: All-in-One Client Management System", "slug": "propovoice", "affected_versions": { "* - 1.7.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25acd3d9-0c1a-426e-b670-b842f031bdc5?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25b13322-d305-45db-8ac7-20762398dc21": { "id": "25b13322-d305-45db-8ac7-20762398dc21", "title": "Update Image Tag Alt Attribute <= 2.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Update Image Tag Alt Attribute", "slug": "update-alt-attribute", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25b13322-d305-45db-8ac7-20762398dc21?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25b26369-76e3-44f0-8275-03fc6fc9705c": { "id": "25b26369-76e3-44f0-8275-03fc6fc9705c", "title": "Appointment Booking Calendar <= 1.3.34 - CSV Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "[*, 1.3.35)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25b26369-76e3-44f0-8275-03fc6fc9705c?source=api-scan" ], "published": "2020-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25b94c05-87c5-44fb-90d5-6c65d035dba6": { "id": "25b94c05-87c5-44fb-90d5-6c65d035dba6", "title": "Ninja Forms Contact Form <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.4.34)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25b94c05-87c5-44fb-90d5-6c65d035dba6?source=api-scan" ], "published": "2021-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25ba4be3-0bcd-41ff-8a7a-fd6ae848afb8": { "id": "25ba4be3-0bcd-41ff-8a7a-fd6ae848afb8", "title": "XEN Carousel <= 0.12.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XEN Carousel", "slug": "xen-carousel", "affected_versions": { "* - 0.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.12.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25ba4be3-0bcd-41ff-8a7a-fd6ae848afb8?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25baf78e-e9bc-421b-8a66-9571ac3625c3": { "id": "25baf78e-e9bc-421b-8a66-9571ac3625c3", "title": "Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 6.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25baf78e-e9bc-421b-8a66-9571ac3625c3?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25c35a42-9f1a-4f67-a074-c6359e8b1a41": { "id": "25c35a42-9f1a-4f67-a074-c6359e8b1a41", "title": "Secure Copy Content Protection and Content Locking <= 4.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure Copy Content Protection and Content Locking", "slug": "secure-copy-content-protection", "affected_versions": { "* - 4.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25c35a42-9f1a-4f67-a074-c6359e8b1a41?source=api-scan" ], "published": "2024-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25c44a00-da56-41f8-bd4f-c15bede6da58": { "id": "25c44a00-da56-41f8-bd4f-c15bede6da58", "title": "Email Users <= 4.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Users", "slug": "email-users", "affected_versions": { "[*, 4.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25c44a00-da56-41f8-bd4f-c15bede6da58?source=api-scan" ], "published": "2016-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25cb57fb-4af5-4f12-a01c-7ffdd8f84219": { "id": "25cb57fb-4af5-4f12-a01c-7ffdd8f84219", "title": "InFocus <= 3.3 - Arbitrary File Download", "software": [ { "type": "theme", "name": "InFocus", "slug": "infocus", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25cb57fb-4af5-4f12-a01c-7ffdd8f84219?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25cde35e-ba76-4651-8828-71ddd4c8a164": { "id": "25cde35e-ba76-4651-8828-71ddd4c8a164", "title": "Newspaper <= 11.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "* - 11.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "11.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25cde35e-ba76-4651-8828-71ddd4c8a164?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25d07a99-d425-4e1a-8adf-d12071552882": { "id": "25d07a99-d425-4e1a-8adf-d12071552882", "title": "Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25d07a99-d425-4e1a-8adf-d12071552882?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25d5735a-8eed-4b4a-9bbe-9e42fb18ddf2": { "id": "25d5735a-8eed-4b4a-9bbe-9e42fb18ddf2", "title": "FormCraft <= 1.2.7 - Missing Authorization via formcraft_nag_update", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25d5735a-8eed-4b4a-9bbe-9e42fb18ddf2?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25dd83c5-2ebe-4976-8e97-650e5eadbe43": { "id": "25dd83c5-2ebe-4976-8e97-650e5eadbe43", "title": "Portfolio Gallery \u2013 Image Gallery Plugin <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Portfolio Gallery \u2013 Image Gallery Plugin", "slug": "portfolio-filter-gallery", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25dd83c5-2ebe-4976-8e97-650e5eadbe43?source=api-scan" ], "published": "2020-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25e42bf8-794e-46a5-b7db-f1f8802bba00": { "id": "25e42bf8-794e-46a5-b7db-f1f8802bba00", "title": "The Plus Addons for Elementor <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25e42bf8-794e-46a5-b7db-f1f8802bba00?source=api-scan" ], "published": "2024-07-02 18:45:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25e4abf4-9869-436c-8fd3-9f59b2363ba7": { "id": "25e4abf4-9869-436c-8fd3-9f59b2363ba7", "title": "Twimp WP <= 0.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Twimp WP", "slug": "twimp-wp", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25e4abf4-9869-436c-8fd3-9f59b2363ba7?source=api-scan" ], "published": "2014-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25e4ed00-a9f2-402f-8a46-3cb911ab5497": { "id": "25e4ed00-a9f2-402f-8a46-3cb911ab5497", "title": "Loan Comparison <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Loan Comparison", "slug": "loan-comparison", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25e4ed00-a9f2-402f-8a46-3cb911ab5497?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25edb9e8-65ea-41d1-a95f-09be110ec1d2": { "id": "25edb9e8-65ea-41d1-a95f-09be110ec1d2", "title": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "slug": "astra-sites", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25edb9e8-65ea-41d1-a95f-09be110ec1d2?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25f277f3-8b94-4ea2-ba84-885257690b18": { "id": "25f277f3-8b94-4ea2-ba84-885257690b18", "title": "NextGEN Gallery Voting <= 2.7.5 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "NextGEN Gallery Voting", "slug": "nextgen-gallery-voting", "affected_versions": { "[*, 2.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25f277f3-8b94-4ea2-ba84-885257690b18?source=api-scan" ], "published": "2014-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25f71a19-85b1-4bc9-b193-d9de2eba81ee": { "id": "25f71a19-85b1-4bc9-b193-d9de2eba81ee", "title": "Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.89": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25f71a19-85b1-4bc9-b193-d9de2eba81ee?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25f782c4-7ece-47cb-9e64-9c93fd8858e9": { "id": "25f782c4-7ece-47cb-9e64-9c93fd8858e9", "title": "WordPress fancybox <= 1.0.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP fancybox", "slug": "wp-fancybox", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25f782c4-7ece-47cb-9e64-9c93fd8858e9?source=api-scan" ], "published": "2020-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25f8b0db-eed2-468a-a6b3-ed93daaddcb2": { "id": "25f8b0db-eed2-468a-a6b3-ed93daaddcb2", "title": "MaxButtons < 1.26.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "[*, 1.26.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.26.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25f8b0db-eed2-468a-a6b3-ed93daaddcb2?source=api-scan" ], "published": "2014-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "25fab7b3-59ce-44ca-83fa-bd25b7f31af0": { "id": "25fab7b3-59ce-44ca-83fa-bd25b7f31af0", "title": "Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Follow Me Plugin", "slug": "follow-me", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/25fab7b3-59ce-44ca-83fa-bd25b7f31af0?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "260054fd-7cb2-438f-a5ec-0b72338627bc": { "id": "260054fd-7cb2-438f-a5ec-0b72338627bc", "title": "SEOPress <= 7.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 7.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/260054fd-7cb2-438f-a5ec-0b72338627bc?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26050f70-7a10-4df5-acd5-1c9e7613bf2c": { "id": "26050f70-7a10-4df5-acd5-1c9e7613bf2c", "title": "Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Advanced File Manager Shortcodes", "slug": "file-manager-advanced-shortcode", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2608f894-88ed-4f34-a382-8eab7eaab2e7": { "id": "2608f894-88ed-4f34-a382-8eab7eaab2e7", "title": "Visual CSS Style Editor <= 7.5.3 - Reflected Cross-Site Scripting via wyp_page_type parameter", "software": [ { "type": "plugin", "name": "Visual CSS Style Editor", "slug": "yellow-pencil-visual-theme-customizer", "affected_versions": { "* - 7.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2608f894-88ed-4f34-a382-8eab7eaab2e7?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26140315-04c7-4056-a570-865cd4ffe85e": { "id": "26140315-04c7-4056-a570-865cd4ffe85e", "title": "Quiz and Survey Master <= 7.0.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26140315-04c7-4056-a570-865cd4ffe85e?source=api-scan" ], "published": "2020-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2614ca26-6efc-49f5-8cee-5b078721acc1": { "id": "2614ca26-6efc-49f5-8cee-5b078721acc1", "title": "JetBlocks For Elementor <= 1.3.8 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "JetBlocks for Elementor", "slug": "jet-blocks", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2614ca26-6efc-49f5-8cee-5b078721acc1?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26153183-45f1-4694-94ec-f547f1b99089": { "id": "26153183-45f1-4694-94ec-f547f1b99089", "title": "Recently <= 1.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Recently \u2013 Viewed, Most Viewed and Sold Products for WooCommerce", "slug": "recently-viewed-most-viewed-and-sold-products-for-woocommerce", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26153183-45f1-4694-94ec-f547f1b99089?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "261a1bf0-a147-48c8-878e-f9b725ac74d8": { "id": "261a1bf0-a147-48c8-878e-f9b725ac74d8", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/261a1bf0-a147-48c8-878e-f9b725ac74d8?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "261b5905-9194-40d3-99cb-1c7a832218dc": { "id": "261b5905-9194-40d3-99cb-1c7a832218dc", "title": "WP Accessibility Helper <= 0.6.0.6 - Reflected Cross-Site Scripting via wahi", "software": [ { "type": "plugin", "name": "WP Accessibility Helper (WAH)", "slug": "wp-accessibility-helper", "affected_versions": { "[*, 0.6.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/261b5905-9194-40d3-99cb-1c7a832218dc?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2620da78-3d78-40c5-a125-09d93993cac8": { "id": "2620da78-3d78-40c5-a125-09d93993cac8", "title": "Seraphinite Post .DOCX Source <= 2.16.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Seraphinite Post .DOCX Source", "slug": "seraphinite-post-docx-source", "affected_versions": { "* - 2.16.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2620da78-3d78-40c5-a125-09d93993cac8?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2621cb32-3753-42e7-8690-88c680bdf808": { "id": "2621cb32-3753-42e7-8690-88c680bdf808", "title": "Paid Memberships Pro \u2013 Restrict Member Access to Content, Courses, Communities \u2013 Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 2.5.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2621cb32-3753-42e7-8690-88c680bdf808?source=api-scan" ], "published": "2021-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2621d2f1-7ce3-4858-9633-080ef916d374": { "id": "2621d2f1-7ce3-4858-9633-080ef916d374", "title": "WZone <= 14.0.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Amazon Affiliates - Wordpress Plugin", "slug": "woozone", "affected_versions": { "* - 14.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "14.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2621d2f1-7ce3-4858-9633-080ef916d374?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26237984-d7b5-4a55-91f8-a2816f3d2e94": { "id": "26237984-d7b5-4a55-91f8-a2816f3d2e94", "title": "Accessibility <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping", "software": [ { "type": "plugin", "name": "Accessibility", "slug": "accessibility", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26237984-d7b5-4a55-91f8-a2816f3d2e94?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26253942-7948-4016-947d-8c98f01525ab": { "id": "26253942-7948-4016-947d-8c98f01525ab", "title": "Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26253942-7948-4016-947d-8c98f01525ab?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2626db42-0047-4801-bbcb-e236440c1677": { "id": "2626db42-0047-4801-bbcb-e236440c1677", "title": "Royal Elementor Addons <= 1.3.93 - Unauthenticated IP Spoofing", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.95" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2626db42-0047-4801-bbcb-e236440c1677?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2627ac2b-25a8-480d-ac83-ee0ca323b3a1": { "id": "2627ac2b-25a8-480d-ac83-ee0ca323b3a1", "title": "Team Circle Image Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Circle Image Slider With Lightbox", "slug": "circle-image-slider-with-lightbox", "affected_versions": { "* - 1.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2627ac2b-25a8-480d-ac83-ee0ca323b3a1?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2628b02e-5685-4e25-a786-4542ecbe874a": { "id": "2628b02e-5685-4e25-a786-4542ecbe874a", "title": "Gallery \u2013 Image and Video Gallery with Thumbnails <= 1.9.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2628b02e-5685-4e25-a786-4542ecbe874a?source=api-scan" ], "published": "2022-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2628f9dd-a020-49e6-bcea-f839e1d1a8a0": { "id": "2628f9dd-a020-49e6-bcea-f839e1d1a8a0", "title": "Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Order Export For WooCommerce", "slug": "woo-order-export-lite", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2628f9dd-a020-49e6-bcea-f839e1d1a8a0?source=api-scan" ], "published": "2021-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "262b5326-a5e6-4063-a345-59dedd14c3c2": { "id": "262b5326-a5e6-4063-a345-59dedd14c3c2", "title": "Viable blog <= 1.1.4 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Viable Blog", "slug": "viable-blog", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/262b5326-a5e6-4063-a345-59dedd14c3c2?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "262db9aa-0db5-48cd-a85b-3e6302e88a42": { "id": "262db9aa-0db5-48cd-a85b-3e6302e88a42", "title": "Google Maps made Simple <= 0.6 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Google Maps made Simple", "slug": "wp-gmappity-easy-google-maps", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/262db9aa-0db5-48cd-a85b-3e6302e88a42?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "262dcea7-3ac4-43ee-90d7-91f200c3496c": { "id": "262dcea7-3ac4-43ee-90d7-91f200c3496c", "title": "Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/262dcea7-3ac4-43ee-90d7-91f200c3496c?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "262e3bb3-bc83-4d0b-8056-9f94ec141b8f": { "id": "262e3bb3-bc83-4d0b-8056-9f94ec141b8f", "title": "ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ZoomSounds - WordPress Wave Audio Player with Playlist", "slug": "dzs-zoomsounds", "affected_versions": { "* - 5.96": { "from_version": "*", "from_inclusive": true, "to_version": "5.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/262e3bb3-bc83-4d0b-8056-9f94ec141b8f?source=api-scan" ], "published": "2021-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "262f7690-97ce-40ca-a277-6871acbc1546": { "id": "262f7690-97ce-40ca-a277-6871acbc1546", "title": "HelloAsso <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HelloAsso", "slug": "helloasso", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/262f7690-97ce-40ca-a277-6871acbc1546?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2630dbfe-2e11-4671-9a75-377237ac1ea1": { "id": "2630dbfe-2e11-4671-9a75-377237ac1ea1", "title": "Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Steveas WP Live Chat Shoutbox", "slug": "wp-shoutbox-live-chat", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2630dbfe-2e11-4671-9a75-377237ac1ea1?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "263153c9-61c5-4df4-803b-8d274e2a5e35": { "id": "263153c9-61c5-4df4-803b-8d274e2a5e35", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'uucss_update_rule'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/263153c9-61c5-4df4-803b-8d274e2a5e35?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "263324cb-31b7-40ad-ad7d-4582e128cd75": { "id": "263324cb-31b7-40ad-ad7d-4582e128cd75", "title": "ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/263324cb-31b7-40ad-ad7d-4582e128cd75?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2636efe7-20c4-4d12-ab2f-45035e8a1ca0": { "id": "2636efe7-20c4-4d12-ab2f-45035e8a1ca0", "title": "Perfect Survey <= 1.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Perfect Survey", "slug": "perfect-survey", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2636efe7-20c4-4d12-ab2f-45035e8a1ca0?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2637e273-a308-4033-be5a-2f778f8df282": { "id": "2637e273-a308-4033-be5a-2f778f8df282", "title": "Create Block Theme <= 1.2.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Create Block Theme", "slug": "create-block-theme", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2637e273-a308-4033-be5a-2f778f8df282?source=api-scan" ], "published": "2022-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2638bb80-7066-45c0-ab74-4ba407d50cae": { "id": "2638bb80-7066-45c0-ab74-4ba407d50cae", "title": "guzzlehttp\/psr7 < 1.9.1 & 2.4.5 - Interpretation Conflict", "software": [ { "type": "plugin", "name": "WP Offload SES Lite", "slug": "wp-ses", "affected_versions": { "[*, 1.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.4" ] }, { "type": "plugin", "name": "WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage", "slug": "amazon-s3-and-cloudfront", "affected_versions": { "[*, 3.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2638bb80-7066-45c0-ab74-4ba407d50cae?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26399541-a6a7-4c01-b72c-1ebf73f18c84": { "id": "26399541-a6a7-4c01-b72c-1ebf73f18c84", "title": "Store Toolkit for WooCommerce <= 1.5.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Store Toolkit \u2013 WooCommerce Extensions, Quick Enhancements & Handy Tools", "slug": "woocommerce-store-toolkit", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26399541-a6a7-4c01-b72c-1ebf73f18c84?source=api-scan" ], "published": "2016-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "263dd246-32ed-4efc-b7a6-ee6c9d305f89": { "id": "263dd246-32ed-4efc-b7a6-ee6c9d305f89", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/263dd246-32ed-4efc-b7a6-ee6c9d305f89?source=api-scan" ], "published": "2024-06-11 19:14:31", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2645899c-2b6b-48bd-8f33-2a837a951c5e": { "id": "2645899c-2b6b-48bd-8f33-2a837a951c5e", "title": "Opal Estate <= 1.6.11 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Opal Estate", "slug": "opal-estate", "affected_versions": { "* - 1.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2645899c-2b6b-48bd-8f33-2a837a951c5e?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26481723-52f1-4914-bddd-ea175ce885d6": { "id": "26481723-52f1-4914-bddd-ea175ce885d6", "title": "Alemha Watermarker <= 1.3.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alemha watermarker", "slug": "alemha-watermark", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26481723-52f1-4914-bddd-ea175ce885d6?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26529849-c52c-40e5-8085-6764c22a03e7": { "id": "26529849-c52c-40e5-8085-6764c22a03e7", "title": "User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26529849-c52c-40e5-8085-6764c22a03e7?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2652a7fc-b610-40f1-8b76-2129f59390ec": { "id": "2652a7fc-b610-40f1-8b76-2129f59390ec", "title": "Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Stripe Payment Plugin for WooCommerce", "slug": "payment-gateway-stripe-and-woocommerce-integration", "affected_versions": { "* - 3.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2652a7fc-b610-40f1-8b76-2129f59390ec?source=api-scan" ], "published": "2024-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2655ec9f-471f-48e7-8e1c-a428ef3b46ee": { "id": "2655ec9f-471f-48e7-8e1c-a428ef3b46ee", "title": "Powerplay Gallery <= 3.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Powerplay Gallery", "slug": "wp-powerplaygallery", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2655ec9f-471f-48e7-8e1c-a428ef3b46ee?source=api-scan" ], "published": "2015-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2656c2f8-802d-4626-bf79-a14d80bf79bf": { "id": "2656c2f8-802d-4626-bf79-a14d80bf79bf", "title": "PopupAlly <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PopupAlly", "slug": "popupally", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2656c2f8-802d-4626-bf79-a14d80bf79bf?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2657aa8a-b2de-4cb4-b9f8-e7fb0c887a7a": { "id": "2657aa8a-b2de-4cb4-b9f8-e7fb0c887a7a", "title": "WooCommerce Affiliate Plugin \u2013 Coupon Affiliates < 4.11.3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce", "slug": "woo-coupon-usage", "affected_versions": { "[*, 4.11.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.11.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.11.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2657aa8a-b2de-4cb4-b9f8-e7fb0c887a7a?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2659d22f-3b54-4268-8618-b0c685278f6e": { "id": "2659d22f-3b54-4268-8618-b0c685278f6e", "title": "Extra Block Design, Style, CSS for ANY Gutenberg Blocks <= 0.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Extra Block Design, Style, CSS for ANY Gutenberg Blocks", "slug": "stylist", "affected_versions": { "* - 0.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2659d22f-3b54-4268-8618-b0c685278f6e?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26624f19-c943-417a-abb2-c05646b192cf": { "id": "26624f19-c943-417a-abb2-c05646b192cf", "title": "Parsian Bank Gateway for Woocommerce <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Parsian Bank Gateway for Woocommerce", "slug": "parsian-bank-gateway-for-woocommerce", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26624f19-c943-417a-abb2-c05646b192cf?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "266507cf-f458-47f8-b18a-81860e6cce3e": { "id": "266507cf-f458-47f8-b18a-81860e6cce3e", "title": "GS Testimonial Slider <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials", "slug": "gs-testimonial", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/266507cf-f458-47f8-b18a-81860e6cce3e?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "266b1004-a374-4770-9659-bac3d167b585": { "id": "266b1004-a374-4770-9659-bac3d167b585", "title": "UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "[1.16.7, 1.22.3)": { "from_version": "1.16.7", "from_inclusive": true, "to_version": "1.22.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.22.3" ] }, { "type": "plugin", "name": "UpdraftPlus WordPress Backup Plugin (Premium)", "slug": "updraftplus-pro", "affected_versions": { "[*, 2.22.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.22.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.22.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/266b1004-a374-4770-9659-bac3d167b585?source=api-scan" ], "published": "2022-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "266bbcab-7d41-4c38-b136-24da61728977": { "id": "266bbcab-7d41-4c38-b136-24da61728977", "title": "AmpedSense \u2013 AdSense Split Tester <= 4.68 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AmpedSense \u2013 AdSense Split Tester", "slug": "ampedsense-adsense-split-tester", "affected_versions": { "* - 4.68": { "from_version": "*", "from_inclusive": true, "to_version": "4.68", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/266bbcab-7d41-4c38-b136-24da61728977?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26705757-1d3f-4477-b99a-beb229cf36db": { "id": "26705757-1d3f-4477-b99a-beb229cf36db", "title": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26705757-1d3f-4477-b99a-beb229cf36db?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "267119ab-4129-4c27-bfaf-0b9916623695": { "id": "267119ab-4129-4c27-bfaf-0b9916623695", "title": "Feedweb <= 3.0.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Feedweb", "slug": "feedweb", "affected_versions": { "* - 3.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/267119ab-4129-4c27-bfaf-0b9916623695?source=api-scan" ], "published": "2015-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26753b92-3ec5-4b65-8fc7-2d6488f12974": { "id": "26753b92-3ec5-4b65-8fc7-2d6488f12974", "title": "WordPress Core < 4.5.2 - Cross-Site Scripting via plupload.flash.swf", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.13": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.13", "to_inclusive": true }, "3.8 - 3.8.13": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.13", "to_inclusive": true }, "3.9 - 3.9.11": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.11", "to_inclusive": true }, "4.0 - 4.0.10": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true }, "4.1 - 4.1.10": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.10", "to_inclusive": true }, "4.2 - 4.2.7": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true }, "4.3 - 4.3.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true }, "4.4 - 4.4.2": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true }, "4.5 - 4.5.1": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.14", "3.8.14", "3.9.12", "4.0.11", "4.1.11", "4.2.8", "4.3.4", "4.4.3", "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26753b92-3ec5-4b65-8fc7-2d6488f12974?source=api-scan" ], "published": "2016-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "267641fe-7490-4b8f-bb39-9531eefa2c30": { "id": "267641fe-7490-4b8f-bb39-9531eefa2c30", "title": "Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/267641fe-7490-4b8f-bb39-9531eefa2c30?source=api-scan" ], "published": "2024-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26766830-c772-46a3-a045-7bfbb530b50a": { "id": "26766830-c772-46a3-a045-7bfbb530b50a", "title": "Gallery Manager <= 1.5.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Manager", "slug": "fancy-gallery", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26766830-c772-46a3-a045-7bfbb530b50a?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2677cea6-d60d-4e10-afd7-e088a5592b19": { "id": "2677cea6-d60d-4e10-afd7-e088a5592b19", "title": "Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2677cea6-d60d-4e10-afd7-e088a5592b19?source=api-scan" ], "published": "2023-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2678d2c6-055e-462e-99da-bdc81bcc3662": { "id": "2678d2c6-055e-462e-99da-bdc81bcc3662", "title": "Affiliate Power \u2013 Sales Tracking for Affiliate Marketers <= 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliate Power \u2013 Sales Tracking for Affiliate Marketers", "slug": "affiliate-power", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2678d2c6-055e-462e-99da-bdc81bcc3662?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "267d2b02-6365-4553-9809-bc3a8b070c7e": { "id": "267d2b02-6365-4553-9809-bc3a8b070c7e", "title": "Content Mask <= 1.8.4 - Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Content Mask", "slug": "content-mask", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/267d2b02-6365-4553-9809-bc3a8b070c7e?source=api-scan" ], "published": "2022-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "268828b2-f660-452f-9d71-74bff3afc333": { "id": "268828b2-f660-452f-9d71-74bff3afc333", "title": "Newspack Campaigns <= 2.31.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newspack Campaigns", "slug": "newspack-popups", "affected_versions": { "* - 2.31.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.31.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.31.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/268828b2-f660-452f-9d71-74bff3afc333?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "268b77b9-af1d-41c8-9f24-99b60eb04cc4": { "id": "268b77b9-af1d-41c8-9f24-99b60eb04cc4", "title": "ConvertPlug <= 3.4.2 - Unauthenticated Administrator Creation", "software": [ { "type": "plugin", "name": "ConvertPlus", "slug": "convertplug", "affected_versions": { "[*, 3.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/268b77b9-af1d-41c8-9f24-99b60eb04cc4?source=api-scan" ], "published": "2019-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26926973-36b7-4ad2-8267-2de4749159ab": { "id": "26926973-36b7-4ad2-8267-2de4749159ab", "title": "Stream <= 3.8.1 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Stream", "slug": "stream", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26926973-36b7-4ad2-8267-2de4749159ab?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26963b32-db2c-430b-99e5-65a2cc7d478d": { "id": "26963b32-db2c-430b-99e5-65a2cc7d478d", "title": "Defender Security <= 4.7.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Defender Security \u2013 Malware Scanner, Login Security & Firewall", "slug": "defender-security", "affected_versions": { "* - 4.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26963b32-db2c-430b-99e5-65a2cc7d478d?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26a246c3-cf67-4566-b1e8-dc14c3c5c827": { "id": "26a246c3-cf67-4566-b1e8-dc14c3c5c827", "title": "Radio Buttons for Taxonomies <= 2.0.5 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Radio Buttons for Taxonomies", "slug": "radio-buttons-for-taxonomies", "affected_versions": { "[*, 2.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26a246c3-cf67-4566-b1e8-dc14c3c5c827?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26a2a20e-f200-4cb1-aa15-db12c86dd351": { "id": "26a2a20e-f200-4cb1-aa15-db12c86dd351", "title": "FS Product Inquiry <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FS Product Inquiry", "slug": "fs-product-inquiry", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26a2a20e-f200-4cb1-aa15-db12c86dd351?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26a9bcc5-4057-4cd5-afde-68a2d467c5a9": { "id": "26a9bcc5-4057-4cd5-afde-68a2d467c5a9", "title": "GS Books Showcase <= 1.3.0 - Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more", "slug": "gs-books-showcase", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26a9bcc5-4057-4cd5-afde-68a2d467c5a9?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26b5c665-b7f6-4481-b9e9-010f9e451d9b": { "id": "26b5c665-b7f6-4481-b9e9-010f9e451d9b", "title": "Portfolio Slideshow <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Portfolio Slideshow", "slug": "portfolio-slideshow", "affected_versions": { "* - 1.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26b5c665-b7f6-4481-b9e9-010f9e451d9b?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26b64ae3-5839-47d5-9c65-7c595bb18e6c": { "id": "26b64ae3-5839-47d5-9c65-7c595bb18e6c", "title": "Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update", "software": [ { "type": "theme", "name": "Total", "slug": "total", "affected_versions": { "* - 2.1.59": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26b64ae3-5839-47d5-9c65-7c595bb18e6c?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26b7438e-438b-41eb-9458-2fba8ab1964d": { "id": "26b7438e-438b-41eb-9458-2fba8ab1964d", "title": "eCommerce Product Catalog plugin for WordPress <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26b7438e-438b-41eb-9458-2fba8ab1964d?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26bd4058-ef00-48c8-8ab5-01535f0238a4": { "id": "26bd4058-ef00-48c8-8ab5-01535f0238a4", "title": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records()", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26bfef74-214f-4257-afc7-730e82e80946": { "id": "26bfef74-214f-4257-afc7-730e82e80946", "title": "Beaver Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.7.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26bfef74-214f-4257-afc7-730e82e80946?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26c75a0a-8590-4ac7-814e-29e0c2d0822e": { "id": "26c75a0a-8590-4ac7-814e-29e0c2d0822e", "title": "Custom Post Type and Taxonomy GUI Manager <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Post Type and Taxonomy GUI Manager", "slug": "custom-post-type-cpt-cusom-taxonomy-ct-manager", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26c75a0a-8590-4ac7-814e-29e0c2d0822e?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26c78a0b-63d4-4971-b8d8-a83c975d261b": { "id": "26c78a0b-63d4-4971-b8d8-a83c975d261b", "title": "SKT Addons for Elementor <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Page Title", "software": [ { "type": "plugin", "name": "SKT Addons for Elementor", "slug": "skt-addons-for-elementor", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26c78a0b-63d4-4971-b8d8-a83c975d261b?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26c7be89-a83d-4912-aef5-4cc046b5d768": { "id": "26c7be89-a83d-4912-aef5-4cc046b5d768", "title": "Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title'", "software": [ { "type": "plugin", "name": "Visual Composer Website Builder", "slug": "visualcomposer", "affected_versions": { "* - 45.0": { "from_version": "*", "from_inclusive": true, "to_version": "45.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "45.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26c7be89-a83d-4912-aef5-4cc046b5d768?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26d28cb4-3cbd-4baf-968a-a3d37693306f": { "id": "26d28cb4-3cbd-4baf-968a-a3d37693306f", "title": "Clearfy Cache <= 2.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, CSS & JS, Defer", "slug": "clearfy", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26d28cb4-3cbd-4baf-968a-a3d37693306f?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26d504fe-38f6-4b50-ae07-c50e35fcb9e0": { "id": "26d504fe-38f6-4b50-ae07-c50e35fcb9e0", "title": "Accordion <= 2.2.8 - Unprotected AJAX Action to Stored\/Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accordion", "slug": "accordions", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26d504fe-38f6-4b50-ae07-c50e35fcb9e0?source=api-scan" ], "published": "2020-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26d70dee-c098-40f1-962a-db56791ae221": { "id": "26d70dee-c098-40f1-962a-db56791ae221", "title": "RegistrationMagic <= 5.2.5.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26d70dee-c098-40f1-962a-db56791ae221?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26d83a9d-3e51-450e-b3cb-7c53a4bcba60": { "id": "26d83a9d-3e51-450e-b3cb-7c53a4bcba60", "title": "PICA Photo Gallery <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "PICA Photo Gallery", "slug": "pica-photo-gallery", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26d83a9d-3e51-450e-b3cb-7c53a4bcba60?source=api-scan" ], "published": "2017-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26d8b75b-befa-4c6a-b072-0da44e437174": { "id": "26d8b75b-befa-4c6a-b072-0da44e437174", "title": "BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26d8b75b-befa-4c6a-b072-0da44e437174?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26d9dfc7-151c-4b32-9ae4-3085d08f137c": { "id": "26d9dfc7-151c-4b32-9ae4-3085d08f137c", "title": "Embed Privacy <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Embed Privacy", "slug": "embed-privacy", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26d9dfc7-151c-4b32-9ae4-3085d08f137c?source=api-scan" ], "published": "2023-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26daa367-ef73-4ae0-843e-6d5366cc4ecd": { "id": "26daa367-ef73-4ae0-843e-6d5366cc4ecd", "title": "WordPress Core <= 2.2.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "[*, 1.2.5a)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5a", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5a" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26daa367-ef73-4ae0-843e-6d5366cc4ecd?source=api-scan" ], "published": "2007-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26db2d25-01b8-49c5-a4d6-284780ac97bb": { "id": "26db2d25-01b8-49c5-a4d6-284780ac97bb", "title": "GP Unique ID <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification", "software": [ { "type": "plugin", "name": "GP Unique ID", "slug": "gp-unique-id", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26decafa-2329-406a-a48b-f4e6867f60df": { "id": "26decafa-2329-406a-a48b-f4e6867f60df", "title": "FormFlow <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FormFlow \u2013 WhatsApp Social and WP Form Builder with Lead Management", "slug": "simple-form", "affected_versions": { "* - 2.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26decafa-2329-406a-a48b-f4e6867f60df?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26e07115-efee-4db5-ba24-25a063286e90": { "id": "26e07115-efee-4db5-ba24-25a063286e90", "title": "MultiVendorX Marketplace <= 4.0.25 - Missing Authorization", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 4.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26e07115-efee-4db5-ba24-25a063286e90?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26e35c4a-79ec-4742-8004-1c799d2c56ff": { "id": "26e35c4a-79ec-4742-8004-1c799d2c56ff", "title": "Registrations for the Events Calendar \u2013 Event Registration Plugin <= 2.12.2 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Registrations for the Events Calendar \u2013 Event Registration Plugin", "slug": "registrations-for-the-events-calendar", "affected_versions": { "* - 2.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26e35c4a-79ec-4742-8004-1c799d2c56ff?source=api-scan" ], "published": "2024-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26e52072-9465-4b56-9794-f17861b7c70c": { "id": "26e52072-9465-4b56-9794-f17861b7c70c", "title": "WP Simple HTML Sitemap <= 2.2 - Reflected Cross-Site Scripting via id", "software": [ { "type": "plugin", "name": "WordPress Simple HTML Sitemap", "slug": "wp-simple-html-sitemap", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26e52072-9465-4b56-9794-f17861b7c70c?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26e7c3fa-7ae7-4343-8494-2955cb755c6d": { "id": "26e7c3fa-7ae7-4343-8494-2955cb755c6d", "title": "WPtouch <= 3.7.5.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "[*, 3.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26e7c3fa-7ae7-4343-8494-2955cb755c6d?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26e7dd3f-5bdd-47d2-a013-82db72b4eae6": { "id": "26e7dd3f-5bdd-47d2-a013-82db72b4eae6", "title": "s2Member <= 240315 - Limited Privilege Escalation", "software": [ { "type": "plugin", "name": "s2Member \u2013 Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions", "slug": "s2member", "affected_versions": { "* - 240315": { "from_version": "*", "from_inclusive": true, "to_version": "240315", "to_inclusive": true } }, "patched": true, "patched_versions": [ "240325" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26e7dd3f-5bdd-47d2-a013-82db72b4eae6?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26f4e785-724b-41d3-b479-cb0150e70f9e": { "id": "26f4e785-724b-41d3-b479-cb0150e70f9e", "title": "Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Booking Calendar", "slug": "advanced-booking-calendar", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26f4e785-724b-41d3-b479-cb0150e70f9e?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "26f8a133-c4a0-4c6c-a09e-47b81c65a731": { "id": "26f8a133-c4a0-4c6c-a09e-47b81c65a731", "title": "2Way VideoCalls and Random Chat \u2013 HTML5 Webcam Videochat <= 5.2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "2Way VideoCalls and Random Chat \u2013 HTML5 Webcam Videochat", "slug": "webcam-2way-videochat", "affected_versions": { "* - 5.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/26f8a133-c4a0-4c6c-a09e-47b81c65a731?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27026f0f-c85e-4409-9973-4b9cb8a90da5": { "id": "27026f0f-c85e-4409-9973-4b9cb8a90da5", "title": "LiteSpeed Cache <= 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27026f0f-c85e-4409-9973-4b9cb8a90da5?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2713cd00-efd0-4a12-bf7b-2633289b3534": { "id": "2713cd00-efd0-4a12-bf7b-2633289b3534", "title": "Shortcodes by United Themes < 5.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcodes by United Themes", "slug": "ut-shortcodes", "affected_versions": { "[*, 5.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2713cd00-efd0-4a12-bf7b-2633289b3534?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27161b4b-d11c-487b-b1ce-7e43bf7b2e57": { "id": "27161b4b-d11c-487b-b1ce-7e43bf7b2e57", "title": "Accept Stripe Donation \u2013 AidWP <= 3.1.5 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Accept Stripe Donation and Payments \u2013 AidWP", "slug": "wp-stripe-donation", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27161b4b-d11c-487b-b1ce-7e43bf7b2e57?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27180d98-223a-4d86-b8ea-e47da1d61bbf": { "id": "27180d98-223a-4d86-b8ea-e47da1d61bbf", "title": "Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP", "slug": "videowhisper-live-streaming-integration", "affected_versions": { "* - 5.5.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27180d98-223a-4d86-b8ea-e47da1d61bbf?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27205ad8-991f-4011-b1fd-759829acabd3": { "id": "27205ad8-991f-4011-b1fd-759829acabd3", "title": "Essential Real Estate <= 3.9.6 - Reflected Cross-Site-Scripting", "software": [ { "type": "plugin", "name": "Essential Real Estate", "slug": "essential-real-estate", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27205ad8-991f-4011-b1fd-759829acabd3?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "272515e3-18ae-4e7f-8503-722d7964b3c2": { "id": "272515e3-18ae-4e7f-8503-722d7964b3c2", "title": "Web Invoice <= 2.1.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Web Invoice \u2013 Invoicing and billing for WordPress", "slug": "web-invoice", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/272515e3-18ae-4e7f-8503-722d7964b3c2?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27254411-3ae7-4659-b3c1-1c18911e3bfb": { "id": "27254411-3ae7-4659-b3c1-1c18911e3bfb", "title": "Contact Form, Survey & Popup Form Plugin for WordPress \u2013 ARForms Form Builder < 1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "slug": "arforms-form-builder", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27254411-3ae7-4659-b3c1-1c18911e3bfb?source=api-scan" ], "published": "2021-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "272746cd-0817-4dcb-8a4c-f1d84ed960b2": { "id": "272746cd-0817-4dcb-8a4c-f1d84ed960b2", "title": "EventON <= 2.2.16 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/272746cd-0817-4dcb-8a4c-f1d84ed960b2?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27277b3d-b4f9-4d0c-a213-988a9b8fcd34": { "id": "27277b3d-b4f9-4d0c-a213-988a9b8fcd34", "title": "Invitation Based Registrations <= 2.2.84 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Invitation Based Registrations", "slug": "invitation-based-registrations", "affected_versions": { "* - 2.2.84": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.84", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27277b3d-b4f9-4d0c-a213-988a9b8fcd34?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "272c6fbb-bc85-46d9-b139-87534b2a0842": { "id": "272c6fbb-bc85-46d9-b139-87534b2a0842", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via handleSubmitAction function", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/272c6fbb-bc85-46d9-b139-87534b2a0842?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "272c824a-0883-4c23-a814-bf0db3fec8a6": { "id": "272c824a-0883-4c23-a814-bf0db3fec8a6", "title": "Grou Random Image Widget <= 1.18 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Grou Random Image Widget", "slug": "grou-random-image-widget", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/272c824a-0883-4c23-a814-bf0db3fec8a6?source=api-scan" ], "published": "2012-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "272fd463-8e81-4041-9ab8-b2770d698a5f": { "id": "272fd463-8e81-4041-9ab8-b2770d698a5f", "title": "Profile & Dashboard fields <= 1.03 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Profile & Dashboard fields [Modify\/Disable\/Remove]", "slug": "modify-profile-fields-dashboard-menu-buttons", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/272fd463-8e81-4041-9ab8-b2770d698a5f?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27337cf2-18a0-4f26-a674-3ab2003b4838": { "id": "27337cf2-18a0-4f26-a674-3ab2003b4838", "title": "WooCommerce Anti-Fraud <= 3.2 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WooCommerce Anti-Fraud", "slug": "woocommerce-anti-fraud", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27337cf2-18a0-4f26-a674-3ab2003b4838?source=api-scan" ], "published": "2020-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2735f9a5-3f5b-4eac-a19a-59925c1fe1b5": { "id": "2735f9a5-3f5b-4eac-a19a-59925c1fe1b5", "title": "Image News Slider <= 3.2 - Unspecified Vulnerability", "software": [ { "type": "plugin", "name": "Image News Slider", "slug": "wp-image-news-slider", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2735f9a5-3f5b-4eac-a19a-59925c1fe1b5?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27439d44-f2ff-4c20-965f-25d12c83781c": { "id": "27439d44-f2ff-4c20-965f-25d12c83781c", "title": "Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout()", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27439d44-f2ff-4c20-965f-25d12c83781c?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "274429f7-1cd1-49e4-a145-dce36bebb9c2": { "id": "274429f7-1cd1-49e4-a145-dce36bebb9c2", "title": "Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion", "software": [ { "type": "plugin", "name": "Newsletter Popup", "slug": "newsletter-popup", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/274429f7-1cd1-49e4-a145-dce36bebb9c2?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27478d23-961d-4a88-adf5-c3cdd79cc10c": { "id": "27478d23-961d-4a88-adf5-c3cdd79cc10c", "title": "Import and export users and customers <= 1.19.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "[*, 1.19.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.19.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.19.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27478d23-961d-4a88-adf5-c3cdd79cc10c?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "274e5568-b600-4085-8406-9f9d5d4fc35a": { "id": "274e5568-b600-4085-8406-9f9d5d4fc35a", "title": "Contact Form <= 3.82 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "* - 3.82": { "from_version": "*", "from_inclusive": true, "to_version": "3.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/274e5568-b600-4085-8406-9f9d5d4fc35a?source=api-scan" ], "published": "2015-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "275268d6-5b08-441d-9924-3c99682b27d4": { "id": "275268d6-5b08-441d-9924-3c99682b27d4", "title": "WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Search Analytics for WP", "slug": "search-analytics", "affected_versions": { "* - 1.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/275268d6-5b08-441d-9924-3c99682b27d4?source=api-scan" ], "published": "2024-09-30 19:40:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2756dcf4-715f-4a7b-855c-7347455e0323": { "id": "2756dcf4-715f-4a7b-855c-7347455e0323", "title": "Login with phone number <= 1.7.18 - Missing Authorization", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2756dcf4-715f-4a7b-855c-7347455e0323?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2760587c-78f5-40b1-affd-dfdfb2bc2a68": { "id": "2760587c-78f5-40b1-affd-dfdfb2bc2a68", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.70 - Authenticated Arbitrary File Read", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.70": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.70", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2760587c-78f5-40b1-affd-dfdfb2bc2a68?source=api-scan" ], "published": "2022-04-07 10:08:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2760b183-3c15-4f0e-b72f-7c0333f9d4b6": { "id": "2760b183-3c15-4f0e-b72f-7c0333f9d4b6", "title": "WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update", "software": [ { "type": "plugin", "name": "WooCommerce EAN Payment Gateway", "slug": "woocommerce-ean-payment-gateway", "affected_versions": { "[*, 6.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2760b183-3c15-4f0e-b72f-7c0333f9d4b6?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27616d9e-c1eb-489f-ace7-76c0e5be2597": { "id": "27616d9e-c1eb-489f-ace7-76c0e5be2597", "title": "Formidable Form Builder < 2.05.03 - SQL Injection", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "[*, 2.05.03)": { "from_version": "*", "from_inclusive": true, "to_version": "2.05.03", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.05.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27616d9e-c1eb-489f-ace7-76c0e5be2597?source=api-scan" ], "published": "2017-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2761c5e9-7c4c-4257-9b55-587c02d07153": { "id": "2761c5e9-7c4c-4257-9b55-587c02d07153", "title": "WordPress Core < 3.0.5 - Improper Authorization to Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2761c5e9-7c4c-4257-9b55-587c02d07153?source=api-scan" ], "published": "2011-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2764b360-228d-48c1-8a29-d3764e532799": { "id": "2764b360-228d-48c1-8a29-d3764e532799", "title": "Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2764b360-228d-48c1-8a29-d3764e532799?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2766e8ee-ce19-40a9-8f53-d50ebe4f0ac9": { "id": "2766e8ee-ce19-40a9-8f53-d50ebe4f0ac9", "title": "Media Library Categories <= 1.1.1 - Unauthenticated Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Library Categories", "slug": "media-library-categories", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2766e8ee-ce19-40a9-8f53-d50ebe4f0ac9?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2767fcd9-dfc0-4dfa-83d0-b97c59c2cac2": { "id": "2767fcd9-dfc0-4dfa-83d0-b97c59c2cac2", "title": "CarSpot \u2013 Dealership Wordpress Classified Theme <= 2.2.3 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "CarSpot \u2013 Dealership Wordpress Classified Theme", "slug": "carspot", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2767fcd9-dfc0-4dfa-83d0-b97c59c2cac2?source=api-scan" ], "published": "2020-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "276d46c7-0d56-4e32-91fd-9f214bde5447": { "id": "276d46c7-0d56-4e32-91fd-9f214bde5447", "title": "Spotify Play Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spotify Play Button", "slug": "spotify-play-button", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/276d46c7-0d56-4e32-91fd-9f214bde5447?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "277942cb-f4ca-4197-8f61-2e0cb03115a6": { "id": "277942cb-f4ca-4197-8f61-2e0cb03115a6", "title": "Digital Publications by Supsystic <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Flipbook by Supsystic", "slug": "digital-publications-by-supsystic", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/277942cb-f4ca-4197-8f61-2e0cb03115a6?source=api-scan" ], "published": "2022-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27799988-cb2b-41c7-ad9a-aade59d31fa3": { "id": "27799988-cb2b-41c7-ad9a-aade59d31fa3", "title": "Automated Editor <= 1.3 - Cross-Site Request Forgery via admin menu pages", "software": [ { "type": "plugin", "name": "Automated Editor", "slug": "automated-editor", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27799988-cb2b-41c7-ad9a-aade59d31fa3?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "277d09b6-cc2a-41db-8b2d-1bad8e49c0db": { "id": "277d09b6-cc2a-41db-8b2d-1bad8e49c0db", "title": "Add Custom CSS and JS <= 1.20 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Custom CSS and JS", "slug": "add-custom-css-and-js", "affected_versions": { "* - 1.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/277d09b6-cc2a-41db-8b2d-1bad8e49c0db?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "277eb517-c949-41e9-becf-af056fd32f35": { "id": "277eb517-c949-41e9-becf-af056fd32f35", "title": "WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "WP Original Media Path", "slug": "wp-original-media-path", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/277eb517-c949-41e9-becf-af056fd32f35?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "277ee4f8-4b13-4a58-a4ea-28f639ecea5e": { "id": "277ee4f8-4b13-4a58-a4ea-28f639ecea5e", "title": "User Role <= 1.5.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Role by BestWebSoft \u2013 Add and Customize Roles and Capabilities in WordPress", "slug": "user-role", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/277ee4f8-4b13-4a58-a4ea-28f639ecea5e?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27885b7f-ef8c-45ea-995c-92cd1939e1c5": { "id": "27885b7f-ef8c-45ea-995c-92cd1939e1c5", "title": "WP Custom Cursors <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Custom Cursors | WordPress Cursor Plugin", "slug": "wp-custom-cursors", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27885b7f-ef8c-45ea-995c-92cd1939e1c5?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "278d2d44-16e1-4560-9988-02d900443e42": { "id": "278d2d44-16e1-4560-9988-02d900443e42", "title": "Wp Cookie Choice <= 1.1.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wp Cookie Choice", "slug": "wp-cookiechoise", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/278d2d44-16e1-4560-9988-02d900443e42?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "279314a4-2d70-4036-ae9a-27bb694b03db": { "id": "279314a4-2d70-4036-ae9a-27bb694b03db", "title": "which template file <= 4.8.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "which template file", "slug": "which-template-file", "affected_versions": { "* - 4.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/279314a4-2d70-4036-ae9a-27bb694b03db?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27945f52-7594-46f6-a760-2ee5dd094914": { "id": "27945f52-7594-46f6-a760-2ee5dd094914", "title": "All-in-One Addons for Elementor \u2013 WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets", "software": [ { "type": "plugin", "name": "All-in-One Addons for Elementor \u2013 WidgetKit", "slug": "widgetkit-for-elementor", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27945f52-7594-46f6-a760-2ee5dd094914?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2799c74a-4ebf-4996-b681-08c32bf07114": { "id": "2799c74a-4ebf-4996-b681-08c32bf07114", "title": "Easy Newsletter Signups <= 1.0.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Easy Newsletter Signups", "slug": "easy-newsletter-signups", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2799c74a-4ebf-4996-b681-08c32bf07114?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2799ede9-1905-44b9-b731-ce5398d561b1": { "id": "2799ede9-1905-44b9-b731-ce5398d561b1", "title": "Batch Cat <= 0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Batch Cat", "slug": "batch-cat", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2799ede9-1905-44b9-b731-ce5398d561b1?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "279a02e1-7b61-4edd-ab67-6a7fed4e17c1": { "id": "279a02e1-7b61-4edd-ab67-6a7fed4e17c1", "title": "iPages Flipbook < 1.5.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "iPages Flipbook For WordPress", "slug": "ipages-flipbook", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/279a02e1-7b61-4edd-ab67-6a7fed4e17c1?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "279a5460-25d1-4f80-8141-4d3af536258e": { "id": "279a5460-25d1-4f80-8141-4d3af536258e", "title": "MultiParcels Shipping For WooCommerce <= 1.15.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MultiParcels Shipping For WooCommerce", "slug": "multiparcels-shipping-for-woocommerce", "affected_versions": { "* - 1.15.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/279a5460-25d1-4f80-8141-4d3af536258e?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "279cebb5-4be4-485a-92c7-e0bcc961f93e": { "id": "279cebb5-4be4-485a-92c7-e0bcc961f93e", "title": "Fat Rat Collect <= 2.6.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "\u80d6\u9f20\u91c7\u96c6(Fat Rat Collect) \u5fae\u4fe1\u77e5\u4e4e\u7b80\u4e66\u817e\u8baf\u65b0\u95fb\u5217\u8868\u5206\u9875\u91c7\u96c6, \u8fd8\u6709\u81ea\u52a8\u91c7\u96c6\u3001\u81ea\u52a8\u53d1\u5e03\u3001\u81ea\u52a8\u6807\u7b7e\u3001\u7b49\u591a\u9879\u529f\u80fd\u3002\u5f00\u6e90\u63d2\u4ef6", "slug": "fat-rat-collect", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/279cebb5-4be4-485a-92c7-e0bcc961f93e?source=api-scan" ], "published": "2023-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27a1f457-6bd9-41eb-83e1-cb9e62950041": { "id": "27a1f457-6bd9-41eb-83e1-cb9e62950041", "title": "Easy Demo Importer \u2013 A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Easy Demo Importer \u2013 A Modern One-Click Demo Import Solution", "slug": "easy-demo-importer", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27a1f457-6bd9-41eb-83e1-cb9e62950041?source=api-scan" ], "published": "2024-10-03 21:05:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27a36e90-9678-4832-9f37-b54fe75f5571": { "id": "27a36e90-9678-4832-9f37-b54fe75f5571", "title": "Popup Box Business (7.0.0 - 7.9.0) and Developer (20.0.0 - 20.9.0) - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Box (Developer) \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "[20.0.0, 20.9.0)": { "from_version": "20.0.0", "from_inclusive": true, "to_version": "20.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "20.9.0" ] }, { "type": "plugin", "name": "Popup Box (Business) \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "[7.0.0, 7.9.0)": { "from_version": "7.0.0", "from_inclusive": true, "to_version": "7.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27a36e90-9678-4832-9f37-b54fe75f5571?source=api-scan" ], "published": "2024-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27a48196-60c5-45c4-8d60-c563183fab66": { "id": "27a48196-60c5-45c4-8d60-c563183fab66", "title": "Include Fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Include Fussball.de Widgets", "slug": "include-fussball-de-widgets", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27a48196-60c5-45c4-8d60-c563183fab66?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27ac48a7-52ee-46cb-a6d0-efbd2b516445": { "id": "27ac48a7-52ee-46cb-a6d0-efbd2b516445", "title": "WebToffee Plugins <= (Various Versions) - Arbitrary User Creation", "software": [ { "type": "plugin", "name": "Product Reviews Import Export for WooCommerce", "slug": "product-reviews-import-export-for-woocommerce", "affected_versions": { "[*, 1.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.3" ] }, { "type": "plugin", "name": "WordPress Comments Import & Export", "slug": "comments-import-export-woocommerce", "affected_versions": { "[*, 2.1.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.11" ] }, { "type": "plugin", "name": "Order XML File Export Import for WooCommerce", "slug": "order-xml-file-export-import-for-woocommerce", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "plugin", "name": "XML File Export Import for Stamps.com and WooCommerce", "slug": "xml-file-export-import-for-stampscom-and-woocommerce", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] }, { "type": "plugin", "name": "Export and Import Users and Customers", "slug": "users-customers-import-export-for-wp-woocommerce", "affected_versions": { "[*, 1.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9" ] }, { "type": "plugin", "name": "Order Export & Order Import for WooCommerce", "slug": "order-import-export-for-woocommerce", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27ac48a7-52ee-46cb-a6d0-efbd2b516445?source=api-scan" ], "published": "2020-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27b14c6e-44fe-4acb-8058-613f65b6baa4": { "id": "27b14c6e-44fe-4acb-8058-613f65b6baa4", "title": "Advanced Flat rate shipping Woocommerce <= 1.6.4.4 - Cross-Site Request Forgery via enableDisable and deletePost", "software": [ { "type": "plugin", "name": "Conditional shipping & Advanced Flat rate shipping rates \/ Flexible shipping for WooCommerce shipping", "slug": "advanced-free-flat-shipping-woocommerce", "affected_versions": { "* - 1.6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27b14c6e-44fe-4acb-8058-613f65b6baa4?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27b599af-f1f6-48af-90fe-4fc23b17a4ae": { "id": "27b599af-f1f6-48af-90fe-4fc23b17a4ae", "title": "Advanced Custom Fields: Image Crop Add-on <= 1.4.12 - Improper Authorization", "software": [ { "type": "plugin", "name": "Advanced Custom Fields: Image Crop Add-on", "slug": "acf-image-crop-add-on", "affected_versions": { "* - 1.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27b599af-f1f6-48af-90fe-4fc23b17a4ae?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27b79fe6-11b8-40bf-88e6-2a2b0fc41ed8": { "id": "27b79fe6-11b8-40bf-88e6-2a2b0fc41ed8", "title": "WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Product Editing", "software": [ { "type": "plugin", "name": "WP eStore", "slug": "wp-cart-for-digital-products", "affected_versions": { "* - 8.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27b79fe6-11b8-40bf-88e6-2a2b0fc41ed8?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27b8e0c0-fb0b-4d36-abc4-3e66ec7b5195": { "id": "27b8e0c0-fb0b-4d36-abc4-3e66ec7b5195", "title": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27b8e0c0-fb0b-4d36-abc4-3e66ec7b5195?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27b9ff55-f2b4-4713-a39d-6f57ee4c229b": { "id": "27b9ff55-f2b4-4713-a39d-6f57ee4c229b", "title": "Simpolio - Fullscreen Portfolio & Blog HTML Theme <= 1.3.2 - Arbitrary Options Update", "software": [ { "type": "theme", "name": "Simpolio - Fullscreen Portfolio & Blog HTML Theme", "slug": "simpolio", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27b9ff55-f2b4-4713-a39d-6f57ee4c229b?source=api-scan" ], "published": "2015-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27bf9abc-b715-442e-9353-ec2154f658c1": { "id": "27bf9abc-b715-442e-9353-ec2154f658c1", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27bf9abc-b715-442e-9353-ec2154f658c1?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27c3d563-4ed5-47a1-ae2c-ff765fb56cb7": { "id": "27c3d563-4ed5-47a1-ae2c-ff765fb56cb7", "title": "Read More Excerpt Link <= 1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Read More Excerpt Link", "slug": "read-more-excerpt-link", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27c3d563-4ed5-47a1-ae2c-ff765fb56cb7?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27ca0d04-9796-415f-a6e6-7c1752a74fea": { "id": "27ca0d04-9796-415f-a6e6-7c1752a74fea", "title": "Beebee Mini <= 1.2.0 - Unauthorized File Upload via ACF", "software": [ { "type": "plugin", "name": "Beebee Mini", "slug": "beebee-mini", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27ca0d04-9796-415f-a6e6-7c1752a74fea?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27cfd3cd-e622-4be7-af47-84324d6f6ea3": { "id": "27cfd3cd-e622-4be7-af47-84324d6f6ea3", "title": "Analytify <= 4.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27cfd3cd-e622-4be7-af47-84324d6f6ea3?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27d0f627-aeee-46de-a319-861af00fdbf4": { "id": "27d0f627-aeee-46de-a319-861af00fdbf4", "title": "Link Library <= 7.2.7 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27d0f627-aeee-46de-a319-861af00fdbf4?source=api-scan" ], "published": "2021-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27d25885-1a85-40a0-9759-3ae0c8d73d11": { "id": "27d25885-1a85-40a0-9759-3ae0c8d73d11", "title": "WP FullCalendar <= 1.4.1 - Missing Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "WP FullCalendar", "slug": "wp-fullcalendar", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27d25885-1a85-40a0-9759-3ae0c8d73d11?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27d579d5-a4d2-45f7-a7bb-8f384d851d7a": { "id": "27d579d5-a4d2-45f7-a7bb-8f384d851d7a", "title": "Force First and Last Name as Display Name <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Force First and Last Name as Display Name", "slug": "force-first-last", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27d579d5-a4d2-45f7-a7bb-8f384d851d7a?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27d6503c-88c1-43b1-82aa-d14705d6bc17": { "id": "27d6503c-88c1-43b1-82aa-d14705d6bc17", "title": "Move Addons for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Move Addons for Elementor", "slug": "move-addons", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27d6503c-88c1-43b1-82aa-d14705d6bc17?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27da9458-ac19-4b4e-a14b-d1ba62e9e9ea": { "id": "27da9458-ac19-4b4e-a14b-d1ba62e9e9ea", "title": "WP OAuth Server <= 4.2.5 - Authenticated (Subscriber+) Arbitrary Client Deletion (wo_ajax_remove_client)", "software": [ { "type": "plugin", "name": "WP OAuth Server (OAuth Authentication)", "slug": "oauth2-provider", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27da9458-ac19-4b4e-a14b-d1ba62e9e9ea?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac": { "id": "27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac", "title": "Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27e4d27f-b943-4cb3-b38a-01192844e9ac": { "id": "27e4d27f-b943-4cb3-b38a-01192844e9ac", "title": "Social Icons Widget & Block by WPZOOM <= 4.2.15 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Icons Widget & Block by WPZOOM", "slug": "social-icons-widget-by-wpzoom", "affected_versions": { "* - 4.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27e4d27f-b943-4cb3-b38a-01192844e9ac?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27e4d519-bc98-44d3-a519-72674184e7f2": { "id": "27e4d519-bc98-44d3-a519-72674184e7f2", "title": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27e4d519-bc98-44d3-a519-72674184e7f2?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27eb0101-b3d1-458d-b7d7-69d92e3a4bb8": { "id": "27eb0101-b3d1-458d-b7d7-69d92e3a4bb8", "title": "Comment Reply Notification <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Comment Reply Notification", "slug": "comment-reply-notification", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27eb0101-b3d1-458d-b7d7-69d92e3a4bb8?source=api-scan" ], "published": "2023-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27ec8f97-9b34-4737-bb45-37baf59598f1": { "id": "27ec8f97-9b34-4737-bb45-37baf59598f1", "title": "Open Graph and Twitter Card Tags < 2.2.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Open Graph and Twitter Card Tags", "slug": "wonderm00ns-simple-facebook-open-graph-tags", "affected_versions": { "[*, 2.2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27ec8f97-9b34-4737-bb45-37baf59598f1?source=api-scan" ], "published": "2018-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27eea04f-3f5f-4f13-9553-4fdea9be865b": { "id": "27eea04f-3f5f-4f13-9553-4fdea9be865b", "title": "WP Background Takeover < 4.1.5 - Directory Traversal", "software": [ { "type": "plugin", "name": "WP Background Takeover", "slug": "wpsite-background-takeover", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27eea04f-3f5f-4f13-9553-4fdea9be865b?source=api-scan" ], "published": "2018-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27f09e0e-ddd0-4440-9a58-a7fc60b49776": { "id": "27f09e0e-ddd0-4440-9a58-a7fc60b49776", "title": "Easy Preloader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Preloader", "slug": "easy-preloader", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27f09e0e-ddd0-4440-9a58-a7fc60b49776?source=api-scan" ], "published": "2021-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "27f7bfcc-b4bd-45d0-b75d-9d3264a173c7": { "id": "27f7bfcc-b4bd-45d0-b75d-9d3264a173c7", "title": "Ajax Rating with Custom Login <= 1.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Ajax Rating with Custom Login", "slug": "ajax-rating-with-custom-login", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/27f7bfcc-b4bd-45d0-b75d-9d3264a173c7?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2805267e-fd07-4bb2-b2e5-7c90c667097e": { "id": "2805267e-fd07-4bb2-b2e5-7c90c667097e", "title": "Simple Image Gallery <= 1.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Image Gallery", "slug": "simple-responsive-image-gallery", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2805267e-fd07-4bb2-b2e5-7c90c667097e?source=api-scan" ], "published": "2021-12-13 12:43:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "280871a2-f09f-4cd1-93f1-c804cda6b4e7": { "id": "280871a2-f09f-4cd1-93f1-c804cda6b4e7", "title": "MWW Disclaimer Buttons <= 3.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MWW Disclaimer Buttons", "slug": "mww-disclaimer-buttons", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/280871a2-f09f-4cd1-93f1-c804cda6b4e7?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2809d55f-14f8-4916-800f-4d4fb9ee88c0": { "id": "2809d55f-14f8-4916-800f-4d4fb9ee88c0", "title": "WP Songbook <= 2.0.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Songbook", "slug": "wp-songbook", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2809d55f-14f8-4916-800f-4d4fb9ee88c0?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "280a5d6d-192a-43aa-927e-45c50b126463": { "id": "280a5d6d-192a-43aa-927e-45c50b126463", "title": "Stock Ticker <= 3.24.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode", "software": [ { "type": "plugin", "name": "Stock Ticker", "slug": "stock-ticker", "affected_versions": { "* - 3.24.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.24.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.24.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/280a5d6d-192a-43aa-927e-45c50b126463?source=api-scan" ], "published": "2024-06-28 18:15:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "280e1b4d-08be-4e77-abcb-5f9079111595": { "id": "280e1b4d-08be-4e77-abcb-5f9079111595", "title": "Geo Controller <= 8.7.3 - Missing Authorization to Authenticated (Subscriber+) Menu Creation\/Deletion", "software": [ { "type": "plugin", "name": "Geo Controller", "slug": "cf-geoplugin", "affected_versions": { "* - 8.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/280e1b4d-08be-4e77-abcb-5f9079111595?source=api-scan" ], "published": "2024-09-04 21:33:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2812b31d-11c0-4efe-95e2-ea713293dad1": { "id": "2812b31d-11c0-4efe-95e2-ea713293dad1", "title": "Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2812b31d-11c0-4efe-95e2-ea713293dad1?source=api-scan" ], "published": "2020-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "281c49d3-078a-4fdc-9720-dac6b3a32892": { "id": "281c49d3-078a-4fdc-9720-dac6b3a32892", "title": "Shortlink by BestWebSoft < 1.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortlink by BestWebSoft", "slug": "google-shortlink", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/281c49d3-078a-4fdc-9720-dac6b3a32892?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "281ebead-5a30-4bfb-8280-94faf5d4fc14": { "id": "281ebead-5a30-4bfb-8280-94faf5d4fc14", "title": "Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery to Post Status Update", "software": [ { "type": "plugin", "name": "Admin Management Xtended", "slug": "admin-management-xtended", "affected_versions": { "[*, 2.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/281ebead-5a30-4bfb-8280-94faf5d4fc14?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2821d32e-386b-4d6a-8079-b6b184d1d266": { "id": "2821d32e-386b-4d6a-8079-b6b184d1d266", "title": "Shortcode Redirect <= 1.0.01 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcode Redirect", "slug": "shortcode-redirect", "affected_versions": { "* - 1.0.01": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2821d32e-386b-4d6a-8079-b6b184d1d266?source=api-scan" ], "published": "2012-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2822114a-ffc2-43dd-bbf1-e4504aababfb": { "id": "2822114a-ffc2-43dd-bbf1-e4504aababfb", "title": "WordPress Core < 2.2.2 - Open Redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2822114a-ffc2-43dd-bbf1-e4504aababfb?source=api-scan" ], "published": "2007-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28286b89-0fcd-4616-8246-d8a19d632674": { "id": "28286b89-0fcd-4616-8246-d8a19d632674", "title": "WP Symposium < 13.04 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "[*, 13.04)": { "from_version": "*", "from_inclusive": true, "to_version": "13.04", "to_inclusive": false } }, "patched": true, "patched_versions": [ "13.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28286b89-0fcd-4616-8246-d8a19d632674?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "282a26e8-4848-4e40-bfe5-fe2ba40f198e": { "id": "282a26e8-4848-4e40-bfe5-fe2ba40f198e", "title": "Mingle Forum <= 1.0.33.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Mingle Forum", "slug": "mingle-forum", "affected_versions": { "* - 1.0.33.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.33.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/282a26e8-4848-4e40-bfe5-fe2ba40f198e?source=api-scan" ], "published": "2013-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "282ef0bb-4db5-4b07-9aad-b128e8fdb915": { "id": "282ef0bb-4db5-4b07-9aad-b128e8fdb915", "title": "User Email Verification for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Email Verification for WooCommerce", "slug": "woo-confirmation-email", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/282ef0bb-4db5-4b07-9aad-b128e8fdb915?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "282fabde-c3a5-49d0-987a-39f106f766cf": { "id": "282fabde-c3a5-49d0-987a-39f106f766cf", "title": "TaxoPress <= 3.0.7.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Tag, Category, and Taxonomy Manager \u2013 AI Autotagger", "slug": "simple-tags", "affected_versions": { "* - 3.0.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/282fabde-c3a5-49d0-987a-39f106f766cf?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28333161-9c76-4108-9256-9ffa91eaf818": { "id": "28333161-9c76-4108-9256-9ffa91eaf818", "title": "Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Nelio AB Testing", "slug": "nelio-ab-testing", "affected_versions": { "[*, 4.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28333161-9c76-4108-9256-9ffa91eaf818?source=api-scan" ], "published": "2017-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2837c9b2-419e-453a-b011-5ec1ef050d62": { "id": "2837c9b2-419e-453a-b011-5ec1ef050d62", "title": "Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute", "software": [ { "type": "plugin", "name": "Void Contact Form 7 Widget For Elementor Page Builder", "slug": "cf7-widget-elementor", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2837c9b2-419e-453a-b011-5ec1ef050d62?source=api-scan" ], "published": "2024-07-01 15:08:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "283b10e6-61ae-4e1d-be7b-a63aece6ffda": { "id": "283b10e6-61ae-4e1d-be7b-a63aece6ffda", "title": "Ultimate Product Catalog <= 4.2.22 - SQL Injection", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "* - 4.2.22": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/283b10e6-61ae-4e1d-be7b-a63aece6ffda?source=api-scan" ], "published": "2017-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "283c2b7b-b231-4a23-96be-776115676443": { "id": "283c2b7b-b231-4a23-96be-776115676443", "title": "HandL UTM Grabber \/ Tracker <= 2.6.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HandL UTM Grabber \/ Tracker", "slug": "handl-utm-grabber", "affected_versions": { "[*, 2.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/283c2b7b-b231-4a23-96be-776115676443?source=api-scan" ], "published": "2019-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "283fb581-8b61-4008-a5c4-2e1490fab33e": { "id": "283fb581-8b61-4008-a5c4-2e1490fab33e", "title": "Essential Addons for Elementor <= 4.6.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/283fb581-8b61-4008-a5c4-2e1490fab33e?source=api-scan" ], "published": "2021-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28456329-03f3-4c33-92f5-e4076aa15345": { "id": "28456329-03f3-4c33-92f5-e4076aa15345", "title": "Comment Reply Email <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comment Reply Email", "slug": "comment-reply-email", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28456329-03f3-4c33-92f5-e4076aa15345?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "284b9b04-aa8f-41ff-b944-3488c5da8e20": { "id": "284b9b04-aa8f-41ff-b944-3488c5da8e20", "title": "Listing, Classified Ads & Business Directory \u2013 uListing <= 2.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/284b9b04-aa8f-41ff-b944-3488c5da8e20?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "284daad9-d31e-4d29-ac15-ba293ba9640d": { "id": "284daad9-d31e-4d29-ac15-ba293ba9640d", "title": "Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Qi Addons For Elementor", "slug": "qi-addons-for-elementor", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/284daad9-d31e-4d29-ac15-ba293ba9640d?source=api-scan" ], "published": "2024-06-06 15:08:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "284ea577-ff67-4681-995b-f7bb5ef0ff3e": { "id": "284ea577-ff67-4681-995b-f7bb5ef0ff3e", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/284ea577-ff67-4681-995b-f7bb5ef0ff3e?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "284eafb9-94bc-4478-abff-f7dafd510a1d": { "id": "284eafb9-94bc-4478-abff-f7dafd510a1d", "title": "Simple Membership <= 4.1.2 - Membership Privilege Escalation", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/284eafb9-94bc-4478-abff-f7dafd510a1d?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28524702-3428-4fca-afe8-71b3f2dd983d": { "id": "28524702-3428-4fca-afe8-71b3f2dd983d", "title": "Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "* - 4.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28524702-3428-4fca-afe8-71b3f2dd983d?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2857e6c1-f6c4-46fb-9837-a6a6f5e48369": { "id": "2857e6c1-f6c4-46fb-9837-a6a6f5e48369", "title": "Carousel Slider <= 2.2.9 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Carousel Slider", "slug": "carousel-slider", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2857e6c1-f6c4-46fb-9837-a6a6f5e48369?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "285d2b85-cdd0-4447-8cdc-b641751e4a5f": { "id": "285d2b85-cdd0-4447-8cdc-b641751e4a5f", "title": "Post Video Players <= 1.159 - Cross-Site Request Forgery via cincopa_mp_mt_options_page", "software": [ { "type": "plugin", "name": "Cincopa video and media plug-in", "slug": "video-playlist-and-gallery-plugin", "affected_versions": { "* - 1.159": { "from_version": "*", "from_inclusive": true, "to_version": "1.159", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.160" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/285d2b85-cdd0-4447-8cdc-b641751e4a5f?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28624634-9161-4da7-89f3-88ce1d38c3ea": { "id": "28624634-9161-4da7-89f3-88ce1d38c3ea", "title": "404 to 301 <= 2.3.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "404 to 301 \u2013 Redirect, Log and Notify 404 Errors", "slug": "404-to-301", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28624634-9161-4da7-89f3-88ce1d38c3ea?source=api-scan" ], "published": "2016-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "286c3e26-07a8-4fca-9fdc-98e62ae88b67": { "id": "286c3e26-07a8-4fca-9fdc-98e62ae88b67", "title": "Voting Record <= 2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Voting Record", "slug": "voting-record", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/286c3e26-07a8-4fca-9fdc-98e62ae88b67?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "286e52b4-2694-4f3b-9d1d-fd1ebf1d1e50": { "id": "286e52b4-2694-4f3b-9d1d-fd1ebf1d1e50", "title": "Tiger Forms <= 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tiger Forms \u2013 Drag and Drop Form Builder", "slug": "tiger-form", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/286e52b4-2694-4f3b-9d1d-fd1ebf1d1e50?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28741ffc-4ff5-4e67-a183-bb5064b6752e": { "id": "28741ffc-4ff5-4e67-a183-bb5064b6752e", "title": "All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28741ffc-4ff5-4e67-a183-bb5064b6752e?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2878de45-0123-4e07-bfec-015b36b11d01": { "id": "2878de45-0123-4e07-bfec-015b36b11d01", "title": "SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget", "software": [ { "type": "plugin", "name": "SiteOrigin Widgets Bundle", "slug": "so-widgets-bundle", "affected_versions": { "* - 1.61.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.61.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.62.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2878de45-0123-4e07-bfec-015b36b11d01?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "287bd483-13da-42e9-8fc3-79b800e49582": { "id": "287bd483-13da-42e9-8fc3-79b800e49582", "title": "Kognetiks Chatbot for WordPress <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kognetiks Chatbot for WordPress", "slug": "chatbot-chatgpt", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/287bd483-13da-42e9-8fc3-79b800e49582?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "287c6cdc-f534-4b87-8a97-ee1e3666cd25": { "id": "287c6cdc-f534-4b87-8a97-ee1e3666cd25", "title": "Shield Security <= 13.0.5 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security", "slug": "wp-simple-firewall", "affected_versions": { "* - 13.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/287c6cdc-f534-4b87-8a97-ee1e3666cd25?source=api-scan" ], "published": "2022-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2880cde0-a278-4a41-97f7-c54c2b3aceb2": { "id": "2880cde0-a278-4a41-97f7-c54c2b3aceb2", "title": "Piotnet Addons For Elementor <= 2.4.29 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor", "slug": "piotnet-addons-for-elementor", "affected_versions": { "* - 2.4.29": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2880cde0-a278-4a41-97f7-c54c2b3aceb2?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2881e144-a109-4034-afe8-2f72efd70360": { "id": "2881e144-a109-4034-afe8-2f72efd70360", "title": "History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection", "software": [ { "type": "plugin", "name": "History Log by click5", "slug": "history-log-by-click5", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2881e144-a109-4034-afe8-2f72efd70360?source=api-scan" ], "published": "2023-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2882d9dd-0c73-4c9a-99cb-d10900503103": { "id": "2882d9dd-0c73-4c9a-99cb-d10900503103", "title": "Social Connect <= 1.2 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Social Connect", "slug": "social-connect", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2882d9dd-0c73-4c9a-99cb-d10900503103?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "288559f0-eab6-4933-a026-8413476af6eb": { "id": "288559f0-eab6-4933-a026-8413476af6eb", "title": "Ultimate Product Catalog <= 5.2.5 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "* - 5.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/288559f0-eab6-4933-a026-8413476af6eb?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "288853b8-7523-472e-8406-257ffb3bd5ea": { "id": "288853b8-7523-472e-8406-257ffb3bd5ea", "title": "WP-FormAssembly <= 2.0.8 - Limited Server Side Request Forgery via 'formassembly' shortcode", "software": [ { "type": "plugin", "name": "WP-FormAssembly", "slug": "formassembly-web-forms", "affected_versions": { "[*, 2.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/288853b8-7523-472e-8406-257ffb3bd5ea?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "288946ae-6e58-42e6-89d1-8951539728d3": { "id": "288946ae-6e58-42e6-89d1-8951539728d3", "title": "Easy Newsletter Signups <= 1.0.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Easy Newsletter Signups", "slug": "easy-newsletter-signups", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/288946ae-6e58-42e6-89d1-8951539728d3?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "288db6ba-5d6c-448d-85c5-f9a19a9391c0": { "id": "288db6ba-5d6c-448d-85c5-f9a19a9391c0", "title": "Login Screen Manager <= 3.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Login Screen Manager", "slug": "login-screen-manager", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/288db6ba-5d6c-448d-85c5-f9a19a9391c0?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "288fdb71-1dae-4897-b5af-95c628fce288": { "id": "288fdb71-1dae-4897-b5af-95c628fce288", "title": "StoryChief <= 1.0.30 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StoryChief", "slug": "story-chief", "affected_versions": { "* - 1.0.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/288fdb71-1dae-4897-b5af-95c628fce288?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28928a78-24c2-44d2-a9e4-33c2f352d089": { "id": "28928a78-24c2-44d2-a9e4-33c2f352d089", "title": "Themify - WooCommerce Product Filter <= 1.3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify \u2013 WooCommerce Product Filter", "slug": "themify-wc-product-filter", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28928a78-24c2-44d2-a9e4-33c2f352d089?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28941027-a812-4d53-b3da-4e715202f88d": { "id": "28941027-a812-4d53-b3da-4e715202f88d", "title": "Sp*tify Play Button for WordPress <= 2.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Sp*tify Play Button for WordPress", "slug": "spotify-play-button-for-wordpress", "affected_versions": { "* - 2.05": { "from_version": "*", "from_inclusive": true, "to_version": "2.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28941027-a812-4d53-b3da-4e715202f88d?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "289569f5-8a8d-4427-8ad4-e431c955311e": { "id": "289569f5-8a8d-4427-8ad4-e431c955311e", "title": "MailPoet Newsletters <= 2.2 - Multiple SQL Injections", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/289569f5-8a8d-4427-8ad4-e431c955311e?source=api-scan" ], "published": "2013-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2896c925-e035-4193-92db-e8a3dd34a0b7": { "id": "2896c925-e035-4193-92db-e8a3dd34a0b7", "title": "Blog Introduction <= 0.3.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "blogintroduction-wordpress-plugin", "slug": "blogintroduction-wordpress-plugin", "affected_versions": { "* - 0.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2896c925-e035-4193-92db-e8a3dd34a0b7?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "289c9759-f4d3-4b42-9f90-12ea43bbafad": { "id": "289c9759-f4d3-4b42-9f90-12ea43bbafad", "title": "Podlove Podcast Publisher <= 4.1.13 - Cross-Site Request Forgery to Remote Code Execution", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/289c9759-f4d3-4b42-9f90-12ea43bbafad?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28a4c868-a24d-4fd8-ae0e-d5c0bf3a7436": { "id": "28a4c868-a24d-4fd8-ae0e-d5c0bf3a7436", "title": "WP PDF Generator <= 1.2.2 - Cross-Site Request Forgery to PDF Settings Update", "software": [ { "type": "plugin", "name": "WP PDF Generator", "slug": "wp-pdf-generator", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28a4c868-a24d-4fd8-ae0e-d5c0bf3a7436?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28a7b2c9-5d8d-4b49-a47c-473e3288b563": { "id": "28a7b2c9-5d8d-4b49-a47c-473e3288b563", "title": "Frontend File Manager <= 18.2 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28a7b80c-8282-4f5c-b442-d6bce9fda25d": { "id": "28a7b80c-8282-4f5c-b442-d6bce9fda25d", "title": "Ripe HD FLV <= 1.1 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Ripe HD FLV", "slug": "ripe-hd-player", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28a7b80c-8282-4f5c-b442-d6bce9fda25d?source=api-scan" ], "published": "2013-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28a8b3fe-6f15-4085-a370-a2e867f7018b": { "id": "28a8b3fe-6f15-4085-a370-a2e867f7018b", "title": "WP Tabs <= 2.1.14 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Tabs \u2013 Responsive Tabs and Custom Product Tabs", "slug": "wp-expand-tabs-free", "affected_versions": { "* - 2.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28a8b3fe-6f15-4085-a370-a2e867f7018b?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28a8f025-c2ab-4a5f-a99e-a2d19b14a190": { "id": "28a8f025-c2ab-4a5f-a99e-a2d19b14a190", "title": "MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "* - 2.88.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.88.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.88.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28a8f025-c2ab-4a5f-a99e-a2d19b14a190?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28aae3d4-c4c4-4cda-9f4b-7f2ea58629aa": { "id": "28aae3d4-c4c4-4cda-9f4b-7f2ea58629aa", "title": "Code Snippets <= 3.5.0 - Cross-Site Request Forgery via load", "software": [ { "type": "plugin", "name": "Code Snippets", "slug": "code-snippets", "affected_versions": { "[*, 3.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28aae3d4-c4c4-4cda-9f4b-7f2ea58629aa?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28ba6f91-c696-4019-ae87-28ebfbe464cf": { "id": "28ba6f91-c696-4019-ae87-28ebfbe464cf", "title": "Image horizontal reel scroll slideshow <= 13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Image horizontal reel scroll slideshow", "slug": "image-horizontal-reel-scroll-slideshow", "affected_versions": { "* - 13.3": { "from_version": "*", "from_inclusive": true, "to_version": "13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28ba6f91-c696-4019-ae87-28ebfbe464cf?source=api-scan" ], "published": "2023-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28bc0672-3469-4f58-860d-9e13da46804e": { "id": "28bc0672-3469-4f58-860d-9e13da46804e", "title": "WP Smart Import : Import any XML File to WordPress <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Smart Import : Import any XML File to WordPress", "slug": "wp-smart-import", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28bc0672-3469-4f58-860d-9e13da46804e?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28bcaf28-bb75-4d55-9e9b-afa760fc793e": { "id": "28bcaf28-bb75-4d55-9e9b-afa760fc793e", "title": "WordPress Core < 2.7 - Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28bcaf28-bb75-4d55-9e9b-afa760fc793e?source=api-scan" ], "published": "2008-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28bdad82-f09a-461f-b826-3f458f121fea": { "id": "28bdad82-f09a-461f-b826-3f458f121fea", "title": "Thanh To\u00e1n Qu\u00e9t M\u00e3 QR Code T\u1ef1 \u0110\u1ed9ng \u2013 MoMo, ViettelPay, VNPay v\u00e0 40 ng\u00e2n h\u00e0ng Vi\u1ec7t Nam <= 2.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thanh To\u00e1n Qu\u00e9t M\u00e3 QR Code T\u1ef1 \u0110\u1ed9ng \u2013 MoMo, ViettelPay, VNPay v\u00e0 40 ng\u00e2n h\u00e0ng Vi\u1ec7t Nam", "slug": "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28bdad82-f09a-461f-b826-3f458f121fea?source=api-scan" ], "published": "2022-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28bdaf44-6f2c-440a-a96f-bdcd71fb7bea": { "id": "28bdaf44-6f2c-440a-a96f-bdcd71fb7bea", "title": "WP Cleanup and Basic Functions <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "WP Cleanup and Basic Functions", "slug": "wp-cleanup-and-basic-functions", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28bdaf44-6f2c-440a-a96f-bdcd71fb7bea?source=api-scan" ], "published": "2024-10-04 12:37:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28bdf97b-86e7-4d4b-a3e4-6624e9858a93": { "id": "28bdf97b-86e7-4d4b-a3e4-6624e9858a93", "title": "WP All Export <= 1.3.0 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Export any WordPress data to XML\/CSV", "slug": "wp-all-export", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28bdf97b-86e7-4d4b-a3e4-6624e9858a93?source=api-scan" ], "published": "2021-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28c3b377-4cab-4c17-adc3-6ce8b600b20a": { "id": "28c3b377-4cab-4c17-adc3-6ce8b600b20a", "title": "Woo MerchantX <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Woo MerchantX", "slug": "woo-merchantx", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28c3b377-4cab-4c17-adc3-6ce8b600b20a?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28c8abf2-09e2-43a2-8666-ca2a896bdbbe": { "id": "28c8abf2-09e2-43a2-8666-ca2a896bdbbe", "title": "Advanced Booking Calendar <= 1.6.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Booking Calendar", "slug": "advanced-booking-calendar", "affected_versions": { "[*, 1.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28c8abf2-09e2-43a2-8666-ca2a896bdbbe?source=api-scan" ], "published": "2021-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28ca150a-443f-4b99-8c15-491bd9f1cee3": { "id": "28ca150a-443f-4b99-8c15-491bd9f1cee3", "title": "Search in Place <= 1.0.104 - Missing Authorization to Feedback Submission", "software": [ { "type": "plugin", "name": "Search in Place", "slug": "search-in-place", "affected_versions": { "* - 1.0.104": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.104", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.105" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28ca150a-443f-4b99-8c15-491bd9f1cee3?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28ca388f-0505-47ae-9408-e3d101101fae": { "id": "28ca388f-0505-47ae-9408-e3d101101fae", "title": "Oi Yandex.Maps for WordPress <= 3.2.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Oi Yandex.Maps for WordPress", "slug": "oi-yamaps", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28ca388f-0505-47ae-9408-e3d101101fae?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28cb1a04-5129-430a-850e-c410e95d7b87": { "id": "28cb1a04-5129-430a-850e-c410e95d7b87", "title": "Smooth Scroll Page Up\/Down Buttons <= 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smooth Page Scroll Up\/Down Buttons", "slug": "smooth-page-scroll-updown-buttons", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28cb1a04-5129-430a-850e-c410e95d7b87?source=api-scan" ], "published": "2021-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28cb96a9-12bd-4d9c-ac53-72e81d11b0b6": { "id": "28cb96a9-12bd-4d9c-ac53-72e81d11b0b6", "title": "Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "[*, 3.0.96)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.96", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.96" ] }, { "type": "plugin", "name": "Showbiz Pro Responsive Teaser WordPress Plugin", "slug": "showbizpro", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28cb96a9-12bd-4d9c-ac53-72e81d11b0b6?source=api-scan" ], "published": "2014-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28cddb4c-32a1-4ea9-936d-5ec7ffd84753": { "id": "28cddb4c-32a1-4ea9-936d-5ec7ffd84753", "title": "SAHU TikTok Pixel for E-Commerce <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SAHU TikTok Pixel for E-Commerce", "slug": "sahu-tiktok-pixel", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28cddb4c-32a1-4ea9-936d-5ec7ffd84753?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28d3388e-0731-46b6-bf66-e7a1d98c321a": { "id": "28d3388e-0731-46b6-bf66-e7a1d98c321a", "title": "wp-championship < 5.9 - SQL Injection", "software": [ { "type": "plugin", "name": "wp-championship", "slug": "wp-championship", "affected_versions": { "[*, 5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28d3388e-0731-46b6-bf66-e7a1d98c321a?source=api-scan" ], "published": "2015-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28d3fe13-20f8-48af-9476-98d2bef467e5": { "id": "28d3fe13-20f8-48af-9476-98d2bef467e5", "title": "WP YouTube Lyte <= 1.7.15 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP YouTube Lyte", "slug": "wp-youtube-lyte", "affected_versions": { "[*, 1.7.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28d3fe13-20f8-48af-9476-98d2bef467e5?source=api-scan" ], "published": "2021-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28d41721-c538-4043-a411-3234ff1074bc": { "id": "28d41721-c538-4043-a411-3234ff1074bc", "title": "Send PDF for Contact Form 7 <= 0.9.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Send PDF for Contact Form 7", "slug": "send-pdf-for-contact-form-7", "affected_versions": { "* - 0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28d41721-c538-4043-a411-3234ff1074bc?source=api-scan" ], "published": "2022-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28d622b3-e8a7-4a3b-9f0b-e344b085284d": { "id": "28d622b3-e8a7-4a3b-9f0b-e344b085284d", "title": "Easy PopUp Show <= 0.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy PopUp Show", "slug": "easy-popup-show", "affected_versions": { "* - 0.12": { "from_version": "*", "from_inclusive": true, "to_version": "0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28d622b3-e8a7-4a3b-9f0b-e344b085284d?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28d6a36b-ba8b-4c73-9e89-0fb85353b58e": { "id": "28d6a36b-ba8b-4c73-9e89-0fb85353b58e", "title": "Sky Addons for Elementor <= 2.5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)", "slug": "sky-elementor-addons", "affected_versions": { "* - 2.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28d6a36b-ba8b-4c73-9e89-0fb85353b58e?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28dea1e9-e772-488e-b98f-93a46ab84581": { "id": "28dea1e9-e772-488e-b98f-93a46ab84581", "title": "WP Travel <= 4.4.6 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP Travel \u2013 Ultimate Travel Booking System, Tour Management Engine", "slug": "wp-travel", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28dea1e9-e772-488e-b98f-93a46ab84581?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28dfc8c9-478c-48b2-8781-7e0787fd50fd": { "id": "28dfc8c9-478c-48b2-8781-7e0787fd50fd", "title": "WPS Limit Login < 1.4.6.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPS Limit Login", "slug": "wps-limit-login", "affected_versions": { "[*, 1.4.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28dfc8c9-478c-48b2-8781-7e0787fd50fd?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28e16994-a03f-4b3a-9f45-e6b0a1334c98": { "id": "28e16994-a03f-4b3a-9f45-e6b0a1334c98", "title": "Events Tickets Plus <= 5.9.0 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "Events Tickets Plus", "slug": "event-tickets-plus", "affected_versions": { "* - 5.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28e16994-a03f-4b3a-9f45-e6b0a1334c98?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28e1a11b-5320-41be-bc78-580322e5f407": { "id": "28e1a11b-5320-41be-bc78-580322e5f407", "title": "Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder by SiteOrigin", "slug": "siteorigin-panels", "affected_versions": { "[*, 2.10.16)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28e1a11b-5320-41be-bc78-580322e5f407?source=api-scan" ], "published": "2020-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28e4cc53-53c3-47bf-8ea4-818040d10abd": { "id": "28e4cc53-53c3-47bf-8ea4-818040d10abd", "title": "Super Store Finder <= 6.9.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Super Store Finder", "slug": "superstorefinder-wp", "affected_versions": { "* - 6.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28e4cc53-53c3-47bf-8ea4-818040d10abd?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28e723ee-e99a-4ec4-b492-bfba04d27fd0": { "id": "28e723ee-e99a-4ec4-b492-bfba04d27fd0", "title": "WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress'", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "[*, 0.9.91)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.91", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28e723ee-e99a-4ec4-b492-bfba04d27fd0?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28e74811-aae8-4276-abb1-cbe4fbcfd08b": { "id": "28e74811-aae8-4276-abb1-cbe4fbcfd08b", "title": "Global Content Blocks <= 2.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Global Content Blocks", "slug": "global-content-blocks", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28e74811-aae8-4276-abb1-cbe4fbcfd08b?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28ecf168-c215-4fc3-8dd7-1ab84ae6b4a6": { "id": "28ecf168-c215-4fc3-8dd7-1ab84ae6b4a6", "title": "Newspack Blocks <= 3.0.8 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Newspack Blocks", "slug": "newspack-blocks", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28ecf168-c215-4fc3-8dd7-1ab84ae6b4a6?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28f08640-cd63-4f2a-a785-1956dc051991": { "id": "28f08640-cd63-4f2a-a785-1956dc051991", "title": "Sirius <= 1.0 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Sirius", "slug": "sirius", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28f08640-cd63-4f2a-a785-1956dc051991?source=api-scan" ], "published": "2007-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28f0a927-a92e-45ab-8ef3-7a7c9368e1e4": { "id": "28f0a927-a92e-45ab-8ef3-7a7c9368e1e4", "title": "Beaver Builder <= 2.5.4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.5.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28f0a927-a92e-45ab-8ef3-7a7c9368e1e4?source=api-scan" ], "published": "2022-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28f77d5a-fc17-4e17-85b9-4e6f66dbf2c7": { "id": "28f77d5a-fc17-4e17-85b9-4e6f66dbf2c7", "title": "GTM Server Side <= 2.1.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GTM Server Side", "slug": "gtm-server-side", "affected_versions": { "* - 2.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28f77d5a-fc17-4e17-85b9-4e6f66dbf2c7?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "28fe3ec0-5e62-4a52-890d-e05b7d5bf531": { "id": "28fe3ec0-5e62-4a52-890d-e05b7d5bf531", "title": "Photo Gallery by Supsystic <= 1.15.5 - Cross-Site Request Forgery to Plugin Settings Change", "software": [ { "type": "plugin", "name": "Photo Gallery by Supsystic", "slug": "gallery-by-supsystic", "affected_versions": { "* - 1.15.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/28fe3ec0-5e62-4a52-890d-e05b7d5bf531?source=api-scan" ], "published": "2022-06-15 13:58:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "290233f0-a5dd-4c69-8039-7392268daf40": { "id": "290233f0-a5dd-4c69-8039-7392268daf40", "title": "Slider, Gallery, and Carousel by MetaSlider <= 3.29.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider, Gallery, and Carousel by MetaSlider \u2013 Image Sliders, Video Sliders", "slug": "ml-slider", "affected_versions": { "* - 3.29.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.29.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.29.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/290233f0-a5dd-4c69-8039-7392268daf40?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29125de3-eeed-4537-8915-e8100d2e65ca": { "id": "29125de3-eeed-4537-8915-e8100d2e65ca", "title": "Easy Digital Downloads \u2013 Per Product Emails < 1.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Per Product Emails", "slug": "edd-per-product-emails", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29125de3-eeed-4537-8915-e8100d2e65ca?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2912f693-c8fd-48f7-8030-5e1f0edd715f": { "id": "2912f693-c8fd-48f7-8030-5e1f0edd715f", "title": "Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form to Any API", "slug": "contact-form-to-any-api", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2912f693-c8fd-48f7-8030-5e1f0edd715f?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29137748-91b1-4b01-9f05-63da592e941a": { "id": "29137748-91b1-4b01-9f05-63da592e941a", "title": "WP Club Manager <= 2.2.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Club Manager \u2013 WordPress Sports Club Plugin", "slug": "wp-club-manager", "affected_versions": { "* - 2.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.12" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29137748-91b1-4b01-9f05-63da592e941a?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2921ea67-e88a-489a-8c45-cfe458f29d2b": { "id": "2921ea67-e88a-489a-8c45-cfe458f29d2b", "title": "HTML Forms <= 1.3.28 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML Forms \u2013 Simple WordPress Forms Plugin", "slug": "html-forms", "affected_versions": { "* - 1.3.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2921ea67-e88a-489a-8c45-cfe458f29d2b?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2923afdd-36b7-4181-aade-d757a70a06c0": { "id": "2923afdd-36b7-4181-aade-d757a70a06c0", "title": "Advanced Custom Fields Pro <= 6.2.9 - Authenticated (Contributor+) Code Injection", "software": [ { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "* - 6.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2923afdd-36b7-4181-aade-d757a70a06c0?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "292be50c-6eab-4462-b46c-c7763e8aa223": { "id": "292be50c-6eab-4462-b46c-c7763e8aa223", "title": "WordPress Core < 2.1.3 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/292be50c-6eab-4462-b46c-c7763e8aa223?source=api-scan" ], "published": "2007-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "293070c8-783f-404d-9250-392713703ce4": { "id": "293070c8-783f-404d-9250-392713703ce4", "title": "Waiting: One-click countdowns <= 0.6.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Waiting: One-click countdowns", "slug": "waiting", "affected_versions": { "* - 0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/293070c8-783f-404d-9250-392713703ce4?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2931fda2-edc8-44ea-9fff-ae9d94aa01bf": { "id": "2931fda2-edc8-44ea-9fff-ae9d94aa01bf", "title": "Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Portfolio and Projects", "slug": "portfolio-and-projects", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] }, { "type": "plugin", "name": "Video gallery and Player", "slug": "html5-videogallery-plus-player", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] }, { "type": "plugin", "name": "Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget", "slug": "wp-testimonial-with-widget", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] }, { "type": "plugin", "name": "WP Slick Slider and Image Carousel", "slug": "wp-slick-slider-and-image-carousel", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] }, { "type": "plugin", "name": "Accordion and Accordion Slider", "slug": "accordion-and-accordion-slider", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] }, { "type": "plugin", "name": "WP Logo Showcase Responsive Slider and Carousel", "slug": "wp-logo-showcase-responsive-slider-slider", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] }, { "type": "plugin", "name": "Album and Image Gallery plus Lightbox", "slug": "album-and-image-gallery-plus-lightbox", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] }, { "type": "plugin", "name": "Meta Slider and Carousel with Lightbox", "slug": "meta-slider-and-carousel-with-lightbox", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] }, { "type": "plugin", "name": "Blog Designer \u2013 Post and Widget", "slug": "blog-designer-for-post-and-widget", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] }, { "type": "plugin", "name": "WP News and Scrolling Widgets", "slug": "sp-news-and-widget", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9" ] }, { "type": "plugin", "name": "Trending\/Popular Post Slider and Widget", "slug": "wp-trending-post-slider-and-widget", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] }, { "type": "plugin", "name": "Countdown Timer Ultimate", "slug": "countdown-timer-ultimate", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "plugin", "name": "WP Featured Content and Slider", "slug": "wp-featured-content-and-slider", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] }, { "type": "plugin", "name": "Post Ticker Ultimate", "slug": "ticker-ultimate", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] }, { "type": "plugin", "name": "Team Slider and Team Grid Showcase plus Team Carousel", "slug": "wp-team-showcase-and-slider", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] }, { "type": "plugin", "name": "Post grid and filter ultimate", "slug": "post-grid-and-filter-ultimate", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] }, { "type": "plugin", "name": "WP Blog and Widgets", "slug": "wp-blog-and-widgets", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] }, { "type": "plugin", "name": "Featured Post Creative", "slug": "featured-post-creative", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] }, { "type": "plugin", "name": "Timeline and History slider", "slug": "timeline-and-history-slider", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] }, { "type": "plugin", "name": "Popup Anything \u2013 Popup for opt-ins and Lead Generation Conversions", "slug": "popup-anything-on-click", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] }, { "type": "plugin", "name": "WP responsive FAQ with category plugin", "slug": "sp-faq", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9" ] }, { "type": "plugin", "name": "WP Responsive Recent Post Slider\/Carousel", "slug": "wp-responsive-recent-post-slider", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29333999-ffe3-4cd0-a537-be98168cb2ee": { "id": "29333999-ffe3-4cd0-a537-be98168cb2ee", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'SaveSettings' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29333999-ffe3-4cd0-a537-be98168cb2ee?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29358ea9-21b7-4294-8fc9-0d38e689cf53": { "id": "29358ea9-21b7-4294-8fc9-0d38e689cf53", "title": "Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29358ea9-21b7-4294-8fc9-0d38e689cf53?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29482b70-0ff2-4bb1-9d41-9cffb83b5ad0": { "id": "29482b70-0ff2-4bb1-9d41-9cffb83b5ad0", "title": "Simple Backup <= 2.7.10 - Arbitrary File Download via Path Traversal", "software": [ { "type": "plugin", "name": "Simple Backup", "slug": "simple-backup", "affected_versions": { "[*, 2.7.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29482b70-0ff2-4bb1-9d41-9cffb83b5ad0?source=api-scan" ], "published": "2015-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2948d8f6-4b7b-49c3-a917-4306448416ff": { "id": "2948d8f6-4b7b-49c3-a917-4306448416ff", "title": "Houzez Login Register <= 2.6.3 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Houzez Login Register", "slug": "houzez-login-register", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2948d8f6-4b7b-49c3-a917-4306448416ff?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "294b5bd1-a7c8-4c06-b107-e80bf3b35da8": { "id": "294b5bd1-a7c8-4c06-b107-e80bf3b35da8", "title": "WP Crowdfunding <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Crowdfunding", "slug": "wp-crowdfunding", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/294b5bd1-a7c8-4c06-b107-e80bf3b35da8?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "294de862-716c-4e17-a1cf-cade53207013": { "id": "294de862-716c-4e17-a1cf-cade53207013", "title": "Klaviyo <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Klaviyo", "slug": "klaviyo", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/294de862-716c-4e17-a1cf-cade53207013?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2950a264-b60c-48ad-b8e0-6d0e1a230982": { "id": "2950a264-b60c-48ad-b8e0-6d0e1a230982", "title": "Pay with Vipps for WooCommerce <= 1.14.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pay with Vipps and MobilePay for WooCommerce", "slug": "woo-vipps", "affected_versions": { "* - 1.14.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2950a264-b60c-48ad-b8e0-6d0e1a230982?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2950eb91-a232-42c5-8a28-96b770cb7c48": { "id": "2950eb91-a232-42c5-8a28-96b770cb7c48", "title": "Real-Time Find and Replace <= 3.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real-Time Find and Replace", "slug": "real-time-find-and-replace", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2950eb91-a232-42c5-8a28-96b770cb7c48?source=api-scan" ], "published": "2017-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29532f4d-e830-4c99-ad77-076eebbbe98d": { "id": "29532f4d-e830-4c99-ad77-076eebbbe98d", "title": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim <= 3.22.6 - Hardcoded Credentials", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "* - 3.22.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.22.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29532f4d-e830-4c99-ad77-076eebbbe98d?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2954a007-37ac-4811-a258-b3fdd738043f": { "id": "2954a007-37ac-4811-a258-b3fdd738043f", "title": "loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service", "software": [ { "type": "plugin", "name": "Simple Page Ordering", "slug": "simple-page-ordering", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] }, { "type": "plugin", "name": "Restricted Site Access", "slug": "restricted-site-access", "affected_versions": { "* - 7.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.5" ] }, { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] }, { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2954a007-37ac-4811-a258-b3fdd738043f?source=api-scan" ], "published": "2022-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2959ae2f-ef16-45d8-920f-56b141ad955e": { "id": "2959ae2f-ef16-45d8-920f-56b141ad955e", "title": "Float menu \u2013 awesome floating side menu <= 6.0 - Cross-Site Request Forgery to Menu Deletion", "software": [ { "type": "plugin", "name": "Float menu \u2013 awesome floating side menu", "slug": "float-menu", "affected_versions": { "* - 6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2959ae2f-ef16-45d8-920f-56b141ad955e?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29652f77-032c-4637-9dbf-cfd26b56ff19": { "id": "29652f77-032c-4637-9dbf-cfd26b56ff19", "title": "Video Widget <= 1.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Widget", "slug": "video-widget", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29652f77-032c-4637-9dbf-cfd26b56ff19?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "296f15eb-0782-4351-a2c5-c8ef6f005352": { "id": "296f15eb-0782-4351-a2c5-c8ef6f005352", "title": "TrustProfile <= 3.24 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Trustprofile and reviews for WordPress", "slug": "trustprofile", "affected_versions": { "[*, 3.25)": { "from_version": "*", "from_inclusive": true, "to_version": "3.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/296f15eb-0782-4351-a2c5-c8ef6f005352?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "296f8a23-8223-4d9c-a238-d93fcd5abd87": { "id": "296f8a23-8223-4d9c-a238-d93fcd5abd87", "title": "EazyDocs <= 2.3.3 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "EazyDocs \u2013 Most Powerful Knowledge base, wiki, Documentation Builder Plugin", "slug": "eazydocs", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/296f8a23-8223-4d9c-a238-d93fcd5abd87?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29700844-b41d-4f10-90a7-06c8574d8d2a": { "id": "29700844-b41d-4f10-90a7-06c8574d8d2a", "title": "Groundhogg <= 2.7.9.8 - Missing Authorization to Update License", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29700844-b41d-4f10-90a7-06c8574d8d2a?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2970bea4-4641-4885-b996-2bf0b848e1ec": { "id": "2970bea4-4641-4885-b996-2bf0b848e1ec", "title": "Exchange Rates Widget <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exchange Rates Widget", "slug": "exchange-rates-widget", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2970bea4-4641-4885-b996-2bf0b848e1ec?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2971547d-39da-46f1-b62c-1918042ae654": { "id": "2971547d-39da-46f1-b62c-1918042ae654", "title": "Image News Slider <= 3.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Image News Slider", "slug": "wp-image-news-slider", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2971547d-39da-46f1-b62c-1918042ae654?source=api-scan" ], "published": "2012-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2972cdaf-2d0a-4b55-b4f5-ccf01ff5352c": { "id": "2972cdaf-2d0a-4b55-b4f5-ccf01ff5352c", "title": "Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Contact Form 7 Style", "slug": "contact-form-7-style", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2972cdaf-2d0a-4b55-b4f5-ccf01ff5352c?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29778d95-4859-4383-91c7-15e7907b825c": { "id": "29778d95-4859-4383-91c7-15e7907b825c", "title": "WordPress Core < 5.0.1 - PHP Object Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29778d95-4859-4383-91c7-15e7907b825c?source=api-scan" ], "published": "2018-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "297b9605-602f-458f-8b36-a184cdbd20df": { "id": "297b9605-602f-458f-8b36-a184cdbd20df", "title": "WP 404 Auto Redirect to Similar Post <= 1.0.4 - Reflected Cross-Site Scripting via Debug Mode URI", "software": [ { "type": "plugin", "name": "WP 404 Auto Redirect to Similar Post", "slug": "wp-404-auto-redirect-to-similar-post", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/297b9605-602f-458f-8b36-a184cdbd20df?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "297c7411-5065-458c-8cad-4f6243610b8a": { "id": "297c7411-5065-458c-8cad-4f6243610b8a", "title": "Advanced Custom Fields Pro <= 6.2.9 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "* - 6.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/297c7411-5065-458c-8cad-4f6243610b8a?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2984b9ca-e821-4c23-b792-4d0e54e44a7c": { "id": "2984b9ca-e821-4c23-b792-4d0e54e44a7c", "title": "Business Directory Plugin < 5.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 5.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2984b9ca-e821-4c23-b792-4d0e54e44a7c?source=api-scan" ], "published": "2021-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2987a5cf-4655-4d37-ae85-6f4775cc6802": { "id": "2987a5cf-4655-4d37-ae85-6f4775cc6802", "title": "JobSearch WP Job Board < 1.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2987a5cf-4655-4d37-ae85-6f4775cc6802?source=api-scan" ], "published": "2020-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "298a1927-118c-4dca-a783-9cc7e94d0b07": { "id": "298a1927-118c-4dca-a783-9cc7e94d0b07", "title": "WP Time Slots Booking Form <= 1.2.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Time Slots Booking Form", "slug": "wp-time-slots-booking-form", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/298a1927-118c-4dca-a783-9cc7e94d0b07?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "298af603-43fc-4fde-83b5-ac36f1b35bca": { "id": "298af603-43fc-4fde-83b5-ac36f1b35bca", "title": "Newsletter Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter Popup", "slug": "newsletter-popup", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/298af603-43fc-4fde-83b5-ac36f1b35bca?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2990b307-2b07-4daf-917b-d9587253cbeb": { "id": "2990b307-2b07-4daf-917b-d9587253cbeb", "title": "Constant Contact Forms <= 2.4.2 - Information Disclosure via Log Files", "software": [ { "type": "plugin", "name": "Constant Contact Forms", "slug": "constant-contact-forms", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2990b307-2b07-4daf-917b-d9587253cbeb?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "299c4290-dc7e-44fb-887e-e3e53d3c070b": { "id": "299c4290-dc7e-44fb-887e-e3e53d3c070b", "title": "Shortcodes Finder <= 1.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcodes Finder", "slug": "shortcodes-finder", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/299c4290-dc7e-44fb-887e-e3e53d3c070b?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29a160ea-5582-4028-8621-7988e3a8cabf": { "id": "29a160ea-5582-4028-8621-7988e3a8cabf", "title": "AnWP Football Leagues <= 0.16.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "AnWP Football Leagues", "slug": "football-leagues-by-anwppro", "affected_versions": { "* - 0.16.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.16.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.16.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29a160ea-5582-4028-8621-7988e3a8cabf?source=api-scan" ], "published": "2024-09-23 18:14:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29a2cb14-bf70-4936-a7c9-bf417a403de8": { "id": "29a2cb14-bf70-4936-a7c9-bf417a403de8", "title": "Zotpress <= 7.3.7 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Zotpress", "slug": "zotpress", "affected_versions": { "* - 7.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29a2cb14-bf70-4936-a7c9-bf417a403de8?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29a7aa52-ebbf-4185-a9ed-c24cb7d1f03b": { "id": "29a7aa52-ebbf-4185-a9ed-c24cb7d1f03b", "title": "Tainacan <= 0.21.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.21.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.21.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.21.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29a7aa52-ebbf-4185-a9ed-c24cb7d1f03b?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29adf3d2-b3a4-43f3-9aaa-bd2cf6cd115b": { "id": "29adf3d2-b3a4-43f3-9aaa-bd2cf6cd115b", "title": "Eventr <= 1.02.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Eventr", "slug": "eventr", "affected_versions": { "* - 1.02.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.02.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29adf3d2-b3a4-43f3-9aaa-bd2cf6cd115b?source=api-scan" ], "published": "2017-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29b09367-6a27-4024-a71c-233aaee6c310": { "id": "29b09367-6a27-4024-a71c-233aaee6c310", "title": "Link Whisper Free <= 0.6.3 - Missing Authorization via init()", "software": [ { "type": "plugin", "name": "Link Whisper Free", "slug": "link-whisper", "affected_versions": { "* - 0.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29b09367-6a27-4024-a71c-233aaee6c310?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29b471ac-3a08-42da-9907-670c3b3bae92": { "id": "29b471ac-3a08-42da-9907-670c3b3bae92", "title": "Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers", "slug": "rafflepress", "affected_versions": { "* - 1.12.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29b471ac-3a08-42da-9907-670c3b3bae92?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29b4c20b-486c-45d4-904f-561d6624d477": { "id": "29b4c20b-486c-45d4-904f-561d6624d477", "title": "CRM: Contact Management Simplified \u2013 UkuuPeople <= 1.6.3 - Cross-Site Request Forgery to Favorite Addition\/Deletion", "software": [ { "type": "plugin", "name": "CRM: Contact Management Simplified \u2013 UkuuPeople", "slug": "ukuupeople-the-simple-crm", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29b4c20b-486c-45d4-904f-561d6624d477?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29b53c80-68d5-4431-a49b-0d139c9403f2": { "id": "29b53c80-68d5-4431-a49b-0d139c9403f2", "title": "Marketing Performance <= 2.0.0 - Unauthenticated Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Marketing Performance", "slug": "marketing-performance", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29b53c80-68d5-4431-a49b-0d139c9403f2?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29b81e96-d950-405a-abcb-c457e104b86b": { "id": "29b81e96-d950-405a-abcb-c457e104b86b", "title": "Crony Cronjob Manager <= 0.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Crony Cronjob Manager", "slug": "crony", "affected_versions": { "* - 0.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29b81e96-d950-405a-abcb-c457e104b86b?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29b9cb4a-741d-4c38-b458-abd9900a8dce": { "id": "29b9cb4a-741d-4c38-b458-abd9900a8dce", "title": "WooCommerce <= 2.3.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 2.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29b9cb4a-741d-4c38-b458-abd9900a8dce?source=api-scan" ], "published": "2015-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29c47391-5d37-4f49-8806-1f378a6306d0": { "id": "29c47391-5d37-4f49-8806-1f378a6306d0", "title": "WP Meta SEO <= 4.5.2 - Missing Authorization in 'startProcess' to Arbitrary Redirect via 'update_link_redirect' task", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29c47391-5d37-4f49-8806-1f378a6306d0?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29c762c7-7bb9-42bc-9e22-0f4da2a5c59b": { "id": "29c762c7-7bb9-42bc-9e22-0f4da2a5c59b", "title": "Smart Forms <= 2.6.86 - Missing Authorization", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "* - 2.6.86": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.87" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29c762c7-7bb9-42bc-9e22-0f4da2a5c59b?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29c97617-78b1-4798-99a6-488176070e4a": { "id": "29c97617-78b1-4798-99a6-488176070e4a", "title": "Bg Bible References <= 3.8.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bg Bible References", "slug": "bg-biblie-references", "affected_versions": { "* - 3.8.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29c97617-78b1-4798-99a6-488176070e4a?source=api-scan" ], "published": "2022-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29ca151b-ef37-4f68-b0ea-b199ad6a4fce": { "id": "29ca151b-ef37-4f68-b0ea-b199ad6a4fce", "title": "Booking Ultra Pro <= 1.1.13 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29ca151b-ef37-4f68-b0ea-b199ad6a4fce?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29cc82cb-f3fd-4de5-9731-7ceb1212b0f9": { "id": "29cc82cb-f3fd-4de5-9731-7ceb1212b0f9", "title": "Enter Addons \u2013 Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag", "software": [ { "type": "plugin", "name": "Enter Addons \u2013 Ultimate Template Builder for Elementor", "slug": "enteraddons", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29cc82cb-f3fd-4de5-9731-7ceb1212b0f9?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29d112ca-c793-4459-a5a0-7f1a3de9de71": { "id": "29d112ca-c793-4459-a5a0-7f1a3de9de71", "title": "Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Yoo Slider \u2013 Image Slider & Video Slider", "slug": "yoo-slider", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29d112ca-c793-4459-a5a0-7f1a3de9de71?source=api-scan" ], "published": "2022-04-11 17:36:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29d6df4e-eaf6-42ec-8cd9-7cf86908f4ef": { "id": "29d6df4e-eaf6-42ec-8cd9-7cf86908f4ef", "title": "Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Email download link", "slug": "email-download-link", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29d6df4e-eaf6-42ec-8cd9-7cf86908f4ef?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29d962c0-31dc-4320-a9ce-3ed71d4f9943": { "id": "29d962c0-31dc-4320-a9ce-3ed71d4f9943", "title": "SEO Redirection <= 6.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29d962c0-31dc-4320-a9ce-3ed71d4f9943?source=api-scan" ], "published": "2021-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29da4c49-3608-4bff-8184-01dc08752403": { "id": "29da4c49-3608-4bff-8184-01dc08752403", "title": "Fatcat Apps Analytics Cat <= 1.0.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Analytics Cat \u2013 Google Analytics Made Easy", "slug": "analytics-cat", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29da4c49-3608-4bff-8184-01dc08752403?source=api-scan" ], "published": "2022-03-08 21:49:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29e2ff11-053b-45cc-adf1-d276f1ee576e": { "id": "29e2ff11-053b-45cc-adf1-d276f1ee576e", "title": "Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget <= 2.2.1 - Cross-Site Request Forgery to Plugin Options Update", "software": [ { "type": "plugin", "name": "Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget", "slug": "custom-twitter-feeds", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29e49f76-9769-41c9-aeed-9e2857ebbd25": { "id": "29e49f76-9769-41c9-aeed-9e2857ebbd25", "title": "Coming Soon by Supsystic <= 1.7.10 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Maintenance Mode by Supsystic", "slug": "coming-soon-by-supsystic", "affected_versions": { "* - 1.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29e49f76-9769-41c9-aeed-9e2857ebbd25?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29ef1755-f1c4-4251-bd4c-2fe97f291994": { "id": "29ef1755-f1c4-4251-bd4c-2fe97f291994", "title": "Music Request Manager <= 1.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Music Request Manager", "slug": "music-request-manager", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29ef1755-f1c4-4251-bd4c-2fe97f291994?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29f6e37a-1f73-480e-984b-c24e2eaa55f5": { "id": "29f6e37a-1f73-480e-984b-c24e2eaa55f5", "title": "Uncanny Toolkit Pro for LearnDash <= 4.1.4 - Missing Authorization to Arbitrary Page\/Post Duplication", "software": [ { "type": "plugin", "name": "Uncanny Toolkit Pro for LearnDash", "slug": "uncanny-toolkit-pro", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29f6e37a-1f73-480e-984b-c24e2eaa55f5?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "29fee127-73f5-4cd5-9bfb-799f1c0a9f83": { "id": "29fee127-73f5-4cd5-9bfb-799f1c0a9f83", "title": "Responsive 3D Slider <= 1.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "RESPONSIVE 3D SLIDER", "slug": "morpheus-slider", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/29fee127-73f5-4cd5-9bfb-799f1c0a9f83?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a0381b1-9b63-41cb-8125-d22274b98867": { "id": "2a0381b1-9b63-41cb-8125-d22274b98867", "title": "GiveWP <= 2.25.1 - Cross-Site Request Forgery to Cross-Site Scripting via render_dropdown", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a0381b1-9b63-41cb-8125-d22274b98867?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a06dc0d-f002-4f82-b380-0e329b022dc9": { "id": "2a06dc0d-f002-4f82-b380-0e329b022dc9", "title": "JSmol2WP <= 1.07 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "JSmol2WP", "slug": "jsmol2wp", "affected_versions": { "* - 1.07": { "from_version": "*", "from_inclusive": true, "to_version": "1.07", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a06dc0d-f002-4f82-b380-0e329b022dc9?source=api-scan" ], "published": "2018-12-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a090167-0ea9-47f9-be8f-fe392da9ec38": { "id": "2a090167-0ea9-47f9-be8f-fe392da9ec38", "title": "Embed Google Photos album <= 2.1.9 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Embed Google Photos album", "slug": "embed-google-photos-album-easily", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a090167-0ea9-47f9-be8f-fe392da9ec38?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a0ce4fa-24d7-4c41-a003-999ff9f45a42": { "id": "2a0ce4fa-24d7-4c41-a003-999ff9f45a42", "title": "Google Analyticator <= 5.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Analyticator", "slug": "google-analyticator", "affected_versions": { "[*, 5.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a0ce4fa-24d7-4c41-a003-999ff9f45a42?source=api-scan" ], "published": "2009-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a0f2774-4677-45a1-9c86-240a6e35f7af": { "id": "2a0f2774-4677-45a1-9c86-240a6e35f7af", "title": "Product list Widget for Woocommerce <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Shortcode \u2013 Widget \u2013 Block for Woocommerce", "slug": "gm-woo-product-list-widget", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a0f2774-4677-45a1-9c86-240a6e35f7af?source=api-scan" ], "published": "2022-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a0f539c-5d1d-4e1b-9a4b-719c096ba23c": { "id": "2a0f539c-5d1d-4e1b-9a4b-719c096ba23c", "title": "NitroPack <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "NitroPack \u2013 Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN", "slug": "nitropack", "affected_versions": { "* - 1.16.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a0f539c-5d1d-4e1b-9a4b-719c096ba23c?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a0f9f80-e338-4afd-9a4b-e421865c8b0b": { "id": "2a0f9f80-e338-4afd-9a4b-e421865c8b0b", "title": "Page Builder: Live Composer <= 1.5.25 - Authenticated (Author+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Live Composer \u2013 Free WordPress Website Builder", "slug": "live-composer-page-builder", "affected_versions": { "* - 1.5.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a0f9f80-e338-4afd-9a4b-e421865c8b0b?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a13ce09-b312-4186-b0e2-63065c47f15d": { "id": "2a13ce09-b312-4186-b0e2-63065c47f15d", "title": "GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.15.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a13ce09-b312-4186-b0e2-63065c47f15d?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a1b7e37-1e30-473c-aadc-176de729e619": { "id": "2a1b7e37-1e30-473c-aadc-176de729e619", "title": "Simple Author Box <= 2.51 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary User Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Simple Author Box", "slug": "simple-author-box", "affected_versions": { "* - 2.51": { "from_version": "*", "from_inclusive": true, "to_version": "2.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a1b7e37-1e30-473c-aadc-176de729e619?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a203577-0ced-4e1e-a7db-e4ca53a5bade": { "id": "2a203577-0ced-4e1e-a7db-e4ca53a5bade", "title": "Unique <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Unique", "slug": "unique", "affected_versions": { "* - 0.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a203577-0ced-4e1e-a7db-e4ca53a5bade?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a2124be-358c-47af-97c2-02afbed91a3b": { "id": "2a2124be-358c-47af-97c2-02afbed91a3b", "title": "Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Wildcard Activation and Retrieval", "software": [ { "type": "plugin", "name": "Simple 301 Redirects By BetterLinks \u2013 Easy WordPress Redirect Manager for Redirects, 404 Error Log & More", "slug": "simple-301-redirects", "affected_versions": { "2.0.0 - 2.0.3": { "from_version": "2.0.0", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a2124be-358c-47af-97c2-02afbed91a3b?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a225ccb-a7dc-4437-bd97-b309d6ae6a47": { "id": "2a225ccb-a7dc-4437-bd97-b309d6ae6a47", "title": "WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Template Part Block", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "5.9 - 5.9.9": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.9", "to_inclusive": true }, "6.0 - 6.0.8": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.8", "to_inclusive": true }, "6.1 - 6.1.6": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.6", "to_inclusive": true }, "6.2 - 6.2.5": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.5", "to_inclusive": true }, "6.3 - 6.3.4": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.4", "to_inclusive": true }, "6.4 - 6.4.4": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true }, "6.5 - 6.5.4": { "from_version": "6.5", "from_inclusive": true, "to_version": "6.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.10", "6.0.9", "6.1.7", "6.2.6", "6.3.5", "6.4.5", "6.5.5" ] }, { "type": "plugin", "name": "Gutenberg", "slug": "gutenberg", "affected_versions": { "* - 18.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "18.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "18.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a225ccb-a7dc-4437-bd97-b309d6ae6a47?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a295969-454a-47fb-bc35-4e84db38c887": { "id": "2a295969-454a-47fb-bc35-4e84db38c887", "title": "Garden Gnome Package <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Garden Gnome Package", "slug": "garden-gnome-package", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a295969-454a-47fb-bc35-4e84db38c887?source=api-scan" ], "published": "2024-09-23 13:46:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a296dd3-fbcb-4443-a905-9cbaa87faf7d": { "id": "2a296dd3-fbcb-4443-a905-9cbaa87faf7d", "title": "One Click SSL <= 1.4.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "One Click SSL", "slug": "one-click-ssl", "affected_versions": { "[*, 1.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a296dd3-fbcb-4443-a905-9cbaa87faf7d?source=api-scan" ], "published": "2019-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a2f4c83-27a6-4c50-b701-8374f21b3799": { "id": "2a2f4c83-27a6-4c50-b701-8374f21b3799", "title": "Order Listener for WooCommerce \u2013 Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Order Notification for WooCommerce \u2013 Get Audio Alert on new Orders", "slug": "woc-order-alert", "affected_versions": { "[*, 3.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a2f4c83-27a6-4c50-b701-8374f21b3799?source=api-scan" ], "published": "2022-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a331f44-74d1-4481-98fb-27d3d983d8ea": { "id": "2a331f44-74d1-4481-98fb-27d3d983d8ea", "title": "reCAPTCHA Jetpack <= 0.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "reCAPTCHA Jetpack", "slug": "recaptcha-jetpack", "affected_versions": { "* - 0.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a331f44-74d1-4481-98fb-27d3d983d8ea?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a37a0e5-2db5-49fb-8b00-1b820192f1af": { "id": "2a37a0e5-2db5-49fb-8b00-1b820192f1af", "title": "Interactive Medical Drawing of Human Body < 2.4 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Interactive Medical Drawing of Human Body", "slug": "interactive-medical-drawing-of-human-body", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a37a0e5-2db5-49fb-8b00-1b820192f1af?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a427b26-4a0d-4351-8a8b-ec5da1345ebd": { "id": "2a427b26-4a0d-4351-8a8b-ec5da1345ebd", "title": "Persian Fonts <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Persian Fonts", "slug": "persian-fonts", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a427b26-4a0d-4351-8a8b-ec5da1345ebd?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a4af494-ef5a-4bcb-916b-d4184d3df9b5": { "id": "2a4af494-ef5a-4bcb-916b-d4184d3df9b5", "title": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists <= 3.1.44 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "* - 3.1.44": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a4af494-ef5a-4bcb-916b-d4184d3df9b5?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a4d8b76-8fb0-4239-ac4b-4ef4428be02b": { "id": "2a4d8b76-8fb0-4239-ac4b-4ef4428be02b", "title": "Multivendor Marketplace Solution for WooCommerce \u2013 WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 3.8.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a4d8b76-8fb0-4239-ac4b-4ef4428be02b?source=api-scan" ], "published": "2022-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a4e66e0-85a6-4e9f-8ed7-b7ee8e75aae6": { "id": "2a4e66e0-85a6-4e9f-8ed7-b7ee8e75aae6", "title": "Portfolio Gallery \u2013 Responsive Image Gallery <= 1.4.5 - Missing Authorization to Arbitrary Gallery Deletion", "software": [ { "type": "plugin", "name": "Portfolio Gallery \u2013 Responsive Image Gallery", "slug": "gallery-portfolio", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a4e66e0-85a6-4e9f-8ed7-b7ee8e75aae6?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a4e8dbe-9889-43b1-8e15-e96791b13093": { "id": "2a4e8dbe-9889-43b1-8e15-e96791b13093", "title": "Remove CPT base <= 5.8 - Cross-Site Request Forgery to CPT base deletion", "software": [ { "type": "plugin", "name": "Remove CPT base", "slug": "remove-cpt-base", "affected_versions": { "* - 5.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a4e8dbe-9889-43b1-8e15-e96791b13093?source=api-scan" ], "published": "2022-05-06 13:29:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a521be2-b3ce-47de-8a28-aeff94942d85": { "id": "2a521be2-b3ce-47de-8a28-aeff94942d85", "title": "WordPress Core <= 3.0.3 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a521be2-b3ce-47de-8a28-aeff94942d85?source=api-scan" ], "published": "2010-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a56b6f1-d3f1-4c6b-9657-a25ebc083b9e": { "id": "2a56b6f1-d3f1-4c6b-9657-a25ebc083b9e", "title": "Edwiser Bridge <= 3.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Edwiser Bridge \u2013 WordPress Moodle LMS Integration", "slug": "edwiser-bridge", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a56b6f1-d3f1-4c6b-9657-a25ebc083b9e?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a5c6b05-6e28-40be-80cb-9f95241a4fc6": { "id": "2a5c6b05-6e28-40be-80cb-9f95241a4fc6", "title": "We\u2019re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "We\u2019re Open!", "slug": "opening-hours", "affected_versions": { "* - 1.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a5c6b05-6e28-40be-80cb-9f95241a4fc6?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a5ccc0b-a80a-41df-991c-5c356eb10512": { "id": "2a5ccc0b-a80a-41df-991c-5c356eb10512", "title": "WPJAM Basic <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WPJAM Basic", "slug": "wpjam-basic", "affected_versions": { "* - 6.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a5ccc0b-a80a-41df-991c-5c356eb10512?source=api-scan" ], "published": "2023-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476": { "id": "2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476", "title": "Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a677eed-0344-457e-aa5f-3b94a624462c": { "id": "2a677eed-0344-457e-aa5f-3b94a624462c", "title": "SEO Smart Links <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Smart Links", "slug": "seo-automatic-links", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a677eed-0344-457e-aa5f-3b94a624462c?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a681cef-649f-4342-beb6-914674bbf6d6": { "id": "2a681cef-649f-4342-beb6-914674bbf6d6", "title": "InstaWP Connect <= 0.1.0.8 - Authenticated (Subscriber+) Remote Code Execution", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a681cef-649f-4342-beb6-914674bbf6d6?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a690565-d401-4c71-8ca2-c9a10468e870": { "id": "2a690565-d401-4c71-8ca2-c9a10468e870", "title": "BookingPress <= 1.0.82 - Missing Authorization to Appointment Time Alteration", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.82": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a690565-d401-4c71-8ca2-c9a10468e870?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a69576e-4796-421a-b6ee-08a3b40d4805": { "id": "2a69576e-4796-421a-b6ee-08a3b40d4805", "title": "Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 9.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a69576e-4796-421a-b6ee-08a3b40d4805?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a6bfc87-6135-4d49-baa2-e8e6291148dc": { "id": "2a6bfc87-6135-4d49-baa2-e8e6291148dc", "title": "Meta Box \u2013 WordPress Custom Fields Framework <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meta Box \u2013 WordPress Custom Fields Framework", "slug": "meta-box", "affected_versions": { "* - 5.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a6bfc87-6135-4d49-baa2-e8e6291148dc?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a6c5610-ed84-4d7d-a28f-d3807230e119": { "id": "2a6c5610-ed84-4d7d-a28f-d3807230e119", "title": "Web Directory Free <= 1.6.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Web Directory Free", "slug": "web-directory-free", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a6c5610-ed84-4d7d-a28f-d3807230e119?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a6d72d0-f262-46a1-91c7-1c34ab995614": { "id": "2a6d72d0-f262-46a1-91c7-1c34ab995614", "title": "Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress < 4.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress", "slug": "gallery-plugin", "affected_versions": { "[*, 4.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a6d72d0-f262-46a1-91c7-1c34ab995614?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a700c1c-2ac2-47b8-95e6-ee1a02f50c12": { "id": "2a700c1c-2ac2-47b8-95e6-ee1a02f50c12", "title": "WP Cerber Security <= 9.3.2 - User Enumeration Bypass via REST API", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "* - 9.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a700c1c-2ac2-47b8-95e6-ee1a02f50c12?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a75f4eb-698b-4c92-9829-de6c55e21ecb": { "id": "2a75f4eb-698b-4c92-9829-de6c55e21ecb", "title": "Under Construction \/ Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Under Construction \/ Maintenance Mode from Acurax", "slug": "coming-soon-maintenance-mode-from-acurax", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a78b274-f83f-4168-a8d2-9ee945518b60": { "id": "2a78b274-f83f-4168-a8d2-9ee945518b60", "title": "WP Food Manager <= 1.0.3 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Food Manager \u2013 Restaurant Menu & Online Food Ordering for WooCommerce \u2013 Food Delivery & Pickup \u2013 Table Reservation", "slug": "wp-food-manager", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a78b274-f83f-4168-a8d2-9ee945518b60?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a7d6059-4cef-4bd1-a14d-ad544bfaeea3": { "id": "2a7d6059-4cef-4bd1-a14d-ad544bfaeea3", "title": "BetterDocs <= 2.5.2 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg", "slug": "betterdocs", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a7f64e1-c815-426b-99cc-03ab62aaf9de": { "id": "2a7f64e1-c815-426b-99cc-03ab62aaf9de", "title": "wp2syslog <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp2syslog", "slug": "wp2syslog", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a7f64e1-c815-426b-99cc-03ab62aaf9de?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a804605-c079-4310-a57f-81c3eb216dee": { "id": "2a804605-c079-4310-a57f-81c3eb216dee", "title": "NOTICE BOARD <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NOTICE BOARD", "slug": "notice-board", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a804605-c079-4310-a57f-81c3eb216dee?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a82666d-4c35-4aba-9163-834eef6c50ad": { "id": "2a82666d-4c35-4aba-9163-834eef6c50ad", "title": "WP Crontrol < 1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Crontrol", "slug": "wp-crontrol", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a82666d-4c35-4aba-9163-834eef6c50ad?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a83ade5-5e53-4d53-ada0-43d487e5e23f": { "id": "2a83ade5-5e53-4d53-ada0-43d487e5e23f", "title": "WP Optin Wheel <= 1.4.2 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce", "slug": "wp-optin-wheel", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a83ade5-5e53-4d53-ada0-43d487e5e23f?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a8430ed-6aeb-46a3-8c42-59646845706e": { "id": "2a8430ed-6aeb-46a3-8c42-59646845706e", "title": "WPvivid Backup for MainWP <= 0.9.32 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPvivid Backup for MainWP", "slug": "wpvivid-backup-mainwp", "affected_versions": { "* - 0.9.32": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a8430ed-6aeb-46a3-8c42-59646845706e?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a896f57-e742-4eb6-85dc-c45d3f0747d8": { "id": "2a896f57-e742-4eb6-85dc-c45d3f0747d8", "title": "WP Symposium <= 11.11.26 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "* - 11.11.26": { "from_version": "*", "from_inclusive": true, "to_version": "11.11.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.12.08" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a896f57-e742-4eb6-85dc-c45d3f0747d8?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a938325-45f5-455b-b2b7-e19e6e22cd0c": { "id": "2a938325-45f5-455b-b2b7-e19e6e22cd0c", "title": "Post State Tags <= 2.0.6 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "plugin", "name": "Post State Tags", "slug": "post-state-tags", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a938325-45f5-455b-b2b7-e19e6e22cd0c?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a97f59d-c4b1-4544-8cef-37a01cc6f7ec": { "id": "2a97f59d-c4b1-4544-8cef-37a01cc6f7ec", "title": "Login as User or Customer <= 3.8 - Unauthenticated Limited Admin Account Compromise", "software": [ { "type": "plugin", "name": "Login as User or Customer", "slug": "login-as-customer-or-user", "affected_versions": { "3.8": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a97f59d-c4b1-4544-8cef-37a01cc6f7ec?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a99a21c-d4f1-4cdb-b1f1-31b3cf666b80": { "id": "2a99a21c-d4f1-4cdb-b1f1-31b3cf666b80", "title": "WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion", "software": [ { "type": "plugin", "name": "WP STAGING Pro WordPress Backup Plugin", "slug": "wp-staging-pro", "affected_versions": { "* - 5.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a99a21c-d4f1-4cdb-b1f1-31b3cf666b80?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a9a642f-1ca5-4f08-b404-c11deba100e9": { "id": "2a9a642f-1ca5-4f08-b404-c11deba100e9", "title": "Clockwork SMS Notfications < 2.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clockwork SMS Notfications", "slug": "mediaburst-email-to-sms", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a9a642f-1ca5-4f08-b404-c11deba100e9?source=api-scan" ], "published": "2017-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a9bf519-bc55-411b-836a-fb394e317396": { "id": "2a9bf519-bc55-411b-836a-fb394e317396", "title": "Caldera Forms <= 1.5.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Caldera Forms \u2013 More Than Contact Forms", "slug": "caldera-forms", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a9bf519-bc55-411b-836a-fb394e317396?source=api-scan" ], "published": "2017-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2a9ed6f2-3def-420c-b6d5-6343fcd7b147": { "id": "2a9ed6f2-3def-420c-b6d5-6343fcd7b147", "title": "Wise Chat <= 3.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wise Chat", "slug": "wise-chat", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2a9ed6f2-3def-420c-b6d5-6343fcd7b147?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2aaca776-03ce-43bb-9553-f455f57124a3": { "id": "2aaca776-03ce-43bb-9553-f455f57124a3", "title": "WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 10.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "10.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2aaca776-03ce-43bb-9553-f455f57124a3?source=api-scan" ], "published": "2024-07-23 18:49:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ab1a623-5726-45ca-9667-ed926c5d3364": { "id": "2ab1a623-5726-45ca-9667-ed926c5d3364", "title": "Alojapro Widget <= 1.1.15 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alojapro Booking Engine", "slug": "alojapro-widget", "affected_versions": { "* - 1.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ab1a623-5726-45ca-9667-ed926c5d3364?source=api-scan" ], "published": "2021-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ab58add-ab81-4c84-b773-7daf382492b0": { "id": "2ab58add-ab81-4c84-b773-7daf382492b0", "title": "Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields", "software": [ { "type": "plugin", "name": "Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend", "slug": "views-for-wpforms-lite", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ab58add-ab81-4c84-b773-7daf382492b0?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ab6e751-dc23-442f-b22e-ee41fd6651f6": { "id": "2ab6e751-dc23-442f-b22e-ee41fd6651f6", "title": "WordPress Core < 2.0.4 - Privilege Escalation", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ab6e751-dc23-442f-b22e-ee41fd6651f6?source=api-scan" ], "published": "2006-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ab6f54d-0358-4f0c-aba5-b4053e1a345d": { "id": "2ab6f54d-0358-4f0c-aba5-b4053e1a345d", "title": "BA Plus <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BA Plus \u2013 Before & After Image Slider FREE", "slug": "ba-plus-before-after-image-slider-free", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ab6f54d-0358-4f0c-aba5-b4053e1a345d?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ac1d65c-5e09-41ca-809b-2ab3ab5f62af": { "id": "2ac1d65c-5e09-41ca-809b-2ab3ab5f62af", "title": "Shortcodes Ultimate <= 5.12.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ac1d65c-5e09-41ca-809b-2ab3ab5f62af?source=api-scan" ], "published": "2022-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ac1e3ee-4dcc-4f45-ad07-17af750da3d1": { "id": "2ac1e3ee-4dcc-4f45-ad07-17af750da3d1", "title": "Booking for Appointments and Events Calendar \u2013 Amelia Premium <= 7.7 and Lite <= 1.2.3 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia Premium", "slug": "ameliabooking", "affected_versions": { "* - 7.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ac1e3ee-4dcc-4f45-ad07-17af750da3d1?source=api-scan" ], "published": "2024-09-04 21:24:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ac7414c-8035-406a-ab1e-94d9f64e52fa": { "id": "2ac7414c-8035-406a-ab1e-94d9f64e52fa", "title": "PixTypes <= 1.4.14 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PixTypes", "slug": "pixtypes", "affected_versions": { "* - 1.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ac7414c-8035-406a-ab1e-94d9f64e52fa?source=api-scan" ], "published": "2023-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2acd40d5-8a9c-4ca8-9c89-5bf639b1c66c": { "id": "2acd40d5-8a9c-4ca8-9c89-5bf639b1c66c", "title": "Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Process Steps Template Designer", "slug": "process-steps-template-designer", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2acd40d5-8a9c-4ca8-9c89-5bf639b1c66c?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ad0acd5-b5d8-481d-954e-a629bb0e11a8": { "id": "2ad0acd5-b5d8-481d-954e-a629bb0e11a8", "title": "Progressive WordPress (PWA) <= 2.1.13 - Missing Authorization", "software": [ { "type": "plugin", "name": "Progressive WordPress (PWA)", "slug": "progressive-wp", "affected_versions": { "* - 2.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ad0acd5-b5d8-481d-954e-a629bb0e11a8?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ad1af69-61e1-4453-866e-1ae71f614f30": { "id": "2ad1af69-61e1-4453-866e-1ae71f614f30", "title": "Membership For WooCommerce <= 2.1.6 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Membership For WooCommerce \u2013 SIMPLE MEMBERSHIP PLANS, RECURRING REVENUE, USER PROFILES & SIGNUPS, CONTENT RESTRICTIONS, AND MEMBER LEVELS WITH WOOCOMMERCE MEMBERSHIP", "slug": "membership-for-woocommerce", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ad1af69-61e1-4453-866e-1ae71f614f30?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ad47937-8125-405c-9fd3-9b3b210942fa": { "id": "2ad47937-8125-405c-9fd3-9b3b210942fa", "title": "GamesTheme <= 1.0.3 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "GamesTheme", "slug": "GamesTheme", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ad47937-8125-405c-9fd3-9b3b210942fa?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ad5544a-6694-41e4-940f-fa96daf4b41d": { "id": "2ad5544a-6694-41e4-940f-fa96daf4b41d", "title": "Checkout with Zelle on Woocommerce <= 3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Checkout with Zelle on Woocommerce", "slug": "wc-zelle", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ad5544a-6694-41e4-940f-fa96daf4b41d?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ad674f7-aff6-432d-9c4c-95aebf8fcf6b": { "id": "2ad674f7-aff6-432d-9c4c-95aebf8fcf6b", "title": "WordPress Core < 2.3.2 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ad674f7-aff6-432d-9c4c-95aebf8fcf6b?source=api-scan" ], "published": "2007-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ad7fd59-e4a2-46e7-9232-d76255a6b0b4": { "id": "2ad7fd59-e4a2-46e7-9232-d76255a6b0b4", "title": "Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaky Paywall", "slug": "leaky-paywall", "affected_versions": { "* - 4.16.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ad7fd59-e4a2-46e7-9232-d76255a6b0b4?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ae0d83b-a444-4141-89da-b63ce216db17": { "id": "2ae0d83b-a444-4141-89da-b63ce216db17", "title": "Ajax Search Pro <= 3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ajax Search Pro", "slug": "ajax-search-pro", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ae0d83b-a444-4141-89da-b63ce216db17?source=api-scan" ], "published": "2015-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ae44bcb-6149-4661-8890-23c867e9a918": { "id": "2ae44bcb-6149-4661-8890-23c867e9a918", "title": "Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider", "slug": "ultimate-store-kit", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ae44bcb-6149-4661-8890-23c867e9a918?source=api-scan" ], "published": "2024-08-20 19:47:05", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ae70225-3597-463b-907c-d2a3a7bcecb4": { "id": "2ae70225-3597-463b-907c-d2a3a7bcecb4", "title": "WooCommerce Stock Manager < 1.0.9 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Stock Manager for WooCommerce", "slug": "woocommerce-stock-manager", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ae70225-3597-463b-907c-d2a3a7bcecb4?source=api-scan" ], "published": "2016-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ae916a0-b0a8-4722-9d8a-3d1f163bc8e5": { "id": "2ae916a0-b0a8-4722-9d8a-3d1f163bc8e5", "title": "WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Cost Estimation & Payment Forms Builder", "slug": "wp-estimation-form", "affected_versions": { "* - 10.1.75": { "from_version": "*", "from_inclusive": true, "to_version": "10.1.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.1.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ae916a0-b0a8-4722-9d8a-3d1f163bc8e5?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ae939f4-5a90-48ca-ae13-2ccbd6d8d08a": { "id": "2ae939f4-5a90-48ca-ae13-2ccbd6d8d08a", "title": "Simple Telegram <= 0.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Telegram", "slug": "simple-telegram-for-wp", "affected_versions": { "* - 0.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ae939f4-5a90-48ca-ae13-2ccbd6d8d08a?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2af03168-9344-4db0-9b69-2ad1fdb6d472": { "id": "2af03168-9344-4db0-9b69-2ad1fdb6d472", "title": "EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2af03168-9344-4db0-9b69-2ad1fdb6d472?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2af76ad6-9c78-4b44-b104-d66f0014b5cf": { "id": "2af76ad6-9c78-4b44-b104-d66f0014b5cf", "title": "Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Embed PDF", "slug": "dirtysuds-embed-pdf", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2af76ad6-9c78-4b44-b104-d66f0014b5cf?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2af996d2-7430-4367-8fd9-212df6106fb0": { "id": "2af996d2-7430-4367-8fd9-212df6106fb0", "title": "SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Security Optimizer \u2013 The All-In-One Protection Plugin", "slug": "sg-security", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2af996d2-7430-4367-8fd9-212df6106fb0?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2afa0d46-eead-4eb3-9bf1-81fafd3f0f88": { "id": "2afa0d46-eead-4eb3-9bf1-81fafd3f0f88", "title": "Appointments Scheduler <= 1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointments Scheduler", "slug": "wp-appointments-schedules", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2afa0d46-eead-4eb3-9bf1-81fafd3f0f88?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2afbc0a4-32ad-4fc4-9b10-5c06784f72f3": { "id": "2afbc0a4-32ad-4fc4-9b10-5c06784f72f3", "title": "WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accept Payments with Stripe \u2013 WP Full Pay for WordPress", "slug": "wp-full-stripe-free", "affected_versions": { "* - 7.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2afbc0a4-32ad-4fc4-9b10-5c06784f72f3?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b0198c8-4be8-44e0-9728-d5d2aa376796": { "id": "2b0198c8-4be8-44e0-9728-d5d2aa376796", "title": "PPOM for WooCommerce <= 1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "PPOM \u2013 Product Addons & Custom Fields for WooCommerce", "slug": "woocommerce-product-addon", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b0198c8-4be8-44e0-9728-d5d2aa376796?source=api-scan" ], "published": "2016-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b045cef-c17c-4e6e-ab84-c0466a5a90ff": { "id": "2b045cef-c17c-4e6e-ab84-c0466a5a90ff", "title": "Foliopress WYSIWYG < 2.6.16 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Foliopress WYSIWYG", "slug": "foliopress-wysiwyg", "affected_versions": { "* - 2.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b045cef-c17c-4e6e-ab84-c0466a5a90ff?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b072278-6627-42b2-a532-c8854c9a4921": { "id": "2b072278-6627-42b2-a532-c8854c9a4921", "title": "Post Comments as bbPress Topics <= 2.2.3 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Comments as bbPress Topics", "slug": "bbpress-post-topics", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b072278-6627-42b2-a532-c8854c9a4921?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b0937fe-3ea6-427a-aef7-539c08687abb": { "id": "2b0937fe-3ea6-427a-aef7-539c08687abb", "title": "Theme Switcha <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Theme Switcha \u2013 Easily Switch Themes for Development and Testing", "slug": "theme-switcha", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b0937fe-3ea6-427a-aef7-539c08687abb?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b0d0c44-0ee8-400b-a4ea-e5520c2a6710": { "id": "2b0d0c44-0ee8-400b-a4ea-e5520c2a6710", "title": "Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage Digital Gift Certificates with Personalized Templates <= 2.6.6 - Missing Authorization to Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Ultimate Gift Cards for WooCommerce \u2013 Ultimate Gift Cards for Woocommerce \u2013 Create Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates", "slug": "woo-gift-cards-lite", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b0f887c-b9e5-4d3c-b354-ebf5741dc3ba": { "id": "2b0f887c-b9e5-4d3c-b354-ebf5741dc3ba", "title": "Podcast Importer SecondLine < 1.3.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Podcast Importer SecondLine", "slug": "podcast-importer-secondline", "affected_versions": { "[*, 1.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b0f887c-b9e5-4d3c-b354-ebf5741dc3ba?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b1261d9-ab21-4ec2-84d7-f12a2013607a": { "id": "2b1261d9-ab21-4ec2-84d7-f12a2013607a", "title": "My WP Translate <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My WP Translate", "slug": "my-wp-translate", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b1261d9-ab21-4ec2-84d7-f12a2013607a?source=api-scan" ], "published": "2017-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b1449a9-6c89-4dec-8107-86cf8a295025": { "id": "2b1449a9-6c89-4dec-8107-86cf8a295025", "title": "Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom post types, Custom Fields & more", "slug": "custom-post-types", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b1449a9-6c89-4dec-8107-86cf8a295025?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b1933a5-48f3-4707-8e3d-824b60ce2635": { "id": "2b1933a5-48f3-4707-8e3d-824b60ce2635", "title": "My Sticky Elements <= 2.0.8 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs \u2013 My Sticky Elements", "slug": "mystickyelements", "affected_versions": { "2.0.8": { "from_version": "2.0.8", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b1933a5-48f3-4707-8e3d-824b60ce2635?source=api-scan" ], "published": "2023-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b1dc849-e306-4c09-a565-14d4e2427c69": { "id": "2b1dc849-e306-4c09-a565-14d4e2427c69", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b1dc849-e306-4c09-a565-14d4e2427c69?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b1f068f-6473-4875-a990-dd4bf337e7b7": { "id": "2b1f068f-6473-4875-a990-dd4bf337e7b7", "title": "OpenPGP Form Encryption for WordPress <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OpenPGP Form Encryption for WordPress", "slug": "openpgp-form-encryption", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b1f068f-6473-4875-a990-dd4bf337e7b7?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b229ea2-3a7d-42bd-a235-ffd18e206c8b": { "id": "2b229ea2-3a7d-42bd-a235-ffd18e206c8b", "title": "WP GoToWebinar <= 14.46 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP GoToWebinar", "slug": "wp-gotowebinar", "affected_versions": { "* - 14.46": { "from_version": "*", "from_inclusive": true, "to_version": "14.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b229ea2-3a7d-42bd-a235-ffd18e206c8b?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b2302d9-426c-415b-a7d3-3a9de95d87d1": { "id": "2b2302d9-426c-415b-a7d3-3a9de95d87d1", "title": "WPML <= 4.6.0 - Reflected Cross-Site Scripting via wp_lang", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b2302d9-426c-415b-a7d3-3a9de95d87d1?source=api-scan" ], "published": "2023-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b23b71d-1231-44ce-b992-5e74ddafb4bd": { "id": "2b23b71d-1231-44ce-b992-5e74ddafb4bd", "title": "bbPress Move Topics <= 1.1.4 - PHP Object Injection", "software": [ { "type": "plugin", "name": "bbPress Move Topics", "slug": "bbp-move-topics", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b23b71d-1231-44ce-b992-5e74ddafb4bd?source=api-scan" ], "published": "2018-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b24693f-6b69-4dfb-a18c-e929db09d020": { "id": "2b24693f-6b69-4dfb-a18c-e929db09d020", "title": "Pagelines Theme < 1.4.6 - Missing Authorization", "software": [ { "type": "theme", "name": "Pagelines", "slug": "pagelines", "affected_versions": { "[*, 1.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b24693f-6b69-4dfb-a18c-e929db09d020?source=api-scan" ], "published": "2015-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b249842-c480-495a-8eec-6c7d0893ef1c": { "id": "2b249842-c480-495a-8eec-6c7d0893ef1c", "title": "Rise Blocks \u2013 A Complete Gutenberg Page Builder <= 3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Rise Blocks \u2013 A Complete Gutenberg Page Builder", "slug": "rise-blocks", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b249842-c480-495a-8eec-6c7d0893ef1c?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b2714f7-9877-4d3d-a692-70fbf8584728": { "id": "2b2714f7-9877-4d3d-a692-70fbf8584728", "title": "GuruWalk Affiliates <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "GuruWalk Affiliates", "slug": "guruwalk-affiliates", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b2714f7-9877-4d3d-a692-70fbf8584728?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b2769bc-523b-4a8f-9042-1e879db3f8ed": { "id": "2b2769bc-523b-4a8f-9042-1e879db3f8ed", "title": "Pie Register <= 2.0.13 - Missing Authorization", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "* - 2.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b2769bc-523b-4a8f-9042-1e879db3f8ed?source=api-scan" ], "published": "2015-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b290f4c-293d-41d5-b43e-b9c5c350552b": { "id": "2b290f4c-293d-41d5-b43e-b9c5c350552b", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b290f4c-293d-41d5-b43e-b9c5c350552b?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b2a10b6-e7dc-47c7-9f59-c4350d58b0d1": { "id": "2b2a10b6-e7dc-47c7-9f59-c4350d58b0d1", "title": "InstaWP Connect <= 0.1.0.24 - Missing Authorization", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.24": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b2a10b6-e7dc-47c7-9f59-c4350d58b0d1?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b2c2d52-7d76-4b7a-98e5-d3843720954a": { "id": "2b2c2d52-7d76-4b7a-98e5-d3843720954a", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b2c2d52-7d76-4b7a-98e5-d3843720954a?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b2fa832-ed1b-47e9-b9eb-049541530ab6": { "id": "2b2fa832-ed1b-47e9-b9eb-049541530ab6", "title": "Blogroll Fun \u2013 Show Last Post and Last Update Time < 0.8.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blogroll Fun \u2013 Show Last Post and Last Update Time", "slug": "blogroll-fun", "affected_versions": { "* - 0.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b2fa832-ed1b-47e9-b9eb-049541530ab6?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b300f55-f1ee-4345-adc2-32cd3b081a30": { "id": "2b300f55-f1ee-4345-adc2-32cd3b081a30", "title": "WordPress Core < 4.7.1 - Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.16": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.16", "to_inclusive": true }, "3.8 - 3.8.16": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.16", "to_inclusive": true }, "3.9 - 3.9.14": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true }, "4.0 - 4.0.13": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.13", "to_inclusive": true }, "4.1 - 4.1.13": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true }, "4.2 - 4.2.10": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.10", "to_inclusive": true }, "4.3 - 4.3.6": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true }, "4.4 - 4.4.5": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true }, "4.5 - 4.5.4": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true }, "4.6 - 4.6.1": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true }, "4.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.17", "3.8.17", "3.9.15", "4.0.14", "4.1.14", "4.2.11", "4.3.7", "4.4.6", "4.5.5", "4.6.2", "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b300f55-f1ee-4345-adc2-32cd3b081a30?source=api-scan" ], "published": "2017-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b32cc12-c8d5-40b8-9510-42699beec581": { "id": "2b32cc12-c8d5-40b8-9510-42699beec581", "title": "Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b32cc12-c8d5-40b8-9510-42699beec581?source=api-scan" ], "published": "2024-09-25 23:14:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b335807-f4d1-43b3-9e1b-2215eb00a3f8": { "id": "2b335807-f4d1-43b3-9e1b-2215eb00a3f8", "title": "WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "WP Meteor Website Speed Optimization Addon", "slug": "wp-meteor", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b335807-f4d1-43b3-9e1b-2215eb00a3f8?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b346ae7-e3aa-4728-8dd9-e77fc388576e": { "id": "2b346ae7-e3aa-4728-8dd9-e77fc388576e", "title": "Simple Security <= 1.1.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Security", "slug": "simple-security", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b346ae7-e3aa-4728-8dd9-e77fc388576e?source=api-scan" ], "published": "2015-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b365fb8-7a93-4306-b2b1-ce47dc19457a": { "id": "2b365fb8-7a93-4306-b2b1-ce47dc19457a", "title": "WooCommerce Bookings <= 1.15.78 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WooCommerce Bookings", "slug": "woocommerce-bookings", "affected_versions": { "* - 1.15.78": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.78", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.79" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b365fb8-7a93-4306-b2b1-ce47dc19457a?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b39abc8-9281-4d58-a9ec-877c5bae805a": { "id": "2b39abc8-9281-4d58-a9ec-877c5bae805a", "title": "Env\u00edaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Env\u00edaloSimple: Email Marketing y Newsletters", "slug": "envialosimple-email-marketing-y-newsletters-gratis", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b39abc8-9281-4d58-a9ec-877c5bae805a?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b3b9576-7c7d-4665-92d5-03aa292cdbbe": { "id": "2b3b9576-7c7d-4665-92d5-03aa292cdbbe", "title": "Charitable <= 1.7.0.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "* - 1.7.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b3b9576-7c7d-4665-92d5-03aa292cdbbe?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b49add4-a4ae-4527-95bd-c295200eeedd": { "id": "2b49add4-a4ae-4527-95bd-c295200eeedd", "title": "LiteSpeed Cache <= 6.4.1 - Authenticated (Author+) Path Traversal", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 6.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b49add4-a4ae-4527-95bd-c295200eeedd?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b4cc8f5-f95c-4ab7-aee9-cbdc06cc3e9a": { "id": "2b4cc8f5-f95c-4ab7-aee9-cbdc06cc3e9a", "title": "Easy Forms for Mailchimp <= 6.9.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "* - 6.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b4cc8f5-f95c-4ab7-aee9-cbdc06cc3e9a?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b4df2b3-8d85-4e5c-8ead-92ed2259c84a": { "id": "2b4df2b3-8d85-4e5c-8ead-92ed2259c84a", "title": "Orange Form <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Orange Form", "slug": "orange-form", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b4df2b3-8d85-4e5c-8ead-92ed2259c84a?source=api-scan" ], "published": "2021-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b4e7c02-48d3-4271-a3bc-e7d3256b7217": { "id": "2b4e7c02-48d3-4271-a3bc-e7d3256b7217", "title": "LINE Notify <= 1.4.4 - Reflected Cross-Site Scripting via 'uid'", "software": [ { "type": "plugin", "name": "WP LINE Notify", "slug": "wp-line-notify", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b4e7c02-48d3-4271-a3bc-e7d3256b7217?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b581c4d-a95f-4922-95bb-15f24010ca34": { "id": "2b581c4d-a95f-4922-95bb-15f24010ca34", "title": "Libsyn Publisher Hub <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Libsyn Publisher Hub", "slug": "libsyn-podcasting", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b581c4d-a95f-4922-95bb-15f24010ca34?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b59d281-d5c8-455a-8aa8-b03847bdd45f": { "id": "2b59d281-d5c8-455a-8aa8-b03847bdd45f", "title": "WP Links Page <= 4.9.5 - Missing Authorization to Authenticated (Subscriber+) Limited Image Update", "software": [ { "type": "plugin", "name": "WP Links Page", "slug": "wp-links-page", "affected_versions": { "* - 4.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b59d281-d5c8-455a-8aa8-b03847bdd45f?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b5ad113-f739-455a-9db6-b4f300b92837": { "id": "2b5ad113-f739-455a-9db6-b4f300b92837", "title": "Phlox PRO <= 5.16.4 - Reflected Cross-Site Scripting via Search Parameters", "software": [ { "type": "theme", "name": "Phlox PRO", "slug": "phlox-pro", "affected_versions": { "* - 5.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b5ad113-f739-455a-9db6-b4f300b92837?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b5d64b8-c339-4bbc-b91e-4805428f7296": { "id": "2b5d64b8-c339-4bbc-b91e-4805428f7296", "title": "Newsletter Popup <= 1.2 - Unauthenticted Stored Cross-Site Scripting via 'nl_data'", "software": [ { "type": "plugin", "name": "Newsletter Popup", "slug": "newsletter-popup", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b5d64b8-c339-4bbc-b91e-4805428f7296?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b60e693-472e-48ba-81c7-869c9b255762": { "id": "2b60e693-472e-48ba-81c7-869c9b255762", "title": "Passster \u2013 Password Protection <= 3.5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Passster \u2013 Password Protect Pages and Content", "slug": "content-protector", "affected_versions": { "* - 3.5.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b60e693-472e-48ba-81c7-869c9b255762?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b6489f8-061d-4fbd-81f2-9f508dd0e7f8": { "id": "2b6489f8-061d-4fbd-81f2-9f508dd0e7f8", "title": "YITH WooCommerce Gift Cards Premium <= 3.3.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "YITH WooCommerce Gift Cards Premium", "slug": "yith-woocommerce-gift-cards-premium", "affected_versions": { "[*, 3.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b6489f8-061d-4fbd-81f2-9f508dd0e7f8?source=api-scan" ], "published": "2021-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b670550-cf04-4db1-95e7-0330b5793c58": { "id": "2b670550-cf04-4db1-95e7-0330b5793c58", "title": "VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in multiple functions in admin\/controller.php", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b670550-cf04-4db1-95e7-0330b5793c58?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b696e0b-d4e1-4a81-9204-929100ade073": { "id": "2b696e0b-d4e1-4a81-9204-929100ade073", "title": "Eonet Manual User Approve <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Eonet Manual User Approve", "slug": "eonet-manual-user-approve", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b696e0b-d4e1-4a81-9204-929100ade073?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b69f90a-1dd3-4184-aee3-9b0251b981cc": { "id": "2b69f90a-1dd3-4184-aee3-9b0251b981cc", "title": "WP Migrate Pro <= 2.6.10 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "WP Migrate Pro", "slug": "wp-migrate-db-pro", "affected_versions": { "* - 2.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b69f90a-1dd3-4184-aee3-9b0251b981cc?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b6b4953-a264-4668-9cc3-1578109f6592": { "id": "2b6b4953-a264-4668-9cc3-1578109f6592", "title": "Preview Link Generator <= 1.0.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "Preview Link Generator", "slug": "preview-link-generator", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b6b4953-a264-4668-9cc3-1578109f6592?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b7220a4-7178-42f7-978b-96eae777b134": { "id": "2b7220a4-7178-42f7-978b-96eae777b134", "title": "FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "[*, 7.3.15.727)": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.15.727", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.3.15.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b7220a4-7178-42f7-978b-96eae777b134?source=api-scan" ], "published": "2019-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b72bf37-05c8-424e-98d1-39fe032368ad": { "id": "2b72bf37-05c8-424e-98d1-39fe032368ad", "title": "WassUp Real Time Analytics < 1.9.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WassUp Real Time Analytics", "slug": "wassup", "affected_versions": { "[*, 1.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b72bf37-05c8-424e-98d1-39fe032368ad?source=api-scan" ], "published": "2016-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b737a26-e4ae-4c9f-a98a-a22a31ac4f99": { "id": "2b737a26-e4ae-4c9f-a98a-a22a31ac4f99", "title": "Transbank Webpay REST <= 1.6.6 - Authenticated (Administrator+) SQL Injection via orderby", "software": [ { "type": "plugin", "name": "Transbank Webpay REST", "slug": "transbank-webpay-plus-rest", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b737a26-e4ae-4c9f-a98a-a22a31ac4f99?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b75dce8-3e31-45e8-b193-5df3e4391e56": { "id": "2b75dce8-3e31-45e8-b193-5df3e4391e56", "title": "Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Announce from the Dashboard", "slug": "announce-from-the-dashboard", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b75dce8-3e31-45e8-b193-5df3e4391e56?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b77703e-b3d3-4105-a162-0afe86d5b3eb": { "id": "2b77703e-b3d3-4105-a162-0afe86d5b3eb", "title": "Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells", "slug": "funnel-builder", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b77703e-b3d3-4105-a162-0afe86d5b3eb?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b7ca272-88ac-4002-b4ce-73ad5d0510ef": { "id": "2b7ca272-88ac-4002-b4ce-73ad5d0510ef", "title": "Donations < 1.4 - Unauthenticated Arbitrary Options Change", "software": [ { "type": "plugin", "name": "Donations", "slug": "nd-donations", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b7ca272-88ac-4002-b4ce-73ad5d0510ef?source=api-scan" ], "published": "2019-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b81a643-e04a-4e7f-91dd-9241fdd1a3ac": { "id": "2b81a643-e04a-4e7f-91dd-9241fdd1a3ac", "title": "Cozy Blocks <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cozy Blocks \u2013 Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library", "slug": "cozy-addons", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b81a643-e04a-4e7f-91dd-9241fdd1a3ac?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b81d7fc-6050-40bb-9416-e8d7d20e8ef8": { "id": "2b81d7fc-6050-40bb-9416-e8d7d20e8ef8", "title": "Import and export users and customers <= 1.14.1.3 - Cross-Site Request Forgery leading to attachment deletion & Path Traversal", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.14.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b81d7fc-6050-40bb-9416-e8d7d20e8ef8?source=api-scan" ], "published": "2019-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b8306b8-1f4c-48fb-8eb7-bf02a2f77e04": { "id": "2b8306b8-1f4c-48fb-8eb7-bf02a2f77e04", "title": "WP-PostRatings <= 1.61 - SQL Injection", "software": [ { "type": "plugin", "name": "WP-PostRatings", "slug": "wp-postratings", "affected_versions": { "* - 1.61": { "from_version": "*", "from_inclusive": true, "to_version": "1.61", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b8306b8-1f4c-48fb-8eb7-bf02a2f77e04?source=api-scan" ], "published": "2011-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b881c73-2dfc-4b73-99f3-33432b750efd": { "id": "2b881c73-2dfc-4b73-99f3-33432b750efd", "title": "Page View Count <= 2.5.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Page View Count", "slug": "page-views-count", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b881c73-2dfc-4b73-99f3-33432b750efd?source=api-scan" ], "published": "2022-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b897790-43f7-4ca4-8abe-9dc736a7c011": { "id": "2b897790-43f7-4ca4-8abe-9dc736a7c011", "title": "WP-chgFontSize <= 1.8 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-chgFontSize", "slug": "wp-chgfontsize", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b897790-43f7-4ca4-8abe-9dc736a7c011?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b90c0a2-19b2-4846-9f62-2b02d28cc13b": { "id": "2b90c0a2-19b2-4846-9f62-2b02d28cc13b", "title": "Responsive Pricing Table <= 5.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Pricing Table", "slug": "dk-pricr-responsive-pricing-table", "affected_versions": { "* - 5.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b90c0a2-19b2-4846-9f62-2b02d28cc13b?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2b959b65-16ad-45f9-9ad9-dfc97bda571e": { "id": "2b959b65-16ad-45f9-9ad9-dfc97bda571e", "title": "Bonus for Woo <= 5.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bonus for Woo", "slug": "bonus-for-woo", "affected_versions": { "* - 5.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2b959b65-16ad-45f9-9ad9-dfc97bda571e?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ba4a8bb-c67c-42c5-8c4e-229756babc5f": { "id": "2ba4a8bb-c67c-42c5-8c4e-229756babc5f", "title": "Multi Plugin Installer < 1.2.0 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "multi-plugin-installer", "slug": "multi-plugin-installer", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ba4a8bb-c67c-42c5-8c4e-229756babc5f?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ba55591-f4f3-4e90-9358-ca9c7ca01b09": { "id": "2ba55591-f4f3-4e90-9358-ca9c7ca01b09", "title": "MapifyLite and MapifyPro <= 3.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MapifyLite (by MapifyPro)", "slug": "mapifylite", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ba55591-f4f3-4e90-9358-ca9c7ca01b09?source=api-scan" ], "published": "2021-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ba556d0-48f9-4953-a5aa-876284e56360": { "id": "2ba556d0-48f9-4953-a5aa-876284e56360", "title": "Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion", "software": [ { "type": "plugin", "name": "Redux Framework", "slug": "redux-framework", "affected_versions": { "* - 4.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ba556d0-48f9-4953-a5aa-876284e56360?source=api-scan" ], "published": "2021-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ba56b4c-0573-4911-97a4-a51e867daa75": { "id": "2ba56b4c-0573-4911-97a4-a51e867daa75", "title": "Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Blog Floating Button", "slug": "blog-floating-button", "affected_versions": { "* - 1.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ba56b4c-0573-4911-97a4-a51e867daa75?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2baf528d-a24b-4cad-99c9-5fef9df3fe6d": { "id": "2baf528d-a24b-4cad-99c9-5fef9df3fe6d", "title": "Add Edit Delete Listing Module <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Add Edit Delete Listing Module", "slug": "add-edit-delete-listing-for-member-module", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2baf528d-a24b-4cad-99c9-5fef9df3fe6d?source=api-scan" ], "published": "2017-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bafede8-9bd0-4c38-a402-42d419cc03fa": { "id": "2bafede8-9bd0-4c38-a402-42d419cc03fa", "title": "WPify Woo Czech <= 4.0.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPify Woo Czech", "slug": "wpify-woo", "affected_versions": { "* - 4.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bafede8-9bd0-4c38-a402-42d419cc03fa?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bb15304-1e46-44c6-b21b-e6768b79240a": { "id": "2bb15304-1e46-44c6-b21b-e6768b79240a", "title": "Accordion <= 2.2.99 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accordion", "slug": "accordions", "affected_versions": { "* - 2.2.99": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.99", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.100" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bb15304-1e46-44c6-b21b-e6768b79240a?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bbf4e86-308c-43f3-a54c-e1c6ee21260e": { "id": "2bbf4e86-308c-43f3-a54c-e1c6ee21260e", "title": "Woocommerce Order address Print <= 3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Order address Print", "slug": "woocommerce-order-address-print", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bbf4e86-308c-43f3-a54c-e1c6ee21260e?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bbf5adc-df9c-4629-909c-932998c50508": { "id": "2bbf5adc-df9c-4629-909c-932998c50508", "title": "Tera Charts <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tera Charts", "slug": "tera-charts", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bbf5adc-df9c-4629-909c-932998c50508?source=api-scan" ], "published": "2016-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bbf9526-1a82-496e-b762-6fa114ba8d46": { "id": "2bbf9526-1a82-496e-b762-6fa114ba8d46", "title": "Comments Ratings <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Comments Ratings", "slug": "comments-ratings", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bbf9526-1a82-496e-b762-6fa114ba8d46?source=api-scan" ], "published": "2023-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bc0b654-5174-41bc-9e8a-40257ceb7ded": { "id": "2bc0b654-5174-41bc-9e8a-40257ceb7ded", "title": "Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget", "software": [ { "type": "plugin", "name": "Rife Elementor Extensions & Templates", "slug": "rife-elementor-extensions", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bc0b654-5174-41bc-9e8a-40257ceb7ded?source=api-scan" ], "published": "2024-07-01 19:26:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bc8c04f-3764-473e-a216-7c5dc49abfa8": { "id": "2bc8c04f-3764-473e-a216-7c5dc49abfa8", "title": "SpiderVPlayer <= 2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "SpiderVPlayer", "slug": "player", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bc8c04f-3764-473e-a216-7c5dc49abfa8?source=api-scan" ], "published": "2013-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bd2ce54-9ccb-4943-a01a-c9e8c1ff2d0d": { "id": "2bd2ce54-9ccb-4943-a01a-c9e8c1ff2d0d", "title": "WordPress Countdown Widget <= 3.1.9.1 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "WordPress Countdown Widget", "slug": "wordpress-countdown-widget", "affected_versions": { "* - 3.1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bd2ce54-9ccb-4943-a01a-c9e8c1ff2d0d?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bd53172-ddfa-481a-818d-626b9db6fe41": { "id": "2bd53172-ddfa-481a-818d-626b9db6fe41", "title": "Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bd53172-ddfa-481a-818d-626b9db6fe41?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bdb68bc-b773-4537-98dd-c54ffa5309c7": { "id": "2bdb68bc-b773-4537-98dd-c54ffa5309c7", "title": "ImageInject <= 1.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ImageInject", "slug": "wp-inject", "affected_versions": { "* - 1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bdb68bc-b773-4537-98dd-c54ffa5309c7?source=api-scan" ], "published": "2018-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bde5862-1b7c-4e58-b13f-c8f347593c51": { "id": "2bde5862-1b7c-4e58-b13f-c8f347593c51", "title": "IP2Location Country Blocker < 2.26.9 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IP2Location Country Blocker", "slug": "ip2location-country-blocker", "affected_versions": { "[*, 2.26.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.26.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.26.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bde5862-1b7c-4e58-b13f-c8f347593c51?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2be089a0-d4d5-4d64-8fb7-8c42286ebbcd": { "id": "2be089a0-d4d5-4d64-8fb7-8c42286ebbcd", "title": "WordPress Core < 5.2.3 - Cross-Site Scripting via Media Uploads", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.29": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.29", "to_inclusive": true }, "3.8 - 3.8.29": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.29", "to_inclusive": true }, "3.9 - 3.9.27": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.27", "to_inclusive": true }, "4.0 - 4.0.26": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true }, "4.1 - 4.1.26": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.26", "to_inclusive": true }, "4.2 - 4.2.23": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.23", "to_inclusive": true }, "4.3 - 4.3.19": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.19", "to_inclusive": true }, "4.4 - 4.4.18": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.18", "to_inclusive": true }, "4.5 - 4.5.17": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.17", "to_inclusive": true }, "4.6 - 4.6.13": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.8 - 4.8.9": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9 - 4.9.10": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true }, "5.0 - 5.0.5": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true }, "5.1 - 5.1.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true }, "5.2 - 5.2.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.30", "3.8.30", "3.9.28", "4.0.27", "4.1.27", "4.2.24", "4.3.20", "4.4.19", "4.5.18", "4.6.15", "4.7.14", "4.8.10", "4.9.11", "5.0.6", "5.1.2", "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2be089a0-d4d5-4d64-8fb7-8c42286ebbcd?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2be16ee8-6bae-44d9-bde7-8e893293c3f9": { "id": "2be16ee8-6bae-44d9-bde7-8e893293c3f9", "title": "WOLF <= 1.0.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wpbe_update_page_field", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2be16ee8-6bae-44d9-bde7-8e893293c3f9?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2be3638e-3a0d-40e5-914e-9f20971abf9a": { "id": "2be3638e-3a0d-40e5-914e-9f20971abf9a", "title": "Yellow Swordfish Simple Forum <= 1.11 - SQL Injection", "software": [ { "type": "plugin", "name": "Yellow Swordfish Simple Forum", "slug": "simple-forum", "affected_versions": { "* - 1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2be3638e-3a0d-40e5-914e-9f20971abf9a?source=api-scan" ], "published": "2008-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2be6c7d8-6dd4-4701-9baa-694496e7388a": { "id": "2be6c7d8-6dd4-4701-9baa-694496e7388a", "title": "RB Internal Links <= 2.0.16 - Cross-Site Request Forgery to Settings update and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RB Internal Links", "slug": "rb-internal-links", "affected_versions": { "* - 2.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2be6c7d8-6dd4-4701-9baa-694496e7388a?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2be9815d-56c6-4574-9b4c-75fff40a148d": { "id": "2be9815d-56c6-4574-9b4c-75fff40a148d", "title": "WPGraphQL <= 0.2.3 - Unauthenticated Comment Creation", "software": [ { "type": "plugin", "name": "WPGraphQL", "slug": "wp-graphql", "affected_versions": { "* - 0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2be9815d-56c6-4574-9b4c-75fff40a148d?source=api-scan" ], "published": "2019-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bef9fbc-ada5-475d-b630-923483b8fb7a": { "id": "2bef9fbc-ada5-475d-b630-923483b8fb7a", "title": "Post Status Notifier Lite <= 1.10.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Status Notifier Lite", "slug": "post-status-notifier-lite", "affected_versions": { "* - 1.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bef9fbc-ada5-475d-b630-923483b8fb7a?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bf29d3d-98eb-40a7-88af-32b48e437572": { "id": "2bf29d3d-98eb-40a7-88af-32b48e437572", "title": "Request a Quote <= 2.3.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Request a Quote", "slug": "request-a-quote", "affected_versions": { "[*, 2.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bf29d3d-98eb-40a7-88af-32b48e437572?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bf511b6-1b62-43e0-9df5-674a423f6ae2": { "id": "2bf511b6-1b62-43e0-9df5-674a423f6ae2", "title": "Testimonial Builder <= 1.6.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial \u2013 WordPress Testimonial Showcase Plugin Grid Plus Testimonial Slider", "slug": "testimonial-builder", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bf511b6-1b62-43e0-9df5-674a423f6ae2?source=api-scan" ], "published": "2021-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bff8dea-6971-47d4-bd2c-0821687033e5": { "id": "2bff8dea-6971-47d4-bd2c-0821687033e5", "title": "GiveWP <= 2.33.3 - Cross-Site Request Forgery to Stripe Integration Deletion", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.33.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.33.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bff8dea-6971-47d4-bd2c-0821687033e5?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2bffed25-d7f0-40de-a55d-42653aff0673": { "id": "2bffed25-d7f0-40de-a55d-42653aff0673", "title": "WP-WebAuthn <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-WebAuthn", "slug": "wp-webauthn", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2bffed25-d7f0-40de-a55d-42653aff0673?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c02b9b2-b41e-4a30-b69a-9cdae86dd7a7": { "id": "2c02b9b2-b41e-4a30-b69a-9cdae86dd7a7", "title": "Chronoforms <= 7.0.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Chronoforms", "slug": "chronoforms", "affected_versions": { "* - 7.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c02b9b2-b41e-4a30-b69a-9cdae86dd7a7?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c056904-5b2d-4ca6-8dcf-8ab5c1a7645b": { "id": "2c056904-5b2d-4ca6-8dcf-8ab5c1a7645b", "title": "Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.1 - Cross-Site Request Forgery to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Waitlist Woocommerce ( Back in stock notifier )", "slug": "waitlist-woocommerce", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c056904-5b2d-4ca6-8dcf-8ab5c1a7645b?source=api-scan" ], "published": "2022-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c07b5c8-7fae-499d-9f6c-9392166f74b8": { "id": "2c07b5c8-7fae-499d-9f6c-9392166f74b8", "title": "WPBakery Page Builder Addons by Livemesh <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WPBakery Page Builder Addons by Livemesh", "slug": "addons-for-visual-composer", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c07b5c8-7fae-499d-9f6c-9392166f74b8?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c148123-9da3-4384-8aec-4ee71cb05e01": { "id": "2c148123-9da3-4384-8aec-4ee71cb05e01", "title": "Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Slider Factory \u2013 Responsive Photo Slider, Image Slider, Video Slider, Carousel Slideshow", "slug": "slider-factory", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c148123-9da3-4384-8aec-4ee71cb05e01?source=api-scan" ], "published": "2021-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c1c208e-ae4a-40fb-9495-5268e5e929e5": { "id": "2c1c208e-ae4a-40fb-9495-5268e5e929e5", "title": "Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Wholesale For WooCommerce", "slug": "woocommerce-wholesale-pricing", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c1c208e-ae4a-40fb-9495-5268e5e929e5?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c1dbd73-6ea6-4e9d-84e2-055ab9db5f4f": { "id": "2c1dbd73-6ea6-4e9d-84e2-055ab9db5f4f", "title": "WHOIS <= 1.4.2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WHOIS", "slug": "wordpress-whois-search", "affected_versions": { "* - 1.4.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c1dbd73-6ea6-4e9d-84e2-055ab9db5f4f?source=api-scan" ], "published": "2012-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c1e6298-f243-49a5-b1b7-52bd6a6c8858": { "id": "2c1e6298-f243-49a5-b1b7-52bd6a6c8858", "title": "Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "N-Media Post Front-end Form", "slug": "wp-post-frontend", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] }, { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=api-scan" ], "published": "2016-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c25a344-4876-4ba8-bbc6-d1a32f4b1d08": { "id": "2c25a344-4876-4ba8-bbc6-d1a32f4b1d08", "title": "User Login History <= 1.7.0 - SQL Injection via Order By", "software": [ { "type": "plugin", "name": "User Login History", "slug": "user-login-history", "affected_versions": { "1.7.0": { "from_version": "1.7.0", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c25a344-4876-4ba8-bbc6-d1a32f4b1d08?source=api-scan" ], "published": "2019-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c26d6de-5653-4be8-9526-39b30cb61625": { "id": "2c26d6de-5653-4be8-9526-39b30cb61625", "title": "Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c26d6de-5653-4be8-9526-39b30cb61625?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c2c8025-6a1b-475d-bc28-9f2ec3ad7bdc": { "id": "2c2c8025-6a1b-475d-bc28-9f2ec3ad7bdc", "title": "WP Social Sharing <= 2.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Social Sharing", "slug": "wp-social-sharing", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c2c8025-6a1b-475d-bc28-9f2ec3ad7bdc?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c2d9569-a551-46f5-8581-464b9f35b71c": { "id": "2c2d9569-a551-46f5-8581-464b9f35b71c", "title": "MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk", "software": [ { "type": "plugin", "name": "MainWP Dashboard: WordPress Management without the SaaS", "slug": "mainwp", "affected_versions": { "* - 4.6.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c2d9569-a551-46f5-8581-464b9f35b71c?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c2f0e74-cdc0-4da9-bd79-8d09f5459be7": { "id": "2c2f0e74-cdc0-4da9-bd79-8d09f5459be7", "title": "Timeline Calendar <= 1.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Timeline Calendar", "slug": "timeline-calendar", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c2f0e74-cdc0-4da9-bd79-8d09f5459be7?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c314acf-d5bb-433a-8e2d-4ca333944bb6": { "id": "2c314acf-d5bb-433a-8e2d-4ca333944bb6", "title": "WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Database Administrator", "slug": "wp-database-admin", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c314acf-d5bb-433a-8e2d-4ca333944bb6?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c399c6a-d5e4-4b88-a0a9-003233d5d59f": { "id": "2c399c6a-d5e4-4b88-a0a9-003233d5d59f", "title": "Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c399c6a-d5e4-4b88-a0a9-003233d5d59f?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c3d9fa7-8ea2-4213-8b28-2ca9191a8223": { "id": "2c3d9fa7-8ea2-4213-8b28-2ca9191a8223", "title": "MultiVendorX \u2013 MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "[*, 3.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c3d9fa7-8ea2-4213-8b28-2ca9191a8223?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c470cb0-5cbc-4ae1-b75a-384668d07215": { "id": "2c470cb0-5cbc-4ae1-b75a-384668d07215", "title": "Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Testimonials", "slug": "easy-testimonials", "affected_versions": { "* - 3.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c470cb0-5cbc-4ae1-b75a-384668d07215?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c4749b8-cfaf-4a6e-a093-0c2bfd22b809": { "id": "2c4749b8-cfaf-4a6e-a093-0c2bfd22b809", "title": "WP Maintenance <= 6.0.7 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maintenance", "slug": "wp-maintenance", "affected_versions": { "* - 6.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c4749b8-cfaf-4a6e-a093-0c2bfd22b809?source=api-scan" ], "published": "2022-06-28 13:50:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c": { "id": "2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c", "title": "ProfileGrid <= 5.7.8 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c5bb593-59b5-4760-8d54-14d7665c7e7f": { "id": "2c5bb593-59b5-4760-8d54-14d7665c7e7f", "title": "Event Registration <= 6.02.02 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Event Registration", "slug": "event-registration", "affected_versions": { "* - 6.02.02": { "from_version": "*", "from_inclusive": true, "to_version": "6.02.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.03.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c5bb593-59b5-4760-8d54-14d7665c7e7f?source=api-scan" ], "published": "2016-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a": { "id": "2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a", "title": "Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c609a29-3c72-4921-ab7a-2f2593b2e4b4": { "id": "2c609a29-3c72-4921-ab7a-2f2593b2e4b4", "title": "Vodpod Video Gallery <= 3.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "vodpod-video-gallery", "slug": "vodpod-video-gallery", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c609a29-3c72-4921-ab7a-2f2593b2e4b4?source=api-scan" ], "published": "2010-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c643074-d57e-4878-b61d-2790ce9dadaa": { "id": "2c643074-d57e-4878-b61d-2790ce9dadaa", "title": "OAuth Client by DigitialPixies <= 1.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "OAuth Client by DigitialPixies", "slug": "dpt-oauth-client", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c643074-d57e-4878-b61d-2790ce9dadaa?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c648ea4-7df6-4a77-9bc5-bd3c18979250": { "id": "2c648ea4-7df6-4a77-9bc5-bd3c18979250", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio < 2.53 - SQL Injection", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "[*, 2.53)": { "from_version": "*", "from_inclusive": true, "to_version": "2.53", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c648ea4-7df6-4a77-9bc5-bd3c18979250?source=api-scan" ], "published": "2012-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c657483-204c-4117-ac7c-c0522d9c3816": { "id": "2c657483-204c-4117-ac7c-c0522d9c3816", "title": "WooHoo Newspaper Magazine Theme <= 2.5.3 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "theme", "name": "WooHoo Newspaper Magazine Theme", "slug": "woohoo", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c657483-204c-4117-ac7c-c0522d9c3816?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c66b185-fd4b-452d-890b-0f1850d8a7be": { "id": "2c66b185-fd4b-452d-890b-0f1850d8a7be", "title": "Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Advanced Contact form 7 DB", "slug": "advanced-cf7-db", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c66b185-fd4b-452d-890b-0f1850d8a7be?source=api-scan" ], "published": "2024-06-10 17:32:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c7a0b51-6626-449f-95f5-74c4847909de": { "id": "2c7a0b51-6626-449f-95f5-74c4847909de", "title": "InPost Gallery <= 2.1.4.1 - Local File Inclusion", "software": [ { "type": "plugin", "name": "InPost Gallery", "slug": "inpost-gallery", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c7a0b51-6626-449f-95f5-74c4847909de?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c7c2b11-750a-48de-b48b-dcc6fbb8e917": { "id": "2c7c2b11-750a-48de-b48b-dcc6fbb8e917", "title": "Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via id Parameter", "software": [ { "type": "plugin", "name": "Note Press", "slug": "note-press", "affected_versions": { "* - 0.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c7c2b11-750a-48de-b48b-dcc6fbb8e917?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c80de83-3996-4048-8aa3-3611b002fc01": { "id": "2c80de83-3996-4048-8aa3-3611b002fc01", "title": "CP Polls <= 1.0.71 - Unauthenticated Poll Limit Bypass", "software": [ { "type": "plugin", "name": "Polls CP", "slug": "cp-polls", "affected_versions": { "* - 1.0.71": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c80de83-3996-4048-8aa3-3611b002fc01?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c8734f5-4d23-454d-bf00-6e9d36982098": { "id": "2c8734f5-4d23-454d-bf00-6e9d36982098", "title": "ARMember <= 4.0.27 - Directory Traversal via X-FILENAME", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c8734f5-4d23-454d-bf00-6e9d36982098?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c889c8e-7546-45bd-884b-7fb0199e595b": { "id": "2c889c8e-7546-45bd-884b-7fb0199e595b", "title": "Hide My WP <= 4.51.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hide My WP - Amazing Security Plugin for WordPress!", "slug": "hide_my_wp", "affected_versions": { "[*, 4.52)": { "from_version": "*", "from_inclusive": true, "to_version": "4.52", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c889c8e-7546-45bd-884b-7fb0199e595b?source=api-scan" ], "published": "2015-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c8a487c-6bd5-480a-9945-ba465b38243f": { "id": "2c8a487c-6bd5-480a-9945-ba465b38243f", "title": "Pocket News Generator <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pocket News Generator", "slug": "pocket-news-generator", "affected_versions": { "* - 0.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c8a487c-6bd5-480a-9945-ba465b38243f?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c8a6ff9-6aa8-4e0f-b058-759561a55508": { "id": "2c8a6ff9-6aa8-4e0f-b058-759561a55508", "title": "Revision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "Revision Manager TMC", "slug": "revision-manager-tmc", "affected_versions": { "* - 2.8.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c8a6ff9-6aa8-4e0f-b058-759561a55508?source=api-scan" ], "published": "2024-09-06 01:25:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c955905-bf14-4afa-a282-0a8c74cd3b87": { "id": "2c955905-bf14-4afa-a282-0a8c74cd3b87", "title": "Brizy \u2013 Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.43": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c955905-bf14-4afa-a282-0a8c74cd3b87?source=api-scan" ], "published": "2024-06-04 17:04:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c994021-d429-4652-ada5-34ec0517cb19": { "id": "2c994021-d429-4652-ada5-34ec0517cb19", "title": "myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.2 - Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c994021-d429-4652-ada5-34ec0517cb19?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c9cf461-572c-4be8-96e6-659acf3208f3": { "id": "2c9cf461-572c-4be8-96e6-659acf3208f3", "title": "Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c9cf461-572c-4be8-96e6-659acf3208f3?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c9f657b-82a5-40da-9e9a-95ea6f62d895": { "id": "2c9f657b-82a5-40da-9e9a-95ea6f62d895", "title": "Gmedia Photo Gallery <= 1.18.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gmedia Photo Gallery", "slug": "grand-media", "affected_versions": { "[*, 1.18.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.18.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c9f657b-82a5-40da-9e9a-95ea6f62d895?source=api-scan" ], "published": "2020-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2c9fa6f9-a549-4629-862f-f9a47b13aa59": { "id": "2c9fa6f9-a549-4629-862f-f9a47b13aa59", "title": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.8 - Authentication Bypass", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2c9fa6f9-a549-4629-862f-f9a47b13aa59?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ca30fef-a014-4d19-b9f8-c51db512795b": { "id": "2ca30fef-a014-4d19-b9f8-c51db512795b", "title": "WP Intercom Slack <= 1.2.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "WP Intercom - Slack for WordPress", "slug": "wp-intercom-slack", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ca30fef-a014-4d19-b9f8-c51db512795b?source=api-scan" ], "published": "2019-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ca879be-ac35-4bc6-b3f4-a6e8fdf02875": { "id": "2ca879be-ac35-4bc6-b3f4-a6e8fdf02875", "title": "Under Construction \/ Maintenance Mode from Acurax <= 2.6 - Unauthenticated IP Spoofing", "software": [ { "type": "plugin", "name": "Under Construction \/ Maintenance Mode from Acurax", "slug": "coming-soon-maintenance-mode-from-acurax", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ca879be-ac35-4bc6-b3f4-a6e8fdf02875?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cae1194-2247-44bf-a1a0-0cb0068f56e0": { "id": "2cae1194-2247-44bf-a1a0-0cb0068f56e0", "title": "E-Search <= 1.0 - Reflected Cross-Site Scripting via title_az parameter", "software": [ { "type": "plugin", "name": "E-Search", "slug": "e-search", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cae1194-2247-44bf-a1a0-0cb0068f56e0?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2caed42f-fb5b-488a-af15-f5ad3d82a68c": { "id": "2caed42f-fb5b-488a-af15-f5ad3d82a68c", "title": "Profile Builder <= 2.4.0 - Privilege Escalation", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2caed42f-fb5b-488a-af15-f5ad3d82a68c?source=api-scan" ], "published": "2016-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cb5370f-14aa-445d-bda3-62a0dd068fc5": { "id": "2cb5370f-14aa-445d-bda3-62a0dd068fc5", "title": "Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode", "slug": "coming-soon", "affected_versions": { "* - 6.15.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.15.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.15.15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cb5370f-14aa-445d-bda3-62a0dd068fc5?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cba74f7-7183-4297-8f04-4818c01358ef": { "id": "2cba74f7-7183-4297-8f04-4818c01358ef", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_page_cache'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cba74f7-7183-4297-8f04-4818c01358ef?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cbb586e-2438-4483-927d-07a7b63125a9": { "id": "2cbb586e-2438-4483-927d-07a7b63125a9", "title": "WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Lead Editing", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "[*, 6.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cbb586e-2438-4483-927d-07a7b63125a9?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cbc0b70-c8a4-4924-a67f-cea81ab19cdc": { "id": "2cbc0b70-c8a4-4924-a67f-cea81ab19cdc", "title": "Branded Social Images <= 1.1.0 - Missing Authorization leading to Unauthenticated Plugin Settings Updates", "software": [ { "type": "plugin", "name": "Branded Social Images \u2013 Open Graph Images with logo and extra text layer", "slug": "branded-social-images", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cbc0b70-c8a4-4924-a67f-cea81ab19cdc?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cbd3bf0-6b20-41c2-8265-786dbba123d7": { "id": "2cbd3bf0-6b20-41c2-8265-786dbba123d7", "title": "Cforms <= 10.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "cforms", "slug": "cforms", "affected_versions": { "* - 10.1": { "from_version": "*", "from_inclusive": true, "to_version": "10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cbd3bf0-6b20-41c2-8265-786dbba123d7?source=api-scan" ], "published": "2014-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cc03aa9-ad3d-4abb-9c22-cb40875ece47": { "id": "2cc03aa9-ad3d-4abb-9c22-cb40875ece47", "title": "WPZOOM Shortcodes <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode", "software": [ { "type": "plugin", "name": "WPZOOM Shortcodes", "slug": "wpzoom-shortcodes", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cc03aa9-ad3d-4abb-9c22-cb40875ece47?source=api-scan" ], "published": "2024-09-24 12:23:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cc5962f-4d3c-43ea-996b-a5bb3d0dccef": { "id": "2cc5962f-4d3c-43ea-996b-a5bb3d0dccef", "title": "PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Random image gallery with pretty photo zoom", "slug": "random-image-gallery-with-pretty-photo-zoom", "affected_versions": { "[*, 7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.5" ] }, { "type": "plugin", "name": "mytreasures", "slug": "mytreasures", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "wp-business-directory", "slug": "wp-business-directory", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Responsive Lightbox & Gallery", "slug": "responsive-lightbox", "affected_versions": { "[*, 1.4.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.12" ] }, { "type": "plugin", "name": "s2member Secure File Browser", "slug": "s2member-secure-file-browser", "affected_versions": { "[*, 0.4.17)": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.4.17" ] }, { "type": "plugin", "name": "TallyKit", "slug": "tallykit", "affected_versions": { "[*, 5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5" ] }, { "type": "plugin", "name": "WP Video Lightbox", "slug": "wp-video-lightbox", "affected_versions": { "[*, 1.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.5" ] }, { "type": "plugin", "name": "Alpine Photo Tile for Instagram", "slug": "alpine-photo-tile-for-instagram", "affected_versions": { "[*, 1.2.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7.5" ] }, { "type": "plugin", "name": "eHive Account Details", "slug": "ehive-account-details", "affected_versions": { "[*, 2.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.3" ] }, { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "[*, 4.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.1" ] }, { "type": "plugin", "name": "fancyflickr", "slug": "fancyflickr", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Gallery Bank \u2013 WordPress Photo Gallery Plugin", "slug": "gallery-bank", "affected_versions": { "[*, 3.0.229)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.229", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.229" ] }, { "type": "plugin", "name": "ReFlex Gallery \u00bb WordPress Photo Gallery", "slug": "reflex-gallery", "affected_versions": { "[*, 3.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.5" ] }, { "type": "plugin", "name": "matrix-image-gallery", "slug": "matrix-image-gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Apizee Contact \u2013 Live Chat Plugin", "slug": "izeechat", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] }, { "type": "plugin", "name": "dp-maintenance-mode-lite", "slug": "dp-maintenance-mode-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Portfolio Gallery", "slug": "wp-portfolio-gallery", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "ticket-manager", "slug": "ticket-manager", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "lb-tube-video", "slug": "lb-tube-video", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "eHive Object Details", "slug": "ehive-object-details", "affected_versions": { "[*, 2.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.7" ] }, { "type": "plugin", "name": "Onclick show popup", "slug": "onclick-show-popup", "affected_versions": { "[*, 6.6)": { "from_version": "*", "from_inclusive": true, "to_version": "6.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.6" ] }, { "type": "plugin", "name": "jcwp youtube channel embed", "slug": "jcwp-youtube-channel-embed", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "FoxyShop", "slug": "foxyshop", "affected_versions": { "[*, 4.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.1" ] }, { "type": "plugin", "name": "Contact Bank \u2013 Contact Form Builder for WordPress", "slug": "contact-bank", "affected_versions": { "[*, 2.0.227)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.227", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.227" ] }, { "type": "plugin", "name": "Image Slider", "slug": "image-slider-widget", "affected_versions": { "[*, 1.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.7" ] }, { "type": "plugin", "name": "Images Lazyload and Slideshow", "slug": "images-lazyload-and-slideshow", "affected_versions": { "[*, 3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3" ] }, { "type": "plugin", "name": "WPPizza \u2013 A Restaurant Plugin", "slug": "wppizza", "affected_versions": { "[*, 2.11.8.18)": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.8.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.11.8.18" ] }, { "type": "plugin", "name": "responsive-category-slider", "slug": "responsive-category-slider", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "MyBlogU", "slug": "myblogu", "affected_versions": { "[*, 0.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.0.8" ] }, { "type": "plugin", "name": "TreXanh Property", "slug": "trexanh-property", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2" ] }, { "type": "plugin", "name": "embedplus-for-wordpress", "slug": "embedplus-for-wordpress", "affected_versions": { "[*, 5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4" ] }, { "type": "plugin", "name": "webrotate-360-product-viewer", "slug": "webrotate-360-product-viewer", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] }, { "type": "plugin", "name": "wp-instagram-bank", "slug": "wp-instagram-bank", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "mklasens-photobox", "slug": "mklasens-photobox", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cc737b3-4072-4dd4-8e50-ec94dc2a17d5": { "id": "2cc737b3-4072-4dd4-8e50-ec94dc2a17d5", "title": "WP eCommerce Shop Styling < 2.6 - Directory Traversal", "software": [ { "type": "plugin", "name": "WP eCommerce Shop Styling", "slug": "wp-ecommerce-shop-styling", "affected_versions": { "[*, 2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cc737b3-4072-4dd4-8e50-ec94dc2a17d5?source=api-scan" ], "published": "2015-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cc9f75d-f1a6-486b-b924-76ec618c5314": { "id": "2cc9f75d-f1a6-486b-b924-76ec618c5314", "title": "Radio Player <= 2.0.73 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cc9f75d-f1a6-486b-b924-76ec618c5314?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ccba77c-fb90-4906-b0fe-77607ec5df1f": { "id": "2ccba77c-fb90-4906-b0fe-77607ec5df1f", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ccba77c-fb90-4906-b0fe-77607ec5df1f?source=api-scan" ], "published": "2024-05-17 19:02:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cce2a10-3d5f-4249-9085-923a1fa76385": { "id": "2cce2a10-3d5f-4249-9085-923a1fa76385", "title": "Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters", "software": [ { "type": "theme", "name": "Goya", "slug": "goya", "affected_versions": { "* - 1.0.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cce2a10-3d5f-4249-9085-923a1fa76385?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cd509f7-100a-4f28-8d5a-b6b906456c52": { "id": "2cd509f7-100a-4f28-8d5a-b6b906456c52", "title": "WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP-Eggdrop", "slug": "wp-eggdrop", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cd509f7-100a-4f28-8d5a-b6b906456c52?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cd6e69b-f927-4cea-a838-5c73f52233a2": { "id": "2cd6e69b-f927-4cea-a838-5c73f52233a2", "title": "SendPress Newsletters <= 1.23.11.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SendPress Newsletters", "slug": "sendpress", "affected_versions": { "* - 1.23.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.11.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cd6e69b-f927-4cea-a838-5c73f52233a2?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cd92497-25ac-4560-82ed-e21a117d8c64": { "id": "2cd92497-25ac-4560-82ed-e21a117d8c64", "title": "Newsmatic <= 1.3.1 - Missing Authorization", "software": [ { "type": "theme", "name": "Newsmatic", "slug": "newsmatic", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cd92497-25ac-4560-82ed-e21a117d8c64?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cde1f4d-0212-48b1-a0ef-ba923c37ab50": { "id": "2cde1f4d-0212-48b1-a0ef-ba923c37ab50", "title": "WordPress Download Manager <= 3.1.24 - Authenticated File Upload", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.1.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cde1f4d-0212-48b1-a0ef-ba923c37ab50?source=api-scan" ], "published": "2021-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ce0e587-0312-4484-8f03-c82db67aba44": { "id": "2ce0e587-0312-4484-8f03-c82db67aba44", "title": "Premium Addons for Elementor <= 4.10.25 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.25": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ce0e587-0312-4484-8f03-c82db67aba44?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ce1a40f-1489-42be-963e-052274a56e47": { "id": "2ce1a40f-1489-42be-963e-052274a56e47", "title": "wpForo Forum <= 2.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ce1a40f-1489-42be-963e-052274a56e47?source=api-scan" ], "published": "2022-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ce60724-3ef8-4222-9034-88edb8a4ce0e": { "id": "2ce60724-3ef8-4222-9034-88edb8a4ce0e", "title": "NewStatPress < 1.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ce60724-3ef8-4222-9034-88edb8a4ce0e?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ce61c74-2754-468b-b40a-5b4446375dfd": { "id": "2ce61c74-2754-468b-b40a-5b4446375dfd", "title": "Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Author+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ce61c74-2754-468b-b40a-5b4446375dfd?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ceaa52e-564d-4454-8e3b-dc6899c910dd": { "id": "2ceaa52e-564d-4454-8e3b-dc6899c910dd", "title": "Houzez <= 3.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Houzez", "slug": "houzez", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ceaa52e-564d-4454-8e3b-dc6899c910dd?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cee1253-52e5-4676-8a7a-ac71df0786ed": { "id": "2cee1253-52e5-4676-8a7a-ac71df0786ed", "title": "Post Views Counter <= 1.4.4 - Cross-Site Request Forgery via save_bulk_post_views()", "software": [ { "type": "plugin", "name": "Post Views Counter", "slug": "post-views-counter", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cee1253-52e5-4676-8a7a-ac71df0786ed?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cf2201d-6da0-4f66-9135-c6b34ef7c65f": { "id": "2cf2201d-6da0-4f66-9135-c6b34ef7c65f", "title": "WP Maintenance Mode <= 2.0.6 - Remote Code Execution", "software": [ { "type": "plugin", "name": "LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder", "slug": "wp-maintenance-mode", "affected_versions": { "[*, 2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cf2201d-6da0-4f66-9135-c6b34ef7c65f?source=api-scan" ], "published": "2018-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cf5879f-82ae-41de-b220-aaec45c96c87": { "id": "2cf5879f-82ae-41de-b220-aaec45c96c87", "title": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cf5879f-82ae-41de-b220-aaec45c96c87?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cfbee75-13ef-49ad-9edd-f3077a033c1b": { "id": "2cfbee75-13ef-49ad-9edd-f3077a033c1b", "title": "Image Metadata Cruncher < 1.8 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Image Metadata Cruncher", "slug": "image-metadata-cruncher", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cfbee75-13ef-49ad-9edd-f3077a033c1b?source=api-scan" ], "published": "2015-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cfe69ae-2d42-484e-9c35-672394219ec2": { "id": "2cfe69ae-2d42-484e-9c35-672394219ec2", "title": "WordPress Landing Page \u2013 Squeeze Page \u2013 Responsive Landing Page Builder Free \u2013 WP Lead Plus X <= 0.98 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Landing Page \u2013 Squeeze Page \u2013 Responsive Landing Page Builder Free \u2013 WP Lead Plus X", "slug": "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make", "affected_versions": { "[*, 0.99)": { "from_version": "*", "from_inclusive": true, "to_version": "0.99", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cfe69ae-2d42-484e-9c35-672394219ec2?source=api-scan" ], "published": "2020-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2cff84a4-9264-4789-997b-bc11a8bac449": { "id": "2cff84a4-9264-4789-997b-bc11a8bac449", "title": "Ultimate Product Catalog <= 3.8.1 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "[*, 3.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2cff84a4-9264-4789-997b-bc11a8bac449?source=api-scan" ], "published": "2016-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d010e55-d57a-49f7-a991-76b676b88f1e": { "id": "2d010e55-d57a-49f7-a991-76b676b88f1e", "title": "RegistrationMagic <= 5.2.4.1 - Reflected Cross-Site Scripting via section_id", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "[*, 5.2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d010e55-d57a-49f7-a991-76b676b88f1e?source=api-scan" ], "published": "2023-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d044e0a-a956-4319-985d-6a9a276daf49": { "id": "2d044e0a-a956-4319-985d-6a9a276daf49", "title": "WP-DB-Table-Editor <= 1.8.4 - Missing Authorization to Authenticated(Contributor+) Database Access", "software": [ { "type": "plugin", "name": "WP-DB-Table-Editor", "slug": "wp-db-table-editor", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d044e0a-a956-4319-985d-6a9a276daf49?source=api-scan" ], "published": "2024-06-03 17:10:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d048878-12ae-442a-921d-c02a4e1e3974": { "id": "2d048878-12ae-442a-921d-c02a4e1e3974", "title": "WordPress Poll < 34.06 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Poll", "slug": "cardoza-wordpress-poll", "affected_versions": { "* - 34.05": { "from_version": "*", "from_inclusive": true, "to_version": "34.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "34.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d048878-12ae-442a-921d-c02a4e1e3974?source=api-scan" ], "published": "2013-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d0529df-70be-4559-a760-5537e0fd4d1e": { "id": "2d0529df-70be-4559-a760-5537e0fd4d1e", "title": "WordPress Core < 3.1.3 - Media Related Security Issue", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d0529df-70be-4559-a760-5537e0fd4d1e?source=api-scan" ], "published": "2011-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d08e462-8297-477e-89da-47f26bd6beae": { "id": "2d08e462-8297-477e-89da-47f26bd6beae", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Plugin Data Removal in reinitialize", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d08e462-8297-477e-89da-47f26bd6beae?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d0a822f-94b2-4875-b4b2-5c866555e3bd": { "id": "2d0a822f-94b2-4875-b4b2-5c866555e3bd", "title": "WP Responsive Menu <= 3.1.7 - Missing Authorization to Settings Update & Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Responsive Menu", "slug": "wp-responsive-menu", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d0a822f-94b2-4875-b4b2-5c866555e3bd?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d0e5d24-5d65-4ed5-8086-347969cbd3ec": { "id": "2d0e5d24-5d65-4ed5-8086-347969cbd3ec", "title": "PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d0e5d24-5d65-4ed5-8086-347969cbd3ec?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d10475f-83dd-4e59-83e4-aeaa72a22b96": { "id": "2d10475f-83dd-4e59-83e4-aeaa72a22b96", "title": "BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d10475f-83dd-4e59-83e4-aeaa72a22b96?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d10f043-df2c-4e81-bd99-e478a2dca0cf": { "id": "2d10f043-df2c-4e81-bd99-e478a2dca0cf", "title": "WordPress Shout Box Widget <= 2.0.2 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Shout Box Widget", "slug": "wordpress-simple-shout-box", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d10f043-df2c-4e81-bd99-e478a2dca0cf?source=api-scan" ], "published": "2013-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d113191-b550-4752-b536-644206ab56c1": { "id": "2d113191-b550-4752-b536-644206ab56c1", "title": "BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg", "slug": "betterdocs", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d113191-b550-4752-b536-644206ab56c1?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d1302c4-7aeb-49f4-aa11-2c0e08bd9c71": { "id": "2d1302c4-7aeb-49f4-aa11-2c0e08bd9c71", "title": "WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "[*, 3.8.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d1302c4-7aeb-49f4-aa11-2c0e08bd9c71?source=api-scan" ], "published": "2011-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d1414f5-e705-4fd4-847b-b46d2d20943b": { "id": "2d1414f5-e705-4fd4-847b-b46d2d20943b", "title": "Headless CMS <= 2.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Headless CMS", "slug": "headless-cms", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d1414f5-e705-4fd4-847b-b46d2d20943b?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d23541e-bb1c-4fcf-836b-28522a39b018": { "id": "2d23541e-bb1c-4fcf-836b-28522a39b018", "title": "All Users Messenger <= 1.24 - Authenticated (Subscriber+) Insecure Direct Object Reference to Message Deletion", "software": [ { "type": "plugin", "name": "All Users Messenger", "slug": "all-users-messenger", "affected_versions": { "* - 1.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.24", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d23541e-bb1c-4fcf-836b-28522a39b018?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d2380af-2ba7-4f6b-a055-52f400042be4": { "id": "2d2380af-2ba7-4f6b-a055-52f400042be4", "title": "Academy LMS <= 2.0.10 - Open Redirect", "software": [ { "type": "plugin", "name": "Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution", "slug": "academy", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d2380af-2ba7-4f6b-a055-52f400042be4?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d24aa7e-bbf1-4a54-b53b-7a37e613e0e6": { "id": "2d24aa7e-bbf1-4a54-b53b-7a37e613e0e6", "title": "Rate my Post \u2013 WP Rating System <= 3.4.2 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "Rate My Post \u2013 Star Rating Plugin by FeedbackWP", "slug": "rate-my-post", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d24aa7e-bbf1-4a54-b53b-7a37e613e0e6?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d2fc926-6f9f-4ed9-9598-e39b5e6c6544": { "id": "2d2fc926-6f9f-4ed9-9598-e39b5e6c6544", "title": "Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d2fc926-6f9f-4ed9-9598-e39b5e6c6544?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d3150b3-fba1-4e89-8f4e-b6c605227395": { "id": "2d3150b3-fba1-4e89-8f4e-b6c605227395", "title": "Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 21.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "21.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d3150b3-fba1-4e89-8f4e-b6c605227395?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d3188c2-e5b0-4d83-8c92-ae6b409c92f9": { "id": "2d3188c2-e5b0-4d83-8c92-ae6b409c92f9", "title": "ProfileGrid \u2013 User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.9.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9?source=api-scan" ], "published": "2024-09-25 19:18:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d33a880-0238-4d27-a433-6a09844bef3f": { "id": "2d33a880-0238-4d27-a433-6a09844bef3f", "title": "WooCommerce PDF Invoices & Packing Slips <= 3.2.5 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d33a880-0238-4d27-a433-6a09844bef3f?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d34b675-ff66-475e-b838-657dd51fc48c": { "id": "2d34b675-ff66-475e-b838-657dd51fc48c", "title": "Auto Affiliate Links <= 6.4.3.1 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "* - 6.4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d34b675-ff66-475e-b838-657dd51fc48c?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d34c665-e99c-408e-b7ab-d08a1a51c6c4": { "id": "2d34c665-e99c-408e-b7ab-d08a1a51c6c4", "title": "WP Jump Menu <= 3.6.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Jump Menu", "slug": "wp-jump-menu", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d34c665-e99c-408e-b7ab-d08a1a51c6c4?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d390a7e-f790-4953-b3cb-be31cfec6fb0": { "id": "2d390a7e-f790-4953-b3cb-be31cfec6fb0", "title": "Pricing Table by Supsystic <= 1.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pricing Table by Supsystic", "slug": "pricing-table-by-supsystic", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d390a7e-f790-4953-b3cb-be31cfec6fb0?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d3b9cde-e4d8-4217-96b4-f6ad00cd3a2d": { "id": "2d3b9cde-e4d8-4217-96b4-f6ad00cd3a2d", "title": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security <= 19.1.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security", "slug": "wp-simple-firewall", "affected_versions": { "* - 19.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d3b9cde-e4d8-4217-96b4-f6ad00cd3a2d?source=api-scan" ], "published": "2024-06-01 16:29:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d49fa2d-0625-40a4-b3dd-13679b806bc1": { "id": "2d49fa2d-0625-40a4-b3dd-13679b806bc1", "title": "AntiVirus < 1.1 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "AntiVirus", "slug": "antivirus", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d49fa2d-0625-40a4-b3dd-13679b806bc1?source=api-scan" ], "published": "2013-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d4e9daf-d414-4ace-9efd-4c3e16deeb8f": { "id": "2d4e9daf-d414-4ace-9efd-4c3e16deeb8f", "title": "WP Mail SMTP <= 4.0.1 - Authenticated (Admin+) SMTP Password Exposure", "software": [ { "type": "plugin", "name": "WP Mail SMTP by WPForms \u2013 The Most Popular SMTP and Email Log Plugin", "slug": "wp-mail-smtp", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d4e9daf-d414-4ace-9efd-4c3e16deeb8f?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d540b53-5c39-43d5-a055-cc5eccfa65b8": { "id": "2d540b53-5c39-43d5-a055-cc5eccfa65b8", "title": "WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP YouTube Live", "slug": "wp-youtube-live", "affected_versions": { "* - 1.7.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d540b53-5c39-43d5-a055-cc5eccfa65b8?source=api-scan" ], "published": "2022-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d581a38-736a-497f-aaf7-6da0b2421618": { "id": "2d581a38-736a-497f-aaf7-6da0b2421618", "title": "Livemesh Addons for WPBakery Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WPBakery Page Builder Addons by Livemesh", "slug": "addons-for-visual-composer", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d581a38-736a-497f-aaf7-6da0b2421618?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d5a9a2d-63d3-411c-af22-2829fd79c72b": { "id": "2d5a9a2d-63d3-411c-af22-2829fd79c72b", "title": "The Buffer Button <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Buffer Button", "slug": "the-buffer-button", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d5a9a2d-63d3-411c-af22-2829fd79c72b?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d5c6566-a890-4b95-b349-3874eb57b45a": { "id": "2d5c6566-a890-4b95-b349-3874eb57b45a", "title": "Contact Form Email <= 1.3.37 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.3.37": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d5c6566-a890-4b95-b349-3874eb57b45a?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d5fb5c8-3e4d-4268-8b21-b65b7d7b68f2": { "id": "2d5fb5c8-3e4d-4268-8b21-b65b7d7b68f2", "title": "Smart Post Show <= 3.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Pagination Color", "software": [ { "type": "plugin", "name": "Smart Post Show \u2013 Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More", "slug": "post-carousel", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d5fb5c8-3e4d-4268-8b21-b65b7d7b68f2?source=api-scan" ], "published": "2024-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d60ea41-c103-4b56-a920-d4b82698d630": { "id": "2d60ea41-c103-4b56-a920-d4b82698d630", "title": "Spam protection, AntiSpam, FireWall by CleanTalk < 5.22 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "[*, 5.22)": { "from_version": "*", "from_inclusive": true, "to_version": "5.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d60ea41-c103-4b56-a920-d4b82698d630?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d64e1c6-1e25-4438-974d-b7da0979cc40": { "id": "2d64e1c6-1e25-4438-974d-b7da0979cc40", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d64e1c6-1e25-4438-974d-b7da0979cc40?source=api-scan" ], "published": "2024-05-09 19:40:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d6e9aea-6ccb-4c83-83bb-63c9c9f59005": { "id": "2d6e9aea-6ccb-4c83-83bb-63c9c9f59005", "title": "WCFM - WooCommerce Multivendor Marketplace <= 3.4.11 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce", "slug": "wc-multivendor-marketplace", "affected_versions": { "* - 3.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d6e9aea-6ccb-4c83-83bb-63c9c9f59005?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d70b9b6-a1f0-4449-8d1a-ae16dbcc844d": { "id": "2d70b9b6-a1f0-4449-8d1a-ae16dbcc844d", "title": "Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Better Font Awesome", "slug": "better-font-awesome", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d70b9b6-a1f0-4449-8d1a-ae16dbcc844d?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d7264bc-7fa1-4f5f-a8bc-0840374b7a08": { "id": "2d7264bc-7fa1-4f5f-a8bc-0840374b7a08", "title": "Adaptive Images <= 0.6.68 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Adaptive Images for WordPress", "slug": "adaptive-images", "affected_versions": { "* - 0.6.68": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d7264bc-7fa1-4f5f-a8bc-0840374b7a08?source=api-scan" ], "published": "2022-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d79ad4c-6b7e-4bf9-93af-76b8c3599d47": { "id": "2d79ad4c-6b7e-4bf9-93af-76b8c3599d47", "title": "Dialogs <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dialogs", "slug": "dialogs", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d79ad4c-6b7e-4bf9-93af-76b8c3599d47?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d7d83f6-92d1-43a8-821c-7b9470ead493": { "id": "2d7d83f6-92d1-43a8-821c-7b9470ead493", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.4.27 - Validation Bypass via Email Field", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.4.27": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.27.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d7d83f6-92d1-43a8-821c-7b9470ead493?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d7ea482-c45e-4a73-9e64-4d4438e197b4": { "id": "2d7ea482-c45e-4a73-9e64-4d4438e197b4", "title": "Evolve < 1.2.7 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "evolve", "slug": "evolve", "affected_versions": { "[*, 1.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d7ea482-c45e-4a73-9e64-4d4438e197b4?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d7feea5-965f-4a07-90f8-39ccdba7b50f": { "id": "2d7feea5-965f-4a07-90f8-39ccdba7b50f", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d7feea5-965f-4a07-90f8-39ccdba7b50f?source=api-scan" ], "published": "2020-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d853bd5-4caa-4b90-a9a6-929fb18b9337": { "id": "2d853bd5-4caa-4b90-a9a6-929fb18b9337", "title": "WordPress Core < 4.6.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.15": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.15", "to_inclusive": true }, "3.8 - 3.8.15": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.15", "to_inclusive": true }, "3.9 - 3.9.13": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.13", "to_inclusive": true }, "4.0 - 4.0.12": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true }, "4.1 - 4.1.12": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.12", "to_inclusive": true }, "4.2 - 4.2.9": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.9", "to_inclusive": true }, "4.3 - 4.3.5": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true }, "4.4 - 4.4.4": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true }, "4.5 - 4.5.3": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true }, "4.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.16", "3.8.16", "3.9.14", "4.0.13", "4.1.13", "4.2.10", "4.3.6", "4.4.5", "4.5.4", "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d853bd5-4caa-4b90-a9a6-929fb18b9337?source=api-scan" ], "published": "2016-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d8585df-f933-4bd6-a157-56a51d4f8a4a": { "id": "2d8585df-f933-4bd6-a157-56a51d4f8a4a", "title": "Adsmonetizer <= 3.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Adsmonetizer", "slug": "adsensei-b30", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d8585df-f933-4bd6-a157-56a51d4f8a4a?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d89a534-978e-4fd8-be3a-5137bdc22dc9": { "id": "2d89a534-978e-4fd8-be3a-5137bdc22dc9", "title": "W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d89a534-978e-4fd8-be3a-5137bdc22dc9?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d8ae431-04cd-49e4-a5ea-ea7b1263c836": { "id": "2d8ae431-04cd-49e4-a5ea-ea7b1263c836", "title": "Caulk (Unknown Versions) - Full Path Disclosure", "software": [ { "type": "theme", "name": "Caulk Theme", "slug": "caulk", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d8ae431-04cd-49e4-a5ea-ea7b1263c836?source=api-scan" ], "published": "2013-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d90737b-fc4b-45a3-b970-64468e9eb431": { "id": "2d90737b-fc4b-45a3-b970-64468e9eb431", "title": "Support Board <= 1.2.8 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Support Board", "slug": "supportboard", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d90737b-fc4b-45a3-b970-64468e9eb431?source=api-scan" ], "published": "2019-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d964e1e-6361-435b-8527-e241f5a28b0e": { "id": "2d964e1e-6361-435b-8527-e241f5a28b0e", "title": "Comment Guestbook <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comment Guestbook", "slug": "comment-guestbook", "affected_versions": { "* - 0.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d964e1e-6361-435b-8527-e241f5a28b0e?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d9bf916-cdbf-410b-95bb-ca7ce6658e1b": { "id": "2d9bf916-cdbf-410b-95bb-ca7ce6658e1b", "title": "StudioZen <= 1.6 - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Studio Zen | Photography Theme for WordPress", "slug": "studiozen", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d9bf916-cdbf-410b-95bb-ca7ce6658e1b?source=api-scan" ], "published": "2013-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2d9f9774-e45d-4b69-80e0-dce1e7c0ea78": { "id": "2d9f9774-e45d-4b69-80e0-dce1e7c0ea78", "title": "Depicter Slider <= 3.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", "slug": "depicter", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2d9f9774-e45d-4b69-80e0-dce1e7c0ea78?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2da02a0e-4bc5-4dc6-b46e-7e74e0eb36dd": { "id": "2da02a0e-4bc5-4dc6-b46e-7e74e0eb36dd", "title": "Dokan <= 3.6.3 - Authenticated (Vendor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dokan \u2013 Powerful WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy", "slug": "dokan-lite", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2da02a0e-4bc5-4dc6-b46e-7e74e0eb36dd?source=api-scan" ], "published": "2022-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2da322ea-0206-4838-8ac4-9dd201bb00bc": { "id": "2da322ea-0206-4838-8ac4-9dd201bb00bc", "title": "Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Ultimate Gift Cards for WooCommerce \u2013 Ultimate Gift Cards for Woocommerce \u2013 Create Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates", "slug": "woo-gift-cards-lite", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2da322ea-0206-4838-8ac4-9dd201bb00bc?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2da883bf-5741-4eda-8a93-3b7feb90f4c6": { "id": "2da883bf-5741-4eda-8a93-3b7feb90f4c6", "title": "RomethemeKit For Elementor <= 1.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "RomethemeKit For Elementor", "slug": "rometheme-for-elementor", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2da883bf-5741-4eda-8a93-3b7feb90f4c6?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2da965b1-1f8d-4905-9711-bb9ad30f444a": { "id": "2da965b1-1f8d-4905-9711-bb9ad30f444a", "title": "SpiderCalendar <= 1.6.64 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpiderCalendar", "slug": "spider-event-calendar", "affected_versions": { "* - 1.5.65": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2da965b1-1f8d-4905-9711-bb9ad30f444a?source=api-scan" ], "published": "2022-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2da9c3d0-7efb-4c34-bf31-2f17a52c21f9": { "id": "2da9c3d0-7efb-4c34-bf31-2f17a52c21f9", "title": "Local Weather <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Local Weather", "slug": "ultimate-weather-plugin", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2da9c3d0-7efb-4c34-bf31-2f17a52c21f9?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2dabb790-4f5e-447a-ad65-3f62ac7f6176": { "id": "2dabb790-4f5e-447a-ad65-3f62ac7f6176", "title": "LWS Tools <= 2.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LWS Tools", "slug": "lws-tools", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2dabb790-4f5e-447a-ad65-3f62ac7f6176?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2dae6b53-11f3-432c-ad27-940c429055a2": { "id": "2dae6b53-11f3-432c-ad27-940c429055a2", "title": "WPBakery Page Builder Clipboard <= 4.5.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBakery Page Builder Clipboard", "slug": "vc_clipboard", "affected_versions": { "[*, 4.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2dae6b53-11f3-432c-ad27-940c429055a2?source=api-scan" ], "published": "2021-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2db0f9b6-fa03-4dea-b47d-ea070e6d1c4c": { "id": "2db0f9b6-fa03-4dea-b47d-ea070e6d1c4c", "title": "Superlist - Directory WordPress Theme | Directory & Listings <= 2.9.2 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Superlist - Directory WordPress Theme | Directory & Listings", "slug": "superlist", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2db0f9b6-fa03-4dea-b47d-ea070e6d1c4c?source=api-scan" ], "published": "2019-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2db39ae2-6c44-4a4c-84de-9b7041bece37": { "id": "2db39ae2-6c44-4a4c-84de-9b7041bece37", "title": "Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2db39ae2-6c44-4a4c-84de-9b7041bece37?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2db8e79f-e70b-421f-8120-7aa65e704deb": { "id": "2db8e79f-e70b-421f-8120-7aa65e704deb", "title": "MiwoFTP < 1.0.5 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "miwoftp", "slug": "miwoftp", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2db8e79f-e70b-421f-8120-7aa65e704deb?source=api-scan" ], "published": "2015-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2dca6c29-9f05-4d82-90e3-834f1dd8005a": { "id": "2dca6c29-9f05-4d82-90e3-834f1dd8005a", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2dca6c29-9f05-4d82-90e3-834f1dd8005a?source=api-scan" ], "published": "2024-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2dccdaa8-5095-42c4-9ca8-90fb444c0ae4": { "id": "2dccdaa8-5095-42c4-9ca8-90fb444c0ae4", "title": "WordPress Core < 4.8.2 - Stored Cross-Site Scripting via Plugin Names", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2dccdaa8-5095-42c4-9ca8-90fb444c0ae4?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2dce9e9a-a2f3-49a9-a6bc-00328632c654": { "id": "2dce9e9a-a2f3-49a9-a6bc-00328632c654", "title": "Newsletter <= 6.7.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 6.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2dce9e9a-a2f3-49a9-a6bc-00328632c654?source=api-scan" ], "published": "2020-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ddc39a8-57b7-46be-878a-2e1cf3271bd2": { "id": "2ddc39a8-57b7-46be-878a-2e1cf3271bd2", "title": "Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Sliders & Post Grids", "slug": "post-slider-carousel", "affected_versions": { "* - 1.0.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ddc39a8-57b7-46be-878a-2e1cf3271bd2?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ddfb494-1a63-4958-849e-392eec09615d": { "id": "2ddfb494-1a63-4958-849e-392eec09615d", "title": "Formcraft (Unknown Versions) - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "FormCraft", "slug": "formcraft", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ddfb494-1a63-4958-849e-392eec09615d?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2de2d2c5-1373-45b6-93a0-575713226669": { "id": "2de2d2c5-1373-45b6-93a0-575713226669", "title": "WordPress Charts <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Charts", "slug": "wp-charts", "affected_versions": { "* - 0.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2de2d2c5-1373-45b6-93a0-575713226669?source=api-scan" ], "published": "2023-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2de90107-1a7e-4899-ae1e-cb9eeadfe64d": { "id": "2de90107-1a7e-4899-ae1e-cb9eeadfe64d", "title": "CSSable Countdown <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CSSable Countdown", "slug": "cssable-countdown", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2de90107-1a7e-4899-ae1e-cb9eeadfe64d?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2dea1bcb-14c2-4ec9-8a4d-087bac2db486": { "id": "2dea1bcb-14c2-4ec9-8a4d-087bac2db486", "title": "Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 7.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2dea1bcb-14c2-4ec9-8a4d-087bac2db486?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2df2312c-56d7-4899-8342-6f6cf62298e0": { "id": "2df2312c-56d7-4899-8342-6f6cf62298e0", "title": "FormBuilder <= 1.08 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FormBuilder", "slug": "formbuilder", "affected_versions": { "* - 1.08": { "from_version": "*", "from_inclusive": true, "to_version": "1.08", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2df2312c-56d7-4899-8342-6f6cf62298e0?source=api-scan" ], "published": "2022-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2df8570b-c1a2-4a1b-b4d4-fe7a75eb05b6": { "id": "2df8570b-c1a2-4a1b-b4d4-fe7a75eb05b6", "title": "BEAR <= 1.1.4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2df8570b-c1a2-4a1b-b4d4-fe7a75eb05b6?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2df89ab9-5cc2-46cb-99b2-bc864e960a35": { "id": "2df89ab9-5cc2-46cb-99b2-bc864e960a35", "title": "Wp-Insert <= 2.4.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Wp-Insert", "slug": "wp-insert", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2df89ab9-5cc2-46cb-99b2-bc864e960a35?source=api-scan" ], "published": "2018-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2df8ba02-30b0-49af-82cf-a0d2fd994ea2": { "id": "2df8ba02-30b0-49af-82cf-a0d2fd994ea2", "title": "Slider Hero <= 8.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider Hero with Animation, Video Background", "slug": "slider-hero", "affected_versions": { "* - 8.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2df8ba02-30b0-49af-82cf-a0d2fd994ea2?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2dfe5dd0-0dc9-4c64-8972-045325e5a54f": { "id": "2dfe5dd0-0dc9-4c64-8972-045325e5a54f", "title": "Login with phone number <= 1.6.93 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.6.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2dfe5dd0-0dc9-4c64-8972-045325e5a54f?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2dfeeff5-5fcf-445b-af66-33ec873b7e44": { "id": "2dfeeff5-5fcf-445b-af66-33ec873b7e44", "title": "Email Verification for WooCommerce <= 2.8.10 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Customer Email Verification for WooCommerce", "slug": "emails-verification-for-woocommerce", "affected_versions": { "* - 2.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2dfeeff5-5fcf-445b-af66-33ec873b7e44?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e08e1b5-d388-46cf-a9e7-4bab2a09667f": { "id": "2e08e1b5-d388-46cf-a9e7-4bab2a09667f", "title": "Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.5.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e08e1b5-d388-46cf-a9e7-4bab2a09667f?source=api-scan" ], "published": "2019-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e093d1f-9c5a-44f8-bc27-9c320e220358": { "id": "2e093d1f-9c5a-44f8-bc27-9c320e220358", "title": "Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via CR_Manual", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.38.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.38.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.38.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e093d1f-9c5a-44f8-bc27-9c320e220358?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e0ca51c-0536-45ff-a5af-41ef4977179d": { "id": "2e0ca51c-0536-45ff-a5af-41ef4977179d", "title": "SearchWP Live Ajax Search <= 1.6.2 - Directory Traversal and Local File Inclusion", "software": [ { "type": "plugin", "name": "SearchWP Live Ajax Search", "slug": "searchwp-live-ajax-search", "affected_versions": { "1.0 - 1.6.2": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e0ca51c-0536-45ff-a5af-41ef4977179d?source=api-scan" ], "published": "2022-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e0cde65-f75c-4602-bffe-97b391a428b4": { "id": "2e0cde65-f75c-4602-bffe-97b391a428b4", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.38": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e0cde65-f75c-4602-bffe-97b391a428b4?source=api-scan" ], "published": "2024-06-13 19:34:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e10e550-735f-4bef-8e58-bcb79c51a5a6": { "id": "2e10e550-735f-4bef-8e58-bcb79c51a5a6", "title": "Shared Files \u2013 Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.56 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "slug": "shared-files", "affected_versions": { "[*, 1.6.57)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.57", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e10e550-735f-4bef-8e58-bcb79c51a5a6?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e1a68fb-51c6-4567-9a50-78ed44ccac21": { "id": "2e1a68fb-51c6-4567-9a50-78ed44ccac21", "title": "Sermon Browser <= 0.45.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sermon Browser", "slug": "sermon-browser", "affected_versions": { "* - 0.45.22": { "from_version": "*", "from_inclusive": true, "to_version": "0.45.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e1a68fb-51c6-4567-9a50-78ed44ccac21?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e215a5c-7a01-4a1d-b051-3abf742bf573": { "id": "2e215a5c-7a01-4a1d-b051-3abf742bf573", "title": "Free WooCommerce Theme 99fy Extension <= 1.2.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "Free WooCommerce Theme 99fy Extension", "slug": "99fy-core", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e215a5c-7a01-4a1d-b051-3abf742bf573?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e24da0c-13d2-4a3d-b918-0d28e3341d88": { "id": "2e24da0c-13d2-4a3d-b918-0d28e3341d88", "title": "Lifeline Donation <= 1.2.6 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Lifeline Donation", "slug": "lifeline-donation", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e268dfa-7761-4e52-9e97-288c58d2e5c3": { "id": "2e268dfa-7761-4e52-9e97-288c58d2e5c3", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e268dfa-7761-4e52-9e97-288c58d2e5c3?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e27cfff-6763-4e54-af5d-0f4cf23e72f7": { "id": "2e27cfff-6763-4e54-af5d-0f4cf23e72f7", "title": "WordPress Core < 4.0.1 - Server-Side Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.2": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5", "3.8.5", "3.9.3", "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e27cfff-6763-4e54-af5d-0f4cf23e72f7?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e28daa5-cdbb-464c-99d5-09a924c01b41": { "id": "2e28daa5-cdbb-464c-99d5-09a924c01b41", "title": "MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 8.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e28daa5-cdbb-464c-99d5-09a924c01b41?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e29a67b-2b67-4cd5-a5ae-a931900c75cd": { "id": "2e29a67b-2b67-4cd5-a5ae-a931900c75cd", "title": "LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e29a67b-2b67-4cd5-a5ae-a931900c75cd?source=api-scan" ], "published": "2024-07-01 16:23:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e2d54eb-c176-49c4-a4fc-833e17189cad": { "id": "2e2d54eb-c176-49c4-a4fc-833e17189cad", "title": "Matomo <= 4.15.3 - Reflected Cross-Site Scripting via idsite", "software": [ { "type": "plugin", "name": "Matomo Analytics \u2013 Ethical Stats. Powerful Insights.", "slug": "matomo", "affected_versions": { "* - 4.15.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e3194a7-5b3d-4805-9a35-50ebe65aa6ae": { "id": "2e3194a7-5b3d-4805-9a35-50ebe65aa6ae", "title": "MailPoet Newsletters <= 2.6.7 - Authorization Bypass", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e3194a7-5b3d-4805-9a35-50ebe65aa6ae?source=api-scan" ], "published": "2014-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e329432-c404-4312-969b-42cac345637d": { "id": "2e329432-c404-4312-969b-42cac345637d", "title": "UpdraftPlus 1.22.14 to 1.23.2 and UpdraftPlus (Premium) 2.22.14 to 2.23.2 - Privilege Escalation via updraft_central_ajax_handler", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "1.22.14 - 1.23.2": { "from_version": "1.22.14", "from_inclusive": true, "to_version": "1.23.2", "to_inclusive": true }, "2.22.14 - 2.23.2": { "from_version": "2.22.14", "from_inclusive": true, "to_version": "2.23.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.3", "2.23.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e329432-c404-4312-969b-42cac345637d?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e32c51d-2d96-4545-956f-64f65c54b33b": { "id": "2e32c51d-2d96-4545-956f-64f65c54b33b", "title": "Advanced iFrame <= 2023.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced iFrame", "slug": "advanced-iframe", "affected_versions": { "* - 2023.10": { "from_version": "*", "from_inclusive": true, "to_version": "2023.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2024.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e32c51d-2d96-4545-956f-64f65c54b33b?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e405c91-e382-45d0-b01f-37774beeaf8b": { "id": "2e405c91-e382-45d0-b01f-37774beeaf8b", "title": "Ultimate Classified Listings <= 1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Classified Listings", "slug": "ultimate-classified-listings", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e405c91-e382-45d0-b01f-37774beeaf8b?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e42dd1c-adf7-471a-a14a-9038c56413a2": { "id": "2e42dd1c-adf7-471a-a14a-9038c56413a2", "title": "Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Event Tickets and Registration", "slug": "event-tickets", "affected_versions": { "* - 5.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e42dd1c-adf7-471a-a14a-9038c56413a2?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e43b327-c141-480e-a5b2-bba179b3e0a1": { "id": "2e43b327-c141-480e-a5b2-bba179b3e0a1", "title": "Link Library <= 7.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e43b327-c141-480e-a5b2-bba179b3e0a1?source=api-scan" ], "published": "2021-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e45ac7f-faab-4004-8c1b-b9b68f9dfe4c": { "id": "2e45ac7f-faab-4004-8c1b-b9b68f9dfe4c", "title": "Premium Addons for Elementor <=4.2.7 Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "[*, 4.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e45ac7f-faab-4004-8c1b-b9b68f9dfe4c?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e5eee1d-4e0a-4ec2-93ff-86f0b3942ae2": { "id": "2e5eee1d-4e0a-4ec2-93ff-86f0b3942ae2", "title": "Multi Step for Contact Form <= 2.7.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Multi Step for Contact Form 7", "slug": "cf7-multi-step", "affected_versions": { "* - 2.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e5eee1d-4e0a-4ec2-93ff-86f0b3942ae2?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e5fdaae-3ef2-477e-b79b-0b6e415edb40": { "id": "2e5fdaae-3ef2-477e-b79b-0b6e415edb40", "title": "Posts to Page <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Posts to Page", "slug": "posts-to-page", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e5fdaae-3ef2-477e-b79b-0b6e415edb40?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e617d6f-c1cb-4cac-88e2-3142c1ea9fab": { "id": "2e617d6f-c1cb-4cac-88e2-3142c1ea9fab", "title": "Tutor LMS <= 2.7.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e617d6f-c1cb-4cac-88e2-3142c1ea9fab?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e61942e-15ea-468c-b71a-50396d5b2730": { "id": "2e61942e-15ea-468c-b71a-50396d5b2730", "title": "Read and Understood < 2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Read and Understood", "slug": "read-and-understood", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e61942e-15ea-468c-b71a-50396d5b2730?source=api-scan" ], "published": "2018-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e680ed2-36a9-4ca4-8865-4ce58bf8f5d6": { "id": "2e680ed2-36a9-4ca4-8865-4ce58bf8f5d6", "title": "Contact Bank <= 2.0.225 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Bank \u2013 Contact Form Builder for WordPress", "slug": "contact-bank", "affected_versions": { "[*, 2.0.226)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.226", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.226" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e680ed2-36a9-4ca4-8865-4ce58bf8f5d6?source=api-scan" ], "published": "2015-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e69254d-d9e4-4b9e-972e-30bb6de86776": { "id": "2e69254d-d9e4-4b9e-972e-30bb6de86776", "title": "Mailchimp For WP <= 4.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "* - 4.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e69254d-d9e4-4b9e-972e-30bb6de86776?source=api-scan" ], "published": "2017-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e69d666-50de-4c82-9ad4-9ed40fcc7218": { "id": "2e69d666-50de-4c82-9ad4-9ed40fcc7218", "title": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles <= 6.4.6.0 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e69d666-50de-4c82-9ad4-9ed40fcc7218?source=api-scan" ], "published": "2024-09-24 12:05:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e6a78dc-9b67-4ab5-83f9-be82d05d3a13": { "id": "2e6a78dc-9b67-4ab5-83f9-be82d05d3a13", "title": "Shoppable Images <= 1.2.3 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Shoppable Images", "slug": "mabel-shoppable-images-lite", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e6bd1d4-25ba-4475-8840-06f3d614d6d7": { "id": "2e6bd1d4-25ba-4475-8840-06f3d614d6d7", "title": "WP Smart Editor <= 1.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Smart Editor", "slug": "wp-smart-editor", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e6bd1d4-25ba-4475-8840-06f3d614d6d7?source=api-scan" ], "published": "2024-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e6fe647-d243-43ba-b619-d181560cb230": { "id": "2e6fe647-d243-43ba-b619-d181560cb230", "title": "All-in-one Like Widget <= 2.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-one Like Widget", "slug": "all-in-one-facebook-like-widget", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e6fe647-d243-43ba-b619-d181560cb230?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e718554-1096-4a16-968d-f00b65e1361d": { "id": "2e718554-1096-4a16-968d-f00b65e1361d", "title": "ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets", "software": [ { "type": "plugin", "name": "ElementsKit Pro", "slug": "elementskit", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e718554-1096-4a16-968d-f00b65e1361d?source=api-scan" ], "published": "2024-06-14 12:08:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e78c759-4a54-4ee4-8eff-df91fe9dad46": { "id": "2e78c759-4a54-4ee4-8eff-df91fe9dad46", "title": "WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery", "software": [ { "type": "plugin", "name": "WP Remote Users Sync", "slug": "wp-remote-users-sync", "affected_versions": { "* - 1.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e78c759-4a54-4ee4-8eff-df91fe9dad46?source=api-scan" ], "published": "2023-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e7a78e1-8c1a-4fb4-9959-d8fb7f9ee917": { "id": "2e7a78e1-8c1a-4fb4-9959-d8fb7f9ee917", "title": "Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flexi \u2013 Guest Submit", "slug": "flexi", "affected_versions": { "[*, 4.20)": { "from_version": "*", "from_inclusive": true, "to_version": "4.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e7a78e1-8c1a-4fb4-9959-d8fb7f9ee917?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e7afe50-6c62-4c86-8633-f14f8e9412e2": { "id": "2e7afe50-6c62-4c86-8633-f14f8e9412e2", "title": "wpPricing Builder <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Pricing Table Builder \u2013 wpPricing Builder", "slug": "wppricing-builder-lite-responsive-pricing-table-builder", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e7afe50-6c62-4c86-8633-f14f8e9412e2?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e7d5503-0a6e-4611-bb7c-b2871be828be": { "id": "2e7d5503-0a6e-4611-bb7c-b2871be828be", "title": "WPZOOM Portfolio Lite \u2013 Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute", "software": [ { "type": "plugin", "name": "WPZOOM Portfolio Lite \u2013 Filterable Portfolio Plugin", "slug": "wpzoom-portfolio", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e7d5503-0a6e-4611-bb7c-b2871be828be?source=api-scan" ], "published": "2024-08-30 19:36:29", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e7ebc0c-6936-4632-a602-7131c7d8bd6a": { "id": "2e7ebc0c-6936-4632-a602-7131c7d8bd6a", "title": "Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export", "software": [ { "type": "plugin", "name": "Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales", "slug": "woo-thank-you-page-customizer", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e7ebc0c-6936-4632-a602-7131c7d8bd6a?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e806895-40c9-44f5-97f8-becfa52c2559": { "id": "2e806895-40c9-44f5-97f8-becfa52c2559", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'notice' parameter", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e806895-40c9-44f5-97f8-becfa52c2559?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e82478c-e476-4cdf-ab72-f578331058e2": { "id": "2e82478c-e476-4cdf-ab72-f578331058e2", "title": "Exclusive Addons for Elementor <= 2.6.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e82478c-e476-4cdf-ab72-f578331058e2?source=api-scan" ], "published": "2024-05-14 12:34:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb": { "id": "2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb", "title": "WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View", "software": [ { "type": "plugin", "name": "WP Remote Users Sync", "slug": "wp-remote-users-sync", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb?source=api-scan" ], "published": "2023-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e889182-f02f-4b6b-bb98-357fadae3dc1": { "id": "2e889182-f02f-4b6b-bb98-357fadae3dc1", "title": "Ultimate Reviews <= 3.0.15 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Reviews", "slug": "ultimate-reviews", "affected_versions": { "* - 3.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e889182-f02f-4b6b-bb98-357fadae3dc1?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e88aa9e-6d1d-44ba-8d63-2f4d4161bc9e": { "id": "2e88aa9e-6d1d-44ba-8d63-2f4d4161bc9e", "title": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more < 3.4 - SQL Injection", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e88aa9e-6d1d-44ba-8d63-2f4d4161bc9e?source=api-scan" ], "published": "2015-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e8abe63-c11b-48e7-8867-3bc1ab940b1f": { "id": "2e8abe63-c11b-48e7-8867-3bc1ab940b1f", "title": "Improved User Search in Backend <= 1.2.5 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Improved user search in backend", "slug": "improved-user-search-in-backend", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e8abe63-c11b-48e7-8867-3bc1ab940b1f?source=api-scan" ], "published": "2014-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e8f224c-cd22-4926-be24-9da2f22afa50": { "id": "2e8f224c-cd22-4926-be24-9da2f22afa50", "title": "WPML String Translation <= 3.2.5 - Authenticated (Administrator+) SQL Injection via 'context'", "software": [ { "type": "plugin", "name": "WPML String Translation", "slug": "wpml-string-translation", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e8f224c-cd22-4926-be24-9da2f22afa50?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e9291e8-b4f5-4fd1-aded-4690f82f6905": { "id": "2e9291e8-b4f5-4fd1-aded-4690f82f6905", "title": "Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Order Export For WooCommerce", "slug": "woo-order-export-lite", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e9291e8-b4f5-4fd1-aded-4690f82f6905?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e93efec-371c-4050-b24b-e5e978059549": { "id": "2e93efec-371c-4050-b24b-e5e978059549", "title": "Bootstrap Shortcodes Ultimate <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes Ultimate", "slug": "bs-shortcode-ultimate", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e93efec-371c-4050-b24b-e5e978059549?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e9bee86-f491-4f68-b10b-051e0fb1a67b": { "id": "2e9bee86-f491-4f68-b10b-051e0fb1a67b", "title": "Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference'", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e9bee86-f491-4f68-b10b-051e0fb1a67b?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2e9d7776-aa96-47c8-9e31-5484ab65bc66": { "id": "2e9d7776-aa96-47c8-9e31-5484ab65bc66", "title": "Discussion Board <= 2.4.8 - Authenticated (Subscriber+) Content Injection", "software": [ { "type": "plugin", "name": "Discussion Board \u2013 WordPress Forum Plugin", "slug": "wp-discussion-board", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2e9d7776-aa96-47c8-9e31-5484ab65bc66?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ea71d63-27ce-4f24-b3ef-de38e6f25e0d": { "id": "2ea71d63-27ce-4f24-b3ef-de38e6f25e0d", "title": "VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VigilanTor", "slug": "vigilantor", "affected_versions": { "* - 1.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ea71d63-27ce-4f24-b3ef-de38e6f25e0d?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2eac991e-fc34-456c-a9a6-d30fde39fd42": { "id": "2eac991e-fc34-456c-a9a6-d30fde39fd42", "title": "HTML5 MP3 Player with Playlist Free <= 3.0.0 - Authenticated (Author+) PHP Object Injecton", "software": [ { "type": "plugin", "name": "HTML5 MP3 Player with Playlist Free", "slug": "html5-mp3-player-with-playlist", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2eac991e-fc34-456c-a9a6-d30fde39fd42?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1": { "id": "2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1", "title": "Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 2.9.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2eb3b568-8689-4184-8091-0b84aa6b472d": { "id": "2eb3b568-8689-4184-8091-0b84aa6b472d", "title": "Timely Booking Button <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timely Booking Button", "slug": "timely-booking-button", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2eb3b568-8689-4184-8091-0b84aa6b472d?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2eb963dd-41c3-43cd-afb7-1be054829ea3": { "id": "2eb963dd-41c3-43cd-afb7-1be054829ea3", "title": "eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "[*, 2.9.44)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.44", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2eb963dd-41c3-43cd-afb7-1be054829ea3?source=api-scan" ], "published": "2021-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ec35484-8561-4a8c-bf67-0a880f915fb1": { "id": "2ec35484-8561-4a8c-bf67-0a880f915fb1", "title": "Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Share With Floating Bar", "slug": "social-share-with-floating-bar", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ec35484-8561-4a8c-bf67-0a880f915fb1?source=api-scan" ], "published": "2024-10-17 15:47:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ec40d89-9caa-44dc-8577-00fa6463348c": { "id": "2ec40d89-9caa-44dc-8577-00fa6463348c", "title": "Event Tickets with Ticket Scanner <= 1.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Tickets with Ticket Scanner", "slug": "event-tickets-with-ticket-scanner", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ec40d89-9caa-44dc-8577-00fa6463348c?source=api-scan" ], "published": "2023-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ec5d29e-43e2-4cd3-8164-94b01fab4d64": { "id": "2ec5d29e-43e2-4cd3-8164-94b01fab4d64", "title": "Autolinks Manager <= 1.10.04 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Autolinks Manager \u2013 SEO Auto Linker", "slug": "daext-autolinks-manager", "affected_versions": { "* - 1.10.04": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.04", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ec5d29e-43e2-4cd3-8164-94b01fab4d64?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ec6c55d-92c3-4aa0-8baa-746ffdf84ec3": { "id": "2ec6c55d-92c3-4aa0-8baa-746ffdf84ec3", "title": "Bible Text <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bible Text", "slug": "bible-text", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ec6c55d-92c3-4aa0-8baa-746ffdf84ec3?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ec6cf42-291b-452d-ad14-80ae1cd5ec5c": { "id": "2ec6cf42-291b-452d-ad14-80ae1cd5ec5c", "title": "FundEngine \u2013 Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "FundEngine \u2013 Donation and Crowdfunding Platform", "slug": "wp-fundraising-donation", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ec6cf42-291b-452d-ad14-80ae1cd5ec5c?source=api-scan" ], "published": "2024-07-31 15:16:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ec96107-ae41-4886-8a46-5a2d6dd62aae": { "id": "2ec96107-ae41-4886-8a46-5a2d6dd62aae", "title": "Font Farsi <= 1.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Font Farsi", "slug": "font-farsi", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ec96107-ae41-4886-8a46-5a2d6dd62aae?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ec9de0f-5af7-4664-b8ef-72a51b1661d7": { "id": "2ec9de0f-5af7-4664-b8ef-72a51b1661d7", "title": "Otter Blocks PRO \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.11 - Authenticated (Subscriber+) Information Exposure", "software": [ { "type": "plugin", "name": "Otter Blocks PRO \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-pro", "affected_versions": { "* - 2.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ec9de0f-5af7-4664-b8ef-72a51b1661d7?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ed1f200-5a27-4905-ac88-394b214bb430": { "id": "2ed1f200-5a27-4905-ac88-394b214bb430", "title": "WooCommerce < 6.3.1 - Unauthorized Order Status Change", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[3.5, 3.5.10)": { "from_version": "3.5", "from_inclusive": true, "to_version": "3.5.10", "to_inclusive": false }, "[3.6, 3.6.7)": { "from_version": "3.6", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": false }, "[3.7, 3.7.3)": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": false }, "[3.8, 3.8.3)": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": false }, "[3.9, 3.9.5)": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": false }, "[4.0, 4.0.4)": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": false }, "[4.1, 4.1.4)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": false }, "[4.2, 4.2.5)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": false }, "[4.3, 4.3.6)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": false }, "[4.4, 4.4.4)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": false }, "[4.5, 4.5.5)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.5", "to_inclusive": false }, "[4.6, 4.6.5)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": false }, "[4.7, 4.7.4)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": false }, "[4.8, 4.8.3)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": false }, "[4.9, 4.9.5)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.5", "to_inclusive": false }, "[5.0, 5.0.3)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": false }, "[5.1, 5.1.3)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": false }, "[5.2, 5.2.5)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": false }, "[5.3, 5.3.3)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": false }, "[5.4, 5.4.4)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.4", "to_inclusive": false }, "[5.5, 5.5.4)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": false }, "[5.6, 5.6.2)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": false }, "[5.7, 5.7.2)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": false }, "[5.8, 5.8.1)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": false }, "[5.9, 5.9.1)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": false }, "[6.0, 6.0.1)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": false }, "[6.1, 6.1.2)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": false }, "[6.2, 6.2.2)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": false }, "[6.3, 6.3.1)": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.10", "3.6.7", "3.7.3", "3.8.3", "3.9.5", "4.0.4", "4.1.4", "4.2.5", "4.3.6", "4.4.4", "4.5.5", "4.6.5", "4.7.4", "4.8.3", "4.9.5", "5.0.3", "5.1.3", "5.2.5", "5.3.3", "5.4.4", "5.5.4", "5.6.2", "5.7.2", "5.8.1", "5.9.1", "6.0.1", "6.1.2", "6.2.2", "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ed1f200-5a27-4905-ac88-394b214bb430?source=api-scan" ], "published": "2022-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2edb574d-74b7-4f72-91a1-bb6632709b7a": { "id": "2edb574d-74b7-4f72-91a1-bb6632709b7a", "title": "WooCommerce <= 3.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 3.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2edb574d-74b7-4f72-91a1-bb6632709b7a?source=api-scan" ], "published": "2019-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2edc7c4d-598d-4c9c-9aad-ccc97f6a3ac0": { "id": "2edc7c4d-598d-4c9c-9aad-ccc97f6a3ac0", "title": "WooLentor \u2013 WooCommerce Elementor Addons + Builder <= 1.8.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2edc7c4d-598d-4c9c-9aad-ccc97f6a3ac0?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2edd9774-753b-49a4-9f7b-281829a1030e": { "id": "2edd9774-753b-49a4-9f7b-281829a1030e", "title": "MainWP Child Reports <= 2.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MainWP Child Reports", "slug": "mainwp-child-reports", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2edd9774-753b-49a4-9f7b-281829a1030e?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2eddfe94-7232-4d3d-9f3a-f53fc476a012": { "id": "2eddfe94-7232-4d3d-9f3a-f53fc476a012", "title": "Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Arbitrary Post Access via Shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2eddfe94-7232-4d3d-9f3a-f53fc476a012?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2edfceaf-e719-4351-8f5c-2d7dd401c84e": { "id": "2edfceaf-e719-4351-8f5c-2d7dd401c84e", "title": "Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2edfceaf-e719-4351-8f5c-2d7dd401c84e?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ee3d536-6d7b-41dc-9d63-52b9b4facf73": { "id": "2ee3d536-6d7b-41dc-9d63-52b9b4facf73", "title": "Easy Digital Downloads (EDD) Digital Store < 1.3.3 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Easy Digital Downloads (EDD) Digital Store", "slug": "digital-store", "affected_versions": { "[*, 1.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ee3d536-6d7b-41dc-9d63-52b9b4facf73?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ee6ffb3-9a4a-4564-bfef-116a12268c3c": { "id": "2ee6ffb3-9a4a-4564-bfef-116a12268c3c", "title": "Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ee6ffb3-9a4a-4564-bfef-116a12268c3c?source=api-scan" ], "published": "2021-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ee837fd-a41e-44f2-81e8-258a7d8547bd": { "id": "2ee837fd-a41e-44f2-81e8-258a7d8547bd", "title": "TheAgency (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "TheAgency", "slug": "theagency", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ee837fd-a41e-44f2-81e8-258a7d8547bd?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2eeeb4b5-972b-471b-8f0f-a198640fc894": { "id": "2eeeb4b5-972b-471b-8f0f-a198640fc894", "title": "Memphis Documents Library <= 2.6.16 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Memphis Documents Library", "slug": "memphis-documents-library", "affected_versions": { "* - 2.6.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2eeeb4b5-972b-471b-8f0f-a198640fc894?source=api-scan" ], "published": "2015-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ef0ab24-ec21-4d23-980d-71a23bf20f9e": { "id": "2ef0ab24-ec21-4d23-980d-71a23bf20f9e", "title": "Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.", "slug": "responsive-add-ons", "affected_versions": { "[*, 2.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ef0ab24-ec21-4d23-980d-71a23bf20f9e?source=api-scan" ], "published": "2020-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ef15cb1-b320-42d9-a2fd-afff2ec8a93b": { "id": "2ef15cb1-b320-42d9-a2fd-afff2ec8a93b", "title": "Forminator <= 1.22.1 - Missing Authorization on 'load_hcaptcha_preview' AJAX function", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.22.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ef15cb1-b320-42d9-a2fd-afff2ec8a93b?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ef2ded1-dd56-4c33-98dc-d4c69e66568f": { "id": "2ef2ded1-dd56-4c33-98dc-d4c69e66568f", "title": "Code Embed <= 2.3.6 - Authenticated(Contributor+) Denial of Service", "software": [ { "type": "plugin", "name": "Code Embed", "slug": "simple-embed-code", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ef2ded1-dd56-4c33-98dc-d4c69e66568f?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ef3c7fb-27f5-4829-8cb6-d3a52778a689": { "id": "2ef3c7fb-27f5-4829-8cb6-d3a52778a689", "title": "ProfileGrid \u2013 User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ef3c7fb-27f5-4829-8cb6-d3a52778a689?source=api-scan" ], "published": "2024-07-09 15:34:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ef53c2c-01fb-41b6-b329-d952ce3424e8": { "id": "2ef53c2c-01fb-41b6-b329-d952ce3424e8", "title": "UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ef53c2c-01fb-41b6-b329-d952ce3424e8?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ef5a8f1-ed3c-48bb-9554-b42e9e8d645d": { "id": "2ef5a8f1-ed3c-48bb-9554-b42e9e8d645d", "title": "Curtain < 1.0.2 - Unauthenticated Maintenance Mode Enabled\/Disable", "software": [ { "type": "plugin", "name": "Curtain", "slug": "curtain", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ef5a8f1-ed3c-48bb-9554-b42e9e8d645d?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52": { "id": "2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52", "title": "Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Waiting: One-click countdowns", "slug": "waiting", "affected_versions": { "* - 0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ef5e73e-a627-4e9c-9784-493ace5c8614": { "id": "2ef5e73e-a627-4e9c-9784-493ace5c8614", "title": "Webcam Video Conference <= 4.91.8 - Unrestricted File Upload leading to Remote Code Execuction", "software": [ { "type": "plugin", "name": "Webcam Video Conference", "slug": "videowhisper-video-conference-integration", "affected_versions": { "* - 4.91.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.91.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.91.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ef5e73e-a627-4e9c-9784-493ace5c8614?source=api-scan" ], "published": "2015-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2efbb0af-fda5-4c1b-a495-24fa7efc689e": { "id": "2efbb0af-fda5-4c1b-a495-24fa7efc689e", "title": "Post Connector <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Connector", "slug": "post-connector", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2efbb0af-fda5-4c1b-a495-24fa7efc689e?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2efeffa2-b21a-4aa1-93b0-51c775758ab1": { "id": "2efeffa2-b21a-4aa1-93b0-51c775758ab1", "title": "Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery to Stored Cross-Site Scripting via azh_save", "software": [ { "type": "plugin", "name": "Page Builder with Image Map by AZEXO", "slug": "page-builder-by-azexo", "affected_versions": { "* - 1.27.133": { "from_version": "*", "from_inclusive": true, "to_version": "1.27.133", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2efeffa2-b21a-4aa1-93b0-51c775758ab1?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f025b73-9a1a-4890-90ef-700f73ac018f": { "id": "2f025b73-9a1a-4890-90ef-700f73ac018f", "title": "WP Activity Log <= 1.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f025b73-9a1a-4890-90ef-700f73ac018f?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f032d32-9e7d-4510-b4ea-4b57c0b80977": { "id": "2f032d32-9e7d-4510-b4ea-4b57c0b80977", "title": "Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via Product Title", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "[*, 6.1.81)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.81", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f032d32-9e7d-4510-b4ea-4b57c0b80977?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f060ea1-01e2-4e5b-82ba-b5cdd0d8290a": { "id": "2f060ea1-01e2-4e5b-82ba-b5cdd0d8290a", "title": "WP Activity Log Premium <= 4.6.4 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Activity Log Premium", "slug": "wp-security-audit-log-premium", "affected_versions": { "* - 4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f060ea1-01e2-4e5b-82ba-b5cdd0d8290a?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f0d4f48-a315-4308-a5b6-7d3f045b292f": { "id": "2f0d4f48-a315-4308-a5b6-7d3f045b292f", "title": "WordPress Core < 6.0.3 - Information Disclosure (Multi-Part Email Leak)", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f0d4f48-a315-4308-a5b6-7d3f045b292f?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f0e19bc-cc1f-4804-ae81-8aa7905ce037": { "id": "2f0e19bc-cc1f-4804-ae81-8aa7905ce037", "title": "Sign-up Sheets <= 1.0.13 - Authenticated CSV Injection", "software": [ { "type": "plugin", "name": "Sign-up Sheets", "slug": "sign-up-sheets", "affected_versions": { "[*, 1.0.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f0e19bc-cc1f-4804-ae81-8aa7905ce037?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f127fe5-67b8-40e1-a916-c607410b08b3": { "id": "2f127fe5-67b8-40e1-a916-c607410b08b3", "title": "Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion", "software": [ { "type": "plugin", "name": "Product Designer", "slug": "product-designer", "affected_versions": { "* - 1.0.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f127fe5-67b8-40e1-a916-c607410b08b3?source=api-scan" ], "published": "2024-07-08 19:40:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f14b0b9-6ccd-4f53-b015-e8537127b909": { "id": "2f14b0b9-6ccd-4f53-b015-e8537127b909", "title": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f14b0b9-6ccd-4f53-b015-e8537127b909?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f1b0b50-663f-40ff-803e-a20d7c7ea980": { "id": "2f1b0b50-663f-40ff-803e-a20d7c7ea980", "title": "Mobile Address Bar Changer <= 3.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Mobile Address Bar Changer", "slug": "mobile-address-bar-changer", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f1b0b50-663f-40ff-803e-a20d7c7ea980?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f1f7414-c399-4f1d-8003-f9899a701c2c": { "id": "2f1f7414-c399-4f1d-8003-f9899a701c2c", "title": "WPBITS Addons For Elementor Page Builder <= 1.3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBITS Addons For Elementor Page Builder", "slug": "wpbits-addons-for-elementor", "affected_versions": { "* - 1.3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f1f7414-c399-4f1d-8003-f9899a701c2c?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f21139b-75ef-4631-b88d-23eebbdefee0": { "id": "2f21139b-75ef-4631-b88d-23eebbdefee0", "title": "Cost Calculator <= 1.8 - Authenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Cost Calculator", "slug": "nd-projects", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f21139b-75ef-4631-b88d-23eebbdefee0?source=api-scan" ], "published": "2022-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f226493-4787-4d99-999d-3e3916a8c41d": { "id": "2f226493-4787-4d99-999d-3e3916a8c41d", "title": "AdRotate \u2013 Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Advert Names", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "[*, 5.8.23)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f226493-4787-4d99-999d-3e3916a8c41d?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f257c92-1529-49c8-a140-567ba5c36d04": { "id": "2f257c92-1529-49c8-a140-567ba5c36d04", "title": "Peter\u2019s Random Anti-Spam Image <= 1.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Peter's Random Anti-Spam Image", "slug": "peters-random-anti-spam-image", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f257c92-1529-49c8-a140-567ba5c36d04?source=api-scan" ], "published": "2007-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f280d50-196b-43a9-83f8-713d84ea1a00": { "id": "2f280d50-196b-43a9-83f8-713d84ea1a00", "title": "WP GoToWebinar <= 15.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP GoToWebinar", "slug": "wp-gotowebinar", "affected_versions": { "* - 15.7": { "from_version": "*", "from_inclusive": true, "to_version": "15.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f280d50-196b-43a9-83f8-713d84ea1a00?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f2bdf11-401a-48af-b1dc-aeeb40b9a384": { "id": "2f2bdf11-401a-48af-b1dc-aeeb40b9a384", "title": "News & Blog Designer Pack \u2013 WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion", "software": [ { "type": "plugin", "name": "Blog Grid & Post Grid \u2013 Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack", "slug": "blog-designer-pack", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f2ed813-3bf3-4ee3-a030-778cbd93bba3": { "id": "2f2ed813-3bf3-4ee3-a030-778cbd93bba3", "title": "Chat Button <= 1.8.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Chat Button & Custom ChatGPT-Powered Bot by GetButton.io", "slug": "whatshelp-chat-button", "affected_versions": { "* - 1.8.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f2ed813-3bf3-4ee3-a030-778cbd93bba3?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f2fb51b-984c-4b82-98d4-9a681a1855a7": { "id": "2f2fb51b-984c-4b82-98d4-9a681a1855a7", "title": "DX-auto-save-images <= 1.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DX-auto-save-images", "slug": "dx-auto-save-images", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f2fb51b-984c-4b82-98d4-9a681a1855a7?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f3328c2-290f-410b-a6c8-2825d415f511": { "id": "2f3328c2-290f-410b-a6c8-2825d415f511", "title": "Web Instant Messenger <= 1.1.2 and LocalWeb In One <= 1.6.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Web Instant Messenger", "slug": "web-instant-messenger", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "LocalWeb All In One", "slug": "lw-all-in-one", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f3328c2-290f-410b-a6c8-2825d415f511?source=api-scan" ], "published": "2020-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f340cfe-0829-444a-a67d-867ac8650b21": { "id": "2f340cfe-0829-444a-a67d-867ac8650b21", "title": "Kento Post View Counter <= 2.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kento Post View Counter", "slug": "kento-post-view-counter", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f340cfe-0829-444a-a67d-867ac8650b21?source=api-scan" ], "published": "2016-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f34854a-5ca1-48a3-81d5-80f80f3a85fc": { "id": "2f34854a-5ca1-48a3-81d5-80f80f3a85fc", "title": "WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Forms Puzzle Captcha", "slug": "wp-forms-puzzle-captcha", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f34854a-5ca1-48a3-81d5-80f80f3a85fc?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f3ad1e0-1ae3-44cd-aa2a-dbb3a1b531f9": { "id": "2f3ad1e0-1ae3-44cd-aa2a-dbb3a1b531f9", "title": "FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter", "software": [ { "type": "plugin", "name": "FULL \u2013 Cliente", "slug": "full-customer", "affected_versions": { "* - 3.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f3ad1e0-1ae3-44cd-aa2a-dbb3a1b531f9?source=api-scan" ], "published": "2024-07-10 11:26:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f3c706f-fcce-4bcb-9773-ced011bf6407": { "id": "2f3c706f-fcce-4bcb-9773-ced011bf6407", "title": "Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions", "software": [ { "type": "plugin", "name": "Inactive User Deleter", "slug": "inactive-user-deleter", "affected_versions": { "* - 1.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f3c706f-fcce-4bcb-9773-ced011bf6407?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f47a01d-b259-465e-bec1-9079987dc5a5": { "id": "2f47a01d-b259-465e-bec1-9079987dc5a5", "title": "Kiwi Social Share <= 2.0.10 - Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Kiwi", "slug": "kiwi-social-share", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f47a01d-b259-465e-bec1-9079987dc5a5?source=api-scan" ], "published": "2018-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f4888e1-98b3-48d9-a2d8-416eae447a32": { "id": "2f4888e1-98b3-48d9-a2d8-416eae447a32", "title": "Grey Opaque <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Download-Button Shortcode", "software": [ { "type": "theme", "name": "Grey Opaque", "slug": "grey-opaque", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f4888e1-98b3-48d9-a2d8-416eae447a32?source=api-scan" ], "published": "2024-06-21 15:09:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f499d5e-eb27-4611-af27-ac9fd6a9f044": { "id": "2f499d5e-eb27-4611-af27-ac9fd6a9f044", "title": "Accept Stripe Payments <= 2.0.79 - Unauthenticated Content Injection", "software": [ { "type": "plugin", "name": "Accept Stripe Payments", "slug": "stripe-payments", "affected_versions": { "* - 2.0.79": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.79", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.80" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f499d5e-eb27-4611-af27-ac9fd6a9f044?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f4a0b8d-0f3b-4ab1-929e-071b45781ca7": { "id": "2f4a0b8d-0f3b-4ab1-929e-071b45781ca7", "title": "WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WassUp Real Time Analytics", "slug": "wassup", "affected_versions": { "[*, 1.8.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f4a0b8d-0f3b-4ab1-929e-071b45781ca7?source=api-scan" ], "published": "2012-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f4e5f34-c107-44da-9f73-e7b25f83e803": { "id": "2f4e5f34-c107-44da-9f73-e7b25f83e803", "title": "YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Preview Module", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f4e5f34-c107-44da-9f73-e7b25f83e803?source=api-scan" ], "published": "2021-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f516d1d-530b-4902-82c5-916478669232": { "id": "2f516d1d-530b-4902-82c5-916478669232", "title": "MyWaze <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "MyWaze", "slug": "my-waze", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f516d1d-530b-4902-82c5-916478669232?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f51c73c-0eea-43b1-afae-ee8e8708a3d3": { "id": "2f51c73c-0eea-43b1-afae-ee8e8708a3d3", "title": "YITH WooCommerce Product Add-Ons <= 4.9.2 - Unauthenticated Content Injection", "software": [ { "type": "plugin", "name": "YITH WooCommerce Product Add-Ons", "slug": "yith-woocommerce-product-add-ons", "affected_versions": { "* - 4.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f51c73c-0eea-43b1-afae-ee8e8708a3d3?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f52298b-344b-4561-b1bf-93bea95a3e53": { "id": "2f52298b-344b-4561-b1bf-93bea95a3e53", "title": "Piotnet Forms Plugin <= 1.0.28 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Piotnet Forms", "slug": "piotnetforms", "affected_versions": { "* - 1.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f52298b-344b-4561-b1bf-93bea95a3e53?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f533b3a-6d25-4c74-929f-ee4ee3a62926": { "id": "2f533b3a-6d25-4c74-929f-ee4ee3a62926", "title": "cformsII <= 14.12.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "[*, 14.13)": { "from_version": "*", "from_inclusive": true, "to_version": "14.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "14.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f533b3a-6d25-4c74-929f-ee4ee3a62926?source=api-scan" ], "published": "2017-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f557c6e-2fbd-478d-8dc3-cdc550e523b7": { "id": "2f557c6e-2fbd-478d-8dc3-cdc550e523b7", "title": "Mega Addons For Elementor <= 1.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Mega Addons For Elementor", "slug": "ultimate-addons-for-elementor", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f557c6e-2fbd-478d-8dc3-cdc550e523b7?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f58df1f-66f7-4e3d-af6d-08174653a2ad": { "id": "2f58df1f-66f7-4e3d-af6d-08174653a2ad", "title": "Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "Hello World", "slug": "hello-world", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f58df1f-66f7-4e3d-af6d-08174653a2ad?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f5d874a-d70e-4d3f-a9aa-d24707a3f7f4": { "id": "2f5d874a-d70e-4d3f-a9aa-d24707a3f7f4", "title": "WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Bulk Stock Management", "slug": "woocommerce-bulk-stock-management", "affected_versions": { "* - 2.2.33": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f5d874a-d70e-4d3f-a9aa-d24707a3f7f4?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f621cfa-d02e-4414-bb1d-6e23da3c92b9": { "id": "2f621cfa-d02e-4414-bb1d-6e23da3c92b9", "title": "Themify \u2013 WooCommerce Product Filter <= 1.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify \u2013 WooCommerce Product Filter", "slug": "themify-wc-product-filter", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f621cfa-d02e-4414-bb1d-6e23da3c92b9?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f6656e2-35f5-41d8-a330-7904c296ba29": { "id": "2f6656e2-35f5-41d8-a330-7904c296ba29", "title": "Google Map Shortcode <= 3.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Google Map Shortcode", "slug": "google-map-shortcode", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f6656e2-35f5-41d8-a330-7904c296ba29?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f6669aa-e53c-45bb-88c4-2e1350993423": { "id": "2f6669aa-e53c-45bb-88c4-2e1350993423", "title": "BuddyForms <= 2.7.7 - PHAR Deserialization", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f6669aa-e53c-45bb-88c4-2e1350993423?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f66f2ae-af54-4dfa-9cd2-c7ff3a3e865e": { "id": "2f66f2ae-af54-4dfa-9cd2-c7ff3a3e865e", "title": "Affiliate Ads for Clickbank Products < 1.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliate Ads for Clickbank Products", "slug": "affiliate-ads-builder-for-clickbank-products", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f66f2ae-af54-4dfa-9cd2-c7ff3a3e865e?source=api-scan" ], "published": "2017-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f673be3-04fe-4a42-ae50-9cf4fd5e63d5": { "id": "2f673be3-04fe-4a42-ae50-9cf4fd5e63d5", "title": "Saan World Clock <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Saan World Clock", "slug": "saan-world-clock", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f673be3-04fe-4a42-ae50-9cf4fd5e63d5?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f715a80-ec70-4f1e-8ec9-c6f70173e5d7": { "id": "2f715a80-ec70-4f1e-8ec9-c6f70173e5d7", "title": "NextScripts: Social Networks Auto-Poster <= 4.3.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "* - 4.3.20": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f715a80-ec70-4f1e-8ec9-c6f70173e5d7?source=api-scan" ], "published": "2021-11-28 10:14:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f72c94f-b0b6-464b-8bc7-df3d75b22edb": { "id": "2f72c94f-b0b6-464b-8bc7-df3d75b22edb", "title": "Simple Share Buttons Adder <= 4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Share Buttons Adder", "slug": "simple-share-buttons-adder", "affected_versions": { "[*, 4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f72c94f-b0b6-464b-8bc7-df3d75b22edb?source=api-scan" ], "published": "2014-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f72e5bb-e076-4379-8699-e399761c043f": { "id": "2f72e5bb-e076-4379-8699-e399761c043f", "title": "WP Simple Booking Calendar <= 2.0.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Simple Booking Calendar", "slug": "wp-simple-booking-calendar", "affected_versions": { "* - 2.0.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f72e5bb-e076-4379-8699-e399761c043f?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f760821-98d4-4154-a4ae-861283f991f8": { "id": "2f760821-98d4-4154-a4ae-861283f991f8", "title": "wp tell a friend popup form <= 7.1 - Cross-Site Request Forgery via 'TellAFriend_admin'", "software": [ { "type": "plugin", "name": "wp tell a friend popup form", "slug": "wp-tell-a-friend-popup-form", "affected_versions": { "* - 7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f760821-98d4-4154-a4ae-861283f991f8?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f7c1848-d49f-4f34-8869-3ddbdccdc38f": { "id": "2f7c1848-d49f-4f34-8869-3ddbdccdc38f", "title": "Checkout Files Upload for WooCommerce <= 2.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Checkout Files Upload for WooCommerce", "slug": "checkout-files-upload-woocommerce", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f7c1848-d49f-4f34-8869-3ddbdccdc38f?source=api-scan" ], "published": "2022-05-04 06:49:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f7d7ceb-b6f0-4b63-93f7-632c13a6b496": { "id": "2f7d7ceb-b6f0-4b63-93f7-632c13a6b496", "title": "Slideshow <= 2.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow", "slug": "slideshow-jquery-image-gallery", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f7d7ceb-b6f0-4b63-93f7-632c13a6b496?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f80c3b9-5148-42eb-9137-9c538184cda3": { "id": "2f80c3b9-5148-42eb-9137-9c538184cda3", "title": "GI-Media Library < 3.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "GI-Media Library", "slug": "gi-media-library", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f80c3b9-5148-42eb-9137-9c538184cda3?source=api-scan" ], "published": "2015-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f835944-fd27-4f7e-a10d-330fd0fe4ff4": { "id": "2f835944-fd27-4f7e-a10d-330fd0fe4ff4", "title": "WP Table Manager <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Table Manager", "slug": "wp-table-manager", "affected_versions": { "[*, 3.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f835944-fd27-4f7e-a10d-330fd0fe4ff4?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f89bb45-2872-4081-a3b8-a1f11bbdbc55": { "id": "2f89bb45-2872-4081-a3b8-a1f11bbdbc55", "title": "Mhr Post Ticker <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mhr Post Ticker", "slug": "mhr-post-ticker", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f89bb45-2872-4081-a3b8-a1f11bbdbc55?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f8dcbd2-af51-4cc9-9962-53fe644985e1": { "id": "2f8dcbd2-af51-4cc9-9962-53fe644985e1", "title": "Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Constant Contact Forms by MailMunch", "slug": "constant-contact-forms-by-mailmunch", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f8dcbd2-af51-4cc9-9962-53fe644985e1?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f8f6ade-84a2-4a42-9208-a74f5ebe19b3": { "id": "2f8f6ade-84a2-4a42-9208-a74f5ebe19b3", "title": "Welcart e-Commerce <= 1.8.2 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f8f6ade-84a2-4a42-9208-a74f5ebe19b3?source=api-scan" ], "published": "2016-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f905c0b-6b70-42bf-bf48-6f4eb785bfb8": { "id": "2f905c0b-6b70-42bf-bf48-6f4eb785bfb8", "title": "Logo Slider <= 1.4.8 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Logo Slider", "slug": "logo-slider", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f905c0b-6b70-42bf-bf48-6f4eb785bfb8?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f975d32-a008-46a9-bc00-420610464ecb": { "id": "2f975d32-a008-46a9-bc00-420610464ecb", "title": "WordPress Uninstall <= 1.2.1 - Cross-Site Request Forgery to Site Reset", "software": [ { "type": "plugin", "name": "WordPress Uninstall", "slug": "uninstall", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f975d32-a008-46a9-bc00-420610464ecb?source=api-scan" ], "published": "2015-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f9853a2-c378-42bf-a12b-392823750942": { "id": "2f9853a2-c378-42bf-a12b-392823750942", "title": "Popup Builder <= 4.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f9853a2-c378-42bf-a12b-392823750942?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2f9a3883-9755-4de8-9d60-113238b3c0ac": { "id": "2f9a3883-9755-4de8-9d60-113238b3c0ac", "title": "Simply Exclude <= 2.0.6.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simply Exclude", "slug": "simply-exclude", "affected_versions": { "* - 2.0.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2f9a3883-9755-4de8-9d60-113238b3c0ac?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fa2fcda-69f4-4095-b23c-6e6f1613adb0": { "id": "2fa2fcda-69f4-4095-b23c-6e6f1613adb0", "title": "HT Easy GA4 ( Google Analytics 4 ) <= 1.0.6 - Cross-Site Request Forgery via plugin_activation", "software": [ { "type": "plugin", "name": "HT Easy GA4 \u2013 Google Analytics WordPress Plugin", "slug": "ht-easy-google-analytics", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fa2fcda-69f4-4095-b23c-6e6f1613adb0?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fa62862-5b98-4864-9bf1-4e05deedeb9d": { "id": "2fa62862-5b98-4864-9bf1-4e05deedeb9d", "title": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock <= 2.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "slug": "countdown-builder", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fa62862-5b98-4864-9bf1-4e05deedeb9d?source=api-scan" ], "published": "2022-04-28 11:45:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2facf62b-33cf-4438-a501-f96730077fa2": { "id": "2facf62b-33cf-4438-a501-f96730077fa2", "title": "WordPress Poll <= 36 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Poll", "slug": "cardoza-wordpress-poll", "affected_versions": { "* - 36": { "from_version": "*", "from_inclusive": true, "to_version": "36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2facf62b-33cf-4438-a501-f96730077fa2?source=api-scan" ], "published": "2020-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fb28dab-1c65-47da-98f7-9eecf5f7466d": { "id": "2fb28dab-1c65-47da-98f7-9eecf5f7466d", "title": "Smash Balloon Social Post Feed <= 4.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smash Balloon Social Post Feed \u2013 Simple Social Feeds for WordPress", "slug": "custom-facebook-feed", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fb28dab-1c65-47da-98f7-9eecf5f7466d?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fb9dc9f-1ba5-4a2c-bead-3c3a6deb61b1": { "id": "2fb9dc9f-1ba5-4a2c-bead-3c3a6deb61b1", "title": "Get Your Number <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Get your number", "slug": "get-your-number", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fb9dc9f-1ba5-4a2c-bead-3c3a6deb61b1?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fbacaf2-0b3e-4d1e-adc3-c501a6c4c816": { "id": "2fbacaf2-0b3e-4d1e-adc3-c501a6c4c816", "title": "Funnel Kit Funnel Builder PRO <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via allow_iframe_tag_in_post", "software": [ { "type": "plugin", "name": "FunnelKit Funnel Builder Pro", "slug": "funnel-builder-pro", "affected_versions": { "* - 3.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fbacaf2-0b3e-4d1e-adc3-c501a6c4c816?source=api-scan" ], "published": "2024-08-28 15:12:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fbeee6b-cbc0-462e-96ba-2fd4f54786b0": { "id": "2fbeee6b-cbc0-462e-96ba-2fd4f54786b0", "title": "Fotomoto <= 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fotomoto", "slug": "fotomoto", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fbeee6b-cbc0-462e-96ba-2fd4f54786b0?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fc806fe-bf12-4e70-84a2-2027102e5b9b": { "id": "2fc806fe-bf12-4e70-84a2-2027102e5b9b", "title": "ResponsiveVoice Text To Speech <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "ResponsiveVoice Text To Speech", "slug": "responsivevoice-text-to-speech", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fc806fe-bf12-4e70-84a2-2027102e5b9b?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fca8dba-9fe7-4ce1-8903-589e42e5604d": { "id": "2fca8dba-9fe7-4ce1-8903-589e42e5604d", "title": "Social Warfare <= 3.5.2 - Unauthenticated Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Social Warfare", "slug": "social-warfare", "affected_versions": { "[*, 3.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fca8dba-9fe7-4ce1-8903-589e42e5604d?source=api-scan" ], "published": "2019-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fcbd6c5-dd03-439c-b6b8-54b0c24a1c27": { "id": "2fcbd6c5-dd03-439c-b6b8-54b0c24a1c27", "title": "WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fcbd6c5-dd03-439c-b6b8-54b0c24a1c27?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fd0073c-3f75-4783-838d-d01fdea008c1": { "id": "2fd0073c-3f75-4783-838d-d01fdea008c1", "title": "PDF File Browser <= 1.3 - Remote Code Execution", "software": [ { "type": "plugin", "name": "PDF File Browser", "slug": "pdw-file-browser", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fd0073c-3f75-4783-838d-d01fdea008c1?source=api-scan" ], "published": "2020-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fd58397-7598-4d98-a6b3-c5837cb3b73e": { "id": "2fd58397-7598-4d98-a6b3-c5837cb3b73e", "title": "WP Armour Honeypot Anti Spam <= 1.5.6 -Cross-Site Request Forgery to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WP Armour \u2013 Honeypot Anti Spam", "slug": "honeypot", "affected_versions": { "[*, 1.5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fd58397-7598-4d98-a6b3-c5837cb3b73e?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fd7d6af-a938-4106-aed2-12b9a5454da9": { "id": "2fd7d6af-a938-4106-aed2-12b9a5454da9", "title": "secure-files <= 1.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "secure-files", "slug": "secure-files", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fd7d6af-a938-4106-aed2-12b9a5454da9?source=api-scan" ], "published": "2005-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fdc32a4-adf8-4174-924b-5d0b763d010c": { "id": "2fdc32a4-adf8-4174-924b-5d0b763d010c", "title": "InfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "InfiniteWP Client", "slug": "iwp-client", "affected_versions": { "* - 1.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fdc32a4-adf8-4174-924b-5d0b763d010c?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fdf2020-ad80-44c3-89b6-fc2ba067cd33": { "id": "2fdf2020-ad80-44c3-89b6-fc2ba067cd33", "title": "Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fdf2020-ad80-44c3-89b6-fc2ba067cd33?source=api-scan" ], "published": "2024-05-17 14:41:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fe11179-6e18-44ae-a5f9-334e334cff73": { "id": "2fe11179-6e18-44ae-a5f9-334e334cff73", "title": "WP Google Review Slider <= 13.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Google Review Slider", "slug": "wp-google-places-review-slider", "affected_versions": { "* - 13.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fe11179-6e18-44ae-a5f9-334e334cff73?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fe34989-493c-4883-a1ca-454262919202": { "id": "2fe34989-493c-4883-a1ca-454262919202", "title": "Yoast SEO <= 2.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fe34989-493c-4883-a1ca-454262919202?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fe44e46-dfbf-4286-889c-606280d62218": { "id": "2fe44e46-dfbf-4286-889c-606280d62218", "title": "Five Star Restaurant Reviews <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Review URL", "software": [ { "type": "plugin", "name": "Five Star Restaurant Reviews", "slug": "good-reviews-wp", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fe44e46-dfbf-4286-889c-606280d62218?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2feabc97-0463-4e50-91a8-234445ca2504": { "id": "2feabc97-0463-4e50-91a8-234445ca2504", "title": "PowerPack Pro for Elementor <= 2.9.23 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack Pro for Elementor", "slug": "powerpack-elements", "affected_versions": { "* - 2.9.23": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2feabc97-0463-4e50-91a8-234445ca2504?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fef8861-e992-474b-b006-ebb3cb8e4cf4": { "id": "2fef8861-e992-474b-b006-ebb3cb8e4cf4", "title": "Ahmeti Wp Timeline <= 5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ahmeti Wp Timeline", "slug": "ahmeti-wp-timeline", "affected_versions": { "* - 5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fef8861-e992-474b-b006-ebb3cb8e4cf4?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2fefcc8c-3864-4764-86e7-678d8604fd67": { "id": "2fefcc8c-3864-4764-86e7-678d8604fd67", "title": "Ricerca smart and advanced search <= 1.0.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ricerca \u2013 advanced search", "slug": "ricerca-smart-search", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2fefcc8c-3864-4764-86e7-678d8604fd67?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ff43e5d-bffd-4e2b-a6de-938559cd6f02": { "id": "2ff43e5d-bffd-4e2b-a6de-938559cd6f02", "title": "WPFunnels <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde", "software": [ { "type": "plugin", "name": "Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels", "slug": "wpfunnels", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ff43e5d-bffd-4e2b-a6de-938559cd6f02?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ff5094a-8cf2-4c18-921d-7ec31d60c13a": { "id": "2ff5094a-8cf2-4c18-921d-7ec31d60c13a", "title": "KBucket: Your Curated Content in WordPress <= 4.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "KBucket: Your Curated Content in WordPress", "slug": "kbucket", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ff5094a-8cf2-4c18-921d-7ec31d60c13a?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ff83bf5-369f-43b9-b073-daf0de9051c7": { "id": "2ff83bf5-369f-43b9-b073-daf0de9051c7", "title": "Zephyr Project Manager <= 3.2.42 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "[*, 3.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ff83bf5-369f-43b9-b073-daf0de9051c7?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "2ff866c0-1b4c-4ad8-bde3-353ed0f44f42": { "id": "2ff866c0-1b4c-4ad8-bde3-353ed0f44f42", "title": "copy-me <= 1.0.0 - Missing Authorization & Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "copy-me", "slug": "copy-me", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/2ff866c0-1b4c-4ad8-bde3-353ed0f44f42?source=api-scan" ], "published": "2016-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3000b140-2e38-463d-9128-b486293e3cf6": { "id": "3000b140-2e38-463d-9128-b486293e3cf6", "title": "Icegram <= 3.1.18 - Cross-Site Request Forgery via save_campaign_preview", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 3.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3000b140-2e38-463d-9128-b486293e3cf6?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3001829b-f63b-4b99-91a0-53d615ac96c1": { "id": "3001829b-f63b-4b99-91a0-53d615ac96c1", "title": "SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings", "software": [ { "type": "plugin", "name": "SearchIQ \u2013 The Search Solution", "slug": "searchiq", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3001829b-f63b-4b99-91a0-53d615ac96c1?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3003bd3b-aee5-4bac-9a62-e747f544d2bd": { "id": "3003bd3b-aee5-4bac-9a62-e747f544d2bd", "title": "Dave's WordPress Live Search <= 4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dave's WordPress Live Search", "slug": "daves-wordpress-live-search", "affected_versions": { "[*, 4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3003bd3b-aee5-4bac-9a62-e747f544d2bd?source=api-scan" ], "published": "2017-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3005c53e-eb09-479f-a4e4-b8d40583d80d": { "id": "3005c53e-eb09-479f-a4e4-b8d40583d80d", "title": "Resume Builder <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Resume Builder", "slug": "resume-builder", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3005c53e-eb09-479f-a4e4-b8d40583d80d?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "300b24af-10a1-45b9-87ec-7c98dc94e76b": { "id": "300b24af-10a1-45b9-87ec-7c98dc94e76b", "title": "Colibri Page Builder <= 1.0.239 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.239": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.239", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.240" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/300b24af-10a1-45b9-87ec-7c98dc94e76b?source=api-scan" ], "published": "2023-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "300c6ea4-4eed-4be5-abfd-ec4ad9b741d3": { "id": "300c6ea4-4eed-4be5-abfd-ec4ad9b741d3", "title": "WordPress Core < 6.0.2 - Stored Cross-Site Scripting via Plugin Deactivation and Deletion Errors", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.38": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.38", "to_inclusive": true }, "3.8 - 3.8.38": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.38", "to_inclusive": true }, "3.9 - 3.9.36": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.36", "to_inclusive": true }, "4.0 - 4.0.35": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.35", "to_inclusive": true }, "4.1 - 4.1.35": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.35", "to_inclusive": true }, "4.2 - 4.2.32": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.32", "to_inclusive": true }, "4.3 - 4.3.28": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.28", "to_inclusive": true }, "4.4 - 4.4.27": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.27", "to_inclusive": true }, "4.5 - 4.5.26": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.26", "to_inclusive": true }, "4.6 - 4.6.23": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.23", "to_inclusive": true }, "4.7 - 4.7.23": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.23", "to_inclusive": true }, "4.8 - 4.8.19": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.19", "to_inclusive": true }, "4.9 - 4.9.20": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.20", "to_inclusive": true }, "5.0 - 5.0.16": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.16", "to_inclusive": true }, "5.1 - 5.1.13": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.13", "to_inclusive": true }, "5.2 - 5.2.15": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.15", "to_inclusive": true }, "5.3 - 5.3.12": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.12", "to_inclusive": true }, "5.4 - 5.4.10": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.10", "to_inclusive": true }, "5.5 - 5.5.9": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.9", "to_inclusive": true }, "5.6 - 5.6.8": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.8", "to_inclusive": true }, "5.7 - 5.7.6": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.6", "to_inclusive": true }, "5.8 - 5.8.4": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.4", "to_inclusive": true }, "5.9 - 5.9.3": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.3", "to_inclusive": true }, "6.0 - 6.0.1": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.39", "3.8.39", "3.9.37", "4.0.36", "4.1.36", "4.2.33", "4.3.29", "4.4.28", "4.5.27", "4.6.24", "4.7.24", "4.8.20", "4.9.21", "5.0.17", "5.1.14", "5.2.16", "5.3.13", "5.4.11", "5.5.10", "5.6.9", "5.7.7", "5.8.5", "5.9.4", "6.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/300c6ea4-4eed-4be5-abfd-ec4ad9b741d3?source=api-scan" ], "published": "2022-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3011b783-e4b4-45d2-81af-2f8d166a30ac": { "id": "3011b783-e4b4-45d2-81af-2f8d166a30ac", "title": "Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3011b783-e4b4-45d2-81af-2f8d166a30ac?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3011befd-c0c6-4800-a370-e592c3ec483f": { "id": "3011befd-c0c6-4800-a370-e592c3ec483f", "title": "Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute", "software": [ { "type": "plugin", "name": "Nova Blocks by Pixelgrade", "slug": "nova-blocks", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3011befd-c0c6-4800-a370-e592c3ec483f?source=api-scan" ], "published": "2024-09-09 20:42:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3011f85c-fa30-4ccf-b067-dba45e491acb": { "id": "3011f85c-fa30-4ccf-b067-dba45e491acb", "title": "WordPress Comments Import & Export <= 2.0.4 - CSV Injection", "software": [ { "type": "plugin", "name": "WordPress Comments Import & Export", "slug": "comments-import-export-woocommerce", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3011f85c-fa30-4ccf-b067-dba45e491acb?source=api-scan" ], "published": "2018-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "301a67a5-226c-413a-9198-66747d1b1fd3": { "id": "301a67a5-226c-413a-9198-66747d1b1fd3", "title": "Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.7.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/301a67a5-226c-413a-9198-66747d1b1fd3?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "301d273e-5cd2-49b8-b2ce-b30731ab4550": { "id": "301d273e-5cd2-49b8-b2ce-b30731ab4550", "title": "Easy Digital Downloads <= 2.11.5 - Admin+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "[*, 2.11.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.11.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/301d273e-5cd2-49b8-b2ce-b30731ab4550?source=api-scan" ], "published": "2022-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "301f455f-1ffe-485a-8473-8a31a0633a5f": { "id": "301f455f-1ffe-485a-8473-8a31a0633a5f", "title": "Dimension (Unknown Versions) - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "theme", "name": "Dimension", "slug": "dimension", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/301f455f-1ffe-485a-8473-8a31a0633a5f?source=api-scan" ], "published": "2013-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30295480-3d20-412f-a7fd-3f18d425fdc0": { "id": "30295480-3d20-412f-a7fd-3f18d425fdc0", "title": "1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "1app Business Forms", "slug": "1app-business-forms", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30295480-3d20-412f-a7fd-3f18d425fdc0?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "303380f7-d043-48d5-8edb-9d45f13d0d82": { "id": "303380f7-d043-48d5-8edb-9d45f13d0d82", "title": "WordPress Core <= 3.3.2 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/303380f7-d043-48d5-8edb-9d45f13d0d82?source=api-scan" ], "published": "2012-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "303bdead-96e4-45f4-8b57-f1cb703bbe16": { "id": "303bdead-96e4-45f4-8b57-f1cb703bbe16", "title": "WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wp-Pro-Quiz", "slug": "wp-pro-quiz", "affected_versions": { "* - 0.37": { "from_version": "*", "from_inclusive": true, "to_version": "0.37", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/303bdead-96e4-45f4-8b57-f1cb703bbe16?source=api-scan" ], "published": "2020-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3041bb06-504c-4de1-8a1a-12041e09400e": { "id": "3041bb06-504c-4de1-8a1a-12041e09400e", "title": "WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Cufon", "slug": "wp-cufon", "affected_versions": { "* - 1.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3041bb06-504c-4de1-8a1a-12041e09400e?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3041e28e-d965-4672-ab10-8b1f3d874f19": { "id": "3041e28e-d965-4672-ab10-8b1f3d874f19", "title": "EasyRotator for WordPress <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EasyRotator for WordPress \u2013 Slider Plugin", "slug": "easyrotator-for-wordpress", "affected_versions": { "* - 1.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3041e28e-d965-4672-ab10-8b1f3d874f19?source=api-scan" ], "published": "2023-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3044dbfc-e12d-47e0-a297-67ff0510eded": { "id": "3044dbfc-e12d-47e0-a297-67ff0510eded", "title": "Verified Reviews (Avis V\u00e9rifi\u00e9s) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Verified Reviews (Avis V\u00e9rifi\u00e9s)", "slug": "netreviews", "affected_versions": { "* - 2.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3044dbfc-e12d-47e0-a297-67ff0510eded?source=api-scan" ], "published": "2023-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30532dc1-5d40-4585-abd2-c08ed0682d72": { "id": "30532dc1-5d40-4585-abd2-c08ed0682d72", "title": "Login by Auth0 <= 3.11.3 - CSV Injection", "software": [ { "type": "plugin", "name": "Login by Auth0", "slug": "auth0", "affected_versions": { "* - 3.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30532dc1-5d40-4585-abd2-c08ed0682d72?source=api-scan" ], "published": "2020-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30579058-54f4-4496-9275-078faf99823f": { "id": "30579058-54f4-4496-9275-078faf99823f", "title": "The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30579058-54f4-4496-9275-078faf99823f?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "305f9e72-3a3f-4b22-8097-f37b1a1ebe1d": { "id": "305f9e72-3a3f-4b22-8097-f37b1a1ebe1d", "title": "BestWebSoft's Like & Share \u2013 Posts, Pages and Widget Social Extension plugin for WordPress < 2.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BestWebSoft's Like & Share \u2013 Posts, Pages and Widget Social Extension plugin for WordPress", "slug": "facebook-button-plugin", "affected_versions": { "[*, 2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/305f9e72-3a3f-4b22-8097-f37b1a1ebe1d?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "305ffc3b-5f1c-42fb-9fd5-0dfcbe1c661b": { "id": "305ffc3b-5f1c-42fb-9fd5-0dfcbe1c661b", "title": "WordPress Core < 4.7.5 - Cross-Site Request Forgery Filesystem Credential Update", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.20": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.20", "to_inclusive": true }, "3.8 - 3.8.20": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.20", "to_inclusive": true }, "3.9 - 3.9.18": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.18", "to_inclusive": true }, "4.0 - 4.0.17": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.17", "to_inclusive": true }, "4.1 - 4.1.17": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.17", "to_inclusive": true }, "4.2 - 4.2.14": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.14", "to_inclusive": true }, "4.3 - 4.3.10": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.10", "to_inclusive": true }, "4.4 - 4.4.9": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true }, "4.5 - 4.5.8": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": true }, "4.6 - 4.6.5": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": true }, "4.7 - 4.7.4": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.21", "3.8.21", "3.9.19", "4.0.18", "4.1.18", "4.2.15", "4.3.11", "4.4.10", "4.5.9", "4.6.6", "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/305ffc3b-5f1c-42fb-9fd5-0dfcbe1c661b?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3060dbda-97f3-410c-863e-ea76a6a018fd": { "id": "3060dbda-97f3-410c-863e-ea76a6a018fd", "title": "Z-Downloads <= 1.11.3 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Z-Downloads", "slug": "z-downloads", "affected_versions": { "* - 1.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3060dbda-97f3-410c-863e-ea76a6a018fd?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "306a9960-7139-4142-a249-4de2b3c4b985": { "id": "306a9960-7139-4142-a249-4de2b3c4b985", "title": "MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "MainWP Article Uploader Extension", "slug": "mainwp-article-uploader-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "MainWP Favorites Extension", "slug": "mainwp-favorites-extension", "affected_versions": { "* - 4.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/306a9960-7139-4142-a249-4de2b3c4b985?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "306b23ee-7dcb-4281-a218-21168998c4b9": { "id": "306b23ee-7dcb-4281-a218-21168998c4b9", "title": "NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/306b23ee-7dcb-4281-a218-21168998c4b9?source=api-scan" ], "published": "2024-05-21 18:36:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "306c98ad-0d42-4ad5-b82a-bf4579865aa9": { "id": "306c98ad-0d42-4ad5-b82a-bf4579865aa9", "title": "QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "QueryWall: Plug'n Play Firewall", "slug": "querywall", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/306c98ad-0d42-4ad5-b82a-bf4579865aa9?source=api-scan" ], "published": "2023-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "306f00e4-9a70-48be-a91e-e396643a8129": { "id": "306f00e4-9a70-48be-a91e-e396643a8129", "title": "IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file'", "software": [ { "type": "plugin", "name": "IMGspider \u2013 \u56fe\u7247\u91c7\u96c6\u6293\u53d6\u63d2\u4ef6", "slug": "imgspider", "affected_versions": { "* - 2.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/306f00e4-9a70-48be-a91e-e396643a8129?source=api-scan" ], "published": "2024-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "306fa8e1-b62f-4514-8463-e696d043f6f5": { "id": "306fa8e1-b62f-4514-8463-e696d043f6f5", "title": "Simple Photo Gallery <= 1.8.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Photo Gallery", "slug": "simple-photo-gallery", "affected_versions": { "[*, 1.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/306fa8e1-b62f-4514-8463-e696d043f6f5?source=api-scan" ], "published": "2016-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "306facf0-b1e4-4ba7-9462-f94af01d628d": { "id": "306facf0-b1e4-4ba7-9462-f94af01d628d", "title": "Download Monitor <= 4.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/306facf0-b1e4-4ba7-9462-f94af01d628d?source=api-scan" ], "published": "2021-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3077b84e-87af-4307-83c5-0e4b15d07ff1": { "id": "3077b84e-87af-4307-83c5-0e4b15d07ff1", "title": "Display custom fields in the frontend \u2013 Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data", "software": [ { "type": "plugin", "name": "Display custom fields in the frontend \u2013 Post and User Profile Fields", "slug": "shortcode-to-display-post-and-user-data", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3077b84e-87af-4307-83c5-0e4b15d07ff1?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "307bbfe6-8a57-461d-aa7d-bce962da4239": { "id": "307bbfe6-8a57-461d-aa7d-bce962da4239", "title": "Vertical scroll recent post <= 14.0 - Cross-Site Request Forgery via vsrp_admin_options", "software": [ { "type": "plugin", "name": "Vertical scroll recent post", "slug": "vertical-scroll-recent-post", "affected_versions": { "* - 14.0": { "from_version": "*", "from_inclusive": true, "to_version": "14.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/307bbfe6-8a57-461d-aa7d-bce962da4239?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "307bfd18-840a-4cb4-86e6-33dc28e5514e": { "id": "307bfd18-840a-4cb4-86e6-33dc28e5514e", "title": "Image Regenerate & Select Crop <= 7.3.0 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Image Regenerate & Select Crop", "slug": "image-regenerate-select-crop", "affected_versions": { "* - 7.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/307bfd18-840a-4cb4-86e6-33dc28e5514e?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "307e3e47-fac8-400d-9b90-b75b39ee14c3": { "id": "307e3e47-fac8-400d-9b90-b75b39ee14c3", "title": "CubeWP \u2013 All-in-One Dynamic Content Framework <= 1.1.15 - Missing Authorization", "software": [ { "type": "plugin", "name": "CubeWP \u2013 All-in-One Dynamic Content Framework", "slug": "cubewp-framework", "affected_versions": { "* - 1.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/307e3e47-fac8-400d-9b90-b75b39ee14c3?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3084c9ab-00aa-4b8e-aa46-bd70b335ec77": { "id": "3084c9ab-00aa-4b8e-aa46-bd70b335ec77", "title": "Leaflet Map <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Leaflet Map", "slug": "leaflet-map", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3084c9ab-00aa-4b8e-aa46-bd70b335ec77?source=api-scan" ], "published": "2023-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30881bed-9a5c-4a7f-9065-f11a1b336892": { "id": "30881bed-9a5c-4a7f-9065-f11a1b336892", "title": "Soledad <= 8.4.5 - Missing Authorization", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30881bed-9a5c-4a7f-9065-f11a1b336892?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "308b4cfa-3d4f-46a1-a6a8-eaa2653b4953": { "id": "308b4cfa-3d4f-46a1-a6a8-eaa2653b4953", "title": "WP SpreadPlugin < 3.8.6.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Spreadplugin", "slug": "wp-spreadplugin", "affected_versions": { "[*, 3.8.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/308b4cfa-3d4f-46a1-a6a8-eaa2653b4953?source=api-scan" ], "published": "2015-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "308c9d72-4739-4fcd-8e04-b24edc19ec06": { "id": "308c9d72-4739-4fcd-8e04-b24edc19ec06", "title": "Related Posts for WordPress <= 4.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Related Posts for WordPress", "slug": "microkids-related-posts", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/308c9d72-4739-4fcd-8e04-b24edc19ec06?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "308f6887-7c1c-4efd-85e2-b71bb6d26dab": { "id": "308f6887-7c1c-4efd-85e2-b71bb6d26dab", "title": "Sp*tify Play Button for WordPress <= 2.07 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sp*tify Play Button for WordPress", "slug": "spotify-play-button-for-wordpress", "affected_versions": { "* - 2.07": { "from_version": "*", "from_inclusive": true, "to_version": "2.07", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.08" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/308f6887-7c1c-4efd-85e2-b71bb6d26dab?source=api-scan" ], "published": "2023-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "309eb1df-728f-404d-a20d-a83a0ab8ed0c": { "id": "309eb1df-728f-404d-a20d-a83a0ab8ed0c", "title": "Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Auto Featured Image (Auto Post Thumbnail)", "slug": "auto-post-thumbnail", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/309eb1df-728f-404d-a20d-a83a0ab8ed0c?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30a1517e-5ea5-47a1-afe8-9543e1ffd199": { "id": "30a1517e-5ea5-47a1-afe8-9543e1ffd199", "title": "012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "012 Ps Multi Languages", "slug": "012-ps-multi-languages", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30a1517e-5ea5-47a1-afe8-9543e1ffd199?source=api-scan" ], "published": "2024-09-25 13:28:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30a79974-ee61-4764-8864-89659b1848a4": { "id": "30a79974-ee61-4764-8864-89659b1848a4", "title": "WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal", "software": [ { "type": "plugin", "name": "WordPress Comments Import & Export", "slug": "comments-import-export-woocommerce", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30a79974-ee61-4764-8864-89659b1848a4?source=api-scan" ], "published": "2024-10-10 19:55:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30aab1af-a78f-4bac-b3c5-30ea854ccef7": { "id": "30aab1af-a78f-4bac-b3c5-30ea854ccef7", "title": "MStore API <= 4.0.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30aab1af-a78f-4bac-b3c5-30ea854ccef7?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30b4b98e-c566-4249-85a4-bfb0b5d5ac5d": { "id": "30b4b98e-c566-4249-85a4-bfb0b5d5ac5d", "title": "Finalist (All Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Finalist", "slug": "finalist", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30b4b98e-c566-4249-85a4-bfb0b5d5ac5d?source=api-scan" ], "published": "2013-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30b6b0bf-e632-4e83-89ee-a424382534da": { "id": "30b6b0bf-e632-4e83-89ee-a424382534da", "title": "Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Filter by WBW", "slug": "woo-product-filter", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30b6b0bf-e632-4e83-89ee-a424382534da?source=api-scan" ], "published": "2021-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30b9c4ca-1744-4907-930b-28ef5494d29c": { "id": "30b9c4ca-1744-4907-930b-28ef5494d29c", "title": "WP Database Backup <= 4.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "[*, 4.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30b9c4ca-1744-4907-930b-28ef5494d29c?source=api-scan" ], "published": "2016-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30c0118c-3dae-4d76-8e9f-ea747d44a788": { "id": "30c0118c-3dae-4d76-8e9f-ea747d44a788", "title": "WPC Smart Wishlist for WooCommerce <= 2.9.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPC Smart Wishlist for WooCommerce", "slug": "woo-smart-wishlist", "affected_versions": { "[*, 2.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30c0118c-3dae-4d76-8e9f-ea747d44a788?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30c34ea7-3df8-4ba8-bea8-4c785b23a4f4": { "id": "30c34ea7-3df8-4ba8-bea8-4c785b23a4f4", "title": "Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jobs for WordPress", "slug": "job-postings", "affected_versions": { "* - 2.5.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30c34ea7-3df8-4ba8-bea8-4c785b23a4f4?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30c9c4b9-6905-4d8a-bc55-5cd6f6201d25": { "id": "30c9c4b9-6905-4d8a-bc55-5cd6f6201d25", "title": "Link Library <= 7.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30c9c4b9-6905-4d8a-bc55-5cd6f6201d25?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30cb1b8c-84ce-4401-9c30-775efb257fe6": { "id": "30cb1b8c-84ce-4401-9c30-775efb257fe6", "title": "Testimonial Slider Shortcode <= 1.1.8 - Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode", "software": [ { "type": "plugin", "name": "Testimonial Slider Shortcode", "slug": "testimonial-slider-shortcode", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30cb1b8c-84ce-4401-9c30-775efb257fe6?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30ce93b4-9e2a-4a8c-8590-ffd61d618d31": { "id": "30ce93b4-9e2a-4a8c-8590-ffd61d618d31", "title": "Instant CSS <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Instant CSS", "slug": "instant-css", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30ce93b4-9e2a-4a8c-8590-ffd61d618d31?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30d127b1-3d8d-4e77-90a8-a24e7b93fe16": { "id": "30d127b1-3d8d-4e77-90a8-a24e7b93fe16", "title": "Himer - Social Questions and Answers <= 2.1.0 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "theme", "name": "Himer - Social Questions and Answers WordPress Theme", "slug": "himer", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30d127b1-3d8d-4e77-90a8-a24e7b93fe16?source=api-scan" ], "published": "2024-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30d592d0-323b-40d8-9f13-22041dbded31": { "id": "30d592d0-323b-40d8-9f13-22041dbded31", "title": "Plugmatter Optin Feature Box < 2.0.14 - SQL Injection", "software": [ { "type": "plugin", "name": "Plugmatter Optin Feature Box", "slug": "plugmatter-optin-feature-box-lite", "affected_versions": { "[*, 2.0.14)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30d592d0-323b-40d8-9f13-22041dbded31?source=api-scan" ], "published": "2015-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30dbc840-e281-405c-82ed-7f92761db8ae": { "id": "30dbc840-e281-405c-82ed-7f92761db8ae", "title": "Save as PDF plugin by Pdfcrowd <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Save as PDF Plugin by Pdfcrowd", "slug": "save-as-pdf-by-pdfcrowd", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30dbc840-e281-405c-82ed-7f92761db8ae?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30dda650-3262-4d22-bec7-b6de3bc25381": { "id": "30dda650-3262-4d22-bec7-b6de3bc25381", "title": "WP-ViperGB <= 1.3.10 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-ViperGB", "slug": "wp-vipergb", "affected_versions": { "* - 1.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30dda650-3262-4d22-bec7-b6de3bc25381?source=api-scan" ], "published": "2014-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30e0289c-b893-41bd-aad9-d7ec62bf2b23": { "id": "30e0289c-b893-41bd-aad9-d7ec62bf2b23", "title": "The Events Calendar <= 6.3.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30e0289c-b893-41bd-aad9-d7ec62bf2b23?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30e89955-9f2b-42e4-a7cf-558edd2e736c": { "id": "30e89955-9f2b-42e4-a7cf-558edd2e736c", "title": "Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stylish Cost Calculator \u2013 Quote Generator, Lead Gen & Price Estimator", "slug": "stylish-cost-calculator", "affected_versions": { "* - 7.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30e89955-9f2b-42e4-a7cf-558edd2e736c?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30ea46c1-bb29-49b8-b161-e61f13167ff4": { "id": "30ea46c1-bb29-49b8-b161-e61f13167ff4", "title": "Gallery From Files <= 1.60 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Gallery from files", "slug": "gallery-from-files", "affected_versions": { "* - 1.60": { "from_version": "*", "from_inclusive": true, "to_version": "1.60", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30ea46c1-bb29-49b8-b161-e61f13167ff4?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30eab93e-0196-4f2e-9e63-a2c293819850": { "id": "30eab93e-0196-4f2e-9e63-a2c293819850", "title": "Ovic Importer <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Ovic Importer", "slug": "ovic-import-demo", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30eab93e-0196-4f2e-9e63-a2c293819850?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30eda147-f02a-4b3c-a51c-665aa4c75c93": { "id": "30eda147-f02a-4b3c-a51c-665aa4c75c93", "title": "Count per Day <= 3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30eda147-f02a-4b3c-a51c-665aa4c75c93?source=api-scan" ], "published": "2015-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30edc2a1-f3fe-488d-a525-f0ae3482d8a8": { "id": "30edc2a1-f3fe-488d-a525-f0ae3482d8a8", "title": "Pretty Link Lite < 1.5.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pretty Link Lite", "slug": "pretty-link-lite", "affected_versions": { "[*, 1.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30edc2a1-f3fe-488d-a525-f0ae3482d8a8?source=api-scan" ], "published": "2011-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30f3a208-ffe0-4d87-9c76-91451f7a1591": { "id": "30f3a208-ffe0-4d87-9c76-91451f7a1591", "title": "DSGVO All in one for WP <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DSGVO All in one for WP", "slug": "dsgvo-all-in-one-for-wp", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30f3a208-ffe0-4d87-9c76-91451f7a1591?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30f7a858-6caf-44c3-8fc9-476e9fa86543": { "id": "30f7a858-6caf-44c3-8fc9-476e9fa86543", "title": "Bitcoin \/ Altcoin Faucet <= 1.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bitcoin \/ Altcoin Faucet", "slug": "bitcoin-faucet", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30f7a858-6caf-44c3-8fc9-476e9fa86543?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30f8419c-c7b9-4c68-a845-26c0308d76f3": { "id": "30f8419c-c7b9-4c68-a845-26c0308d76f3", "title": "Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress 1.4.0 to 1.4.6.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress", "slug": "burst-statistics", "affected_versions": { "1.4.0 - 1.4.6.1": { "from_version": "1.4.0", "from_inclusive": true, "to_version": "1.4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Burst Statistics Pro", "slug": "burst-pro", "affected_versions": { "1.4.0 - 1.5.0": { "from_version": "1.4.0", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30f8419c-c7b9-4c68-a845-26c0308d76f3?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "30fd2425-ee48-4777-91c1-03906d63793a": { "id": "30fd2425-ee48-4777-91c1-03906d63793a", "title": "Metform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/30fd2425-ee48-4777-91c1-03906d63793a?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31058d2e-9c23-4057-89a4-5847b6012330": { "id": "31058d2e-9c23-4057-89a4-5847b6012330", "title": "TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TinyMCE Custom Styles", "slug": "tinymce-custom-styles", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31058d2e-9c23-4057-89a4-5847b6012330?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3107fe1e-f997-4d13-9ecb-7fe9ff5a9c55": { "id": "3107fe1e-f997-4d13-9ecb-7fe9ff5a9c55", "title": "Viala <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Viala", "slug": "viala", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3107fe1e-f997-4d13-9ecb-7fe9ff5a9c55?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "310afe02-3a51-4633-b359-65ae58d0c032": { "id": "310afe02-3a51-4633-b359-65ae58d0c032", "title": "Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales", "slug": "woo-thank-you-page-customizer", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/310afe02-3a51-4633-b359-65ae58d0c032?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "310b8622-8cc5-4fdb-8f83-b541aad136ee": { "id": "310b8622-8cc5-4fdb-8f83-b541aad136ee", "title": "Web and WooCommerce Addons for WPBakery Builder <= 1.4.7 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Web and WooCommerce Addons for WPBakery Builder", "slug": "vc-addons-by-bit14", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/310b8622-8cc5-4fdb-8f83-b541aad136ee?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "310d9b83-6511-46be-aead-a0aa067d2c2f": { "id": "310d9b83-6511-46be-aead-a0aa067d2c2f", "title": "Prostore < 1.1.3 - Open Redirect", "software": [ { "type": "theme", "name": "ProStore - Modern Magazine WordPress Theme | Blog \/ Magazine", "slug": "prostore", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/310d9b83-6511-46be-aead-a0aa067d2c2f?source=api-scan" ], "published": "2014-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3111d016-e414-44df-925a-84010316c4ff": { "id": "3111d016-e414-44df-925a-84010316c4ff", "title": "Essential Blocks for Gutenberg <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3111d016-e414-44df-925a-84010316c4ff?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3115e8ad-8e68-41e9-a3a0-5f003d921037": { "id": "3115e8ad-8e68-41e9-a3a0-5f003d921037", "title": "CoDesigner WooCommerce Builder for Elementor \u2013 Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "CoDesigner \u2013 All in One Elementor WooCommerce Builder", "slug": "woolementor", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3115e8ad-8e68-41e9-a3a0-5f003d921037?source=api-scan" ], "published": "2024-06-11 15:24:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31173691-28fb-46fd-a7da-28bf9c46e2bc": { "id": "31173691-28fb-46fd-a7da-28bf9c46e2bc", "title": "LiteSpeed Cache <= 6.4.1 - Unauthenticated Sensitive Information Exposure via Log Files", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 6.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31173691-28fb-46fd-a7da-28bf9c46e2bc?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31196bdf-2ddd-49ea-840d-8fd78611629e": { "id": "31196bdf-2ddd-49ea-840d-8fd78611629e", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31196bdf-2ddd-49ea-840d-8fd78611629e?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "312a6601-c914-4661-82ff-6f8bac849442": { "id": "312a6601-c914-4661-82ff-6f8bac849442", "title": "Woo Inquiry <= 0.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Woo Inquiry", "slug": "woo-inquiry", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/312a6601-c914-4661-82ff-6f8bac849442?source=api-scan" ], "published": "2024-08-20 17:18:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "312bb534-2a40-42f1-9a3e-8b1395e1e199": { "id": "312bb534-2a40-42f1-9a3e-8b1395e1e199", "title": "WP Image Zoom <= 1.23 - Cross-Site Request Forgery to Denial of Service", "software": [ { "type": "plugin", "name": "WP Image Zoom", "slug": "wp-image-zoooom", "affected_versions": { "* - 1.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/312bb534-2a40-42f1-9a3e-8b1395e1e199?source=api-scan" ], "published": "2018-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3131eeeb-593d-443e-8641-7470bd1e556b": { "id": "3131eeeb-593d-443e-8641-7470bd1e556b", "title": "Hermit \u97f3\u4e50\u64ad\u653e\u5668 <= 3.1.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Hermit \u97f3\u4e50\u64ad\u653e\u5668", "slug": "hermit", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3131eeeb-593d-443e-8641-7470bd1e556b?source=api-scan" ], "published": "2022-04-28 12:22:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3137db18-6032-4ba5-9790-c1a7a95072b4": { "id": "3137db18-6032-4ba5-9790-c1a7a95072b4", "title": "Polls CP < 1.0.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Polls CP", "slug": "cp-polls", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3137db18-6032-4ba5-9790-c1a7a95072b4?source=api-scan" ], "published": "2015-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "313af4a0-f32b-443f-a976-e06499d3c94b": { "id": "313af4a0-f32b-443f-a976-e06499d3c94b", "title": "WP-CRM \u2013 Customer Relations Management for WordPress <= 1.2.1 - CSV injection", "software": [ { "type": "plugin", "name": "WP-CRM \u2013 Customer Relations Management for WordPress", "slug": "wp-crm", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/313af4a0-f32b-443f-a976-e06499d3c94b?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31418a45-7dae-4cd4-8f85-0498a285ef6d": { "id": "31418a45-7dae-4cd4-8f85-0498a285ef6d", "title": "Wp Ultimate Review <= 2.3.4 - IP Spoofing", "software": [ { "type": "plugin", "name": "WP Ultimate Review", "slug": "wp-ultimate-review", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31418a45-7dae-4cd4-8f85-0498a285ef6d?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "314520d5-bd9d-46c1-b903-5e5cb3bb3417": { "id": "314520d5-bd9d-46c1-b903-5e5cb3bb3417", "title": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload", "software": [ { "type": "plugin", "name": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress", "slug": "file-manager", "affected_versions": { "* - 6.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/314520d5-bd9d-46c1-b903-5e5cb3bb3417?source=api-scan" ], "published": "2024-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31496229-bf54-466c-a87b-cc32e65500a4": { "id": "31496229-bf54-466c-a87b-cc32e65500a4", "title": "WP Database Backup <= 5.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "* - 5.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31496229-bf54-466c-a87b-cc32e65500a4?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "314d3e0c-ba29-4795-a646-40e0acfc3405": { "id": "314d3e0c-ba29-4795-a646-40e0acfc3405", "title": "Clone <= 2.3.7 - Cross-Site Request Forgery via wp_ajax_tifm_save_decision", "software": [ { "type": "plugin", "name": "Clone", "slug": "wp-clone-by-wp-academy", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/314d3e0c-ba29-4795-a646-40e0acfc3405?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31513f9e-6185-425b-9e7e-36f21f72d0a2": { "id": "31513f9e-6185-425b-9e7e-36f21f72d0a2", "title": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31513f9e-6185-425b-9e7e-36f21f72d0a2?source=api-scan" ], "published": "2024-08-12 14:17:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3152208e-e4f7-4f48-b6a1-05a656d9c826": { "id": "3152208e-e4f7-4f48-b6a1-05a656d9c826", "title": "Peach Payments Gateway <= 3.1.9 - Missing Authorization via peach_core_version_rollback()", "software": [ { "type": "plugin", "name": "Peach Payments Gateway", "slug": "wc-peach-payments-gateway", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3152208e-e4f7-4f48-b6a1-05a656d9c826?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31522e54-f260-46d0-8d57-2d46af7d3450": { "id": "31522e54-f260-46d0-8d57-2d46af7d3450", "title": "Bitly's WordPress Plugin <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Bitly's WordPress Plugin", "slug": "wp-bitly", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31522e54-f260-46d0-8d57-2d46af7d3450?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3155f8ba-b50e-490c-81bd-4a63142f164b": { "id": "3155f8ba-b50e-490c-81bd-4a63142f164b", "title": "wpForo Forum < 1.4.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "[*, 1.4.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3155f8ba-b50e-490c-81bd-4a63142f164b?source=api-scan" ], "published": "2018-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "315687d4-9125-440b-9d53-81d71e56d4ef": { "id": "315687d4-9125-440b-9d53-81d71e56d4ef", "title": "Elastik Page Builder <= 0.27.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Elastik Page Builder", "slug": "elastik-page-builder", "affected_versions": { "* - 0.27.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.27.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/315687d4-9125-440b-9d53-81d71e56d4ef?source=api-scan" ], "published": "2024-09-30 19:24:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31579f6d-9a89-45e3-adfb-d59823a83c07": { "id": "31579f6d-9a89-45e3-adfb-d59823a83c07", "title": "Photo Gallery by 10Web <= 1.5.45 - Multiple Cross-Site Scripting Issues", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.5.45": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31579f6d-9a89-45e3-adfb-d59823a83c07?source=api-scan" ], "published": "2020-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "315dbb77-d872-4cc4-bb4c-9d4763a6ff8f": { "id": "315dbb77-d872-4cc4-bb4c-9d4763a6ff8f", "title": "LWS Tools <= 2.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LWS Tools", "slug": "lws-tools", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/315dbb77-d872-4cc4-bb4c-9d4763a6ff8f?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31612b4b-a75f-4fa4-831b-43f62a8d5fad": { "id": "31612b4b-a75f-4fa4-831b-43f62a8d5fad", "title": "Database Collation Fix <= 1.2.7 - Cross-Site Request Forgery via admin_page", "software": [ { "type": "plugin", "name": "Database Collation Fix", "slug": "database-collation-fix", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31612b4b-a75f-4fa4-831b-43f62a8d5fad?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3164b96f-d876-4cbc-bddf-51e9d9becee6": { "id": "3164b96f-d876-4cbc-bddf-51e9d9becee6", "title": "SKT Page Builder <= 4.1 - Missing Authorization to Authenticated(Subscriber+) Content Injection", "software": [ { "type": "plugin", "name": "SKT Page Builder", "slug": "skt-builder", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3164b96f-d876-4cbc-bddf-51e9d9becee6?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3166549e-b52e-41e8-8b5c-1a1a0558c858": { "id": "3166549e-b52e-41e8-8b5c-1a1a0558c858", "title": "BuddyPress <= 7.2.1 - Insufficient Privilege De-escalation", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3166549e-b52e-41e8-8b5c-1a1a0558c858?source=api-scan" ], "published": "2021-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "316a1ca9-e5fd-463f-ba1e-32589740270a": { "id": "316a1ca9-e5fd-463f-ba1e-32589740270a", "title": "HT Mega <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/316a1ca9-e5fd-463f-ba1e-32589740270a?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "316ffb37-47fe-47c4-8a81-5794fa12ce33": { "id": "316ffb37-47fe-47c4-8a81-5794fa12ce33", "title": "Salient Core <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "salient-core", "slug": "salient-core", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/316ffb37-47fe-47c4-8a81-5794fa12ce33?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "317b1bac-cd9c-4eac-b42b-d7719ecd135c": { "id": "317b1bac-cd9c-4eac-b42b-d7719ecd135c", "title": "eRoom \u2013 Zoom Meetings & Webinar <= 1.3.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "eRoom \u2013 Zoom Meetings & Webinars", "slug": "eroom-zoom-meetings-webinar", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/317b1bac-cd9c-4eac-b42b-d7719ecd135c?source=api-scan" ], "published": "2022-04-11 18:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "317b2035-e5c7-47a9-a76c-11157127b6c2": { "id": "317b2035-e5c7-47a9-a76c-11157127b6c2", "title": "PDF Viewer & 3D PDF Flipbook \u2013 DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Viewer & 3D PDF Flipbook \u2013 DearPDF", "slug": "dearpdf-lite", "affected_versions": { "* - 2.0.38": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.38", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/317b2035-e5c7-47a9-a76c-11157127b6c2?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3184c304-52d3-4baa-b3c2-90957e1d8e79": { "id": "3184c304-52d3-4baa-b3c2-90957e1d8e79", "title": "Contest Gallery \u2013 Photo Contest Plugin for WordPress <= 13.1.0.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 13.1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3184c304-52d3-4baa-b3c2-90957e1d8e79?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "319e9662-e010-469d-bf04-ee5895077db6": { "id": "319e9662-e010-469d-bf04-ee5895077db6", "title": "Social Sharing Toolkit <= 2.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Sharing Toolkit", "slug": "social-sharing-toolkit", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/319e9662-e010-469d-bf04-ee5895077db6?source=api-scan" ], "published": "2013-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31a04983-a1d9-49b3-9f1f-06fb3480531b": { "id": "31a04983-a1d9-49b3-9f1f-06fb3480531b", "title": "Brickscore <= 1.4.2.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brickscore", "slug": "brickscore", "affected_versions": { "* - 1.4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31a04983-a1d9-49b3-9f1f-06fb3480531b?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31a145d5-3c0c-436f-a1ee-afff14ef2140": { "id": "31a145d5-3c0c-436f-a1ee-afff14ef2140", "title": "Art Direction <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Art Direction", "slug": "art-direction", "affected_versions": { "* - 0.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31a145d5-3c0c-436f-a1ee-afff14ef2140?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31a3a3c1-be0e-46d5-9fa3-563febc5569b": { "id": "31a3a3c1-be0e-46d5-9fa3-563febc5569b", "title": "Mail Bank - #1 Mail SMTP Plugin for WordPress <= 4.0.14 - Missing Authorization", "software": [ { "type": "plugin", "name": "Mail Bank \u2013 #1 Mail SMTP Plugin for WordPress", "slug": "wp-mail-bank", "affected_versions": { "* - 4.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31a3a3c1-be0e-46d5-9fa3-563febc5569b?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31a54705-99e8-4e41-bf57-9365ab387228": { "id": "31a54705-99e8-4e41-bf57-9365ab387228", "title": "Everest Backup <= 2.1.9 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin", "slug": "everest-backup", "affected_versions": { "[*, 2.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31a54705-99e8-4e41-bf57-9365ab387228?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31a66e30-972b-4a7b-9d47-ad7abd574e36": { "id": "31a66e30-972b-4a7b-9d47-ad7abd574e36", "title": "Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification", "software": [ { "type": "plugin", "name": "Image Watermark", "slug": "image-watermark", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31a66e30-972b-4a7b-9d47-ad7abd574e36?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31a82837-f8da-44bf-81f6-af0d9c9a6e4c": { "id": "31a82837-f8da-44bf-81f6-af0d9c9a6e4c", "title": "PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "PDF Builder for WPForms", "slug": "pdf-builder-for-wpforms", "affected_versions": { "* - 1.2.116": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.116", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.117" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31a82837-f8da-44bf-81f6-af0d9c9a6e4c?source=api-scan" ], "published": "2024-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31aa4f8b-954c-410e-9f18-c1e62dd9850b": { "id": "31aa4f8b-954c-410e-9f18-c1e62dd9850b", "title": "Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.24 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", "slug": "mailin", "affected_versions": { "[*, 3.1.25)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31aa4f8b-954c-410e-9f18-c1e62dd9850b?source=api-scan" ], "published": "2021-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31b52500-c53c-4606-b57c-cd14bb66afa9": { "id": "31b52500-c53c-4606-b57c-cd14bb66afa9", "title": "JobCareer <= 3.4 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobCareer | Job Board Responsive WordPress Theme", "slug": "jobcareer", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31b52500-c53c-4606-b57c-cd14bb66afa9?source=api-scan" ], "published": "2020-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31bcc1e1-08b6-4bbc-a28c-9c2d8feea819": { "id": "31bcc1e1-08b6-4bbc-a28c-9c2d8feea819", "title": "Personal Dictionary <= 1.3.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Personal Dictionary \u2013 Vocabulary Games, Memory Games", "slug": "personal-dictionary", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31bcc1e1-08b6-4bbc-a28c-9c2d8feea819?source=api-scan" ], "published": "2022-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31c080b8-ba00-4e96-8961-2a1c3a017004": { "id": "31c080b8-ba00-4e96-8961-2a1c3a017004", "title": "WPForms Pro 1.8.4 - 1.8.5.3 - Unauthenticated Stored Cross-Site Scripting via Form Submission", "software": [ { "type": "plugin", "name": "WPForms Pro", "slug": "wpforms", "affected_versions": { "1.8.4 - 1.8.5.3": { "from_version": "1.8.4", "from_inclusive": true, "to_version": "1.8.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31c080b8-ba00-4e96-8961-2a1c3a017004?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31c5e524-ef4d-48c7-baa0-595f8060a167": { "id": "31c5e524-ef4d-48c7-baa0-595f8060a167", "title": "BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31c5e524-ef4d-48c7-baa0-595f8060a167?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31c6e07a-3a3a-4295-a86d-79b4ca1a331e": { "id": "31c6e07a-3a3a-4295-a86d-79b4ca1a331e", "title": "Newspaper < 9.2.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "[*, 9.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "9.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31c6e07a-3a3a-4295-a86d-79b4ca1a331e?source=api-scan" ], "published": "2019-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31ca2de5-d63c-4ff8-9963-b96213d17cd0": { "id": "31ca2de5-d63c-4ff8-9963-b96213d17cd0", "title": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more < 3.4 - SQL Injection", "software": [ { "type": "plugin", "name": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more", "slug": "joomsport-sports-league-results-management", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31ca2de5-d63c-4ff8-9963-b96213d17cd0?source=api-scan" ], "published": "2019-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31cb7a9d-8965-49cd-b1fb-0d141038a0e1": { "id": "31cb7a9d-8965-49cd-b1fb-0d141038a0e1", "title": "SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.70": { "from_version": "*", "from_inclusive": true, "to_version": "4.70", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31cb7a9d-8965-49cd-b1fb-0d141038a0e1?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31cc30c7-262d-4582-8976-fc8095bdca5f": { "id": "31cc30c7-262d-4582-8976-fc8095bdca5f", "title": "Square Thumbnails <= 1.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Square Thumbnails", "slug": "square-thumbnails", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31cc30c7-262d-4582-8976-fc8095bdca5f?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31d2ccd2-d38b-4bdf-a905-a2b54ca80a58": { "id": "31d2ccd2-d38b-4bdf-a905-a2b54ca80a58", "title": "Hide My Site <= 2.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Hide My Site", "slug": "hide-my-site", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31d2ccd2-d38b-4bdf-a905-a2b54ca80a58?source=api-scan" ], "published": "2024-08-20 17:27:27", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31d6288d-87f0-4822-b3f4-541f70cf99fd": { "id": "31d6288d-87f0-4822-b3f4-541f70cf99fd", "title": "flowpaper <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "flowpaper", "slug": "flowpaper-lite-pdf-flipbook", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31d6288d-87f0-4822-b3f4-541f70cf99fd?source=api-scan" ], "published": "2023-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31d7c673-b625-4862-bc03-378ad663467c": { "id": "31d7c673-b625-4862-bc03-378ad663467c", "title": "Mobile App Builder by WapPress <= 1.05 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Mobile App Builder by WapPress", "slug": "mobile-app-builder-by-wappress", "affected_versions": { "* - 1.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.05", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31d7c673-b625-4862-bc03-378ad663467c?source=api-scan" ], "published": "2017-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31db39a3-1b0b-4fdf-bef1-72308e38c9ff": { "id": "31db39a3-1b0b-4fdf-bef1-72308e38c9ff", "title": "UpdraftPlus <= 1.9.63 and UpdraftPlus (paid) <= 2.9.63 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "[*, 1.9.64)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.64", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.64" ] }, { "type": "plugin", "name": "UpdraftPlus WordPress Backup Plugin (Premium)", "slug": "updraftplus-pro", "affected_versions": { "[*, 2.9.64)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.64", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31db39a3-1b0b-4fdf-bef1-72308e38c9ff?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31dcf302-9334-476c-a0e2-d8a31bcbbe5d": { "id": "31dcf302-9334-476c-a0e2-d8a31bcbbe5d", "title": "Simple Calendar \u2013 Google Calendar Plugin < 2.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Calendar \u2013 Google Calendar Plugin", "slug": "google-calendar-events", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31dcf302-9334-476c-a0e2-d8a31bcbbe5d?source=api-scan" ], "published": "2014-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31de3c9b-068d-47d8-9811-feae07f2e9d0": { "id": "31de3c9b-068d-47d8-9811-feae07f2e9d0", "title": "WP User Frontend <= 3.6.5 - Authenticated (Author+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "* - 3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31de3c9b-068d-47d8-9811-feae07f2e9d0?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31dfc46c-a673-41f1-b701-aa832f004ebc": { "id": "31dfc46c-a673-41f1-b701-aa832f004ebc", "title": "Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication", "software": [ { "type": "plugin", "name": "Themify Builder", "slug": "themify-builder", "affected_versions": { "* - 7.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31dfc46c-a673-41f1-b701-aa832f004ebc?source=api-scan" ], "published": "2024-08-21 12:05:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31dff395-c3ce-4ebe-8d38-5243fc4510d6": { "id": "31dff395-c3ce-4ebe-8d38-5243fc4510d6", "title": "ImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page\/Post Deletion via imgmap_delete_area_ajax", "software": [ { "type": "plugin", "name": "ImageMapper", "slug": "imagemapper", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31dff395-c3ce-4ebe-8d38-5243fc4510d6?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31e11aff-056f-47c4-b5d1-c67af350585d": { "id": "31e11aff-056f-47c4-b5d1-c67af350585d", "title": "Fixed HTML Toolbar <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fixed HTML Toolbar", "slug": "fixed-html-toolbar", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31e11aff-056f-47c4-b5d1-c67af350585d?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31e5e799-17cf-41a9-aa99-b29dec529579": { "id": "31e5e799-17cf-41a9-aa99-b29dec529579", "title": "Enter Addons <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enter Addons \u2013 Ultimate Template Builder for Elementor", "slug": "enteraddons", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31e5e799-17cf-41a9-aa99-b29dec529579?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31eb7dd4-3bd1-41e8-875a-e40a7f16296d": { "id": "31eb7dd4-3bd1-41e8-875a-e40a7f16296d", "title": "Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to", "software": [ { "type": "plugin", "name": "Post views Stats", "slug": "post-views-stats", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31eb7dd4-3bd1-41e8-875a-e40a7f16296d?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31ed0d2a-94bc-4526-9d21-6f2f544696d2": { "id": "31ed0d2a-94bc-4526-9d21-6f2f544696d2", "title": "Message Filter for Contact Form 7 <= 1.6.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Message Filter for Contact Form 7", "slug": "cf7-message-filter", "affected_versions": { "* - 1.6.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31ed0d2a-94bc-4526-9d21-6f2f544696d2?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31f13524-2bd7-4157-b378-455ac4f822a1": { "id": "31f13524-2bd7-4157-b378-455ac4f822a1", "title": "WordPress Access Control <= 4.0.13 - Improper Access Control to Sensitive Information Exposure via REST API", "software": [ { "type": "plugin", "name": "WordPress Access Control", "slug": "wordpress-access-control", "affected_versions": { "* - 4.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31f13524-2bd7-4157-b378-455ac4f822a1?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31f4bad5-3a11-42c6-a336-6bd178ab5113": { "id": "31f4bad5-3a11-42c6-a336-6bd178ab5113", "title": "Branda \u2013 White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Branda \u2013 White Label & Branding, Custom Login Page Customizer", "slug": "branda-white-labeling", "affected_versions": { "* - 3.4.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31f4bad5-3a11-42c6-a336-6bd178ab5113?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31f6032a-19f8-463b-9642-cba205069a22": { "id": "31f6032a-19f8-463b-9642-cba205069a22", "title": "Simple Job Board <= 2.9.3 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31f6032a-19f8-463b-9642-cba205069a22?source=api-scan" ], "published": "2022-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31f6ee4e-2106-42c8-8d52-0ce8e415c55f": { "id": "31f6ee4e-2106-42c8-8d52-0ce8e415c55f", "title": "Heureka <= 1.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Heureka", "slug": "heureka", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31f6ee4e-2106-42c8-8d52-0ce8e415c55f?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31f72c5b-a99b-48a1-959b-9718b33139b4": { "id": "31f72c5b-a99b-48a1-959b-9718b33139b4", "title": "WPB Show Core <= 2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPB Show Core", "slug": "wpb-show-core", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31f72c5b-a99b-48a1-959b-9718b33139b4?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31f7ae51-2fb2-4311-bc78-7198d6e6b623": { "id": "31f7ae51-2fb2-4311-bc78-7198d6e6b623", "title": "WPKoi Templates for Elementor <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading Widget", "software": [ { "type": "plugin", "name": "WPKoi Templates for Elementor", "slug": "wpkoi-templates-for-elementor", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31f7ae51-2fb2-4311-bc78-7198d6e6b623?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31f7dc1e-2008-4672-85ba-56fa35f4f0e1": { "id": "31f7dc1e-2008-4672-85ba-56fa35f4f0e1", "title": "WP SMS <= 6.5.2 - Reflected Cross-Site Scripting via 'page'", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31f7dc1e-2008-4672-85ba-56fa35f4f0e1?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31f8bd62-32de-468c-9bed-e03374cb595c": { "id": "31f8bd62-32de-468c-9bed-e03374cb595c", "title": "EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 4.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31f8bd62-32de-468c-9bed-e03374cb595c?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "31ff5e93-ed21-4c7b-a46e-3ca003b1f9d6": { "id": "31ff5e93-ed21-4c7b-a46e-3ca003b1f9d6", "title": "WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Customer Search", "software": [ { "type": "plugin", "name": "WP eStore", "slug": "wp-cart-for-digital-products", "affected_versions": { "* - 8.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/31ff5e93-ed21-4c7b-a46e-3ca003b1f9d6?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3208426a-379d-46b9-a9e7-654604169929": { "id": "3208426a-379d-46b9-a9e7-654604169929", "title": "Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets", "software": [ { "type": "plugin", "name": "Custom Dashboard Widgets", "slug": "custom-dashboard-widgets", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3208426a-379d-46b9-a9e7-654604169929?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "320c0c1d-9d1b-43d7-aca5-2104b2a63e8f": { "id": "320c0c1d-9d1b-43d7-aca5-2104b2a63e8f", "title": "Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Kraken.io Image Optimizer", "slug": "kraken-image-optimizer", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/320c0c1d-9d1b-43d7-aca5-2104b2a63e8f?source=api-scan" ], "published": "2022-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "320f4260-20c2-4f27-91ba-d2488b417f62": { "id": "320f4260-20c2-4f27-91ba-d2488b417f62", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.89": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/320f4260-20c2-4f27-91ba-d2488b417f62?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32173d38-7f85-4e0c-9b4c-38bee2783d77": { "id": "32173d38-7f85-4e0c-9b4c-38bee2783d77", "title": "Quiz And Survey Master <= 8.1.15 - Cross-Site Request Forgery via 'display_results'", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "[*, 8.1.15)": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32173d38-7f85-4e0c-9b4c-38bee2783d77?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32179cca-2253-49c7-89f7-aa48bcfad716": { "id": "32179cca-2253-49c7-89f7-aa48bcfad716", "title": "ExportFeed <= 2.0.1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "ExportFeed: List WooCommerce Products on eBay Store", "slug": "exportfeed-list-woocommerce-products-on-ebay-store", "affected_versions": { "* - 2.0.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32179cca-2253-49c7-89f7-aa48bcfad716?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32192878-930a-4947-a38f-ec395c17e515": { "id": "32192878-930a-4947-a38f-ec395c17e515", "title": "Ocean Extra <= 2.1.2 - Authenticated (Subscriber+) Arbitrary Post Access", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32192878-930a-4947-a38f-ec395c17e515?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "321b2b0d-8169-4e80-b86f-2ae29d9b8b7d": { "id": "321b2b0d-8169-4e80-b86f-2ae29d9b8b7d", "title": "Basic Interactive World Map <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Basic Interactive World Map", "slug": "basic-interactive-world-map", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/321b2b0d-8169-4e80-b86f-2ae29d9b8b7d?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "321bfc32-a08d-46ea-98c8-c7be10905307": { "id": "321bfc32-a08d-46ea-98c8-c7be10905307", "title": "Web en Mantenimiento <= 1.0.6 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Web en Mantenimiento", "slug": "web-en-mantenimiento", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/321bfc32-a08d-46ea-98c8-c7be10905307?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "321d0121-5cc9-4736-89b0-228e45b48b48": { "id": "321d0121-5cc9-4736-89b0-228e45b48b48", "title": "Welcart e-Commerce < 1.8.3 - Object Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 1.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/321d0121-5cc9-4736-89b0-228e45b48b48?source=api-scan" ], "published": "2016-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32237c21-2fec-4228-8264-e9f3f1a70060": { "id": "32237c21-2fec-4228-8264-e9f3f1a70060", "title": "Smart SEO Tool <= 3.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6", "slug": "smart-seo-tool", "affected_versions": { "[*, 3.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32237c21-2fec-4228-8264-e9f3f1a70060?source=api-scan" ], "published": "2021-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32253923-ffec-4312-bcdf-06c5aed77d30": { "id": "32253923-ffec-4312-bcdf-06c5aed77d30", "title": "Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field", "software": [ { "type": "theme", "name": "College", "slug": "college", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] }, { "type": "theme", "name": "Anfaust", "slug": "anfaust", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Brain Power", "slug": "brain-power", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "BunnyPressLite", "slug": "bunnypresslite", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] }, { "type": "theme", "name": "Bazaar Lite", "slug": "bazaar-lite", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] }, { "type": "theme", "name": "Cafe Bistro", "slug": "cafe-bistro", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "theme", "name": "Arendelle", "slug": "arendelle", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "theme", "name": "Anand", "slug": "anand", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Atlast Business", "slug": "atlast-business", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Aapna", "slug": "aapna", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32272237-43c1-4b77-b586-9fad4af279e4": { "id": "32272237-43c1-4b77-b586-9fad4af279e4", "title": "Yoast Duplicate Post <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast Duplicate Post", "slug": "duplicate-post", "affected_versions": { "[*, 3.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32272237-43c1-4b77-b586-9fad4af279e4?source=api-scan" ], "published": "2019-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32346090-ef3e-4a42-b7e2-7f3b7a9221e0": { "id": "32346090-ef3e-4a42-b7e2-7f3b7a9221e0", "title": "WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "WP DSGVO Tools (GDPR)", "slug": "shapepress-dsgvo", "affected_versions": { "* - 3.1.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32346090-ef3e-4a42-b7e2-7f3b7a9221e0?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32348f79-232f-42e6-bbea-aba6203d9f26": { "id": "32348f79-232f-42e6-bbea-aba6203d9f26", "title": "Webpushr <= 4.35.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Web Push Notifications \u2013 Webpushr", "slug": "webpushr-web-push-notifications", "affected_versions": { "* - 4.35.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.35.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.36.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32348f79-232f-42e6-bbea-aba6203d9f26?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3235ecfb-8aac-4e0c-b11e-77727c362194": { "id": "3235ecfb-8aac-4e0c-b11e-77727c362194", "title": "Sponsors <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sponsors", "slug": "wp-sponsors", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3235ecfb-8aac-4e0c-b11e-77727c362194?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32385e77-9629-4aa2-8f1e-9804809fcea3": { "id": "32385e77-9629-4aa2-8f1e-9804809fcea3", "title": "All In One WP Security & Firewall <= 3.9.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 3.9.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32385e77-9629-4aa2-8f1e-9804809fcea3?source=api-scan" ], "published": "2015-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32419c04-bd10-431a-b87c-1975dacc2e01": { "id": "32419c04-bd10-431a-b87c-1975dacc2e01", "title": "PDF24 Article To PDF <= 4.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PDF24 Article To PDF", "slug": "pdf24-post-to-pdf", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32419c04-bd10-431a-b87c-1975dacc2e01?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32483206-7d8f-4b9e-ab44-967a4b7145b4": { "id": "32483206-7d8f-4b9e-ab44-967a4b7145b4", "title": "Delicious Recipes \u2013 WordPress Recipe Plugin <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes)", "slug": "delicious-recipes", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32483206-7d8f-4b9e-ab44-967a4b7145b4?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "324a51af-587e-4831-a48e-13bbd5038fc7": { "id": "324a51af-587e-4831-a48e-13bbd5038fc7", "title": "SportsPress <= 2.7.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SportsPress \u2013 Sports Club & League Manager", "slug": "sportspress", "affected_versions": { "* - 2.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/324a51af-587e-4831-a48e-13bbd5038fc7?source=api-scan" ], "published": "2021-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "324fc401-04ca-4707-8727-b8c3a66f7fd6": { "id": "324fc401-04ca-4707-8727-b8c3a66f7fd6", "title": "Tutor LMS \u2013 eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/324fc401-04ca-4707-8727-b8c3a66f7fd6?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "324fcf1b-a811-4750-bf48-87cb6570d51a": { "id": "324fcf1b-a811-4750-bf48-87cb6570d51a", "title": "\u5fae\u4fe1\u7fa4\u53d1\u52a9\u624b-Wechat Broadcast <= 1.2.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "\u5fae\u4fe1\u7fa4\u53d1\u52a9\u624b-Wechat Broadcast", "slug": "wechat-broadcast", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/324fcf1b-a811-4750-bf48-87cb6570d51a?source=api-scan" ], "published": "2018-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "325298a6-954b-4cf7-a96a-9571cdb0b5a5": { "id": "325298a6-954b-4cf7-a96a-9571cdb0b5a5", "title": "WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/325298a6-954b-4cf7-a96a-9571cdb0b5a5?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3253e1b3-ac63-4796-ac10-92781d5a76c8": { "id": "3253e1b3-ac63-4796-ac10-92781d5a76c8", "title": "ImageRecycle pdf & image compression <= 3.1.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3253e1b3-ac63-4796-ac10-92781d5a76c8?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3256da87-0d37-4c8f-9bac-95e3017e35d5": { "id": "3256da87-0d37-4c8f-9bac-95e3017e35d5", "title": "NinjaTeam Header Footer Custom Code < 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NinjaTeam Header Footer Custom Code", "slug": "header-footer-code", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3256da87-0d37-4c8f-9bac-95e3017e35d5?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "325813f3-c893-4e98-ad99-452ff63d5e18": { "id": "325813f3-c893-4e98-ad99-452ff63d5e18", "title": "PPOM for WooCommerce <= 32.0.20 - Unauthenticated Content Injection Vulnerability", "software": [ { "type": "plugin", "name": "PPOM \u2013 Product Addons & Custom Fields for WooCommerce", "slug": "woocommerce-product-addon", "affected_versions": { "* - 32.0.20": { "from_version": "*", "from_inclusive": true, "to_version": "32.0.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "32.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/325813f3-c893-4e98-ad99-452ff63d5e18?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32594284-a7ed-4f43-b0cf-dc0e561768c2": { "id": "32594284-a7ed-4f43-b0cf-dc0e561768c2", "title": "WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps < 2.1.3 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps", "slug": "wordpress-mobile-pack", "affected_versions": { "[*, 2.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32594284-a7ed-4f43-b0cf-dc0e561768c2?source=api-scan" ], "published": "2015-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "325dd035-db3d-49b4-a422-7c2c734bfd32": { "id": "325dd035-db3d-49b4-a422-7c2c734bfd32", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.5.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/325dd035-db3d-49b4-a422-7c2c734bfd32?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32647c44-389a-4a6d-a32b-e19a35bc2aeb": { "id": "32647c44-389a-4a6d-a32b-e19a35bc2aeb", "title": "Auto Excerpt everywhere <= 1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Auto Excerpt everywhere", "slug": "auto-excerpt-everywhere", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32647c44-389a-4a6d-a32b-e19a35bc2aeb?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32648d65-88a7-48fa-adeb-3060a1cf5b93": { "id": "32648d65-88a7-48fa-adeb-3060a1cf5b93", "title": "Unyson <= 2.7.26 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unyson", "slug": "unyson", "affected_versions": { "* - 2.7.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32648d65-88a7-48fa-adeb-3060a1cf5b93?source=api-scan" ], "published": "2022-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32652a9a-00ba-4e86-9947-c7c7ebd21494": { "id": "32652a9a-00ba-4e86-9947-c7c7ebd21494", "title": "Multi-column Tag Map <= 17.0.24 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Multi-column Tag Map", "slug": "multi-column-tag-map", "affected_versions": { "* - 17.0.24": { "from_version": "*", "from_inclusive": true, "to_version": "17.0.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "17.0.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32652a9a-00ba-4e86-9947-c7c7ebd21494?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "326618eb-186b-44a2-a779-00d5366bfff2": { "id": "326618eb-186b-44a2-a779-00d5366bfff2", "title": "Essential Grid <= 3.0.18 - Missing Authorization", "software": [ { "type": "plugin", "name": "Essential Grid Portfolio \u2013 Photo Gallery", "slug": "essential-grid", "affected_versions": { "* - 3.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/326618eb-186b-44a2-a779-00d5366bfff2?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32682598-ad1c-4aa1-bdf2-a7966a4d1dbe": { "id": "32682598-ad1c-4aa1-bdf2-a7966a4d1dbe", "title": "BEAR <= 1.1.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Plugin Options", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32682598-ad1c-4aa1-bdf2-a7966a4d1dbe?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32713069-ea40-46ef-a789-9646eab2e651": { "id": "32713069-ea40-46ef-a789-9646eab2e651", "title": "WP Customer Area <= 8.2.1 - Insecure Direct Object Reference to Address Modification", "software": [ { "type": "plugin", "name": "WP Customer Area", "slug": "customer-area", "affected_versions": { "* - 8.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32713069-ea40-46ef-a789-9646eab2e651?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3275c47d-caf5-49e6-8aa2-20a6d8106f26": { "id": "3275c47d-caf5-49e6-8aa2-20a6d8106f26", "title": "Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter", "software": [ { "type": "plugin", "name": "Thim Elementor Kit", "slug": "thim-elementor-kit", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3275c47d-caf5-49e6-8aa2-20a6d8106f26?source=api-scan" ], "published": "2024-05-10 18:41:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "327e706d-2d6c-4204-a531-281f2e2dbcf0": { "id": "327e706d-2d6c-4204-a531-281f2e2dbcf0", "title": "Horizontal scrolling announcements <= 2.4 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Horizontal scrolling announcements", "slug": "horizontal-scrolling-announcements", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/327e706d-2d6c-4204-a531-281f2e2dbcf0?source=api-scan" ], "published": "2024-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "327f645b-4990-4b5e-b39c-6c55ac4e66f0": { "id": "327f645b-4990-4b5e-b39c-6c55ac4e66f0", "title": "WP Easy Gallery <= 2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/327f645b-4990-4b5e-b39c-6c55ac4e66f0?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3282244f-2b5f-4795-9f3f-461c4fd2e296": { "id": "3282244f-2b5f-4795-9f3f-461c4fd2e296", "title": "DW Question & Answer Pro <= 1.3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DW Question Answer Pro", "slug": "dw-question-answer-pro", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3282244f-2b5f-4795-9f3f-461c4fd2e296?source=api-scan" ], "published": "2022-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3283f2b7-28a5-4c39-aeef-3237ecc57cf3": { "id": "3283f2b7-28a5-4c39-aeef-3237ecc57cf3", "title": "Hide My WP <= 6.2.3 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Hide My WP - Amazing Security Plugin for WordPress!", "slug": "hide_my_wp", "affected_versions": { "* - 6.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3283f2b7-28a5-4c39-aeef-3237ecc57cf3?source=api-scan" ], "published": "2021-11-24 14:14:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "328438ba-128d-4094-83a5-bfd6e1616fa4": { "id": "328438ba-128d-4094-83a5-bfd6e1616fa4", "title": "WP Google Maps <= 8.1.11 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "[*, 8.1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/328438ba-128d-4094-83a5-bfd6e1616fa4?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "328c2df0-e8e9-46e8-a95d-d0b65f9d2f0b": { "id": "328c2df0-e8e9-46e8-a95d-d0b65f9d2f0b", "title": "Team Showcase <= 1.22.25 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Showcase", "slug": "team", "affected_versions": { "* - 1.22.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/328c2df0-e8e9-46e8-a95d-d0b65f9d2f0b?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "329a140f-94e0-4e2e-8030-c091ad8ac65a": { "id": "329a140f-94e0-4e2e-8030-c091ad8ac65a", "title": "LiteSpeed Cache <= 6.5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 6.5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/329a140f-94e0-4e2e-8030-c091ad8ac65a?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "329a7910-fc9e-4786-9f0e-84eeb6e48bf4": { "id": "329a7910-fc9e-4786-9f0e-84eeb6e48bf4", "title": "Logo Carousel <= 3.4.1 - Unauthorised Private Post Access", "software": [ { "type": "plugin", "name": "Logo Carousel \u2013 Responsive Logo Slider, Logo Showcase, and Clients Logo Gallery", "slug": "logo-carousel-free", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/329a7910-fc9e-4786-9f0e-84eeb6e48bf4?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "329f6e9b-f2f4-4c4e-9512-fcf504c2c0ed": { "id": "329f6e9b-f2f4-4c4e-9512-fcf504c2c0ed", "title": "Simple Sticky Footer <= 1.3.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Sticky Footer", "slug": "simple-sticky-footer", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/329f6e9b-f2f4-4c4e-9512-fcf504c2c0ed?source=api-scan" ], "published": "2014-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32a24a9d-b902-4a66-83d5-c8e3b8dd7923": { "id": "32a24a9d-b902-4a66-83d5-c8e3b8dd7923", "title": "Delete Old Order <= 0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Delete Old Orders", "slug": "delete-old-orders", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32a24a9d-b902-4a66-83d5-c8e3b8dd7923?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32aa1fdc-2fca-4486-b704-eabe4668361e": { "id": "32aa1fdc-2fca-4486-b704-eabe4668361e", "title": "Modern Events Calendar Lite <= 6.1.6 - Subscriber+ Category Add Leading to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 6.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32aa1fdc-2fca-4486-b704-eabe4668361e?source=api-scan" ], "published": "2021-12-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32ac72f7-6bcc-4b5d-925a-9c5fc0c1f065": { "id": "32ac72f7-6bcc-4b5d-925a-9c5fc0c1f065", "title": "Advanced Ads <= 1.17.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Ads \u2013\u00a0Ad Manager & AdSense", "slug": "advanced-ads", "affected_versions": { "[*, 1.17.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.17.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32ac72f7-6bcc-4b5d-925a-9c5fc0c1f065?source=api-scan" ], "published": "2020-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32b2b8e9-aa49-4cc3-97b7-249695969461": { "id": "32b2b8e9-aa49-4cc3-97b7-249695969461", "title": "Media File Renamer <= 5.7.7 - Authenticated(Administrator+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Media File Renamer: Rename for better SEO (AI-Powered)", "slug": "media-file-renamer", "affected_versions": { "* - 5.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32b2b8e9-aa49-4cc3-97b7-249695969461?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32b3ad84-6adb-44c1-942a-51f27638c8c9": { "id": "32b3ad84-6adb-44c1-942a-51f27638c8c9", "title": "Multiple Roles < 1.3.7 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Multiple Roles", "slug": "multiple-roles", "affected_versions": { "[*, 1.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32b3ad84-6adb-44c1-942a-51f27638c8c9?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32b49654-26f6-4b83-8851-92e04408e8b2": { "id": "32b49654-26f6-4b83-8851-92e04408e8b2", "title": "Radcliffe 2 <= 2.0.17 - Missing Authorization", "software": [ { "type": "theme", "name": "Radcliffe 2", "slug": "radcliffe-2", "affected_versions": { "* - 2.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32b49654-26f6-4b83-8851-92e04408e8b2?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32b6938a-0566-46c8-8761-0403b3a0e3e9": { "id": "32b6938a-0566-46c8-8761-0403b3a0e3e9", "title": "rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "* - 4.6.18": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32b6938a-0566-46c8-8761-0403b3a0e3e9?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32b70801-d80f-40dc-8321-e12ac0b8c695": { "id": "32b70801-d80f-40dc-8321-e12ac0b8c695", "title": "ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32b70801-d80f-40dc-8321-e12ac0b8c695?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32bc88a7-93ed-4d67-9383-b6d935a0df4d": { "id": "32bc88a7-93ed-4d67-9383-b6d935a0df4d", "title": "SEO Slider <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "SEO Slider", "slug": "seo-slider", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32bc88a7-93ed-4d67-9383-b6d935a0df4d?source=api-scan" ], "published": "2023-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32c2a25d-e660-4700-8df3-b043cf6aa78a": { "id": "32c2a25d-e660-4700-8df3-b043cf6aa78a", "title": "LiveChat Elementor <= 1.0.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Live Chat Plugin for Elementor \u2013 LiveChat", "slug": "livechat-elementor", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32c2a25d-e660-4700-8df3-b043cf6aa78a?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32c46940-d396-4b2a-9f1c-1ca51b8d16a9": { "id": "32c46940-d396-4b2a-9f1c-1ca51b8d16a9", "title": "WooCommerce Report <= 1.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Report", "slug": "ithemelandco-woo-report", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32c46940-d396-4b2a-9f1c-1ca51b8d16a9?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32c4cb55-855c-42ed-a9ac-90f92e8583e0": { "id": "32c4cb55-855c-42ed-a9ac-90f92e8583e0", "title": "Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting via 'sms_prefix'", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 9.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32c4cb55-855c-42ed-a9ac-90f92e8583e0?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32ca6e56-add9-4024-831f-5dfa5130a7d8": { "id": "32ca6e56-add9-4024-831f-5dfa5130a7d8", "title": "Easy Custom Auto Excerpt < 2.4.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Custom Auto Excerpt", "slug": "easy-custom-auto-excerpt", "affected_versions": { "[*, 2.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32ca6e56-add9-4024-831f-5dfa5130a7d8?source=api-scan" ], "published": "2018-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32ccbde2-b6a9-4748-907d-b948937dad09": { "id": "32ccbde2-b6a9-4748-907d-b948937dad09", "title": "Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor Pro", "slug": "piotnet-addons-for-elementor-pro", "affected_versions": { "* - 7.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32ccbde2-b6a9-4748-907d-b948937dad09?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32d0f709-192a-4d9f-bfe9-15c1be4c4b95": { "id": "32d0f709-192a-4d9f-bfe9-15c1be4c4b95", "title": "iThemes Security < 5.3.1 - Insecure Backup\/Logfile Generation", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 5.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32d0f709-192a-4d9f-bfe9-15c1be4c4b95?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32d4c259-b56d-4f8f-84b8-7ef451fd02ad": { "id": "32d4c259-b56d-4f8f-84b8-7ef451fd02ad", "title": "Tourfic <= 2.11.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking", "slug": "tourfic", "affected_versions": { "* - 2.11.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32d4c259-b56d-4f8f-84b8-7ef451fd02ad?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32d80824-c420-40e8-8c07-fb17b1b50644": { "id": "32d80824-c420-40e8-8c07-fb17b1b50644", "title": "FourSquare Checkins < 1.3 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FourSquare Checkins", "slug": "foursquare-checkins", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32d80824-c420-40e8-8c07-fb17b1b50644?source=api-scan" ], "published": "2013-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32d81267-f17c-4d53-bbc9-7b52683351e3": { "id": "32d81267-f17c-4d53-bbc9-7b52683351e3", "title": "SiteBuilder Dynamic Components <= 1.0 - PHP Object Injection", "software": [ { "type": "plugin", "name": "SiteBuilder Dynamic Components", "slug": "sitebuilder-dynamic-components", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32d81267-f17c-4d53-bbc9-7b52683351e3?source=api-scan" ], "published": "2017-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32db57ec-47f8-4b33-b22c-6d8c079412a8": { "id": "32db57ec-47f8-4b33-b22c-6d8c079412a8", "title": "Photospace Gallery <= 2.3.5 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Photospace Gallery", "slug": "photospace", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32db57ec-47f8-4b33-b22c-6d8c079412a8?source=api-scan" ], "published": "2022-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32dd7de3-980d-4ade-988d-a483f16a19df": { "id": "32dd7de3-980d-4ade-988d-a483f16a19df", "title": "Gradient Text Widget for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gradient Text Widget for Elementor", "slug": "gradient-text-widget-for-elementor", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32dd7de3-980d-4ade-988d-a483f16a19df?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32df7bdb-d99d-4548-8960-3fefdf635753": { "id": "32df7bdb-d99d-4548-8960-3fefdf635753", "title": "Push Notification for Post and BuddyPress <= 1.93 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Push Notification for Post and BuddyPress", "slug": "push-notification-for-post-and-buddypress", "affected_versions": { "* - 1.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32df7bdb-d99d-4548-8960-3fefdf635753?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32e8224d-a653-48d7-a3f4-338fc0c1dc77": { "id": "32e8224d-a653-48d7-a3f4-338fc0c1dc77", "title": "WPshop 2 \u2013 E-Commerce < 1.3.9.6 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WPshop 2 \u2013 E-Commerce", "slug": "wpshop", "affected_versions": { "[*, 1.3.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32e8224d-a653-48d7-a3f4-338fc0c1dc77?source=api-scan" ], "published": "2015-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32ee3eb8-18b7-47da-b4f9-cb252ffabc71": { "id": "32ee3eb8-18b7-47da-b4f9-cb252ffabc71", "title": "Quiz Expert \u2013 Easy Quiz Maker, Exam and Test Manager <= 1.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quiz Expert \u2013 Easy Quiz Maker, Exam and Test Manager", "slug": "quiz-expert", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32ee3eb8-18b7-47da-b4f9-cb252ffabc71?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32f03892-500f-4925-9b3d-3160243de8a0": { "id": "32f03892-500f-4925-9b3d-3160243de8a0", "title": "Simple Download Monitor <= 3.8.8 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32f03892-500f-4925-9b3d-3160243de8a0?source=api-scan" ], "published": "2020-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32f2fc21-165c-483f-ab81-48d8f221e4be": { "id": "32f2fc21-165c-483f-ab81-48d8f221e4be", "title": "Jetpack CRM <= 5.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack CRM \u2013 Clients, Leads, Invoices, Billing, Email Marketing, & Automation", "slug": "zero-bs-crm", "affected_versions": { "* - 5.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32f2fc21-165c-483f-ab81-48d8f221e4be?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32f47b68-e1ae-4ed1-9513-bba60aab65fb": { "id": "32f47b68-e1ae-4ed1-9513-bba60aab65fb", "title": "WP CSV Exporter <= 1.3.6 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP CSV Exporter", "slug": "wp-csv-exporter", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32f47b68-e1ae-4ed1-9513-bba60aab65fb?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "32fe8a09-b08f-42dc-b436-96a6ea50a439": { "id": "32fe8a09-b08f-42dc-b436-96a6ea50a439", "title": "xili-tidy-tags <= 1.12.03 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "xili-tidy-tags", "slug": "xili-tidy-tags", "affected_versions": { "* - 1.12.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/32fe8a09-b08f-42dc-b436-96a6ea50a439?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3301899e-5c38-4ecd-b095-6e00b0f7582e": { "id": "3301899e-5c38-4ecd-b095-6e00b0f7582e", "title": "MyCurator Content Curation <= 3.74 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MyCurator Content Curation", "slug": "mycurator", "affected_versions": { "* - 3.74": { "from_version": "*", "from_inclusive": true, "to_version": "3.74", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.75" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3301899e-5c38-4ecd-b095-6e00b0f7582e?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33086968-359f-46d7-825e-29c4e4449899": { "id": "33086968-359f-46d7-825e-29c4e4449899", "title": "Visitor Traffic Real Time Statistics <= 2.11 - Missing Authorization to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Visitor Traffic Real Time Statistics", "slug": "visitors-traffic-real-time-statistics", "affected_versions": { "* - 2.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33086968-359f-46d7-825e-29c4e4449899?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "330e90a1-735c-48db-bf0f-95b7dacd1476": { "id": "330e90a1-735c-48db-bf0f-95b7dacd1476", "title": "Meta slider and carousel with lightbox <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meta Slider and Carousel with Lightbox", "slug": "meta-slider-and-carousel-with-lightbox", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/330e90a1-735c-48db-bf0f-95b7dacd1476?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33129b72-0976-4c09-9cea-b5ba321ae46f": { "id": "33129b72-0976-4c09-9cea-b5ba321ae46f", "title": "WordPress WP-Advanced-Search <= 3.3.6 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress WP-Advanced-Search", "slug": "wp-advanced-search", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33129b72-0976-4c09-9cea-b5ba321ae46f?source=api-scan" ], "published": "2020-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33153ebe-65fc-4db8-84fe-df22554be3ba": { "id": "33153ebe-65fc-4db8-84fe-df22554be3ba", "title": "Check & Log Email <= 0.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Check & Log Email \u2013 Easy Email Testing & Mail logging", "slug": "check-email", "affected_versions": { "[*, 0.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33153ebe-65fc-4db8-84fe-df22554be3ba?source=api-scan" ], "published": "2016-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33166510-41b2-4e9a-8bd7-501235729346": { "id": "33166510-41b2-4e9a-8bd7-501235729346", "title": "WP 404 Auto Redirect to Similar Post <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP 404 Auto Redirect to Similar Post", "slug": "wp-404-auto-redirect-to-similar-post", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33166510-41b2-4e9a-8bd7-501235729346?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3316ea0d-4311-4363-b443-b4aeedb2ee36": { "id": "3316ea0d-4311-4363-b443-b4aeedb2ee36", "title": "Mighty Classic Pros And Cons <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mighty Classic Pros And Cons", "slug": "joomdev-wp-pros-cons", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3316ea0d-4311-4363-b443-b4aeedb2ee36?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3320c182-b1f9-4e06-92ea-0fa670557dd0": { "id": "3320c182-b1f9-4e06-92ea-0fa670557dd0", "title": "Network Summary <= 2.0.11 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Network Summary", "slug": "network-summary", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3320c182-b1f9-4e06-92ea-0fa670557dd0?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33210104-68fc-4d88-b681-b30e7abd6e18": { "id": "33210104-68fc-4d88-b681-b30e7abd6e18", "title": "Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keap Official Opt-in Forms", "slug": "infusionsoft-official-opt-in-forms", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33210104-68fc-4d88-b681-b30e7abd6e18?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3323b809-b778-48fb-967c-cedba9010495": { "id": "3323b809-b778-48fb-967c-cedba9010495", "title": "YOP Poll <= 5.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "[*, 5.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3323b809-b778-48fb-967c-cedba9010495?source=api-scan" ], "published": "2017-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33275478-59ad-412b-b970-9a39d522bd66": { "id": "33275478-59ad-412b-b970-9a39d522bd66", "title": "Greenshift \u2013 animation and page builder blocks <= 9.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Greenshift \u2013 animation and page builder blocks", "slug": "greenshift-animation-and-page-builder-blocks", "affected_versions": { "* - 9.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33275478-59ad-412b-b970-9a39d522bd66?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33275cdc-21d4-42b7-bd0e-f5154faf2d6c": { "id": "33275cdc-21d4-42b7-bd0e-f5154faf2d6c", "title": "Comments Like Dislike <= 1.2.2 - IP Spoofing", "software": [ { "type": "plugin", "name": "Comments Like Dislike", "slug": "comments-like-dislike", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33275cdc-21d4-42b7-bd0e-f5154faf2d6c?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "332909d5-e3bf-42a7-af52-c4e50b05f97e": { "id": "332909d5-e3bf-42a7-af52-c4e50b05f97e", "title": "WordPress File Upload <= 4.24.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.24.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/332909d5-e3bf-42a7-af52-c4e50b05f97e?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "332b8d96-89b2-473b-9186-239e49f5b064": { "id": "332b8d96-89b2-473b-9186-239e49f5b064", "title": "Download Manager <= 3.2.53 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.53": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/332b8d96-89b2-473b-9186-239e49f5b064?source=api-scan" ], "published": "2022-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "332c0829-316d-4037-8c50-02d6c92cdb10": { "id": "332c0829-316d-4037-8c50-02d6c92cdb10", "title": "Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/332c0829-316d-4037-8c50-02d6c92cdb10?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "332f8a7e-2342-4b77-a7d6-17137e432b5b": { "id": "332f8a7e-2342-4b77-a7d6-17137e432b5b", "title": "Counter Box <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site", "slug": "counter-box", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/332f8a7e-2342-4b77-a7d6-17137e432b5b?source=api-scan" ], "published": "2022-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3334fc78-48c5-4cfa-ac83-5690fdbf590a": { "id": "3334fc78-48c5-4cfa-ac83-5690fdbf590a", "title": "Limit Login Attempts <= 1.7.1 - Authenticated(Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limit Login Attempts", "slug": "limit-login-attempts", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3334fc78-48c5-4cfa-ac83-5690fdbf590a?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33356b50-9c9c-4719-8321-b391fda69867": { "id": "33356b50-9c9c-4719-8321-b391fda69867", "title": "Pricing Table by Supsystic <= 1.9.12 - Authenticated (Admin+) Content Injection", "software": [ { "type": "plugin", "name": "Pricing Table by Supsystic", "slug": "pricing-table-by-supsystic", "affected_versions": { "* - 1.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33356b50-9c9c-4719-8321-b391fda69867?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33386b7b-fae3-42a4-96d3-df3cdc342317": { "id": "33386b7b-fae3-42a4-96d3-df3cdc342317", "title": "Apollo13 Framework Extensions <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Apollo13 Framework Extensions", "slug": "apollo13-framework-extensions", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33386b7b-fae3-42a4-96d3-df3cdc342317?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33398af8-7b7f-47e5-b95b-c9faa33d0c80": { "id": "33398af8-7b7f-47e5-b95b-c9faa33d0c80", "title": "Booking for Appointments and Events Calendar \u2013 Amelia <= 1.0.85 - Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.85": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.85", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.86" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33398af8-7b7f-47e5-b95b-c9faa33d0c80?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "334570f7-967b-4792-934c-ebe4c4f18490": { "id": "334570f7-967b-4792-934c-ebe4c4f18490", "title": "My Calendar <= 3.3.24.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.3.24.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.24.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/334570f7-967b-4792-934c-ebe4c4f18490?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "334839c2-6844-4531-ab16-26f32ddcaba1": { "id": "334839c2-6844-4531-ab16-26f32ddcaba1", "title": "BeePress <= 6.9.8 - Cross-Site Request Forgery via beepress-pro.php", "software": [ { "type": "plugin", "name": "\u871c\u8702\u91c7\u96c6-BeePress \u5fae\u4fe1\u516c\u4f17\u53f7\u4eca\u65e5\u5934\u6761\u77e5\u4e4e\u4e13\u680f\u7b80\u4e66\u7b49\u5e73\u53f0\u6587\u7ae0\u91c7\u96c6\u63d2\u4ef6", "slug": "beepress", "affected_versions": { "* - 6.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/334839c2-6844-4531-ab16-26f32ddcaba1?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "334be95c-438a-4e03-9ee4-9a6d2c2fa5f7": { "id": "334be95c-438a-4e03-9ee4-9a6d2c2fa5f7", "title": "WP Job Openings <= 3.4.2 - Information Exposure", "software": [ { "type": "plugin", "name": "WP Job Openings \u2013 Job Listing, Career Page and Recruitment Plugin", "slug": "wp-job-openings", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/334be95c-438a-4e03-9ee4-9a6d2c2fa5f7?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "334ecb1e-027c-4a0f-88cb-34b02482f097": { "id": "334ecb1e-027c-4a0f-88cb-34b02482f097", "title": "Simple Post <= 1.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Post", "slug": "simple-post", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/334ecb1e-027c-4a0f-88cb-34b02482f097?source=api-scan" ], "published": "2021-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "334ff8d7-1313-4c19-aed3-0c4625b895ab": { "id": "334ff8d7-1313-4c19-aed3-0c4625b895ab", "title": "Calculated Fields Form <= 1.0.353 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.0.353": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.353", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.354" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/334ff8d7-1313-4c19-aed3-0c4625b895ab?source=api-scan" ], "published": "2020-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33512495-91d6-4efe-9c76-484ab07874f6": { "id": "33512495-91d6-4efe-9c76-484ab07874f6", "title": "Easy Testimonials <= 3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Testimonials", "slug": "easy-testimonials", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33512495-91d6-4efe-9c76-484ab07874f6?source=api-scan" ], "published": "2022-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "335402dd-5c18-4927-aa59-9683003064ca": { "id": "335402dd-5c18-4927-aa59-9683003064ca", "title": "Page Builder Gutenberg Blocks \u2013 CoBlocks <= 3.1.11 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Page Builder Gutenberg Blocks \u2013 CoBlocks", "slug": "coblocks", "affected_versions": { "* - 3.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/335402dd-5c18-4927-aa59-9683003064ca?source=api-scan" ], "published": "2024-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3354b925-2e4a-4ee5-b436-2c1a502b1725": { "id": "3354b925-2e4a-4ee5-b436-2c1a502b1725", "title": "NextGEN Gallery <= 3.37 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.37": { "from_version": "*", "from_inclusive": true, "to_version": "3.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3354b925-2e4a-4ee5-b436-2c1a502b1725?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33581898-067b-445c-8ad0-12ff4778a13c": { "id": "33581898-067b-445c-8ad0-12ff4778a13c", "title": "Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Creative Addons for Elementor", "slug": "creative-addons-for-elementor", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33581898-067b-445c-8ad0-12ff4778a13c?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33585791-be40-438c-bebc-8852e7cf8ae5": { "id": "33585791-be40-438c-bebc-8852e7cf8ae5", "title": "Community by PeepSo <= 6.4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33585791-be40-438c-bebc-8852e7cf8ae5?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "335960e7-a0fa-4f36-9b06-a77b6273b070": { "id": "335960e7-a0fa-4f36-9b06-a77b6273b070", "title": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging", "slug": "wp-rss-aggregator", "affected_versions": { "* - 4.23.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.23.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/335960e7-a0fa-4f36-9b06-a77b6273b070?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3363149f-a522-49a1-94c8-a3bcd865f911": { "id": "3363149f-a522-49a1-94c8-a3bcd865f911", "title": "Table Rate Shipping Method for WooCommerce by Flexible Shipping <= 4.11.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Table Rate Shipping Method for WooCommerce by Flexible Shipping", "slug": "flexible-shipping", "affected_versions": { "* - 4.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.11.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3363149f-a522-49a1-94c8-a3bcd865f911?source=api-scan" ], "published": "2022-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33680429-8a52-412b-ab61-d261801319a0": { "id": "33680429-8a52-412b-ab61-d261801319a0", "title": "Simple Login Log < 1.1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Simple Login Log", "slug": "simple-login-log", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33680429-8a52-412b-ab61-d261801319a0?source=api-scan" ], "published": "2017-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3368e4b4-9876-447b-acb4-3648e83ed997": { "id": "3368e4b4-9876-447b-acb4-3648e83ed997", "title": "Acunetix WP Security <= 4.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Acunetix WP Security", "slug": "wp-security-scan", "affected_versions": { "[*, 4.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3368e4b4-9876-447b-acb4-3648e83ed997?source=api-scan" ], "published": "2014-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "336e2429-97ab-4948-9d21-f0121216d2d1": { "id": "336e2429-97ab-4948-9d21-f0121216d2d1", "title": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode", "software": [ { "type": "plugin", "name": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce", "slug": "wp-cafe", "affected_versions": { "* - 2.2.24": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/336e2429-97ab-4948-9d21-f0121216d2d1?source=api-scan" ], "published": "2024-05-30 18:20:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "336eb1fb-dc94-417d-b9b6-488c105aab1e": { "id": "336eb1fb-dc94-417d-b9b6-488c105aab1e", "title": "Find and Replace All <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Find and Replace All", "slug": "find-and-replace-all", "affected_versions": { "1.2": { "from_version": "1.2", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/336eb1fb-dc94-417d-b9b6-488c105aab1e?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33707b80-5cc1-4678-bf87-8c5131634c94": { "id": "33707b80-5cc1-4678-bf87-8c5131634c94", "title": "Video Conferencing with Zoom <= 3.9.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Conferencing with Zoom", "slug": "video-conferencing-with-zoom-api", "affected_versions": { "* - 3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33707b80-5cc1-4678-bf87-8c5131634c94?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33727746-4481-4b7f-8d2a-100027b7d1c3": { "id": "33727746-4481-4b7f-8d2a-100027b7d1c3", "title": "Blog Designer <=1.8.10 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blog Designer", "slug": "blog-designer", "affected_versions": { "* - 1.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33727746-4481-4b7f-8d2a-100027b7d1c3?source=api-scan" ], "published": "2019-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33770bfd-c481-4e18-838b-89a5fb5b15f0": { "id": "33770bfd-c481-4e18-838b-89a5fb5b15f0", "title": "eBecas <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "eBecas", "slug": "ebecas", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33770bfd-c481-4e18-838b-89a5fb5b15f0?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3379dde1-d1fb-4ec8-b834-de00fb6a38f2": { "id": "3379dde1-d1fb-4ec8-b834-de00fb6a38f2", "title": "WordPress Core < 5.4.1 - Authenticated (Author+) Cross-Site Scripting via File Uploads", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.32": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.32", "to_inclusive": true }, "3.8 - 3.8.32": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.32", "to_inclusive": true }, "3.9 - 3.9.30": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.30", "to_inclusive": true }, "4.0 - 4.0.29": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.29", "to_inclusive": true }, "4.1 - 4.1.29": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.29", "to_inclusive": true }, "4.2 - 4.2.26": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.26", "to_inclusive": true }, "4.3 - 4.3.22": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.22", "to_inclusive": true }, "4.4 - 4.4.21": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.21", "to_inclusive": true }, "4.5 - 4.5.20": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.20", "to_inclusive": true }, "4.6 - 4.6.17": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.17", "to_inclusive": true }, "4.7 - 4.7.16": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.16", "to_inclusive": true }, "4.8 - 4.8.12": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.12", "to_inclusive": true }, "4.9 - 4.9.13": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true }, "5.0 - 5.0.8": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true }, "5.1 - 5.1.4": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true }, "5.2 - 5.2.5": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true }, "5.3 - 5.3.2": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true }, "5.4": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.33", "3.8.33", "3.9.31", "4.0.30", "4.1.30", "4.2.27", "4.3.23", "4.4.22", "4.5.21", "4.6.18", "4.7.17", "4.8.13", "4.9.14", "5.0.9", "5.1.5", "5.2.6", "5.3.3", "5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3379dde1-d1fb-4ec8-b834-de00fb6a38f2?source=api-scan" ], "published": "2020-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "337cbec1-c8a8-41b5-8c32-779be671120f": { "id": "337cbec1-c8a8-41b5-8c32-779be671120f", "title": "Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.971": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.971", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.972" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/337cbec1-c8a8-41b5-8c32-779be671120f?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "337d052c-6ee2-4cd0-8a69-a4b66b25517a": { "id": "337d052c-6ee2-4cd0-8a69-a4b66b25517a", "title": "Announcement & Notification Banner \u2013 Bulletin <= 3.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Announcement & Notification Banner \u2013 Bulletin", "slug": "bulletin-announcements", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/337d052c-6ee2-4cd0-8a69-a4b66b25517a?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "338158b5-bbda-4cd8-b4ea-97a3926a0989": { "id": "338158b5-bbda-4cd8-b4ea-97a3926a0989", "title": "Ninja Tables <= 4.3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ninja Tables \u2013 Easiest Data Table Builder", "slug": "ninja-tables", "affected_versions": { "* - 4.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/338158b5-bbda-4cd8-b4ea-97a3926a0989?source=api-scan" ], "published": "2023-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33823749-e977-4c91-b8c4-d9774ba46dd9": { "id": "33823749-e977-4c91-b8c4-d9774ba46dd9", "title": "eshop <= 6.3.13 - Cross-Site Forgery Request and Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eShop", "slug": "eshop", "affected_versions": { "* - 6.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33823749-e977-4c91-b8c4-d9774ba46dd9?source=api-scan" ], "published": "2015-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33836cee-c3f6-4c49-9acb-7c8f00839fdd": { "id": "33836cee-c3f6-4c49-9acb-7c8f00839fdd", "title": "Easy Digital Downloads \u2013 Favorites <= 1.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EDD Favorites", "slug": "edd-favorites", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33836cee-c3f6-4c49-9acb-7c8f00839fdd?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "339ab2b6-ca5e-41a8-ad32-9d2a271fb320": { "id": "339ab2b6-ca5e-41a8-ad32-9d2a271fb320", "title": "amerisale-re (All Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "amerisale-re", "slug": "amerisale-re", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/339ab2b6-ca5e-41a8-ad32-9d2a271fb320?source=api-scan" ], "published": "2014-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "339c4eba-fa34-4db6-be4b-bcf0ba98121a": { "id": "339c4eba-fa34-4db6-be4b-bcf0ba98121a", "title": "WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal", "software": [ { "type": "plugin", "name": "WebToffee WP Backup and Migration", "slug": "wp-migration-duplicator", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/339c4eba-fa34-4db6-be4b-bcf0ba98121a?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33a26790-1fb8-4088-87dc-e026a28f205d": { "id": "33a26790-1fb8-4088-87dc-e026a28f205d", "title": "Encrypted Blog <= 0.0.6.2 - Open Redirect", "software": [ { "type": "plugin", "name": "Encrypted Blog", "slug": "encrypted-blog", "affected_versions": { "* - 0.0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.0.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33a26790-1fb8-4088-87dc-e026a28f205d?source=api-scan" ], "published": "2013-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33a47156-ee93-4b59-9f73-56be5c9e3b00": { "id": "33a47156-ee93-4b59-9f73-56be5c9e3b00", "title": "Featured Post Creative <= 1.2.7 - Cross-Site Request Forgery via wpfp_update_featured_post", "software": [ { "type": "plugin", "name": "Featured Post Creative", "slug": "featured-post-creative", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33a47156-ee93-4b59-9f73-56be5c9e3b00?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33a54cae-0fa3-4c25-bf81-8423f5e01e84": { "id": "33a54cae-0fa3-4c25-bf81-8423f5e01e84", "title": "Debug Log Manager <= 2.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Debug Log Manager", "slug": "debug-log-manager", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33a54cae-0fa3-4c25-bf81-8423f5e01e84?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33a8173e-cb1a-4396-a05b-7404bf899ad9": { "id": "33a8173e-cb1a-4396-a05b-7404bf899ad9", "title": "My Tickets <= 1.9.11 - Authorization Bypass", "software": [ { "type": "plugin", "name": "My Tickets \u2013 Accessible Event Ticketing", "slug": "my-tickets", "affected_versions": { "* - 1.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33a8173e-cb1a-4396-a05b-7404bf899ad9?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33a91dd0-2589-4bb4-886b-1832a216205b": { "id": "33a91dd0-2589-4bb4-886b-1832a216205b", "title": "Restaurant & Cafe Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restaurant & Cafe Addon for Elementor", "slug": "restaurant-cafe-addon-for-elementor", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33a91dd0-2589-4bb4-886b-1832a216205b?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33adf97e-c0f9-488b-b9cf-e703578c4d1e": { "id": "33adf97e-c0f9-488b-b9cf-e703578c4d1e", "title": "bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bbPress Voting", "slug": "bbp-voting", "affected_versions": { "[*, 2.1.11.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.11.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33adf97e-c0f9-488b-b9cf-e703578c4d1e?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33aed550-5a2d-4a0a-8199-f2dfd212be92": { "id": "33aed550-5a2d-4a0a-8199-f2dfd212be92", "title": "Mega Addons For WPBakery Page Builder <= 4.2.7 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Mega Addons For WPBakery Page Builder", "slug": "mega-addons-for-visual-composer", "affected_versions": { "* - 4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33aed550-5a2d-4a0a-8199-f2dfd212be92?source=api-scan" ], "published": "2022-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33b5e231-1b53-4646-ae9c-48babf1ebbd7": { "id": "33b5e231-1b53-4646-ae9c-48babf1ebbd7", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33b5e231-1b53-4646-ae9c-48babf1ebbd7?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33b92a86-bb3e-4307-b2cb-7dfde56505cc": { "id": "33b92a86-bb3e-4307-b2cb-7dfde56505cc", "title": "Thumbnail Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thumbnail Slider With Lightbox", "slug": "wp-responsive-slider-with-lightbox", "affected_versions": { "* - 1.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33b92a86-bb3e-4307-b2cb-7dfde56505cc?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33bf39f8-6f56-4089-bb46-5d401af72953": { "id": "33bf39f8-6f56-4089-bb46-5d401af72953", "title": "Zephyr Project Manager <= 3.3.102 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.102": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.102", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.103" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33bf39f8-6f56-4089-bb46-5d401af72953?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33c23ad3-7d4f-4e2d-b28e-a402b1355480": { "id": "33c23ad3-7d4f-4e2d-b28e-a402b1355480", "title": "WP Vault <= 0.8.6.6 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Vault", "slug": "wp-vault", "affected_versions": { "* - 0.8.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33c23ad3-7d4f-4e2d-b28e-a402b1355480?source=api-scan" ], "published": "2016-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33c2756d-c300-479f-b3aa-8f22c3a70278": { "id": "33c2756d-c300-479f-b3aa-8f22c3a70278", "title": "Animated Counters <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Animated Counters", "slug": "animated-counters", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33c2756d-c300-479f-b3aa-8f22c3a70278?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33c666af-b51f-4d9e-9c32-ca0a124cd4b7": { "id": "33c666af-b51f-4d9e-9c32-ca0a124cd4b7", "title": "WordPress Core < 2.5 - Full Path Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33c666af-b51f-4d9e-9c32-ca0a124cd4b7?source=api-scan" ], "published": "2007-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33cba63c-4629-48fd-850f-f68dad626a67": { "id": "33cba63c-4629-48fd-850f-f68dad626a67", "title": "SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 5.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33cba63c-4629-48fd-850f-f68dad626a67?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33cdd58b-9e5e-492e-a211-78de592f0663": { "id": "33cdd58b-9e5e-492e-a211-78de592f0663", "title": "easy.jobs <= 2.4.6 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg", "slug": "easyjobs", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33cdd58b-9e5e-492e-a211-78de592f0663?source=api-scan" ], "published": "2024-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33cf27ba-a01b-4e34-9584-b1d3fc87af34": { "id": "33cf27ba-a01b-4e34-9584-b1d3fc87af34", "title": "Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Discount Rules for WooCommerce \u2013 Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons", "slug": "woo-discount-rules", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33cf27ba-a01b-4e34-9584-b1d3fc87af34?source=api-scan" ], "published": "2020-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33cfdad9-d335-4721-990d-54109d7673a0": { "id": "33cfdad9-d335-4721-990d-54109d7673a0", "title": "WP GoToWebinar <= 15.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP GoToWebinar", "slug": "wp-gotowebinar", "affected_versions": { "* - 15.7": { "from_version": "*", "from_inclusive": true, "to_version": "15.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33cfdad9-d335-4721-990d-54109d7673a0?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33d7dc4d-bb41-456a-bd1a-37d8f2aada30": { "id": "33d7dc4d-bb41-456a-bd1a-37d8f2aada30", "title": "Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33df558a-da81-46e0-bef9-ddb2bb90a5c5": { "id": "33df558a-da81-46e0-bef9-ddb2bb90a5c5", "title": "Mark Posts <= 2.0.0 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mark Posts", "slug": "mark-posts", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33df558a-da81-46e0-bef9-ddb2bb90a5c5?source=api-scan" ], "published": "2022-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33df72a5-d2bc-4af5-b5bc-f26d7249d238": { "id": "33df72a5-d2bc-4af5-b5bc-f26d7249d238", "title": "Think Responsive <= 1.0 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Think Responsive", "slug": "thinkresponsive", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33df72a5-d2bc-4af5-b5bc-f26d7249d238?source=api-scan" ], "published": "2013-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33e010dd-d9b2-410c-8397-638def946fbe": { "id": "33e010dd-d9b2-410c-8397-638def946fbe", "title": "Human Presence \u2013 Stop Form Spam Without ReCaptcha < 2.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Human Presence \u2013 Stop Form Spam Without ReCaptcha", "slug": "ellipsis-human-presence-technology", "affected_versions": { "[*, 2.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33e010dd-d9b2-410c-8397-638def946fbe?source=api-scan" ], "published": "2019-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33e7006f-3fb9-4493-9ce5-67698c877159": { "id": "33e7006f-3fb9-4493-9ce5-67698c877159", "title": "Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox", "software": [ { "type": "plugin", "name": "Ultimate Blocks \u2013 WordPress Blocks Plugin", "slug": "ultimate-blocks", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33e7006f-3fb9-4493-9ce5-67698c877159?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33e8a48e-0ddb-4278-a023-818aebe92dab": { "id": "33e8a48e-0ddb-4278-a023-818aebe92dab", "title": "WordPress Core < 2.6.1 - Cryptographic Weakness", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33e8a48e-0ddb-4278-a023-818aebe92dab?source=api-scan" ], "published": "2008-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33efcbb4-2bb9-4414-bc95-55bedb92c551": { "id": "33efcbb4-2bb9-4414-bc95-55bedb92c551", "title": "Stout Google Calendar <= 1.2.3 - Cross-Site Request Forgery via sgc_plugin_options", "software": [ { "type": "plugin", "name": "Stout Google Calendar", "slug": "stout-google-calendar", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33efcbb4-2bb9-4414-bc95-55bedb92c551?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33f07db9-ff4f-4f81-bf32-18b04d19624d": { "id": "33f07db9-ff4f-4f81-bf32-18b04d19624d", "title": "Affiliates Manager <= 2.6.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "[*, 2.6.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33f07db9-ff4f-4f81-bf32-18b04d19624d?source=api-scan" ], "published": "2019-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33f3c466-bdeb-402f-bf34-bc703f35e1e2": { "id": "33f3c466-bdeb-402f-bf34-bc703f35e1e2", "title": "Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update", "software": [ { "type": "plugin", "name": "Amazonify", "slug": "amazonify", "affected_versions": { "* - 0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33f3c466-bdeb-402f-bf34-bc703f35e1e2?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33f63bd9-3031-40e8-b72e-1cbbcce5b782": { "id": "33f63bd9-3031-40e8-b72e-1cbbcce5b782", "title": "Squelch Tabs and Accordions Shortcodes <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode", "software": [ { "type": "plugin", "name": "Squelch Tabs and Accordions Shortcodes", "slug": "squelch-tabs-and-accordions-shortcodes", "affected_versions": { "* - 0.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33f63bd9-3031-40e8-b72e-1cbbcce5b782?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33f8f75d-c57e-456c-a48a-82fa668adb1c": { "id": "33f8f75d-c57e-456c-a48a-82fa668adb1c", "title": "YOP Poll <= 6.5.28 - Reusable Captcha via validateImage", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "* - 6.5.28": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33f8f75d-c57e-456c-a48a-82fa668adb1c?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "33fd4542-0a46-4779-be02-d713dcbc8f96": { "id": "33fd4542-0a46-4779-be02-d713dcbc8f96", "title": "WCP Contact Form <= 3.1.0 - Reflected Cross-Site Scripting via tab parameter", "software": [ { "type": "plugin", "name": "WCP Contact Form", "slug": "wcp-contact-form", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/33fd4542-0a46-4779-be02-d713dcbc8f96?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34021007-b5d3-479b-a0d4-50e301f22c9c": { "id": "34021007-b5d3-479b-a0d4-50e301f22c9c", "title": "Login Lockdown \u2013 Protect Login Form <= 2.08 - Missing Authorization", "software": [ { "type": "plugin", "name": "Login Lockdown & Protection", "slug": "login-lockdown", "affected_versions": { "* - 2.08": { "from_version": "*", "from_inclusive": true, "to_version": "2.08", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.09" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34021007-b5d3-479b-a0d4-50e301f22c9c?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34045b62-a4d8-4fa0-ac8b-e1ca8ca72fca": { "id": "34045b62-a4d8-4fa0-ac8b-e1ca8ca72fca", "title": "API info for Plugins & Themes from WP.ORG <= 1.04 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "API info for Plugins & Themes from WP.ORG", "slug": "api-info-themes-plugins-wp-org", "affected_versions": { "* - 1.04": { "from_version": "*", "from_inclusive": true, "to_version": "1.04", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34045b62-a4d8-4fa0-ac8b-e1ca8ca72fca?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3408bdfd-6337-4c26-b0f2-377375d0e52c": { "id": "3408bdfd-6337-4c26-b0f2-377375d0e52c", "title": "Anti-Malware Security and Brute-Force Firewall <= 4.15.22 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Malware Security and Brute-Force Firewall", "slug": "gotmls", "affected_versions": { "[*, 4.15.23)": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.15.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3408bdfd-6337-4c26-b0f2-377375d0e52c?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "340a46e5-b15d-4f0c-8b7e-51f7de7741b5": { "id": "340a46e5-b15d-4f0c-8b7e-51f7de7741b5", "title": "S3bubble Amazon S3 Media Streaming <= 3.5.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "S3bubble Amazon S3 Media Streaming", "slug": "s3audible-amazon-s3-music-player", "affected_versions": { "* - 3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/340a46e5-b15d-4f0c-8b7e-51f7de7741b5?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "340d6e92-81a0-4659-b60b-922f63476a33": { "id": "340d6e92-81a0-4659-b60b-922f63476a33", "title": "SrbTransLatin <= 1.46 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SrbTransLatin \u2013 Serbian Latinisation", "slug": "srbtranslatin", "affected_versions": { "* - 1.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/340d6e92-81a0-4659-b60b-922f63476a33?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "340e98bf-6484-4634-b2f8-e02f14de67de": { "id": "340e98bf-6484-4634-b2f8-e02f14de67de", "title": "Predictive Search <= 1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Predictive Search", "slug": "predictive-search", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/340e98bf-6484-4634-b2f8-e02f14de67de?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34110479-2581-4710-82ff-1d53535d83e1": { "id": "34110479-2581-4710-82ff-1d53535d83e1", "title": "LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.7.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34110479-2581-4710-82ff-1d53535d83e1?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "341516d3-b785-4daf-98de-76f4f94b8c96": { "id": "341516d3-b785-4daf-98de-76f4f94b8c96", "title": "PDF Poster - PDF Embedder Plugin for WordPress <= 2.1.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Poster \u2013 PDF Embedder Plugin", "slug": "pdf-poster", "affected_versions": { "* - 2.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/341516d3-b785-4daf-98de-76f4f94b8c96?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "341cbd60-33b9-49f8-b8f3-3c44664ce463": { "id": "341cbd60-33b9-49f8-b8f3-3c44664ce463", "title": "Hover Image <= 1.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hover Image", "slug": "hover-image", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/341cbd60-33b9-49f8-b8f3-3c44664ce463?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "342049e5-834e-4867-8174-01ca7bb0caa2": { "id": "342049e5-834e-4867-8174-01ca7bb0caa2", "title": "Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/342049e5-834e-4867-8174-01ca7bb0caa2?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "342370a0-9364-40cd-9556-e53312e67548": { "id": "342370a0-9364-40cd-9556-e53312e67548", "title": "WordPress Core < 3.4.2 - Missing Authorization Checks", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/342370a0-9364-40cd-9556-e53312e67548?source=api-scan" ], "published": "2012-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3424c187-cf71-41f0-abb8-f0e843750465": { "id": "3424c187-cf71-41f0-abb8-f0e843750465", "title": "Forms <= 1.12.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forms", "slug": "forms-by-made-it", "affected_versions": { "[*, 1.12.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3424c187-cf71-41f0-abb8-f0e843750465?source=api-scan" ], "published": "2021-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3428bc71-64f9-4f8d-85c8-7dda81b2ac18": { "id": "3428bc71-64f9-4f8d-85c8-7dda81b2ac18", "title": "Beam me up Scotty \u2013 Back to Top Button <= 1.0.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beam me up Scotty \u2013 Back to Top Button", "slug": "beam-me-up-scotty", "affected_versions": { "* - 1.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3428bc71-64f9-4f8d-85c8-7dda81b2ac18?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "342a4482-f5d3-4cc9-a998-e3abac7142cf": { "id": "342a4482-f5d3-4cc9-a998-e3abac7142cf", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/342a4482-f5d3-4cc9-a998-e3abac7142cf?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "342b2e81-fb26-416a-8f3d-4bc221260228": { "id": "342b2e81-fb26-416a-8f3d-4bc221260228", "title": "Relevanssi Premium < 1.14.6.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search (Pro)", "slug": "relevanssi-premium", "affected_versions": { "[*, 1.14.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.14.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/342b2e81-fb26-416a-8f3d-4bc221260228?source=api-scan" ], "published": "2016-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "342d6941-6987-4756-b554-1699128b9108": { "id": "342d6941-6987-4756-b554-1699128b9108", "title": "Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/342d6941-6987-4756-b554-1699128b9108?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "342d90e1-9d2e-4262-9667-013a8506727b": { "id": "342d90e1-9d2e-4262-9667-013a8506727b", "title": "Helpful <= 4.5.14 - Authorization Bypass to Repeat Voting", "software": [ { "type": "plugin", "name": "Helpful", "slug": "helpful", "affected_versions": { "* - 4.5.14": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/342d90e1-9d2e-4262-9667-013a8506727b?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3436916c-a7ab-4960-8afe-145b3799392e": { "id": "3436916c-a7ab-4960-8afe-145b3799392e", "title": "Clean Login <= 1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clean Login", "slug": "clean-login", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3436916c-a7ab-4960-8afe-145b3799392e?source=api-scan" ], "published": "2015-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3438426a-c07d-4aeb-8272-2e13b70419a6": { "id": "3438426a-c07d-4aeb-8272-2e13b70419a6", "title": "WPB Show Core <= 2.6 - Reflected Cross-Site Scripting via 'file'", "software": [ { "type": "plugin", "name": "WPB Show Core", "slug": "wpb-show-core", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3438426a-c07d-4aeb-8272-2e13b70419a6?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "343a6dbd-baf5-4de8-ae3e-6954fd3f1556": { "id": "343a6dbd-baf5-4de8-ae3e-6954fd3f1556", "title": "Graphicsly \u2013 The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Graphicsly \u2013 The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery )", "slug": "graphicsly", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/343a6dbd-baf5-4de8-ae3e-6954fd3f1556?source=api-scan" ], "published": "2024-09-24 12:17:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "343cbdda-2ec5-437f-b563-96c61663314d": { "id": "343cbdda-2ec5-437f-b563-96c61663314d", "title": "Updraft Plus <= 1.22.24 - Information Disclosure via updraft_ajaxrestore", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "* - 1.22.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/343cbdda-2ec5-437f-b563-96c61663314d?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34439db4-1b66-4ccb-bf84-fddef6bc1f88": { "id": "34439db4-1b66-4ccb-bf84-fddef6bc1f88", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated Arbitrary File Upload via uploadFile", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34439db4-1b66-4ccb-bf84-fddef6bc1f88?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3444c4b0-4619-482f-8313-d3006aa1e845": { "id": "3444c4b0-4619-482f-8313-d3006aa1e845", "title": "Custom Field Template <= 2.5.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3444c4b0-4619-482f-8313-d3006aa1e845?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3447c0ff-865c-4d94-9f33-a1824bf23794": { "id": "3447c0ff-865c-4d94-9f33-a1824bf23794", "title": "Font Organizer <= 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Font Organizer", "slug": "font-organizer", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3447c0ff-865c-4d94-9f33-a1824bf23794?source=api-scan" ], "published": "2019-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "344ad959-038a-46d1-b515-ae3473af8209": { "id": "344ad959-038a-46d1-b515-ae3473af8209", "title": "Educenter <= 1.5.7 - Missing Authorization via activate_plugin", "software": [ { "type": "theme", "name": "Educenter", "slug": "educenter", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/344ad959-038a-46d1-b515-ae3473af8209?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b": { "id": "344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b", "title": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg < 1.3.5 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "[*, 1.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b?source=api-scan" ], "published": "2019-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "345097c7-8f0e-46ed-9a1d-7c8a4a589e3f": { "id": "345097c7-8f0e-46ed-9a1d-7c8a4a589e3f", "title": "Poll Maker <= 4.8.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "* - 4.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/345097c7-8f0e-46ed-9a1d-7c8a4a589e3f?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34526c98-caf8-42d9-8782-7ea9b3a75e9d": { "id": "34526c98-caf8-42d9-8782-7ea9b3a75e9d", "title": "Watu Quiz <= 2.6.7 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34526c98-caf8-42d9-8782-7ea9b3a75e9d?source=api-scan" ], "published": "2015-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "345834f2-e95e-4ea1-b171-1c3f4aa17e0e": { "id": "345834f2-e95e-4ea1-b171-1c3f4aa17e0e", "title": "wp-checkout (Unknown Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress Checkout", "slug": "wordpress-checkout", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/345834f2-e95e-4ea1-b171-1c3f4aa17e0e?source=api-scan" ], "published": "2013-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "346049ca-1bc5-4e02-9f38-d1f64338709d": { "id": "346049ca-1bc5-4e02-9f38-d1f64338709d", "title": "EventPrime \u2013 Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/346049ca-1bc5-4e02-9f38-d1f64338709d?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34618970-a4b6-456b-9d01-a09e7a977724": { "id": "34618970-a4b6-456b-9d01-a09e7a977724", "title": "Exploit Scanner <= 1.3.3 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Exploit Scanner", "slug": "exploit-scanner", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34618970-a4b6-456b-9d01-a09e7a977724?source=api-scan" ], "published": "2013-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3462a1b7-74d9-431a-b1c6-9960f1ad0c19": { "id": "3462a1b7-74d9-431a-b1c6-9960f1ad0c19", "title": "WooSidebars Sidebar Manager Converter <= 1.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooSidebars Sidebar Manager Converter", "slug": "woosidebars-sbm-converter", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3462a1b7-74d9-431a-b1c6-9960f1ad0c19?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3469ba0d-8ef3-41d0-becb-cf2eb43758f1": { "id": "3469ba0d-8ef3-41d0-becb-cf2eb43758f1", "title": "Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stetic", "slug": "stetic", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3469ba0d-8ef3-41d0-becb-cf2eb43758f1?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "346a49ff-4e61-466b-b1fe-98cf5766accb": { "id": "346a49ff-4e61-466b-b1fe-98cf5766accb", "title": "WordPress Calls to Action < 2.2.8 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Calls to Action", "slug": "cta", "affected_versions": { "[*, 2.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/346a49ff-4e61-466b-b1fe-98cf5766accb?source=api-scan" ], "published": "2015-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "346cc9af-6a1b-444c-9483-94f940cd18ad": { "id": "346cc9af-6a1b-444c-9483-94f940cd18ad", "title": "Paramount (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Paramount", "slug": "paramount", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/346cc9af-6a1b-444c-9483-94f940cd18ad?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34728e7a-2242-49fe-a11f-77258e302bab": { "id": "34728e7a-2242-49fe-a11f-77258e302bab", "title": "Bird Feeder <= 1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "bird-feeder", "slug": "bird-feeder", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34728e7a-2242-49fe-a11f-77258e302bab?source=api-scan" ], "published": "2014-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3475c8fe-17fa-4d8e-bffd-a33e59f6e03b": { "id": "3475c8fe-17fa-4d8e-bffd-a33e59f6e03b", "title": "Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 2.0 - Authenticated (Subscriber+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Pricing Tables For WPBakery Page Builder (formerly Visual Composer)", "slug": "pricing-tables-for-wpbakery-page-builder", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3475c8fe-17fa-4d8e-bffd-a33e59f6e03b?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3479e7a4-7719-4438-8bf5-bf9b9990f3f4": { "id": "3479e7a4-7719-4438-8bf5-bf9b9990f3f4", "title": "Community by PeepSo <= 6.0.9.0 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.0.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3479e7a4-7719-4438-8bf5-bf9b9990f3f4?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34817e32-d5a3-403a-85f0-1d60af8945de": { "id": "34817e32-d5a3-403a-85f0-1d60af8945de", "title": "YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34817e32-d5a3-403a-85f0-1d60af8945de?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "349cada2-8154-4429-a47a-1837581da1dc": { "id": "349cada2-8154-4429-a47a-1837581da1dc", "title": "Admin Custom Login <= 3.2.7 \u2013 Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Custom Login", "slug": "admin-custom-login", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/349cada2-8154-4429-a47a-1837581da1dc?source=api-scan" ], "published": "2021-07-26 06:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "349e3b4a-c46b-48f6-acf7-bcdc86c13db7": { "id": "349e3b4a-c46b-48f6-acf7-bcdc86c13db7", "title": "Directory & Listing < 1.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Bello - Directory & Listing", "slug": "bello", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/349e3b4a-c46b-48f6-acf7-bcdc86c13db7?source=api-scan" ], "published": "2021-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34a36da0-a101-4c5a-bacb-9f131bded819": { "id": "34a36da0-a101-4c5a-bacb-9f131bded819", "title": "Reveal Template <= 3.7 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Reveal Template", "slug": "reveal-template", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34a36da0-a101-4c5a-bacb-9f131bded819?source=api-scan" ], "published": "2024-08-08 20:35:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34a42180-9d08-4049-8da8-27ee1f64600a": { "id": "34a42180-9d08-4049-8da8-27ee1f64600a", "title": "Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34a42180-9d08-4049-8da8-27ee1f64600a?source=api-scan" ], "published": "2024-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34a46c3a-22f9-4f61-844b-dd03c5208be7": { "id": "34a46c3a-22f9-4f61-844b-dd03c5208be7", "title": "Easy Digital Downloads \u2013 Recount Earnings <= 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Recount Earnings", "slug": "edd-recount-earnings", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34a46c3a-22f9-4f61-844b-dd03c5208be7?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34a6c9af-1616-4b5d-8660-4f141bdd25c9": { "id": "34a6c9af-1616-4b5d-8660-4f141bdd25c9", "title": "GEO Redirector <= 1.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GEO Redirector", "slug": "geo-redirector", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34a6c9af-1616-4b5d-8660-4f141bdd25c9?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34a6d349-dfdc-4301-9380-7fc64c25f043": { "id": "34a6d349-dfdc-4301-9380-7fc64c25f043", "title": "Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "[*, 2.6.71)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.71", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34a6d349-dfdc-4301-9380-7fc64c25f043?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34b11b26-7e8a-48b4-98e9-9a2a3778cbd1": { "id": "34b11b26-7e8a-48b4-98e9-9a2a3778cbd1", "title": "ProfilePro <= 1.3 - Authenticated (Subscriber+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "ProfilePro", "slug": "profilepro", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34b11b26-7e8a-48b4-98e9-9a2a3778cbd1?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34b39462-32c5-4f7d-b54f-d95f40b6ed92": { "id": "34b39462-32c5-4f7d-b54f-d95f40b6ed92", "title": "Bulk Posts Editing For WordPress <= 4.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Bulk Posts Editing For WordPress", "slug": "ithemeland-bulk-posts-editing-lite", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34b39462-32c5-4f7d-b54f-d95f40b6ed92?source=api-scan" ], "published": "2024-05-16 07:33:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5": { "id": "34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5", "title": "AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 5.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34bae29d-4617-44c9-8f00-bd581cef4ab1": { "id": "34bae29d-4617-44c9-8f00-bd581cef4ab1", "title": "Appointment Calendar <= 2.7.4 - Multiple Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Calendar", "slug": "appointment-calendar", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34bae29d-4617-44c9-8f00-bd581cef4ab1?source=api-scan" ], "published": "2016-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34c0c676-37f9-49f2-ad50-2d70831fda53": { "id": "34c0c676-37f9-49f2-ad50-2d70831fda53", "title": "Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_view", "software": [ { "type": "plugin", "name": "Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend", "slug": "views-for-wpforms-lite", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34c0c676-37f9-49f2-ad50-2d70831fda53?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34c98bb0-2e28-4ed4-8848-04edb66eef96": { "id": "34c98bb0-2e28-4ed4-8848-04edb66eef96", "title": "Debug Meta Data <= 1.1.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Debug Meta Data", "slug": "debug-meta-data", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34c98bb0-2e28-4ed4-8848-04edb66eef96?source=api-scan" ], "published": "2020-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34cddc7b-575c-4494-afa0-cd85c7b313e9": { "id": "34cddc7b-575c-4494-afa0-cd85c7b313e9", "title": "WP Client Reports <= 1.0.16 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WP Client Reports", "slug": "wp-client-reports", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34cddc7b-575c-4494-afa0-cd85c7b313e9?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34ce7fa9-5f38-49f0-b402-34fdf8ee80dc": { "id": "34ce7fa9-5f38-49f0-b402-34fdf8ee80dc", "title": "Nirvana <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Nirvana", "slug": "nirvana", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34ce7fa9-5f38-49f0-b402-34fdf8ee80dc?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34d01610-0edc-488f-83e8-975206c0a02c": { "id": "34d01610-0edc-488f-83e8-975206c0a02c", "title": "WooCommerce Predictive Search <= 6.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Predictive Search for WooCommerce", "slug": "woocommerce-predictive-search", "affected_versions": { "* - 6.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34d01610-0edc-488f-83e8-975206c0a02c?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34d21418-4faf-40bf-a960-79482a592722": { "id": "34d21418-4faf-40bf-a960-79482a592722", "title": "WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute", "software": [ { "type": "plugin", "name": "WPBakery Visual Composer", "slug": "js_composer", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34d21418-4faf-40bf-a960-79482a592722?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34d396b2-f19f-47b3-bf9e-f2f14dd0b9be": { "id": "34d396b2-f19f-47b3-bf9e-f2f14dd0b9be", "title": "URL Shortener by MyThemeShop <= 1.0.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "URL Shortener by MyThemeShop", "slug": "mts-url-shortener", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34d396b2-f19f-47b3-bf9e-f2f14dd0b9be?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34d5dbd4-5546-439e-a47a-4f9385116adc": { "id": "34d5dbd4-5546-439e-a47a-4f9385116adc", "title": "BBE < 1.53 - Authorization Bypass", "software": [ { "type": "theme", "name": "BBE", "slug": "bbe", "affected_versions": { "[*, 1.53)": { "from_version": "*", "from_inclusive": true, "to_version": "1.53", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34d5dbd4-5546-439e-a47a-4f9385116adc?source=api-scan" ], "published": "2018-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34d8ecee-ad52-47cd-ac78-4a82aa2ff58a": { "id": "34d8ecee-ad52-47cd-ac78-4a82aa2ff58a", "title": "Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Cart66 Lite :: WordPress Ecommerce", "slug": "cart66-lite", "affected_versions": { "[*, 1.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34d8ecee-ad52-47cd-ac78-4a82aa2ff58a?source=api-scan" ], "published": "2014-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34d990b6-3021-45d4-9ecd-cfabb7fbc96c": { "id": "34d990b6-3021-45d4-9ecd-cfabb7fbc96c", "title": "Smart Online Order for Clover <= 1.5.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34d990b6-3021-45d4-9ecd-cfabb7fbc96c?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34e31a0f-27de-4536-9a7e-b8f68e557b3f": { "id": "34e31a0f-27de-4536-9a7e-b8f68e557b3f", "title": "Quick Post Duplicator <= 2.0 - Authenticated (Contributor+) SQL Injection via post_id", "software": [ { "type": "plugin", "name": "Quick Post Duplicator", "slug": "rduplicator", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34e31a0f-27de-4536-9a7e-b8f68e557b3f?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34e3ef09-9c6c-49c5-ac41-f9dc7662d5aa": { "id": "34e3ef09-9c6c-49c5-ac41-f9dc7662d5aa", "title": "Popup Images (Unknown Version) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Images", "slug": "popup-images", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34e3ef09-9c6c-49c5-ac41-f9dc7662d5aa?source=api-scan" ], "published": "2014-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34e89c4d-de55-40bd-8b78-c2ec544c2f60": { "id": "34e89c4d-de55-40bd-8b78-c2ec544c2f60", "title": "WooCommerce PDF Vouchers <= 4.9.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce - PDF Vouchers", "slug": "woocommerce-pdf-vouchers", "affected_versions": { "* - 4.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34e89c4d-de55-40bd-8b78-c2ec544c2f60?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34eaee0f-7a5b-4496-a5c8-5f6c69e24417": { "id": "34eaee0f-7a5b-4496-a5c8-5f6c69e24417", "title": "Customer Reviews for WooCommerce <= 5.3.5 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34eaee0f-7a5b-4496-a5c8-5f6c69e24417?source=api-scan" ], "published": "2022-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34f0e5a6-0bd3-4734-b7e0-27dc825d193f": { "id": "34f0e5a6-0bd3-4734-b7e0-27dc825d193f", "title": "The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution", "software": [ { "type": "plugin", "name": "The Events Calendar Pro", "slug": "events-calendar-pro", "affected_versions": { "* - 7.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34f0e5a6-0bd3-4734-b7e0-27dc825d193f?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34f7ab72-a4e3-4264-b6d3-530dd255dc87": { "id": "34f7ab72-a4e3-4264-b6d3-530dd255dc87", "title": "Edit WooCommerce Templates <= 1.1.1 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Edit WooCommerce Templates", "slug": "woo-edit-templates", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34f7ab72-a4e3-4264-b6d3-530dd255dc87?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34fb7647-76e2-4985-816e-c6420c01a048": { "id": "34fb7647-76e2-4985-816e-c6420c01a048", "title": "Oxygen < 4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Oxygen", "slug": "oxygen", "affected_versions": { "[*, 4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34fb7647-76e2-4985-816e-c6420c01a048?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "34fcc835-593f-435b-ad00-07ca0cb649fa": { "id": "34fcc835-593f-435b-ad00-07ca0cb649fa", "title": "WP VR <= 8.3.14 - Missing Authorization to Plugin Version Downgrade", "software": [ { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/34fcc835-593f-435b-ad00-07ca0cb649fa?source=api-scan" ], "published": "2023-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35027df9-ae55-453f-bb42-4b2664d66293": { "id": "35027df9-ae55-453f-bb42-4b2664d66293", "title": "Statify \u2013 Extended Evaluation <= 2.6.3 - Authenticated (Admin+) CSV Injection", "software": [ { "type": "plugin", "name": "Statify \u2013 Extended Evaluation", "slug": "extended-evaluation-for-statify", "affected_versions": { "[*, 2.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35027df9-ae55-453f-bb42-4b2664d66293?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3503c7bf-5e96-4033-89c1-b7c13c5489d2": { "id": "3503c7bf-5e96-4033-89c1-b7c13c5489d2", "title": "WPlite <= 1.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPlite", "slug": "wplite", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3503c7bf-5e96-4033-89c1-b7c13c5489d2?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3504b703-b95b-4d22-8883-a575b398c9ea": { "id": "3504b703-b95b-4d22-8883-a575b398c9ea", "title": "Request a Quote <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Request a Quote", "slug": "request-a-quote", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3504b703-b95b-4d22-8883-a575b398c9ea?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "350719b1-0e88-4f6f-979e-0ac3d17b852b": { "id": "350719b1-0e88-4f6f-979e-0ac3d17b852b", "title": "Shortcode for Current Date <= 2.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcode for Current Date", "slug": "shortcode-for-current-date", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/350719b1-0e88-4f6f-979e-0ac3d17b852b?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3511a3d3-1e6e-41ba-a8b9-67f8f7eef157": { "id": "3511a3d3-1e6e-41ba-a8b9-67f8f7eef157", "title": "Rating by BestWebSoft <= 1.5 - Rating Denial of Service", "software": [ { "type": "plugin", "name": "Rating by BestWebSoft", "slug": "rating-bws", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3511a3d3-1e6e-41ba-a8b9-67f8f7eef157?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3511ba64-56a3-43d7-8ab8-c6e40e3b686e": { "id": "3511ba64-56a3-43d7-8ab8-c6e40e3b686e", "title": "Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=api-scan" ], "published": "2023-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35151561-6a80-4c2c-b87a-2dfe02aa6158": { "id": "35151561-6a80-4c2c-b87a-2dfe02aa6158", "title": "Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35151561-6a80-4c2c-b87a-2dfe02aa6158?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "351926d4-a9be-4fbd-bdf2-8bbff41d97ef": { "id": "351926d4-a9be-4fbd-bdf2-8bbff41d97ef", "title": "EventPrime \u2013 Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "351c7d18-6c1b-4a52-98ae-478dee5aaff2": { "id": "351c7d18-6c1b-4a52-98ae-478dee5aaff2", "title": "Smart Marketing SMS and Newsletters Forms < 2.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Marketing SMS and Newsletters Forms", "slug": "smart-marketing-for-wp", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/351c7d18-6c1b-4a52-98ae-478dee5aaff2?source=api-scan" ], "published": "2017-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35246286-c0df-4f82-84b8-ebefe966a4dc": { "id": "35246286-c0df-4f82-84b8-ebefe966a4dc", "title": "Contact Form by WPForms <= 1.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More", "slug": "wpforms-lite", "affected_versions": { "[*, 1.4.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35246286-c0df-4f82-84b8-ebefe966a4dc?source=api-scan" ], "published": "2018-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3529044f-c3d8-4370-8ba5-9df0fb71ab3c": { "id": "3529044f-c3d8-4370-8ba5-9df0fb71ab3c", "title": "Discount Rules for WooCommerce \u2013 Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons <= 2.6.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Discount Rules for WooCommerce \u2013 Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons", "slug": "woo-discount-rules", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3529044f-c3d8-4370-8ba5-9df0fb71ab3c?source=api-scan" ], "published": "2024-10-15 12:23:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35293a82-b535-47a2-8a34-e54fe836ca89": { "id": "35293a82-b535-47a2-8a34-e54fe836ca89", "title": "Jetpack \u2013 WP Security, Backup, Speed, & Growth < 4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35293a82-b535-47a2-8a34-e54fe836ca89?source=api-scan" ], "published": "2017-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "352a0c8a-22a6-44d9-917c-5fb37569d143": { "id": "352a0c8a-22a6-44d9-917c-5fb37569d143", "title": "All In One WP Security & Firewall <= 4.1.2 - Captcha Bypass", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/352a0c8a-22a6-44d9-917c-5fb37569d143?source=api-scan" ], "published": "2016-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "352cd9e6-ef1e-4a6b-bedb-6cf8ce9d4270": { "id": "352cd9e6-ef1e-4a6b-bedb-6cf8ce9d4270", "title": "Paytm Payment Gateway <= 2.7.0 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Paytm Payment Gateway", "slug": "paytm-payments", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/352cd9e6-ef1e-4a6b-bedb-6cf8ce9d4270?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3535fad2-9b2d-4721-9e5d-cfe609df00ae": { "id": "3535fad2-9b2d-4721-9e5d-cfe609df00ae", "title": "Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Albo Pretorio On line", "slug": "albo-pretorio-on-line", "affected_versions": { "* - 4.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3535fad2-9b2d-4721-9e5d-cfe609df00ae?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "353804e8-0d5a-4633-974c-6eb7a3eeba61": { "id": "353804e8-0d5a-4633-974c-6eb7a3eeba61", "title": "WP Super Cache < 1.4.3 - Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/353804e8-0d5a-4633-974c-6eb7a3eeba61?source=api-scan" ], "published": "2015-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3539fe09-c158-4146-9850-446bc32e7bec": { "id": "3539fe09-c158-4146-9850-446bc32e7bec", "title": "Exclusive Addons Elementor <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3539fe09-c158-4146-9850-446bc32e7bec?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "353c244f-6d5d-47d6-988e-33da722a02f9": { "id": "353c244f-6d5d-47d6-988e-33da722a02f9", "title": "Mollie Forms <= 2.6.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Mollie Forms", "slug": "mollie-forms", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/353c244f-6d5d-47d6-988e-33da722a02f9?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "353c3cd9-5ada-466b-b8e5-d40e0ec4e867": { "id": "353c3cd9-5ada-466b-b8e5-d40e0ec4e867", "title": "Thrive Theme Builder < 3.24.2 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Thrive Themes Builder", "slug": "thrive-theme", "affected_versions": { "[*, 3.24.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.24.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.24.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/353c3cd9-5ada-466b-b8e5-d40e0ec4e867?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "353d22c5-dee1-485f-ae66-e9c7afe3ad8e": { "id": "353d22c5-dee1-485f-ae66-e9c7afe3ad8e", "title": "Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name", "software": [ { "type": "plugin", "name": "Team Member \u2013 Multi Language Supported Team Plugin", "slug": "team-showcase-supreme", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/353d22c5-dee1-485f-ae66-e9c7afe3ad8e?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35421b32-701a-4fc9-bcec-80684d874bab": { "id": "35421b32-701a-4fc9-bcec-80684d874bab", "title": "Unyson <= 2.7.28 - Missing Authorization", "software": [ { "type": "plugin", "name": "Unyson", "slug": "unyson", "affected_versions": { "* - 2.7.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.28", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35421b32-701a-4fc9-bcec-80684d874bab?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3544357f-97c9-49cb-a48d-74b60480111d": { "id": "3544357f-97c9-49cb-a48d-74b60480111d", "title": "teachPress <= 9.0.5 - Cross-Site Request Forgery via delete_database()", "software": [ { "type": "plugin", "name": "teachPress", "slug": "teachpress", "affected_versions": { "* - 9.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3544357f-97c9-49cb-a48d-74b60480111d?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3548241e-551e-427a-907c-50b4712b5e5b": { "id": "3548241e-551e-427a-907c-50b4712b5e5b", "title": "Mesmerize Companion <= 1.6.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Mesmerize Companion", "slug": "mesmerize-companion", "affected_versions": { "* - 1.6.133": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.133", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.135" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3548241e-551e-427a-907c-50b4712b5e5b?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "354a5b89-8845-4486-8cc5-7339a6a107c0": { "id": "354a5b89-8845-4486-8cc5-7339a6a107c0", "title": "WordPress Core < 2.6.2 - Arbitrary User Password Reset", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/354a5b89-8845-4486-8cc5-7339a6a107c0?source=api-scan" ], "published": "2008-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "354c2c6c-5ba1-4bbe-88e4-9d219b66802a": { "id": "354c2c6c-5ba1-4bbe-88e4-9d219b66802a", "title": "Modula Image Gallery <= 2.6.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modula Image Gallery", "slug": "modula-best-grid-gallery", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/354c2c6c-5ba1-4bbe-88e4-9d219b66802a?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3553044e-c109-4e6d-8ba1-f0d5cd1f72ef": { "id": "3553044e-c109-4e6d-8ba1-f0d5cd1f72ef", "title": "Cooked Pro <= 1.7.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cooked Pro", "slug": "cooked-pro", "affected_versions": { "[*, 1.7.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3553044e-c109-4e6d-8ba1-f0d5cd1f72ef?source=api-scan" ], "published": "2021-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "355decb2-2667-4056-836c-9ac8897f340e": { "id": "355decb2-2667-4056-836c-9ac8897f340e", "title": "WPMobile.App \u2014 Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPMobile.App \u2014 Android and iOS Mobile Application", "slug": "wpappninja", "affected_versions": { "* - 11.18": { "from_version": "*", "from_inclusive": true, "to_version": "11.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/355decb2-2667-4056-836c-9ac8897f340e?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3563f70d-ab0a-48ec-9bb9-294b49026c1c": { "id": "3563f70d-ab0a-48ec-9bb9-294b49026c1c", "title": "spideranalyse <= 0.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "spideranalyse", "slug": "spideranalyse", "affected_versions": { "* - 0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3563f70d-ab0a-48ec-9bb9-294b49026c1c?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3566292a-91c8-4cb9-a1d3-45669d69bfc3": { "id": "3566292a-91c8-4cb9-a1d3-45669d69bfc3", "title": "Q and A <= 1.0.6.2 Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Q and A", "slug": "q-and-a", "affected_versions": { "* - 1.0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3566292a-91c8-4cb9-a1d3-45669d69bfc3?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3566b602-c991-488f-9de2-57236c4735b5": { "id": "3566b602-c991-488f-9de2-57236c4735b5", "title": "iPanorama 360 \u2013 WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "iPanorama 360 \u2013 WordPress Virtual Tour Builder", "slug": "ipanorama-360-virtual-tour-builder-lite", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3566b602-c991-488f-9de2-57236c4735b5?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3566d9fa-faeb-4302-96e2-464a68eff66d": { "id": "3566d9fa-faeb-4302-96e2-464a68eff66d", "title": "Smooth Slider < 2.7 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Smooth Slider", "slug": "smooth-slider", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3566d9fa-faeb-4302-96e2-464a68eff66d?source=api-scan" ], "published": "2015-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35697cf5-4494-40f6-8772-dfa417ae6bcb": { "id": "35697cf5-4494-40f6-8772-dfa417ae6bcb", "title": "Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35697cf5-4494-40f6-8772-dfa417ae6bcb?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "356cf06e-16e7-438b-83b5-c8a52a21f903": { "id": "356cf06e-16e7-438b-83b5-c8a52a21f903", "title": "Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/356cf06e-16e7-438b-83b5-c8a52a21f903?source=api-scan" ], "published": "2023-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "357257df-123d-4885-ad48-ff38ce29eeb3": { "id": "357257df-123d-4885-ad48-ff38ce29eeb3", "title": "Smooth Slider < 2.8.7 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Smooth Slider", "slug": "smooth-slider", "affected_versions": { "[*, 2.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/357257df-123d-4885-ad48-ff38ce29eeb3?source=api-scan" ], "published": "2018-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35767133-28d7-47e9-bcda-5d761262cdad": { "id": "35767133-28d7-47e9-bcda-5d761262cdad", "title": "MainWP Post Plus Extension <= 4.0.3 - Missing Authorization to Arbitrary Page\/Post Deletion", "software": [ { "type": "plugin", "name": "MainWP Post Plus Extension", "slug": "mainwp-post-plus-extension", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35767133-28d7-47e9-bcda-5d761262cdad?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35800696-19b3-4479-a961-5d05aeeb44bb": { "id": "35800696-19b3-4479-a961-5d05aeeb44bb", "title": "Easy Table of Contents <= 2.0.65 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Table of Contents", "slug": "easy-table-of-contents", "affected_versions": { "* - 2.0.65": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35800696-19b3-4479-a961-5d05aeeb44bb?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35806af6-bb63-41c8-a20b-f5e36d2aa515": { "id": "35806af6-bb63-41c8-a20b-f5e36d2aa515", "title": "WP Ultimate Email Marketer <= 1.2.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "WP Ultimate Email Marketer", "slug": "wp-ultimate-email-marketer", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35806af6-bb63-41c8-a20b-f5e36d2aa515?source=api-scan" ], "published": "2013-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35896489-e48c-40f6-8815-9af759e58b44": { "id": "35896489-e48c-40f6-8815-9af759e58b44", "title": "Crius (All Known Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Crius", "slug": "crius", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35896489-e48c-40f6-8815-9af759e58b44?source=api-scan" ], "published": "2013-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3589fd35-df91-48fb-b3be-4954f1e05656": { "id": "3589fd35-df91-48fb-b3be-4954f1e05656", "title": "YITH Maintenance Mode <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH Maintenance Mode", "slug": "yith-maintenance-mode", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3589fd35-df91-48fb-b3be-4954f1e05656?source=api-scan" ], "published": "2021-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "358be91d-cb00-429b-a4ed-69bf81e4d19e": { "id": "358be91d-cb00-429b-a4ed-69bf81e4d19e", "title": "Fonto \u2013 Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Fonto \u2013 Custom Web Fonts Manager", "slug": "fonto", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/358be91d-cb00-429b-a4ed-69bf81e4d19e?source=api-scan" ], "published": "2024-10-16 20:46:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3590277a-3319-4707-b728-d75ea59e8ad9": { "id": "3590277a-3319-4707-b728-d75ea59e8ad9", "title": "User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3590277a-3319-4707-b728-d75ea59e8ad9?source=api-scan" ], "published": "2023-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35906df7-5eaf-494a-8184-48e2ca22301e": { "id": "35906df7-5eaf-494a-8184-48e2ca22301e", "title": "EasyRecipe <= 3.5.3251 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "EasyRecipe", "slug": "easyrecipe", "affected_versions": { "* - 3.5.3251": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3251", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35906df7-5eaf-494a-8184-48e2ca22301e?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3595f1c7-22a5-46c6-b81f-fe616a71116f": { "id": "3595f1c7-22a5-46c6-b81f-fe616a71116f", "title": "Visual Sound (old) <= 1.06 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Visual Sound (old)", "slug": "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams", "affected_versions": { "* - 1.06": { "from_version": "*", "from_inclusive": true, "to_version": "1.06", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3595f1c7-22a5-46c6-b81f-fe616a71116f?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "359b596e-1973-4bf6-a012-84b422c0f2c1": { "id": "359b596e-1973-4bf6-a012-84b422c0f2c1", "title": "Customizable WordPress Gallery Plugin \u2013 Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "Modula Image Gallery", "slug": "modula-best-grid-gallery", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/359b596e-1973-4bf6-a012-84b422c0f2c1?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "359b8977-6d0d-4856-8d72-17091a420f67": { "id": "359b8977-6d0d-4856-8d72-17091a420f67", "title": "Under Construction \/ Maintenance Mode from Acurax <= 2.6 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Under Construction \/ Maintenance Mode from Acurax", "slug": "coming-soon-maintenance-mode-from-acurax", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/359b8977-6d0d-4856-8d72-17091a420f67?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "359c573f-7031-4f56-b66f-c37339667aca": { "id": "359c573f-7031-4f56-b66f-c37339667aca", "title": "wpDiscuz <= 7.6.3 - Authenticated(Author+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/359c573f-7031-4f56-b66f-c37339667aca?source=api-scan" ], "published": "2023-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35a0a0b8-2d62-4675-9bec-d26164271a03": { "id": "35a0a0b8-2d62-4675-9bec-d26164271a03", "title": "WP Shamsi <= 4.1.1 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "WP Shamsi \u2013 \u0627\u0641\u0632\u0648\u0646\u0647 \u062a\u0627\u0631\u06cc\u062e \u0634\u0645\u0633\u06cc \u0648 \u0641\u0627\u0631\u0633\u06cc \u0633\u0627\u0632 \u0648\u0631\u062f\u067e\u0631\u0633", "slug": "wp-shamsi", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35a0a0b8-2d62-4675-9bec-d26164271a03?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35a0f4dd-7370-48da-a4ef-424c42da60e9": { "id": "35a0f4dd-7370-48da-a4ef-424c42da60e9", "title": "Icons for Features <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Icons for Features", "slug": "icons-for-features", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35a0f4dd-7370-48da-a4ef-424c42da60e9?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35a5114e-5c5f-4003-8bb3-77243ffbac1a": { "id": "35a5114e-5c5f-4003-8bb3-77243ffbac1a", "title": "WPBakery Page Builder <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute", "software": [ { "type": "plugin", "name": "WPBakery Visual Composer", "slug": "js_composer", "affected_versions": { "* - 7.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35a5114e-5c5f-4003-8bb3-77243ffbac1a?source=api-scan" ], "published": "2024-06-12 18:40:01", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35a75451-f0ae-4630-b415-394c76868e93": { "id": "35a75451-f0ae-4630-b415-394c76868e93", "title": "Max Mega Menu <= 3.3. - Missing Authorization", "software": [ { "type": "plugin", "name": "Max Mega Menu", "slug": "megamenu", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35a75451-f0ae-4630-b415-394c76868e93?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35ac717c-e299-4a56-bead-cb1d050da75c": { "id": "35ac717c-e299-4a56-bead-cb1d050da75c", "title": "WordPress Core <= 1.5.1.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 1.5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35ac717c-e299-4a56-bead-cb1d050da75c?source=api-scan" ], "published": "2005-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35afef52-350c-4b61-b9c0-3ae2572f81fb": { "id": "35afef52-350c-4b61-b9c0-3ae2572f81fb", "title": "Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager", "slug": "folders", "affected_versions": { "[*, 2.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35afef52-350c-4b61-b9c0-3ae2572f81fb?source=api-scan" ], "published": "2023-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b013c1-1574-4d5b-a3cb-e400ef7f2d32": { "id": "35b013c1-1574-4d5b-a3cb-e400ef7f2d32", "title": "H5P CSS Editor <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "H5P CSS Editor", "slug": "h5p-css-editor", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b013c1-1574-4d5b-a3cb-e400ef7f2d32?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b1853f-0c19-4fc8-8878-9e8a9330f76a": { "id": "35b1853f-0c19-4fc8-8878-9e8a9330f76a", "title": "Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FluentCRM \u2013 Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution", "slug": "fluent-crm", "affected_versions": { "* - 2.8.44": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b1853f-0c19-4fc8-8878-9e8a9330f76a?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b1fb1a-a12c-4938-a2d2-74e291db76ef": { "id": "35b1fb1a-a12c-4938-a2d2-74e291db76ef", "title": "Leopard - WordPress offload media <= 2.0.36 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Leopard - WordPress Offload Media", "slug": "leopard-wordpress-offload-media", "affected_versions": { "* - 2.0.36": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b1fb1a-a12c-4938-a2d2-74e291db76ef?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b3a82a-4391-41b0-b434-691743c5ff4d": { "id": "35b3a82a-4391-41b0-b434-691743c5ff4d", "title": "Fusion Builder <= 3.11.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Fusion Builder", "slug": "fusion-builder", "affected_versions": { "* - 3.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b3a82a-4391-41b0-b434-691743c5ff4d?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b46587-1c6e-4d3f-a8d0-e7797cee882d": { "id": "35b46587-1c6e-4d3f-a8d0-e7797cee882d", "title": "GTM Server Side <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GTM Server Side", "slug": "gtm-server-side", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b46587-1c6e-4d3f-a8d0-e7797cee882d?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b5a6ab-8909-49aa-8427-19355e6a7303": { "id": "35b5a6ab-8909-49aa-8427-19355e6a7303", "title": "WP Live Chat Support <= 8.0.27 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 8.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b5a6ab-8909-49aa-8427-19355e6a7303?source=api-scan" ], "published": "2019-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b6a26a-d7c1-4538-87f3-fcb1095797a3": { "id": "35b6a26a-d7c1-4538-87f3-fcb1095797a3", "title": "wpForo Forum <= 2.1.8 - Reflected Cross-Site Scripting via 'wpforo_debug'", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b6a26a-d7c1-4538-87f3-fcb1095797a3?source=api-scan" ], "published": "2023-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b74f5b-f088-4307-81ba-2c379754c4a2": { "id": "35b74f5b-f088-4307-81ba-2c379754c4a2", "title": "WordPress Gallery Transforation < 0.7 - SQL Injection", "software": [ { "type": "plugin", "name": "wordpress-gallery-transformation", "slug": "wordpress-gallery-transformation", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b74f5b-f088-4307-81ba-2c379754c4a2?source=api-scan" ], "published": "2017-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35b9f37c-69e1-437a-97dd-3d3e7a8cd86e": { "id": "35b9f37c-69e1-437a-97dd-3d3e7a8cd86e", "title": "Ivory Search <= 4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35b9f37c-69e1-437a-97dd-3d3e7a8cd86e?source=api-scan" ], "published": "2021-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35bd7462-8dab-43b2-9941-fef6f826cfdc": { "id": "35bd7462-8dab-43b2-9941-fef6f826cfdc", "title": "YARPP \u2013 Yet Another Related Posts Plugin <= 5.30.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YARPP \u2013 Yet Another Related Posts Plugin", "slug": "yet-another-related-posts-plugin", "affected_versions": { "* - 5.30.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.30.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.30.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35bd7462-8dab-43b2-9941-fef6f826cfdc?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35be104a-15bc-489b-9806-9abe4ea2388a": { "id": "35be104a-15bc-489b-9806-9abe4ea2388a", "title": "Rename wp-login.php <= 2.6.0 - Cross-Site Request Forgery & Unauthenticated Settings Change", "software": [ { "type": "plugin", "name": "Rename wp-login.php", "slug": "rename-wp-login", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35be104a-15bc-489b-9806-9abe4ea2388a?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35c12f80-d069-44ed-b6a5-caa060fbd281": { "id": "35c12f80-d069-44ed-b6a5-caa060fbd281", "title": "Pixabay Images <= 2.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "Pixabay Images", "slug": "pixabay-images", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35c12f80-d069-44ed-b6a5-caa060fbd281?source=api-scan" ], "published": "2015-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35c40c81-c7b4-4453-bd2f-7910fcb7f13e": { "id": "35c40c81-c7b4-4453-bd2f-7910fcb7f13e", "title": "My Agile Privacy <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vis Shortcode", "software": [ { "type": "plugin", "name": "My Agile Privacy \u2013 The only GDPR solution for WordPress that you can truly trust", "slug": "myagileprivacy", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35c40c81-c7b4-4453-bd2f-7910fcb7f13e?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35c5b1cd-053c-4e1d-994f-003b89d5ff62": { "id": "35c5b1cd-053c-4e1d-994f-003b89d5ff62", "title": "List Custom Taxonomy Widget <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "List Custom Taxonomy Widget", "slug": "list-custom-taxonomy-widget", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35c5b1cd-053c-4e1d-994f-003b89d5ff62?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35c7c089-6517-419e-8ba3-e6c2692fe1ae": { "id": "35c7c089-6517-419e-8ba3-e6c2692fe1ae", "title": "EventPrime <= 4.0.4.5 - Open Redirect", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 4.0.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35c7c089-6517-419e-8ba3-e6c2692fe1ae?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35cc980b-9c52-4f0b-aeb2-4afa6efacd8f": { "id": "35cc980b-9c52-4f0b-aeb2-4afa6efacd8f", "title": "WP ERP <=1.10.5 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.10.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35cc980b-9c52-4f0b-aeb2-4afa6efacd8f?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35cd1788-1756-4d03-8f6f-e5e4153e3f4f": { "id": "35cd1788-1756-4d03-8f6f-e5e4153e3f4f", "title": "CP Blocks <= 1.0.20 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "CP Blocks", "slug": "cp-blocks", "affected_versions": { "* - 1.0.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35cd1788-1756-4d03-8f6f-e5e4153e3f4f?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35d64d3e-b48e-4e35-ab1d-0557fcd62263": { "id": "35d64d3e-b48e-4e35-ab1d-0557fcd62263", "title": "Smart Online Order for Clover <= 1.5.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35d64d3e-b48e-4e35-ab1d-0557fcd62263?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35d69a35-ec19-474a-a09b-0200bfa9e1db": { "id": "35d69a35-ec19-474a-a09b-0200bfa9e1db", "title": "Social Count Plus <= 5.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Count Plus", "slug": "social-count-plus", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35d69a35-ec19-474a-a09b-0200bfa9e1db?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35d80441-6cbe-4bd4-a891-a4a1d24c77ec": { "id": "35d80441-6cbe-4bd4-a891-a4a1d24c77ec", "title": "Easy Media Gallery Pro <= 1.2.59 - Cross-Site Request Forgery and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Media Gallery Pro", "slug": "easy-media-gallery-pro", "affected_versions": { "* - 1.2.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35d80441-6cbe-4bd4-a891-a4a1d24c77ec?source=api-scan" ], "published": "2014-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35dadb9c-f0c6-4b74-bb31-5e9d504b3db5": { "id": "35dadb9c-f0c6-4b74-bb31-5e9d504b3db5", "title": "Welcart e-Commerce <= 2.8.21 - Authenticated(level_5+) SQL Injection via get_logs", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 2.8.22)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35dadb9c-f0c6-4b74-bb31-5e9d504b3db5?source=api-scan" ], "published": "2023-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35def866-7460-4cad-8d86-7b9e4905cbe4": { "id": "35def866-7460-4cad-8d86-7b9e4905cbe4", "title": "CallRail Phone Call Tracking <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "CallRail Phone Call Tracking", "slug": "callrail-phone-call-tracking", "affected_versions": { "* - 0.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35def866-7460-4cad-8d86-7b9e4905cbe4?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35df1ab9-58c1-4270-96ef-bbb2c7ac7af6": { "id": "35df1ab9-58c1-4270-96ef-bbb2c7ac7af6", "title": "reCaptcha by BestWebSoft <= 1.12 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "reCaptcha by BestWebSoft", "slug": "google-captcha", "affected_versions": { "[*, 1.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35df1ab9-58c1-4270-96ef-bbb2c7ac7af6?source=api-scan" ], "published": "2015-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35e0a997-190e-457a-b80c-7b4ecec97095": { "id": "35e0a997-190e-457a-b80c-7b4ecec97095", "title": "Optin Forms <= 1.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Optin Forms \u2013 Simple List Building Plugin for WordPress", "slug": "optin-forms", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35e0a997-190e-457a-b80c-7b4ecec97095?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35e220c0-1e4d-4365-a1be-de66930fa559": { "id": "35e220c0-1e4d-4365-a1be-de66930fa559", "title": "Business Directory Plugin <= 5.10.1 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 5.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35e220c0-1e4d-4365-a1be-de66930fa559?source=api-scan" ], "published": "2021-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35e2f081-41ca-4465-933a-db5c30b058da": { "id": "35e2f081-41ca-4465-933a-db5c30b058da", "title": "WP Easy Gallery <= 2.7 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35e2f081-41ca-4465-933a-db5c30b058da?source=api-scan" ], "published": "2013-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35ead2b5-8b50-40e1-9b4a-547d97f34c4e": { "id": "35ead2b5-8b50-40e1-9b4a-547d97f34c4e", "title": "Master Slider \u2013 Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35ead2b5-8b50-40e1-9b4a-547d97f34c4e?source=api-scan" ], "published": "2024-06-17 14:11:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35f2d80a-891a-4616-a3f6-01bbf12f5f10": { "id": "35f2d80a-891a-4616-a3f6-01bbf12f5f10", "title": "Author Bio Box <= 3.3.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Author Bio Box", "slug": "author-bio-box", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35f2d80a-891a-4616-a3f6-01bbf12f5f10?source=api-scan" ], "published": "2021-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35f82406-f75d-4510-81c0-14af3d944bf0": { "id": "35f82406-f75d-4510-81c0-14af3d944bf0", "title": "Podlove Podcast Publisher <= 4.0.11 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35f82406-f75d-4510-81c0-14af3d944bf0?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35f9f778-b056-4188-b34f-3c45b91a0138": { "id": "35f9f778-b056-4188-b34f-3c45b91a0138", "title": "WP Photo Album Plus <= 8.8.00.002 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.8.00.002": { "from_version": "*", "from_inclusive": true, "to_version": "8.8.00.002", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.8.00.003" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35f9f778-b056-4188-b34f-3c45b91a0138?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35fb04aa-5899-4797-9ea1-24e7a98ad8d3": { "id": "35fb04aa-5899-4797-9ea1-24e7a98ad8d3", "title": "SupportCandy <= 2.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35fb04aa-5899-4797-9ea1-24e7a98ad8d3?source=api-scan" ], "published": "2022-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35fb658f-6ffa-4df7-bfcd-25307d89fc26": { "id": "35fb658f-6ffa-4df7-bfcd-25307d89fc26", "title": "Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35fb658f-6ffa-4df7-bfcd-25307d89fc26?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "35fc9a16-3775-48c0-82af-692974f54c33": { "id": "35fc9a16-3775-48c0-82af-692974f54c33", "title": "Easy!Appointments <= 1.4.0 - Authenticated(Subscriber+) Arbitrary File Deletion via 'disconnect'", "software": [ { "type": "plugin", "name": "Easy!Appointments", "slug": "easyappointments", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/35fc9a16-3775-48c0-82af-692974f54c33?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "360010f3-9053-4c69-a4e8-12f0c77ba746": { "id": "360010f3-9053-4c69-a4e8-12f0c77ba746", "title": "FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.44.7212": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.44.7212", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.45.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/360010f3-9053-4c69-a4e8-12f0c77ba746?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3607420e-3f02-425d-a708-f785ce66f2db": { "id": "3607420e-3f02-425d-a708-f785ce66f2db", "title": "ShortPixel Image Optimizer <= 5.6.3 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "ShortPixel Image Optimizer \u2013 Optimize Images, Convert WebP & AVIF", "slug": "shortpixel-image-optimiser", "affected_versions": { "* - 5.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3607420e-3f02-425d-a708-f785ce66f2db?source=api-scan" ], "published": "2024-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3608fce3-0869-4516-ae08-68108f733c37": { "id": "3608fce3-0869-4516-ae08-68108f733c37", "title": "WordPress Menu Plugin \u2014 Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WordPress Menu Plugin \u2014 Superfly Responsive Menu", "slug": "superfly-menu", "affected_versions": { "* - 5.0.29": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3608fce3-0869-4516-ae08-68108f733c37?source=api-scan" ], "published": "2024-08-01 17:45:27", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "360a022d-8530-48af-be34-77d6b4b5c19d": { "id": "360a022d-8530-48af-be34-77d6b4b5c19d", "title": "All In One Redirection <= 2.1.0 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "All In One Redirection", "slug": "all-in-one-redirection", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/360a022d-8530-48af-be34-77d6b4b5c19d?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "360b1927-a863-46be-ad11-3f6251c75a3c": { "id": "360b1927-a863-46be-ad11-3f6251c75a3c", "title": "YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "* - 6.5.26": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/360b1927-a863-46be-ad11-3f6251c75a3c?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "360cb170-a888-4b7f-8ea2-1d74a404f1df": { "id": "360cb170-a888-4b7f-8ea2-1d74a404f1df", "title": "Unnamed < 1.2.17.1 and Unnamed SE < 1.0.3 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Unnamed", "slug": "unnamed", "affected_versions": { "* - 1.2.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.17.1" ] }, { "type": "theme", "name": "Unnamed SE", "slug": "unnamed-se", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/360cb170-a888-4b7f-8ea2-1d74a404f1df?source=api-scan" ], "published": "2007-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "360cba3a-dfae-4b1c-9b33-f531fb9b12e0": { "id": "360cba3a-dfae-4b1c-9b33-f531fb9b12e0", "title": "WP Attachments <= 5.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Attachments", "slug": "wp-attachments", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/360cba3a-dfae-4b1c-9b33-f531fb9b12e0?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3610644e-3481-4fed-a83c-cd9ce09775d2": { "id": "3610644e-3481-4fed-a83c-cd9ce09775d2", "title": "Traffic Manager <= 1.4.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Traffic Manager", "slug": "traffic-manager", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3610644e-3481-4fed-a83c-cd9ce09775d2?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "361216af-b939-4ac1-ae06-97552d283670": { "id": "361216af-b939-4ac1-ae06-97552d283670", "title": "Leadster <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Leadster", "slug": "leadster-marketing-conversacional", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/361216af-b939-4ac1-ae06-97552d283670?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36123fad-448e-4fdb-a076-5280b53d9671": { "id": "36123fad-448e-4fdb-a076-5280b53d9671", "title": "Navigation menu as Dropdown Widget <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Navigation menu as Dropdown Widget", "slug": "navigation-menu-as-dropdown-widget", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36123fad-448e-4fdb-a076-5280b53d9671?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "361315ff-99ef-4fb2-946f-8ccc307bd3be": { "id": "361315ff-99ef-4fb2-946f-8ccc307bd3be", "title": "async <= 2.6.3 and 3-3.2.2 - Prototype Pollution", "software": [ { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/361315ff-99ef-4fb2-946f-8ccc307bd3be?source=api-scan" ], "published": "2022-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3613c0ce-ac77-4fdc-8e3a-830b45ef6390": { "id": "3613c0ce-ac77-4fdc-8e3a-830b45ef6390", "title": "Page Builder Sandwich \u2013 Front-End Page Builder <= 5.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin", "slug": "page-builder-sandwich", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3613c0ce-ac77-4fdc-8e3a-830b45ef6390?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "361deac0-f675-432c-b7d2-b99f168d476d": { "id": "361deac0-f675-432c-b7d2-b99f168d476d", "title": "Chaty <= 3.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/361deac0-f675-432c-b7d2-b99f168d476d?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "361e2d5c-4355-4e71-91aa-2c1bc6b6fb78": { "id": "361e2d5c-4355-4e71-91aa-2c1bc6b6fb78", "title": "Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "* - 21.2": { "from_version": "*", "from_inclusive": true, "to_version": "21.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "361f3fec-7176-4a25-943b-44a44dd77784": { "id": "361f3fec-7176-4a25-943b-44a44dd77784", "title": "cformsII < 14.6.10 - SQL Injection", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "[*, 14.6.10)": { "from_version": "*", "from_inclusive": true, "to_version": "14.6.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "14.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/361f3fec-7176-4a25-943b-44a44dd77784?source=api-scan" ], "published": "2015-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3621801a-231b-4678-bfb5-fbf18e58a658": { "id": "3621801a-231b-4678-bfb5-fbf18e58a658", "title": "WP External Links < 1.81 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "External Links \u2013 nofollow, noopener & new window", "slug": "wp-external-links", "affected_versions": { "[*, 1.81)": { "from_version": "*", "from_inclusive": true, "to_version": "1.81", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3621801a-231b-4678-bfb5-fbf18e58a658?source=api-scan" ], "published": "2016-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3624708c-b0da-4177-a8e8-cf5f5c432f97": { "id": "3624708c-b0da-4177-a8e8-cf5f5c432f97", "title": "WP Debugging <= 2.11.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Debugging", "slug": "wp-debugging", "affected_versions": { "* - 2.11.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3624708c-b0da-4177-a8e8-cf5f5c432f97?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "362fcd02-73c3-413b-8076-694c4d55544d": { "id": "362fcd02-73c3-413b-8076-694c4d55544d", "title": "RedLine < 1.66 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "RedLine", "slug": "redline", "affected_versions": { "[*, 1.66)": { "from_version": "*", "from_inclusive": true, "to_version": "1.66", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/362fcd02-73c3-413b-8076-694c4d55544d?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36304098-fea7-4e67-a138-5670761c6338": { "id": "36304098-fea7-4e67-a138-5670761c6338", "title": "Age Gate <= 2.17.0 - Cross-Site Scripting via Data Import", "software": [ { "type": "plugin", "name": "Age Gate", "slug": "age-gate", "affected_versions": { "* - 2.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.17.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36304098-fea7-4e67-a138-5670761c6338?source=api-scan" ], "published": "2022-06-10 08:45:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3639d0a6-6d9f-4f3e-bb25-85d4eb40b547": { "id": "3639d0a6-6d9f-4f3e-bb25-85d4eb40b547", "title": "Ultra Companion <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultra Companion \u2013 Companion plugin for WPoperation Themes", "slug": "ultra-companion", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3639d0a6-6d9f-4f3e-bb25-85d4eb40b547?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "363ece80-1fa6-4019-84c9-e0a65f02625d": { "id": "363ece80-1fa6-4019-84c9-e0a65f02625d", "title": "WP Inventory Manager <= 2.1.0.11 - Reflected Cross-Site Scripting via 'message'", "software": [ { "type": "plugin", "name": "WP Inventory Manager", "slug": "wp-inventory-manager", "affected_versions": { "* - 2.1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/363ece80-1fa6-4019-84c9-e0a65f02625d?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "364804a5-8699-46be-b25e-890a10134a25": { "id": "364804a5-8699-46be-b25e-890a10134a25", "title": "WP Statistics < 9.4.1 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "[*, 9.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "9.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/364804a5-8699-46be-b25e-890a10134a25?source=api-scan" ], "published": "2015-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "364946a5-ce1e-4872-895d-e7cf795a04f7": { "id": "364946a5-ce1e-4872-895d-e7cf795a04f7", "title": "Ultimate Addons for Contact Form 7 <= 3.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for Contact Form 7", "slug": "ultimate-addons-for-contact-form-7", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/364946a5-ce1e-4872-895d-e7cf795a04f7?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "364a9a12-d6d4-4461-b45f-cf7d6ea815ac": { "id": "364a9a12-d6d4-4461-b45f-cf7d6ea815ac", "title": "Reality | Estate Multipurpose WordPress Theme <= 2.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Reality | Estate Multipurpose WordPress Theme", "slug": "reality", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/364a9a12-d6d4-4461-b45f-cf7d6ea815ac?source=api-scan" ], "published": "2020-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "364c8488-dab2-46bd-84b6-adfa59e2b013": { "id": "364c8488-dab2-46bd-84b6-adfa59e2b013", "title": "VikBooking Hotel Booking Engine & PMS <= 1.6.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/364c8488-dab2-46bd-84b6-adfa59e2b013?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "364fe5b3-561e-4005-a589-c7c2b9e85b99": { "id": "364fe5b3-561e-4005-a589-c7c2b9e85b99", "title": "ChatBot <= 4.4.6 - Unauthenticated PHP Object Injection via Cookies", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/364fe5b3-561e-4005-a589-c7c2b9e85b99?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3657384e-025a-44ad-8b7e-1a2fea17dcc3": { "id": "3657384e-025a-44ad-8b7e-1a2fea17dcc3", "title": "BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 12.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "12.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3657384e-025a-44ad-8b7e-1a2fea17dcc3?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "365808af-5ed1-4265-88bd-ca8a49bdf424": { "id": "365808af-5ed1-4265-88bd-ca8a49bdf424", "title": "Kanban Boards for WordPress <= 2.5.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kanban Boards for WordPress", "slug": "kanban", "affected_versions": { "* - 2.5.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/365808af-5ed1-4265-88bd-ca8a49bdf424?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "365b90dc-b9a1-4e04-9546-860f057f29f8": { "id": "365b90dc-b9a1-4e04-9546-860f057f29f8", "title": "Woocommerce \u2013 Recent Purchases <= 1.0.1 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Woocommerce \u2013 Recent Purchases", "slug": "woo-recent-purchases", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/365b90dc-b9a1-4e04-9546-860f057f29f8?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "365ec9c9-7bf4-4e5c-953e-58e3a7150cdb": { "id": "365ec9c9-7bf4-4e5c-953e-58e3a7150cdb", "title": "Contact Form Manager <= 1.4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Manager", "slug": "contact-form-manager", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/365ec9c9-7bf4-4e5c-953e-58e3a7150cdb?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "366165fe-93e5-49ab-b2e5-1de624f22286": { "id": "366165fe-93e5-49ab-b2e5-1de624f22286", "title": "Simple Membership <= 4.3.8 - Reflected Cross-Site Scripting Vulnerability via environment_mode", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/366165fe-93e5-49ab-b2e5-1de624f22286?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3663b35d-13ac-4d65-80bd-5800ed74f759": { "id": "3663b35d-13ac-4d65-80bd-5800ed74f759", "title": "Product page shipping calculator for WooCommerce <= 1.3.25 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings", "software": [ { "type": "plugin", "name": "Product page shipping calculator for WooCommerce", "slug": "product-page-shipping-calculator-for-woocommerce", "affected_versions": { "* - 1.3.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3663b35d-13ac-4d65-80bd-5800ed74f759?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3666a841-711d-4ecf-bb77-f2db4d5817ea": { "id": "3666a841-711d-4ecf-bb77-f2db4d5817ea", "title": "ActivityPub <= 1.0.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "ActivityPub", "slug": "activitypub", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3666a841-711d-4ecf-bb77-f2db4d5817ea?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "366e5302-3edc-4bc8-8d84-9e0ee7abb25a": { "id": "366e5302-3edc-4bc8-8d84-9e0ee7abb25a", "title": "WordPress RokBox <= 2.13 - Content Spoofing", "software": [ { "type": "plugin", "name": "WordPress RokBox", "slug": "wp_rokbox", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/366e5302-3edc-4bc8-8d84-9e0ee7abb25a?source=api-scan" ], "published": "2012-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3670665c-0ae1-47d6-b463-581eb195666e": { "id": "3670665c-0ae1-47d6-b463-581eb195666e", "title": "My YouTube Channel <= 3.23.3 - Cross-Site Request Forgery to Cache Deletion", "software": [ { "type": "plugin", "name": "My YouTube Channel", "slug": "youtube-channel", "affected_versions": { "* - 3.23.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.23.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3670665c-0ae1-47d6-b463-581eb195666e?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3673a86c-1e11-45ad-8944-84a38aad53dd": { "id": "3673a86c-1e11-45ad-8944-84a38aad53dd", "title": "IdeaPush <= 8.52 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IdeaPush", "slug": "ideapush", "affected_versions": { "* - 8.52": { "from_version": "*", "from_inclusive": true, "to_version": "8.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3673a86c-1e11-45ad-8944-84a38aad53dd?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36741b46-57ac-402e-bfb1-8424c7e70598": { "id": "36741b46-57ac-402e-bfb1-8424c7e70598", "title": "Chaty <= 3.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36741b46-57ac-402e-bfb1-8424c7e70598?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36759c8a-351b-448c-a79e-05465e99b4c2": { "id": "36759c8a-351b-448c-a79e-05465e99b4c2", "title": "Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Font Awesome", "slug": "font-awesome", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36759c8a-351b-448c-a79e-05465e99b4c2?source=api-scan" ], "published": "2022-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "367a7796-b94b-4239-894f-01bf71cdeed9": { "id": "367a7796-b94b-4239-894f-01bf71cdeed9", "title": "Gum Elementor Addon <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gum Elementor Addon", "slug": "gum-elementor-addon", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/367a7796-b94b-4239-894f-01bf71cdeed9?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36806418-ae4e-4981-b9c5-dadb5e92e69a": { "id": "36806418-ae4e-4981-b9c5-dadb5e92e69a", "title": "Lana Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Lana Shortcodes", "slug": "lana-shortcodes", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36806418-ae4e-4981-b9c5-dadb5e92e69a?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "368a3911-1d29-4378-aa6e-8a6ed54bbe0f": { "id": "368a3911-1d29-4378-aa6e-8a6ed54bbe0f", "title": "Ultimate Store Kit Elementor Addons <= 2.0.3 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider", "slug": "ultimate-store-kit", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/368a3911-1d29-4378-aa6e-8a6ed54bbe0f?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36a43b08-872e-4760-a319-67e30fd004a2": { "id": "36a43b08-872e-4760-a319-67e30fd004a2", "title": "Points and Rewards for WooCommerce <= 1.5.0 - Cross-Site Request Forgery to Settings Change", "software": [ { "type": "plugin", "name": "Points and Rewards for WooCommerce \u2013 Create Loyalty Programs, Reward Customer Purchases, Point Rewards, Referral Points, Reward for Points, User Badges, and Gamification", "slug": "points-and-rewards-for-woocommerce", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36a43b08-872e-4760-a319-67e30fd004a2?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36a7b681-6059-46a4-82a8-addfb8f452cc": { "id": "36a7b681-6059-46a4-82a8-addfb8f452cc", "title": "Master Elements <= 8.0 - Unauthenticated SQL injection", "software": [ { "type": "plugin", "name": "Master Elements", "slug": "master-elements", "affected_versions": { "* - 8.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36a7b681-6059-46a4-82a8-addfb8f452cc?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36abba4d-9a73-4ef2-a910-6030acddd182": { "id": "36abba4d-9a73-4ef2-a910-6030acddd182", "title": "Page Builder KingComposer <= 2.9.6 - Open Redirect", "software": [ { "type": "plugin", "name": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme", "slug": "kingcomposer", "affected_versions": { "* - 2.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36abba4d-9a73-4ef2-a910-6030acddd182?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36abd7e9-0ca4-4c22-ab13-08f2632a6797": { "id": "36abd7e9-0ca4-4c22-ab13-08f2632a6797", "title": "Top Bar <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Top Bar", "slug": "top-bar", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36abd7e9-0ca4-4c22-ab13-08f2632a6797?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36ad7fe2-0dc9-427d-811b-8fb1fdb78579": { "id": "36ad7fe2-0dc9-427d-811b-8fb1fdb78579", "title": "ARI Stream Quiz <= 1.3.0 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "ARI Stream Quiz \u2013 WordPress Quizzes Builder", "slug": "ari-stream-quiz", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36ad7fe2-0dc9-427d-811b-8fb1fdb78579?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36ae359b-7694-4e8b-9fe6-5e9e40345305": { "id": "36ae359b-7694-4e8b-9fe6-5e9e40345305", "title": "WooCommerce Product Table Lite <= 2.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Product Table Lite", "slug": "wc-product-table-lite", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36ae359b-7694-4e8b-9fe6-5e9e40345305?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36ae4183-5fa7-484c-b858-5df10ae3d3f2": { "id": "36ae4183-5fa7-484c-b858-5df10ae3d3f2", "title": "Facebook Chat Plugin <= 1.5 - Missing Capabilities Check", "software": [ { "type": "plugin", "name": "Facebook Chat Plugin \u2013 Live Chat Plugin for WordPress", "slug": "facebook-messenger-customer-chat", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36ae4183-5fa7-484c-b858-5df10ae3d3f2?source=api-scan" ], "published": "2020-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36aecabd-4982-426d-be47-075c23a452a2": { "id": "36aecabd-4982-426d-be47-075c23a452a2", "title": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP", "slug": "videowhisper-live-streaming-integration", "affected_versions": { "[*, 4.29.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.29.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.29.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36aecabd-4982-426d-be47-075c23a452a2?source=api-scan" ], "published": "2014-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36b2992d-4d1b-456d-94a0-54794ba59435": { "id": "36b2992d-4d1b-456d-94a0-54794ba59435", "title": "Radio Station <= 2.4.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Radio Station by netmix\u00ae \u2013 Manage and play your Show Schedule in WordPress!", "slug": "radio-station", "affected_versions": { "* - 2.4.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36b2992d-4d1b-456d-94a0-54794ba59435?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36b58a4f-0761-4775-9010-9c77d4019c44": { "id": "36b58a4f-0761-4775-9010-9c77d4019c44", "title": "Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36b58a4f-0761-4775-9010-9c77d4019c44?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36b71a50-270a-4960-bf31-e888df84e619": { "id": "36b71a50-270a-4960-bf31-e888df84e619", "title": "ShiftNav \u2013 Responsive Mobile Menu <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "ShiftNav \u2013 Responsive Mobile Menu", "slug": "shiftnav-responsive-mobile-menu", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36b71a50-270a-4960-bf31-e888df84e619?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36ba23ea-7e79-4048-8030-7ed6b2ff45a6": { "id": "36ba23ea-7e79-4048-8030-7ed6b2ff45a6", "title": "EmbedPress <= 3.8.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "[*, 3.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36ba23ea-7e79-4048-8030-7ed6b2ff45a6?source=api-scan" ], "published": "2023-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36c3107d-f125-4715-999e-8862e4103313": { "id": "36c3107d-f125-4715-999e-8862e4103313", "title": "Post Views Count <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Post Views Count (Support caching plugins!)", "slug": "baw-post-views-count", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36c3107d-f125-4715-999e-8862e4103313?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36c32212-0d52-435e-bb6a-39ea07363a86": { "id": "36c32212-0d52-435e-bb6a-39ea07363a86", "title": "Photo Gallery by Ays - Responsive Image Gallery <= 4.4.3 - Authenticated Blind SQL Injections", "software": [ { "type": "plugin", "name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", "slug": "gallery-photo-gallery", "affected_versions": { "[*, 4.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36c32212-0d52-435e-bb6a-39ea07363a86?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36c6a116-37cc-4ade-b601-5f9d6aaf9217": { "id": "36c6a116-37cc-4ade-b601-5f9d6aaf9217", "title": "WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WooCommerce Add to Cart Custom Redirect", "slug": "woocommerce-add-to-cart-custom-redirect", "affected_versions": { "* - 1.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36ca4534-1abe-4f28-8672-f183c7578ab2": { "id": "36ca4534-1abe-4f28-8672-f183c7578ab2", "title": "MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MainWP Code Snippets Extension", "slug": "mainwp-code-snippets-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36ca4534-1abe-4f28-8672-f183c7578ab2?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36cec19a-4631-4ada-b37a-f4b2dc264096": { "id": "36cec19a-4631-4ada-b37a-f4b2dc264096", "title": "Simple Blog Card <= 1.31 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Simple Blog Card", "slug": "simple-blog-card", "affected_versions": { "[*, 1.32)": { "from_version": "*", "from_inclusive": true, "to_version": "1.32", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36cec19a-4631-4ada-b37a-f4b2dc264096?source=api-scan" ], "published": "2023-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36d02d5f-d534-4567-9587-1f6e4b21ca90": { "id": "36d02d5f-d534-4567-9587-1f6e4b21ca90", "title": "DVS Custom Notification <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DVS Custom Notification", "slug": "dvs-custom-notification", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36d02d5f-d534-4567-9587-1f6e4b21ca90?source=api-scan" ], "published": "2012-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36d2d414-3798-441c-a5bc-4e0560499336": { "id": "36d2d414-3798-441c-a5bc-4e0560499336", "title": "Easy Table of Contents <= 2.0.67.1 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Table of Contents", "slug": "easy-table-of-contents", "affected_versions": { "* - 2.0.67.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.67.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36d2d414-3798-441c-a5bc-4e0560499336?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36d2fbbf-ea0e-4785-9b83-b642e59c713d": { "id": "36d2fbbf-ea0e-4785-9b83-b642e59c713d", "title": "Freshdesk (official) <= 2.3.6 - Open Redirect", "software": [ { "type": "plugin", "name": "Freshdesk (official)", "slug": "freshdesk-support", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36d2fbbf-ea0e-4785-9b83-b642e59c713d?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36d37997-ac50-4d00-bc12-f3904483e15f": { "id": "36d37997-ac50-4d00-bc12-f3904483e15f", "title": "Advanced Custom Fields <= 5.7.7 - Author+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "[*, 5.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36d37997-ac50-4d00-bc12-f3904483e15f?source=api-scan" ], "published": "2018-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36d3dae0-4705-487a-a4a4-c12280e866a3": { "id": "36d3dae0-4705-487a-a4a4-c12280e866a3", "title": "WSM Downloader <= 1.4.0 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "WSM Downloader", "slug": "wsm-downloader", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36d3dae0-4705-487a-a4a4-c12280e866a3?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36d9e9cd-7885-4127-b62c-ee0b3aad8846": { "id": "36d9e9cd-7885-4127-b62c-ee0b3aad8846", "title": "Solidres <= 0.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solidres \u2013 Hotel booking plugin for WordPress", "slug": "solidres", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36d9e9cd-7885-4127-b62c-ee0b3aad8846?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36dec90a-fead-48f5-a88b-dfbc6d8bffb4": { "id": "36dec90a-fead-48f5-a88b-dfbc6d8bffb4", "title": "NotificationX <= 2.3.11 - SQL Injection", "software": [ { "type": "plugin", "name": "NotificationX \u2013 Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar", "slug": "notificationx", "affected_versions": { "* - 2.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36dec90a-fead-48f5-a88b-dfbc6d8bffb4?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36def628-e09e-4da0-ab14-35aefcb67f73": { "id": "36def628-e09e-4da0-ab14-35aefcb67f73", "title": "Maintenance Mode <= 3.0.1 - Information Exposure", "software": [ { "type": "plugin", "name": "Maintenance Mode", "slug": "hkdev-maintenance-mode", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36def628-e09e-4da0-ab14-35aefcb67f73?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36e098fe-d1f9-4c8f-ae6b-222cbd5976b2": { "id": "36e098fe-d1f9-4c8f-ae6b-222cbd5976b2", "title": "Product Catalog Simple <= 1.5.13 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Product Catalog Simple", "slug": "post-type-x", "affected_versions": { "[*, 1.5.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36e098fe-d1f9-4c8f-ae6b-222cbd5976b2?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36e15052-0e04-4b72-b573-b736109517b8": { "id": "36e15052-0e04-4b72-b573-b736109517b8", "title": "WordPress Core < 5.5.2 - Privilege Escalation via XML-RPC", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36e15052-0e04-4b72-b573-b736109517b8?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36ef164e-33cc-41b1-8e28-d2af89739f04": { "id": "36ef164e-33cc-41b1-8e28-d2af89739f04", "title": "Watu Quiz <= 3.3.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 3.3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36ef164e-33cc-41b1-8e28-d2af89739f04?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36f107cf-4b85-4016-b7af-b73a706cf1a6": { "id": "36f107cf-4b85-4016-b7af-b73a706cf1a6", "title": "WooCommerce <= 2.6.8 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 2.6.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36f107cf-4b85-4016-b7af-b73a706cf1a6?source=api-scan" ], "published": "2016-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36f37875-69fe-41cb-a68d-ad73d53d1a83": { "id": "36f37875-69fe-41cb-a68d-ad73d53d1a83", "title": "WP-Lister Lite for Amazon <= 2.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Lister Lite for Amazon", "slug": "wp-lister-for-amazon", "affected_versions": { "* - 2.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36f37875-69fe-41cb-a68d-ad73d53d1a83?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36f41de5-50d5-47ca-bbd0-eca3b756a0cd": { "id": "36f41de5-50d5-47ca-bbd0-eca3b756a0cd", "title": "Securimage-WP <= 3.6.16 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Securimage-WP", "slug": "securimage-wp", "affected_versions": { "* - 3.6.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36f41de5-50d5-47ca-bbd0-eca3b756a0cd?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36f4e51d-d613-4db6-8d79-d26398c3e5df": { "id": "36f4e51d-d613-4db6-8d79-d26398c3e5df", "title": "Tidio Gallery <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tidio Gallery", "slug": "tidio-gallery", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36f4e51d-d613-4db6-8d79-d26398c3e5df?source=api-scan" ], "published": "2016-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36f61f62-daa9-4b1a-91fb-7b22a28d0eda": { "id": "36f61f62-daa9-4b1a-91fb-7b22a28d0eda", "title": "ContentLock <= 1.0.3 - Cross-Site Request Forgery to Email Adding", "software": [ { "type": "plugin", "name": "ContentLock", "slug": "contentlock", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36f61f62-daa9-4b1a-91fb-7b22a28d0eda?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36f7eb57-76ac-4130-abb3-6521f9d042ce": { "id": "36f7eb57-76ac-4130-abb3-6521f9d042ce", "title": "WHA Puzzle <= 1.0.9 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WHA Puzzle", "slug": "wha-puzzle", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36f7eb57-76ac-4130-abb3-6521f9d042ce?source=api-scan" ], "published": "2022-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "36fd8125-f876-49c2-a0bb-4c7ef95b462c": { "id": "36fd8125-f876-49c2-a0bb-4c7ef95b462c", "title": "WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP htpasswd", "slug": "wp-htpasswd", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/36fd8125-f876-49c2-a0bb-4c7ef95b462c?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3702218f-a5ad-4244-874f-53b49cc9491c": { "id": "3702218f-a5ad-4244-874f-53b49cc9491c", "title": "Social Share Buttons by Supsystic <= 2.2.3 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Social Share Buttons by Supsystic", "slug": "social-share-buttons-by-supsystic", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3702218f-a5ad-4244-874f-53b49cc9491c?source=api-scan" ], "published": "2022-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3704b365-cbdf-4c74-9619-59f0a10e3c6a": { "id": "3704b365-cbdf-4c74-9619-59f0a10e3c6a", "title": "Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page", "software": [ { "type": "plugin", "name": "Edit WooCommerce Templates", "slug": "woo-edit-templates", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3704b365-cbdf-4c74-9619-59f0a10e3c6a?source=api-scan" ], "published": "2024-10-17 15:41:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37052cb9-8479-4004-9161-65f37028ae10": { "id": "37052cb9-8479-4004-9161-65f37028ae10", "title": "Bit File Manager <= 4.1.4 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress", "slug": "file-manager", "affected_versions": { "[*, 4.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37052cb9-8479-4004-9161-65f37028ae10?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37053b53-8308-4e54-99c2-7616ed8cb379": { "id": "37053b53-8308-4e54-99c2-7616ed8cb379", "title": "Email Newsletter <= 8.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Email Newsletter", "slug": "email-newsletter", "affected_versions": { "* - 8.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37053b53-8308-4e54-99c2-7616ed8cb379?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3705f028-9c8d-48b1-8950-160e10038294": { "id": "3705f028-9c8d-48b1-8950-160e10038294", "title": "Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.15.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3705f028-9c8d-48b1-8950-160e10038294?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3706deed-55f2-4dfb-bfed-7a14872cd15a": { "id": "3706deed-55f2-4dfb-bfed-7a14872cd15a", "title": "iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode", "software": [ { "type": "plugin", "name": "iframe", "slug": "iframe", "affected_versions": { "* - 4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3706deed-55f2-4dfb-bfed-7a14872cd15a?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3709465d-6d67-45bd-abb9-4875065b8129": { "id": "3709465d-6d67-45bd-abb9-4875065b8129", "title": "NextScripts: Social Networks Auto-Poster <= 4.3.17 - Missing Authorization", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "* - 4.3.17": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3709465d-6d67-45bd-abb9-4875065b8129?source=api-scan" ], "published": "2020-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "370a6130-425c-4264-baaf-8989d3b00d14": { "id": "370a6130-425c-4264-baaf-8989d3b00d14", "title": "MC4WP: Mailchimp for WordPress <= 4.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "* - 4.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/370a6130-425c-4264-baaf-8989d3b00d14?source=api-scan" ], "published": "2021-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "370ccbad-4001-4af5-8d32-fd6b04a8fc41": { "id": "370ccbad-4001-4af5-8d32-fd6b04a8fc41", "title": "WP Hotel Booking <= 2.0.8 - Insufficient Authorization to Unauthorized Post Deletion", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/370ccbad-4001-4af5-8d32-fd6b04a8fc41?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "370e816c-920a-4e53-a2f8-afe2806c9df3": { "id": "370e816c-920a-4e53-a2f8-afe2806c9df3", "title": "Fast Flow <= 1.2.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fast Flow", "slug": "fast-flow-dashboard", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/370e816c-920a-4e53-a2f8-afe2806c9df3?source=api-scan" ], "published": "2022-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "370fbe22-df48-4f64-ba7f-5ab98b908f58": { "id": "370fbe22-df48-4f64-ba7f-5ab98b908f58", "title": "Yvora - Premium WordPress Theme | Portfolio (Unspecified Version) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Yvora - Premium WordPress Theme | Portfolio", "slug": "yvora", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/370fbe22-df48-4f64-ba7f-5ab98b908f58?source=api-scan" ], "published": "2012-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "371deb9d-707f-47e4-96d7-1a287926b536": { "id": "371deb9d-707f-47e4-96d7-1a287926b536", "title": "WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.33": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.33", "to_inclusive": true }, "3.8 - 3.8.33": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.33", "to_inclusive": true }, "3.9 - 3.9.31": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.31", "to_inclusive": true }, "4.0 - 4.0.30": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.30", "to_inclusive": true }, "4.1 - 4.1.30": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.30", "to_inclusive": true }, "4.2 - 4.2.27": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.27", "to_inclusive": true }, "4.3 - 4.3.23": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.23", "to_inclusive": true }, "4.4 - 4.4.22": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.22", "to_inclusive": true }, "4.5 - 4.5.21": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.21", "to_inclusive": true }, "4.6 - 4.6.18": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.18", "to_inclusive": true }, "4.7 - 4.7.17": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.17", "to_inclusive": true }, "4.8 - 4.8.13": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.13", "to_inclusive": true }, "4.9 - 4.9.14": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.14", "to_inclusive": true }, "5.0 - 5.0.9": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true }, "5.1 - 5.1.5": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true }, "5.2 - 5.2.6": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true }, "5.3 - 5.3.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.34", "3.8.34", "3.9.32", "4.0.31", "4.1.31", "4.2.28", "4.3.24", "4.4.23", "4.5.22", "4.6.19", "4.7.18", "4.8.14", "4.9.15", "5.0.10", "5.1.6", "5.2.7", "5.3.4", "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/371deb9d-707f-47e4-96d7-1a287926b536?source=api-scan" ], "published": "2020-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "371fef9c-1f32-4a21-b4f4-1fc364ade5a4": { "id": "371fef9c-1f32-4a21-b4f4-1fc364ade5a4", "title": "Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "* - 1.3.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/371fef9c-1f32-4a21-b4f4-1fc364ade5a4?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "372149c4-b6b4-43c8-896f-af69712f3a82": { "id": "372149c4-b6b4-43c8-896f-af69712f3a82", "title": "Smart Forms \u2013 when you need more than just a contact form <= 2.9.95 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "* - 2.6.95": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.95", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.96" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/372149c4-b6b4-43c8-896f-af69712f3a82?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "372632cb-8dfd-4d74-a765-c8fb9d0f1b78": { "id": "372632cb-8dfd-4d74-a765-c8fb9d0f1b78", "title": "WordPress Core <= 2.3.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/372632cb-8dfd-4d74-a765-c8fb9d0f1b78?source=api-scan" ], "published": "2008-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37264b0f-b021-41f8-a72d-3ee0d06b19a8": { "id": "37264b0f-b021-41f8-a72d-3ee0d06b19a8", "title": "WP Insurance \u2013 WordPress Insurance Service Plugin <= 2.1.3 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "WP Insurance \u2013 WordPress Insurance Service Plugin", "slug": "wp-insurance", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37264b0f-b021-41f8-a72d-3ee0d06b19a8?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "372a4550-c38e-46d6-b7f2-15e05708d128": { "id": "372a4550-c38e-46d6-b7f2-15e05708d128", "title": "WP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "[*, 0.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/372a4550-c38e-46d6-b7f2-15e05708d128?source=api-scan" ], "published": "2021-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "372f4908-8796-4a52-8346-bd0eb1e41adc": { "id": "372f4908-8796-4a52-8346-bd0eb1e41adc", "title": "tagDiv Composer < 4.0 - Reflected Cross-Site Scripting via \u2018td_video_url\u2019", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/372f4908-8796-4a52-8346-bd0eb1e41adc?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3732bf4c-e5e4-4947-9044-9a49e7547cf3": { "id": "3732bf4c-e5e4-4947-9044-9a49e7547cf3", "title": "WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Total Hacks", "slug": "wp-total-hacks", "affected_versions": { "* - 4.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3732bf4c-e5e4-4947-9044-9a49e7547cf3?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37331460-4585-4946-9256-64fdb8f02a6b": { "id": "37331460-4585-4946-9256-64fdb8f02a6b", "title": "News Wall <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "News Wall", "slug": "news-wall", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37331460-4585-4946-9256-64fdb8f02a6b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3737d7a0-76d6-4292-aa31-6ee2cb0e9575": { "id": "3737d7a0-76d6-4292-aa31-6ee2cb0e9575", "title": "YITH WooCommerce Wishlist <= 2.1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "YITH WooCommerce Wishlist", "slug": "yith-woocommerce-wishlist", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3737d7a0-76d6-4292-aa31-6ee2cb0e9575?source=api-scan" ], "published": "2018-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "373b51f0-92ad-4c9e-87b9-96b4e57cc05d": { "id": "373b51f0-92ad-4c9e-87b9-96b4e57cc05d", "title": "Anthology < 1.4.5 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Anthology", "slug": "anthology", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/373b51f0-92ad-4c9e-87b9-96b4e57cc05d?source=api-scan" ], "published": "2013-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "373c10df-0d9c-4f76-8d1f-cad6bcfed141": { "id": "373c10df-0d9c-4f76-8d1f-cad6bcfed141", "title": "WP Content Pilot \u2013 Autoblogging & Affiliate Marketing Plugin <= 1.3.3 - Authenticated (Contributor+) Content Injection", "software": [ { "type": "plugin", "name": "WP Content Pilot \u2013 Autoblogging & Affiliate Marketing Plugin", "slug": "wp-content-pilot", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/373c10df-0d9c-4f76-8d1f-cad6bcfed141?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "373e9a7c-cdc3-43cb-9c8f-2be25f514b61": { "id": "373e9a7c-cdc3-43cb-9c8f-2be25f514b61", "title": "Visual Form Builder <= 2.8.2 - Cross-Site Request Forgery to SQL Injection", "software": [ { "type": "plugin", "name": "Visual Form Builder", "slug": "visual-form-builder", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/373e9a7c-cdc3-43cb-9c8f-2be25f514b61?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37426991-7778-4dc4-8cae-2725584fb8b8": { "id": "37426991-7778-4dc4-8cae-2725584fb8b8", "title": "Icons Font Loader <= 1.1.4 - Authenticated(Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Icons Font Loader \u2013 Load Various Web Fonts & Icons on WP", "slug": "icons-font-loader", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37426991-7778-4dc4-8cae-2725584fb8b8?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3742f2c5-55be-426c-8445-bf58eeebc74b": { "id": "3742f2c5-55be-426c-8445-bf58eeebc74b", "title": "Cakifo 1.0 - 1.6.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Cakifo", "slug": "cakifo", "affected_versions": { "1.0 - 1.6.1": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3742f2c5-55be-426c-8445-bf58eeebc74b?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3745b681-cb09-4a5b-a57b-c7f35b8c5133": { "id": "3745b681-cb09-4a5b-a57b-c7f35b8c5133", "title": "WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP RSS By Publishers", "slug": "wp-rss-by-publishers", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3745b681-cb09-4a5b-a57b-c7f35b8c5133?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37506a9e-a225-4519-a24e-8678c31cc106": { "id": "37506a9e-a225-4519-a24e-8678c31cc106", "title": "BSK PDF Manager <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BSK PDF Manager", "slug": "bsk-pdf-manager", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37506a9e-a225-4519-a24e-8678c31cc106?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37563f9c-658c-4806-9bd8-a8413e7934fb": { "id": "37563f9c-658c-4806-9bd8-a8413e7934fb", "title": "Workio <= 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Workio \u2013 Job Board WordPress Theme", "slug": "workio", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37563f9c-658c-4806-9bd8-a8413e7934fb?source=api-scan" ], "published": "2020-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3758db41-a3c5-436a-bb9a-5886f10d1519": { "id": "3758db41-a3c5-436a-bb9a-5886f10d1519", "title": "WCFM Membership <= 2.9.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace", "slug": "wc-multivendor-membership", "affected_versions": { "* - 2.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3758db41-a3c5-436a-bb9a-5886f10d1519?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3762cd92-604a-4dac-a09e-6b4a08c4d804": { "id": "3762cd92-604a-4dac-a09e-6b4a08c4d804", "title": "Duplicator <= 0.5.14 - SQL Injection", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 0.5.14": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3762cd92-604a-4dac-a09e-6b4a08c4d804?source=api-scan" ], "published": "2015-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "376404a5-176e-4c73-8281-27b138218879": { "id": "376404a5-176e-4c73-8281-27b138218879", "title": "WP Flipclock <= 1.7.4 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Flipclock", "slug": "wp-flipclock", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/376404a5-176e-4c73-8281-27b138218879?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "376b46c9-f6bb-4f4e-8e53-62ca68d0003a": { "id": "376b46c9-f6bb-4f4e-8e53-62ca68d0003a", "title": "Rate my Post \u2013 WP Rating System <= 3.3.4 - Race Condition", "software": [ { "type": "plugin", "name": "Rate My Post \u2013 Star Rating Plugin by FeedbackWP", "slug": "rate-my-post", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/376b46c9-f6bb-4f4e-8e53-62ca68d0003a?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "376c5091-7921-4470-acbf-44db53db38fc": { "id": "376c5091-7921-4470-acbf-44db53db38fc", "title": "Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout", "software": [ { "type": "plugin", "name": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters", "slug": "subscribe2", "affected_versions": { "* - 10.42": { "from_version": "*", "from_inclusive": true, "to_version": "10.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.43" ] }, { "type": "plugin", "name": "Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration \u2013 FlexTable", "slug": "sheets-to-wp-table-live-sync", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] }, { "type": "plugin", "name": "Dashboard Welcome for Elementor", "slug": "dashboard-welcome-for-elementor", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "XPlainer \u2013 Product FAQs for WooCommerce & AI FAQ Generator", "slug": "faq-for-woocommerce", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] }, { "type": "plugin", "name": "Load More Anything", "slug": "ajax-load-more-anything", "affected_versions": { "* - 3.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.6" ] }, { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] }, { "type": "plugin", "name": "Pagely [Show Current Template Info]", "slug": "current-template-name", "affected_versions": { "* - 1.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] }, { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.1" ] }, { "type": "plugin", "name": "TOP Table Of Contents", "slug": "top-table-of-contents", "affected_versions": { "* - 1.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.16" ] }, { "type": "plugin", "name": "Better Chat Support via WhatsApp \u2013 WhatsApp Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode", "slug": "chat-help", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] }, { "type": "plugin", "name": "Boostify Header Footer Builder for Elementor", "slug": "boostify-header-footer-builder", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] }, { "type": "plugin", "name": "Gallery Box", "slug": "gallery-box", "affected_versions": { "* - 1.7.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.34" ] }, { "type": "plugin", "name": "Unlimited Elementor Inner Sections By BoomDevs", "slug": "unlimited-elementor-inner-sections-by-boomdevs", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "376e2638-a873-4142-ad7d-067ae3333709": { "id": "376e2638-a873-4142-ad7d-067ae3333709", "title": "Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Feeds for YouTube (YouTube video, channel, and gallery plugin)", "slug": "feeds-for-youtube", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/376e2638-a873-4142-ad7d-067ae3333709?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "376f2fbf-98a4-49d9-bd22-40da5d37b62d": { "id": "376f2fbf-98a4-49d9-bd22-40da5d37b62d", "title": "WooCommerce Stock Manager <= 2.5.7 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Stock Manager for WooCommerce", "slug": "woocommerce-stock-manager", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/376f2fbf-98a4-49d9-bd22-40da5d37b62d?source=api-scan" ], "published": "2021-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3770f3d7-35ab-4f86-acc3-9d2816d50581": { "id": "3770f3d7-35ab-4f86-acc3-9d2816d50581", "title": "Photo Gallery by 10Web <= 1.8.25 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.26" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3770f3d7-35ab-4f86-acc3-9d2816d50581?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37725a72-0478-4f56-b87f-e427b1f5fb58": { "id": "37725a72-0478-4f56-b87f-e427b1f5fb58", "title": "Ninja Job Board \u2013 Ultimate WordPress Job Board Plugin <= 1.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Job Board \u2013 Ultimate WordPress Job Board Plugin", "slug": "ninja-job-board", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37725a72-0478-4f56-b87f-e427b1f5fb58?source=api-scan" ], "published": "2022-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "377b8532-61b8-45be-ad7c-c9ff60a7100a": { "id": "377b8532-61b8-45be-ad7c-c9ff60a7100a", "title": "Caldera Forms \u2013 More Than Contact Forms < 1.4.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Caldera Forms \u2013 More Than Contact Forms", "slug": "caldera-forms", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/377b8532-61b8-45be-ad7c-c9ff60a7100a?source=api-scan" ], "published": "2016-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37820930-4705-41af-9a9d-c99409d7bbe3": { "id": "37820930-4705-41af-9a9d-c99409d7bbe3", "title": "Beaver Builder Addons by WPZOOM <= 1.3.5 - Authenticated (Editor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Beaver Builder Addons by WPZOOM", "slug": "wpzoom-addons-for-beaver-builder", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37820930-4705-41af-9a9d-c99409d7bbe3?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37836722-eb25-4393-8cdf-91057642ba3f": { "id": "37836722-eb25-4393-8cdf-91057642ba3f", "title": "WooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication Bypass", "software": [ { "type": "plugin", "name": "WooCommerce - Social Login", "slug": "woo-social-login", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37836722-eb25-4393-8cdf-91057642ba3f?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3785938d-d55a-487d-8709-2d3bdd4b8c0f": { "id": "3785938d-d55a-487d-8709-2d3bdd4b8c0f", "title": "WorkScout - Job Board WordPress Theme <= 2.0.31 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Workscout Core", "slug": "workscout-core", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] }, { "type": "theme", "name": "WorkScout - Job Board WordPress Theme", "slug": "workscout", "affected_versions": { "* - 2.0.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3785938d-d55a-487d-8709-2d3bdd4b8c0f?source=api-scan" ], "published": "2021-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3786d672-f181-4d4d-9eb2-a86b70ff2794": { "id": "3786d672-f181-4d4d-9eb2-a86b70ff2794", "title": "Carousel Slider <= 2.2.13 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Carousel Slider", "slug": "carousel-slider", "affected_versions": { "* - 2.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3786d672-f181-4d4d-9eb2-a86b70ff2794?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "379408c3-399d-4aff-9a6b-43913aaa52b7": { "id": "379408c3-399d-4aff-9a6b-43913aaa52b7", "title": "WP-Members Membership Plugin <= 2.8.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "[*, 2.8.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/379408c3-399d-4aff-9a6b-43913aaa52b7?source=api-scan" ], "published": "2014-01-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "379825e2-61bf-4d11-8eea-05ad08200e9e": { "id": "379825e2-61bf-4d11-8eea-05ad08200e9e", "title": "Church Admin <= 4.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via meta-text", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/379825e2-61bf-4d11-8eea-05ad08200e9e?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3798fb5d-f7d6-4a93-8908-c9b1f93bb05a": { "id": "3798fb5d-f7d6-4a93-8908-c9b1f93bb05a", "title": "Ad Inserter <= 2.7.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "[*, 2.7.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3798fb5d-f7d6-4a93-8908-c9b1f93bb05a?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "379a5016-3968-4b28-8d6e-0f517e419016": { "id": "379a5016-3968-4b28-8d6e-0f517e419016", "title": "Various Plugins <= Various Version - Use of Polyfill.io", "software": [ { "type": "plugin", "name": "OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)", "slug": "stepbyteservice-openstreetmap", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Pixel Manager for WooCommerce \u2013 Track Google Analytics, Google Ads, TikTok and more", "slug": "woocommerce-google-adwords-conversion-tracking-tag", "affected_versions": { "* - 1.43.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.43.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.43.4" ] }, { "type": "plugin", "name": "weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress", "slug": "weforms", "affected_versions": { "* - 1.6.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.24" ] }, { "type": "plugin", "name": "Qualified Electronic Signatures by eID Easy", "slug": "eid-easy-qualified-electonic-signature", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] }, { "type": "plugin", "name": "Digital River Global Commerce", "slug": "digital-river-global-commerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "* - 4.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/379a5016-3968-4b28-8d6e-0f517e419016?source=api-scan" ], "published": "2024-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "379aa658-ebc4-4000-913e-5f95a4783233": { "id": "379aa658-ebc4-4000-913e-5f95a4783233", "title": "Rearrange Woocommerce Products <= 3.0.7 - Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "Rearrange Woocommerce Products", "slug": "rearrange-woocommerce-products", "affected_versions": { "[*, 3.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/379aa658-ebc4-4000-913e-5f95a4783233?source=api-scan" ], "published": "2022-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37a25fdf-da5d-42bd-a803-afb3787aabf4": { "id": "37a25fdf-da5d-42bd-a803-afb3787aabf4", "title": "WooCommerce Conditional Marketing Mailer <= 1.5.1 - Improper Authorization", "software": [ { "type": "plugin", "name": "WP Maintenance Mode & Site Under Construction", "slug": "wp-maintenance-mode-site-under-construction", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37a25fdf-da5d-42bd-a803-afb3787aabf4?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37a4a181-82ba-43bd-9caf-3a56cacb86a9": { "id": "37a4a181-82ba-43bd-9caf-3a56cacb86a9", "title": "GigPress <= 2.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GigPress", "slug": "gigpress", "affected_versions": { "* - 2.3.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37a4a181-82ba-43bd-9caf-3a56cacb86a9?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37a9b2d0-e27d-4a2c-945a-a06a9b9bd2ea": { "id": "37a9b2d0-e27d-4a2c-945a-a06a9b9bd2ea", "title": "Stylish Price List <= 6.9.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu", "slug": "stylish-price-list", "affected_versions": { "* - 6.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37a9b2d0-e27d-4a2c-945a-a06a9b9bd2ea?source=api-scan" ], "published": "2021-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37aa3d05-79b6-49ea-b698-afa78615e438": { "id": "37aa3d05-79b6-49ea-b698-afa78615e438", "title": "Admin Bar & Dashboard Control <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Bar & Dashboard Access Control", "slug": "admin-bar-dashboard-control", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37aa3d05-79b6-49ea-b698-afa78615e438?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37aaf109-e04f-40d7-8303-a581b0b09d24": { "id": "37aaf109-e04f-40d7-8303-a581b0b09d24", "title": "Owl Carousel <= 0.5.3 - Missing Authorization via save_paramter.php", "software": [ { "type": "plugin", "name": "Owl Carousel", "slug": "owl-carousel", "affected_versions": { "* - 0.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37aaf109-e04f-40d7-8303-a581b0b09d24?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37aedfb3-bc98-4a8f-bc19-af7778ff1a14": { "id": "37aedfb3-bc98-4a8f-bc19-af7778ff1a14", "title": "Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Read", "software": [ { "type": "plugin", "name": "Media File Manager", "slug": "media-file-manager", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37aedfb3-bc98-4a8f-bc19-af7778ff1a14?source=api-scan" ], "published": "2018-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37b5fcfd-654b-4151-9494-551799464c7c": { "id": "37b5fcfd-654b-4151-9494-551799464c7c", "title": "Contextual Related Posts <= 3.3.1 - Missing Authorization in crp_ajax_clearcache", "software": [ { "type": "plugin", "name": "Contextual Related Posts", "slug": "contextual-related-posts", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37b5fcfd-654b-4151-9494-551799464c7c?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37b9ed0e-5af2-47c1-b2da-8d103e4c31bf": { "id": "37b9ed0e-5af2-47c1-b2da-8d103e4c31bf", "title": "OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode", "software": [ { "type": "plugin", "name": "OpenHook", "slug": "thesis-openhook", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37be9612-fd5c-40dc-9853-c838c3f4b907": { "id": "37be9612-fd5c-40dc-9853-c838c3f4b907", "title": "Seriously Simple Podcasting <= 3.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seriously Simple Podcasting", "slug": "seriously-simple-podcasting", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37be9612-fd5c-40dc-9853-c838c3f4b907?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37bfb60d-8e2d-4c77-880c-3d17a6a434b8": { "id": "37bfb60d-8e2d-4c77-880c-3d17a6a434b8", "title": "WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Google Feed Manager", "slug": "wp-product-feed-manager", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37bfb60d-8e2d-4c77-880c-3d17a6a434b8?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37bfc71f-e1f9-4374-ab65-9b1c321ff386": { "id": "37bfc71f-e1f9-4374-ab65-9b1c321ff386", "title": "Error Log Viewer <= 1.1.1 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Error Log Viewer by BestWebSoft", "slug": "error-log-viewer", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37bfc71f-e1f9-4374-ab65-9b1c321ff386?source=api-scan" ], "published": "2021-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37c18340-d7aa-4410-be17-c61c286838ce": { "id": "37c18340-d7aa-4410-be17-c61c286838ce", "title": "Jobs for WordPress <= 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jobs for WordPress", "slug": "job-postings", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37c18340-d7aa-4410-be17-c61c286838ce?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37c22521-68ef-4d15-9633-8fe1af493a52": { "id": "37c22521-68ef-4d15-9633-8fe1af493a52", "title": "IP Blacklist Cloud < 3.41 - SQL Injections", "software": [ { "type": "plugin", "name": "IP Blacklist Cloud", "slug": "ip-blacklist-cloud", "affected_versions": { "[*, 3.41)": { "from_version": "*", "from_inclusive": true, "to_version": "3.41", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37c22521-68ef-4d15-9633-8fe1af493a52?source=api-scan" ], "published": "2015-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37ca7081-df1f-4f2e-bb52-7cb87f74fb5d": { "id": "37ca7081-df1f-4f2e-bb52-7cb87f74fb5d", "title": "Product Stock Manager < 1.0.5 - Missing Authorization and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Product Stock Manager", "slug": "addify-product-stock-manager", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37ca7081-df1f-4f2e-bb52-7cb87f74fb5d?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37cc54a9-a780-42b5-b64d-c47470f17db7": { "id": "37cc54a9-a780-42b5-b64d-c47470f17db7", "title": "Artificial Intelligence < 1.2.4 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Artificial Intelligence", "slug": "artificial-intelligence", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37cc54a9-a780-42b5-b64d-c47470f17db7?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37cf63e3-9301-441d-9852-b2de83078b51": { "id": "37cf63e3-9301-441d-9852-b2de83078b51", "title": "Google CSE <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google CSE", "slug": "google-cse", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37cf63e3-9301-441d-9852-b2de83078b51?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37d13a43-13f4-460d-b5ea-5def8a379d54": { "id": "37d13a43-13f4-460d-b5ea-5def8a379d54", "title": "WooCommerce Checkout Manager <= 4.2.6 - Unauthenticated Arbitrary Media Deletion", "software": [ { "type": "plugin", "name": "Checkout Field Manager (Checkout Manager) for WooCommerce", "slug": "woocommerce-checkout-manager", "affected_versions": { "* - 4.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37d13a43-13f4-460d-b5ea-5def8a379d54?source=api-scan" ], "published": "2019-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37de5734-7cf4-4289-ac07-9a40f31e9628": { "id": "37de5734-7cf4-4289-ac07-9a40f31e9628", "title": "Gutenify <= 1.4.0 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Gutenify \u2013 Visual Site Builder Blocks & Site Templates.", "slug": "gutenify", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37de5734-7cf4-4289-ac07-9a40f31e9628?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37e707ef-fe66-4c21-9c37-7b65fb7690db": { "id": "37e707ef-fe66-4c21-9c37-7b65fb7690db", "title": "Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Google Analytics for WordPress", "slug": "easy-google-analytics-for-wordpress", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37e707ef-fe66-4c21-9c37-7b65fb7690db?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37ea39bd-58c5-49f6-9956-8e0089e8192d": { "id": "37ea39bd-58c5-49f6-9956-8e0089e8192d", "title": "Official Integration for Billingo <= 3.3.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Official Integration for Billingo", "slug": "billingo", "affected_versions": { "* - 3.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37ea39bd-58c5-49f6-9956-8e0089e8192d?source=api-scan" ], "published": "2022-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37eb77ed-0b2e-46ea-806d-8041742eab5d": { "id": "37eb77ed-0b2e-46ea-806d-8041742eab5d", "title": "SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.67": { "from_version": "*", "from_inclusive": true, "to_version": "4.67", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37eb77ed-0b2e-46ea-806d-8041742eab5d?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37f3aca7-b728-4a27-9e08-bdc9ca2f8f0c": { "id": "37f3aca7-b728-4a27-9e08-bdc9ca2f8f0c", "title": "Simple Job Board <= 2.9.4 Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37f3aca7-b728-4a27-9e08-bdc9ca2f8f0c?source=api-scan" ], "published": "2021-10-21 16:05:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37f47ce1-0657-414d-a491-99f2722a44f5": { "id": "37f47ce1-0657-414d-a491-99f2722a44f5", "title": "BA Book Everything Plugin < 1.3.25 - Cross-Site Scripting and Cross-Frame Scripting", "software": [ { "type": "plugin", "name": "BA Book Everything", "slug": "ba-book-everything", "affected_versions": { "[*, 1.3.25)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37f47ce1-0657-414d-a491-99f2722a44f5?source=api-scan" ], "published": "2020-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37f60fe5-2ece-48aa-8005-e220541bdd62": { "id": "37f60fe5-2ece-48aa-8005-e220541bdd62", "title": "Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_size", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "0.1.0 - 3.1.3": { "from_version": "0.1.0", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37f60fe5-2ece-48aa-8005-e220541bdd62?source=api-scan" ], "published": "2021-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37f704bf-82bc-44f7-8b3c-cbf117732aaf": { "id": "37f704bf-82bc-44f7-8b3c-cbf117732aaf", "title": "Dailydeal by Templatic < = 3.0.10 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "theme", "name": "Daily Deal by Templatic", "slug": "dailydeal", "affected_versions": { "* - 3.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37f704bf-82bc-44f7-8b3c-cbf117732aaf?source=api-scan" ], "published": "2013-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37f7edb2-4fc0-4785-a49d-6bae9aa57d42": { "id": "37f7edb2-4fc0-4785-a49d-6bae9aa57d42", "title": "WP Live.php <= 1.2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Live.php", "slug": "wp-livephp", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37f7edb2-4fc0-4785-a49d-6bae9aa57d42?source=api-scan" ], "published": "2012-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37f7f9ef-d57a-41e9-bd2c-2aa04a82b6c4": { "id": "37f7f9ef-d57a-41e9-bd2c-2aa04a82b6c4", "title": "WordPress Core <= 2.0.5 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37f7f9ef-d57a-41e9-bd2c-2aa04a82b6c4?source=api-scan" ], "published": "2007-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "37fd0582-5baf-4ced-a798-dc0970e90a3e": { "id": "37fd0582-5baf-4ced-a798-dc0970e90a3e", "title": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/37fd0582-5baf-4ced-a798-dc0970e90a3e?source=api-scan" ], "published": "2024-06-28 16:33:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "380024dc-ed2a-4a7b-b5f8-47879ad2d659": { "id": "380024dc-ed2a-4a7b-b5f8-47879ad2d659", "title": "WP Default Feature Image <= 1.0.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Default Feature Image", "slug": "wp-default-feature-image", "affected_versions": { "* - 1.0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/380024dc-ed2a-4a7b-b5f8-47879ad2d659?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3802cbf7-6725-4f93-a178-2af02bb022a1": { "id": "3802cbf7-6725-4f93-a178-2af02bb022a1", "title": "WordPress Core < 5.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.29": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.29", "to_inclusive": true }, "3.8 - 3.8.29": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.29", "to_inclusive": true }, "3.9 - 3.9.27": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.27", "to_inclusive": true }, "4.0 - 4.0.26": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true }, "4.1 - 4.1.26": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.26", "to_inclusive": true }, "4.2 - 4.2.23": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.23", "to_inclusive": true }, "4.3 - 4.3.19": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.19", "to_inclusive": true }, "4.4 - 4.4.18": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.18", "to_inclusive": true }, "4.5 - 4.5.17": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.17", "to_inclusive": true }, "4.6 - 4.6.13": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.8 - 4.8.9": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9 - 4.9.10": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true }, "5.0 - 5.0.5": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true }, "5.1 - 5.1.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true }, "5.2 - 5.2.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.30", "3.8.30", "3.9.28", "4.0.27", "4.1.27", "4.2.24", "4.3.20", "4.4.19", "4.5.18", "4.6.15", "4.7.14", "4.8.10", "4.9.11", "5.0.6", "5.1.2", "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3802cbf7-6725-4f93-a178-2af02bb022a1?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3808ca2a-e78e-4118-890b-c22a71f8e855": { "id": "3808ca2a-e78e-4118-890b-c22a71f8e855", "title": "Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget", "software": [ { "type": "plugin", "name": "Mega Elements \u2013 Addons for Elementor", "slug": "mega-elements-addons-for-elementor", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3808ca2a-e78e-4118-890b-c22a71f8e855?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "380c646c-fd95-408a-89eb-3e646768bbc5": { "id": "380c646c-fd95-408a-89eb-3e646768bbc5", "title": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/380c646c-fd95-408a-89eb-3e646768bbc5?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38145ad1-f441-40a4-9e92-6837cfeba656": { "id": "38145ad1-f441-40a4-9e92-6837cfeba656", "title": "EazyDocs <= 2.3.5 - Unauthenticated Stored Cross-Site Scripting via edit_doc_one_page", "software": [ { "type": "plugin", "name": "EazyDocs \u2013 Most Powerful Knowledge base, wiki, Documentation Builder Plugin", "slug": "eazydocs", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38145ad1-f441-40a4-9e92-6837cfeba656?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3816a6cf-8157-4ad9-83f6-93c9b6c6275f": { "id": "3816a6cf-8157-4ad9-83f6-93c9b6c6275f", "title": "Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "[*, 2.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3816a6cf-8157-4ad9-83f6-93c9b6c6275f?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "381708ae-3180-4058-a6f4-e925bfc658ec": { "id": "381708ae-3180-4058-a6f4-e925bfc658ec", "title": "mb.miniAudioPlayer <= 1.7.6 - Multiple Vulnerabilities", "software": [ { "type": "plugin", "name": "mb.miniAudioPlayer \u2013 an HTML5 audio player for your mp3 files", "slug": "wp-miniaudioplayer", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/381708ae-3180-4058-a6f4-e925bfc658ec?source=api-scan" ], "published": "2016-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38191721-8d5d-4a13-8271-c7ca96c3f6b8": { "id": "38191721-8d5d-4a13-8271-c7ca96c3f6b8", "title": "Countdown & Clock <= 2.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "slug": "countdown-builder", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38191721-8d5d-4a13-8271-c7ca96c3f6b8?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3819ffc4-8889-4199-9dd6-140490a17ed6": { "id": "3819ffc4-8889-4199-9dd6-140490a17ed6", "title": "Login with phone number <= 1.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3819ffc4-8889-4199-9dd6-140490a17ed6?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "381ea693-3e59-4ecb-a96b-4b58d47298c0": { "id": "381ea693-3e59-4ecb-a96b-4b58d47298c0", "title": "Calendarista <= 15.5.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Calendarista", "slug": "calendarista", "affected_versions": { "* - 15.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "15.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/381ea693-3e59-4ecb-a96b-4b58d47298c0?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "381ec612-2086-4925-98cd-652a6c2ac081": { "id": "381ec612-2086-4925-98cd-652a6c2ac081", "title": "Everest Forms <= 2.0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Everest Forms \u2013 Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!", "slug": "everest-forms", "affected_versions": { "* - 2.0.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/381ec612-2086-4925-98cd-652a6c2ac081?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "382dcf3d-1290-4e97-b0d6-a4b34461f8a4": { "id": "382dcf3d-1290-4e97-b0d6-a4b34461f8a4", "title": "Plausible Analytics <= 1.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Plausible Analytics", "slug": "plausible-analytics", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/382dcf3d-1290-4e97-b0d6-a4b34461f8a4?source=api-scan" ], "published": "2022-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38307432-399e-4887-867c-9eb2a0d90d70": { "id": "38307432-399e-4887-867c-9eb2a0d90d70", "title": "Blog Manager Light <= 1.20 - Cross-Site Request Forgery via bml_settings", "software": [ { "type": "plugin", "name": "Blog Manager Light", "slug": "blog-manager-light", "affected_versions": { "* - 1.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38307432-399e-4887-867c-9eb2a0d90d70?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3830c901-be36-4c4b-976b-d388b6af0c67": { "id": "3830c901-be36-4c4b-976b-d388b6af0c67", "title": "WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation", "software": [ { "type": "plugin", "name": "WooCommerce Tools", "slug": "woo-tools", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3830c901-be36-4c4b-976b-d388b6af0c67?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3839257c-4ba2-442a-8d47-dd5c1e5561a8": { "id": "3839257c-4ba2-442a-8d47-dd5c1e5561a8", "title": "Automatic Domain Changer <= 2.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Automatic Domain Changer", "slug": "automatic-domain-changer", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3839257c-4ba2-442a-8d47-dd5c1e5561a8?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38398f29-1bd7-4f15-9d7e-7ad52264f5c7": { "id": "38398f29-1bd7-4f15-9d7e-7ad52264f5c7", "title": "Jobmonster <= 4.7.0 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Noo JobMonster", "slug": "noo-jobmonster", "affected_versions": { "* - 4.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38398f29-1bd7-4f15-9d7e-7ad52264f5c7?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "383c7837-e7b7-4608-9cdc-91b7dbc7f4e2": { "id": "383c7837-e7b7-4608-9cdc-91b7dbc7f4e2", "title": "Paid Memberships Pro <= 2.12.5 - Missing Authorization via API", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "383da457-b930-470c-a68a-db3e87af7a80": { "id": "383da457-b930-470c-a68a-db3e87af7a80", "title": "White Label <= 2.9.0 - Cross-Site Request Forgery via white_label_reset_wl_admins", "software": [ { "type": "plugin", "name": "White Label \u2013 WordPress Custom Admin, Custom Login Page, and Custom Dashboard", "slug": "white-label", "affected_versions": { "* - 2.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/383da457-b930-470c-a68a-db3e87af7a80?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38483c50-52cf-44c5-9bc4-c5dc0baee162": { "id": "38483c50-52cf-44c5-9bc4-c5dc0baee162", "title": "Elegant Themes Icons <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elegant Themes Icons", "slug": "elegant-themes-icons", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38483c50-52cf-44c5-9bc4-c5dc0baee162?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "384d690c-a1fd-4b97-9f7b-88b1ef1cee4f": { "id": "384d690c-a1fd-4b97-9f7b-88b1ef1cee4f", "title": "Ghost <= 1.4.0 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Ghost", "slug": "ghost", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/384d690c-a1fd-4b97-9f7b-88b1ef1cee4f?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38526b0c-a5d9-4f54-bd6f-30ab34d266f5": { "id": "38526b0c-a5d9-4f54-bd6f-30ab34d266f5", "title": "WatchTowerHQ <= 3.6.15 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WatchTowerHQ", "slug": "watchtowerhq", "affected_versions": { "* - 3.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38526b0c-a5d9-4f54-bd6f-30ab34d266f5?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38537f60-52f4-4007-b26f-6948b9263931": { "id": "38537f60-52f4-4007-b26f-6948b9263931", "title": "Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request'", "software": [ { "type": "plugin", "name": "Analytics for Woo \u2013 Putler Accurate Analytics and Reports for your WooCommerce Store", "slug": "woocommerce-putler-connector", "affected_versions": { "* - 2.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38537f60-52f4-4007-b26f-6948b9263931?source=api-scan" ], "published": "2023-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "385a82ff-50ad-4787-845b-fb5f639f6466": { "id": "385a82ff-50ad-4787-845b-fb5f639f6466", "title": "Yoast SEO <= 21.0 - Authenticated (Seo Manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 21.0": { "from_version": "*", "from_inclusive": true, "to_version": "21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/385a82ff-50ad-4787-845b-fb5f639f6466?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "385c01fc-bed8-4c12-b420-9aecf4857434": { "id": "385c01fc-bed8-4c12-b420-9aecf4857434", "title": "Surveys <= 1.01.8 - SQL Injection", "software": [ { "type": "plugin", "name": "surveys", "slug": "surveys", "affected_versions": { "* - 1.01.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.01.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/385c01fc-bed8-4c12-b420-9aecf4857434?source=api-scan" ], "published": "2017-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "385c6324-3d8e-4dc7-b8ca-309b05e7bdcc": { "id": "385c6324-3d8e-4dc7-b8ca-309b05e7bdcc", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/385c6324-3d8e-4dc7-b8ca-309b05e7bdcc?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3861f675-1a26-4947-91ef-8ab04646704f": { "id": "3861f675-1a26-4947-91ef-8ab04646704f", "title": "tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3861f675-1a26-4947-91ef-8ab04646704f?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "386eea84-0b86-46c8-99a2-c73696ae09be": { "id": "386eea84-0b86-46c8-99a2-c73696ae09be", "title": "RokNewsPager <= 1.17 - Denial of Service", "software": [ { "type": "plugin", "name": "RokNewsPager", "slug": "wp_roknewspager", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/386eea84-0b86-46c8-99a2-c73696ae09be?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3870fe43-bece-4a3c-99cf-03393beab78a": { "id": "3870fe43-bece-4a3c-99cf-03393beab78a", "title": "WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3870fe43-bece-4a3c-99cf-03393beab78a?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3871b908-a9a1-4c35-8a8d-d1a609db475a": { "id": "3871b908-a9a1-4c35-8a8d-d1a609db475a", "title": "SS Downloads <= 1.4.4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SS Downloads", "slug": "ss-downloads", "affected_versions": { "* - 1.4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3871b908-a9a1-4c35-8a8d-d1a609db475a?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3871bae4-f954-4692-8af8-1f96f8fcb778": { "id": "3871bae4-f954-4692-8af8-1f96f8fcb778", "title": "Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Return Refund and Exchange For WooCommerce \u2013 Return Management System, RMA Exchange, Wallet And Cancel Order Features", "slug": "woo-refund-and-exchange-lite", "affected_versions": { "* - 4.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3871bae4-f954-4692-8af8-1f96f8fcb778?source=api-scan" ], "published": "2022-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "387515f7-5c03-4902-9671-3ea9f6a1a66b": { "id": "387515f7-5c03-4902-9671-3ea9f6a1a66b", "title": "Easy PayPal Events <= 1.1.6 - Reflected Cross-Site Scripting via Page", "software": [ { "type": "plugin", "name": "Easy PayPal Events", "slug": "easy-paypal-events-tickets", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/387515f7-5c03-4902-9671-3ea9f6a1a66b?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "387845f9-56ca-4581-bb3f-a933fbaa45c4": { "id": "387845f9-56ca-4581-bb3f-a933fbaa45c4", "title": "Ashe <= 2.233 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Ashe", "slug": "ashe", "affected_versions": { "* - 2.233": { "from_version": "*", "from_inclusive": true, "to_version": "2.233", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.234" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/387845f9-56ca-4581-bb3f-a933fbaa45c4?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "387ab7c1-0ca2-41e0-b6a1-ed33e7b02cad": { "id": "387ab7c1-0ca2-41e0-b6a1-ed33e7b02cad", "title": "Love Travel 2.0 - 3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Love Travel", "slug": "lovetravel", "affected_versions": { "2.0 - 3.8": { "from_version": "2.0", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/387ab7c1-0ca2-41e0-b6a1-ed33e7b02cad?source=api-scan" ], "published": "2020-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "387ccc20-1b84-4e7c-b4bc-75ad6dad8376": { "id": "387ccc20-1b84-4e7c-b4bc-75ad6dad8376", "title": "WP Next Post Navi <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Next Post Navi", "slug": "wp-next-post-navi", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/387ccc20-1b84-4e7c-b4bc-75ad6dad8376?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "387d28fa-f582-4d68-a781-fc210ef5bd30": { "id": "387d28fa-f582-4d68-a781-fc210ef5bd30", "title": "Ultimate Blocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading", "software": [ { "type": "plugin", "name": "Ultimate Blocks \u2013 WordPress Blocks Plugin", "slug": "ultimate-blocks", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/387d28fa-f582-4d68-a781-fc210ef5bd30?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "387e1998-f6b1-4a9f-86a8-cd0b10202df6": { "id": "387e1998-f6b1-4a9f-86a8-cd0b10202df6", "title": "Easy Age Verify <= 1.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Age Verify", "slug": "easy-age-verify", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/387e1998-f6b1-4a9f-86a8-cd0b10202df6?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3884cb24-3f46-4feb-a6b9-4445ca8fd0e6": { "id": "3884cb24-3f46-4feb-a6b9-4445ca8fd0e6", "title": "Booking Package <= 1.5.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Package", "slug": "booking-package", "affected_versions": { "[*, 1.5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3884cb24-3f46-4feb-a6b9-4445ca8fd0e6?source=api-scan" ], "published": "2021-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3887a61f-03ae-4b37-a81f-1ea39a111e3c": { "id": "3887a61f-03ae-4b37-a81f-1ea39a111e3c", "title": "OTP Login Woocommerce & Gravity Forms <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OTP Login Woocommerce (Login with OTP)", "slug": "mobile-login-woocommerce", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3887a61f-03ae-4b37-a81f-1ea39a111e3c?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "389277fd-e47e-42df-9305-61ceedbcfb29": { "id": "389277fd-e47e-42df-9305-61ceedbcfb29", "title": "LearnPress <= 4.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "[*, 4.2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/389277fd-e47e-42df-9305-61ceedbcfb29?source=api-scan" ], "published": "2023-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38979e27-2023-4f84-a708-1732b4117066": { "id": "38979e27-2023-4f84-a708-1732b4117066", "title": "WordPress Core < 6.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Customizer", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38979e27-2023-4f84-a708-1732b4117066?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "389a4e32-81c4-4060-b210-b6ca6beeaf48": { "id": "389a4e32-81c4-4060-b210-b6ca6beeaf48", "title": "Leaflet Maps Marker Pro < 1.5.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "mapsmarker", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/389a4e32-81c4-4060-b210-b6ca6beeaf48?source=api-scan" ], "published": "2014-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "389d96e9-1fad-49a6-89b6-8f7f108d8117": { "id": "389d96e9-1fad-49a6-89b6-8f7f108d8117", "title": "WP SVG Images <= 4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "WP SVG Images", "slug": "wp-svg-images", "affected_versions": { "* - 4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/389d96e9-1fad-49a6-89b6-8f7f108d8117?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38a079c8-181c-4bd8-a45d-e132711029ff": { "id": "38a079c8-181c-4bd8-a45d-e132711029ff", "title": "Enable Media Replace <= 4.0.1 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Enable Media Replace", "slug": "enable-media-replace", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38a079c8-181c-4bd8-a45d-e132711029ff?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38a405f2-344c-4ee1-a67e-5f6afad66b84": { "id": "38a405f2-344c-4ee1-a67e-5f6afad66b84", "title": "Visual Slide Box Builder <= 3.2.9 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Visual Slide Box Builder", "slug": "wp-visual-slidebox-builder", "affected_versions": { "* - 3.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38a405f2-344c-4ee1-a67e-5f6afad66b84?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38a5be0c-f905-4e27-b5c3-8c0606d71a61": { "id": "38a5be0c-f905-4e27-b5c3-8c0606d71a61", "title": "Ultimate Addons for Beaver Builder <= 1.35.13 - Authenticated(Contributor+) Directory Traversal to Arbitrary File Download", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder", "slug": "bb-ultimate-addon", "affected_versions": { "* - 1.35.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.35.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.35.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38a5be0c-f905-4e27-b5c3-8c0606d71a61?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38a87046-9a46-40c2-b10d-d1a7d5ef8742": { "id": "38a87046-9a46-40c2-b10d-d1a7d5ef8742", "title": "Favorites <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Favorites", "slug": "favorites", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38a87046-9a46-40c2-b10d-d1a7d5ef8742?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38a90190-569f-46d8-bef4-fe28caf5e2fc": { "id": "38a90190-569f-46d8-bef4-fe28caf5e2fc", "title": "Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "[*, 7.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38a90190-569f-46d8-bef4-fe28caf5e2fc?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38adede2-73ca-470c-8ace-4f5bbec51d28": { "id": "38adede2-73ca-470c-8ace-4f5bbec51d28", "title": "Simple Calendar <= 3.2.4 - Cross-Site Request Forgery via duplicate_feed", "software": [ { "type": "plugin", "name": "Simple Calendar \u2013 Google Calendar Plugin", "slug": "google-calendar-events", "affected_versions": { "[*, 3.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38adede2-73ca-470c-8ace-4f5bbec51d28?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38b27ee7-0e92-47ad-89f8-1a3c8d5c9442": { "id": "38b27ee7-0e92-47ad-89f8-1a3c8d5c9442", "title": "WordPress Core <= 2.3.3 - Directory Traversal", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true }, "2.5": { "from_version": "2.5", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38b27ee7-0e92-47ad-89f8-1a3c8d5c9442?source=api-scan" ], "published": "2008-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38b63167-e1a6-4279-97cf-900df0651f20": { "id": "38b63167-e1a6-4279-97cf-900df0651f20", "title": "WordPress Core 4.7.0 - 6.3.1 - Sensitive Information Exposure via User Search REST Endpoint", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "4.7 - 4.7.26": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.26", "to_inclusive": true }, "4.8 - 4.8.22": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.22", "to_inclusive": true }, "4.9 - 4.9.23": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": true }, "5.0 - 5.0.19": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.19", "to_inclusive": true }, "5.1 - 5.1.16": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": true }, "5.2 - 5.2.18": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.18", "to_inclusive": true }, "5.3 - 5.3.15": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": true }, "5.4 - 5.4.13": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": true }, "5.5 - 5.5.12": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.12", "to_inclusive": true }, "5.6 - 5.6.11": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true }, "5.7 - 5.7.9": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true }, "5.8 - 5.8.7": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": true }, "5.9 - 5.9.7": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.7", "to_inclusive": true }, "6.0 - 6.0.5": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true }, "6.1 - 6.1.3": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true }, "6.2 - 6.2.2": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": true }, "6.3 - 6.3.1": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.27", "4.8.23", "4.9.24", "5.0.20", "5.1.17", "5.2.19", "5.3.16", "5.4.14", "5.5.13", "5.6.12", "5.7.10", "5.8.8", "5.9.8", "6.0.6", "6.1.4", "6.2.3", "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38b63167-e1a6-4279-97cf-900df0651f20?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38b8151f-4938-4101-9886-783f54984d20": { "id": "38b8151f-4938-4101-9886-783f54984d20", "title": "WP-Stateless \u2013 Google Cloud Storage <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Stateless \u2013 Google Cloud Storage", "slug": "wp-stateless", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38b8151f-4938-4101-9886-783f54984d20?source=api-scan" ], "published": "2022-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38b9a64f-a83a-4c0f-88df-383652fde986": { "id": "38b9a64f-a83a-4c0f-88df-383652fde986", "title": "iPages Flipbook <= 1.5.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "iPages Flipbook For WordPress", "slug": "ipages-flipbook", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38b9a64f-a83a-4c0f-88df-383652fde986?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38bcb908-1e6e-44be-9cf5-72dcfa4c4a4e": { "id": "38bcb908-1e6e-44be-9cf5-72dcfa4c4a4e", "title": "Gravity Upload Ajax <= 1.1 - Unrestricted File Upload", "software": [ { "type": "plugin", "name": "gravity-file-ajax-upload-free", "slug": "gravity-file-ajax-upload-free", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38bcb908-1e6e-44be-9cf5-72dcfa4c4a4e?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38bf21c4-bf2e-4096-b4e3-9e3a5a60f1ad": { "id": "38bf21c4-bf2e-4096-b4e3-9e3a5a60f1ad", "title": "Companion Auto Update <= 3.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Companion Auto Update", "slug": "companion-auto-update", "affected_versions": { "[*, 3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38bf21c4-bf2e-4096-b4e3-9e3a5a60f1ad?source=api-scan" ], "published": "2018-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38cc5a39-6ec3-4ce9-b9ad-d4ca5dafe9a7": { "id": "38cc5a39-6ec3-4ce9-b9ad-d4ca5dafe9a7", "title": "Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Waiting: One-click countdowns", "slug": "waiting", "affected_versions": { "* - 0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38cc5a39-6ec3-4ce9-b9ad-d4ca5dafe9a7?source=api-scan" ], "published": "2023-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38ccaa81-77ec-46f2-9bec-d74fa2e093f3": { "id": "38ccaa81-77ec-46f2-9bec-d74fa2e093f3", "title": "WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress", "slug": "ws-form", "affected_versions": { "* - 1.9.217": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.217", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.218" ] }, { "type": "plugin", "name": "WS Form Pro", "slug": "ws-form-pro", "affected_versions": { "* - 1.9.217": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.217", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.218" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38ccaa81-77ec-46f2-9bec-d74fa2e093f3?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38d5d951-588f-4808-b691-5105021eb1e8": { "id": "38d5d951-588f-4808-b691-5105021eb1e8", "title": "10WebSocial <= 1.1.26 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "10Web Social Post Feed", "slug": "wd-facebook-feed", "affected_versions": { "[*, 1.1.27)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38d5d951-588f-4808-b691-5105021eb1e8?source=api-scan" ], "published": "2020-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38d7c79f-a4a2-447d-88a2-ad75b53ac8bc": { "id": "38d7c79f-a4a2-447d-88a2-ad75b53ac8bc", "title": "Ninja Forms Contact Form <= 3.6.9 - Authenticated (Admin+) Cross-Site Scripting via label", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38d7c79f-a4a2-447d-88a2-ad75b53ac8bc?source=api-scan" ], "published": "2022-06-07 13:46:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38da66f4-2db8-4e8e-819f-d7dd9533e045": { "id": "38da66f4-2db8-4e8e-819f-d7dd9533e045", "title": "Bit Form \u2013 Contact Form Plugin <= 2.13.10 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "* - 2.13.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38da66f4-2db8-4e8e-819f-d7dd9533e045?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38dd95b2-d747-44f3-a3f5-d32221381554": { "id": "38dd95b2-d747-44f3-a3f5-d32221381554", "title": "Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block'", "software": [ { "type": "plugin", "name": "Visual Composer Website Builder", "slug": "visualcomposer", "affected_versions": { "* - 45.0": { "from_version": "*", "from_inclusive": true, "to_version": "45.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "45.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38dd95b2-d747-44f3-a3f5-d32221381554?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38de34cd-b985-4552-a260-53da2106a4af": { "id": "38de34cd-b985-4552-a260-53da2106a4af", "title": "Multi Step Form <= 1.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multi Step Form", "slug": "multi-step-form", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38de34cd-b985-4552-a260-53da2106a4af?source=api-scan" ], "published": "2018-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38e40a74-c4b7-4960-880d-a14e77fe1904": { "id": "38e40a74-c4b7-4960-880d-a14e77fe1904", "title": "Contact Form Entries <= 1.1.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38e40a74-c4b7-4960-880d-a14e77fe1904?source=api-scan" ], "published": "2021-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38e536a5-b538-498c-b19d-adda36f76164": { "id": "38e536a5-b538-498c-b19d-adda36f76164", "title": "StopBadBots <= 7.31 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "* - 7.31": { "from_version": "*", "from_inclusive": true, "to_version": "7.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38e536a5-b538-498c-b19d-adda36f76164?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38e831b4-8284-4fad-ac24-a2f08053c53e": { "id": "38e831b4-8284-4fad-ac24-a2f08053c53e", "title": "Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Basic Contact Form", "slug": "simple-basic-contact-form", "affected_versions": { "* - 20220207": { "from_version": "*", "from_inclusive": true, "to_version": "20220207", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20221201" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38e831b4-8284-4fad-ac24-a2f08053c53e?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38ebe1d4-4ac0-4d03-8945-451902263442": { "id": "38ebe1d4-4ac0-4d03-8945-451902263442", "title": "TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "TemplatesNext ToolKit", "slug": "templatesnext-toolkit", "affected_versions": { "* - 3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38ebe1d4-4ac0-4d03-8945-451902263442?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38ec1a6b-f5ee-446a-9e6c-3485dafb85ac": { "id": "38ec1a6b-f5ee-446a-9e6c-3485dafb85ac", "title": "ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.15.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38efd6d6-b931-41a7-b55d-b98cdeef4145": { "id": "38efd6d6-b931-41a7-b55d-b98cdeef4145", "title": "WPGraphQL <= 1.14.5 - Authenticated (Editor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WPGraphQL", "slug": "wp-graphql", "affected_versions": { "* - 1.14.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38efd6d6-b931-41a7-b55d-b98cdeef4145?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38f09a45-2b11-47c7-af16-c7f9c3a46e0e": { "id": "38f09a45-2b11-47c7-af16-c7f9c3a46e0e", "title": "Build & Control Block Patterns \u2013 Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Build & Control Block Patterns \u2013 Boost up Gutenberg Editor", "slug": "control-block-patterns", "affected_versions": { "* - 1.3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38f09a45-2b11-47c7-af16-c7f9c3a46e0e?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38f536ae-70b7-4882-8a61-609d774a68db": { "id": "38f536ae-70b7-4882-8a61-609d774a68db", "title": "Accept Donations with PayPal <= 1.3 - Reflected Cross-Site Scripting via Page", "software": [ { "type": "plugin", "name": "Accept Donations with PayPal & Stripe", "slug": "easy-paypal-donation", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38f536ae-70b7-4882-8a61-609d774a68db?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38fbdd82-73ed-4be0-874e-1dfced29dc7d": { "id": "38fbdd82-73ed-4be0-874e-1dfced29dc7d", "title": "Livemesh Addons for WPBakery Page Builder <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBakery Page Builder Addons by Livemesh", "slug": "addons-for-visual-composer", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38fbdd82-73ed-4be0-874e-1dfced29dc7d?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38fd8881-94f6-4330-a519-7582e253e057": { "id": "38fd8881-94f6-4330-a519-7582e253e057", "title": "Download Manager <= 3.2.82 - Password Protected File Bypass", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "downloadmanager", "affected_versions": { "* - 3.2.82": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38fd8881-94f6-4330-a519-7582e253e057?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "38ff10d3-d9ce-440b-b956-002803d49f54": { "id": "38ff10d3-d9ce-440b-b956-002803d49f54", "title": "Job Board by BestWebSoft < 1.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Job Board by BestWebSoft", "slug": "job-board", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/38ff10d3-d9ce-440b-b956-002803d49f54?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39003835-80df-49c7-982a-346bf328565c": { "id": "39003835-80df-49c7-982a-346bf328565c", "title": "WPGetAPI 2.1.0 - 2.2.1 - Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WPGet API \u2013 Connect to any external REST API", "slug": "wpgetapi", "affected_versions": { "[2.1.0, 2.2.2)": { "from_version": "2.1.0", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39003835-80df-49c7-982a-346bf328565c?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39005c38-f60d-44fa-9121-a77039dc34de": { "id": "39005c38-f60d-44fa-9121-a77039dc34de", "title": "Amelia <= 1.0.98 - Missing Authorization", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.98": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39005c38-f60d-44fa-9121-a77039dc34de?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39041c15-dc85-49bc-b5d1-5b4bff05397b": { "id": "39041c15-dc85-49bc-b5d1-5b4bff05397b", "title": "Form Builder <= 1.9.8.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Builder | Create Responsive Contact Forms", "slug": "contact-form-add", "affected_versions": { "* - 1.9.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39041c15-dc85-49bc-b5d1-5b4bff05397b?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3906c668-6a0a-4beb-8ed9-08f661ce82cf": { "id": "3906c668-6a0a-4beb-8ed9-08f661ce82cf", "title": "Easy Appointments <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Appointments", "slug": "easy-appointments", "affected_versions": { "* - 3.10.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3906c668-6a0a-4beb-8ed9-08f661ce82cf?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3908a923-1174-4cb4-a1e3-51b9d098dc29": { "id": "3908a923-1174-4cb4-a1e3-51b9d098dc29", "title": "Foliopress WYSIWYG < 2.6.8.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Foliopress WYSIWYG", "slug": "foliopress-wysiwyg", "affected_versions": { "[*, 2.6.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3908a923-1174-4cb4-a1e3-51b9d098dc29?source=api-scan" ], "published": "2014-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "390e9c30-e4c0-474d-9915-dd46f5464cea": { "id": "390e9c30-e4c0-474d-9915-dd46f5464cea", "title": "VK All in One Expansion Unit <= 9.87.0.1 - Reflected Cross-Site Scripting via REQUEST_URI", "software": [ { "type": "plugin", "name": "VK All in One Expansion Unit", "slug": "vk-all-in-one-expansion-unit", "affected_versions": { "* - 9.87.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.87.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.87.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/390e9c30-e4c0-474d-9915-dd46f5464cea?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "390ee957-f06f-4952-b740-4578c130925f": { "id": "390ee957-f06f-4952-b740-4578c130925f", "title": "WP Email Users <= 1.4.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Email Users", "slug": "wp-email-users", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/390ee957-f06f-4952-b740-4578c130925f?source=api-scan" ], "published": "2017-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39193ebd-005a-4497-9939-99947323a1a0": { "id": "39193ebd-005a-4497-9939-99947323a1a0", "title": "TelSender <= 1.14.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "TelSender \u2013 Wp to telegram \u0421F 7, Events, Wpforms, Ninja forms, Wooccommerce", "slug": "telsender", "affected_versions": { "* - 1.14.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39193ebd-005a-4497-9939-99947323a1a0?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "391d65a7-1675-4eae-b129-a1208cd95669": { "id": "391d65a7-1675-4eae-b129-a1208cd95669", "title": "Social Slider Feed <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Slider Feed", "slug": "instagram-slider-widget", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/391d65a7-1675-4eae-b129-a1208cd95669?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "391e12f7-9521-4ac6-bd78-ac28df72030b": { "id": "391e12f7-9521-4ac6-bd78-ac28df72030b", "title": "BNG Gateway For WooCommerce <= 1.6.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "BNG Gateway For WooCommerce", "slug": "bng-gateway-for-woocommerce", "affected_versions": { "* - 1.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/391e12f7-9521-4ac6-bd78-ac28df72030b?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "391ec941-eb19-4505-b03a-0f4b240e8819": { "id": "391ec941-eb19-4505-b03a-0f4b240e8819", "title": "YouTube Video Inserter <= 1.2.1.0 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YouTube Video Inserter", "slug": "youtube-video-inserter", "affected_versions": { "* - 1.2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/391ec941-eb19-4505-b03a-0f4b240e8819?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "391ed7a2-64db-4a79-a697-86c70c60d02e": { "id": "391ed7a2-64db-4a79-a697-86c70c60d02e", "title": "Online Lesson Booking <= 0.8.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Online Lesson Booking", "slug": "online-lesson-booking-system", "affected_versions": { "* - 0.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/391ed7a2-64db-4a79-a697-86c70c60d02e?source=api-scan" ], "published": "2019-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "391ef7e0-d4e6-4c2e-b15e-65bdba190b69": { "id": "391ef7e0-d4e6-4c2e-b15e-65bdba190b69", "title": "Easy Drag And drop All Import : WP Ultimate CSV Importer < 6.4.1 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "[*, 6.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/391ef7e0-d4e6-4c2e-b15e-65bdba190b69?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3924b6f4-75ba-4ee8-b02f-a23fbd24ed67": { "id": "3924b6f4-75ba-4ee8-b02f-a23fbd24ed67", "title": "WP Email Capture <= 3.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Email Marketing Plugin \u2013 WP Email Capture", "slug": "wp-email-capture", "affected_versions": { "* - 3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3924b6f4-75ba-4ee8-b02f-a23fbd24ed67?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3925311f-d40b-4f54-9b98-a709b53ed179": { "id": "3925311f-d40b-4f54-9b98-a709b53ed179", "title": "Bug Library <= 2.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Bug Library", "slug": "bug-library", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3925311f-d40b-4f54-9b98-a709b53ed179?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "393193b2-25b4-485c-a9c6-fbe075ebd6f9": { "id": "393193b2-25b4-485c-a9c6-fbe075ebd6f9", "title": "WidgetKit <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-One Addons for Elementor \u2013 WidgetKit", "slug": "widgetkit-for-elementor", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/393193b2-25b4-485c-a9c6-fbe075ebd6f9?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3931b201-037d-4c4f-8e40-098c6c1251b9": { "id": "3931b201-037d-4c4f-8e40-098c6c1251b9", "title": "Simple Page Transition <= 1.4.1 - Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Simple Page Transition", "slug": "simple-page-transition", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3931b201-037d-4c4f-8e40-098c6c1251b9?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3936d7dc-840e-41fc-8af4-db40c0cff660": { "id": "3936d7dc-840e-41fc-8af4-db40c0cff660", "title": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "2.0 - 2.13.9": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.13.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3936d7dc-840e-41fc-8af4-db40c0cff660?source=api-scan" ], "published": "2024-08-19 15:11:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "393a856e-dc13-4fb6-8ff3-5880631953c4": { "id": "393a856e-dc13-4fb6-8ff3-5880631953c4", "title": "Extra Product Options for WooCommerce <= 3.0.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Extra Product Options for WooCommerce", "slug": "extra-product-options-for-woocommerce", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/393a856e-dc13-4fb6-8ff3-5880631953c4?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3940232c-b3d4-488b-830d-797bdab9cfbe": { "id": "3940232c-b3d4-488b-830d-797bdab9cfbe", "title": "WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP RSS By Publishers", "slug": "wp-rss-by-publishers", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3940232c-b3d4-488b-830d-797bdab9cfbe?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39404341-8a27-4770-b6a6-d33e899b6bd8": { "id": "39404341-8a27-4770-b6a6-d33e899b6bd8", "title": "KiviCare \u2013 Clinic & Patient Management System (EHR) <= 3.2.0 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "KiviCare \u2013 Clinic & Patient Management System (EHR)", "slug": "kivicare-clinic-management-system", "affected_versions": { "3.2.0": { "from_version": "3.2.0", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39404341-8a27-4770-b6a6-d33e899b6bd8?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3942bba9-3c3a-47bf-9a53-95376917d6bb": { "id": "3942bba9-3c3a-47bf-9a53-95376917d6bb", "title": "TheGem < 5.8.1.1 - Improper Authentication", "software": [ { "type": "theme", "name": "TheGem", "slug": "thegem", "affected_versions": { "[*, 5.8.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3942bba9-3c3a-47bf-9a53-95376917d6bb?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39487908-5cc5-42ac-8af4-65626694b1e4": { "id": "39487908-5cc5-42ac-8af4-65626694b1e4", "title": "Contact Form to Any API <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting via Contact Form", "software": [ { "type": "plugin", "name": "Contact Form to Any API", "slug": "contact-form-to-any-api", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39487908-5cc5-42ac-8af4-65626694b1e4?source=api-scan" ], "published": "2024-09-24 12:15:01", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39564fad-a8cb-4a95-a893-d61e8ff91a53": { "id": "39564fad-a8cb-4a95-a893-d61e8ff91a53", "title": "WP-Matomo Integration (WP-Piwik) < 1.0.11 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Connect Matomo (WP-Matomo, WP-Piwik)", "slug": "wp-piwik", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39564fad-a8cb-4a95-a893-d61e8ff91a53?source=api-scan" ], "published": "2016-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3956cd40-6b46-4013-9d71-a979de2c3687": { "id": "3956cd40-6b46-4013-9d71-a979de2c3687", "title": "Roles & Capabilities <= 1.1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Roles & Capabilities", "slug": "leira-roles", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3956cd40-6b46-4013-9d71-a979de2c3687?source=api-scan" ], "published": "2024-09-12 21:14:43", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "395a8ca6-78b8-43f2-8e8c-896702b5da0d": { "id": "395a8ca6-78b8-43f2-8e8c-896702b5da0d", "title": "WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Reroute Email", "slug": "wp-reroute-email", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/395a8ca6-78b8-43f2-8e8c-896702b5da0d?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "395b016f-018c-458d-a585-34f3de3eae5c": { "id": "395b016f-018c-458d-a585-34f3de3eae5c", "title": "Yet Another Stars Rating <= 3.4.3 - Missing Authorization via init", "software": [ { "type": "plugin", "name": "YASR \u2013 Yet Another Star Rating Plugin for WordPress", "slug": "yet-another-stars-rating", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/395b016f-018c-458d-a585-34f3de3eae5c?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "395ff912-dad7-4dff-8bc4-bc58ecc96a90": { "id": "395ff912-dad7-4dff-8bc4-bc58ecc96a90", "title": "Esplanade < 1.1.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Esplanade", "slug": "esplanade", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/395ff912-dad7-4dff-8bc4-bc58ecc96a90?source=api-scan" ], "published": "2015-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39695b53-9af7-42f0-8bde-3969398a7186": { "id": "39695b53-9af7-42f0-8bde-3969398a7186", "title": "eCommerce Product Catalog for WordPress <= 3.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.3.26": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39695b53-9af7-42f0-8bde-3969398a7186?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3969e890-76e0-484a-ad16-6e2642e2ae53": { "id": "3969e890-76e0-484a-ad16-6e2642e2ae53", "title": "Localize My Post <= 1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "Localize My Post", "slug": "localize-my-post", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3969e890-76e0-484a-ad16-6e2642e2ae53?source=api-scan" ], "published": "2018-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "396a58d2-8357-4a8b-88a7-8c4917e27eb6": { "id": "396a58d2-8357-4a8b-88a7-8c4917e27eb6", "title": "Hide My WP < 6.2.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Hide My WP - Amazing Security Plugin for WordPress!", "slug": "hide_my_wp", "affected_versions": { "[*, 6.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/396a58d2-8357-4a8b-88a7-8c4917e27eb6?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "396a7101-e6da-49c1-87a3-25792f3a7b76": { "id": "396a7101-e6da-49c1-87a3-25792f3a7b76", "title": "Slideshow Gallery <= 1.1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow Gallery", "slug": "slideshow-gallery-2", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/396a7101-e6da-49c1-87a3-25792f3a7b76?source=api-scan" ], "published": "2012-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "396f785f-0354-462e-bcaa-69e364c8c4b5": { "id": "396f785f-0354-462e-bcaa-69e364c8c4b5", "title": "TweetScribe <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TweetScribe", "slug": "tweetscribe", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/396f785f-0354-462e-bcaa-69e364c8c4b5?source=api-scan" ], "published": "2014-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39719351-3388-4175-89a0-8ce153a8bf44": { "id": "39719351-3388-4175-89a0-8ce153a8bf44", "title": "WooCommerce Payment Gateway Per Category <= 2.0.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Payment Gateway per Category", "slug": "wc-payment-gateway-per-category", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39719351-3388-4175-89a0-8ce153a8bf44?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3971c145-6dca-49af-bbb3-7ef4ce51507f": { "id": "3971c145-6dca-49af-bbb3-7ef4ce51507f", "title": "Optin Forms <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Optin Forms \u2013 Simple List Building Plugin for WordPress", "slug": "optin-forms", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3971c145-6dca-49af-bbb3-7ef4ce51507f?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39722a07-abfe-4956-b5d0-8ece06913a85": { "id": "39722a07-abfe-4956-b5d0-8ece06913a85", "title": "Really Simple SSL <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Really Simple Security \u2013 Simple and Performant Security (formerly Really Simple SSL)", "slug": "really-simple-ssl", "affected_versions": { "* - 7.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39722a07-abfe-4956-b5d0-8ece06913a85?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "397dabc3-5dcf-4d1f-9e24-28af889cb76f": { "id": "397dabc3-5dcf-4d1f-9e24-28af889cb76f", "title": "Wbcom Designs \u2013 BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass", "software": [ { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Group Reviews", "slug": "review-buddypress-groups", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "397f20d8-2400-4403-8543-f57141378012": { "id": "397f20d8-2400-4403-8543-f57141378012", "title": "AWeber <= 7.3.9 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth", "slug": "aweber-web-form-widget", "affected_versions": { "* - 7.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/397f20d8-2400-4403-8543-f57141378012?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39843d5b-702d-466d-9e17-ccf1c4444220": { "id": "39843d5b-702d-466d-9e17-ccf1c4444220", "title": "Viper GuestBook <= 1.3.15 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-ViperGB", "slug": "wp-vipergb", "affected_versions": { "[*, 1.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39843d5b-702d-466d-9e17-ccf1c4444220?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "398ebe7e-b0a7-47d8-b2f2-61973182f520": { "id": "398ebe7e-b0a7-47d8-b2f2-61973182f520", "title": "FoxyPress <= 0.4.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FoxyPress", "slug": "foxypress", "affected_versions": { "* - 0.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/398ebe7e-b0a7-47d8-b2f2-61973182f520?source=api-scan" ], "published": "2012-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "399109be-7efe-428e-a9b8-7a68864b2790": { "id": "399109be-7efe-428e-a9b8-7a68864b2790", "title": "CT Commerce <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings", "software": [ { "type": "plugin", "name": "CT Commerce", "slug": "ct-commerce", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/399109be-7efe-428e-a9b8-7a68864b2790?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3991d8d0-57a8-42e7-a53c-97508f7e137f": { "id": "3991d8d0-57a8-42e7-a53c-97508f7e137f", "title": "Instagram for WordPress <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Instagram for WordPress", "slug": "instagram-for-wordpress", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3991d8d0-57a8-42e7-a53c-97508f7e137f?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "399848fd-e9f6-40e4-bfeb-08f53eb511c6": { "id": "399848fd-e9f6-40e4-bfeb-08f53eb511c6", "title": "EventPrime <= 3.1.5 - Reflected Cross-Site Scripting via 'event_id'", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/399848fd-e9f6-40e4-bfeb-08f53eb511c6?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3999c48f-bae6-48ea-b35f-d8307d9c3898": { "id": "3999c48f-bae6-48ea-b35f-d8307d9c3898", "title": "Elementor Website Builder <= 3.0.13 - Unrestricted SVG Uploads", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3999c48f-bae6-48ea-b35f-d8307d9c3898?source=api-scan" ], "published": "2020-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39a3450e-f3c2-4c89-985d-28e23eb433dd": { "id": "39a3450e-f3c2-4c89-985d-28e23eb433dd", "title": "External Media <= 1.0.36 - Authenticated(Author+) File Upload to Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "External Media", "slug": "external-media", "affected_versions": { "* - 1.0.36": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39a3450e-f3c2-4c89-985d-28e23eb433dd?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39a50c49-5c24-4ae7-8f77-4f3d98270f8f": { "id": "39a50c49-5c24-4ae7-8f77-4f3d98270f8f", "title": "Real Estate Directory <= 1.0.5 - Cross-Site Request Forgery via rdm_activate_plugin", "software": [ { "type": "theme", "name": "Real Estate Directory", "slug": "real-estate-directory", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39a50c49-5c24-4ae7-8f77-4f3d98270f8f?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39a74c20-42a2-4099-8e6c-9989a3ba081d": { "id": "39a74c20-42a2-4099-8e6c-9989a3ba081d", "title": "Salient < 5.5.53 - DOM Cross-Site Scripting", "software": [ { "type": "theme", "name": "Salient | Creative Multipurpose & WooCommerce Theme", "slug": "salient", "affected_versions": { "* - 4.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39a74c20-42a2-4099-8e6c-9989a3ba081d?source=api-scan" ], "published": "2015-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39aed7e9-05c6-4251-b489-de7a33ed2c2e": { "id": "39aed7e9-05c6-4251-b489-de7a33ed2c2e", "title": "YouTube Playlist Player <= 4.6.4 - Cross-Site Request Forgery in ytpp_settings", "software": [ { "type": "plugin", "name": "YouTube Playlist Player", "slug": "youtube-playlist-player", "affected_versions": { "* - 4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39aed7e9-05c6-4251-b489-de7a33ed2c2e?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39b2435f-32a3-4158-a734-c21a0cab15be": { "id": "39b2435f-32a3-4158-a734-c21a0cab15be", "title": "Image Optimizer, Resizer and CDN \u2013 Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 7.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39b2435f-32a3-4158-a734-c21a0cab15be?source=api-scan" ], "published": "2024-10-07 18:57:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39b6a1c7-2f8a-49e9-8807-a53a25524018": { "id": "39b6a1c7-2f8a-49e9-8807-a53a25524018", "title": "Ninja Forms Contact Form <= 2.9.27 - CSV Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 2.9.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39b6a1c7-2f8a-49e9-8807-a53a25524018?source=api-scan" ], "published": "2015-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39b8f6d8-bca2-4bf2-93ab-868270df8752": { "id": "39b8f6d8-bca2-4bf2-93ab-868270df8752", "title": "Download canvasio3D Light <= 2.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "canvasio3D Light", "slug": "canvasio3d-light", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39b8f6d8-bca2-4bf2-93ab-868270df8752?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39b9e8a0-96bb-4b36-b4e8-ec9e3f137835": { "id": "39b9e8a0-96bb-4b36-b4e8-ec9e3f137835", "title": "Social Auto Poster <= 5.3.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39b9e8a0-96bb-4b36-b4e8-ec9e3f137835?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39bb69e0-fb18-4737-9eb7-bda2b5bc16a2": { "id": "39bb69e0-fb18-4737-9eb7-bda2b5bc16a2", "title": "WordPress File Upload <= 4.24.7 - Authenticated (Contributor+) Directory Traversal", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.24.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39bb69e0-fb18-4737-9eb7-bda2b5bc16a2?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39bbe18a-0212-4bfe-861f-2a213d67baec": { "id": "39bbe18a-0212-4bfe-861f-2a213d67baec", "title": "Fast Flow <= 1.2.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fast Flow", "slug": "fast-flow-dashboard", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39bbe18a-0212-4bfe-861f-2a213d67baec?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39c53cd7-3ea3-4971-be51-9544ca9d488f": { "id": "39c53cd7-3ea3-4971-be51-9544ca9d488f", "title": "Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39c53cd7-3ea3-4971-be51-9544ca9d488f?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39c751c7-0480-4b92-bebb-a69114d79378": { "id": "39c751c7-0480-4b92-bebb-a69114d79378", "title": "Easy CountDowner <= 1.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy CountDowner", "slug": "easy-countdowner", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39c751c7-0480-4b92-bebb-a69114d79378?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39c8e951-8e8c-4a72-9ecf-1dd96392105d": { "id": "39c8e951-8e8c-4a72-9ecf-1dd96392105d", "title": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "* - 5.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39c8e951-8e8c-4a72-9ecf-1dd96392105d?source=api-scan" ], "published": "2024-05-29 17:11:29", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39c9f055-2527-4678-bda1-27a29ab24acd": { "id": "39c9f055-2527-4678-bda1-27a29ab24acd", "title": "Products Quick View for WooCommerce <= 2.2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Products Quick View for WooCommerce", "slug": "woocommerce-products-quick-view", "affected_versions": { "[*, 2.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39c9f055-2527-4678-bda1-27a29ab24acd?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39ced195-63a7-4f50-a4eb-b43d6069f7e1": { "id": "39ced195-63a7-4f50-a4eb-b43d6069f7e1", "title": "Creative Contact Form < 1.0.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Creative Contact Form", "slug": "sexy-contact-form", "affected_versions": { "[*, 1.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39ced195-63a7-4f50-a4eb-b43d6069f7e1?source=api-scan" ], "published": "2014-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39d69a5e-4265-4898-9fd8-736dc2297b91": { "id": "39d69a5e-4265-4898-9fd8-736dc2297b91", "title": "HT Easy GA4 ( Google Analytics 4 ) <= 1.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HT Easy GA4 \u2013 Google Analytics WordPress Plugin", "slug": "ht-easy-google-analytics", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39d69a5e-4265-4898-9fd8-736dc2297b91?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39da62be-e630-48cd-b732-80ed3d337638": { "id": "39da62be-e630-48cd-b732-80ed3d337638", "title": "EventPrime \u2013 Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39da62be-e630-48cd-b732-80ed3d337638?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39e0fd33-4071-4510-a7d5-b499a8a3543c": { "id": "39e0fd33-4071-4510-a7d5-b499a8a3543c", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39e0fd33-4071-4510-a7d5-b499a8a3543c?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39e104fa-591a-41e8-af7e-f8b32a199170": { "id": "39e104fa-591a-41e8-af7e-f8b32a199170", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39e104fa-591a-41e8-af7e-f8b32a199170?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39e3fcf3-95f6-4844-b87a-5540041fe6a8": { "id": "39e3fcf3-95f6-4844-b87a-5540041fe6a8", "title": "Very Simple Quiz <= 1.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Very Simple Quiz", "slug": "very-simple-quiz", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39e3fcf3-95f6-4844-b87a-5540041fe6a8?source=api-scan" ], "published": "2020-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39e77def-8abe-4e62-ad99-a0c1d467aeb1": { "id": "39e77def-8abe-4e62-ad99-a0c1d467aeb1", "title": "Mona Lisa <= 2.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Mona Lisa", "slug": "monalisa", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39e77def-8abe-4e62-ad99-a0c1d467aeb1?source=api-scan" ], "published": "2020-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39f12569-ff89-4c6b-afcf-a8c4421749cc": { "id": "39f12569-ff89-4c6b-afcf-a8c4421749cc", "title": "Event Expresso Free <= 3.1.37.11.L - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Event Expresso Free", "slug": "event-espresso-free", "affected_versions": { "* - 3.1.37.11.L": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.37.11.L", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.37.12.L" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39f12569-ff89-4c6b-afcf-a8c4421749cc?source=api-scan" ], "published": "2017-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39f1ddd0-c26b-4754-a78a-c64fab75f238": { "id": "39f1ddd0-c26b-4754-a78a-c64fab75f238", "title": "Generate PDF using Contact Form 7 <= 3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Generate PDF using Contact Form 7", "slug": "generate-pdf-using-contact-form-7", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39f1ddd0-c26b-4754-a78a-c64fab75f238?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39f5777b-38b0-4fc6-909d-61eaa1de6173": { "id": "39f5777b-38b0-4fc6-909d-61eaa1de6173", "title": "Grid Gallery \u2013 Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode", "software": [ { "type": "plugin", "name": "Grid Gallery \u2013 Photo Image Grid Gallery", "slug": "new-grid-gallery", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39f5777b-38b0-4fc6-909d-61eaa1de6173?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39f8c830-9f71-4ca6-8fcc-54769cef878f": { "id": "39f8c830-9f71-4ca6-8fcc-54769cef878f", "title": "All in One SEO <= 2.2.5.1 - Information Disclosure", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "[*, 2.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39f8c830-9f71-4ca6-8fcc-54769cef878f?source=api-scan" ], "published": "2015-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "39fb0499-9ab4-4a2f-b0db-ece86bcf4d42": { "id": "39fb0499-9ab4-4a2f-b0db-ece86bcf4d42", "title": "Freemius SDK <= 2.4.2 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "YASR \u2013 Yet Another Star Rating Plugin for WordPress", "slug": "yet-another-stars-rating", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] }, { "type": "plugin", "name": "Events Addon for Elementor", "slug": "events-addon-for-elementor", "affected_versions": { "[*, 1.9.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.8" ] }, { "type": "plugin", "name": "Fraud Prevention For WooCommerce and EDD", "slug": "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] }, { "type": "plugin", "name": "Gutenberg Blocks \u2013 ACF Blocks Suite", "slug": "acf-blocks", "affected_versions": { "[*, 2.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.8" ] }, { "type": "plugin", "name": "Ultimeter", "slug": "ultimeter", "affected_versions": { "[*, 2.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.6" ] }, { "type": "plugin", "name": "Past Events Extension", "slug": "past-events-extension", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Pootle Pagebuilder \u2013 WordPress Page builder", "slug": "pootle-page-builder", "affected_versions": { "[*, 5.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.7.1" ] }, { "type": "plugin", "name": "Local Delivery Drivers for WooCommerce", "slug": "local-delivery-drivers-for-woocommerce", "affected_versions": { "[*, 1.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.5" ] }, { "type": "plugin", "name": "Ultimate Gutenberg \u2013 Custom Block Templates", "slug": "ultimate-gutenberg", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Required Taxonomies \u2013 Categories and Tags Mandatory", "slug": "required-taxonomies", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] }, { "type": "plugin", "name": "Featured Products First for WooCommerce \u2013 A Extension of WooCommerce (WooCommerce Addon Plugin)", "slug": "featured-products-first-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "SSL Certificate \u2013 Free SSL, HTTPS by SSL Zen", "slug": "ssl-zen", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] }, { "type": "plugin", "name": "Streak CRM For Gmail For Contact Form 7 \u2013 WordPress Plugin", "slug": "streak-crm-for-gmail-integration-for-contact-form-7", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] }, { "type": "plugin", "name": "WordPress Dev Powers \u2013 ACF Color Coded Field Types Plugin", "slug": "wp-dev-powers-acf-color-coded-field-types", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "DancePress (TRWA)", "slug": "dancepress-trwa", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] }, { "type": "plugin", "name": "Product Size Charts Plugin for WooCommerce", "slug": "woo-advanced-product-size-chart", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] }, { "type": "plugin", "name": "Wp My Admin Bar", "slug": "wp-my-admin-bar", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "A no-code page builder for beautiful performance-based content", "slug": "setka-editor", "affected_versions": { "[*, 2.1.17)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.17" ] }, { "type": "plugin", "name": "LocalSEOMap", "slug": "localseomap-for-elementor", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Prayer", "slug": "easy-prayer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt", "slug": "adfoxly", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5" ] }, { "type": "plugin", "name": "WP Get Personal", "slug": "wp-get-personal-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Checkout with Cash App on EDD", "slug": "edd-cashapp", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Server Info", "slug": "server-info", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Custom WooCommerce Checkout Fields Editor", "slug": "add-fields-to-checkout-page-woocommerce", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] }, { "type": "plugin", "name": "KRSP Frontend File Uploader", "slug": "krsp-frontend-file-upload", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Panorama Viewer- Best Plugin to Display Panoramic Images\/Videos", "slug": "panorama", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "Bulk Attachment Download", "slug": "bulk-attachment-download", "affected_versions": { "[*, 1.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.5" ] }, { "type": "plugin", "name": "AutoSave Net", "slug": "autosave-net", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce Wholesale Pricing for WooCommerce", "slug": "premmerce-woocommerce-wholesale-pricing", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] }, { "type": "plugin", "name": "Any Popup \u2013 Popup Forms, Optins & Ads", "slug": "any-popup", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Checkout with Venmo on EDD", "slug": "edd-venmo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Payment gateway per Product for WooCommerce", "slug": "woocommerce-product-payments", "affected_versions": { "[*, 3.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.6" ] }, { "type": "plugin", "name": "HQTheme Extra", "slug": "hqtheme-extra", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Vit Website Reviews", "slug": "vit-website-reviews", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooCommerce EU VAT Assistant", "slug": "woocommerce-eu-vat-assistant", "affected_versions": { "[*, 2.0.28.220224)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.28.220224", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.28.220224" ] }, { "type": "plugin", "name": "WordPress Slider Block Gutenslider", "slug": "gutenslider", "affected_versions": { "[*, 5.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.7.0" ] }, { "type": "plugin", "name": "HuCommerce | Magyar WooCommerce kieg\u00e9sz\u00edt\u00e9sek", "slug": "surbma-magyar-woocommerce", "affected_versions": { "[*, 30.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "30.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "30.3.0" ] }, { "type": "plugin", "name": "KVoucher", "slug": "kvoucher", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Video Player for YouTube", "slug": "yt-player", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] }, { "type": "plugin", "name": "Error Log Monitor", "slug": "error-log-monitor", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] }, { "type": "plugin", "name": "SlideDeck: Responsive WordPress Slider Plugin", "slug": "slidedeck", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce Multi-currency for Woocommerce", "slug": "premmerce-woocommerce-multi-currency", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] }, { "type": "plugin", "name": "Booking Addon for WooCommerce", "slug": "booking-for-woocommerce", "affected_versions": { "[*, 4.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.0" ] }, { "type": "plugin", "name": "WP Event Partners \u2013 WordPress Plugin for Event and Conference Management", "slug": "wp-event-partners", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] }, { "type": "plugin", "name": "WC Shop Sync \u2013 Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin", "slug": "woosquare", "affected_versions": { "[*, 4.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.1" ] }, { "type": "plugin", "name": "Add Expires Headers & Optimized Minify", "slug": "add-expires-headers", "affected_versions": { "[*, 2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6" ] }, { "type": "plugin", "name": "ForceField", "slug": "forcefield", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "FIT: Featured Image Toolkit", "slug": "featured-image-toolkit", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "All in One Invite Codes", "slug": "all-in-one-invite-codes", "affected_versions": { "[*, 1.0.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.13" ] }, { "type": "plugin", "name": "Dynamic Pricing and Discount Rules for WooCommerce", "slug": "woo-conditional-discount-rules-for-checkout", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] }, { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "[*, 1.9.9.170)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9.170", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.9.170" ] }, { "type": "plugin", "name": "Grid & Styler For Contact Form 7 And Divi", "slug": "cf7-grid-and-styler-for-divi", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] }, { "type": "plugin", "name": "Protect Uploads with Login \u2013 Protect Your Uploads", "slug": "protect-uploads-with-login-page", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Atlas \u2013 Knowledge Base", "slug": "atlas-knowledge-base", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Simple Sitemap \u2013 Create a Responsive HTML Sitemap", "slug": "simple-sitemap", "affected_versions": { "[*, 3.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.5" ] }, { "type": "plugin", "name": "Super Video Player- Best WordPress Video Display Plugin for mp4\/OGG", "slug": "super-video-player", "affected_versions": { "[*, 1.6.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.11" ] }, { "type": "plugin", "name": "WordPress Books Gallery", "slug": "wp-books-gallery", "affected_versions": { "[*, 3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6" ] }, { "type": "plugin", "name": "FiboSearch \u2013 Ajax Search for WooCommerce", "slug": "ajax-search-for-woocommerce", "affected_versions": { "[*, 1.17.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.17.0" ] }, { "type": "plugin", "name": "Tag Groups is the Advanced Way to Display Your Taxonomy Terms", "slug": "tag-groups", "affected_versions": { "[*, 1.43.10.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.43.10.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.43.10.1" ] }, { "type": "plugin", "name": "WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS", "slug": "wp-free-ssl", "affected_versions": { "[*, 1.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7" ] }, { "type": "plugin", "name": "ClickerVolt \u2013 Affiliate Links & Click Tracking for Performance Marketers", "slug": "clickervolt", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "ConsultPress Lite", "slug": "consultpress-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Divi Forms Styler \u2013 Gravity Forms, Fluent Forms & Contact Form 7", "slug": "cf7-styler-for-divi", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "StreamWeasels Twitch Integration", "slug": "streamweasels-twitch-integration", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] }, { "type": "plugin", "name": "Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test", "slug": "mobilook", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Zip Code Redirect", "slug": "zip-codes-redirect", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] }, { "type": "plugin", "name": "Guestofy \u2013 Restaurant Reservations Plugin, Room Planer, Reservation Form", "slug": "guestofy-restaurant-reservations", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "CF7 Constant Contact Fields Mapping", "slug": "cf7-constant-contact-fields-mapping", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Booking Calendar | Appointment Booking | Bookit", "slug": "bookit", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] }, { "type": "plugin", "name": "EthereumICO", "slug": "ethereumico", "affected_versions": { "[*, 2.3.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.11" ] }, { "type": "plugin", "name": "RT Easy Builder \u2013 Advanced addons for Elementor", "slug": "rt-easy-builder-advanced-addons-for-elementor", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] }, { "type": "plugin", "name": "WP Contact Slider \u2013 Slide Out Contact Form for WordPress to display Contact Form 7, Gravity Forms, WP Forms, Ninja Forms, plain text\/HTML & other shortcodes", "slug": "wp-contact-slider", "affected_versions": { "[*, 2.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.5" ] }, { "type": "plugin", "name": "Country Based Payments for WooCommerce", "slug": "woocommerce-country-based-payments", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] }, { "type": "plugin", "name": "Filr \u2013 Secure document library", "slug": "filr-protection", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] }, { "type": "theme", "name": "Elasta", "slug": "elasta", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "MapGeo \u2013 Interactive Geo Maps", "slug": "interactive-geo-maps", "affected_versions": { "[*, 1.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.4" ] }, { "type": "plugin", "name": "WordPress Animation Plugin \u2013 Animated Everything", "slug": "animate-everything", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Notification Bell", "slug": "wp-notification-bell", "affected_versions": { "[*, 1.3.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.13" ] }, { "type": "plugin", "name": "Activity Log For MainWP", "slug": "activity-log-mainwp", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] }, { "type": "plugin", "name": "Connected Sermons", "slug": "connected-sermons", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Bulk Edit and Create User Profiles \u2013 WP Sheet Editor", "slug": "bulk-edit-user-profiles-in-spreadsheet", "affected_versions": { "[*, 1.5.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.13" ] }, { "type": "plugin", "name": "\u041a\u043d\u043e\u043f\u043a\u0430 \u042eMoney", "slug": "yandex-money-button", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Bulk WooCommerce Category Creator", "slug": "bulk-woocommerce-category-creator", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Math Captcha for CF7", "slug": "cf7-easy-math-captcha", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Master Accordion ( Former WP Awesome FAQ Plugin )", "slug": "wp-awesome-faq", "affected_versions": { "[*, 4.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.8" ] }, { "type": "plugin", "name": "Better Elementor Addons", "slug": "better-elementor-addons", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "[*, 7.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.4" ] }, { "type": "plugin", "name": "Place Order Without Payment for WooCommerce", "slug": "wc-place-order-without-payment", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] }, { "type": "plugin", "name": "STEWoo \u2013 Super Transactional Emails for WooCommerce", "slug": "super-transactional-emails-for-woocommerce", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "DeMomentSomTres Address", "slug": "demomentsomtres-address", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Out of stock display for woocommerce", "slug": "out-of-stock-display-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Ultimate Blocks \u2013 WordPress Blocks Plugin", "slug": "ultimate-blocks", "affected_versions": { "[*, 2.4.13)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.13" ] }, { "type": "plugin", "name": "Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)", "slug": "bulk-image-title-attribute", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "plugin", "name": "WP Radio \u2013 Worldwide Online Radio Stations Directory for WordPress", "slug": "wp-radio", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] }, { "type": "plugin", "name": "BookPress \u2013 For Book Authors", "slug": "book-press", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "plugin", "name": "Qyrr \u2013 simply and modern QR-Code creation", "slug": "qyrr-code", "affected_versions": { "[*, 0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.8" ] }, { "type": "plugin", "name": "WordPress Directory Plugin For Business Listings \u2013 WP Local Plus", "slug": "wplocalplus-lite", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] }, { "type": "plugin", "name": "Equalize Digital Accessibility Checker \u2013 Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors", "slug": "accessibility-checker", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] }, { "type": "plugin", "name": "Funnelmentals", "slug": "web-disrupt-funnelmentals", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites \u2013 Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed", "slug": "blockspare", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] }, { "type": "plugin", "name": "Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook", "slug": "forms-to-zapier", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] }, { "type": "plugin", "name": "Product Carousel For WooCommerce \u2013 WoorouSell", "slug": "woorousell", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] }, { "type": "plugin", "name": "WordPress Robots.txt optimizer (+ XML Sitemap) \u2013 Boost SEO, Traffic & Rankings", "slug": "better-robots-txt", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "plugin", "name": "GFireM Fields", "slug": "gfirem-fields", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce", "slug": "woo-coupon-usage", "affected_versions": { "[*, 4.16.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.16.4" ] }, { "type": "plugin", "name": "WP Post Block", "slug": "wp-post-block", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "LMS Plugin \u2013 eLearning, Online Courses by Attest", "slug": "wp-attest", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Frontend Admin by DynamiApps", "slug": "acf-frontend-form-element", "affected_versions": { "[*, 3.3.33)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.33" ] }, { "type": "plugin", "name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests", "slug": "giveasap", "affected_versions": { "[*, 2.42.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.42.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.42.1" ] }, { "type": "plugin", "name": "WPTools Masonry Gallery & Posts For Divi", "slug": "wptools-masonry-gallery-posts-for-divi", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] }, { "type": "plugin", "name": "GFireM Action After", "slug": "gfirem-action-after", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Woo Ukrposhta", "slug": "woo-ukrposhta", "affected_versions": { "[*, 1.6.18)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.18" ] }, { "type": "plugin", "name": "annasta Woocommerce Product Filters", "slug": "annasta-woocommerce-product-filters", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "WP Lead Stream", "slug": "wp-lead-stream", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "[*, 5.14.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.14.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.14.0.4" ] }, { "type": "plugin", "name": "Focus on Reviews for WooCommerce", "slug": "focus-on-reviews-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Email Tracker \u2013 Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)", "slug": "email-tracker", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Block Styler For Gravity Forms", "slug": "block-styler-for-gravity-forms", "affected_versions": { "* - 6.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.0" ] }, { "type": "plugin", "name": "WP Page Templates", "slug": "custom-page-templates-by-vegacorp", "affected_versions": { "[*, 1.1.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.13" ] }, { "type": "plugin", "name": "Product Customer List for WooCommerce", "slug": "wc-product-customer-list", "affected_versions": { "[*, 3.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0" ] }, { "type": "theme", "name": "WP Moose", "slug": "wp-moose", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] }, { "type": "plugin", "name": "Team Members \u2013 A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More", "slug": "gs-team-members", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Floating Social Share Icons and Social Share buttons \u2013 Next Previous Post Links \u2013 FL", "slug": "floating-links", "affected_versions": { "[*, 3.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.0" ] }, { "type": "plugin", "name": "South Pole: Climate action now", "slug": "south-pole-the-offset-movement", "affected_versions": { "[*, 1.0.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2.0" ] }, { "type": "plugin", "name": "LittleBot Invoices", "slug": "littlebot-invoices", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Genealogical Tree \u2013 WordPress Family Tree", "slug": "genealogical-tree", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] }, { "type": "plugin", "name": "Automatic YouTube Gallery", "slug": "automatic-youtube-gallery", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.5" ] }, { "type": "plugin", "name": "Thank You Page for WooCommerce", "slug": "wc-thanks-redirect", "affected_versions": { "[*, 3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1" ] }, { "type": "plugin", "name": "Marijuana Age Verify", "slug": "easy-marijuana-age-verify", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "plugin", "name": "WooCommerce upcoming Products", "slug": "woocommerce-upcoming-product", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Frontend Admin \u2013 Add and edit posts, pages, users and more all from the frontend", "slug": "frontend-admin", "affected_versions": { "[*, 3.3.33)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.33" ] }, { "type": "plugin", "name": "SV Tracking Manager", "slug": "sv-tracking-manager", "affected_versions": { "[*, 1.8.02)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.02", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.02" ] }, { "type": "plugin", "name": "WP EasyPay \u2013 Square for WordPress", "slug": "wp-easy-pay", "affected_versions": { "[*, 4.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.2" ] }, { "type": "plugin", "name": "WordPress SEO Checklist", "slug": "seo-checklist", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "wGauge \u2013 Free Version", "slug": "wgauge", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "[*, 2.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.0" ] }, { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "[*, 2.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.3" ] }, { "type": "plugin", "name": "WP Tools Divi Product Carousel", "slug": "wp-tools-divi-product-carousel", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Guest posting \/ Frontend Posting wordpress plugin \u2013 WP Front User Submit \/ Front Editor", "slug": "front-editor", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] }, { "type": "plugin", "name": "Social Gallery Lite", "slug": "social-gallery-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Stackable \u2013 Page Builder Gutenberg Blocks", "slug": "stackable-ultimate-gutenberg-blocks", "affected_versions": { "[*, 3.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.5" ] }, { "type": "plugin", "name": "Five-Star Ratings Shortcode", "slug": "five-star-ratings-shortcode", "affected_versions": { "[*, 1.2.39)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.39", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.39" ] }, { "type": "plugin", "name": "CAPTCHA 4WP \u2013 Antispam CAPTCHA solution for WordPress", "slug": "advanced-nocaptcha-recaptcha", "affected_versions": { "[*, 7.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.0.5" ] }, { "type": "plugin", "name": "Premmerce Wishlist for WooCommerce", "slug": "premmerce-woocommerce-wishlist", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] }, { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "[*, 7.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.6.3" ] }, { "type": "plugin", "name": "Surbma | GDPR Proof Cookie Consent & Notice Bar", "slug": "surbma-gdpr-proof-google-analytics", "affected_versions": { "[*, 17.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "17.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "17.5.3" ] }, { "type": "plugin", "name": "Advance Menu Manager", "slug": "advance-menu-manager", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Live TV Player \u2013 Worldwide Live TV Channels Player for WordPress", "slug": "wp-live-tv", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "plugin", "name": "Market Exporter", "slug": "market-exporter", "affected_versions": { "* - 2.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.14" ] }, { "type": "plugin", "name": "WP Adminify \u2013 Custom WordPress Dashboard, Login and Admin Customizer", "slug": "adminify", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] }, { "type": "plugin", "name": "TK Google Fonts GDPR Compliant", "slug": "tk-google-fonts", "affected_versions": { "[*, 2.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.1" ] }, { "type": "plugin", "name": "Starfish Review Generation & Marketing for WordPress", "slug": "starfish-reviews", "affected_versions": { "[*, 3.0.26)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.26", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.26" ] }, { "type": "plugin", "name": "WP Emaily", "slug": "wp-emaily", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Education Addon for Elementor", "slug": "education-addon", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] }, { "type": "plugin", "name": "SV Proven Expert", "slug": "sv-provenexpert", "affected_versions": { "[*, 1.8.01)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.01", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.01" ] }, { "type": "plugin", "name": "SurveyFunnel \u2013 Survey Plugin for WordPress", "slug": "surveyfunnel-lite", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "plugin", "name": "Advanced Classifieds & Directory Pro", "slug": "advanced-classifieds-and-directory-pro", "affected_versions": { "[*, 1.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.8" ] }, { "type": "plugin", "name": "Music Player for Elementor \u2013 Audio Player & Podcast Player", "slug": "music-player-for-elementor", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] }, { "type": "plugin", "name": "Cryptocurrency Product for WooCommerce", "slug": "cryptocurrency-product-for-woocommerce", "affected_versions": { "[*, 3.14.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.14.6" ] }, { "type": "plugin", "name": "WooCommerce Next Order Coupon", "slug": "next-order-coupon-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Overlay Image Divi Module", "slug": "overlay-image-divi-module", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] }, { "type": "plugin", "name": "Email Header Footer", "slug": "email-header-footer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Document Viewer- Plugin to Display MS Office Docs", "slug": "embed-office-viewer", "affected_versions": { "[*, 2.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.5" ] }, { "type": "plugin", "name": "Price Bands for WooCommerce", "slug": "price-bands-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "[*, 1.11.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11.14" ] }, { "type": "plugin", "name": "Smart Variations Images & Swatches for WooCommerce", "slug": "smart-variations-images", "affected_versions": { "[*, 5.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.10" ] }, { "type": "plugin", "name": "Featured Images in RSS for Mailchimp & More", "slug": "featured-images-for-rss-feeds", "affected_versions": { "[*, 1.5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.9" ] }, { "type": "plugin", "name": "Simple Sponsorships", "slug": "simple-sponsorships", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] }, { "type": "plugin", "name": "Joli Table Of Contents", "slug": "joli-table-of-contents", "affected_versions": { "[*, 1.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9" ] }, { "type": "plugin", "name": "Sparrow: Product Reviews and Ratings for WooCommerce", "slug": "sparrow", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Multi Page Auto Advance for Gravity Forms", "slug": "auto-advance-for-gravity-forms", "affected_versions": { "[*, 4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3" ] }, { "type": "plugin", "name": "Generate Images \u2013 Magic Post Thumbnail", "slug": "magic-post-thumbnail", "affected_versions": { "[*, 3.3.11)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.11" ] }, { "type": "plugin", "name": "Live Scores for SportsPress", "slug": "live-scores-for-sportspress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Hide Shipping Method For WooCommerce", "slug": "hide-shipping-method-for-woocommerce", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "plugin", "name": "Ultimate Carousel For Divi", "slug": "ultimate-carousel-for-divi", "affected_versions": { "[*, 4.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.1" ] }, { "type": "plugin", "name": "WP Meta and Date Remover", "slug": "wp-meta-and-date-remover", "affected_versions": { "[*, 1.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.6" ] }, { "type": "plugin", "name": "Image Carousel For Divi", "slug": "image-carousel-for-divi", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Comments Not Replied To", "slug": "comments-not-replied-to", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] }, { "type": "plugin", "name": "Contact Form 7 \u2013 Capsule CRM \u2013 Integration", "slug": "integration-of-capsule-crm-for-contact-form-7", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "plugin", "name": "Opensea", "slug": "opensea", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] }, { "type": "plugin", "name": "WordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.", "slug": "tranzly", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Pixel Manager for WooCommerce \u2013 Track Google Analytics, Google Ads, TikTok and more", "slug": "woocommerce-google-adwords-conversion-tracking-tag", "affected_versions": { "[*, 1.14.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.14.3" ] }, { "type": "plugin", "name": "Modern Addons for Elementor Page Builder", "slug": "modern-addons-elementor", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "theme", "name": "Viralike", "slug": "viralike", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Dev Powers \u2013 Element Selector jQuery Powers Plugin", "slug": "wp-dev-powers-element-selector-jquery-powers", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Munich Blocks \u2013 Gutenberg Blocks for WordPress", "slug": "wp-munich-blocks", "affected_versions": { "[*, 0.11.0)": { "from_version": "*", "from_inclusive": true, "to_version": "0.11.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.11.0" ] }, { "type": "plugin", "name": "Availability datepicker \u2013 Integrate with Contact Form 7 and Divi", "slug": "date-time-picker-field", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] }, { "type": "plugin", "name": "Footer Plugin for Divi", "slug": "mrkwp-footer-for-divi", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Accept Stripe Donation and Payments \u2013 AidWP", "slug": "wp-stripe-donation", "affected_versions": { "[*, 2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9" ] }, { "type": "plugin", "name": "New User Approve", "slug": "new-user-approve", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] }, { "type": "plugin", "name": "GFireM Advance Search", "slug": "gfirem-advance-search", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WPMailer \u2013 The best mail builder, No More Core for your emails support Elementor, CF7 forms etc\u2026", "slug": "wpmailer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "slug": "shared-files", "affected_versions": { "[*, 1.6.72)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.72", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.72" ] }, { "type": "plugin", "name": "WPBITS Addons For Elementor Page Builder", "slug": "wpbits-addons-for-elementor", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] }, { "type": "theme", "name": "Speculor", "slug": "speculor", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Google Street View (with 360\u00b0 virtual tour) & Google maps + Local SEO", "slug": "wp-google-street-view", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] }, { "type": "plugin", "name": "WordPress Everse Starter Sites \u2013 Elementor Templates", "slug": "everse-starter-sites", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] }, { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "[*, 1.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.5" ] }, { "type": "plugin", "name": "Choice Payment Gateway for WooCommerce", "slug": "choice-payment-gateway-for-woocommerce", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] }, { "type": "plugin", "name": "Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)", "slug": "domain-mapping-system", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] }, { "type": "plugin", "name": "Order and Inventory Manager for WooCommerce", "slug": "order-and-inventory-manager-for-woocommerce", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "plugin", "name": "Ninja Libs Amazon SES", "slug": "ninjalibs-ses", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Delete All Comments of wordpress", "slug": "delete-all-comments-of-website", "affected_versions": { "[*, 4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3" ] }, { "type": "plugin", "name": "WP-Cron Status Checker", "slug": "wp-cron-status-checker", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "CodeKit \u2013 Custom Codes Editor", "slug": "custom-codes", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "[*, 2.1.34)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.34" ] }, { "type": "plugin", "name": "Change Price Title for WooCommerce", "slug": "change-wc-price-title", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Gallery Plugin \u2013 Edge Photo Gallery", "slug": "edge-gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Glorious Services & Support", "slug": "glorious-services-support", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Newsletter Signups", "slug": "easy-newsletter-signups", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "Announcement & Notification Banner \u2013 Bulletin", "slug": "bulletin-announcements", "affected_versions": { "[*, 3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.0" ] }, { "type": "plugin", "name": "Advanced Database Replacer", "slug": "advanced-database-replacer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Multisite Robots.txt Manager", "slug": "multisite-robotstxt-manager", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Simple Social Page Widget & Shortcode", "slug": "simple-facebook-twitter-widget", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooCommerce Country Catalogs \u2013 Product Country Restrictions", "slug": "woo-country-restrictions-advanced", "affected_versions": { "[*, 1.13.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.13.0" ] }, { "type": "plugin", "name": "Front End PM", "slug": "front-end-pm", "affected_versions": { "[*, 11.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "11.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.3.4" ] }, { "type": "plugin", "name": "Ultimate Divi Modules Suite \u2013 Divi Sumo Lite", "slug": "sumo-divi-modules", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "XT Points & Rewards for WooCommerce", "slug": "xt-woo-points-rewards", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "plugin", "name": "Widgets for WooCommerce Products on Elementor", "slug": "woo-products-widgets-for-elementor", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] }, { "type": "plugin", "name": "Delivery for WooCommerce", "slug": "delivery-woo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP SMS Plugin \u2013 WordPress SMS Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email", "slug": "wp-twilio-core", "affected_versions": { "[*, 1.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7" ] }, { "type": "plugin", "name": "Security Ninja \u2013 Secure Firewall & Secure Malware Scanner", "slug": "security-ninja", "affected_versions": { "[*, 5.135)": { "from_version": "*", "from_inclusive": true, "to_version": "5.135", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.135" ] }, { "type": "plugin", "name": "TinyMCE Annotate", "slug": "tinymce-annotate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Justified Gallery", "slug": "justified-gallery", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] }, { "type": "plugin", "name": "Book BuyBack Prices", "slug": "book-buyback-prices", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Fuse Social Floating Sidebar", "slug": "fuse-social-floating-sidebar", "affected_versions": { "[*, 5.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.3" ] }, { "type": "plugin", "name": "WP-HR Manager: The Human Resources Plugin for WordPress", "slug": "wp-hr-manager", "affected_versions": { "[*, 3.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.3" ] }, { "type": "plugin", "name": "Emails Blacklist for Everest Forms", "slug": "emails-blacklist-everest-forms", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "All-in-One Video Gallery", "slug": "all-in-one-video-gallery", "affected_versions": { "[*, 2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.4" ] }, { "type": "plugin", "name": "Woo Admin Product Notes", "slug": "woo-admin-product-notes", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Remove Add to Cart WooCommerce", "slug": "remove-add-to-cart-woocommerce", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "plugin", "name": "Checkout with Zelle on Woocommerce", "slug": "wc-zelle", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "plugin", "name": "WP Tools Gravity Forms Divi Module", "slug": "wp-tools-gravity-forms-divi-module", "affected_versions": { "[*, 6.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.6.3" ] }, { "type": "theme", "name": "Everse", "slug": "everse", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] }, { "type": "plugin", "name": "Run time Image resizing", "slug": "run-time-image-resizing", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Rest Routes \u2013 Custom Endpoints for WordPress REST API", "slug": "rest-routes", "affected_versions": { "[*, 4.24.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.24.0" ] }, { "type": "plugin", "name": "Widget for Contact form 7", "slug": "widget-for-contact-form-7", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Add Pinterest conversion tags for Pinterest Ads + Site verification", "slug": "add-pinterest-conversion-tags", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "plugin", "name": "Spreadsheet Integration \u2013 Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.", "slug": "wpgsi", "affected_versions": { "[*, 3.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.1" ] }, { "type": "plugin", "name": "WP BugBot", "slug": "wp-bugbot", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "theme", "name": "Nokke", "slug": "nokke", "affected_versions": { "[*, 1.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.11" ] }, { "type": "plugin", "name": "WooCommerce Customers Table: View, Search, Bulk Editor", "slug": "woo-customers-spreadsheet-bulk-edit", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "Sync eCommerce NEO", "slug": "sync-ecommerce-neo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Preloader for Divi", "slug": "preloader-for-divi", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Get Better Reviews for WooCommerce", "slug": "more-better-reviews-for-woocommerce", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] }, { "type": "plugin", "name": "Knowledge Base documentation & wiki plugin \u2013 BasePress Docs", "slug": "basepress", "affected_versions": { "[*, 2.15.14)": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.15.14" ] }, { "type": "plugin", "name": "Appointment & Event Booking Calendar Plugin \u2013 Webba Booking", "slug": "webba-booking-lite", "affected_versions": { "[*, 4.2.18)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.18" ] }, { "type": "theme", "name": "Shuban", "slug": "shuban", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "ACF for WooCommerce Product", "slug": "acf-for-woocommerce-product", "affected_versions": { "[*, 1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8" ] }, { "type": "plugin", "name": "Scheduled Notification Bar", "slug": "scheduled-notification-bar", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "3D Viewer \u2013 3D Model Viewer Plugin", "slug": "3d-viewer", "affected_versions": { "[*, 1.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7" ] }, { "type": "plugin", "name": "Fullscreen Menu", "slug": "animated-fullscreen-menu", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "Gallery PhotoBlocks", "slug": "photoblocks-grid-gallery", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "[*, 2.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.0" ] }, { "type": "plugin", "name": "DeMomentSomTres Grid Archive", "slug": "demomentsomtres-grid-archive", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Inbound Brew", "slug": "inbound-brew", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Photo Effects", "slug": "wp-photo-effects", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] }, { "type": "plugin", "name": "Top Bar \u2013 PopUps \u2013 by WPOptin", "slug": "wpoptin", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Extra Fees Plugin for WooCommerce", "slug": "woo-conditional-product-fees-for-checkout", "affected_versions": { "[*, 3.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.2" ] }, { "type": "plugin", "name": "Reset Course Progress For LearnDash", "slug": "reset-course-progress-for-learndash", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Podcast Box \u2013 Best Podcasting Plugin for WordPress", "slug": "podcast-box", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] }, { "type": "plugin", "name": "The best plugin for restrict content, support all Custom Post Types and Elementor \u2013 Password Protected", "slug": "protected-page", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Turbo Widgets", "slug": "turbo-widgets", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Passster \u2013 Password Protect Pages and Content", "slug": "content-protector", "affected_versions": { "[*, 3.5.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.5.2" ] }, { "type": "plugin", "name": "Gift Message for WooCommerce", "slug": "gift-message-for-woocommerce", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] }, { "type": "plugin", "name": "azw woocommerce file uploads", "slug": "azw-woocommerce-file-uploads", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Blog Grid & Post Grid \u2013 Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack", "slug": "blog-designer-pack", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] }, { "type": "theme", "name": "Broadcast Lite", "slug": "broadcast-lite", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] }, { "type": "plugin", "name": "Notification Bar, Announcement and Cookie Notice WordPress Plugin \u2013 FooBar", "slug": "foobar-notifications-lite", "affected_versions": { "[*, 2.1.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.15" ] }, { "type": "plugin", "name": "WP Author Bio", "slug": "sexy-author-bio", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "RW Divi Unite Gallery", "slug": "rw-divi-unite-gallery", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Tablesome \u2013 Form DB & Automation \u2013 WPForms, Contact Form 7, Elementor, Forminator, Fluent, Gravity", "slug": "tablesome", "affected_versions": { "[*, 0.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.7" ] }, { "type": "plugin", "name": "Product Image Watermark for Woo", "slug": "product-image-watermark-for-woo", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "AFI \u2013 The Easiest Integration Plugin", "slug": "advanced-form-integration", "affected_versions": { "[*, 1.49.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.49.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.49.0" ] }, { "type": "plugin", "name": "Revolution for Elementor", "slug": "revolution-for-elementor", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "ConeBlog \u2013 Elementor Blog Widgets", "slug": "coneblog-widgets", "affected_versions": { "[*, 1.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6" ] }, { "type": "plugin", "name": "Under Construction", "slug": "easy-under-construction", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] }, { "type": "plugin", "name": "WP Gratify", "slug": "wp-gratify", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Automizy Gravity Forms", "slug": "automizy-gravity-forms", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Widgets on Pages", "slug": "widgets-on-pages", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] }, { "type": "plugin", "name": "Get feedback from visitors \u2013 WP Feedback Suite Plugin", "slug": "feedback-suite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Buffer \u2013 HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule", "slug": "buffer-my-post", "affected_versions": { "[*, 2020.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2020.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2020.1.0" ] }, { "type": "plugin", "name": "Content Aware Sidebars \u2013 Fastest Widget Area Plugin", "slug": "content-aware-sidebars", "affected_versions": { "[*, 3.17.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.17.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.17.2" ] }, { "type": "theme", "name": "Bani", "slug": "bani", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Fast WordPress", "slug": "fast-wp", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "SKT Templates \u2013 100% free Elementor & Gutenberg templates", "slug": "skt-templates", "affected_versions": { "[*, 4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3" ] }, { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "[*, 5.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.4" ] }, { "type": "plugin", "name": "Add Twitter Pixel for Twitter ads", "slug": "add-twitter-pixel", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "XT Variation Swatches for WooCommerce", "slug": "xt-woo-variation-swatches", "affected_versions": { "[*, 1.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.1" ] }, { "type": "plugin", "name": "URL Shortify \u2013 Simple, Powerful and Easy URL Shortener Plugin For WordPress", "slug": "url-shortify", "affected_versions": { "[*, 1.5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.11" ] }, { "type": "plugin", "name": "Authorize.Net Payment Gateway For WooCommerce", "slug": "woo-authorize-net-gateway-aim", "affected_versions": { "[*, 5.1.27)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.27" ] }, { "type": "plugin", "name": "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages", "slug": "wc4bp", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] }, { "type": "plugin", "name": "Affiliate Link Builder Plugin for Amazon Associates \u2013 Review Engine", "slug": "review-engine", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Glossary", "slug": "glossary-by-codeat", "affected_versions": { "[*, 2.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.8" ] }, { "type": "plugin", "name": "BAVOKO SEO Tools \u2013 All-in-One WordPress SEO", "slug": "wp-seo-keyword-optimizer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Cartoon Url", "slug": "cartoon-url", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Frontend Admin \u2013 Display WP Admin Pages in the Frontend", "slug": "display-admin-page-on-frontend", "affected_versions": { "[*, 1.17.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.17.0.4" ] }, { "type": "plugin", "name": "Block, Suspend, Report for BuddyPress", "slug": "bp-toolkit", "affected_versions": { "[*, 3.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.3" ] }, { "type": "plugin", "name": "Menu Image, Icons made easy", "slug": "menu-image", "affected_versions": { "[*, 3.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6" ] }, { "type": "plugin", "name": "XT Ajax Add To Cart for WooCommerce", "slug": "xt-woo-ajax-add-to-cart", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "One Click Login", "slug": "one-click-login", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Ether and ERC20 tokens WooCommerce Payment Gateway", "slug": "ether-and-erc20-tokens-woocommerce-payment-gateway", "affected_versions": { "[*, 4.12.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.12.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.12.9" ] }, { "type": "plugin", "name": "Chat Button- Leads and Order over Chat", "slug": "order-on-chat-for-woocommerce", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] }, { "type": "plugin", "name": "WooCommerce Shipping gateway per Product", "slug": "woocommerce-shipping-gateway-per-product", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] }, { "type": "theme", "name": "Purosa", "slug": "purosa", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Best Responsive Comparison Table for Gutenberg Editor \u2013 NicheTable", "slug": "nichetable", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] }, { "type": "plugin", "name": "Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress", "slug": "advanced-page-visit-counter", "affected_versions": { "[*, 6.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.0" ] }, { "type": "theme", "name": "WP Sierra", "slug": "wp-sierra", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Digital Goods for WooCommerce Checkout", "slug": "woo-checkout-for-digital-goods", "affected_versions": { "[*, 3.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.4" ] }, { "type": "plugin", "name": "SEO Booster", "slug": "seo-booster", "affected_versions": { "[*, 3.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.5" ] }, { "type": "plugin", "name": "Anti-Spam by Fullworks : GDPR Compliant Spam Protection", "slug": "fullworks-anti-spam", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] }, { "type": "plugin", "name": "Ultimate Widgets Light", "slug": "ultimate-widgets-light", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Insert or Embed Articulate Content into WordPress", "slug": "insert-or-embed-articulate-content-into-wordpress", "affected_versions": { "[*, 4.3000000016)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3000000016", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3000000016" ] }, { "type": "plugin", "name": "APPExperts \u2013 Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps", "slug": "appexperts", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "plugin", "name": "Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)", "slug": "ultimate-post-kit", "affected_versions": { "[*, 2.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.1" ] }, { "type": "plugin", "name": "Caxton \u2013 Create Pro page layouts in Gutenberg", "slug": "caxton", "affected_versions": { "[*, 1.30.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.30.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.30.0" ] }, { "type": "plugin", "name": "Nitek Carousel Slider Cool Transitions", "slug": "nitek-carousel-cool-transitions", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Extend Filter Products By Price Widget", "slug": "extend-filter-products-by-price-widget", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "BlockMeister \u2013 Block Pattern Builder", "slug": "blockmeister", "affected_versions": { "[*, 3.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.5" ] }, { "type": "plugin", "name": "Yatri Tools", "slug": "yatri-tools", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "plugin", "name": "Restrict \u2013 membership, site, content and user access restrictions for WordPress", "slug": "restricted-content", "affected_versions": { "[*, 2.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.9" ] }, { "type": "plugin", "name": "Change Prices with Time for WooCommerce", "slug": "change-prices-with-time-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Flat Rate Shipping Plugin For WooCommerce", "slug": "woo-extra-flat-rate", "affected_versions": { "[*, 4.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "Responsive Social Slider Widget", "slug": "responsive-facebook-and-twitter-widget", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Menu Item Scheduler", "slug": "menu-item-scheduler", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Blog Sidebar Widget", "slug": "blog-sidebar-widget", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Multipurpose Gutenberg Block", "slug": "multipurpose-block", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] }, { "type": "plugin", "name": "Full Page Blog Designer", "slug": "full-page-blog-designer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooCommerce Variation Swatches for Products", "slug": "woo-swatches-manager", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "[*, 4.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.0" ] }, { "type": "plugin", "name": "Simple Feature Requests Free \u2013 User Feedback Board", "slug": "simple-feature-requests", "affected_versions": { "[*, 2.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.4" ] }, { "type": "plugin", "name": "Bulk Edit Categories and Tags \u2013 Create Thousands Quickly on the Editor", "slug": "bulk-edit-categories-tags", "affected_versions": { "[*, 1.5.23)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.23" ] }, { "type": "plugin", "name": "License Manager for WooCommerce", "slug": "license-manager-for-woocommerce", "affected_versions": { "[*, 2.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.6" ] }, { "type": "plugin", "name": "Sky Login Redirect", "slug": "sky-login-redirect", "affected_versions": { "[*, 3.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.0" ] }, { "type": "plugin", "name": "Google Analytics plugin for WordPress by GA4WP", "slug": "ga-for-wp", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] }, { "type": "plugin", "name": "Divi Collage", "slug": "collage-for-divi", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Persistent Login", "slug": "wp-persistent-login", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "Deals of the Day WooCommerce", "slug": "deal-of-the-day", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Add Linkedin insight tags for Linkedin ads", "slug": "lktags-linkedin-insight-tags", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Easy Settings for LearnDash", "slug": "easy-settings-for-learndash", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Share This Image", "slug": "share-this-image", "affected_versions": { "[*, 1.67)": { "from_version": "*", "from_inclusive": true, "to_version": "1.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.67" ] }, { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "[*, 6.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.3.4" ] }, { "type": "plugin", "name": "NEXUS", "slug": "nexus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Meridia", "slug": "meridia", "affected_versions": { "[*, 2.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.7" ] }, { "type": "plugin", "name": "Webinar Solution: Create live\/evergreen\/automated\/instant webinars, stream & Zoom Meetings | WebinarIgnition", "slug": "webinar-ignition", "affected_versions": { "[*, 2.8.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.12" ] }, { "type": "plugin", "name": "Delete old Posts automatically", "slug": "delete-old-posts-programmatically", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] }, { "type": "theme", "name": "Brand", "slug": "brand", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WPBakery Page Builder Addons by Livemesh", "slug": "addons-for-visual-composer", "affected_versions": { "[*, 2.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.2" ] }, { "type": "plugin", "name": "WP Table Builder \u2013 WordPress Table Plugin", "slug": "wp-table-builder", "affected_versions": { "[*, 1.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.16" ] }, { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "Divi Content Restrictor", "slug": "content-restrictor-for-divi", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] }, { "type": "plugin", "name": "Logo Showcase \u2013 Responsive Logo Carousel, Logo Slider & Logo Grid", "slug": "logo-showcase-with-slick-slider", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] }, { "type": "plugin", "name": "Premmerce Variation Swatches for WooCommerce", "slug": "premmerce-woocommerce-variation-swatches", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] }, { "type": "plugin", "name": "Portfolio for Elementor & Image Gallery | PowerFolio", "slug": "portfolio-elementor", "affected_versions": { "[*, 2.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.7" ] }, { "type": "plugin", "name": "SSL Atlas \u2013 Free SSL Certificate & HTTPS Redirect for WordPress", "slug": "ssl-atlas-free-ssl-certificate-https-redirect", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery", "slug": "simply-gallery-block", "affected_versions": { "[*, 2.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.6" ] }, { "type": "plugin", "name": "Easy Tiktok Feed", "slug": "easy-tiktok-feed", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "PopOverXYZ \u2013 Show Light Weight Beautiful Tool Tips On Any Text", "slug": "pop-over-xyz", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)", "slug": "bulk-image-alt-text-with-yoast", "affected_versions": { "[*, 1.4.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5.0" ] }, { "type": "plugin", "name": "Number Chat", "slug": "number-chat", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Rating-Widget: Star Review System", "slug": "rating-widget", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] }, { "type": "plugin", "name": "Spotlight Social Feeds \u2013 Block, Shortcode, and Widget", "slug": "spotlight-social-photo-feeds", "affected_versions": { "[*, 0.10.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.10.2" ] }, { "type": "plugin", "name": "Expire tags", "slug": "expire-tags", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Go Viral \u2013 social share, social sharebar, social locker, social chat, open graph, reactions, share & view counters", "slug": "go-viral", "affected_versions": { "[*, 1.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.0" ] }, { "type": "plugin", "name": "Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler", "slug": "cf7-styler", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "plugin", "name": "Dashy \u2013 Google Analytics advanced dashboard", "slug": "dashylite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce User Roles", "slug": "premmerce-user-roles", "affected_versions": { "[*, 1.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.11" ] }, { "type": "plugin", "name": "Radio Station by netmix\u00ae \u2013 Manage and play your Show Schedule in WordPress!", "slug": "radio-station", "affected_versions": { "[*, 2.4.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.0.6" ] }, { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "[*, 2.4.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.3.1" ] }, { "type": "plugin", "name": "WordPress SEO Audit Plugin \u2013 WP Site Auditor", "slug": "seo-site-auditor-agency", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] }, { "type": "plugin", "name": "WordPress Reviews by ReviewPress", "slug": "reviewpress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator Software", "slug": "wp-travel-engine", "affected_versions": { "[*, 5.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.8" ] }, { "type": "plugin", "name": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu", "slug": "mobile-menu", "affected_versions": { "[*, 2.8.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.2.7" ] }, { "type": "plugin", "name": "WP Smart Export (Free)", "slug": "wp-smart-export", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Free Booking Plugin for Hotels, Restaurants and Car Rentals \u2013 eaSYNC Booking", "slug": "easync-booking", "affected_versions": { "[*, 1.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.10" ] }, { "type": "plugin", "name": "WP Conference Schedule", "slug": "wp-conference-schedule", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Strumenti Partita IVA per Woocommerce", "slug": "woo-fiscalita-italiana", "affected_versions": { "[*, 1.3.23)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.23" ] }, { "type": "plugin", "name": "Anfrageformular \u2013 Multi Step Drag & Drop Formular Builder \u2013 Leadgenerierung", "slug": "anfrageformular", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce Brands for WooCommerce", "slug": "premmerce-woocommerce-brands", "affected_versions": { "[*, 1.2.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.12" ] }, { "type": "plugin", "name": "Ethereum Wallet", "slug": "ethereum-wallet", "affected_versions": { "[*, 4.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.9" ] }, { "type": "plugin", "name": "Limb Gallery | Create Beautiful Image & Video Galleries", "slug": "limb-gallery", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] }, { "type": "plugin", "name": "Code Manager", "slug": "code-manager", "affected_versions": { "[*, 1.0.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.14" ] }, { "type": "plugin", "name": "Payment Gateway for PayFabric", "slug": "payment-gateway-payfabric", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "CP Simple Newsletter", "slug": "cp-simple-newsletter", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "LittleBot ACH for Stripe + Plaid", "slug": "ach-for-stripe-plaid", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Aquarella Lite", "slug": "aquarella-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Coinbase Commerce \u2013 Crypto Gateway for WooCommerce", "slug": "commerce-coinbase-for-woocommerce", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] }, { "type": "theme", "name": "Villar", "slug": "villar", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "Kikote \u2013 Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce", "slug": "map-location-picker-at-checkout-for-woocommerce", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] }, { "type": "plugin", "name": "Age Verification Screen for WooCommerce", "slug": "age-verification-screen-for-woocommerce", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] }, { "type": "plugin", "name": "Enhanced Ecommerce Google Analytics for WooCommerce", "slug": "woo-ecommerce-tracking-for-google-and-facebook", "affected_versions": { "[*, 3.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.3" ] }, { "type": "plugin", "name": "Joli FAQ SEO \u2013 WordPress FAQ Plugin", "slug": "joli-faq-seo", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "Mass Pages\/Posts Creator", "slug": "mass-pagesposts-creator", "affected_versions": { "[*, 2.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.5" ] }, { "type": "plugin", "name": "WP Relevant Ads", "slug": "wp-relevant-ads", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "GloriousThemes Starter Sites", "slug": "glorious-sites-installer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Group Promoter", "slug": "wp-facebook-group", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Airpress", "slug": "airpress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Schema Plugin For Divi, Gutenberg & Shortcodes", "slug": "wp-structured-data-schema", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] }, { "type": "plugin", "name": "Giveaways for woocommerce", "slug": "giveaways-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Custom Login Page Customizer", "slug": "login-customizer", "affected_versions": { "[*, 2.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.8" ] }, { "type": "theme", "name": "LearnMore", "slug": "learnmore", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "DeMomentSomTres Media Tools Auto", "slug": "demomentsomtres-media-tools-auto", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "[*, 1.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.4" ] }, { "type": "plugin", "name": "kk Star Ratings \u2013 Rate Post & Collect User Feedbacks", "slug": "kk-star-ratings", "affected_versions": { "[*, 5.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.9" ] }, { "type": "plugin", "name": "Drop Shadow Boxes", "slug": "drop-shadow-boxes", "affected_versions": { "[*, 1.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.4" ] }, { "type": "plugin", "name": "FAQ Manager For Divi, Gutenberg Block & Shortcode", "slug": "faq-manager-with-structured-data", "affected_versions": { "[*, 5.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.1" ] }, { "type": "plugin", "name": "Ads.txt & App-ads.txt Manager for WordPress", "slug": "app-ads-txt", "affected_versions": { "[*, 1.1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.7.0" ] }, { "type": "plugin", "name": "Quick Contact Form", "slug": "quick-contact-form", "affected_versions": { "[*, 8.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.2" ] }, { "type": "plugin", "name": "WP Frontend Profile", "slug": "wp-front-end-profile", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] }, { "type": "plugin", "name": "SVG Flags \u2013 Beautiful Scalable Flags For All Countries!", "slug": "svg-flags-lite", "affected_versions": { "[*, 0.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.6" ] }, { "type": "plugin", "name": "Drip Feed Content Extended for Learndash", "slug": "drip-feed-content-extended-for-learndash", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Posts List Designer by Category \u2013 List Category Posts Or Recent Posts", "slug": "post-list-designer", "affected_versions": { "[*, 2.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.7" ] }, { "type": "plugin", "name": "Conversion de moneda Woocommerce", "slug": "conversion-de-moneda", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "VidSEO | WordPress Video SEO embedder with transcripts (Youtube & Vimeo)", "slug": "vidseo", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Before and After Product Images for WooCommerce", "slug": "before-and-after-product-images-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Woocommerce Customer Reviews with Artificial Intelligence analyzis, with IBM Watson Tone Analyzer", "slug": "bo-wc-customer-review-watson", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "LawPress \u2013 Law Firm Website Management", "slug": "lawpress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Shipping Method Display Style for WooCommerce", "slug": "woo-shipping-display-mode", "affected_versions": { "[*, 3.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.5" ] }, { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "[*, 1.3.33)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.33" ] }, { "type": "plugin", "name": "SQL Reporting Services \u2013 SSRS Plugin for WordPress", "slug": "sql-reporting-services", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Bulk Edit Posts and Products in Spreadsheet", "slug": "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages", "affected_versions": { "[*, 2.24.13)": { "from_version": "*", "from_inclusive": true, "to_version": "2.24.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.24.13" ] }, { "type": "plugin", "name": "Delete Duplicate Posts", "slug": "delete-duplicate-posts", "affected_versions": { "[*, 4.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.5" ] }, { "type": "plugin", "name": "WS Bootstrap", "slug": "ws-bootstrap-vc", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Clean Social Icons", "slug": "clean-social-icons", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Media Library File Download", "slug": "media-download", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] }, { "type": "plugin", "name": "WP Link Bio", "slug": "wp-link-bio", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] }, { "type": "plugin", "name": "Internal Linking for SEO traffic & Ranking \u2013 Auto internal links (100% automatic)", "slug": "automatic-internal-links-for-seo", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "Geo Mashup", "slug": "geo-mashup", "affected_versions": { "[*, 1.13.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.13.6" ] }, { "type": "plugin", "name": "Builder for WooCommerce product reviews shortcodes \u2013 ReviewShort", "slug": "woo-product-reviews-shortcode", "affected_versions": { "[*, 1.0.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.17" ] }, { "type": "plugin", "name": "Contact List \u2013 Premium Staff Listing, Business Directory Plugin & Address Book", "slug": "contact-list", "affected_versions": { "[*, 2.9.50)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.50", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.50" ] }, { "type": "plugin", "name": "Post Snippets \u2013 Custom WordPress Code Snippets Customizer", "slug": "post-snippets", "affected_versions": { "[*, 3.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.7" ] }, { "type": "plugin", "name": "SocialMark \u2013 Easy Watermark\/Logo on Social Media Post Link Share Preview", "slug": "socialmark", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] }, { "type": "plugin", "name": "Print My Blog \u2013 Print, PDF, & eBook Converter WordPress Plugin", "slug": "print-my-blog", "affected_versions": { "[*, 3.11.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.11.4" ] }, { "type": "plugin", "name": "WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes)", "slug": "delicious-recipes", "affected_versions": { "[*, 1.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.5" ] }, { "type": "plugin", "name": "TreePress \u2013 Easy Family Trees & Ancestor Profiles", "slug": "treepress", "affected_versions": { "[*, 2.0.21)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.21" ] }, { "type": "plugin", "name": "Postcode Redirect", "slug": "postcode-redirect", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.0" ] }, { "type": "plugin", "name": "Product Author for WooCommerce", "slug": "wc-product-author", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] }, { "type": "plugin", "name": "WP Coupons and Deals \u2013 WordPress Coupon Plugin", "slug": "wp-coupons-and-deals", "affected_versions": { "[*, 3.1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.12" ] }, { "type": "plugin", "name": "Feedpress Generator \u2013 External RSS Frontend Customizer", "slug": "feedpress-generator", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Form Vibes \u2013 Database Manager for Forms", "slug": "form-vibes", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "plugin", "name": "WP AutoMedic", "slug": "wp-automedic", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Banner Management For WooCommerce", "slug": "banner-management-for-woocommerce", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] }, { "type": "plugin", "name": "Duplicate Variations for Woocommerce", "slug": "duplicate-variations-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Send Prebuilt Emails", "slug": "send-prebuilt-emails", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "FAQ \/ Accordion \/ Docs \u2013 Helpie WordPress FAQ Accordion plugin", "slug": "helpie-faq", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] }, { "type": "plugin", "name": "Livemesh SiteOrigin Widgets", "slug": "livemesh-siteorigin-widgets", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] }, { "type": "plugin", "name": "Livemesh Addons for Beaver Builder", "slug": "addons-for-beaver-builder", "affected_versions": { "[*, 2.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.4" ] }, { "type": "plugin", "name": "Tabs with Recommended Posts (Widget)", "slug": "tabs-with-posts", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Spanish Market Enhancements for WooCommerce", "slug": "woocommerce-es", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] }, { "type": "plugin", "name": "RevivePress \u2013 Keep your Old Content Evergreen", "slug": "wp-auto-republish", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "plugin", "name": "WP fail2ban \u2013 Advanced Security Plugin", "slug": "wp-fail2ban", "affected_versions": { "[*, 4.4.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.0.2" ] }, { "type": "plugin", "name": "Ultra Elementor Addons", "slug": "ultra-elementor-addons", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "RecurWP \u2013 WordPress Recurly Payment Gateway", "slug": "recurwp", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Smart Floating \/ Sticky Buttons \u2013 Call, Sharing, Chat Widgets & More \u2013 Buttonizer", "slug": "buttonizer-multifunctional-button", "affected_versions": { "[*, 2.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.3" ] }, { "type": "plugin", "name": "Quick Event Manager", "slug": "quick-event-manager", "affected_versions": { "[*, 9.2.17)": { "from_version": "*", "from_inclusive": true, "to_version": "9.2.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.2.17" ] }, { "type": "plugin", "name": "Image Photo Gallery Final Tiles Grid", "slug": "final-tiles-grid-gallery-lite", "affected_versions": { "[*, 3.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.5" ] }, { "type": "plugin", "name": "Lightbox & Modal Popup WordPress Plugin \u2013 FooBox", "slug": "foobox-image-lightbox", "affected_versions": { "[*, 2.7.17)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.17" ] }, { "type": "plugin", "name": "WP Dev Powers \u2013 Display Screen Dimensions to Admin Plugin", "slug": "wp-dev-powers-display-screen-dimensions-to-admin", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Ultimate Bulk SEO Noindex Nofollow \u2013 Speed up Penalty Recovery Ultimate SEO Booster", "slug": "ultimate-bulk-seo-noindex-nofollow", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Data Access \u2013 WordPress App, Table and Form Builder plugin", "slug": "wp-data-access", "affected_versions": { "[*, 5.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.4" ] }, { "type": "plugin", "name": "StoreCustomizer \u2013 A plugin to Customize all WooCommerce Pages", "slug": "woocustomizer", "affected_versions": { "[*, 2.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.8" ] }, { "type": "plugin", "name": "WordPress News Plugin \u2013 TopNewsWp", "slug": "wp-top-news", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "plugin", "name": "User Menus \u2013 Nav Menu Visibility", "slug": "user-menus", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] }, { "type": "plugin", "name": "Contact Form 7 Multi-Step Forms", "slug": "contact-form-7-multi-step-module", "affected_versions": { "[*, 4.1.91)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.91", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.91" ] }, { "type": "plugin", "name": "Easy Age Verify", "slug": "easy-age-verify", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] }, { "type": "plugin", "name": "Blocked in China | Check if your site is available in the Chinese mainland", "slug": "blocked-in-china", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] }, { "type": "plugin", "name": "WooCommerce Disable Payment Methods based on cart conditions", "slug": "woo-conditional-payment-gateways", "affected_versions": { "[*, 1.13.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.13.1.1" ] }, { "type": "plugin", "name": "Awesome SSL", "slug": "awesome-ssl", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Iks Menu \u2013 WordPress Category Accordion Menu & FAQs", "slug": "iks-menu", "affected_versions": { "[*, 1.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.2" ] }, { "type": "theme", "name": "Purus", "slug": "purus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Hooked Editable Content", "slug": "hooked-editable-content", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Run Contests, Raffles, and Giveaways with ContestsWP", "slug": "contest-code-checker", "affected_versions": { "[*, 1.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.0" ] }, { "type": "plugin", "name": "Post Carousel Divi", "slug": "post-carousel-divi", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] }, { "type": "plugin", "name": "MailChimp Manager", "slug": "rm-mailchimp-manager", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce Permalink Manager for WooCommerce", "slug": "woo-permalink-manager", "affected_versions": { "[*, 2.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.5" ] }, { "type": "plugin", "name": "Secure IP Logins", "slug": "secure-ip-logins", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Videopack", "slug": "video-embed-thumbnail-generator", "affected_versions": { "[*, 4.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.4" ] }, { "type": "plugin", "name": "Premmerce WooCommerce Customers Manager", "slug": "woo-customers-manager", "affected_versions": { "[*, 1.1.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.13" ] }, { "type": "plugin", "name": "AnyWhere Elementor", "slug": "anywhere-elementor", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] }, { "type": "plugin", "name": "Divi Torque Lite \u2013 Divi Theme and Extra Theme", "slug": "addons-for-divi", "affected_versions": { "[*, 3.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.0" ] }, { "type": "plugin", "name": "Events Calendar Registration", "slug": "events-calendar-registration-booking-by-events-plus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Rocket Maintenance Mode & Coming Soon Page", "slug": "rocket-maintenance-mode", "affected_versions": { "[*, 4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3" ] }, { "type": "plugin", "name": "WordPress WooCommerce Sync for Google Sheet", "slug": "wp-woo-commerce-sync-for-g-sheet", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Smooth Scroll Links \u2013 Smooth Scrolling Anchor", "slug": "easy-smooth-scroll-links", "affected_versions": { "[*, 2.23.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.23.1" ] }, { "type": "plugin", "name": "Page Builder Gutenberg Blocks \u2013 Kioken Blocks", "slug": "kioken-blocks", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Cryptocurrency Portfolio Tracker", "slug": "cryptocurrency", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Go Fetch Jobs (for WP Job Manager)", "slug": "go-fetch-jobs-wp-job-manager", "affected_versions": { "* - 1.7.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3.2.4" ] }, { "type": "plugin", "name": "Quick Affiliate Store", "slug": "quick-affiliate-store", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Tools Divi Blog Carousel", "slug": "wp-tools-divi-blog-carousel", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "Post to Google My Business (Google Business Profile)", "slug": "post-to-google-my-business", "affected_versions": { "[*, 3.0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.10" ] }, { "type": "theme", "name": "NicheBase", "slug": "nichebase", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "plugin", "name": "WPVisitorInfo \u2013 Show Visitor Information & Conditional Data Based On That Information", "slug": "visitor-info", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce", "slug": "premmerce", "affected_versions": { "[*, 1.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.16" ] }, { "type": "plugin", "name": "CartPops \u2013 High Converting Add To Cart Popup For WooCommerce", "slug": "cartpops", "affected_versions": { "[*, 1.4.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.17" ] }, { "type": "plugin", "name": "Scrollsequence \u2013 Cinematic Scroll Image Animation Plugin", "slug": "scrollsequence", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "theme", "name": "Elation", "slug": "elation", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Cuisine Palace", "slug": "cuisine-palace", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Product Attachment for WooCommerce", "slug": "woo-product-attachment", "affected_versions": { "[*, 2.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.3" ] }, { "type": "plugin", "name": "Master Blocks \u2013 Gutenberg Site Builder", "slug": "master-blocks", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Product Options and Price Calculation Formulas for WooCommerce \u2013 Uni CPO", "slug": "uni-woo-custom-product-options", "affected_versions": { "[*, 4.9.14)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9.14" ] }, { "type": "plugin", "name": "WordPress Coupon Plugin for Bloggers and Marketers \u2013 WP Offers", "slug": "wp-offers", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "plugin", "name": "WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto", "slug": "tripetto", "affected_versions": { "[*, 5.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.1" ] }, { "type": "plugin", "name": "Widgets on Pages and Posts", "slug": "widgets-on-pages-and-posts", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Better Messages \u2013 WCFM Integration", "slug": "better-messages-wcfm-integration", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "SheetPress \u2013 Manage WordPress Meta data with Google Sheets", "slug": "sheetpress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Advanced Custom Fields options import\/export", "slug": "acf-options-importexport", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Quick Paypal Payments", "slug": "quick-paypal-payments", "affected_versions": { "[*, 5.7.22)": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.7.22" ] }, { "type": "plugin", "name": "Tarot Card Oracle", "slug": "card-oracle", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "plugin", "name": "Better Sharing", "slug": "better-sharing", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] }, { "type": "plugin", "name": "Restrict User Access \u2013 Ultimate Membership & Content Protection", "slug": "restrict-user-access", "affected_versions": { "[*, 2.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] }, { "type": "plugin", "name": "WUPO Group Attributes for WooCommerce", "slug": "wupo-group-attributes", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] }, { "type": "plugin", "name": "Nugget by Ingot: Easy, automated and native A\/B testing for everyone", "slug": "nugget-by-ingot", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "FeedbackScout: The easiest way to collect, prioritise, manage and track customer feedback.", "slug": "feedbackscout", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Arendelle", "slug": "arendelle", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "plugin", "name": "Easy Zillow Reviews", "slug": "easy-zillow-reviews", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] }, { "type": "plugin", "name": "Battle Suit for Divi", "slug": "ds-suit", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Store Toolkit \u2013 WooCommerce Extensions, Quick Enhancements & Handy Tools", "slug": "woocommerce-store-toolkit", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] }, { "type": "plugin", "name": "WCC SEO Keyword Research", "slug": "wcc-seo-keyword-research", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Elements for LifterLMS", "slug": "elements-for-lifterlms", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Custom Registration and Custom Login Forms with New Recaptcha", "slug": "custom-registration-and-login-forms-with-new-recaptcha", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Quote for WooCommerce Lite \u2013 Add to Quote Plugin Lets Customers Request Custom Quotes for Products using the Request a Quote Plugin for WooCommerce", "slug": "woo-add-to-quote", "affected_versions": { "[*, 1.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.9" ] }, { "type": "plugin", "name": "Wadi Survey", "slug": "wadi-survey", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Performance Kit", "slug": "performance-kit", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Page Builder for Gutenberg \u2013 StarterBlocks", "slug": "starterblocks", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Impexium Single Sign On", "slug": "fusionspan-impexium-single-sign-on", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "XT Quick View for WooCommerce", "slug": "xt-woo-quick-view-lite", "affected_versions": { "[*, 1.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.6" ] }, { "type": "plugin", "name": "Live Drag and Drop Builder for Contact Form 7", "slug": "drag-and-drop-form-builder-for-contact-form-7", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Primary Addon for Elementor", "slug": "primary-addon-for-elementor", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] }, { "type": "plugin", "name": "JDs Portfolio", "slug": "jds-portfolio", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "TwentyFourth WP Scraper", "slug": "twentyfourth-wp-scraper", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Blocksy Companion", "slug": "blocksy-companion", "affected_versions": { "[*, 1.8.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.20" ] }, { "type": "plugin", "name": "WordPress Google Translate", "slug": "wpgt-google-translate", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] }, { "type": "theme", "name": "Hasium", "slug": "hasium", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.5" ] }, { "type": "plugin", "name": "Station Pro", "slug": "station-pro", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Event Tickets and Registration", "slug": "event-tickets", "affected_versions": { "[*, 5.3.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.0.1" ] }, { "type": "plugin", "name": "Gateway for PayLate on WooCommerce", "slug": "woo-paylate", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] }, { "type": "plugin", "name": "Auto SEO META keywords (META tags keywords) optimization + WooCommerce", "slug": "meta-tags-for-seo", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "ClimateClick: Climate Action for all", "slug": "co2ok-for-woocommerce", "affected_versions": { "* - 1.0.9.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9.22" ] }, { "type": "plugin", "name": "Premmerce SEO for WooCommerce", "slug": "woo-seo-addon", "affected_versions": { "[*, 2.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.5" ] }, { "type": "plugin", "name": "Wholesale for WooCommerce \u2014 This Wholesale Plugin Helps B2B and B2C Businesses Streamline Wholesale Products, Pricing, and User Roles, Automating their WooCommerce Wholesale Stores", "slug": "woo-wholesale-pricing", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] }, { "type": "plugin", "name": "Frontend group restriction for LearnDash", "slug": "frontend-group-restriction-for-learndash", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Really Simple Featured Video \u2013 Featured video support for Posts, Pages & WooCommerce Products", "slug": "really-simple-featured-video", "affected_versions": { "* - 0.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.2" ] }, { "type": "plugin", "name": "Display Eventbrite Events", "slug": "widget-for-eventbrite-api", "affected_versions": { "[*, 4.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.8" ] }, { "type": "plugin", "name": "XT Floating Cart for WooCommerce", "slug": "woo-floating-cart-lite", "affected_versions": { "[*, 2.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.3" ] }, { "type": "plugin", "name": "Cookie Consent for WP \u2013 Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)", "slug": "gdpr-cookie-consent", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] }, { "type": "plugin", "name": "WP SPID Italia", "slug": "wp-spid-italia", "affected_versions": { "[*, 2.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.5" ] }, { "type": "plugin", "name": "Tiered Pricing Table for WooCommerce", "slug": "tier-pricing-table", "affected_versions": { "[*, 2.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.1" ] }, { "type": "plugin", "name": "Migrate WordPress Website & Backups \u2013 Prime Mover", "slug": "prime-mover", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Replyable \u2013 Subscribe to Comments and Reply by Email", "slug": "postmatic", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] }, { "type": "plugin", "name": "Court Reservation \u2013 Manage Your Court Bookings Online", "slug": "court-reservation", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] }, { "type": "plugin", "name": "VO Store Locator \u2013 WP Store Locator Plugin", "slug": "vo-locator-the-wp-store-locator", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Get Directions Map", "slug": "get-directions", "affected_versions": { "[*, 2.15.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.8", "to_inclusive": false } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce Redirect Manager", "slug": "premmerce-redirect-manager", "affected_versions": { "[*, 1.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "plugin", "name": "SnazzyAdmin WP Admin Theme", "slug": "snazzyadmin-wp-admin-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Amela", "slug": "amela", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "plugin", "name": "Woocommerce Customers Order History", "slug": "woo-customers-order-history", "affected_versions": { "[*, 5.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.1" ] }, { "type": "plugin", "name": "EthPress \u2013 Web3 Login", "slug": "ethpress", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] }, { "type": "plugin", "name": "Ant Admin Notices for Team", "slug": "admin-notices-for-team", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooCommerce Bulk Edit Coupons \u2013 WP Sheet Editor", "slug": "woo-coupons-bulk-editor", "affected_versions": { "[*, 1.3.28)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.28", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.28" ] }, { "type": "plugin", "name": "Pay For Post with WooCommerce", "slug": "woocommerce-pay-per-post", "affected_versions": { "[*, 3.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.9" ] }, { "type": "plugin", "name": "bbResolutions", "slug": "bbresolutions", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooCommerce Google Analytics Integration By Advanced WC Analytics", "slug": "advance-wc-analytics", "affected_versions": { "[*, 3.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.1" ] }, { "type": "plugin", "name": "TK SmugMug Slideshow Shortcode", "slug": "tk-smugmug-slideshow-shortcode", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Lightbox \u2013 EverlightBox Gallery", "slug": "everlightbox", "affected_versions": { "[*, 1.1.18)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.18" ] }, { "type": "theme", "name": "Unakit", "slug": "unakit", "affected_versions": { "[*, 1.2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4.2" ] }, { "type": "plugin", "name": "WP Affiliate Disclosure", "slug": "wp-affiliate-disclosure", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "plugin", "name": "Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more", "slug": "ilab-media-tools", "affected_versions": { "[*, 4.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.1" ] }, { "type": "plugin", "name": "RaCar Clear Cart for WooCommerce", "slug": "racar-clear-cart-for-woocommerce", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "plugin", "name": "WP Disable Sitemap", "slug": "wp-disable-sitemap", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "Internal Link Juicer: SEO Auto Linker for WordPress", "slug": "internal-links", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "Block Slider \u2013 Responsive Image Slider, Video Slider & Post Slider", "slug": "block-slider", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "Pinblocks \u2014 Gutenberg blocks with Pinterest widgets", "slug": "pinblocks", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Contact Widgets For Elementor all the contact links you need in one place", "slug": "contact-widgets-for-elementor", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Tickera \u2013 WordPress Event Ticketing", "slug": "tickera-event-ticketing-system", "affected_versions": { "[*, 3.4.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.9.2" ] }, { "type": "plugin", "name": "StreamCast \u2013 Radio Player for WordPress", "slug": "streamcast", "affected_versions": { "[*, 2.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.4" ] }, { "type": "plugin", "name": "Sticky add to cart for Woo", "slug": "sticky-add-to-cart-for-woo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "BlockyPage \u2013 Gutenberg Based Page Builder", "slug": "blockypage", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Pro Broken Links Maintainer", "slug": "pro-links-maintainer-dev", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP School Calendar", "slug": "wp-school-calendar-lite", "affected_versions": { "[*, 3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6" ] }, { "type": "plugin", "name": "ListPlus \u2013 Unlimited Listing Directory", "slug": "listplus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Walker Core", "slug": "walker-core", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] }, { "type": "plugin", "name": "Agy \u2013 Age verification for WooCommerce", "slug": "content-warning-v2", "affected_versions": { "[*, 4.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.1" ] }, { "type": "plugin", "name": "Modern Designs for Gravity Forms", "slug": "modern-designs-for-gravity-forms", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "RankBear", "slug": "rankbear", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "STAX Header Builder", "slug": "stax", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "plugin", "name": "Fast Checkout for WooCommerce", "slug": "fast-checkout-for-woocommerce", "affected_versions": { "[*, 1.1.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.17" ] }, { "type": "plugin", "name": "WooCommerce PayPlug", "slug": "woocommerce-payplug", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Code Snippets", "slug": "easy-code-snippets", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] }, { "type": "plugin", "name": "W3SCloud Contact Form 7 to Zoho CRM", "slug": "w3s-cf7-zoho", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] }, { "type": "plugin", "name": "Widget Detector for Elementor", "slug": "widget-detector-elementor", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Add Tiktok Pixel for Tiktok ads (+Woocommerce)", "slug": "add-tiktok-advertising-pixel", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "plugin", "name": "WP Encryption \u2013 One Click Free SSL Certificate & SSL \/ HTTPS Redirect to Force HTTPS, Security+", "slug": "wp-letsencrypt-ssl", "affected_versions": { "[*, 5.7.10)": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.7.10" ] }, { "type": "plugin", "name": "Better Messages \u2013 Integration for WC Vendors Marketplace", "slug": "better-messages-wc-vendors-integration", "affected_versions": { "[*, 1.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "plugin", "name": "Alley Business Toolkit", "slug": "alley-business-toolkit", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] }, { "type": "plugin", "name": "Premmerce Product Filter for WooCommerce", "slug": "premmerce-woocommerce-product-filter", "affected_versions": { "[*, 3.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.2" ] }, { "type": "plugin", "name": "WP Search Filter", "slug": "wp-search-filter", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Post Views Count", "slug": "easy-post-views-count", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "plugin", "name": "Power Ups for Elementor", "slug": "power-ups-for-elementor", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "plugin", "name": "Social Kit", "slug": "social-kit", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Post Slider and Post Carousel with Post Vertical Scrolling Widget \u2013 A Responsive Post Slider", "slug": "post-slider-and-carousel", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] }, { "type": "plugin", "name": "HM Multiple Roles", "slug": "hm-multiple-roles", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] }, { "type": "plugin", "name": "Team Collaboration Plugin for WordPress Editorial teams- Multicollab", "slug": "commenting-feature", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] }, { "type": "plugin", "name": "Alt Manager", "slug": "alt-manager", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Premmerce Product Search for WooCommerce", "slug": "premmerce-search", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] }, { "type": "plugin", "name": "WP Security Safe", "slug": "security-safe", "affected_versions": { "[*, 2.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.4" ] }, { "type": "plugin", "name": "WooCommerce Bulk Edit Products \u2013 WP Sheet Editor", "slug": "woo-bulk-edit-products", "affected_versions": { "[*, 1.7.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.13" ] }, { "type": "plugin", "name": "Da Reactions", "slug": "da-reactions", "affected_versions": { "[*, 3.20.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.20.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.20.2" ] }, { "type": "plugin", "name": "Food Store \u2013 Online Food Delivery & Pickup", "slug": "food-store", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] }, { "type": "plugin", "name": "Abeta Link PunchOut", "slug": "abeta-punchout", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "jav's \u2013 WooCommerce and Trello integration WooTrello", "slug": "wootrello", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] }, { "type": "plugin", "name": "Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin", "slug": "page-builder-sandwich", "affected_versions": { "[*, 4.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.5" ] }, { "type": "plugin", "name": "WP Sessions Time Monitoring Full Automatic", "slug": "activitytime", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "plugin", "name": "WoowGallery \u2013 image gallery \/ content gallery \/ ecommerce gallery \/ social gallery \/ video gallery \/ album photo gallery", "slug": "woowgallery", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] }, { "type": "plugin", "name": "WordPress Auto SEO Plugin \u2013 Upfiv SEO Wizard", "slug": "upfiv-complete-all-in-one-seo-wizard", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Greenshift \u2013 animation and page builder blocks", "slug": "greenshift-animation-and-page-builder-blocks", "affected_versions": { "[*, 1.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.6" ] }, { "type": "plugin", "name": "Restaurant & Cafe Addon for Elementor", "slug": "restaurant-cafe-addon-for-elementor", "affected_versions": { "[*, 1.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-scan" ], "published": "2022-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a00980c-2d27-4363-acad-ed9d1e7e37b2": { "id": "3a00980c-2d27-4363-acad-ed9d1e7e37b2", "title": "OMGF <= 4.5.3 - Subscriber+ Arbitrary File\/Folder Deletion", "software": [ { "type": "plugin", "name": "OMGF | GDPR\/DSGVO Compliant, Faster Google Fonts. Easy.", "slug": "host-webfonts-local", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a00980c-2d27-4363-acad-ed9d1e7e37b2?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a044983-1ec7-464b-aa5d-d479be45bb1a": { "id": "3a044983-1ec7-464b-aa5d-d479be45bb1a", "title": "EventON <= 2.2.14 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a044983-1ec7-464b-aa5d-d479be45bb1a?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a066eae-4040-4d76-b730-47d98dc37662": { "id": "3a066eae-4040-4d76-b730-47d98dc37662", "title": "Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.262": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.262", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.264" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a066eae-4040-4d76-b730-47d98dc37662?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a096506-b18e-419c-808b-6099baa628ce": { "id": "3a096506-b18e-419c-808b-6099baa628ce", "title": "LifterLMS <= 7.7.5 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "* - 7.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a096506-b18e-419c-808b-6099baa628ce?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a0a7a6d-7acd-4a70-b78d-da2ac697e374": { "id": "3a0a7a6d-7acd-4a70-b78d-da2ac697e374", "title": "Simple COD Fees for WooCommerce <= 2.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Simple COD Fees for WooCommerce", "slug": "simple-cod-fee-for-woocommerce", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a0a7a6d-7acd-4a70-b78d-da2ac697e374?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a0c8ecc-f0a1-41fa-a5f7-2d65d610efc0": { "id": "3a0c8ecc-f0a1-41fa-a5f7-2d65d610efc0", "title": "PageLayer <= 1.7.7 - Cross-Site Request Forgery via pagelayer_load_plugin", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a0c8ecc-f0a1-41fa-a5f7-2d65d610efc0?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a0d85e8-33fa-46eb-b71b-d93715bc373e": { "id": "3a0d85e8-33fa-46eb-b71b-d93715bc373e", "title": "WPtouch <= 4.3.42 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "* - 4.3.42": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a0d85e8-33fa-46eb-b71b-d93715bc373e?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a0faf14-77bf-4776-8685-12a348a4a6c8": { "id": "3a0faf14-77bf-4776-8685-12a348a4a6c8", "title": "MainWP File Uploader Extension <= 4.1 - Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "MainWP File Uploader Extension", "slug": "mainwp-file-uploader-extension", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a0faf14-77bf-4776-8685-12a348a4a6c8?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a11216c-868c-4dd9-b6d5-2a772d7d303e": { "id": "3a11216c-868c-4dd9-b6d5-2a772d7d303e", "title": "Comment Press <= 2.7.1 - Cross-Frame Scripting", "software": [ { "type": "plugin", "name": "Comment System Plugin for WordPress & Ajax Comments - Comment Press", "slug": "comment-press", "affected_versions": { "[*, 2.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a11216c-868c-4dd9-b6d5-2a772d7d303e?source=api-scan" ], "published": "2020-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a12945d-a67c-4a19-a4e7-f65f5f2a21bb": { "id": "3a12945d-a67c-4a19-a4e7-f65f5f2a21bb", "title": "Superb slideshow gallery <= 13.1 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Superb slideshow gallery", "slug": "superb-slideshow-gallery", "affected_versions": { "* - 13.1": { "from_version": "*", "from_inclusive": true, "to_version": "13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a152cbd-1452-483c-8780-afa8054c3686": { "id": "3a152cbd-1452-483c-8780-afa8054c3686", "title": "Gutenverse <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenverse \u2013 Ultimate Block Addons and Page Builder for Site Editor", "slug": "gutenverse", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a152cbd-1452-483c-8780-afa8054c3686?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a17560b-4fe0-4e1b-b4a2-c411f1123914": { "id": "3a17560b-4fe0-4e1b-b4a2-c411f1123914", "title": "WooCommerce < 5.5 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": false }, "3.3 - 3.3.5": { "from_version": "3.3", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true }, "3.4 - 3.4.7": { "from_version": "3.4", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true }, "3.5 - 3.5.8": { "from_version": "3.5", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": true }, "3.6 - 3.6.5": { "from_version": "3.6", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true }, "3.7 - 3.7.1": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true }, "3.8 - 3.8.1": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true }, "3.9 - 3.9.3": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true }, "4.0 - 4.0.1": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true }, "4.1 - 4.1.1": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true }, "4.2 - 4.2.2": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true }, "4.3 - 4.3.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true }, "4.4 - 4.4.1": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true }, "4.6 - 4.6.2": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true }, "4.7 - 4.7.1": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true }, "4.8": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true }, "4.9 - 4.9.2": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true }, "5.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true }, "5.2 - 5.2.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true }, "5.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true }, "5.4 - 5.4.1": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.1", "to_inclusive": true }, "5.5": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.6", "3.4.8", "3.5.9", "3.6.6", "3.7.2", "3.8.2", "3.9.4", "4.0.2", "4.1.2", "4.2.3", "4.3.4", "4.4.2", "4.5.3", "4.6.3", "4.7.2", "4.8.1", "4.9.3", "5.0.1", "5.1.1", "5.2.3", "5.3.1", "5.4.2", "5.5.1", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a17560b-4fe0-4e1b-b4a2-c411f1123914?source=api-scan" ], "published": "2021-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a17b6ad-c778-4677-b5bd-6ffc9b425ba1": { "id": "3a17b6ad-c778-4677-b5bd-6ffc9b425ba1", "title": "Quiz And Survey Master < 4.4.4 - Multiple SQL Injections", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "[*, 4.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a17b6ad-c778-4677-b5bd-6ffc9b425ba1?source=api-scan" ], "published": "2015-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a196177-2786-4f6d-8076-f0232e4d5a5d": { "id": "3a196177-2786-4f6d-8076-f0232e4d5a5d", "title": "Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos", "software": [ { "type": "plugin", "name": "Continuous Image Carousel With Lightbox", "slug": "continuous-image-carousel-with-lightbox", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a196177-2786-4f6d-8076-f0232e4d5a5d?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a19bd0c-87b3-421b-a7af-c473ac084813": { "id": "3a19bd0c-87b3-421b-a7af-c473ac084813", "title": "WP Travel Engine <= 5.8.0 - Unauthenticated Price Manipulation", "software": [ { "type": "plugin", "name": "WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator Software", "slug": "wp-travel-engine", "affected_versions": { "* - 5.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a19bd0c-87b3-421b-a7af-c473ac084813?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a1d8adf-c49c-4d88-83c7-4515b0ab1f35": { "id": "3a1d8adf-c49c-4d88-83c7-4515b0ab1f35", "title": "PDF Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Block", "slug": "pdf-block", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a1d8adf-c49c-4d88-83c7-4515b0ab1f35?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a1f3fdb-a786-4159-9020-648bc0658268": { "id": "3a1f3fdb-a786-4159-9020-648bc0658268", "title": "Multicons [ Multiple Favicons ] <= 2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multicons [ Multiple Favicons ]", "slug": "multicons", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a1f3fdb-a786-4159-9020-648bc0658268?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a2460ab-2f45-4ee2-a3ef-77e769a678d0": { "id": "3a2460ab-2f45-4ee2-a3ef-77e769a678d0", "title": "JobSearch WP Job Board <= 1.5.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a2460ab-2f45-4ee2-a3ef-77e769a678d0?source=api-scan" ], "published": "2020-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a2c62a8-bc00-43b7-a3e8-a45d0cb75854": { "id": "3a2c62a8-bc00-43b7-a3e8-a45d0cb75854", "title": "WP Cleanfix Plugin < 5.0.0 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WP CleanFix", "slug": "wp-cleanfix", "affected_versions": { "[*, 5.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a2c62a8-bc00-43b7-a3e8-a45d0cb75854?source=api-scan" ], "published": "2013-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a2c96a1-bbab-41ed-aafd-6a6f569242f3": { "id": "3a2c96a1-bbab-41ed-aafd-6a6f569242f3", "title": "Smash Balloon Social Post Feed <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smash Balloon Social Post Feed \u2013 Simple Social Feeds for WordPress", "slug": "custom-facebook-feed", "affected_versions": { "[*, 2.19.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.19.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.19.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a2c96a1-bbab-41ed-aafd-6a6f569242f3?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a31147b-791c-436f-9407-43485ec2ef50": { "id": "3a31147b-791c-436f-9407-43485ec2ef50", "title": "bunny.net \u2013 WordPress CDN Plugin <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bunny.net \u2013 WordPress CDN Plugin", "slug": "bunnycdn", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a31147b-791c-436f-9407-43485ec2ef50?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a325371-e531-4cd9-bc39-d1b8f40a728f": { "id": "3a325371-e531-4cd9-bc39-d1b8f40a728f", "title": "Sixtees (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Sixtees", "slug": "sixtees", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a325371-e531-4cd9-bc39-d1b8f40a728f?source=api-scan" ], "published": "2014-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a337765-b6ea-4c2a-9f1a-e408a9444b88": { "id": "3a337765-b6ea-4c2a-9f1a-e408a9444b88", "title": "FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.3.14.727": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.14.727", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.15.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a337765-b6ea-4c2a-9f1a-e408a9444b88?source=api-scan" ], "published": "2019-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a3597fa-71e2-4753-b226-5d95e576947a": { "id": "3a3597fa-71e2-4753-b226-5d95e576947a", "title": "Store Locator Plus <= 2311.17.01 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Store Locator Plus\u00ae for WordPress", "slug": "store-locator-le", "affected_versions": { "* - 2311.17.01": { "from_version": "*", "from_inclusive": true, "to_version": "2311.17.01", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a3597fa-71e2-4753-b226-5d95e576947a?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a3b8f32-f29d-4e67-8fad-202bfc8a9918": { "id": "3a3b8f32-f29d-4e67-8fad-202bfc8a9918", "title": "Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a4179ef-c98b-42c9-b7e5-a42bc46eaad1": { "id": "3a4179ef-c98b-42c9-b7e5-a42bc46eaad1", "title": "Wp EMember <= 10.6.5 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a4179ef-c98b-42c9-b7e5-a42bc46eaad1?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a468814-ecb7-4414-9472-6c2aaa5f5c2c": { "id": "3a468814-ecb7-4414-9472-6c2aaa5f5c2c", "title": "WP Google Maps <= 9.0.27 - Unauthenticated Stored Cross-Site Scripting via REST API", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a468814-ecb7-4414-9472-6c2aaa5f5c2c?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a4c36d4-5d0f-4e73-b356-0b7326fcb524": { "id": "3a4c36d4-5d0f-4e73-b356-0b7326fcb524", "title": "Smush \u2013 Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal", "software": [ { "type": "plugin", "name": "Smush Image Optimization \u2013 Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN", "slug": "wp-smushit", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a4c36d4-5d0f-4e73-b356-0b7326fcb524?source=api-scan" ], "published": "2017-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a4f0c06-db88-4950-b1f5-b2aab480c974": { "id": "3a4f0c06-db88-4950-b1f5-b2aab480c974", "title": "Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.8.05.003": { "from_version": "*", "from_inclusive": true, "to_version": "8.8.05.003", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.8.07.004" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a4f0c06-db88-4950-b1f5-b2aab480c974?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a503925-7fbf-42e8-9cee-604858c8ec0c": { "id": "3a503925-7fbf-42e8-9cee-604858c8ec0c", "title": "WP-Business Directory <= 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Business Directory", "slug": "wp-ttisbdir", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a503925-7fbf-42e8-9cee-604858c8ec0c?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a581d5e-11c3-468a-b4a1-6507f898f5ed": { "id": "3a581d5e-11c3-468a-b4a1-6507f898f5ed", "title": "Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a581d5e-11c3-468a-b4a1-6507f898f5ed?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a58644a-c678-41e7-8020-d2f2c247682f": { "id": "3a58644a-c678-41e7-8020-d2f2c247682f", "title": "G-Lock Double Opt-in Manager <= 2.6.5 - SQL Injection", "software": [ { "type": "plugin", "name": "G-Lock Double Opt-in Manager", "slug": "g-lock-double-opt-in-manager", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a58644a-c678-41e7-8020-d2f2c247682f?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a59b749-1134-42bf-83bd-62202e1e151f": { "id": "3a59b749-1134-42bf-83bd-62202e1e151f", "title": "Sliding Door <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Sliding Door", "slug": "sliding-door", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a59b749-1134-42bf-83bd-62202e1e151f?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a6316d8-1d64-4d28-b28a-00ca0b5facee": { "id": "3a6316d8-1d64-4d28-b28a-00ca0b5facee", "title": "Read more By Adam <= 1.1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Read more By Adam", "slug": "read-more", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a6316d8-1d64-4d28-b28a-00ca0b5facee?source=api-scan" ], "published": "2022-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a63dd48-d643-41d0-84c3-2f2dbbe577dd": { "id": "3a63dd48-d643-41d0-84c3-2f2dbbe577dd", "title": "Flipbox \u2013 Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Flipbox \u2013 Awesomes Flip Boxes Image Overlay", "slug": "image-hover-effects-ultimate-visual-composer", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a63dd48-d643-41d0-84c3-2f2dbbe577dd?source=api-scan" ], "published": "2022-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a69bb27-dc93-4515-90e1-08a1fa5fdaa0": { "id": "3a69bb27-dc93-4515-90e1-08a1fa5fdaa0", "title": "Magee Shortcodes < 2.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magee Shortcodes", "slug": "magee-shortcodes", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a69bb27-dc93-4515-90e1-08a1fa5fdaa0?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a6eac3b-823a-4a26-acb7-339357c10a07": { "id": "3a6eac3b-823a-4a26-acb7-339357c10a07", "title": "Htaccess by BestWebSoft \u2013 WordPress Website Access Control Plugin <= 1.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Htaccess by BestWebSoft \u2013 WordPress Website Access Control Plugin", "slug": "htaccess", "affected_versions": { "[*, 1.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a6eac3b-823a-4a26-acb7-339357c10a07?source=api-scan" ], "published": "2017-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a703fc4-6c61-442e-a637-515e9f501575": { "id": "3a703fc4-6c61-442e-a637-515e9f501575", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a703fc4-6c61-442e-a637-515e9f501575?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a71b8da-73dd-488e-b553-77116731f13f": { "id": "3a71b8da-73dd-488e-b553-77116731f13f", "title": "WordPress Core < 4.3.1 - Authorization Bypass to Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.10": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.10", "to_inclusive": true }, "3.8 - 3.8.10": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.10", "to_inclusive": true }, "3.9 - 3.9.8": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true }, "4.0 - 4.0.7": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true }, "4.1 - 4.1.7": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true }, "4.2 - 4.2.4": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.4", "to_inclusive": true }, "4.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.11", "3.8.11", "3.9.9", "4.0.8", "4.1.8", "4.2.5", "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a71b8da-73dd-488e-b553-77116731f13f?source=api-scan" ], "published": "2015-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a75ff86-dc4d-4519-8cc5-183afc00cb65": { "id": "3a75ff86-dc4d-4519-8cc5-183afc00cb65", "title": "WordPress Forms by Pie Forms <= 1.4.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!", "slug": "pie-forms-for-wp", "affected_versions": { "[*, 1.4.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a75ff86-dc4d-4519-8cc5-183afc00cb65?source=api-scan" ], "published": "2022-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a7afe2c-13ca-4df4-89c9-1544db016cdc": { "id": "3a7afe2c-13ca-4df4-89c9-1544db016cdc", "title": "Export All URLs <= 4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Export All URLs", "slug": "export-all-urls", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a7afe2c-13ca-4df4-89c9-1544db016cdc?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a7b15ce-ff0e-4693-8ceb-afa341306dc3": { "id": "3a7b15ce-ff0e-4693-8ceb-afa341306dc3", "title": "Findus - Directory Listing WordPress Theme < 1.1.15 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Findus - Directory Listing WordPress Theme", "slug": "findus", "affected_versions": { "[*, 1.1.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a7b15ce-ff0e-4693-8ceb-afa341306dc3?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a849ef2-ad0a-45ea-8827-9a7233b1ca30": { "id": "3a849ef2-ad0a-45ea-8827-9a7233b1ca30", "title": "Booking for Appointments and Events Calendar \u2013 Amelia <= 1.0.98 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.98": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a849ef2-ad0a-45ea-8827-9a7233b1ca30?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a84a021-5014-4848-a77f-d3f4802c9395": { "id": "3a84a021-5014-4848-a77f-d3f4802c9395", "title": "Site Reviews <= 5.13.0 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "[*, 5.13.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.13.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a84a021-5014-4848-a77f-d3f4802c9395?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a8998db-ffc2-40b2-a191-09380984adac": { "id": "3a8998db-ffc2-40b2-a191-09380984adac", "title": "Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a8998db-ffc2-40b2-a191-09380984adac?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a923f58-f6c7-47ee-87f6-27453b39d1cf": { "id": "3a923f58-f6c7-47ee-87f6-27453b39d1cf", "title": "Mediabay <= 1.6 - Missing Authorization via AJAC actions", "software": [ { "type": "plugin", "name": "Mediabay \u2013 Media Library Folders", "slug": "mediabay-lite", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a923f58-f6c7-47ee-87f6-27453b39d1cf?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a92926f-c8d2-49c4-b50e-2544fd66fe01": { "id": "3a92926f-c8d2-49c4-b50e-2544fd66fe01", "title": "Amazon Affiliate Link Localizer <= 1.8.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Amazon Affiliate Link Localizer", "slug": "amazon-affiliate-link-localizer", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a92926f-c8d2-49c4-b50e-2544fd66fe01?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a998de7-fa46-495c-a4ca-15df4e59457f": { "id": "3a998de7-fa46-495c-a4ca-15df4e59457f", "title": "Block Plugin Update <= 3.3.1 - Cross-Site Request Forgery via bspu_plugin_select.php", "software": [ { "type": "plugin", "name": "Block Plugin Update", "slug": "block-specific-plugin-updates", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a998de7-fa46-495c-a4ca-15df4e59457f?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a9f7a61-535f-45c8-a7e7-e8b095cacaa1": { "id": "3a9f7a61-535f-45c8-a7e7-e8b095cacaa1", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "[*, 1.5.63)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.63", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a9f7a61-535f-45c8-a7e7-e8b095cacaa1?source=api-scan" ], "published": "2015-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3a9feacb-ef9c-40d4-abdb-a3fcfd529901": { "id": "3a9feacb-ef9c-40d4-abdb-a3fcfd529901", "title": "Stops Core Theme And Plugin Updates <= 8.0.4 - Insufficient Restrictions on Option Changes", "software": [ { "type": "plugin", "name": "Easy Updates Manager", "slug": "stops-core-theme-and-plugin-updates", "affected_versions": { "* - 8.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3a9feacb-ef9c-40d4-abdb-a3fcfd529901?source=api-scan" ], "published": "2019-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3aa2a693-831b-44e7-b158-99fecf6506be": { "id": "3aa2a693-831b-44e7-b158-99fecf6506be", "title": "Cookies by JM <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookies by JM", "slug": "cookies-by-jm", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3aa2a693-831b-44e7-b158-99fecf6506be?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3aa537bc-90fa-4d87-9dd5-e32aef4273c7": { "id": "3aa537bc-90fa-4d87-9dd5-e32aef4273c7", "title": "Cart Link for WooCommerce <= 2.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Cart Link for WooCommerce", "slug": "cart-link-for-woocommerce", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3aa537bc-90fa-4d87-9dd5-e32aef4273c7?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3aaa9c58-87da-4221-b687-f365c6bde167": { "id": "3aaa9c58-87da-4221-b687-f365c6bde167", "title": "Chauffeur Taxi Booking System for WordPress <= 6.9 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Chauffeur Taxi Booking System for WordPress", "slug": "chauffeur-booking-system", "affected_versions": { "* - 6.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3aaa9c58-87da-4221-b687-f365c6bde167?source=api-scan" ], "published": "2024-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3abac0a1-a696-48b1-88d9-d0b102c82ac3": { "id": "3abac0a1-a696-48b1-88d9-d0b102c82ac3", "title": "WHIZZ < 1.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WHIZZ", "slug": "whizz", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3abac0a1-a696-48b1-88d9-d0b102c82ac3?source=api-scan" ], "published": "2017-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3abbc407-f660-4b1f-9d48-436320e5fdd7": { "id": "3abbc407-f660-4b1f-9d48-436320e5fdd7", "title": "Members Import <= 1.4.2 - Self Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Members Import", "slug": "members-import", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3abbc407-f660-4b1f-9d48-436320e5fdd7?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3abde27c-8234-4146-9e55-ea20b275ca48": { "id": "3abde27c-8234-4146-9e55-ea20b275ca48", "title": "New User Approve <= 2.5.1 - Cross-Site Request Forgery via admin_notices", "software": [ { "type": "plugin", "name": "New User Approve", "slug": "new-user-approve", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3abde27c-8234-4146-9e55-ea20b275ca48?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3abe2de8-9127-4ef0-9194-cf331b20868a": { "id": "3abe2de8-9127-4ef0-9194-cf331b20868a", "title": "Responsive Gallery Grid <= 2.3.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Responsive Gallery Grid", "slug": "responsive-gallery-grid", "affected_versions": { "* - 2.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3abe2de8-9127-4ef0-9194-cf331b20868a?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ac48cd9-1de5-4840-b3f3-dc24ca52442e": { "id": "3ac48cd9-1de5-4840-b3f3-dc24ca52442e", "title": "Smart Forms <= 2.6.84 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "* - 2.6.84": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.84", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.85" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ac48cd9-1de5-4840-b3f3-dc24ca52442e?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ac577f4-2e61-4b72-881e-6fbbfd268f7b": { "id": "3ac577f4-2e61-4b72-881e-6fbbfd268f7b", "title": "Elementor Forms Google Sheet Connector <= 1.0.6 - Reflected Cross-Site Scripting via 'code'", "software": [ { "type": "plugin", "name": "Elementor Forms Google Sheet Connector Pro", "slug": "gsheetconnector-for-elementor-forms-pro", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Elementor Forms Google Sheet Connector", "slug": "gsheetconnector-for-elementor-forms", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ac577f4-2e61-4b72-881e-6fbbfd268f7b?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3aca0d51-6f70-4f35-873a-e23b4d7bae41": { "id": "3aca0d51-6f70-4f35-873a-e23b4d7bae41", "title": "WpStickyBar \u2013 Sticky Bar, Sticky Header <= 2.1.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WpStickyBar \u2013 Sticky Bar, Sticky Header", "slug": "wpstickybar-sticky-bar-sticky-header", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3aca0d51-6f70-4f35-873a-e23b4d7bae41?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3aca1995-2408-423d-afb6-6cf452fbee37": { "id": "3aca1995-2408-423d-afb6-6cf452fbee37", "title": "Smoothscroller <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smoothscroller", "slug": "smoothscroller", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3aca1995-2408-423d-afb6-6cf452fbee37?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3acaedff-f616-4b66-9208-f7e6a4df920d": { "id": "3acaedff-f616-4b66-9208-f7e6a4df920d", "title": "Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 5.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3acaedff-f616-4b66-9208-f7e6a4df920d?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3acbdb2a-e7c6-4062-b48a-7035e464edaf": { "id": "3acbdb2a-e7c6-4062-b48a-7035e464edaf", "title": "Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "* - 5.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.5" ] }, { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3acbdb2a-e7c6-4062-b48a-7035e464edaf?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3acc1464-18cf-4085-8cb4-946563d70b16": { "id": "3acc1464-18cf-4085-8cb4-946563d70b16", "title": "WP Page Widget <= 2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Page Widget", "slug": "wp-page-widget", "affected_versions": { "[*, 2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3acc1464-18cf-4085-8cb4-946563d70b16?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ad60a11-e307-4ec9-9099-091a87ff1d3b": { "id": "3ad60a11-e307-4ec9-9099-091a87ff1d3b", "title": "Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ad60a11-e307-4ec9-9099-091a87ff1d3b?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ad9fcd1-b3a3-4711-ad23-d27c3e2091f4": { "id": "3ad9fcd1-b3a3-4711-ad23-d27c3e2091f4", "title": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter", "software": [ { "type": "plugin", "name": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly", "slug": "bookly-responsive-appointment-booking-tool", "affected_versions": { "* - 23.2": { "from_version": "*", "from_inclusive": true, "to_version": "23.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "23.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ad9fcd1-b3a3-4711-ad23-d27c3e2091f4?source=api-scan" ], "published": "2024-06-10 20:39:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3adea276-6b55-422d-adc9-a767f569181c": { "id": "3adea276-6b55-422d-adc9-a767f569181c", "title": "Kanban Boards <= 2.5.21 - Authenticated (Administrator+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Kanban Boards for WordPress", "slug": "kanban", "affected_versions": { "* - 2.5.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3adea276-6b55-422d-adc9-a767f569181c?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3adf6b20-110f-4057-9fab-5248e9c18555": { "id": "3adf6b20-110f-4057-9fab-5248e9c18555", "title": "Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress <= 4.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress", "slug": "gallery-plugin", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3adf6b20-110f-4057-9fab-5248e9c18555?source=api-scan" ], "published": "2023-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ae6bf2e-b39a-4bb3-9203-22ff4c23ddf4": { "id": "3ae6bf2e-b39a-4bb3-9203-22ff4c23ddf4", "title": "Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Shortcode IMDB", "slug": "shortcode-imdb", "affected_versions": { "* - 6.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ae6bf2e-b39a-4bb3-9203-22ff4c23ddf4?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ae9392a-591c-4be0-9f90-aa6ec81d3a10": { "id": "3ae9392a-591c-4be0-9f90-aa6ec81d3a10", "title": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery <= 1.8.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery", "slug": "envira-gallery-lite", "affected_versions": { "[*, 1.8.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ae9392a-591c-4be0-9f90-aa6ec81d3a10?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3aeb5e01-0993-4628-8165-b27470332e34": { "id": "3aeb5e01-0993-4628-8165-b27470332e34", "title": "KB Support \u2013 WordPress Help Desk <= 1.5.5 - Multiple Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "KB Support \u2013 WordPress Help Desk and Knowledge Base", "slug": "kb-support", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3aeb5e01-0993-4628-8165-b27470332e34?source=api-scan" ], "published": "2022-04-15 13:36:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3aecc02a-fd49-4743-9d7b-894cf657cbc1": { "id": "3aecc02a-fd49-4743-9d7b-894cf657cbc1", "title": "Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Asgaros Forum", "slug": "asgaros-forum", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3aecc02a-fd49-4743-9d7b-894cf657cbc1?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3afbfa7c-a87f-4810-9356-374923ff2314": { "id": "3afbfa7c-a87f-4810-9356-374923ff2314", "title": "Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "* - 3.29.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.29.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3afbfa7c-a87f-4810-9356-374923ff2314?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b007d8a-3096-42f3-a7be-e0e0d3addf0b": { "id": "3b007d8a-3096-42f3-a7be-e0e0d3addf0b", "title": "Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Sliding Door", "slug": "sliding-door", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] }, { "type": "theme", "name": "Decode", "slug": "decode", "affected_versions": { "* - 3.15.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.15.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "CityLogic", "slug": "citylogic", "affected_versions": { "[*, 1.1.30)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.30" ] }, { "type": "theme", "name": "Lightning", "slug": "lightning", "affected_versions": { "* - 15.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "15.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.19.0" ] }, { "type": "theme", "name": "i-max", "slug": "i-max", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Default Mag", "slug": "default-mag", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "theme", "name": "Shopstar!", "slug": "shopstar", "affected_versions": { "[*, 1.1.34)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.34" ] }, { "type": "theme", "name": "HappenStance", "slug": "happenstance", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Emmet Lite", "slug": "emmet-lite", "affected_versions": { "[*, 1.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.8" ] }, { "type": "theme", "name": "X-T9", "slug": "x-t9", "affected_versions": { "[*, 1.19.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.19.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.19.1" ] }, { "type": "theme", "name": "i-excel", "slug": "i-excel", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Gridsby", "slug": "gridsby", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Sensible WP", "slug": "sensible-wp", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Namaha", "slug": "namaha", "affected_versions": { "[*, 1.0.41)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.41", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.41" ] }, { "type": "theme", "name": "Panoramic", "slug": "panoramic", "affected_versions": { "[*, 1.1.57)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.57", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.57" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b0336d7-1c85-4379-80db-19b478ba5471": { "id": "3b0336d7-1c85-4379-80db-19b478ba5471", "title": "Nextend Twitter Connect <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nextend Twitter Connect", "slug": "nextend-twitter-connect", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b0336d7-1c85-4379-80db-19b478ba5471?source=api-scan" ], "published": "2015-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b08f457-0864-41e0-b45e-cbd597d87752": { "id": "3b08f457-0864-41e0-b45e-cbd597d87752", "title": "Widget for Social Page Feeds <= 6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widget for Social Page Feeds", "slug": "facebook-pagelike-widget", "affected_versions": { "* - 6.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b08f457-0864-41e0-b45e-cbd597d87752?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b0d6b1f-5601-4c96-893c-e296511a2996": { "id": "3b0d6b1f-5601-4c96-893c-e296511a2996", "title": "Connections Business Directory <= 10.4.2 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Connections Business Directory", "slug": "connections", "affected_versions": { "[*, 10.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "10.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "10.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b0d6b1f-5601-4c96-893c-e296511a2996?source=api-scan" ], "published": "2021-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b1b1a55-7872-456f-a754-023aad354359": { "id": "3b1b1a55-7872-456f-a754-023aad354359", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b1b1a55-7872-456f-a754-023aad354359?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b1b60f4-39f7-4981-bd8d-b1c6e63cf082": { "id": "3b1b60f4-39f7-4981-bd8d-b1c6e63cf082", "title": "SP Project & Document Manager <= 4.23 - Subscriber+ Arbitrary File Upload", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "[*, 4.24)": { "from_version": "*", "from_inclusive": true, "to_version": "4.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b1b60f4-39f7-4981-bd8d-b1c6e63cf082?source=api-scan" ], "published": "2021-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b1bfe88-2513-4acc-91e2-50a3bc9d7183": { "id": "3b1bfe88-2513-4acc-91e2-50a3bc9d7183", "title": "Testimonials Slider <= 3.5.8.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial Slider \u2013 Free Testimonials Slider Plugin", "slug": "testimonial-add", "affected_versions": { "* - 3.5.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b1bfe88-2513-4acc-91e2-50a3bc9d7183?source=api-scan" ], "published": "2022-04-04 11:06:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b1e84a0-10c3-42a9-ab9f-89b5b0a84526": { "id": "3b1e84a0-10c3-42a9-ab9f-89b5b0a84526", "title": "Praison SEO WordPress <= 4.0.15 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Praison SEO WordPress", "slug": "seo-wordpress", "affected_versions": { "* - 4.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b1e84a0-10c3-42a9-ab9f-89b5b0a84526?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b2b5da9-a421-48fb-9e91-8ef495cbdc37": { "id": "3b2b5da9-a421-48fb-9e91-8ef495cbdc37", "title": "wp-Table <= 1.43 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "WP-Table", "slug": "wp-table", "affected_versions": { "* - 1.43": { "from_version": "*", "from_inclusive": true, "to_version": "1.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b2b5da9-a421-48fb-9e91-8ef495cbdc37?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b3170d0-3b9c-41dc-a08e-4d5bbaa7e89f": { "id": "3b3170d0-3b9c-41dc-a08e-4d5bbaa7e89f", "title": "DImage 360 <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DImage 360", "slug": "dimage-360", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b3170d0-3b9c-41dc-a08e-4d5bbaa7e89f?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b345dfe-3945-405a-9825-c88816b2adee": { "id": "3b345dfe-3945-405a-9825-c88816b2adee", "title": "Thrive Theme Builder < 3.24.0 - Privilege Escalation", "software": [ { "type": "theme", "name": "Thrive Themes Builder", "slug": "thrive-theme", "affected_versions": { "[*, 3.24.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.24.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b345dfe-3945-405a-9825-c88816b2adee?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b34a0c6-3573-48c7-8edb-c9cf9503da06": { "id": "3b34a0c6-3573-48c7-8edb-c9cf9503da06", "title": "YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change", "software": [ { "type": "plugin", "name": "YITH WooCommerce Bulk Product Editing", "slug": "yith-woocommerce-bulk-product-editing", "affected_versions": { "* - 1.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.14" ] }, { "type": "plugin", "name": "YITH WooCommerce Product Gallery & Image Zoom", "slug": "yith-woocommerce-zoom-magnifier", "affected_versions": { "* - 1.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.12" ] }, { "type": "plugin", "name": "YITH WooCommerce Badge Management", "slug": "yith-woocommerce-badges-management", "affected_versions": { "* - 1.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.20" ] }, { "type": "plugin", "name": "YITH WooCommerce Product Add-Ons", "slug": "yith-woocommerce-product-add-ons", "affected_versions": { "* - 1.5.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.23" ] }, { "type": "plugin", "name": "YITH WooCommerce Questions and Answers", "slug": "yith-woocommerce-questions-and-answers", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Authorize.net Payment Gateway", "slug": "yith-woocommerce-authorizenet-payment-gateway", "affected_versions": { "* - 1.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] }, { "type": "plugin", "name": "YITH WooCommerce Order & Shipment Tracking", "slug": "yith-woocommerce-order-tracking", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] }, { "type": "plugin", "name": "YITH WooCommerce Cart Messages", "slug": "yith-woocommerce-cart-messages", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] }, { "type": "plugin", "name": "YITH WooCommerce Subscription", "slug": "yith-woocommerce-subscription", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "plugin", "name": "YITH PayPal Express Checkout for WooCommerce", "slug": "yith-paypal-express-checkout-for-woocommerce", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "plugin", "name": "YITH Advanced Refund System for WooCommerce", "slug": "yith-advanced-refund-system-for-woocommerce", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] }, { "type": "plugin", "name": "YITH WooCommerce Wishlist", "slug": "yith-woocommerce-wishlist", "affected_versions": { "* - 2.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.14" ] }, { "type": "plugin", "name": "YITH WooCommerce Stripe", "slug": "yith-woocommerce-stripe", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] }, { "type": "plugin", "name": "YITH Custom Thank You Page for WooCommerce", "slug": "yith-custom-thank-you-page-for-woocommerce", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] }, { "type": "plugin", "name": "YITH WooCommerce Compare", "slug": "yith-woocommerce-compare", "affected_versions": { "* - 2.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.15" ] }, { "type": "plugin", "name": "YITH Color and Label Variations for WooCommerce", "slug": "yith-color-and-label-variations-for-woocommerce", "affected_versions": { "* - 1.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.13" ] }, { "type": "plugin", "name": "YITH WooCommerce Ajax Search", "slug": "yith-woocommerce-ajax-search", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Mailchimp", "slug": "yith-woocommerce-mailchimp", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] }, { "type": "plugin", "name": "YITH Product Size Charts for WooCommerce", "slug": "yith-product-size-charts-for-woocommerce", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] }, { "type": "plugin", "name": "YITH WooCommerce Best Sellers", "slug": "yith-woocommerce-best-sellers", "affected_versions": { "* - 1.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] }, { "type": "plugin", "name": "YITH WooCommerce Multi Vendor", "slug": "yith-woocommerce-product-vendors", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] }, { "type": "plugin", "name": "YITH Pre-Order for WooCommerce", "slug": "yith-pre-order-for-woocommerce", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Product Bundles", "slug": "yith-woocommerce-product-bundles", "affected_versions": { "* - 1.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.17" ] }, { "type": "plugin", "name": "YITH Request a Quote for WooCommerce", "slug": "yith-woocommerce-request-a-quote", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] }, { "type": "plugin", "name": "YITH WooCommerce Waitlist", "slug": "yith-woocommerce-waiting-list", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.11" ] }, { "type": "plugin", "name": "YITH WooCommerce PDF Invoice and Shipping List", "slug": "yith-woocommerce-pdf-invoice", "affected_versions": { "* - 1.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.13" ] }, { "type": "plugin", "name": "YITH WooCommerce Brands Add-On", "slug": "yith-woocommerce-brands-add-on", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] }, { "type": "plugin", "name": "YITH WooCommerce Gift Cards", "slug": "yith-woocommerce-gift-cards", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] }, { "type": "plugin", "name": "YITH WooCommerce Points and Rewards", "slug": "yith-woocommerce-points-and-rewards", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "plugin", "name": "YITH WooCommerce Multi-step Checkout", "slug": "yith-woocommerce-multi-step-checkout", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] }, { "type": "plugin", "name": "YITH WooCommerce Added to Cart Popup", "slug": "yith-woocommerce-added-to-cart-popup", "affected_versions": { "* - 1.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.13" ] }, { "type": "plugin", "name": "YITH Desktop Notifications for WooCommerce", "slug": "yith-desktop-notifications-for-woocommerce", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] }, { "type": "plugin", "name": "YITH WooCommerce Affiliates", "slug": "yith-woocommerce-affiliates", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] }, { "type": "plugin", "name": "YITH WooCommerce Quick View", "slug": "yith-woocommerce-quick-view", "affected_versions": { "* - 1.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.15" ] }, { "type": "plugin", "name": "YITH WooCommerce Advanced Reviews", "slug": "yith-woocommerce-advanced-reviews", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "YITH Frequently Bought Together for WooCommerce", "slug": "yith-woocommerce-frequently-bought-together", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] }, { "type": "plugin", "name": "YITH WooCommerce Recover Abandoned Cart", "slug": "yith-woocommerce-recover-abandoned-cart", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] }, { "type": "plugin", "name": "YITH WooCommerce Social Login", "slug": "yith-woocommerce-social-login", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan" ], "published": "2019-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b3a2738-5312-4b34-9bd3-4ff95a91706e": { "id": "3b3a2738-5312-4b34-9bd3-4ff95a91706e", "title": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.29.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP", "slug": "videowhisper-live-streaming-integration", "affected_versions": { "* - 4.29.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.29.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.29.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b3a2738-5312-4b34-9bd3-4ff95a91706e?source=api-scan" ], "published": "2014-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b4108b7-fa78-4f1f-9eee-0e2383b4988c": { "id": "3b4108b7-fa78-4f1f-9eee-0e2383b4988c", "title": "Ultimate Maps by Supsystic <= 1.2.16 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Maps by Supsystic", "slug": "ultimate-maps-by-supsystic", "affected_versions": { "* - 1.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b4108b7-fa78-4f1f-9eee-0e2383b4988c?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b44d23c-4872-491f-8a91-b0feb888ac54": { "id": "3b44d23c-4872-491f-8a91-b0feb888ac54", "title": "WP Dummy Content Generator <= 3.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Dummy Content Generator", "slug": "wp-dummy-content-generator", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b44d23c-4872-491f-8a91-b0feb888ac54?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b472eb8-9808-4a50-b2b4-0b0b3256053f": { "id": "3b472eb8-9808-4a50-b2b4-0b0b3256053f", "title": "Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 7.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b472eb8-9808-4a50-b2b4-0b0b3256053f?source=api-scan" ], "published": "2024-06-10 18:21:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b497a36-4929-413f-abfc-1d81bfaa7889": { "id": "3b497a36-4929-413f-abfc-1d81bfaa7889", "title": "Advanced Page Visit Counter <= 8.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress", "slug": "advanced-page-visit-counter", "affected_versions": { "* - 8.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b497a36-4929-413f-abfc-1d81bfaa7889?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b4e92a1-cac7-445d-a47c-52058e652c09": { "id": "3b4e92a1-cac7-445d-a47c-52058e652c09", "title": "WordPress RokBox <= 2.13 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress RokBox", "slug": "wp_rokbox", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b4e92a1-cac7-445d-a47c-52058e652c09?source=api-scan" ], "published": "2012-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b515142-4e04-4570-b5cb-18261974c659": { "id": "3b515142-4e04-4570-b5cb-18261974c659", "title": "Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b515142-4e04-4570-b5cb-18261974c659?source=api-scan" ], "published": "2021-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b52dab9-f518-4b66-ba2d-2e5b4aeb2bb3": { "id": "3b52dab9-f518-4b66-ba2d-2e5b4aeb2bb3", "title": "Benchmark Email Lite <= 4.1 - Cross-Site Request Forgery via page_settings()", "software": [ { "type": "plugin", "name": "Benchmark Email Lite", "slug": "benchmark-email-lite", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b52dab9-f518-4b66-ba2d-2e5b4aeb2bb3?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b56a793-2a20-4bd7-aefb-a8d012c56527": { "id": "3b56a793-2a20-4bd7-aefb-a8d012c56527", "title": "Speed Booster Pack <= 4.3.3 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Speed Booster Pack \u26a1 PageSpeed Optimization Suite", "slug": "speed-booster-pack", "affected_versions": { "* - 4.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b56a793-2a20-4bd7-aefb-a8d012c56527?source=api-scan" ], "published": "2021-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b5dc0af-90cf-41dd-a77b-4b99f267c0d9": { "id": "3b5dc0af-90cf-41dd-a77b-4b99f267c0d9", "title": "User Login History Plugin <= 1.5.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Login History", "slug": "user-login-history", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b5dc0af-90cf-41dd-a77b-4b99f267c0d9?source=api-scan" ], "published": "2017-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b5decc1-cc81-4a5e-b6d8-5120cb37c93b": { "id": "3b5decc1-cc81-4a5e-b6d8-5120cb37c93b", "title": "Posts List Designer by Category \u2013 List Category Posts Or Recent Posts <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Posts List Designer by Category \u2013 List Category Posts Or Recent Posts", "slug": "post-list-designer", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b5decc1-cc81-4a5e-b6d8-5120cb37c93b?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b5f1a1e-8066-4f20-af36-a778e50a3f64": { "id": "3b5f1a1e-8066-4f20-af36-a778e50a3f64", "title": "Quotes and Tips by BestWebSoft <= 1.44 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Quotes and Tips by BestWebSoft", "slug": "quotes-and-tips", "affected_versions": { "* - 1.44": { "from_version": "*", "from_inclusive": true, "to_version": "1.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b5f1a1e-8066-4f20-af36-a778e50a3f64?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b5fc0ac-7a33-48da-8b0f-566b9eb0f17f": { "id": "3b5fc0ac-7a33-48da-8b0f-566b9eb0f17f", "title": "If Menu <= 0.16.3 - Missing Authorization to Admin Settings Modification", "software": [ { "type": "plugin", "name": "If Menu \u2013 Visibility control for Menus", "slug": "if-menu", "affected_versions": { "* - 0.16.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.16.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b5fc0ac-7a33-48da-8b0f-566b9eb0f17f?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b6ac92f-2ad1-4528-b157-5e49d6f224a5": { "id": "3b6ac92f-2ad1-4528-b157-5e49d6f224a5", "title": "WP Total Branding <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via title Parameter", "software": [ { "type": "plugin", "name": "WP Total Branding \u2013 Complete branding solution for WordPress", "slug": "wp-total-branding", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b6ac92f-2ad1-4528-b157-5e49d6f224a5?source=api-scan" ], "published": "2024-07-11 18:51:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b6b1b7e-2ba4-4b72-9e3d-b54c00437cac": { "id": "3b6b1b7e-2ba4-4b72-9e3d-b54c00437cac", "title": "GiveWP <= 2.33.1 - Missing Authorization via handleBeforeGateway", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.33.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.33.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b6b1b7e-2ba4-4b72-9e3d-b54c00437cac?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b6e45ae-650e-45eb-b781-5acec1ba2dde": { "id": "3b6e45ae-650e-45eb-b781-5acec1ba2dde", "title": "Kama Click Counter <= 3.4.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kama Click Counter", "slug": "kama-clic-counter", "affected_versions": { "* - 3.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b6e45ae-650e-45eb-b781-5acec1ba2dde?source=api-scan" ], "published": "2017-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b7108fc-0eb2-4f9f-b747-3b83c57a1b53": { "id": "3b7108fc-0eb2-4f9f-b747-3b83c57a1b53", "title": "WebP Express <= 0.14.10 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WebP Express", "slug": "webp-express", "affected_versions": { "[*, 0.14.11)": { "from_version": "*", "from_inclusive": true, "to_version": "0.14.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.14.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b7108fc-0eb2-4f9f-b747-3b83c57a1b53?source=api-scan" ], "published": "2019-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b71805c-15bb-4cde-b91f-4f3e9b7ab520": { "id": "3b71805c-15bb-4cde-b91f-4f3e9b7ab520", "title": "Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b71805c-15bb-4cde-b91f-4f3e9b7ab520?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b798c64-3434-427d-b578-5abbdac8cd0e": { "id": "3b798c64-3434-427d-b578-5abbdac8cd0e", "title": "0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "0mk Shortener", "slug": "0mk-shortener", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b798c64-3434-427d-b578-5abbdac8cd0e?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b7aac1c-6962-49cf-850f-ab7b1d220090": { "id": "3b7aac1c-6962-49cf-850f-ab7b1d220090", "title": "WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation", "software": [ { "type": "plugin", "name": "PDF Builder for WooCommerce. Create invoices,packing slips and more", "slug": "woo-pdf-invoice-builder", "affected_versions": { "* - 1.2.90": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.90", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b7aac1c-6962-49cf-850f-ab7b1d220090?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b7f8739-7f40-40a7-952e-002ea3b82ac7": { "id": "3b7f8739-7f40-40a7-952e-002ea3b82ac7", "title": "Jquery news ticker <= 3.0 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Jquery news ticker", "slug": "jquery-news-ticker", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b7f8739-7f40-40a7-952e-002ea3b82ac7?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b806e11-57ad-4976-9ece-419ad6581cc4": { "id": "3b806e11-57ad-4976-9ece-419ad6581cc4", "title": "Nelio AB Testing < 4.5.9 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Nelio AB Testing", "slug": "nelio-ab-testing", "affected_versions": { "* - 4.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b806e11-57ad-4976-9ece-419ad6581cc4?source=api-scan" ], "published": "2016-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b819e88-111a-4611-ae23-87ac7a878b4a": { "id": "3b819e88-111a-4611-ae23-87ac7a878b4a", "title": "WP Plugin Lister <= 2.1.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Plugin Lister", "slug": "wp-plugin-lister", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b819e88-111a-4611-ae23-87ac7a878b4a?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b8282a2-8265-4fa0-b137-6272b9e44fc3": { "id": "3b8282a2-8265-4fa0-b137-6272b9e44fc3", "title": "W3 Total Cache <= 0.9.4.1 - Cross-Site Scripting via request_id", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b8282a2-8265-4fa0-b137-6272b9e44fc3?source=api-scan" ], "published": "2016-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b864ff8-83fb-40e2-9264-7c57115d50f2": { "id": "3b864ff8-83fb-40e2-9264-7c57115d50f2", "title": "Share and Follow <= 1.80.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Share and Follow", "slug": "share-and-follow", "affected_versions": { "* - 1.80.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.80.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.80.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b864ff8-83fb-40e2-9264-7c57115d50f2?source=api-scan" ], "published": "2012-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b874721-6cb9-4ce4-a78e-a457596d15ff": { "id": "3b874721-6cb9-4ce4-a78e-a457596d15ff", "title": "Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "screets-lcx", "slug": "screets-lcx", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b874721-6cb9-4ce4-a78e-a457596d15ff?source=api-scan" ], "published": "2019-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b8ea0b1-5050-43fc-8b80-b6a501a607fe": { "id": "3b8ea0b1-5050-43fc-8b80-b6a501a607fe", "title": "Login\/Signup Popup ( Inline Form + Woocommerce ) <= 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login\/Signup Popup ( Inline Form + Woocommerce )", "slug": "easy-login-woocommerce", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b8ea0b1-5050-43fc-8b80-b6a501a607fe?source=api-scan" ], "published": "2021-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3b98668e-a20f-49a3-a6d6-6da6d1c044d6": { "id": "3b98668e-a20f-49a3-a6d6-6da6d1c044d6", "title": "IMPress Listings <= 2.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IMPress Listings", "slug": "wp-listings", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3b98668e-a20f-49a3-a6d6-6da6d1c044d6?source=api-scan" ], "published": "2016-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ba1100e-8669-4105-b8d7-27c0b81c0856": { "id": "3ba1100e-8669-4105-b8d7-27c0b81c0856", "title": "GamiPress <= 6.8.8 - Broken Access Control", "software": [ { "type": "plugin", "name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", "slug": "gamipress", "affected_versions": { "* - 6.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ba1100e-8669-4105-b8d7-27c0b81c0856?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ba3cf12-facb-479b-8077-fd279c40607e": { "id": "3ba3cf12-facb-479b-8077-fd279c40607e", "title": "Royal Elementor Addons and Templates <= 1.3.80 - Missing Authorization to Private\/Password Protected Post Read", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.80": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.80", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ba3cf12-facb-479b-8077-fd279c40607e?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ba84be8-c6dc-4cb7-b93c-38c69ab07154": { "id": "3ba84be8-c6dc-4cb7-b93c-38c69ab07154", "title": "WP REST API (WP API) < 1.2.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "WP REST API (WP API)", "slug": "json-rest-api", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ba84be8-c6dc-4cb7-b93c-38c69ab07154?source=api-scan" ], "published": "2015-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ba8a9f5-0633-4cf0-af27-5466d93e9020": { "id": "3ba8a9f5-0633-4cf0-af27-5466d93e9020", "title": "Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ba8a9f5-0633-4cf0-af27-5466d93e9020?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ba98b0b-0772-4871-9892-c6354ceaf614": { "id": "3ba98b0b-0772-4871-9892-c6354ceaf614", "title": "Google SEO Pressor for Rich snippets <= 1.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google SEO Pressor for Rich snippets", "slug": "google-seo-author-snippets", "affected_versions": { "[*, 1.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ba98b0b-0772-4871-9892-c6354ceaf614?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3baa0543-cdfb-4699-97ca-eaa83c2494a1": { "id": "3baa0543-cdfb-4699-97ca-eaa83c2494a1", "title": "Chaty <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3baa0543-cdfb-4699-97ca-eaa83c2494a1?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bad1d0d-3817-4c7f-a012-5a85b577781e": { "id": "3bad1d0d-3817-4c7f-a012-5a85b577781e", "title": "Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description", "software": [ { "type": "plugin", "name": "Nextend Social Login and Register", "slug": "nextend-facebook-connect", "affected_versions": { "* - 3.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bad1d0d-3817-4c7f-a012-5a85b577781e?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3badf9b8-7558-4a46-9eb2-cd119a77c903": { "id": "3badf9b8-7558-4a46-9eb2-cd119a77c903", "title": "PubyDoc <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PubyDoc \u2013 Data Tables and Charts", "slug": "pubydoc-data-tables-and-charts", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3badf9b8-7558-4a46-9eb2-cd119a77c903?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bb15611-85a4-4efb-81e5-7352c348c4a9": { "id": "3bb15611-85a4-4efb-81e5-7352c348c4a9", "title": "Blocksy Companion <= 2.0.28 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Blocksy Companion", "slug": "blocksy-companion", "affected_versions": { "* - 2.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bb15611-85a4-4efb-81e5-7352c348c4a9?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bb4a3f3-495d-4ece-9436-9c317688982c": { "id": "3bb4a3f3-495d-4ece-9436-9c317688982c", "title": "Vospari Forms < 1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Vospari Forms", "slug": "vospari-forms", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bb4a3f3-495d-4ece-9436-9c317688982c?source=api-scan" ], "published": "2016-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bb4a8ba-33f1-4183-be76-72f6a99fc1fa": { "id": "3bb4a8ba-33f1-4183-be76-72f6a99fc1fa", "title": "Indeed Membership Pro <= 12.6 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "* - 12.6": { "from_version": "*", "from_inclusive": true, "to_version": "12.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bb4a8ba-33f1-4183-be76-72f6a99fc1fa?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea": { "id": "3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea", "title": "User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'", "software": [ { "type": "plugin", "name": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "slug": "user-submitted-posts", "affected_versions": { "* - 20230809": { "from_version": "*", "from_inclusive": true, "to_version": "20230809", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20230811" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bb6e8f8-690a-49cb-ac00-f572bef8b8f7": { "id": "3bb6e8f8-690a-49cb-ac00-f572bef8b8f7", "title": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via social_icon_1 parameter", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bb6e8f8-690a-49cb-ac00-f572bef8b8f7?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bb8e6c2-ca38-44a2-99d4-b3df62ed753c": { "id": "3bb8e6c2-ca38-44a2-99d4-b3df62ed753c", "title": "Elegant Pink <= 1.3.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Elegant Pink", "slug": "elegant-pink", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bb8e6c2-ca38-44a2-99d4-b3df62ed753c?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bb93138-f2f9-4a3f-a0a2-d79a315c44f3": { "id": "3bb93138-f2f9-4a3f-a0a2-d79a315c44f3", "title": "loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service", "software": [ { "type": "plugin", "name": "Simple Page Ordering", "slug": "simple-page-ordering", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] }, { "type": "plugin", "name": "Restricted Site Access", "slug": "restricted-site-access", "affected_versions": { "* - 7.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.5" ] }, { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] }, { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bb93138-f2f9-4a3f-a0a2-d79a315c44f3?source=api-scan" ], "published": "2022-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bb9520d-e679-4e8a-ae3c-8207f17d45a2": { "id": "3bb9520d-e679-4e8a-ae3c-8207f17d45a2", "title": "Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Banner \u2013 Easily add multiple Banners\/Bars\/Notifications\/Announcements to the top or bottom of your website", "slug": "simple-banner", "affected_versions": { "* - 2.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bb9520d-e679-4e8a-ae3c-8207f17d45a2?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bba2901-55a7-4ef1-ab3c-1415aa99c729": { "id": "3bba2901-55a7-4ef1-ab3c-1415aa99c729", "title": "WP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute", "software": [ { "type": "plugin", "name": "WP Chat App", "slug": "wp-whatsapp", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bba2901-55a7-4ef1-ab3c-1415aa99c729?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bbbf5be-5c0a-4514-88ac-003083c0bba3": { "id": "3bbbf5be-5c0a-4514-88ac-003083c0bba3", "title": "Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 10.2": { "from_version": "*", "from_inclusive": true, "to_version": "10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bbbf5be-5c0a-4514-88ac-003083c0bba3?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bc0951e-8ada-4221-b154-101bad33a183": { "id": "3bc0951e-8ada-4221-b154-101bad33a183", "title": "ARI Fancy Lightbox <= 1.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARI Fancy Lightbox \u2013 Popup for WordPress", "slug": "ari-fancy-lightbox", "affected_versions": { "[*, 1.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bc0951e-8ada-4221-b154-101bad33a183?source=api-scan" ], "published": "2022-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bc98896-6ff9-40de-ace2-2ca331c2a44a": { "id": "3bc98896-6ff9-40de-ace2-2ca331c2a44a", "title": "Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photospace Responsive Gallery", "slug": "photospace-responsive", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bcd61d4-4775-4297-b7f5-664991fcd6d2": { "id": "3bcd61d4-4775-4297-b7f5-664991fcd6d2", "title": "GeoDirectory <= 2.3.28 - Authenticated (Administrator+) SQL Injection via orderby", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "* - 2.3.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bcd61d4-4775-4297-b7f5-664991fcd6d2?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bce40ee-c378-4a44-9c5d-d83151975309": { "id": "3bce40ee-c378-4a44-9c5d-d83151975309", "title": "wpForo Forum <= 2.2.8 - Cross-Site Request Forgery via logout()", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bce40ee-c378-4a44-9c5d-d83151975309?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bce6872-34d4-4675-bce9-e1197d801bce": { "id": "3bce6872-34d4-4675-bce9-e1197d801bce", "title": "ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update", "software": [ { "type": "plugin", "name": "ImagePress \u2013 Image Gallery", "slug": "image-gallery", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bce6872-34d4-4675-bce9-e1197d801bce?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bd3e797-5e31-4f54-a28f-2525fb5e367e": { "id": "3bd3e797-5e31-4f54-a28f-2525fb5e367e", "title": "WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit <= 1.0.9 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit", "slug": "myshopkit-popup-smartbar-slidein", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bd3e797-5e31-4f54-a28f-2525fb5e367e?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bd5c774-2c5b-47d5-9eae-614f2a1b8529": { "id": "3bd5c774-2c5b-47d5-9eae-614f2a1b8529", "title": "FontMeister <= 1.08 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FontMeister \u2013 The Font Management Plugin", "slug": "fontmeister", "affected_versions": { "* - 1.08": { "from_version": "*", "from_inclusive": true, "to_version": "1.08", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bd5c774-2c5b-47d5-9eae-614f2a1b8529?source=api-scan" ], "published": "2022-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bdb73f9-d091-4de7-975c-10090ee1f749": { "id": "3bdb73f9-d091-4de7-975c-10090ee1f749", "title": "WordPress Core < 3.9.2 - Cross-Site Request Forgery Protection Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.3": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true }, "3.8 - 3.8.3": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true }, "3.9 - 3.9.1": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4", "3.8.4", "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bdb73f9-d091-4de7-975c-10090ee1f749?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3be0e82c-f9a8-42a5-9abb-24cc60e03944": { "id": "3be0e82c-f9a8-42a5-9abb-24cc60e03944", "title": "Greeklish-permalink <= 3.3 - Missing Authorization via cyrtrans_ajax_old AJAX action", "software": [ { "type": "plugin", "name": "Greeklish-permalink", "slug": "greeklish-permalink", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3be0e82c-f9a8-42a5-9abb-24cc60e03944?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3be1a1af-baab-4e57-a2c7-5e6963f986cc": { "id": "3be1a1af-baab-4e57-a2c7-5e6963f986cc", "title": "Post to CSV by BestWebSoft <= 1.3.8 - Authenticated (Author+) CSV Injection", "software": [ { "type": "plugin", "name": "Post to CSV by BestWebSoft", "slug": "post-to-csv", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3be1a1af-baab-4e57-a2c7-5e6963f986cc?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3be36cd6-27a3-4b15-9e43-b1f6c25efae6": { "id": "3be36cd6-27a3-4b15-9e43-b1f6c25efae6", "title": "WP Statistics <= 12.0.7 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 12.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "12.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3be36cd6-27a3-4b15-9e43-b1f6c25efae6?source=api-scan" ], "published": "2017-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3be9ffb4-5614-4a5f-bc2a-38ad626f8e3e": { "id": "3be9ffb4-5614-4a5f-bc2a-38ad626f8e3e", "title": "CM On Demand Search And Replace <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM WordPress Search And Replace Plugin", "slug": "cm-on-demand-search-and-replace", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3be9ffb4-5614-4a5f-bc2a-38ad626f8e3e?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3becd450-b0de-466a-9721-b156a2ba1de3": { "id": "3becd450-b0de-466a-9721-b156a2ba1de3", "title": "WP-RecentComments <= 2.2.7 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "WP-RecentComments", "slug": "wp-recentcomments", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3becd450-b0de-466a-9721-b156a2ba1de3?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bed2531-1a7d-49d9-91c9-d9e7357e5613": { "id": "3bed2531-1a7d-49d9-91c9-d9e7357e5613", "title": "Erident Custom Login & Dashboard <= 3.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Erident Custom Login and Dashboard", "slug": "erident-custom-login-and-dashboard", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bed2531-1a7d-49d9-91c9-d9e7357e5613?source=api-scan" ], "published": "2015-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bee82d8-d019-450b-b532-5b3e2e3aff6f": { "id": "3bee82d8-d019-450b-b532-5b3e2e3aff6f", "title": "wpForo Forum <= 1.6.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bee82d8-d019-450b-b532-5b3e2e3aff6f?source=api-scan" ], "published": "2020-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bf59f44-356c-4d84-add3-72e8905a80f9": { "id": "3bf59f44-356c-4d84-add3-72e8905a80f9", "title": "Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Zoho SalesIQ \u2013 Live chat, chatbots, and visitor tracking", "slug": "zoho-salesiq", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bf59f44-356c-4d84-add3-72e8905a80f9?source=api-scan" ], "published": "2019-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bf669ed-ea31-4144-96b3-b1f29057b86d": { "id": "3bf669ed-ea31-4144-96b3-b1f29057b86d", "title": "Lava Directory Manager <= 1.1.34 - Unauthenticated Stored Cross-Site Scripting via New Listing", "software": [ { "type": "plugin", "name": "Lava Directory Manager", "slug": "lava-directory-manager", "affected_versions": { "* - 1.1.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.34", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bf669ed-ea31-4144-96b3-b1f29057b86d?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bf68449-487d-4ef1-86be-c51dc7d79054": { "id": "3bf68449-487d-4ef1-86be-c51dc7d79054", "title": "WP OAuth Server <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Post Deletion (wo_ajax_remove_client)", "software": [ { "type": "plugin", "name": "WP OAuth Server (OAuth Authentication)", "slug": "oauth2-provider", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bf68449-487d-4ef1-86be-c51dc7d79054?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bf76527-9a11-4755-992c-02fbc1a79bae": { "id": "3bf76527-9a11-4755-992c-02fbc1a79bae", "title": "Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Kaswara Modern VC Addons", "slug": "kaswara", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bf76527-9a11-4755-992c-02fbc1a79bae?source=api-scan" ], "published": "2021-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bf77988-370b-437f-83a0-18a147e3e087": { "id": "3bf77988-370b-437f-83a0-18a147e3e087", "title": "Awesome Weather Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Awesome Weather Widget", "slug": "awesome-weather", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bf77988-370b-437f-83a0-18a147e3e087?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bfc18fa-905c-408f-bbb4-ce207c322298": { "id": "3bfc18fa-905c-408f-bbb4-ce207c322298", "title": "Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "[*, 6.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bfc18fa-905c-408f-bbb4-ce207c322298?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3bff5508-7483-4c0e-8146-a157244d6ad2": { "id": "3bff5508-7483-4c0e-8146-a157244d6ad2", "title": "Testimonial Slider <= 2.3.6 - Missing Authorization to Authenticated (Author+) Settings Update", "software": [ { "type": "plugin", "name": "Testimonial \u2013 Testimonial Slider and Showcase Plugin", "slug": "testimonial-slider-and-showcase", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3bff5508-7483-4c0e-8146-a157244d6ad2?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c021686-3c9d-4382-be5c-9d4bf989cdcd": { "id": "3c021686-3c9d-4382-be5c-9d4bf989cdcd", "title": "Advanced Forms for ACF <= 1.6.8 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Advanced Forms for ACF", "slug": "advanced-forms", "affected_versions": { "[*, 1.6.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c021686-3c9d-4382-be5c-9d4bf989cdcd?source=api-scan" ], "published": "2020-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c070b9c-5bed-4f9f-8d96-70958bf294cf": { "id": "3c070b9c-5bed-4f9f-8d96-70958bf294cf", "title": "iFeature Slider <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iFeature Slider", "slug": "ifeature-slider", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c070b9c-5bed-4f9f-8d96-70958bf294cf?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c07a2fe-97b1-45ec-bbd9-9353d679ed49": { "id": "3c07a2fe-97b1-45ec-bbd9-9353d679ed49", "title": "Mailrelay <= 2.1.1 - Cross-Site Request Forgery via render_admin_page", "software": [ { "type": "plugin", "name": "Mailrelay", "slug": "mailrelay", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c07a2fe-97b1-45ec-bbd9-9353d679ed49?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c0b0bf7-55dd-40a1-8f12-f0ec0315c0ec": { "id": "3c0b0bf7-55dd-40a1-8f12-f0ec0315c0ec", "title": "Cookie Information | Free GDPR Consent Solution <= 2.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Information | Free GDPR Consent Solution", "slug": "wp-gdpr-compliance", "affected_versions": { "[*, 2.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c0b0bf7-55dd-40a1-8f12-f0ec0315c0ec?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c0bd6ee-da23-4e1e-9dbc-1ee4a111f7f8": { "id": "3c0bd6ee-da23-4e1e-9dbc-1ee4a111f7f8", "title": "WPS Child Theme Generator < 1.2 - Directory Traversal", "software": [ { "type": "plugin", "name": "WPS Child Theme Generator", "slug": "wps-child-theme-generator", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c0bd6ee-da23-4e1e-9dbc-1ee4a111f7f8?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c107916-1de8-46e3-80bf-3e1529533907": { "id": "3c107916-1de8-46e3-80bf-3e1529533907", "title": "My Tickets <= 1.9.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "My Tickets \u2013 Accessible Event Ticketing", "slug": "my-tickets", "affected_versions": { "* - 1.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c107916-1de8-46e3-80bf-3e1529533907?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c12074f-9a19-49cb-9d74-b759c7391d3c": { "id": "3c12074f-9a19-49cb-9d74-b759c7391d3c", "title": "WordPress\u652f\u4ed8\u5b9dAlipay|\u8d22\u4ed8\u901aTenpay|\u8d1d\u5b9dPayPal\u96c6\u6210\u63d2\u4ef6 < 3.7.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress\u652f\u4ed8\u5b9dAlipay|\u8d22\u4ed8\u901aTenpay|\u8d1d\u5b9dPayPal\u96c6\u6210\u63d2\u4ef6", "slug": "alipay", "affected_versions": { "[*, 3.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c12074f-9a19-49cb-9d74-b759c7391d3c?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c14a863-2aed-4f65-a0e3-eb73e485ce85": { "id": "3c14a863-2aed-4f65-a0e3-eb73e485ce85", "title": "Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 5.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c14a863-2aed-4f65-a0e3-eb73e485ce85?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c1814c7-1ca0-42e6-a819-7e258f34ecac": { "id": "3c1814c7-1ca0-42e6-a819-7e258f34ecac", "title": "Mingle Forum <= 1.0.33 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mingle Forum", "slug": "mingle-forum", "affected_versions": { "* - 1.0.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.33.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c1814c7-1ca0-42e6-a819-7e258f34ecac?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c192623-eb46-4f1d-b897-433ac80608cb": { "id": "3c192623-eb46-4f1d-b897-433ac80608cb", "title": "Alt Text AI \u2013 Automatically generate image alt text for SEO and accessibility <= 1.4.9 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Alt Text AI \u2013 Automatically generate image alt text for SEO and accessibility", "slug": "alttext-ai", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c192623-eb46-4f1d-b897-433ac80608cb?source=api-scan" ], "published": "2024-05-14 11:58:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c1a7bda-29c5-4b4b-bbd8-71187609892e": { "id": "3c1a7bda-29c5-4b4b-bbd8-71187609892e", "title": "WordPress Users <= 1.4 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WordPress Users", "slug": "wordpress-users", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c1a7bda-29c5-4b4b-bbd8-71187609892e?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2": { "id": "3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2", "title": "Social Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c2ecb9d-2496-4bbc-b55e-28fb5df1b397": { "id": "3c2ecb9d-2496-4bbc-b55e-28fb5df1b397", "title": "WP To Do <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP To Do", "slug": "wp-todo", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c2ecb9d-2496-4bbc-b55e-28fb5df1b397?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c3091eb-a2e7-4fc2-9f5c-5d6d582bbb89": { "id": "3c3091eb-a2e7-4fc2-9f5c-5d6d582bbb89", "title": "Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.13.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c3091eb-a2e7-4fc2-9f5c-5d6d582bbb89?source=api-scan" ], "published": "2021-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c3192ee-f241-47b2-b10f-fc38f394012a": { "id": "3c3192ee-f241-47b2-b10f-fc38f394012a", "title": "WP DB Manager < 2.7.2 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "WP-DBManager", "slug": "wp-dbmanager", "affected_versions": { "[*, 2.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c3192ee-f241-47b2-b10f-fc38f394012a?source=api-scan" ], "published": "2014-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c32eb5b-dc4b-42f6-8454-d2ad57d7051d": { "id": "3c32eb5b-dc4b-42f6-8454-d2ad57d7051d", "title": "BuddyForms <= 2.7.2 - Authenticated (Contributor+) Stored Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c32eb5b-dc4b-42f6-8454-d2ad57d7051d?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c3ae044-1433-43b3-8185-03c194cefdbb": { "id": "3c3ae044-1433-43b3-8185-03c194cefdbb", "title": "Simple Nav Archives <= 2.1.3 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Simple Nav Archives", "slug": "simple-nav-archives", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c3ae044-1433-43b3-8185-03c194cefdbb?source=api-scan" ], "published": "2024-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c43939f-c0c7-4388-80ae-44bdf67675c7": { "id": "3c43939f-c0c7-4388-80ae-44bdf67675c7", "title": "WP eCommerce < 3.11.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "[*, 3.11.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.11.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c43939f-c0c7-4388-80ae-44bdf67675c7?source=api-scan" ], "published": "2016-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c455509-9cbb-4a77-b28f-921beeeede0e": { "id": "3c455509-9cbb-4a77-b28f-921beeeede0e", "title": "Registrations for the Events Calendar <= 2.7.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Registrations for the Events Calendar \u2013 Event Registration Plugin", "slug": "registrations-for-the-events-calendar", "affected_versions": { "[*, 2.7.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c455509-9cbb-4a77-b28f-921beeeede0e?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c476263-72b7-48f1-8ba3-91d69eae7b6a": { "id": "3c476263-72b7-48f1-8ba3-91d69eae7b6a", "title": "WP User Frontend \u2013 Membership, Profile, Registration & Post Submission Plugin for WordPress < 3.5.25 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "[*, 3.5.25)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c476263-72b7-48f1-8ba3-91d69eae7b6a?source=api-scan" ], "published": "2021-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c48819a-5ca1-4262-b995-1c4621fcfadc": { "id": "3c48819a-5ca1-4262-b995-1c4621fcfadc", "title": "Post Connector < 1.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Connector", "slug": "post-connector", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c48819a-5ca1-4262-b995-1c4621fcfadc?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c49c7db-50de-4f1d-acfa-d12a84a42d94": { "id": "3c49c7db-50de-4f1d-acfa-d12a84a42d94", "title": "RSS Feed Reader <= 0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Feed Reader", "slug": "rss-feed-reader", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c49c7db-50de-4f1d-acfa-d12a84a42d94?source=api-scan" ], "published": "2011-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c4c8113-4c46-4179-9c7f-9d5d4337254d": { "id": "3c4c8113-4c46-4179-9c7f-9d5d4337254d", "title": "Views for WPForms <= 3.2.2 - Missing Authorization via save_view", "software": [ { "type": "plugin", "name": "Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend", "slug": "views-for-wpforms-lite", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c51dcd7-0ca4-449b-819c-91de1dacad03": { "id": "3c51dcd7-0ca4-449b-819c-91de1dacad03", "title": "Crazy Call To Action Box <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crazy Call To Action Box", "slug": "crazy-call-to-action-box", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c51dcd7-0ca4-449b-819c-91de1dacad03?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c545c65-19c0-4566-9db4-4fa2fef3d59a": { "id": "3c545c65-19c0-4566-9db4-4fa2fef3d59a", "title": "Job Board Manager for WordPress <= 1.0 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Job Board Manager for WordPress", "slug": "jemployee", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c545c65-19c0-4566-9db4-4fa2fef3d59a?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c547a2b-98fb-4936-88a5-31e5c879a364": { "id": "3c547a2b-98fb-4936-88a5-31e5c879a364", "title": "Form Maker <= 1.14.11 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.14.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c547a2b-98fb-4936-88a5-31e5c879a364?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75": { "id": "3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75", "title": "Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.35": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=api-scan" ], "published": "2024-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c5bde0e-3138-4995-92ae-6deaf6b7be5b": { "id": "3c5bde0e-3138-4995-92ae-6deaf6b7be5b", "title": "Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c64120f-254f-4deb-93bc-d24e366631ed": { "id": "3c64120f-254f-4deb-93bc-d24e366631ed", "title": "1g-music-share <= 1.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "1g-music-share", "slug": "1g-music-share", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c64120f-254f-4deb-93bc-d24e366631ed?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c6bbdcd-9b08-4c17-9a87-e06baa4cca1c": { "id": "3c6bbdcd-9b08-4c17-9a87-e06baa4cca1c", "title": "Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stock in & out", "slug": "stock-in", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c6bbdcd-9b08-4c17-9a87-e06baa4cca1c?source=api-scan" ], "published": "2021-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c6fd92f-a541-42d1-8093-c3a4a61ab39b": { "id": "3c6fd92f-a541-42d1-8093-c3a4a61ab39b", "title": "Photo Gallery by 10Web <= 1.3.66 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.3.67)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c6fd92f-a541-42d1-8093-c3a4a61ab39b?source=api-scan" ], "published": "2017-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c730a69-015a-4b36-aa16-eff6916a302f": { "id": "3c730a69-015a-4b36-aa16-eff6916a302f", "title": "Shop as a Customer for WooCommerce <= 1.2.3 - Authenticated (Shop Manager+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Shop as a Customer for WooCommerce", "slug": "shop-as-a-customer-for-woocommerce", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c730a69-015a-4b36-aa16-eff6916a302f?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c731e39-998e-44d2-8cf9-4d9c39731c5d": { "id": "3c731e39-998e-44d2-8cf9-4d9c39731c5d", "title": "WooCommerce Cloak Affiliate Links <= 1.0.33 - Missing Authorization to Unauthenticated Permalink Modification", "software": [ { "type": "plugin", "name": "WooCommerce Cloak Affiliate Links", "slug": "woocommerce-cloak-affiliate-links", "affected_versions": { "* - 1.0.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c74ea5e-e25a-4b78-b04c-ed66992d4d80": { "id": "3c74ea5e-e25a-4b78-b04c-ed66992d4d80", "title": "Google Analyticator <= 6.4.9.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Analyticator", "slug": "google-analyticator", "affected_versions": { "[*, 6.4.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.4.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c74ea5e-e25a-4b78-b04c-ed66992d4d80?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c85fa64-4761-4b92-bd4f-7c220cf18288": { "id": "3c85fa64-4761-4b92-bd4f-7c220cf18288", "title": "Urvanov Syntax Highlighter <= 2.8.33 - Cross-Site Request Forgery via init_ajax", "software": [ { "type": "plugin", "name": "Urvanov Syntax Highlighter", "slug": "urvanov-syntax-highlighter", "affected_versions": { "* - 2.8.33": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c85fa64-4761-4b92-bd4f-7c220cf18288?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c8602ed-6c0d-4357-93e6-bab1ab38ffb2": { "id": "3c8602ed-6c0d-4357-93e6-bab1ab38ffb2", "title": "Donation Platform for WooCommerce: Fundraising & Donation Management <= 1.2.9 - Cross-Site Request Forgery to Survey Submission", "software": [ { "type": "plugin", "name": "Donation Platform for WooCommerce: Fundraising & Donation Management", "slug": "wc-donation-platform", "affected_versions": { "[*, 1.2.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c8602ed-6c0d-4357-93e6-bab1ab38ffb2?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c8ba503-db7e-4ac1-898f-a301854db60f": { "id": "3c8ba503-db7e-4ac1-898f-a301854db60f", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c8ba503-db7e-4ac1-898f-a301854db60f?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c926145-f0b5-44cf-bea6-e9bdf6e8e687": { "id": "3c926145-f0b5-44cf-bea6-e9bdf6e8e687", "title": "WPGraphQL WooCommerce <= 0.11.0 - Information Disclosure", "software": [ { "type": "plugin", "name": "WPGraphQL WooCommerce", "slug": "wp-graphql-woocommerce", "affected_versions": { "* - 0.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.11.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c926145-f0b5-44cf-bea6-e9bdf6e8e687?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c957f3f-fb98-49ff-b317-93b1accd0d47": { "id": "3c957f3f-fb98-49ff-b317-93b1accd0d47", "title": "WP Hide Post <= 2.0.10 - Cross-Site Request Forgery via save_bulk_edit_data", "software": [ { "type": "plugin", "name": "WP Hide Post", "slug": "wp-hide-post", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c957f3f-fb98-49ff-b317-93b1accd0d47?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519": { "id": "3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519", "title": "WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) <= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read", "software": [ { "type": "plugin", "name": "WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes)", "slug": "delicious-recipes", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=api-scan" ], "published": "2024-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c99aab5-a995-44ae-bc14-09f73e6b22c5": { "id": "3c99aab5-a995-44ae-bc14-09f73e6b22c5", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3c9cc5d4-7ddc-4af7-b433-7d75db739970": { "id": "3c9cc5d4-7ddc-4af7-b433-7d75db739970", "title": "DSGVO Youtube <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DSGVO Youtube", "slug": "dsgvo-youtube", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3c9cc5d4-7ddc-4af7-b433-7d75db739970?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ca6605f-7c9c-43c7-ae32-ca1d781c1e86": { "id": "3ca6605f-7c9c-43c7-ae32-ca1d781c1e86", "title": "WP Database Reset <= 3.1 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Database Reset", "slug": "wordpress-database-reset", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ca6605f-7c9c-43c7-ae32-ca1d781c1e86?source=api-scan" ], "published": "2020-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ca760ea-e062-413e-ac92-520922129937": { "id": "3ca760ea-e062-413e-ac92-520922129937", "title": "Form Builder | Create Responsive Contact Forms <= 1.9.8.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Builder | Create Responsive Contact Forms", "slug": "contact-form-add", "affected_versions": { "* - 1.9.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ca760ea-e062-413e-ac92-520922129937?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cb30d2b-84f2-433e-bb9e-713486b759ae": { "id": "3cb30d2b-84f2-433e-bb9e-713486b759ae", "title": "Role Scoper (Obsolete \u2013 Please install PublishPress Permissions) < 1.3.67 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Role Scoper (Obsolete \u2013 Please install PublishPress Permissions)", "slug": "role-scoper", "affected_versions": { "[*, 1.3.67)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cb30d2b-84f2-433e-bb9e-713486b759ae?source=api-scan" ], "published": "2015-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cb73d5d-ca4a-4103-866d-f7bb369a8ce4": { "id": "3cb73d5d-ca4a-4103-866d-f7bb369a8ce4", "title": "Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cb8b08c-a028-48bd-acad-c00313fe06b8": { "id": "3cb8b08c-a028-48bd-acad-c00313fe06b8", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Plugin Data Removal in reinitialize", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cb95e28-449b-4ed7-9c44-ade171e0ecee": { "id": "3cb95e28-449b-4ed7-9c44-ade171e0ecee", "title": "Events Manager < 5.3.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cb95e28-449b-4ed7-9c44-ade171e0ecee?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b": { "id": "3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b", "title": "Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b?source=api-scan" ], "published": "2024-08-14 18:55:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cc196c8-1f8f-4ddd-9f27-45d318895b91": { "id": "3cc196c8-1f8f-4ddd-9f27-45d318895b91", "title": "WordPress Processing Embed <= 0.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Processing Embed", "slug": "wordpress-processing-embed", "affected_versions": { "* - 0.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cc196c8-1f8f-4ddd-9f27-45d318895b91?source=api-scan" ], "published": "2010-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cccfdcc-643c-4330-b345-aca4025e3327": { "id": "3cccfdcc-643c-4330-b345-aca4025e3327", "title": "Post Type Builder <= 2.0.8 - Missing Authorization to Arbitrary Post\/Page Creation", "software": [ { "type": "plugin", "name": "Post Type Builder", "slug": "themify-ptb", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cccfdcc-643c-4330-b345-aca4025e3327?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ccd7144-fde1-4ade-ac66-5ea14cdbc616": { "id": "3ccd7144-fde1-4ade-ac66-5ea14cdbc616", "title": "Notices <= 6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Notices", "slug": "notices", "affected_versions": { "* - 6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ccd7144-fde1-4ade-ac66-5ea14cdbc616?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ccd7300-f22a-405a-8087-9c750cb187a5": { "id": "3ccd7300-f22a-405a-8087-9c750cb187a5", "title": "InBoundio Marketing < 2.0.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "InBoundio Marketing", "slug": "inboundio-marketing", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ccd7300-f22a-405a-8087-9c750cb187a5?source=api-scan" ], "published": "2015-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cd02dbc-6725-4626-844b-df12bad9da37": { "id": "3cd02dbc-6725-4626-844b-df12bad9da37", "title": "Relevanssi \u2013 A Better Search < 4.14.6 & Relevanssi \u2013 A Better Search Pro < 2.16.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search (Pro)", "slug": "relevanssi-premium", "affected_versions": { "[*, 2.16.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.16.5" ] }, { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "[*, 4.14.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.14.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cd02dbc-6725-4626-844b-df12bad9da37?source=api-scan" ], "published": "2022-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cd2b2ba-c4ec-4799-91b4-b38c462baee4": { "id": "3cd2b2ba-c4ec-4799-91b4-b38c462baee4", "title": "Participants Database <= 2.5.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cd2b2ba-c4ec-4799-91b4-b38c462baee4?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cd9569f-3cda-4482-8ccd-c3f362b4e651": { "id": "3cd9569f-3cda-4482-8ccd-c3f362b4e651", "title": "WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification", "software": [ { "type": "plugin", "name": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu", "slug": "mobile-menu", "affected_versions": { "* - 2.8.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cd9569f-3cda-4482-8ccd-c3f362b4e651?source=api-scan" ], "published": "2024-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ce0fece-a7e5-4d27-a70a-37ab0973c15f": { "id": "3ce0fece-a7e5-4d27-a70a-37ab0973c15f", "title": "Throws SPAM Away <= 3.3 - Cross-Site Request Forgery to Comment Modification", "software": [ { "type": "plugin", "name": "Throws SPAM Away", "slug": "throws-spam-away", "affected_versions": { "[*, 3.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ce0fece-a7e5-4d27-a70a-37ab0973c15f?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cea044c-3117-4722-a696-5b7368d31d63": { "id": "3cea044c-3117-4722-a696-5b7368d31d63", "title": "WordPress Filter Gallery Plugin <= 0.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Filter Gallery Plugin", "slug": "filter-gallery", "affected_versions": { "* - 0.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cea044c-3117-4722-a696-5b7368d31d63?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cec3799-cf44-412b-8590-b8fc60c58535": { "id": "3cec3799-cf44-412b-8590-b8fc60c58535", "title": "Ultimate Member <= 2.0.39 - Directory Traversal", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.39": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cec3799-cf44-412b-8590-b8fc60c58535?source=api-scan" ], "published": "2018-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cf00aef-427b-4256-9cbd-83c8e5059ecf": { "id": "3cf00aef-427b-4256-9cbd-83c8e5059ecf", "title": "WordPress Core < 4.0 - Missing Session Cookie Expiration", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cf00aef-427b-4256-9cbd-83c8e5059ecf?source=api-scan" ], "published": "2012-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cf2013a-d403-456f-aeb4-46b6e00b057f": { "id": "3cf2013a-d403-456f-aeb4-46b6e00b057f", "title": "Social Media Share Buttons & Social Sharing Icons <= 2.8.1 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cf2013a-d403-456f-aeb4-46b6e00b057f?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cf570e4-7cae-4adc-ac3e-84225d74da39": { "id": "3cf570e4-7cae-4adc-ac3e-84225d74da39", "title": "Email Log <= 2.2.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Log", "slug": "email-log", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cf570e4-7cae-4adc-ac3e-84225d74da39?source=api-scan" ], "published": "2017-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cfd8b2d-cf2a-439d-9f9a-dbe499b1cd48": { "id": "3cfd8b2d-cf2a-439d-9f9a-dbe499b1cd48", "title": "Conditional Fields for Contact Form 7 <= 2.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Conditional Fields for Contact Form 7", "slug": "cf7-conditional-fields", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cfd8b2d-cf2a-439d-9f9a-dbe499b1cd48?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3cfec2b8-1df0-4f3f-b6cc-ed0adecaeb16": { "id": "3cfec2b8-1df0-4f3f-b6cc-ed0adecaeb16", "title": "Cimy Header Image Rotator <= 6.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Cimy Header Image Rotator", "slug": "cimy-header-image-rotator", "affected_versions": { "* - 6.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3cfec2b8-1df0-4f3f-b6cc-ed0adecaeb16?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d015c7d-bace-4d00-8ba5-1c85acb08d57": { "id": "3d015c7d-bace-4d00-8ba5-1c85acb08d57", "title": "Bloom Email Opt-In < 1.1.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Bloom Email Opt-In", "slug": "bloom", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d015c7d-bace-4d00-8ba5-1c85acb08d57?source=api-scan" ], "published": "2016-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d01a40f-0af4-454c-9148-70804d571365": { "id": "3d01a40f-0af4-454c-9148-70804d571365", "title": "Kadence Blocks Pro <= 2.3.7 - Authenticated (Contributor+) Information Exposure", "software": [ { "type": "plugin", "name": "Kadence Blocks Pro", "slug": "kadence-blocks-pro", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d01a40f-0af4-454c-9148-70804d571365?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d0a709e-1514-43dd-8719-e9bdfdc610d2": { "id": "3d0a709e-1514-43dd-8719-e9bdfdc610d2", "title": "NMI Gateway For WooCommerce <= 1.6.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "NMI Gateway For WooCommerce", "slug": "woo-nmi-three-step", "affected_versions": { "* - 1.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d0a709e-1514-43dd-8719-e9bdfdc610d2?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d0bf4d1-ba07-4204-bb2b-cdee10e6a275": { "id": "3d0bf4d1-ba07-4204-bb2b-cdee10e6a275", "title": "Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "[*, 3.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d0bf4d1-ba07-4204-bb2b-cdee10e6a275?source=api-scan" ], "published": "2018-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d0e1007-396b-4b57-be16-6fa7fe87d92c": { "id": "3d0e1007-396b-4b57-be16-6fa7fe87d92c", "title": "Podiant <= 1.1 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Podiant", "slug": "podiant", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d0e1007-396b-4b57-be16-6fa7fe87d92c?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d0ecffe-8543-4d82-a1cc-f2474499f373": { "id": "3d0ecffe-8543-4d82-a1cc-f2474499f373", "title": "Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic Enqueue", "slug": "happy-scss-compiler", "affected_versions": { "* - 1.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d0ecffe-8543-4d82-a1cc-f2474499f373?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d0efe1d-69ad-483c-b200-38873f88433b": { "id": "3d0efe1d-69ad-483c-b200-38873f88433b", "title": "Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification", "software": [ { "type": "plugin", "name": "Meks Audio Player", "slug": "meks-audio-player", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] }, { "type": "plugin", "name": "Meks Simple Flickr Widget", "slug": "meks-simple-flickr-widget", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] }, { "type": "plugin", "name": "Meks Easy Photo Feed Widget", "slug": "meks-easy-instagram-widget", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] }, { "type": "plugin", "name": "Meks Easy Ads Widget", "slug": "meks-easy-ads-widget", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] }, { "type": "plugin", "name": "Meks ThemeForest Smart Widget", "slug": "meks-themeforest-smart-widget", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] }, { "type": "plugin", "name": "Meks Easy Maps", "slug": "meks-easy-maps", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] }, { "type": "plugin", "name": "Meks Smart Author Widget", "slug": "meks-smart-author-widget", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "plugin", "name": "Meks Time Ago", "slug": "meks-time-ago", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] }, { "type": "plugin", "name": "Meks Video Importer", "slug": "meks-video-importer", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] }, { "type": "plugin", "name": "Meks Smart Social Widget", "slug": "meks-smart-social-widget", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d0f5e62-aa81-4a2e-8187-917391548a31": { "id": "3d0f5e62-aa81-4a2e-8187-917391548a31", "title": "efence <= 1.3.2 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "efence", "slug": "efence", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d0f5e62-aa81-4a2e-8187-917391548a31?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d12d692-231b-4e15-a119-80fd74566af4": { "id": "3d12d692-231b-4e15-a119-80fd74566af4", "title": "Webmention <= 4.0.8 - Reflected Cross-Site Scripting via 'replytocom'", "software": [ { "type": "plugin", "name": "Webmention", "slug": "webmention", "affected_versions": { "* - 4.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d12d692-231b-4e15-a119-80fd74566af4?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d13454c-0c46-4b16-8e0e-bbfcf2338230": { "id": "3d13454c-0c46-4b16-8e0e-bbfcf2338230", "title": "EasyAzon \u2013 Amazon Associates Affiliate Plugin <= 5.1.0 - Reflected Cross-Site Scripting via easyazon-cloaking-locale", "software": [ { "type": "plugin", "name": "EasyAzon \u2013 Amazon Associates Affiliate Plugin", "slug": "easyazon", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d13454c-0c46-4b16-8e0e-bbfcf2338230?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d1f9fb7-fcb8-41ec-8c2f-0864e245f873": { "id": "3d1f9fb7-fcb8-41ec-8c2f-0864e245f873", "title": "WP Downgrade <= 1.2.2 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Downgrade | Specific Core Version", "slug": "wp-downgrade", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d1f9fb7-fcb8-41ec-8c2f-0864e245f873?source=api-scan" ], "published": "2022-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d2236cd-dfed-42d0-a77f-4573e74a4781": { "id": "3d2236cd-dfed-42d0-a77f-4573e74a4781", "title": "Contact Form 7 Captcha <= 0.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Captcha", "slug": "contact-form-7-simple-recaptcha", "affected_versions": { "[*, 0.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d2236cd-dfed-42d0-a77f-4573e74a4781?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d2d22bb-e29e-4d4b-a97d-e128777712b0": { "id": "3d2d22bb-e29e-4d4b-a97d-e128777712b0", "title": "Bradesco Gateway <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bradesco Gateway", "slug": "bradesco-gateway", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d2d22bb-e29e-4d4b-a97d-e128777712b0?source=api-scan" ], "published": "2013-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d2f79ef-599f-48fc-b198-33c0407ad90d": { "id": "3d2f79ef-599f-48fc-b198-33c0407ad90d", "title": "WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Arbitrary Prayer Deletion", "software": [ { "type": "plugin", "name": "WP Prayer", "slug": "wp-prayer", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d2f79ef-599f-48fc-b198-33c0407ad90d?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d300517-8939-431d-b33b-e74806e5887c": { "id": "3d300517-8939-431d-b33b-e74806e5887c", "title": "LiteSpeed Cache <= 6.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 6.5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d300517-8939-431d-b33b-e74806e5887c?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d3336f7-ee20-4f1c-92b4-f1c77aac91f9": { "id": "3d3336f7-ee20-4f1c-92b4-f1c77aac91f9", "title": "IP Blacklist Cloud <= 3.42 - Authenticated (Admin+) Path Traversal", "software": [ { "type": "plugin", "name": "IP Blacklist Cloud", "slug": "ip-blacklist-cloud", "affected_versions": { "* - 3.42": { "from_version": "*", "from_inclusive": true, "to_version": "3.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d3336f7-ee20-4f1c-92b4-f1c77aac91f9?source=api-scan" ], "published": "2015-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d3516e7-cce4-4def-be38-d16be3110d59": { "id": "3d3516e7-cce4-4def-be38-d16be3110d59", "title": "Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_wishlist", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.87": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d3516e7-cce4-4def-be38-d16be3110d59?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d365284-73ac-4730-a83d-9202677cf161": { "id": "3d365284-73ac-4730-a83d-9202677cf161", "title": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist", "software": [ { "type": "plugin", "name": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan", "slug": "antihacker", "affected_versions": { "* - 4.51": { "from_version": "*", "from_inclusive": true, "to_version": "4.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d365284-73ac-4730-a83d-9202677cf161?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d36d52e-7247-4f06-ae10-7827ae242983": { "id": "3d36d52e-7247-4f06-ae10-7827ae242983", "title": "Google Adsense & Banner Ads by AdsforWP <= 1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Google Adsense and Banner Ads Manager \u2013 AdsforWP", "slug": "ads-for-wp", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d36d52e-7247-4f06-ae10-7827ae242983?source=api-scan" ], "published": "2019-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d39ae72-7d45-4ca9-9de1-8532ec5e043d": { "id": "3d39ae72-7d45-4ca9-9de1-8532ec5e043d", "title": "Asgaros Forums <= 1.15.13 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Asgaros Forum", "slug": "asgaros-forum", "affected_versions": { "* - 1.15.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d39ae72-7d45-4ca9-9de1-8532ec5e043d?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d3b090a-71a3-4430-871d-f19ee1033e01": { "id": "3d3b090a-71a3-4430-871d-f19ee1033e01", "title": "WordPress Core < 1.5.1 - Full Path Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d3b090a-71a3-4430-871d-f19ee1033e01?source=api-scan" ], "published": "2005-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d3fcadf-60bd-4a2e-a30c-e276dd04368c": { "id": "3d3fcadf-60bd-4a2e-a30c-e276dd04368c", "title": "WOOCS <= 1.3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d3fcadf-60bd-4a2e-a30c-e276dd04368c?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d438d11-df72-431e-8956-6a7b316a6dc3": { "id": "3d438d11-df72-431e-8956-6a7b316a6dc3", "title": "sintic_gallery (All Known Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "sintic_gallery", "slug": "sintic_gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d438d11-df72-431e-8956-6a7b316a6dc3?source=api-scan" ], "published": "2012-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d4b9f07-a4a0-4cbd-a147-281570bc7f4a": { "id": "3d4b9f07-a4a0-4cbd-a147-281570bc7f4a", "title": "Auto Publish for Google My Business <= 3.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Auto Publish for Google My Business", "slug": "wp-google-my-business-auto-publish", "affected_versions": { "[*, 3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d4b9f07-a4a0-4cbd-a147-281570bc7f4a?source=api-scan" ], "published": "2023-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d4cf93d-61af-4721-9751-9891e08ce7b8": { "id": "3d4cf93d-61af-4721-9751-9891e08ce7b8", "title": "WPO365 | LOGIN <= 11.6 - Authentication Bypass", "software": [ { "type": "plugin", "name": "WordPress + Microsoft Office 365 \/ Azure AD | LOGIN", "slug": "wpo365-login", "affected_versions": { "* - 11.6": { "from_version": "*", "from_inclusive": true, "to_version": "11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d4cf93d-61af-4721-9751-9891e08ce7b8?source=api-scan" ], "published": "2020-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d501415-39ab-4c2a-bcd3-fda97b7a3235": { "id": "3d501415-39ab-4c2a-bcd3-fda97b7a3235", "title": "Email Subscriber <= 1.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Subscriber", "slug": "email-subscriber", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d501415-39ab-4c2a-bcd3-fda97b7a3235?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d5256ea-61ba-4b2d-90d6-714176bc19aa": { "id": "3d5256ea-61ba-4b2d-90d6-714176bc19aa", "title": "Contact Form, Drag and Drop Form Builder for WordPress \u2013 Everest Forms <= 1.4.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Everest Forms \u2013 Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!", "slug": "everest-forms", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d5256ea-61ba-4b2d-90d6-714176bc19aa?source=api-scan" ], "published": "2019-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d54f585-0116-4517-84f1-271e89a05539": { "id": "3d54f585-0116-4517-84f1-271e89a05539", "title": "ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d54f585-0116-4517-84f1-271e89a05539?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d56fdde-ab7a-4e7c-9f48-48e71e09a681": { "id": "3d56fdde-ab7a-4e7c-9f48-48e71e09a681", "title": "OWM Weather <= 5.6.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "OWM Weather", "slug": "owm-weather", "affected_versions": { "* - 5.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d56fdde-ab7a-4e7c-9f48-48e71e09a681?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d599ed8-ba30-4f12-83f5-be452bc1ae35": { "id": "3d599ed8-ba30-4f12-83f5-be452bc1ae35", "title": "NextGen Gallery Pro <= 3.1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextGen Gallery Pro", "slug": "nextgen-gallery-pro", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d599ed8-ba30-4f12-83f5-be452bc1ae35?source=api-scan" ], "published": "2021-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d5c4bf6-36f7-4e6d-a012-95594e3d93f8": { "id": "3d5c4bf6-36f7-4e6d-a012-95594e3d93f8", "title": "Arya Multipurpose <= 1.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Arya Multipurpose", "slug": "arya-multipurpose", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d5c4bf6-36f7-4e6d-a012-95594e3d93f8?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d5c5511-570e-4048-8c1b-68cfc831f0c6": { "id": "3d5c5511-570e-4048-8c1b-68cfc831f0c6", "title": "Advanced Menu Manager <= 2.9.6 - Cross-Site Request Forgery to Menu Edition", "software": [ { "type": "plugin", "name": "Advance Menu Manager", "slug": "advance-menu-manager", "affected_versions": { "* - 2.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d5c5511-570e-4048-8c1b-68cfc831f0c6?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d5dfccd-74ab-4de9-8ea6-58908865086d": { "id": "3d5dfccd-74ab-4de9-8ea6-58908865086d", "title": "Revamp CRM for WooCommerce < 1.0.4 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Revamp CRM for WooCommerce", "slug": "revampcrm-woocommerce", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d5dfccd-74ab-4de9-8ea6-58908865086d?source=api-scan" ], "published": "2019-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d5ee8f1-8d86-4af0-af01-b31d2ff993d1": { "id": "3d5ee8f1-8d86-4af0-af01-b31d2ff993d1", "title": "WP ULike <= 4.6.4 - Race Condition", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "* - 4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d5ee8f1-8d86-4af0-af01-b31d2ff993d1?source=api-scan" ], "published": "2022-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d604f7a-947c-43f4-bba6-e7e98b2d7844": { "id": "3d604f7a-947c-43f4-bba6-e7e98b2d7844", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Information Exposure", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d604f7a-947c-43f4-bba6-e7e98b2d7844?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d6488ce-e34a-4b23-806d-fa2fb948ea8f": { "id": "3d6488ce-e34a-4b23-806d-fa2fb948ea8f", "title": "Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Order Export For WooCommerce", "slug": "woo-order-export-lite", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d6488ce-e34a-4b23-806d-fa2fb948ea8f?source=api-scan" ], "published": "2021-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d6629e9-ab43-4eca-9340-5691421ab19d": { "id": "3d6629e9-ab43-4eca-9340-5691421ab19d", "title": "Contact Form by Supsystic <= 1.7.10 - SQL Injections", "software": [ { "type": "plugin", "name": "Contact Form by Supsystic", "slug": "contact-form-by-supsystic", "affected_versions": { "* - 1.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d6629e9-ab43-4eca-9340-5691421ab19d?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d68293a-b98b-41e0-9f79-ccd2c0108e82": { "id": "3d68293a-b98b-41e0-9f79-ccd2c0108e82", "title": "illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion", "software": [ { "type": "plugin", "name": "illi Link Party!", "slug": "link-party", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d68293a-b98b-41e0-9f79-ccd2c0108e82?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d69a674-c6cf-406f-bc11-175fad8e60c8": { "id": "3d69a674-c6cf-406f-bc11-175fad8e60c8", "title": "PayPlus Payment Gateway <= 6.6.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PayPlus Payment Gateway", "slug": "payplus-payment-gateway", "affected_versions": { "* - 6.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d69a674-c6cf-406f-bc11-175fad8e60c8?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d6affb6-bbc1-40aa-8633-ba0f06c10fe1": { "id": "3d6affb6-bbc1-40aa-8633-ba0f06c10fe1", "title": "Navis DocumentCloud < 0.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Navis DocumentCloud", "slug": "navis-documentcloud", "affected_versions": { "[*, 0.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d6affb6-bbc1-40aa-8633-ba0f06c10fe1?source=api-scan" ], "published": "2015-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d6b95ee-0a0d-49f7-83b1-4716eec3b863": { "id": "3d6b95ee-0a0d-49f7-83b1-4716eec3b863", "title": "WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.7.00.003": { "from_version": "*", "from_inclusive": true, "to_version": "8.7.00.003", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7.00.004" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d6b95ee-0a0d-49f7-83b1-4716eec3b863?source=api-scan" ], "published": "2024-05-23 20:04:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d76a21c-bb79-4183-99ea-a07c18dfa180": { "id": "3d76a21c-bb79-4183-99ea-a07c18dfa180", "title": "Quiz And Survey Master <= 7.3.10 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d76a21c-bb79-4183-99ea-a07c18dfa180?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d76a807-d81d-45fc-a571-625a6ecf670b": { "id": "3d76a807-d81d-45fc-a571-625a6ecf670b", "title": "Cover WP <= 1.6.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Cover WP", "slug": "cover-wp", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d76a807-d81d-45fc-a571-625a6ecf670b?source=api-scan" ], "published": "2011-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d7af96a-5a3c-4291-a369-f6ed78f72a3f": { "id": "3d7af96a-5a3c-4291-a369-f6ed78f72a3f", "title": "WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite", "software": [ { "type": "plugin", "name": "WooEvents - Calendar and Event Booking", "slug": "woo-events", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d7af96a-5a3c-4291-a369-f6ed78f72a3f?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d7b4428-99ac-4f84-8595-941124121eb2": { "id": "3d7b4428-99ac-4f84-8595-941124121eb2", "title": "WP Forum <= 2.4 - SQL Injection", "software": [ { "type": "plugin", "name": "wp-forum", "slug": "wp-forum", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d7b4428-99ac-4f84-8595-941124121eb2?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d7ca3ff-eae4-425f-8340-9d9b4952ce4a": { "id": "3d7ca3ff-eae4-425f-8340-9d9b4952ce4a", "title": "Ultimate Noindex Nofollow Tool <= 1.1.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Ultimate Noindex Nofollow Tool", "slug": "ultimate-noindex-nofollow-tool", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d7ca3ff-eae4-425f-8340-9d9b4952ce4a?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d7e4d9c-d088-48db-88b7-09205115636f": { "id": "3d7e4d9c-d088-48db-88b7-09205115636f", "title": "Optimize Database after Deleting Revisions <= 5.1.1 - Cross-Site Request Forgery via 'odb_start_manually'", "software": [ { "type": "plugin", "name": "Optimize Database after Deleting Revisions", "slug": "rvg-optimize-database", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d7e4d9c-d088-48db-88b7-09205115636f?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d819b54-f057-4875-8e40-f5c77db2e5fd": { "id": "3d819b54-f057-4875-8e40-f5c77db2e5fd", "title": "Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cart66 Lite :: WordPress Ecommerce", "slug": "cart66-lite", "affected_versions": { "[*, 1.5.1.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d819b54-f057-4875-8e40-f5c77db2e5fd?source=api-scan" ], "published": "2013-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d8b4bb6-3715-40c1-8140-7fcf874ccec3": { "id": "3d8b4bb6-3715-40c1-8140-7fcf874ccec3", "title": "Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode", "software": [ { "type": "plugin", "name": "Allow PHP in Posts and Pages", "slug": "allow-php-in-posts-and-pages", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=api-scan" ], "published": "2023-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d8b8f54-b2af-42dd-af82-c1e8726c87e2": { "id": "3d8b8f54-b2af-42dd-af82-c1e8726c87e2", "title": "Text Hover <= 4.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Text Hover", "slug": "text-hover", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d8b8f54-b2af-42dd-af82-c1e8726c87e2?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d9179d2-2e90-4de7-8178-073a0ce5865b": { "id": "3d9179d2-2e90-4de7-8178-073a0ce5865b", "title": "HUSKY \u2013 Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d9179d2-2e90-4de7-8178-073a0ce5865b?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d933256-765b-4e1b-b5a1-39bf767bf860": { "id": "3d933256-765b-4e1b-b5a1-39bf767bf860", "title": "Mojoomla School Management System (Unspecified Version) - Authenticated (Student+) SQL Injection", "software": [ { "type": "plugin", "name": "School Management System for Wordpress", "slug": "school-management", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d933256-765b-4e1b-b5a1-39bf767bf860?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d9332be-2cf0-46cd-81e4-6436aeec0f83": { "id": "3d9332be-2cf0-46cd-81e4-6436aeec0f83", "title": "NextMove Lite \u2013 Thank You Page for WooCommerce & Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure", "software": [ { "type": "plugin", "name": "NextMove Lite \u2013 Thank You Page for WooCommerce", "slug": "woo-thank-you-page-nextmove-lite", "affected_versions": { "* - 2.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.1" ] }, { "type": "plugin", "name": "Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce", "slug": "finale-woocommerce-sales-countdown-timer-discount", "affected_versions": { "* - 2.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d96d38a-7f0e-4e47-ba49-727705eaaac6": { "id": "3d96d38a-7f0e-4e47-ba49-727705eaaac6", "title": "Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "theme", "name": "Empowerment", "slug": "empowerment", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d96d38a-7f0e-4e47-ba49-727705eaaac6?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d97eee1-0f72-4dd3-998a-acb454fa5e8a": { "id": "3d97eee1-0f72-4dd3-998a-acb454fa5e8a", "title": "Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update", "software": [ { "type": "plugin", "name": "Sync Post With Other Site", "slug": "sync-post-with-other-site", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d97eee1-0f72-4dd3-998a-acb454fa5e8a?source=api-scan" ], "published": "2024-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d996df9-3d61-4b2b-8d74-4faa7c5a151a": { "id": "3d996df9-3d61-4b2b-8d74-4faa7c5a151a", "title": "MySliderGallery <= 1.2.1 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "MySliderGallery", "slug": "mygallery", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4b5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d996df9-3d61-4b2b-8d74-4faa7c5a151a?source=api-scan" ], "published": "2007-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3d9f4fbe-6da6-4620-a071-00b7a462de45": { "id": "3d9f4fbe-6da6-4620-a071-00b7a462de45", "title": "WordPress Core < 4.1.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.5": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.5", "to_inclusive": true }, "3.8 - 3.8.5": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": true }, "3.9 - 3.9.3": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true }, "4.0 - 4.0.1": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true }, "4.1 - 4.1.1": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.6", "3.8.6", "3.9.4", "4.0.2", "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3d9f4fbe-6da6-4620-a071-00b7a462de45?source=api-scan" ], "published": "2015-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3da0a44f-d4b4-4330-a2e3-d25a2a7df926": { "id": "3da0a44f-d4b4-4330-a2e3-d25a2a7df926", "title": "WP Meta and Date Remover < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "WP Meta and Date Remover", "slug": "wp-meta-and-date-remover", "affected_versions": { "[*, 2.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3da0a44f-d4b4-4330-a2e3-d25a2a7df926?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3da37b4d-3dd7-450f-8169-28141eeb19c7": { "id": "3da37b4d-3dd7-450f-8169-28141eeb19c7", "title": "Game Server Status <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Game Server Status", "slug": "game-server-status", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3da37b4d-3dd7-450f-8169-28141eeb19c7?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3daa3a7d-bb92-41c7-92ad-71f6ff0bb50a": { "id": "3daa3a7d-bb92-41c7-92ad-71f6ff0bb50a", "title": "ClickFunnels <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "ClickFunnels", "slug": "clickfunnels", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3daa3a7d-bb92-41c7-92ad-71f6ff0bb50a?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dacef70-a881-400e-b9f7-c0a815cf624a": { "id": "3dacef70-a881-400e-b9f7-c0a815cf624a", "title": "Tiempo.com <= 0.1.2 - Cross-Site Request Forgery to Shortcode Deletion", "software": [ { "type": "plugin", "name": "Tiempo.com", "slug": "tiempocom", "affected_versions": { "* - 0.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dacef70-a881-400e-b9f7-c0a815cf624a?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dad7ba6-bac4-4f1a-83f5-fd5769cd4a45": { "id": "3dad7ba6-bac4-4f1a-83f5-fd5769cd4a45", "title": "Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.2.14)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dad7ba6-bac4-4f1a-83f5-fd5769cd4a45?source=api-scan" ], "published": "2018-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3db65e14-50c6-4afe-84e5-0785fe9bf77a": { "id": "3db65e14-50c6-4afe-84e5-0785fe9bf77a", "title": "BestWebSoft's LinkedIn < 1.0.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BestWebSoft's LinkedIn", "slug": "bws-linkedin", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3db65e14-50c6-4afe-84e5-0785fe9bf77a?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3db97180-9308-4891-9de9-acefe31d088f": { "id": "3db97180-9308-4891-9de9-acefe31d088f", "title": "All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 4.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3db97180-9308-4891-9de9-acefe31d088f?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dc26eaa-2da5-4cd6-b613-4da2faad0f3b": { "id": "3dc26eaa-2da5-4cd6-b613-4da2faad0f3b", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 2.21.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.21.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.21.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dc26eaa-2da5-4cd6-b613-4da2faad0f3b?source=api-scan" ], "published": "2022-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dc3b715-23eb-4cb9-8f44-1d3134c560ec": { "id": "3dc3b715-23eb-4cb9-8f44-1d3134c560ec", "title": "Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dc3b715-23eb-4cb9-8f44-1d3134c560ec?source=api-scan" ], "published": "2022-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dc69bba-39e0-46bd-8cdb-7cf1f7d36282": { "id": "3dc69bba-39e0-46bd-8cdb-7cf1f7d36282", "title": "Accordion Slider <= 1.9.6 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Accordion Slider", "slug": "accordion-slider", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dc69bba-39e0-46bd-8cdb-7cf1f7d36282?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dc7bc0a-b209-431f-a9f1-f850b1a1d1b4": { "id": "3dc7bc0a-b209-431f-a9f1-f850b1a1d1b4", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.4.2 - Authenticated (GiveWP Manager+) PHP Object Injection", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dc7bc0a-b209-431f-a9f1-f850b1a1d1b4?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dd08e56-0425-4711-87f1-39625f0ffae2": { "id": "3dd08e56-0425-4711-87f1-39625f0ffae2", "title": "Mobile Assistant Connector <= 2.2.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Mobile Assistant Connector", "slug": "mobile-assistant-connector", "affected_versions": { "2.2.2": { "from_version": "2.2.2", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dd08e56-0425-4711-87f1-39625f0ffae2?source=api-scan" ], "published": "2022-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dd66c4f-46f8-46d2-b424-beb6ecc69675": { "id": "3dd66c4f-46f8-46d2-b424-beb6ecc69675", "title": "StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StreamWeasels Twitch Integration", "slug": "streamweasels-twitch-integration", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dd66c4f-46f8-46d2-b424-beb6ecc69675?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dd6c562-3c1e-46a3-bd02-bb587d8e6c76": { "id": "3dd6c562-3c1e-46a3-bd02-bb587d8e6c76", "title": "Quiz and Survey Master <= 9.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 9.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dd6c562-3c1e-46a3-bd02-bb587d8e6c76?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dd8dac6-b969-498a-a1f8-2a00009ae1d8": { "id": "3dd8dac6-b969-498a-a1f8-2a00009ae1d8", "title": "Embedded Video <= 4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Embedded Video", "slug": "embedded-video-with-link", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dd8dac6-b969-498a-a1f8-2a00009ae1d8?source=api-scan" ], "published": "2010-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3de1bcd7-24a8-4566-819b-d6653344e132": { "id": "3de1bcd7-24a8-4566-819b-d6653344e132", "title": "AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AI Content Writing Assistant", "slug": "ai-content-writing-assistant", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3de1bcd7-24a8-4566-819b-d6653344e132?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3de27b2e-2196-4b8e-816c-729462a172d0": { "id": "3de27b2e-2196-4b8e-816c-729462a172d0", "title": "AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds", "slug": "another-wordpress-classifieds-plugin", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3de27b2e-2196-4b8e-816c-729462a172d0?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3de82328-e44f-4488-a2ae-1dd2c3b8a502": { "id": "3de82328-e44f-4488-a2ae-1dd2c3b8a502", "title": "Schema App Structured Data <= 1.22.3 - Missing Authorization via page_init", "software": [ { "type": "plugin", "name": "Schema App Structured Data", "slug": "schema-app-structured-data-for-schemaorg", "affected_versions": { "* - 1.22.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3de82328-e44f-4488-a2ae-1dd2c3b8a502?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3de98970-06a3-4bde-a7cb-42b6456fea6c": { "id": "3de98970-06a3-4bde-a7cb-42b6456fea6c", "title": "Responsive flipbook <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive flipbook wordpress plugin free download", "slug": "wppdf", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3de98970-06a3-4bde-a7cb-42b6456fea6c?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3deee9b5-2e36-447d-a492-e22e3dc6a5ab": { "id": "3deee9b5-2e36-447d-a492-e22e3dc6a5ab", "title": "Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3deee9b5-2e36-447d-a492-e22e3dc6a5ab?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3def97d8-4f25-4a67-bdce-7664a5c318bc": { "id": "3def97d8-4f25-4a67-bdce-7664a5c318bc", "title": "Copymatic \u2013 AI Content Writer & Generator <= 1.6 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Copymatic \u2013 AI Content Writer & Generator", "slug": "copymatic", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3def97d8-4f25-4a67-bdce-7664a5c318bc?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3df11929-37be-4c52-ae53-fbbe926659b7": { "id": "3df11929-37be-4c52-ae53-fbbe926659b7", "title": "WP-Stats < 2.52 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-Stats", "slug": "wp-stats", "affected_versions": { "[*, 2.52)": { "from_version": "*", "from_inclusive": true, "to_version": "2.52", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3df11929-37be-4c52-ae53-fbbe926659b7?source=api-scan" ], "published": "2015-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3df23ba9-337f-49ac-9d1f-6b993430a1ce": { "id": "3df23ba9-337f-49ac-9d1f-6b993430a1ce", "title": "Propovoice Pro <= 1.7.0.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Propovoice Pro", "slug": "propovoice-pro", "affected_versions": { "* - 1.7.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3df23ba9-337f-49ac-9d1f-6b993430a1ce?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3df8a0a2-e248-4c2e-a9c2-b5afc79cdd2a": { "id": "3df8a0a2-e248-4c2e-a9c2-b5afc79cdd2a", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.3 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3df8a0a2-e248-4c2e-a9c2-b5afc79cdd2a?source=api-scan" ], "published": "2022-04-18 10:14:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3df9f237-a861-43fc-8623-d42f84d8d5d1": { "id": "3df9f237-a861-43fc-8623-d42f84d8d5d1", "title": "Locations <= 3.2.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Locations", "slug": "locations", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3df9f237-a861-43fc-8623-d42f84d8d5d1?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3dfba044-42f8-44a2-be62-99af9d9094c3": { "id": "3dfba044-42f8-44a2-be62-99af9d9094c3", "title": "Advanced Custom Fields <= 3.5.1 - Remote Code Execution via Remote File Inclusion", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3dfba044-42f8-44a2-be62-99af9d9094c3?source=api-scan" ], "published": "2013-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e011042-6d90-42e2-a967-b3e00a89be47": { "id": "3e011042-6d90-42e2-a967-b3e00a89be47", "title": "WP Ajax Contact Form <= 2.2.2 - Cross-Site Request Forgery to Arbitrary Email Deletion", "software": [ { "type": "plugin", "name": "WP Ajax Contact Form", "slug": "wp-ajax-contact-form", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e011042-6d90-42e2-a967-b3e00a89be47?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e0231cf-7de7-4fe7-a0fe-20657f727fef": { "id": "3e0231cf-7de7-4fe7-a0fe-20657f727fef", "title": "Recall Products <= 0.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recall Products", "slug": "recall-products", "affected_versions": { "* - 0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e0231cf-7de7-4fe7-a0fe-20657f727fef?source=api-scan" ], "published": "2020-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e03bc79-b42e-4015-8476-2b0488c71028": { "id": "3e03bc79-b42e-4015-8476-2b0488c71028", "title": "Elegant Themes (Multiple Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Divi Builder", "slug": "divi-builder", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3" ] }, { "type": "theme", "name": "Divi", "slug": "Divi", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3" ] }, { "type": "theme", "name": "Divi Extra", "slug": "extra", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e03bc79-b42e-4015-8476-2b0488c71028?source=api-scan" ], "published": "2020-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e03ecc0-5ca1-4d64-a6d7-257325bcc5cb": { "id": "3e03ecc0-5ca1-4d64-a6d7-257325bcc5cb", "title": "Product Category Tree <= 2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Category Tree", "slug": "product-category-tree", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e03ecc0-5ca1-4d64-a6d7-257325bcc5cb?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e0e022b-857d-4e7f-99d2-3837014c254e": { "id": "3e0e022b-857d-4e7f-99d2-3837014c254e", "title": "Video Posts Webcam Recorder <= 1.55.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Webcam Microphone Screen Recorder HTML5", "slug": "video-posts-webcam-recorder", "affected_versions": { "* - 1.55.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.55.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.55.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e0e022b-857d-4e7f-99d2-3837014c254e?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e1008ad-daa9-4785-9dd5-4cdeb10d7e59": { "id": "3e1008ad-daa9-4785-9dd5-4cdeb10d7e59", "title": "Brizy \u2013 Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.40": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e1008ad-daa9-4785-9dd5-4cdeb10d7e59?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e10e25e-7d92-4374-8c8e-479cc0dabb1c": { "id": "3e10e25e-7d92-4374-8c8e-479cc0dabb1c", "title": "Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more <= 4.5.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more", "slug": "ilab-media-tools", "affected_versions": { "* - 4.5.24": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e10e25e-7d92-4374-8c8e-479cc0dabb1c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e1425e6-799b-48fb-b04c-36b906297150": { "id": "3e1425e6-799b-48fb-b04c-36b906297150", "title": "Images Asynchronous Load <= 1.05 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Images Asynchronous Load", "slug": "images-asynchronous-load", "affected_versions": { "* - 1.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e1425e6-799b-48fb-b04c-36b906297150?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e1497d7-64e8-4c2a-97f7-8dfa3bbc2820": { "id": "3e1497d7-64e8-4c2a-97f7-8dfa3bbc2820", "title": "If-So Dynamic Content Personalization <= 1.8.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "If-So Dynamic Content Personalization", "slug": "if-so", "affected_versions": { "* - 1.8.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e1497d7-64e8-4c2a-97f7-8dfa3bbc2820?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e152d9f-4fb9-41b9-baa4-b1bebac89641": { "id": "3e152d9f-4fb9-41b9-baa4-b1bebac89641", "title": "Multisite Content Copier\/Updater Pro < 2.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Multisite Content Copier\/Updater Pro", "slug": "wp-multisite-content-copier-pro", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e152d9f-4fb9-41b9-baa4-b1bebac89641?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e1864e7-bd3b-431f-9a9d-378b376298f9": { "id": "3e1864e7-bd3b-431f-9a9d-378b376298f9", "title": "Chartjs <= 2023.2 - Authenticated(Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "enigma-chartjs", "slug": "enigma-chartjs", "affected_versions": { "* - 2023.2": { "from_version": "*", "from_inclusive": true, "to_version": "2023.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e1864e7-bd3b-431f-9a9d-378b376298f9?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e1e6fb1-af66-460e-9fb1-8d14a8cbbea5": { "id": "3e1e6fb1-af66-460e-9fb1-8d14a8cbbea5", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio <= 1.72 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "* - 1.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e1e6fb1-af66-460e-9fb1-8d14a8cbbea5?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e1f64f5-090a-4961-8490-d34f458a8d44": { "id": "3e1f64f5-090a-4961-8490-d34f458a8d44", "title": "JS Job Manager < 1.1.9 - Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "JS Job Manager", "slug": "js-jobs", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e1f64f5-090a-4961-8490-d34f458a8d44?source=api-scan" ], "published": "2021-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e282a23-07e8-464a-9d6e-a2eb506064bc": { "id": "3e282a23-07e8-464a-9d6e-a2eb506064bc", "title": "Advanced AJAX Product Filters <= 1.5.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced AJAX Product Filters", "slug": "woocommerce-ajax-filters", "affected_versions": { "* - 1.5.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e282a23-07e8-464a-9d6e-a2eb506064bc?source=api-scan" ], "published": "2021-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e292a1f-d475-4c52-b790-b5215e1870ad": { "id": "3e292a1f-d475-4c52-b790-b5215e1870ad", "title": "CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "EasyBook \u2013 Hotel & Tour Booking WordPress Theme", "slug": "easybook", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "theme", "name": "TownHub - Directory & Listing WordPress Theme", "slug": "townhub", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "CityBook - Directory & Listing WordPress Theme", "slug": "citybook", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e292a1f-d475-4c52-b790-b5215e1870ad?source=api-scan" ], "published": "2019-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e2a9d71-21ef-45a1-99ed-477066ce9620": { "id": "3e2a9d71-21ef-45a1-99ed-477066ce9620", "title": "JetBackup \u2013 WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e2a9d71-21ef-45a1-99ed-477066ce9620?source=api-scan" ], "published": "2020-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e2af005-0bc2-445c-956a-ef6139abfee4": { "id": "3e2af005-0bc2-445c-956a-ef6139abfee4", "title": "Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP & AVIF", "slug": "optimole-wp", "affected_versions": { "[*, 3.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e2af005-0bc2-445c-956a-ef6139abfee4?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e2e8dfb-df74-41b7-9b3b-0f5d7b1c545b": { "id": "3e2e8dfb-df74-41b7-9b3b-0f5d7b1c545b", "title": "YOP Poll <= 6.1.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "[*, 6.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e2e8dfb-df74-41b7-9b3b-0f5d7b1c545b?source=api-scan" ], "published": "2020-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e34e774-30fe-49dc-b1f8-8dd63da65d23": { "id": "3e34e774-30fe-49dc-b1f8-8dd63da65d23", "title": "WpTravelly <= 1.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTravelly", "slug": "tour-booking-manager", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e34e774-30fe-49dc-b1f8-8dd63da65d23?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e374887-0062-4ca2-8e43-13a6c4207f84": { "id": "3e374887-0062-4ca2-8e43-13a6c4207f84", "title": "YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YouTube Embed, Playlist and Popup by WpDevArt", "slug": "youtube-video-player", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e374887-0062-4ca2-8e43-13a6c4207f84?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81": { "id": "3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81", "title": "Contest Gallery < 21.2.8.1 - Unauthenticated Stored Cross-Site Scripting via headers", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "[*, 21.2.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "21.2.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "21.2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81?source=api-scan" ], "published": "2023-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e3dc509-73c3-4869-b520-6f5c1d691184": { "id": "3e3dc509-73c3-4869-b520-6f5c1d691184", "title": "Simple Wp Sitemap <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Wp Sitemap", "slug": "simple-wp-sitemap", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e3dc509-73c3-4869-b520-6f5c1d691184?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e44b1e6-7342-4788-af80-aac6319f5246": { "id": "3e44b1e6-7342-4788-af80-aac6319f5246", "title": "Easy Digital Downloads \u2013 Recent Purchases <= 1.0.2 - Unauthenticated Remote File Inclusion", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Recent Purchases", "slug": "edd-recent-purchases", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e44b1e6-7342-4788-af80-aac6319f5246?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e471ef4-94c1-47d9-98ae-f79f7662e21a": { "id": "3e471ef4-94c1-47d9-98ae-f79f7662e21a", "title": "Woocommerce Open Close \u2013 Best Business Schedules Manager <= 4.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Open Close WooCommerce Store \u2013 Best Business Schedules Manager", "slug": "woc-open-close", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e471ef4-94c1-47d9-98ae-f79f7662e21a?source=api-scan" ], "published": "2022-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e477f41-8765-472a-b48b-d381cf7de5c6": { "id": "3e477f41-8765-472a-b48b-d381cf7de5c6", "title": "Photolio Theme (All Known Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "photolio", "slug": "photolio", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e477f41-8765-472a-b48b-d381cf7de5c6?source=api-scan" ], "published": "2013-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e4aaf2e-a0c6-47d2-9eb8-d65952a74424": { "id": "3e4aaf2e-a0c6-47d2-9eb8-d65952a74424", "title": "OneClick Chat to Order <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "OneClick Chat to Order", "slug": "oneclick-whatsapp-order", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e4aaf2e-a0c6-47d2-9eb8-d65952a74424?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e4da578-aa8d-40b4-98c7-3efef911f850": { "id": "3e4da578-aa8d-40b4-98c7-3efef911f850", "title": "Ad Inserter <= 2.4.19 - Authenticated Path Traversal", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "* - 2.4.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e4da578-aa8d-40b4-98c7-3efef911f850?source=api-scan" ], "published": "2019-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e55591e-c1e9-4667-b04f-4956d2f37d51": { "id": "3e55591e-c1e9-4667-b04f-4956d2f37d51", "title": "ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions", "software": [ { "type": "plugin", "name": "ARMember Premium \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember", "affected_versions": { "* - 6.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e55591e-c1e9-4667-b04f-4956d2f37d51?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e57ba2b-a95c-4410-9ba6-a66c6da36883": { "id": "3e57ba2b-a95c-4410-9ba6-a66c6da36883", "title": "Easy Redirect Manager <= 2.18.18 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Redirect Manager", "slug": "easy-redirect-manager", "affected_versions": { "* - 2.18.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e57ba2b-a95c-4410-9ba6-a66c6da36883?source=api-scan" ], "published": "2019-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e5800fa-e0d7-435f-98c2-6d91df26d657": { "id": "3e5800fa-e0d7-435f-98c2-6d91df26d657", "title": "myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "[*, 2.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e5800fa-e0d7-435f-98c2-6d91df26d657?source=api-scan" ], "published": "2022-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e5f3eac-d2da-43ea-9303-731d78102372": { "id": "3e5f3eac-d2da-43ea-9303-731d78102372", "title": "Restrict Content <= 3.2.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Membership Plugin \u2013 Restrict Content", "slug": "restrict-content", "affected_versions": { "* - 3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e5f3eac-d2da-43ea-9303-731d78102372?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e619e8e-e04b-4e42-9cee-65e5dedff3b6": { "id": "3e619e8e-e04b-4e42-9cee-65e5dedff3b6", "title": "WP Comment Remix <= 1.4.3 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Comment Remix", "slug": "wp-comment-remix", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e619e8e-e04b-4e42-9cee-65e5dedff3b6?source=api-scan" ], "published": "2008-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e61c868-b430-4aa6-8664-ae237db73d66": { "id": "3e61c868-b430-4aa6-8664-ae237db73d66", "title": "BackupGuard <= 1.1.46 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "* - 1.1.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e61c868-b430-4aa6-8664-ae237db73d66?source=api-scan" ], "published": "2017-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e62eba7-1ac9-4420-8692-58a169aa4330": { "id": "3e62eba7-1ac9-4420-8692-58a169aa4330", "title": "LiquidPoll <= 3.3.78 - Unauthenticated Stored Cross-Site Scripting via form_data Parameter", "software": [ { "type": "plugin", "name": "LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews", "slug": "wp-poll", "affected_versions": { "* - 3.3.78": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.78", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e62eba7-1ac9-4420-8692-58a169aa4330?source=api-scan" ], "published": "2024-08-20 17:21:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e63a70c-924b-4736-a712-80538bfd7ca7": { "id": "3e63a70c-924b-4736-a712-80538bfd7ca7", "title": "SupportFlow <= 0.6 - Stored Cross-Site Scripting via discussion ticket title", "software": [ { "type": "plugin", "name": "SupportFlow", "slug": "supportflow", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e63a70c-924b-4736-a712-80538bfd7ca7?source=api-scan" ], "published": "2016-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e650516-49eb-4475-8faa-76ca123d531f": { "id": "3e650516-49eb-4475-8faa-76ca123d531f", "title": "WOOF - Products Filter for WooCommerce <= 1.1.9 - Local File Inclusion", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e650516-49eb-4475-8faa-76ca123d531f?source=api-scan" ], "published": "2018-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e742b21-1097-459c-8c67-46d105e7b6e8": { "id": "3e742b21-1097-459c-8c67-46d105e7b6e8", "title": "Keyword Meta <= 3.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keyword Meta", "slug": "keyword-meta", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e742b21-1097-459c-8c67-46d105e7b6e8?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e744c77-efa2-4910-af18-56aa15424412": { "id": "3e744c77-efa2-4910-af18-56aa15424412", "title": "WP Support Plus Responsive Ticket System <= 4.1 - Improper Authentication", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e744c77-efa2-4910-af18-56aa15424412?source=api-scan" ], "published": "2014-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e75cdd9-54cb-46de-8647-b92831324774": { "id": "3e75cdd9-54cb-46de-8647-b92831324774", "title": "Master Popups <= 1.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Popups", "slug": "master-popups-lite", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e75cdd9-54cb-46de-8647-b92831324774?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e76c4b3-af77-4c02-a923-f04a360fa6e0": { "id": "3e76c4b3-af77-4c02-a923-f04a360fa6e0", "title": "Post Views Counter <= 1.3.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Views Counter", "slug": "post-views-counter", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e76c4b3-af77-4c02-a923-f04a360fa6e0?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e772760-f390-417f-82d0-f415a6ef837d": { "id": "3e772760-f390-417f-82d0-f415a6ef837d", "title": "Login Block IPs <= 1.0.0 - IP Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Login Block IPs", "slug": "login-block-ips", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e772760-f390-417f-82d0-f415a6ef837d?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e7bd708-2e82-4fef-85f2-bf4f56f66bc4": { "id": "3e7bd708-2e82-4fef-85f2-bf4f56f66bc4", "title": "Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters", "software": [ { "type": "plugin", "name": "Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery", "slug": "simply-gallery-block", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e7bd708-2e82-4fef-85f2-bf4f56f66bc4?source=api-scan" ], "published": "2024-06-27 20:19:59", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e7d10ab-2525-407b-b814-ef7d884d5287": { "id": "3e7d10ab-2525-407b-b814-ef7d884d5287", "title": "Content Cards <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Content Cards", "slug": "content-cards", "affected_versions": { "* - 0.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e7d10ab-2525-407b-b814-ef7d884d5287?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e815531-f966-44a1-a037-8077a40c83b0": { "id": "3e815531-f966-44a1-a037-8077a40c83b0", "title": "Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.7.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e815531-f966-44a1-a037-8077a40c83b0?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e85adbd-7e82-4949-916b-20aba1f97bf1": { "id": "3e85adbd-7e82-4949-916b-20aba1f97bf1", "title": "Privacy Policy Generator, Terms & Conditions Generator - WPLegalPages <= 2.7.0 - Arbitrary Settings Update to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages", "slug": "wplegalpages", "affected_versions": { "[*, 2.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e85adbd-7e82-4949-916b-20aba1f97bf1?source=api-scan" ], "published": "2022-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e8a25d1-4bd8-4ecf-ac10-a333abaac328": { "id": "3e8a25d1-4bd8-4ecf-ac10-a333abaac328", "title": "Image Intense <= 3.2.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Image Intense", "slug": "image-intense", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e8a25d1-4bd8-4ecf-ac10-a333abaac328?source=api-scan" ], "published": "2018-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e8a881d-d6d0-4bcc-9894-286ce0468393": { "id": "3e8a881d-d6d0-4bcc-9894-286ce0468393", "title": "Slideshow Gallery <= 1.6.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e8a881d-d6d0-4bcc-9894-286ce0468393?source=api-scan" ], "published": "2018-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e8d9909-7b98-4d98-8293-0c30eebc6c7b": { "id": "3e8d9909-7b98-4d98-8293-0c30eebc6c7b", "title": "Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post", "software": [ { "type": "plugin", "name": "Gift Up Gift Cards for WordPress and WooCommerce", "slug": "gift-up", "affected_versions": { "* - 2.21.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.21.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e8d9909-7b98-4d98-8293-0c30eebc6c7b?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e8fe670-5072-43c2-8ff6-e8730d24b9cd": { "id": "3e8fe670-5072-43c2-8ff6-e8730d24b9cd", "title": "Qiniu Uploader <= 0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Qiniu Uploader", "slug": "qiniu-uploader", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e8fe670-5072-43c2-8ff6-e8730d24b9cd?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e8ff1f4-1217-4bb5-ba2d-6d2ff847072a": { "id": "3e8ff1f4-1217-4bb5-ba2d-6d2ff847072a", "title": "Easy PayPal Buy Now Button <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy PayPal & Stripe Buy Now Button", "slug": "wp-ecommerce-paypal", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e8ff1f4-1217-4bb5-ba2d-6d2ff847072a?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e900c98-5ab1-4674-b820-553c44df7c02": { "id": "3e900c98-5ab1-4674-b820-553c44df7c02", "title": "FavIcon Switcher <= 1.2.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FavIcon Switcher", "slug": "favicon-switcher", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e900c98-5ab1-4674-b820-553c44df7c02?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e91fabe-469f-4743-bb8d-76ef20313b37": { "id": "3e91fabe-469f-4743-bb8d-76ef20313b37", "title": "WP Reset \u2013 Most Advanced WordPress Reset Tool (PRO) 5.00- 5.98 - Missing Authorization to Database Reset", "software": [ { "type": "plugin", "name": "WP Reset Pro \u2013 Most Advanced WordPress Reset Tool", "slug": "wp-reset", "affected_versions": { "5.00 - 5.98": { "from_version": "5.00", "from_inclusive": true, "to_version": "5.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e91fabe-469f-4743-bb8d-76ef20313b37?source=api-scan" ], "published": "2021-11-10 14:22:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3e9672b1-6d00-45bc-91ef-0c5583b5306e": { "id": "3e9672b1-6d00-45bc-91ef-0c5583b5306e", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3e9672b1-6d00-45bc-91ef-0c5583b5306e?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ea52e59-d81c-4a3f-953e-34f8214c01d8": { "id": "3ea52e59-d81c-4a3f-953e-34f8214c01d8", "title": "Ads Box <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Ads Box", "slug": "ads-box", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ea52e59-d81c-4a3f-953e-34f8214c01d8?source=api-scan" ], "published": "2012-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ea8046a-b4cf-4122-b6f2-4945bc9c99ac": { "id": "3ea8046a-b4cf-4122-b6f2-4945bc9c99ac", "title": "Inquiry Cart <= 3.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Inquiry cart", "slug": "inquiry-cart", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ea8046a-b4cf-4122-b6f2-4945bc9c99ac?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eab1e93-ecf1-4ac6-95b0-9a58c2de867a": { "id": "3eab1e93-ecf1-4ac6-95b0-9a58c2de867a", "title": "Cooked <= 1.7.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eab1e93-ecf1-4ac6-95b0-9a58c2de867a?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ead3aee-3d72-4fc0-a613-700ec75fb0bb": { "id": "3ead3aee-3d72-4fc0-a613-700ec75fb0bb", "title": "Simple Tooltips <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Tooltips", "slug": "simple-tooltips", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ead3aee-3d72-4fc0-a613-700ec75fb0bb?source=api-scan" ], "published": "2023-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eb4b3e7-6aad-4201-b48b-c8d788eb8acf": { "id": "3eb4b3e7-6aad-4201-b48b-c8d788eb8acf", "title": "Limit Attempts by BestWebSoft < 1.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limit Attempts by BestWebSoft \u2013 WordPress Anti-Bot and Security Plugin for Login and Forms", "slug": "limit-attempts", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eb4b3e7-6aad-4201-b48b-c8d788eb8acf?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ebc0e28-ced8-4fb0-818d-1452faf9660d": { "id": "3ebc0e28-ced8-4fb0-818d-1452faf9660d", "title": "Post Grid Master <= 3.4.12 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Master \u2013 Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder", "slug": "ajax-filter-posts", "affected_versions": { "* - 3.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ebc0e28-ced8-4fb0-818d-1452faf9660d?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ebc324a-4858-4502-b962-a4e26ca7445e": { "id": "3ebc324a-4858-4502-b962-a4e26ca7445e", "title": "Make A Statement (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Make A Statement", "slug": "make_a_statement", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ebc324a-4858-4502-b962-a4e26ca7445e?source=api-scan" ], "published": "2013-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ebd05d5-a65d-49df-a865-882e9d17fc0f": { "id": "3ebd05d5-a65d-49df-a865-882e9d17fc0f", "title": "WooCommerce Box Office <= 1.1.50 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Box Office", "slug": "woocommerce-box-office", "affected_versions": { "* - 1.1.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ebd05d5-a65d-49df-a865-882e9d17fc0f?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ebdb591-4fd4-4ea3-a0db-b934c67176de": { "id": "3ebdb591-4fd4-4ea3-a0db-b934c67176de", "title": "RapidLoad Power-Up for Autoptimize <= 2.2.11 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 2.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ebdb591-4fd4-4ea3-a0db-b934c67176de?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ebe25a7-fa4d-4e3f-b969-2ff3a8388b06": { "id": "3ebe25a7-fa4d-4e3f-b969-2ff3a8388b06", "title": "WP Fastest Cache <= 0.8.5.7 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ebe25a7-fa4d-4e3f-b969-2ff3a8388b06?source=api-scan" ], "published": "2016-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ebe7680-a76d-4178-a729-f0d79d861912": { "id": "3ebe7680-a76d-4178-a729-f0d79d861912", "title": "NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "NotificationX \u2013 Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar", "slug": "notificationx", "affected_versions": { "[*, 1.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ebe7680-a76d-4178-a729-f0d79d861912?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ebebe75-155a-4097-95ec-f31c6047f19a": { "id": "3ebebe75-155a-4097-95ec-f31c6047f19a", "title": "Canva \u2013 Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Canva \u2013 Design beautiful blog graphics", "slug": "canva", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ebebe75-155a-4097-95ec-f31c6047f19a?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ebfc9f5-abb7-47bc-bd38-f60df1cccb5d": { "id": "3ebfc9f5-abb7-47bc-bd38-f60df1cccb5d", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ebfc9f5-abb7-47bc-bd38-f60df1cccb5d?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ec2f684-fa04-4201-a826-1eed328821de": { "id": "3ec2f684-fa04-4201-a826-1eed328821de", "title": "Disqus Comment System < 2.76 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Disqus Comment System", "slug": "disqus-comment-system", "affected_versions": { "[*, 2.76)": { "from_version": "*", "from_inclusive": true, "to_version": "2.76", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ec2f684-fa04-4201-a826-1eed328821de?source=api-scan" ], "published": "2014-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ec44487-7529-46a8-b2eb-cc5fe0f8f062": { "id": "3ec44487-7529-46a8-b2eb-cc5fe0f8f062", "title": "Betheme <= 26.6.2 - Missing Authorization to Theme Settings Update", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "26.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ec44487-7529-46a8-b2eb-cc5fe0f8f062?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ec4e870-dd0f-4ec5-a03c-da47e6c1ef61": { "id": "3ec4e870-dd0f-4ec5-a03c-da47e6c1ef61", "title": "bbPress Login Register Links On Forum Topic Pages <= 2.7.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "bbPress Login Register Links On Forum Topic Pages", "slug": "bbpress-login-register-links-on-forum-topic-pages", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ec4e870-dd0f-4ec5-a03c-da47e6c1ef61?source=api-scan" ], "published": "2019-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ec6faa4-d8d3-4c5e-91b2-142164d3b481": { "id": "3ec6faa4-d8d3-4c5e-91b2-142164d3b481", "title": "Font Farsi <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Font Farsi", "slug": "font-farsi", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ec6faa4-d8d3-4c5e-91b2-142164d3b481?source=api-scan" ], "published": "2024-05-29 19:56:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ec761eb-6bd9-4c19-a98d-cb4738922a84": { "id": "3ec761eb-6bd9-4c19-a98d-cb4738922a84", "title": "Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Gravity Forms: Multiple Form Instances", "slug": "gravity-forms-multiple-form-instances", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ec761eb-6bd9-4c19-a98d-cb4738922a84?source=api-scan" ], "published": "2024-07-09 15:25:05", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ec7f51d-5d65-40ff-9fe5-0fa6d5225fba": { "id": "3ec7f51d-5d65-40ff-9fe5-0fa6d5225fba", "title": "Plotly <= 1.0.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plotly", "slug": "wp-plotly", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ec7f51d-5d65-40ff-9fe5-0fa6d5225fba?source=api-scan" ], "published": "2015-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ec997c8-3f47-45c8-8fa2-019b01c97c94": { "id": "3ec997c8-3f47-45c8-8fa2-019b01c97c94", "title": "Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "[*, 2.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ec997c8-3f47-45c8-8fa2-019b01c97c94?source=api-scan" ], "published": "2020-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eca4da3-2d8b-4a68-807b-d9a2cb52fb6b": { "id": "3eca4da3-2d8b-4a68-807b-d9a2cb52fb6b", "title": "Pardakht Delkhah <= 2.9.8 - Cross-Site Request Forgery to Form Setting Reset", "software": [ { "type": "plugin", "name": "\u067e\u0644\u0627\u06af\u06cc\u0646 \u067e\u0631\u062f\u0627\u062e\u062a \u062f\u0644\u062e\u0648\u0627\u0647", "slug": "pardakht-delkhah", "affected_versions": { "* - 2.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eca4da3-2d8b-4a68-807b-d9a2cb52fb6b?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ed1c2a2-54ee-4dc8-a54d-01d7a6dbc22e": { "id": "3ed1c2a2-54ee-4dc8-a54d-01d7a6dbc22e", "title": "AI ChatBot <= 4.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ed1c2a2-54ee-4dc8-a54d-01d7a6dbc22e?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ed280ba-d7e5-4637-ab84-93dc82c009d8": { "id": "3ed280ba-d7e5-4637-ab84-93dc82c009d8", "title": "Admin Word Count Column <= 2.2 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "Admin Word Count Column", "slug": "admin-word-count-column", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ed280ba-d7e5-4637-ab84-93dc82c009d8?source=api-scan" ], "published": "2022-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ed30ebb-cb06-428c-a60e-676f36e75fa9": { "id": "3ed30ebb-cb06-428c-a60e-676f36e75fa9", "title": "WooCommerce Tranzila Gateway <= 1.0.8 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Woocommerce Tranzila Payment Gateway", "slug": "woo-tranzila-gateway", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ed30ebb-cb06-428c-a60e-676f36e75fa9?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ed45d70-a528-47ee-84c9-26948dfe91f1": { "id": "3ed45d70-a528-47ee-84c9-26948dfe91f1", "title": "Platinum SEO <= 1.3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Platinum SEO", "slug": "platinum-seo-pack", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ed45d70-a528-47ee-84c9-26948dfe91f1?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ed6d5e6-1094-46ec-afb9-43c142f334ed": { "id": "3ed6d5e6-1094-46ec-afb9-43c142f334ed", "title": "Plausible Analytics <= 1.3.3 - Reflected Cross-Site Scripting via page-url", "software": [ { "type": "plugin", "name": "Plausible Analytics", "slug": "plausible-analytics", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ed6d5e6-1094-46ec-afb9-43c142f334ed?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3": { "id": "3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3", "title": "LuckyWP Scripts Control <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LuckyWP Scripts Control", "slug": "luckywp-scripts-control", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3edb95f1-aa82-4b51-957e-2039dd8624e1": { "id": "3edb95f1-aa82-4b51-957e-2039dd8624e1", "title": "Titan Anti Spam & Security <= 7.3.0 - IP Spoofing to Protection Bypass", "software": [ { "type": "plugin", "name": "Titan Anti-spam & Security", "slug": "anti-spam", "affected_versions": { "* - 7.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3edb95f1-aa82-4b51-957e-2039dd8624e1?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3edc40b7-5cf6-413b-80c5-b001934bedc3": { "id": "3edc40b7-5cf6-413b-80c5-b001934bedc3", "title": "GNU-Mailman Integration <= 1.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GNU-Mailman Integration", "slug": "gnu-mailman-integration", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3edc40b7-5cf6-413b-80c5-b001934bedc3?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3edce64d-13c2-454a-b5da-0454453f69cb": { "id": "3edce64d-13c2-454a-b5da-0454453f69cb", "title": "SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab'", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "* - 12.1.20": { "from_version": "*", "from_inclusive": true, "to_version": "12.1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.1.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3edce64d-13c2-454a-b5da-0454453f69cb?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eddc03d-ecff-4b50-a574-7b6b62e53af0": { "id": "3eddc03d-ecff-4b50-a574-7b6b62e53af0", "title": "wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eddc03d-ecff-4b50-a574-7b6b62e53af0?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ee49082-5255-4ab7-9562-bd786a32382c": { "id": "3ee49082-5255-4ab7-9562-bd786a32382c", "title": "Turn off all comments <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Turn off all comments", "slug": "turn-off-comments-for-all-posts", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ee49082-5255-4ab7-9562-bd786a32382c?source=api-scan" ], "published": "2022-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ee59570-85c3-4394-bebb-c3f49c08be67": { "id": "3ee59570-85c3-4394-bebb-c3f49c08be67", "title": "Live News <= 1.06 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Live News \u2013 Responsive News Ticker", "slug": "live-news-lite", "affected_versions": { "* - 1.06": { "from_version": "*", "from_inclusive": true, "to_version": "1.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ee59570-85c3-4394-bebb-c3f49c08be67?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eec5823-f1ee-464c-8344-eed3ee991602": { "id": "3eec5823-f1ee-464c-8344-eed3ee991602", "title": "stats <= 1.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "stats", "slug": "stats", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eec5823-f1ee-464c-8344-eed3ee991602?source=api-scan" ], "published": "2007-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eece451-65a3-4c9d-a8eb-05f6f3e2d1d5": { "id": "3eece451-65a3-4c9d-a8eb-05f6f3e2d1d5", "title": "Fast Custom Social Share by CodeBard <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fast Custom Social Share by CodeBard", "slug": "fast-custom-social-share-by-codebard", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eece451-65a3-4c9d-a8eb-05f6f3e2d1d5?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eedc57b-79cc-4569-b6d6-676a22aa1e06": { "id": "3eedc57b-79cc-4569-b6d6-676a22aa1e06", "title": "Active Directory Integration \/ LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Active Directory Integration \/ LDAP Integration", "slug": "ldap-login-for-intranet-sites", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ef57441-8e35-44c4-b566-56e8f1dd18d9": { "id": "3ef57441-8e35-44c4-b566-56e8f1dd18d9", "title": "Total Poll Lite <= 4.9.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Poll | Vote | Contest \u2013 Best Poll Plugin for WordPress", "slug": "totalpoll-lite", "affected_versions": { "* - 4.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ef57441-8e35-44c4-b566-56e8f1dd18d9?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ef8bf84-768f-4ef1-8037-4e51ccc20c83": { "id": "3ef8bf84-768f-4ef1-8037-4e51ccc20c83", "title": "Simple Staff List <= 2.2.4 - Missing Authorization via ajax_flush_rewrite_rules and staff_member_export", "software": [ { "type": "plugin", "name": "Simple Staff List", "slug": "simple-staff-list", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ef8bf84-768f-4ef1-8037-4e51ccc20c83?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eff4992-dbd4-4b9b-872e-1670ce7dab9d": { "id": "3eff4992-dbd4-4b9b-872e-1670ce7dab9d", "title": "ApplyOnline \u2013 Application Form Builder and Manager <= 2.6.2 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "ApplyOnline \u2013 Application Form Builder and Manager", "slug": "apply-online", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eff4992-dbd4-4b9b-872e-1670ce7dab9d?source=api-scan" ], "published": "2024-05-21 19:49:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3eff7a6f-7098-4298-b399-91974b16fda2": { "id": "3eff7a6f-7098-4298-b399-91974b16fda2", "title": "ClickBank Affiliate Ads <= 1.20 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliate Ads for ClickBank", "slug": "clickbank-ads-clickbank-widget", "affected_versions": { "* - 1.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3eff7a6f-7098-4298-b399-91974b16fda2?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f04a742-56be-42e9-9080-2131c6e98325": { "id": "3f04a742-56be-42e9-9080-2131c6e98325", "title": "Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Travel Map", "slug": "travelmap-blog", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f04a742-56be-42e9-9080-2131c6e98325?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f0866a4-0edf-4fb7-8628-4b8e18a2b4bb": { "id": "3f0866a4-0edf-4fb7-8628-4b8e18a2b4bb", "title": "Simple Fields <= 1.4.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Fields", "slug": "simple-fields", "affected_versions": { "* - 1.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f0866a4-0edf-4fb7-8628-4b8e18a2b4bb?source=api-scan" ], "published": "2019-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f08fd6e-4c1b-40e7-92ba-72cdd03ff585": { "id": "3f08fd6e-4c1b-40e7-92ba-72cdd03ff585", "title": "WHMCS Bridge <= 6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WHMCS Bridge", "slug": "whmcs-bridge", "affected_versions": { "* - 6.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4b" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f08fd6e-4c1b-40e7-92ba-72cdd03ff585?source=api-scan" ], "published": "2022-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f0b212a-969b-4cd3-a31c-40b9ff9dce5f": { "id": "3f0b212a-969b-4cd3-a31c-40b9ff9dce5f", "title": "Image Gallery \u2013 Responsive Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting via linkbutton", "software": [ { "type": "plugin", "name": "Image Gallery - Responsive Photo Gallery", "slug": "gallery-images", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f0b212a-969b-4cd3-a31c-40b9ff9dce5f?source=api-scan" ], "published": "2016-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f0ed355-b5c8-4143-b391-7436d67ba0de": { "id": "3f0ed355-b5c8-4143-b391-7436d67ba0de", "title": "E2Pdf <= 1.20.23 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "E2Pdf \u2013 Export Pdf Tool for WordPress", "slug": "e2pdf", "affected_versions": { "[*, 1.20.24)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f0ed355-b5c8-4143-b391-7436d67ba0de?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f11416c-c981-4c85-822c-497ecfaa842d": { "id": "3f11416c-c981-4c85-822c-497ecfaa842d", "title": "Campaign Monitor Forms <= 2.5.5 - Missing Authorization to Authenticated(Subscriber+) Options Update via ajax_dismiss_notice", "software": [ { "type": "plugin", "name": "Campaign Monitor Forms by Optin Cat", "slug": "campaign-monitor-wp", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f11416c-c981-4c85-822c-497ecfaa842d?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f18437c-2258-4f5b-a114-fb099f115f2e": { "id": "3f18437c-2258-4f5b-a114-fb099f115f2e", "title": "Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dropdown Menu Widget", "slug": "dropdown-menu-widget", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f18437c-2258-4f5b-a114-fb099f115f2e?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f18a07f-c7de-49ac-9a11-f9cbc48b125a": { "id": "3f18a07f-c7de-49ac-9a11-f9cbc48b125a", "title": "DJ EmailPublish <= 1.7.2 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DJ EmailPublish", "slug": "dj-email-publish", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f18a07f-c7de-49ac-9a11-f9cbc48b125a?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f18f658-abce-4e15-ae2f-4879716534af": { "id": "3f18f658-abce-4e15-ae2f-4879716534af", "title": "Travel Monster <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Travel Monster", "slug": "travel-monster", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f18f658-abce-4e15-ae2f-4879716534af?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f1df412-86cd-4ebc-913b-674cc3b8d89a": { "id": "3f1df412-86cd-4ebc-913b-674cc3b8d89a", "title": "WP ULike <= 4.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "* - 4.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f1df412-86cd-4ebc-913b-674cc3b8d89a?source=api-scan" ], "published": "2024-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f202cc3-ab74-4abb-9eed-b4caf9fccb71": { "id": "3f202cc3-ab74-4abb-9eed-b4caf9fccb71", "title": "JoomSport <= 5.2.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more", "slug": "joomsport-sports-league-results-management", "affected_versions": { "* - 5.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f202cc3-ab74-4abb-9eed-b4caf9fccb71?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f244b8e-94ae-4d95-83a7-53b826e98656": { "id": "3f244b8e-94ae-4d95-83a7-53b826e98656", "title": "WP Stripe Checkout <= 1.2.2.37 - Sensitive Information Exposure via Debug Log", "software": [ { "type": "plugin", "name": "WP Stripe Checkout", "slug": "wp-stripe-checkout", "affected_versions": { "* - 1.2.2.37": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f244b8e-94ae-4d95-83a7-53b826e98656?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f28b1b2-e751-423e-b4c5-893778eebf3f": { "id": "3f28b1b2-e751-423e-b4c5-893778eebf3f", "title": "IFrame Shortcode <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "IFrame Shortcode", "slug": "flynsarmy-iframe-shortcode", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f28b1b2-e751-423e-b4c5-893778eebf3f?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f2c97f4-0a6e-4693-a6c8-bd81ca76988c": { "id": "3f2c97f4-0a6e-4693-a6c8-bd81ca76988c", "title": "JetEngine <= 3.2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "JetEngine", "slug": "jet-engine", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f2c97f4-0a6e-4693-a6c8-bd81ca76988c?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f2d6c42-4baa-4d15-934f-0f8998c7d654": { "id": "3f2d6c42-4baa-4d15-934f-0f8998c7d654", "title": "Post Carousel < 2.3.5 - Missing Capabilities Check", "software": [ { "type": "plugin", "name": "Smart Post Show \u2013 Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More", "slug": "post-carousel", "affected_versions": { "[*, 2.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f2d6c42-4baa-4d15-934f-0f8998c7d654?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f3448ad-61b3-4eac-a5ba-9bea41c85fd3": { "id": "3f3448ad-61b3-4eac-a5ba-9bea41c85fd3", "title": "Glass <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Glass", "slug": "glass", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f3448ad-61b3-4eac-a5ba-9bea41c85fd3?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f378797-a7a7-4691-8d37-1caef454bb4f": { "id": "3f378797-a7a7-4691-8d37-1caef454bb4f", "title": "Quiz and Survey Master <= 6.4.12 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 6.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f378797-a7a7-4691-8d37-1caef454bb4f?source=api-scan" ], "published": "2020-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f389cbf-a327-46a1-9fb7-ed393212033a": { "id": "3f389cbf-a327-46a1-9fb7-ed393212033a", "title": "WordPress Core 2.9.2 and 3.0.4 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "2.9.2": { "from_version": "2.9.2", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true }, "3.0.4": { "from_version": "3.0.4", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0", "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f389cbf-a327-46a1-9fb7-ed393212033a?source=api-scan" ], "published": "2011-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f39c478-7b64-4afc-8c3f-9409e105954a": { "id": "3f39c478-7b64-4afc-8c3f-9409e105954a", "title": "OptinMonster <= 2.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation", "slug": "optinmonster", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f39c478-7b64-4afc-8c3f-9409e105954a?source=api-scan" ], "published": "2021-09-20 18:03:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f3aec3a-c1d3-4f7f-9f45-7a3ec42ce260": { "id": "3f3aec3a-c1d3-4f7f-9f45-7a3ec42ce260", "title": "Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider by 10Web \u2013 Responsive Image Slider", "slug": "slider-wd", "affected_versions": { "* - 1.2.52": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f3aec3a-c1d3-4f7f-9f45-7a3ec42ce260?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f3c556d-8baf-4d75-a331-51b76ee084ee": { "id": "3f3c556d-8baf-4d75-a331-51b76ee084ee", "title": "Breadcrumb NavXT <= 6.1.0 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Breadcrumb NavXT", "slug": "breadcrumb-navxt", "affected_versions": { "* - 6.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f3c556d-8baf-4d75-a331-51b76ee084ee?source=api-scan" ], "published": "2018-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f408f1f-207e-427a-a5d0-d0fadf453d7e": { "id": "3f408f1f-207e-427a-a5d0-d0fadf453d7e", "title": "Radio Player <= 2.0.73 - Missing Authorization to Player Deletion", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f408f1f-207e-427a-a5d0-d0fadf453d7e?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f445e0e-c32d-4c46-85ac-fa21f99d30ec": { "id": "3f445e0e-c32d-4c46-85ac-fa21f99d30ec", "title": "WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100", "slug": "wp2speed", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f445e0e-c32d-4c46-85ac-fa21f99d30ec?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f4806a3-643e-45b0-953f-6c0628359495": { "id": "3f4806a3-643e-45b0-953f-6c0628359495", "title": "WP Shop < 3.4.3.16 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Shop", "slug": "wp-shop-original", "affected_versions": { "[*, 3.4.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f4806a3-643e-45b0-953f-6c0628359495?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f4893b9-e032-45d6-a542-0ead70c61e2f": { "id": "3f4893b9-e032-45d6-a542-0ead70c61e2f", "title": "WebP Express < 0.14.11 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "WebP Express", "slug": "webp-express", "affected_versions": { "[*, 0.14.11)": { "from_version": "*", "from_inclusive": true, "to_version": "0.14.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.14.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f4893b9-e032-45d6-a542-0ead70c61e2f?source=api-scan" ], "published": "2018-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f4ac2c0-2c22-431c-b892-b4bf6a7319ce": { "id": "3f4ac2c0-2c22-431c-b892-b4bf6a7319ce", "title": "CM Tooltip Glossary <= 3.9.20 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Tooltip Glossary", "slug": "enhanced-tooltipglossary", "affected_versions": { "[*, 3.9.21)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f4ac2c0-2c22-431c-b892-b4bf6a7319ce?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f5413be-76b8-457c-9236-3ef760f46d40": { "id": "3f5413be-76b8-457c-9236-3ef760f46d40", "title": "Custom Metas <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "custom-metas", "slug": "custom-metas", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f5413be-76b8-457c-9236-3ef760f46d40?source=api-scan" ], "published": "2016-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f56338f-1687-42c3-8fe2-f62fe962eefd": { "id": "3f56338f-1687-42c3-8fe2-f62fe962eefd", "title": "WordPress Jitsi Shortcode <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Jitsi Shortcode", "slug": "wp-jitsi-shortcodes", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f56338f-1687-42c3-8fe2-f62fe962eefd?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f594989-8db3-41c8-9089-b4e2d995270e": { "id": "3f594989-8db3-41c8-9089-b4e2d995270e", "title": "Order XML File Export Import for WooCommerce < 1.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Order XML File Export Import for WooCommerce", "slug": "order-xml-file-export-import-for-woocommerce", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f594989-8db3-41c8-9089-b4e2d995270e?source=api-scan" ], "published": "2018-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f596af2-ff83-4c67-a8f0-e4df4a0adbd2": { "id": "3f596af2-ff83-4c67-a8f0-e4df4a0adbd2", "title": "Add Social Share Buttons for Whatsapp and Viber < 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Add Social Share Buttons for Whatsapp and Viber", "slug": "add-social-share-buttons", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f596af2-ff83-4c67-a8f0-e4df4a0adbd2?source=api-scan" ], "published": "2018-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f5eef96-b9db-444b-82b8-86132376e29c": { "id": "3f5eef96-b9db-444b-82b8-86132376e29c", "title": "Salat Times < = 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Salat Times", "slug": "salat-times", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f5eef96-b9db-444b-82b8-86132376e29c?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f5ff15d-2436-48d4-a31d-6bfd9704149f": { "id": "3f5ff15d-2436-48d4-a31d-6bfd9704149f", "title": "Yahoo Updates For WordPress <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "yahoo-updates-for-wordpress", "slug": "yahoo-updates-for-wordpress", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f5ff15d-2436-48d4-a31d-6bfd9704149f?source=api-scan" ], "published": "2014-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f630773-f65a-44a5-9b84-ea542c78a69a": { "id": "3f630773-f65a-44a5-9b84-ea542c78a69a", "title": "Clean Login <= 1.10.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Clean Login", "slug": "clean-login", "affected_versions": { "* - 1.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f630773-f65a-44a5-9b84-ea542c78a69a?source=api-scan" ], "published": "2020-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f6412bf-65ec-445f-a1fe-27aeb8330712": { "id": "3f6412bf-65ec-445f-a1fe-27aeb8330712", "title": "Soledad <= 8.4.5 - Missing Authorization", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f6412bf-65ec-445f-a1fe-27aeb8330712?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f6683c7-182a-4cd9-be6e-9832f01c3c71": { "id": "3f6683c7-182a-4cd9-be6e-9832f01c3c71", "title": "GoCodes <= 1.3.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GoCodes", "slug": "gocodes", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f6683c7-182a-4cd9-be6e-9832f01c3c71?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f6870fa-e11b-4d59-9008-8b156417e93b": { "id": "3f6870fa-e11b-4d59-9008-8b156417e93b", "title": "Community Events < 1.4 - SQL Injection", "software": [ { "type": "plugin", "name": "Community Events", "slug": "community-events", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f6870fa-e11b-4d59-9008-8b156417e93b?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f753961-3eeb-402d-876f-4a4dea41a96a": { "id": "3f753961-3eeb-402d-876f-4a4dea41a96a", "title": "Duplicator < 1.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f753961-3eeb-402d-876f-4a4dea41a96a?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f7a5e27-af7e-4e32-be9b-08e1133bb323": { "id": "3f7a5e27-af7e-4e32-be9b-08e1133bb323", "title": "Export and Import Users and Customers <= 2.5.3 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Export and Import Users and Customers", "slug": "users-customers-import-export-for-wp-woocommerce", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f7a5e27-af7e-4e32-be9b-08e1133bb323?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f81003b-8214-4fa3-960f-81b166623de9": { "id": "3f81003b-8214-4fa3-960f-81b166623de9", "title": "GS Pins for Pinterest Lite <= 1.8.0 - Missing Authorization via _update_shortcode", "software": [ { "type": "plugin", "name": "WordPress Pinterest Plugin \u2013 Make a Popup, User Profile, Masonry and Gallery Layout", "slug": "gs-pinterest-portfolio", "affected_versions": { "[*, 1.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f81003b-8214-4fa3-960f-81b166623de9?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f8321a7-863c-43ab-a42a-e01d60101c3b": { "id": "3f8321a7-863c-43ab-a42a-e01d60101c3b", "title": "Stock Ticker <= 3.23.2 - Reflected Cross-Site Scripting in ajax_stockticker_symbol_search_test", "software": [ { "type": "plugin", "name": "Stock Ticker", "slug": "stock-ticker", "affected_versions": { "* - 3.23.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.23.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f8321a7-863c-43ab-a42a-e01d60101c3b?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f83a514-2b42-4348-9525-438205daeeab": { "id": "3f83a514-2b42-4348-9525-438205daeeab", "title": "OneElements \u2013 Best Elementor Addons <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "OneElements \u2013 Best Elementor Addons", "slug": "oneelements-ultimate-addons-for-elementor", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f83a514-2b42-4348-9525-438205daeeab?source=api-scan" ], "published": "2024-09-24 12:20:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f8af7fd-5800-4179-849e-a7ffaf8c3ad4": { "id": "3f8af7fd-5800-4179-849e-a7ffaf8c3ad4", "title": "Pixel Cat Lite <= 2.6.2 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pixel Cat \u2013 Conversion Pixel Manager", "slug": "facebook-conversion-pixel", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f8af7fd-5800-4179-849e-a7ffaf8c3ad4?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f904fd6-c937-4676-8e6e-6e94d3c42b0d": { "id": "3f904fd6-c937-4676-8e6e-6e94d3c42b0d", "title": "Multi Step Form <= 1.7.18 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multi Step Form", "slug": "multi-step-form", "affected_versions": { "* - 1.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f904fd6-c937-4676-8e6e-6e94d3c42b0d?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f915fa1-38ca-4090-8f3f-3d8a1b0a2c4c": { "id": "3f915fa1-38ca-4090-8f3f-3d8a1b0a2c4c", "title": "MH Board <= 1.3.2.1 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "MH Board", "slug": "mh-board", "affected_versions": { "* - 1.3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f915fa1-38ca-4090-8f3f-3d8a1b0a2c4c?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f937290-fa45-4ce0-84f0-a42c83cd3bdf": { "id": "3f937290-fa45-4ce0-84f0-a42c83cd3bdf", "title": "DT Chocolate <= 1.0 - Open Redirect", "software": [ { "type": "theme", "name": "Chocolate WP \u2013 Responsive Photography Theme | Photography", "slug": "dt-chocolate", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f937290-fa45-4ce0-84f0-a42c83cd3bdf?source=api-scan" ], "published": "2013-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f9592d1-73a0-422e-b6d2-c31cc79a1a90": { "id": "3f9592d1-73a0-422e-b6d2-c31cc79a1a90", "title": "Viral Signup <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Viral Signup \u2013 limited opt-in with viral refferal sharing", "slug": "viral-signup", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f9592d1-73a0-422e-b6d2-c31cc79a1a90?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f95c288-7710-46aa-898b-a923afa7a4ab": { "id": "3f95c288-7710-46aa-898b-a923afa7a4ab", "title": "AI Power: Complete AI Pack \u2013 Powered by GPT-4 <= 1.8.1 - Missing Authorization to Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "AI Power: Complete AI Pack", "slug": "gpt3-ai-content-generator", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f95c288-7710-46aa-898b-a923afa7a4ab?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f95f73c-2377-46b7-a96f-6014a5b012c3": { "id": "3f95f73c-2377-46b7-a96f-6014a5b012c3", "title": "SP Project & Document Manager < 2.4.4 - Multiple SQL Injection", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "[*, 2.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f95f73c-2377-46b7-a96f-6014a5b012c3?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3f9bf252-dcfb-4142-8301-1a5b565e975a": { "id": "3f9bf252-dcfb-4142-8301-1a5b565e975a", "title": "FunCaptcha \u2013 Anti-Spam CAPTCHA < 0.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FunCaptcha \u2013 Anti-Spam CAPTCHA", "slug": "funcaptcha", "affected_versions": { "[*, 0.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3f9bf252-dcfb-4142-8301-1a5b565e975a?source=api-scan" ], "published": "2014-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fa62b8f-1c2f-4bc9-9f2a-8b9765c2d30d": { "id": "3fa62b8f-1c2f-4bc9-9f2a-8b9765c2d30d", "title": "Login\/Signup Popup <= 2.3 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "plugin", "name": "Login\/Signup Popup ( Inline Form + Woocommerce )", "slug": "easy-login-woocommerce", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fa62b8f-1c2f-4bc9-9f2a-8b9765c2d30d?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fa78f4e-ede2-4863-a2d7-99bd8c7b5912": { "id": "3fa78f4e-ede2-4863-a2d7-99bd8c7b5912", "title": "Relevanssi <= 4.22.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "* - 4.22.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.22.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.23.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fa78f4e-ede2-4863-a2d7-99bd8c7b5912?source=api-scan" ], "published": "2024-08-15 13:29:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3facf09f-2e5d-42d0-b0b3-3aea93febe48": { "id": "3facf09f-2e5d-42d0-b0b3-3aea93febe48", "title": "Simple Share Buttons Adder <= 8.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Share Buttons Adder", "slug": "simple-share-buttons-adder", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3facf09f-2e5d-42d0-b0b3-3aea93febe48?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fad525f-8dcb-453c-9e53-2335c6d1c46d": { "id": "3fad525f-8dcb-453c-9e53-2335c6d1c46d", "title": "We\u2019re Open! <= 1.41 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "We\u2019re Open!", "slug": "opening-hours", "affected_versions": { "* - 1.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fad525f-8dcb-453c-9e53-2335c6d1c46d?source=api-scan" ], "published": "2022-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3faf976d-0763-4e47-9bc3-18c791ec4487": { "id": "3faf976d-0763-4e47-9bc3-18c791ec4487", "title": "UltimateAI <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check", "software": [ { "type": "plugin", "name": "Ultimate AI", "slug": "Ultimate_AI", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3faf976d-0763-4e47-9bc3-18c791ec4487?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fb35366-b09c-4667-8fb9-6f80ba6d09f0": { "id": "3fb35366-b09c-4667-8fb9-6f80ba6d09f0", "title": "WPPerformanceTester <= 2.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPPerformanceTester", "slug": "wpperformancetester", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fb35366-b09c-4667-8fb9-6f80ba6d09f0?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fb6123c-2891-4cfd-8d68-a922c30d7600": { "id": "3fb6123c-2891-4cfd-8d68-a922c30d7600", "title": "Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs", "software": [ { "type": "plugin", "name": "Spectra Pro", "slug": "spectra-pro", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fb6123c-2891-4cfd-8d68-a922c30d7600?source=api-scan" ], "published": "2024-08-01 17:20:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fc2c2df-b590-413f-ba07-5aa645d069b8": { "id": "3fc2c2df-b590-413f-ba07-5aa645d069b8", "title": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fc2c2df-b590-413f-ba07-5aa645d069b8?source=api-scan" ], "published": "2024-06-10 16:01:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fc5e9b3-a121-40f0-a7e8-32979254f52e": { "id": "3fc5e9b3-a121-40f0-a7e8-32979254f52e", "title": "Register Plus Redux <= 4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Register Plus Redux", "slug": "register-plus-redux", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fc5e9b3-a121-40f0-a7e8-32979254f52e?source=api-scan" ], "published": "2012-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fc94760-d64b-48e1-b2bd-40cedcf48340": { "id": "3fc94760-d64b-48e1-b2bd-40cedcf48340", "title": "Leaky Paywall <= 4.21.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Leaky Paywall", "slug": "leaky-paywall", "affected_versions": { "* - 4.21.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.21.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fc94760-d64b-48e1-b2bd-40cedcf48340?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fcb35f8-ed88-4440-8cdf-95c1f0028253": { "id": "3fcb35f8-ed88-4440-8cdf-95c1f0028253", "title": "WP ULike <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "* - 4.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fcb35f8-ed88-4440-8cdf-95c1f0028253?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fd620a3-5d9e-4bc3-b026-871610df7c2d": { "id": "3fd620a3-5d9e-4bc3-b026-871610df7c2d", "title": "Linker <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Linker \u2013 URL shortener & track outbound link clicks", "slug": "linker", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fd620a3-5d9e-4bc3-b026-871610df7c2d?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0": { "id": "3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0", "title": "Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Ultimeter", "slug": "ultimeter", "affected_versions": { "[*, 1.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.3" ] }, { "type": "plugin", "name": "Past Events Extension", "slug": "past-events-extension", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Cloaking \u2013 Show & Create Geo-Targeted Custom HTML Plugin \u2013 GeoRequest", "slug": "geo-request", "affected_versions": { "* - 0.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Content Slider for WP Posts (Section Slider)", "slug": "section-slider", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "KRSP Frontend File Uploader", "slug": "krsp-frontend-file-upload", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Online Booking for Barbershops and Salons", "slug": "resermy", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce Wholesale Pricing for WooCommerce", "slug": "premmerce-woocommerce-wholesale-pricing", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "plugin", "name": "Any Popup \u2013 Popup Forms, Optins & Ads", "slug": "any-popup", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "enhanced-catalog-images-for-woocommerce", "slug": "enhanced-catalog-images-for-woocommerce", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Error Log Monitor", "slug": "error-log-monitor", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.5" ] }, { "type": "plugin", "name": "FIT: Featured Image Toolkit", "slug": "featured-image-toolkit", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Advanced Comment", "slug": "wp-advance-comment", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Private Media", "slug": "wp-private-media", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Device Frame", "slug": "devices", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "ConsultPress Lite", "slug": "consultpress-lite", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Animation Plugin \u2013 Animated Everything", "slug": "animate-everything", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooRocks Magic Content", "slug": "woorocks-magic-content", "affected_versions": { "* - 1.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "[*, 1.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.3" ] }, { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "[*, 2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6" ] }, { "type": "plugin", "name": "DeMomentSomTres Address", "slug": "demomentsomtres-address", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Funnelmentals", "slug": "web-disrupt-funnelmentals", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] }, { "type": "plugin", "name": "WordPress Robots.txt optimizer (+ XML Sitemap) \u2013 Boost SEO, Traffic & Rankings", "slug": "better-robots-txt", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "plugin", "name": "GFireM Fields", "slug": "gfirem-fields", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests", "slug": "giveasap", "affected_versions": { "[*, 2.18.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.18.0" ] }, { "type": "plugin", "name": "EDD Tab Manager", "slug": "edd-tab-manager", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "plugin", "name": "GFireM Action After", "slug": "gfirem-action-after", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "a-staff \u2013 Team member showcase plugin for WordPress", "slug": "a-staff", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "wGauge \u2013 Free Version", "slug": "wgauge", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] }, { "type": "plugin", "name": "Social Gallery Lite", "slug": "social-gallery-lite", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce Wishlist for WooCommerce", "slug": "premmerce-woocommerce-wishlist", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "plugin", "name": "Starfish Review Generation & Marketing for WordPress", "slug": "starfish-reviews", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] }, { "type": "plugin", "name": "Advanced Classifieds & Directory Pro", "slug": "advanced-classifieds-and-directory-pro", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] }, { "type": "plugin", "name": "WooCommerce Next Order Coupon", "slug": "next-order-coupon-woocommerce", "affected_versions": { "* - 0.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Addendio LITE \u2013 Find WordPress plugins and themes", "slug": "addendio", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Price Bands for WooCommerce", "slug": "price-bands-for-woocommerce", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Perelandra Sermons", "slug": "perelandra-sermons", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Munich Blocks \u2013 Gutenberg Blocks for WordPress", "slug": "wp-munich-blocks", "affected_versions": { "[*, 0.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.3" ] }, { "type": "plugin", "name": "go-fetch-jobs-jobengine", "slug": "go-fetch-jobs-jobengine", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "GFireM Advance Search", "slug": "gfirem-advance-search", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Speculor", "slug": "speculor", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Remove WP Update Nags", "slug": "remove-wp-update-nags", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Content Collector", "slug": "content-collector", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "[*, 1.6.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.17" ] }, { "type": "plugin", "name": "Stop User Enumeration", "slug": "stop-user-enumeration", "affected_versions": { "[*, 1.3.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.20" ] }, { "type": "plugin", "name": "Social Share Icons & Social Share Buttons", "slug": "ultimate-social-media-plus", "affected_versions": { "[*, 3.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.4" ] }, { "type": "plugin", "name": "TinyMCE Annotate", "slug": "tinymce-annotate", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Woo Admin Product Notes", "slug": "woo-admin-product-notes", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Run time Image resizing", "slug": "run-time-image-resizing", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Add Pinterest conversion tags for Pinterest Ads + Site verification", "slug": "add-pinterest-conversion-tags", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] }, { "type": "plugin", "name": "One Page Blocks", "slug": "one-page-blocks", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Page Studio Lite Plugin", "slug": "page-studio-lite", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Shuban", "slug": "shuban", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "DeMomentSomTres Grid Archive", "slug": "demomentsomtres-grid-archive", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Random Sorting Order for WooCommerce", "slug": "random-sorting-order-for-woocommerce", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Inbound Brew", "slug": "inbound-brew", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Photo Effects", "slug": "wp-photo-effects", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "plugin", "name": "Turbo Widgets", "slug": "turbo-widgets", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Press Elements \u2013 Widgets for Elementor", "slug": "press-elements", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "BuddyForms EasyPin", "slug": "buddyforms-easypin", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Author Bio", "slug": "sexy-author-bio", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "RW Divi Unite Gallery", "slug": "rw-divi-unite-gallery", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Revolution for Elementor", "slug": "revolution-for-elementor", "affected_versions": { "* - 0.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.19", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Product Tables for WooCommerce: Quickster", "slug": "quick-orders-for-woocommerce", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Get feedback from visitors \u2013 WP Feedback Suite Plugin", "slug": "feedback-suite", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Content Aware Sidebars \u2013 Fastest Widget Area Plugin", "slug": "content-aware-sidebars", "affected_versions": { "[*, 3.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.1" ] }, { "type": "theme", "name": "Bani", "slug": "bani", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Fast WordPress", "slug": "fast-wp", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Import Social Statistics", "slug": "import-social-statistics", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages", "slug": "wc4bp", "affected_versions": { "[*, 3.2.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.6.1" ] }, { "type": "plugin", "name": "Affiliate Link Builder Plugin for Amazon Associates \u2013 Review Engine", "slug": "review-engine", "affected_versions": { "* - 1.0.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.41", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "BAVOKO SEO Tools \u2013 All-in-One WordPress SEO", "slug": "wp-seo-keyword-optimizer", "affected_versions": { "[*, 2.1.9.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.9.8" ] }, { "type": "plugin", "name": "Ultimate Widgets Light", "slug": "ultimate-widgets-light", "affected_versions": { "* - 1.5.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Insert or Embed Articulate Content into WordPress", "slug": "insert-or-embed-articulate-content-into-wordpress", "affected_versions": { "[*, 4.2997)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2997", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2997" ] }, { "type": "plugin", "name": "Nitek Carousel Slider Cool Transitions", "slug": "nitek-carousel-cool-transitions", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "[*, 3.3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.1.2" ] }, { "type": "plugin", "name": "Contact Form for WordPress- Cybrosys", "slug": "reach-us-contact-form", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Widgets for SiteOrigin", "slug": "widgets-for-siteorigin", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "plugin", "name": "NEXUS", "slug": "nexus", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress FAQ Plugin \u2013 WPWorx", "slug": "wpworx-faq", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Brand", "slug": "brand", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Premmerce Variation Swatches for WooCommerce", "slug": "premmerce-woocommerce-variation-swatches", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] }, { "type": "plugin", "name": "Sprout Clients \u2013 CRM and Lead Management", "slug": "sprout-clients", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] }, { "type": "plugin", "name": "Kanzu Support Desk \u2013 WordPress Helpdesk Plugin", "slug": "kanzu-support-desk", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Expire tags", "slug": "expire-tags", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Reviews by ReviewPress", "slug": "reviewpress", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu", "slug": "mobile-menu", "affected_versions": { "[*, 2.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.3" ] }, { "type": "plugin", "name": "CP Simple Newsletter", "slug": "cp-simple-newsletter", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "DeMomentSomTres Categories", "slug": "demomentsomtres-categories", "affected_versions": { "* - 201704251008": { "from_version": "*", "from_inclusive": true, "to_version": "201704251008", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Relevant Ads", "slug": "wp-relevant-ads", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Giveaways for woocommerce", "slug": "giveaways-for-woocommerce", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "DeMomentSomTres Media Tools Auto", "slug": "demomentsomtres-media-tools-auto", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Drop Shadow Boxes", "slug": "drop-shadow-boxes", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] }, { "type": "plugin", "name": "404 to 301 \u2013 Redirect, Log and Notify 404 Errors", "slug": "404-to-301", "affected_versions": { "[*, 3.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.2" ] }, { "type": "plugin", "name": "Before and After Product Images for WooCommerce", "slug": "before-and-after-product-images-for-woocommerce", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Customer Chat Facebook", "slug": "customer-chat-facebook", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Delete Duplicate Posts", "slug": "delete-duplicate-posts", "affected_versions": { "[*, 4.1.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.9.5" ] }, { "type": "plugin", "name": "Post Snippets \u2013 Custom WordPress Code Snippets Customizer", "slug": "post-snippets", "affected_versions": { "[*, 3.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6" ] }, { "type": "plugin", "name": "FAQ \/ Accordion \/ Docs \u2013 Helpie WordPress FAQ Accordion plugin", "slug": "helpie-faq", "affected_versions": { "[*, 0.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.2" ] }, { "type": "plugin", "name": "Livemesh SiteOrigin Widgets", "slug": "livemesh-siteorigin-widgets", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] }, { "type": "plugin", "name": "Gravity Forms Sticky List", "slug": "gravity-forms-sticky-list", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP fail2ban \u2013 Advanced Security Plugin", "slug": "wp-fail2ban", "affected_versions": { "[*, 4.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.5" ] }, { "type": "plugin", "name": "Image Photo Gallery Final Tiles Grid", "slug": "final-tiles-grid-gallery-lite", "affected_versions": { "[*, 3.3.57)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.57", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.57" ] }, { "type": "plugin", "name": "Lightbox & Modal Popup WordPress Plugin \u2013 FooBox", "slug": "foobox-image-lightbox", "affected_versions": { "[*, 2.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.4" ] }, { "type": "plugin", "name": "Contact Form 7 Multi-Step Forms", "slug": "contact-form-7-multi-step-module", "affected_versions": { "[*, 3.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.9" ] }, { "type": "plugin", "name": "DeMomentSomTres Classify on Publish", "slug": "demomentsomtres-classify-on-publish", "affected_versions": { "* - 201703020805": { "from_version": "*", "from_inclusive": true, "to_version": "201703020805", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "wp-buddha-free-adwords", "slug": "wp-buddha-free-adwords", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Purus", "slug": "purus", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "MailChimp Manager", "slug": "rm-mailchimp-manager", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Automatic Post Categories", "slug": "automatic-post-categories", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Global Income Stats from Freemius", "slug": "global-income-stats-from-freemius", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Cryptocurrency Portfolio Tracker", "slug": "cryptocurrency", "affected_versions": { "* - 0.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Magic Content for Siteorigins Pagebuilder", "slug": "woorocks-magic-content-for-siteorigins-pagebuilder", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Master Blocks \u2013 Gutenberg Site Builder", "slug": "master-blocks", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Widgets on Pages and Posts", "slug": "widgets-on-pages-and-posts", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "SheetPress \u2013 Manage WordPress Meta data with Google Sheets", "slug": "sheetpress", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "FTC Disclosure", "slug": "typea-ftc-disclosure", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Pro Counter", "slug": "wp-pro-counter", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Nugget by Ingot: Easy, automated and native A\/B testing for everyone", "slug": "nugget-by-ingot", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "XPoster \u2013 Share to X and Mastodon", "slug": "wp-to-twitter", "affected_versions": { "[*, 3.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.0" ] }, { "type": "plugin", "name": "Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok Ads, and 180+ Popular Marketplaces", "slug": "best-woocommerce-feed", "affected_versions": { "[*, 2.2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3.1" ] }, { "type": "plugin", "name": "Custom Registration and Custom Login Forms with New Recaptcha", "slug": "custom-registration-and-login-forms-with-new-recaptcha", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "freemage", "slug": "freemage", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "ClimateClick: Climate Action for all", "slug": "co2ok-for-woocommerce", "affected_versions": { "* - 1.0.9.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9.22" ] }, { "type": "plugin", "name": "SnazzyAdmin WP Admin Theme", "slug": "snazzyadmin-wp-admin-theme", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Ant Admin Notices for Team", "slug": "admin-notices-for-team", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "Easy Digital Downloads \u2013 Courses", "slug": "edd-courses", "affected_versions": { "[*, 0.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.1.1" ] }, { "type": "plugin", "name": "WP Affiliate Disclosure", "slug": "wp-affiliate-disclosure", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "[*, 3.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.7" ] }, { "type": "plugin", "name": "Multilist Subscribe for Sendy", "slug": "multilist-subscribe-for-sendy", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Code Snippets", "slug": "easy-code-snippets", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] }, { "type": "plugin", "name": "Premmerce Product Filter for WooCommerce", "slug": "premmerce-woocommerce-product-filter", "affected_versions": { "[*, 3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2" ] }, { "type": "plugin", "name": "Easy Watermark", "slug": "easy-watermark", "affected_versions": { "[*, 0.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.1" ] }, { "type": "plugin", "name": "CP Image Gallery", "slug": "cp-image-gallery", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0?source=api-scan" ], "published": "2019-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fddf96e-029c-4753-ba82-043ca64b78d3": { "id": "3fddf96e-029c-4753-ba82-043ca64b78d3", "title": "LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "7.9.11 - 7.10.0": { "from_version": "7.9.11", "from_inclusive": true, "to_version": "7.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fddf96e-029c-4753-ba82-043ca64b78d3?source=api-scan" ], "published": "2024-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fe1313c-1368-4bcb-9d11-25b948da5547": { "id": "3fe1313c-1368-4bcb-9d11-25b948da5547", "title": "Advanced Text Widget <= 2.1.2 - Missing Authorization via atw_dismiss_admin_notice", "software": [ { "type": "plugin", "name": "Advanced Text Widget", "slug": "advanced-text-widget", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fe1313c-1368-4bcb-9d11-25b948da5547?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fe1bb24-1f60-40f6-9b5e-58e0158bdfd3": { "id": "3fe1bb24-1f60-40f6-9b5e-58e0158bdfd3", "title": "GiveWP <= 2.20.2 - Authenticated Arbitrary File Read", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.20.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fe1bb24-1f60-40f6-9b5e-58e0158bdfd3?source=api-scan" ], "published": "2022-07-12 14:18:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fe91c7e-e4d4-4308-a8ca-22d7985ddb61": { "id": "3fe91c7e-e4d4-4308-a8ca-22d7985ddb61", "title": "Payflex Payment Gateway <= 2.6.1 - Open Redirect", "software": [ { "type": "plugin", "name": "Payflex Payment Gateway", "slug": "payflex-payment-gateway", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fe91c7e-e4d4-4308-a8ca-22d7985ddb61?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3feb84c9-fc98-4f59-a124-b6434e5b8a44": { "id": "3feb84c9-fc98-4f59-a124-b6434e5b8a44", "title": "Sidebar Widgets by CodeLights <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sidebar Widgets by CodeLights", "slug": "codelights-shortcodes-and-widgets", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3feb84c9-fc98-4f59-a124-b6434e5b8a44?source=api-scan" ], "published": "2022-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fef9990-023a-4d4b-8c52-3b71aac97e7b": { "id": "3fef9990-023a-4d4b-8c52-3b71aac97e7b", "title": "Loan Comparison <= 1.5.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Loan Comparison", "slug": "loan-comparison", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fef9990-023a-4d4b-8c52-3b71aac97e7b?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ff59aa5-a2f2-4fe1-a0b6-d9b07b0fdb1a": { "id": "3ff59aa5-a2f2-4fe1-a0b6-d9b07b0fdb1a", "title": "WP Testimonials <= 1.4.2 - Cross-Site Request Forgery to Widget Deletion", "software": [ { "type": "plugin", "name": "WP Testimonials", "slug": "testimonial-widgets", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ff59aa5-a2f2-4fe1-a0b6-d9b07b0fdb1a?source=api-scan" ], "published": "2023-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3ffd63ca-5ea4-451c-aa97-092a754ca79f": { "id": "3ffd63ca-5ea4-451c-aa97-092a754ca79f", "title": "Tainacan Interface <= 2.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Tainacan Interface", "slug": "tainacan-interface", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3ffd63ca-5ea4-451c-aa97-092a754ca79f?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "3fffe8f2-9241-4a4f-8e8a-647a9e41d769": { "id": "3fffe8f2-9241-4a4f-8e8a-647a9e41d769", "title": "VKontakte Wall Post <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VKontakte Wall Post", "slug": "vkontakte-wall-post", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/3fffe8f2-9241-4a4f-8e8a-647a9e41d769?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40005aed-07aa-44da-a06e-0187931105ec": { "id": "40005aed-07aa-44da-a06e-0187931105ec", "title": "Sitemap Index <= 1.2.3 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sitemap Index", "slug": "sitemap-index", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40005aed-07aa-44da-a06e-0187931105ec?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40010bbd-049f-44b0-9492-4126c4894656": { "id": "40010bbd-049f-44b0-9492-4126c4894656", "title": "Cooked Pro < 1.8.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Cooked Pro", "slug": "cooked-pro", "affected_versions": { "[*, 1.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40010bbd-049f-44b0-9492-4126c4894656?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4007814b-7e01-4188-8a42-9564444af95f": { "id": "4007814b-7e01-4188-8a42-9564444af95f", "title": "Easy Digital Downloads Stripe Extension <= 2.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads (EDD) Stripe", "slug": "stripe-gateway", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4007814b-7e01-4188-8a42-9564444af95f?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "400d31ba-2cef-4558-8983-6689f7e4b93c": { "id": "400d31ba-2cef-4558-8983-6689f7e4b93c", "title": "JNews - WordPress Newspaper Magazine Blog AMP Theme < 8.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "JNews - WordPress Newspaper Magazine Blog AMP Theme", "slug": "jnews", "affected_versions": { "[*, 8.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/400d31ba-2cef-4558-8983-6689f7e4b93c?source=api-scan" ], "published": "2021-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "400dde23-eafb-4ace-8b4a-ac88d0b200ac": { "id": "400dde23-eafb-4ace-8b4a-ac88d0b200ac", "title": "WC Captcha <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WC Captcha", "slug": "wc-captcha", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/400dde23-eafb-4ace-8b4a-ac88d0b200ac?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "400fe58b-8203-4fd5-a3d3-d30eb1b8cd85": { "id": "400fe58b-8203-4fd5-a3d3-d30eb1b8cd85", "title": "Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4013a22a-701b-43ef-90fb-f8eddf65acf2": { "id": "4013a22a-701b-43ef-90fb-f8eddf65acf2", "title": "EELV Newsletter <= 3.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EELV Newsletter", "slug": "eelv-newsletter", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4013a22a-701b-43ef-90fb-f8eddf65acf2?source=api-scan" ], "published": "2013-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "401ea644-bab2-4578-ab1a-7851c2e710ce": { "id": "401ea644-bab2-4578-ab1a-7851c2e710ce", "title": "MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP Wordfence Extension", "slug": "mainwp-wordfence-extension", "affected_versions": { "* - 4.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/401ea644-bab2-4578-ab1a-7851c2e710ce?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "401eeb23-bf43-49a8-9c39-4fcd0db57cd3": { "id": "401eeb23-bf43-49a8-9c39-4fcd0db57cd3", "title": "Accordions <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/401eeb23-bf43-49a8-9c39-4fcd0db57cd3?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "401f5d57-ce3d-46c1-bfa9-c8fab99a7e31": { "id": "401f5d57-ce3d-46c1-bfa9-c8fab99a7e31", "title": "MailPoet Newsletters (Previous) <= 2.1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/401f5d57-ce3d-46c1-bfa9-c8fab99a7e31?source=api-scan" ], "published": "2012-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "402582a9-9bb9-499f-b149-e60a733ff866": { "id": "402582a9-9bb9-499f-b149-e60a733ff866", "title": "Newspack Content Converter <= 0.1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Newspack Content Converter", "slug": "newspack-content-converter", "affected_versions": { "* - 0.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/402582a9-9bb9-499f-b149-e60a733ff866?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "402bbe9c-cf4d-457c-97ac-149e14ea6f47": { "id": "402bbe9c-cf4d-457c-97ac-149e14ea6f47", "title": "BuddyPress <= 7.2.1 - Missing Authorization to Private Post Activity", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/402bbe9c-cf4d-457c-97ac-149e14ea6f47?source=api-scan" ], "published": "2021-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "402d0399-bc48-4740-86a4-8bf3424fb035": { "id": "402d0399-bc48-4740-86a4-8bf3424fb035", "title": "OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter", "software": [ { "type": "plugin", "name": "OSM Map Widget for Elementor", "slug": "osm-map-elementor", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/402d0399-bc48-4740-86a4-8bf3424fb035?source=api-scan" ], "published": "2024-06-18 14:27:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4031f857-9712-4f4a-93e8-0b01f9a9c32d": { "id": "4031f857-9712-4f4a-93e8-0b01f9a9c32d", "title": "Database Cleaner <= 0.9.8 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Database Cleaner", "slug": "database-cleaner", "affected_versions": { "* - 0.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4031f857-9712-4f4a-93e8-0b01f9a9c32d?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "403c881c-b687-4e7e-8e77-a55203cfde96": { "id": "403c881c-b687-4e7e-8e77-a55203cfde96", "title": "Chameleon Theme < 3.9 - Arbitrary File Uploads", "software": [ { "type": "theme", "name": "chameleon", "slug": "chameleon", "affected_versions": { "[*, 3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/403c881c-b687-4e7e-8e77-a55203cfde96?source=api-scan" ], "published": "2013-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4045575a-35f0-46e5-afb7-93eee9be3a97": { "id": "4045575a-35f0-46e5-afb7-93eee9be3a97", "title": "Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Infinite-Scroll", "slug": "infinite-scroll", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4045575a-35f0-46e5-afb7-93eee9be3a97?source=api-scan" ], "published": "2024-10-17 15:41:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40487921-b9eb-4a18-b6f5-194611d2ef82": { "id": "40487921-b9eb-4a18-b6f5-194611d2ef82", "title": "Easy Cookie Law <= 3.1 - Cross-Site Request Forgery via 'ecl_options'", "software": [ { "type": "plugin", "name": "Easy Cookie Law", "slug": "easy-cookie-law", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40487921-b9eb-4a18-b6f5-194611d2ef82?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40488ed8-ab4c-4ba6-821e-ed6d7a63e260": { "id": "40488ed8-ab4c-4ba6-821e-ed6d7a63e260", "title": "Hotel Listings < 1.3.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hotel Listings", "slug": "hotel-listing", "affected_versions": { "[*, 1.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40488ed8-ab4c-4ba6-821e-ed6d7a63e260?source=api-scan" ], "published": "2021-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40494f1e-d5df-4ed0-b107-aa52cb28bc0e": { "id": "40494f1e-d5df-4ed0-b107-aa52cb28bc0e", "title": "Jannah <= 5.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Jannah - Newspaper Magazine News BuddyPress AMP", "slug": "jannah", "affected_versions": { "[*, 5.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40494f1e-d5df-4ed0-b107-aa52cb28bc0e?source=api-scan" ], "published": "2021-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4049f8fb-ad81-4f09-97b3-39ac6a9275d6": { "id": "4049f8fb-ad81-4f09-97b3-39ac6a9275d6", "title": "Post Hit Counter <= 1.3.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Post Hit Counter", "slug": "post-hit-counter", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4049f8fb-ad81-4f09-97b3-39ac6a9275d6?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "404aabc5-1ff4-492d-8cab-4b83eb68157a": { "id": "404aabc5-1ff4-492d-8cab-4b83eb68157a", "title": "WP All Import Pro < 4.1.1 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP All Import Pro", "slug": "wp-all-import-pro", "affected_versions": { "[*, 4.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/404aabc5-1ff4-492d-8cab-4b83eb68157a?source=api-scan" ], "published": "2020-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "404fab1b-45e9-470a-a0ae-73c01386d95e": { "id": "404fab1b-45e9-470a-a0ae-73c01386d95e", "title": "Ninja Tables \u2013 Easiest Data Table Builder <= 5.0.9 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Ninja Tables \u2013 Easiest Data Table Builder", "slug": "ninja-tables", "affected_versions": { "* - 5.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/404fab1b-45e9-470a-a0ae-73c01386d95e?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40502842-8505-41fb-9d3a-a5d567040921": { "id": "40502842-8505-41fb-9d3a-a5d567040921", "title": "WordPress Core < 4.7.3 - Cross-Site Scripting via Media Metadata", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.18": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.18", "to_inclusive": true }, "3.8 - 3.8.18": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.18", "to_inclusive": true }, "3.9 - 3.9.16": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.16", "to_inclusive": true }, "4.0 - 4.0.15": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.15", "to_inclusive": true }, "4.1 - 4.1.15": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.15", "to_inclusive": true }, "4.2 - 4.2.12": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.12", "to_inclusive": true }, "4.3 - 4.3.8": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.8", "to_inclusive": true }, "4.4 - 4.4.7": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true }, "4.5 - 4.5.6": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": true }, "4.6 - 4.6.3": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true }, "4.7 - 4.7.2": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.19", "3.8.19", "3.9.17", "4.0.16", "4.1.16", "4.2.13", "4.3.9", "4.4.8", "4.5.7", "4.6.4", "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40502842-8505-41fb-9d3a-a5d567040921?source=api-scan" ], "published": "2017-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40570bb7-1638-4305-876e-86ad4c336944": { "id": "40570bb7-1638-4305-876e-86ad4c336944", "title": "WordPress Backup & Migration <= 1.4.7 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WebToffee WP Backup and Migration", "slug": "wp-migration-duplicator", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40570bb7-1638-4305-876e-86ad4c336944?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4057bfcf-eb96-4610-93ed-8ff1cca7506d": { "id": "4057bfcf-eb96-4610-93ed-8ff1cca7506d", "title": "Intelligent WordPress Live Chat Support Plugin | Utilities <= 1.0.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Intelligent WordPress Live Chat Support Plugin | Utilities", "slug": "ilive", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4057bfcf-eb96-4610-93ed-8ff1cca7506d?source=api-scan" ], "published": "2019-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4062f981-a1d2-4e54-8fd9-f8855af0a7db": { "id": "4062f981-a1d2-4e54-8fd9-f8855af0a7db", "title": "Database Backup for WordPress <= 2.5 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Database Backup for WordPress", "slug": "wp-db-backup", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4062f981-a1d2-4e54-8fd9-f8855af0a7db?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40655278-6915-4a76-ac2d-bb161d3cee92": { "id": "40655278-6915-4a76-ac2d-bb161d3cee92", "title": "Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images", "software": [ { "type": "plugin", "name": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery", "slug": "envira-gallery-lite", "affected_versions": { "* - 1.8.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40655278-6915-4a76-ac2d-bb161d3cee92?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40682959-6cb0-4ffb-9338-519e82eb746e": { "id": "40682959-6cb0-4ffb-9338-519e82eb746e", "title": "Import any XML or CSV File <= 3.7.2 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "[*, 3.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40682959-6cb0-4ffb-9338-519e82eb746e?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "406857f1-6bd6-4888-b5c5-d2c8be1b8ef9": { "id": "406857f1-6bd6-4888-b5c5-d2c8be1b8ef9", "title": "Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Data Tables Generator by Supsystic", "slug": "data-tables-generator-by-supsystic", "affected_versions": { "* - 1.9.91": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/406857f1-6bd6-4888-b5c5-d2c8be1b8ef9?source=api-scan" ], "published": "2020-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "406951d8-4c61-45b3-a8a2-788921662b6c": { "id": "406951d8-4c61-45b3-a8a2-788921662b6c", "title": "ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Content", "software": [ { "type": "plugin", "name": "ActivityPub", "slug": "activitypub", "affected_versions": { "* - 0.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/406951d8-4c61-45b3-a8a2-788921662b6c?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "406f6bd7-f57f-4725-a36f-9846ac04f945": { "id": "406f6bd7-f57f-4725-a36f-9846ac04f945", "title": "WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment", "software": [ { "type": "plugin", "name": "WP To Do", "slug": "wp-todo", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/406f6bd7-f57f-4725-a36f-9846ac04f945?source=api-scan" ], "published": "2024-05-29 15:54:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "406fe34a-0991-4653-9924-b6586091d7df": { "id": "406fe34a-0991-4653-9924-b6586091d7df", "title": "WP All Import <= 3.4.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "[*, 3.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/406fe34a-0991-4653-9924-b6586091d7df?source=api-scan" ], "published": "2018-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4071c361-3a68-49b7-ac50-4b32e2e1c3ff": { "id": "4071c361-3a68-49b7-ac50-4b32e2e1c3ff", "title": "WordPress Simple PayPal Shopping Cart < 3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Simple Shopping Cart", "slug": "wordpress-simple-paypal-shopping-cart", "affected_versions": { "[*, 3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4071c361-3a68-49b7-ac50-4b32e2e1c3ff?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4072ba5f-6385-4fa3-85b6-89dac7b60a92": { "id": "4072ba5f-6385-4fa3-85b6-89dac7b60a92", "title": "UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40733449-7953-452e-aa11-60306be9bc5d": { "id": "40733449-7953-452e-aa11-60306be9bc5d", "title": "WP Show Posts <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Show Posts", "slug": "wp-show-posts", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40733449-7953-452e-aa11-60306be9bc5d?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40760f60-b81a-447b-a2c8-83c7666ce410": { "id": "40760f60-b81a-447b-a2c8-83c7666ce410", "title": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40760f60-b81a-447b-a2c8-83c7666ce410?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40765cfe-a60a-44dc-8cdb-f9c8e42654c3": { "id": "40765cfe-a60a-44dc-8cdb-f9c8e42654c3", "title": "BuddyPress <= 9.0.0 - SQL Injection", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 9.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40765cfe-a60a-44dc-8cdb-f9c8e42654c3?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "407a5c69-cce0-4868-aef0-ffc88981e256": { "id": "407a5c69-cce0-4868-aef0-ffc88981e256", "title": "Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/407a5c69-cce0-4868-aef0-ffc88981e256?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "407b8568-0b47-48d1-a006-2c42e7cfdec3": { "id": "407b8568-0b47-48d1-a006-2c42e7cfdec3", "title": "Right Now (Unknown Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Right Now", "slug": "rightnow", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/407b8568-0b47-48d1-a006-2c42e7cfdec3?source=api-scan" ], "published": "2013-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "407d8ebe-f3fc-433a-856f-de2ad4e58b9e": { "id": "407d8ebe-f3fc-433a-856f-de2ad4e58b9e", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/407d8ebe-f3fc-433a-856f-de2ad4e58b9e?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40873fcd-4161-4862-ac73-8046159f4739": { "id": "40873fcd-4161-4862-ac73-8046159f4739", "title": "Menu Image, Icons made easy <= 3.0.7 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Menu Image, Icons made easy", "slug": "menu-image", "affected_versions": { "[*, 3.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40873fcd-4161-4862-ac73-8046159f4739?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "408cd4a7-d850-40fb-9b46-9381815c1222": { "id": "408cd4a7-d850-40fb-9b46-9381815c1222", "title": "Gmedia Photo Gallery <= 1.6.4 - Open Proxy", "software": [ { "type": "plugin", "name": "Gmedia Photo Gallery", "slug": "grand-media", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/408cd4a7-d850-40fb-9b46-9381815c1222?source=api-scan" ], "published": "2015-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40906dea-6b9e-48ce-9e2b-64d1559cf8e2": { "id": "40906dea-6b9e-48ce-9e2b-64d1559cf8e2", "title": "Envira Photo Gallery <= 1.8.14 - Missing Authorization", "software": [ { "type": "plugin", "name": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery", "slug": "envira-gallery-lite", "affected_versions": { "* - 1.8.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40906dea-6b9e-48ce-9e2b-64d1559cf8e2?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40937e18-3828-4e36-8bc1-5b8eb4838c3b": { "id": "40937e18-3828-4e36-8bc1-5b8eb4838c3b", "title": "Gallery \u2013 Image and Video Gallery with Thumbnails < 1.2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40937e18-3828-4e36-8bc1-5b8eb4838c3b?source=api-scan" ], "published": "2017-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40a08542-5e2e-4689-b26f-99a1350185cc": { "id": "40a08542-5e2e-4689-b26f-99a1350185cc", "title": "Nested Pages <= 3.1.15 - Open Redirect", "software": [ { "type": "plugin", "name": "Nested Pages", "slug": "wp-nested-pages", "affected_versions": { "* - 3.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40a08542-5e2e-4689-b26f-99a1350185cc?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40a272dc-cb2a-472f-be42-733efcb2fa61": { "id": "40a272dc-cb2a-472f-be42-733efcb2fa61", "title": "ElementInvader Addons for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementInvader Addons for Elementor", "slug": "elementinvader-addons-for-elementor", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40a272dc-cb2a-472f-be42-733efcb2fa61?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40a57493-b99b-4e71-8603-e668c6283a5a": { "id": "40a57493-b99b-4e71-8603-e668c6283a5a", "title": "LearnDash LMS <= 4.5.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "LearnDash LMS", "slug": "sfwd-lms", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40a57493-b99b-4e71-8603-e668c6283a5a?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40a6a810-1151-49e6-bed4-2b7a572ac015": { "id": "40a6a810-1151-49e6-bed4-2b7a572ac015", "title": "Pixabay Images <= 2.0 - Authentication Bypass to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Pixabay Images", "slug": "pixabay-images", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40a6a810-1151-49e6-bed4-2b7a572ac015?source=api-scan" ], "published": "2015-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40a883e8-7ce0-4fca-a585-428b67144694": { "id": "40a883e8-7ce0-4fca-a585-428b67144694", "title": "Qi Addons For Elementor <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Qi Addons For Elementor", "slug": "qi-addons-for-elementor", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40a883e8-7ce0-4fca-a585-428b67144694?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40a94a1e-da9e-4173-a21d-106d859c7f8c": { "id": "40a94a1e-da9e-4173-a21d-106d859c7f8c", "title": "CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "CC Child Pages", "slug": "cc-child-pages", "affected_versions": { "* - 1.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40a94a1e-da9e-4173-a21d-106d859c7f8c?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40ade684-57a2-43be-9d4a-1c0a653807eb": { "id": "40ade684-57a2-43be-9d4a-1c0a653807eb", "title": "Support Genix <= 1.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Support Genix \u2013 Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce", "slug": "support-genix-lite", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40ade684-57a2-43be-9d4a-1c0a653807eb?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40aeb258-0c00-4cd3-944c-51c33a7e92c9": { "id": "40aeb258-0c00-4cd3-944c-51c33a7e92c9", "title": "Custom Query Blocks <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Query Blocks", "slug": "post-type-archive-mapping", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40aeb258-0c00-4cd3-944c-51c33a7e92c9?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40b1a60a-53f3-492c-8529-26c396c8f10a": { "id": "40b1a60a-53f3-492c-8529-26c396c8f10a", "title": "The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.6 - Authenticated (contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)", "slug": "the-pack-addon", "affected_versions": { "* - 2.0.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40b1a60a-53f3-492c-8529-26c396c8f10a?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40b5d7e4-97a0-4a1c-8000-f2cfd1e751a3": { "id": "40b5d7e4-97a0-4a1c-8000-f2cfd1e751a3", "title": "2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "2 Click Social Media Buttons", "slug": "2-click-socialmedia-buttons", "affected_versions": { "* - 0.33": { "from_version": "*", "from_inclusive": true, "to_version": "0.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40b5d7e4-97a0-4a1c-8000-f2cfd1e751a3?source=api-scan" ], "published": "2012-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40b6f927-7b05-464e-858a-438b7b9ac81c": { "id": "40b6f927-7b05-464e-858a-438b7b9ac81c", "title": "Hueman <= 3.7.24 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Hueman", "slug": "hueman", "affected_versions": { "* - 3.7.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.25" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40b6f927-7b05-464e-858a-438b7b9ac81c?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40bf51bf-efb2-4504-815b-4681d1078f77": { "id": "40bf51bf-efb2-4504-815b-4681d1078f77", "title": "BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40bf51bf-efb2-4504-815b-4681d1078f77?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40c20b9d-9a7d-46ca-81d1-c58150dae2cf": { "id": "40c20b9d-9a7d-46ca-81d1-c58150dae2cf", "title": "Discount Rules for WooCommerce <= 2.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Discount Rules for WooCommerce \u2013 Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons", "slug": "woo-discount-rules", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40c20b9d-9a7d-46ca-81d1-c58150dae2cf?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40c5dd26-6063-4ab2-a370-464e84d806b7": { "id": "40c5dd26-6063-4ab2-a370-464e84d806b7", "title": "VK All in One Expansion Unit <= 9.88.1.0 - Stored (Contributor+) Cross-Site Scripting in Profile Setting", "software": [ { "type": "plugin", "name": "VK All in One Expansion Unit", "slug": "vk-all-in-one-expansion-unit", "affected_versions": { "* - 9.88.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.88.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.88.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40c5dd26-6063-4ab2-a370-464e84d806b7?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40c7ce1f-3a81-4d49-9202-2d118f30639a": { "id": "40c7ce1f-3a81-4d49-9202-2d118f30639a", "title": "TT Custom Post Type Creator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TT Custom Post Type Creator", "slug": "tt-custom-post-type-creator", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40c7ce1f-3a81-4d49-9202-2d118f30639a?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40ca3778-95ff-4b2c-ac47-4ae8c86e245a": { "id": "40ca3778-95ff-4b2c-ac47-4ae8c86e245a", "title": "Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.971": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.971", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.972" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40ca3778-95ff-4b2c-ac47-4ae8c86e245a?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40cb3214-a11b-4bee-9422-256d12303460": { "id": "40cb3214-a11b-4bee-9422-256d12303460", "title": "Claudio Sanches \u2013 Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update", "software": [ { "type": "plugin", "name": "Claudio Sanches \u2013 Checkout Cielo for WooCommerce", "slug": "woocommerce-checkout-cielo", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40cb3214-a11b-4bee-9422-256d12303460?source=api-scan" ], "published": "2024-06-03 17:09:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40d80e47-3411-4e70-8a20-2e698daad6e7": { "id": "40d80e47-3411-4e70-8a20-2e698daad6e7", "title": "UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "* - 1.16.56": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40d80e47-3411-4e70-8a20-2e698daad6e7?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40e09aec-48af-4bf9-9254-b34bad7008c3": { "id": "40e09aec-48af-4bf9-9254-b34bad7008c3", "title": "Easy Photo Album <= 1.1.5 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Easy Photo Album", "slug": "easy-photo-album", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40e09aec-48af-4bf9-9254-b34bad7008c3?source=api-scan" ], "published": "2016-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40e1215c-ac00-4fd6-b428-a57cef95aed1": { "id": "40e1215c-ac00-4fd6-b428-a57cef95aed1", "title": "Popup Maker \u2013 Popup for opt-ins, lead gen, & more <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.18.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40e1215c-ac00-4fd6-b428-a57cef95aed1?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40e2e8fb-ea36-4602-bead-8daf75d6dfb9": { "id": "40e2e8fb-ea36-4602-bead-8daf75d6dfb9", "title": "Ultimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export", "software": [ { "type": "plugin", "name": "Ultimate GDPR & CCPA Compliance Toolkit for WordPress", "slug": "ct-ultimate-gdpr", "affected_versions": { "[*, 2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40e2e8fb-ea36-4602-bead-8daf75d6dfb9?source=api-scan" ], "published": "2021-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40e61b9f-2350-410e-bb3d-59329ac08658": { "id": "40e61b9f-2350-410e-bb3d-59329ac08658", "title": "MiniOrange Limit Login Attempts <= 4.0.72 - Administrator+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limit Login Attempts", "slug": "miniorange-limit-login-attempts", "affected_versions": { "* - 4.0.71": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40e61b9f-2350-410e-bb3d-59329ac08658?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "40f79195-23e7-4091-9dcb-8b787f0606f4": { "id": "40f79195-23e7-4091-9dcb-8b787f0606f4", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform < 0.8.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 0.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/40f79195-23e7-4091-9dcb-8b787f0606f4?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4101bd5e-94fb-4ec5-9d25-581c3211ffa7": { "id": "4101bd5e-94fb-4ec5-9d25-581c3211ffa7", "title": "Add Comments <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Comments", "slug": "add-comments", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4101bd5e-94fb-4ec5-9d25-581c3211ffa7?source=api-scan" ], "published": "2022-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4101c35e-5af9-4372-9ed1-fb6a15d8500f": { "id": "4101c35e-5af9-4372-9ed1-fb6a15d8500f", "title": "KiviCare \u2013 Clinic & Patient Management System (EHR) <= 3.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "KiviCare \u2013 Clinic & Patient Management System (EHR)", "slug": "kivicare-clinic-management-system", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4101c35e-5af9-4372-9ed1-fb6a15d8500f?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4104f69f-b185-498a-aabf-2126ffb94ab3": { "id": "4104f69f-b185-498a-aabf-2126ffb94ab3", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4104f69f-b185-498a-aabf-2126ffb94ab3?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "410ae0f1-a4ed-4631-9f80-86b7a403ce0d": { "id": "410ae0f1-a4ed-4631-9f80-86b7a403ce0d", "title": "Loginizer <= 1.7.5 - Reflected Cross-Site Scripting via 'name'", "software": [ { "type": "plugin", "name": "Loginizer", "slug": "loginizer", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/410ae0f1-a4ed-4631-9f80-86b7a403ce0d?source=api-scan" ], "published": "2022-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "410ae439-dcee-4050-81a9-110a337016e6": { "id": "410ae439-dcee-4050-81a9-110a337016e6", "title": "Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "[*, 3.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/410ae439-dcee-4050-81a9-110a337016e6?source=api-scan" ], "published": "2018-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "410cc5f0-265a-46c1-a334-115142318d10": { "id": "410cc5f0-265a-46c1-a334-115142318d10", "title": "Hot Linked Image Cacher <= 1.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hot Linked Image Cacher", "slug": "hot-linked-image-cacher", "affected_versions": { "* - 1.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/410cc5f0-265a-46c1-a334-115142318d10?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41108c2c-99b2-4aff-8c06-bee0b6547a9a": { "id": "41108c2c-99b2-4aff-8c06-bee0b6547a9a", "title": "Smart Manager For WooCommerce < 3.9.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) \u2013 Smart Manager", "slug": "smart-manager-for-wp-e-commerce", "affected_versions": { "[*, 3.9.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41108c2c-99b2-4aff-8c06-bee0b6547a9a?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4111ba11-ad79-466a-9669-3c35730a331a": { "id": "4111ba11-ad79-466a-9669-3c35730a331a", "title": "Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.28": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4111ba11-ad79-466a-9669-3c35730a331a?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4112ca9a-39fa-4fe8-a060-9f8f492eb846": { "id": "4112ca9a-39fa-4fe8-a060-9f8f492eb846", "title": "Webmaster Tools <= 2.0 - Cross-Site Request Forgery vin lionscripts_plg_f", "software": [ { "type": "plugin", "name": "Webmaster Tools", "slug": "webmaster-tools", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4112ca9a-39fa-4fe8-a060-9f8f492eb846?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4113a88f-5203-4fe6-9fb4-c59a63174418": { "id": "4113a88f-5203-4fe6-9fb4-c59a63174418", "title": "Soledad <= 8.2.5 - Authenticated (Subscriber+) Cross-Site Scripting", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4113a88f-5203-4fe6-9fb4-c59a63174418?source=api-scan" ], "published": "2022-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "411b7889-c2c6-48cb-967d-091585705e17": { "id": "411b7889-c2c6-48cb-967d-091585705e17", "title": "BEAR <= 1.1.4 - Missing Authorization via Several Functions", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/411b7889-c2c6-48cb-967d-091585705e17?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "411ca76a-6cab-4829-8e8b-5c54697cf8ee": { "id": "411ca76a-6cab-4829-8e8b-5c54697cf8ee", "title": "Jetpack < 13.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "10.0 - 10.0.1": { "from_version": "10.0", "from_inclusive": true, "to_version": "10.0.1", "to_inclusive": true }, "10.1 - 10.1.1": { "from_version": "10.1", "from_inclusive": true, "to_version": "10.1.1", "to_inclusive": true }, "10.2 - 10.2.2": { "from_version": "10.2", "from_inclusive": true, "to_version": "10.2.2", "to_inclusive": true }, "10.3 - 10.3.1": { "from_version": "10.3", "from_inclusive": true, "to_version": "10.3.1", "to_inclusive": true }, "10.4 - 10.4.1": { "from_version": "10.4", "from_inclusive": true, "to_version": "10.4.1", "to_inclusive": true }, "10.5 - 10.5.2": { "from_version": "10.5", "from_inclusive": true, "to_version": "10.5.2", "to_inclusive": true }, "10.6 - 10.6.1": { "from_version": "10.6", "from_inclusive": true, "to_version": "10.6.1", "to_inclusive": true }, "10.7 - 10.7.1": { "from_version": "10.7", "from_inclusive": true, "to_version": "10.7.1", "to_inclusive": true }, "10.8 - 10.8.1": { "from_version": "10.8", "from_inclusive": true, "to_version": "10.8.1", "to_inclusive": true }, "10.9 - 10.9.2": { "from_version": "10.9", "from_inclusive": true, "to_version": "10.9.2", "to_inclusive": true }, "11.0 - 11.0.1": { "from_version": "11.0", "from_inclusive": true, "to_version": "11.0.1", "to_inclusive": true }, "11.1 - 11.1.3": { "from_version": "11.1", "from_inclusive": true, "to_version": "11.1.3", "to_inclusive": true }, "11.2 - 11.2.1": { "from_version": "11.2", "from_inclusive": true, "to_version": "11.2.1", "to_inclusive": true }, "11.3 - 11.3.3": { "from_version": "11.3", "from_inclusive": true, "to_version": "11.3.3", "to_inclusive": true }, "11.4 - 11.4.1": { "from_version": "11.4", "from_inclusive": true, "to_version": "11.4.1", "to_inclusive": true }, "11.5 - 11.5.2": { "from_version": "11.5", "from_inclusive": true, "to_version": "11.5.2", "to_inclusive": true }, "11.6 - 11.6.1": { "from_version": "11.6", "from_inclusive": true, "to_version": "11.6.1", "to_inclusive": true }, "11.7 - 11.7.2": { "from_version": "11.7", "from_inclusive": true, "to_version": "11.7.2", "to_inclusive": true }, "11.8 - 11.8.5": { "from_version": "11.8", "from_inclusive": true, "to_version": "11.8.5", "to_inclusive": true }, "11.9 - 11.9.2": { "from_version": "11.9", "from_inclusive": true, "to_version": "11.9.2", "to_inclusive": true }, "12.0 - 12.0.1": { "from_version": "12.0", "from_inclusive": true, "to_version": "12.0.1", "to_inclusive": true }, "12.1 - 12.1.1": { "from_version": "12.1", "from_inclusive": true, "to_version": "12.1.1", "to_inclusive": true }, "12.2 - 12.2.1": { "from_version": "12.2", "from_inclusive": true, "to_version": "12.2.1", "to_inclusive": true }, "12.3": { "from_version": "12.3", "from_inclusive": true, "to_version": "12.3", "to_inclusive": true }, "12.4": { "from_version": "12.4", "from_inclusive": true, "to_version": "12.4", "to_inclusive": true }, "12.5": { "from_version": "12.5", "from_inclusive": true, "to_version": "12.5", "to_inclusive": true }, "12.6 - 12.6.2": { "from_version": "12.6", "from_inclusive": true, "to_version": "12.6.2", "to_inclusive": true }, "12.7 - 12.7.1": { "from_version": "12.7", "from_inclusive": true, "to_version": "12.7.1", "to_inclusive": true }, "12.8 - 12.8.1": { "from_version": "12.8", "from_inclusive": true, "to_version": "12.8.1", "to_inclusive": true }, "12.9 - 12.9.3": { "from_version": "12.9", "from_inclusive": true, "to_version": "12.9.3", "to_inclusive": true }, "13.0": { "from_version": "13.0", "from_inclusive": true, "to_version": "13.0", "to_inclusive": true }, "13.1 - 13.1.3": { "from_version": "13.1", "from_inclusive": true, "to_version": "13.1.3", "to_inclusive": true }, "13.2 - 13.2.2": { "from_version": "13.2", "from_inclusive": true, "to_version": "13.2.2", "to_inclusive": true }, "13.3 - 13.3.1": { "from_version": "13.3", "from_inclusive": true, "to_version": "13.3.1", "to_inclusive": true }, "13.4 - 13.4.3": { "from_version": "13.4", "from_inclusive": true, "to_version": "13.4.3", "to_inclusive": true }, "13.5": { "from_version": "13.5", "from_inclusive": true, "to_version": "13.5", "to_inclusive": true }, "13.6": { "from_version": "13.6", "from_inclusive": true, "to_version": "13.6", "to_inclusive": true }, "13.7": { "from_version": "13.7", "from_inclusive": true, "to_version": "13.7", "to_inclusive": true }, "13.8 - 13.8.1": { "from_version": "13.8", "from_inclusive": true, "to_version": "13.8.1", "to_inclusive": true }, "13.9": { "from_version": "13.9", "from_inclusive": true, "to_version": "13.9", "to_inclusive": true }, "3.9 - 3.9.9": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.9", "to_inclusive": true }, "4.0 - 4.0.6": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true }, "4.1 - 4.1.3": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true }, "4.2 - 4.2.4": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.4", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.4": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true }, "4.6 - 4.6.2": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true }, "4.7 - 4.7.3": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.3", "to_inclusive": true }, "4.8 - 4.8.4": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": true }, "4.9 - 4.9.2": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true }, "5.0 - 5.0.2": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true }, "5.1 - 5.1.3": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true }, "5.2 - 5.2.4": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": true }, "5.3 - 5.3.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true }, "5.4 - 5.4.3": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.3", "to_inclusive": true }, "5.5 - 5.5.4": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": true }, "5.6 - 5.6.4": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.4", "to_inclusive": true }, "5.7 - 5.7.4": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.4", "to_inclusive": true }, "5.8 - 5.8.3": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": true }, "5.9 - 5.9.3": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.3", "to_inclusive": true }, "6.0 - 6.0.3": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true }, "6.1 - 6.1.4": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true }, "6.2 - 6.2.4": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.4", "to_inclusive": true }, "6.3 - 6.3.6": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.6", "to_inclusive": true }, "6.4 - 6.4.5": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.5", "to_inclusive": true }, "6.5 - 6.5.3": { "from_version": "6.5", "from_inclusive": true, "to_version": "6.5.3", "to_inclusive": true }, "6.6 - 6.6.4": { "from_version": "6.6", "from_inclusive": true, "to_version": "6.6.4", "to_inclusive": true }, "6.7 - 6.7.3": { "from_version": "6.7", "from_inclusive": true, "to_version": "6.7.3", "to_inclusive": true }, "6.8 - 6.8.4": { "from_version": "6.8", "from_inclusive": true, "to_version": "6.8.4", "to_inclusive": true }, "6.9 - 6.9.3": { "from_version": "6.9", "from_inclusive": true, "to_version": "6.9.3", "to_inclusive": true }, "7.0 - 7.0.4": { "from_version": "7.0", "from_inclusive": true, "to_version": "7.0.4", "to_inclusive": true }, "7.1 - 7.1.4": { "from_version": "7.1", "from_inclusive": true, "to_version": "7.1.4", "to_inclusive": true }, "7.2 - 7.2.4": { "from_version": "7.2", "from_inclusive": true, "to_version": "7.2.4", "to_inclusive": true }, "7.3 - 7.3.4": { "from_version": "7.3", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true }, "7.4 - 7.4.4": { "from_version": "7.4", "from_inclusive": true, "to_version": "7.4.4", "to_inclusive": true }, "7.5 - 7.5.6": { "from_version": "7.5", "from_inclusive": true, "to_version": "7.5.6", "to_inclusive": true }, "7.6 - 7.6.3": { "from_version": "7.6", "from_inclusive": true, "to_version": "7.6.3", "to_inclusive": true }, "7.7 - 7.7.5": { "from_version": "7.7", "from_inclusive": true, "to_version": "7.7.5", "to_inclusive": true }, "7.8 - 7.8.3": { "from_version": "7.8", "from_inclusive": true, "to_version": "7.8.3", "to_inclusive": true }, "7.9 - 7.9.3": { "from_version": "7.9", "from_inclusive": true, "to_version": "7.9.3", "to_inclusive": true }, "8.0 - 8.0.2": { "from_version": "8.0", "from_inclusive": true, "to_version": "8.0.2", "to_inclusive": true }, "8.1 - 8.1.3": { "from_version": "8.1", "from_inclusive": true, "to_version": "8.1.3", "to_inclusive": true }, "8.2 - 8.2.5": { "from_version": "8.2", "from_inclusive": true, "to_version": "8.2.5", "to_inclusive": true }, "8.3 - 8.3.2": { "from_version": "8.3", "from_inclusive": true, "to_version": "8.3.2", "to_inclusive": true }, "8.4 - 8.4.4": { "from_version": "8.4", "from_inclusive": true, "to_version": "8.4.4", "to_inclusive": true }, "8.5 - 8.5.2": { "from_version": "8.5", "from_inclusive": true, "to_version": "8.5.2", "to_inclusive": true }, "8.6 - 8.6.3": { "from_version": "8.6", "from_inclusive": true, "to_version": "8.6.3", "to_inclusive": true }, "8.7 - 8.7.3": { "from_version": "8.7", "from_inclusive": true, "to_version": "8.7.3", "to_inclusive": true }, "8.8 - 8.8.4": { "from_version": "8.8", "from_inclusive": true, "to_version": "8.8.4", "to_inclusive": true }, "8.9 - 8.9.3": { "from_version": "8.9", "from_inclusive": true, "to_version": "8.9.3", "to_inclusive": true }, "9.0 - 9.0.4": { "from_version": "9.0", "from_inclusive": true, "to_version": "9.0.4", "to_inclusive": true }, "9.1 - 9.1.2": { "from_version": "9.1", "from_inclusive": true, "to_version": "9.1.2", "to_inclusive": true }, "9.2 - 9.2.3": { "from_version": "9.2", "from_inclusive": true, "to_version": "9.2.3", "to_inclusive": true }, "9.3 - 9.3.4": { "from_version": "9.3", "from_inclusive": true, "to_version": "9.3.4", "to_inclusive": true }, "9.4 - 9.4.3": { "from_version": "9.4", "from_inclusive": true, "to_version": "9.4.3", "to_inclusive": true }, "9.5 - 9.5.4": { "from_version": "9.5", "from_inclusive": true, "to_version": "9.5.4", "to_inclusive": true }, "9.6 - 9.6.3": { "from_version": "9.6", "from_inclusive": true, "to_version": "9.6.3", "to_inclusive": true }, "9.7 - 9.7.2": { "from_version": "9.7", "from_inclusive": true, "to_version": "9.7.2", "to_inclusive": true }, "9.8 - 9.8.2": { "from_version": "9.8", "from_inclusive": true, "to_version": "9.8.2", "to_inclusive": true }, "9.9 - 9.9.2": { "from_version": "9.9", "from_inclusive": true, "to_version": "9.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.0.2", "10.1.2", "10.2.3", "10.3.2", "10.4.2", "10.5.3", "10.6.2", "10.7.2", "10.8.2", "10.9.3", "11.0.2", "11.1.4", "11.2.2", "11.3.4", "11.4.2", "11.5.3", "11.6.2", "11.7.3", "11.8.6", "11.9.3", "12.0.2", "12.1.2", "12.2.2", "12.3.1", "12.4.1", "12.5.1", "12.6.3", "12.7.2", "12.8.2", "12.9.4", "13.0.1", "13.1.4", "13.2.3", "13.3.2", "13.4.4", "13.5.1", "13.6.1", "13.7.1", "13.8.2", "13.9.1", "3.9.10", "4.0.7", "4.1.4", "4.2.5", "4.3.5", "4.4.5", "4.5.3", "4.6.3", "4.7.4", "4.8.5", "4.9.3", "5.0.3", "5.1.4", "5.2.5", "5.3.4", "5.4.4", "5.5.5", "5.6.5", "5.7.5", "5.8.4", "5.9.4", "6.0.4", "6.1.5", "6.2.5", "6.3.7", "6.4.6", "6.5.4", "6.6.5", "6.7.4", "6.8.5", "6.9.4", "7.0.5", "7.1.5", "7.2.5", "7.3.5", "7.4.5", "7.5.7", "7.6.4", "7.7.6", "7.8.4", "7.9.4", "8.0.3", "8.1.4", "8.2.6", "8.3.3", "8.4.5", "8.5.3", "8.6.4", "8.7.4", "8.8.5", "8.9.4", "9.0.5", "9.1.3", "9.2.4", "9.3.5", "9.4.4", "9.5.5", "9.6.4", "9.7.3", "9.8.3", "9.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/411ca76a-6cab-4829-8e8b-5c54697cf8ee?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41219c9d-a10d-4006-9edc-1387dfdc8b8d": { "id": "41219c9d-a10d-4006-9edc-1387dfdc8b8d", "title": "yolink Search for WordPress < 2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "yolink Search for WordPress", "slug": "yolink-search", "affected_versions": { "[*, 2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41219c9d-a10d-4006-9edc-1387dfdc8b8d?source=api-scan" ], "published": "2013-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4122a963-b8e2-448a-b268-3192613fa3df": { "id": "4122a963-b8e2-448a-b268-3192613fa3df", "title": "LearnPress <= 4.1.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "[*, 4.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4122a963-b8e2-448a-b268-3192613fa3df?source=api-scan" ], "published": "2021-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41299927-2ed9-4cbe-b2b0-f306dc0e4a58": { "id": "41299927-2ed9-4cbe-b2b0-f306dc0e4a58", "title": "PPWP \u2013 Password Protect Pages <= 1.8.9 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "PPWP \u2013 Password Protect Pages", "slug": "password-protect-page", "affected_versions": { "* - 1.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "412d555c-9bbd-42f5-8020-ccfc18755a79": { "id": "412d555c-9bbd-42f5-8020-ccfc18755a79", "title": "MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "MW WP Form", "slug": "mw-wp-form", "affected_versions": { "* - 5.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/412d555c-9bbd-42f5-8020-ccfc18755a79?source=api-scan" ], "published": "2023-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41307a48-d49d-402f-bd3f-96b99afe6a42": { "id": "41307a48-d49d-402f-bd3f-96b99afe6a42", "title": "Sell Media <= 2.4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sell Media", "slug": "sell-media", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41307a48-d49d-402f-bd3f-96b99afe6a42?source=api-scan" ], "published": "2020-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4137b8a6-532a-42fb-aa16-7d1de0e2f11f": { "id": "4137b8a6-532a-42fb-aa16-7d1de0e2f11f", "title": "Advanced uploader <= 4.2 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Advanced uploader", "slug": "advanced-uploader", "affected_versions": { "* - 4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4137b8a6-532a-42fb-aa16-7d1de0e2f11f?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41395c95-230d-441a-a261-cd67b95b76e3": { "id": "41395c95-230d-441a-a261-cd67b95b76e3", "title": "Element Pack Pro <= 7.7.4 - Authenticated (Contributor+) Arbitrary File Read and PHAR Deserialization", "software": [ { "type": "plugin", "name": "Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin", "slug": "bdthemes-element-pack", "affected_versions": { "* - 7.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41395c95-230d-441a-a261-cd67b95b76e3?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "413962b8-09ac-4b5d-a52d-5ca832bba9f2": { "id": "413962b8-09ac-4b5d-a52d-5ca832bba9f2", "title": "WP ULike < 3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "[*, 3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/413962b8-09ac-4b5d-a52d-5ca832bba9f2?source=api-scan" ], "published": "2018-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "413b2b38-44f2-4756-b66d-b6544c7ecaa2": { "id": "413b2b38-44f2-4756-b66d-b6544c7ecaa2", "title": "Shoppable Images Lite <= 1.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Shoppable Images", "slug": "mabel-shoppable-images-lite", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/413b2b38-44f2-4756-b66d-b6544c7ecaa2?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "413d1e3d-373f-4275-a8f8-910c33a32f4f": { "id": "413d1e3d-373f-4275-a8f8-910c33a32f4f", "title": "MC Woocommerce Wishlist <= 1.7.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)", "slug": "smart-wishlist-for-more-convert", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/413d1e3d-373f-4275-a8f8-910c33a32f4f?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "413d3ec0-8d04-4bef-9394-f666cfed733e": { "id": "413d3ec0-8d04-4bef-9394-f666cfed733e", "title": "UsersWP <= 1.2.3.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "[*, 1.2.3.23)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/413d3ec0-8d04-4bef-9394-f666cfed733e?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "413e3430-2d9b-4b14-90da-99de44b393e3": { "id": "413e3430-2d9b-4b14-90da-99de44b393e3", "title": "WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPB Elementor Addons", "slug": "wpb-elementor-addons", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/413e3430-2d9b-4b14-90da-99de44b393e3?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "413e6326-14c6-4734-8adc-114a7842c574": { "id": "413e6326-14c6-4734-8adc-114a7842c574", "title": "ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/413e6326-14c6-4734-8adc-114a7842c574?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "413fa88f-1f06-4386-9cc1-53009da939d7": { "id": "413fa88f-1f06-4386-9cc1-53009da939d7", "title": "Fudousan Plugin <= 5.7.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fudousan Plugin", "slug": "fudousan-plugin", "affected_versions": { "* - 5.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/413fa88f-1f06-4386-9cc1-53009da939d7?source=api-scan" ], "published": "2021-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "414013e9-5baa-4f4f-bf67-f0e821ece807": { "id": "414013e9-5baa-4f4f-bf67-f0e821ece807", "title": "WPJobBoard <= 5.6.4 - Reflected Cross-Site Scripting & Cross-Frame Scripting", "software": [ { "type": "plugin", "name": "WP Job Board", "slug": "wpjobboard", "affected_versions": { "* - 5.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/414013e9-5baa-4f4f-bf67-f0e821ece807?source=api-scan" ], "published": "2020-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "414165a3-78f8-4254-ac24-2de177cad3dd": { "id": "414165a3-78f8-4254-ac24-2de177cad3dd", "title": "CLUEVO LMS, E-Learning Platform <= 1.10.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CLUEVO LMS, E-Learning Platform", "slug": "cluevo-lms", "affected_versions": { "* - 1.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/414165a3-78f8-4254-ac24-2de177cad3dd?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41428fa7-455b-44be-8ec1-977e8cf8a303": { "id": "41428fa7-455b-44be-8ec1-977e8cf8a303", "title": "Slider Hero <= 8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider Hero with Animation, Video Background", "slug": "slider-hero", "affected_versions": { "* - 8.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41428fa7-455b-44be-8ec1-977e8cf8a303?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4143febf-92b3-42e7-9499-9ea83d7727d9": { "id": "4143febf-92b3-42e7-9499-9ea83d7727d9", "title": "Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Chauffeur Taxi Booking System for WordPress", "slug": "chauffeur-booking-system", "affected_versions": { "* - 6.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4143febf-92b3-42e7-9499-9ea83d7727d9?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4147e973-5a17-41d8-b8d9-5e43a23c9bc9": { "id": "4147e973-5a17-41d8-b8d9-5e43a23c9bc9", "title": "Sort SearchResult By Title <= 10.0 - Cross-Site Request Forgery via settings_page", "software": [ { "type": "plugin", "name": "Sort SearchResult By Title", "slug": "sort-searchresult-by-title", "affected_versions": { "* - 10.0": { "from_version": "*", "from_inclusive": true, "to_version": "10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4147e973-5a17-41d8-b8d9-5e43a23c9bc9?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4148b37e-c5dd-43a1-aecf-085ce4fb2473": { "id": "4148b37e-c5dd-43a1-aecf-085ce4fb2473", "title": "Portfolio by BestWebSoft < 2.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Portfolio by BestWebSoft \u2013 Work and Projects Presentation Plugin for WordPress", "slug": "portfolio", "affected_versions": { "[*, 2.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4148b37e-c5dd-43a1-aecf-085ce4fb2473?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4154aa02-7fa1-4858-bea7-092ec4a508ac": { "id": "4154aa02-7fa1-4858-bea7-092ec4a508ac", "title": "Social Media Feather <= 2.1.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Media Feather | social media sharing", "slug": "social-media-feather", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4154aa02-7fa1-4858-bea7-092ec4a508ac?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "415a7201-bdff-4342-9e06-ce0e500cdc7c": { "id": "415a7201-bdff-4342-9e06-ce0e500cdc7c", "title": "Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/415a7201-bdff-4342-9e06-ce0e500cdc7c?source=api-scan" ], "published": "2024-05-30 21:24:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "415ace14-1687-4003-b385-a21a5d5e16a7": { "id": "415ace14-1687-4003-b385-a21a5d5e16a7", "title": "AccessPress Anonymous Post = 2.8.0 - Backdoored", "software": [ { "type": "plugin", "name": "Frontend Post WordPress Plugin \u2013 AccessPress Anonymous Post", "slug": "accesspress-anonymous-post", "affected_versions": { "2.8.0": { "from_version": "2.8.0", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/415ace14-1687-4003-b385-a21a5d5e16a7?source=api-scan" ], "published": "2021-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "415c2648-4fcb-4226-baac-9e75db79bfdf": { "id": "415c2648-4fcb-4226-baac-9e75db79bfdf", "title": "Paid Memberships Pro \u2013 Mailchimp Add On <= 2.3.4 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Mailchimp Add On", "slug": "pmpro-mailchimp", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/415c2648-4fcb-4226-baac-9e75db79bfdf?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "415d69d9-2afd-41f8-8339-ea32fac3aa48": { "id": "415d69d9-2afd-41f8-8339-ea32fac3aa48", "title": "XStore <= 9.3.8 - Missing Authorization", "software": [ { "type": "theme", "name": "XStore", "slug": "xstore", "affected_versions": { "* - 9.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/415d69d9-2afd-41f8-8339-ea32fac3aa48?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4165cff7-457d-4790-8678-84c4365a191a": { "id": "4165cff7-457d-4790-8678-84c4365a191a", "title": "Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode", "software": [ { "type": "plugin", "name": "Beaver Themer", "slug": "beaver-themer", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4165cff7-457d-4790-8678-84c4365a191a?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4167f0ad-aeef-4525-82c9-336f9f48a55e": { "id": "4167f0ad-aeef-4525-82c9-336f9f48a55e", "title": "XStore Core <= 5.3.8 - Authenticated (Subscriber+) Limited Arbitrary File Upload", "software": [ { "type": "plugin", "name": "XStore Core", "slug": "et-core-plugin", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4167f0ad-aeef-4525-82c9-336f9f48a55e?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "416803bc-7851-4489-85f9-dbff0838d35b": { "id": "416803bc-7851-4489-85f9-dbff0838d35b", "title": "Random Banner < 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Random Banner", "slug": "random-banner", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/416803bc-7851-4489-85f9-dbff0838d35b?source=api-scan" ], "published": "2014-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "416ab7d5-9f3b-4ccc-9a0f-bfe5d38b6f97": { "id": "416ab7d5-9f3b-4ccc-9a0f-bfe5d38b6f97", "title": "KenBurner Slider (All Versions) - Path Traversal", "software": [ { "type": "plugin", "name": "kbslider", "slug": "kbslider", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/416ab7d5-9f3b-4ccc-9a0f-bfe5d38b6f97?source=api-scan" ], "published": "2014-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "416c13ff-15ae-4ba4-8a95-7c07bec75c22": { "id": "416c13ff-15ae-4ba4-8a95-7c07bec75c22", "title": "SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "SureCart \u2013 Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments", "slug": "surecart", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/416c13ff-15ae-4ba4-8a95-7c07bec75c22?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "416da317-61dc-42b5-9ade-fa41e844263b": { "id": "416da317-61dc-42b5-9ade-fa41e844263b", "title": "MainWP White Label Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "MainWP White Label Extension", "slug": "mainwp-branding-extension", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/416da317-61dc-42b5-9ade-fa41e844263b?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "416da5d4-3d47-443b-a82c-c059c38f5218": { "id": "416da5d4-3d47-443b-a82c-c059c38f5218", "title": "Duplicator <= 1.5.7 - Cross-Site Request Forgery via views\/tools\/diagnostics\/information.php", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/416da5d4-3d47-443b-a82c-c059c38f5218?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "416ecce7-e2ca-4b73-90ff-85c6fdd94251": { "id": "416ecce7-e2ca-4b73-90ff-85c6fdd94251", "title": "Radio Player <= 2.0.73 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/416ecce7-e2ca-4b73-90ff-85c6fdd94251?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "416fc00d-2e72-41aa-9023-0c098ca32192": { "id": "416fc00d-2e72-41aa-9023-0c098ca32192", "title": "Login With Ajax <= 3.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login With Ajax \u2013 Fast Logins, 2FA, Redirects", "slug": "login-with-ajax", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/416fc00d-2e72-41aa-9023-0c098ca32192?source=api-scan" ], "published": "2012-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "417186ba-36ef-4d06-bbcd-e85eb9219689": { "id": "417186ba-36ef-4d06-bbcd-e85eb9219689", "title": "Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.6.23": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/417186ba-36ef-4d06-bbcd-e85eb9219689?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4174b47a-75d0-4ada-bd4d-efbaf0b1a049": { "id": "4174b47a-75d0-4ada-bd4d-efbaf0b1a049", "title": "Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change", "software": [ { "type": "plugin", "name": "Advanced Shipment Tracking for WooCommerce", "slug": "woo-advanced-shipment-tracking", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4174b47a-75d0-4ada-bd4d-efbaf0b1a049?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "417ae2f2-e245-49bb-8b77-0eabf6095459": { "id": "417ae2f2-e245-49bb-8b77-0eabf6095459", "title": "MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/417ae2f2-e245-49bb-8b77-0eabf6095459?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "417baa1c-29f0-4fec-8008-5b52359b3328": { "id": "417baa1c-29f0-4fec-8008-5b52359b3328", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/417baa1c-29f0-4fec-8008-5b52359b3328?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "417ff4fd-e514-4366-b9a6-c04d7434eac1": { "id": "417ff4fd-e514-4366-b9a6-c04d7434eac1", "title": "AMP+ Plus <= 3.0 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "AMP+ Plus", "slug": "amp-plus", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/417ff4fd-e514-4366-b9a6-c04d7434eac1?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41800ea9-1ace-42fc-9e7f-d760a126342b": { "id": "41800ea9-1ace-42fc-9e7f-d760a126342b", "title": "uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41800ea9-1ace-42fc-9e7f-d760a126342b?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4183c3f7-7794-45f3-8fad-b87ffec3639c": { "id": "4183c3f7-7794-45f3-8fad-b87ffec3639c", "title": "Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Prisna GWT \u2013 Google Website Translator", "slug": "google-website-translator", "affected_versions": { "* - 1.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4183c3f7-7794-45f3-8fad-b87ffec3639c?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41859e1c-1ae0-49f1-82d3-5af3c15994ef": { "id": "41859e1c-1ae0-49f1-82d3-5af3c15994ef", "title": "Advanced Sermons <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Sermons", "slug": "advanced-sermons", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41859e1c-1ae0-49f1-82d3-5af3c15994ef?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4186a609-84f1-4852-8ed9-e8ba6263b635": { "id": "4186a609-84f1-4852-8ed9-e8ba6263b635", "title": "Robokassa payment gateway for Woocommerce <= 1.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Robokassa payment gateway for Woocommerce", "slug": "robokassa", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4186a609-84f1-4852-8ed9-e8ba6263b635?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4186fe8d-ca09-4b82-9500-7b16bd10b044": { "id": "4186fe8d-ca09-4b82-9500-7b16bd10b044", "title": "WP MAPS \u2013 Easiest & Most Advanced WordPress Plugin for Google Maps <= 4.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "* - 4.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4186fe8d-ca09-4b82-9500-7b16bd10b044?source=api-scan" ], "published": "2019-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4187f559-87ba-46ab-9b45-7a36dd98d71d": { "id": "4187f559-87ba-46ab-9b45-7a36dd98d71d", "title": "Yoast SEO <= 2.1.1 - Cross Site Scripting via post_title parameter", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4187f559-87ba-46ab-9b45-7a36dd98d71d?source=api-scan" ], "published": "2012-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41896fb5-1b6b-4a35-b3e9-9c4b5215b153": { "id": "41896fb5-1b6b-4a35-b3e9-9c4b5215b153", "title": "Directorist <= 7.0.6.1 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41896fb5-1b6b-4a35-b3e9-9c4b5215b153?source=api-scan" ], "published": "2021-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "418b9138-9ae0-41f1-a75b-69cbcaffbb88": { "id": "418b9138-9ae0-41f1-a75b-69cbcaffbb88", "title": "WP Custom Admin Interface <= 7.32 - Missing Authorization to Transients Deletion", "software": [ { "type": "plugin", "name": "WP Custom Admin Interface", "slug": "wp-custom-admin-interface", "affected_versions": { "[*, 7.33)": { "from_version": "*", "from_inclusive": true, "to_version": "7.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/418b9138-9ae0-41f1-a75b-69cbcaffbb88?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "418e1f3b-ca99-4576-add9-d6134ba3869d": { "id": "418e1f3b-ca99-4576-add9-d6134ba3869d", "title": "NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "[*, 4.3.25)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/418e1f3b-ca99-4576-add9-d6134ba3869d?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "419270e7-c781-41fe-9893-473074825b36": { "id": "419270e7-c781-41fe-9893-473074825b36", "title": "ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "ENL Newsletter", "slug": "enl-newsletter", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/419270e7-c781-41fe-9893-473074825b36?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4195dbd4-7b6b-4201-887f-6da9bda618b8": { "id": "4195dbd4-7b6b-4201-887f-6da9bda618b8", "title": "Top Bar <= 3.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Top Bar", "slug": "top-bar", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4195dbd4-7b6b-4201-887f-6da9bda618b8?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4197dd30-bfd8-4d6c-80f5-b13e3844adf8": { "id": "4197dd30-bfd8-4d6c-80f5-b13e3844adf8", "title": "Favicon Rotator <= 1.2.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Favicon Rotator", "slug": "favicon-rotator", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4197dd30-bfd8-4d6c-80f5-b13e3844adf8?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41985e86-eda4-4914-a7f8-3758afcc6193": { "id": "41985e86-eda4-4914-a7f8-3758afcc6193", "title": "RegistrationMagic <= 6.0.0.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 6.0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41985e86-eda4-4914-a7f8-3758afcc6193?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "419b20fa-6fea-41d7-9e3d-45ac25b4131f": { "id": "419b20fa-6fea-41d7-9e3d-45ac25b4131f", "title": "All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 3.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/419b20fa-6fea-41d7-9e3d-45ac25b4131f?source=api-scan" ], "published": "2014-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "419df0c4-1e78-47da-b28d-5ab1cb66729a": { "id": "419df0c4-1e78-47da-b28d-5ab1cb66729a", "title": "Maps by BestWebSoft <= 1.3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Maps by BestWebSoft", "slug": "bws-google-maps", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/419df0c4-1e78-47da-b28d-5ab1cb66729a?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41a61c0f-fffb-4810-b44a-74cbc1192ecd": { "id": "41a61c0f-fffb-4810-b44a-74cbc1192ecd", "title": "HTML5 AV Manager <= 0.2.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "HTML5 AV Manager", "slug": "html5avmanager", "affected_versions": { "* - 0.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41a61c0f-fffb-4810-b44a-74cbc1192ecd?source=api-scan" ], "published": "2012-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41aa5b3d-4ffd-4251-965a-a5131e925a54": { "id": "41aa5b3d-4ffd-4251-965a-a5131e925a54", "title": "ReDi Restaurant Reservation <= 24.0422 - Missing Authorization", "software": [ { "type": "plugin", "name": "ReDi Restaurant Reservation", "slug": "redi-restaurant-reservation", "affected_versions": { "* - 24.0422": { "from_version": "*", "from_inclusive": true, "to_version": "24.0422", "to_inclusive": true } }, "patched": true, "patched_versions": [ "24.0712" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41aa5b3d-4ffd-4251-965a-a5131e925a54?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41adfb58-d79f-40a3-8a7e-f3f08f64659f": { "id": "41adfb58-d79f-40a3-8a7e-f3f08f64659f", "title": "Amazonify <= 0.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Amazonify", "slug": "amazonify", "affected_versions": { "* - 0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41adfb58-d79f-40a3-8a7e-f3f08f64659f?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41aeb465-48c2-48db-90ea-186ceeac6753": { "id": "41aeb465-48c2-48db-90ea-186ceeac6753", "title": "Serious Slider <= 1.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Serious Slider", "slug": "cryout-serious-slider", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41aeb465-48c2-48db-90ea-186ceeac6753?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41af6441-bc1d-4210-92f3-4c765fda6df9": { "id": "41af6441-bc1d-4210-92f3-4c765fda6df9", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 1.9.12 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 1.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41af6441-bc1d-4210-92f3-4c765fda6df9?source=api-scan" ], "published": "2013-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41b3a62c-9586-4c87-828a-584dfe386a37": { "id": "41b3a62c-9586-4c87-828a-584dfe386a37", "title": "Download Manager <= 3.2.48 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.48": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41b3a62c-9586-4c87-828a-584dfe386a37?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41bbb772-9a2c-4c69-bdac-a5ce4f50d3ec": { "id": "41bbb772-9a2c-4c69-bdac-a5ce4f50d3ec", "title": "WP Stacker <= 1.8.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Stacker", "slug": "wp-stacker", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41bbb772-9a2c-4c69-bdac-a5ce4f50d3ec?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41c71f86-a2f7-4e0e-9145-ba50830f6dba": { "id": "41c71f86-a2f7-4e0e-9145-ba50830f6dba", "title": "Contact Forms by Cimatti <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Contact Forms by Cimatti", "slug": "contact-forms", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41c71f86-a2f7-4e0e-9145-ba50830f6dba?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41cf57ff-421d-4db2-894f-17f2c4d4b9ed": { "id": "41cf57ff-421d-4db2-894f-17f2c4d4b9ed", "title": "WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation", "software": [ { "type": "plugin", "name": "WooPayments: Integrated WooCommerce Payments", "slug": "woocommerce-payments", "affected_versions": { "4.8.0 - 5.6.1": { "from_version": "4.8.0", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41cf57ff-421d-4db2-894f-17f2c4d4b9ed?source=api-scan" ], "published": "2023-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41cfe1d7-2fab-413c-80e5-40d77133d229": { "id": "41cfe1d7-2fab-413c-80e5-40d77133d229", "title": "Knowledge Base for Documentation, FAQs with AI Assistance <= 11.30.2 - Unauthenticated PHP Object Injection in is_article_recently_viewed", "software": [ { "type": "plugin", "name": "Knowledge Base \u2013 Excellent Documentation and FAQs Plugin with AI Assistance", "slug": "echo-knowledge-base", "affected_versions": { "* - 11.30.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.30.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.31.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41cfe1d7-2fab-413c-80e5-40d77133d229?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d03524-7a53-40cd-a3d5-dafea4fc9a33": { "id": "41d03524-7a53-40cd-a3d5-dafea4fc9a33", "title": "Simple URLs <= 120 - Cross-Site Request Forgery via Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "Simple URLs \u2013 Link Cloaking, Product Displays, and Affiliate Link Management", "slug": "simple-urls", "affected_versions": { "* - 120": { "from_version": "*", "from_inclusive": true, "to_version": "120", "to_inclusive": true } }, "patched": true, "patched_versions": [ "121" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d03524-7a53-40cd-a3d5-dafea4fc9a33?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d09e93-8503-41e8-85d3-8550dc8f85bd": { "id": "41d09e93-8503-41e8-85d3-8550dc8f85bd", "title": "Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Share Boost", "slug": "social-share-boost", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d09e93-8503-41e8-85d3-8550dc8f85bd?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d39fe4-b114-4612-92f6-75d6597610f7": { "id": "41d39fe4-b114-4612-92f6-75d6597610f7", "title": "Internal Link Juicer <= 2.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Internal Link Juicer: SEO Auto Linker for WordPress", "slug": "internal-links", "affected_versions": { "* - 2.23.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.23.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d39fe4-b114-4612-92f6-75d6597610f7?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d55e84-773d-4ec9-8dca-b93b8dac4f48": { "id": "41d55e84-773d-4ec9-8dca-b93b8dac4f48", "title": "HTML5 MP3 Player with Playlist <= 2.7.0 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "HTML5 MP3 Player with Playlist Free", "slug": "html5-mp3-player-with-playlist", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d55e84-773d-4ec9-8dca-b93b8dac4f48?source=api-scan" ], "published": "2014-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d73ce6-a256-43ef-8627-c6f6d6635e3e": { "id": "41d73ce6-a256-43ef-8627-c6f6d6635e3e", "title": "JobBoardWP \u2013 Job Board Listings and Submissions <= 1.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobBoardWP \u2013 Job Board Listings and Submissions", "slug": "jobboardwp", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d73ce6-a256-43ef-8627-c6f6d6635e3e?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d772e5-65a8-4cc5-a504-84473b75f19f": { "id": "41d772e5-65a8-4cc5-a504-84473b75f19f", "title": "Mingle Forum <= 1.0.32.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Mingle Forum", "slug": "mingle-forum", "affected_versions": { "* - 1.0.32.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.32.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d772e5-65a8-4cc5-a504-84473b75f19f?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d7b3f1-a133-4678-b2d9-3f9951cbc005": { "id": "41d7b3f1-a133-4678-b2d9-3f9951cbc005", "title": "Event Monster <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Custom Meta", "software": [ { "type": "plugin", "name": "Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event", "slug": "event-monster", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d7b3f1-a133-4678-b2d9-3f9951cbc005?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d9786e-4ce3-42d6-a0d6-8eb863103d5c": { "id": "41d9786e-4ce3-42d6-a0d6-8eb863103d5c", "title": "Animated Rotating Words <= 5.4 - Missing Authorization via save_admin_options", "software": [ { "type": "plugin", "name": "Dynamic Word Spinner: CSS3 Animated Rotation", "slug": "css3-rotating-words", "affected_versions": { "* - 5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d9786e-4ce3-42d6-a0d6-8eb863103d5c?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41d9de3f-5f49-413d-bee6-a4f9ebcf2799": { "id": "41d9de3f-5f49-413d-bee6-a4f9ebcf2799", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery < 2.0.77.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "[*, 2.0.77.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.77.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.77.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41d9de3f-5f49-413d-bee6-a4f9ebcf2799?source=api-scan" ], "published": "2015-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41de0cf6-d093-4c33-8123-a097ba3e0add": { "id": "41de0cf6-d093-4c33-8123-a097ba3e0add", "title": "TrackShip for WooCommerce <= 1.7.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "TrackShip for WooCommerce", "slug": "trackship-for-woocommerce", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41de0cf6-d093-4c33-8123-a097ba3e0add?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41e2c557-e462-4d9e-916c-b8352a6df571": { "id": "41e2c557-e462-4d9e-916c-b8352a6df571", "title": "MapPress Maps for WordPress <= 2.88.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "* - 2.88.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.88.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.88.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41e2c557-e462-4d9e-916c-b8352a6df571?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41e5de5d-fea6-4be0-bcf3-b282599317d1": { "id": "41e5de5d-fea6-4be0-bcf3-b282599317d1", "title": "Category Specific RSS Feed Subscription <= 2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Category Specific RSS feed Subscription", "slug": "category-specific-rss-feed-menu", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41e5de5d-fea6-4be0-bcf3-b282599317d1?source=api-scan" ], "published": "2019-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41edf49a-18a2-4cf0-b498-738e77287b90": { "id": "41edf49a-18a2-4cf0-b498-738e77287b90", "title": "EmbedPress <= 3.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41edf49a-18a2-4cf0-b498-738e77287b90?source=api-scan" ], "published": "2023-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41f3045f-94a3-45c4-8baa-7f198b8c24bc": { "id": "41f3045f-94a3-45c4-8baa-7f198b8c24bc", "title": "BlockArt Blocks \u2013 Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library\t <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BlockArt Blocks \u2013 Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library", "slug": "blockart-blocks", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41f3045f-94a3-45c4-8baa-7f198b8c24bc?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41f6e826-9326-40fa-80d0-4cff1dd72536": { "id": "41f6e826-9326-40fa-80d0-4cff1dd72536", "title": "WordPress Button Plugin MaxButtons <= 9.2 - Shortcode-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 9.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41f6e826-9326-40fa-80d0-4cff1dd72536?source=api-scan" ], "published": "2022-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "41fada19-c697-4078-825b-0bdf6a827b02": { "id": "41fada19-c697-4078-825b-0bdf6a827b02", "title": "PHP Compatibility Checker <= 1.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PHP Compatibility Checker", "slug": "php-compatibility-checker", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/41fada19-c697-4078-825b-0bdf6a827b02?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42030492-5802-42db-b88b-8a0f1552de12": { "id": "42030492-5802-42db-b88b-8a0f1552de12", "title": "Gallery \u2013 Photo Albums Plugin < 1.3.47 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery \u2013 Photo Albums Plugin", "slug": "easy-media-gallery", "affected_versions": { "[*, 1.3.50)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.50", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42030492-5802-42db-b88b-8a0f1552de12?source=api-scan" ], "published": "2015-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4204209b-054f-4249-87d0-a0837ac172d6": { "id": "4204209b-054f-4249-87d0-a0837ac172d6", "title": "Woo Viet <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woo Viet \u2013 WooCommerce for Vietnam", "slug": "woo-viet", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4204209b-054f-4249-87d0-a0837ac172d6?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4209eddd-47ac-4802-b309-e42e5907a0cd": { "id": "4209eddd-47ac-4802-b309-e42e5907a0cd", "title": "Echelon <= 2.4 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Echelon", "slug": "echelon", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4209eddd-47ac-4802-b309-e42e5907a0cd?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "420bcda3-e275-4811-ae37-df69d4d60cee": { "id": "420bcda3-e275-4811-ae37-df69d4d60cee", "title": "Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload via Path Traversal", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/420bcda3-e275-4811-ae37-df69d4d60cee?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "420c29d6-e712-4891-a2f6-b18f4718b35d": { "id": "420c29d6-e712-4891-a2f6-b18f4718b35d", "title": "CBX Bookmark & Favorite <= 1.6.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CBX Bookmark & Favorite", "slug": "cbxwpbookmark", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/420c29d6-e712-4891-a2f6-b18f4718b35d?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "420f56de-4c83-4c9f-933c-0422467bbc7a": { "id": "420f56de-4c83-4c9f-933c-0422467bbc7a", "title": "User Activity Tracking and Log <= 4.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "User Activity Tracking and Log", "slug": "user-activity-tracking-and-log", "affected_versions": { "* - 4.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/420f56de-4c83-4c9f-933c-0422467bbc7a?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42156e9f-711a-4592-b92c-d4af845d686a": { "id": "42156e9f-711a-4592-b92c-d4af845d686a", "title": "Better Delete Revision <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Delete Revision", "slug": "better-delete-revision", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42156e9f-711a-4592-b92c-d4af845d686a?source=api-scan" ], "published": "2022-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4221b33c-5cfa-48db-92bf-bf25ff3c5a5f": { "id": "4221b33c-5cfa-48db-92bf-bf25ff3c5a5f", "title": "Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Startklar Elementor Addons", "slug": "startklar-elmentor-forms-extwidgets", "affected_versions": { "* - 1.7.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42222c64-6492-4774-b5bc-8e62a1a328cf": { "id": "42222c64-6492-4774-b5bc-8e62a1a328cf", "title": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change", "software": [ { "type": "plugin", "name": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace", "slug": "wc-multivendor-membership", "affected_versions": { "* - 2.10.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42222c64-6492-4774-b5bc-8e62a1a328cf?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "422ae683-dbbe-43ef-b902-ae7570495f21": { "id": "422ae683-dbbe-43ef-b902-ae7570495f21", "title": "HomeSweet - Real Estate WordPress Theme <= 1.4 - Insecure Direct Object Reference", "software": [ { "type": "theme", "name": "HomeSweet - Real Estate WordPress Theme", "slug": "homesweet", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/422ae683-dbbe-43ef-b902-ae7570495f21?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42303b60-cbb5-4176-94f9-b2ed29f59cc8": { "id": "42303b60-cbb5-4176-94f9-b2ed29f59cc8", "title": "Bulk Comment Remove <= 2 - Cross-Site Request Forgery via brc_admin()", "software": [ { "type": "plugin", "name": "Bulk Comment Remove", "slug": "bulk-comment-remove", "affected_versions": { "* - 2": { "from_version": "*", "from_inclusive": true, "to_version": "2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42303b60-cbb5-4176-94f9-b2ed29f59cc8?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4235f279-0975-4814-b156-b45b011e3ce6": { "id": "4235f279-0975-4814-b156-b45b011e3ce6", "title": "Prevent Landscape Rotation <= 2.0 - Cross-Site Request Forgery via adminpage.php", "software": [ { "type": "plugin", "name": "Prevent Landscape Rotation", "slug": "prevent-landscape-rotation", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4235f279-0975-4814-b156-b45b011e3ce6?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "423627a6-623d-462c-a767-cf021566d9e1": { "id": "423627a6-623d-462c-a767-cf021566d9e1", "title": "TaxoPress <= 3.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Tag, Category, and Taxonomy Manager \u2013 AI Autotagger", "slug": "simple-tags", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/423627a6-623d-462c-a767-cf021566d9e1?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42378b83-2a39-4e5f-8671-ee4a44ee92a5": { "id": "42378b83-2a39-4e5f-8671-ee4a44ee92a5", "title": "MemberSonic Lite Membership Site Plugin <= 1.2 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MemberSonic Lite Membership Site Plugin", "slug": "membership-site", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.302" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42378b83-2a39-4e5f-8671-ee4a44ee92a5?source=api-scan" ], "published": "2016-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42402a14-b192-4ed0-84bf-f0327e48f32b": { "id": "42402a14-b192-4ed0-84bf-f0327e48f32b", "title": "Pie Register \u2013 User Registration Forms < 2.0.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 2.0.19)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42402a14-b192-4ed0-84bf-f0327e48f32b?source=api-scan" ], "published": "2015-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4240c04b-cad3-496f-b12f-7718bb498fe0": { "id": "4240c04b-cad3-496f-b12f-7718bb498fe0", "title": "flickr-picture-backup <= 0.7 - Arbitrary file upload", "software": [ { "type": "plugin", "name": "flickr-picture-backup", "slug": "flickr-picture-backup", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4240c04b-cad3-496f-b12f-7718bb498fe0?source=api-scan" ], "published": "2017-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4240fcda-c61d-4888-8837-5012e5ba1f26": { "id": "4240fcda-c61d-4888-8837-5012e5ba1f26", "title": "Min Max Control <= 4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Min Max Control \u2013 Min Max Quantity & Step Control for WooCommerce", "slug": "woo-min-max-quantity-step-control-single", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4240fcda-c61d-4888-8837-5012e5ba1f26?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4243bd6d-34f6-4d29-a333-4499a2e2d2e1": { "id": "4243bd6d-34f6-4d29-a333-4499a2e2d2e1", "title": "SecuPress Free \u2014 WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address", "software": [ { "type": "plugin", "name": "SecuPress Free \u2014 WordPress Security", "slug": "secupress", "affected_versions": { "* - 2.2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4243bd6d-34f6-4d29-a333-4499a2e2d2e1?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "424a30d7-4806-4274-8c5e-75dcc12e9f3c": { "id": "424a30d7-4806-4274-8c5e-75dcc12e9f3c", "title": "BookX <= 1.7 - Path Traversal", "software": [ { "type": "plugin", "name": "BookX", "slug": "bookx", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/424a30d7-4806-4274-8c5e-75dcc12e9f3c?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "424a5c60-db14-4a45-8c62-7a11ed377f1a": { "id": "424a5c60-db14-4a45-8c62-7a11ed377f1a", "title": "Store Locator WordPress <= 1.4.12 - Reflected Cross-Site Scripting via 'asl-nounce'", "software": [ { "type": "plugin", "name": "Store Locator WordPress", "slug": "agile-store-locator", "affected_versions": { "* - 1.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/424a5c60-db14-4a45-8c62-7a11ed377f1a?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "424b2145-2fe2-48b8-bb4f-08fe23a6100f": { "id": "424b2145-2fe2-48b8-bb4f-08fe23a6100f", "title": "WP Scraper <= 5.8 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WP Scraper", "slug": "wp-scraper", "affected_versions": { "* - 5.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/424b2145-2fe2-48b8-bb4f-08fe23a6100f?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "424ebeb4-eb53-4c87-9a86-aff1c784aa3c": { "id": "424ebeb4-eb53-4c87-9a86-aff1c784aa3c", "title": "WordPress Spreadsheet <= 0.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Spreadsheet", "slug": "wpSS", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/424ebeb4-eb53-4c87-9a86-aff1c784aa3c?source=api-scan" ], "published": "2008-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4252c092-1276-4f69-88f9-cf78799c725c": { "id": "4252c092-1276-4f69-88f9-cf78799c725c", "title": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4252c092-1276-4f69-88f9-cf78799c725c?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4252da8a-26c7-41a4-944b-cb41dafa8884": { "id": "4252da8a-26c7-41a4-944b-cb41dafa8884", "title": "Konnichiwa! Membership <= 0.8.3 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Konnichiwa! Membership", "slug": "konnichiwa", "affected_versions": { "* - 0.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4252da8a-26c7-41a4-944b-cb41dafa8884?source=api-scan" ], "published": "2021-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4257d4ca-0e92-4d2f-b65b-dff9d7d48cb8": { "id": "4257d4ca-0e92-4d2f-b65b-dff9d7d48cb8", "title": "Easy Form Builder <= 3.7.4 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Easy Form Builder \u2013 WordPress plugin form builder: contact form, survey form, payment form, and custom form builder", "slug": "easy-form-builder", "affected_versions": { "* - 3.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4257d4ca-0e92-4d2f-b65b-dff9d7d48cb8?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "426021d3-e302-4c2a-8d5c-f2a2fc20e45b": { "id": "426021d3-e302-4c2a-8d5c-f2a2fc20e45b", "title": "WordPress Multisite Content Copier\/Updater <= 1.4.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Multisite Content Copier\/Updater", "slug": "wp-multisite-content-copier", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/426021d3-e302-4c2a-8d5c-f2a2fc20e45b?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4261bc62-a091-408b-8643-e6fa61d62103": { "id": "4261bc62-a091-408b-8643-e6fa61d62103", "title": "WPCafe <= 2.2.22 - Missing Authorization", "software": [ { "type": "plugin", "name": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce", "slug": "wp-cafe", "affected_versions": { "* - 2.2.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4261bc62-a091-408b-8643-e6fa61d62103?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "426280c1-0ecb-4973-915e-bb63ac240bca": { "id": "426280c1-0ecb-4973-915e-bb63ac240bca", "title": "Ditty <= 3.1.35 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "* - 3.1.35": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/426280c1-0ecb-4973-915e-bb63ac240bca?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "426554d8-e6dc-496f-adce-61a22880a4c2": { "id": "426554d8-e6dc-496f-adce-61a22880a4c2", "title": "FG Drupal to WordPress <= 3.70.3 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "FG Drupal to WordPress", "slug": "fg-drupal-to-wp", "affected_versions": { "* - 3.70.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.70.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.71.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/426554d8-e6dc-496f-adce-61a22880a4c2?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "426ea88f-bdd4-4da6-88c2-db82df9e01e5": { "id": "426ea88f-bdd4-4da6-88c2-db82df9e01e5", "title": "IMPress for IDX Broker <= 2.6.1 - Authenticated Arbitrary Post Creation, Modification, and Deletion", "software": [ { "type": "plugin", "name": "IMPress for IDX Broker", "slug": "idx-broker-platinum", "affected_versions": { "[*, 2.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/426ea88f-bdd4-4da6-88c2-db82df9e01e5?source=api-scan" ], "published": "2020-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "427034cf-81b4-4648-9630-5448b6d2b2f7": { "id": "427034cf-81b4-4648-9630-5448b6d2b2f7", "title": "Edubin <= 9.2.0 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Edubin", "slug": "edubin", "affected_versions": { "* - 9.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/427034cf-81b4-4648-9630-5448b6d2b2f7?source=api-scan" ], "published": "2024-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4270a5c2-abc0-4505-9683-030dc08a462d": { "id": "4270a5c2-abc0-4505-9683-030dc08a462d", "title": "Featured Image from URL <= 2.7.7 - Missing Authorization on REST API routes", "software": [ { "type": "plugin", "name": "Featured Image from URL (FIFU)", "slug": "featured-image-from-url", "affected_versions": { "* - 2.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4270a5c2-abc0-4505-9683-030dc08a462d?source=api-scan" ], "published": "2019-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4278b8f6-ce3e-4b6d-ae69-dee24a2177e7": { "id": "4278b8f6-ce3e-4b6d-ae69-dee24a2177e7", "title": "PVN Auth Popup <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PVN Auth Popup", "slug": "pvn-auth-popup", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4278b8f6-ce3e-4b6d-ae69-dee24a2177e7?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4278e9d7-aa1e-47a5-b715-09dae5156303": { "id": "4278e9d7-aa1e-47a5-b715-09dae5156303", "title": "Advanced Woo Search <= 2.77 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Woo Search", "slug": "advanced-woo-search", "affected_versions": { "* - 2.77": { "from_version": "*", "from_inclusive": true, "to_version": "2.77", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.78" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4278e9d7-aa1e-47a5-b715-09dae5156303?source=api-scan" ], "published": "2023-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4279efe9-df57-405a-85a0-6c22e912662c": { "id": "4279efe9-df57-405a-85a0-6c22e912662c", "title": "WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 4.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4279efe9-df57-405a-85a0-6c22e912662c?source=api-scan" ], "published": "2020-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "427c29e6-9bbe-4094-a2a2-46945525f5b3": { "id": "427c29e6-9bbe-4094-a2a2-46945525f5b3", "title": "Ad Inserter <= 1.5.5 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/427c29e6-9bbe-4094-a2a2-46945525f5b3?source=api-scan" ], "published": "2015-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4280654a-9eab-4541-8b82-74086d37d928": { "id": "4280654a-9eab-4541-8b82-74086d37d928", "title": "CM Registration Pro <= 3.2.0 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Registration | User Registration and Invitation Codes Plugin for WordPress", "slug": "cm-registration-pro", "affected_versions": { "[*, 3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4280654a-9eab-4541-8b82-74086d37d928?source=api-scan" ], "published": "2021-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4284c31c-fa58-49fe-89ed-35d7b1bd6ec8": { "id": "4284c31c-fa58-49fe-89ed-35d7b1bd6ec8", "title": "Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id", "software": [ { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4284c31c-fa58-49fe-89ed-35d7b1bd6ec8?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "428b4d6b-a4db-4e60-8c15-24efdfe6aea1": { "id": "428b4d6b-a4db-4e60-8c15-24efdfe6aea1", "title": "Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via title tag attribute", "software": [ { "type": "plugin", "name": "Ultimate Blocks \u2013 WordPress Blocks Plugin", "slug": "ultimate-blocks", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/428b4d6b-a4db-4e60-8c15-24efdfe6aea1?source=api-scan" ], "published": "2024-07-01 19:35:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "428feddb-c8c3-49a7-8e01-dc548c184229": { "id": "428feddb-c8c3-49a7-8e01-dc548c184229", "title": "Import and export users and customers <= 1.24.6 - Missing Authorization via fire_cron REST endpoint", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.24.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/428feddb-c8c3-49a7-8e01-dc548c184229?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42901dcd-d318-4a37-b70f-bf6c5c58769d": { "id": "42901dcd-d318-4a37-b70f-bf6c5c58769d", "title": "Pixel Cat \u2013 Conversion Pixel Manager <= 2.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pixel Cat \u2013 Conversion Pixel Manager", "slug": "facebook-conversion-pixel", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42901dcd-d318-4a37-b70f-bf6c5c58769d?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4290ee15-0362-48c5-a570-4a1b6719a948": { "id": "4290ee15-0362-48c5-a570-4a1b6719a948", "title": "WordPress Core < 5.5.2 - Reflected Cross-Site Scripting via Global Variables", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4290ee15-0362-48c5-a570-4a1b6719a948?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce": { "id": "4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce", "title": "Simply Schedule Appointments <= 1.6.6.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.6.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4299e97c-3b91-4870-bafd-557b72b93b44": { "id": "4299e97c-3b91-4870-bafd-557b72b93b44", "title": "SpiderCalendar <= 1.5.51 - SQL Injection", "software": [ { "type": "plugin", "name": "SpiderCalendar", "slug": "spider-event-calendar", "affected_versions": { "* - 1.5.51": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4299e97c-3b91-4870-bafd-557b72b93b44?source=api-scan" ], "published": "2017-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "429ce9e6-e51b-4f1e-8e26-f679b08d68d3": { "id": "429ce9e6-e51b-4f1e-8e26-f679b08d68d3", "title": "Debug Assistant <= 1.4 - Cross-Site Request Forgery via imlt_create_admin", "software": [ { "type": "plugin", "name": "Debug Assistant", "slug": "debug-assistant", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/429ce9e6-e51b-4f1e-8e26-f679b08d68d3?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "429fe34a-5fa9-4032-9b21-4de114dbc9d1": { "id": "429fe34a-5fa9-4032-9b21-4de114dbc9d1", "title": "Broken Link Checker <= 2.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/429fe34a-5fa9-4032-9b21-4de114dbc9d1?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42a4ef37-c842-4925-b06a-3e6423337567": { "id": "42a4ef37-c842-4925-b06a-3e6423337567", "title": "Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Cookie Information | Free GDPR Consent Solution", "slug": "wp-gdpr-compliance", "affected_versions": { "* - 2.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42a4ef37-c842-4925-b06a-3e6423337567?source=api-scan" ], "published": "2024-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42a642a8-fee3-497f-9fcf-7e888838af0b": { "id": "42a642a8-fee3-497f-9fcf-7e888838af0b", "title": "MainWP Post Dripper Extension <= 4.0.4 - Missing Authorization to Arbitrary Page\/Post Deletion", "software": [ { "type": "plugin", "name": "MainWP Post Dripper Extension", "slug": "mainwp-post-dripper-extension", "affected_versions": { "4.0.4": { "from_version": "4.0.4", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42a642a8-fee3-497f-9fcf-7e888838af0b?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42ad6fef-4280-45db-a3e2-6d7522751fa7": { "id": "42ad6fef-4280-45db-a3e2-6d7522751fa7", "title": "FareHarbor for WordPress <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "FareHarbor for WordPress", "slug": "fareharbor", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42ad6fef-4280-45db-a3e2-6d7522751fa7?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42b24b41-c520-4bb8-ba56-6f35500ee90e": { "id": "42b24b41-c520-4bb8-ba56-6f35500ee90e", "title": "FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "[*, 1.9.25)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42b24b41-c520-4bb8-ba56-6f35500ee90e?source=api-scan" ], "published": "2020-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42b2d840-4e8b-4027-ab3b-78b17c9ed9aa": { "id": "42b2d840-4e8b-4027-ab3b-78b17c9ed9aa", "title": "Floating Action Button <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Floating Action Button", "slug": "floating-action-button", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42b2d840-4e8b-4027-ab3b-78b17c9ed9aa?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42c1d2ea-dea6-4cde-8db3-37709da9eb71": { "id": "42c1d2ea-dea6-4cde-8db3-37709da9eb71", "title": "CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "CMSMasters Content Composer", "slug": "cmsmasters-content-composer", "affected_versions": { "* - 1.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42c1d2ea-dea6-4cde-8db3-37709da9eb71?source=api-scan" ], "published": "2024-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42c38563-ed78-4e65-8d1f-b3aa6444923d": { "id": "42c38563-ed78-4e65-8d1f-b3aa6444923d", "title": "Related Posts for WordPress <= 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Related Posts for WordPress", "slug": "related-posts-for-wp", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42c38563-ed78-4e65-8d1f-b3aa6444923d?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42cd1b53-400f-4933-b3cc-2fd9079e241c": { "id": "42cd1b53-400f-4933-b3cc-2fd9079e241c", "title": "WP Express Checkout (Accept PayPal Payments) <= 2.3.7 - Unauthenticated Price Manipulation", "software": [ { "type": "plugin", "name": "WP Express Checkout (Accept PayPal Payments Easily)", "slug": "wp-express-checkout", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42cd1b53-400f-4933-b3cc-2fd9079e241c?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42d56d6a-365a-4fa2-977f-a1328e0ec1b3": { "id": "42d56d6a-365a-4fa2-977f-a1328e0ec1b3", "title": "Clicky by Yoast <= 1.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clicky by Yoast", "slug": "clicky", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42d56d6a-365a-4fa2-977f-a1328e0ec1b3?source=api-scan" ], "published": "2016-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42da00cf-5fda-4ad7-ad74-0328f492abcf": { "id": "42da00cf-5fda-4ad7-ad74-0328f492abcf", "title": "Product Feed PRO for WooCommerce by AdTribes \u2013 WooCommerce Product Feeds for Google, Facebook\/Meta, Bing, & More <= 13.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Feed PRO for WooCommerce by AdTribes \u2013 WooCommerce Product Feeds", "slug": "woo-product-feed-pro", "affected_versions": { "* - 13.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42da00cf-5fda-4ad7-ad74-0328f492abcf?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42db52ae-f881-4082-b475-8577a28641c6": { "id": "42db52ae-f881-4082-b475-8577a28641c6", "title": "Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 2.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42db52ae-f881-4082-b475-8577a28641c6?source=api-scan" ], "published": "2020-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42dd1eeb-10b4-48f1-b392-dfa3a9d4b9c4": { "id": "42dd1eeb-10b4-48f1-b392-dfa3a9d4b9c4", "title": "WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments via URLs", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.29": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.29", "to_inclusive": true }, "3.8 - 3.8.29": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.29", "to_inclusive": true }, "3.9 - 3.9.27": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.27", "to_inclusive": true }, "4.0 - 4.0.26": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true }, "4.1 - 4.1.26": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.26", "to_inclusive": true }, "4.2 - 4.2.23": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.23", "to_inclusive": true }, "4.3 - 4.3.19": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.19", "to_inclusive": true }, "4.4 - 4.4.18": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.18", "to_inclusive": true }, "4.5 - 4.5.17": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.17", "to_inclusive": true }, "4.6 - 4.6.13": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.8 - 4.8.9": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9 - 4.9.10": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true }, "5.0 - 5.0.5": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true }, "5.1 - 5.1.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true }, "5.2 - 5.2.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.30", "3.8.30", "3.9.28", "4.0.27", "4.1.27", "4.2.24", "4.3.20", "4.4.19", "4.5.18", "4.6.15", "4.7.14", "4.8.10", "4.9.11", "5.0.6", "5.1.2", "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42dd1eeb-10b4-48f1-b392-dfa3a9d4b9c4?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42de41f1-cfb2-4413-8841-c63d0e764be3": { "id": "42de41f1-cfb2-4413-8841-c63d0e764be3", "title": "The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.2 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)", "slug": "the-pack-addon", "affected_versions": { "* - 2.0.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42de41f1-cfb2-4413-8841-c63d0e764be3?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42e54e09-242f-49ab-9fff-a9ffc62dd4bd": { "id": "42e54e09-242f-49ab-9fff-a9ffc62dd4bd", "title": "Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Testimonials", "slug": "easy-testimonials", "affected_versions": { "* - 3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42e54e09-242f-49ab-9fff-a9ffc62dd4bd?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42e74152-b79d-42f5-87a2-6e9545699483": { "id": "42e74152-b79d-42f5-87a2-6e9545699483", "title": "Prismatic <= 2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Prismatic", "slug": "prismatic", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42e74152-b79d-42f5-87a2-6e9545699483?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42e8129f-dbbd-4dd3-a7a5-c6242c43dfe8": { "id": "42e8129f-dbbd-4dd3-a7a5-c6242c43dfe8", "title": "Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing", "software": [ { "type": "plugin", "name": "Auto-hyperlink URLs", "slug": "auto-hyperlink-urls", "affected_versions": { "* - 5.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42e8129f-dbbd-4dd3-a7a5-c6242c43dfe8?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42f537db-cb30-4ac6-9cc5-835901a722be": { "id": "42f537db-cb30-4ac6-9cc5-835901a722be", "title": "Clearfy Cache <= 2.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, CSS & JS, Defer", "slug": "clearfy", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42f537db-cb30-4ac6-9cc5-835901a722be?source=api-scan" ], "published": "2022-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42f54887-ce98-4360-8d07-37b1a48fc3fd": { "id": "42f54887-ce98-4360-8d07-37b1a48fc3fd", "title": "WP Statistics <= 13.2.5 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42f54887-ce98-4360-8d07-37b1a48fc3fd?source=api-scan" ], "published": "2022-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42f5f29b-2d83-4b15-82aa-0598f8a2317b": { "id": "42f5f29b-2d83-4b15-82aa-0598f8a2317b", "title": "ARMember <= 4.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42f5f29b-2d83-4b15-82aa-0598f8a2317b?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42ff1e17-ccc2-478b-a3b5-88e3bea28a5e": { "id": "42ff1e17-ccc2-478b-a3b5-88e3bea28a5e", "title": "wordTube <= 1.43 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "wordTube", "slug": "wordtube", "affected_versions": { "* - 1.43": { "from_version": "*", "from_inclusive": true, "to_version": "1.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42ff1e17-ccc2-478b-a3b5-88e3bea28a5e?source=api-scan" ], "published": "2007-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "42fff63c-62ec-466e-9a05-60d76f80039e": { "id": "42fff63c-62ec-466e-9a05-60d76f80039e", "title": "Easy Hide Login <= 1.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Hide Login", "slug": "easy-hide-login", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/42fff63c-62ec-466e-9a05-60d76f80039e?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43014ecd-72d9-44cc-be24-c0c9790ddc20": { "id": "43014ecd-72d9-44cc-be24-c0c9790ddc20", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4301666c-98a5-4028-978f-f50e5b8f4a6a": { "id": "4301666c-98a5-4028-978f-f50e5b8f4a6a", "title": "FoxyPress <= 0.4.9 - SQL Injection", "software": [ { "type": "plugin", "name": "FoxyPress", "slug": "foxypress", "affected_versions": { "* - 0.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4301666c-98a5-4028-978f-f50e5b8f4a6a?source=api-scan" ], "published": "2012-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43039c47-a34f-4020-9009-473e93468e21": { "id": "43039c47-a34f-4020-9009-473e93468e21", "title": "WordPress Core < 3.0.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43039c47-a34f-4020-9009-473e93468e21?source=api-scan" ], "published": "2010-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "430a981c-7856-493c-bf66-11506b5963a0": { "id": "430a981c-7856-493c-bf66-11506b5963a0", "title": "Event Calendar <= 1.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Calendar \u2013 Calendar", "slug": "calendar-event", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/430a981c-7856-493c-bf66-11506b5963a0?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "430c6f4b-277e-41bf-a638-fd3fea495a31": { "id": "430c6f4b-277e-41bf-a638-fd3fea495a31", "title": "Movies <= 0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Movies", "slug": "movies", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/430c6f4b-277e-41bf-a638-fd3fea495a31?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43100062-c6bd-4d08-a88b-fbcf24f7e605": { "id": "43100062-c6bd-4d08-a88b-fbcf24f7e605", "title": "Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43100062-c6bd-4d08-a88b-fbcf24f7e605?source=api-scan" ], "published": "2022-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43110773-0eba-41dd-adbf-0e21cb69058e": { "id": "43110773-0eba-41dd-adbf-0e21cb69058e", "title": "Strategery Migrations <= 1.0 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Strategery Migrations", "slug": "strategery-migrations", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43110773-0eba-41dd-adbf-0e21cb69058e?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "431331aa-4d9f-41f2-a522-567bbd9b8831": { "id": "431331aa-4d9f-41f2-a522-567bbd9b8831", "title": "Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/431331aa-4d9f-41f2-a522-567bbd9b8831?source=api-scan" ], "published": "2022-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4319fa2e-8826-4100-9156-cbe80582367e": { "id": "4319fa2e-8826-4100-9156-cbe80582367e", "title": "WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "* - 3.4.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4319fa2e-8826-4100-9156-cbe80582367e?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "431bcb93-396f-470b-94c9-66a9a2973552": { "id": "431bcb93-396f-470b-94c9-66a9a2973552", "title": "Iconize <= 1.2.4 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Iconize", "slug": "iconize", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/431bcb93-396f-470b-94c9-66a9a2973552?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "431d352b-d79b-4a6b-91f9-95962be3049e": { "id": "431d352b-d79b-4a6b-91f9-95962be3049e", "title": "WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.33": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.33", "to_inclusive": true }, "3.8 - 3.8.33": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.33", "to_inclusive": true }, "3.9 - 3.9.31": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.31", "to_inclusive": true }, "4.0 - 4.0.30": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.30", "to_inclusive": true }, "4.1 - 4.1.30": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.30", "to_inclusive": true }, "4.2 - 4.2.27": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.27", "to_inclusive": true }, "4.3 - 4.3.23": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.23", "to_inclusive": true }, "4.4 - 4.4.22": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.22", "to_inclusive": true }, "4.5 - 4.5.21": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.21", "to_inclusive": true }, "4.6 - 4.6.18": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.18", "to_inclusive": true }, "4.7 - 4.7.17": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.17", "to_inclusive": true }, "4.8 - 4.8.13": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.13", "to_inclusive": true }, "4.9 - 4.9.14": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.14", "to_inclusive": true }, "5.0 - 5.0.9": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true }, "5.1 - 5.1.5": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true }, "5.2 - 5.2.6": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true }, "5.3 - 5.3.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.34", "3.8.34", "3.9.32", "4.0.31", "4.1.31", "4.2.28", "4.3.24", "4.4.23", "4.5.22", "4.6.19", "4.7.18", "4.8.14", "4.9.15", "5.0.10", "5.1.6", "5.2.7", "5.3.4", "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/431d352b-d79b-4a6b-91f9-95962be3049e?source=api-scan" ], "published": "2020-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4322d9d6-13b6-4476-9eb5-fea4aff2e5ce": { "id": "4322d9d6-13b6-4476-9eb5-fea4aff2e5ce", "title": "Extensions for Elementor <= 2.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via EE Events and EE Flipbox Widget", "software": [ { "type": "plugin", "name": "Extensions for Elementor", "slug": "extensions-for-elementor", "affected_versions": { "* - 2.0.32": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4322d9d6-13b6-4476-9eb5-fea4aff2e5ce?source=api-scan" ], "published": "2024-07-08 19:48:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "432807d0-64d8-49b1-a4ab-33aa8fbc5189": { "id": "432807d0-64d8-49b1-a4ab-33aa8fbc5189", "title": "Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "Form Builder | Create Responsive Contact Forms", "slug": "contact-form-add", "affected_versions": { "* - 1.9.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/432807d0-64d8-49b1-a4ab-33aa8fbc5189?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "432b71ea-dd81-4536-abda-33da8185abb6": { "id": "432b71ea-dd81-4536-abda-33da8185abb6", "title": "St Daily Tip <= 4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "St-Daily-Tip", "slug": "st-daily-tip", "affected_versions": { "* - 4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/432b71ea-dd81-4536-abda-33da8185abb6?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "432df51f-2855-4bf2-8be1-77a893e3aa29": { "id": "432df51f-2855-4bf2-8be1-77a893e3aa29", "title": "WP-Chatbot for Messenger <= 4.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP-Chatbot for Messenger", "slug": "wp-chatbot", "affected_versions": { "* - 4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/432df51f-2855-4bf2-8be1-77a893e3aa29?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "432effd4-5c94-4ef9-bc19-b4eacd082264": { "id": "432effd4-5c94-4ef9-bc19-b4eacd082264", "title": "Accessibility <= 1.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Accessibility", "slug": "accessibility", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/432effd4-5c94-4ef9-bc19-b4eacd082264?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43357daa-4dce-4851-b41b-48d3ffb8a387": { "id": "43357daa-4dce-4851-b41b-48d3ffb8a387", "title": "HTTP Auth <= 0.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HTTP Auth", "slug": "http-auth", "affected_versions": { "* - 0.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43357daa-4dce-4851-b41b-48d3ffb8a387?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4336d597-7e87-46eb-8abd-9fafd6cd25d9": { "id": "4336d597-7e87-46eb-8abd-9fafd6cd25d9", "title": "WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export", "software": [ { "type": "plugin", "name": "PDF Builder for WooCommerce. Create invoices,packing slips and more", "slug": "woo-pdf-invoice-builder", "affected_versions": { "* - 1.2.89": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4336d597-7e87-46eb-8abd-9fafd6cd25d9?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "433a03c2-09fd-4ce6-843b-55ad09f4b4f7": { "id": "433a03c2-09fd-4ce6-843b-55ad09f4b4f7", "title": "Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.9.34": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "433c8908-587e-4086-9d0c-c9b1819b26e8": { "id": "433c8908-587e-4086-9d0c-c9b1819b26e8", "title": "WP Tabs <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Tabs \u2013 Responsive Tabs and Custom Product Tabs", "slug": "wp-expand-tabs-free", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/433c8908-587e-4086-9d0c-c9b1819b26e8?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43412c79-3612-4e73-ba79-cb8688e776fe": { "id": "43412c79-3612-4e73-ba79-cb8688e776fe", "title": "WP Header Images <= 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Header Images", "slug": "wp-header-images", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43412c79-3612-4e73-ba79-cb8688e776fe?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "434755f8-b2af-4f35-9af9-f0b9578718c8": { "id": "434755f8-b2af-4f35-9af9-f0b9578718c8", "title": "UserAgent-Spy <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "UserAgent-Spy", "slug": "useragent-spy", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/434755f8-b2af-4f35-9af9-f0b9578718c8?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4349f322-41ee-43d2-b0a9-567b89aa5d76": { "id": "4349f322-41ee-43d2-b0a9-567b89aa5d76", "title": "Memory Usage <= 2.45 - Missing Authorization to Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions", "slug": "wp-memory", "affected_versions": { "* - 2.45": { "from_version": "*", "from_inclusive": true, "to_version": "2.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4349f322-41ee-43d2-b0a9-567b89aa5d76?source=api-scan" ], "published": "2022-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "434a724e-0bc6-4218-8ad4-c52e1880a75f": { "id": "434a724e-0bc6-4218-8ad4-c52e1880a75f", "title": "WP Blog and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Blog and Widgets", "slug": "wp-blog-and-widgets", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/434a724e-0bc6-4218-8ad4-c52e1880a75f?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4352b2dc-d2a7-4cc9-a44f-1f5be46e2482": { "id": "4352b2dc-d2a7-4cc9-a44f-1f5be46e2482", "title": "ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Cross-Site Request Forgery to Order Information Disclosure", "software": [ { "type": "plugin", "name": "ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce", "slug": "woo-alidropship", "affected_versions": { "* - 1.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4352b2dc-d2a7-4cc9-a44f-1f5be46e2482?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "435e1af0-c4f4-42ae-b2b3-2d9ffc41c4b5": { "id": "435e1af0-c4f4-42ae-b2b3-2d9ffc41c4b5", "title": "Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hana Flv Player", "slug": "hana-flv-player", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/435e1af0-c4f4-42ae-b2b3-2d9ffc41c4b5?source=api-scan" ], "published": "2021-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4364e713-8463-4088-b198-ed8237e86d42": { "id": "4364e713-8463-4088-b198-ed8237e86d42", "title": "Profile Builder < 2.5.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 2.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4364e713-8463-4088-b198-ed8237e86d42?source=api-scan" ], "published": "2017-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "436cd742-c271-4eb7-96a3-cd6af046d26f": { "id": "436cd742-c271-4eb7-96a3-cd6af046d26f", "title": "Highlight < 0.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Highlight Sitewide Notice, Text, Button Menu", "slug": "highlight", "affected_versions": { "[*, 0.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/436cd742-c271-4eb7-96a3-cd6af046d26f?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "436d77d9-242a-452b-93d4-707881f59034": { "id": "436d77d9-242a-452b-93d4-707881f59034", "title": "WP Easy Gallery <= 4.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "[*, 4.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/436d77d9-242a-452b-93d4-707881f59034?source=api-scan" ], "published": "2016-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "436dc261-66b8-4b6c-9932-82513c3e5461": { "id": "436dc261-66b8-4b6c-9932-82513c3e5461", "title": "Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Content Audit", "slug": "content-audit", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/436dc261-66b8-4b6c-9932-82513c3e5461?source=api-scan" ], "published": "2014-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "436fc1c8-3141-445d-902e-f759feefe1cc": { "id": "436fc1c8-3141-445d-902e-f759feefe1cc", "title": "Husker Portfolio <= 0.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Husker Portfolio", "slug": "huskerportfolio", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/436fc1c8-3141-445d-902e-f759feefe1cc?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4372e6a4-3671-4110-bebb-85c1a97c5abb": { "id": "4372e6a4-3671-4110-bebb-85c1a97c5abb", "title": "ipBlockList <= 1.0 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "ipBlockList", "slug": "ipblocklist", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4372e6a4-3671-4110-bebb-85c1a97c5abb?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "437423f0-978f-4c7c-9ec3-40668c630c93": { "id": "437423f0-978f-4c7c-9ec3-40668c630c93", "title": "Motors \u2013 Car Dealer & Classified Ads <= 1.4.6 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Motors \u2013 Car Dealer, Classifieds & Listing", "slug": "motors-car-dealership-classified-listings", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/437423f0-978f-4c7c-9ec3-40668c630c93?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "437712f5-a493-4625-a314-856f0d0d9758": { "id": "437712f5-a493-4625-a314-856f0d0d9758", "title": "Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Better Elementor Addons", "slug": "better-elementor-addons", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/437712f5-a493-4625-a314-856f0d0d9758?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "437e8d95-2ab3-4cb0-94ca-110f742d6eff": { "id": "437e8d95-2ab3-4cb0-94ca-110f742d6eff", "title": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin < 2.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/437e8d95-2ab3-4cb0-94ca-110f742d6eff?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43810a17-89b4-44f5-887e-1ad0989ea5b4": { "id": "43810a17-89b4-44f5-887e-1ad0989ea5b4", "title": "WooCommerce < 8.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 8.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43810a17-89b4-44f5-887e-1ad0989ea5b4?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43854ca5-02ba-4926-9a5e-d9fd5b1af448": { "id": "43854ca5-02ba-4926-9a5e-d9fd5b1af448", "title": "PickPlugins Product Slider for WooCommerce <= 1.13.41 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Slider for WooCommerce by PickPlugins", "slug": "woocommerce-products-slider", "affected_versions": { "* - 1.13.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43854ca5-02ba-4926-9a5e-d9fd5b1af448?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "438689aa-3b85-4dd7-ac3e-a37906efd79c": { "id": "438689aa-3b85-4dd7-ac3e-a37906efd79c", "title": "WP Repost <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scritping", "software": [ { "type": "plugin", "name": "WP Repost", "slug": "wp-repost", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/438689aa-3b85-4dd7-ac3e-a37906efd79c?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "438a94c4-a7f2-4c08-960b-e18c19196169": { "id": "438a94c4-a7f2-4c08-960b-e18c19196169", "title": "BZScore \u2013 Live Score <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "BZScore \u2013 Live Score", "slug": "bzscore-live-score", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/438a94c4-a7f2-4c08-960b-e18c19196169?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "438b9c13-4059-4671-ab4a-07a8cf6f6122": { "id": "438b9c13-4059-4671-ab4a-07a8cf6f6122", "title": "Shortcode Menu <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Shortcode Menu", "slug": "shortcode-menu", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/438b9c13-4059-4671-ab4a-07a8cf6f6122?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "438bbd0f-5204-4a71-9730-efa51d864832": { "id": "438bbd0f-5204-4a71-9730-efa51d864832", "title": "Faculty Staff and Student Directory Plugin \u2013 Campus Directory <= 1.7.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Faculty Staff and Student Directory Plugin \u2013 Campus Directory", "slug": "campus-directory", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/438bbd0f-5204-4a71-9730-efa51d864832?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "438d73bb-80f1-460f-8c62-2a40856e4c29": { "id": "438d73bb-80f1-460f-8c62-2a40856e4c29", "title": "Auto Affiliate Links < 5.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "[*, 5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/438d73bb-80f1-460f-8c62-2a40856e4c29?source=api-scan" ], "published": "2015-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "438f98f7-b966-4e07-a62e-a918cce3f6c0": { "id": "438f98f7-b966-4e07-a62e-a918cce3f6c0", "title": "Easy Digital Downloads \u2013 PDF Stamper <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 PDF stamper", "slug": "edd-pdf-stamper", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/438f98f7-b966-4e07-a62e-a918cce3f6c0?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "438fbd3f-052b-4a6d-acd2-233a93d56cbb": { "id": "438fbd3f-052b-4a6d-acd2-233a93d56cbb", "title": "WordPress Core < 6.0.3 & Gutenberg < 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] }, { "type": "plugin", "name": "Gutenberg", "slug": "gutenberg", "affected_versions": { "* - 14.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "14.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/438fbd3f-052b-4a6d-acd2-233a93d56cbb?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4394f96a-ceb5-463f-b454-a6fa4a59fc45": { "id": "4394f96a-ceb5-463f-b454-a6fa4a59fc45", "title": "WordPress Core < 6.0.3 - Authenticated Information Disclosure via REST-API", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4394f96a-ceb5-463f-b454-a6fa4a59fc45?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4397c99c-c37d-43da-9285-003ba91d4003": { "id": "4397c99c-c37d-43da-9285-003ba91d4003", "title": "Livemesh Addons for Elementor <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4397c99c-c37d-43da-9285-003ba91d4003?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "439ef0bb-cfac-4d81-b858-46a9837ad58f": { "id": "439ef0bb-cfac-4d81-b858-46a9837ad58f", "title": "Testimonials Widget <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonials Widget", "slug": "testimonials-widget", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/439ef0bb-cfac-4d81-b858-46a9837ad58f?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43a1e5b7-9361-406e-97b7-776b831acc33": { "id": "43a1e5b7-9361-406e-97b7-776b831acc33", "title": "Contact Form DB - Elementor <= 1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form DB \u2013 Elementor", "slug": "sb-elementor-contact-form-db", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43a1e5b7-9361-406e-97b7-776b831acc33?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43a60896-3b88-4b36-b6d9-46812b8ba35b": { "id": "43a60896-3b88-4b36-b6d9-46812b8ba35b", "title": "Easy Registration Forms <= 2.0.6 - CSV Injection", "software": [ { "type": "plugin", "name": "Easy Registration Forms", "slug": "easy-registration-forms", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43a60896-3b88-4b36-b6d9-46812b8ba35b?source=api-scan" ], "published": "2020-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43a7f1b0-c2c0-4832-9819-22625c8b727e": { "id": "43a7f1b0-c2c0-4832-9819-22625c8b727e", "title": "HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block", "slug": "html5-video-player", "affected_versions": { "* - 2.5.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43a7f1b0-c2c0-4832-9819-22625c8b727e?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43adc9dd-1780-440f-90c2-ff05a22eb084": { "id": "43adc9dd-1780-440f-90c2-ff05a22eb084", "title": "MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar", "slug": "mp3-music-player-by-sonaar", "affected_versions": { "* - 5.7.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43adc9dd-1780-440f-90c2-ff05a22eb084?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43b0cb21-ba81-4d54-90d1-a2f25297e719": { "id": "43b0cb21-ba81-4d54-90d1-a2f25297e719", "title": "Profile Extra Fields by BestWebSoft < 1.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Profile Extra Fields by BestWebSoft", "slug": "profile-extra-fields", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43b0cb21-ba81-4d54-90d1-a2f25297e719?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43b11ab0-c7f2-4a7a-aab7-7f9dd58ec1ab": { "id": "43b11ab0-c7f2-4a7a-aab7-7f9dd58ec1ab", "title": "Avada <= 7.11.1 - Authenticated(Contributor+) Server Side Request Forgery via 'ajax_import_options'", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43b11ab0-c7f2-4a7a-aab7-7f9dd58ec1ab?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43b43802-f301-4748-98b9-eea78a249355": { "id": "43b43802-f301-4748-98b9-eea78a249355", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43b43802-f301-4748-98b9-eea78a249355?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43b5a321-c82e-4d0b-9def-b74c3cf439d3": { "id": "43b5a321-c82e-4d0b-9def-b74c3cf439d3", "title": "Ultimate Member <= 2.0.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43b5a321-c82e-4d0b-9def-b74c3cf439d3?source=api-scan" ], "published": "2018-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43bcf3ab-4201-4a61-82c5-2dc60b684989": { "id": "43bcf3ab-4201-4a61-82c5-2dc60b684989", "title": "Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Simple:Press Forum", "slug": "simplepress", "affected_versions": { "* - 6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43bcf3ab-4201-4a61-82c5-2dc60b684989?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43c4ca71-0bf0-4529-97d9-2349f96bbb9e": { "id": "43c4ca71-0bf0-4529-97d9-2349f96bbb9e", "title": "Mollie Forms <= 2.6.3 - Missing Authorization to Arbitrary Post Duplication", "software": [ { "type": "plugin", "name": "Mollie Forms", "slug": "mollie-forms", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43c781c3-dc3e-4258-b594-689d0035cab0": { "id": "43c781c3-dc3e-4258-b594-689d0035cab0", "title": "WordPress Core < 4.0.1 - Denial of Service via Long Password", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.2": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5", "3.8.5", "3.9.3", "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43c781c3-dc3e-4258-b594-689d0035cab0?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43c9b6f2-2b72-4326-8080-f41606c0880c": { "id": "43c9b6f2-2b72-4326-8080-f41606c0880c", "title": "Simple Event Planner <= 1.5.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Event Planner", "slug": "simple-event-planner", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43c9b6f2-2b72-4326-8080-f41606c0880c?source=api-scan" ], "published": "2022-03-23 10:38:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43c9dcec-f769-4c55-93d0-c2aa45a4fa16": { "id": "43c9dcec-f769-4c55-93d0-c2aa45a4fa16", "title": "ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43c9dcec-f769-4c55-93d0-c2aa45a4fa16?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43d141e3-1e62-4126-b914-bdc98577de3f": { "id": "43d141e3-1e62-4126-b914-bdc98577de3f", "title": "Easy Org Chart <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Org Chart", "slug": "easy-org-chart", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43d141e3-1e62-4126-b914-bdc98577de3f?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43d1f708-58bd-4d42-b8dd-0c1247546577": { "id": "43d1f708-58bd-4d42-b8dd-0c1247546577", "title": "Floating Social Media Links < 1.4.3 - Remote File Inclusion via fsml-hideshow.js.php wpp parameter", "software": [ { "type": "plugin", "name": "Floating Social Media Links", "slug": "floating-social-media-links", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43d1f708-58bd-4d42-b8dd-0c1247546577?source=api-scan" ], "published": "2012-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43d46ada-4cbf-40e4-a0e5-685d8bf1a8a5": { "id": "43d46ada-4cbf-40e4-a0e5-685d8bf1a8a5", "title": "WordPress Core < 2.9.2 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43d46ada-4cbf-40e4-a0e5-685d8bf1a8a5?source=api-scan" ], "published": "2010-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43d534f8-fb1c-4170-a66e-2cef72cd40de": { "id": "43d534f8-fb1c-4170-a66e-2cef72cd40de", "title": "qTranslate X Cleanup and WPML Import <= 3.0.1 - Cross-Site Request Forgery via clean_ajx", "software": [ { "type": "plugin", "name": "qTranslate X Cleanup and WPML Import", "slug": "qtranslate-to-wpml-export", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43d534f8-fb1c-4170-a66e-2cef72cd40de?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43d8904f-3bc9-4c67-b44b-8d78762b6b30": { "id": "43d8904f-3bc9-4c67-b44b-8d78762b6b30", "title": "WP Private Content Plus <= 3.6 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "WP Private Content Plus", "slug": "wp-private-content-plus", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43daaaf7-8086-448a-be99-ee1959ef0fb4": { "id": "43daaaf7-8086-448a-be99-ee1959ef0fb4", "title": "Woffice Core <= 5.4.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Woffice Core", "slug": "woffice-core", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43daaaf7-8086-448a-be99-ee1959ef0fb4?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43df6d4d-960e-4eb7-809b-684ba0d67f58": { "id": "43df6d4d-960e-4eb7-809b-684ba0d67f58", "title": "Duplicate Page <= 4.4.1 Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicate Page", "slug": "duplicate-page", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43df6d4d-960e-4eb7-809b-684ba0d67f58?source=api-scan" ], "published": "2021-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43e72eef-4e66-4789-959b-163c9cbea584": { "id": "43e72eef-4e66-4789-959b-163c9cbea584", "title": "Flickr Justified Gallery < 3.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flickr Justified Gallery", "slug": "flickr-justified-gallery", "affected_versions": { "[*, 3.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43e72eef-4e66-4789-959b-163c9cbea584?source=api-scan" ], "published": "2015-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43ea0665-2c6e-4c78-8bc5-056f47f190ab": { "id": "43ea0665-2c6e-4c78-8bc5-056f47f190ab", "title": "Contact Form Builder, Contact Widget <= 2.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Builder, Contact Widget", "slug": "contact-forms-builder", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43ea0665-2c6e-4c78-8bc5-056f47f190ab?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43f2c020-a531-4e25-948e-372bc7af3bab": { "id": "43f2c020-a531-4e25-948e-372bc7af3bab", "title": "Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options", "software": [ { "type": "plugin", "name": "Lazy Social Comments", "slug": "lazy-facebook-comments", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43f2c020-a531-4e25-948e-372bc7af3bab?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43f38a87-ac2c-4b5a-9559-d529c4b2799c": { "id": "43f38a87-ac2c-4b5a-9559-d529c4b2799c", "title": "Simple Download Monitor <= 3.9.5 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "[*, 3.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43f38a87-ac2c-4b5a-9559-d529c4b2799c?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43f6a5c2-3de0-4990-89ad-64e5d866345a": { "id": "43f6a5c2-3de0-4990-89ad-64e5d866345a", "title": "Sociable <= 4.3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sociable", "slug": "sociable", "affected_versions": { "* - 4.3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43f6a5c2-3de0-4990-89ad-64e5d866345a?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43f976ee-cba7-4f5d-b9c6-a6f66c0011d2": { "id": "43f976ee-cba7-4f5d-b9c6-a6f66c0011d2", "title": "Export any WordPress data to XML\/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "WP All Export Pro", "slug": "wp-all-export-pro", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] }, { "type": "plugin", "name": "Export any WordPress data to XML\/CSV", "slug": "wp-all-export", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43f976ee-cba7-4f5d-b9c6-a6f66c0011d2?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43fc4752-7a47-480c-82e2-54821e754f7f": { "id": "43fc4752-7a47-480c-82e2-54821e754f7f", "title": "Advanced Most Recent Posts Mod <= 1.6.5.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Most Recent Posts Mod", "slug": "advanced-most-recent-posts-mod", "affected_versions": { "* - 1.6.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43fc4752-7a47-480c-82e2-54821e754f7f?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43fc47ca-15ca-4817-b1b8-389245725e73": { "id": "43fc47ca-15ca-4817-b1b8-389245725e73", "title": "AI Post Generator | AutoWriter <= 3.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "AI Post Generator | AutoWriter", "slug": "ai-post-generator", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43fc47ca-15ca-4817-b1b8-389245725e73?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "43fc71bb-87ba-4cf9-ae4d-1cba7bd84806": { "id": "43fc71bb-87ba-4cf9-ae4d-1cba7bd84806", "title": "WC Sales Notification <= 1.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "WC Sales Notification", "slug": "wc-sales-notification", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/43fc71bb-87ba-4cf9-ae4d-1cba7bd84806?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "440242e5-832f-4796-9317-b377e1c2fa2a": { "id": "440242e5-832f-4796-9317-b377e1c2fa2a", "title": "All in One SEO Pack <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "[*, 3.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/440242e5-832f-4796-9317-b377e1c2fa2a?source=api-scan" ], "published": "2020-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "440664ef-39c6-4b4b-99af-b9e6c9868a99": { "id": "440664ef-39c6-4b4b-99af-b9e6c9868a99", "title": "Magic Post Thumbnail <= 5.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Generate Images \u2013 Magic Post Thumbnail", "slug": "magic-post-thumbnail", "affected_versions": { "* - 5.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/440664ef-39c6-4b4b-99af-b9e6c9868a99?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "440e2618-5b45-4bad-8a97-2fb1a6e991ea": { "id": "440e2618-5b45-4bad-8a97-2fb1a6e991ea", "title": "Backup Bolt <= 1.3.0 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Backup Bolt", "slug": "backup-bolt", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/440e2618-5b45-4bad-8a97-2fb1a6e991ea?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44158748-798e-4b17-9deb-f54520779c62": { "id": "44158748-798e-4b17-9deb-f54520779c62", "title": "Ninja Forms Contact Form <= 3.3.13 - CSV Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44158748-798e-4b17-9deb-f54520779c62?source=api-scan" ], "published": "2018-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4419a302-4305-44f8-a256-dd276b5cd751": { "id": "4419a302-4305-44f8-a256-dd276b5cd751", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 1.14.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 1.14.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4419a302-4305-44f8-a256-dd276b5cd751?source=api-scan" ], "published": "2020-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4419dc63-24bc-41b1-bea6-6426b6f10577": { "id": "4419dc63-24bc-41b1-bea6-6426b6f10577", "title": "YourMembership Single Sign On <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "YourMembership Single Sign On \u2013 YM SSO Login", "slug": "login-with-yourmembership", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4419dc63-24bc-41b1-bea6-6426b6f10577?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "441bc9fe-3dd6-40a6-b7f3-36511115c083": { "id": "441bc9fe-3dd6-40a6-b7f3-36511115c083", "title": "LayerSlider <= 7.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "* - 7.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/441bc9fe-3dd6-40a6-b7f3-36511115c083?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "441f5764-eab6-40fe-80cd-65da327b39b2": { "id": "441f5764-eab6-40fe-80cd-65da327b39b2", "title": "Newspaper <= 10.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "* - 10.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "10.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/441f5764-eab6-40fe-80cd-65da327b39b2?source=api-scan" ], "published": "2020-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4420c334-1ea4-4549-b391-150702abc2f8": { "id": "4420c334-1ea4-4549-b391-150702abc2f8", "title": "Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.38.12": { "from_version": "*", "from_inclusive": true, "to_version": "5.38.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.39.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4420c334-1ea4-4549-b391-150702abc2f8?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44210443-26f8-4626-aee2-4a19d87fdd43": { "id": "44210443-26f8-4626-aee2-4a19d87fdd43", "title": "GD Rating System <= 2.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44210443-26f8-4626-aee2-4a19d87fdd43?source=api-scan" ], "published": "2018-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "442252f8-2896-44ba-a19c-d153b03b268b": { "id": "442252f8-2896-44ba-a19c-d153b03b268b", "title": "Social Feed Gallery <= 2.4.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Feed Gallery", "slug": "insta-gallery", "affected_versions": { "[*, 2.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/442252f8-2896-44ba-a19c-d153b03b268b?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "442551ba-409d-4b46-bdba-111a8df00a47": { "id": "442551ba-409d-4b46-bdba-111a8df00a47", "title": "WP CSV Exporter <= 1.3.6 - CSV Injection", "software": [ { "type": "plugin", "name": "WP CSV Exporter", "slug": "wp-csv-exporter", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/442551ba-409d-4b46-bdba-111a8df00a47?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44287d9f-93db-417c-bf88-6785e4ce3a9c": { "id": "44287d9f-93db-417c-bf88-6785e4ce3a9c", "title": "MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP UpdraftPlus Extension", "slug": "mainwp-updraftplus-extension", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44287d9f-93db-417c-bf88-6785e4ce3a9c?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "442a2c92-0af1-4dd8-bc03-9c391309b926": { "id": "442a2c92-0af1-4dd8-bc03-9c391309b926", "title": "Chatbot for WordPress by Collect.chat \u26a1\ufe0f <= 2.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chatbot for WordPress by Collect.chat \u26a1\ufe0f", "slug": "collectchat", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/442a2c92-0af1-4dd8-bc03-9c391309b926?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44370988-3c55-490e-b428-da9cb6df1a4b": { "id": "44370988-3c55-490e-b428-da9cb6df1a4b", "title": "CPT Bootstrap Carousel <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "CPT Bootstrap Carousel", "slug": "cpt-bootstrap-carousel", "affected_versions": { "* - 1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44370988-3c55-490e-b428-da9cb6df1a4b?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44373541-adc5-4aa0-abde-0693f2760afb": { "id": "44373541-adc5-4aa0-abde-0693f2760afb", "title": "RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 9.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44373541-adc5-4aa0-abde-0693f2760afb?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "443a4afc-5dfc-499c-8701-249c71215b5a": { "id": "443a4afc-5dfc-499c-8701-249c71215b5a", "title": "Timed Content <= 2.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Timed Content", "slug": "timed-content", "affected_versions": { "* - 2.72": { "from_version": "*", "from_inclusive": true, "to_version": "2.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/443a4afc-5dfc-499c-8701-249c71215b5a?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "443bae1e-21a0-44b3-bda0-a189f5c69a16": { "id": "443bae1e-21a0-44b3-bda0-a189f5c69a16", "title": "WP Membership <= 1.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Membership", "slug": "wp-membership", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/443bae1e-21a0-44b3-bda0-a189f5c69a16?source=api-scan" ], "published": "2015-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "443c57bf-2f3d-4b8f-9dae-b11142a74341": { "id": "443c57bf-2f3d-4b8f-9dae-b11142a74341", "title": "EU\/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EU\/UK VAT Manager for WooCommerce", "slug": "eu-vat-for-woocommerce", "affected_versions": { "* - 2.12.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/443c57bf-2f3d-4b8f-9dae-b11142a74341?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "443c59b9-275d-4d17-a870-9ae013c1a5c1": { "id": "443c59b9-275d-4d17-a870-9ae013c1a5c1", "title": "Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Qode Essential Addons", "slug": "qode-essential-addons", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/443c59b9-275d-4d17-a870-9ae013c1a5c1?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "443ceb13-bc6e-4d8d-a415-1a0d4fecf38e": { "id": "443ceb13-bc6e-4d8d-a415-1a0d4fecf38e", "title": "ConvertKit <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Kit (formerly ConvertKit) \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages", "slug": "convertkit", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/443ceb13-bc6e-4d8d-a415-1a0d4fecf38e?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "443f0664-cc9c-4e82-bde3-72cbab285cc7": { "id": "443f0664-cc9c-4e82-bde3-72cbab285cc7", "title": "Elegant Blocks <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elegant Blocks \u2013 Amazing Gutenberg Blocks", "slug": "elegant-blocks", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/443f0664-cc9c-4e82-bde3-72cbab285cc7?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44445c44-5ae0-4f2b-8096-aa94ae5ff0b6": { "id": "44445c44-5ae0-4f2b-8096-aa94ae5ff0b6", "title": "Create <= 2.9.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Create", "slug": "create", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44445c44-5ae0-4f2b-8096-aa94ae5ff0b6?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "444a848d-61bc-4801-815f-d68bea59f5bc": { "id": "444a848d-61bc-4801-815f-d68bea59f5bc", "title": "WP Unique Article Header Image <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-unique-article-header-image", "slug": "wp-unique-article-header-image", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/444a848d-61bc-4801-815f-d68bea59f5bc?source=api-scan" ], "published": "2014-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44579fe8-4004-4608-b2fd-3531b14e6e69": { "id": "44579fe8-4004-4608-b2fd-3531b14e6e69", "title": "Integrate Google Drive <= 1.3.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44579fe8-4004-4608-b2fd-3531b14e6e69?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4457d15e-2c01-498d-b94a-a6e93adcf70c": { "id": "4457d15e-2c01-498d-b94a-a6e93adcf70c", "title": "JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters", "software": [ { "type": "plugin", "name": "JetWidgets For Elementor", "slug": "jetwidgets-for-elementor", "affected_versions": { "* - 1.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4457d15e-2c01-498d-b94a-a6e93adcf70c?source=api-scan" ], "published": "2024-06-19 13:41:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44583cb7-bc32-4e62-8431-f5f1f6baeff2": { "id": "44583cb7-bc32-4e62-8431-f5f1f6baeff2", "title": "PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 10.0": { "from_version": "*", "from_inclusive": true, "to_version": "10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=api-scan" ], "published": "2023-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "446522ea-7cf1-449b-b05c-58eb815142a4": { "id": "446522ea-7cf1-449b-b05c-58eb815142a4", "title": "School Management Pro <= 10.3.4 - Authenticated (School Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "The School Management Pro", "slug": "school-management-pro", "affected_versions": { "* - 10.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "10.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/446522ea-7cf1-449b-b05c-58eb815142a4?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "446b160a-299e-4f91-bd49-02a7a16b6e5f": { "id": "446b160a-299e-4f91-bd49-02a7a16b6e5f", "title": "Download Manager < 2.5.9 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 2.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/446b160a-299e-4f91-bd49-02a7a16b6e5f?source=api-scan" ], "published": "2013-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "446d458e-8b42-434e-a190-0af37a7d3afb": { "id": "446d458e-8b42-434e-a190-0af37a7d3afb", "title": "WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection", "software": [ { "type": "plugin", "name": "WP EasyPay \u2013 Square for WordPress", "slug": "wp-easy-pay", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/446d458e-8b42-434e-a190-0af37a7d3afb?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "446fadbc-b927-4245-9095-fd545a906b9a": { "id": "446fadbc-b927-4245-9095-fd545a906b9a", "title": "History Timeline <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "History Timeline for Biography, Company History & Event Timeline", "slug": "timeline-awesome", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/446fadbc-b927-4245-9095-fd545a906b9a?source=api-scan" ], "published": "2022-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4473d3f6-e324-40f5-b92b-167f76b17332": { "id": "4473d3f6-e324-40f5-b92b-167f76b17332", "title": "Elementor Website Builder \u2013 More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.18.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.18.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4473d3f6-e324-40f5-b92b-167f76b17332?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4475cbd4-07cf-499a-a11a-b63eb9184568": { "id": "4475cbd4-07cf-499a-a11a-b63eb9184568", "title": "Premium Portfolio Features for Phlox theme <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Portfolio Features for Phlox theme", "slug": "auxin-portfolio", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4475cbd4-07cf-499a-a11a-b63eb9184568?source=api-scan" ], "published": "2024-08-28 23:34:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44777529-660f-4038-bbee-566ca3a8d24e": { "id": "44777529-660f-4038-bbee-566ca3a8d24e", "title": "Easy Digital Downloads <= 3.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44777529-660f-4038-bbee-566ca3a8d24e?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44780988-cadf-4ff2-9ba9-148b7b6650df": { "id": "44780988-cadf-4ff2-9ba9-148b7b6650df", "title": "Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kodex Posts likes", "slug": "kodex-posts-likes", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44780988-cadf-4ff2-9ba9-148b7b6650df?source=api-scan" ], "published": "2024-09-24 12:18:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4483fb33-3815-4ec9-9df4-a971844f4855": { "id": "4483fb33-3815-4ec9-9df4-a971844f4855", "title": "Woocommerce Vietnam Checkout <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Vietnam Checkout", "slug": "woo-vietnam-checkout", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4483fb33-3815-4ec9-9df4-a971844f4855?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4487391e-baa4-4320-a23d-b52a42e2de90": { "id": "4487391e-baa4-4320-a23d-b52a42e2de90", "title": "WooCommerce Follow-Up Emails <= 4.9.40 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Follow-ups", "slug": "woocommerce-follow-up-emails", "affected_versions": { "* - 4.9.40": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4487391e-baa4-4320-a23d-b52a42e2de90?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4488d982-4e57-4614-b336-f1bba8dfa91d": { "id": "4488d982-4e57-4614-b336-f1bba8dfa91d", "title": "surveys <= 1.01.8 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "surveys", "slug": "surveys", "affected_versions": { "* - 1.01.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.01.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4488d982-4e57-4614-b336-f1bba8dfa91d?source=api-scan" ], "published": "2017-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4489d26b-dcdc-475c-b1e1-3626cc75ae75": { "id": "4489d26b-dcdc-475c-b1e1-3626cc75ae75", "title": "LearnPress <= 4.1.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4489d26b-dcdc-475c-b1e1-3626cc75ae75?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "448ec796-e92f-410e-aa40-aaf296c1afeb": { "id": "448ec796-e92f-410e-aa40-aaf296c1afeb", "title": "Simple Buttons Creator <=1.04 - Cross-Site Request Forgery to Arbitrary Button Deletion", "software": [ { "type": "plugin", "name": "Simple Buttons Creator", "slug": "simple-buttons-creator", "affected_versions": { "* - 1.04": { "from_version": "*", "from_inclusive": true, "to_version": "1.04", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/448ec796-e92f-410e-aa40-aaf296c1afeb?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44982138-7ebb-4562-a869-f17bfecd16d2": { "id": "44982138-7ebb-4562-a869-f17bfecd16d2", "title": "Media Library Categories <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Library Categories", "slug": "wp-media-library-categories", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44982138-7ebb-4562-a869-f17bfecd16d2?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44a2e2f3-1902-43c5-8e3c-4174cb1ffa63": { "id": "44a2e2f3-1902-43c5-8e3c-4174cb1ffa63", "title": "WP Page Numbers <= 0.5 - Cross-Site Request Forgery via wp_page_numbers_settings", "software": [ { "type": "plugin", "name": "WP Page Numbers", "slug": "wp-page-numbers", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44a2e2f3-1902-43c5-8e3c-4174cb1ffa63?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44a8b7fb-7c91-4a85-bf16-4371fde6945f": { "id": "44a8b7fb-7c91-4a85-bf16-4371fde6945f", "title": "Carousel Slider <= 2.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Tabs", "slug": "responsive-tabs", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44a8b7fb-7c91-4a85-bf16-4371fde6945f?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44a921e7-cce3-4347-968d-76dab243fcd6": { "id": "44a921e7-cce3-4347-968d-76dab243fcd6", "title": "WP Clone <= 2.4.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Clone", "slug": "wp-clone-by-wp-academy", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44a921e7-cce3-4347-968d-76dab243fcd6?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44af8ced-5ea4-4bdb-a664-c5b58d683d23": { "id": "44af8ced-5ea4-4bdb-a664-c5b58d683d23", "title": "Google +1 by BestWebSoft < 1.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google +1 by BestWebSoft", "slug": "google-one", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44af8ced-5ea4-4bdb-a664-c5b58d683d23?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44b02690-462a-458b-88c9-89acc9c209cb": { "id": "44b02690-462a-458b-88c9-89acc9c209cb", "title": "Media Hygiene <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion", "software": [ { "type": "plugin", "name": "Media Hygiene: Remove or Delete Unused Images and More!", "slug": "media-hygiene", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44b02690-462a-458b-88c9-89acc9c209cb?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44b259c7-ea91-4ab5-a46b-67aec50654c3": { "id": "44b259c7-ea91-4ab5-a46b-67aec50654c3", "title": "SEO Scout <= 0.9.83 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "SEO Scout: Content Optimization, Keyword Research, Rank Tracking + SEO Testing", "slug": "ab-rankings-testing-tool", "affected_versions": { "* - 0.9.83": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.83", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44b259c7-ea91-4ab5-a46b-67aec50654c3?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44b2d11d-e876-433e-9e0d-5e9f2b3c0c80": { "id": "44b2d11d-e876-433e-9e0d-5e9f2b3c0c80", "title": "Social Slider Feed <= 2.0.4 - Authenticated (Scubscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Slider Feed", "slug": "instagram-slider-widget", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44b2d11d-e876-433e-9e0d-5e9f2b3c0c80?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44b62b99-99eb-424b-a04a-9bbacf5fbbaa": { "id": "44b62b99-99eb-424b-a04a-9bbacf5fbbaa", "title": "Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card", "software": [ { "type": "plugin", "name": "Gestpay for WooCommerce", "slug": "gestpay-for-woocommerce", "affected_versions": { "* - 20221130": { "from_version": "*", "from_inclusive": true, "to_version": "20221130", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240307" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44b8659a-c88d-44d3-8eab-71b0a49d97b4": { "id": "44b8659a-c88d-44d3-8eab-71b0a49d97b4", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44b8659a-c88d-44d3-8eab-71b0a49d97b4?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44ba3eee-525e-46ba-ae02-6f7a28f80c50": { "id": "44ba3eee-525e-46ba-ae02-6f7a28f80c50", "title": "wpForo < = 1.5.1 - Privilege Escalation", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44ba3eee-525e-46ba-ae02-6f7a28f80c50?source=api-scan" ], "published": "2018-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44c31db3-6dfa-4d42-9c3b-73dde9bc49b9": { "id": "44c31db3-6dfa-4d42-9c3b-73dde9bc49b9", "title": "WordPress Download Manager <= 2.9.51 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 2.9.51": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44c31db3-6dfa-4d42-9c3b-73dde9bc49b9?source=api-scan" ], "published": "2017-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44c5a1cd-aac2-4c44-8aaa-9b5fdafad133": { "id": "44c5a1cd-aac2-4c44-8aaa-9b5fdafad133", "title": "MAZ Loader \u2013 Preloader Builder for WordPress <= 1.3.2 - SQL Injection", "software": [ { "type": "plugin", "name": "MAZ Loader \u2013 Preloader Builder for WordPress", "slug": "maz-loader", "affected_versions": { "[*, 1.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44c5a1cd-aac2-4c44-8aaa-9b5fdafad133?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44c74d97-47e1-4af7-83d1-7c0e98fdc40c": { "id": "44c74d97-47e1-4af7-83d1-7c0e98fdc40c", "title": "Debug Log \u2013 Manger Tool <= 1.4.5 - Unauthenticated Information Exposure via Logs", "software": [ { "type": "plugin", "name": "Debug Log \u2013 Manger Tool", "slug": "debug-log-config-tool", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44c74d97-47e1-4af7-83d1-7c0e98fdc40c?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44c96df2-530a-4ebe-b722-c606a7b135f9": { "id": "44c96df2-530a-4ebe-b722-c606a7b135f9", "title": "BP Social Connect <= 1.5 - Authentication Bypass", "software": [ { "type": "plugin", "name": "BP Social Connect", "slug": "bp-social-connect", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44c96df2-530a-4ebe-b722-c606a7b135f9?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44cb21f9-467a-4119-99fb-5cd21166a334": { "id": "44cb21f9-467a-4119-99fb-5cd21166a334", "title": "Add Shortcodes Actions And Filters <= 2.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Shortcodes Actions And Filters", "slug": "add-actions-and-filters", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44cb21f9-467a-4119-99fb-5cd21166a334?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44cbaa25-7e91-4b2e-81c4-ba1d7ba02350": { "id": "44cbaa25-7e91-4b2e-81c4-ba1d7ba02350", "title": "Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OAuth Single Sign On \u2013 SSO (OAuth Client)", "slug": "miniorange-login-with-eve-online-google-facebook", "affected_versions": { "* - 6.20.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.20.3" ] }, { "type": "plugin", "name": "All-in-One Microsoft Office 365 Apps + Azure\/EntraID Login", "slug": "login-with-azure", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] }, { "type": "plugin", "name": "Login with Cognito", "slug": "login-with-cognito", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "plugin", "name": "WordPress OpenID Connect Client", "slug": "miniorange-openid-connect-client", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44cbaa25-7e91-4b2e-81c4-ba1d7ba02350?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44cde2d1-8cb4-4185-a7e6-58a2bec0dae9": { "id": "44cde2d1-8cb4-4185-a7e6-58a2bec0dae9", "title": "Custom Login Page <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Login Page", "slug": "wp-custom-login-page", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44cde2d1-8cb4-4185-a7e6-58a2bec0dae9?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44d14692-d90a-45f9-afb4-0666ce4b3397": { "id": "44d14692-d90a-45f9-afb4-0666ce4b3397", "title": "Accept Stripe Payments <= 2.0.79 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Accept Stripe Payments", "slug": "stripe-payments", "affected_versions": { "* - 2.0.79": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.79", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.80" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44d14692-d90a-45f9-afb4-0666ce4b3397?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44d61e62-436f-4731-b447-a2adbbb96e55": { "id": "44d61e62-436f-4731-b447-a2adbbb96e55", "title": "Participants Database <= 2.4.5 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44d61e62-436f-4731-b447-a2adbbb96e55?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44dd7b3f-5892-43e1-acf1-61f66db0b4a3": { "id": "44dd7b3f-5892-43e1-acf1-61f66db0b4a3", "title": "AMP WP <= 1.5.15 - Cross-Site Request Forgery via multiple settings pages", "software": [ { "type": "plugin", "name": "AMP WP \u2013 Google AMP For WordPress", "slug": "amp-wp", "affected_versions": { "* - 1.5.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44dd7b3f-5892-43e1-acf1-61f66db0b4a3?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44e112a7-8f51-4d2a-a4b3-74a47ef3aec7": { "id": "44e112a7-8f51-4d2a-a4b3-74a47ef3aec7", "title": "uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation\/Deletion", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44e112a7-8f51-4d2a-a4b3-74a47ef3aec7?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44e3158c-6163-4780-a1d5-ca101ba92074": { "id": "44e3158c-6163-4780-a1d5-ca101ba92074", "title": "Page Flip Image Gallery <= 0.2.2 - Directory Traversal", "software": [ { "type": "plugin", "name": "page-flip-image-gallery", "slug": "page-flip-image-gallery", "affected_versions": { "* - 0.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44e3158c-6163-4780-a1d5-ca101ba92074?source=api-scan" ], "published": "2008-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44e4a1a3-71d0-4cad-9807-f6bbc99ccb13": { "id": "44e4a1a3-71d0-4cad-9807-f6bbc99ccb13", "title": "Coming Soon Maintenance Mode <= 1.0.5 - Information Exposure", "software": [ { "type": "plugin", "name": "Coming Soon Maintenance Mode", "slug": "coming-soon-maintenance-mode", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44e4a1a3-71d0-4cad-9807-f6bbc99ccb13?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44e54ac5-8091-4154-a14c-5cd67647f722": { "id": "44e54ac5-8091-4154-a14c-5cd67647f722", "title": "ReFlex Gallery \u00bb WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ReFlex Gallery \u00bb WordPress Photo Gallery", "slug": "reflex-gallery", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44e54ac5-8091-4154-a14c-5cd67647f722?source=api-scan" ], "published": "2015-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44e61ac0-f420-4603-a81f-031a22e01927": { "id": "44e61ac0-f420-4603-a81f-031a22e01927", "title": "Disable Right Click For WP <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Disable Right Click For WP", "slug": "disable-right-click-for-wp", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44e61ac0-f420-4603-a81f-031a22e01927?source=api-scan" ], "published": "2022-05-04 12:11:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44e70eb9-f411-49da-b169-a5af8a9ace0c": { "id": "44e70eb9-f411-49da-b169-a5af8a9ace0c", "title": "Business Directory Plugin <= 5.11.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 5.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44e70eb9-f411-49da-b169-a5af8a9ace0c?source=api-scan" ], "published": "2021-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44e84fd9-bc83-4780-ab7a-8898a8c5c78a": { "id": "44e84fd9-bc83-4780-ab7a-8898a8c5c78a", "title": "Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Duplicate Post Page Menu & Custom Post Type", "slug": "duplicate-post-page-menu-custom-post-type", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44e84fd9-bc83-4780-ab7a-8898a8c5c78a?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44ea3322-10f6-4f52-8fa8-8cc2632b67ce": { "id": "44ea3322-10f6-4f52-8fa8-8cc2632b67ce", "title": "myCred <= 2.7.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44ea3322-10f6-4f52-8fa8-8cc2632b67ce?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44f1342a-11b3-4c3f-837f-f68176ded4a9": { "id": "44f1342a-11b3-4c3f-837f-f68176ded4a9", "title": "Robo Gallery <= 3.2.9 - Cross-Site Request Forgery via getPluginStatus", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44f1342a-11b3-4c3f-837f-f68176ded4a9?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44f2a414-245b-4c2d-a7ef-ca33b399f6b6": { "id": "44f2a414-245b-4c2d-a7ef-ca33b399f6b6", "title": "Convert Pro <= 1.7.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Convert Pro", "slug": "convertpro", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44f2a414-245b-4c2d-a7ef-ca33b399f6b6?source=api-scan" ], "published": "2023-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44f64753-920f-4099-9cb1-018b24f972eb": { "id": "44f64753-920f-4099-9cb1-018b24f972eb", "title": "On Page SEO + Whatsapp Chat Button <= 1.0.1 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "On Page SEO + Social Live Chat (Formerly OPS)", "slug": "ops-robots-txt", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44f64753-920f-4099-9cb1-018b24f972eb?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "44f691f2-b3f4-49b7-8710-015b5b11db18": { "id": "44f691f2-b3f4-49b7-8710-015b5b11db18", "title": "WPify Woo Czech <= 4.0.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "WPify Woo Czech", "slug": "wpify-woo", "affected_versions": { "* - 4.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/44f691f2-b3f4-49b7-8710-015b5b11db18?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "450d0748-93d6-448a-97a2-06fc2f8065b3": { "id": "450d0748-93d6-448a-97a2-06fc2f8065b3", "title": "ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ArtiBot Free Chat Bot for WebSites", "slug": "artibot", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/450d0748-93d6-448a-97a2-06fc2f8065b3?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "450d4c30-b799-44c9-b60e-a1d701e9055e": { "id": "450d4c30-b799-44c9-b60e-a1d701e9055e", "title": "VM Backups <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "VM Backups", "slug": "vm-backups", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/450d4c30-b799-44c9-b60e-a1d701e9055e?source=api-scan" ], "published": "2021-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45112069-9831-41d5-b868-8007ccfe9839": { "id": "45112069-9831-41d5-b868-8007ccfe9839", "title": "Sheets To WP Table Live Sync <= 3.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration \u2013 FlexTable", "slug": "sheets-to-wp-table-live-sync", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45112069-9831-41d5-b868-8007ccfe9839?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4515507c-a0a4-4e45-8112-fedd117e425f": { "id": "4515507c-a0a4-4e45-8112-fedd117e425f", "title": "Contact Form Email <= 1.2.65 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "[*, 1.2.66)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.66", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4515507c-a0a4-4e45-8112-fedd117e425f?source=api-scan" ], "published": "2019-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45163d7f-59c9-4bce-95a7-5b56e1cc018b": { "id": "45163d7f-59c9-4bce-95a7-5b56e1cc018b", "title": "WP Symposium <= 12.11 - SQL Injections", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "* - 12.11": { "from_version": "*", "from_inclusive": true, "to_version": "12.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45163d7f-59c9-4bce-95a7-5b56e1cc018b?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4517bd04-20ce-4686-a933-d34464a5b691": { "id": "4517bd04-20ce-4686-a933-d34464a5b691", "title": "RokStories <= 1.25 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RokStories", "slug": "wp_rokstories", "affected_versions": { "* - 1.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4517bd04-20ce-4686-a933-d34464a5b691?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45180c8e-0625-4a21-b3a1-673abe52d78f": { "id": "45180c8e-0625-4a21-b3a1-673abe52d78f", "title": "ARI Stream Quiz <= 1.2.32 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ARI Stream Quiz \u2013 WordPress Quizzes Builder", "slug": "ari-stream-quiz", "affected_versions": { "* - 1.2.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45180c8e-0625-4a21-b3a1-673abe52d78f?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "451ca8a1-9354-462a-a110-c0c813cf0725": { "id": "451ca8a1-9354-462a-a110-c0c813cf0725", "title": "Fluid Notification Bar <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fluid Notification Bar", "slug": "fluid-notification-bar", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/451ca8a1-9354-462a-a110-c0c813cf0725?source=api-scan" ], "published": "2024-06-03 17:15:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "451d4ecd-f3d7-4029-8d39-85d2a7ed459c": { "id": "451d4ecd-f3d7-4029-8d39-85d2a7ed459c", "title": "Bulk NoIndex & NoFollow Toolkit <= 2.01 - Reflected Cross-Site Scripting via tab, order, and orderby", "software": [ { "type": "plugin", "name": "Bulk NoIndex & NoFollow Toolkit", "slug": "bulk-noindex-nofollow-toolkit-by-mad-fish", "affected_versions": { "* - 2.01": { "from_version": "*", "from_inclusive": true, "to_version": "2.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/451d4ecd-f3d7-4029-8d39-85d2a7ed459c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "451db756-9d62-4c8e-b735-e5e5207b81e3": { "id": "451db756-9d62-4c8e-b735-e5e5207b81e3", "title": "Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter", "software": [ { "type": "plugin", "name": "Themify \u2013 WooCommerce Product Filter", "slug": "themify-wc-product-filter", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/451db756-9d62-4c8e-b735-e5e5207b81e3?source=api-scan" ], "published": "2024-06-20 20:56:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4522480a-dfbf-4ff4-93c2-68b8cc15367c": { "id": "4522480a-dfbf-4ff4-93c2-68b8cc15367c", "title": "Google Analytics Top Content Widget <= 1.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Analytics Top Content Widget", "slug": "google-analytics-top-posts-widget", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4522480a-dfbf-4ff4-93c2-68b8cc15367c?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4526ea6c-f4e7-40bb-836a-5630b9b6b334": { "id": "4526ea6c-f4e7-40bb-836a-5630b9b6b334", "title": "Swift Framework < 2024.04.30 Authenticated (Admin+) Stored Cross-Site Scripting via Auth", "software": [ { "type": "plugin", "name": "Swift Framework", "slug": "socialdriver-framework", "affected_versions": { "[*, 2024.04.30)": { "from_version": "*", "from_inclusive": true, "to_version": "2024.04.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2024.04.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4526ea6c-f4e7-40bb-836a-5630b9b6b334?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4528a772-6758-4a6e-a325-5f9fd9f1b71d": { "id": "4528a772-6758-4a6e-a325-5f9fd9f1b71d", "title": "WooCommerce myghpay Payment Gateway <= 3.0 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "myghpay WooCommerce Payment Gateway", "slug": "woo-myghpay-payment-gateway", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4528a772-6758-4a6e-a325-5f9fd9f1b71d?source=api-scan" ], "published": "2021-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4528f805-bbf3-4a0f-a06f-879c6e607bfa": { "id": "4528f805-bbf3-4a0f-a06f-879c6e607bfa", "title": "WooCommerce Product Table Lite <= 2.6.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Product Table Lite", "slug": "wc-product-table-lite", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4528f805-bbf3-4a0f-a06f-879c6e607bfa?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4528f9a1-7027-4aa9-b006-bea84aa19c84": { "id": "4528f9a1-7027-4aa9-b006-bea84aa19c84", "title": "EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Gutenberg Block Editor Toolkit \u2013 EditorsKit", "slug": "block-options", "affected_versions": { "* - 1.40.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.40.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.40.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4528f9a1-7027-4aa9-b006-bea84aa19c84?source=api-scan" ], "published": "2023-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4529464e-6830-4c2a-8146-79cf5fc1bc7c": { "id": "4529464e-6830-4c2a-8146-79cf5fc1bc7c", "title": "Royal Elementor Addons <= 1.3.982 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.982": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.982", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.985" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4529464e-6830-4c2a-8146-79cf5fc1bc7c?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "452e9acc-4029-4f43-9941-c1aa2a413e34": { "id": "452e9acc-4029-4f43-9941-c1aa2a413e34", "title": "Lean WP <= 1.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Lean WP", "slug": "lean-wp", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/452e9acc-4029-4f43-9941-c1aa2a413e34?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "452ed03a-2f02-417d-93c9-d883a616a153": { "id": "452ed03a-2f02-417d-93c9-d883a616a153", "title": "CallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CallRail Phone Call Tracking", "slug": "callrail-phone-call-tracking", "affected_versions": { "* - 0.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/452ed03a-2f02-417d-93c9-d883a616a153?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45323807-c347-44ac-bf22-11b4feda02e6": { "id": "45323807-c347-44ac-bf22-11b4feda02e6", "title": "Eunice (All Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Eunice", "slug": "eunice", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45323807-c347-44ac-bf22-11b4feda02e6?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4534efd4-0e6b-4784-8f81-4a643f657c66": { "id": "4534efd4-0e6b-4784-8f81-4a643f657c66", "title": "Media Library Folders <= 8.1.8 - Authenticated (Author+) Directory Traversal", "software": [ { "type": "plugin", "name": "Media Library Folders", "slug": "media-library-plus", "affected_versions": { "* - 8.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4534efd4-0e6b-4784-8f81-4a643f657c66?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "453c656a-c26d-44c3-bc7d-7fc502a00b03": { "id": "453c656a-c26d-44c3-bc7d-7fc502a00b03", "title": "Database Backup for WordPress <= 2.3.3 - Authenticated Stored Cross-Site Scripting via backup_receipient Parameter", "software": [ { "type": "plugin", "name": "Database Backup for WordPress", "slug": "wp-db-backup", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/453c656a-c26d-44c3-bc7d-7fc502a00b03?source=api-scan" ], "published": "2021-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "454091ac-8765-4bda-ac6e-69537b43f9a7": { "id": "454091ac-8765-4bda-ac6e-69537b43f9a7", "title": "Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/454091ac-8765-4bda-ac6e-69537b43f9a7?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4541a7e1-4e46-4681-83e3-1c2e38396204": { "id": "4541a7e1-4e46-4681-83e3-1c2e38396204", "title": "Scribble Maps <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scribble Maps", "slug": "scribble-maps", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4541a7e1-4e46-4681-83e3-1c2e38396204?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4541ab5d-5c99-46e8-bc78-fa2c5cffd09b": { "id": "4541ab5d-5c99-46e8-bc78-fa2c5cffd09b", "title": "Re-attacher by BestWebSoft < 1.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Re-attacher by BestWebSoft", "slug": "re-attacher", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4541ab5d-5c99-46e8-bc78-fa2c5cffd09b?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45426cdd-2721-4959-8f0b-13025f775d62": { "id": "45426cdd-2721-4959-8f0b-13025f775d62", "title": "Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Insert Estimated Reading Time", "slug": "insert-estimated-reading-time", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45426cdd-2721-4959-8f0b-13025f775d62?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4542b0f8-c9ee-4992-b737-e5f727c7b5b0": { "id": "4542b0f8-c9ee-4992-b737-e5f727c7b5b0", "title": "Testimonial Carousel For Elementor <= 10.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial Carousel For Elementor", "slug": "testimonials-carousel-elementor", "affected_versions": { "* - 10.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "10.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4542b0f8-c9ee-4992-b737-e5f727c7b5b0?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4550681f-d115-4451-9839-7862b84714fe": { "id": "4550681f-d115-4451-9839-7862b84714fe", "title": "BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby'", "software": [ { "type": "plugin", "name": "BSK Forms Blacklist", "slug": "bsk-gravityforms-blacklist", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4550681f-d115-4451-9839-7862b84714fe?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4554235f-1790-4be7-a575-02fb18c6a4a9": { "id": "4554235f-1790-4be7-a575-02fb18c6a4a9", "title": "Videos sync PDF <= 1.7.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Videos sync PDF", "slug": "video-synchro-pdf", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4554235f-1790-4be7-a575-02fb18c6a4a9?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "455b0b34-1421-46eb-8fcf-3b68c5068249": { "id": "455b0b34-1421-46eb-8fcf-3b68c5068249", "title": "XML Sitemaps <= 4.1.1 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XML Sitemap Generator for Google", "slug": "google-sitemap-generator", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/455b0b34-1421-46eb-8fcf-3b68c5068249?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "455b9695-e140-4bdb-b626-5c1695518563": { "id": "455b9695-e140-4bdb-b626-5c1695518563", "title": "Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Generate PDF using Contact Form 7", "slug": "generate-pdf-using-contact-form-7", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/455b9695-e140-4bdb-b626-5c1695518563?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "455d7ee8-9a5a-41f6-b0ae-c55f04b41e52": { "id": "455d7ee8-9a5a-41f6-b0ae-c55f04b41e52", "title": "AdPush <= 1.29 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AdPush", "slug": "adsense-plugin", "affected_versions": { "* - 1.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/455d7ee8-9a5a-41f6-b0ae-c55f04b41e52?source=api-scan" ], "published": "2015-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45647fa6-a98d-4eb4-a287-f523e434688b": { "id": "45647fa6-a98d-4eb4-a287-f523e434688b", "title": "AppPresser \u2013 Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP", "software": [ { "type": "plugin", "name": "AppPresser \u2013 Mobile App Framework", "slug": "apppresser", "affected_versions": { "* - 4.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45647fa6-a98d-4eb4-a287-f523e434688b?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45668368-5846-41bb-b862-dfeb283e83cf": { "id": "45668368-5846-41bb-b862-dfeb283e83cf", "title": "WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.6 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)", "slug": "miniorange-login-openid", "affected_versions": { "* - 7.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45668368-5846-41bb-b862-dfeb283e83cf?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45671cab-f719-4ee6-af81-7c19b37b8d91": { "id": "45671cab-f719-4ee6-af81-7c19b37b8d91", "title": "Restrict Categories <= 2.6.4 - Reflected Cross-Site Scripting via rc-search", "software": [ { "type": "plugin", "name": "Restrict Categories", "slug": "restrict-categories", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45671cab-f719-4ee6-af81-7c19b37b8d91?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "456c13f5-4a8b-4eea-a2a0-f37f8508551b": { "id": "456c13f5-4a8b-4eea-a2a0-f37f8508551b", "title": "WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts", "slug": "wedevs-project-manager", "affected_versions": { "[*, 2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/456c13f5-4a8b-4eea-a2a0-f37f8508551b?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "456f038c-85a4-426e-b9e0-3acf91f9b93a": { "id": "456f038c-85a4-426e-b9e0-3acf91f9b93a", "title": "Easy Digital Downloads (Various Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "1.8 - 1.8.6": { "from_version": "1.8", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true }, "1.9 - 1.9.9": { "from_version": "1.9", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true }, "2.0 - 2.0.4": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true }, "2.1 - 2.1.10": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true }, "2.2 - 2.2.8": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true }, "2.3 - 2.3.6": { "from_version": "2.3", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7", "1.9.10", "2.0.5", "2.1.11", "2.2.9", "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/456f038c-85a4-426e-b9e0-3acf91f9b93a?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45700ca9-8bda-4148-b19f-86ed39c60117": { "id": "45700ca9-8bda-4148-b19f-86ed39c60117", "title": "WP Google Maps Pro <= 8.1.11 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Google Maps Pro", "slug": "wp-google-maps-pro", "affected_versions": { "* - 8.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45700ca9-8bda-4148-b19f-86ed39c60117?source=api-scan" ], "published": "2021-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45754b5b-8f94-4806-a931-bb423450682c": { "id": "45754b5b-8f94-4806-a931-bb423450682c", "title": "Stagtools <= 2.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "StagTools", "slug": "stagtools", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45754b5b-8f94-4806-a931-bb423450682c?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45785032-2bbf-4398-94a1-f819f8e8a9ca": { "id": "45785032-2bbf-4398-94a1-f819f8e8a9ca", "title": "ULeak Security & Monitoring Plugin <= 1.2.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ULeak Security & Monitoring Plugin", "slug": "uleak-security-dashboard", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45785032-2bbf-4398-94a1-f819f8e8a9ca?source=api-scan" ], "published": "2022-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "457865ca-cbf8-42ee-928d-2c894d9d62de": { "id": "457865ca-cbf8-42ee-928d-2c894d9d62de", "title": "Loco Translate <= 2.5.3 - Authenticated PHP Code Injection", "software": [ { "type": "plugin", "name": "Loco Translate", "slug": "loco-translate", "affected_versions": { "[*, 2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/457865ca-cbf8-42ee-928d-2c894d9d62de?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45792c95-8abf-4d0c-85a1-cda6f505949d": { "id": "45792c95-8abf-4d0c-85a1-cda6f505949d", "title": "Video Background <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Video Background", "slug": "video-background", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45792c95-8abf-4d0c-85a1-cda6f505949d?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "457b5066-da37-4877-9abe-c912bc201f29": { "id": "457b5066-da37-4877-9abe-c912bc201f29", "title": "Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/457b5066-da37-4877-9abe-c912bc201f29?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0": { "id": "457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0", "title": "WP Recipe Maker <= 9.1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45851efe-2584-4b5e-8e4c-24f289d3bc32": { "id": "45851efe-2584-4b5e-8e4c-24f289d3bc32", "title": "YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45851efe-2584-4b5e-8e4c-24f289d3bc32?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45873654-bf0d-4538-b07c-56ed8db3bafb": { "id": "45873654-bf0d-4538-b07c-56ed8db3bafb", "title": "Booking Activities <= 1.15.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Activities", "slug": "booking-activities", "affected_versions": { "* - 1.15.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45873654-bf0d-4538-b07c-56ed8db3bafb?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "458aeb60-8610-49e8-8f77-2e306bfe7277": { "id": "458aeb60-8610-49e8-8f77-2e306bfe7277", "title": "SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure", "software": [ { "type": "plugin", "name": "SiteGuard WP Plugin", "slug": "siteguard", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/458aeb60-8610-49e8-8f77-2e306bfe7277?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4592fea7-65c4-45f6-8674-ae5f706db413": { "id": "4592fea7-65c4-45f6-8674-ae5f706db413", "title": "A\/B Test for WordPress <= 1.0.7 - Local File Inclusion", "software": [ { "type": "plugin", "name": "A\/B Test for WordPress", "slug": "abtest", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4592fea7-65c4-45f6-8674-ae5f706db413?source=api-scan" ], "published": "2016-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4598202a-f883-44c9-83bf-e8b72e418e3a": { "id": "4598202a-f883-44c9-83bf-e8b72e418e3a", "title": "Advanced Contact form 7 DB <= 1.8.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Contact form 7 DB", "slug": "advanced-cf7-db", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4598202a-f883-44c9-83bf-e8b72e418e3a?source=api-scan" ], "published": "2022-04-21 14:19:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "459f6d68-ce52-4e63-8fd9-071ef517a3ce": { "id": "459f6d68-ce52-4e63-8fd9-071ef517a3ce", "title": "Tabs Shortcode and Widget <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Tabs Shortcode and Widget", "slug": "tabs-shortcode-and-widget", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/459f6d68-ce52-4e63-8fd9-071ef517a3ce?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45a42f20-a4d7-4c8e-a144-505a6723a2a0": { "id": "45a42f20-a4d7-4c8e-a144-505a6723a2a0", "title": "WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WP Datepicker", "slug": "wp-datepicker", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45a42f20-a4d7-4c8e-a144-505a6723a2a0?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45a49dca-2ed2-44cf-a0fe-0f1440a78cc2": { "id": "45a49dca-2ed2-44cf-a0fe-0f1440a78cc2", "title": "loader-utils (JS package) < 2.0.3 - Prototype Pollution", "software": [ { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] }, { "type": "plugin", "name": "Block for Apple Maps", "slug": "maps-block-apple", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45a49dca-2ed2-44cf-a0fe-0f1440a78cc2?source=api-scan" ], "published": "2022-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45a62dd0-386c-41b3-b8dd-ced443da9f92": { "id": "45a62dd0-386c-41b3-b8dd-ced443da9f92", "title": "Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme", "slug": "kingcomposer", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45a62dd0-386c-41b3-b8dd-ced443da9f92?source=api-scan" ], "published": "2020-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45a870f4-7ad1-447b-81ea-5d9e9b67b1bb": { "id": "45a870f4-7ad1-447b-81ea-5d9e9b67b1bb", "title": "WP Docs <= 1.9.8 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "WP Docs", "slug": "wp-docs", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45a870f4-7ad1-447b-81ea-5d9e9b67b1bb?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45ac52e1-9f0e-499e-9125-2581940f5bdd": { "id": "45ac52e1-9f0e-499e-9125-2581940f5bdd", "title": "WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPC Smart Quick View for WooCommerce", "slug": "woo-smart-quick-view", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45ac52e1-9f0e-499e-9125-2581940f5bdd?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45adeeba-22b0-4758-bc21-afc019653ce8": { "id": "45adeeba-22b0-4758-bc21-afc019653ce8", "title": "WordPress Core < 3.6.1 - Open Redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45adeeba-22b0-4758-bc21-afc019653ce8?source=api-scan" ], "published": "2013-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45b627f9-e7c6-4bf6-b1c7-d607f3e083f8": { "id": "45b627f9-e7c6-4bf6-b1c7-d607f3e083f8", "title": "Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Abandoned Cart Recovery for WooCommerce", "slug": "woo-abandoned-cart-recovery", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45b627f9-e7c6-4bf6-b1c7-d607f3e083f8?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45b6a72a-9aa9-4d77-b250-575d55538110": { "id": "45b6a72a-9aa9-4d77-b250-575d55538110", "title": "AllWebMenus WordPress Menu Plugin <= 1.1.3 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "AllWebMenus WordPress Menu Plugin", "slug": "allwebmenus-wordpress-menu-plugin", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45b6a72a-9aa9-4d77-b250-575d55538110?source=api-scan" ], "published": "2011-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45ba8203-a8a0-4330-a264-c2f555d09ef0": { "id": "45ba8203-a8a0-4330-a264-c2f555d09ef0", "title": "Import Export All WordPress Images, Users & Post Types <= 3.8.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "[*, 3.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45ba8203-a8a0-4330-a264-c2f555d09ef0?source=api-scan" ], "published": "2018-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45badd20-1ba8-44be-8a7c-2ce21261e208": { "id": "45badd20-1ba8-44be-8a7c-2ce21261e208", "title": "Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45badd20-1ba8-44be-8a7c-2ce21261e208?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45bfa9fb-f35b-4fd4-8553-cf87bf69df6b": { "id": "45bfa9fb-f35b-4fd4-8553-cf87bf69df6b", "title": "Calculated Fields Form Professional <= 5.1.56 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 5.1.56": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45bfa9fb-f35b-4fd4-8553-cf87bf69df6b?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45c08d51-ed01-4f92-9290-1964c4f3657c": { "id": "45c08d51-ed01-4f92-9290-1964c4f3657c", "title": "Weekly News < 2.2.9 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "WeeklyNews", "slug": "weeklynews", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45c08d51-ed01-4f92-9290-1964c4f3657c?source=api-scan" ], "published": "2015-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45c7f8fb-3fd0-425f-89a1-8971f67d5755": { "id": "45c7f8fb-3fd0-425f-89a1-8971f67d5755", "title": "Medialist <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Medialist", "slug": "media-list", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45c7f8fb-3fd0-425f-89a1-8971f67d5755?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45d04643-e43a-4732-91bf-e4af7b622e33": { "id": "45d04643-e43a-4732-91bf-e4af7b622e33", "title": "Tutor LMS \u2013 eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45d04643-e43a-4732-91bf-e4af7b622e33?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45d3cff1-3a86-4b79-bf43-1623d41ac821": { "id": "45d3cff1-3a86-4b79-bf43-1623d41ac821", "title": "Total Security <= 3.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Total Security", "slug": "total-security", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45d3cff1-3a86-4b79-bf43-1623d41ac821?source=api-scan" ], "published": "2016-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45d3f82b-9e19-4678-8995-7fe265606fd2": { "id": "45d3f82b-9e19-4678-8995-7fe265606fd2", "title": "IP Blocker Lite <= 11.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LionScripts: IP Blocker Lite", "slug": "ip-address-blocker", "affected_versions": { "* - 11.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "11.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45d3f82b-9e19-4678-8995-7fe265606fd2?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45d5a677-9b8b-4258-9cfb-101b0f0e6f6f": { "id": "45d5a677-9b8b-4258-9cfb-101b0f0e6f6f", "title": "Advanced Form Integration \u2013 Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms <= 1.82.0 - SQL Injection to Reflected Cross-Site Scripting via integration_id", "software": [ { "type": "plugin", "name": "AFI \u2013 The Easiest Integration Plugin", "slug": "advanced-form-integration", "affected_versions": { "* - 1.82.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.82.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.82.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45d5a677-9b8b-4258-9cfb-101b0f0e6f6f?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45dd22d4-9a51-4569-a756-1f1a5f8626c1": { "id": "45dd22d4-9a51-4569-a756-1f1a5f8626c1", "title": "WordPress Affiliates Plugin \u2014 SliceWP Affiliates <= 1.1.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliate Program Suite \u2014 SliceWP Affiliates", "slug": "slicewp", "affected_versions": { "* - 1.1.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45dd22d4-9a51-4569-a756-1f1a5f8626c1?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45ddf224-b359-45ec-97a0-5a3257f56420": { "id": "45ddf224-b359-45ec-97a0-5a3257f56420", "title": "Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 9.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45ddf224-b359-45ec-97a0-5a3257f56420?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45e0664a-385d-4879-acf6-46e837aaa03f": { "id": "45e0664a-385d-4879-acf6-46e837aaa03f", "title": "Kernel - Premium WordPress Blog & Magazine Theme | News \/ Editorial (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Kernel - Premium WordPress Blog & Magazine Theme | News \/ Editorial", "slug": "kernel-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45e0664a-385d-4879-acf6-46e837aaa03f?source=api-scan" ], "published": "2013-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45e61d76-085d-48ba-b5ae-cc75f91d1250": { "id": "45e61d76-085d-48ba-b5ae-cc75f91d1250", "title": "Rencontre \u2013 Dating Site <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45e61d76-085d-48ba-b5ae-cc75f91d1250?source=api-scan" ], "published": "2019-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45f32160-36eb-4d66-a6a6-a3d6f2f7bf1a": { "id": "45f32160-36eb-4d66-a6a6-a3d6f2f7bf1a", "title": "Ultimate Member <= 2.4.0 - Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "2.4.0": { "from_version": "2.4.0", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45f32160-36eb-4d66-a6a6-a3d6f2f7bf1a?source=api-scan" ], "published": "2022-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45f3568c-b6d9-4d00-a8cd-571443d80fd3": { "id": "45f3568c-b6d9-4d00-a8cd-571443d80fd3", "title": "Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin <= 2.43 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions", "slug": "wp-memory", "affected_versions": { "* - 2.43": { "from_version": "*", "from_inclusive": true, "to_version": "2.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45f3568c-b6d9-4d00-a8cd-571443d80fd3?source=api-scan" ], "published": "2022-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45f581dc-d424-4cda-aa03-016e9b5ee1e5": { "id": "45f581dc-d424-4cda-aa03-016e9b5ee1e5", "title": "OSD Subscribe <= 1.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OSD Subscribe", "slug": "osd-subscribe", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45f581dc-d424-4cda-aa03-016e9b5ee1e5?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "45f98c00-0bfd-405e-a6b3-581841d803de": { "id": "45f98c00-0bfd-405e-a6b3-581841d803de", "title": "QuBotChat <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "QuBot \u2013 Chatbot Builder with Templates", "slug": "qubotchat", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/45f98c00-0bfd-405e-a6b3-581841d803de?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46030034-9731-4b6d-a3c9-c2dd9a206c46": { "id": "46030034-9731-4b6d-a3c9-c2dd9a206c46", "title": "Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter <= 1.222.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter", "slug": "custom-add-to-cart-button-for-woocommerce", "affected_versions": { "* - 1.222.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.222.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46030034-9731-4b6d-a3c9-c2dd9a206c46?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46030da6-6d9f-4934-a93c-4cd564510f36": { "id": "46030da6-6d9f-4934-a93c-4cd564510f36", "title": "Image Optimizer, Resizer and CDN \u2013 Sirv <= 7.2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 7.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46030da6-6d9f-4934-a93c-4cd564510f36?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46039930-377e-4adb-8d96-09ebf220b4a6": { "id": "46039930-377e-4adb-8d96-09ebf220b4a6", "title": "Sliding Social Icons <= 1.61 - Cross-Site Request Forgery and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sliding Social Icons", "slug": "sliding-social-icons", "affected_versions": { "* - 1.61": { "from_version": "*", "from_inclusive": true, "to_version": "1.61", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46039930-377e-4adb-8d96-09ebf220b4a6?source=api-scan" ], "published": "2014-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "460b5388-4862-475d-9557-f8da2d5a84f7": { "id": "460b5388-4862-475d-9557-f8da2d5a84f7", "title": "Futurio Extra <= 1.6.2 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Futurio Extra", "slug": "futurio-extra", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/460b5388-4862-475d-9557-f8da2d5a84f7?source=api-scan" ], "published": "2022-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "461211c9-951e-4ccd-abf5-84941290a6a5": { "id": "461211c9-951e-4ccd-abf5-84941290a6a5", "title": "SureTriggers <= 1.0.23 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SureTriggers: All-in-One WordPress Automation", "slug": "suretriggers", "affected_versions": { "* - 1.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/461211c9-951e-4ccd-abf5-84941290a6a5?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46122be7-5e88-4656-8944-a747f5cdc69e": { "id": "46122be7-5e88-4656-8944-a747f5cdc69e", "title": "CookieHub <= 1.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "CookieHub \u2013 Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)", "slug": "cookiehub", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46122be7-5e88-4656-8944-a747f5cdc69e?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46126f88-416a-4430-8596-12f72cd2c1e7": { "id": "46126f88-416a-4430-8596-12f72cd2c1e7", "title": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_template", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46126f88-416a-4430-8596-12f72cd2c1e7?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46150f65-e662-4539-ae99-eaee297a2608": { "id": "46150f65-e662-4539-ae99-eaee297a2608", "title": "Seriously Simple Stats <= 1.5.0 - Authenticated (Podcast manager+) SQL Injection via order_by", "software": [ { "type": "plugin", "name": "Seriously Simple Stats", "slug": "seriously-simple-stats", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46150f65-e662-4539-ae99-eaee297a2608?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4618c39d-219e-4fc3-be98-15303bc8483f": { "id": "4618c39d-219e-4fc3-be98-15303bc8483f", "title": "WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Ajax Contact Form", "slug": "wp-ajax-contact-form", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4618c39d-219e-4fc3-be98-15303bc8483f?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "461993a3-8d47-4c9e-8f5f-78058d96ab2a": { "id": "461993a3-8d47-4c9e-8f5f-78058d96ab2a", "title": "Patreon WordPress <= 1.9.0 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/461993a3-8d47-4c9e-8f5f-78058d96ab2a?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "461cec8c-77e4-4f20-8dff-c4f675dc235f": { "id": "461cec8c-77e4-4f20-8dff-c4f675dc235f", "title": "Easy Appointments <= 3.11.9 - Cross-Site Request Forgery via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Easy Appointments", "slug": "easy-appointments", "affected_versions": { "* - 3.11.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/461cec8c-77e4-4f20-8dff-c4f675dc235f?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "461cf8ba-a0d1-4de8-983d-170305e14f97": { "id": "461cf8ba-a0d1-4de8-983d-170305e14f97", "title": "5 Stars Rating Funnel <= 1.2.67 - Missing Authorization", "software": [ { "type": "plugin", "name": "Build 5 Star Reviews on Google Reviews, Yelp, Facebook\u2026 easily and risk-free | RRatingg", "slug": "5-stars-rating-funnel", "affected_versions": { "* - 1.2.67": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.67", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/461cf8ba-a0d1-4de8-983d-170305e14f97?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "461d5d5a-7bc2-4855-bc40-0edb9c538c33": { "id": "461d5d5a-7bc2-4855-bc40-0edb9c538c33", "title": "Ultimate Member 1.2.98 - 1.2.997 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "1.2.98 - 1.2.997": { "from_version": "1.2.98", "from_inclusive": true, "to_version": "1.2.997", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/461d5d5a-7bc2-4855-bc40-0edb9c538c33?source=api-scan" ], "published": "2015-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "461fedd6-8138-46ee-9c76-dc71061242bf": { "id": "461fedd6-8138-46ee-9c76-dc71061242bf", "title": "Mega Elements <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mega Elements \u2013 Addons for Elementor", "slug": "mega-elements-addons-for-elementor", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/461fedd6-8138-46ee-9c76-dc71061242bf?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46226921-a445-4fb7-9c90-bd2d6841dec7": { "id": "46226921-a445-4fb7-9c90-bd2d6841dec7", "title": "Coru LFMember <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coru LFMember", "slug": "coru-lfmember", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46226921-a445-4fb7-9c90-bd2d6841dec7?source=api-scan" ], "published": "2022-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "462372ab-8f83-4b75-b3dd-674199e1eeee": { "id": "462372ab-8f83-4b75-b3dd-674199e1eeee", "title": "Mailjet Email Marketing <= 5.3 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mailjet Email Marketing", "slug": "mailjet-for-wordpress", "affected_versions": { "* - 5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/462372ab-8f83-4b75-b3dd-674199e1eeee?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4624c43b-6c5f-48c5-bfe4-26ec6d7de418": { "id": "4624c43b-6c5f-48c5-bfe4-26ec6d7de418", "title": "stripShow Plugin <= 2.5.2 - SQL Injection", "software": [ { "type": "plugin", "name": "stripshow", "slug": "stripshow", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4624c43b-6c5f-48c5-bfe4-26ec6d7de418?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4624d197-db90-41ee-a3d5-a83a0dbf6b7c": { "id": "4624d197-db90-41ee-a3d5-a83a0dbf6b7c", "title": "Global Flash Gallery <= 0.15.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Global Flash Gallery", "slug": "global-flash-galleries", "affected_versions": { "* - 0.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.15.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.15.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4624d197-db90-41ee-a3d5-a83a0dbf6b7c?source=api-scan" ], "published": "2011-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46258dc2-3e05-4050-baad-3b3ded912bfe": { "id": "46258dc2-3e05-4050-baad-3b3ded912bfe", "title": "Shopping Cart & eCommerce Store <= 5.2.4 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46258dc2-3e05-4050-baad-3b3ded912bfe?source=api-scan" ], "published": "2022-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4625d217-99d4-47d8-b093-fe55a3018348": { "id": "4625d217-99d4-47d8-b093-fe55a3018348", "title": "Sticky Menu & Sticky Header <= 2.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sticky Menu & Sticky Header", "slug": "sticky-menu-or-anything-on-scroll", "affected_versions": { "[*, 2.21)": { "from_version": "*", "from_inclusive": true, "to_version": "2.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4625d217-99d4-47d8-b093-fe55a3018348?source=api-scan" ], "published": "2020-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46271ab0-5f24-4cdb-9e1f-12db7bcbea6c": { "id": "46271ab0-5f24-4cdb-9e1f-12db7bcbea6c", "title": "Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dynamic Widgets", "slug": "dynamic-widgets", "affected_versions": { "* - 1.5.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46271ab0-5f24-4cdb-9e1f-12db7bcbea6c?source=api-scan" ], "published": "2021-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "462fcf4d-3ece-48d7-b06f-9a5de9372f5c": { "id": "462fcf4d-3ece-48d7-b06f-9a5de9372f5c", "title": "Cooked \u2013 Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Template Apply", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.7.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/462fcf4d-3ece-48d7-b06f-9a5de9372f5c?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4633c5b1-a6e3-4ee8-94ca-8afa8ff16a35": { "id": "4633c5b1-a6e3-4ee8-94ca-8afa8ff16a35", "title": "Minimum Purchase for WooCommerce <= 2.0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Minimum Purchase for WooCommerce", "slug": "minimum-purchase-for-woocommerce", "affected_versions": { "* - 2.0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4633c5b1-a6e3-4ee8-94ca-8afa8ff16a35?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "463fd745-92ea-4e55-b470-a5f08884169f": { "id": "463fd745-92ea-4e55-b470-a5f08884169f", "title": "Backup Guard <= 1.1.46 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "[*, 1.1.47)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.47", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/463fd745-92ea-4e55-b470-a5f08884169f?source=api-scan" ], "published": "2017-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "463fdbde-1d98-4f52-b835-cba1ae567f4f": { "id": "463fdbde-1d98-4f52-b835-cba1ae567f4f", "title": "A2 Optimized WP <= 3.0.4 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "A2 Optimized WP \u2013 Turbocharge and secure your WordPress site", "slug": "a2-optimized-wp", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/463fdbde-1d98-4f52-b835-cba1ae567f4f?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46438bd3-7c4a-4939-ab46-05dc8bbe461f": { "id": "46438bd3-7c4a-4939-ab46-05dc8bbe461f", "title": "WP File Manager <= 6.4 - Unauthenticated Resource Access to Site Backups", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46438bd3-7c4a-4939-ab46-05dc8bbe461f?source=api-scan" ], "published": "2020-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4648c4f2-47e3-4a95-9e93-fd8246863425": { "id": "4648c4f2-47e3-4a95-9e93-fd8246863425", "title": "MainWP Matomo Extension <= 4.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MainWP Matomo Extension", "slug": "mainwp-piwik-extension", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4648c4f2-47e3-4a95-9e93-fd8246863425?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "464a41f6-5569-4306-be99-566e2354c73b": { "id": "464a41f6-5569-4306-be99-566e2354c73b", "title": "MailPoet Newsletters <= 2.8.1 - Spam Injection", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/464a41f6-5569-4306-be99-566e2354c73b?source=api-scan" ], "published": "2018-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "464e64f8-de64-4a49-afd3-43142793c24d": { "id": "464e64f8-de64-4a49-afd3-43142793c24d", "title": "Top Bar \u2013 PopUps \u2013 by WPOptin <= 2.0.1 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Top Bar \u2013 PopUps \u2013 by WPOptin", "slug": "wpoptin", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/464e64f8-de64-4a49-afd3-43142793c24d?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46525a06-f3a4-4c78-ba32-4b937e1dbac6": { "id": "46525a06-f3a4-4c78-ba32-4b937e1dbac6", "title": "Form Maker <= 1.15.20 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "[*, 1.15.21)": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.15.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46525a06-f3a4-4c78-ba32-4b937e1dbac6?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46528bf2-43f5-45bc-aab5-da447a016470": { "id": "46528bf2-43f5-45bc-aab5-da447a016470", "title": "Brozzme Scroll Top <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brozzme Scroll Top", "slug": "brozzme-scroll-top", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46528bf2-43f5-45bc-aab5-da447a016470?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4653f0fd-5369-4e3c-9bce-3f4200c0bddb": { "id": "4653f0fd-5369-4e3c-9bce-3f4200c0bddb", "title": "DELUCKS SEO <= 2.5.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "DELUCKS SEO", "slug": "delucks-seo", "affected_versions": { "* - 2.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4653f0fd-5369-4e3c-9bce-3f4200c0bddb?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46545227-3c04-40a4-a25c-8f43845e90d3": { "id": "46545227-3c04-40a4-a25c-8f43845e90d3", "title": "WP Statistics <= 13.1.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46545227-3c04-40a4-a25c-8f43845e90d3?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4654609e-ed3e-4268-a9a4-80bc563e0a64": { "id": "4654609e-ed3e-4268-a9a4-80bc563e0a64", "title": "Download Manager <= 3.2.48 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.48": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4654609e-ed3e-4268-a9a4-80bc563e0a64?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4658109d-295c-4a1b-b219-ca1f4664ff1d": { "id": "4658109d-295c-4a1b-b219-ca1f4664ff1d", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.91 - Google Drive Client Secret Exposure", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.91": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4658109d-295c-4a1b-b219-ca1f4664ff1d?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "465af9c6-9687-4417-96fb-b7df3d221a1a": { "id": "465af9c6-9687-4417-96fb-b7df3d221a1a", "title": "Catapult UK Cookie Consent <= 2.3.9 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Termly \u2013 GDPR\/CCPA Cookie Consent Banner", "slug": "uk-cookie-consent", "affected_versions": { "* - 2.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/465af9c6-9687-4417-96fb-b7df3d221a1a?source=api-scan" ], "published": "2018-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "465f29c0-99b9-4f7d-9817-3d3a49a2d943": { "id": "465f29c0-99b9-4f7d-9817-3d3a49a2d943", "title": "Live Chat with Messenger Customer Chat <= 1.4.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Live Chat with Messenger Customer Chat", "slug": "fb-messenger-live-chat", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/465f29c0-99b9-4f7d-9817-3d3a49a2d943?source=api-scan" ], "published": "2019-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46693edf-bcc6-4af8-9f26-5ede865f4694": { "id": "46693edf-bcc6-4af8-9f26-5ede865f4694", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46693edf-bcc6-4af8-9f26-5ede865f4694?source=api-scan" ], "published": "2024-05-09 21:13:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "466d6087-1e4d-4010-b3c7-87e9e2d64f06": { "id": "466d6087-1e4d-4010-b3c7-87e9e2d64f06", "title": "Christmas Greetings <= 1.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Christmas Greetings", "slug": "christmas-greetings", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/466d6087-1e4d-4010-b3c7-87e9e2d64f06?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "466eec4a-8aac-4b0d-ba18-9667aa70de5a": { "id": "466eec4a-8aac-4b0d-ba18-9667aa70de5a", "title": "Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Find Duplicates", "slug": "find-duplicates", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/466eec4a-8aac-4b0d-ba18-9667aa70de5a?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "466fc6f3-7b2d-4975-a838-16e27bc9f9b5": { "id": "466fc6f3-7b2d-4975-a838-16e27bc9f9b5", "title": "tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/466fc6f3-7b2d-4975-a838-16e27bc9f9b5?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46706adb-fc2e-47d4-b1ff-748b89b1decf": { "id": "46706adb-fc2e-47d4-b1ff-748b89b1decf", "title": "DMSGuestbook <= 1.7.0 - SQL Injection", "software": [ { "type": "plugin", "name": "DMSGuestbook", "slug": "dmsguestbook", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46706adb-fc2e-47d4-b1ff-748b89b1decf?source=api-scan" ], "published": "2008-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4671556c-d902-4294-9e25-47e3d0e2ca98": { "id": "4671556c-d902-4294-9e25-47e3d0e2ca98", "title": "Sermon Browser <= 0.45.15 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sermon Browser", "slug": "sermon-browser", "affected_versions": { "* - 0.45.15": { "from_version": "*", "from_inclusive": true, "to_version": "0.45.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.45.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4671556c-d902-4294-9e25-47e3d0e2ca98?source=api-scan" ], "published": "2016-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4677042d-ff0a-4340-ada7-c82d2da0c01c": { "id": "4677042d-ff0a-4340-ada7-c82d2da0c01c", "title": "Klarna Payments for WooCommerce <= 3.2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Klarna Payments for WooCommerce", "slug": "klarna-payments-for-woocommerce", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4677042d-ff0a-4340-ada7-c82d2da0c01c?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "467a9b16-b57c-417c-b4e1-9f3edc80b5df": { "id": "467a9b16-b57c-417c-b4e1-9f3edc80b5df", "title": "Album and Image Gallery plus Lightbox <= 1.6.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Album and Image Gallery plus Lightbox", "slug": "album-and-image-gallery-plus-lightbox", "affected_versions": { "* - 1.6.2.": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2.", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/467a9b16-b57c-417c-b4e1-9f3edc80b5df?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "467d5c09-2425-4050-98ca-a7c5d533af77": { "id": "467d5c09-2425-4050-98ca-a7c5d533af77", "title": "Swift Framework < 2024.04.30 Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Title", "software": [ { "type": "plugin", "name": "Swift Framework", "slug": "socialdriver-framework", "affected_versions": { "[*, 2024.04.30)": { "from_version": "*", "from_inclusive": true, "to_version": "2024.04.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2024.04.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/467d5c09-2425-4050-98ca-a7c5d533af77?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "467e0946-cfbb-4ea3-b2d9-db21d0f182cd": { "id": "467e0946-cfbb-4ea3-b2d9-db21d0f182cd", "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder < 1.3.5 - Reflected Cross-Site Scripting via font-size", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "[*, 1.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/467e0946-cfbb-4ea3-b2d9-db21d0f182cd?source=api-scan" ], "published": "2020-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "467f369f-1c7a-4b05-8901-d2850db86a33": { "id": "467f369f-1c7a-4b05-8901-d2850db86a33", "title": "Simple Photoswipe <= 0.1 - Missing Authorization (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Simple Photoswipe", "slug": "simple-photoswipe", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/467f369f-1c7a-4b05-8901-d2850db86a33?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46825646-f611-4e9d-bee8-36656a1d54ff": { "id": "46825646-f611-4e9d-bee8-36656a1d54ff", "title": "WP Front End Profile <= 0.2.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Frontend Profile", "slug": "wp-front-end-profile", "affected_versions": { "* - 0.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46825646-f611-4e9d-bee8-36656a1d54ff?source=api-scan" ], "published": "2016-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46828b2a-ed76-4074-9fb4-c36bf0fd012c": { "id": "46828b2a-ed76-4074-9fb4-c36bf0fd012c", "title": "Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Carousel \u2013 Responsive Logo Slider, Logo Showcase, and Clients Logo Gallery", "slug": "logo-carousel-free", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46828b2a-ed76-4074-9fb4-c36bf0fd012c?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46868a11-0c82-4bd3-82b5-9a19a5a0cef1": { "id": "46868a11-0c82-4bd3-82b5-9a19a5a0cef1", "title": "Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46868a11-0c82-4bd3-82b5-9a19a5a0cef1?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4688c1ee-335c-4adb-bd68-894ff34d001d": { "id": "4688c1ee-335c-4adb-bd68-894ff34d001d", "title": "Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4688c1ee-335c-4adb-bd68-894ff34d001d?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46978e1d-7adb-49f6-8e41-093f177c9a4d": { "id": "46978e1d-7adb-49f6-8e41-093f177c9a4d", "title": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.7 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF)", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46978e1d-7adb-49f6-8e41-093f177c9a4d?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "469a702f-033a-40de-b725-b0ad4f8e92e8": { "id": "469a702f-033a-40de-b725-b0ad4f8e92e8", "title": "Ship To eCourier <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ship To eCourier", "slug": "ship-to-ecourier", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/469a702f-033a-40de-b725-b0ad4f8e92e8?source=api-scan" ], "published": "2021-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "469bf5c9-984e-4107-a8a2-da744a78b8b2": { "id": "469bf5c9-984e-4107-a8a2-da744a78b8b2", "title": "Cimy User Manager < 1.4.4 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "Cimy User Manager", "slug": "cimy-user-manager", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/469bf5c9-984e-4107-a8a2-da744a78b8b2?source=api-scan" ], "published": "2012-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46a022ff-7ec8-48bc-b0ae-8e925ea3f361": { "id": "46a022ff-7ec8-48bc-b0ae-8e925ea3f361", "title": "Magic Post Voice <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magic Post Voice", "slug": "magic-post-voice", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46a022ff-7ec8-48bc-b0ae-8e925ea3f361?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46a16b7b-6de4-49a6-83e3-309f8ab43505": { "id": "46a16b7b-6de4-49a6-83e3-309f8ab43505", "title": "Nova Lite < 1.3.9 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Nova Lite", "slug": "nova-lite", "affected_versions": { "[*, 1.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46a16b7b-6de4-49a6-83e3-309f8ab43505?source=api-scan" ], "published": "2020-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46aa3df1-d6ef-4614-b1cc-a4c9baa8d1c0": { "id": "46aa3df1-d6ef-4614-b1cc-a4c9baa8d1c0", "title": "Side Menu Lite \u2013 add sticky fixed buttons <= 4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Side Menu Lite \u2013 add sticky fixed buttons", "slug": "side-menu-lite", "affected_versions": { "* - 4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46aa3df1-d6ef-4614-b1cc-a4c9baa8d1c0?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46ab2615-a1eb-4740-836c-781e961252e7": { "id": "46ab2615-a1eb-4740-836c-781e961252e7", "title": "Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More", "slug": "purple-xmls-google-product-feed-for-woocommerce", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46ab2615-a1eb-4740-836c-781e961252e7?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46b3b01c-8739-4b51-be34-1dd3c50d772e": { "id": "46b3b01c-8739-4b51-be34-1dd3c50d772e", "title": "WP Syntax < 0.9.10 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WP-Syntax", "slug": "wp-syntax", "affected_versions": { "* - 0.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46b3b01c-8739-4b51-be34-1dd3c50d772e?source=api-scan" ], "published": "2009-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46b3f3fb-5bd5-4af4-a281-647ad0b8e992": { "id": "46b3f3fb-5bd5-4af4-a281-647ad0b8e992", "title": "Google Map <= 2.2.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Google Map", "slug": "google-map-wp", "affected_versions": { "[*, 2.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46b3f3fb-5bd5-4af4-a281-647ad0b8e992?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46bc15d6-dc1b-40ec-8bb9-5342a4f84372": { "id": "46bc15d6-dc1b-40ec-8bb9-5342a4f84372", "title": "XStore Core <= 5.3.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "XStore Core", "slug": "et-core-plugin", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46bc15d6-dc1b-40ec-8bb9-5342a4f84372?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46c40aed-1df9-4c20-9058-1ae62864fc9d": { "id": "46c40aed-1df9-4c20-9058-1ae62864fc9d", "title": "Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Booking Calendar", "slug": "advanced-booking-calendar", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46c40aed-1df9-4c20-9058-1ae62864fc9d?source=api-scan" ], "published": "2022-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46c4b7f7-e3e6-46b8-b959-07775db8bb6c": { "id": "46c4b7f7-e3e6-46b8-b959-07775db8bb6c", "title": "WP Gallery Metabox <= 1.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Gallery Metabox", "slug": "wp-gallery-metabox", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46c4b7f7-e3e6-46b8-b959-07775db8bb6c?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46c61f38-553e-43b2-a666-b160db40e66d": { "id": "46c61f38-553e-43b2-a666-b160db40e66d", "title": "WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "* - 3.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46c61f38-553e-43b2-a666-b160db40e66d?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46ca2967-5b75-49f5-8b0c-1e9274423c93": { "id": "46ca2967-5b75-49f5-8b0c-1e9274423c93", "title": "WP Subscribe <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Subscribe", "slug": "wp-subscribe", "affected_versions": { "* - 1.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46ca2967-5b75-49f5-8b0c-1e9274423c93?source=api-scan" ], "published": "2022-05-02 14:11:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46cc1643-fc65-483c-923d-a458786f8e23": { "id": "46cc1643-fc65-483c-923d-a458786f8e23", "title": "Surfer <= 1.5.0.502 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Surfer \u2013 WordPress Plugin", "slug": "surferseo", "affected_versions": { "* - 1.5.0.502": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0.502", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46cc1643-fc65-483c-923d-a458786f8e23?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46d4d573-3845-4d20-8a48-a2f28850383c": { "id": "46d4d573-3845-4d20-8a48-a2f28850383c", "title": "ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.14.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46d4d573-3845-4d20-8a48-a2f28850383c?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46d65fed-cb21-46e1-bafe-eda11c25a467": { "id": "46d65fed-cb21-46e1-bafe-eda11c25a467", "title": "Simple Portfolio Gallery <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Portfolio Gallery", "slug": "simple-portfolio-gallery", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46d65fed-cb21-46e1-bafe-eda11c25a467?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46db2d07-66a6-4d9e-b0fd-ddf6119ba5be": { "id": "46db2d07-66a6-4d9e-b0fd-ddf6119ba5be", "title": "Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46db2d07-66a6-4d9e-b0fd-ddf6119ba5be?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46df438c-abff-4cf3-a732-02e0b3196bac": { "id": "46df438c-abff-4cf3-a732-02e0b3196bac", "title": "ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update", "software": [ { "type": "plugin", "name": "ACF On-The-Go", "slug": "acf-on-the-go", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46df438c-abff-4cf3-a732-02e0b3196bac?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46e47284-2757-40d0-ac76-292a690cfcbb": { "id": "46e47284-2757-40d0-ac76-292a690cfcbb", "title": "ConeBlog \u2013 WordPress Blog Widgets <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ConeBlog \u2013 Elementor Blog Widgets", "slug": "coneblog-widgets", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46e47284-2757-40d0-ac76-292a690cfcbb?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46e53bf4-49af-45d8-b672-1f9b2f2dd91f": { "id": "46e53bf4-49af-45d8-b672-1f9b2f2dd91f", "title": "Bold Page Builder <= 4.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via class", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46e53bf4-49af-45d8-b672-1f9b2f2dd91f?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46e66230-06d6-452e-a7aa-862b2bb8c27d": { "id": "46e66230-06d6-452e-a7aa-862b2bb8c27d", "title": "SEOPress \u2013 On-site SEO <= 7.5.2.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 7.5.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46e66230-06d6-452e-a7aa-862b2bb8c27d?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46e7ca97-6dd9-4e27-8e69-2e73f9490ea7": { "id": "46e7ca97-6dd9-4e27-8e69-2e73f9490ea7", "title": "WP Hide Pages <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Hide Pages", "slug": "wp-hide-pages", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46e7ca97-6dd9-4e27-8e69-2e73f9490ea7?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46f144c9-2cd3-4320-b987-119b672e7e30": { "id": "46f144c9-2cd3-4320-b987-119b672e7e30", "title": "Support Board for WordPress <= 1.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Support Board", "slug": "supportboard", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46f144c9-2cd3-4320-b987-119b672e7e30?source=api-scan" ], "published": "2018-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46f31a60-0a0e-449d-a10a-3cafd0492a9c": { "id": "46f31a60-0a0e-449d-a10a-3cafd0492a9c", "title": "Recently Viewed Products <= 1.0.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Recently Viewed Products", "slug": "recently-viewed-products", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46f31a60-0a0e-449d-a10a-3cafd0492a9c?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46f3cc62-c2d8-45af-bb92-c2040789cbc0": { "id": "46f3cc62-c2d8-45af-bb92-c2040789cbc0", "title": "HT Mega \u2013 Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "[*, 2.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46f3cc62-c2d8-45af-bb92-c2040789cbc0?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46f5d1fa-dba7-4882-be29-39dc281d7278": { "id": "46f5d1fa-dba7-4882-be29-39dc281d7278", "title": "CodeBard's Patron Button and Widgets for Patreon <= 2.1.8 - Reflected Cross-Site Scripting via 'site_account'", "software": [ { "type": "plugin", "name": "CodeBard's Patron Button and Widgets for Patreon", "slug": "patron-button-and-widgets-by-codebard", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46f5d1fa-dba7-4882-be29-39dc281d7278?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46f7dc18-fc07-400a-bb79-0d9821299023": { "id": "46f7dc18-fc07-400a-bb79-0d9821299023", "title": "Exquisite PayPal Donation <= v2.0.0 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exquisite PayPal Donation", "slug": "exquisite-paypal-donation", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46f7dc18-fc07-400a-bb79-0d9821299023?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46fccb4e-8dd9-414d-bd65-e62acffee18d": { "id": "46fccb4e-8dd9-414d-bd65-e62acffee18d", "title": "WP GDPR Compliance <= 2.0.23 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Cookie Information | Free GDPR Consent Solution", "slug": "wp-gdpr-compliance", "affected_versions": { "* - 2.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.23", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46fccb4e-8dd9-414d-bd65-e62acffee18d?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "46fdd494-8073-4a68-a4ab-1f5767011f67": { "id": "46fdd494-8073-4a68-a4ab-1f5767011f67", "title": "simple-git < 3.16.0 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Insecure Content Warning", "slug": "insecure-content-warning", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Ads.txt Manager", "slug": "ads-txt-manager", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "plugin", "name": "Retro Winamp Block", "slug": "retro-winamp-block", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "Simple Podcasting", "slug": "simple-podcasting", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Block for Apple Maps", "slug": "maps-block-apple", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Simple Local Avatars", "slug": "simple-local-avatars", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/46fdd494-8073-4a68-a4ab-1f5767011f67?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4701efb1-4208-4178-90c0-bfc006d1a72a": { "id": "4701efb1-4208-4178-90c0-bfc006d1a72a", "title": "Modern Events Calendar Lite <= 6.2.9 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 6.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4701efb1-4208-4178-90c0-bfc006d1a72a?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "470285d6-b309-409c-b2c3-8766a0cf9e98": { "id": "470285d6-b309-409c-b2c3-8766a0cf9e98", "title": "ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks <= 3.1.4 - PHP Object Injection via wopb_wishlist and wopb_compare", "software": [ { "type": "plugin", "name": "WooCommerce Builder & Gutenberg WooCommerce Blocks \u2013 WowStore", "slug": "product-blocks", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/470285d6-b309-409c-b2c3-8766a0cf9e98?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4707fcf6-ad11-4ffc-ba56-30f6571e3d9e": { "id": "4707fcf6-ad11-4ffc-ba56-30f6571e3d9e", "title": "Simple:Press <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Forum Replies", "software": [ { "type": "plugin", "name": "Simple:Press Forum", "slug": "simplepress", "affected_versions": { "* - 6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4707fcf6-ad11-4ffc-ba56-30f6571e3d9e?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "470d91c1-bcde-4497-a558-35bc0156ddca": { "id": "470d91c1-bcde-4497-a558-35bc0156ddca", "title": "WP Google Map Plugin <= 4.1.4 - Authenticated SQL Injection via Orderby", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/470d91c1-bcde-4497-a558-35bc0156ddca?source=api-scan" ], "published": "2020-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "470fbac6-45bf-400e-b415-32e7989abbad": { "id": "470fbac6-45bf-400e-b415-32e7989abbad", "title": "Popup Builder 2.2.8 - 2.6.7.6 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "2.2.8 - 2.6.7.6": { "from_version": "2.2.8", "from_inclusive": true, "to_version": "2.6.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/470fbac6-45bf-400e-b415-32e7989abbad?source=api-scan" ], "published": "2020-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47122866-8e40-42bc-84ed-60fc81247320": { "id": "47122866-8e40-42bc-84ed-60fc81247320", "title": "Advanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Schedule Posts", "slug": "advanced-schedule-posts", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47122866-8e40-42bc-84ed-60fc81247320?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4712b12f-097b-4106-b2ba-e4c6cb7c32c2": { "id": "4712b12f-097b-4106-b2ba-e4c6cb7c32c2", "title": "WP-Mobile-BankID-Integration <= 1.0.0 - PHP Object Injection", "software": [ { "type": "plugin", "name": "WP-Mobile-BankID-Integration", "slug": "WP-Mobile-BankID-Integration", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4712b12f-097b-4106-b2ba-e4c6cb7c32c2?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "471957f6-54c1-4268-b2e1-8efa391dcaec": { "id": "471957f6-54c1-4268-b2e1-8efa391dcaec", "title": "Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.49": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.49", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/471957f6-54c1-4268-b2e1-8efa391dcaec?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4727154c-c48f-4958-9520-cc5204927ee4": { "id": "4727154c-c48f-4958-9520-cc5204927ee4", "title": "Automatic Translator with Google Translate <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom Font", "software": [ { "type": "plugin", "name": "Automatic Translator with Google Translate", "slug": "auto-translate", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4727154c-c48f-4958-9520-cc5204927ee4?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "472a98fe-9cce-4e9f-b353-ccc1389506fd": { "id": "472a98fe-9cce-4e9f-b353-ccc1389506fd", "title": "NextCellent Gallery < 1.9.18 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextCellent Gallery \u2013 NextGEN Legacy", "slug": "nextcellent-gallery-nextgen-legacy", "affected_versions": { "[*, 1.9.18)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/472a98fe-9cce-4e9f-b353-ccc1389506fd?source=api-scan" ], "published": "2014-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "472b523f-b987-4da0-8533-54ae076d7a6b": { "id": "472b523f-b987-4da0-8533-54ae076d7a6b", "title": "Email Artillery (MASS EMAIL) <= 4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Artillery (MASS EMAIL)", "slug": "email-artillery", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/472b523f-b987-4da0-8533-54ae076d7a6b?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "472cdbc4-3bfa-4254-b35a-be7ae10782e6": { "id": "472cdbc4-3bfa-4254-b35a-be7ae10782e6", "title": "Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/472cdbc4-3bfa-4254-b35a-be7ae10782e6?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4731eb39-8c01-4a2b-80f7-15d8c13a19b5": { "id": "4731eb39-8c01-4a2b-80f7-15d8c13a19b5", "title": "Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.24.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4731eb39-8c01-4a2b-80f7-15d8c13a19b5?source=api-scan" ], "published": "2023-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47337214-9cc3-4b12-bb71-9acbab3649b7": { "id": "47337214-9cc3-4b12-bb71-9acbab3649b7", "title": "Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change", "software": [ { "type": "plugin", "name": "Export and Import Users and Customers", "slug": "users-customers-import-export-for-wp-woocommerce", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47337214-9cc3-4b12-bb71-9acbab3649b7?source=api-scan" ], "published": "2023-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4735c491-9595-42b8-bb1c-1b18c89fcf7a": { "id": "4735c491-9595-42b8-bb1c-1b18c89fcf7a", "title": "BulletProof Security <= 5.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "* - 5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4735c491-9595-42b8-bb1c-1b18c89fcf7a?source=api-scan" ], "published": "2021-09-16 15:36:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "473ba791-af99-4aae-99cb-ccf220e443e7": { "id": "473ba791-af99-4aae-99cb-ccf220e443e7", "title": "ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/473ba791-af99-4aae-99cb-ccf220e443e7?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "473eab06-67c8-4143-9d00-eb2866f101c7": { "id": "473eab06-67c8-4143-9d00-eb2866f101c7", "title": "Church Admin <= 4.1.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/473eab06-67c8-4143-9d00-eb2866f101c7?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "473ff00e-e045-4b66-b0af-89d666de4de8": { "id": "473ff00e-e045-4b66-b0af-89d666de4de8", "title": "Crelly Slider <= 1.1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Crelly Slider", "slug": "crelly-slider", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/473ff00e-e045-4b66-b0af-89d666de4de8?source=api-scan" ], "published": "2017-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "474494ad-6713-4167-b40d-c29c533f169e": { "id": "474494ad-6713-4167-b40d-c29c533f169e", "title": "Etsy Shop <= 3.0.3 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Etsy Shop", "slug": "etsy-shop", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/474494ad-6713-4167-b40d-c29c533f169e?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4744edff-d130-4f45-93a0-a67ec91dbe10": { "id": "4744edff-d130-4f45-93a0-a67ec91dbe10", "title": "WP Google Maps <= 7.11.34 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "[*, 7.11.35)": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.11.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4744edff-d130-4f45-93a0-a67ec91dbe10?source=api-scan" ], "published": "2019-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47461b7b-e986-4048-88aa-175242305795": { "id": "47461b7b-e986-4048-88aa-175242305795", "title": "WP Edit Username <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Edit Username", "slug": "wp-edit-username", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47461b7b-e986-4048-88aa-175242305795?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "474ad5a5-6384-41cb-a60b-e25477d48ad7": { "id": "474ad5a5-6384-41cb-a60b-e25477d48ad7", "title": "Powerplay Gallery <= 3.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Powerplay Gallery", "slug": "wp-powerplaygallery", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/474ad5a5-6384-41cb-a60b-e25477d48ad7?source=api-scan" ], "published": "2015-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "474fdbcb-fe3c-4a79-a847-363f81b300c2": { "id": "474fdbcb-fe3c-4a79-a847-363f81b300c2", "title": "Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.218": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.218", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.219-beta" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/474fdbcb-fe3c-4a79-a847-363f81b300c2?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4752b3a7-dbb0-4326-bfff-b94dd55b4bf1": { "id": "4752b3a7-dbb0-4326-bfff-b94dd55b4bf1", "title": "Multivendor Marketplace Solution for WooCommerce \u2013 WC Marketplace <= 3.8.11.8 - Local File Inclusion", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 3.8.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4752b3a7-dbb0-4326-bfff-b94dd55b4bf1?source=api-scan" ], "published": "2022-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4757590a-f5dc-48d6-aef1-80158f728b6e": { "id": "4757590a-f5dc-48d6-aef1-80158f728b6e", "title": "Easy Modal < 2.1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Easy Modal", "slug": "easy-modal", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4757590a-f5dc-48d6-aef1-80158f728b6e?source=api-scan" ], "published": "2017-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "475ca301-32f2-4913-925c-369a9a4c83c1": { "id": "475ca301-32f2-4913-925c-369a9a4c83c1", "title": "Table Generator <= 1.3.0 - Missing Authorization to Table Modification", "software": [ { "type": "plugin", "name": "Table Generator", "slug": "table-generator", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/475ca301-32f2-4913-925c-369a9a4c83c1?source=api-scan" ], "published": "2022-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47681954-37ed-493b-b4da-9e9032e561b3": { "id": "47681954-37ed-493b-b4da-9e9032e561b3", "title": "got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect", "software": [ { "type": "plugin", "name": "Simple Page Ordering", "slug": "simple-page-ordering", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] }, { "type": "plugin", "name": "Simple Podcasting", "slug": "simple-podcasting", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "Safe Redirect Manager", "slug": "safe-redirect-manager", "affected_versions": { "* - 1.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47681954-37ed-493b-b4da-9e9032e561b3?source=api-scan" ], "published": "2022-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47687614-bd79-44fd-bc82-eaa801c1387d": { "id": "47687614-bd79-44fd-bc82-eaa801c1387d", "title": "GD Rating System <= 2.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47687614-bd79-44fd-bc82-eaa801c1387d?source=api-scan" ], "published": "2018-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "476c4eb3-db28-4f6a-9502-969e7f1c5ec1": { "id": "476c4eb3-db28-4f6a-9502-969e7f1c5ec1", "title": "Demo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Demo Importer Plus", "slug": "demo-importer-plus", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/476c4eb3-db28-4f6a-9502-969e7f1c5ec1?source=api-scan" ], "published": "2024-10-01 19:35:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4770441f-5d8b-4edb-93e3-d2d73f145d26": { "id": "4770441f-5d8b-4edb-93e3-d2d73f145d26", "title": "Download Monitor <= 2.0.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4770441f-5d8b-4edb-93e3-d2d73f145d26?source=api-scan" ], "published": "2008-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4775ef21-01d6-4c5a-9e3e-f9b6e093fc7f": { "id": "4775ef21-01d6-4c5a-9e3e-f9b6e093fc7f", "title": "WooCommerce Conversion Tracking <= 2.0.11 - Missing Authorization via wcct_install_happy_addons", "software": [ { "type": "plugin", "name": "WooCommerce Conversion Tracking", "slug": "woocommerce-conversion-tracking", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4775ef21-01d6-4c5a-9e3e-f9b6e093fc7f?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "477b41a5-b2ff-4b94-9622-824146a0e2ed": { "id": "477b41a5-b2ff-4b94-9622-824146a0e2ed", "title": "Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meow Gallery", "slug": "meow-gallery", "affected_versions": { "* - 5.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/477b41a5-b2ff-4b94-9622-824146a0e2ed?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "477c6fa2-16a8-4461-b4d4-d087e13e3ca7": { "id": "477c6fa2-16a8-4461-b4d4-d087e13e3ca7", "title": "Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Improper Authorization to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Go Pricing - WordPress Responsive Pricing Tables", "slug": "go_pricing", "affected_versions": { "* - 3.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/477c6fa2-16a8-4461-b4d4-d087e13e3ca7?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "477d3d7a-6028-4dd3-b713-6098bfe32832": { "id": "477d3d7a-6028-4dd3-b713-6098bfe32832", "title": "404 Solution <= 2.34.0 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "404 Solution", "slug": "404-solution", "affected_versions": { "[*, 2.35.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.35.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.35.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/477d3d7a-6028-4dd3-b713-6098bfe32832?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4782d4ea-3d79-40d2-850d-1a7583267616": { "id": "4782d4ea-3d79-40d2-850d-1a7583267616", "title": "CPT Shortcode Generator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "CPT Shortcode Generator", "slug": "cpt-shortcode", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4782d4ea-3d79-40d2-850d-1a7583267616?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4783eff5-b7cf-4342-b762-85f745c38ec8": { "id": "4783eff5-b7cf-4342-b762-85f745c38ec8", "title": "Font Awesome 4.0.0-rc15 and 4.0.0-rc16 - API Token Exposure", "software": [ { "type": "plugin", "name": "Font Awesome", "slug": "font-awesome", "affected_versions": { "4.0.0-rc15": { "from_version": "4.0.0-rc15", "from_inclusive": true, "to_version": "4.0.0-rc15", "to_inclusive": true }, "4.0.0-rc16": { "from_version": "4.0.0-rc16", "from_inclusive": true, "to_version": "4.0.0-rc16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0-rc17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4783eff5-b7cf-4342-b762-85f745c38ec8?source=api-scan" ], "published": "2020-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47853750-0bf1-4df3-9c56-c6852543cfad": { "id": "47853750-0bf1-4df3-9c56-c6852543cfad", "title": "Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.96": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47853750-0bf1-4df3-9c56-c6852543cfad?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "478723c4-cc45-4241-af45-21ee537f1dfa": { "id": "478723c4-cc45-4241-af45-21ee537f1dfa", "title": "Better WordPress reCAPTCHA <= 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better WordPress reCAPTCHA (with no CAPTCHA reCAPTCHA)", "slug": "bwp-recaptcha", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/478723c4-cc45-4241-af45-21ee537f1dfa?source=api-scan" ], "published": "2018-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "478b67e3-bd66-4f38-8a37-e677e5db875d": { "id": "478b67e3-bd66-4f38-8a37-e677e5db875d", "title": "Resim Ara <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Resim Ara", "slug": "resim-ara", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/478b67e3-bd66-4f38-8a37-e677e5db875d?source=api-scan" ], "published": "2020-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47906575-b88a-4e12-b134-accf47a264a0": { "id": "47906575-b88a-4e12-b134-accf47a264a0", "title": "Time Sheets < 1.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Time Sheets", "slug": "time-sheets", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47906575-b88a-4e12-b134-accf47a264a0?source=api-scan" ], "published": "2017-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47938357-7d51-4d62-a08c-4b2bf3f3a062": { "id": "47938357-7d51-4d62-a08c-4b2bf3f3a062", "title": "Wordfence Security <= 5.2.3 - Stored Cross-Site Scripting via HTTP_HOST", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47938357-7d51-4d62-a08c-4b2bf3f3a062?source=api-scan" ], "published": "2014-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47941722-acaf-4f72-a64d-d01dc5e84adf": { "id": "47941722-acaf-4f72-a64d-d01dc5e84adf", "title": "Complianz <= 6.4.4 (Premium <= 6.4.6.1) - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Complianz Premium \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr-premium", "affected_versions": { "* - 6.4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.7" ] }, { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47941722-acaf-4f72-a64d-d01dc5e84adf?source=api-scan" ], "published": "2023-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4794858f-ebaf-4adf-ab08-309964c18c00": { "id": "4794858f-ebaf-4adf-ab08-309964c18c00", "title": "GiveWP <= 2.5.4 - Authorization Bypass", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4794858f-ebaf-4adf-ab08-309964c18c00?source=api-scan" ], "published": "2019-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "479f7e9c-8918-4b87-b33d-a396276fb637": { "id": "479f7e9c-8918-4b87-b33d-a396276fb637", "title": "OOPSpam Anti-Spam <= 1.1.44 - Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries", "software": [ { "type": "plugin", "name": "OOPSpam Anti-Spam", "slug": "oopspam-anti-spam", "affected_versions": { "[*, 1.1.45)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.45", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/479f7e9c-8918-4b87-b33d-a396276fb637?source=api-scan" ], "published": "2023-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47a00c6f-958f-41c7-a213-c858d8fac2ed": { "id": "47a00c6f-958f-41c7-a213-c858d8fac2ed", "title": "Stars Rating <= 3.5.0 - Denial of Service", "software": [ { "type": "plugin", "name": "Stars Rating", "slug": "stars-rating", "affected_versions": { "[*, 3.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47a00c6f-958f-41c7-a213-c858d8fac2ed?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47a99115-3e7b-4666-a00e-2b94d7d62e1a": { "id": "47a99115-3e7b-4666-a00e-2b94d7d62e1a", "title": "Seed Social <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seed Social", "slug": "seed-social", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47a99115-3e7b-4666-a00e-2b94d7d62e1a?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47ab93d2-0e1d-42b0-a6ea-05300eae8da7": { "id": "47ab93d2-0e1d-42b0-a6ea-05300eae8da7", "title": "WP Docs <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Docs", "slug": "wp-docs", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47ab93d2-0e1d-42b0-a6ea-05300eae8da7?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47aed582-efb6-4caf-a65b-57995907ecaa": { "id": "47aed582-efb6-4caf-a65b-57995907ecaa", "title": "Mail logging \u2013 WP Mail Catcher <= 2.1.3 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Mail logging \u2013 WP Mail Catcher", "slug": "wp-mail-catcher", "affected_versions": { "[*, 2.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47aed582-efb6-4caf-a65b-57995907ecaa?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47b75e7f-87d3-40d5-b3c4-998d3164d48a": { "id": "47b75e7f-87d3-40d5-b3c4-998d3164d48a", "title": "SP Project & Document Manager <= 2.5.9.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 2.5.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47b75e7f-87d3-40d5-b3c4-998d3164d48a?source=api-scan" ], "published": "2016-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47baeaee-de6b-4459-a211-177859427e70": { "id": "47baeaee-de6b-4459-a211-177859427e70", "title": "Popups <= 1.9.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popups \u2013 WordPress Popup", "slug": "popups", "affected_versions": { "* - 1.9.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47baeaee-de6b-4459-a211-177859427e70?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47bb46df-3ed6-4331-8c05-c76331aa6995": { "id": "47bb46df-3ed6-4331-8c05-c76331aa6995", "title": "Paid Memberships Pro CCBill Gateway <= 0.3 - Insufficient Authorization", "software": [ { "type": "plugin", "name": "Paid Memberships Pro CCBill Gateway", "slug": "pmpro-ccbill", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47bb46df-3ed6-4331-8c05-c76331aa6995?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47c2bf75-fba1-4c37-b33a-f5e0e093fb78": { "id": "47c2bf75-fba1-4c37-b33a-f5e0e093fb78", "title": "SpiderVPlayer< 1.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpiderVPlayer", "slug": "player", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47c2bf75-fba1-4c37-b33a-f5e0e093fb78?source=api-scan" ], "published": "2015-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47cb48aa-b556-4f25-ac68-ff0a812972c1": { "id": "47cb48aa-b556-4f25-ac68-ff0a812972c1", "title": "Export WP Page to Static HTML\/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "Export WP Page to Static HTML\/CSS", "slug": "export-wp-page-to-static-html", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47cc9978-6074-4e8a-a471-d8483890d161": { "id": "47cc9978-6074-4e8a-a471-d8483890d161", "title": "StoryChief <= 1.0.30 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StoryChief", "slug": "story-chief", "affected_versions": { "* - 1.0.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47cc9978-6074-4e8a-a471-d8483890d161?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47ccda70-8c89-4e0f-a7fa-5b80515e60dc": { "id": "47ccda70-8c89-4e0f-a7fa-5b80515e60dc", "title": "WOWRestro \u2013 Online Ordering System For WooCommerce < 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WOWRestro \u2013 Online Ordering System For WooCommerce", "slug": "wowrestro", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47ccda70-8c89-4e0f-a7fa-5b80515e60dc?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47d4cf6a-400f-4001-95de-f93e574bb2ef": { "id": "47d4cf6a-400f-4001-95de-f93e574bb2ef", "title": "WordPress Popular Posts <= 5.3.2 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Popular Posts", "slug": "wordpress-popular-posts", "affected_versions": { "[*, 5.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47d4cf6a-400f-4001-95de-f93e574bb2ef?source=api-scan" ], "published": "2021-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47dccf26-6c8d-4418-a874-c29749bee537": { "id": "47dccf26-6c8d-4418-a874-c29749bee537", "title": "LadiApp <= 4.4 - Missing Authorization via ladiflow_save_hook()", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "4.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47dccf26-6c8d-4418-a874-c29749bee537?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47e25cfa-fedf-413a-bfe7-18a1de429bc3": { "id": "47e25cfa-fedf-413a-bfe7-18a1de429bc3", "title": "ActiveCampaign \u2013 Forms, Site Tracking, Live Chat <= 8.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ActiveCampaign \u2013 Forms, Site Tracking, Live Chat", "slug": "activecampaign-subscription-forms", "affected_versions": { "* - 8.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47e25cfa-fedf-413a-bfe7-18a1de429bc3?source=api-scan" ], "published": "2023-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47e402c3-e06c-4ac9-8c60-5666cb1101ce": { "id": "47e402c3-e06c-4ac9-8c60-5666cb1101ce", "title": "Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 6.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47e402c3-e06c-4ac9-8c60-5666cb1101ce?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47e6840e-9f6c-44eb-a6bd-e25e4c5c0bf7": { "id": "47e6840e-9f6c-44eb-a6bd-e25e4c5c0bf7", "title": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer <= 7.13.63 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "* - 7.13.63": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.63", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47e6840e-9f6c-44eb-a6bd-e25e4c5c0bf7?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47eb6ca7-049c-41b8-9210-391d4d1b8b2f": { "id": "47eb6ca7-049c-41b8-9210-391d4d1b8b2f", "title": "Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup contact form", "slug": "popup-contact-form", "affected_versions": { "* - 7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47eb6ca7-049c-41b8-9210-391d4d1b8b2f?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47f04985-dd9b-449f-8b4c-9811fe7e4a96": { "id": "47f04985-dd9b-449f-8b4c-9811fe7e4a96", "title": "FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import", "software": [ { "type": "plugin", "name": "FileBird \u2013 WordPress Media Library Folders & File Manager", "slug": "filebird", "affected_versions": { "* - 5.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47f051dd-138c-4c71-8a92-150c9ffd3601": { "id": "47f051dd-138c-4c71-8a92-150c9ffd3601", "title": "Currency Converter Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Currency Converter Widget \u2013 Exchange Rates", "slug": "currency-converter-widget", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47f051dd-138c-4c71-8a92-150c9ffd3601?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47f05812-b873-4092-9014-20ca1d0e484a": { "id": "47f05812-b873-4092-9014-20ca1d0e484a", "title": "Knowledge Base documentation & wiki plugin \u2013 BasePress <= 2.16.1 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Knowledge Base documentation & wiki plugin \u2013 BasePress Docs", "slug": "basepress", "affected_versions": { "* - 2.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47f05812-b873-4092-9014-20ca1d0e484a?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47f0795c-5a79-47e8-b118-f4f0e95ac53b": { "id": "47f0795c-5a79-47e8-b118-f4f0e95ac53b", "title": "Salutation Responsive WordPress Theme < 3.0.16 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Salutation Responsive WordPress Theme", "slug": "parallelus-salutation", "affected_versions": { "[*, 3.0.16)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47f0795c-5a79-47e8-b118-f4f0e95ac53b?source=api-scan" ], "published": "2017-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47f668b0-8165-4ce8-97cc-b674e708c2eb": { "id": "47f668b0-8165-4ce8-97cc-b674e708c2eb", "title": "Quiz and Survey Master (QSM) <= 9.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 9.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47f668b0-8165-4ce8-97cc-b674e708c2eb?source=api-scan" ], "published": "2024-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47fb0513-bebe-4e09-9402-d7e174ee92ce": { "id": "47fb0513-bebe-4e09-9402-d7e174ee92ce", "title": "NextGen Gallery <= 2.0.65 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.0.65": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47fb0513-bebe-4e09-9402-d7e174ee92ce?source=api-scan" ], "published": "2014-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "47feeeef-07ff-42a1-a94d-b90c25cce2e6": { "id": "47feeeef-07ff-42a1-a94d-b90c25cce2e6", "title": "WooThumbs for WooCommerce by Iconic <= 5.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooThumbs for WooCommerce by Iconic", "slug": "iconic-woothumbs", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/47feeeef-07ff-42a1-a94d-b90c25cce2e6?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48069ad5-0779-444b-8215-d1f08b493108": { "id": "48069ad5-0779-444b-8215-d1f08b493108", "title": "SEO Redirection Plugin <= 8.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "* - 8.9": { "from_version": "*", "from_inclusive": true, "to_version": "8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48069ad5-0779-444b-8215-d1f08b493108?source=api-scan" ], "published": "2022-10-25 13:45:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48075ef0-b3c5-487b-93c2-d3e630742fe4": { "id": "48075ef0-b3c5-487b-93c2-d3e630742fe4", "title": "Mail Masta <= 1.0 - SQL Injection via list_id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48075ef0-b3c5-487b-93c2-d3e630742fe4?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4809d513-69e8-4572-9549-9dba9f40cb80": { "id": "4809d513-69e8-4572-9549-9dba9f40cb80", "title": "Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.75": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4809d513-69e8-4572-9549-9dba9f40cb80?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "481121b2-4ea9-489e-b582-ec8bbf87c902": { "id": "481121b2-4ea9-489e-b582-ec8bbf87c902", "title": "Patreon WordPress <= 1.8.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/481121b2-4ea9-489e-b582-ec8bbf87c902?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "481bbdd6-9546-4c1f-a4ec-023ad7b37217": { "id": "481bbdd6-9546-4c1f-a4ec-023ad7b37217", "title": "BackupBuddy <= 2.2.28 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "BackupBuddy", "slug": "backupbuddy", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/481bbdd6-9546-4c1f-a4ec-023ad7b37217?source=api-scan" ], "published": "2013-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "481c18c1-8394-4d5d-89a1-8cfbbbc40bd4": { "id": "481c18c1-8394-4d5d-89a1-8cfbbbc40bd4", "title": "DL Verification <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DL Verification", "slug": "dl-verification", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/481c18c1-8394-4d5d-89a1-8cfbbbc40bd4?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "481c738e-d544-4587-8632-e85a7ddd8b14": { "id": "481c738e-d544-4587-8632-e85a7ddd8b14", "title": "WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota", "software": [ { "type": "plugin", "name": "WatchTowerHQ", "slug": "watchtowerhq", "affected_versions": { "* - 3.6.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/481c738e-d544-4587-8632-e85a7ddd8b14?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4822f1c7-3f83-416c-8957-17e4b53d7e69": { "id": "4822f1c7-3f83-416c-8957-17e4b53d7e69", "title": "Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Album and Image Gallery plus Lightbox", "slug": "album-and-image-gallery-plus-lightbox", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "482bae65-5493-4de5-9d5f-479d0968cd4a": { "id": "482bae65-5493-4de5-9d5f-479d0968cd4a", "title": "Launchpad <= 1.0.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Launchpad \u2013 Coming Soon & Maintenance Mode Plugin", "slug": "launchpad-by-obox", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/482bae65-5493-4de5-9d5f-479d0968cd4a?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "482bf861-e556-40af-b522-c22ef6c9938b": { "id": "482bf861-e556-40af-b522-c22ef6c9938b", "title": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/482bf861-e556-40af-b522-c22ef6c9938b?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4830fb09-c138-4316-bdde-c233d58b0d91": { "id": "4830fb09-c138-4316-bdde-c233d58b0d91", "title": "UserPro <= 5.1.8 - Unauthenticated Account Takeover to Privilege Escalation", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "5.1.8": { "from_version": "5.1.8", "from_inclusive": true, "to_version": "5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4830fb09-c138-4316-bdde-c233d58b0d91?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "483564f8-6308-4913-82e2-78d69aebb6dd": { "id": "483564f8-6308-4913-82e2-78d69aebb6dd", "title": "YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YouTube Embed", "slug": "youtube-embed", "affected_versions": { "* - 5.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/483564f8-6308-4913-82e2-78d69aebb6dd?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4838c2ad-87e0-4140-81bb-7d39d7a704dc": { "id": "4838c2ad-87e0-4140-81bb-7d39d7a704dc", "title": "eShop < 6.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eShop", "slug": "eshop", "affected_versions": { "[*, 6.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4838c2ad-87e0-4140-81bb-7d39d7a704dc?source=api-scan" ], "published": "2011-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48421787-9dc1-48ea-892b-bb43b2a6c4da": { "id": "48421787-9dc1-48ea-892b-bb43b2a6c4da", "title": "Import Users from CSV <= 1.2 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Import Users from CSV", "slug": "import-users-from-csv", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48421787-9dc1-48ea-892b-bb43b2a6c4da?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "484ad4ef-9d0d-4dc5-8bb4-d81d0311ebf8": { "id": "484ad4ef-9d0d-4dc5-8bb4-d81d0311ebf8", "title": "Software License Manager <= 4.5.0 - Cross-Site Request Forgery leading to Arbitrary Domain Deletion", "software": [ { "type": "plugin", "name": "Software License Manager", "slug": "software-license-manager", "affected_versions": { "[*, 4.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/484ad4ef-9d0d-4dc5-8bb4-d81d0311ebf8?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "484d8d14-049d-4fd5-adb8-ad9942bba794": { "id": "484d8d14-049d-4fd5-adb8-ad9942bba794", "title": "Mighty Addons for Elementor <= 1.9.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mighty Addons for Elementor", "slug": "mighty-addons", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/484d8d14-049d-4fd5-adb8-ad9942bba794?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48511d1a-2fd5-4be4-8409-e99d4aadcdfe": { "id": "48511d1a-2fd5-4be4-8409-e99d4aadcdfe", "title": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48511d1a-2fd5-4be4-8409-e99d4aadcdfe?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4852bd93-032f-4e11-ac30-7268684f08e2": { "id": "4852bd93-032f-4e11-ac30-7268684f08e2", "title": "Yoo Slider <= 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoo Slider \u2013 Image Slider & Video Slider", "slug": "yoo-slider", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4852bd93-032f-4e11-ac30-7268684f08e2?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4855627a-de56-49ee-b0b0-01b9735d8557": { "id": "4855627a-de56-49ee-b0b0-01b9735d8557", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4855627a-de56-49ee-b0b0-01b9735d8557?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48583297-59db-48ec-8551-d6b37ac02197": { "id": "48583297-59db-48ec-8551-d6b37ac02197", "title": "JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "3.0.0 - 3.3.0": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48583297-59db-48ec-8551-d6b37ac02197?source=api-scan" ], "published": "2023-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "485b0f47-fb3c-49f5-8e27-c250879cb75f": { "id": "485b0f47-fb3c-49f5-8e27-c250879cb75f", "title": "Lordicon Animated Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lordicon Animated Icons", "slug": "lordicon-interactive-icons", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/485b0f47-fb3c-49f5-8e27-c250879cb75f?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "486b6a75-d101-4f3a-8436-6c23dd0ff200": { "id": "486b6a75-d101-4f3a-8436-6c23dd0ff200", "title": "My YouTube Channel <= 3.0.12.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "My YouTube Channel", "slug": "youtube-channel", "affected_versions": { "* - 3.0.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/486b6a75-d101-4f3a-8436-6c23dd0ff200?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "486f43cc-cc3f-4a63-b00f-86f29a391269": { "id": "486f43cc-cc3f-4a63-b00f-86f29a391269", "title": "king_IE <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "king_IE", "slug": "king-ie", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/486f43cc-cc3f-4a63-b00f-86f29a391269?source=api-scan" ], "published": "2024-09-25 21:22:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "486fa1a6-aa47-4bf9-b1da-582e316f6bcb": { "id": "486fa1a6-aa47-4bf9-b1da-582e316f6bcb", "title": "Woocommerce Customers Manager <= 26.4 - Authenticated Account Creation and Privilege Escalation", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "[*, 26.5)": { "from_version": "*", "from_inclusive": true, "to_version": "26.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "26.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/486fa1a6-aa47-4bf9-b1da-582e316f6bcb?source=api-scan" ], "published": "2021-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5": { "id": "486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5", "title": "WP Radio \u2013 Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings", "software": [ { "type": "plugin", "name": "WP Radio \u2013 Worldwide Online Radio Stations Directory for WordPress", "slug": "wp-radio", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48758ada-4c7f-4a7f-8b43-535f820e6b3c": { "id": "48758ada-4c7f-4a7f-8b43-535f820e6b3c", "title": "Accordion <= 2.2.43 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accordion", "slug": "accordions", "affected_versions": { "* - 2.2.40": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48758ada-4c7f-4a7f-8b43-535f820e6b3c?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4876e05e-efa6-46c6-832b-9ecc42934998": { "id": "4876e05e-efa6-46c6-832b-9ecc42934998", "title": "Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4876e05e-efa6-46c6-832b-9ecc42934998?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "487731cd-da5a-45b6-8f39-4ae6420dd252": { "id": "487731cd-da5a-45b6-8f39-4ae6420dd252", "title": "ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.15.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/487731cd-da5a-45b6-8f39-4ae6420dd252?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48784892-443f-452c-9fe9-12e73af1cf7f": { "id": "48784892-443f-452c-9fe9-12e73af1cf7f", "title": "Booster for WooCommerce (Free <= 5.6.2 and Premium <= 5.6.0) - Authenticated (Subscriber+) Order Modification", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "* - 5.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.1" ] }, { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48784892-443f-452c-9fe9-12e73af1cf7f?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "487a131e-4911-42d6-bfd7-fc697c89552d": { "id": "487a131e-4911-42d6-bfd7-fc697c89552d", "title": "BizPrint <= 4.5.1 - Cross-Site Request Forgery in Printer Management", "software": [ { "type": "plugin", "name": "Print Anywhere & Create PDFs of Order Receipts, Invoices, Labels & More.", "slug": "print-google-cloud-print-gcp-woocommerce", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/487a131e-4911-42d6-bfd7-fc697c89552d?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "487a6c5e-226b-4b30-a402-bd5132d17ea8": { "id": "487a6c5e-226b-4b30-a402-bd5132d17ea8", "title": "Copyright Proof <= 4.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Copyright Proof", "slug": "digiproveblog", "affected_versions": { "* - 4.16": { "from_version": "*", "from_inclusive": true, "to_version": "4.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/487a6c5e-226b-4b30-a402-bd5132d17ea8?source=api-scan" ], "published": "2022-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "487d4175-97bf-4c65-9d7d-b83974e9fda9": { "id": "487d4175-97bf-4c65-9d7d-b83974e9fda9", "title": "Mail On Update < 5.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mail On Update", "slug": "mail-on-update", "affected_versions": { "[*, 5.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/487d4175-97bf-4c65-9d7d-b83974e9fda9?source=api-scan" ], "published": "2013-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "487d94e8-e4f1-4da8-914c-96157f8ae14d": { "id": "487d94e8-e4f1-4da8-914c-96157f8ae14d", "title": "MouseWheel Smooth Scroll <= 5.6 - Plugin's Setting Update via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MouseWheel Smooth Scroll", "slug": "mousewheel-smooth-scroll", "affected_versions": { "* - 5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/487d94e8-e4f1-4da8-914c-96157f8ae14d?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "487e23c9-9100-4240-8992-c4c85930c4a6": { "id": "487e23c9-9100-4240-8992-c4c85930c4a6", "title": "WP Courses LMS <= 3.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, Courses Solution, Education Courses", "slug": "wp-courses", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/487e23c9-9100-4240-8992-c4c85930c4a6?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "487e5add-726c-4cfc-b86e-bb4eeec168a3": { "id": "487e5add-726c-4cfc-b86e-bb4eeec168a3", "title": "Embed videos and respect privacy <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Embed videos and respect privacy", "slug": "video-embed-privacy", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/487e5add-726c-4cfc-b86e-bb4eeec168a3?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "488567cd-b296-402f-9056-667b061950da": { "id": "488567cd-b296-402f-9056-667b061950da", "title": "WP Logs Book <= 1.0.1 - Cross-Site Request Forgery to Log Clearing", "software": [ { "type": "plugin", "name": "WP Logs Book", "slug": "wp-logs-book", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/488567cd-b296-402f-9056-667b061950da?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4888a1dc-ed12-41c0-910b-6c9740a54ef0": { "id": "4888a1dc-ed12-41c0-910b-6c9740a54ef0", "title": "Twitter Friends Widget <= 3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Twitter Friends Widget", "slug": "twitter-friends-widget", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4888a1dc-ed12-41c0-910b-6c9740a54ef0?source=api-scan" ], "published": "2021-09-08 20:09:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "488970f0-3120-4f4a-9915-2ae1708bd86a": { "id": "488970f0-3120-4f4a-9915-2ae1708bd86a", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/488970f0-3120-4f4a-9915-2ae1708bd86a?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "488ac848-786e-4100-a387-5a40e8fc4175": { "id": "488ac848-786e-4100-a387-5a40e8fc4175", "title": "ElementsKit Pro <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsKit Pro", "slug": "elementskit", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/488ac848-786e-4100-a387-5a40e8fc4175?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "488bafe4-746a-4531-95ac-30d17ace2239": { "id": "488bafe4-746a-4531-95ac-30d17ace2239", "title": "Calendar Event Multi View <= 1.4.06 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calendar Event Multi View", "slug": "cp-multi-view-calendar", "affected_versions": { "* - 1.4.06": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/488bafe4-746a-4531-95ac-30d17ace2239?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "488e26e2-d4d7-4036-a672-53c2d4c9d39b": { "id": "488e26e2-d4d7-4036-a672-53c2d4c9d39b", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_uucss_logs'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/488e26e2-d4d7-4036-a672-53c2d4c9d39b?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4890cd48-a448-4af1-ae1e-6456300434e5": { "id": "4890cd48-a448-4af1-ae1e-6456300434e5", "title": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4890cd48-a448-4af1-ae1e-6456300434e5?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4890ec6f-ba73-48bd-8dd7-f896d6b4a140": { "id": "4890ec6f-ba73-48bd-8dd7-f896d6b4a140", "title": "Ultimate Member <= 2.0.45 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.46)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.46", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4890ec6f-ba73-48bd-8dd7-f896d6b4a140?source=api-scan" ], "published": "2019-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4891055a-04b2-453d-a2ea-2fb793705ff8": { "id": "4891055a-04b2-453d-a2ea-2fb793705ff8", "title": "Ocean Extra <= 1.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "[*, 1.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4891055a-04b2-453d-a2ea-2fb793705ff8?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4891fd3f-563b-497a-a5d9-617f4862298b": { "id": "4891fd3f-563b-497a-a5d9-617f4862298b", "title": "Advanced Contact form 7 DB <= 1.8.6 - Authenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Advanced Contact form 7 DB", "slug": "advanced-cf7-db", "affected_versions": { "[*, 1.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4891fd3f-563b-497a-a5d9-617f4862298b?source=api-scan" ], "published": "2022-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "489256a8-e28f-4d7c-895a-928e9463bb1b": { "id": "489256a8-e28f-4d7c-895a-928e9463bb1b", "title": "WP Hotel Booking <= 2.0.9.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 2.0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/489256a8-e28f-4d7c-895a-928e9463bb1b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4893d7a7-6e37-4b58-b7ae-53feb0c85ff5": { "id": "4893d7a7-6e37-4b58-b7ae-53feb0c85ff5", "title": "Uploadify <= 1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Uploadify", "slug": "uploadify", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4893d7a7-6e37-4b58-b7ae-53feb0c85ff5?source=api-scan" ], "published": "2011-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48949329-8918-4d37-9f3a-1005e99d7e4d": { "id": "48949329-8918-4d37-9f3a-1005e99d7e4d", "title": "Advanced Booking Calendar <= 1.6.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Booking Calendar", "slug": "advanced-booking-calendar", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48949329-8918-4d37-9f3a-1005e99d7e4d?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "489dc156-b8cb-4e08-a847-73a891398d5c": { "id": "489dc156-b8cb-4e08-a847-73a891398d5c", "title": "Cookie Notice & Consent 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Notice & Consent", "slug": "cookie-notice-consent", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/489dc156-b8cb-4e08-a847-73a891398d5c?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "489fe6ac-5437-44a2-93dc-00e75eefbc45": { "id": "489fe6ac-5437-44a2-93dc-00e75eefbc45", "title": "FeedFocal <= 1.2.2 - Missing Authorization via feedfocal_api_setup REST function", "software": [ { "type": "plugin", "name": "FeedFocal", "slug": "feedfocal", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/489fe6ac-5437-44a2-93dc-00e75eefbc45?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48a13fb7-bf1a-4bf2-ac3b-3b5a75fec616": { "id": "48a13fb7-bf1a-4bf2-ac3b-3b5a75fec616", "title": "Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48a13fb7-bf1a-4bf2-ac3b-3b5a75fec616?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48aa5be8-a5d9-4f5e-ba30-d6afb3f0fee0": { "id": "48aa5be8-a5d9-4f5e-ba30-d6afb3f0fee0", "title": "Viral Mag <= 1.0.9 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Viral Mag", "slug": "viral-mag", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48aa5be8-a5d9-4f5e-ba30-d6afb3f0fee0?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48ab8363-bc1c-47b4-8eb4-6093cd7591c9": { "id": "48ab8363-bc1c-47b4-8eb4-6093cd7591c9", "title": "Zero Spam <= 5.5.6 - Spam Protection Bypass", "software": [ { "type": "plugin", "name": "Zero Spam for WordPress", "slug": "zero-spam", "affected_versions": { "* - 5.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48ab8363-bc1c-47b4-8eb4-6093cd7591c9?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48b0d7ad-f4d6-45b5-8694-e41551728e83": { "id": "48b0d7ad-f4d6-45b5-8694-e41551728e83", "title": "Eduma <= 5.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Eduma", "slug": "eduma", "affected_versions": { "* - 5.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48b0d7ad-f4d6-45b5-8694-e41551728e83?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48b31324-c6a3-4550-939e-06f7b3c7067a": { "id": "48b31324-c6a3-4550-939e-06f7b3c7067a", "title": "Checklist <= 1.1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Checklist", "slug": "checklist", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48b31324-c6a3-4550-939e-06f7b3c7067a?source=api-scan" ], "published": "2019-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48b4214f-b722-405e-9bb7-a1faa68f0429": { "id": "48b4214f-b722-405e-9bb7-a1faa68f0429", "title": "Cardinity Payment Gateway for WooCommerce <= 3.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cardinity Payment Gateway for WooCommerce", "slug": "cardinity-free-payment-gateway-for-woocommerce", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48b4214f-b722-405e-9bb7-a1faa68f0429?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48b6b9a3-c80d-4fde-9e8c-1f60781b7484": { "id": "48b6b9a3-c80d-4fde-9e8c-1f60781b7484", "title": "All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 4.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48b6b9a3-c80d-4fde-9e8c-1f60781b7484?source=api-scan" ], "published": "2016-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48b9f3e3-b7fd-4d7c-8f8b-b11ed977aa92": { "id": "48b9f3e3-b7fd-4d7c-8f8b-b11ed977aa92", "title": "Surbma | GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Surbma | GDPR Proof Cookie Consent & Notice Bar", "slug": "surbma-gdpr-proof-google-analytics", "affected_versions": { "* - 17.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "17.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "17.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48b9f3e3-b7fd-4d7c-8f8b-b11ed977aa92?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48be0157-5eb9-4e06-b406-0af659de034b": { "id": "48be0157-5eb9-4e06-b406-0af659de034b", "title": "TS Webfonts for SAKURA <= 3.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TS Webfonts for \u3055\u304f\u3089\u306e\u30ec\u30f3\u30bf\u30eb\u30b5\u30fc\u30d0", "slug": "ts-webfonts-for-sakura", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48be0157-5eb9-4e06-b406-0af659de034b?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48bf9bf4-1b8a-41cc-adc9-a618d075c7f2": { "id": "48bf9bf4-1b8a-41cc-adc9-a618d075c7f2", "title": "Modern Events Calendar Lite <= 6.3.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48bf9bf4-1b8a-41cc-adc9-a618d075c7f2?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48c40f60-d919-41d9-a2d9-8dad1f03db5c": { "id": "48c40f60-d919-41d9-a2d9-8dad1f03db5c", "title": "InJob | Multi features for recruitment WordPress Theme <= 3.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "InJob | Multi features for recruitment WordPress Theme", "slug": "injob", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48c40f60-d919-41d9-a2d9-8dad1f03db5c?source=api-scan" ], "published": "2020-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48c6efc9-6c53-4ac9-8f99-62fbab0599ce": { "id": "48c6efc9-6c53-4ac9-8f99-62fbab0599ce", "title": "Gallery Bank \u2013 WordPress Photo Gallery Plugin <= 3.0.229 - SQL Injection", "software": [ { "type": "plugin", "name": "Gallery Bank \u2013 WordPress Photo Gallery Plugin", "slug": "gallery-bank", "affected_versions": { "[*, 3.0.330)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.330", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.330" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48c6efc9-6c53-4ac9-8f99-62fbab0599ce?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48cb5d7b-afbc-4387-ad32-13d2fcb19061": { "id": "48cb5d7b-afbc-4387-ad32-13d2fcb19061", "title": "Debug Log Manager <= 2.3.1 - Missing Authorization via toggle_debugging", "software": [ { "type": "plugin", "name": "Debug Log Manager", "slug": "debug-log-manager", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48cb5d7b-afbc-4387-ad32-13d2fcb19061?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48d0e0e0-81db-46ef-ba64-daa2a4079b79": { "id": "48d0e0e0-81db-46ef-ba64-daa2a4079b79", "title": "Yoast SEO <= 3.2.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48d0e0e0-81db-46ef-ba64-daa2a4079b79?source=api-scan" ], "published": "2016-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48d6d4c1-cc87-4c2c-9fbb-90af62f576aa": { "id": "48d6d4c1-cc87-4c2c-9fbb-90af62f576aa", "title": "Visual Sound <= 1.03 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Visual Sound", "slug": "visual-sound", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48d6d4c1-cc87-4c2c-9fbb-90af62f576aa?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48dc10a9-7bb9-401f-befd-1bf620858825": { "id": "48dc10a9-7bb9-401f-befd-1bf620858825", "title": "Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure", "software": [ { "type": "plugin", "name": "Coming Soon & Maintenance Mode by Colorlib", "slug": "colorlib-coming-soon-maintenance", "affected_versions": { "* - 1.0.99": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.99", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48dc10a9-7bb9-401f-befd-1bf620858825?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f": { "id": "48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f", "title": "Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Modal Window \u2013 create popup modal window", "slug": "modal-window", "affected_versions": { "* - 5.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48e30af6-d28c-4547-aef9-d216064c9829": { "id": "48e30af6-d28c-4547-aef9-d216064c9829", "title": "Hybrid < 0.10 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Hybrid", "slug": "hybrid", "affected_versions": { "[*, 0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48e30af6-d28c-4547-aef9-d216064c9829?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48e3976a-5dfc-44f5-8d01-0bd1b68575be": { "id": "48e3976a-5dfc-44f5-8d01-0bd1b68575be", "title": "Comment Highlighter <= 0.13 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Comment Highlighter", "slug": "comment-highlighter", "affected_versions": { "* - 0.13": { "from_version": "*", "from_inclusive": true, "to_version": "0.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48e3976a-5dfc-44f5-8d01-0bd1b68575be?source=api-scan" ], "published": "2021-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48e7acf2-61d4-4762-8657-0701910ce69b": { "id": "48e7acf2-61d4-4762-8657-0701910ce69b", "title": "InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post\/Taxonomy\/User Add\/Change\/Delete, Customizer Setting Change, Plugin Installation\/Activation\/Deactication via events_receiver", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.0.9.18": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.9.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.0.9.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48e7acf2-61d4-4762-8657-0701910ce69b?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48ebeb6a-c585-4ddc-92ab-144f66193991": { "id": "48ebeb6a-c585-4ddc-92ab-144f66193991", "title": "Coming Soon by Supsystic <= 1.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Maintenance Mode by Supsystic", "slug": "coming-soon-by-supsystic", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48ebeb6a-c585-4ddc-92ab-144f66193991?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48ee0d97-40c1-451f-8a5f-b32ff032e8b0": { "id": "48ee0d97-40c1-451f-8a5f-b32ff032e8b0", "title": "Permalink Manager Lite <= 2.2.14 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "[*, 2.2.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48ee0d97-40c1-451f-8a5f-b32ff032e8b0?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48f148ee-800d-4c8f-bf43-893ec7961f3a": { "id": "48f148ee-800d-4c8f-bf43-893ec7961f3a", "title": "WordCamp Talks < 1.0.0 Beta3 - CSV Injection", "software": [ { "type": "plugin", "name": "wordcamp-talks", "slug": "wordcamp-talks", "affected_versions": { "[*, 1.0.0-beta3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0-beta3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.0-beta3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48f148ee-800d-4c8f-bf43-893ec7961f3a?source=api-scan" ], "published": "2017-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48f39d6c-621b-4c78-9459-68bb67a94f57": { "id": "48f39d6c-621b-4c78-9459-68bb67a94f57", "title": "WatuPRO < 4.9.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WatuPRO", "slug": "watupro", "affected_versions": { "[*, 4.9.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48f39d6c-621b-4c78-9459-68bb67a94f57?source=api-scan" ], "published": "2015-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48f5aba0-42a0-4b63-8195-29103576a794": { "id": "48f5aba0-42a0-4b63-8195-29103576a794", "title": "RS-Members <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "RS-Members", "slug": "rs-members", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48f5aba0-42a0-4b63-8195-29103576a794?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48f69a86-1007-4565-8311-9e542bd4d66b": { "id": "48f69a86-1007-4565-8311-9e542bd4d66b", "title": "Advanced Sermons <= 3.1 - Reflected Cross-Site Scripting via s", "software": [ { "type": "plugin", "name": "Advanced Sermons", "slug": "advanced-sermons", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48f69a86-1007-4565-8311-9e542bd4d66b?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48f7ad3b-608b-4802-b7ab-fad4c449cc62": { "id": "48f7ad3b-608b-4802-b7ab-fad4c449cc62", "title": "SP Projects & Document Manager <= 2.6.0.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 2.6.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48f7ad3b-608b-4802-b7ab-fad4c449cc62?source=api-scan" ], "published": "2016-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48fa5f3b-000b-406e-b7ee-51af5720cf72": { "id": "48fa5f3b-000b-406e-b7ee-51af5720cf72", "title": "Premium Addons for Elementor PRO <= 2.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget link", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48fa5f3b-000b-406e-b7ee-51af5720cf72?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48fdece5-2996-426f-b77c-ae0b35bcd0ce": { "id": "48fdece5-2996-426f-b77c-ae0b35bcd0ce", "title": "Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style'", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.28": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48fdece5-2996-426f-b77c-ae0b35bcd0ce?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "48ffd408-ef7b-4b78-90c3-e1645d7354b1": { "id": "48ffd408-ef7b-4b78-90c3-e1645d7354b1", "title": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly <= 22.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly", "slug": "bookly-responsive-appointment-booking-tool", "affected_versions": { "* - 22.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "22.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "22.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/48ffd408-ef7b-4b78-90c3-e1645d7354b1?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "490061dc-11f7-48f2-bc9a-974bedf16621": { "id": "490061dc-11f7-48f2-bc9a-974bedf16621", "title": "Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Stamped.io Product Reviews & UGC for WooCommerce", "slug": "stampedio-product-reviews", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/490061dc-11f7-48f2-bc9a-974bedf16621?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49008e63-d369-49b8-9dd7-3dff6dbea17c": { "id": "49008e63-d369-49b8-9dd7-3dff6dbea17c", "title": "Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49008e63-d369-49b8-9dd7-3dff6dbea17c?source=api-scan" ], "published": "2019-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49018b4b-2833-4ced-b36a-ebe69c5cb096": { "id": "49018b4b-2833-4ced-b36a-ebe69c5cb096", "title": "Smooth Scroll Links <= 1.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Smooth Scroll Links [SSL]", "slug": "smooth-scrolling-links-ssl", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49018b4b-2833-4ced-b36a-ebe69c5cb096?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "490944a6-96e8-4416-a63b-c7a7ba9172ae": { "id": "490944a6-96e8-4416-a63b-c7a7ba9172ae", "title": "Clean Login <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Clean Login", "slug": "clean-login", "affected_versions": { "* - 1.13.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/490944a6-96e8-4416-a63b-c7a7ba9172ae?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "490b48e8-bdfa-4843-89df-1f50c05a05b8": { "id": "490b48e8-bdfa-4843-89df-1f50c05a05b8", "title": "WANotifier \u2013 Send Message Notifications Using WhatsApp API <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WANotifier \u2013 Send Message Notifications Using Cloud API", "slug": "notifier", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/490b48e8-bdfa-4843-89df-1f50c05a05b8?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "490b4ee5-dd99-42af-94af-b45cea27b287": { "id": "490b4ee5-dd99-42af-94af-b45cea27b287", "title": "NPS computy <= 2.7.5 - Cross-Site Request Forgery to Results Deletion", "software": [ { "type": "plugin", "name": "NPS computy", "slug": "nps-computy", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/490b4ee5-dd99-42af-94af-b45cea27b287?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "490f5939-a990-4fb7-9515-f8dcee53d75a": { "id": "490f5939-a990-4fb7-9515-f8dcee53d75a", "title": "WPML < 3.1.8 - Authorization Bypass", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "[*, 3.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/490f5939-a990-4fb7-9515-f8dcee53d75a?source=api-scan" ], "published": "2015-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "491240c5-2045-4e0b-9916-4337946d2653": { "id": "491240c5-2045-4e0b-9916-4337946d2653", "title": "PDF Light Viewer <= 1.4.11 - Authenticated Command Injection", "software": [ { "type": "plugin", "name": "WordPress PDF Light Viewer Plugin", "slug": "pdf-light-viewer", "affected_versions": { "* - 1.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/491240c5-2045-4e0b-9916-4337946d2653?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49150180-9de0-4318-b21b-779daaeb7a52": { "id": "49150180-9de0-4318-b21b-779daaeb7a52", "title": "Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49150180-9de0-4318-b21b-779daaeb7a52?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4915b769-9499-40ac-835e-279e3a910558": { "id": "4915b769-9499-40ac-835e-279e3a910558", "title": "Elementor <= 3.19.0 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.19.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4915b769-9499-40ac-835e-279e3a910558?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49333c6b-58f6-4d5a-a605-46484160175a": { "id": "49333c6b-58f6-4d5a-a605-46484160175a", "title": "Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49333c6b-58f6-4d5a-a605-46484160175a?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4938206e-2ea4-47ed-a307-87cf67dd74a4": { "id": "4938206e-2ea4-47ed-a307-87cf67dd74a4", "title": "Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4938c1be-2356-4a9c-9795-108a2d5a6cc7": { "id": "4938c1be-2356-4a9c-9795-108a2d5a6cc7", "title": "Remove Add to Cart WooCommerce <= 1.4.4 - Cross-Site Request Forgery to Settings Modification", "software": [ { "type": "plugin", "name": "Remove Add to Cart WooCommerce", "slug": "remove-add-to-cart-woocommerce", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4938c1be-2356-4a9c-9795-108a2d5a6cc7?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4939b053-2d62-428e-84ff-0de3416466ef": { "id": "4939b053-2d62-428e-84ff-0de3416466ef", "title": "Login using WordPress Users (WP as SAML IDP) <= 1.13.2 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login using WordPress Users ( WP as SAML IDP )", "slug": "miniorange-wp-as-saml-idp", "affected_versions": { "* - 1.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4939b053-2d62-428e-84ff-0de3416466ef?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4942de17-d141-4a6c-885e-75f540fe21b6": { "id": "4942de17-d141-4a6c-885e-75f540fe21b6", "title": "Add Shortcodes Actions And Filters <= 2.0.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Add Shortcodes Actions And Filters", "slug": "add-actions-and-filters", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4942de17-d141-4a6c-885e-75f540fe21b6?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4945931f-764d-45cf-9157-5dddfb264086": { "id": "4945931f-764d-45cf-9157-5dddfb264086", "title": "ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()", "software": [ { "type": "plugin", "name": "ReDi Restaurant Reservation", "slug": "redi-restaurant-reservation", "affected_versions": { "* - 24.0128": { "from_version": "*", "from_inclusive": true, "to_version": "24.0128", "to_inclusive": true } }, "patched": true, "patched_versions": [ "24.0303" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4945931f-764d-45cf-9157-5dddfb264086?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "494c780d-5441-407d-8947-e56d7cac32d6": { "id": "494c780d-5441-407d-8947-e56d7cac32d6", "title": "MStore API <= 3.9.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/494c780d-5441-407d-8947-e56d7cac32d6?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "494d2e69-0759-419a-a603-e8870c157e49": { "id": "494d2e69-0759-419a-a603-e8870c157e49", "title": "Classified Listing \u2013 Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Classified Listing \u2013 Classified ads & Business Directory Plugin", "slug": "classified-listing", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/494d2e69-0759-419a-a603-e8870c157e49?source=api-scan" ], "published": "2024-09-12 18:35:01", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "494dc869-6f4d-428b-99a8-87212f3007be": { "id": "494dc869-6f4d-428b-99a8-87212f3007be", "title": "WooCommerce Multilingual & Multicurrency with WPML <= 5.3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Multilingual & Multicurrency with WPML", "slug": "woocommerce-multilingual", "affected_versions": { "* - 5.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/494dc869-6f4d-428b-99a8-87212f3007be?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4953e1b6-6ad1-41f5-b50b-43de078008ac": { "id": "4953e1b6-6ad1-41f5-b50b-43de078008ac", "title": "Easy Forms for Mailchimp <= 6.8.8 - Authenticated (Administrator+) Cross-Site Scripting via Form Name", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "* - 6.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4953e1b6-6ad1-41f5-b50b-43de078008ac?source=api-scan" ], "published": "2023-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49581614-14a8-4450-8f83-d8d22a3feee9": { "id": "49581614-14a8-4450-8f83-d8d22a3feee9", "title": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.78": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.78", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.79" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49581614-14a8-4450-8f83-d8d22a3feee9?source=api-scan" ], "published": "2024-09-23 18:28:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "495df695-864e-4a77-bcd1-d1845c55a6c9": { "id": "495df695-864e-4a77-bcd1-d1845c55a6c9", "title": "WP Abstracts <= 2.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Abstracts", "slug": "wp-abstracts-manuscripts-manager", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/495df695-864e-4a77-bcd1-d1845c55a6c9?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49618d9f-e6d8-40d5-b19f-7ce987939172": { "id": "49618d9f-e6d8-40d5-b19f-7ce987939172", "title": "Custom Banners <= 3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Banners", "slug": "custom-banners", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49618d9f-e6d8-40d5-b19f-7ce987939172?source=api-scan" ], "published": "2024-09-30 19:41:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "496249cf-f75e-42e6-a189-332dd73d14bd": { "id": "496249cf-f75e-42e6-a189-332dd73d14bd", "title": "WP Survey Plus <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Survey Plus", "slug": "wp-survey-plus", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/496249cf-f75e-42e6-a189-332dd73d14bd?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "496b1c3a-7fbb-4088-9936-6b023718946d": { "id": "496b1c3a-7fbb-4088-9936-6b023718946d", "title": "My Calendar <= 3.4.21 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.4.21": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/496b1c3a-7fbb-4088-9936-6b023718946d?source=api-scan" ], "published": "2023-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4970be62-9aad-4a5f-9dd3-4bf48bded022": { "id": "4970be62-9aad-4a5f-9dd3-4bf48bded022", "title": "HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection", "software": [ { "type": "plugin", "name": "Fast & Effective Popups & Lead-Generation for WordPress \u2013 HollerBox", "slug": "holler-box", "affected_versions": { "[*, 2.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4970be62-9aad-4a5f-9dd3-4bf48bded022?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49754f41-b809-4a97-ab8f-233f51dc058f": { "id": "49754f41-b809-4a97-ab8f-233f51dc058f", "title": "Users Ultra Membership Plugin <= 1.5.63 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "[*, 1.5.64)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.64", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49754f41-b809-4a97-ab8f-233f51dc058f?source=api-scan" ], "published": "2015-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "497960b4-48f3-4a5d-8b69-586da61761f0": { "id": "497960b4-48f3-4a5d-8b69-586da61761f0", "title": "Blossom Shop <= 1.1.7 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Blossom Shop", "slug": "blossom-shop", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/497960b4-48f3-4a5d-8b69-586da61761f0?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "497cfc87-85ac-41d0-aeea-63c5fc64db0d": { "id": "497cfc87-85ac-41d0-aeea-63c5fc64db0d", "title": "Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read\/Deletion", "software": [ { "type": "plugin", "name": "Team \u2013 Team Members Showcase Plugin", "slug": "tlp-team", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/497cfc87-85ac-41d0-aeea-63c5fc64db0d?source=api-scan" ], "published": "2022-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "497e0784-8953-4726-929a-7d5ef129e98e": { "id": "497e0784-8953-4726-929a-7d5ef129e98e", "title": "Formzu WP <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formzu WP", "slug": "formzu-wp", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/497e0784-8953-4726-929a-7d5ef129e98e?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "498087da-3887-475a-9796-676ee1d1fb99": { "id": "498087da-3887-475a-9796-676ee1d1fb99", "title": "GiveWP <= 2.11.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.12.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/498087da-3887-475a-9796-676ee1d1fb99?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4985680e-f7ba-40c7-bca9-f347f1c1cb3b": { "id": "4985680e-f7ba-40c7-bca9-f347f1c1cb3b", "title": "TI WooCommerce Wishlist <= 2.9.0 - Unauthenticated SQL Injection via 'lang'", "software": [ { "type": "plugin", "name": "TI WooCommerce Wishlist", "slug": "ti-woocommerce-wishlist", "affected_versions": { "* - 2.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4985680e-f7ba-40c7-bca9-f347f1c1cb3b?source=api-scan" ], "published": "2024-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "498a10a1-8da6-4309-833f-950f6442d5ae": { "id": "498a10a1-8da6-4309-833f-950f6442d5ae", "title": "Smarty for WordPress <= 3.1.35 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smarty for WordPress", "slug": "smarty-for-wordpress", "affected_versions": { "* - 3.1.35": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.35", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/498a10a1-8da6-4309-833f-950f6442d5ae?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "498c0080-ae5e-492b-b75f-6ce3227f3ca0": { "id": "498c0080-ae5e-492b-b75f-6ce3227f3ca0", "title": "Paytium <= 3.1.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/498c0080-ae5e-492b-b75f-6ce3227f3ca0?source=api-scan" ], "published": "2020-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "498f539a-f824-42fb-9df8-c1f82c4b3947": { "id": "498f539a-f824-42fb-9df8-c1f82c4b3947", "title": "pootle button <= 1.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "pootle button", "slug": "pootle-button", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/498f539a-f824-42fb-9df8-c1f82c4b3947?source=api-scan" ], "published": "2017-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "498f7ece-e33a-4489-aeb9-1660abe0b4a5": { "id": "498f7ece-e33a-4489-aeb9-1660abe0b4a5", "title": "Awake <= 3.3 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Awake", "slug": "awake", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/498f7ece-e33a-4489-aeb9-1660abe0b4a5?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "499483a0-957b-459e-b2f5-fc39c4f86c9e": { "id": "499483a0-957b-459e-b2f5-fc39c4f86c9e", "title": "WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 4.16.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.16.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/499483a0-957b-459e-b2f5-fc39c4f86c9e?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4999bbf3-3dbd-4c9a-b648-744192c9586c": { "id": "4999bbf3-3dbd-4c9a-b648-744192c9586c", "title": "Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4999bbf3-3dbd-4c9a-b648-744192c9586c?source=api-scan" ], "published": "2024-07-29 17:49:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "499a1892-12b7-49d5-b65f-4f53a968a23a": { "id": "499a1892-12b7-49d5-b65f-4f53a968a23a", "title": "Ninja Forms File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload", "software": [ { "type": "plugin", "name": "Ninja Forms - File Uploads", "slug": "ninja-forms-uploads", "affected_versions": { "* - 3.3.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/499a1892-12b7-49d5-b65f-4f53a968a23a?source=api-scan" ], "published": "2024-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49a04155-9fa8-45e0-b80b-3836d5271fa7": { "id": "49a04155-9fa8-45e0-b80b-3836d5271fa7", "title": "Menu Swapper <= 1.1.0.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Menu Swapper", "slug": "menu-swapper", "affected_versions": { "* - 1.1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49a04155-9fa8-45e0-b80b-3836d5271fa7?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49a0c45e-781e-4d2e-a9e8-a54ff8ef6131": { "id": "49a0c45e-781e-4d2e-a9e8-a54ff8ef6131", "title": "Andrea Pernici News Sitemap for Google <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Andrea Pernici News Sitemap for Google", "slug": "google-news-sitemap", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49a0c45e-781e-4d2e-a9e8-a54ff8ef6131?source=api-scan" ], "published": "2022-05-04 10:07:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49ac9c7c-d457-4709-bc10-c3de8b4f097a": { "id": "49ac9c7c-d457-4709-bc10-c3de8b4f097a", "title": "AddThis Sharing Buttons <= 5.0.12 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Share Buttons Plugin \u2013 AddThis", "slug": "addthis", "affected_versions": { "[*, 5.0.13)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49ac9c7c-d457-4709-bc10-c3de8b4f097a?source=api-scan" ], "published": "2015-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49ae7971-7bdf-4369-b04b-fb48ea5b9518": { "id": "49ae7971-7bdf-4369-b04b-fb48ea5b9518", "title": "\u7b80\u6570\u91c7\u96c6\u5668 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "\u7b80\u6570\u91c7\u96c6\u5668", "slug": "keydatas", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49ae7971-7bdf-4369-b04b-fb48ea5b9518?source=api-scan" ], "published": "2024-07-16 19:27:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49b296a5-8721-4835-b2c1-ab45045be595": { "id": "49b296a5-8721-4835-b2c1-ab45045be595", "title": "Animate It <= 2.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Animate It!", "slug": "animate-it", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49b296a5-8721-4835-b2c1-ab45045be595?source=api-scan" ], "published": "2019-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49b2e332-4359-4dac-8a9e-1d71f39d509c": { "id": "49b2e332-4359-4dac-8a9e-1d71f39d509c", "title": "Widget Bundle <= 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widget Bundle", "slug": "wp-widget-bundle", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49b2e332-4359-4dac-8a9e-1d71f39d509c?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49b466a2-9f6d-431f-8118-7522394d2eed": { "id": "49b466a2-9f6d-431f-8118-7522394d2eed", "title": "GroupDocs.Comparison for Cloud < 1.0.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GroupDocs.Comparison for Cloud", "slug": "groupdocs-comparison", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49b466a2-9f6d-431f-8118-7522394d2eed?source=api-scan" ], "published": "2013-12-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5": { "id": "49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_remove_cdn_integration_ajax_request_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49bdd84a-05c0-4c7c-9d12-8a8eec91908d": { "id": "49bdd84a-05c0-4c7c-9d12-8a8eec91908d", "title": "Network Publisher <= 5.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Network Publisher", "slug": "network-publisher", "affected_versions": { "* - 5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49bdd84a-05c0-4c7c-9d12-8a8eec91908d?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49c65776-130d-4c22-b4f8-ababac8cf341": { "id": "49c65776-130d-4c22-b4f8-ababac8cf341", "title": "WebinarIgnition <= 2.14.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Webinar Solution: Create live\/evergreen\/automated\/instant webinars, stream & Zoom Meetings | WebinarIgnition", "slug": "webinar-ignition", "affected_versions": { "* - 2.14.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.14.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49c65776-130d-4c22-b4f8-ababac8cf341?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49c6e8bb-4470-4602-a884-ac61c4e64976": { "id": "49c6e8bb-4470-4602-a884-ac61c4e64976", "title": "Backend Localization <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Backend Localization", "slug": "kau-boys-backend-localization", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49c6e8bb-4470-4602-a884-ac61c4e64976?source=api-scan" ], "published": "2012-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49cba28f-43dc-4947-b4bb-8556cc0409ee": { "id": "49cba28f-43dc-4947-b4bb-8556cc0409ee", "title": "Table & Contact Form 7 Database \u2013 Tablesome <= 1.0.27 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tablesome \u2013 Form DB & Automation \u2013 WPForms, Contact Form 7, Elementor, Forminator, Fluent, Gravity", "slug": "tablesome", "affected_versions": { "* - 1.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49cba28f-43dc-4947-b4bb-8556cc0409ee?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49cf047f-4e8c-4f37-b8c0-d931c02fda7c": { "id": "49cf047f-4e8c-4f37-b8c0-d931c02fda7c", "title": "Fruitful < 3.8.2 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Fruitful", "slug": "fruitful", "affected_versions": { "[*, 3.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49cf047f-4e8c-4f37-b8c0-d931c02fda7c?source=api-scan" ], "published": "2020-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49d0315e-fcb2-4232-8797-0421cf5d3cd8": { "id": "49d0315e-fcb2-4232-8797-0421cf5d3cd8", "title": "Chartify <= 2.0.6 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chartify \u2013 WordPress Chart Plugin", "slug": "chart-builder", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49d0315e-fcb2-4232-8797-0421cf5d3cd8?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49d03254-7399-4a5d-9ce9-7d4736b8b2ee": { "id": "49d03254-7399-4a5d-9ce9-7d4736b8b2ee", "title": "wpCentral <= 1.5.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "wpCentral", "slug": "wp-central", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49d03254-7399-4a5d-9ce9-7d4736b8b2ee?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49d54d19-632b-479f-80dd-d66d4285520e": { "id": "49d54d19-632b-479f-80dd-d66d4285520e", "title": "Newsletters <= 4.9.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49d54d19-632b-479f-80dd-d66d4285520e?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49e4dc41-dd5a-4689-9818-e742d1def2f0": { "id": "49e4dc41-dd5a-4689-9818-e742d1def2f0", "title": "WordPress HTTPS (SSL) <= 3.4.0 - Missing Authorization to Settings Change", "software": [ { "type": "plugin", "name": "WordPress HTTPS (SSL)", "slug": "wordpress-https", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49e4dc41-dd5a-4689-9818-e742d1def2f0?source=api-scan" ], "published": "2022-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49e82146-e8ad-4bc5-94a7-a4ae694b7039": { "id": "49e82146-e8ad-4bc5-94a7-a4ae694b7039", "title": "bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bbp style pack", "slug": "bbp-style-pack", "affected_versions": { "[*, 5.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49e82146-e8ad-4bc5-94a7-a4ae694b7039?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49ea8af1-7171-4498-bfb0-bb3cbd72e6f3": { "id": "49ea8af1-7171-4498-bfb0-bb3cbd72e6f3", "title": "Limit Login Attempts (Spam Protection) <= 4.9.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Limit Login Attempts (Spam Protection)", "slug": "wp-limit-failed-login-attempts", "affected_versions": { "* - 4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49ea8af1-7171-4498-bfb0-bb3cbd72e6f3?source=api-scan" ], "published": "2022-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49ebff14-ce09-4607-8246-50ae028957f6": { "id": "49ebff14-ce09-4607-8246-50ae028957f6", "title": "CP Multi View Event Calendar <= 1.4.10 - Missing Authentication leading to Authenticated (Subscriber+) Private Form Submission", "software": [ { "type": "plugin", "name": "Calendar Event Multi View", "slug": "cp-multi-view-calendar", "affected_versions": { "* - 1.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49ebff14-ce09-4607-8246-50ae028957f6?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49ed7d6a-4a65-4efc-90e5-ffa5470d4011": { "id": "49ed7d6a-4a65-4efc-90e5-ffa5470d4011", "title": "Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "* - 2.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49ed7d6a-4a65-4efc-90e5-ffa5470d4011?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49f572ab-befe-44a3-b4bd-01b39d4209ca": { "id": "49f572ab-befe-44a3-b4bd-01b39d4209ca", "title": "WP-Banners-Lite 1.29, 1.31, 1.40 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Banners-Lite", "slug": "wp-banners-lite", "affected_versions": { "1.29": { "from_version": "1.29", "from_inclusive": true, "to_version": "1.29", "to_inclusive": true }, "1.31": { "from_version": "1.31", "from_inclusive": true, "to_version": "1.31", "to_inclusive": true }, "1.40": { "from_version": "1.40", "from_inclusive": true, "to_version": "1.40", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49f572ab-befe-44a3-b4bd-01b39d4209ca?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49f7e35d-e453-4e60-8f73-12891def267a": { "id": "49f7e35d-e453-4e60-8f73-12891def267a", "title": "Woocommerce ESTO <= 2.23.1 - Cross-Site Request Forgery via saveSetting", "software": [ { "type": "plugin", "name": "Woocommerce ESTO", "slug": "woo-esto", "affected_versions": { "* - 2.23.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.23.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49f7e35d-e453-4e60-8f73-12891def267a?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49fc7174-9263-4158-8cdc-cd249179eb3b": { "id": "49fc7174-9263-4158-8cdc-cd249179eb3b", "title": "WP Courses LMS < 2.0.44 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, Courses Solution, Education Courses", "slug": "wp-courses", "affected_versions": { "[*, 2.0.44)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.44", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49fc7174-9263-4158-8cdc-cd249179eb3b?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "49fcd2cb-d880-4152-a736-33fd90f07083": { "id": "49fcd2cb-d880-4152-a736-33fd90f07083", "title": "WP Child Theme Generator <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Child Theme Generator", "slug": "wp-child-theme-generator", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/49fcd2cb-d880-4152-a736-33fd90f07083?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a0cffca-94d8-46b8-8b84-57e76a5bfd94": { "id": "4a0cffca-94d8-46b8-8b84-57e76a5bfd94", "title": "Trending\/Popular Post Slider and Widget <= 1.5.7 - Cross-Site Request Forgery via wtpsw_post_view_count", "software": [ { "type": "plugin", "name": "Trending\/Popular Post Slider and Widget", "slug": "wp-trending-post-slider-and-widget", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a0cffca-94d8-46b8-8b84-57e76a5bfd94?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a0e962b-b6a0-4179-91d0-5ede508a9895": { "id": "4a0e962b-b6a0-4179-91d0-5ede508a9895", "title": "WP Reroute Email <= 1.4.9 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "WP Reroute Email", "slug": "wp-reroute-email", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a0e962b-b6a0-4179-91d0-5ede508a9895?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a0f77ca-2fb5-4e73-a0fa-dfbeb39fbd84": { "id": "4a0f77ca-2fb5-4e73-a0fa-dfbeb39fbd84", "title": "WP User Frontend <= 3.5.28 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "* - 3.5.28": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a0f77ca-2fb5-4e73-a0fa-dfbeb39fbd84?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a134509-8dc0-41ac-9b5c-5b173a1e3c68": { "id": "4a134509-8dc0-41ac-9b5c-5b173a1e3c68", "title": "Product Catalog Simple <= 1.7.5 - Cross-Site Request Forgery via ic_system_status", "software": [ { "type": "plugin", "name": "Product Catalog Simple", "slug": "post-type-x", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a134509-8dc0-41ac-9b5c-5b173a1e3c68?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a13c7a1-f904-41b1-ab7f-2df95c9b2880": { "id": "4a13c7a1-f904-41b1-ab7f-2df95c9b2880", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a13c7a1-f904-41b1-ab7f-2df95c9b2880?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a1a4186-216e-4ed1-860c-fe345ac6e62a": { "id": "4a1a4186-216e-4ed1-860c-fe345ac6e62a", "title": "IgniteUp \u2013 Coming Soon and Maintenance Mode <= 3.4 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "IgniteUp \u2013 Coming Soon and Maintenance Mode", "slug": "igniteup", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a1a4186-216e-4ed1-860c-fe345ac6e62a?source=api-scan" ], "published": "2019-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a1e77de-0207-412d-857d-ab6947116669": { "id": "4a1e77de-0207-412d-857d-ab6947116669", "title": "WordPress Core <= 2.5 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a1e77de-0207-412d-857d-ab6947116669?source=api-scan" ], "published": "2008-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a1fe36b-75d2-48c3-bfac-af965eb9363f": { "id": "4a1fe36b-75d2-48c3-bfac-af965eb9363f", "title": "wpDiscuz <= 7.6.10 - Insufficient Authorization to Comment Submission on Deleted Posts", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a1fe36b-75d2-48c3-bfac-af965eb9363f?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a263b74-e9ae-4fd2-be9b-9b8e9eee5982": { "id": "4a263b74-e9ae-4fd2-be9b-9b8e9eee5982", "title": "Adning Advertising <= 1.5.5 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Adning Advertising", "slug": "angwp", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=api-scan" ], "published": "2020-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a2c11bb-88cb-43ae-b9b7-5b6262a315e0": { "id": "4a2c11bb-88cb-43ae-b9b7-5b6262a315e0", "title": "WD Instagram Feed Premium <= 1.3.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WD Instagram Feed Premium", "slug": "wordpress-instagram-feed", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a2c11bb-88cb-43ae-b9b7-5b6262a315e0?source=api-scan" ], "published": "2018-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f": { "id": "4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f", "title": "ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization", "software": [ { "type": "plugin", "name": "ImageMagick Engine", "slug": "imagemagick-engine", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f?source=api-scan" ], "published": "2023-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a2e636d-e602-4ab0-80f2-525a8a1f8388": { "id": "4a2e636d-e602-4ab0-80f2-525a8a1f8388", "title": "Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Sharkdropship Dropshipping & Affiliate for for AliExpress", "slug": "wooshark-aliexpress-importer", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a2e636d-e602-4ab0-80f2-525a8a1f8388?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a308056-aadc-4fc3-8133-2b05f3d9aabe": { "id": "4a308056-aadc-4fc3-8133-2b05f3d9aabe", "title": "UsersWP <= 1.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a308056-aadc-4fc3-8133-2b05f3d9aabe?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a32ae77-3d4e-4fd4-a43a-7d1a52dcfa77": { "id": "4a32ae77-3d4e-4fd4-a43a-7d1a52dcfa77", "title": "Product Delivery Date for WooCommerce \u2013 Lite <= 2.7.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Delivery Date for WooCommerce \u2013 Lite", "slug": "product-delivery-date-for-woocommerce-lite", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a32ae77-3d4e-4fd4-a43a-7d1a52dcfa77?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a330416-f867-4a1a-a692-6003e231ed54": { "id": "4a330416-f867-4a1a-a692-6003e231ed54", "title": "Canto <= 1.9.0 - Blind Server-Side Request Forgery via get.php", "software": [ { "type": "plugin", "name": "Canto", "slug": "canto", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a330416-f867-4a1a-a692-6003e231ed54?source=api-scan" ], "published": "2020-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a3cae01-620d-405e-baf6-2d66a5b429b3": { "id": "4a3cae01-620d-405e-baf6-2d66a5b429b3", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a3cae01-620d-405e-baf6-2d66a5b429b3?source=api-scan" ], "published": "2024-09-26 17:03:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a3f835e-0aa9-4581-9150-fe5041e0f293": { "id": "4a3f835e-0aa9-4581-9150-fe5041e0f293", "title": "WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps'", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a3f835e-0aa9-4581-9150-fe5041e0f293?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a4f0909-76f6-4d27-87b1-f6cd5f5cbbb7": { "id": "4a4f0909-76f6-4d27-87b1-f6cd5f5cbbb7", "title": "WP Users Masquerade <= 2.0.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "WP Users Masquerade", "slug": "wp-users-masquerade", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a4f0909-76f6-4d27-87b1-f6cd5f5cbbb7?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a515dc9-e6d6-4083-a3e8-c22307b120a8": { "id": "4a515dc9-e6d6-4083-a3e8-c22307b120a8", "title": "Quiz Tool Lite <= 2.3.15 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz Tool Lite", "slug": "quiz-tool-lite", "affected_versions": { "* - 2.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a515dc9-e6d6-4083-a3e8-c22307b120a8?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a5262d8-d9cd-4bd9-a95e-f60782095173": { "id": "4a5262d8-d9cd-4bd9-a95e-f60782095173", "title": "Sticky Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sticky Popup", "slug": "sticky-popup", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a5262d8-d9cd-4bd9-a95e-f60782095173?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a56a838-5dfa-477a-92b2-fdac3d1ab2af": { "id": "4a56a838-5dfa-477a-92b2-fdac3d1ab2af", "title": "Currency Switcher <= 1.1.6 - Cross-site request forgery", "software": [ { "type": "plugin", "name": "WPCS \u2013 WordPress Currency Switcher Professional", "slug": "currency-switcher", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a56a838-5dfa-477a-92b2-fdac3d1ab2af?source=api-scan" ], "published": "2021-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a5a118d-54a2-4e15-a629-4759c34f62b4": { "id": "4a5a118d-54a2-4e15-a629-4759c34f62b4", "title": "Paid Memberships Pro <= 3.0.4 - Unauthenticated Insecure Direct Object Reference to Order Status Update", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a5a118d-54a2-4e15-a629-4759c34f62b4?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a5c4bef-f871-4e6b-9b6e-85079f1233a2": { "id": "4a5c4bef-f871-4e6b-9b6e-85079f1233a2", "title": "Injection Guard <= 1.2.1 - Cross-Site Request Forgery via ig_update", "software": [ { "type": "plugin", "name": "Injection Guard", "slug": "injection-guard", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a5c4bef-f871-4e6b-9b6e-85079f1233a2?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a5d59da-dcac-44b4-a697-38eef650c6de": { "id": "4a5d59da-dcac-44b4-a697-38eef650c6de", "title": "Favicon <= 1.3.29 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Favicon by RealFaviconGenerator", "slug": "favicon-by-realfavicongenerator", "affected_versions": { "* - 1.3.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.30" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a5d59da-dcac-44b4-a697-38eef650c6de?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a6e5f89-ebc0-413a-a76e-3cf4339430ba": { "id": "4a6e5f89-ebc0-413a-a76e-3cf4339430ba", "title": "TerraClassifieds <= 2.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TerraClassifieds \u2013 Simple Classifieds Plugin", "slug": "terraclassifieds", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a6e5f89-ebc0-413a-a76e-3cf4339430ba?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a71fda4-3c67-4053-ac1e-9cf3f5feb8c8": { "id": "4a71fda4-3c67-4053-ac1e-9cf3f5feb8c8", "title": "WooCommerce Subscriptions < 2.6.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Subscription", "slug": "woocommerce-subscriptions", "affected_versions": { "[*, 2.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a71fda4-3c67-4053-ac1e-9cf3f5feb8c8?source=api-scan" ], "published": "2019-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a7345a1-ceb5-4f93-a6ba-13e8b8fb6c7d": { "id": "4a7345a1-ceb5-4f93-a6ba-13e8b8fb6c7d", "title": "MainWP Clone Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "MainWP Clone Extension", "slug": "mainwp-clone-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a7345a1-ceb5-4f93-a6ba-13e8b8fb6c7d?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a748589-51e5-4e3c-930c-d073d5cc94bf": { "id": "4a748589-51e5-4e3c-930c-d073d5cc94bf", "title": "WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks", "software": [ { "type": "plugin", "name": "WP Time Slots Booking Form", "slug": "wp-time-slots-booking-form", "affected_versions": { "* - 1.1.82": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a748589-51e5-4e3c-930c-d073d5cc94bf?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a77675b-5a31-4bc1-b4bd-36dd9a612b7c": { "id": "4a77675b-5a31-4bc1-b4bd-36dd9a612b7c", "title": "Social Feed | All social media in one place <= 1.5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting]", "software": [ { "type": "plugin", "name": "Social Feed | All social media in one place", "slug": "add-facebook", "affected_versions": { "* - 1.5.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a77675b-5a31-4bc1-b4bd-36dd9a612b7c?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a7a15ab-4f13-4eb1-aeb5-143230308871": { "id": "4a7a15ab-4f13-4eb1-aeb5-143230308871", "title": "All Bootstrap Blocks <= 1.3.6 - Cross-Site Request Forgery to Plugin Settings Reset", "software": [ { "type": "plugin", "name": "All Bootstrap Blocks", "slug": "all-bootstrap-blocks", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a7a15ab-4f13-4eb1-aeb5-143230308871?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a7bfa47-1c83-4af7-8ddd-0b90a117b9c7": { "id": "4a7bfa47-1c83-4af7-8ddd-0b90a117b9c7", "title": "Expert Invoice <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Expert Invoice", "slug": "expert-invoice", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a7bfa47-1c83-4af7-8ddd-0b90a117b9c7?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a82a3b7-eb05-4f52-84b7-f1a97dddedf9": { "id": "4a82a3b7-eb05-4f52-84b7-f1a97dddedf9", "title": "WP Post Author \u2013 Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization to Rating Manipulation", "software": [ { "type": "plugin", "name": "WP Post Author \u2013 Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder", "slug": "wp-post-author", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a82a3b7-eb05-4f52-84b7-f1a97dddedf9?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a85de70-7cb1-45d1-b872-0677ef8134be": { "id": "4a85de70-7cb1-45d1-b872-0677ef8134be", "title": "Interactive Medical Drawing of Human Body <= 2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Interactive Medical Drawing of Human Body", "slug": "interactive-medical-drawing-of-human-body", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a85de70-7cb1-45d1-b872-0677ef8134be?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a87c261-5452-48c9-ab4a-2cf6af0fef56": { "id": "4a87c261-5452-48c9-ab4a-2cf6af0fef56", "title": "SEO Booster <= 3.8.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SEO Booster", "slug": "seo-booster", "affected_versions": { "* - 3.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a87c261-5452-48c9-ab4a-2cf6af0fef56?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a8ac027-f376-4f02-a085-f05f1fa749f0": { "id": "4a8ac027-f376-4f02-a085-f05f1fa749f0", "title": "Elemenda <= 0.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Elemenda", "slug": "elemenda", "affected_versions": { "* - 0.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a8ac027-f376-4f02-a085-f05f1fa749f0?source=api-scan" ], "published": "2024-10-17 15:43:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a984bd8-ca43-4676-9985-b111111c17ab": { "id": "4a984bd8-ca43-4676-9985-b111111c17ab", "title": "Thank You Counter Button <= 1.9.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thank You Counter Button", "slug": "thanks-you-counter-button", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a984bd8-ca43-4676-9985-b111111c17ab?source=api-scan" ], "published": "2014-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a992bb2-67b9-48db-a536-c3af79e93af4": { "id": "4a992bb2-67b9-48db-a536-c3af79e93af4", "title": "Tilda Publishing <= 0.3.23 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tilda-publishing", "slug": "tilda-publishing", "affected_versions": { "* - 0.3.23": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a992bb2-67b9-48db-a536-c3af79e93af4?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a9df582-0ead-45ff-aeaa-1bee9d470b41": { "id": "4a9df582-0ead-45ff-aeaa-1bee9d470b41", "title": "Companion Sitemap Generator <= 4.5.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Companion Sitemap Generator \u2013 HTML & XML", "slug": "companion-sitemap-generator", "affected_versions": { "* - 4.5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a9df582-0ead-45ff-aeaa-1bee9d470b41?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4a9fce6d-d5c2-4ab7-87ea-8dd6e4d92e07": { "id": "4a9fce6d-d5c2-4ab7-87ea-8dd6e4d92e07", "title": "Post Pay Counter <= 2.789 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Pay Counter", "slug": "post-pay-counter", "affected_versions": { "* - 2.789": { "from_version": "*", "from_inclusive": true, "to_version": "2.789", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.790" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4a9fce6d-d5c2-4ab7-87ea-8dd6e4d92e07?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4aa89fab-b6fe-423a-a7f5-dbe6c92d1b56": { "id": "4aa89fab-b6fe-423a-a7f5-dbe6c92d1b56", "title": "WP eCommerce < 3.8.7.6 - SQL Injection", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "[*, 3.8.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4aa89fab-b6fe-423a-a7f5-dbe6c92d1b56?source=api-scan" ], "published": "2014-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4aab594d-1901-4f88-874c-204578eebda0": { "id": "4aab594d-1901-4f88-874c-204578eebda0", "title": "CommentTweets <= 0.6 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "CommentTweets", "slug": "commenttweets", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4aab594d-1901-4f88-874c-204578eebda0?source=api-scan" ], "published": "2023-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4aae4571-671a-46d7-b490-6cd0feced0af": { "id": "4aae4571-671a-46d7-b490-6cd0feced0af", "title": "WP Private Messages <= 1.0.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Private Messages", "slug": "wp-private-messages", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4aae4571-671a-46d7-b490-6cd0feced0af?source=api-scan" ], "published": "2016-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ab71d24-0409-421b-8abf-f4d5390a32a1": { "id": "4ab71d24-0409-421b-8abf-f4d5390a32a1", "title": "Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass", "software": [ { "type": "plugin", "name": "Authorize.net Payment Gateway For WooCommerce", "slug": "authorizenet-payment-gateway-for-woocommerce", "affected_versions": { "* - 8.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ab71d24-0409-421b-8abf-f4d5390a32a1?source=api-scan" ], "published": "2024-06-03 17:05:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ac22e56-5d52-48f0-8bd1-8584c2b40bb7": { "id": "4ac22e56-5d52-48f0-8bd1-8584c2b40bb7", "title": "Max Addons Pro for Bricks <= 1.6.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Max Addons Pro for Bricks", "slug": "max-addons-pro-bricks", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ac22e56-5d52-48f0-8bd1-8584c2b40bb7?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ac29d1c-0aae-4355-90df-24c99d23c411": { "id": "4ac29d1c-0aae-4355-90df-24c99d23c411", "title": "WordPress Core <= 3.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ac29d1c-0aae-4355-90df-24c99d23c411?source=api-scan" ], "published": "2011-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ac3dae6-1890-44ba-9671-84f77807ffe5": { "id": "4ac3dae6-1890-44ba-9671-84f77807ffe5", "title": "OneLogin SAML SSO <= 2.8.0 - Distributed Denial-of-Service", "software": [ { "type": "plugin", "name": "OneLogin SAML SSO", "slug": "onelogin-saml-sso", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ac3dae6-1890-44ba-9671-84f77807ffe5?source=api-scan" ], "published": "2019-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ac44e4f-7052-465c-82ab-c3f23a62c898": { "id": "4ac44e4f-7052-465c-82ab-c3f23a62c898", "title": "RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "RSVP and Event Management", "slug": "rsvp", "affected_versions": { "* - 2.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ac44e4f-7052-465c-82ab-c3f23a62c898?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ac57705-24ce-44b5-95d9-972bf58e4cd1": { "id": "4ac57705-24ce-44b5-95d9-972bf58e4cd1", "title": "Page Builder: KingComposer < 2.8.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme", "slug": "kingcomposer", "affected_versions": { "[*, 2.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ac57705-24ce-44b5-95d9-972bf58e4cd1?source=api-scan" ], "published": "2019-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ac68b80-31ce-4e61-b3ab-0f43cda64125": { "id": "4ac68b80-31ce-4e61-b3ab-0f43cda64125", "title": "Simple Mail Address Encoder < 1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Mail Address Encoder", "slug": "simple-mail-address-encoder", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ac68b80-31ce-4e61-b3ab-0f43cda64125?source=api-scan" ], "published": "2019-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ac9262a-96a6-439a-a2b0-a05f24654d06": { "id": "4ac9262a-96a6-439a-a2b0-a05f24654d06", "title": "Button Generator \u2013 easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Button Generator \u2013 easily Button Builder", "slug": "button-generation", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ac9262a-96a6-439a-a2b0-a05f24654d06?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4acc1fd2-0024-4c35-b8c6-94203b91e985": { "id": "4acc1fd2-0024-4c35-b8c6-94203b91e985", "title": "Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Crelly Slider", "slug": "crelly-slider", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4acc1fd2-0024-4c35-b8c6-94203b91e985?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ad16964-3d0a-4769-a167-5ec62486bfe9": { "id": "4ad16964-3d0a-4769-a167-5ec62486bfe9", "title": "Educare <= 1.4.6 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Educare \u2013 Students & Result Management System", "slug": "educare", "affected_versions": { "[*, 1.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ad16964-3d0a-4769-a167-5ec62486bfe9?source=api-scan" ], "published": "2023-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ad32ff7-0557-439d-aa0f-49c5ea4271ab": { "id": "4ad32ff7-0557-439d-aa0f-49c5ea4271ab", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ad32ff7-0557-439d-aa0f-49c5ea4271ab?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ad379ad-8733-4015-a892-375604339695": { "id": "4ad379ad-8733-4015-a892-375604339695", "title": "WP Symposium <= 15.8 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "[*, 15.8)": { "from_version": "*", "from_inclusive": true, "to_version": "15.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ad379ad-8733-4015-a892-375604339695?source=api-scan" ], "published": "2015-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ad45c7b-63d2-42ae-a7cf-2d60c6c4ae1d": { "id": "4ad45c7b-63d2-42ae-a7cf-2d60c6c4ae1d", "title": "Activity Log < 2.3.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Activity Log \u2013 Monitor & Record User Changes", "slug": "aryo-activity-log", "affected_versions": { "[*, 2.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ad45c7b-63d2-42ae-a7cf-2d60c6c4ae1d?source=api-scan" ], "published": "2016-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ae3ad65-54d7-4ee0-894f-8ffd9fa8ac35": { "id": "4ae3ad65-54d7-4ee0-894f-8ffd9fa8ac35", "title": "Related Posts < 2.7.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Related Posts", "slug": "wordpress-23-related-posts-plugin", "affected_versions": { "[*, 2.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ae3ad65-54d7-4ee0-894f-8ffd9fa8ac35?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ae41106-c61f-45de-88d8-6dfa2347495c": { "id": "4ae41106-c61f-45de-88d8-6dfa2347495c", "title": "Aruba HiSpeed Cache <= 2.0.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "Aruba HiSpeed Cache", "slug": "aruba-hispeed-cache", "affected_versions": { "* - 2.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ae41106-c61f-45de-88d8-6dfa2347495c?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4aebd497-d3c7-4a85-bde4-07e8eade836f": { "id": "4aebd497-d3c7-4a85-bde4-07e8eade836f", "title": "Seraphinite Post .DOCX Source <= 2.16.9 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Seraphinite Post .DOCX Source", "slug": "seraphinite-post-docx-source", "affected_versions": { "* - 2.16.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4aebd497-d3c7-4a85-bde4-07e8eade836f?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4aec0bf3-82d7-4479-8bd6-941404b6bd03": { "id": "4aec0bf3-82d7-4479-8bd6-941404b6bd03", "title": "Slideshow Gallery <= 1.7.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4aec0bf3-82d7-4479-8bd6-941404b6bd03?source=api-scan" ], "published": "2024-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4af04219-26c5-401d-94ef-11d2321f98bf": { "id": "4af04219-26c5-401d-94ef-11d2321f98bf", "title": "Sponsors <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Sponsors", "slug": "wp-sponsors", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4af04219-26c5-401d-94ef-11d2321f98bf?source=api-scan" ], "published": "2023-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4af2b01b-2dcb-44ae-a764-8ecc5f8caa81": { "id": "4af2b01b-2dcb-44ae-a764-8ecc5f8caa81", "title": "WordPress Core < 6.5.5 - Authenticated (Contributor+) Directory Traversal", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": false }, "4.1 - 4.1.40": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.40", "to_inclusive": true }, "4.2 - 4.2.37": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.37", "to_inclusive": true }, "4.3 - 4.3.33": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.33", "to_inclusive": true }, "4.4 - 4.4.32": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.32", "to_inclusive": true }, "4.5 - 4.5.31": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.31", "to_inclusive": true }, "4.6 - 4.6.28": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.28", "to_inclusive": true }, "4.7 - 4.7.28": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.28", "to_inclusive": true }, "4.8 - 4.8.24": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.24", "to_inclusive": true }, "4.9 - 4.9.25": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.25", "to_inclusive": true }, "5.0 - 5.0.21": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.21", "to_inclusive": true }, "5.1 - 5.1.18": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.18", "to_inclusive": true }, "5.2 - 5.2.20": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.20", "to_inclusive": true }, "5.3 - 5.3.17": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.17", "to_inclusive": true }, "5.4 - 5.4.15": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.15", "to_inclusive": true }, "5.5 - 5.5.14": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.14", "to_inclusive": true }, "5.6 - 5.6.13": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.13", "to_inclusive": true }, "5.7 - 5.7.11": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.11", "to_inclusive": true }, "5.8 - 5.8.9": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.9", "to_inclusive": true }, "5.9 - 5.9.9": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.9", "to_inclusive": true }, "6.0 - 6.0.8": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.8", "to_inclusive": true }, "6.1 - 6.1.6": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.6", "to_inclusive": true }, "6.2 - 6.2.5": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.5", "to_inclusive": true }, "6.3 - 6.3.4": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.4", "to_inclusive": true }, "6.4 - 6.4.4": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true }, "6.5 - 6.5.4": { "from_version": "6.5", "from_inclusive": true, "to_version": "6.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.41", "4.2.38", "4.3.34", "4.4.33", "4.5.32", "4.6.29", "4.7.29", "4.8.25", "4.9.26", "5.0.22", "5.1.19", "5.2.21", "5.3.18", "5.4.16", "5.5.15", "5.6.14", "5.7.12", "5.8.10", "5.9.10", "6.0.9", "6.1.7", "6.2.6", "6.3.5", "6.4.5", "6.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4af2b01b-2dcb-44ae-a764-8ecc5f8caa81?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4af4b971-7304-47c9-8d01-eae36e40c45c": { "id": "4af4b971-7304-47c9-8d01-eae36e40c45c", "title": "ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "* - 2.0.14.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.14.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4af4b971-7304-47c9-8d01-eae36e40c45c?source=api-scan" ], "published": "2019-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4af801db-44a6-4cd3-bd1a-3125490c8c48": { "id": "4af801db-44a6-4cd3-bd1a-3125490c8c48", "title": "Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.38.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.38.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.38.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4af83d4b-2eae-481f-b3fd-d5bcacc1d709": { "id": "4af83d4b-2eae-481f-b3fd-d5bcacc1d709", "title": "uContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "uContext for Clickbank", "slug": "ucontext", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4af83d4b-2eae-481f-b3fd-d5bcacc1d709?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4af9c623-1539-4afc-9dcd-3f97d29aa4f3": { "id": "4af9c623-1539-4afc-9dcd-3f97d29aa4f3", "title": "Easy Google Maps <= 1.11.15 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Google Maps", "slug": "google-maps-easy", "affected_versions": { "* - 1.11.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4af9c623-1539-4afc-9dcd-3f97d29aa4f3?source=api-scan" ], "published": "2024-07-01 17:56:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4afb151c-4e6b-4441-a190-becd4fe78019": { "id": "4afb151c-4e6b-4441-a190-becd4fe78019", "title": "Joy Of Text Lite <= 2.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Joy Of Text Lite \u2013 SMS messaging for WordPress.", "slug": "joy-of-text", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4afb151c-4e6b-4441-a190-becd4fe78019?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4afb25d5-dce1-4a7a-8afe-0fc2a384b945": { "id": "4afb25d5-dce1-4a7a-8afe-0fc2a384b945", "title": "Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting via 'sql_error'", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "* - 6.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4afb25d5-dce1-4a7a-8afe-0fc2a384b945?source=api-scan" ], "published": "2023-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4afbe34b-121e-41d2-ab12-c3d70a0d80d5": { "id": "4afbe34b-121e-41d2-ab12-c3d70a0d80d5", "title": "Better Comments <= 1.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Comments", "slug": "better-comments", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4afbe34b-121e-41d2-ab12-c3d70a0d80d5?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4afea729-a7d9-4b38-a0f5-5af2c31bfbb9": { "id": "4afea729-a7d9-4b38-a0f5-5af2c31bfbb9", "title": "Spiffy Calendar <= 4.9.8 - Insufficient Authorization", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4afea729-a7d9-4b38-a0f5-5af2c31bfbb9?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4aff8870-4222-454a-90cd-044784cb4224": { "id": "4aff8870-4222-454a-90cd-044784cb4224", "title": "WPSmartContracts <= 1.3.11 - Authenticated (Author+) SQL Injection", "software": [ { "type": "plugin", "name": "WPSmartContracts", "slug": "wp-smart-contracts", "affected_versions": { "* - 1.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4aff8870-4222-454a-90cd-044784cb4224?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b002e40-712d-4c3f-b168-9132e7b77e60": { "id": "4b002e40-712d-4c3f-b168-9132e7b77e60", "title": "Easy!Appointments <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy!Appointments", "slug": "easyappointments", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b002e40-712d-4c3f-b168-9132e7b77e60?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b06792e-0b4e-4c1e-b7e9-8cbbae343298": { "id": "4b06792e-0b4e-4c1e-b7e9-8cbbae343298", "title": "wpCentral <= 1.4.7 - Privilege Escalation", "software": [ { "type": "plugin", "name": "wpCentral", "slug": "wp-central", "affected_versions": { "[*, 1.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b06792e-0b4e-4c1e-b7e9-8cbbae343298?source=api-scan" ], "published": "2020-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b0e763e-f03e-41fb-8c6c-4de5d3acae00": { "id": "4b0e763e-f03e-41fb-8c6c-4de5d3acae00", "title": "Ultimate Member <= 2.6.6 - Privilege Escalation via Arbitrary User Meta Updates", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b0e763e-f03e-41fb-8c6c-4de5d3acae00?source=api-scan" ], "published": "2023-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b0f5c2c-f01a-4a09-99c2-2b7dfe3bcd05": { "id": "4b0f5c2c-f01a-4a09-99c2-2b7dfe3bcd05", "title": "Wechat Reward <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\u5fae\u4fe1\u6253\u8d4f\uff08Wechat Reward\uff09", "slug": "wechat-reward", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b0f5c2c-f01a-4a09-99c2-2b7dfe3bcd05?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b13388b-19f9-4f5c-9599-efd6ccf978c8": { "id": "4b13388b-19f9-4f5c-9599-efd6ccf978c8", "title": "Availability Calendar <= 1.2.6 - Cross-Site Request Forgery via add_availability_calendar_create_admin_page()", "software": [ { "type": "plugin", "name": "Availability Calendar", "slug": "availability-calendar", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b13388b-19f9-4f5c-9599-efd6ccf978c8?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b1568d6-4fea-4ed3-9931-f293932eaa3a": { "id": "4b1568d6-4fea-4ed3-9931-f293932eaa3a", "title": "Power's WHOIS Domain Check <= 0.9.31 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Powie's WHOIS Domain Check", "slug": "powies-whois", "affected_versions": { "* - 0.9.31": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b1568d6-4fea-4ed3-9931-f293932eaa3a?source=api-scan" ], "published": "2020-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b159d4f-494e-4ab4-8ed7-3421b437597e": { "id": "4b159d4f-494e-4ab4-8ed7-3421b437597e", "title": "ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "ToTop Link", "slug": "totop-link", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b159d4f-494e-4ab4-8ed7-3421b437597e?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b19657c-3e95-42cf-8d1a-64fa50b3b82b": { "id": "4b19657c-3e95-42cf-8d1a-64fa50b3b82b", "title": "WCMultiShipping <= 2.3.5 - Missing Authorization to Log Export", "software": [ { "type": "plugin", "name": "Mondial Relay & Chronopost plugin for WooCommerce \u2013 WCMultiShipping", "slug": "wc-multishipping", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b19657c-3e95-42cf-8d1a-64fa50b3b82b?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b1c0ee5-5329-411c-8030-14bec586d74d": { "id": "4b1c0ee5-5329-411c-8030-14bec586d74d", "title": "Customify <= 2.10.4 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Customify \u2013 Intuitive Website Styling", "slug": "customify", "affected_versions": { "* - 2.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b1c0ee5-5329-411c-8030-14bec586d74d?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b225e5e-7207-4af4-b023-ad23fd540d56": { "id": "4b225e5e-7207-4af4-b023-ad23fd540d56", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to WPForm\/Blocks Import", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b225e5e-7207-4af4-b023-ad23fd540d56?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b2eb0e8-98b6-4a97-9825-0be4032b5d4e": { "id": "4b2eb0e8-98b6-4a97-9825-0be4032b5d4e", "title": "Goto - Tour & Travel WordPress Theme < 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Goto - Tour & Travel WordPress Theme", "slug": "goto", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b2eb0e8-98b6-4a97-9825-0be4032b5d4e?source=api-scan" ], "published": "2021-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b34dd60-359c-44a0-9e47-dc8c4e66b50e": { "id": "4b34dd60-359c-44a0-9e47-dc8c4e66b50e", "title": "W3 Total Cache 0.9.2.6-0.9.3 - File Read \/ Directory Traversal", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "0.9.2.6 - 0.9.3": { "from_version": "0.9.2.6", "from_inclusive": true, "to_version": "0.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b34dd60-359c-44a0-9e47-dc8c4e66b50e?source=api-scan" ], "published": "2020-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b3786d2-b1b5-4d96-9ef7-957909061186": { "id": "4b3786d2-b1b5-4d96-9ef7-957909061186", "title": "WP Paginate <= 2.1.3 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Paginate", "slug": "wp-paginate", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b3786d2-b1b5-4d96-9ef7-957909061186?source=api-scan" ], "published": "2021-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b37b57c-4a11-4971-b38f-12c70d71b76b": { "id": "4b37b57c-4a11-4971-b38f-12c70d71b76b", "title": "RegistrationMagic <= 5.2.5.0 - IP Spoofing", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b37b57c-4a11-4971-b38f-12c70d71b76b?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b389604-a999-45a1-a32f-7f8c951cb94c": { "id": "4b389604-a999-45a1-a32f-7f8c951cb94c", "title": "WordPress Core < 3.9.2 - Denial of Service via XML", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.3": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true }, "3.8 - 3.8.3": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true }, "3.9 - 3.9.1": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4", "3.8.4", "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b389604-a999-45a1-a32f-7f8c951cb94c?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b39c8e1-f2b7-436d-97d1-2d503d7ac835": { "id": "4b39c8e1-f2b7-436d-97d1-2d503d7ac835", "title": "Import any XML or CSV File to WordPress < 3.2.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "[*, 3.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b39c8e1-f2b7-436d-97d1-2d503d7ac835?source=api-scan" ], "published": "2015-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b40e33b-4aa8-4378-b044-a8a636d34f73": { "id": "4b40e33b-4aa8-4378-b044-a8a636d34f73", "title": "Referrer Detector <= 4.2.1.0 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Referrer Detector", "slug": "referrer-detector", "affected_versions": { "* - 4.2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b40e33b-4aa8-4378-b044-a8a636d34f73?source=api-scan" ], "published": "2017-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b42ba6a-b618-4633-9372-879c3253a956": { "id": "4b42ba6a-b618-4633-9372-879c3253a956", "title": "WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 4.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b42ba6a-b618-4633-9372-879c3253a956?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b430f98-255b-454f-97f5-2d2c9a572225": { "id": "4b430f98-255b-454f-97f5-2d2c9a572225", "title": "Germanized for WooCommerce <= 3.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Germanized for WooCommerce", "slug": "woocommerce-germanized", "affected_versions": { "* - 3.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b430f98-255b-454f-97f5-2d2c9a572225?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b4369f8-d3d2-4018-a262-3294b5865086": { "id": "4b4369f8-d3d2-4018-a262-3294b5865086", "title": "Spiffy Calendar <= 4.9.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b4369f8-d3d2-4018-a262-3294b5865086?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b468c0b-88ac-4ea8-97a9-08e206faf0fb": { "id": "4b468c0b-88ac-4ea8-97a9-08e206faf0fb", "title": "Quiz And Survey Master <= 7.1.18 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "[*, 7.1.19)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b468c0b-88ac-4ea8-97a9-08e206faf0fb?source=api-scan" ], "published": "2021-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b47478f-3bd5-4eda-897f-4570aea4530a": { "id": "4b47478f-3bd5-4eda-897f-4570aea4530a", "title": "WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Extended Search", "slug": "wp-extended-search", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b47478f-3bd5-4eda-897f-4570aea4530a?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b475ada-3b31-40a3-9a81-5a7b1a1e190a": { "id": "4b475ada-3b31-40a3-9a81-5a7b1a1e190a", "title": "Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) SQL Injection via shortcode", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b475ada-3b31-40a3-9a81-5a7b1a1e190a?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b51d69d-2026-4e2c-b031-93046c24b2dd": { "id": "4b51d69d-2026-4e2c-b031-93046c24b2dd", "title": "WP Abstracts <= 2.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Abstracts", "slug": "wp-abstracts-manuscripts-manager", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b51d69d-2026-4e2c-b031-93046c24b2dd?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b5a3655-067f-4ef1-baf5-2bbc9719a8cd": { "id": "4b5a3655-067f-4ef1-baf5-2bbc9719a8cd", "title": "Assistant \u2013 Every Day Productivity Apps <= 1.4.9.1 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Assistant \u2013 Every Day Productivity Apps", "slug": "assistant", "affected_versions": { "* - 1.4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b5a3655-067f-4ef1-baf5-2bbc9719a8cd?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b5d1190-3c1e-4cb8-b64b-894ffb1b1f38": { "id": "4b5d1190-3c1e-4cb8-b64b-894ffb1b1f38", "title": "Better Find and Replace <= 1.6.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Better Find and Replace", "slug": "real-time-auto-find-and-replace", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b5d1190-3c1e-4cb8-b64b-894ffb1b1f38?source=api-scan" ], "published": "2024-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b6021d2-cbfd-42d9-84d8-6db0f28828ff": { "id": "4b6021d2-cbfd-42d9-84d8-6db0f28828ff", "title": "Post Gallery <= 1.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Gallery", "slug": "post-gallery", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b6021d2-cbfd-42d9-84d8-6db0f28828ff?source=api-scan" ], "published": "2013-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b60c1e2-5a4b-4a7a-8224-f1afd3888e08": { "id": "4b60c1e2-5a4b-4a7a-8224-f1afd3888e08", "title": "Responsive Lightbox <= 2.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via name", "software": [ { "type": "plugin", "name": "Responsive Lightbox & Gallery", "slug": "responsive-lightbox", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b60c1e2-5a4b-4a7a-8224-f1afd3888e08?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b68e8d4-58d4-4753-bda3-60c0d874f822": { "id": "4b68e8d4-58d4-4753-bda3-60c0d874f822", "title": "YaySMTP \u2013 Simple WP SMTP Mail <= 2.2 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "YaySMTP \u2013 WP SMTP Plugin with Full Email Log & 15+ SMTP Services", "slug": "yaysmtp", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b68e8d4-58d4-4753-bda3-60c0d874f822?source=api-scan" ], "published": "2022-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b68eed4-0d2f-441b-88be-f0e4f5d35cff": { "id": "4b68eed4-0d2f-441b-88be-f0e4f5d35cff", "title": "GPT3 AI Content Writer <= 1.8.66 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI Power: Complete AI Pack", "slug": "gpt3-ai-content-generator", "affected_versions": { "* - 1.8.66": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.66", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b68eed4-0d2f-441b-88be-f0e4f5d35cff?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b6e1c70-a112-4564-9e18-bdc2a8028482": { "id": "4b6e1c70-a112-4564-9e18-bdc2a8028482", "title": "Print My Blog \u2013 Print, PDF, & eBook Converter WordPress Plugin <= 3.26.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Print My Blog \u2013 Print, PDF, & eBook Converter WordPress Plugin", "slug": "print-my-blog", "affected_versions": { "* - 3.26.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.26.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.26.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b6e1c70-a112-4564-9e18-bdc2a8028482?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b6f9700-eb29-4391-845c-58e1a2327b0b": { "id": "4b6f9700-eb29-4391-845c-58e1a2327b0b", "title": "WordPress Core < 5.2.3 - Open Redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.29": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.29", "to_inclusive": true }, "3.8 - 3.8.29": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.29", "to_inclusive": true }, "3.9 - 3.9.27": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.27", "to_inclusive": true }, "4.0 - 4.0.26": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true }, "4.1 - 4.1.26": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.26", "to_inclusive": true }, "4.2 - 4.2.23": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.23", "to_inclusive": true }, "4.3 - 4.3.19": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.19", "to_inclusive": true }, "4.4 - 4.4.18": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.18", "to_inclusive": true }, "4.5 - 4.5.17": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.17", "to_inclusive": true }, "4.6 - 4.6.13": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.8 - 4.8.9": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9 - 4.9.10": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true }, "5.0 - 5.0.5": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true }, "5.1 - 5.1.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true }, "5.2 - 5.2.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.30", "3.8.30", "3.9.28", "4.0.27", "4.1.27", "4.2.24", "4.3.20", "4.4.19", "4.5.18", "4.6.15", "4.7.14", "4.8.10", "4.9.11", "5.0.6", "5.1.2", "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b6f9700-eb29-4391-845c-58e1a2327b0b?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b704c42-181b-47cb-9df8-3b82f7b830e1": { "id": "4b704c42-181b-47cb-9df8-3b82f7b830e1", "title": "Appointment Booking Calendar <= 1.1.23 - SQL Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "[*, 1.1.24)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b704c42-181b-47cb-9df8-3b82f7b830e1?source=api-scan" ], "published": "2016-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b71b187-2e05-4bea-9177-cbf66fe08a44": { "id": "4b71b187-2e05-4bea-9177-cbf66fe08a44", "title": "RegistrationMagic - Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.2 - SQL Injection", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "[*, 4.6.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b71b187-2e05-4bea-9177-cbf66fe08a44?source=api-scan" ], "published": "2020-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b7c7416-16fb-4daf-8cc2-96571e1e24b2": { "id": "4b7c7416-16fb-4daf-8cc2-96571e1e24b2", "title": "Task Manager Pro <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Task Manager Pro - Task Management Plugin For Wordpress", "slug": "task-manager-pro", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b7c7416-16fb-4daf-8cc2-96571e1e24b2?source=api-scan" ], "published": "2017-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b85e583-7028-4de4-8634-a331ef38a22e": { "id": "4b85e583-7028-4de4-8634-a331ef38a22e", "title": "StatPressCN <= 1.9.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StatPressCN", "slug": "statpresscn", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b85e583-7028-4de4-8634-a331ef38a22e?source=api-scan" ], "published": "2011-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b864aa4-f7e0-4910-b950-ef8b1190c5ba": { "id": "4b864aa4-f7e0-4910-b950-ef8b1190c5ba", "title": "DirectoriesPro by SabaiApps <= 1.3.45 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "directories", "slug": "directories", "affected_versions": { "[*, 1.3.46)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.46", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b864aa4-f7e0-4910-b950-ef8b1190c5ba?source=api-scan" ], "published": "2020-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b88a8a9-d3e1-4c21-a4e8-d9afa34d7a2e": { "id": "4b88a8a9-d3e1-4c21-a4e8-d9afa34d7a2e", "title": "This Day In History <= 3.10.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "This Day In History", "slug": "this-day-in-history", "affected_versions": { "* - 3.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b88a8a9-d3e1-4c21-a4e8-d9afa34d7a2e?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b8d057b-1909-46d4-8e0a-d5c7c9f7001c": { "id": "4b8d057b-1909-46d4-8e0a-d5c7c9f7001c", "title": "Relevanssi <= 3.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b8d057b-1909-46d4-8e0a-d5c7c9f7001c?source=api-scan" ], "published": "2014-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b94f7ca-9848-4fd5-848b-e341258f9c47": { "id": "4b94f7ca-9848-4fd5-848b-e341258f9c47", "title": "Easy WP SMTP <= 1.2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy WP SMTP \u2013 WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more", "slug": "easy-wp-smtp", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b94f7ca-9848-4fd5-848b-e341258f9c47?source=api-scan" ], "published": "2017-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b9741c6-4038-45ad-a7b4-fa8f65664f4a": { "id": "4b9741c6-4038-45ad-a7b4-fa8f65664f4a", "title": "Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "[*, 2.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b9741c6-4038-45ad-a7b4-fa8f65664f4a?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b9aa41e-34bf-4bfb-a341-e101e3771f7a": { "id": "4b9aa41e-34bf-4bfb-a341-e101e3771f7a", "title": "PDF Viewer & 3D PDF Flipbook \u2013 DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Viewer & 3D PDF Flipbook \u2013 DearPDF", "slug": "dearpdf-lite", "affected_versions": { "* - 2.0.38": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.38", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b9aa41e-34bf-4bfb-a341-e101e3771f7a?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4b9abbf1-d9f5-4406-9d0c-bc2f9891d0e8": { "id": "4b9abbf1-d9f5-4406-9d0c-bc2f9891d0e8", "title": "WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Cookie Consent for WP \u2013 Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)", "slug": "gdpr-cookie-consent", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4b9abbf1-d9f5-4406-9d0c-bc2f9891d0e8?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ba28184-b5c3-4a5c-a376-29b3c6a2aa20": { "id": "4ba28184-b5c3-4a5c-a376-29b3c6a2aa20", "title": "Elementor Addon Elements <= 1.12.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ba3b414-82a0-4793-9702-cec64d92271e": { "id": "4ba3b414-82a0-4793-9702-cec64d92271e", "title": "WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-CommentNavi", "slug": "wp-commentnavi", "affected_versions": { "* - 1.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ba3b414-82a0-4793-9702-cec64d92271e?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ba3c70a-967f-4dc9-aaac-d13b11eb4711": { "id": "4ba3c70a-967f-4dc9-aaac-d13b11eb4711", "title": "themedropbox Themes <= Various Versions - Missing Authorization to Notice Dismissal", "software": [ { "type": "theme", "name": "Construction Landing Page", "slug": "construction-landing-page", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "theme", "name": "Metro Magazine", "slug": "metro-magazine", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] }, { "type": "theme", "name": "Bakes And Cakes", "slug": "bakes-and-cakes", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ba3c70a-967f-4dc9-aaac-d13b11eb4711?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ba416c5-47d6-4b05-8a31-af9137e04d2b": { "id": "4ba416c5-47d6-4b05-8a31-af9137e04d2b", "title": "Codup WooCommerce Dynamic Pricing Table View <= 1.2.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Codup WooCommerce Dynamic Pricing Table View", "slug": "codup-woocommerce-dynamic-pricing-table-view", "affected_versions": { "* - 1.2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ba416c5-47d6-4b05-8a31-af9137e04d2b?source=api-scan" ], "published": "2022-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4baa79da-ae4d-4e45-855f-8c7d713fb2f9": { "id": "4baa79da-ae4d-4e45-855f-8c7d713fb2f9", "title": "Special Box for Content <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Special Box for Content", "slug": "special-box-for-content", "affected_versions": { "* - 1": { "from_version": "*", "from_inclusive": true, "to_version": "1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4baa79da-ae4d-4e45-855f-8c7d713fb2f9?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4babd5e9-dfd6-4e6a-a517-6ce4f4d146f6": { "id": "4babd5e9-dfd6-4e6a-a517-6ce4f4d146f6", "title": "WP Job Manager - Resume Manager <= 2.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Job Manager - Resume Manager", "slug": "wp-job-manager-resumes", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4babd5e9-dfd6-4e6a-a517-6ce4f4d146f6?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4baf39fd-4191-47eb-9b37-cdf290d6345b": { "id": "4baf39fd-4191-47eb-9b37-cdf290d6345b", "title": "XYDAC Ultimate Taxonomy Manager <= 2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Taxonomy Manager", "slug": "ultimate-taxonomy-manager", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4baf39fd-4191-47eb-9b37-cdf290d6345b?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4baf9b27-a06e-412f-8227-6b418e709ff1": { "id": "4baf9b27-a06e-412f-8227-6b418e709ff1", "title": "Page Generator <= 1.6.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Generator", "slug": "page-generator", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4baf9b27-a06e-412f-8227-6b418e709ff1?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bc38197-3827-4c0e-a0a8-42d55f50605f": { "id": "4bc38197-3827-4c0e-a0a8-42d55f50605f", "title": "Uploading SVG, WEBP and ICO files <= 1.0.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Uploading SVG, WEBP and ICO files", "slug": "uploading-svgwebp-and-ico-files", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bc38197-3827-4c0e-a0a8-42d55f50605f?source=api-scan" ], "published": "2022-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bc3da9e-4b5f-4200-9df9-0ae953571377": { "id": "4bc3da9e-4b5f-4200-9df9-0ae953571377", "title": "Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta", "software": [ { "type": "theme", "name": "Porto", "slug": "porto", "affected_versions": { "* - 7.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bc3da9e-4b5f-4200-9df9-0ae953571377?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bc4ba2c-32eb-46c5-bb40-7c0150fc1ca4": { "id": "4bc4ba2c-32eb-46c5-bb40-7c0150fc1ca4", "title": "Social Warfare <= 4.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Social Warfare", "slug": "social-warfare", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bc4ba2c-32eb-46c5-bb40-7c0150fc1ca4?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bc58312-ef3d-487b-87fb-9a15a8c6559f": { "id": "4bc58312-ef3d-487b-87fb-9a15a8c6559f", "title": "CformsII <= 14.10.1 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "* - 14.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "14.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bc58312-ef3d-487b-87fb-9a15a8c6559f?source=api-scan" ], "published": "2010-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bca364b-c8dc-4c32-a640-0e9f3155a40f": { "id": "4bca364b-c8dc-4c32-a640-0e9f3155a40f", "title": "Mimetic Books <= 0.2.13 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mimetic Books", "slug": "mimetic-books", "affected_versions": { "* - 0.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bca364b-c8dc-4c32-a640-0e9f3155a40f?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bce4f04-e622-468a-ac7e-5903ad50cc13": { "id": "4bce4f04-e622-468a-ac7e-5903ad50cc13", "title": "BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password", "software": [ { "type": "plugin", "name": "BackWPup \u2013 WordPress Backup & Restore Plugin", "slug": "backwpup", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bce4f04-e622-468a-ac7e-5903ad50cc13?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bd169bc-1538-400f-b2cd-0bbcf1fea7ee": { "id": "4bd169bc-1538-400f-b2cd-0bbcf1fea7ee", "title": "BuddyPress <= 6.3.0 - Insufficient Input Validation", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "[*, 6.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bd169bc-1538-400f-b2cd-0bbcf1fea7ee?source=api-scan" ], "published": "2020-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bd90ca2-85ae-42e3-b2a0-fae6ec28d6b3": { "id": "4bd90ca2-85ae-42e3-b2a0-fae6ec28d6b3", "title": "WP Photo Album Plus < 5.0.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "[*, 5.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bd90ca2-85ae-42e3-b2a0-fae6ec28d6b3?source=api-scan" ], "published": "2013-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bd9dfe6-a88c-4fe5-bf4c-91c4d950f5ab": { "id": "4bd9dfe6-a88c-4fe5-bf4c-91c4d950f5ab", "title": "WP Flow Plus <= 5.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Flow Plus", "slug": "wp-imageflow2", "affected_versions": { "* - 5.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bd9dfe6-a88c-4fe5-bf4c-91c4d950f5ab?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4be58bfa-d489-45f5-9169-db8bab718175": { "id": "4be58bfa-d489-45f5-9169-db8bab718175", "title": "WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter", "software": [ { "type": "plugin", "name": "WordPress Automatic Plugin", "slug": "wp-automatic", "affected_versions": { "* - 3.94.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.94.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.95.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4be58bfa-d489-45f5-9169-db8bab718175?source=api-scan" ], "published": "2024-05-17 17:27:27", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4be5c7d7-47dd-42ee-9cde-9e9ad6276e41": { "id": "4be5c7d7-47dd-42ee-9cde-9e9ad6276e41", "title": "LayerSlider <= 4.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4be5c7d7-47dd-42ee-9cde-9e9ad6276e41?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4beafd91-1b89-484b-8053-b1bffdaf163a": { "id": "4beafd91-1b89-484b-8053-b1bffdaf163a", "title": "Aspose.Words \u2013 Import and Export word documents < 2.0 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "Aspose.Words \u2013 Import and Export word documents", "slug": "aspose-doc-exporter", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4beafd91-1b89-484b-8053-b1bffdaf163a?source=api-scan" ], "published": "2015-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bfa2246-41a8-4d06-8dc9-57fc4be8e1c4": { "id": "4bfa2246-41a8-4d06-8dc9-57fc4be8e1c4", "title": "IMDB Profile Widget < 1.0.9 - Local File Inclusion", "software": [ { "type": "plugin", "name": "IMDB Profile Widget", "slug": "imdb-widget", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bfa2246-41a8-4d06-8dc9-57fc4be8e1c4?source=api-scan" ], "published": "2016-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4bfde95b-70bf-4445-a8b0-53dbdc5d2334": { "id": "4bfde95b-70bf-4445-a8b0-53dbdc5d2334", "title": "Advanced Woo Labels <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Woo Labels \u2013 Product Labels for WooCommerce", "slug": "advanced-woo-labels", "affected_versions": { "* - 2.01": { "from_version": "*", "from_inclusive": true, "to_version": "2.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4bfde95b-70bf-4445-a8b0-53dbdc5d2334?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c046e0c-32d2-47d1-9890-d05d69217161": { "id": "4c046e0c-32d2-47d1-9890-d05d69217161", "title": "Custom Product List Table <= 3.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Product List Table", "slug": "custom-product-list-table", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c046e0c-32d2-47d1-9890-d05d69217161?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c0cbf44-f6b4-408d-9a96-98f45d890822": { "id": "4c0cbf44-f6b4-408d-9a96-98f45d890822", "title": "Laposta Signup Embed <= 1.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Laposta Signup Embed", "slug": "laposta-signup-embed", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c0cbf44-f6b4-408d-9a96-98f45d890822?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c1203ce-7582-447f-b011-905b274e1e20": { "id": "4c1203ce-7582-447f-b011-905b274e1e20", "title": "Quiz And Survey Master <= 7.3.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c1203ce-7582-447f-b011-905b274e1e20?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c1d49d0-c9aa-401c-80b9-d4df7fe97691": { "id": "4c1d49d0-c9aa-401c-80b9-d4df7fe97691", "title": "FOX \u2013 Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.4.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c1d49d0-c9aa-401c-80b9-d4df7fe97691?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c1f4487-c684-4602-9b93-e547e2d38a64": { "id": "4c1f4487-c684-4602-9b93-e547e2d38a64", "title": "WordPress Core < 4.3.1 - Cross-Site Scripting via Shortcodes", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.10": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.10", "to_inclusive": true }, "3.8 - 3.8.10": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.10", "to_inclusive": true }, "3.9 - 3.9.8": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true }, "4.0 - 4.0.7": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true }, "4.1 - 4.1.7": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true }, "4.2 - 4.2.4": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.4", "to_inclusive": true }, "4.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.11", "3.8.11", "3.9.9", "4.0.8", "4.1.8", "4.2.5", "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c1f4487-c684-4602-9b93-e547e2d38a64?source=api-scan" ], "published": "2015-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c20db2d-f73d-4e52-a275-ab1975ae4b17": { "id": "4c20db2d-f73d-4e52-a275-ab1975ae4b17", "title": "YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c20db2d-f73d-4e52-a275-ab1975ae4b17?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c293c3a-383d-4e3c-bf1b-4d64e9cd3eb5": { "id": "4c293c3a-383d-4e3c-bf1b-4d64e9cd3eb5", "title": "WP Login and Logout Redirect <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Login and Logout Redirect", "slug": "wp-login-and-logout-redirect", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c293c3a-383d-4e3c-bf1b-4d64e9cd3eb5?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c298a24-b68b-450e-b823-f91841046783": { "id": "4c298a24-b68b-450e-b823-f91841046783", "title": "3CX Live Chat <= 9.4.2 - Local File Inclusion", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 9.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c298a24-b68b-450e-b823-f91841046783?source=api-scan" ], "published": "2022-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c2a88c3-5c11-4b42-b8f8-aafecf6c4c74": { "id": "4c2a88c3-5c11-4b42-b8f8-aafecf6c4c74", "title": "tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c2a88c3-5c11-4b42-b8f8-aafecf6c4c74?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c2ce765-018a-4292-b150-7905723d1335": { "id": "4c2ce765-018a-4292-b150-7905723d1335", "title": "GamiPress <= 2.5.6 - Missing Authorization to User Points Updates", "software": [ { "type": "plugin", "name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", "slug": "gamipress", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c2ce765-018a-4292-b150-7905723d1335?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c306428-8880-483f-be3a-6f6b87e55eef": { "id": "4c306428-8880-483f-be3a-6f6b87e55eef", "title": "Zippy <= 1.6.1 - Authenticated (Contributor+) Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Zippy", "slug": "zippy", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c306428-8880-483f-be3a-6f6b87e55eef?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c30b925-47ca-4e14-a418-d9524648db2a": { "id": "4c30b925-47ca-4e14-a418-d9524648db2a", "title": "Orbit Fox by ThemeIsle <= 2.10.23 - Authenticated (Author+) Server-Side Request Forgery via URL", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "[*, 2.10.24)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c30b925-47ca-4e14-a418-d9524648db2a?source=api-scan" ], "published": "2023-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c332ba8-282e-484e-9ee2-a91c9255bad0": { "id": "4c332ba8-282e-484e-9ee2-a91c9255bad0", "title": "Appointment Hour Booking <= 1.3.71 - Missing Authorization", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "* - 1.3.71": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c332ba8-282e-484e-9ee2-a91c9255bad0?source=api-scan" ], "published": "2022-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c367565-75f7-4dd7-a2f1-111df581bd7a": { "id": "4c367565-75f7-4dd7-a2f1-111df581bd7a", "title": "Appointment Booking Calendar Plugin and Online Scheduling Plugin \u2013 BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "1.1.6 - 1.1.7": { "from_version": "1.1.6", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c367565-75f7-4dd7-a2f1-111df581bd7a?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c3789d0-6872-4691-94d9-58e1ac303c31": { "id": "4c3789d0-6872-4691-94d9-58e1ac303c31", "title": "WooCommerce Stripe Payment Gateway <= 7.4.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Stripe Payment Gateway", "slug": "woocommerce-gateway-stripe", "affected_versions": { "* - 7.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c3789d0-6872-4691-94d9-58e1ac303c31?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c3ee9fa-5d66-4f84-818f-ceec2f0c0b96": { "id": "4c3ee9fa-5d66-4f84-818f-ceec2f0c0b96", "title": "Tawk.To Live Chat <= 0.5.4 - Missing Authorization to Visitor Monitoring & Chat Removal", "software": [ { "type": "plugin", "name": "Tawk.To Live Chat", "slug": "tawkto-live-chat", "affected_versions": { "[*, 0.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c3ee9fa-5d66-4f84-818f-ceec2f0c0b96?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c425635-b1a1-4085-a68c-2c159a38623f": { "id": "4c425635-b1a1-4085-a68c-2c159a38623f", "title": "Track That Stat < 1.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "track-that-stat", "slug": "track-that-stat", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c425635-b1a1-4085-a68c-2c159a38623f?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c44c36a-c4c7-49c2-b750-1589e7840dde": { "id": "4c44c36a-c4c7-49c2-b750-1589e7840dde", "title": "AppPresser <= 4.2.5 - Insecure Password Reset Mechanism", "software": [ { "type": "plugin", "name": "AppPresser \u2013 Mobile App Framework", "slug": "apppresser", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c478d96-7735-4fbb-968b-4bd1d1268cd9": { "id": "4c478d96-7735-4fbb-968b-4bd1d1268cd9", "title": "WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Registration Form", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "[*, 6.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c478d96-7735-4fbb-968b-4bd1d1268cd9?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c4e1d2c-bb20-40b7-90a3-96df68d083b8": { "id": "4c4e1d2c-bb20-40b7-90a3-96df68d083b8", "title": "Gutenverse <= 1.8.5 - Missing Authorization via 'data\/update' API Endpoint", "software": [ { "type": "plugin", "name": "Gutenverse \u2013 Ultimate Block Addons and Page Builder for Site Editor", "slug": "gutenverse", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c4e1d2c-bb20-40b7-90a3-96df68d083b8?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c5b2ce5-d3bf-4412-b329-470a1115260b": { "id": "4c5b2ce5-d3bf-4412-b329-470a1115260b", "title": "Apollo13 Framework Extensions <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Apollo13 Framework Extensions", "slug": "apollo13-framework-extensions", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c5b2ce5-d3bf-4412-b329-470a1115260b?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c5dc3d9-cb4c-4ae1-b048-c7eea59cb229": { "id": "4c5dc3d9-cb4c-4ae1-b048-c7eea59cb229", "title": "Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Vimeography: Vimeo Video Gallery WordPress Plugin", "slug": "vimeography", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c5dc3d9-cb4c-4ae1-b048-c7eea59cb229?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c5dd7a4-0e9c-4e1e-8385-2e76b7b9b02e": { "id": "4c5dd7a4-0e9c-4e1e-8385-2e76b7b9b02e", "title": "Chocolate WP \u2013 Responsive Photography Theme (All Versions) - Full Path Disclosure", "software": [ { "type": "theme", "name": "Chocolate WP \u2013 Responsive Photography Theme | Photography", "slug": "dt-chocolate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c5dd7a4-0e9c-4e1e-8385-2e76b7b9b02e?source=api-scan" ], "published": "2013-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c65519c-06f6-4303-9d22-980dbe36f0b6": { "id": "4c65519c-06f6-4303-9d22-980dbe36f0b6", "title": "Builderall Builder for WordPress <= 2.0.1 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Builderall Builder for WordPress", "slug": "builderall-cheetah-for-wp", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c65519c-06f6-4303-9d22-980dbe36f0b6?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c659f6d-e02b-42ab-ba02-eb9b00602ad4": { "id": "4c659f6d-e02b-42ab-ba02-eb9b00602ad4", "title": "WP Activity Log Premium <= 4.5.0 - Cross-Site Request Forgery via ajax_switch_db", "software": [ { "type": "plugin", "name": "WP Activity Log Premium", "slug": "wp-security-audit-log-premium", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c659f6d-e02b-42ab-ba02-eb9b00602ad4?source=api-scan" ], "published": "2023-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c6e444a-3737-46ab-b5e8-b0c1f215050a": { "id": "4c6e444a-3737-46ab-b5e8-b0c1f215050a", "title": "WordPress Multisite User Sync\/Unsync (Premium) <= 2.1.1 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Multisite User Sync\/Unsync (Premium)", "slug": "wordpress-multisite-user-sync", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c6e444a-3737-46ab-b5e8-b0c1f215050a?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c6e6335-7f18-425a-bb86-7e4fc09dae86": { "id": "4c6e6335-7f18-425a-bb86-7e4fc09dae86", "title": "Spa and Salon <= 1.2.7 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Spa and Salon", "slug": "spa-and-salon", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c6e6335-7f18-425a-bb86-7e4fc09dae86?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c747e6f-31fc-41b0-ba62-f009b5483696": { "id": "4c747e6f-31fc-41b0-ba62-f009b5483696", "title": "simple-git < 3.15.0 - Remote Code Execution", "software": [ { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 4.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.1" ] }, { "type": "plugin", "name": "Simple Podcasting", "slug": "simple-podcasting", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Block for Apple Maps", "slug": "maps-block-apple", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "plugin", "name": "Autopost for X (formerly Autoshare for Twitter)", "slug": "autoshare-for-twitter", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c747e6f-31fc-41b0-ba62-f009b5483696?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c7fa6ca-a573-4c84-af44-d9d799741728": { "id": "4c7fa6ca-a573-4c84-af44-d9d799741728", "title": "Easy Pie Coming Soon < 1.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EZP Coming Soon Page", "slug": "easy-pie-coming-soon", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c7fa6ca-a573-4c84-af44-d9d799741728?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c836671-f488-40d9-81b6-e4cd32d0606c": { "id": "4c836671-f488-40d9-81b6-e4cd32d0606c", "title": "Laybuy Payment Extension for WooCommerce <= 5.3.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Laybuy Payment Extension for WooCommerce", "slug": "laybuy-gateway-for-woocommerce", "affected_versions": { "* - 5.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c836671-f488-40d9-81b6-e4cd32d0606c?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c8971e0-befd-47ac-8cb5-064f9cd757d7": { "id": "4c8971e0-befd-47ac-8cb5-064f9cd757d7", "title": "Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.19.20": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c8971e0-befd-47ac-8cb5-064f9cd757d7?source=api-scan" ], "published": "2024-07-16 18:33:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c8f1c29-b99d-4af0-9cc4-5d6179529ab4": { "id": "4c8f1c29-b99d-4af0-9cc4-5d6179529ab4", "title": "Infographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update", "software": [ { "type": "plugin", "name": "AI Infographic Maker", "slug": "infographic-and-list-builder-ilist", "affected_versions": { "* - 4.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c8f1c29-b99d-4af0-9cc4-5d6179529ab4?source=api-scan" ], "published": "2024-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c91caaa-9bdd-4170-98f1-0d686d3ffcba": { "id": "4c91caaa-9bdd-4170-98f1-0d686d3ffcba", "title": "Laybuy Payment Extension for WooCommerce <= 5.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Laybuy Payment Extension for WooCommerce", "slug": "laybuy-gateway-for-woocommerce", "affected_versions": { "* - 5.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c91caaa-9bdd-4170-98f1-0d686d3ffcba?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c929ac5-bd12-4aa3-8797-96ad140daf3e": { "id": "4c929ac5-bd12-4aa3-8797-96ad140daf3e", "title": "Demo Awesome <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Demo Awesome", "slug": "demo-awesome", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c929ac5-bd12-4aa3-8797-96ad140daf3e?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c953a46-d2ae-41f7-a940-d23b011d9eca": { "id": "4c953a46-d2ae-41f7-a940-d23b011d9eca", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'SaveSettings' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c953a46-d2ae-41f7-a940-d23b011d9eca?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c956651-4f5e-4e2d-a0f2-b02d4f25bd68": { "id": "4c956651-4f5e-4e2d-a0f2-b02d4f25bd68", "title": "Accordion and Accordion Slider <= 1.2.4 - Missing Authorization via 'wp_aas_get_attachment_edit_form' and 'wp_aas_save_attachment_data'", "software": [ { "type": "plugin", "name": "Accordion and Accordion Slider", "slug": "accordion-and-accordion-slider", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c956651-4f5e-4e2d-a0f2-b02d4f25bd68?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c9aabb6-d17c-4845-ae1b-6ee3d8b9bfb1": { "id": "4c9aabb6-d17c-4845-ae1b-6ee3d8b9bfb1", "title": "SB Uploader <= 4.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "SB Uploader", "slug": "sb-uploader", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c9aabb6-d17c-4845-ae1b-6ee3d8b9bfb1?source=api-scan" ], "published": "2012-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4c9cbe99-699a-4812-a8ae-aefd2b1e2c00": { "id": "4c9cbe99-699a-4812-a8ae-aefd2b1e2c00", "title": "WP Import Export Lite & WP Import Export <= 3.9.15 - Unauthenticated Sensitive Data Disclosure", "software": [ { "type": "plugin", "name": "WP Import Export Lite", "slug": "wp-import-export-lite", "affected_versions": { "* - 3.9.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4c9cbe99-699a-4812-a8ae-aefd2b1e2c00?source=api-scan" ], "published": "2022-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ca4fa28-53b0-4bc4-99f8-fa6dfa14d500": { "id": "4ca4fa28-53b0-4bc4-99f8-fa6dfa14d500", "title": "Email Log <= 2.4.6 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Email Log", "slug": "email-log", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ca4fa28-53b0-4bc4-99f8-fa6dfa14d500?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cab3c9c-39c6-4279-9573-858b0592c3fa": { "id": "4cab3c9c-39c6-4279-9573-858b0592c3fa", "title": "WP-Cirrus <= 0.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Cirrus", "slug": "wp-cirrus", "affected_versions": { "* - 0.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cab3c9c-39c6-4279-9573-858b0592c3fa?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cb02d7c-5014-46e9-9d4c-c207e58a1b0b": { "id": "4cb02d7c-5014-46e9-9d4c-c207e58a1b0b", "title": "Contact Form Submissions <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Submissions", "slug": "contact-form-submissions", "affected_versions": { "[*, 1.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cb02d7c-5014-46e9-9d4c-c207e58a1b0b?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cb3d2d4-256c-4128-9397-8b9c7be1b9c8": { "id": "4cb3d2d4-256c-4128-9397-8b9c7be1b9c8", "title": "Pricing Table <= 2.0.1 - Cross-Site Request Forgery via ajax()", "software": [ { "type": "plugin", "name": "Pricing Table", "slug": "elfsight-pricing-table", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cb3d2d4-256c-4128-9397-8b9c7be1b9c8?source=api-scan" ], "published": "2024-07-08 20:07:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cb3f111-4ac3-4c57-aa62-569b71143fec": { "id": "4cb3f111-4ac3-4c57-aa62-569b71143fec", "title": "Landing Page Builder <= 1.4.9.8.9 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Landing Page Builder \u2013 Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages", "slug": "page-builder-add", "affected_versions": { "* - 1.4.9.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cb3f111-4ac3-4c57-aa62-569b71143fec?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cb5d487-0f22-4a34-8558-fe06c19a375b": { "id": "4cb5d487-0f22-4a34-8558-fe06c19a375b", "title": "PZ Frontend Manager <= 1.0.5 - Cross-Site Request Forgery to Profile Picture Update", "software": [ { "type": "plugin", "name": "PZ Frontend Manager", "slug": "pz-frontend-manager", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cb5d487-0f22-4a34-8558-fe06c19a375b?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cb77a63-360b-4917-8a3c-263f5282742c": { "id": "4cb77a63-360b-4917-8a3c-263f5282742c", "title": "Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Pricing Deals for WooCommerce", "slug": "pricing-deals-for-woocommerce", "affected_versions": { "* - 2.0.2.02": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cb77a63-360b-4917-8a3c-263f5282742c?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cbbedcb-52dd-44b9-a629-1da0a2552f13": { "id": "4cbbedcb-52dd-44b9-a629-1da0a2552f13", "title": "Ovic Responsive WPBakery <= 1.2.8 - Authenticated (Subscriber+) Arbitrary Option Update", "software": [ { "type": "plugin", "name": "Ovic Responsive WPBakery", "slug": "ovic-vc-addon", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cbbedcb-52dd-44b9-a629-1da0a2552f13?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cc5c663-d1e3-4656-ac69-0d610eeaf774": { "id": "4cc5c663-d1e3-4656-ac69-0d610eeaf774", "title": "VS Contact Form <= 14.7 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "VS Contact Form", "slug": "very-simple-contact-form", "affected_versions": { "* - 14.7": { "from_version": "*", "from_inclusive": true, "to_version": "14.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cc5c663-d1e3-4656-ac69-0d610eeaf774?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ccc8f3b-9028-45db-8db2-574736fe3ccb": { "id": "4ccc8f3b-9028-45db-8db2-574736fe3ccb", "title": "WordPress Download Manager < 3.1.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.1.22)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ccc8f3b-9028-45db-8db2-574736fe3ccb?source=api-scan" ], "published": "2021-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cd82b65-eadd-4a81-a8e4-72ce58dd360d": { "id": "4cd82b65-eadd-4a81-a8e4-72ce58dd360d", "title": "iPages Flipbook <= 1.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "iPages Flipbook For WordPress", "slug": "ipages-flipbook", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cd82b65-eadd-4a81-a8e4-72ce58dd360d?source=api-scan" ], "published": "2022-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cdd4bae-b9ee-4d87-acca-38886f499dcf": { "id": "4cdd4bae-b9ee-4d87-acca-38886f499dcf", "title": "Smartsupp \u2013 live chat, chatbots, AI and lead generation <= 3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Smartsupp \u2013 live chat, chatbots, AI and lead generation", "slug": "smartsupp-live-chat", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cdd4bae-b9ee-4d87-acca-38886f499dcf?source=api-scan" ], "published": "2024-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ce32dcb-3b7b-433e-9add-512dc2f9f2d8": { "id": "4ce32dcb-3b7b-433e-9add-512dc2f9f2d8", "title": "Integration for Contact Form 7 HubSpot <=1.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "cf7-hubspot", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ce32dcb-3b7b-433e-9add-512dc2f9f2d8?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ce8258f-64f7-4d5e-870a-973500eed0eb": { "id": "4ce8258f-64f7-4d5e-870a-973500eed0eb", "title": "Easy Digital Downloads \u2013 Conditional Success Redirects < 1.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Conditional Success Redirects", "slug": "edd-conditional-success-redirects", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ce8258f-64f7-4d5e-870a-973500eed0eb?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ced42ce-2009-45f6-81c0-ad9e5a05b381": { "id": "4ced42ce-2009-45f6-81c0-ad9e5a05b381", "title": "Aspose.Words Exporter <= 6.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Aspose.Words \u2013 Import and Export word documents", "slug": "aspose-doc-exporter", "affected_versions": { "* - 6.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ced42ce-2009-45f6-81c0-ad9e5a05b381?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cf68644-d144-462f-adc7-687fac3ec412": { "id": "4cf68644-d144-462f-adc7-687fac3ec412", "title": "PDF.js Viewer <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "PDF.js Viewer", "slug": "pdfjs-viewer-shortcode", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cf68644-d144-462f-adc7-687fac3ec412?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cf894fd-37c7-4006-b868-d5d33f66cc5a": { "id": "4cf894fd-37c7-4006-b868-d5d33f66cc5a", "title": "Advanced Social Feeds Widget & Shortcode <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Social Feeds Widget & Shortcode", "slug": "advanced-facebook-twitter-widget", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cf894fd-37c7-4006-b868-d5d33f66cc5a?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cf89f94-587a-4fed-a6e4-3876b7dbc9ba": { "id": "4cf89f94-587a-4fed-a6e4-3876b7dbc9ba", "title": "Hide My WP Ghost \u2013 Security Plugin <= 5.0.18 - IP Address Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Hide My WP Ghost \u2013 Security & Firewall", "slug": "hide-my-wp", "affected_versions": { "* - 5.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cf89f94-587a-4fed-a6e4-3876b7dbc9ba?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cfdbf80-3733-4d5c-9bc6-01e543ee08b1": { "id": "4cfdbf80-3733-4d5c-9bc6-01e543ee08b1", "title": "Quiz And Survey Master <= 8.1.18 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cfdbf80-3733-4d5c-9bc6-01e543ee08b1?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4cfee2e2-3486-4be8-954f-6d7f9b6d54ec": { "id": "4cfee2e2-3486-4be8-954f-6d7f9b6d54ec", "title": "Classima < 2.1.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Classified Core", "slug": "classified-core", "affected_versions": { "[*, 1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10" ] }, { "type": "theme", "name": "Classima", "slug": "classima", "affected_versions": { "[*, 2.1.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.11" ] }, { "type": "plugin", "name": "Classified Listing Pro - Classified ads & Business Directory Plugin", "slug": "classified-listing-pro", "affected_versions": { "[*, 2.0.20)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.20" ] }, { "type": "plugin", "name": "Classified Listing \u2013 Classified ads & Business Directory Plugin", "slug": "classified-listing", "affected_versions": { "[*, 2.2.14)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.14" ] }, { "type": "plugin", "name": "Classified Listing Store", "slug": "classified-listing-store", "affected_versions": { "[*, 1.4.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4cfee2e2-3486-4be8-954f-6d7f9b6d54ec?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d052f3e-8554-43f0-a5ae-1de09c198d7b": { "id": "4d052f3e-8554-43f0-a5ae-1de09c198d7b", "title": "Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Stripe Payment Plugin for WooCommerce", "slug": "payment-gateway-stripe-and-woocommerce-integration", "affected_versions": { "* - 3.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=api-scan" ], "published": "2023-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d10d609-eb0f-492a-be87-2ac7db9c63b4": { "id": "4d10d609-eb0f-492a-be87-2ac7db9c63b4", "title": "Client Portal : SuiteDash Direct Login <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Client Portal : SuiteDash Direct Login", "slug": "client-portal-suitedash-login", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d10d609-eb0f-492a-be87-2ac7db9c63b4?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d13ae87-f632-4eb0-bc71-5132ba6a9b13": { "id": "4d13ae87-f632-4eb0-bc71-5132ba6a9b13", "title": "AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt <= 1.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt", "slug": "adfoxly", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d13ae87-f632-4eb0-bc71-5132ba6a9b13?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d1512c2-75c1-405b-8bb4-f42ec69159a7": { "id": "4d1512c2-75c1-405b-8bb4-f42ec69159a7", "title": "Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Auto Featured Image", "slug": "auto-featured-image", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d1512c2-75c1-405b-8bb4-f42ec69159a7?source=api-scan" ], "published": "2024-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d153095-9f72-438e-84bb-07a5ad7bdb48": { "id": "4d153095-9f72-438e-84bb-07a5ad7bdb48", "title": "Careerfy <= 4.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "[*, 4.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d153095-9f72-438e-84bb-07a5ad7bdb48?source=api-scan" ], "published": "2020-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d154587-e396-45ba-80ad-b532b612823a": { "id": "4d154587-e396-45ba-80ad-b532b612823a", "title": "Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form", "software": [ { "type": "plugin", "name": "Change Table Prefix", "slug": "change-table-prefix", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d154587-e396-45ba-80ad-b532b612823a?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d1c6daf-1799-4f8a-81e3-ef3968f41b8e": { "id": "4d1c6daf-1799-4f8a-81e3-ef3968f41b8e", "title": "Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gravity Forms Toolbar", "slug": "gravity-forms-toolbar", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d1c6daf-1799-4f8a-81e3-ef3968f41b8e?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d1e9de3-da94-4f90-b72a-b38d5d131246": { "id": "4d1e9de3-da94-4f90-b72a-b38d5d131246", "title": "Floating Social Bar <= 1.1.6 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Social Bar", "slug": "floating-social-bar", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d1e9de3-da94-4f90-b72a-b38d5d131246?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d21febd-e206-4f7c-a6a2-0fa65150ed29": { "id": "4d21febd-e206-4f7c-a6a2-0fa65150ed29", "title": "Portfolio for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Portfolio for Elementor & Image Gallery | PowerFolio", "slug": "portfolio-elementor", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d21febd-e206-4f7c-a6a2-0fa65150ed29?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d246a99-fd92-4132-9576-efa065a58f59": { "id": "4d246a99-fd92-4132-9576-efa065a58f59", "title": "WP Meteor Page Speed Optimization Topping <= 3.1.4 - Cross-Site Request Forgery via processAjaxNoticeDismiss", "software": [ { "type": "plugin", "name": "WP Meteor Website Speed Optimization Addon", "slug": "wp-meteor", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d246a99-fd92-4132-9576-efa065a58f59?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d252639-8cbe-4c62-9218-ebdcbaf98393": { "id": "4d252639-8cbe-4c62-9218-ebdcbaf98393", "title": "Twitget < 3.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Twitget", "slug": "twitget", "affected_versions": { "[*, 3.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d252639-8cbe-4c62-9218-ebdcbaf98393?source=api-scan" ], "published": "2014-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d265120-992b-4138-b77a-1cf529e4d742": { "id": "4d265120-992b-4138-b77a-1cf529e4d742", "title": "Haxcan <= 1.0.0 - Authenticated (Admin+) Path Traversal to Arbitrary File Read", "software": [ { "type": "plugin", "name": "Haxcan", "slug": "haxcan", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d265120-992b-4138-b77a-1cf529e4d742?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d2b8bc2-68c2-40aa-b8b0-a0584549f303": { "id": "4d2b8bc2-68c2-40aa-b8b0-a0584549f303", "title": "Secure HTML5 Video Player < 3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure HTML5 Video Player", "slug": "secure-html5-video-player", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d2b8bc2-68c2-40aa-b8b0-a0584549f303?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d3191b0-829f-4d35-b8f6-323e7ea6f80b": { "id": "4d3191b0-829f-4d35-b8f6-323e7ea6f80b", "title": "WordPress Core < 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.8": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.8", "to_inclusive": true }, "3.8 - 3.8.8": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.8", "to_inclusive": true }, "3.9 - 3.9.6": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true }, "4.0 - 4.0.5": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true }, "4.1 - 4.1.5": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true }, "4.2 - 4.2.2": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.9", "3.8.9", "3.9.7", "4.0.6", "4.1.6", "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d3191b0-829f-4d35-b8f6-323e7ea6f80b?source=api-scan" ], "published": "2015-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d32eae6-f49f-403b-b295-c72b1486c71c": { "id": "4d32eae6-f49f-403b-b295-c72b1486c71c", "title": "Greenmart <= 2.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "GreenMart \u2013 Organic & Food WooCommerce WordPress Theme", "slug": "greenmart", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d32eae6-f49f-403b-b295-c72b1486c71c?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d357096-25da-4cbf-9c6c-261bf1b29a9f": { "id": "4d357096-25da-4cbf-9c6c-261bf1b29a9f", "title": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer", "slug": "smartcrawl-seo", "affected_versions": { "* - 3.10.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d357096-25da-4cbf-9c6c-261bf1b29a9f?source=api-scan" ], "published": "2024-07-09 19:53:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d38167c-47f8-473c-94de-91d9b439ddde": { "id": "4d38167c-47f8-473c-94de-91d9b439ddde", "title": "Indeed Membership Pro <= 7.5 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d38167c-47f8-473c-94de-91d9b439ddde?source=api-scan" ], "published": "2019-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d3858f5-3f13-400c-acf4-eb3dc3a43308": { "id": "4d3858f5-3f13-400c-acf4-eb3dc3a43308", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d3b1a76-febc-4037-b31e-5987f8a23e92": { "id": "4d3b1a76-febc-4037-b31e-5987f8a23e92", "title": "Loco Translate <= 2.6.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Loco Translate", "slug": "loco-translate", "affected_versions": { "[*, 2.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d3b1a76-febc-4037-b31e-5987f8a23e92?source=api-scan" ], "published": "2022-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d3e6c49-e686-463c-bc50-b0ce94702075": { "id": "4d3e6c49-e686-463c-bc50-b0ce94702075", "title": "Authorize.net Add-on for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Authorize.net Add-on for iThemes Exchange", "slug": "exchange-addon-authorize-net", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d3e6c49-e686-463c-bc50-b0ce94702075?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d3fd9b8-b9b7-4884-9188-6bf255058323": { "id": "4d3fd9b8-b9b7-4884-9188-6bf255058323", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.3.58 - SQL Injection", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "* - 1.3.58": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.58", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d3fd9b8-b9b7-4884-9188-6bf255058323?source=api-scan" ], "published": "2014-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d419d9e-73c5-4d14-8da0-27a90924e0b5": { "id": "4d419d9e-73c5-4d14-8da0-27a90924e0b5", "title": "Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation", "slug": "menu-ordering-reservations", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d419d9e-73c5-4d14-8da0-27a90924e0b5?source=api-scan" ], "published": "2024-06-14 17:29:31", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d425843-a68e-40fd-93de-04c1c46af88f": { "id": "4d425843-a68e-40fd-93de-04c1c46af88f", "title": "OAuth Server <= 4.3.3 - Open Redirect", "software": [ { "type": "plugin", "name": "WP OAuth Server (OAuth Authentication)", "slug": "oauth2-provider", "affected_versions": { "* - 4.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d425843-a68e-40fd-93de-04c1c46af88f?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d4568c8-f58c-4c37-94b9-6154e5c46928": { "id": "4d4568c8-f58c-4c37-94b9-6154e5c46928", "title": "EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d4568c8-f58c-4c37-94b9-6154e5c46928?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d4ce8ce-2630-4f8b-9438-38c6b7b0caa9": { "id": "4d4ce8ce-2630-4f8b-9438-38c6b7b0caa9", "title": "BSK Forms Blacklist <= 3.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BSK Forms Blacklist", "slug": "bsk-gravityforms-blacklist", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d4ce8ce-2630-4f8b-9438-38c6b7b0caa9?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d4d0176-3b7d-4de5-95ec-365873e6f13b": { "id": "4d4d0176-3b7d-4de5-95ec-365873e6f13b", "title": "affiliate-toolkit \u2013 WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_product", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d4d0176-3b7d-4de5-95ec-365873e6f13b?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d565196-592d-415c-b37c-e54456aa9ed8": { "id": "4d565196-592d-415c-b37c-e54456aa9ed8", "title": "Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.975": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.975", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.976" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d565196-592d-415c-b37c-e54456aa9ed8?source=api-scan" ], "published": "2024-05-31 17:22:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d5a7f60-0850-4322-a7d8-8e5c144efe51": { "id": "4d5a7f60-0850-4322-a7d8-8e5c144efe51", "title": "WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 5.4.17": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d5a7f60-0850-4322-a7d8-8e5c144efe51?source=api-scan" ], "published": "2014-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d5b1a3d-ce7f-4d5d-b72b-61024d5c5378": { "id": "4d5b1a3d-ce7f-4d5d-b72b-61024d5c5378", "title": "Thrive Automator <= 1.17 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Thrive Automator", "slug": "thrive-automator", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.17.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d5b1a3d-ce7f-4d5d-b72b-61024d5c5378?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d5dcec8-fa36-43ab-9a35-0b391fe1d88e": { "id": "4d5dcec8-fa36-43ab-9a35-0b391fe1d88e", "title": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload", "software": [ { "type": "plugin", "name": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor", "slug": "post-and-page-builder", "affected_versions": { "* - 1.26.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d5dcec8-fa36-43ab-9a35-0b391fe1d88e?source=api-scan" ], "published": "2024-07-19 22:34:05", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d64253b-5803-470d-81ba-d5629406b019": { "id": "4d64253b-5803-470d-81ba-d5629406b019", "title": "Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber \u2013 MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber \u2013 MailOptin", "slug": "mailoptin", "affected_versions": { "* - 1.2.70.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.70.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.70.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d64253b-5803-470d-81ba-d5629406b019?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d64a157-8d9c-4c57-b7e2-2d253319da57": { "id": "4d64a157-8d9c-4c57-b7e2-2d253319da57", "title": "Copymatic \u2013 AI Content Writer & Generator <= 1.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Copymatic \u2013 AI Content Writer & Generator", "slug": "copymatic", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d64a157-8d9c-4c57-b7e2-2d253319da57?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d6c37ec-4a17-41b8-a29e-2a9adb382cea": { "id": "4d6c37ec-4a17-41b8-a29e-2a9adb382cea", "title": "Login Screen Manager <= 3.5.2 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login Screen Manager", "slug": "login-screen-manager", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d6c37ec-4a17-41b8-a29e-2a9adb382cea?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d6d394e-a8e7-4b12-b2ed-7d1495643106": { "id": "4d6d394e-a8e7-4b12-b2ed-7d1495643106", "title": "Toolset Types < 1.8.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Toolset Types \u2013 Custom Post Types, Custom Fields and Taxonomies", "slug": "types", "affected_versions": { "* - 1.8.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d6d394e-a8e7-4b12-b2ed-7d1495643106?source=api-scan" ], "published": "2015-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d6ddee9-d9c3-4cea-85f1-a1ddd101aac1": { "id": "4d6ddee9-d9c3-4cea-85f1-a1ddd101aac1", "title": "BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "BadgeOS", "slug": "badgeos", "affected_versions": { "* - 3.7.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d6ddee9-d9c3-4cea-85f1-a1ddd101aac1?source=api-scan" ], "published": "2022-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d6e9cb0-6b90-4a5b-8626-0b3f378fbc92": { "id": "4d6e9cb0-6b90-4a5b-8626-0b3f378fbc92", "title": "12 Step Meeting List <= 3.14.24 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "12 Step Meeting List", "slug": "12-step-meeting-list", "affected_versions": { "* - 3.14.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d6e9cb0-6b90-4a5b-8626-0b3f378fbc92?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d6ea02d-df63-476c-b205-fa64ada18db5": { "id": "4d6ea02d-df63-476c-b205-fa64ada18db5", "title": "WP Helper Premium <= 4.2.0 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Helper Premium", "slug": "wp-helper-lite", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d6ea02d-df63-476c-b205-fa64ada18db5?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d6f9c80-ef86-4910-a88e-98f2b444ee30": { "id": "4d6f9c80-ef86-4910-a88e-98f2b444ee30", "title": "PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render", "software": [ { "type": "plugin", "name": "PDF Viewer for Elementor", "slug": "pdf-viewer-for-elementor", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=api-scan" ], "published": "2024-06-17 14:20:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d70cd0a-5c30-4a9b-81e8-e465d1e8f2b0": { "id": "4d70cd0a-5c30-4a9b-81e8-e465d1e8f2b0", "title": "Login Page Styler <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All In One Custom Login Solutions \u2013 Custom Login Customizer \u2013 Hide Login URL \u2013 Rename Login \u2013 Google reCaptcha \u2013 Login Redirection \u2013 Login Menu \u2013 Login Logo \u2013 Login Security \u2013 Temporary Login access \u2013 Private Site \u2013 Customize Login design", "slug": "login-page-styler", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d70cd0a-5c30-4a9b-81e8-e465d1e8f2b0?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d72a57f-9acc-43e4-af81-024bc6e0d3fd": { "id": "4d72a57f-9acc-43e4-af81-024bc6e0d3fd", "title": "Image Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget", "software": [ { "type": "plugin", "name": "Image Hover Effects \u2013 Elementor Addon", "slug": "image-hover-effects-addon-for-elementor", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d72a57f-9acc-43e4-af81-024bc6e0d3fd?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d739821-569d-42d7-a4c5-70e32d5d41a1": { "id": "4d739821-569d-42d7-a4c5-70e32d5d41a1", "title": "The Plus Addons for Elementor Pro <= 5.2.8 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "* - 5.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d739821-569d-42d7-a4c5-70e32d5d41a1?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d79df74-bb28-412b-bba1-9f8a40ae981d": { "id": "4d79df74-bb28-412b-bba1-9f8a40ae981d", "title": "Appointment Booking Calendar <= 1.2.24 - SQL Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "* - 1.2.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d79df74-bb28-412b-bba1-9f8a40ae981d?source=api-scan" ], "published": "2016-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d7b8570-96d2-46dc-983c-3933c3fd74cb": { "id": "4d7b8570-96d2-46dc-983c-3933c3fd74cb", "title": "BP Group Documents <= 1.2.1 - Path Traversal", "software": [ { "type": "plugin", "name": "BP Group Documents", "slug": "bp-group-documents", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d7b8570-96d2-46dc-983c-3933c3fd74cb?source=api-scan" ], "published": "2013-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d7f4d17-8318-4ab3-b4a2-81d7a017c397": { "id": "4d7f4d17-8318-4ab3-b4a2-81d7a017c397", "title": "WP Event Manager <= 3.1.41 - Reflected Cross-Site Scripting via plugin", "software": [ { "type": "plugin", "name": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", "slug": "wp-event-manager", "affected_versions": { "* - 3.1.41": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d8056cb-58e5-468b-9316-c862c6d8c930": { "id": "4d8056cb-58e5-468b-9316-c862c6d8c930", "title": "WooFramework Tweaks <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooFramework Tweaks", "slug": "wooframework-tweaks", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d8056cb-58e5-468b-9316-c862c6d8c930?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d8bd9bc-5062-4966-bc44-bfe033d5fc9b": { "id": "4d8bd9bc-5062-4966-bc44-bfe033d5fc9b", "title": "WordPress Page Builder \u2013 Zion Builder <= 3.6.9 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Page Builder \u2013 Zion Builder", "slug": "zionbuilder", "affected_versions": { "* - 3.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d8bd9bc-5062-4966-bc44-bfe033d5fc9b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d8cfcdc-6258-4629-a3b4-d65e44ac82f1": { "id": "4d8cfcdc-6258-4629-a3b4-d65e44ac82f1", "title": "Mang Board WP <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mang Board WP", "slug": "mangboard", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d8cfcdc-6258-4629-a3b4-d65e44ac82f1?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d8d581c-8198-4431-a534-aac8f05750cb": { "id": "4d8d581c-8198-4431-a534-aac8f05750cb", "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.7.6 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d8d581c-8198-4431-a534-aac8f05750cb?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d8fb548-0737-4b69-bf64-838bfc6d409a": { "id": "4d8fb548-0737-4b69-bf64-838bfc6d409a", "title": "Themify Shortcodes <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Themify Shortcodes", "slug": "themify-shortcodes", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d8fb548-0737-4b69-bf64-838bfc6d409a?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d902dfe-f16d-4795-9fcf-ee454b3d8c56": { "id": "4d902dfe-f16d-4795-9fcf-ee454b3d8c56", "title": "Image Hover Effects Ultimate <= 9.7.0 - Reflected Cross-Site Scripting via effects", "software": [ { "type": "plugin", "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)", "slug": "image-hover-effects-ultimate", "affected_versions": { "* - 9.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d902dfe-f16d-4795-9fcf-ee454b3d8c56?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4d936a48-b300-4a41-8d28-ba34cb3c5cb7": { "id": "4d936a48-b300-4a41-8d28-ba34cb3c5cb7", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4da18aad-3c82-4bc6-8dad-523643c12d5b": { "id": "4da18aad-3c82-4bc6-8dad-523643c12d5b", "title": "WP Testimonials <= 1.4.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Testimonials", "slug": "testimonial-widgets", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4da18aad-3c82-4bc6-8dad-523643c12d5b?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4db1ee2b-d8ed-4f2a-8de5-81abeafa2f9d": { "id": "4db1ee2b-d8ed-4f2a-8de5-81abeafa2f9d", "title": "Rich Widget <= 0.2.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Rich Widget", "slug": "rich-widget", "affected_versions": { "* - 0.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4db1ee2b-d8ed-4f2a-8de5-81abeafa2f9d?source=api-scan" ], "published": "2012-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4db5d4ec-0f49-40fb-97b3-f0146cbbbe52": { "id": "4db5d4ec-0f49-40fb-97b3-f0146cbbbe52", "title": "WP-Members < 3.1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "[*, 3.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4db5d4ec-0f49-40fb-97b3-f0146cbbbe52?source=api-scan" ], "published": "2017-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dbaeabb-2610-4b24-8c47-a04b073bd290": { "id": "4dbaeabb-2610-4b24-8c47-a04b073bd290", "title": "WooCommerce <= 5.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 5.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dbaeabb-2610-4b24-8c47-a04b073bd290?source=api-scan" ], "published": "2021-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dbb0ca4-169a-4f51-a196-5f138744c54d": { "id": "4dbb0ca4-169a-4f51-a196-5f138744c54d", "title": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor Plugin <= 1.26.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor", "slug": "post-and-page-builder", "affected_versions": { "* - 1.26.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dbb0ca4-169a-4f51-a196-5f138744c54d?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dbba653-e23e-43e6-9dc5-83a6c99f8dc6": { "id": "4dbba653-e23e-43e6-9dc5-83a6c99f8dc6", "title": "Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zeno Font Resizer", "slug": "zeno-font-resizer", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dbba653-e23e-43e6-9dc5-83a6c99f8dc6?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dc39c47-3b99-4e43-b25d-a025f3d228b5": { "id": "4dc39c47-3b99-4e43-b25d-a025f3d228b5", "title": "SimpleShop <= 2.10.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "SimpleShop", "slug": "simpleshop-cz", "affected_versions": { "* - 2.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dc6e879-4ccf-485e-b02d-2b291e67df40": { "id": "4dc6e879-4ccf-485e-b02d-2b291e67df40", "title": "PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "PDF Invoices and Packing Slips For WooCommerce", "slug": "pdf-invoices-and-packing-slips-for-woocommerce", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dc6e879-4ccf-485e-b02d-2b291e67df40?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dc83aca-f533-4a8c-b12c-e21156ce6088": { "id": "4dc83aca-f533-4a8c-b12c-e21156ce6088", "title": "WP Event Manager <= 3.1.42 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", "slug": "wp-event-manager", "affected_versions": { "* - 3.1.42": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dc83aca-f533-4a8c-b12c-e21156ce6088?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dcb4afc-14e1-43ce-87c4-8f24f1a0d682": { "id": "4dcb4afc-14e1-43ce-87c4-8f24f1a0d682", "title": "Tutor LMS <= 2.7.3 - Authenticated (Instructor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dcb4afc-14e1-43ce-87c4-8f24f1a0d682?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dcc3f47-8504-4aa6-af60-03edeaa39fd7": { "id": "4dcc3f47-8504-4aa6-af60-03edeaa39fd7", "title": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX <= 4.0.4 - Authenticated (Contributor+) Stored Cross=Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dcc3f47-8504-4aa6-af60-03edeaa39fd7?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dcc6225-b47a-4184-a2f3-1292e5abe1bd": { "id": "4dcc6225-b47a-4184-a2f3-1292e5abe1bd", "title": "Nested Pages <= 3.1.20 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nested Pages", "slug": "wp-nested-pages", "affected_versions": { "[*, 3.1.21)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dcc6225-b47a-4184-a2f3-1292e5abe1bd?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dd3c146-534f-41be-b805-7eef2483614e": { "id": "4dd3c146-534f-41be-b805-7eef2483614e", "title": "ConvertKit <= 2.4.5 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Kit (formerly ConvertKit) \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages", "slug": "convertkit", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dd3c146-534f-41be-b805-7eef2483614e?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dd63ea6-7821-42b8-9b52-e721a8b2382d": { "id": "4dd63ea6-7821-42b8-9b52-e721a8b2382d", "title": "Quicksand Post Filter jQuery Plugin <= 3.1.1 - Cross-Site Request Forgery via renderAdmin", "software": [ { "type": "plugin", "name": "Quicksand Post Filter jQuery Plugin", "slug": "quicksand-jquery-post-filter", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dd63ea6-7821-42b8-9b52-e721a8b2382d?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dea175f-3728-4aee-9296-1bb595c83925": { "id": "4dea175f-3728-4aee-9296-1bb595c83925", "title": "bSuite <= 5 alpha 2 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bSuite", "slug": "bsuite", "affected_versions": { "* - 5 alpha 2": { "from_version": "*", "from_inclusive": true, "to_version": "5 alpha 2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5 alpha 3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dea175f-3728-4aee-9296-1bb595c83925?source=api-scan" ], "published": "2014-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4deae680-4829-4e24-b67b-4066ec9ce4da": { "id": "4deae680-4829-4e24-b67b-4066ec9ce4da", "title": "WordPress Core <= 2.0.5 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4deae680-4829-4e24-b67b-4066ec9ce4da?source=api-scan" ], "published": "2007-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4deb128d-0163-4a8e-9591-87352f74c3ef": { "id": "4deb128d-0163-4a8e-9591-87352f74c3ef", "title": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "2.0 - 2.13.9": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.13.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4deb128d-0163-4a8e-9591-87352f74c3ef?source=api-scan" ], "published": "2024-08-19 15:09:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4deb1527-0637-44f2-b336-d0cf2a48fa52": { "id": "4deb1527-0637-44f2-b336-d0cf2a48fa52", "title": "WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4deb1527-0637-44f2-b336-d0cf2a48fa52?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dec91d7-19cf-480d-871c-427cd1e691a6": { "id": "4dec91d7-19cf-480d-871c-427cd1e691a6", "title": "Awesome Support <= 6.1.4 - Missing Authorization via wpas_edit_reply_ajax()", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dec91d7-19cf-480d-871c-427cd1e691a6?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dee07a1-9f48-4e8f-89dc-99270f55f17c": { "id": "4dee07a1-9f48-4e8f-89dc-99270f55f17c", "title": "Env\u00edaloSimple: Email Marketing y Newsletters <= 2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Env\u00edaloSimple: Email Marketing y Newsletters", "slug": "envialosimple-email-marketing-y-newsletters-gratis", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dee07a1-9f48-4e8f-89dc-99270f55f17c?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4df635b8-4c56-4b24-8446-8e39e6fe7441": { "id": "4df635b8-4c56-4b24-8446-8e39e6fe7441", "title": "WordPress Core < 5.0.1 - Stored Cross-Site Scripting via File Uploads", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4df635b8-4c56-4b24-8446-8e39e6fe7441?source=api-scan" ], "published": "2018-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dfa825c-b0f7-4588-9bf8-cd186a5fc0ff": { "id": "4dfa825c-b0f7-4588-9bf8-cd186a5fc0ff", "title": "3D Tag Cloud <= 3.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3D Tag Cloud", "slug": "cardoza-3d-tag-cloud", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dfa825c-b0f7-4588-9bf8-cd186a5fc0ff?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4dfc237a-9157-4da9-ba8f-9daf2ba4f20b": { "id": "4dfc237a-9157-4da9-ba8f-9daf2ba4f20b", "title": "Contact Form and Calls To Action by vcita <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form and Calls To Action by vcita", "slug": "lead-capturing-call-to-actions-by-vcita", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4dfc237a-9157-4da9-ba8f-9daf2ba4f20b?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e03b0b9-861d-4909-8608-6378cd0b9176": { "id": "4e03b0b9-861d-4909-8608-6378cd0b9176", "title": "Hummingbird <= 3.9.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hummingbird Performance \u2013 Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN", "slug": "hummingbird-performance", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e03b0b9-861d-4909-8608-6378cd0b9176?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e0424f8-f60f-49c3-9969-a88c830dc0e2": { "id": "4e0424f8-f60f-49c3-9969-a88c830dc0e2", "title": "Robo Gallery <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e0424f8-f60f-49c3-9969-a88c830dc0e2?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e04b161-3cd0-454d-869c-56f42bd8afb0": { "id": "4e04b161-3cd0-454d-869c-56f42bd8afb0", "title": "Yoast SEO <= 22.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 22.5": { "from_version": "*", "from_inclusive": true, "to_version": "22.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "22.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e04b161-3cd0-454d-869c-56f42bd8afb0?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e054485-71cc-47c2-9bd6-4f060dc76738": { "id": "4e054485-71cc-47c2-9bd6-4f060dc76738", "title": "WPB Show Core <= 2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPB Show Core", "slug": "wpb-show-core", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e054485-71cc-47c2-9bd6-4f060dc76738?source=api-scan" ], "published": "2022-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e0ad29a-b7a0-407e-8fb0-0917b8671afb": { "id": "4e0ad29a-b7a0-407e-8fb0-0917b8671afb", "title": "Actueel Financieel Nieuws \u2013 Denk Internet Solutions <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Actueel Financieel Nieuws \u2013 Denk Internet Solutions", "slug": "denk-internet-solutions", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e0ad29a-b7a0-407e-8fb0-0917b8671afb?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e0d21e6-d8a2-44ab-87f3-9e5a16562020": { "id": "4e0d21e6-d8a2-44ab-87f3-9e5a16562020", "title": "Oceanwp sticky header <= 1.0.8 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Oceanwp sticky header", "slug": "sticky-header-oceanwp", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e0d21e6-d8a2-44ab-87f3-9e5a16562020?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e240c06-cc35-4f26-ae55-4dce60e5bec3": { "id": "4e240c06-cc35-4f26-ae55-4dce60e5bec3", "title": "Telegram Bot & Channel <= 3.8.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Telegram Bot & Channel", "slug": "telegram-bot", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e240c06-cc35-4f26-ae55-4dce60e5bec3?source=api-scan" ], "published": "2024-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e2527d4-750d-4e36-ae27-920105958c21": { "id": "4e2527d4-750d-4e36-ae27-920105958c21", "title": "Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.2.55)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.55", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e2527d4-750d-4e36-ae27-920105958c21?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e261b0e-5ca3-4f5c-acc0-41abee31b148": { "id": "4e261b0e-5ca3-4f5c-acc0-41abee31b148", "title": "BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset", "software": [ { "type": "plugin", "name": "BA Book Everything", "slug": "ba-book-everything", "affected_versions": { "* - 1.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e261b0e-5ca3-4f5c-acc0-41abee31b148?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e262772-06b7-4490-a342-5b1abc421b67": { "id": "4e262772-06b7-4490-a342-5b1abc421b67", "title": "BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BMI BMR Calculator", "slug": "bmi-bmr-calculator", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e262772-06b7-4490-a342-5b1abc421b67?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e285ce1-0896-4eef-aa83-59fb6641960b": { "id": "4e285ce1-0896-4eef-aa83-59fb6641960b", "title": "Quiz Maker <= 6.3.9.4 - Content Spoofing", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.3.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e285ce1-0896-4eef-aa83-59fb6641960b?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e30c4fd-91fd-4f05-85fa-73e445de3c6e": { "id": "4e30c4fd-91fd-4f05-85fa-73e445de3c6e", "title": "Link Library <= 5.9.12.29 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "[*, 5.9.12.30)": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.12.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9.12.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e30c4fd-91fd-4f05-85fa-73e445de3c6e?source=api-scan" ], "published": "2016-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e343489-4969-4a16-9741-34de93c8b06e": { "id": "4e343489-4969-4a16-9741-34de93c8b06e", "title": "ShareThis Dashboard for Google Analytics <= 3.1.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "ShareThis Dashboard for Google Analytics", "slug": "googleanalytics", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e343489-4969-4a16-9741-34de93c8b06e?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e361a98-94c5-4775-a306-b343997e1cde": { "id": "4e361a98-94c5-4775-a306-b343997e1cde", "title": "ThirstyAffiliates Affiliate Link Manager <= 3.10.4 - Authorization Bypass and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ThirstyAffiliates \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "thirstyaffiliates", "affected_versions": { "* - 3.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e361a98-94c5-4775-a306-b343997e1cde?source=api-scan" ], "published": "2022-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e376fce-48a7-4b33-8a5a-9402625d24c0": { "id": "4e376fce-48a7-4b33-8a5a-9402625d24c0", "title": "MapFig Studio <= 0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MapFig Studio", "slug": "mapfig-studio", "affected_versions": { "* - 0.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e376fce-48a7-4b33-8a5a-9402625d24c0?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e381ad7-efe6-48c4-af3a-22d01d73a065": { "id": "4e381ad7-efe6-48c4-af3a-22d01d73a065", "title": "Archivist \u2013 Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Archivist \u2013 Custom Archive Templates", "slug": "archivist-custom-archive-templates", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e381ad7-efe6-48c4-af3a-22d01d73a065?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e383235-8f61-46f2-bd54-cc41e3ec189e": { "id": "4e383235-8f61-46f2-bd54-cc41e3ec189e", "title": "MailerLite - Signup forms <= 1.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailerLite \u2013 Signup forms (official)", "slug": "official-mailerlite-sign-up-forms", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e383235-8f61-46f2-bd54-cc41e3ec189e?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e3931c2-c9b4-412e-941d-840c5bb9be89": { "id": "4e3931c2-c9b4-412e-941d-840c5bb9be89", "title": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly <= 14.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly", "slug": "bookly-responsive-appointment-booking-tool", "affected_versions": { "* - 14.5": { "from_version": "*", "from_inclusive": true, "to_version": "14.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e3931c2-c9b4-412e-941d-840c5bb9be89?source=api-scan" ], "published": "2018-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e3a6fe2-6292-44ff-8925-a4aeb77c2a7f": { "id": "4e3a6fe2-6292-44ff-8925-a4aeb77c2a7f", "title": "WordPress Core < 6.2.2 - Shortcode Execution in User Generated Content", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[5.9, 5.9.7)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.7", "to_inclusive": false }, "[6.0, 6.0.5)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": false }, "[6.1, 6.1.3)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": false }, "[6.2, 6.2.2)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9.7", "6.0.5", "6.1.3", "6.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e3a6fe2-6292-44ff-8925-a4aeb77c2a7f?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e3da1d3-5ec3-4f94-a834-3f3a6fc23f0a": { "id": "4e3da1d3-5ec3-4f94-a834-3f3a6fc23f0a", "title": "JS Job Manager <= 1.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "JS Job Manager", "slug": "js-jobs", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e3da1d3-5ec3-4f94-a834-3f3a6fc23f0a?source=api-scan" ], "published": "2018-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e3f4e4f-6781-4134-b0ba-3625d7009d0c": { "id": "4e3f4e4f-6781-4134-b0ba-3625d7009d0c", "title": "Crazy Bone <= 0.6.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crazy Bone", "slug": "crazy-bone", "affected_versions": { "* - 0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e3f4e4f-6781-4134-b0ba-3625d7009d0c?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e41a12d-44a6-4851-b72a-ffa65bbbeb0b": { "id": "4e41a12d-44a6-4851-b72a-ffa65bbbeb0b", "title": "WIP Custom Login <= 1.2.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WIP Custom Login", "slug": "wip-custom-login", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e41a12d-44a6-4851-b72a-ffa65bbbeb0b?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e481e81-f581-48f7-b699-0be85e099c84": { "id": "4e481e81-f581-48f7-b699-0be85e099c84", "title": "MAS Elementor <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MAS Elementor", "slug": "mas-addons-for-elementor", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e481e81-f581-48f7-b699-0be85e099c84?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e498706-3dbe-4c48-9c0d-0d90677aba0d": { "id": "4e498706-3dbe-4c48-9c0d-0d90677aba0d", "title": "Gift Up Gift Cards for WordPress and WooCommerce <= 2.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Gift Up Gift Cards for WordPress and WooCommerce", "slug": "gift-up", "affected_versions": { "* - 2.20.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e498706-3dbe-4c48-9c0d-0d90677aba0d?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e4a605e-542b-4001-84d8-0a0aad044798": { "id": "4e4a605e-542b-4001-84d8-0a0aad044798", "title": "Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple YouTube Responsive", "slug": "simple-youtube-responsive", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e4a605e-542b-4001-84d8-0a0aad044798?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e4f2725-6c93-40df-93ee-51997a4ad189": { "id": "4e4f2725-6c93-40df-93ee-51997a4ad189", "title": "Social Rocket <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Rocket \u2013 Social Sharing Plugin", "slug": "social-rocket", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e4f2725-6c93-40df-93ee-51997a4ad189?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e51eb56-e2f7-433c-8db7-bcf7539aee29": { "id": "4e51eb56-e2f7-433c-8db7-bcf7539aee29", "title": "Books & Papers <= 0.20210223 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Books & Papers", "slug": "books-papers", "affected_versions": { "* - 0.20210223": { "from_version": "*", "from_inclusive": true, "to_version": "0.20210223", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.20220219" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e51eb56-e2f7-433c-8db7-bcf7539aee29?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e534021-1c63-4db9-914b-7f9b3b613087": { "id": "4e534021-1c63-4db9-914b-7f9b3b613087", "title": "WP Hide <= 0.0.2 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Wp-Hide", "slug": "wp-hide", "affected_versions": { "* - 0.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e534021-1c63-4db9-914b-7f9b3b613087?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e54613a-24c7-4e2d-a14b-07912acfb69a": { "id": "4e54613a-24c7-4e2d-a14b-07912acfb69a", "title": "WP Consultant <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Consultant", "slug": "wp-consultant", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e54613a-24c7-4e2d-a14b-07912acfb69a?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e576c6e-6a9b-439d-bde3-8657435596f6": { "id": "4e576c6e-6a9b-439d-bde3-8657435596f6", "title": "Prenotazioni <= 1.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Prenotazioni", "slug": "prenotazioni", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e576c6e-6a9b-439d-bde3-8657435596f6?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e620ae8-03fc-43b5-8e8f-5b0884e8eefb": { "id": "4e620ae8-03fc-43b5-8e8f-5b0884e8eefb", "title": "RumbleTalk Live Group Chat \u2013 HTML5 <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RumbleTalk Live Group Chat \u2013 HTML5", "slug": "rumbletalk-chat-a-chat-with-themes", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e620ae8-03fc-43b5-8e8f-5b0884e8eefb?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e62f27b-c6b0-48ed-bfd7-a1893552eb3e": { "id": "4e62f27b-c6b0-48ed-bfd7-a1893552eb3e", "title": "Quiz Maker <= 6.5.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e62f27b-c6b0-48ed-bfd7-a1893552eb3e?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e648f65-3eeb-405d-b243-26354f3843c8": { "id": "4e648f65-3eeb-405d-b243-26354f3843c8", "title": "SEOPress \u2013 On-site SEO <= 8.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 8.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e648f65-3eeb-405d-b243-26354f3843c8?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e6654b6-90ae-4a5e-bff3-82848813872a": { "id": "4e6654b6-90ae-4a5e-bff3-82848813872a", "title": "WP Page Widget <= 3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Page Widget", "slug": "wp-page-widget", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e6654b6-90ae-4a5e-bff3-82848813872a?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e6a896c-9cca-4e4d-b26d-0103a8b39bf7": { "id": "4e6a896c-9cca-4e4d-b26d-0103a8b39bf7", "title": "Smart Forms <= 2.6.93 - Missing Authorization", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "* - 2.6.93": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e6a896c-9cca-4e4d-b26d-0103a8b39bf7?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e6b39da-26d4-4615-b6c7-68909bdf0a61": { "id": "4e6b39da-26d4-4615-b6c7-68909bdf0a61", "title": "Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Dynamically Register Sidebars", "slug": "dynamically-register-sidebars", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e6b39da-26d4-4615-b6c7-68909bdf0a61?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e6d4ad1-0fcc-43d9-b997-126782718c28": { "id": "4e6d4ad1-0fcc-43d9-b997-126782718c28", "title": "Short URL <= 1.6.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Short URL", "slug": "shorten-url", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e6d4ad1-0fcc-43d9-b997-126782718c28?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e6ef932-975c-423b-b780-b38449eec577": { "id": "4e6ef932-975c-423b-b780-b38449eec577", "title": "Loginizer <= 1.7.8 - Reflected Cross-Site Scripting via 'limit_session[count]'", "software": [ { "type": "plugin", "name": "Loginizer", "slug": "loginizer", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e6ef932-975c-423b-b780-b38449eec577?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e704333-ad88-42c9-b632-babc9d54cb13": { "id": "4e704333-ad88-42c9-b632-babc9d54cb13", "title": "Dynamic Visibility for Elementor <= 5.0.5 - Missing Authorization to Authenticated(Subscriber+) Post Visibility Modification", "software": [ { "type": "plugin", "name": "Dynamic Visibility for Elementor", "slug": "dynamic-visibility-for-elementor", "affected_versions": { "[*, 5.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e704333-ad88-42c9-b632-babc9d54cb13?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e780461-3fda-491d-ac77-dee52f8197b3": { "id": "4e780461-3fda-491d-ac77-dee52f8197b3", "title": "Insert Pages <= 3.6.1 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Insert Pages", "slug": "insert-pages", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e780461-3fda-491d-ac77-dee52f8197b3?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e7de990-4a6b-4bae-89a2-4a417071fe20": { "id": "4e7de990-4a6b-4bae-89a2-4a417071fe20", "title": "Template Kit \u2013 Export <= 1.0.21 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Template Kit \u2013 Export", "slug": "template-kit-export", "affected_versions": { "* - 1.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e7de990-4a6b-4bae-89a2-4a417071fe20?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e7f310e-1e10-44dd-9928-23e63af21fef": { "id": "4e7f310e-1e10-44dd-9928-23e63af21fef", "title": "Better Messages <= 1.9.10.68 - Authorization Bypass to Blocking Control Bypass", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "* - 1.9.10.68": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.10.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e7f310e-1e10-44dd-9928-23e63af21fef?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e81e947-4892-4028-8a09-6a048bf6a572": { "id": "4e81e947-4892-4028-8a09-6a048bf6a572", "title": "POEditor <= 0.9.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "POEditor", "slug": "poeditor", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e81e947-4892-4028-8a09-6a048bf6a572?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e835b97-c066-4e8f-b99f-1a930105af0c": { "id": "4e835b97-c066-4e8f-b99f-1a930105af0c", "title": "OMGF | GDPR\/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OMGF | GDPR\/DSGVO Compliant, Faster Google Fonts. Easy.", "slug": "host-webfonts-local", "affected_versions": { "* - 5.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e835b97-c066-4e8f-b99f-1a930105af0c?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e860293-0dfb-444f-a103-33942d9ff75c": { "id": "4e860293-0dfb-444f-a103-33942d9ff75c", "title": "MultiParcels Shipping For WooCommerce <= 1.15.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MultiParcels Shipping For WooCommerce", "slug": "multiparcels-shipping-for-woocommerce", "affected_versions": { "[*, 1.15.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.15.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e860293-0dfb-444f-a103-33942d9ff75c?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e8822cd-5ced-42d5-907e-72066d8fb835": { "id": "4e8822cd-5ced-42d5-907e-72066d8fb835", "title": "Elementor Website Builder <= 2.9.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 2.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e8822cd-5ced-42d5-907e-72066d8fb835?source=api-scan" ], "published": "2020-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e8ad3c1-549b-4401-8cf4-a8b7f81fbc11": { "id": "4e8ad3c1-549b-4401-8cf4-a8b7f81fbc11", "title": "wpDiscuz <= 7.6.3 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e8ad3c1-549b-4401-8cf4-a8b7f81fbc11?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e8b8689-ab6a-426b-9aba-4fa14c455ff1": { "id": "4e8b8689-ab6a-426b-9aba-4fa14c455ff1", "title": "Page Builder: Live Composer <= 1.5.38 - Missing Authorization", "software": [ { "type": "plugin", "name": "Live Composer \u2013 Free WordPress Website Builder", "slug": "live-composer-page-builder", "affected_versions": { "* - 1.5.38": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e8b8689-ab6a-426b-9aba-4fa14c455ff1?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e8c311e-7cf2-4aaf-8059-30f872475ee5": { "id": "4e8c311e-7cf2-4aaf-8059-30f872475ee5", "title": "Convertful \u2013 Your Ultimate On-Site Conversion Tool <= 2.5 - Missing Authorization via add_woo_coupon", "software": [ { "type": "plugin", "name": "Convertful \u2013 Your Ultimate On-Site Conversion Tool", "slug": "convertful", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e8c311e-7cf2-4aaf-8059-30f872475ee5?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e8ca12e-b7a7-416a-b37d-c1672375a52d": { "id": "4e8ca12e-b7a7-416a-b37d-c1672375a52d", "title": "OnePress <= 2.3.8 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "OnePress", "slug": "onepress", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e8ca12e-b7a7-416a-b37d-c1672375a52d?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e944a08-b6c1-456f-921a-501ab4b59f31": { "id": "4e944a08-b6c1-456f-921a-501ab4b59f31", "title": "phpinfo() WP <= 4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "phpinfo() WP", "slug": "phpinfo-wp", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e944a08-b6c1-456f-921a-501ab4b59f31?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e94683d-2cf3-4e43-8ab0-f797bfaaeee4": { "id": "4e94683d-2cf3-4e43-8ab0-f797bfaaeee4", "title": "Popup Maker <= 1.16.10 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.16.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e94683d-2cf3-4e43-8ab0-f797bfaaeee4?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e97e603-b864-41ef-98c8-b0304a72ec44": { "id": "4e97e603-b864-41ef-98c8-b0304a72ec44", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e97e603-b864-41ef-98c8-b0304a72ec44?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4e9c5e89-9ead-477b-980b-9e48969ad0cf": { "id": "4e9c5e89-9ead-477b-980b-9e48969ad0cf", "title": "Tajer <= 1.0.5 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Tajer", "slug": "tajer", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4e9c5e89-9ead-477b-980b-9e48969ad0cf?source=api-scan" ], "published": "2018-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ea2ed8b-b24a-4da2-9ee7-5a3a4a7a4280": { "id": "4ea2ed8b-b24a-4da2-9ee7-5a3a4a7a4280", "title": "HashThemes Demo Importer <= 1.1.1 - Missing Authorization to Database Wipe", "software": [ { "type": "plugin", "name": "HashThemes Demo Importer", "slug": "hashthemes-demo-importer", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ea2ed8b-b24a-4da2-9ee7-5a3a4a7a4280?source=api-scan" ], "published": "2021-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ea4ca00-185b-4f5d-9c5c-f81ba4edad05": { "id": "4ea4ca00-185b-4f5d-9c5c-f81ba4edad05", "title": "Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action", "software": [ { "type": "plugin", "name": "Easy Google Maps", "slug": "google-maps-easy", "affected_versions": { "* - 1.11.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ea634b5-72db-428c-96b4-15ef6025ab1d": { "id": "4ea634b5-72db-428c-96b4-15ef6025ab1d", "title": "Advanced Ads \u2013 Ad Manager & AdSense <= 1.52.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget", "software": [ { "type": "plugin", "name": "Advanced Ads \u2013\u00a0Ad Manager & AdSense", "slug": "advanced-ads", "affected_versions": { "* - 1.52.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.52.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.52.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ea634b5-72db-428c-96b4-15ef6025ab1d?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eab9a5e-ca51-4952-9fd4-3d0046402e29": { "id": "4eab9a5e-ca51-4952-9fd4-3d0046402e29", "title": "Modern Events Calendar Lite <= 6.1.0 - Reflected Cross-Site Scripting via current_month_divider parameter", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 6.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eab9a5e-ca51-4952-9fd4-3d0046402e29?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eaefe2d-b7f8-49ed-8ba1-833e888857b8": { "id": "4eaefe2d-b7f8-49ed-8ba1-833e888857b8", "title": "WP-RSS-Spreadshirt-3DCube-Gallery <= 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-RSS-Spreadshirt-3DCube-Gallery", "slug": "spreadshirt-rss-3d-cube-flash-gallery", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eaefe2d-b7f8-49ed-8ba1-833e888857b8?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eaf4c05-9393-4e44-abd1-8f529b7848b5": { "id": "4eaf4c05-9393-4e44-abd1-8f529b7848b5", "title": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eaf4c05-9393-4e44-abd1-8f529b7848b5?source=api-scan" ], "published": "2024-08-19 15:13:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eb296af-547a-44aa-b804-833204b75256": { "id": "4eb296af-547a-44aa-b804-833204b75256", "title": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eb296af-547a-44aa-b804-833204b75256?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eb4400d-d629-4c88-9ec5-06da9089f6d1": { "id": "4eb4400d-d629-4c88-9ec5-06da9089f6d1", "title": "Spam protection, AntiSpam, FireWall by CleanTalk <= 6.20 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "* - 6.20": { "from_version": "*", "from_inclusive": true, "to_version": "6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eb4400d-d629-4c88-9ec5-06da9089f6d1?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ebbe9a4-3769-4e05-9377-907b43e3fe10": { "id": "4ebbe9a4-3769-4e05-9377-907b43e3fe10", "title": "WP-EMail <= 2.67.2 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-EMail", "slug": "wp-email", "affected_versions": { "* - 2.67.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.67.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.67.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ebbe9a4-3769-4e05-9377-907b43e3fe10?source=api-scan" ], "published": "2016-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ebc8d0d-04b6-49a0-96c1-7c6d930009d8": { "id": "4ebc8d0d-04b6-49a0-96c1-7c6d930009d8", "title": "Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button Deletion", "software": [ { "type": "plugin", "name": "Read more By Adam", "slug": "read-more", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ebc8d0d-04b6-49a0-96c1-7c6d930009d8?source=api-scan" ], "published": "2024-10-11 16:35:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ec30511-40cb-433e-977c-df5be8c3d8f2": { "id": "4ec30511-40cb-433e-977c-df5be8c3d8f2", "title": "Photo Gallery by Ays \u2013 Responsive Image Gallery <= 4.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", "slug": "gallery-photo-gallery", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ec30511-40cb-433e-977c-df5be8c3d8f2?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f": { "id": "4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f", "title": "CHP Ads Block Detector <= 3.9.4 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "CHP Ads Block Detector", "slug": "chp-ads-block-detector", "affected_versions": { "* - 3.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ecf04a7-1f3c-41d6-a86b-282f020de088": { "id": "4ecf04a7-1f3c-41d6-a86b-282f020de088", "title": "NextGen Gallery <= 1.9.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ecf04a7-1f3c-41d6-a86b-282f020de088?source=api-scan" ], "published": "2012-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ed4dfee-5f14-47ce-abed-cd226c110665": { "id": "4ed4dfee-5f14-47ce-abed-cd226c110665", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ed4dfee-5f14-47ce-abed-cd226c110665?source=api-scan" ], "published": "2024-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ed50ad7-a31b-488e-85fc-ff521488f62a": { "id": "4ed50ad7-a31b-488e-85fc-ff521488f62a", "title": "Real Estate 7 WordPress Theme < 2.9.1 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Real Estate 7 WordPress", "slug": "realestate-7", "affected_versions": { "[*, 2.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ed50ad7-a31b-488e-85fc-ff521488f62a?source=api-scan" ], "published": "2019-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ed63724-c21f-4b0e-b595-e824d3519b21": { "id": "4ed63724-c21f-4b0e-b595-e824d3519b21", "title": "HT Portfolio <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "HT Portfolio \u2013 WordPress Portfolio Plugin for Elementor", "slug": "ht-portfolio", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ed63724-c21f-4b0e-b595-e824d3519b21?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ed7b13a-eec3-4035-8815-15228fb05af1": { "id": "4ed7b13a-eec3-4035-8815-15228fb05af1", "title": "Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution", "software": [ { "type": "plugin", "name": "Geo Controller", "slug": "cf-geoplugin", "affected_versions": { "* - 8.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "8.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ed7b13a-eec3-4035-8815-15228fb05af1?source=api-scan" ], "published": "2024-09-04 21:33:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ed8866c-d8f1-4c5e-aba0-b3a0677c8efc": { "id": "4ed8866c-d8f1-4c5e-aba0-b3a0677c8efc", "title": "Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Scripts Organizer", "slug": "scripts-organizer", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ed8866c-d8f1-4c5e-aba0-b3a0677c8efc?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4edbfeee-b668-4a85-a030-c15d6583dc82": { "id": "4edbfeee-b668-4a85-a030-c15d6583dc82", "title": "Abandoned Cart Lite for WooCommerce <= 5.16.0 - Improper Authorization via wcal_preview_emails", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "[*, 5.16.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.16.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4edbfeee-b668-4a85-a030-c15d6583dc82?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ede558d-272d-4f18-b2e0-97f5c2cb958b": { "id": "4ede558d-272d-4f18-b2e0-97f5c2cb958b", "title": "Lightbox slider \u2013 Responsive Lightbox Gallery <= 1.10.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lightbox slider \u2013 Responsive Lightbox Gallery", "slug": "simple-lightbox-gallery", "affected_versions": { "* - 1.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ede558d-272d-4f18-b2e0-97f5c2cb958b?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ede9023-732d-43e4-9c19-7cf704c95c29": { "id": "4ede9023-732d-43e4-9c19-7cf704c95c29", "title": "Participants Database <= 1.9.5.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "[*, 1.9.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ede9023-732d-43e4-9c19-7cf704c95c29?source=api-scan" ], "published": "2020-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eea120e-839e-4b01-a5a8-af21f5ab99f5": { "id": "4eea120e-839e-4b01-a5a8-af21f5ab99f5", "title": "CarSpot \u2013 Dealership Wordpress Classified Theme <= 2.2.3 - Insecure Direct Object Reference", "software": [ { "type": "theme", "name": "CarSpot \u2013 Dealership Wordpress Classified Theme", "slug": "carspot", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eea120e-839e-4b01-a5a8-af21f5ab99f5?source=api-scan" ], "published": "2020-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eeed189-3c57-4f23-bb6c-3e84603a83fb": { "id": "4eeed189-3c57-4f23-bb6c-3e84603a83fb", "title": "WP Tools <= 3.41 - Missing Authorization leading to Authenticated (Subscriber+) Authorization Bypass", "software": [ { "type": "plugin", "name": "WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log", "slug": "wptools", "affected_versions": { "* - 3.41": { "from_version": "*", "from_inclusive": true, "to_version": "3.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eeed189-3c57-4f23-bb6c-3e84603a83fb?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ef1a097-955c-4a0e-a1a2-b34ae2903d0e": { "id": "4ef1a097-955c-4a0e-a1a2-b34ae2903d0e", "title": "AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "theme", "name": "The Monday", "slug": "the-monday", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Doko", "slug": "doko", "affected_versions": { "* - 1.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "theme", "name": "Eight Sec", "slug": "eight-sec", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Revolve", "slug": "revolve", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Bingle", "slug": "bingle", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "theme", "name": "ParallaxSome", "slug": "parallaxsome", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] }, { "type": "theme", "name": "Uncode Lite", "slug": "uncode-lite", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "EightLaw Lite", "slug": "eightlaw-lite", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] }, { "type": "theme", "name": "AccessPress Lite", "slug": "accesspress-lite", "affected_versions": { "* - 2.92": { "from_version": "*", "from_inclusive": true, "to_version": "2.92", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.93" ] }, { "type": "theme", "name": "FotoGraphy", "slug": "fotography", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "theme", "name": "Arrival", "slug": "arrival", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "theme", "name": "VMag", "slug": "vmag", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] }, { "type": "theme", "name": "AccessPress Mag", "slug": "accesspress-mag", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] }, { "type": "theme", "name": "Sakala", "slug": "sakala", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "theme", "name": "VMagazine Lite", "slug": "vmagazine-lite", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "theme", "name": "Digital Agency Lite", "slug": "digital-agency-lite", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] }, { "type": "theme", "name": "The Launcher", "slug": "the-launcher", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] }, { "type": "theme", "name": "Zigcy Lite", "slug": "zigcy-lite", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] }, { "type": "theme", "name": "Brovy", "slug": "brovy", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Eightmedi Lite", "slug": "eightmedi-lite", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] }, { "type": "theme", "name": "WPparallax", "slug": "wpparallax", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Enlighten", "slug": "enlighten", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "theme", "name": "EightStore Lite", "slug": "eightstore-lite", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "theme", "name": "AccessPress Store", "slug": "accesspress-store", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] }, { "type": "theme", "name": "Swing Lite", "slug": "swing-lite", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "theme", "name": "Ripple", "slug": "ripple", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Access Demo Importer", "slug": "access-demo-importer", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "theme", "name": "Punte", "slug": "punte", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "theme", "name": "Accesspress Basic", "slug": "accesspress-basic", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] }, { "type": "theme", "name": "Zigcy Baby", "slug": "zigcy-baby", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "theme", "name": "ScrollMe", "slug": "scrollme", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Zigcy Cosmetics", "slug": "zigcy-cosmetics", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "Construction Lite", "slug": "construction-lite", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "theme", "name": "Vmagazine News", "slug": "vmagazine-news", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "AccessPress Parallax", "slug": "accesspress-parallax-new", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] }, { "type": "theme", "name": "AccessPress Root", "slug": "accesspress-root", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] }, { "type": "theme", "name": "AccessPress Staple", "slug": "accesspress-staple", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "StoreVilla", "slug": "storevilla", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "theme", "name": "Ultra Seven", "slug": "ultra-seven", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "The100", "slug": "the100", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Edict Lite", "slug": "edict-lite", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "WP Store", "slug": "wp-store", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "theme", "name": "Opstore", "slug": "opstore", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "theme", "name": "Bloger", "slug": "bloger", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan" ], "published": "2021-10-06 19:17:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ef3d4d1-95ce-4180-bb83-afd402094f04": { "id": "4ef3d4d1-95ce-4180-bb83-afd402094f04", "title": "WPML <= 4.5.10 - Missing Authorization to Translation Job Status Change", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 4.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ef3d4d1-95ce-4180-bb83-afd402094f04?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eff0dfd-f7e6-4f5f-b1c8-00f69fa0df78": { "id": "4eff0dfd-f7e6-4f5f-b1c8-00f69fa0df78", "title": "MyRewards <= 5.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "MyRewards \u2013 Loyalty Points and Rewards for WooCommerce \u2013 Reward orders, referrals, product reviews and more", "slug": "woorewards", "affected_versions": { "* - 5.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eff0dfd-f7e6-4f5f-b1c8-00f69fa0df78?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4eff91bd-efc2-4e54-b871-df567ca99bca": { "id": "4eff91bd-efc2-4e54-b871-df567ca99bca", "title": "WORDPRESS VIDEO GALLERY <= 2.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WORDPRESS VIDEO GALLERY", "slug": "contus-video-gallery", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4eff91bd-efc2-4e54-b871-df567ca99bca?source=api-scan" ], "published": "2014-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f0025dc-a072-4e01-bea8-6e93948f00d8": { "id": "4f0025dc-a072-4e01-bea8-6e93948f00d8", "title": "Quiz And Survey Master <= 6.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 6.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f0025dc-a072-4e01-bea8-6e93948f00d8?source=api-scan" ], "published": "2019-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f018e22-bf07-4371-afc1-3e664ea1c5a3": { "id": "4f018e22-bf07-4371-afc1-3e664ea1c5a3", "title": "All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Improve SEO Rankings & Increase Traffic <= 2.3.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "[*, 2.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f018e22-bf07-4371-afc1-3e664ea1c5a3?source=api-scan" ], "published": "2016-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f033d5d-d76b-4c63-80bc-32fdd0e7987e": { "id": "4f033d5d-d76b-4c63-80bc-32fdd0e7987e", "title": "Form Manager <= 1.7.2 - Authenticated Remote Command Execution", "software": [ { "type": "plugin", "name": "wordpress-form-manager", "slug": "wordpress-form-manager", "affected_versions": { "[*, 1.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f033d5d-d76b-4c63-80bc-32fdd0e7987e?source=api-scan" ], "published": "2021-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f040075-83a0-4c9a-8d93-99aa36606b31": { "id": "4f040075-83a0-4c9a-8d93-99aa36606b31", "title": "Cookie Monster <= 1.51 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Monster", "slug": "cookiemonster", "affected_versions": { "* - 1.51": { "from_version": "*", "from_inclusive": true, "to_version": "1.51", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f040075-83a0-4c9a-8d93-99aa36606b31?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f062ef2-ef94-47c2-8eba-dc7ff6c2537d": { "id": "4f062ef2-ef94-47c2-8eba-dc7ff6c2537d", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateProductOnlyToCommon function", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f062ef2-ef94-47c2-8eba-dc7ff6c2537d?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f0d1e8d-bb7f-44ce-a865-8ef15476351e": { "id": "4f0d1e8d-bb7f-44ce-a865-8ef15476351e", "title": "Ads by WPQuads \u2013 Adsense Ads, Banner Ads, Popup Ads <= 2.0.84 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ads by WPQuads \u2013 Adsense Ads, Banner Ads, Popup Ads", "slug": "quick-adsense-reloaded", "affected_versions": { "* - 2.0.84": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.84", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.85" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f0d1e8d-bb7f-44ce-a865-8ef15476351e?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f0deb68-3caf-4ad6-977e-0e954d29e6b7": { "id": "4f0deb68-3caf-4ad6-977e-0e954d29e6b7", "title": "WordPress Plugin for Google Maps \u2013 WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f0deb68-3caf-4ad6-977e-0e954d29e6b7?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f145c85-f3c6-46a7-b8ae-d486dd23087d": { "id": "4f145c85-f3c6-46a7-b8ae-d486dd23087d", "title": "Wp Social Login and Register Social Counter <= 3.0.0 - Missing Authorization to Unauthenticated Social Login\/Share Status Update", "software": [ { "type": "plugin", "name": "Wp Social Login and Register Social Counter", "slug": "wp-social", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f145c85-f3c6-46a7-b8ae-d486dd23087d?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f14e464-cf48-4f8a-a1db-a8adced8321f": { "id": "4f14e464-cf48-4f8a-a1db-a8adced8321f", "title": "WP-T-Wap <= 1.13.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-T-Wap", "slug": "wp-t-wap", "affected_versions": { "* - 1.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f14e464-cf48-4f8a-a1db-a8adced8321f?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f17976e-d6b9-40fb-b2fb-d60bcfd68d12": { "id": "4f17976e-d6b9-40fb-b2fb-d60bcfd68d12", "title": "WPvivid Backup and Migration <= 0.9.68 - Missing Authorization", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.68": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f17976e-d6b9-40fb-b2fb-d60bcfd68d12?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f1cf0f3-faf2-43f7-a641-95bfa5d73ca8": { "id": "4f1cf0f3-faf2-43f7-a641-95bfa5d73ca8", "title": "Infinite Scroll \u2013 Ajax Load More <= 5.5.4 - Authenticated (Admin+) Arbitrary File Read via Directory Traversal", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 5.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f1cf0f3-faf2-43f7-a641-95bfa5d73ca8?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f1ed4a2-eb0d-42cd-9273-10d7d127cdf9": { "id": "4f1ed4a2-eb0d-42cd-9273-10d7d127cdf9", "title": "lasTunes <= 3.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "lasTunes", "slug": "lastunes", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f1ed4a2-eb0d-42cd-9273-10d7d127cdf9?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f23bec2-6079-41f6-99c1-80b0b47797ce": { "id": "4f23bec2-6079-41f6-99c1-80b0b47797ce", "title": "Facebook Page Photo Gallery <= 2.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Facebook Page Photo Gallery", "slug": "facebook-page-photo-gallery", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f23bec2-6079-41f6-99c1-80b0b47797ce?source=api-scan" ], "published": "2014-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f289527-3a89-4db9-887d-fb0980848734": { "id": "4f289527-3a89-4db9-887d-fb0980848734", "title": "MC4WP <= 4.9.9 - Missing Authorization via listen", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "* - 4.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f289527-3a89-4db9-887d-fb0980848734?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f2c3819-2247-4ef7-b177-cc98cbf5eae3": { "id": "4f2c3819-2247-4ef7-b177-cc98cbf5eae3", "title": "ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()", "software": [ { "type": "plugin", "name": "ReDi Restaurant Reservation", "slug": "redi-restaurant-reservation", "affected_versions": { "* - 24.0128": { "from_version": "*", "from_inclusive": true, "to_version": "24.0128", "to_inclusive": true } }, "patched": true, "patched_versions": [ "24.0303" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f2c3819-2247-4ef7-b177-cc98cbf5eae3?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f2dc3e7-1e10-4547-8469-726c6747465d": { "id": "4f2dc3e7-1e10-4547-8469-726c6747465d", "title": "Comment Images Reloaded <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media Deletion", "software": [ { "type": "plugin", "name": "Comment Images Reloaded", "slug": "comment-images-reloaded", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f2dc3e7-1e10-4547-8469-726c6747465d?source=api-scan" ], "published": "2024-07-08 20:06:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f2eccc6-8e66-4235-aec3-9948b8753bf6": { "id": "4f2eccc6-8e66-4235-aec3-9948b8753bf6", "title": "TNIT Filter Gallery Plugin <= 0.0.6 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TNIT Filter Gallery Plugin", "slug": "tnit-filter-gallery-for-beaver-builder", "affected_versions": { "* - 0.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f2eccc6-8e66-4235-aec3-9948b8753bf6?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f2fdc9d-891e-49c6-9427-620772336854": { "id": "4f2fdc9d-891e-49c6-9427-620772336854", "title": "SureCart <= 2.29.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SureCart \u2013 Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments", "slug": "surecart", "affected_versions": { "* - 2.29.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.29.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.29.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f2fdc9d-891e-49c6-9427-620772336854?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f32d1fe-17ea-48c0-b276-36c8fcaad4a6": { "id": "4f32d1fe-17ea-48c0-b276-36c8fcaad4a6", "title": "Related Posts for WordPress < 1.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Related Posts for WordPress", "slug": "related-posts-for-wp", "affected_versions": { "[*, 1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f32d1fe-17ea-48c0-b276-36c8fcaad4a6?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f3a57ce-eead-4631-93da-ba1a0a33ec2d": { "id": "4f3a57ce-eead-4631-93da-ba1a0a33ec2d", "title": "WP Custom Author URL <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Custom Author URL", "slug": "wp-custom-author-url", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f3a57ce-eead-4631-93da-ba1a0a33ec2d?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f3e3311-11d8-4e4f-9d99-36533fe44d56": { "id": "4f3e3311-11d8-4e4f-9d99-36533fe44d56", "title": "Olive One Click Demo Import <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file", "software": [ { "type": "plugin", "name": "Olive One Click Demo Import", "slug": "olive-one-click-demo-import", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f3e3311-11d8-4e4f-9d99-36533fe44d56?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f3f0ef8-8a13-4110-a402-e1bcf493560a": { "id": "4f3f0ef8-8a13-4110-a402-e1bcf493560a", "title": "10Web Booster \u2013 Website speed optimization, Cache & Page Speed optimizer <= 2.12.23 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "10Web Booster \u2013 Website speed optimization, Cache & Page Speed optimizer", "slug": "tenweb-speed-optimizer", "affected_versions": { "* - 2.12.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f3f0ef8-8a13-4110-a402-e1bcf493560a?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f4099b3-6c79-42c2-be41-4ad8d73cc2b8": { "id": "4f4099b3-6c79-42c2-be41-4ad8d73cc2b8", "title": "Product Catalog Simple <= 1.7.6 - Sensitive Information Exposure via Product CSV", "software": [ { "type": "plugin", "name": "Product Catalog Simple", "slug": "post-type-x", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f4099b3-6c79-42c2-be41-4ad8d73cc2b8?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f42b59e-42a3-4c1d-805d-dfe8c692223e": { "id": "4f42b59e-42a3-4c1d-805d-dfe8c692223e", "title": "Enhanced Text Widget <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enhanced Text Widget", "slug": "enhanced-text-widget", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f42b59e-42a3-4c1d-805d-dfe8c692223e?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f481478-5dc9-4b11-ba3e-1942882a9f43": { "id": "4f481478-5dc9-4b11-ba3e-1942882a9f43", "title": "The7 <= 11.7.3 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "The7 \u2014 Website and eCommerce Builder for WordPress", "slug": "dt-the7", "affected_versions": { "* - 11.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "11.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.7.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f481478-5dc9-4b11-ba3e-1942882a9f43?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f49eaf0-1273-41e8-9087-4d4ed978fce4": { "id": "4f49eaf0-1273-41e8-9087-4d4ed978fce4", "title": "Sharebar <= 1.2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sharebar", "slug": "sharebar", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f49eaf0-1273-41e8-9087-4d4ed978fce4?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f504434-2de9-4d2e-848d-6c7fc0880672": { "id": "4f504434-2de9-4d2e-848d-6c7fc0880672", "title": "Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field For WP Job Manager", "slug": "custom-field-for-wp-job-manager", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f504434-2de9-4d2e-848d-6c7fc0880672?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f589e21-7417-4b43-b580-4f1d3c2041f4": { "id": "4f589e21-7417-4b43-b580-4f1d3c2041f4", "title": "WP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap'", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f589e21-7417-4b43-b580-4f1d3c2041f4?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f5919eb-ac74-4926-9ede-e651bb4463b2": { "id": "4f5919eb-ac74-4926-9ede-e651bb4463b2", "title": "Atarim <= 3.12 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "* - 3.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f5919eb-ac74-4926-9ede-e651bb4463b2?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f65a7df-acb5-4b5b-8867-986ce9930e3f": { "id": "4f65a7df-acb5-4b5b-8867-986ce9930e3f", "title": "Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor", "slug": "piotnet-addons-for-elementor", "affected_versions": { "* - 2.4.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f65a7df-acb5-4b5b-8867-986ce9930e3f?source=api-scan" ], "published": "2024-05-17 21:35:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f76181a-8fb4-4f0e-b84c-0dabc482261d": { "id": "4f76181a-8fb4-4f0e-b84c-0dabc482261d", "title": "Arconix FAQ <= 1.9.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Arconix FAQ", "slug": "arconix-faq", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f76181a-8fb4-4f0e-b84c-0dabc482261d?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f792f34-a755-441b-90a8-4f2df3332ccb": { "id": "4f792f34-a755-441b-90a8-4f2df3332ccb", "title": "Community Events <= 1.4.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Community Events", "slug": "community-events", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f792f34-a755-441b-90a8-4f2df3332ccb?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f7fa5a4-07d7-4815-b393-871568777b0f": { "id": "4f7fa5a4-07d7-4815-b393-871568777b0f", "title": "Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f7fa5a4-07d7-4815-b393-871568777b0f?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f8430e8-c349-4425-be4a-0e9d4d80c438": { "id": "4f8430e8-c349-4425-be4a-0e9d4d80c438", "title": "MaxSlider <= 1.2.3 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "MaxSlider", "slug": "maxslider", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f8430e8-c349-4425-be4a-0e9d4d80c438?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f8a7933-cc26-47f2-9142-df748add0745": { "id": "4f8a7933-cc26-47f2-9142-df748add0745", "title": "Auto Upload Images <= 3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Auto Upload Images", "slug": "auto-upload-images", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f8a7933-cc26-47f2-9142-df748add0745?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f93fb48-3963-4a98-9c70-eef667b254df": { "id": "4f93fb48-3963-4a98-9c70-eef667b254df", "title": "Auto More Tag <= 4.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto More Tag", "slug": "auto-more-tag", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f93fb48-3963-4a98-9c70-eef667b254df?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f95bcc3-354e-4016-9a17-945569b076b6": { "id": "4f95bcc3-354e-4016-9a17-945569b076b6", "title": "Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file", "software": [ { "type": "plugin", "name": "PPOM \u2013 Product Addons & Custom Fields for WooCommerce", "slug": "woocommerce-product-addon", "affected_versions": { "* - 32.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "32.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "32.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f95bcc3-354e-4016-9a17-945569b076b6?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f98d50a-51cb-479b-be4c-566a72f0f221": { "id": "4f98d50a-51cb-479b-be4c-566a72f0f221", "title": "SupportFlow <= 0.6 - Cross-Site Scripting via a ticket excerpt.", "software": [ { "type": "plugin", "name": "SupportFlow", "slug": "supportflow", "affected_versions": { "[*, 0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f98d50a-51cb-479b-be4c-566a72f0f221?source=api-scan" ], "published": "2016-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f997c20-38f6-4968-b7de-8f28f825c7fd": { "id": "4f997c20-38f6-4968-b7de-8f28f825c7fd", "title": "Social Media Share Buttons <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MashShare \u2013 Social Media Share Buttons, Social Share Icons", "slug": "mashsharer", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f997c20-38f6-4968-b7de-8f28f825c7fd?source=api-scan" ], "published": "2022-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f99d8b5-e71d-4b40-8223-f0e53b9dd84f": { "id": "4f99d8b5-e71d-4b40-8223-f0e53b9dd84f", "title": "WooCommerce Checkout Field Editor (Checkout Manager) <= 2.1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Checkout Field Editor (Checkout Manager)", "slug": "woo-checkout-regsiter-field-editor", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f99d8b5-e71d-4b40-8223-f0e53b9dd84f?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4f9bd960-01ef-41dd-ab05-0a5f734484a2": { "id": "4f9bd960-01ef-41dd-ab05-0a5f734484a2", "title": "EventON <= 2.1.7 - Authenticated (Admin+) HTML Injection", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4f9bd960-01ef-41dd-ab05-0a5f734484a2?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fa00dae-c51d-4586-81da-b568cd6d8124": { "id": "4fa00dae-c51d-4586-81da-b568cd6d8124", "title": "Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.6.12": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fa00dae-c51d-4586-81da-b568cd6d8124?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fa04a97-0be1-4710-ae97-5820ccbddc1e": { "id": "4fa04a97-0be1-4710-ae97-5820ccbddc1e", "title": "LMS by LifterLMS <= 3.35.0 - Stored Cross-Site Scripting via Import", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "[*, 3.35.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.35.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.35.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fa04a97-0be1-4710-ae97-5820ccbddc1e?source=api-scan" ], "published": "2019-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fa4167a-686f-4fd0-a53d-eb61d57228a1": { "id": "4fa4167a-686f-4fd0-a53d-eb61d57228a1", "title": "LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shortcode", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "7.11.0": { "from_version": "7.11.0", "from_inclusive": true, "to_version": "7.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fa4167a-686f-4fd0-a53d-eb61d57228a1?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fa453f3-d361-452c-940a-108252c9f302": { "id": "4fa453f3-d361-452c-940a-108252c9f302", "title": "WordPress Core <= 2.5.1 - Arbitrary File Upload", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fa453f3-d361-452c-940a-108252c9f302?source=api-scan" ], "published": "2008-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fa5ba38-0b6f-4eec-aac1-1c3806f0d040": { "id": "4fa5ba38-0b6f-4eec-aac1-1c3806f0d040", "title": "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension", "slug": "shortcode-addons", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fa5ba38-0b6f-4eec-aac1-1c3806f0d040?source=api-scan" ], "published": "2022-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fa84388-3597-4a54-9ae8-d6e04afe9061": { "id": "4fa84388-3597-4a54-9ae8-d6e04afe9061", "title": "Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot", "software": [ { "type": "plugin", "name": "Under Construction", "slug": "under-construction-page", "affected_versions": { "* - 3.96": { "from_version": "*", "from_inclusive": true, "to_version": "3.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fa84388-3597-4a54-9ae8-d6e04afe9061?source=api-scan" ], "published": "2023-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fb0195a-077e-4f43-9294-1e5ecad7eb82": { "id": "4fb0195a-077e-4f43-9294-1e5ecad7eb82", "title": "WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "SysBasics Easy Checkout Field Editor, Fees & Discounts", "slug": "phppoet-checkout-fields", "affected_versions": { "* - 3.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fb0195a-077e-4f43-9294-1e5ecad7eb82?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fb06315-30ad-4d98-af75-b04933583be7": { "id": "4fb06315-30ad-4d98-af75-b04933583be7", "title": "Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cosmetsy Core", "slug": "cosmetsy-core", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Parto Core", "slug": "partdo-core", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Medibazar Core", "slug": "medibazar-core", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Bacola Core", "slug": "bacola-core", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Clotya Core", "slug": "clotya-core", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Furnob Core", "slug": "furnob-core", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fb06315-30ad-4d98-af75-b04933583be7?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fb0c069-ea6d-4eff-851e-b41c34b41152": { "id": "4fb0c069-ea6d-4eff-851e-b41c34b41152", "title": "Portfolio Plugin < 1.05 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Portfolio Plugin", "slug": "portfolio-by-lisa-westlund", "affected_versions": { "[*, 1.05)": { "from_version": "*", "from_inclusive": true, "to_version": "1.05", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fb0c069-ea6d-4eff-851e-b41c34b41152?source=api-scan" ], "published": "2015-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fbeee29-751a-48c9-a875-393441f62dde": { "id": "4fbeee29-751a-48c9-a875-393441f62dde", "title": "Lingotek Translation <= 1.1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ray Enterprise Translation", "slug": "lingotek-translation", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fbeee29-751a-48c9-a875-393441f62dde?source=api-scan" ], "published": "2016-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fc76e1c-546f-4ecd-bd3b-a6f21b2c65bf": { "id": "4fc76e1c-546f-4ecd-bd3b-a6f21b2c65bf", "title": "BizPrint <= 4.5.1 - Missing Authorization in showTemplatePreview", "software": [ { "type": "plugin", "name": "Print Anywhere & Create PDFs of Order Receipts, Invoices, Labels & More.", "slug": "print-google-cloud-print-gcp-woocommerce", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fc76e1c-546f-4ecd-bd3b-a6f21b2c65bf?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fc82778-0493-456f-bc73-3d70e3a2b1bf": { "id": "4fc82778-0493-456f-bc73-3d70e3a2b1bf", "title": "Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popularis Extra", "slug": "popularis-extra", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fc82778-0493-456f-bc73-3d70e3a2b1bf?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fc8deda-9fb3-41e5-850b-5109d4018027": { "id": "4fc8deda-9fb3-41e5-850b-5109d4018027", "title": "AdPush <= 1.43 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AdPush", "slug": "adsense-plugin", "affected_versions": { "* - 1.43": { "from_version": "*", "from_inclusive": true, "to_version": "1.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fc8deda-9fb3-41e5-850b-5109d4018027?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fcaab95-7940-45f9-a3c2-c3b0dc540b61": { "id": "4fcaab95-7940-45f9-a3c2-c3b0dc540b61", "title": "Database for CF7 <= 1.2.4 - Missing Authorization via wpcf7db_delete AJAX action", "software": [ { "type": "plugin", "name": "Database for CF7", "slug": "database-for-cf7", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fcaab95-7940-45f9-a3c2-c3b0dc540b61?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fd4d30b-f37f-4083-acfe-8e85c075da10": { "id": "4fd4d30b-f37f-4083-acfe-8e85c075da10", "title": "Social Share, Social Login and Social Comments < 7.13.30 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "[*, 7.13.30)": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.13.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fd4d30b-f37f-4083-acfe-8e85c075da10?source=api-scan" ], "published": "2022-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fd67a02-b0fb-4c4f-9564-c3ee0180e79c": { "id": "4fd67a02-b0fb-4c4f-9564-c3ee0180e79c", "title": "Couponis Demo < 2.2 - Unauthenticated SQL Injection", "software": [ { "type": "theme", "name": "Couponis Demo", "slug": "couponis-demo", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fd67a02-b0fb-4c4f-9564-c3ee0180e79c?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fd6fa4f-8f4d-4d2f-ac67-98124cfa9592": { "id": "4fd6fa4f-8f4d-4d2f-ac67-98124cfa9592", "title": "Thrive Theme Builder < 3.24.0 - Missing Authorization", "software": [ { "type": "theme", "name": "Thrive Themes Builder", "slug": "thrive-theme", "affected_versions": { "[*, 3.24.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.24.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fd6fa4f-8f4d-4d2f-ac67-98124cfa9592?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fdf49e7-c89e-4b05-9236-ca28e715bc4a": { "id": "4fdf49e7-c89e-4b05-9236-ca28e715bc4a", "title": "WordPress Core <= 3.3.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fdf49e7-c89e-4b05-9236-ca28e715bc4a?source=api-scan" ], "published": "2012-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fe0df91-21f0-4eef-8064-2b283f38b181": { "id": "4fe0df91-21f0-4eef-8064-2b283f38b181", "title": "World Travel Information <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "World Travel Information", "slug": "world-travel-information", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fe0df91-21f0-4eef-8064-2b283f38b181?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fe758c4-027f-4667-a22a-9e859894a40f": { "id": "4fe758c4-027f-4667-a22a-9e859894a40f", "title": "301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization", "software": [ { "type": "plugin", "name": "301 Redirects \u2013 Easy Redirect Manager", "slug": "eps-301-redirects", "affected_versions": { "* - 2.40": { "from_version": "*", "from_inclusive": true, "to_version": "2.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fe758c4-027f-4667-a22a-9e859894a40f?source=api-scan" ], "published": "2019-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fe81113-6ed1-48f2-a6d0-db4c19f6df10": { "id": "4fe81113-6ed1-48f2-a6d0-db4c19f6df10", "title": "Visual Form Builder <= 3.0.5 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Visual Form Builder", "slug": "visual-form-builder", "affected_versions": { "[*, 3.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fe81113-6ed1-48f2-a6d0-db4c19f6df10?source=api-scan" ], "published": "2021-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4fee61cd-7359-4193-8cf2-86e0527a8ef1": { "id": "4fee61cd-7359-4193-8cf2-86e0527a8ef1", "title": "WooCommerce Follow-Up Emails <= 4.9.40 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Woocommerce Follow-ups", "slug": "woocommerce-follow-up-emails", "affected_versions": { "* - 4.9.40": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4fee61cd-7359-4193-8cf2-86e0527a8ef1?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4feed0da-f5b1-47eb-9454-8539f62335fa": { "id": "4feed0da-f5b1-47eb-9454-8539f62335fa", "title": "Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via html_tag", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "0.1.0 - 3.1.3": { "from_version": "0.1.0", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4feed0da-f5b1-47eb-9454-8539f62335fa?source=api-scan" ], "published": "2021-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ff1d12e-1129-40d3-8c29-3a46ffc77872": { "id": "4ff1d12e-1129-40d3-8c29-3a46ffc77872", "title": "Bulgarisation for WooCommerce <= 3.0.14 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Bulgarisation for WooCommerce", "slug": "bulgarisation-for-woocommerce", "affected_versions": { "* - 3.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ff1d12e-1129-40d3-8c29-3a46ffc77872?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ff558bb-7c5a-4e17-a3f5-bc9aa2332af1": { "id": "4ff558bb-7c5a-4e17-a3f5-bc9aa2332af1", "title": "IDonate \u2013 blood request management system <= 1.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IDonate \u2013 Blood Donation, Request And Donor Management System", "slug": "idonate", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ff558bb-7c5a-4e17-a3f5-bc9aa2332af1?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ffd74de-6629-4088-ba5c-ac9dd5c6322c": { "id": "4ffd74de-6629-4088-ba5c-ac9dd5c6322c", "title": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.14.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ffd76a2-6700-4c2a-858d-4c7339a8d09a": { "id": "4ffd76a2-6700-4c2a-858d-4c7339a8d09a", "title": "Videojs HTML5 Player <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode", "software": [ { "type": "plugin", "name": "Videojs HTML5 Player", "slug": "videojs-html5-player", "affected_versions": { "* - 1.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ffd76a2-6700-4c2a-858d-4c7339a8d09a?source=api-scan" ], "published": "2024-05-23 14:45:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "4ffeec7b-cd4d-4555-acc0-22b44f237da6": { "id": "4ffeec7b-cd4d-4555-acc0-22b44f237da6", "title": "Contact Form Entries <= 1.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/4ffeec7b-cd4d-4555-acc0-22b44f237da6?source=api-scan" ], "published": "2021-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5004d789-6e59-403b-8df9-2030a976fc52": { "id": "5004d789-6e59-403b-8df9-2030a976fc52", "title": "CM Email Registration Blacklist and Whitelist <= 1.4.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Name: CM E-Mail Registration Blacklist", "slug": "cm-email-blacklist", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5004d789-6e59-403b-8df9-2030a976fc52?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5008b56f-5cd4-42e5-8d7e-7b1e01b2cbf8": { "id": "5008b56f-5cd4-42e5-8d7e-7b1e01b2cbf8", "title": "WPS Hide Login <= 1.9.16.3 - Login Page Disclosure", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "* - 1.9.16.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.16.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.16.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5008b56f-5cd4-42e5-8d7e-7b1e01b2cbf8?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb": { "id": "500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb", "title": "3D Flipbook <= 1.15.2 - Authenticated (Contributor+) Cross-Site Scripting via Ready Function", "software": [ { "type": "plugin", "name": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery", "slug": "interactive-3d-flipbook-powered-physics-engine", "affected_versions": { "* - 1.15.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5015cfe7-9e5c-4745-b6c3-60e4aa99672d": { "id": "5015cfe7-9e5c-4745-b6c3-60e4aa99672d", "title": "Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5015cfe7-9e5c-4745-b6c3-60e4aa99672d?source=api-scan" ], "published": "2018-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "501aed34-537b-4d35-a04f-a984297adb39": { "id": "501aed34-537b-4d35-a04f-a984297adb39", "title": "Job Manager <= 0.7.24 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Job Manager", "slug": "job-manager", "affected_versions": { "[*, 0.7.25)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/501aed34-537b-4d35-a04f-a984297adb39?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "501e3c8a-350e-4431-b6a2-012e837320bc": { "id": "501e3c8a-350e-4431-b6a2-012e837320bc", "title": "WordPress Core < 3.1.3 - Security Hardening", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/501e3c8a-350e-4431-b6a2-012e837320bc?source=api-scan" ], "published": "2011-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "501e9cd1-1187-4d01-a3cc-5edba64c391f": { "id": "501e9cd1-1187-4d01-a3cc-5edba64c391f", "title": "Image Compressor & Optimizer - iLoveIMG <= 1.0.5 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Image Compressor & Optimizer \u2013 iLoveIMG", "slug": "iloveimg", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/501e9cd1-1187-4d01-a3cc-5edba64c391f?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "501fb05a-c8ec-43c6-b462-2a83c4f8b6b7": { "id": "501fb05a-c8ec-43c6-b462-2a83c4f8b6b7", "title": "LiveSync for WordPress <= 1.0 - Cross-Site Request Forgery to Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "LiveSync for WordPress", "slug": "livesync", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/501fb05a-c8ec-43c6-b462-2a83c4f8b6b7?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50212e01-4055-4e63-8cf2-6ee434f46604": { "id": "50212e01-4055-4e63-8cf2-6ee434f46604", "title": "Simple Revisions Delete <= 1.5.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Revisions Delete", "slug": "simple-revisions-delete", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50212e01-4055-4e63-8cf2-6ee434f46604?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "502724d9-ccc4-42db-bc1e-c521f7c80e70": { "id": "502724d9-ccc4-42db-bc1e-c521f7c80e70", "title": "Profile Builder\/Profile Builder Pro <= 3.3.2 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "Profile Builder Pro", "slug": "profile-builder-pro", "affected_versions": { "[*, 3.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.3" ] }, { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 3.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/502724d9-ccc4-42db-bc1e-c521f7c80e70?source=api-scan" ], "published": "2020-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50283a4f-ea59-488a-bab0-dd6bc5718556": { "id": "50283a4f-ea59-488a-bab0-dd6bc5718556", "title": "Bellows Accordion Menu <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Bellows Accordion Menu", "slug": "bellows-accordion-menu", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50283a4f-ea59-488a-bab0-dd6bc5718556?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50298ef3-352d-4fd2-bbb9-a55cfd329837": { "id": "50298ef3-352d-4fd2-bbb9-a55cfd329837", "title": "Ultimate Affiliate Pro <= 3.9 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Affiliate Pro WordPress Plugin", "slug": "indeed-affiliate-pro", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50298ef3-352d-4fd2-bbb9-a55cfd329837?source=api-scan" ], "published": "2017-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "502bc68d-778a-47df-a5c2-6bd0b4f130cc": { "id": "502bc68d-778a-47df-a5c2-6bd0b4f130cc", "title": "HTML5 Maps <= 1.7.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HTML5 Maps", "slug": "html5-maps", "affected_versions": { "* - 1.7.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/502bc68d-778a-47df-a5c2-6bd0b4f130cc?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "502cf45c-1350-4534-a806-6e248912ef6d": { "id": "502cf45c-1350-4534-a806-6e248912ef6d", "title": "Floating Tweets <= 1.0.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "Floating Tweets", "slug": "floating-tweets", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/502cf45c-1350-4534-a806-6e248912ef6d?source=api-scan" ], "published": "2013-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "503a44ed-25c2-4178-aeec-756c5b533e04": { "id": "503a44ed-25c2-4178-aeec-756c5b533e04", "title": "Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dashboard Widgets Suite", "slug": "dashboard-widgets-suite", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/503a44ed-25c2-4178-aeec-756c5b533e04?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "503dcefe-1147-4b8e-96e2-c21f49a7bc5b": { "id": "503dcefe-1147-4b8e-96e2-c21f49a7bc5b", "title": "Word Balloon <= 4.19.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Word Balloon", "slug": "word-balloon", "affected_versions": { "* - 4.19.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.19.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.19.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/503dcefe-1147-4b8e-96e2-c21f49a7bc5b?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50421e90-ccd6-4896-8041-b99279314301": { "id": "50421e90-ccd6-4896-8041-b99279314301", "title": "LOGIN AND REGISTRATION ATTEMPTS LIMIT<= 2.1 - IP Address Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "LOGIN AND REGISTRATION ATTEMPTS LIMIT", "slug": "login-attempts-limit-wp", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50421e90-ccd6-4896-8041-b99279314301?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50499cd6-0e27-494a-892c-5ca827d4433b": { "id": "50499cd6-0e27-494a-892c-5ca827d4433b", "title": "Fatal Error Notify <= 1.5.2 - Missing Authorization to Test Error Email Sending", "software": [ { "type": "plugin", "name": "Fatal Error Notify", "slug": "fatal-error-notify", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50499cd6-0e27-494a-892c-5ca827d4433b?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "504c0132-530b-4184-b19a-97e68df79b48": { "id": "504c0132-530b-4184-b19a-97e68df79b48", "title": "Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Customer Reviews Collector for WooCommerce", "slug": "customer-reviews-collector-for-woocommerce", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] }, { "type": "plugin", "name": "Widgets for Alibaba Reviews", "slug": "widgets-for-alibaba-reviews", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Yelp Reviews", "slug": "reviews-widgets-for-yelp", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for \u00c1rukeres\u0151 Reviews", "slug": "review-widgets-for-arukereso", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Thumbtack Reviews", "slug": "widgets-for-thumbtack-reviews", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Ebay Reviews", "slug": "widgets-for-ebay-reviews", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Zillow Reviews", "slug": "widgets-for-zillow-reviews", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for AliExpress Reviews", "slug": "widgets-for-aliexpress-reviews", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Foursquare Reviews", "slug": "review-widgets-for-foursquare", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Reviews & Recommendations", "slug": "free-facebook-reviews-and-recommendations-widgets", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Google Reviews", "slug": "wp-reviews-plugin-for-google", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Capterra Reviews", "slug": "review-widgets-for-capterra", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Booking.com Reviews", "slug": "review-widgets-for-booking-com", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Hotels.com Reviews", "slug": "review-widgets-for-hotels-com", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for WordPress Reviews", "slug": "reviews-widgets", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "WP Tripadvisor Review Widgets", "slug": "review-widgets-for-tripadvisor", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Opentable Reviews", "slug": "review-widgets-for-opentable", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Amazon Reviews", "slug": "review-widgets-for-amazon", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Review Widgets for Szallas.hu", "slug": "review-widgets-for-szallas-hu", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for Airbnb Reviews", "slug": "review-widgets-for-airbnb", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] }, { "type": "plugin", "name": "Widgets for SourceForge Reviews", "slug": "widgets-for-sourceforge-reviews", "affected_versions": { "* - 11.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan" ], "published": "2023-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "504fca80-7e81-412b-891f-2679451ff6e6": { "id": "504fca80-7e81-412b-891f-2679451ff6e6", "title": "WebARX <= 1.3.0 - Firewall Bypass", "software": [ { "type": "plugin", "name": "WebARX", "slug": "webarx", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/504fca80-7e81-412b-891f-2679451ff6e6?source=api-scan" ], "published": "2018-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50537e01-834e-4247-a80f-daa114eedcf1": { "id": "50537e01-834e-4247-a80f-daa114eedcf1", "title": "Resume Submissions & Job Postings < 2.5.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Resume Submissions & Job Postings", "slug": "resume-submissions-job-postings", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50537e01-834e-4247-a80f-daa114eedcf1?source=api-scan" ], "published": "2012-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50589b41-cc2b-4ffa-ab63-509fb9d61be2": { "id": "50589b41-cc2b-4ffa-ab63-509fb9d61be2", "title": "NextGen Gallery <= 2.1.7 - Path Traversal", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50589b41-cc2b-4ffa-ab63-509fb9d61be2?source=api-scan" ], "published": "2015-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "505b1f87-52c6-439c-a108-e2003971dc07": { "id": "505b1f87-52c6-439c-a108-e2003971dc07", "title": "Controlled Admin Access <= 1.5.1 - Improper Access Control & Privilege Escalation", "software": [ { "type": "plugin", "name": "Controlled Admin Access", "slug": "controlled-admin-access", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/505b1f87-52c6-439c-a108-e2003971dc07?source=api-scan" ], "published": "2021-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "505e9ba4-a19c-4d51-8ba7-4891bbac603e": { "id": "505e9ba4-a19c-4d51-8ba7-4891bbac603e", "title": "Bulk Datetime Change <= 1.11 - Missing Authorisation", "software": [ { "type": "plugin", "name": "Bulk Datetime Change", "slug": "bulk-datetime-change", "affected_versions": { "[*, 1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/505e9ba4-a19c-4d51-8ba7-4891bbac603e?source=api-scan" ], "published": "2021-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "505edcf7-7015-453e-abd2-e2cd68a3a9f6": { "id": "505edcf7-7015-453e-abd2-e2cd68a3a9f6", "title": "WP Super Cache <= 1.8 - Unauthenticated Cache Poisoning", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/505edcf7-7015-453e-abd2-e2cd68a3a9f6?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50631f6c-de8b-408e-ab1f-ef74d3180e7f": { "id": "50631f6c-de8b-408e-ab1f-ef74d3180e7f", "title": "Toolbar Extras for Elementor & More \u2013 WordPress Admin Bar Enhanced <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Toolbar Extras for Elementor & More \u2013 WordPress Admin Bar Enhanced", "slug": "toolbar-extras", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50631f6c-de8b-408e-ab1f-ef74d3180e7f?source=api-scan" ], "published": "2024-05-21 16:45:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5063c9e3-cc3e-4ea3-b588-f9273579ac0c": { "id": "5063c9e3-cc3e-4ea3-b588-f9273579ac0c", "title": "Send Users Email <= 1.5.1 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Send Users Email \u2013 Email Subscribers, Email Marketing Newsletter", "slug": "send-users-email", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5063c9e3-cc3e-4ea3-b588-f9273579ac0c?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe": { "id": "5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe", "title": "Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Active Products Tables for WooCommerce. Use constructor to create tables\u00a0", "slug": "profit-products-tables-for-woocommerce", "affected_versions": { "* - 1.0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "506d1518-658f-4deb-9c30-d0bce5ef9df4": { "id": "506d1518-658f-4deb-9c30-d0bce5ef9df4", "title": "WordPress Core < 5.0.1 - Remote Code Execution", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/506d1518-658f-4deb-9c30-d0bce5ef9df4?source=api-scan" ], "published": "2019-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "506e4f47-e292-4d19-a7bb-b87d752f4007": { "id": "506e4f47-e292-4d19-a7bb-b87d752f4007", "title": "Activity Log <= 2.8.3 - CSV Injection", "software": [ { "type": "plugin", "name": "Activity Log \u2013 Monitor & Record User Changes", "slug": "aryo-activity-log", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/506e4f47-e292-4d19-a7bb-b87d752f4007?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50726c57-8d42-4143-9e75-d30513d8d0e2": { "id": "50726c57-8d42-4143-9e75-d30513d8d0e2", "title": "Sublanguage <= 2.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sublanguage", "slug": "sublanguage", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50726c57-8d42-4143-9e75-d30513d8d0e2?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "507464cf-43a3-49bd-b8d8-9bc8030670e0": { "id": "507464cf-43a3-49bd-b8d8-9bc8030670e0", "title": "Votecount For Balatarin <= 0.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Votecount For Balatarin", "slug": "votecount-for-balatarin", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/507464cf-43a3-49bd-b8d8-9bc8030670e0?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50798706-ad0d-431e-ac5f-57a0606c6f94": { "id": "50798706-ad0d-431e-ac5f-57a0606c6f94", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50798706-ad0d-431e-ac5f-57a0606c6f94?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "507b2e65-987b-4d4a-8a99-5366048d925e": { "id": "507b2e65-987b-4d4a-8a99-5366048d925e", "title": "WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header", "software": [ { "type": "plugin", "name": "Cookie Consent for WP \u2013 Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)", "slug": "gdpr-cookie-consent", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/507b2e65-987b-4d4a-8a99-5366048d925e?source=api-scan" ], "published": "2024-06-25 11:22:29", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "507d308e-7df7-4bcb-b63c-f438b482c36b": { "id": "507d308e-7df7-4bcb-b63c-f438b482c36b", "title": "Post Index <= 0.7.5 Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Index", "slug": "post-index", "affected_versions": { "* - 0.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/507d308e-7df7-4bcb-b63c-f438b482c36b?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "507fe5f4-3ac3-4e48-835e-66bad8bffc88": { "id": "507fe5f4-3ac3-4e48-835e-66bad8bffc88", "title": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 6.6.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "[*, 6.67)": { "from_version": "*", "from_inclusive": true, "to_version": "6.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/507fe5f4-3ac3-4e48-835e-66bad8bffc88?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5080c13a-19f9-4260-abba-1c579a6d305b": { "id": "5080c13a-19f9-4260-abba-1c579a6d305b", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5080c13a-19f9-4260-abba-1c579a6d305b?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50812a8b-7d49-41fa-ba50-47d07a4b6caa": { "id": "50812a8b-7d49-41fa-ba50-47d07a4b6caa", "title": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently <= 4.1.1 - Authenticated (Contributor+) PHP Object Injection in mep_event_meta_save", "software": [ { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50812a8b-7d49-41fa-ba50-47d07a4b6caa?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "508225ab-beb7-40eb-a80b-de123650fcff": { "id": "508225ab-beb7-40eb-a80b-de123650fcff", "title": "Simple visitor stat <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple visitor stat", "slug": "simple-visitor-stat", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/508225ab-beb7-40eb-a80b-de123650fcff?source=api-scan" ], "published": "2014-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5083509e-84e4-4bd3-9023-b458312b1886": { "id": "5083509e-84e4-4bd3-9023-b458312b1886", "title": "Jetpack < 7.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 7.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5083509e-84e4-4bd3-9023-b458312b1886?source=api-scan" ], "published": "2019-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5084afcc-b6fc-4d89-9ad7-c4ea3e4dae82": { "id": "5084afcc-b6fc-4d89-9ad7-c4ea3e4dae82", "title": "SoundCloud Shortcode <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SoundCloud Shortcode", "slug": "soundcloud-shortcode", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5084afcc-b6fc-4d89-9ad7-c4ea3e4dae82?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "508b6466-2786-4d6b-9ab2-772050af4803": { "id": "508b6466-2786-4d6b-9ab2-772050af4803", "title": "Easy Digital Downloads < 3.1.0.4 - SQL Injection", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/508b6466-2786-4d6b-9ab2-772050af4803?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "509097ae-5b20-4e91-9d82-cc6e3b64e518": { "id": "509097ae-5b20-4e91-9d82-cc6e3b64e518", "title": "iMember360 3.8.012 - 3.9.001 - Remote Code Execution", "software": [ { "type": "plugin", "name": "iMember360is", "slug": "imember360", "affected_versions": { "3.8.012 - 3.9.001": { "from_version": "3.8.012", "from_inclusive": true, "to_version": "3.9.001", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.002" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/509097ae-5b20-4e91-9d82-cc6e3b64e518?source=api-scan" ], "published": "2014-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50912c68-1bc8-4792-b624-4edda17ae43f": { "id": "50912c68-1bc8-4792-b624-4edda17ae43f", "title": "Garee's Flickr Feed <= 0.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Garee's Flickr Feed", "slug": "garees-flickr-feed", "affected_versions": { "* - 0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50912c68-1bc8-4792-b624-4edda17ae43f?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50932c88-994d-4904-b075-e48d2cb5bc24": { "id": "50932c88-994d-4904-b075-e48d2cb5bc24", "title": "Add Multiple Marker <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Add Multiple Marker", "slug": "add-multiple-marker", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50932c88-994d-4904-b075-e48d2cb5bc24?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5093d787-0357-4c28-9d27-8335b10fc499": { "id": "5093d787-0357-4c28-9d27-8335b10fc499", "title": "5 Stars Rating Funnel <= 1.2.53 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Build 5 Star Reviews on Google Reviews, Yelp, Facebook\u2026 easily and risk-free | RRatingg", "slug": "5-stars-rating-funnel", "affected_versions": { "* - 1.2.53": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5093d787-0357-4c28-9d27-8335b10fc499?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50959c4e-b7b9-45a1-9323-a1289ec1424f": { "id": "50959c4e-b7b9-45a1-9323-a1289ec1424f", "title": "Crowdsignal Dashboard \u2013 Polls, Surveys & more <= 3.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50959c4e-b7b9-45a1-9323-a1289ec1424f?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5097da41-b5e9-4e07-a135-83a7d889fe9b": { "id": "5097da41-b5e9-4e07-a135-83a7d889fe9b", "title": "bbPress < 2.5.13 - Unauthenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "bbPress", "slug": "bbpress", "affected_versions": { "[*, 2.5.13)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5097da41-b5e9-4e07-a135-83a7d889fe9b?source=api-scan" ], "published": "2017-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5098e74a-9a99-48b3-9f44-b780bfdeb24e": { "id": "5098e74a-9a99-48b3-9f44-b780bfdeb24e", "title": "Uncanny Automator <= 5.1.0.2 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Uncanny Automator \u2013 Easy Automation, Integration, Webhooks & Workflow Builder Plugin", "slug": "uncanny-automator", "affected_versions": { "* - 5.1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5098e74a-9a99-48b3-9f44-b780bfdeb24e?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "509c881d-22bc-473f-b57b-4ec3ddf6abaf": { "id": "509c881d-22bc-473f-b57b-4ec3ddf6abaf", "title": "fMoblog <= 2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "fmoblog", "slug": "fmoblog", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/509c881d-22bc-473f-b57b-4ec3ddf6abaf?source=api-scan" ], "published": "2009-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "509cccbd-3aa0-45f1-84a0-387d678ebf65": { "id": "509cccbd-3aa0-45f1-84a0-387d678ebf65", "title": "WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.34": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/509cccbd-3aa0-45f1-84a0-387d678ebf65?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50a89ad1-a3d0-49e3-8d2e-4cb81ac115ba": { "id": "50a89ad1-a3d0-49e3-8d2e-4cb81ac115ba", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50a89ad1-a3d0-49e3-8d2e-4cb81ac115ba?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50ac32ed-f83c-4afc-aac2-a79c69497091": { "id": "50ac32ed-f83c-4afc-aac2-a79c69497091", "title": "Import and export users and customers <= 1.20.4 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.20.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.20.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50ac32ed-f83c-4afc-aac2-a79c69497091?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50affe4f-d27e-4ead-a14b-abf792d5f0f0": { "id": "50affe4f-d27e-4ead-a14b-abf792d5f0f0", "title": "Sticky Social Link <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sticky Social Link", "slug": "sticky-social-link", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50affe4f-d27e-4ead-a14b-abf792d5f0f0?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50b080aa-b9fe-48ac-922c-3f702fed1066": { "id": "50b080aa-b9fe-48ac-922c-3f702fed1066", "title": "Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pop-Up Chop Chop", "slug": "pop-up", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50b080aa-b9fe-48ac-922c-3f702fed1066?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50b0eb50-fe25-487f-b5bc-13659be58ae4": { "id": "50b0eb50-fe25-487f-b5bc-13659be58ae4", "title": "Simple Tracking <= 1.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Tracking", "slug": "simple-theme-options", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50b0eb50-fe25-487f-b5bc-13659be58ae4?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50b26952-bf59-4236-93b4-6b4928609c15": { "id": "50b26952-bf59-4236-93b4-6b4928609c15", "title": "WPFunnels <= 2.7.15 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels", "slug": "wpfunnels", "affected_versions": { "[*, 2.7.16)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50b26952-bf59-4236-93b4-6b4928609c15?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50b811e0-c1f4-4970-a340-8c1619456e29": { "id": "50b811e0-c1f4-4970-a340-8c1619456e29", "title": "GiveWP <= 2.21.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.21.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.21.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50b811e0-c1f4-4970-a340-8c1619456e29?source=api-scan" ], "published": "2022-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50bbcfcb-7001-42e7-926c-ec4bf4ea35f6": { "id": "50bbcfcb-7001-42e7-926c-ec4bf4ea35f6", "title": "WP Editor <= 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Editor", "slug": "wp-editor", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50bbcfcb-7001-42e7-926c-ec4bf4ea35f6?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50bcea94-b12a-4b31-b0c1-bba834ea9bd0": { "id": "50bcea94-b12a-4b31-b0c1-bba834ea9bd0", "title": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 2.9.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50bcea94-b12a-4b31-b0c1-bba834ea9bd0?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50c33c8d-4488-4f9e-bc58-21cb8cd679e6": { "id": "50c33c8d-4488-4f9e-bc58-21cb8cd679e6", "title": "Slideshow Gallery <= 1.6.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50c33c8d-4488-4f9e-bc58-21cb8cd679e6?source=api-scan" ], "published": "2018-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50c5154c-1573-4c2b-85a1-a89bdb22dc7d": { "id": "50c5154c-1573-4c2b-85a1-a89bdb22dc7d", "title": "WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change\/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50c5154c-1573-4c2b-85a1-a89bdb22dc7d?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50c8a20a-66b4-445e-9167-e6fc0e6a1000": { "id": "50c8a20a-66b4-445e-9167-e6fc0e6a1000", "title": "BuddyForms Moderation <= 1.4.16 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyForms Moderation ( Former: Review Logic )", "slug": "buddyforms-review", "affected_versions": { "* - 1.4.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50c8a20a-66b4-445e-9167-e6fc0e6a1000?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50ca7cf8-bb47-42ea-badc-8bfe0328cbb0": { "id": "50ca7cf8-bb47-42ea-badc-8bfe0328cbb0", "title": "Download Theme <= 1.0.9 - Cross-Site Request Forgery via dtwap_download()", "software": [ { "type": "plugin", "name": "Download Theme", "slug": "download-theme", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50ca7cf8-bb47-42ea-badc-8bfe0328cbb0?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50cb130d-2e9c-429c-a56c-4546e705981a": { "id": "50cb130d-2e9c-429c-a56c-4546e705981a", "title": "Plotly < 1.0.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plotly", "slug": "wp-plotly", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50cb130d-2e9c-429c-a56c-4546e705981a?source=api-scan" ], "published": "2015-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50cc1a15-bb73-4c60-b610-e0c3bf1ef841": { "id": "50cc1a15-bb73-4c60-b610-e0c3bf1ef841", "title": "JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation", "software": [ { "type": "plugin", "name": "JobBoardWP \u2013 Job Board Listings and Submissions", "slug": "jobboardwp", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50cc1a15-bb73-4c60-b610-e0c3bf1ef841?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50d8dc95-4a60-4a1a-bb9f-ba48b58d868e": { "id": "50d8dc95-4a60-4a1a-bb9f-ba48b58d868e", "title": "Accordions <= 2.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50d8dc95-4a60-4a1a-bb9f-ba48b58d868e?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50e373bd-4408-4406-a411-3284fa71e7ef": { "id": "50e373bd-4408-4406-a411-3284fa71e7ef", "title": "Visual Form Builder <= 3.0.3 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Form Builder", "slug": "visual-form-builder", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50e373bd-4408-4406-a411-3284fa71e7ef?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50e4e070-8f68-4bac-8011-ac9d3b99a24f": { "id": "50e4e070-8f68-4bac-8011-ac9d3b99a24f", "title": "SEOPress <= 7.8 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 7.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50e4e070-8f68-4bac-8011-ac9d3b99a24f?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50e85f2c-3e3a-40b0-af82-7278656533d3": { "id": "50e85f2c-3e3a-40b0-af82-7278656533d3", "title": "Video Sidebar Widgets <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Sidebar Widgets", "slug": "video-sidebar-widgets", "affected_versions": { "* - 6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50e85f2c-3e3a-40b0-af82-7278656533d3?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50f58944-1a12-4bac-9f90-8b0e1d109d11": { "id": "50f58944-1a12-4bac-9f90-8b0e1d109d11", "title": "WordPress Core <= 2.8 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50f58944-1a12-4bac-9f90-8b0e1d109d11?source=api-scan" ], "published": "2009-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50f69182-66c0-4d3a-aabe-015b72937f3e": { "id": "50f69182-66c0-4d3a-aabe-015b72937f3e", "title": "WP Social AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page", "software": [ { "type": "plugin", "name": "WP Social AutoConnect", "slug": "wp-fb-autoconnect", "affected_versions": { "[*, 4.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50f69182-66c0-4d3a-aabe-015b72937f3e?source=api-scan" ], "published": "2023-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "50f6d0aa-059d-48d9-873b-6404f288f002": { "id": "50f6d0aa-059d-48d9-873b-6404f288f002", "title": "TCD Google Maps <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "TCD Google Maps", "slug": "tcd-google-maps", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/50f6d0aa-059d-48d9-873b-6404f288f002?source=api-scan" ], "published": "2023-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5102d03b-368f-410e-9c0f-a90caa7d28ec": { "id": "5102d03b-368f-410e-9c0f-a90caa7d28ec", "title": "HTML5 Lyrics Karaoke Player <= 2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML5 Lyrics Karaoke Player", "slug": "html5-lyrics-karaoke-player", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5102d03b-368f-410e-9c0f-a90caa7d28ec?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "510b1390-b8e6-41b5-8691-3043fa3fb47d": { "id": "510b1390-b8e6-41b5-8691-3043fa3fb47d", "title": "WPCargo Track & Trace <= 6.9.4 - Admin+ Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WPCargo Track & Trace", "slug": "wpcargo", "affected_versions": { "* - 6.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/510b1390-b8e6-41b5-8691-3043fa3fb47d?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "510c26b8-01d6-4d3c-91fd-15963152fdf1": { "id": "510c26b8-01d6-4d3c-91fd-15963152fdf1", "title": "FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.15.727": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.15.727", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.18.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/510c26b8-01d6-4d3c-91fd-15963152fdf1?source=api-scan" ], "published": "2022-03-18 16:21:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "510ef568-fe5e-427e-a5ab-76c65250ade3": { "id": "510ef568-fe5e-427e-a5ab-76c65250ade3", "title": "Vistered Little (Unspecified Version) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Vistered Little", "slug": "Vistered-Little", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/510ef568-fe5e-427e-a5ab-76c65250ade3?source=api-scan" ], "published": "2007-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5113170a-5a53-4e53-84e6-56d9ba0740ed": { "id": "5113170a-5a53-4e53-84e6-56d9ba0740ed", "title": "LA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.3.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5113170a-5a53-4e53-84e6-56d9ba0740ed?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5113b58b-7d2e-40cd-8669-a5597321106f": { "id": "5113b58b-7d2e-40cd-8669-a5597321106f", "title": "Quiz And Survey Master <= 7.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5113b58b-7d2e-40cd-8669-a5597321106f?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51178e18-ae8b-4a7f-974d-23346a8dbc52": { "id": "51178e18-ae8b-4a7f-974d-23346a8dbc52", "title": "Advanced Custom Fields <= 6.3.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Custom Fields", "slug": "UNKNOWN-CVE-2023-40068-1", "affected_versions": { "* - 6.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.6" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "* - 6.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51178e18-ae8b-4a7f-974d-23346a8dbc52?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5118ed50-d7be-4606-af9d-18b63359956c": { "id": "5118ed50-d7be-4606-af9d-18b63359956c", "title": "Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Slider Hero with Animation, Video Background", "slug": "slider-hero", "affected_versions": { "[*, 8.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5118ed50-d7be-4606-af9d-18b63359956c?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "511957c0-e4c3-4a50-b604-3b604d52d32f": { "id": "511957c0-e4c3-4a50-b604-3b604d52d32f", "title": "OWL Carousel <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OWL Carousel \u2013 WordPress Owl Carousel Slider", "slug": "lgx-owl-carousel", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/511957c0-e4c3-4a50-b604-3b604d52d32f?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "511f64df-4389-4ad7-b2a4-12dc57714631": { "id": "511f64df-4389-4ad7-b2a4-12dc57714631", "title": "Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress", "slug": "advanced-page-visit-counter", "affected_versions": { "* - 8.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/511f64df-4389-4ad7-b2a4-12dc57714631?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51212d87-8723-4ba7-8fa4-78912a56385f": { "id": "51212d87-8723-4ba7-8fa4-78912a56385f", "title": "Photospace Gallery <= 2.3.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photospace Gallery", "slug": "photospace", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51212d87-8723-4ba7-8fa4-78912a56385f?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5122800d-f274-4129-84d4-02380269502c": { "id": "5122800d-f274-4129-84d4-02380269502c", "title": "Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.974": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.974", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.975" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5122800d-f274-4129-84d4-02380269502c?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5124be64-6679-4dc5-8117-55c73ae91489": { "id": "5124be64-6679-4dc5-8117-55c73ae91489", "title": "EventPrime \u2013 Modern Events Calendar, Bookings and Tickets <= 3.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5124be64-6679-4dc5-8117-55c73ae91489?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "513124f6-ea14-46ca-94c5-f9fa15b19d8c": { "id": "513124f6-ea14-46ca-94c5-f9fa15b19d8c", "title": "Social Share Buttons & Analytics Plugin \u2013 GetSocial.io <= 4.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Share Buttons & Analytics Plugin \u2013 GetSocial.io", "slug": "wp-share-buttons-analytics-by-getsocial", "affected_versions": { "* - 4.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/513124f6-ea14-46ca-94c5-f9fa15b19d8c?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5137244c-584f-4b48-869a-b6669c84eaac": { "id": "5137244c-584f-4b48-869a-b6669c84eaac", "title": "CP Contact Form with PayPal < 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CP Contact Form with PayPal", "slug": "cp-contact-form-with-paypal", "affected_versions": { "[*, 1.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5137244c-584f-4b48-869a-b6669c84eaac?source=api-scan" ], "published": "2015-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "513f4a39-afba-4819-abf2-6ed168d11dfe": { "id": "513f4a39-afba-4819-abf2-6ed168d11dfe", "title": "Welcart e-Commerce <= 2.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/513f4a39-afba-4819-abf2-6ed168d11dfe?source=api-scan" ], "published": "2021-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "514184b0-aa54-41d1-9aa0-86d120ae79c7": { "id": "514184b0-aa54-41d1-9aa0-86d120ae79c7", "title": "Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mapping multiple URLs redirect same page", "slug": "mapping-multiple-urls-redirect-same-page", "affected_versions": { "* - 5.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/514184b0-aa54-41d1-9aa0-86d120ae79c7?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51424768-27c7-40b2-8d1c-838c419add8a": { "id": "51424768-27c7-40b2-8d1c-838c419add8a", "title": "Store Locator 2.3 - 3.11 - SQL Injection", "software": [ { "type": "plugin", "name": "Store Locator for WordPress with Google Maps \u2013 LotsOfLocales", "slug": "store-locator", "affected_versions": { "[*, 3.12)": { "from_version": "*", "from_inclusive": true, "to_version": "3.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51424768-27c7-40b2-8d1c-838c419add8a?source=api-scan" ], "published": "2014-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5143a2d2-504a-46b8-b82b-19beba4da64d": { "id": "5143a2d2-504a-46b8-b82b-19beba4da64d", "title": "Ultimate Member <= 2.0.21 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.22)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5143a2d2-504a-46b8-b82b-19beba4da64d?source=api-scan" ], "published": "2018-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "514aa001-24c8-4624-8e25-f17b8454354c": { "id": "514aa001-24c8-4624-8e25-f17b8454354c", "title": "Direct Checkout \u2013 Quick View \u2013 Buy Now For WooCommerce <= 1.5.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Custom CSS Code", "software": [ { "type": "plugin", "name": "Direct Checkout \u2013 Quick View \u2013 Buy Now For WooCommerce", "slug": "quick-view-and-buy-now-for-woocommerce", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/514aa001-24c8-4624-8e25-f17b8454354c?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5151f429-b1f3-43d4-94cf-3ff382b80190": { "id": "5151f429-b1f3-43d4-94cf-3ff382b80190", "title": "Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5151f429-b1f3-43d4-94cf-3ff382b80190?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "515502b5-c344-4855-aff1-57833233c5d2": { "id": "515502b5-c344-4855-aff1-57833233c5d2", "title": "Wp photo text slider 50 <= 8.0 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Wp photo text slider 50", "slug": "wp-photo-text-slider-50", "affected_versions": { "* - 8.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/515502b5-c344-4855-aff1-57833233c5d2?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "515a6a42-f353-47ae-9e74-4f9b2000bcb8": { "id": "515a6a42-f353-47ae-9e74-4f9b2000bcb8", "title": "WP ULike < 3.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "[*, 3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/515a6a42-f353-47ae-9e74-4f9b2000bcb8?source=api-scan" ], "published": "2018-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "515d6e6c-e20d-4fc4-9c56-80020196f2f0": { "id": "515d6e6c-e20d-4fc4-9c56-80020196f2f0", "title": "BackWPup <= 1.7.1 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "BackWPup \u2013 WordPress Backup & Restore Plugin", "slug": "backwpup", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/515d6e6c-e20d-4fc4-9c56-80020196f2f0?source=api-scan" ], "published": "2011-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "515e62ba-c3b8-42d0-95e3-be347b8851a5": { "id": "515e62ba-c3b8-42d0-95e3-be347b8851a5", "title": "BadgeOS <= 3.7.1.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "BadgeOS", "slug": "badgeos", "affected_versions": { "* - 3.7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/515e62ba-c3b8-42d0-95e3-be347b8851a5?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "516261b5-4356-40e1-9418-3243086bc1b4": { "id": "516261b5-4356-40e1-9418-3243086bc1b4", "title": "Easy Property Listings < 3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Property Listings", "slug": "easy-property-listings", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/516261b5-4356-40e1-9418-3243086bc1b4?source=api-scan" ], "published": "2020-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51634a0c-f979-403b-80b0-8e3a65e7ad35": { "id": "51634a0c-f979-403b-80b0-8e3a65e7ad35", "title": "FAQs Manager <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FAQs Manager", "slug": "faqs-manager", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51634a0c-f979-403b-80b0-8e3a65e7ad35?source=api-scan" ], "published": "2013-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "517653e5-fdad-4360-82a5-32b16a6cd631": { "id": "517653e5-fdad-4360-82a5-32b16a6cd631", "title": "OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )", "slug": "oauth-client-for-user-authentication", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/517653e5-fdad-4360-82a5-32b16a6cd631?source=api-scan" ], "published": "2022-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5176d862-577b-4a37-9da3-9ba106f77d6e": { "id": "5176d862-577b-4a37-9da3-9ba106f77d6e", "title": "Email Users <= 4.7.5 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Email Users", "slug": "email-users", "affected_versions": { "[*, 4.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5176d862-577b-4a37-9da3-9ba106f77d6e?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5178f7ee-d7e3-4cd1-8cc2-121d217e66fa": { "id": "5178f7ee-d7e3-4cd1-8cc2-121d217e66fa", "title": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5178f7ee-d7e3-4cd1-8cc2-121d217e66fa?source=api-scan" ], "published": "2014-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "518174ec-44f5-4b5c-a326-0fb2aa661c86": { "id": "518174ec-44f5-4b5c-a326-0fb2aa661c86", "title": "Formsite | Embed online forms to collect orders, registrations, leads, and surveys <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formsite | Embed online forms to collect orders, registrations, leads, and surveys", "slug": "formsite", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/518174ec-44f5-4b5c-a326-0fb2aa661c86?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5182843b-03d0-4b0b-ba97-8e9602916c5f": { "id": "5182843b-03d0-4b0b-ba97-8e9602916c5f", "title": "Duplicate Page or Post <= 1.5.0 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicate Page or Post", "slug": "duplicate-page-or-post", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5182843b-03d0-4b0b-ba97-8e9602916c5f?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5183d676-eb91-4c03-8d12-c15c68839f02": { "id": "5183d676-eb91-4c03-8d12-c15c68839f02", "title": "SEMA API <= 3.64 - SQL Injection", "software": [ { "type": "plugin", "name": "SEMA API", "slug": "sema-api", "affected_versions": { "* - 3.64": { "from_version": "*", "from_inclusive": true, "to_version": "3.64", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5183d676-eb91-4c03-8d12-c15c68839f02?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5184740a-c747-4217-bb13-6568465672df": { "id": "5184740a-c747-4217-bb13-6568465672df", "title": "Ultimate Bootstrap Elements for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Ultimate Bootstrap Elements for Elementor", "slug": "ultimate-bootstrap-elements-for-elementor", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5184740a-c747-4217-bb13-6568465672df?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "518771c1-b52b-47b7-99f1-4f40115ba4cf": { "id": "518771c1-b52b-47b7-99f1-4f40115ba4cf", "title": "Pie Register < 2.0.15 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 2.0.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/518771c1-b52b-47b7-99f1-4f40115ba4cf?source=api-scan" ], "published": "2015-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51880262-78ad-4791-8e3d-f6718de9f2a2": { "id": "51880262-78ad-4791-8e3d-f6718de9f2a2", "title": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.25.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP", "slug": "videowhisper-live-streaming-integration", "affected_versions": { "* - 4.25.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.25.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51880262-78ad-4791-8e3d-f6718de9f2a2?source=api-scan" ], "published": "2013-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51887d22-2cfa-46b8-822c-9e6e183de4ad": { "id": "51887d22-2cfa-46b8-822c-9e6e183de4ad", "title": "Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_size Parameter", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51887d22-2cfa-46b8-822c-9e6e183de4ad?source=api-scan" ], "published": "2021-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5188dc72-a00d-4a07-b178-3f3ef26d7fc1": { "id": "5188dc72-a00d-4a07-b178-3f3ef26d7fc1", "title": "WPC Product Bundles for WooCommerce <= 7.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPC Product Bundles for WooCommerce", "slug": "woo-product-bundle", "affected_versions": { "* - 7.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5188dc72-a00d-4a07-b178-3f3ef26d7fc1?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "518b005d-5a5d-4fec-bb3a-1657af354ec9": { "id": "518b005d-5a5d-4fec-bb3a-1657af354ec9", "title": "Fontiran <= 2.1 - Missing Authorization via fi_add_rule and fi_delete_webfont_php", "software": [ { "type": "plugin", "name": "Fontiran", "slug": "fontiran", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/518b005d-5a5d-4fec-bb3a-1657af354ec9?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "518be2c6-36ca-4015-8b7f-451a806c7b1d": { "id": "518be2c6-36ca-4015-8b7f-451a806c7b1d", "title": "Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/518be2c6-36ca-4015-8b7f-451a806c7b1d?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "518f23c3-f3e3-4cff-bd30-a8211f74c3ce": { "id": "518f23c3-f3e3-4cff-bd30-a8211f74c3ce", "title": "HUSKY \u2013 Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/518f23c3-f3e3-4cff-bd30-a8211f74c3ce?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5190b5ac-a12c-45ea-97fd-2d86bc2b090c": { "id": "5190b5ac-a12c-45ea-97fd-2d86bc2b090c", "title": "WP Compress \u2013 Image Optimizer [All-In-One] <= 6.20.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Compress \u2013 Instant Performance & Speed Optimization", "slug": "wp-compress-image-optimizer", "affected_versions": { "* - 6.20.13": { "from_version": "*", "from_inclusive": true, "to_version": "6.20.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.21.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5190b5ac-a12c-45ea-97fd-2d86bc2b090c?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5193d1c0-5111-4e97-a433-a41a76acbde9": { "id": "5193d1c0-5111-4e97-a433-a41a76acbde9", "title": "WooCommerce <= 3.5.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5193d1c0-5111-4e97-a433-a41a76acbde9?source=api-scan" ], "published": "2018-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51957ee1-a423-485b-8cfd-8eafaf6744e4": { "id": "51957ee1-a423-485b-8cfd-8eafaf6744e4", "title": "UserPro <= 4.9.17 - Authentication Bypass", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "[*, 4.9.17.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.17.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9.17.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51957ee1-a423-485b-8cfd-8eafaf6744e4?source=api-scan" ], "published": "2017-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5196a9f2-177d-48e1-b0dc-72e0727132d6": { "id": "5196a9f2-177d-48e1-b0dc-72e0727132d6", "title": "WordPress Comments Import & Export <= 2.3.1 - CSV Injection", "software": [ { "type": "plugin", "name": "WordPress Comments Import & Export", "slug": "comments-import-export-woocommerce", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5196a9f2-177d-48e1-b0dc-72e0727132d6?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51986a76-933b-4c25-af79-d0c3f9e1d513": { "id": "51986a76-933b-4c25-af79-d0c3f9e1d513", "title": "Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via vx-entries shortcode", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51986a76-933b-4c25-af79-d0c3f9e1d513?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51a1c2de-56be-4487-874a-a916e8a6992a": { "id": "51a1c2de-56be-4487-874a-a916e8a6992a", "title": "Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery Slideshow & Masonry Tiled Gallery", "slug": "wp-responsive-photo-gallery", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51a1c2de-56be-4487-874a-a916e8a6992a?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51a4886b-2e15-4d91-b853-4a675120a9e9": { "id": "51a4886b-2e15-4d91-b853-4a675120a9e9", "title": "Ultimate Store Kit Elementor Addons <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider", "slug": "ultimate-store-kit", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51a4886b-2e15-4d91-b853-4a675120a9e9?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51a49b5b-c0a3-4aac-84cc-6e1ebf3a442e": { "id": "51a49b5b-c0a3-4aac-84cc-6e1ebf3a442e", "title": "Content text slider on post < 6.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content text slider on post", "slug": "content-text-slider-on-post", "affected_versions": { "[*, 6.9)": { "from_version": "*", "from_inclusive": true, "to_version": "6.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51a49b5b-c0a3-4aac-84cc-6e1ebf3a442e?source=api-scan" ], "published": "2015-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51ac25ef-e5b9-4f5c-a792-fff4ceba96e1": { "id": "51ac25ef-e5b9-4f5c-a792-fff4ceba96e1", "title": "Specific Content For Mobile \u2013 Customize the mobile version without redirections <= 0.1.9.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Specific Content For Mobile \u2013 Customize the mobile version without redirections", "slug": "specific-content-for-mobile", "affected_versions": { "* - 0.1.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51ac25ef-e5b9-4f5c-a792-fff4ceba96e1?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51b42108-5b6d-4d41-b663-cccab8b552be": { "id": "51b42108-5b6d-4d41-b663-cccab8b552be", "title": "Request a Quote <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Request a Quote", "slug": "request-a-quote", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51b42108-5b6d-4d41-b663-cccab8b552be?source=api-scan" ], "published": "2024-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51b60e28-fb43-434a-88ca-3c73a8e89d40": { "id": "51b60e28-fb43-434a-88ca-3c73a8e89d40", "title": "Akismet <= 3.1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Akismet Anti-spam: Spam Protection", "slug": "akismet", "affected_versions": { "[*, 3.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51b60e28-fb43-434a-88ca-3c73a8e89d40?source=api-scan" ], "published": "2015-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51b6c73d-fd4f-4469-9859-fbae61b5924c": { "id": "51b6c73d-fd4f-4469-9859-fbae61b5924c", "title": "WP Super Cache <= 1.4.4 - Authenticated File Deletion", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51b6c73d-fd4f-4469-9859-fbae61b5924c?source=api-scan" ], "published": "2015-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51b725e4-b088-4f6b-8810-87a39ca952ff": { "id": "51b725e4-b088-4f6b-8810-87a39ca952ff", "title": "LIQUID SPEECH BALLOON < 1.0.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LIQUID SPEECH BALLOON", "slug": "liquid-speech-balloon", "affected_versions": { "[*, 1.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51b725e4-b088-4f6b-8810-87a39ca952ff?source=api-scan" ], "published": "2019-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51b88442-3961-42e2-8ff4-7726819a7f0f": { "id": "51b88442-3961-42e2-8ff4-7726819a7f0f", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51b88442-3961-42e2-8ff4-7726819a7f0f?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51c1c4ee-c17f-4565-b800-f306569fc502": { "id": "51c1c4ee-c17f-4565-b800-f306569fc502", "title": "Websimon Tables <= 1.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Websimon Tables", "slug": "websimon-tables", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51c1c4ee-c17f-4565-b800-f306569fc502?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51c42ca2-cdba-49f5-bea2-83c9b8cf0db7": { "id": "51c42ca2-cdba-49f5-bea2-83c9b8cf0db7", "title": "LuckyWP Scripts Control <= 1.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "LuckyWP Scripts Control", "slug": "luckywp-scripts-control", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51c42ca2-cdba-49f5-bea2-83c9b8cf0db7?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51cd834e-1b18-4702-9c6c-db7f34f2c687": { "id": "51cd834e-1b18-4702-9c6c-db7f34f2c687", "title": "WordPress Core < 5.8.1 - LoDash Update", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[5.4, 5.4.7)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.7", "to_inclusive": false }, "[5.5, 5.5.6)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": false }, "[5.6, 5.6.5)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.5", "to_inclusive": false }, "[5.7, 5.7.3)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.3", "to_inclusive": false }, "[5.8, 5.8.1)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.7", "5.5.6", "5.6.5", "5.7.3", "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51cd834e-1b18-4702-9c6c-db7f34f2c687?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51ce7b71-0a19-48ef-8748-3848742c542b": { "id": "51ce7b71-0a19-48ef-8748-3848742c542b", "title": "Clock In Portal <= 2.1 - Cross-Site Request Forgery To Staff Deletion", "software": [ { "type": "plugin", "name": "Clock In Portal- Staff & Attendance Management", "slug": "clock-in-portal", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51ce7b71-0a19-48ef-8748-3848742c542b?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51cf2f40-7be8-4302-a766-88ec2f0501f5": { "id": "51cf2f40-7be8-4302-a766-88ec2f0501f5", "title": "IgniteUp \u2013 Coming Soon and Maintenance Mode <= 3.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "IgniteUp \u2013 Coming Soon and Maintenance Mode", "slug": "igniteup", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51cf2f40-7be8-4302-a766-88ec2f0501f5?source=api-scan" ], "published": "2019-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51cfe955-f854-4f88-a009-93f92ae13d86": { "id": "51cfe955-f854-4f88-a009-93f92ae13d86", "title": "Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "* - 5.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51cfe955-f854-4f88-a009-93f92ae13d86?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51d07d2a-74e6-499e-8d66-90893faedeaf": { "id": "51d07d2a-74e6-499e-8d66-90893faedeaf", "title": "Korea SNS <= 1.6.4 - Cross-Site Request Forgery via kon_tergos_options", "software": [ { "type": "plugin", "name": "Korea SNS", "slug": "korea-sns", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51d07d2a-74e6-499e-8d66-90893faedeaf?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51d14f45-4c30-4225-998d-f4f829e09bc0": { "id": "51d14f45-4c30-4225-998d-f4f829e09bc0", "title": "GetResponse Forms by Optin Cat <= 2.5.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GetResponse Forms by Optin Cat", "slug": "getresponse", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51d14f45-4c30-4225-998d-f4f829e09bc0?source=api-scan" ], "published": "2024-10-17 15:46:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51d3c250-301c-4f91-9fe5-56879a65fde7": { "id": "51d3c250-301c-4f91-9fe5-56879a65fde7", "title": "Aviary Image Editor Add-on For Gravity Forms <= 3.0 (Beta r7) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Aviary Image Editor Add-on For Gravity Forms", "slug": "aviary-image-editor-add-on-for-gravity-forms", "affected_versions": { "* - 3.0 (Beta r7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0 (Beta r7)", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51d3c250-301c-4f91-9fe5-56879a65fde7?source=api-scan" ], "published": "2015-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51d98277-a1d7-4708-8daf-88948a235375": { "id": "51d98277-a1d7-4708-8daf-88948a235375", "title": "WP Super Cache <= 1.4.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51d98277-a1d7-4708-8daf-88948a235375?source=api-scan" ], "published": "2017-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51e1a30e-774e-4478-be34-486ed4142a7d": { "id": "51e1a30e-774e-4478-be34-486ed4142a7d", "title": "WP Customer Reviews <= 3.4.2 - Multiple Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Customer Reviews", "slug": "wp-customer-reviews", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51e1a30e-774e-4478-be34-486ed4142a7d?source=api-scan" ], "published": "2020-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51e4f7ac-efc5-492c-b7a4-eea6d5f69e0d": { "id": "51e4f7ac-efc5-492c-b7a4-eea6d5f69e0d", "title": "PlanSo Forms <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PlanSo Forms", "slug": "planso-forms", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51e4f7ac-efc5-492c-b7a4-eea6d5f69e0d?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51f73041-927d-42da-92cc-14242a397356": { "id": "51f73041-927d-42da-92cc-14242a397356", "title": "Email posts to subscribers <= 6.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Email posts to subscribers", "slug": "email-posts-to-subscribers", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51f73041-927d-42da-92cc-14242a397356?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51fab95e-336d-4544-8b8e-c4e9002321ec": { "id": "51fab95e-336d-4544-8b8e-c4e9002321ec", "title": "Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.30": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51fab95e-336d-4544-8b8e-c4e9002321ec?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51fd6124-4954-4827-a665-c2d94d74a512": { "id": "51fd6124-4954-4827-a665-c2d94d74a512", "title": "VikRentCar <= 1.4.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "VikRentCar Car Rental Management System", "slug": "vikrentcar", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51fd6124-4954-4827-a665-c2d94d74a512?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51ff10f2-4a5b-42ab-9ee2-95b036ac1c9a": { "id": "51ff10f2-4a5b-42ab-9ee2-95b036ac1c9a", "title": "Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication", "software": [ { "type": "plugin", "name": "Mollie Forms", "slug": "mollie-forms", "affected_versions": { "* - 2.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51ff10f2-4a5b-42ab-9ee2-95b036ac1c9a?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "51ff2654-fa38-4807-87f5-53a9996839c1": { "id": "51ff2654-fa38-4807-87f5-53a9996839c1", "title": "Verification Code for Comments <= 2.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Verification Code for Comments", "slug": "verification-code-for-comments", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/51ff2654-fa38-4807-87f5-53a9996839c1?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5200ed9c-83dd-4f07-804c-2519932e5546": { "id": "5200ed9c-83dd-4f07-804c-2519932e5546", "title": "LearnPress <= 4.1.4.1 - Arbitrary Image Renaming", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5200ed9c-83dd-4f07-804c-2519932e5546?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5201963b-3b30-4e7a-9ad1-d9fa7bf629e5": { "id": "5201963b-3b30-4e7a-9ad1-d9fa7bf629e5", "title": "ProfilePress <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5201963b-3b30-4e7a-9ad1-d9fa7bf629e5?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5204d111-3dd5-4dd0-bf1a-79ec2900b4d8": { "id": "5204d111-3dd5-4dd0-bf1a-79ec2900b4d8", "title": "Newsletters <= 4.9.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5204d111-3dd5-4dd0-bf1a-79ec2900b4d8?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52056177-8604-48b9-ab50-d0dc1e13a3d5": { "id": "52056177-8604-48b9-ab50-d0dc1e13a3d5", "title": "Save as PDF plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings", "software": [ { "type": "plugin", "name": "Save as PDF Plugin by Pdfcrowd", "slug": "save-as-pdf-by-pdfcrowd", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52056177-8604-48b9-ab50-d0dc1e13a3d5?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "520598d7-863f-4bf3-ba74-fa9b2cc32767": { "id": "520598d7-863f-4bf3-ba74-fa9b2cc32767", "title": "SuperFaktura WooCommerce <= 1.40.3 - Authenticated (Subscriber+) Blind Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "SuperFaktura WooCommerce", "slug": "woocommerce-superfaktura", "affected_versions": { "* - 1.40.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.40.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.40.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/520598d7-863f-4bf3-ba74-fa9b2cc32767?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5205cc95-06d1-4bc6-a9ea-082df9566935": { "id": "5205cc95-06d1-4bc6-a9ea-082df9566935", "title": "WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion", "software": [ { "type": "plugin", "name": "WP Blog Post Layouts", "slug": "wp-blog-post-layouts", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5205cc95-06d1-4bc6-a9ea-082df9566935?source=api-scan" ], "published": "2024-06-20 12:56:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5205fcde-2e6c-49de-b132-1ebefcd1ba59": { "id": "5205fcde-2e6c-49de-b132-1ebefcd1ba59", "title": "WassUp Real Time Analytics 1.4 - 1.4.3 - SQL Injection", "software": [ { "type": "plugin", "name": "WassUp Real Time Analytics", "slug": "wassup", "affected_versions": { "1.4 - 1.4.3": { "from_version": "1.4", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5205fcde-2e6c-49de-b132-1ebefcd1ba59?source=api-scan" ], "published": "2008-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5208529c-4ac3-42a4-82d0-7f4d2e486236": { "id": "5208529c-4ac3-42a4-82d0-7f4d2e486236", "title": "Blocksy Companion <= 2.0.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads", "software": [ { "type": "plugin", "name": "Blocksy Companion", "slug": "blocksy-companion", "affected_versions": { "* - 2.0.45": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5208529c-4ac3-42a4-82d0-7f4d2e486236?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52105225-1b22-42b9-97b4-a521ced36b01": { "id": "52105225-1b22-42b9-97b4-a521ced36b01", "title": "Newspack Blocks <= 3.0.8 - Authenticated (Contributor+) Arbitrary Directory Deletion", "software": [ { "type": "plugin", "name": "Newspack Blocks", "slug": "newspack-blocks", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52105225-1b22-42b9-97b4-a521ced36b01?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52116a6f-506f-4eeb-9bcc-19900ef38101": { "id": "52116a6f-506f-4eeb-9bcc-19900ef38101", "title": "Page Builder by SiteOrigin <= 2.29.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget", "software": [ { "type": "plugin", "name": "Page Builder by SiteOrigin", "slug": "siteorigin-panels", "affected_versions": { "* - 2.29.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.29.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.29.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52116a6f-506f-4eeb-9bcc-19900ef38101?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52144ff6-0617-496c-8159-ec5d7bc86f60": { "id": "52144ff6-0617-496c-8159-ec5d7bc86f60", "title": "Marketing and SEO Booster <= 1.9.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Marketing and SEO Booster", "slug": "marketing-and-seo-booster", "affected_versions": { "* - 1.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52144ff6-0617-496c-8159-ec5d7bc86f60?source=api-scan" ], "published": "2024-10-09 13:28:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52198053-206c-4002-8e26-dd5b4850e151": { "id": "52198053-206c-4002-8e26-dd5b4850e151", "title": "SalesKing <= 1.6.15 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "salesking", "slug": "salesking", "affected_versions": { "* - 1.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52198053-206c-4002-8e26-dd5b4850e151?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "521af15c-983c-49dc-a90b-b090281db78a": { "id": "521af15c-983c-49dc-a90b-b090281db78a", "title": "NinjaTeam Header Footer Custom Code < 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via CSS Styles", "software": [ { "type": "plugin", "name": "NinjaTeam Header Footer Custom Code", "slug": "header-footer-code", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/521af15c-983c-49dc-a90b-b090281db78a?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "521b1786-3527-4b4e-b1c4-ff4fbfed8107": { "id": "521b1786-3527-4b4e-b1c4-ff4fbfed8107", "title": "My Reading Library <= 1.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "My Reading Library", "slug": "my-reading-library", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/521b1786-3527-4b4e-b1c4-ff4fbfed8107?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "521bb5a3-0a0c-4693-a87d-fabb64f1ad4f": { "id": "521bb5a3-0a0c-4693-a87d-fabb64f1ad4f", "title": "Mesmerize Companion <= 1.6.148 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode", "software": [ { "type": "plugin", "name": "Mesmerize Companion", "slug": "mesmerize-companion", "affected_versions": { "* - 1.6.148": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.148", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.149" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/521bb5a3-0a0c-4693-a87d-fabb64f1ad4f?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "521bcfd5-7bb2-4748-8440-9902181cbf7e": { "id": "521bcfd5-7bb2-4748-8440-9902181cbf7e", "title": "Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via ids Parameter", "software": [ { "type": "plugin", "name": "Note Press", "slug": "note-press", "affected_versions": { "* - 0.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/521bcfd5-7bb2-4748-8440-9902181cbf7e?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52203b9c-7629-4969-8d2d-eb1ef33d160c": { "id": "52203b9c-7629-4969-8d2d-eb1ef33d160c", "title": "Membership & Content Restriction \u2013 Paid Member Subscriptions <= 2.4.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction", "slug": "paid-member-subscriptions", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52203b9c-7629-4969-8d2d-eb1ef33d160c?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5222ce69-ac9f-4bb0-9832-8cdff1f8b078": { "id": "5222ce69-ac9f-4bb0-9832-8cdff1f8b078", "title": "Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.19.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5222ce69-ac9f-4bb0-9832-8cdff1f8b078?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5223d6c3-9fe0-4ac5-bd69-990a13b17826": { "id": "5223d6c3-9fe0-4ac5-bd69-990a13b17826", "title": "3dady real-time web stats <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "3dady real-time web stats", "slug": "3dady-real-time-web-stats", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5223d6c3-9fe0-4ac5-bd69-990a13b17826?source=api-scan" ], "published": "2022-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5224233f-6cb4-4fd9-b25b-e32db612cb7f": { "id": "5224233f-6cb4-4fd9-b25b-e32db612cb7f", "title": "VN Calendar <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "vn-calendar", "slug": "vn-calendar", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5224233f-6cb4-4fd9-b25b-e32db612cb7f?source=api-scan" ], "published": "2014-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "522b477f-9df9-4d30-aa03-d4946acab21a": { "id": "522b477f-9df9-4d30-aa03-d4946acab21a", "title": "WP User Switch <= 1.1.0 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "WP User Switch", "slug": "wp-user-switch", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/522b477f-9df9-4d30-aa03-d4946acab21a?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "522ecc1c-5834-4325-9234-79cf712213f3": { "id": "522ecc1c-5834-4325-9234-79cf712213f3", "title": "Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "* - 1.7.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/522ecc1c-5834-4325-9234-79cf712213f3?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5235a235-911e-4462-90c5-05b0c7cb45a3": { "id": "5235a235-911e-4462-90c5-05b0c7cb45a3", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5235a235-911e-4462-90c5-05b0c7cb45a3?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52383075-2d39-4fd9-8319-15a5354ff25f": { "id": "52383075-2d39-4fd9-8319-15a5354ff25f", "title": "MP3-jPlayer < 1.8.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MP3-jPlayer", "slug": "mp3-jplayer", "affected_versions": { "[*, 1.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52383075-2d39-4fd9-8319-15a5354ff25f?source=api-scan" ], "published": "2014-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "523cfed4-0422-40f3-8d81-d7862bcb1792": { "id": "523cfed4-0422-40f3-8d81-d7862bcb1792", "title": "MyTube PlayList <= 2.0.3 - Reflected Cross-Site Scripting via addplaylistid", "software": [ { "type": "plugin", "name": "MyTube PlayList", "slug": "mytube", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/523cfed4-0422-40f3-8d81-d7862bcb1792?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "523e80a5-dffa-4eb6-8f7a-e179e0dc4d28": { "id": "523e80a5-dffa-4eb6-8f7a-e179e0dc4d28", "title": "Inline Google Spreadsheet Viewer <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Inline Google Spreadsheet Viewer", "slug": "inline-google-spreadsheet-viewer", "affected_versions": { "* - 0.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.13.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/523e80a5-dffa-4eb6-8f7a-e179e0dc4d28?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "523f7a8a-d06d-4778-be14-d0b7ca32dab3": { "id": "523f7a8a-d06d-4778-be14-d0b7ca32dab3", "title": "LA-Studio Element Kit for Elementor <= 1.1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/523f7a8a-d06d-4778-be14-d0b7ca32dab3?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "524452b9-e617-4434-a23f-6026b6f55eeb": { "id": "524452b9-e617-4434-a23f-6026b6f55eeb", "title": "Polo Video Gallery \u2013 Best wordpress video gallery plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Polo Video Gallery \u2013 Best wordpress video gallery plugin", "slug": "polo-video-gallery", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/524452b9-e617-4434-a23f-6026b6f55eeb?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "524e9ec1-9c7c-4b06-915c-8122ea6c3601": { "id": "524e9ec1-9c7c-4b06-915c-8122ea6c3601", "title": "Abandoned Cart Lite for WooCommerce <= 5.15.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "* - 5.15.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.15.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/524e9ec1-9c7c-4b06-915c-8122ea6c3601?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52538617-a1d1-40ed-8321-e39d06869398": { "id": "52538617-a1d1-40ed-8321-e39d06869398", "title": "All-in-one Floating Contact Form <= 2.1.1 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs \u2013 My Sticky Elements", "slug": "mystickyelements", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52538617-a1d1-40ed-8321-e39d06869398?source=api-scan" ], "published": "2023-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "525626be-fe1d-4543-91a1-ae5ea3658862": { "id": "525626be-fe1d-4543-91a1-ae5ea3658862", "title": "Security & Malware scan by CleanTalk <= 2.120 - IP Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Security & Malware scan by CleanTalk", "slug": "security-malware-firewall", "affected_versions": { "* - 2.120": { "from_version": "*", "from_inclusive": true, "to_version": "2.120", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.121" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/525626be-fe1d-4543-91a1-ae5ea3658862?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52569aac-1e9e-40fb-9ff4-5eeb7940375d": { "id": "52569aac-1e9e-40fb-9ff4-5eeb7940375d", "title": "CodeMirror Blocks <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CodeMirror Blocks", "slug": "wp-codemirror-block", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52569aac-1e9e-40fb-9ff4-5eeb7940375d?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5256a249-b355-480d-a532-5931e4dea481": { "id": "5256a249-b355-480d-a532-5931e4dea481", "title": "Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Namaste! LMS", "slug": "namaste-lms", "affected_versions": { "* - 2.5.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5256a249-b355-480d-a532-5931e4dea481?source=api-scan" ], "published": "2023-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5256ef2b-e1fc-4746-b35e-07a265f47f95": { "id": "5256ef2b-e1fc-4746-b35e-07a265f47f95", "title": "Events Addon for Elementor <= 2.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Events Addon for Elementor", "slug": "events-addon-for-elementor", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5256ef2b-e1fc-4746-b35e-07a265f47f95?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52574d99-1ffe-4152-bf13-9cdd11d7300a": { "id": "52574d99-1ffe-4152-bf13-9cdd11d7300a", "title": "TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Tag, Category, and Taxonomy Manager \u2013 AI Autotagger", "slug": "simple-tags", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52574d99-1ffe-4152-bf13-9cdd11d7300a?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "525a2180-3643-4f78-aafd-99a546bac363": { "id": "525a2180-3643-4f78-aafd-99a546bac363", "title": "Bit Form Pro <= 2.6.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Bit Form Pro", "slug": "bitformpro", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/525a2180-3643-4f78-aafd-99a546bac363?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "525b466d-137a-467b-8b49-e51393a73866": { "id": "525b466d-137a-467b-8b49-e51393a73866", "title": "Kento Post View Counter <= 2.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Kento Post View Counter", "slug": "kento-post-view-counter", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/525b466d-137a-467b-8b49-e51393a73866?source=api-scan" ], "published": "2016-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "525cb51c-23f1-446f-a247-0f69ec5029d8": { "id": "525cb51c-23f1-446f-a247-0f69ec5029d8", "title": "Elementor <= 3.13.2 Authenticated(Contributor+) Arbitrary Post Type Creation via save_item", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "[*, 3.13.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/525cb51c-23f1-446f-a247-0f69ec5029d8?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "525dec5b-b457-483c-ab2d-09dd320edcaa": { "id": "525dec5b-b457-483c-ab2d-09dd320edcaa", "title": "WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 8.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.0" ] }, { "type": "plugin", "name": "WooCommerce Blocks", "slug": "woo-gutenberg-products-block", "affected_versions": { "* - 11.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "11.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/525dec5b-b457-483c-ab2d-09dd320edcaa?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5263fa58-18d2-49a2-bc5b-3d3fd3cd1377": { "id": "5263fa58-18d2-49a2-bc5b-3d3fd3cd1377", "title": "iMember360 3.8.012 - 3.9.001 - Missing Authorization", "software": [ { "type": "plugin", "name": "iMember360is", "slug": "imember360", "affected_versions": { "[3.8.012, 3.9.001)": { "from_version": "3.8.012", "from_inclusive": true, "to_version": "3.9.001", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.001" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5263fa58-18d2-49a2-bc5b-3d3fd3cd1377?source=api-scan" ], "published": "2014-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52659f1c-642e-4c88-b3d0-d5c5a206b11c": { "id": "52659f1c-642e-4c88-b3d0-d5c5a206b11c", "title": "Super Testimonials <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Super Testimonials", "slug": "super-testimonial", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52659f1c-642e-4c88-b3d0-d5c5a206b11c?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5268485f-d912-4c2d-a0ad-aabb69f9c98c": { "id": "5268485f-d912-4c2d-a0ad-aabb69f9c98c", "title": "Seriously Simple Podcasting <= 2.25.3 - Unauthenticated Email Disclosure", "software": [ { "type": "plugin", "name": "Seriously Simple Podcasting", "slug": "seriously-simple-podcasting", "affected_versions": { "* - 2.25.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5268485f-d912-4c2d-a0ad-aabb69f9c98c?source=api-scan" ], "published": "2024-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52696d42-b522-47d3-9a59-92078145c2be": { "id": "52696d42-b522-47d3-9a59-92078145c2be", "title": "WP Custom Fields Search <= 0.3.28 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Custom Fields Search", "slug": "wp-custom-fields-search", "affected_versions": { "[*, 1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52696d42-b522-47d3-9a59-92078145c2be?source=api-scan" ], "published": "2017-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5269ea0a-b0e9-433a-a166-28d23bfb6b4e": { "id": "5269ea0a-b0e9-433a-a166-28d23bfb6b4e", "title": "RSS for Yandex Turbo <= 1.29 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS for Yandex Turbo", "slug": "rss-for-yandex-turbo", "affected_versions": { "* - 1.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5269ea0a-b0e9-433a-a166-28d23bfb6b4e?source=api-scan" ], "published": "2021-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "526a1b9c-953b-4ad7-91e1-d2e480b967ac": { "id": "526a1b9c-953b-4ad7-91e1-d2e480b967ac", "title": "Remove Footer Credit <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Remove Footer Credit", "slug": "remove-footer-credit", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/526a1b9c-953b-4ad7-91e1-d2e480b967ac?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "526aa2e5-06bd-4b4c-a331-315f8ab37858": { "id": "526aa2e5-06bd-4b4c-a331-315f8ab37858", "title": "Social proof testimonials and reviews by Repuso <= 5.01 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social proof testimonials and reviews by Repuso", "slug": "social-testimonials-and-reviews-widget", "affected_versions": { "* - 5.01": { "from_version": "*", "from_inclusive": true, "to_version": "5.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/526aa2e5-06bd-4b4c-a331-315f8ab37858?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "526add70-4fcf-44d1-b4d8-4cc35652b1f0": { "id": "526add70-4fcf-44d1-b4d8-4cc35652b1f0", "title": "Cost Calculator Builder Pro <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Cost Calculator Builder PRO", "slug": "cost-calculator-builder-pro", "affected_versions": { "* - 3.1.67": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.67", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/526add70-4fcf-44d1-b4d8-4cc35652b1f0?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "526c45c8-7543-4384-af80-b3798857f79d": { "id": "526c45c8-7543-4384-af80-b3798857f79d", "title": "Edge <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name", "software": [ { "type": "theme", "name": "Edge", "slug": "edge", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/526c45c8-7543-4384-af80-b3798857f79d?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "526dcd62-5e40-4870-b6cf-4f3d8bf9f8d0": { "id": "526dcd62-5e40-4870-b6cf-4f3d8bf9f8d0", "title": "Herd Effects \u2013 fake notifications and social proof plugin <= 5.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Proof Popups & Real-Time Notifications \u2013 Herd Effects", "slug": "mwp-herd-effect", "affected_versions": { "* - 5.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/526dcd62-5e40-4870-b6cf-4f3d8bf9f8d0?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5278e8d4-d23e-47ce-b920-dfb7ec56387c": { "id": "5278e8d4-d23e-47ce-b920-dfb7ec56387c", "title": "Health Check & Troubleshooting <= 1.2.3 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Health Check & Troubleshooting", "slug": "health-check", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5278e8d4-d23e-47ce-b920-dfb7ec56387c?source=api-scan" ], "published": "2018-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "527c344e-870e-4bd9-b111-86cc2821367d": { "id": "527c344e-870e-4bd9-b111-86cc2821367d", "title": "Redirection for Contact Form 7 <= 2.7.0 - Authenticated(Editor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/527c344e-870e-4bd9-b111-86cc2821367d?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "527f75f1-6361-4e16-8ae4-d38ca4589811": { "id": "527f75f1-6361-4e16-8ae4-d38ca4589811", "title": "Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Crayon Syntax Highlighter", "slug": "crayon-syntax-highlighter", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/527f75f1-6361-4e16-8ae4-d38ca4589811?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52876909-3d2a-480d-9c47-39e96d088ff3": { "id": "52876909-3d2a-480d-9c47-39e96d088ff3", "title": "WP Tiles <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Tiles", "slug": "wp-tiles", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52876909-3d2a-480d-9c47-39e96d088ff3?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5287cf42-6d0a-4fd2-943d-e8e44fc08576": { "id": "5287cf42-6d0a-4fd2-943d-e8e44fc08576", "title": "Jetpack <= 7.9 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": false }, "[5.1, 5.1.1)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": false }, "[5.2, 5.2.2)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": false }, "[5.3, 5.3.1)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": false }, "[5.4, 5.4.1)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.1", "to_inclusive": false }, "[5.5, 5.5.2)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.2", "to_inclusive": false }, "[5.6, 5.6.2)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": false }, "[5.7, 5.7.2)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": false }, "[5.8, 5.8.1)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": false }, "[5.9, 5.9.1)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": false }, "[6.0, 6.0.1)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": false }, "[6.1, 6.1.2)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": false }, "[6.2, 6.2.2)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": false }, "[6.3, 6.3.4)": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.4", "to_inclusive": false }, "[6.4, 6.4.3)": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.3", "to_inclusive": false }, "[6.5, 6.5.1)": { "from_version": "6.5", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": false }, "[6.6, 6.6.2)": { "from_version": "6.6", "from_inclusive": true, "to_version": "6.6.2", "to_inclusive": false }, "[6.7, 6.7.1)": { "from_version": "6.7", "from_inclusive": true, "to_version": "6.7.1", "to_inclusive": false }, "[6.8, 6.8.2)": { "from_version": "6.8", "from_inclusive": true, "to_version": "6.8.2", "to_inclusive": false }, "[6.9, 6.9.1)": { "from_version": "6.9", "from_inclusive": true, "to_version": "6.9.1", "to_inclusive": false }, "[7.0, 7.0.2)": { "from_version": "7.0", "from_inclusive": true, "to_version": "7.0.2", "to_inclusive": false }, "[7.1, 7.1.2)": { "from_version": "7.1", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": false }, "[7.2, 7.2.2)": { "from_version": "7.2", "from_inclusive": true, "to_version": "7.2.2", "to_inclusive": false }, "[7.3, 7.3.2)": { "from_version": "7.3", "from_inclusive": true, "to_version": "7.3.2", "to_inclusive": false }, "[7.4, 7.4.2)": { "from_version": "7.4", "from_inclusive": true, "to_version": "7.4.2", "to_inclusive": false }, "[7.5, 7.5.4)": { "from_version": "7.5", "from_inclusive": true, "to_version": "7.5.4", "to_inclusive": false }, "[7.6, 7.6.1)": { "from_version": "7.6", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": false }, "[7.7, 7.7.3)": { "from_version": "7.7", "from_inclusive": true, "to_version": "7.7.3", "to_inclusive": false }, "[7.8, 7.8.1)": { "from_version": "7.8", "from_inclusive": true, "to_version": "7.8.1", "to_inclusive": false }, "[7.9, 7.9.1)": { "from_version": "7.9", "from_inclusive": true, "to_version": "7.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.1", "5.2.2", "5.3.1", "5.4.1", "5.5.2", "5.6.2", "5.7.2", "5.8.1", "5.9.1", "6.0.1", "6.1.2", "6.2.2", "6.3.4", "6.4.3", "6.5.1", "6.6.2", "6.7.1", "6.8.2", "6.9.1", "7.0.2", "7.1.2", "7.2.2", "7.3.2", "7.4.2", "7.5.4", "7.6.1", "7.7.3", "7.8.1", "7.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5287cf42-6d0a-4fd2-943d-e8e44fc08576?source=api-scan" ], "published": "2019-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5289f7a5-7b7b-4627-a313-b8480f88b158": { "id": "5289f7a5-7b7b-4627-a313-b8480f88b158", "title": "leenk.me < 2.6.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "leenk.me", "slug": "leenkme", "affected_versions": { "[*, 2.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5289f7a5-7b7b-4627-a313-b8480f88b158?source=api-scan" ], "published": "2016-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5292fcb2-4084-42e6-b78b-62e36123829a": { "id": "5292fcb2-4084-42e6-b78b-62e36123829a", "title": "Educare \u2013 Students & Result Management System <= 1.4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Educare \u2013 Students & Result Management System", "slug": "educare", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5292fcb2-4084-42e6-b78b-62e36123829a?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52943f74-d0a6-43d2-a8e6-d9fd90925b3e": { "id": "52943f74-d0a6-43d2-a8e6-d9fd90925b3e", "title": "FREE DOWNLOAD MANAGER <= 1.0.0 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "FREE DOWNLOAD MANAGER", "slug": "free-download-manager", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52943f74-d0a6-43d2-a8e6-d9fd90925b3e?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52944aa6-a6ee-46ce-bd0c-18c69fe1ada7": { "id": "52944aa6-a6ee-46ce-bd0c-18c69fe1ada7", "title": "WP Duplicate Page <= 1.2 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Duplicate Page", "slug": "wp-duplicate-page", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52944aa6-a6ee-46ce-bd0c-18c69fe1ada7?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5294af95-e85f-4425-9c4b-0a92dfac4bd1": { "id": "5294af95-e85f-4425-9c4b-0a92dfac4bd1", "title": "Digital Climate Strike WP <= 1.0.0 - Malicious Redirect", "software": [ { "type": "plugin", "name": "Digital Climate Strike WP", "slug": "digital-climate-strike-wp", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5294af95-e85f-4425-9c4b-0a92dfac4bd1?source=api-scan" ], "published": "2021-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5294f427-738c-444e-acf6-abc452629f64": { "id": "5294f427-738c-444e-acf6-abc452629f64", "title": "Abundance (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Abundance", "slug": "abundance", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5294f427-738c-444e-acf6-abc452629f64?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52983bf6-908a-4287-b89e-cd09b4c48efe": { "id": "52983bf6-908a-4287-b89e-cd09b4c48efe", "title": "Dovetail <= 1.2.13 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dovetail", "slug": "dovetail", "affected_versions": { "* - 1.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52983bf6-908a-4287-b89e-cd09b4c48efe?source=api-scan" ], "published": "2023-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "529c5785-214e-41e7-8cf3-4ff3d256e27c": { "id": "529c5785-214e-41e7-8cf3-4ff3d256e27c", "title": "NOSpamPTI <= 2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "NOSpamPTI", "slug": "nospampti", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/529c5785-214e-41e7-8cf3-4ff3d256e27c?source=api-scan" ], "published": "2013-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52a03c45-1d65-43aa-b30f-13698019e05f": { "id": "52a03c45-1d65-43aa-b30f-13698019e05f", "title": "miniOrange's Google Authenticator <= 5.5.82 - Missing Authorization", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.5.82": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52a03c45-1d65-43aa-b30f-13698019e05f?source=api-scan" ], "published": "2022-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52ac7ccf-89fd-47d3-ba61-7bcf84908a57": { "id": "52ac7ccf-89fd-47d3-ba61-7bcf84908a57", "title": "Contact Form Email <= 1.2.65 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.2.65": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52ac7ccf-89fd-47d3-ba61-7bcf84908a57?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52ac7e85-0a01-41f0-b753-7858a859705f": { "id": "52ac7e85-0a01-41f0-b753-7858a859705f", "title": "Email Encoder < 1.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers", "slug": "email-encoder-bundle", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52ac7e85-0a01-41f0-b753-7858a859705f?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52aee4b8-f494-4eeb-8357-71ce8d5bc656": { "id": "52aee4b8-f494-4eeb-8357-71ce8d5bc656", "title": "Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 5.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52af7568-061d-4352-b85c-11f9829bc8a5": { "id": "52af7568-061d-4352-b85c-11f9829bc8a5", "title": "WP Markdown Editor (Formerly Dark Mode) < 1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Markdown Editor (Formerly Dark Mode)", "slug": "dark-mode", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52af7568-061d-4352-b85c-11f9829bc8a5?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52b13188-5630-4ae9-9b2b-bd4dcadd240a": { "id": "52b13188-5630-4ae9-9b2b-bd4dcadd240a", "title": "Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin", "slug": "everest-backup", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52b13188-5630-4ae9-9b2b-bd4dcadd240a?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52b1d515-4965-4ab9-80dd-526b4ebeb3a9": { "id": "52b1d515-4965-4ab9-80dd-526b4ebeb3a9", "title": "PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "[*, 2.4.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52b1d515-4965-4ab9-80dd-526b4ebeb3a9?source=api-scan" ], "published": "2021-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52ba91f1-21a2-4d7c-8801-b5e72a00c37d": { "id": "52ba91f1-21a2-4d7c-8801-b5e72a00c37d", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion\/FAQ", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52ba91f1-21a2-4d7c-8801-b5e72a00c37d?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52bb3328-956c-4379-879a-d321d68c39ee": { "id": "52bb3328-956c-4379-879a-d321d68c39ee", "title": "Team Showcase <= 1.22.15 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Showcase", "slug": "team", "affected_versions": { "[*, 1.22.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.22.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52bb3328-956c-4379-879a-d321d68c39ee?source=api-scan" ], "published": "2020-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52bd0d4d-4a08-417c-a426-6bd981f43120": { "id": "52bd0d4d-4a08-417c-a426-6bd981f43120", "title": "JW Player for WordPress <= 2.3.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "JW Player for WordPress", "slug": "jw-player-7-for-wp", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52bd0d4d-4a08-417c-a426-6bd981f43120?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52c24f18-832b-4416-a148-a23e38b257e0": { "id": "52c24f18-832b-4416-a148-a23e38b257e0", "title": "WP-DBManager <= 2.79.1 - Directory Traversal Allowing Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WP-DBManager", "slug": "wp-dbmanager", "affected_versions": { "[*, 2.79.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.79.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.79.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52c24f18-832b-4416-a148-a23e38b257e0?source=api-scan" ], "published": "2018-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52c2837e-8947-4ce9-bda5-e0c2f831fb36": { "id": "52c2837e-8947-4ce9-bda5-e0c2f831fb36", "title": "URL Shortener by MyThemeShop <= 1.0.17 - Reflected Cross-Site Scripting via 'page'", "software": [ { "type": "plugin", "name": "URL Shortener by MyThemeShop", "slug": "mts-url-shortener", "affected_versions": { "* - 1.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52c2837e-8947-4ce9-bda5-e0c2f831fb36?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52c2aae5-17c2-45eb-b55f-bb27555fb1f7": { "id": "52c2aae5-17c2-45eb-b55f-bb27555fb1f7", "title": "WP Retina 2x <= 6.4.5 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina)", "slug": "wp-retina-2x", "affected_versions": { "* - 6.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52c2aae5-17c2-45eb-b55f-bb27555fb1f7?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52c4c16f-2e6e-4cbd-b061-4324a6002eab": { "id": "52c4c16f-2e6e-4cbd-b061-4324a6002eab", "title": "Product Catalog Mode For WooCommerce <= 5.0.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CatalogX \u2013 Product Catalog Mode For WooCommerce", "slug": "woocommerce-catalog-enquiry", "affected_versions": { "* - 5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52c4c16f-2e6e-4cbd-b061-4324a6002eab?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52c7edcc-d8dd-401a-9d36-e395fa7189bf": { "id": "52c7edcc-d8dd-401a-9d36-e395fa7189bf", "title": "WP Symposium Pro < 16.01 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Symposium Pro", "slug": "wp-symposium-pro", "affected_versions": { "[*, 16.01)": { "from_version": "*", "from_inclusive": true, "to_version": "16.01", "to_inclusive": false } }, "patched": true, "patched_versions": [ "16.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52c7edcc-d8dd-401a-9d36-e395fa7189bf?source=api-scan" ], "published": "2016-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52cce49b-49b3-49b0-9f18-4829f07a420f": { "id": "52cce49b-49b3-49b0-9f18-4829f07a420f", "title": "Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Generate PDF using Contact Form 7", "slug": "generate-pdf-using-contact-form-7", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52cce49b-49b3-49b0-9f18-4829f07a420f?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52d1f9a3-243e-4e2c-a752-f40b6d275121": { "id": "52d1f9a3-243e-4e2c-a752-f40b6d275121", "title": "Abandoned Cart Lite for WooCommerce <= 5.16.0 - Improper Authorization via wcal_delete_expired_used_coupon_code", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "[*, 5.16.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.16.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52d1f9a3-243e-4e2c-a752-f40b6d275121?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52d390e0-95ca-4570-8d4c-f679ee86ffea": { "id": "52d390e0-95ca-4570-8d4c-f679ee86ffea", "title": "Import any XML or CSV File to WordPress <= 3.2.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP All Import Pro", "slug": "wp-all-import-pro", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] }, { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52d390e0-95ca-4570-8d4c-f679ee86ffea?source=api-scan" ], "published": "2020-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52d6f0c3-2e2e-44cb-a5ea-85c19424ddac": { "id": "52d6f0c3-2e2e-44cb-a5ea-85c19424ddac", "title": "LearnPress <= 4.2.6.8.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52d6f0c3-2e2e-44cb-a5ea-85c19424ddac?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52d79cdd-739f-4ae9-9214-bc64ca7d8ecb": { "id": "52d79cdd-739f-4ae9-9214-bc64ca7d8ecb", "title": "Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52d79cdd-739f-4ae9-9214-bc64ca7d8ecb?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52daa230-1600-4ace-9adf-3f4e9be51e9f": { "id": "52daa230-1600-4ace-9adf-3f4e9be51e9f", "title": "Jupiter X Core <= 2.0.9 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52daa230-1600-4ace-9adf-3f4e9be51e9f?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52db8d41-859a-4d68-8b83-3d3af8f1bf64": { "id": "52db8d41-859a-4d68-8b83-3d3af8f1bf64", "title": "ContentStudio <= 1.2.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "ContentStudio", "slug": "contentstudio", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52db8d41-859a-4d68-8b83-3d3af8f1bf64?source=api-scan" ], "published": "2023-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52dc69e7-d4c0-492e-a334-54464fc963fd": { "id": "52dc69e7-d4c0-492e-a334-54464fc963fd", "title": "Email Before Download <= 3.6 - SMTP Header Injection", "software": [ { "type": "plugin", "name": "Email Before Download", "slug": "email-before-download", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52dc69e7-d4c0-492e-a334-54464fc963fd?source=api-scan" ], "published": "2017-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52e4f79f-1148-4530-8d78-377a7365978a": { "id": "52e4f79f-1148-4530-8d78-377a7365978a", "title": "Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update", "software": [ { "type": "plugin", "name": "Admin side data storage for Contact Form 7", "slug": "admin-side-data-storage-for-contact-form-7", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52e4f79f-1148-4530-8d78-377a7365978a?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52ee1a7d-33c6-48aa-a2ac-62a1246439a9": { "id": "52ee1a7d-33c6-48aa-a2ac-62a1246439a9", "title": "WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Category Editing", "software": [ { "type": "plugin", "name": "WP eStore", "slug": "wp-cart-for-digital-products", "affected_versions": { "* - 8.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52ee1a7d-33c6-48aa-a2ac-62a1246439a9?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52efc168-fed9-45c6-9a2c-1e3a198f71f9": { "id": "52efc168-fed9-45c6-9a2c-1e3a198f71f9", "title": "RegistrationMagic <= 5.0.2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "[*, 5.0.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52efc168-fed9-45c6-9a2c-1e3a198f71f9?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52f5c90a-e4ba-4212-83e0-281b8624dda0": { "id": "52f5c90a-e4ba-4212-83e0-281b8624dda0", "title": "Social Rocket <= 1.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Rocket \u2013 Social Sharing Plugin", "slug": "social-rocket", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52f5c90a-e4ba-4212-83e0-281b8624dda0?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52f820c5-d4ce-4925-a055-a7c75a320971": { "id": "52f820c5-d4ce-4925-a055-a7c75a320971", "title": "Wholesale Market for WooCommerce <= 1.0.7 - Authenticated (Administrator+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Wholesale Market for WooCommerce", "slug": "wholesale-market-for-woocommerce", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52f820c5-d4ce-4925-a055-a7c75a320971?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52f98de0-ad91-4b5a-91ef-6fe705f2bf60": { "id": "52f98de0-ad91-4b5a-91ef-6fe705f2bf60", "title": "Flattr <= 1.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flattr", "slug": "flattr", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52f98de0-ad91-4b5a-91ef-6fe705f2bf60?source=api-scan" ], "published": "2024-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52f9db86-7fed-4b32-8384-3ceb300f9249": { "id": "52f9db86-7fed-4b32-8384-3ceb300f9249", "title": "Forms for Mailchimp by Optin Cat <= 2.5.6 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters", "software": [ { "type": "plugin", "name": "Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List", "slug": "mailchimp-wp", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52f9db86-7fed-4b32-8384-3ceb300f9249?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52fb128f-d846-478e-bf9a-cbc3fe8ce89d": { "id": "52fb128f-d846-478e-bf9a-cbc3fe8ce89d", "title": "Reviews Plus < 1.2.14 - Denial of Service", "software": [ { "type": "plugin", "name": "Reviews Plus", "slug": "reviews-plus", "affected_versions": { "[*, 1.2.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52fb128f-d846-478e-bf9a-cbc3fe8ce89d?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "52fde632-f3a4-48d5-8c2c-c42b9d20dcb7": { "id": "52fde632-f3a4-48d5-8c2c-c42b9d20dcb7", "title": "RapidExpCart <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RapidExpCart", "slug": "rapidexpcart", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/52fde632-f3a4-48d5-8c2c-c42b9d20dcb7?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5304da48-5d42-47ce-b1b1-dc04b8fa9dff": { "id": "5304da48-5d42-47ce-b1b1-dc04b8fa9dff", "title": "Shortlinks by Pretty Links <= 3.4.0 - Cross-Site Request Forgery via route", "software": [ { "type": "plugin", "name": "PrettyLinks \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "pretty-link", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5304da48-5d42-47ce-b1b1-dc04b8fa9dff?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53071503-0edd-458f-a24d-107d576695ed": { "id": "53071503-0edd-458f-a24d-107d576695ed", "title": "YAWPP (Yet Another WordPress Petition Plugin) <= 1.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YAWPP (Yet Another WordPress Petition Plugin)", "slug": "yawpp", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53071503-0edd-458f-a24d-107d576695ed?source=api-scan" ], "published": "2015-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "530ccf41-f596-4783-b177-36fc9a3a6e81": { "id": "530ccf41-f596-4783-b177-36fc9a3a6e81", "title": "ElementsReady Addons for Elementor <= 5.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsReady Addons for Elementor", "slug": "element-ready-lite", "affected_versions": { "* - 5.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/530ccf41-f596-4783-b177-36fc9a3a6e81?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "530ee998-de16-407f-8e84-b0d7c31c6f5f": { "id": "530ee998-de16-407f-8e84-b0d7c31c6f5f", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.11 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "[*, 1.5.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/530ee998-de16-407f-8e84-b0d7c31c6f5f?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53124575-ca94-47d6-b0dd-033ac17c24ae": { "id": "53124575-ca94-47d6-b0dd-033ac17c24ae", "title": "SpiderCatalog <= 1.7.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "SpiderCatalog", "slug": "catalog", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53124575-ca94-47d6-b0dd-033ac17c24ae?source=api-scan" ], "published": "2021-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53192f38-ab76-4843-a652-37c266b527e7": { "id": "53192f38-ab76-4843-a652-37c266b527e7", "title": "ShiftController Employee Shift Scheduling <= 4.9.64 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShiftController Employee Shift Scheduling", "slug": "shiftcontroller", "affected_versions": { "* - 4.9.64": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.64", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53192f38-ab76-4843-a652-37c266b527e7?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "531954dd-ed3f-4626-adab-c1bba8407c89": { "id": "531954dd-ed3f-4626-adab-c1bba8407c89", "title": "Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.20.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.20.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/531954dd-ed3f-4626-adab-c1bba8407c89?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53199f3c-80d1-4c4e-93ef-8a234ba8ba85": { "id": "53199f3c-80d1-4c4e-93ef-8a234ba8ba85", "title": "Quick Event Manager <= 9.7.4 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Quick Event Manager", "slug": "quick-event-manager", "affected_versions": { "* - 9.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53199f3c-80d1-4c4e-93ef-8a234ba8ba85?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "532b58eb-6d8b-4bb7-b5c5-604ad24dba98": { "id": "532b58eb-6d8b-4bb7-b5c5-604ad24dba98", "title": "Magical Addons For Elementor <= 1.1.41 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )", "slug": "magical-addons-for-elementor", "affected_versions": { "* - 1.1.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/532b58eb-6d8b-4bb7-b5c5-604ad24dba98?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "532ce349-0f4c-4197-bbbd-1e3dcbd0c9d3": { "id": "532ce349-0f4c-4197-bbbd-1e3dcbd0c9d3", "title": "WordPress Email Template Designer < 3.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Email Template Designer \u2013 WP HTML Mail", "slug": "wp-html-mail", "affected_versions": { "[*, 3.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/532ce349-0f4c-4197-bbbd-1e3dcbd0c9d3?source=api-scan" ], "published": "2021-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "532cffdb-16e8-4ced-9477-483c96db343c": { "id": "532cffdb-16e8-4ced-9477-483c96db343c", "title": "LWS Hide Login <= 2.1.8 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "LWS Hide Login", "slug": "lws-hide-login", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/532cffdb-16e8-4ced-9477-483c96db343c?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "532d185c-4384-4b15-a104-42f8d2a1ca23": { "id": "532d185c-4384-4b15-a104-42f8d2a1ca23", "title": "Colibri Page Builder <= 1.0.240 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.240": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.240", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.241" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/532d185c-4384-4b15-a104-42f8d2a1ca23?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5331c7cc-3854-4975-9f28-e9b0d6407227": { "id": "5331c7cc-3854-4975-9f28-e9b0d6407227", "title": "Smart Forms \u2013 when you need more than just a contact form <= 2.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5331c7cc-3854-4975-9f28-e9b0d6407227?source=api-scan" ], "published": "2014-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53356d15-8db0-4015-addf-9bf66446e81f": { "id": "53356d15-8db0-4015-addf-9bf66446e81f", "title": "Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via rt", "software": [ { "type": "plugin", "name": "Seraphinite Accelerator", "slug": "seraphinite-accelerator", "affected_versions": { "* - 2.20.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53356d15-8db0-4015-addf-9bf66446e81f?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "533bf4ba-5929-475e-ac98-43d97288cdfe": { "id": "533bf4ba-5929-475e-ac98-43d97288cdfe", "title": "Mailchimp for WooCommerce <= 2.7 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Mailchimp for WooCommerce", "slug": "mailchimp-for-woocommerce", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/533bf4ba-5929-475e-ac98-43d97288cdfe?source=api-scan" ], "published": "2022-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "533f6552-38aa-4251-89fa-e5f79ccb3df0": { "id": "533f6552-38aa-4251-89fa-e5f79ccb3df0", "title": "Ultimate Blocks \u2013 WordPress Blocks Plugin <= 3.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Blocks \u2013 WordPress Blocks Plugin", "slug": "ultimate-blocks", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/533f6552-38aa-4251-89fa-e5f79ccb3df0?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "533f71d5-823d-45eb-8ecf-76afafd2a5d3": { "id": "533f71d5-823d-45eb-8ecf-76afafd2a5d3", "title": "Popup Maker <= 1.18.0 - Cross-Site Request Forgery via init", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/533f71d5-823d-45eb-8ecf-76afafd2a5d3?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5340204a-8a4f-4e23-82a1-c228b884c34a": { "id": "5340204a-8a4f-4e23-82a1-c228b884c34a", "title": "Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5340204a-8a4f-4e23-82a1-c228b884c34a?source=api-scan" ], "published": "2021-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53409aeb-67a6-4a44-993a-fb23f8fb1344": { "id": "53409aeb-67a6-4a44-993a-fb23f8fb1344", "title": "WooCommerce Extra Cost <= 2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Extra Cost", "slug": "woo-extra-cost", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53409aeb-67a6-4a44-993a-fb23f8fb1344?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5344499d-c183-4164-a52c-0dca7873f63d": { "id": "5344499d-c183-4164-a52c-0dca7873f63d", "title": "Woocommerce Vietnam Checkout <= 2.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Vietnam Checkout", "slug": "woo-vietnam-checkout", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5344499d-c183-4164-a52c-0dca7873f63d?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53459a4d-6ffd-46bf-926a-761db4cfb50c": { "id": "53459a4d-6ffd-46bf-926a-761db4cfb50c", "title": "Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Content Shortcode", "slug": "custom-content-shortcode", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53459a4d-6ffd-46bf-926a-761db4cfb50c?source=api-scan" ], "published": "2022-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "534a5d1d-cc34-4d84-b3a3-bf2282718656": { "id": "534a5d1d-cc34-4d84-b3a3-bf2282718656", "title": "Ultimate WordPress Auction Plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation", "software": [ { "type": "plugin", "name": "Ultimate WordPress Auction Plugin", "slug": "ultimate-auction", "affected_versions": { "* - 4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/534a5d1d-cc34-4d84-b3a3-bf2282718656?source=api-scan" ], "published": "2024-07-26 13:11:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "534e6f80-b162-4a4b-a979-72ed63a8b0dc": { "id": "534e6f80-b162-4a4b-a979-72ed63a8b0dc", "title": "Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paytm \u2013 Donation Plugin", "slug": "paytm-donation", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/534e6f80-b162-4a4b-a979-72ed63a8b0dc?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "534fd39e-bc32-4534-b7cd-ee50161c0b13": { "id": "534fd39e-bc32-4534-b7cd-ee50161c0b13", "title": "Registrations for the Events Calendar <= 2.12.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Registrations for the Events Calendar \u2013 Event Registration Plugin", "slug": "registrations-for-the-events-calendar", "affected_versions": { "* - 2.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/534fd39e-bc32-4534-b7cd-ee50161c0b13?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5350e519-3fa5-4463-b7b4-12bbe6fd5591": { "id": "5350e519-3fa5-4463-b7b4-12bbe6fd5591", "title": "iThemes Security < 3.2.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 3.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5350e519-3fa5-4463-b7b4-12bbe6fd5591?source=api-scan" ], "published": "2012-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53577cf4-af87-41a2-9424-56a584b78cf3": { "id": "53577cf4-af87-41a2-9424-56a584b78cf3", "title": "Rating Widget <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes", "software": [ { "type": "plugin", "name": "Rating-Widget: Star Review System", "slug": "rating-widget", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53577cf4-af87-41a2-9424-56a584b78cf3?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53580b24-c0a7-4578-bb11-5952ebcacc42": { "id": "53580b24-c0a7-4578-bb11-5952ebcacc42", "title": "UltimateWoo \u2013 The Ultimate WooCommerce Plugin with Unlimited Usage <= 0.1.10 - PHP Object Injection", "software": [ { "type": "plugin", "name": "UltimateWoo \u2013 The Ultimate WooCommerce Plugin with Unlimited Usage", "slug": "ultimatewoo", "affected_versions": { "* - 0.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53580b24-c0a7-4578-bb11-5952ebcacc42?source=api-scan" ], "published": "2021-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "535af5fa-891b-4d21-ab13-c4ef68dd339b": { "id": "535af5fa-891b-4d21-ab13-c4ef68dd339b", "title": "LeagueManager <= 3.7 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LeagueManager", "slug": "leaguemanager", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/535af5fa-891b-4d21-ab13-c4ef68dd339b?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "535e754e-f851-4809-a148-d9ba808b9d8a": { "id": "535e754e-f851-4809-a148-d9ba808b9d8a", "title": "Wp anything slider <= 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Wp anything slider", "slug": "wp-anything-slider", "affected_versions": { "* - 9.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/535e754e-f851-4809-a148-d9ba808b9d8a?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5361df27-493c-4731-9502-071af4894bbb": { "id": "5361df27-493c-4731-9502-071af4894bbb", "title": "WordPress Page Contact <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Page Contact", "slug": "wpagecontact", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5361df27-493c-4731-9502-071af4894bbb?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53667fd6-0d12-400d-b3a1-7cee305a2bc2": { "id": "53667fd6-0d12-400d-b3a1-7cee305a2bc2", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'bulkDelete' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53667fd6-0d12-400d-b3a1-7cee305a2bc2?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53686d01-b60c-4324-895e-2fae3ccfa3c9": { "id": "53686d01-b60c-4324-895e-2fae3ccfa3c9", "title": "MP3-jPlayer <= 1.8.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MP3-jPlayer", "slug": "mp3-jplayer", "affected_versions": { "* - 1.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53686d01-b60c-4324-895e-2fae3ccfa3c9?source=api-scan" ], "published": "2015-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53757567-5024-46cc-b2ae-04b5fc55a35c": { "id": "53757567-5024-46cc-b2ae-04b5fc55a35c", "title": "Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Button Widget Smartsoft", "slug": "smartsoftbutton-widget-de-botones-de-chat", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53757567-5024-46cc-b2ae-04b5fc55a35c?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53760acf-e8b2-4e35-8c01-768472fc0996": { "id": "53760acf-e8b2-4e35-8c01-768472fc0996", "title": "Simple Table Manager <= 1.5.6 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Table Manager", "slug": "simple-table-manager", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53760acf-e8b2-4e35-8c01-768472fc0996?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "537acaf7-8d44-484d-9516-774a3de5573f": { "id": "537acaf7-8d44-484d-9516-774a3de5573f", "title": "Easy Testimonials <= 3.5.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Testimonials", "slug": "easy-testimonials", "affected_versions": { "[*, 3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/537acaf7-8d44-484d-9516-774a3de5573f?source=api-scan" ], "published": "2018-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "537b6f36-ae45-465a-b139-6753d50d8e10": { "id": "537b6f36-ae45-465a-b139-6753d50d8e10", "title": "Blix 0.9.1 and Blix 0.9.1 Rus - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blix", "slug": "blix", "affected_versions": { "* - 0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/537b6f36-ae45-465a-b139-6753d50d8e10?source=api-scan" ], "published": "2007-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "537bdd21-7ebd-4c17-a681-18703ac973a5": { "id": "537bdd21-7ebd-4c17-a681-18703ac973a5", "title": "Image Zoom <= 1.8.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Image Zoom", "slug": "image-zoom", "affected_versions": { "* - 1.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/537bdd21-7ebd-4c17-a681-18703ac973a5?source=api-scan" ], "published": "2022-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53889ac8-a101-4aae-a1d2-f25cbf6f58e2": { "id": "53889ac8-a101-4aae-a1d2-f25cbf6f58e2", "title": "WP Video Gallery <= 1.7.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Video Gallery", "slug": "wp-video-gallery-free", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53889ac8-a101-4aae-a1d2-f25cbf6f58e2?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "538e9ce3-2d48-44ad-bd08-8eead3ef15c3": { "id": "538e9ce3-2d48-44ad-bd08-8eead3ef15c3", "title": "Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui <= 4.7.4 - Information Exposure via ma_debug", "software": [ { "type": "plugin", "name": "Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui", "slug": "molongui-authorship", "affected_versions": { "* - 4.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/538e9ce3-2d48-44ad-bd08-8eead3ef15c3?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5394623b-e9ee-4047-bfe3-d7f6374993cd": { "id": "5394623b-e9ee-4047-bfe3-d7f6374993cd", "title": "Google Forms < 0.85 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Forms", "slug": "wpgform", "affected_versions": { "[*, 0.85)": { "from_version": "*", "from_inclusive": true, "to_version": "0.85", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.85" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5394623b-e9ee-4047-bfe3-d7f6374993cd?source=api-scan" ], "published": "2016-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "539cd606-1884-48df-beae-f5686a4e2400": { "id": "539cd606-1884-48df-beae-f5686a4e2400", "title": "multimedial images <= 1.0b - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "multimedial images", "slug": "multimedial-images", "affected_versions": { "* - 1.0b": { "from_version": "*", "from_inclusive": true, "to_version": "1.0b", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/539cd606-1884-48df-beae-f5686a4e2400?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53a265b8-e34c-4683-a653-4b4b2410e9de": { "id": "53a265b8-e34c-4683-a653-4b4b2410e9de", "title": "Social Share Boost <= 4.5 - Cross-Site Request Forgery via 'syntatical_settings_content'", "software": [ { "type": "plugin", "name": "Social Share Boost", "slug": "social-share-boost", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53a265b8-e34c-4683-a653-4b4b2410e9de?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53a28cee-fda0-43eb-8012-5059bb061694": { "id": "53a28cee-fda0-43eb-8012-5059bb061694", "title": "WP-Stats-Dashboard <= 2.9.4 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP-Stats-Dashboard", "slug": "wp-stats-dashboard", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53a28cee-fda0-43eb-8012-5059bb061694?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53a51408-e5d8-4727-9dec-8321c062c31e": { "id": "53a51408-e5d8-4727-9dec-8321c062c31e", "title": "WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icon_color", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53a51408-e5d8-4727-9dec-8321c062c31e?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53a58c45-b7fd-469e-8c67-4f20707f2363": { "id": "53a58c45-b7fd-469e-8c67-4f20707f2363", "title": "WP SimpleMail <= 1.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP SimpleMail", "slug": "wp-simplemail", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53a58c45-b7fd-469e-8c67-4f20707f2363?source=api-scan" ], "published": "2012-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53ab1f5f-7331-4587-8c37-e9bd86a83ae6": { "id": "53ab1f5f-7331-4587-8c37-e9bd86a83ae6", "title": "Name Directory <= 1.25.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Name Directory", "slug": "name-directory", "affected_versions": { "* - 1.25.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53ab1f5f-7331-4587-8c37-e9bd86a83ae6?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53af9dfd-eb2d-4f6f-b02f-daf790b95f1f": { "id": "53af9dfd-eb2d-4f6f-b02f-daf790b95f1f", "title": "wpDiscuz <= 7.6.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.12" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53af9dfd-eb2d-4f6f-b02f-daf790b95f1f?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53b3ac83-847d-4bd0-a79b-531af266e1b4": { "id": "53b3ac83-847d-4bd0-a79b-531af266e1b4", "title": "System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)", "software": [ { "type": "plugin", "name": "System Dashboard", "slug": "system-dashboard", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53b3ac83-847d-4bd0-a79b-531af266e1b4?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53b5a052-6e84-4eb5-a7f4-4e32f757f4d6": { "id": "53b5a052-6e84-4eb5-a7f4-4e32f757f4d6", "title": "Smush \u2013 Lazy Load Images, Optimize & Compress Images <= 2.9.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smush Image Optimization \u2013 Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN", "slug": "wp-smushit", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53b5a052-6e84-4eb5-a7f4-4e32f757f4d6?source=api-scan" ], "published": "2018-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53bffb82-b9df-40a0-947b-ecae512f363a": { "id": "53bffb82-b9df-40a0-947b-ecae512f363a", "title": "WeForms <= 1.4.7 - CSV injection via form entry", "software": [ { "type": "plugin", "name": "weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress", "slug": "weforms", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53bffb82-b9df-40a0-947b-ecae512f363a?source=api-scan" ], "published": "2020-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53c9d3d0-5fea-4e36-b356-8d3c0e672cac": { "id": "53c9d3d0-5fea-4e36-b356-8d3c0e672cac", "title": "Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "[*, 2.10.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53c9d3d0-5fea-4e36-b356-8d3c0e672cac?source=api-scan" ], "published": "2020-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53d2f416-4b0f-49b7-af14-fbb225aac34d": { "id": "53d2f416-4b0f-49b7-af14-fbb225aac34d", "title": "Purity Of Soul <= 1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Purity Of Soul", "slug": "purity-of-soul", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53d2f416-4b0f-49b7-af14-fbb225aac34d?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53d39276-5d92-4a5b-848d-33aefb18a970": { "id": "53d39276-5d92-4a5b-848d-33aefb18a970", "title": "Coupon Zen <= 1.0.5 - Cross-Site Request Forgery to Plugin Activation", "software": [ { "type": "plugin", "name": "Coupon Zen", "slug": "coupon-zen", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53d39276-5d92-4a5b-848d-33aefb18a970?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53d5fbcf-7af7-4345-b207-0a3277f78065": { "id": "53d5fbcf-7af7-4345-b207-0a3277f78065", "title": "WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Login Redirect", "slug": "woo-login-redirect", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53d5fbcf-7af7-4345-b207-0a3277f78065?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53db0f72-3353-42bb-ad75-4c5aa32d7939": { "id": "53db0f72-3353-42bb-ad75-4c5aa32d7939", "title": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred()", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53ddfd2d-7af1-4561-ab76-5cb3238e8f8b": { "id": "53ddfd2d-7af1-4561-ab76-5cb3238e8f8b", "title": "GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.20.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53ddfd2d-7af1-4561-ab76-5cb3238e8f8b?source=api-scan" ], "published": "2022-07-12 13:57:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53de68ad-76a6-4043-8369-7679c1c5c1cd": { "id": "53de68ad-76a6-4043-8369-7679c1c5c1cd", "title": "WP Simple Events <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Simple Events", "slug": "wp-simple-events", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53de68ad-76a6-4043-8369-7679c1c5c1cd?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53dfe8e5-5f13-4c8c-a62e-9da57379da7a": { "id": "53dfe8e5-5f13-4c8c-a62e-9da57379da7a", "title": "Debug Log Manager <= 2.2.2 - Directory Listing to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Debug Log Manager", "slug": "debug-log-manager", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53dfe8e5-5f13-4c8c-a62e-9da57379da7a?source=api-scan" ], "published": "2023-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53e16bca-7c85-4d56-8233-b3b53f793b39": { "id": "53e16bca-7c85-4d56-8233-b3b53f793b39", "title": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53e16bca-7c85-4d56-8233-b3b53f793b39?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53e2f7d5-ceb3-4c15-a761-a9f7c7585358": { "id": "53e2f7d5-ceb3-4c15-a761-a9f7c7585358", "title": "Conditional Shipping for WooCommerce <= 2.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Conditional Shipping for WooCommerce", "slug": "conditional-shipping-for-woocommerce", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53e2f7d5-ceb3-4c15-a761-a9f7c7585358?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53eba5b4-7cc0-48e1-bb9c-6ed3207151ab": { "id": "53eba5b4-7cc0-48e1-bb9c-6ed3207151ab", "title": "Simple:Press \u2013 WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Simple:Press Forum", "slug": "simplepress", "affected_versions": { "[*, 6.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=api-scan" ], "published": "2020-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53fa9be4-a2b3-458c-af6e-d3ada639a622": { "id": "53fa9be4-a2b3-458c-af6e-d3ada639a622", "title": "Admin Menu Editor <= 1.12 - Cross-Site Request Forgery via ajax_hide_hint()", "software": [ { "type": "plugin", "name": "Admin Menu Editor", "slug": "admin-menu-editor", "affected_versions": { "* - 1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53fa9be4-a2b3-458c-af6e-d3ada639a622?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "53fffd10-17a2-4b60-a19c-a89229e27872": { "id": "53fffd10-17a2-4b60-a19c-a89229e27872", "title": "Newspack Newsletters <= 2.13.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Newspack Newsletters", "slug": "newspack-newsletters", "affected_versions": { "* - 2.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/53fffd10-17a2-4b60-a19c-a89229e27872?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54019f42-488d-484f-b34e-2b5bd5b0a1dd": { "id": "54019f42-488d-484f-b34e-2b5bd5b0a1dd", "title": "Slick Popup: Contact Form 7 Popup Plugin <= 1.7.14 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slick Popup: Contact Form 7 Popup Plugin", "slug": "slick-popup", "affected_versions": { "[*, 1.7.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54019f42-488d-484f-b34e-2b5bd5b0a1dd?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5402c009-f3c0-4286-9162-6e60322c5544": { "id": "5402c009-f3c0-4286-9162-6e60322c5544", "title": "GS Testimonial Slider <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials", "slug": "gs-testimonial", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5402c009-f3c0-4286-9162-6e60322c5544?source=api-scan" ], "published": "2022-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5402f206-0375-4c47-8a5c-e8ea5742493d": { "id": "5402f206-0375-4c47-8a5c-e8ea5742493d", "title": "Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation", "software": [ { "type": "theme", "name": "Orchid Store", "slug": "orchid-store", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5402f206-0375-4c47-8a5c-e8ea5742493d?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54043c6a-48a1-48e8-ba61-a7e8a1773036": { "id": "54043c6a-48a1-48e8-ba61-a7e8a1773036", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 - Sensitive Information Exposure via purchased_products", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54043c6a-48a1-48e8-ba61-a7e8a1773036?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54044fd7-facf-4ac2-8c87-e30db78eba40": { "id": "54044fd7-facf-4ac2-8c87-e30db78eba40", "title": "Travel Booking WordPress Theme < 2.7.8.4 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Travel Booking WordPress Theme", "slug": "traveler", "affected_versions": { "[*, 2.7.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54044fd7-facf-4ac2-8c87-e30db78eba40?source=api-scan" ], "published": "2019-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "540ac650-6bfd-4ee2-b3c8-b6444a209b6a": { "id": "540ac650-6bfd-4ee2-b3c8-b6444a209b6a", "title": "Double Opt-In for Download <= 2.0.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Double Opt-In for Download", "slug": "double-opt-in-for-download", "affected_versions": { "[*, 2.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/540ac650-6bfd-4ee2-b3c8-b6444a209b6a?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "540b2888-16fe-4791-8d08-f7772f71d511": { "id": "540b2888-16fe-4791-8d08-f7772f71d511", "title": "Lightbox slider \u2013 Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Lightbox slider \u2013 Responsive Lightbox Gallery", "slug": "simple-lightbox-gallery", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/540b2888-16fe-4791-8d08-f7772f71d511?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "540d1c86-c648-42e1-a360-cc188d1a5635": { "id": "540d1c86-c648-42e1-a360-cc188d1a5635", "title": "Gallery PhotoBlocks <= 1.2.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Gallery PhotoBlocks", "slug": "photoblocks-grid-gallery", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/540d1c86-c648-42e1-a360-cc188d1a5635?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "540d2495-7ad4-428c-b86e-9af73d0ebe51": { "id": "540d2495-7ad4-428c-b86e-9af73d0ebe51", "title": "Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Reflected Cross-Site Scripting and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ad Invalid Click Protector (AICP)", "slug": "ad-invalid-click-protector", "affected_versions": { "* - 1.2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/540d2495-7ad4-428c-b86e-9af73d0ebe51?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "540d444f-7a6c-4c14-a9c7-52209ad59a11": { "id": "540d444f-7a6c-4c14-a9c7-52209ad59a11", "title": "wpCentral <= 1.5.0 - Improper Access Control to Privilege Escalation", "software": [ { "type": "plugin", "name": "wpCentral", "slug": "wp-central", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/540d444f-7a6c-4c14-a9c7-52209ad59a11?source=api-scan" ], "published": "2020-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "540de1b8-eb1f-4f9d-b45c-d3d5f11b642d": { "id": "540de1b8-eb1f-4f9d-b45c-d3d5f11b642d", "title": "AutomateWoo <= 5.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AutomateWoo", "slug": "automatewoo", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/540de1b8-eb1f-4f9d-b45c-d3d5f11b642d?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "540fef7f-8952-4525-9d07-fe3b3d777359": { "id": "540fef7f-8952-4525-9d07-fe3b3d777359", "title": "WP Booking System <= 2.0.18 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking System \u2013 Booking Calendar", "slug": "wp-booking-system", "affected_versions": { "* - 2.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.18.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/540fef7f-8952-4525-9d07-fe3b3d777359?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5412fd87-49bc-445c-8d16-443e38933d1e": { "id": "5412fd87-49bc-445c-8d16-443e38933d1e", "title": "Ads by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code Execution", "software": [ { "type": "plugin", "name": "Ads by datafeedr.com", "slug": "ads-by-datafeedrcom", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5412fd87-49bc-445c-8d16-443e38933d1e?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5413ae2a-9afa-4ff6-b241-73b446881185": { "id": "5413ae2a-9afa-4ff6-b241-73b446881185", "title": "MyPixs <= 0.3 - Local File Inclusion", "software": [ { "type": "plugin", "name": "mypixs", "slug": "mypixs", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5413ae2a-9afa-4ff6-b241-73b446881185?source=api-scan" ], "published": "2015-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5414259c-339d-41fe-a0dc-4d4e4d966e15": { "id": "5414259c-339d-41fe-a0dc-4d4e4d966e15", "title": "Debug Bar ElasticPress <= 2.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElasticPress Debugging Add-On", "slug": "debug-bar-elasticpress", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5414259c-339d-41fe-a0dc-4d4e4d966e15?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54154f34-96be-4b67-bca8-8efc4ab8543e": { "id": "54154f34-96be-4b67-bca8-8efc4ab8543e", "title": "Premmerce <= 1.3.18 - Cross-Site Request Forgery via runAction", "software": [ { "type": "plugin", "name": "Premmerce", "slug": "premmerce", "affected_versions": { "* - 1.3.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54154f34-96be-4b67-bca8-8efc4ab8543e?source=api-scan" ], "published": "2023-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "541551d8-5510-43ff-b685-783d0d94c4bb": { "id": "541551d8-5510-43ff-b685-783d0d94c4bb", "title": "MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "moveto", "slug": "moveto", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/541551d8-5510-43ff-b685-783d0d94c4bb?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "541d202b-f3ed-44d8-93a6-e158209db885": { "id": "541d202b-f3ed-44d8-93a6-e158209db885", "title": "YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/541d202b-f3ed-44d8-93a6-e158209db885?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54212d4d-5ff7-4ca4-82f5-10ade4c4a1c0": { "id": "54212d4d-5ff7-4ca4-82f5-10ade4c4a1c0", "title": "WPMobile.App <= 11.48 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPMobile.App \u2014 Android and iOS Mobile Application", "slug": "wpappninja", "affected_versions": { "* - 11.48": { "from_version": "*", "from_inclusive": true, "to_version": "11.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54212d4d-5ff7-4ca4-82f5-10ade4c4a1c0?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54285c08-c9c8-4576-b1e8-e3b1c584c4bb": { "id": "54285c08-c9c8-4576-b1e8-e3b1c584c4bb", "title": "WordPress Core < 2.0.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54285c08-c9c8-4576-b1e8-e3b1c584c4bb?source=api-scan" ], "published": "2006-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54297bce-e5b7-469e-9c28-1d88e78aacc7": { "id": "54297bce-e5b7-469e-9c28-1d88e78aacc7", "title": "Word Balloon <= 4.20.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Word Balloon", "slug": "word-balloon", "affected_versions": { "* - 4.20.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.20.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54297bce-e5b7-469e-9c28-1d88e78aacc7?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "542a4079-b1a2-49bc-9ddd-ba7978c9992e": { "id": "542a4079-b1a2-49bc-9ddd-ba7978c9992e", "title": "Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beautiful Cookie Consent Banner", "slug": "beautiful-and-responsive-cookie-consent", "affected_versions": { "* - 2.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/542a4079-b1a2-49bc-9ddd-ba7978c9992e?source=api-scan" ], "published": "2023-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5432bdd1-9b56-4f74-a468-011f942bdd89": { "id": "5432bdd1-9b56-4f74-a468-011f942bdd89", "title": "Slash WP (All Versions) - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Slash WP", "slug": "slash-wp", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5432bdd1-9b56-4f74-a468-011f942bdd89?source=api-scan" ], "published": "2013-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54344300-6288-40bc-b539-3dc9b555ed00": { "id": "54344300-6288-40bc-b539-3dc9b555ed00", "title": "AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54344300-6288-40bc-b539-3dc9b555ed00?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5438a03c-9081-4e1a-ad81-2e7a0f180e84": { "id": "5438a03c-9081-4e1a-ad81-2e7a0f180e84", "title": "WP Mail SMTP by WPForms <= 1.3.3 - Unspecified Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Mail SMTP by WPForms \u2013 The Most Popular SMTP and Email Log Plugin", "slug": "wp-mail-smtp", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5438a03c-9081-4e1a-ad81-2e7a0f180e84?source=api-scan" ], "published": "2018-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5439651e-5557-4b13-813a-4fc0ad876104": { "id": "5439651e-5557-4b13-813a-4fc0ad876104", "title": "Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account", "software": [ { "type": "plugin", "name": "Classified Listing \u2013 Classified ads & Business Directory Plugin", "slug": "classified-listing", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5439651e-5557-4b13-813a-4fc0ad876104?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "543c4d52-0e47-4bbb-b53e-dbe3f104734f": { "id": "543c4d52-0e47-4bbb-b53e-dbe3f104734f", "title": "Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/543c4d52-0e47-4bbb-b53e-dbe3f104734f?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "544d7572-651f-45bb-b2ce-d768553c251a": { "id": "544d7572-651f-45bb-b2ce-d768553c251a", "title": "UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)", "slug": "ultraaddons-elementor-lite", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/544d7572-651f-45bb-b2ce-d768553c251a?source=api-scan" ], "published": "2024-07-09 13:23:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "544db0d5-1760-4229-8429-d2391e328304": { "id": "544db0d5-1760-4229-8429-d2391e328304", "title": "LA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.3.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/544db0d5-1760-4229-8429-d2391e328304?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54553005-1869-4334-92ec-e37e8935d769": { "id": "54553005-1869-4334-92ec-e37e8935d769", "title": "WordPress Video Gallery < 2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WORDPRESS VIDEO GALLERY", "slug": "contus-video-gallery", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54553005-1869-4334-92ec-e37e8935d769?source=api-scan" ], "published": "2013-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54560426-a9c9-4a60-9690-8e797e0e7e8d": { "id": "54560426-a9c9-4a60-9690-8e797e0e7e8d", "title": "WP Guestmap <= 1.8 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-guestmap", "slug": "wp-guestmap", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54560426-a9c9-4a60-9690-8e797e0e7e8d?source=api-scan" ], "published": "2014-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5458e3bf-fd91-4201-8157-572eb1126aaf": { "id": "5458e3bf-fd91-4201-8157-572eb1126aaf", "title": "Ocean Extra <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5458e3bf-fd91-4201-8157-572eb1126aaf?source=api-scan" ], "published": "2024-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "545dae6b-7983-4f02-a9a0-0be8cf935a78": { "id": "545dae6b-7983-4f02-a9a0-0be8cf935a78", "title": "Lightweight Accordion <= 1.5.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Lightweight Accordion", "slug": "lightweight-accordion", "affected_versions": { "* - 1.5.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/545dae6b-7983-4f02-a9a0-0be8cf935a78?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "545f10df-e473-48df-87ab-87f5e1088e93": { "id": "545f10df-e473-48df-87ab-87f5e1088e93", "title": "Responsive Lightbox <= 2.4.8 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Lightbox & Gallery", "slug": "responsive-lightbox", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/545f10df-e473-48df-87ab-87f5e1088e93?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5463a730-a8cf-40c9-83fc-3e451e4db1c9": { "id": "5463a730-a8cf-40c9-83fc-3e451e4db1c9", "title": "CM Tooltip Glossary \u2013 Better SEO and UEX for your WP site <= 3.1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Tooltip Glossary", "slug": "enhanced-tooltipglossary", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5463a730-a8cf-40c9-83fc-3e451e4db1c9?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5465eaab-03c0-438a-8553-c1f8b06b82bc": { "id": "5465eaab-03c0-438a-8553-c1f8b06b82bc", "title": "Carousel Slider <= 2.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Carousel Slider", "slug": "carousel-slider", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5465eaab-03c0-438a-8553-c1f8b06b82bc?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "546976ff-eabe-4d24-b106-b8e66b7c2c5a": { "id": "546976ff-eabe-4d24-b106-b8e66b7c2c5a", "title": "Social Photo Gallery <= 1.0 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Social Photo Gallery", "slug": "social-photo-gallery", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/546976ff-eabe-4d24-b106-b8e66b7c2c5a?source=api-scan" ], "published": "2019-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54697909-c9f8-4395-806a-c288c79ac339": { "id": "54697909-c9f8-4395-806a-c288c79ac339", "title": "WishList Member X <= 3.25.1 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Wishlist Member", "slug": "wishlist-member-x", "affected_versions": { "* - 3.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.25.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54697909-c9f8-4395-806a-c288c79ac339?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "546aee7b-60a6-44bc-8664-0e917974cb6d": { "id": "546aee7b-60a6-44bc-8664-0e917974cb6d", "title": "Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag'", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.15.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/546aee7b-60a6-44bc-8664-0e917974cb6d?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "546bd215-61aa-48bd-915e-7ced0128f53d": { "id": "546bd215-61aa-48bd-915e-7ced0128f53d", "title": "wpDataTables (Premium) <= 3.4.1 - Blind SQL Injection via start Parameter", "software": [ { "type": "plugin", "name": "wpDataTables (Premium)", "slug": "wpdatatables", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/546bd215-61aa-48bd-915e-7ced0128f53d?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "546cd218-3f6d-4e8f-83d5-e9aceb6f33ed": { "id": "546cd218-3f6d-4e8f-83d5-e9aceb6f33ed", "title": "Brizy <= 2.4.29 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.29": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/546cd218-3f6d-4e8f-83d5-e9aceb6f33ed?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "546d4f19-0e6f-447b-95c9-d86291477c80": { "id": "546d4f19-0e6f-447b-95c9-d86291477c80", "title": "Database Browser <= 1.4.4 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Database Browser", "slug": "database-browser", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/546d4f19-0e6f-447b-95c9-d86291477c80?source=api-scan" ], "published": "2022-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "546f388e-16e2-4c0b-acb0-a462bff4ef77": { "id": "546f388e-16e2-4c0b-acb0-a462bff4ef77", "title": "Webmaster Tools Verification <= 1.2 - Missing Authorization to Arbitrary Plugin Deactivation", "software": [ { "type": "plugin", "name": "Webmaster Tools Verification", "slug": "webmaster-tools-verification", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/546f388e-16e2-4c0b-acb0-a462bff4ef77?source=api-scan" ], "published": "2022-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "546f5b08-d4e9-4a19-97d6-2022a0c5c64f": { "id": "546f5b08-d4e9-4a19-97d6-2022a0c5c64f", "title": "Sunshine Photo Cart <= 3.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/546f5b08-d4e9-4a19-97d6-2022a0c5c64f?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "547c425d-8b0f-4e65-8b8a-c3a3059301fe": { "id": "547c425d-8b0f-4e65-8b8a-c3a3059301fe", "title": "Thumbnail Slider With Lightbox <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Image Title", "software": [ { "type": "plugin", "name": "Thumbnail Slider With Lightbox", "slug": "wp-responsive-slider-with-lightbox", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/547c425d-8b0f-4e65-8b8a-c3a3059301fe?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "547d30cd-3b30-44ce-93b5-07ce7a56d0ab": { "id": "547d30cd-3b30-44ce-93b5-07ce7a56d0ab", "title": "MakeStories (for Google Web Stories) <= 3.0.3 - Authenticated (Subscriber+) Arbitrary File Download and Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "MakeStories (for Google Web Stories)", "slug": "makestories-helper", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/547d30cd-3b30-44ce-93b5-07ce7a56d0ab?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "547e5814-0201-4dbf-9d2d-8028ca055402": { "id": "547e5814-0201-4dbf-9d2d-8028ca055402", "title": "Registration Magic <= 5.0.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.0.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/547e5814-0201-4dbf-9d2d-8028ca055402?source=api-scan" ], "published": "2021-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54852b3d-9830-491d-aa41-bc2bf763a55d": { "id": "54852b3d-9830-491d-aa41-bc2bf763a55d", "title": "Software License Manager < 4.4.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Software License Manager", "slug": "software-license-manager", "affected_versions": { "[*, 4.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54852b3d-9830-491d-aa41-bc2bf763a55d?source=api-scan" ], "published": "2021-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5486d50c-8544-4368-b58b-66024a8ae86d": { "id": "5486d50c-8544-4368-b58b-66024a8ae86d", "title": "WP Photo Album Plus <= 8.5.02.005 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.5.02.005": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.02.005", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.01.005" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5486d50c-8544-4368-b58b-66024a8ae86d?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "548731d5-078b-45a5-bcc5-9789b41ead44": { "id": "548731d5-078b-45a5-bcc5-9789b41ead44", "title": "Slider by Supsystic <= 1.8.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Slider by Supsystic", "slug": "slider-by-supsystic", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7" ] }, { "type": "plugin", "name": "Social Share Buttons by Supsystic", "slug": "social-share-buttons-by-supsystic", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/548731d5-078b-45a5-bcc5-9789b41ead44?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54901d01-241a-4027-ba72-2b983608f9c6": { "id": "54901d01-241a-4027-ba72-2b983608f9c6", "title": "Advanced Post Manager <= 4.5.1 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Advanced Post Manager", "slug": "advanced-post-manager", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54901d01-241a-4027-ba72-2b983608f9c6?source=api-scan" ], "published": "2022-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5491ff65-9060-4b0b-a31d-7b95ea581310": { "id": "5491ff65-9060-4b0b-a31d-7b95ea581310", "title": "Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5491ff65-9060-4b0b-a31d-7b95ea581310?source=api-scan" ], "published": "2024-08-26 18:00:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5494cac6-1b52-43a3-995d-fc2a150edfdb": { "id": "5494cac6-1b52-43a3-995d-fc2a150edfdb", "title": "Reviews and Rating \u2013 Google My Business <= 4.14 - Missing Authorization", "software": [ { "type": "plugin", "name": "Reviews and Rating \u2013 Google Reviews", "slug": "g-business-reviews-rating", "affected_versions": { "4.14": { "from_version": "4.14", "from_inclusive": true, "to_version": "4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5494cac6-1b52-43a3-995d-fc2a150edfdb?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54970085-5206-45b6-adcf-11e6dd4cd633": { "id": "54970085-5206-45b6-adcf-11e6dd4cd633", "title": "Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.20.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.20.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54970085-5206-45b6-adcf-11e6dd4cd633?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "549788e3-e31a-46a6-a2de-361747c98514": { "id": "549788e3-e31a-46a6-a2de-361747c98514", "title": "WooCommerce Canada Post Shipping <= 2.8.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Woocommerce Shipping Canada Post", "slug": "woocommerce-shipping-canada-post", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/549788e3-e31a-46a6-a2de-361747c98514?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54998b69-7dc5-49a4-8b8b-3419de73ed47": { "id": "54998b69-7dc5-49a4-8b8b-3419de73ed47", "title": "Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter", "software": [ { "type": "plugin", "name": "Super Testimonials", "slug": "sola-testimonials", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54998b69-7dc5-49a4-8b8b-3419de73ed47?source=api-scan" ], "published": "2024-09-25 21:21:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "549cd23f-3b3a-41b7-baa2-cc5c6b826a2e": { "id": "549cd23f-3b3a-41b7-baa2-cc5c6b826a2e", "title": "Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/549cd23f-3b3a-41b7-baa2-cc5c6b826a2e?source=api-scan" ], "published": "2021-09-22 15:21:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54a37c4a-44c7-47fd-8f2d-486372fb643c": { "id": "54a37c4a-44c7-47fd-8f2d-486372fb643c", "title": "Viral Signup <= 2.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Viral Signup \u2013 limited opt-in with viral refferal sharing", "slug": "viral-signup", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54a37c4a-44c7-47fd-8f2d-486372fb643c?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54a425b0-592a-433d-b9e7-776760536668": { "id": "54a425b0-592a-433d-b9e7-776760536668", "title": "Visualizer: Tables and Charts Manager for WordPress <= 3.3.0 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54a425b0-592a-433d-b9e7-776760536668?source=api-scan" ], "published": "2019-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54a610c6-2615-4900-bf63-8ae93aeabb8e": { "id": "54a610c6-2615-4900-bf63-8ae93aeabb8e", "title": "Zoho CRM Lead Magnet <= 1.7.2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zoho CRM Lead Magnet", "slug": "zoho-crm-forms", "affected_versions": { "* - 1.7.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54a610c6-2615-4900-bf63-8ae93aeabb8e?source=api-scan" ], "published": "2021-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54acaeeb-bc39-441a-b0bc-6005dc452d27": { "id": "54acaeeb-bc39-441a-b0bc-6005dc452d27", "title": "WooCommerce <= 3.4.5 - WooCommerce File Deletion", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 3.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54acaeeb-bc39-441a-b0bc-6005dc452d27?source=api-scan" ], "published": "2018-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54b3eaf4-5f45-4b94-8a7b-03da76d6ea83": { "id": "54b3eaf4-5f45-4b94-8a7b-03da76d6ea83", "title": "Estatik <= 2.3.0 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Estatik Real Estate Plugin", "slug": "estatik", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54b3eaf4-5f45-4b94-8a7b-03da76d6ea83?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54b495e8-f641-444d-a3d4-a54bb0836c40": { "id": "54b495e8-f641-444d-a3d4-a54bb0836c40", "title": "WP VR <= 8.2.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54b495e8-f641-444d-a3d4-a54bb0836c40?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54b662a9-8003-48f6-ace9-fb0d74a05b3b": { "id": "54b662a9-8003-48f6-ace9-fb0d74a05b3b", "title": "PB MailCrypt <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PB MailCrypt \u2013 AntiSpam Email Encryption", "slug": "pb-mailcrypt-antispam-email-encryption", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54b662a9-8003-48f6-ace9-fb0d74a05b3b?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54b88702-ec41-414b-87f1-1859b130a713": { "id": "54b88702-ec41-414b-87f1-1859b130a713", "title": "Download CloudNet360 <= 3.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CloudNet360", "slug": "cloudnet-sync", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54b88702-ec41-414b-87f1-1859b130a713?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54bc98e8-5cde-4310-9d61-ebea828b5093": { "id": "54bc98e8-5cde-4310-9d61-ebea828b5093", "title": "Contact Form Widget <= 1.3.9 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Contact Form Widget \u2013 Contact Query, Contact Page, Form Maker, Query Table", "slug": "new-contact-form-widget", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54bc98e8-5cde-4310-9d61-ebea828b5093?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54bdacd9-49e4-4f45-99bb-baa9eba97ecf": { "id": "54bdacd9-49e4-4f45-99bb-baa9eba97ecf", "title": "File Gallery < 1.7.9.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "File Gallery", "slug": "file-gallery", "affected_versions": { "[*, 1.7.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54bdacd9-49e4-4f45-99bb-baa9eba97ecf?source=api-scan" ], "published": "2014-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54bdcae1-28af-4d30-9204-e67b27271042": { "id": "54bdcae1-28af-4d30-9204-e67b27271042", "title": "Newsletter <= 8.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 8.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54bdcae1-28af-4d30-9204-e67b27271042?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54c14f04-32ec-4d05-b47b-3ff5e70c4daf": { "id": "54c14f04-32ec-4d05-b47b-3ff5e70c4daf", "title": "Houzez CRM <= 1.3.4 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Houzez CRM", "slug": "houzez-crm", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54c14f04-32ec-4d05-b47b-3ff5e70c4daf?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54c154a9-e751-4e8f-a26e-7eb208fa7ffe": { "id": "54c154a9-e751-4e8f-a26e-7eb208fa7ffe", "title": "Connections Business Directory < 0.7.1.6 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Connections Business Directory", "slug": "connections", "affected_versions": { "* - 0.7.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54c154a9-e751-4e8f-a26e-7eb208fa7ffe?source=api-scan" ], "published": "2011-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54c1eb7b-c3fe-4975-9f51-df3aba53fe46": { "id": "54c1eb7b-c3fe-4975-9f51-df3aba53fe46", "title": "VR Calendar <= 2.4.4 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "VR Calendar", "slug": "vr-calendar-sync", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54c1eb7b-c3fe-4975-9f51-df3aba53fe46?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54c38be0-ffe7-4fa4-b5c9-cb717c11aed5": { "id": "54c38be0-ffe7-4fa4-b5c9-cb717c11aed5", "title": "Simple URLs <= 117 - Reflected Cross-Site Scripting via 'post_id'", "software": [ { "type": "plugin", "name": "Simple URLs \u2013 Link Cloaking, Product Displays, and Affiliate Link Management", "slug": "simple-urls", "affected_versions": { "* - 117": { "from_version": "*", "from_inclusive": true, "to_version": "117", "to_inclusive": true } }, "patched": true, "patched_versions": [ "118" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54c38be0-ffe7-4fa4-b5c9-cb717c11aed5?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54c94de4-59b4-4f0b-85db-2074a41d04f8": { "id": "54c94de4-59b4-4f0b-85db-2074a41d04f8", "title": "Who Hit The Page \u2013 Hit Counter <= 1.4.14.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Who Hit The Page \u2013 Hit Counter", "slug": "who-hit-the-page-hit-counter", "affected_versions": { "* - 1.4.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.14.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54c94de4-59b4-4f0b-85db-2074a41d04f8?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54cccd61-35d0-432c-8832-28e7928c464d": { "id": "54cccd61-35d0-432c-8832-28e7928c464d", "title": "Add Multiple Marker <= 1.2 - Missing Authorization Checks to Settings Update", "software": [ { "type": "plugin", "name": "Add Multiple Marker", "slug": "add-multiple-marker", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54cccd61-35d0-432c-8832-28e7928c464d?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54db4d53-7c4f-47d9-811d-8282eaf2d074": { "id": "54db4d53-7c4f-47d9-811d-8282eaf2d074", "title": "Conversational Forms for ChatBot <= 1.1.8 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "ChatBot Conversational Forms", "slug": "conversational-forms", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54db4d53-7c4f-47d9-811d-8282eaf2d074?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54dbd2f4-717c-4e01-afe4-c8cceca52650": { "id": "54dbd2f4-717c-4e01-afe4-c8cceca52650", "title": "Affiliate Super Assistent <= 1.5.1 - Cross-Site Request Forgery to Settings Update and Cache Clearing", "software": [ { "type": "plugin", "name": "Affiliate Super Assistent", "slug": "amazonsimpleadmin", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54dbd2f4-717c-4e01-afe4-c8cceca52650?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54e065bf-170d-4f15-879a-fd5fbcb87f79": { "id": "54e065bf-170d-4f15-879a-fd5fbcb87f79", "title": "Headline Analyzer <= 1.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Headline Analyzer", "slug": "headline-analyzer", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54e065bf-170d-4f15-879a-fd5fbcb87f79?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54e330e7-d305-4254-a9e9-4d7f2c54c51c": { "id": "54e330e7-d305-4254-a9e9-4d7f2c54c51c", "title": "Forms Ada <= 1.0 - Reflected Cross-Site Scripting via 'p' parameter", "software": [ { "type": "plugin", "name": "Forms Ada \u2013 Form Builder", "slug": "forms-ada-form-builder", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54e330e7-d305-4254-a9e9-4d7f2c54c51c?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54e7ccaf-2b16-4e36-a8ec-8f1f61193ffd": { "id": "54e7ccaf-2b16-4e36-a8ec-8f1f61193ffd", "title": "Church Admin < 0.810 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "[*, 0.810)": { "from_version": "*", "from_inclusive": true, "to_version": "0.810", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.810" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54e7ccaf-2b16-4e36-a8ec-8f1f61193ffd?source=api-scan" ], "published": "2015-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54f6a790-7cff-4910-a481-48ae13ba57c8": { "id": "54f6a790-7cff-4910-a481-48ae13ba57c8", "title": "Crowdsignal Dashboard <= 3.0.9 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54f6a790-7cff-4910-a481-48ae13ba57c8?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54f6e6b4-ecf6-485b-a4f7-5878b8cace50": { "id": "54f6e6b4-ecf6-485b-a4f7-5878b8cace50", "title": "Benevolent <= 1.3.4 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Benevolent", "slug": "benevolent", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54f6e6b4-ecf6-485b-a4f7-5878b8cace50?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "54fac673-2d83-4d06-a4c0-8bffc269a90c": { "id": "54fac673-2d83-4d06-a4c0-8bffc269a90c", "title": "Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Media.net Ads Manager", "slug": "media-net-ads-manager", "affected_versions": { "* - 2.10.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/54fac673-2d83-4d06-a4c0-8bffc269a90c?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "550872c8-3663-48fa-ab3f-f90351f3e169": { "id": "550872c8-3663-48fa-ab3f-f90351f3e169", "title": "Relevanssi Pro < 2.25 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search (Pro)", "slug": "relevanssi-premium", "affected_versions": { "[*, 2.25)": { "from_version": "*", "from_inclusive": true, "to_version": "2.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/550872c8-3663-48fa-ab3f-f90351f3e169?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "550a8107-f639-4edc-9aad-1943d032cc26": { "id": "550a8107-f639-4edc-9aad-1943d032cc26", "title": "Custom Website Data <= 2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Website Data", "slug": "simple-custom-website-data", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/550a8107-f639-4edc-9aad-1943d032cc26?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "550ae92f-6250-4cbd-85d0-a9054aee3916": { "id": "550ae92f-6250-4cbd-85d0-a9054aee3916", "title": "WP Live Chat Support <= 4.3.5 - Stored Cross-site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 4.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/550ae92f-6250-4cbd-85d0-a9054aee3916?source=api-scan" ], "published": "2015-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "550c3f56-d188-4be1-82cd-db076c09cf61": { "id": "550c3f56-d188-4be1-82cd-db076c09cf61", "title": "File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rename Media Files: Improve Your WordPress SEO", "slug": "file-renaming-on-upload", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/550c3f56-d188-4be1-82cd-db076c09cf61?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "550fcbbd-254d-4b3c-a240-8afcf9f6937e": { "id": "550fcbbd-254d-4b3c-a240-8afcf9f6937e", "title": "4ECPS Web Forms <= 0.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "4ECPS Web Forms", "slug": "4ecps-webforms", "affected_versions": { "* - 0.2.17": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/550fcbbd-254d-4b3c-a240-8afcf9f6937e?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5511c5f4-b71c-484b-ab6f-2389a29809cd": { "id": "5511c5f4-b71c-484b-ab6f-2389a29809cd", "title": "GPT3 AI Content Writer <= 1.8.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AI Power: Complete AI Pack", "slug": "gpt3-ai-content-generator", "affected_versions": { "* - 1.8.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5511c5f4-b71c-484b-ab6f-2389a29809cd?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55234307-9d51-4fe8-bc22-78d32a5fed11": { "id": "55234307-9d51-4fe8-bc22-78d32a5fed11", "title": "Solid Central <= 3.0.0 - Stored Cross-Site Scripting via packages", "software": [ { "type": "plugin", "name": "Solid Central \u2013 Site Management, Backups, Security, and Reporting", "slug": "ithemes-sync", "affected_versions": { "[*, 3.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55234307-9d51-4fe8-bc22-78d32a5fed11?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "552a5d94-8727-4840-8be1-ab165ddf4eae": { "id": "552a5d94-8727-4840-8be1-ab165ddf4eae", "title": "Gallery with thumbnail slider <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery with thumbnail slider", "slug": "gallery-with-thumbnail-slider", "affected_versions": { "* - 6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/552a5d94-8727-4840-8be1-ab165ddf4eae?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "552bc1cc-df98-4608-a50e-db1381ca8e0a": { "id": "552bc1cc-df98-4608-a50e-db1381ca8e0a", "title": "Branda <= 3.4.14 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "Branda \u2013 White Label & Branding, Custom Login Page Customizer", "slug": "branda-white-labeling", "affected_versions": { "* - 3.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/552bc1cc-df98-4608-a50e-db1381ca8e0a?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "552c0810-9687-4a66-91a4-e34228552a15": { "id": "552c0810-9687-4a66-91a4-e34228552a15", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/552c0810-9687-4a66-91a4-e34228552a15?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "552d2d0d-1f4a-4557-ba8e-9f63acbfffba": { "id": "552d2d0d-1f4a-4557-ba8e-9f63acbfffba", "title": "Wyzi - Social Directory WordPress Theme <= 2.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Wyzi - Social Directory WordPress Theme", "slug": "wyzi-business-finder", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/552d2d0d-1f4a-4557-ba8e-9f63acbfffba?source=api-scan" ], "published": "2021-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "553255fb-2bec-48e8-bb16-1e7f66674282": { "id": "553255fb-2bec-48e8-bb16-1e7f66674282", "title": "Spacer <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spacer", "slug": "spacer", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/553255fb-2bec-48e8-bb16-1e7f66674282?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55367b9b-8ae1-4282-bf9f-8fb3848eb579": { "id": "55367b9b-8ae1-4282-bf9f-8fb3848eb579", "title": "Admission AppManager <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admission AppManager", "slug": "admission-appmanager", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55367b9b-8ae1-4282-bf9f-8fb3848eb579?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5536a6fd-3df0-4595-b71d-b8bcdbb64a9f": { "id": "5536a6fd-3df0-4595-b71d-b8bcdbb64a9f", "title": "Mini Mail Dashboard Widget < 1.43 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mini-mail-dashboard-widget", "slug": "mini-mail-dashboard-widget", "affected_versions": { "[*, 1.43)": { "from_version": "*", "from_inclusive": true, "to_version": "1.43", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5536a6fd-3df0-4595-b71d-b8bcdbb64a9f?source=api-scan" ], "published": "2012-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5538f3e6-b17f-4dd0-aa5a-d190c128d977": { "id": "5538f3e6-b17f-4dd0-aa5a-d190c128d977", "title": "HT Feed <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HT Feed", "slug": "ht-instagram", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5538f3e6-b17f-4dd0-aa5a-d190c128d977?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5539aa79-66ad-43fa-967c-2bec877061e0": { "id": "5539aa79-66ad-43fa-967c-2bec877061e0", "title": "Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5539aa79-66ad-43fa-967c-2bec877061e0?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55491c64-e4b5-4919-bdcb-7285f2a3c3cd": { "id": "55491c64-e4b5-4919-bdcb-7285f2a3c3cd", "title": "Booking Calendar <= 9.1 - PHP Object Injection via Shortcode", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 9.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55491c64-e4b5-4919-bdcb-7285f2a3c3cd?source=api-scan" ], "published": "2022-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "554a314c-9e8e-4691-9792-d086790ef40f": { "id": "554a314c-9e8e-4691-9792-d086790ef40f", "title": "WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.24.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/554a314c-9e8e-4691-9792-d086790ef40f?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "555dce5e-9868-464a-9cb4-67644cc6a61c": { "id": "555dce5e-9868-464a-9cb4-67644cc6a61c", "title": "WP Adminify <= 3.1.6 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Adminify \u2013 Custom WordPress Dashboard, Login and Admin Customizer", "slug": "adminify", "affected_versions": { "[*, 3.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/555dce5e-9868-464a-9cb4-67644cc6a61c?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55604ee9-7343-472c-9a29-035d18b266ab": { "id": "55604ee9-7343-472c-9a29-035d18b266ab", "title": "JS Job Manager <= 2.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "JS Job Manager", "slug": "js-jobs", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55604ee9-7343-472c-9a29-035d18b266ab?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5569ec0f-eeb6-433f-bb49-336abae2a29a": { "id": "5569ec0f-eeb6-433f-bb49-336abae2a29a", "title": "Velvet Theme (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Velvet", "slug": "velvet", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5569ec0f-eeb6-433f-bb49-336abae2a29a?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "556e54d4-9e3a-4d9a-9e6e-0021f119c98b": { "id": "556e54d4-9e3a-4d9a-9e6e-0021f119c98b", "title": "WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS <= 1.2.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS", "slug": "wp-free-ssl", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/556e54d4-9e3a-4d9a-9e6e-0021f119c98b?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5570b8ef-6fb9-4f9e-be39-d8c615d1abab": { "id": "5570b8ef-6fb9-4f9e-be39-d8c615d1abab", "title": "SendPress Newsletters < 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SendPress Newsletters", "slug": "sendpress", "affected_versions": { "* - 1.1.7.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5570b8ef-6fb9-4f9e-be39-d8c615d1abab?source=api-scan" ], "published": "2015-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "557172d0-33ad-427a-b575-df529e2aaab0": { "id": "557172d0-33ad-427a-b575-df529e2aaab0", "title": "MailPoet Newsletters (Previous) <= 2.6.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "[*, 2.6.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/557172d0-33ad-427a-b575-df529e2aaab0?source=api-scan" ], "published": "2014-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5572fea7-a8d5-457d-88fc-57051b35aa11": { "id": "5572fea7-a8d5-457d-88fc-57051b35aa11", "title": "JiangQie Official Website Mini Program < 1.1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "ZhuiGe Official Website Mini Program", "slug": "jiangqie-official-website-mini-program", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5572fea7-a8d5-457d-88fc-57051b35aa11?source=api-scan" ], "published": "2021-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5574f8ab-74b7-4f6c-b8db-901cb6e45cfb": { "id": "5574f8ab-74b7-4f6c-b8db-901cb6e45cfb", "title": "TC Custom JavaScript <= 1.2.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TC Custom JavaScript", "slug": "tc-custom-javascript", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5574f8ab-74b7-4f6c-b8db-901cb6e45cfb?source=api-scan" ], "published": "2020-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55773c6c-85e8-4023-8dd6-4feb0f6254b2": { "id": "55773c6c-85e8-4023-8dd6-4feb0f6254b2", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio < 1.57 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "[*, 1.57)": { "from_version": "*", "from_inclusive": true, "to_version": "1.57", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55773c6c-85e8-4023-8dd6-4feb0f6254b2?source=api-scan" ], "published": "2011-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55797931-e2eb-4cd7-8de6-ded7e1a382a0": { "id": "55797931-e2eb-4cd7-8de6-ded7e1a382a0", "title": "Sitekit <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Sitekit", "slug": "sitekit", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55797931-e2eb-4cd7-8de6-ded7e1a382a0?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "557bdd07-c846-41f1-b780-52537f47b15a": { "id": "557bdd07-c846-41f1-b780-52537f47b15a", "title": "Beaver Builder <= 2.8.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.8.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/557bdd07-c846-41f1-b780-52537f47b15a?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55827029-479e-4c4c-ba33-203075e1bbbc": { "id": "55827029-479e-4c4c-ba33-203075e1bbbc", "title": "Revolut Gateway for WooCommerce <= 4.9.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Revolut Gateway for WooCommerce", "slug": "revolut-gateway-for-woocommerce", "affected_versions": { "* - 4.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55827029-479e-4c4c-ba33-203075e1bbbc?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55852490-7087-41b8-9848-758e443ae04b": { "id": "55852490-7087-41b8-9848-758e443ae04b", "title": "Contact Form by WD <= 1.13.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form by WD \u2013 responsive drag & drop contact form builder tool", "slug": "contact-form-maker", "affected_versions": { "[*, 1.13.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.13.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55852490-7087-41b8-9848-758e443ae04b?source=api-scan" ], "published": "2019-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "558679ea-a8ee-4329-8ad7-34b708476b53": { "id": "558679ea-a8ee-4329-8ad7-34b708476b53", "title": "Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "* - 7.13.52": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/558679ea-a8ee-4329-8ad7-34b708476b53?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55893639-3b47-4ddc-b896-4b66341a4eba": { "id": "55893639-3b47-4ddc-b896-4b66341a4eba", "title": "Cart66 Lite :: WordPress Ecommerce <= 1.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cart66 Lite :: WordPress Ecommerce", "slug": "cart66-lite", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55893639-3b47-4ddc-b896-4b66341a4eba?source=api-scan" ], "published": "2015-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "558b4b31-fd4f-4265-bddc-baf484d48fc5": { "id": "558b4b31-fd4f-4265-bddc-baf484d48fc5", "title": "WP Reactions Lite <= 1.3.8 - Cross-Site Request Forgery via AJAX action", "software": [ { "type": "plugin", "name": "WP Reactions Lite", "slug": "wp-reactions-lite", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/558b4b31-fd4f-4265-bddc-baf484d48fc5?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "558e36f6-4678-46a2-8154-42770fbb5574": { "id": "558e36f6-4678-46a2-8154-42770fbb5574", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 5.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/558e36f6-4678-46a2-8154-42770fbb5574?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5596197e-149d-4072-9fa4-424c9ffd6059": { "id": "5596197e-149d-4072-9fa4-424c9ffd6059", "title": "140+ Widgets | Best Addons For Elementor \u2013 FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "140+ Widgets | Xpro Addons For Elementor \u2013 FREE", "slug": "xpro-elementor-addons", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5596197e-149d-4072-9fa4-424c9ffd6059?source=api-scan" ], "published": "2024-05-13 21:01:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55981e72-8d1a-4075-a372-6bddc95e99d8": { "id": "55981e72-8d1a-4075-a372-6bddc95e99d8", "title": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55981e72-8d1a-4075-a372-6bddc95e99d8?source=api-scan" ], "published": "2024-08-21 12:38:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "559a92e0-609e-415f-aab3-649a185eb431": { "id": "559a92e0-609e-415f-aab3-649a185eb431", "title": "Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms Google Sheet Connector", "slug": "gsheetconnector-ninja-forms", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] }, { "type": "plugin", "name": "Ninja Forms Google Sheet Connector Pro", "slug": "gsheetconnector-ninja-forms-pro", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/559a92e0-609e-415f-aab3-649a185eb431?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "559b7250-5b10-4a01-925e-73ed4fa7ca3d": { "id": "559b7250-5b10-4a01-925e-73ed4fa7ca3d", "title": "Essence < 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Essence", "slug": "essence", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/559b7250-5b10-4a01-925e-73ed4fa7ca3d?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "559c83e9-8c85-4d2a-b835-d6b314ba7eab": { "id": "559c83e9-8c85-4d2a-b835-d6b314ba7eab", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization to Captcha Setting Update", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/559c83e9-8c85-4d2a-b835-d6b314ba7eab?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55a0b4ad-de5e-4203-a702-d498bf566165": { "id": "55a0b4ad-de5e-4203-a702-d498bf566165", "title": "Photo Gallery by 10Web <= 1.2.7 - Unauthenticated Blind SQL Injection via order_by Parameter", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55a0b4ad-de5e-4203-a702-d498bf566165?source=api-scan" ], "published": "2015-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55a103a7-c5d8-4b52-8291-e4ae4f848cbe": { "id": "55a103a7-c5d8-4b52-8291-e4ae4f848cbe", "title": "myEASYbackup < 1.0.9 - Directory Traversal", "software": [ { "type": "plugin", "name": "myEASYbackup", "slug": "myeasybackup", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55a103a7-c5d8-4b52-8291-e4ae4f848cbe?source=api-scan" ], "published": "2012-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55a57b5f-2f87-4060-b1c2-77086f695dda": { "id": "55a57b5f-2f87-4060-b1c2-77086f695dda", "title": "Simple:Press <= 6.8 - Reflected Cross-Site Scripting via Cookie Value", "software": [ { "type": "plugin", "name": "Simple:Press Forum", "slug": "simplepress", "affected_versions": { "* - 6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55a57b5f-2f87-4060-b1c2-77086f695dda?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55a942b7-5d3e-4ddf-8bc3-61ff90a7fdbd": { "id": "55a942b7-5d3e-4ddf-8bc3-61ff90a7fdbd", "title": "All in One SEO <= 2.1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55a942b7-5d3e-4ddf-8bc3-61ff90a7fdbd?source=api-scan" ], "published": "2014-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55abf798-f336-4262-9f52-4526a4bae15a": { "id": "55abf798-f336-4262-9f52-4526a4bae15a", "title": "Genesis Simple Love <= 2.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Genesis Simple Love", "slug": "genesis-simple-love", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55abf798-f336-4262-9f52-4526a4bae15a?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55b08fca-65af-4535-aa94-a9bfaef67b4c": { "id": "55b08fca-65af-4535-aa94-a9bfaef67b4c", "title": "Easy Pricing Tables <= 3.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables", "slug": "easy-pricing-tables", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55b08fca-65af-4535-aa94-a9bfaef67b4c?source=api-scan" ], "published": "2022-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55b39859-b8a0-418b-ae7a-cd42d6e0bf00": { "id": "55b39859-b8a0-418b-ae7a-cd42d6e0bf00", "title": "Mail Subscribe List <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via smlsubform shortcode", "software": [ { "type": "plugin", "name": "Mail Subscribe List", "slug": "mail-subscribe-list", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55b39859-b8a0-418b-ae7a-cd42d6e0bf00?source=api-scan" ], "published": "2023-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55b3e2dc-dc4f-408b-bbc6-da72ed5ad245": { "id": "55b3e2dc-dc4f-408b-bbc6-da72ed5ad245", "title": "Export and Import Users and Customers <= 2.4.8 - Authenticated (Shop Manager+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Export and Import Users and Customers", "slug": "users-customers-import-export-for-wp-woocommerce", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55b3e2dc-dc4f-408b-bbc6-da72ed5ad245?source=api-scan" ], "published": "2023-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55bb3620-c182-46c4-bc22-8526cf410cdb": { "id": "55bb3620-c182-46c4-bc22-8526cf410cdb", "title": "KB Support <= 1.5.88 - Missing Authorization to Authenticated (Subscriber+) User Data Retrieval", "software": [ { "type": "plugin", "name": "KB Support \u2013 WordPress Help Desk and Knowledge Base", "slug": "kb-support", "affected_versions": { "[*, 1.5.89)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.89", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.89" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55bb3620-c182-46c4-bc22-8526cf410cdb?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55bd9bb4-6a81-4e9d-b0a9-76725aba6635": { "id": "55bd9bb4-6a81-4e9d-b0a9-76725aba6635", "title": "WP SEO Redirect 301 <= 2.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP SEO Redirect 301", "slug": "wp-seo-redirect-301", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55bd9bb4-6a81-4e9d-b0a9-76725aba6635?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55c568b1-4f9e-4a1f-bad1-0a373c9d33ae": { "id": "55c568b1-4f9e-4a1f-bad1-0a373c9d33ae", "title": "Demo Awesome <= 1.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Demo Awesome", "slug": "demo-awesome", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55c568b1-4f9e-4a1f-bad1-0a373c9d33ae?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55c586a0-bb91-4702-a9f2-d7503f247da3": { "id": "55c586a0-bb91-4702-a9f2-d7503f247da3", "title": "Magic Post Thumbnail <= 3.3.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Generate Images \u2013 Magic Post Thumbnail", "slug": "magic-post-thumbnail", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55c586a0-bb91-4702-a9f2-d7503f247da3?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55cd02d1-7b06-427b-840b-3ced73ad4a74": { "id": "55cd02d1-7b06-427b-840b-3ced73ad4a74", "title": "Parallax Image <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Parallax Image", "slug": "parallax-image", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55cd02d1-7b06-427b-840b-3ced73ad4a74?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55db7d81-7ffb-49da-b64e-23e892bddc57": { "id": "55db7d81-7ffb-49da-b64e-23e892bddc57", "title": "Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55db7d81-7ffb-49da-b64e-23e892bddc57?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55dfd822-9034-4982-bfe7-eb86119e1f07": { "id": "55dfd822-9034-4982-bfe7-eb86119e1f07", "title": "WP Word Count <= 3.2.4 - Missing Authorization via calculate_statistics", "software": [ { "type": "plugin", "name": "WP Word Count", "slug": "wp-word-count", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55dfd822-9034-4982-bfe7-eb86119e1f07?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55e0f0df-7be2-4e18-988c-2cc558768eff": { "id": "55e0f0df-7be2-4e18-988c-2cc558768eff", "title": "Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "[*, 5.9.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55e0f0df-7be2-4e18-988c-2cc558768eff?source=api-scan" ], "published": "2019-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55e6a968-153e-4d4c-a7be-65650a0c9bc1": { "id": "55e6a968-153e-4d4c-a7be-65650a0c9bc1", "title": "Add Expires Headers & Optimized Minify <= 2.7 - Cross-Site Request Forgery via [placeholder]", "software": [ { "type": "plugin", "name": "Add Expires Headers & Optimized Minify", "slug": "add-expires-headers", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55e6a968-153e-4d4c-a7be-65650a0c9bc1?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55e6eb58-79e2-4404-887a-0392ce7914aa": { "id": "55e6eb58-79e2-4404-887a-0392ce7914aa", "title": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.80": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.80", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55e6eb58-79e2-4404-887a-0392ce7914aa?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55ed6e73-4e9a-4201-91c2-0f7153ec1cb7": { "id": "55ed6e73-4e9a-4201-91c2-0f7153ec1cb7", "title": "WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP User Merger", "slug": "wp-user-merger", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55ed6e73-4e9a-4201-91c2-0f7153ec1cb7?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55eeeb28-262e-49c5-a2b3-944345a9142d": { "id": "55eeeb28-262e-49c5-a2b3-944345a9142d", "title": "Esotera <= 1.2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Esotera", "slug": "esotera", "affected_versions": { "* - 1.2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55eeeb28-262e-49c5-a2b3-944345a9142d?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55f507c4-8589-4fdb-92c2-935d38054817": { "id": "55f507c4-8589-4fdb-92c2-935d38054817", "title": "FormCraft Basic 1.0.5 - SQL Injection via id Parameter", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "1.0.5": { "from_version": "1.0.5", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55f507c4-8589-4fdb-92c2-935d38054817?source=api-scan" ], "published": "2017-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55f7914f-9731-4b43-b2c0-b3474508e40a": { "id": "55f7914f-9731-4b43-b2c0-b3474508e40a", "title": "reCAPTCHA <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "reCAPTCHA", "slug": "login-form-recaptcha", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55f7914f-9731-4b43-b2c0-b3474508e40a?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55f7e39b-e7a5-462b-b1e4-c3d92038f17e": { "id": "55f7e39b-e7a5-462b-b1e4-c3d92038f17e", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55f7e39b-e7a5-462b-b1e4-c3d92038f17e?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55f8d7e6-7bcd-4556-932b-7bf422db0b39": { "id": "55f8d7e6-7bcd-4556-932b-7bf422db0b39", "title": "FancyBox for WordPress 3.0.2 - 3.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FancyBox for WordPress", "slug": "fancybox-for-wordpress", "affected_versions": { "3.0.2 - 3.3.3": { "from_version": "3.0.2", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55f8d7e6-7bcd-4556-932b-7bf422db0b39?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55fac183-bd8d-4e16-b25a-784861897deb": { "id": "55fac183-bd8d-4e16-b25a-784861897deb", "title": "Paid Memberships Pro - Courses for Membership Add On <= 1.2.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Courses & eLearning with Paid Memberships Pro for LearnDash, LifterLMS, Sensei LMS & TutorLMS", "slug": "pmpro-courses", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55fac183-bd8d-4e16-b25a-784861897deb?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55fd13aa-aa30-4d5b-b344-6b5d065b64ce": { "id": "55fd13aa-aa30-4d5b-b344-6b5d065b64ce", "title": "Simple Video Embedder <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Video Embedder", "slug": "simple-video-embedder", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55fd13aa-aa30-4d5b-b344-6b5d065b64ce?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55fd9ca6-fe57-490d-bfde-492957035311": { "id": "55fd9ca6-fe57-490d-bfde-492957035311", "title": "WP Travel Gutenberg Blocks <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Travel Gutenberg Blocks", "slug": "wp-travel-blocks", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55fd9ca6-fe57-490d-bfde-492957035311?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "55ff923e-9d04-4ce7-b6d6-165fa4fc5433": { "id": "55ff923e-9d04-4ce7-b6d6-165fa4fc5433", "title": "Cards for Beaver Builder <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Cards Widget", "software": [ { "type": "plugin", "name": "Cards for Beaver Builder", "slug": "bb-bootstrap-cards", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/55ff923e-9d04-4ce7-b6d6-165fa4fc5433?source=api-scan" ], "published": "2024-06-07 14:01:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56036bb2-3af3-4f69-ab79-78c5bb266231": { "id": "56036bb2-3af3-4f69-ab79-78c5bb266231", "title": "WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "[*, 5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56036bb2-3af3-4f69-ab79-78c5bb266231?source=api-scan" ], "published": "2022-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5607882d-9112-45f9-bee0-a0c077419187": { "id": "5607882d-9112-45f9-bee0-a0c077419187", "title": "GistPress < 3.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "gistpress", "slug": "gistpress", "affected_versions": { "[*, 3.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5607882d-9112-45f9-bee0-a0c077419187?source=api-scan" ], "published": "2020-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5607a60e-a04a-4d28-bb04-bdacf8e97c56": { "id": "5607a60e-a04a-4d28-bb04-bdacf8e97c56", "title": "wpForo Forum <= 2.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5607a60e-a04a-4d28-bb04-bdacf8e97c56?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5607cc07-5104-45d0-8279-ba0ef3ebcbe9": { "id": "5607cc07-5104-45d0-8279-ba0ef3ebcbe9", "title": "IRivYou <= 2.2.1 - Cross-Site Request Forgery via saveOptionsReviewsPlugin", "software": [ { "type": "plugin", "name": "IRivYou \u2013 Import reviews from AliExpress and Amazon to woocommerce", "slug": "wooreviews-importer", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5607cc07-5104-45d0-8279-ba0ef3ebcbe9?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5607fffa-341f-4237-b064-00fe2e6c9c9f": { "id": "5607fffa-341f-4237-b064-00fe2e6c9c9f", "title": "WP Membership <= 1.2.3 - Privilege Escalation", "software": [ { "type": "plugin", "name": "WP Membership", "slug": "wp-membership", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5607fffa-341f-4237-b064-00fe2e6c9c9f?source=api-scan" ], "published": "2015-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "560b175b-ce2a-4161-aa6b-cd11d1377314": { "id": "560b175b-ce2a-4161-aa6b-cd11d1377314", "title": "Satoshi <= 2.0 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "satoshi", "slug": "satoshi", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/560b175b-ce2a-4161-aa6b-cd11d1377314?source=api-scan" ], "published": "2014-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "560cd314-e442-4284-948f-e654445e0765": { "id": "560cd314-e442-4284-948f-e654445e0765", "title": "Shared Files <= 1.7.16 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "slug": "shared-files", "affected_versions": { "* - 1.7.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.17" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/560cd314-e442-4284-948f-e654445e0765?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "561361da-ea4b-44d0-be77-c622af11f5b4": { "id": "561361da-ea4b-44d0-be77-c622af11f5b4", "title": "Media from FTP Plugin < 9.85 - Directory Traversal", "software": [ { "type": "plugin", "name": "Media from FTP", "slug": "media-from-ftp", "affected_versions": { "[*, 9.85)": { "from_version": "*", "from_inclusive": true, "to_version": "9.85", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.85" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/561361da-ea4b-44d0-be77-c622af11f5b4?source=api-scan" ], "published": "2018-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56161d67-7378-4349-8fe5-da73da36afa0": { "id": "56161d67-7378-4349-8fe5-da73da36afa0", "title": "Featured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images Upload", "software": [ { "type": "plugin", "name": "Featured Image Generator", "slug": "featured-image-generator", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56161d67-7378-4349-8fe5-da73da36afa0?source=api-scan" ], "published": "2024-07-09 13:52:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5618db77-fe74-4982-92b3-cec554640bde": { "id": "5618db77-fe74-4982-92b3-cec554640bde", "title": "Hide My WP Ghost <= 5.0.25 - CAPTCHA Bypass in brute_math_authenticate", "software": [ { "type": "plugin", "name": "Hide My WP Ghost \u2013 Security & Firewall", "slug": "hide-my-wp", "affected_versions": { "* - 5.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5618db77-fe74-4982-92b3-cec554640bde?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5618fdfc-636f-452b-80e1-5182b068d1c6": { "id": "5618fdfc-636f-452b-80e1-5182b068d1c6", "title": "PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.7.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5618fdfc-636f-452b-80e1-5182b068d1c6?source=api-scan" ], "published": "2024-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "561b2487-0d6a-4cc7-b41c-0e88f45d3038": { "id": "561b2487-0d6a-4cc7-b41c-0e88f45d3038", "title": "WP Google Fonts <= 3.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Google Fonts", "slug": "wp-google-fonts", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/561b2487-0d6a-4cc7-b41c-0e88f45d3038?source=api-scan" ], "published": "2021-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "561c8bcf-30b0-4ee6-b507-4cacf22c1e58": { "id": "561c8bcf-30b0-4ee6-b507-4cacf22c1e58", "title": "Ultimate Member <= 2.0.17 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/561c8bcf-30b0-4ee6-b507-4cacf22c1e58?source=api-scan" ], "published": "2018-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "561ec1b2-ee26-4e0c-b437-d70b04be5b4c": { "id": "561ec1b2-ee26-4e0c-b437-d70b04be5b4c", "title": "Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Limit Login Attempts (Spam Protection)", "slug": "wp-limit-failed-login-attempts", "affected_versions": { "* - 5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/561ec1b2-ee26-4e0c-b437-d70b04be5b4c?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56259eda-db70-4a26-a08e-e4d998dbe50d": { "id": "56259eda-db70-4a26-a08e-e4d998dbe50d", "title": "Atahualpa < 3.6.8 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Atahualpa", "slug": "atahualpa", "affected_versions": { "[*, 3.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56259eda-db70-4a26-a08e-e4d998dbe50d?source=api-scan" ], "published": "2011-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5628fb28-03fd-407d-874e-7801b17098f7": { "id": "5628fb28-03fd-407d-874e-7801b17098f7", "title": "Custom Share Buttons with Floating Sidebar <= 4.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Share Buttons with Floating Sidebar", "slug": "custom-share-buttons-with-floating-sidebar", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5628fb28-03fd-407d-874e-7801b17098f7?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5629d479-143d-4a03-ac64-cb304954a5ca": { "id": "5629d479-143d-4a03-ac64-cb304954a5ca", "title": "Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access", "software": [ { "type": "plugin", "name": "Web To Print Shop : uDraw", "slug": "udraw", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5629d479-143d-4a03-ac64-cb304954a5ca?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "562d0052-7f1a-441b-9ff7-1c8bcb4b74b4": { "id": "562d0052-7f1a-441b-9ff7-1c8bcb4b74b4", "title": "Abandoned Cart Lite for WooCommerce <= 5.8.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "* - 5.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/562d0052-7f1a-441b-9ff7-1c8bcb4b74b4?source=api-scan" ], "published": "2020-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "562fe11f-36a0-4f23-9eed-50ada7ab2961": { "id": "562fe11f-36a0-4f23-9eed-50ada7ab2961", "title": "Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode", "software": [ { "type": "plugin", "name": "Easy Registration Forms", "slug": "easy-registration-forms", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/562fe11f-36a0-4f23-9eed-50ada7ab2961?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56382dd8-7f02-4544-a530-31c012407ab7": { "id": "56382dd8-7f02-4544-a530-31c012407ab7", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio < 4.25 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "[*, 4.25)": { "from_version": "*", "from_inclusive": true, "to_version": "4.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56382dd8-7f02-4544-a530-31c012407ab7?source=api-scan" ], "published": "2014-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "563d01c1-dead-4d1a-9f4a-39351b8e94cb": { "id": "563d01c1-dead-4d1a-9f4a-39351b8e94cb", "title": "WP Cost Estimation & Payment Forms Builder <= 10.1.76 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Cost Estimation & Payment Forms Builder", "slug": "wp-estimation-form", "affected_versions": { "* - 10.1.76": { "from_version": "*", "from_inclusive": true, "to_version": "10.1.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.1.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/563d01c1-dead-4d1a-9f4a-39351b8e94cb?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "563d44cd-5f5a-4914-8312-c554085b0821": { "id": "563d44cd-5f5a-4914-8312-c554085b0821", "title": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/563d44cd-5f5a-4914-8312-c554085b0821?source=api-scan" ], "published": "2024-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "563f7d55-1df0-4bdc-b9be-5e564241bcf6": { "id": "563f7d55-1df0-4bdc-b9be-5e564241bcf6", "title": "HREFLANG Tags Lite <= 2.0.0 - Missing Authorization to Data Reset", "software": [ { "type": "plugin", "name": "HREFLANG Tags Lite", "slug": "hreflang-tags-by-dcgws", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/563f7d55-1df0-4bdc-b9be-5e564241bcf6?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56405a91-259c-4700-bbc1-ffe0d77f3974": { "id": "56405a91-259c-4700-bbc1-ffe0d77f3974", "title": "Vernissage <= 1.2.9 - Arbitrary Options Update", "software": [ { "type": "theme", "name": "Vernissage - Photography WordPress Theme", "slug": "vernissage", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56405a91-259c-4700-bbc1-ffe0d77f3974?source=api-scan" ], "published": "2015-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56439ae3-bdbc-4c57-abf4-8c94dea8c6f5": { "id": "56439ae3-bdbc-4c57-abf4-8c94dea8c6f5", "title": "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension", "slug": "shortcode-addons", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56439ae3-bdbc-4c57-abf4-8c94dea8c6f5?source=api-scan" ], "published": "2022-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56465338-f9be-49c5-8125-c6729287d590": { "id": "56465338-f9be-49c5-8125-c6729287d590", "title": "BerqWP <= 1.7.6 - Unauthenticated Arbitrary File Uplaod", "software": [ { "type": "plugin", "name": "BerqWP \u2013 Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript", "slug": "searchpro", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56465338-f9be-49c5-8125-c6729287d590?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5646eb5b-caf0-413c-a1a8-f0c6a5fa5114": { "id": "5646eb5b-caf0-413c-a1a8-f0c6a5fa5114", "title": "Max Mega Menu <= 2.3.8 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Max Mega Menu", "slug": "megamenu", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5646eb5b-caf0-413c-a1a8-f0c6a5fa5114?source=api-scan" ], "published": "2017-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "564a1631-fe33-40f6-a0eb-37868be07171": { "id": "564a1631-fe33-40f6-a0eb-37868be07171", "title": "Simple Job Board <= 2.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "[*, 2.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/564a1631-fe33-40f6-a0eb-37868be07171?source=api-scan" ], "published": "2017-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5652587e-280b-4bdf-b096-e09fe0194658": { "id": "5652587e-280b-4bdf-b096-e09fe0194658", "title": "Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Widgets for WooCommerce Products on Elementor", "slug": "woo-products-widgets-for-elementor", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5652587e-280b-4bdf-b096-e09fe0194658?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5652f148-5247-4b15-bd86-653267d95fbf": { "id": "5652f148-5247-4b15-bd86-653267d95fbf", "title": "Button contact VR <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Button contact VR", "slug": "button-contact-vr", "affected_versions": { "* - 4.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5652f148-5247-4b15-bd86-653267d95fbf?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5652f9c3-3cc9-4541-8209-40117b4d25d9": { "id": "5652f9c3-3cc9-4541-8209-40117b4d25d9", "title": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5652f9c3-3cc9-4541-8209-40117b4d25d9?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5653a87e-bcbb-4516-b936-7e659a396a56": { "id": "5653a87e-bcbb-4516-b936-7e659a396a56", "title": "Dark Mode for WP Dashboard <= 1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Dark Mode for WP Dashboard", "slug": "dark-mode-for-wp-dashboard", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5653a87e-bcbb-4516-b936-7e659a396a56?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5653f1aa-06da-4208-afa2-19ef31b8be2f": { "id": "5653f1aa-06da-4208-afa2-19ef31b8be2f", "title": "Google Language Translator <= 6.0.9 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translate WordPress \u2013 Google Language Translator", "slug": "google-language-translator", "affected_versions": { "[*, 6.0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5653f1aa-06da-4208-afa2-19ef31b8be2f?source=api-scan" ], "published": "2021-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5657ffe2-7d04-4834-bcec-ab6afaeda7df": { "id": "5657ffe2-7d04-4834-bcec-ab6afaeda7df", "title": "Ovic Product Bundle <= 1.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ovic Product Bundle", "slug": "ovic-product-bundle", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5657ffe2-7d04-4834-bcec-ab6afaeda7df?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5658f62b-2f4a-46f7-b229-8e239c7ef148": { "id": "5658f62b-2f4a-46f7-b229-8e239c7ef148", "title": "Tree Sitemap (Pages, Posts & Categories list) <= 2.9 - Cross-Site Request Forgery to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Tree Sitemap (Pages, Posts & Categories list)", "slug": "tree-website-map", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5658f62b-2f4a-46f7-b229-8e239c7ef148?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "565b4026-0807-449d-a78e-798da53c3f52": { "id": "565b4026-0807-449d-a78e-798da53c3f52", "title": "Smart Slider 3 <= 3.5.1.9 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Smart Slider 3", "slug": "smart-slider-3", "affected_versions": { "* - 3.5.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/565b4026-0807-449d-a78e-798da53c3f52?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5666da4a-ffb6-47ed-8b48-a80f09dd2501": { "id": "5666da4a-ffb6-47ed-8b48-a80f09dd2501", "title": "Content Views \u2013 Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay", "software": [ { "type": "plugin", "name": "Content Views \u2013 Post Grid & Filter, Recent Posts, Category Posts \u2026 (Shortcode, Blocks, and Elementor Widgets)", "slug": "content-views-query-and-display-post-page", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5666da4a-ffb6-47ed-8b48-a80f09dd2501?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "567782f9-a050-4e68-9491-e038d7e383f5": { "id": "567782f9-a050-4e68-9491-e038d7e383f5", "title": "WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/567782f9-a050-4e68-9491-e038d7e383f5?source=api-scan" ], "published": "2014-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5678794d-244f-45d1-9049-fea01ba45989": { "id": "5678794d-244f-45d1-9049-fea01ba45989", "title": "Oceanic <= 1.0.52 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Oceanic", "slug": "oceanic", "affected_versions": { "* - 1.0.52": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.52", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5678794d-244f-45d1-9049-fea01ba45989?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "567c4487-32e3-4afd-aec7-2f8171a49ebc": { "id": "567c4487-32e3-4afd-aec7-2f8171a49ebc", "title": "UsersWP <= 1.2.3.9 - Authenticated (Administrator+) CSV Injection", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "* - 1.2.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/567c4487-32e3-4afd-aec7-2f8171a49ebc?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "567d62ec-e868-45e2-b07a-8cc661d7c5e1": { "id": "567d62ec-e868-45e2-b07a-8cc661d7c5e1", "title": "WP Customer Area <= 8.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Customer Area", "slug": "customer-area", "affected_versions": { "* - 8.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56808590-0226-4968-ba64-0965793a3511": { "id": "56808590-0226-4968-ba64-0965793a3511", "title": "ListingPro <= 2.9.3 - Authenticated (Subscriber+) Local File Inclusion", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56808590-0226-4968-ba64-0965793a3511?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5681101f-13c3-4fde-bbde-554810bcbe4e": { "id": "5681101f-13c3-4fde-bbde-554810bcbe4e", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5681101f-13c3-4fde-bbde-554810bcbe4e?source=api-scan" ], "published": "2022-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5684366b-f09c-4710-a43e-ff451d88b0e1": { "id": "5684366b-f09c-4710-a43e-ff451d88b0e1", "title": "User Login Log <= 2.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Login Log", "slug": "user-login-log", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5684366b-f09c-4710-a43e-ff451d88b0e1?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5684d4b7-8a3e-47ee-9d7b-195cb5db9a66": { "id": "5684d4b7-8a3e-47ee-9d7b-195cb5db9a66", "title": "WP Catalogue <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WP Catalogue", "slug": "wp-catalogue", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5684d4b7-8a3e-47ee-9d7b-195cb5db9a66?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "568545a4-7f73-4050-9724-d47279c340c9": { "id": "568545a4-7f73-4050-9724-d47279c340c9", "title": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates <= 3.1.20 - Cross-Site Request Forgery in add_to_favorite", "software": [ { "type": "plugin", "name": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "slug": "astra-sites", "affected_versions": { "* - 3.1.20": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/568545a4-7f73-4050-9724-d47279c340c9?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5686bc0f-efe7-4268-a6e1-bec939504ab4": { "id": "5686bc0f-efe7-4268-a6e1-bec939504ab4", "title": "Hostel <= 1.1.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hostel", "slug": "hostel", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5686bc0f-efe7-4268-a6e1-bec939504ab4?source=api-scan" ], "published": "2019-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "568d9b75-3ac9-47eb-b958-4f1781a6edc4": { "id": "568d9b75-3ac9-47eb-b958-4f1781a6edc4", "title": "woo-popup <= 1.2.2 - Reflecte Cross-Site Scripting", "software": [ { "type": "plugin", "name": "woo-popup", "slug": "woo-popup", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/568d9b75-3ac9-47eb-b958-4f1781a6edc4?source=api-scan" ], "published": "2015-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56953c6f-7ff9-45bf-9265-01240938e395": { "id": "56953c6f-7ff9-45bf-9265-01240938e395", "title": "WooCommerce < 2.4.9 - Cross-site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 2.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56953c6f-7ff9-45bf-9265-01240938e395?source=api-scan" ], "published": "2015-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56976e5f-13e9-45e3-8cd1-7ac5f34f4248": { "id": "56976e5f-13e9-45e3-8cd1-7ac5f34f4248", "title": "For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes", "software": [ { "type": "plugin", "name": "For the visually impaired", "slug": "for-the-visually-impaired", "affected_versions": { "* - 0.58": { "from_version": "*", "from_inclusive": true, "to_version": "0.58", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56976e5f-13e9-45e3-8cd1-7ac5f34f4248?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "569b5522-8f38-454b-a8b5-12e3959c3348": { "id": "569b5522-8f38-454b-a8b5-12e3959c3348", "title": "Essential Blocks for Gutenberg <= 4.4.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/569b5522-8f38-454b-a8b5-12e3959c3348?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "569c8faf-bd2a-4c61-a8c7-d4cab36e5727": { "id": "569c8faf-bd2a-4c61-a8c7-d4cab36e5727", "title": "Ready! Coming Soon <= 0.5.0 Stored Cross-Site Scripting and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ready! Coming Soon", "slug": "coming-soon-maintenance-mode-ready", "affected_versions": { "[*, 0.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/569c8faf-bd2a-4c61-a8c7-d4cab36e5727?source=api-scan" ], "published": "2014-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56a2084c-5120-4115-a027-625900d23ebc": { "id": "56a2084c-5120-4115-a027-625900d23ebc", "title": "Void Contact Form 7 Widget For Elementor Page Builder <= 2.1.1 - Cross-Site Request Forgery in void_cf7_opt_in_user_data_track", "software": [ { "type": "plugin", "name": "Void Contact Form 7 Widget For Elementor Page Builder", "slug": "cf7-widget-elementor", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56a2084c-5120-4115-a027-625900d23ebc?source=api-scan" ], "published": "2023-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56a362f3-dc4e-454d-9d94-9f4cb540d4b5": { "id": "56a362f3-dc4e-454d-9d94-9f4cb540d4b5", "title": "Easy Digital Downloads <= 2.11.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 2.11.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56a362f3-dc4e-454d-9d94-9f4cb540d4b5?source=api-scan" ], "published": "2021-10-21 16:05:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56a90042-a6c0-4487-811b-ced23c97f9f4": { "id": "56a90042-a6c0-4487-811b-ced23c97f9f4", "title": "WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56a90042-a6c0-4487-811b-ced23c97f9f4?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56abcad2-5be0-422c-a33f-91bc123364e5": { "id": "56abcad2-5be0-422c-a33f-91bc123364e5", "title": "eCommerce Product Catalog <= 3.0.71 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.0.71": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56abcad2-5be0-422c-a33f-91bc123364e5?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56acae44-6f22-440c-bee1-4cd3831a99ec": { "id": "56acae44-6f22-440c-bee1-4cd3831a99ec", "title": "Democracy Poll < 5.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Democracy Poll", "slug": "democracy-poll", "affected_versions": { "[*, 5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56acae44-6f22-440c-bee1-4cd3831a99ec?source=api-scan" ], "published": "2017-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56b16f10-2f48-49db-85f6-f934bc267110": { "id": "56b16f10-2f48-49db-85f6-f934bc267110", "title": "My WP Translate <= 1.0.3 - Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "My WP Translate", "slug": "my-wp-translate", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56b16f10-2f48-49db-85f6-f934bc267110?source=api-scan" ], "published": "2017-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56b3d629-014c-47b3-9726-4086e544011b": { "id": "56b3d629-014c-47b3-9726-4086e544011b", "title": "Libsyn Publisher Hub <= 1.4.4 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Libsyn Publisher Hub", "slug": "libsyn-podcasting", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56b3d629-014c-47b3-9726-4086e544011b?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56b4d824-96b8-40e6-97b5-17748d13574a": { "id": "56b4d824-96b8-40e6-97b5-17748d13574a", "title": "Helpful <= 4.5.25 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Helpful", "slug": "helpful", "affected_versions": { "* - 4.5.25": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56b4d824-96b8-40e6-97b5-17748d13574a?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56bbf263-149b-4419-9745-39dc147026a6": { "id": "56bbf263-149b-4419-9745-39dc147026a6", "title": "FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.30.7210": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.30.7210", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.31.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56bbf263-149b-4419-9745-39dc147026a6?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56c1a28e-c37b-431d-bb0d-7d9cf4f85606": { "id": "56c1a28e-c37b-431d-bb0d-7d9cf4f85606", "title": "Launcher: Coming Soon & Maintenance Mode < 1.0.11 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Launcher: Coming Soon & Maintenance Mode", "slug": "launcher", "affected_versions": { "[*, 1.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56c1a28e-c37b-431d-bb0d-7d9cf4f85606?source=api-scan" ], "published": "2019-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56c719dc-b97a-4eb1-ae7a-e435c2f5a69e": { "id": "56c719dc-b97a-4eb1-ae7a-e435c2f5a69e", "title": "WordPress Google reCAPTCHA <= 3.1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-reCAPTCHA", "slug": "wp-recaptcha", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56c719dc-b97a-4eb1-ae7a-e435c2f5a69e?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56cd4317-46e1-4e6c-a586-b3aacb189dd8": { "id": "56cd4317-46e1-4e6c-a586-b3aacb189dd8", "title": "iTwitter <= 0.04 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iTwitter", "slug": "itwitter", "affected_versions": { "* - 0.04": { "from_version": "*", "from_inclusive": true, "to_version": "0.04", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56cd4317-46e1-4e6c-a586-b3aacb189dd8?source=api-scan" ], "published": "2014-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56ce85d3-89f3-461a-8268-7d549e9c2baf": { "id": "56ce85d3-89f3-461a-8268-7d549e9c2baf", "title": "Media-Tags <= 3.2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Tags", "slug": "media-tags", "affected_versions": { "* - 3.2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56ce85d3-89f3-461a-8268-7d549e9c2baf?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56d0658c-b6b5-4e01-9f5b-a53dd4e380d8": { "id": "56d0658c-b6b5-4e01-9f5b-a53dd4e380d8", "title": "LiteSpeed Cache <= 5.7 - Missing Authorization via update_cdn_status", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 5.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56d0658c-b6b5-4e01-9f5b-a53dd4e380d8?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56d1d152-946f-47c9-b0d5-76513370677f": { "id": "56d1d152-946f-47c9-b0d5-76513370677f", "title": "Page Builder Gutenberg Blocks \u2013 CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder Gutenberg Blocks \u2013 CoBlocks", "slug": "coblocks", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56d1d152-946f-47c9-b0d5-76513370677f?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56d24bc8-4a1a-4e60-aec5-960703a6058a": { "id": "56d24bc8-4a1a-4e60-aec5-960703a6058a", "title": "Several WordPress.org Plugins <= Various Versions - Injected Backdoor", "software": [ { "type": "plugin", "name": "Twenty20 Image Before-After", "slug": "twenty20", "affected_versions": { "1.5.4": { "from_version": "1.5.4", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true }, "1.6.2": { "from_version": "1.6.2", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true }, "1.6.3": { "from_version": "1.6.3", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] }, { "type": "plugin", "name": "Seo Optimized Images", "slug": "seo-optimized-images", "affected_versions": { "2.1.2": { "from_version": "2.1.2", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] }, { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "11.9.3 - 11.9.4": { "from_version": "11.9.3", "from_inclusive": true, "to_version": "11.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.9.6" ] }, { "type": "plugin", "name": "WPCOM Member", "slug": "wpcom-member", "affected_versions": { "1.3.15": { "from_version": "1.3.15", "from_inclusive": true, "to_version": "1.3.15", "to_inclusive": true }, "1.3.16": { "from_version": "1.3.16", "from_inclusive": true, "to_version": "1.3.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.14" ] }, { "type": "plugin", "name": "Social Sharing Plugin \u2013 Social Warfare", "slug": "social-warfare", "affected_versions": { "4.4.6.4 - 4.4.7.1": { "from_version": "4.4.6.4", "from_inclusive": true, "to_version": "4.4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7.3" ] }, { "type": "plugin", "name": "Contact Form Multi-Step Addon", "slug": "contact-form-7-multi-step-addon", "affected_versions": { "1.0.4 - 1.0.5": { "from_version": "1.0.4", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "plugin", "name": "Simply Show Hooks", "slug": "simply-show-hooks", "affected_versions": { "1.2.1 - 1.2.2": { "from_version": "1.2.1", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] }, { "type": "plugin", "name": "Britetechs Companion", "slug": "britetechs-companion", "affected_versions": { "2.2.7": { "from_version": "2.2.7", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "Wrapper Link Elementor", "slug": "wrapper-link-elementor", "affected_versions": { "1.0.2 - 1.0.3": { "from_version": "1.0.2", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "plugin", "name": "Ad Invalid Click Protector (AICP)", "slug": "ad-invalid-click-protector", "affected_versions": { "1.2.9": { "from_version": "1.2.9", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] }, { "type": "plugin", "name": "BLAZE Retail Widget", "slug": "blaze-widget", "affected_versions": { "2.2.5 - 2.5.2": { "from_version": "2.2.5", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] }, { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "3.2.3": { "from_version": "3.2.3", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] }, { "type": "plugin", "name": "WP Server Health Stats", "slug": "wp-server-stats", "affected_versions": { "1.7.6": { "from_version": "1.7.6", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56d8af3b-6c00-49ed-872a-64f7bebb470b": { "id": "56d8af3b-6c00-49ed-872a-64f7bebb470b", "title": "Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_content]", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56d8af3b-6c00-49ed-872a-64f7bebb470b?source=api-scan" ], "published": "2024-06-11 16:19:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56dc5138-c864-4e36-8b7d-38ac49589c06": { "id": "56dc5138-c864-4e36-8b7d-38ac49589c06", "title": "Booster for WooCommerce <= 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56dc5138-c864-4e36-8b7d-38ac49589c06?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56e2b16e-68fa-421a-a69f-e22987580a47": { "id": "56e2b16e-68fa-421a-a69f-e22987580a47", "title": "Radio Player <= 2.0.73 - Missing Authorization", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56e2b16e-68fa-421a-a69f-e22987580a47?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56ec086e-01a7-42f8-be17-b2bdf59cdfb8": { "id": "56ec086e-01a7-42f8-be17-b2bdf59cdfb8", "title": "React Webcam <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "React Webcam", "slug": "react-webcam", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56ec086e-01a7-42f8-be17-b2bdf59cdfb8?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56f146e8-ec70-45c4-9ff2-94cb44fef5c2": { "id": "56f146e8-ec70-45c4-9ff2-94cb44fef5c2", "title": "e2pdf <= 1.20.27 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "E2Pdf \u2013 Export Pdf Tool for WordPress", "slug": "e2pdf", "affected_versions": { "* - 1.20.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.00" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56f146e8-ec70-45c4-9ff2-94cb44fef5c2?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56f3cb34-0452-4e3d-9442-0decc77f5e63": { "id": "56f3cb34-0452-4e3d-9442-0decc77f5e63", "title": "Ultimate Dashboard <= 3.7.10 - Login Page Disclosure on Multi-site", "software": [ { "type": "plugin", "name": "Ultimate Dashboard \u2013 Custom WordPress Dashboard", "slug": "ultimate-dashboard", "affected_versions": { "* - 3.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56f3cb34-0452-4e3d-9442-0decc77f5e63?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56f46330-20d2-48f2-8e23-cc8f968db4b8": { "id": "56f46330-20d2-48f2-8e23-cc8f968db4b8", "title": "Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Menu Editor", "slug": "admin-menu-restriction", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56f46330-20d2-48f2-8e23-cc8f968db4b8?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56f59303-cf82-4239-9e04-80a32f20d87c": { "id": "56f59303-cf82-4239-9e04-80a32f20d87c", "title": "Multi Feed Reader <= 2.2.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Multi Feed Reader", "slug": "multi-feed-reader", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56f59303-cf82-4239-9e04-80a32f20d87c?source=api-scan" ], "published": "2017-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56f9d46f-5c21-4e8e-8e77-c96c4a0562d1": { "id": "56f9d46f-5c21-4e8e-8e77-c96c4a0562d1", "title": "Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions", "software": [ { "type": "plugin", "name": "Data Tables Generator by Supsystic", "slug": "data-tables-generator-by-supsystic", "affected_versions": { "* - 1.9.91": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56f9d46f-5c21-4e8e-8e77-c96c4a0562d1?source=api-scan" ], "published": "2020-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56fad8de-6646-4305-83a9-0ed443c3aa7d": { "id": "56fad8de-6646-4305-83a9-0ed443c3aa7d", "title": "ChatBot <= 4.4.4 - Unauthenticated Stored Cross-Site Scripting via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56fad8de-6646-4305-83a9-0ed443c3aa7d?source=api-scan" ], "published": "2023-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56fce928-108d-4e59-8746-3699a9db427e": { "id": "56fce928-108d-4e59-8746-3699a9db427e", "title": "User Email Verification for WooCommerce <= 3.3.0 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "User Email Verification for WooCommerce", "slug": "woo-confirmation-email", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56fce928-108d-4e59-8746-3699a9db427e?source=api-scan" ], "published": "2019-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56fd8166-da22-4a0b-a23f-41817acba6df": { "id": "56fd8166-da22-4a0b-a23f-41817acba6df", "title": "R Animated Icon Plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "R Animated Icon Plugin", "slug": "r-animated-icon", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56fd8166-da22-4a0b-a23f-41817acba6df?source=api-scan" ], "published": "2024-09-30 19:22:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "56fdbf80-8ea2-412a-b166-b7c27de88e70": { "id": "56fdbf80-8ea2-412a-b166-b7c27de88e70", "title": "Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/56fdbf80-8ea2-412a-b166-b7c27de88e70?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "570474f2-c118-45e1-a237-c70b849b2d3c": { "id": "570474f2-c118-45e1-a237-c70b849b2d3c", "title": "Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/570474f2-c118-45e1-a237-c70b849b2d3c?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57051491-a56b-4a3a-9383-ba63585550be": { "id": "57051491-a56b-4a3a-9383-ba63585550be", "title": "Accordion <= 2.2.29 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accordion", "slug": "accordions", "affected_versions": { "[*, 2.2.30)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57051491-a56b-4a3a-9383-ba63585550be?source=api-scan" ], "published": "2021-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5708a414-7cd8-4926-8871-3248ebf4c39d": { "id": "5708a414-7cd8-4926-8871-3248ebf4c39d", "title": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio", "slug": "play-ht", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5708a414-7cd8-4926-8871-3248ebf4c39d?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "570942bf-49b1-4217-abc6-5e83f27d9824": { "id": "570942bf-49b1-4217-abc6-5e83f27d9824", "title": "Files Download Delay <= 1.0.6 - Missing Authorization to Settings Reset", "software": [ { "type": "plugin", "name": "Files Download Delay", "slug": "files-download-delay", "affected_versions": { "[*, 1.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/570942bf-49b1-4217-abc6-5e83f27d9824?source=api-scan" ], "published": "2022-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "570bca1e-78d0-49e8-8919-eba19f9457b9": { "id": "570bca1e-78d0-49e8-8919-eba19f9457b9", "title": "Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated Settings Import\/Export", "software": [ { "type": "plugin", "name": "Motors \u2013 Car Dealer, Classifieds & Listing", "slug": "motors-car-dealership-classified-listings", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/570bca1e-78d0-49e8-8919-eba19f9457b9?source=api-scan" ], "published": "2019-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "570e72de-1f6a-4bbe-9df1-f0d1ca290a0b": { "id": "570e72de-1f6a-4bbe-9df1-f0d1ca290a0b", "title": "Currency per Product for WooCommerce <= 1.6.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Currency per Product for WooCommerce", "slug": "currency-per-product-for-woocommerce", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/570e72de-1f6a-4bbe-9df1-f0d1ca290a0b?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "570f680b-b688-49ad-9eed-0bc966a4cdf7": { "id": "570f680b-b688-49ad-9eed-0bc966a4cdf7", "title": "Faction <= 1.1.1 - Arbitrary Options Update", "software": [ { "type": "theme", "name": "Faction", "slug": "fraction-theme", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/570f680b-b688-49ad-9eed-0bc966a4cdf7?source=api-scan" ], "published": "2015-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57103f8e-0874-4e56-8571-254607ada21c": { "id": "57103f8e-0874-4e56-8571-254607ada21c", "title": "Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Swift Framework", "slug": "swift-framework", "affected_versions": { "* - 2.7.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.31", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57103f8e-0874-4e56-8571-254607ada21c?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57156ebc-2858-4295-ba08-57bcab6db229": { "id": "57156ebc-2858-4295-ba08-57bcab6db229", "title": "WooCommerce Shipping & Tax <= 2.2.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Shipping & Tax", "slug": "woocommerce-services", "affected_versions": { "[*, 2.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57156ebc-2858-4295-ba08-57bcab6db229?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5715f3d3-8b88-45bc-a858-3911eeaaf045": { "id": "5715f3d3-8b88-45bc-a858-3911eeaaf045", "title": "Post Title Counter <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Title Counter", "slug": "post-title-counter", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5715f3d3-8b88-45bc-a858-3911eeaaf045?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57162a5e-5f5d-4b22-bb7f-0ff65332910b": { "id": "57162a5e-5f5d-4b22-bb7f-0ff65332910b", "title": "Stockdio Historical Chart < 2.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stockdio Historical Chart", "slug": "stockdio-historical-chart", "affected_versions": { "[*, 2.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57162a5e-5f5d-4b22-bb7f-0ff65332910b?source=api-scan" ], "published": "2020-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5717b835-7feb-4bb8-8f1b-1f44d4630cd3": { "id": "5717b835-7feb-4bb8-8f1b-1f44d4630cd3", "title": "Ali2Woo Lite <= 3.4.4 - Cross-Site Request Forgery to PHP Object Injection", "software": [ { "type": "plugin", "name": "AliExpress Dropshipping Plugin for WooCommerce \u2013 AliNext", "slug": "ali2woo-lite", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5717b835-7feb-4bb8-8f1b-1f44d4630cd3?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "571b391d-c839-43c3-bdf0-a9ad2222cb48": { "id": "571b391d-c839-43c3-bdf0-a9ad2222cb48", "title": "Metorik \u2013 Reports & Email Automation for WooCommerce <= 1.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Metorik \u2013 Reports & Email Automation for WooCommerce", "slug": "metorik-helper", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/571b391d-c839-43c3-bdf0-a9ad2222cb48?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "571fd575-ff03-465f-9e3c-574e93586396": { "id": "571fd575-ff03-465f-9e3c-574e93586396", "title": "Translate Multilingual sites \u2013 TranslatePress <= 2.7.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Translate Multilingual sites \u2013 TranslatePress", "slug": "translatepress-multilingual", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/571fd575-ff03-465f-9e3c-574e93586396?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "572689c6-d7d6-46c3-9e96-b9185337e8ce": { "id": "572689c6-d7d6-46c3-9e96-b9185337e8ce", "title": "Weaver Xtreme Theme Support <= 6.3.0 - Authenticated (Administrator+) PHP Object Injection via Imported File", "software": [ { "type": "plugin", "name": "Weaver Xtreme Theme Support", "slug": "weaverx-theme-support", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/572689c6-d7d6-46c3-9e96-b9185337e8ce?source=api-scan" ], "published": "2023-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5734bd3b-b1cd-4376-b481-a9ad120016f6": { "id": "5734bd3b-b1cd-4376-b481-a9ad120016f6", "title": "mywebcounter <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mywebcounter", "slug": "mywebcounter", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5734bd3b-b1cd-4376-b481-a9ad120016f6?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57377380-0435-4747-abba-50063978d8e1": { "id": "57377380-0435-4747-abba-50063978d8e1", "title": "WP SMS <= 6.0.4 - Information Disclosure via REST API", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57377380-0435-4747-abba-50063978d8e1?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "573c07f0-1ce5-456d-9094-47cb7d8ba9f0": { "id": "573c07f0-1ce5-456d-9094-47cb7d8ba9f0", "title": "PropertyHive <= 2.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/573c07f0-1ce5-456d-9094-47cb7d8ba9f0?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "573dd1ea-1f2c-4a0b-9496-82d7b65c8db2": { "id": "573dd1ea-1f2c-4a0b-9496-82d7b65c8db2", "title": "Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "[*, 2.7.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.12" ] }, { "type": "plugin", "name": "Ad Inserter Pro", "slug": "ad-inserter-pro", "affected_versions": { "[*, 2.7.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/573dd1ea-1f2c-4a0b-9496-82d7b65c8db2?source=api-scan" ], "published": "2022-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57465fce-e8ad-41ac-9dd6-e340ec314913": { "id": "57465fce-e8ad-41ac-9dd6-e340ec314913", "title": "WooCommerce Products Vendor <= 2.1.65 - Insecure Direct Object Reference to Note Creation", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "* - 2.1.65": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57465fce-e8ad-41ac-9dd6-e340ec314913?source=api-scan" ], "published": "2022-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5749a496-930a-4e31-968e-0c2a72e03555": { "id": "5749a496-930a-4e31-968e-0c2a72e03555", "title": "iThemes Security <= 7.6.1 - Broken Password Mechanism", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 7.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5749a496-930a-4e31-968e-0c2a72e03555?source=api-scan" ], "published": "2021-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "574dd6d8-14df-47b8-bf03-28a3c02b73ec": { "id": "574dd6d8-14df-47b8-bf03-28a3c02b73ec", "title": "BookingPress \u2013 Appointments Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.13 - SQL Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/574dd6d8-14df-47b8-bf03-28a3c02b73ec?source=api-scan" ], "published": "2022-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57531d89-1f54-43f4-a19d-9fda5e69f2ad": { "id": "57531d89-1f54-43f4-a19d-9fda5e69f2ad", "title": "User Registration, User Profiles, Login & Membership \u2013 ProfilePress (Formerly WP User Avatar) 3.0.0 - 3.1.3 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "3.0.0 - 3.1.3": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57531d89-1f54-43f4-a19d-9fda5e69f2ad?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5754ffd6-81bb-491b-9272-627e8c52a22c": { "id": "5754ffd6-81bb-491b-9272-627e8c52a22c", "title": "AllWebMenus WordPress Menu Plugin <= 1.1.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AllWebMenus WordPress Menu Plugin", "slug": "allwebmenus-wordpress-menu-plugin", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5754ffd6-81bb-491b-9272-627e8c52a22c?source=api-scan" ], "published": "2012-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "575743cc-6399-4f1d-893c-3fb9d4a98738": { "id": "575743cc-6399-4f1d-893c-3fb9d4a98738", "title": "WP Back Button <= 1.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Back Button", "slug": "wp-back-button", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/575743cc-6399-4f1d-893c-3fb9d4a98738?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57580c2c-c3de-44a3-b586-f7092c06dc6b": { "id": "57580c2c-c3de-44a3-b586-f7092c06dc6b", "title": "Chronosly Events Calendar <= 2.6.2 - Cross-Site Request Forgery via plugin_settings_page", "software": [ { "type": "plugin", "name": "Chronosly Events Calendar", "slug": "chronosly-events-calendar", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57580c2c-c3de-44a3-b586-f7092c06dc6b?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "575b51f4-fed4-4057-9e8b-762fda275ef3": { "id": "575b51f4-fed4-4057-9e8b-762fda275ef3", "title": "Apollo13 Framework Extensions <= 1.9.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Apollo13 Framework Extensions", "slug": "apollo13-framework-extensions", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/575b51f4-fed4-4057-9e8b-762fda275ef3?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "575d1353-70af-4200-9088-662f7a052b76": { "id": "575d1353-70af-4200-9088-662f7a052b76", "title": "Super Forms \u2013 Drag & Drop Form Builder <= 4.9.700 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Super Forms \u2013 Drag & Drop Form Builder", "slug": "super-forms", "affected_versions": { "* - 4.9.700": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.700", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.800" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/575d1353-70af-4200-9088-662f7a052b76?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "575ec3a9-26f7-415b-9df6-d0401557a578": { "id": "575ec3a9-26f7-415b-9df6-d0401557a578", "title": "Advanced Local Pickup for WooCommerce <= 1.6.1 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Advanced Local Pickup for WooCommerce", "slug": "advanced-local-pickup-for-woocommerce", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/575ec3a9-26f7-415b-9df6-d0401557a578?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57641366-85d3-4375-8cde-041227c9f811": { "id": "57641366-85d3-4375-8cde-041227c9f811", "title": "Parallax Image <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via dd-parallax Shortcode", "software": [ { "type": "plugin", "name": "Parallax Image", "slug": "parallax-image", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57641366-85d3-4375-8cde-041227c9f811?source=api-scan" ], "published": "2024-10-16 21:47:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57666105-81e4-4ef4-8889-9ce9995d2629": { "id": "57666105-81e4-4ef4-8889-9ce9995d2629", "title": "Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.7": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.7", "to_inclusive": true }, "3.8 - 3.8.7": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.7", "to_inclusive": true }, "3.9 - 3.9.5": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": true }, "4.0 - 4.0.4": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true }, "4.1 - 4.1.4": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true }, "4.2 - 4.2.1": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.8", "3.8.8", "3.9.6", "4.0.5", "4.1.5", "4.2.2" ] }, { "type": "theme", "name": "Twenty Fifteen", "slug": "twentyfifteen", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57666105-81e4-4ef4-8889-9ce9995d2629?source=api-scan" ], "published": "2015-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "576ca901-45e2-4e6d-9bc4-370bf1f68077": { "id": "576ca901-45e2-4e6d-9bc4-370bf1f68077", "title": "Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/576ca901-45e2-4e6d-9bc4-370bf1f68077?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57704203-ed74-4100-900c-3f35c726e51e": { "id": "57704203-ed74-4100-900c-3f35c726e51e", "title": "Membership Simplified <= 1.58 - SQL Injection", "software": [ { "type": "plugin", "name": "Membership Simplified", "slug": "membership-simplified-for-oap-members-only", "affected_versions": { "* - 1.58": { "from_version": "*", "from_inclusive": true, "to_version": "1.58", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57704203-ed74-4100-900c-3f35c726e51e?source=api-scan" ], "published": "2017-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "577095f7-955f-46ab-ae5e-635fb4c65cbe": { "id": "577095f7-955f-46ab-ae5e-635fb4c65cbe", "title": "WooCommerce 8.8.0 - 8.9.2 - Reflected Cross-Site Scripting via Order Attribution", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "8.8.0 - 8.8.4": { "from_version": "8.8.0", "from_inclusive": true, "to_version": "8.8.4", "to_inclusive": true }, "8.9.0 - 8.9.2": { "from_version": "8.9.0", "from_inclusive": true, "to_version": "8.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.8.5", "8.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/577095f7-955f-46ab-ae5e-635fb4c65cbe?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5776ae23-3846-41bf-92dd-948230c334bf": { "id": "5776ae23-3846-41bf-92dd-948230c334bf", "title": "WP RSS Aggregator <= 4.19.2 - Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging", "slug": "wp-rss-aggregator", "affected_versions": { "[*, 4.19.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.19.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.19.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5776ae23-3846-41bf-92dd-948230c334bf?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57774f93-e6c0-46e6-8019-eab00b2b48ff": { "id": "57774f93-e6c0-46e6-8019-eab00b2b48ff", "title": "GoodBarber <= 1.0.23 - Cross-Site Request Forgery via admin_options", "software": [ { "type": "plugin", "name": "GoodBarber", "slug": "goodbarber", "affected_versions": { "* - 1.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57774f93-e6c0-46e6-8019-eab00b2b48ff?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5778ba3d-6670-47ad-ae65-50b6fb8e5db0": { "id": "5778ba3d-6670-47ad-ae65-50b6fb8e5db0", "title": "Real Estate 7 Theme <= 3.3.4 - Unauthenticated Arbitrary Email Sending", "software": [ { "type": "theme", "name": "Real Estate 7 WordPress", "slug": "realestate-7", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5778ba3d-6670-47ad-ae65-50b6fb8e5db0?source=api-scan" ], "published": "2023-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5779914a-a168-4835-8aea-e0ab2b3be4f6": { "id": "5779914a-a168-4835-8aea-e0ab2b3be4f6", "title": "Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Missing Authorization to Limited Privilege Granting", "software": [ { "type": "plugin", "name": "Go Pricing - WordPress Responsive Pricing Tables", "slug": "go_pricing", "affected_versions": { "* - 3.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5779914a-a168-4835-8aea-e0ab2b3be4f6?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "577b4738-fa58-44b2-a8e7-ef59925f26a1": { "id": "577b4738-fa58-44b2-a8e7-ef59925f26a1", "title": "EventON <= 3.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/577b4738-fa58-44b2-a8e7-ef59925f26a1?source=api-scan" ], "published": "2020-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "577cf51e-3fcb-456c-9068-17fff4a71e94": { "id": "577cf51e-3fcb-456c-9068-17fff4a71e94", "title": "Map Multi Marker <= 3.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Map Multi Marker", "slug": "map-multi-marker", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/577cf51e-3fcb-456c-9068-17fff4a71e94?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "577d8986-edc5-445f-80cf-7a7f2cca9749": { "id": "577d8986-edc5-445f-80cf-7a7f2cca9749", "title": "Unite Gallery Lite <= 1.7.61 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unite Gallery Lite", "slug": "unite-gallery-lite", "affected_versions": { "* - 1.7.61": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.61", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/577d8986-edc5-445f-80cf-7a7f2cca9749?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "577de987-b526-4d7a-8163-683ec3b77bec": { "id": "577de987-b526-4d7a-8163-683ec3b77bec", "title": "ListingPro Plugin <= 2.9.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "ListingPro Plugin", "slug": "listingpro-plugin", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/577de987-b526-4d7a-8163-683ec3b77bec?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5781420d-b1e0-435f-8bf2-193cc7b095ed": { "id": "5781420d-b1e0-435f-8bf2-193cc7b095ed", "title": "Canto <= 1.9.0 - Blind Server-Side Request Forgery via detail.php", "software": [ { "type": "plugin", "name": "Canto", "slug": "canto", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5781420d-b1e0-435f-8bf2-193cc7b095ed?source=api-scan" ], "published": "2020-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5782439f-a546-45f6-aec7-e600442d3c41": { "id": "5782439f-a546-45f6-aec7-e600442d3c41", "title": "AnyWhere Elementor <= 1.2.7 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "AnyWhere Elementor", "slug": "anywhere-elementor", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5782439f-a546-45f6-aec7-e600442d3c41?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57837060-433f-471c-9413-6d9b95b69f2a": { "id": "57837060-433f-471c-9413-6d9b95b69f2a", "title": "Image Slider < 1.1.90 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Image Slider", "slug": "image-slider-widget", "affected_versions": { "[*, 1.1.90)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.90", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57837060-433f-471c-9413-6d9b95b69f2a?source=api-scan" ], "published": "2016-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5786b859-3ee9-45ab-8926-f4a09e323e3b": { "id": "5786b859-3ee9-45ab-8926-f4a09e323e3b", "title": "Comments Ratings <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comments Ratings", "slug": "comments-ratings", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5786b859-3ee9-45ab-8926-f4a09e323e3b?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "578892f2-9841-4493-8445-61b79feb4764": { "id": "578892f2-9841-4493-8445-61b79feb4764", "title": "WP Popups \u2013 WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "WP Popups \u2013 WordPress Popup builder", "slug": "wp-popups-lite", "affected_versions": { "* - 2.2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/578892f2-9841-4493-8445-61b79feb4764?source=api-scan" ], "published": "2024-07-11 17:15:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57896fa8-9360-41e8-a60e-8b95d01c25ac": { "id": "57896fa8-9360-41e8-a60e-8b95d01c25ac", "title": "WP Cleanfix <= 5.6.2 - Missing Authorization via register", "software": [ { "type": "plugin", "name": "WP CleanFix", "slug": "wp-cleanfix", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57896fa8-9360-41e8-a60e-8b95d01c25ac?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "578a908a-d447-4b3e-b5d1-be86363c982a": { "id": "578a908a-d447-4b3e-b5d1-be86363c982a", "title": "WordPress Core < 4.7.3 - Cross-Site Request Forgery via Press This", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.18": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.18", "to_inclusive": true }, "3.8 - 3.8.18": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.18", "to_inclusive": true }, "3.9 - 3.9.16": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.16", "to_inclusive": true }, "4.0 - 4.0.15": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.15", "to_inclusive": true }, "4.1 - 4.1.15": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.15", "to_inclusive": true }, "4.2 - 4.2.12": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.12", "to_inclusive": true }, "4.3 - 4.3.8": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.8", "to_inclusive": true }, "4.4 - 4.4.7": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true }, "4.5 - 4.5.6": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": true }, "4.6 - 4.6.3": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true }, "4.7 - 4.7.2": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.19", "3.8.19", "3.9.17", "4.0.16", "4.1.16", "4.2.13", "4.3.9", "4.4.8", "4.5.7", "4.6.4", "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/578a908a-d447-4b3e-b5d1-be86363c982a?source=api-scan" ], "published": "2017-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "578b17d4-16cf-449a-9d99-cd9a0f7a8418": { "id": "578b17d4-16cf-449a-9d99-cd9a0f7a8418", "title": "Database Sync < 0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Database Sync", "slug": "database-sync", "affected_versions": { "[*, 0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/578b17d4-16cf-449a-9d99-cd9a0f7a8418?source=api-scan" ], "published": "2015-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "578cf704-e84d-469f-bf26-e60268506a78": { "id": "578cf704-e84d-469f-bf26-e60268506a78", "title": "InstaWP Connect <= 0.1.0.9 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/578cf704-e84d-469f-bf26-e60268506a78?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "578d8ca7-7042-493d-92b4-63241b4bdfca": { "id": "578d8ca7-7042-493d-92b4-63241b4bdfca", "title": "Profile Builder Pro <= 3.10.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Profile Builder Pro", "slug": "profile-builder-pro", "affected_versions": { "* - 3.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/578d8ca7-7042-493d-92b4-63241b4bdfca?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "578ed437-98b7-495b-91fd-45b882f39d95": { "id": "578ed437-98b7-495b-91fd-45b882f39d95", "title": "Meks Smart Social Widget <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meks Smart Social Widget", "slug": "meks-smart-social-widget", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/578ed437-98b7-495b-91fd-45b882f39d95?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57953bab-7430-4841-b073-7db7964e6a65": { "id": "57953bab-7430-4841-b073-7db7964e6a65", "title": "Seed Fonts 2.3.1 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seed Fonts", "slug": "seed-fonts", "affected_versions": { "2.3.1": { "from_version": "2.3.1", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57953bab-7430-4841-b073-7db7964e6a65?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57969f04-4758-4e62-8fbb-7b14629321d6": { "id": "57969f04-4758-4e62-8fbb-7b14629321d6", "title": "Zero Spam <= 5.2.10 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Zero Spam for WordPress", "slug": "zero-spam", "affected_versions": { "* - 5.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57969f04-4758-4e62-8fbb-7b14629321d6?source=api-scan" ], "published": "2022-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5798de72-b589-4474-82b2-df6ef26325a3": { "id": "5798de72-b589-4474-82b2-df6ef26325a3", "title": "cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "* - 15.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "15.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5798de72-b589-4474-82b2-df6ef26325a3?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "579b887a-4140-4e12-9a9a-ba52d212b8a2": { "id": "579b887a-4140-4e12-9a9a-ba52d212b8a2", "title": "Awesome Support <= 6.1.4 - Cross-Site Request Forgery via wpas_edit_reply_ajax()", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/579b887a-4140-4e12-9a9a-ba52d212b8a2?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57a12c21-4a5d-4fbd-8720-93e78164f216": { "id": "57a12c21-4a5d-4fbd-8720-93e78164f216", "title": "WPBakery Page Builder Clipboard < 4.5.8 - Arbitrary License Options Update", "software": [ { "type": "plugin", "name": "WPBakery Page Builder Clipboard", "slug": "vc_clipboard", "affected_versions": { "[*, 4.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57a12c21-4a5d-4fbd-8720-93e78164f216?source=api-scan" ], "published": "2021-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57a39691-8fff-4e62-a03a-70b428025d77": { "id": "57a39691-8fff-4e62-a03a-70b428025d77", "title": "Useful Banner Manager <= 1.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Useful Banner Manager", "slug": "useful-banner-manager", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57a39691-8fff-4e62-a03a-70b428025d77?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57a5b6d9-92dc-488a-a3f2-b3c09361aefe": { "id": "57a5b6d9-92dc-488a-a3f2-b3c09361aefe", "title": "Postie <= 1.9.40 - Post Submission Spoofing & Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Postie", "slug": "postie", "affected_versions": { "[*, 1.9.41)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.41", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57a5b6d9-92dc-488a-a3f2-b3c09361aefe?source=api-scan" ], "published": "2020-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57a68d4a-4857-4631-8863-6ff847490ef5": { "id": "57a68d4a-4857-4631-8863-6ff847490ef5", "title": "WordPress Social Invitations \u2013 Lite <= 1.4.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Social Invitations \u2013 Lite", "slug": "wp-social-invitations", "affected_versions": { "* - 1.4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57a68d4a-4857-4631-8863-6ff847490ef5?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57a81776-643d-4057-9d81-b79ad396cced": { "id": "57a81776-643d-4057-9d81-b79ad396cced", "title": "RokNewsPager <= 1.17 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "RokNewsPager", "slug": "wp_roknewspager", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57a81776-643d-4057-9d81-b79ad396cced?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57aacffa-0f49-4a33-ae40-d1c151363284": { "id": "57aacffa-0f49-4a33-ae40-d1c151363284", "title": "WooCommerce Clover Payment Gateway <= 1.3.1 - Missing Authorization via callback_handler", "software": [ { "type": "plugin", "name": "WooCommerce Clover Payment Gateway", "slug": "woo-clover-gateway-by-zaytech", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57aacffa-0f49-4a33-ae40-d1c151363284?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57b3eef3-e165-45ac-89d7-2a2a6529b310": { "id": "57b3eef3-e165-45ac-89d7-2a2a6529b310", "title": "Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "* - 2.7.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57be3e10-6920-4ad8-b9cf-cf5a703ca373": { "id": "57be3e10-6920-4ad8-b9cf-cf5a703ca373", "title": "Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widgets on Pages", "slug": "widgets-on-pages", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57be3e10-6920-4ad8-b9cf-cf5a703ca373?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57be47e2-9aac-42bd-af6a-5060d2f86449": { "id": "57be47e2-9aac-42bd-af6a-5060d2f86449", "title": "User Activity Log <= 1.4.6 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57be47e2-9aac-42bd-af6a-5060d2f86449?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57be90d8-dab7-49c8-bcdf-32e967ee1716": { "id": "57be90d8-dab7-49c8-bcdf-32e967ee1716", "title": "bbPress <= 2.6.4 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "bbPress", "slug": "bbpress", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57be90d8-dab7-49c8-bcdf-32e967ee1716?source=api-scan" ], "published": "2020-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57bf222b-5f49-46e2-be84-3e6444807096": { "id": "57bf222b-5f49-46e2-be84-3e6444807096", "title": "Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.976": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.976", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.977" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57bf222b-5f49-46e2-be84-3e6444807096?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57c14da1-b57c-4425-bacc-f864d237ce10": { "id": "57c14da1-b57c-4425-bacc-f864d237ce10", "title": "Sinatra <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Sinatra", "slug": "sinatra", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57c14da1-b57c-4425-bacc-f864d237ce10?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57caddaa-c548-4f07-ab34-327df62951b5": { "id": "57caddaa-c548-4f07-ab34-327df62951b5", "title": "Zoho CRM Lead Magnet <= 1.7.5.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Zoho CRM Lead Magnet", "slug": "zoho-crm-forms", "affected_versions": { "* - 1.7.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57caddaa-c548-4f07-ab34-327df62951b5?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57cc15a6-2cf5-481f-bb81-ada48aa74009": { "id": "57cc15a6-2cf5-481f-bb81-ada48aa74009", "title": "File Manager <= 7.2.4 - Cross-Site Request Forgery to Local JS File Inclusion", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 7.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57d0991b-f10e-4ab8-a8a2-55bf708eefee": { "id": "57d0991b-f10e-4ab8-a8a2-55bf708eefee", "title": "Hustle <= 6.0.7 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups", "slug": "wordpress-popup", "affected_versions": { "* - 6.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57d0991b-f10e-4ab8-a8a2-55bf708eefee?source=api-scan" ], "published": "2019-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57d2ac19-812a-4a64-815b-bc3fffe8af26": { "id": "57d2ac19-812a-4a64-815b-bc3fffe8af26", "title": "Yet Another bol.com - <= 1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yet Another bol.com Plugin", "slug": "yabp", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57d2ac19-812a-4a64-815b-bc3fffe8af26?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57d3506c-8db8-4e1b-9587-7f2bdb632890": { "id": "57d3506c-8db8-4e1b-9587-7f2bdb632890", "title": "Conditional Menus <= 1.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Conditional Menus", "slug": "conditional-menus", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57d3506c-8db8-4e1b-9587-7f2bdb632890?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57d863b9-d544-4af5-afbe-268635a8dd98": { "id": "57d863b9-d544-4af5-afbe-268635a8dd98", "title": "AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AskApache Firefox Adsense", "slug": "askapache-firefox-adsense", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57d863b9-d544-4af5-afbe-268635a8dd98?source=api-scan" ], "published": "2013-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57d90ba7-b655-4655-981c-548ff96c3bb7": { "id": "57d90ba7-b655-4655-981c-548ff96c3bb7", "title": "WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "WP Latest Posts", "slug": "wp-latest-posts", "affected_versions": { "* - 5.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57d90ba7-b655-4655-981c-548ff96c3bb7?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57d9b98d-34c3-4bbf-af9a-e93835857e2d": { "id": "57d9b98d-34c3-4bbf-af9a-e93835857e2d", "title": "Unlimited Addon For Elementor <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unlimited Addon For Elementor", "slug": "unlimited-addon-for-elementor", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57d9b98d-34c3-4bbf-af9a-e93835857e2d?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57dac6de-545f-49e5-9f45-d90a48d6b05f": { "id": "57dac6de-545f-49e5-9f45-d90a48d6b05f", "title": "Brizy \u2013 Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.40": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57dac6de-545f-49e5-9f45-d90a48d6b05f?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57dc6ca5-6e6b-4364-9b82-31fe108fece8": { "id": "57dc6ca5-6e6b-4364-9b82-31fe108fece8", "title": "Ad Inserter <= 2.7.37 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "* - 2.7.37": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57dc6ca5-6e6b-4364-9b82-31fe108fece8?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57dda8e6-54d1-41db-a54d-4a5d635e23b7": { "id": "57dda8e6-54d1-41db-a54d-4a5d635e23b7", "title": "Easy Event calendar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Event calendar", "slug": "easy-event-calendar", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57dda8e6-54d1-41db-a54d-4a5d635e23b7?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57e724ac-8e7d-45ec-9f41-4303ea6c5d30": { "id": "57e724ac-8e7d-45ec-9f41-4303ea6c5d30", "title": "SlickQuiz <= 1.3.7.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlickQuiz", "slug": "slickquiz", "affected_versions": { "* - 1.3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57e724ac-8e7d-45ec-9f41-4303ea6c5d30?source=api-scan" ], "published": "2019-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57e84624-98ab-495b-b985-908302527b3a": { "id": "57e84624-98ab-495b-b985-908302527b3a", "title": "Soccer Engine \u2013 Soccer Plugin for WordPress <= 1.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Soccer Engine \u2013 Soccer Plugin for WordPress", "slug": "soccer-engine-lite", "affected_versions": { "* - 1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57e84624-98ab-495b-b985-908302527b3a?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57e9b09c-adfb-4fc2-8d2b-41cfc1f73e22": { "id": "57e9b09c-adfb-4fc2-8d2b-41cfc1f73e22", "title": "Zoho Forms <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Form plugin for WordPress \u2013 Zoho Forms", "slug": "zoho-forms", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57e9b09c-adfb-4fc2-8d2b-41cfc1f73e22?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57ebde8e-dd1f-4a33-9c7b-6c9e2060d1ef": { "id": "57ebde8e-dd1f-4a33-9c7b-6c9e2060d1ef", "title": "CUBE SLIDER <= 1.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "CUBE SLIDER", "slug": "cube-slider", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57ebde8e-dd1f-4a33-9c7b-6c9e2060d1ef?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57ed6c7e-ca8d-476d-adce-905b2cd2eda8": { "id": "57ed6c7e-ca8d-476d-adce-905b2cd2eda8", "title": "Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57ed6c7e-ca8d-476d-adce-905b2cd2eda8?source=api-scan" ], "published": "2024-05-09 19:27:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57ed9593-787c-41c0-abad-c70459e1d128": { "id": "57ed9593-787c-41c0-abad-c70459e1d128", "title": "WP-Invoice \u2013 Web Invoice and Billing <= 4.1.0 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WP-Invoice \u2013 Web Invoice and Billing", "slug": "wp-invoice", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57ed9593-787c-41c0-abad-c70459e1d128?source=api-scan" ], "published": "2016-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57ef2e79-08b7-4e2a-ae63-957d197e24ac": { "id": "57ef2e79-08b7-4e2a-ae63-957d197e24ac", "title": "Enjoy Social Feed plugin for WordPress website <= 6.2.2 - Missing Authorization to Database Reset", "software": [ { "type": "plugin", "name": "Enjoy Social Feed plugin for WordPress website", "slug": "enjoy-instagram-instagram-responsive-images-gallery-and-carousel", "affected_versions": { "* - 6.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57ef2e79-08b7-4e2a-ae63-957d197e24ac?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "57f56362-da35-44ae-b1f5-4f5a6c21930e": { "id": "57f56362-da35-44ae-b1f5-4f5a6c21930e", "title": "Fileviewer <= 2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fileviewer", "slug": "fileviewer", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/57f56362-da35-44ae-b1f5-4f5a6c21930e?source=api-scan" ], "published": "2021-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5804b9da-11cd-4cb4-aa92-2c9e90aa527f": { "id": "5804b9da-11cd-4cb4-aa92-2c9e90aa527f", "title": "WordPress Core <= 3.0.1 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5804b9da-11cd-4cb4-aa92-2c9e90aa527f?source=api-scan" ], "published": "2010-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5804da94-1dee-47f8-930b-c5413d5506b9": { "id": "5804da94-1dee-47f8-930b-c5413d5506b9", "title": "Direct Download for Woocommerce < 1.16 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Direct Download for Woocommerce", "slug": "directdownload", "affected_versions": { "[*, 1.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5804da94-1dee-47f8-930b-c5413d5506b9?source=api-scan" ], "published": "2017-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "580f5cd1-2cda-4e8e-81b5-36ce39ebd907": { "id": "580f5cd1-2cda-4e8e-81b5-36ce39ebd907", "title": "Zarzadzanie Kontem (Unknown Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Zarzadzanie Kontem", "slug": "zarzadzanie_kontem", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/580f5cd1-2cda-4e8e-81b5-36ce39ebd907?source=api-scan" ], "published": "2012-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5811e36d-9457-4460-af92-046ddef41114": { "id": "5811e36d-9457-4460-af92-046ddef41114", "title": "ReDi Restaurant Reservation <= 24.0128 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ReDi Restaurant Reservation", "slug": "redi-restaurant-reservation", "affected_versions": { "* - 24.0128": { "from_version": "*", "from_inclusive": true, "to_version": "24.0128", "to_inclusive": true } }, "patched": true, "patched_versions": [ "24.0303" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5811e36d-9457-4460-af92-046ddef41114?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5811fc63-da34-43cb-ae33-a34a8795bb72": { "id": "5811fc63-da34-43cb-ae33-a34a8795bb72", "title": "IdeaPush <= 8.57 - Missing Authorization", "software": [ { "type": "plugin", "name": "IdeaPush", "slug": "ideapush", "affected_versions": { "* - 8.57": { "from_version": "*", "from_inclusive": true, "to_version": "8.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5811fc63-da34-43cb-ae33-a34a8795bb72?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "581792f3-7b57-418c-802b-2ff04f5b83bf": { "id": "581792f3-7b57-418c-802b-2ff04f5b83bf", "title": "WordPress RokBox <= 2.13 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "WordPress RokBox", "slug": "wp_rokbox", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/581792f3-7b57-418c-802b-2ff04f5b83bf?source=api-scan" ], "published": "2012-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "581e6686-a103-43f6-aa99-6a9862d98837": { "id": "581e6686-a103-43f6-aa99-6a9862d98837", "title": "WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation\/Activation", "software": [ { "type": "plugin", "name": "WP Child Theme Generator", "slug": "wp-child-theme-generator", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/581e6686-a103-43f6-aa99-6a9862d98837?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "582a536c-950e-424b-80a7-83608d220b87": { "id": "582a536c-950e-424b-80a7-83608d220b87", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio < 2.72 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "* - 2.71": { "from_version": "*", "from_inclusive": true, "to_version": "2.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/582a536c-950e-424b-80a7-83608d220b87?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "582e2896-d800-4d73-8cef-8af76cba1ba8": { "id": "582e2896-d800-4d73-8cef-8af76cba1ba8", "title": "DZS Video Gallery <= 3.1.3 - Limited Local File Inclusion", "software": [ { "type": "plugin", "name": "DZS Video Gallery", "slug": "dzs-videogallery", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/582e2896-d800-4d73-8cef-8af76cba1ba8?source=api-scan" ], "published": "2014-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58300545-3e53-49be-bf55-eaf3e4cd82e9": { "id": "58300545-3e53-49be-bf55-eaf3e4cd82e9", "title": "WordPress Core < 5.5.2 - Deserialization Gadget", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58300545-3e53-49be-bf55-eaf3e4cd82e9?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58354ce0-e166-431a-9fac-6c6d81e39e88": { "id": "58354ce0-e166-431a-9fac-6c6d81e39e88", "title": "Enable SVG Uploads <= 2.1.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Enable SVG Uploads", "slug": "enable-svg-uploads", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58354ce0-e166-431a-9fac-6c6d81e39e88?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5835fed0-5b9d-47b5-82ae-f0f19830ae2a": { "id": "5835fed0-5b9d-47b5-82ae-f0f19830ae2a", "title": "User Registration <= 2.3.2.1 - PHP Object Injection", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 2.3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5835fed0-5b9d-47b5-82ae-f0f19830ae2a?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58410382-8820-49e2-8dfd-87937287b8d1": { "id": "58410382-8820-49e2-8dfd-87937287b8d1", "title": "S3 Video <= 0.983 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "S3 Video Plugin", "slug": "s3-video", "affected_versions": { "* - 0.983": { "from_version": "*", "from_inclusive": true, "to_version": "0.983", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58410382-8820-49e2-8dfd-87937287b8d1?source=api-scan" ], "published": "2016-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58492dbb-b9e0-4477-b85d-ace06dba954c": { "id": "58492dbb-b9e0-4477-b85d-ace06dba954c", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.102": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.102", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.103" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58492dbb-b9e0-4477-b85d-ace06dba954c?source=api-scan" ], "published": "2024-05-09 19:02:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "584d4517-1152-42fa-9ea9-a9e9ed8996fa": { "id": "584d4517-1152-42fa-9ea9-a9e9ed8996fa", "title": "BlockMeister \u2013 Block Pattern Builder <= 3.1.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BlockMeister \u2013 Block Pattern Builder", "slug": "blockmeister", "affected_versions": { "* - 3.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/584d4517-1152-42fa-9ea9-a9e9ed8996fa?source=api-scan" ], "published": "2024-10-10 17:59:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58502e48-c1cf-4b94-954c-71046256c917": { "id": "58502e48-c1cf-4b94-954c-71046256c917", "title": "WP Forms Puzzle Captcha <= 4.1 - Captcha Bypass", "software": [ { "type": "plugin", "name": "WP Forms Puzzle Captcha", "slug": "wp-forms-puzzle-captcha", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58502e48-c1cf-4b94-954c-71046256c917?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5853aa0c-09cf-4af8-b75a-4ec95dfe94c3": { "id": "5853aa0c-09cf-4af8-b75a-4ec95dfe94c3", "title": "Atarim <= 3.31 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "* - 3.31": { "from_version": "*", "from_inclusive": true, "to_version": "3.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5853aa0c-09cf-4af8-b75a-4ec95dfe94c3?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "585a7332-b063-463c-8077-68a860e14df2": { "id": "585a7332-b063-463c-8077-68a860e14df2", "title": "Download Plugin < 1.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Download Plugin", "slug": "download-plugin", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/585a7332-b063-463c-8077-68a860e14df2?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "585d0368-7557-46aa-9ea3-26cd6d7df51b": { "id": "585d0368-7557-46aa-9ea3-26cd6d7df51b", "title": "SP Project & Document Manager <= 4.56 - Cross-Site Request Forgery and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.56": { "from_version": "*", "from_inclusive": true, "to_version": "4.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/585d0368-7557-46aa-9ea3-26cd6d7df51b?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "585fc053-b54f-428e-9abc-9501508aef69": { "id": "585fc053-b54f-428e-9abc-9501508aef69", "title": "Jayj Quicktag < 1.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Jayj Quicktag", "slug": "jayj-quicktag", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/585fc053-b54f-428e-9abc-9501508aef69?source=api-scan" ], "published": "2017-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5860fe2a-edb4-4542-9a87-d0ab6819dd77": { "id": "5860fe2a-edb4-4542-9a87-d0ab6819dd77", "title": "EventCalendar < 1.0.94 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Calendar WD version", "slug": "event-calendar-wd", "affected_versions": { "[*, 1.0.94)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.94", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5860fe2a-edb4-4542-9a87-d0ab6819dd77?source=api-scan" ], "published": "2017-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "586137a5-8758-400e-a66a-2382f8633578": { "id": "586137a5-8758-400e-a66a-2382f8633578", "title": "Google Maps Easy <= 1.9.33 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Google Maps", "slug": "google-maps-easy", "affected_versions": { "* - 1.9.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/586137a5-8758-400e-a66a-2382f8633578?source=api-scan" ], "published": "2021-11-01 10:32:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "586a4d73-7d3e-4c1d-b369-76f804e555fd": { "id": "586a4d73-7d3e-4c1d-b369-76f804e555fd", "title": "ListingPro <= 2.9.3 - Cross-Site Request Forgery to Account Takeover", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/586a4d73-7d3e-4c1d-b369-76f804e555fd?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "586c8952-a427-47f8-8d2d-117e527b0f74": { "id": "586c8952-a427-47f8-8d2d-117e527b0f74", "title": "Dropdown and scrollable Text <= 2.0 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dropdown and scrollable Text", "slug": "dropdown-and-scrollable-text", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/586c8952-a427-47f8-8d2d-117e527b0f74?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5872a69d-3314-4900-8f7b-bcbd8787a9fe": { "id": "5872a69d-3314-4900-8f7b-bcbd8787a9fe", "title": "Fancy Cats <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fancy Cats", "slug": "fancy-cats", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5872a69d-3314-4900-8f7b-bcbd8787a9fe?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5873ad24-a105-4ad0-b809-5bf13e61b0fa": { "id": "5873ad24-a105-4ad0-b809-5bf13e61b0fa", "title": "Spiffy Calendar <= 4.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5873ad24-a105-4ad0-b809-5bf13e61b0fa?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5875a4c2-a309-41fb-8845-2935511ec6c0": { "id": "5875a4c2-a309-41fb-8845-2935511ec6c0", "title": "UnGallery < 2.1.6 - Command Injection", "software": [ { "type": "plugin", "name": "UnGallery", "slug": "ungallery", "affected_versions": { "[*, 2.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5875a4c2-a309-41fb-8845-2935511ec6c0?source=api-scan" ], "published": "2012-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5881d16c-84e8-4610-8233-cfa5a94fe3f9": { "id": "5881d16c-84e8-4610-8233-cfa5a94fe3f9", "title": "MStore API <= 3.9.1 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5881d16c-84e8-4610-8233-cfa5a94fe3f9?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5886128e-e72f-4d84-8c17-1ed4a0fcc17e": { "id": "5886128e-e72f-4d84-8c17-1ed4a0fcc17e", "title": "Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in import_wpforms", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5886128e-e72f-4d84-8c17-1ed4a0fcc17e?source=api-scan" ], "published": "2023-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5887cf20-dc15-45be-8573-e893d5367995": { "id": "5887cf20-dc15-45be-8573-e893d5367995", "title": "BerqWP <= 1.7.5 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "BerqWP \u2013 Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript", "slug": "searchpro", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5887cf20-dc15-45be-8573-e893d5367995?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58884dcb-dad3-4856-aa54-c5b769d4f9e1": { "id": "58884dcb-dad3-4856-aa54-c5b769d4f9e1", "title": "Use Any Font | Custom Font Uploader <= 6.2.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Use Any Font | Custom Font Uploader", "slug": "use-any-font", "affected_versions": { "* - 6.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58884dcb-dad3-4856-aa54-c5b769d4f9e1?source=api-scan" ], "published": "2022-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "588ece40-a848-4b2c-9db5-e63e0d11dda0": { "id": "588ece40-a848-4b2c-9db5-e63e0d11dda0", "title": "WP e-Commerce \u2013 Store Toolkit <= 2.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP e-Commerce \u2013 Store Toolkit", "slug": "store-toolkit-for-wp-e-commerce", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/588ece40-a848-4b2c-9db5-e63e0d11dda0?source=api-scan" ], "published": "2016-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5898944f-565c-4950-83e8-ad0de0f948d1": { "id": "5898944f-565c-4950-83e8-ad0de0f948d1", "title": "PayTR Taksit Tablosu <= 1.3.2 - Improper Authorization", "software": [ { "type": "plugin", "name": "PayTR Taksit Tablosu \u2013 WooCommerce", "slug": "paytr-taksit-tablosu-woocommerce", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5898944f-565c-4950-83e8-ad0de0f948d1?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "589fa6f2-fa60-4bdc-9692-50d5591ceb93": { "id": "589fa6f2-fa60-4bdc-9692-50d5591ceb93", "title": "FlipBook <= 1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "FlipBook", "slug": "flipbook", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/589fa6f2-fa60-4bdc-9692-50d5591ceb93?source=api-scan" ], "published": "2012-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58a1f3a1-e00c-4b63-83ad-73205c67c0ac": { "id": "58a1f3a1-e00c-4b63-83ad-73205c67c0ac", "title": "eBay Dropshipping and Affiliate by Wooshark <= 1.5.6 - Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "eBay Dropshipping and Affiliate by Wooshark", "slug": "woo-reviews-manager", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58a1f3a1-e00c-4b63-83ad-73205c67c0ac?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58a4cb88-033e-48f4-b6fa-2a9754ab6a7f": { "id": "58a4cb88-033e-48f4-b6fa-2a9754ab6a7f", "title": "WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate < 4.10.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "[*, 4.10.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58a4cb88-033e-48f4-b6fa-2a9754ab6a7f?source=api-scan" ], "published": "2017-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58a83ec8-e294-4fb6-9f1a-19562b2e499d": { "id": "58a83ec8-e294-4fb6-9f1a-19562b2e499d", "title": "School Management System \u2013 WPSchoolPress < 2.1.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "School Management System \u2013 WPSchoolPress", "slug": "wpschoolpress", "affected_versions": { "[*, 2.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58a83ec8-e294-4fb6-9f1a-19562b2e499d?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58ae3a89-200b-475c-8d32-a24502eb95c6": { "id": "58ae3a89-200b-475c-8d32-a24502eb95c6", "title": "Annual Archive <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Annual Archive", "slug": "anual-archive", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58ae3a89-200b-475c-8d32-a24502eb95c6?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58b29729-e9c3-4d57-affd-6142dfa8cc6f": { "id": "58b29729-e9c3-4d57-affd-6142dfa8cc6f", "title": "Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxRenameCategory", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58b29729-e9c3-4d57-affd-6142dfa8cc6f?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58b59e65-420c-45f5-a34c-2d2003f4e3ae": { "id": "58b59e65-420c-45f5-a34c-2d2003f4e3ae", "title": "Broken Link Checker <= 1.11.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "[*, 1.11.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58b59e65-420c-45f5-a34c-2d2003f4e3ae?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58b7736a-e3e0-4ecd-9adf-284568b02ef7": { "id": "58b7736a-e3e0-4ecd-9adf-284568b02ef7", "title": "Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification", "software": [ { "type": "plugin", "name": "Swift Performance Lite", "slug": "swift-performance-lite", "affected_versions": { "* - 2.3.6.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58b7736a-e3e0-4ecd-9adf-284568b02ef7?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58b8e6f5-5cf8-4dbb-89e9-69266bdc1a30": { "id": "58b8e6f5-5cf8-4dbb-89e9-69266bdc1a30", "title": "WP Customize Login <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Customize Login", "slug": "customize-login", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58b8e6f5-5cf8-4dbb-89e9-69266bdc1a30?source=api-scan" ], "published": "2021-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58bd4a75-8e24-4810-8b9d-c9ffad1c2208": { "id": "58bd4a75-8e24-4810-8b9d-c9ffad1c2208", "title": "WP Donate <= 1.4 - Unauthenticated SQL Injection in donate-display.php", "software": [ { "type": "plugin", "name": "WP Donate", "slug": "wp-donate", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58bd4a75-8e24-4810-8b9d-c9ffad1c2208?source=api-scan" ], "published": "2023-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58bdd837-adae-4fa9-9ca3-00633a6a1ede": { "id": "58bdd837-adae-4fa9-9ca3-00633a6a1ede", "title": "WPFront Notification Bar <= 1.9.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFront Notification Bar", "slug": "wpfront-notification-bar", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58bdd837-adae-4fa9-9ca3-00633a6a1ede?source=api-scan" ], "published": "2021-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58c30b06-3d31-4489-a068-d447042eea58": { "id": "58c30b06-3d31-4489-a068-d447042eea58", "title": "Zoner - Real Estate WordPress Theme < 4.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Zoner - Real Estate WordPress Theme", "slug": "zoner", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58c30b06-3d31-4489-a068-d447042eea58?source=api-scan" ], "published": "2019-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58c63799-7d6a-417d-9992-4ab425ae1f1e": { "id": "58c63799-7d6a-417d-9992-4ab425ae1f1e", "title": "UpdraftPlus WordPress Backup Plugin <= 1.16.68 - Reflected Cross-Site Scripting via updraft_restore", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "0.7.4 - 1.16.68": { "from_version": "0.7.4", "from_inclusive": true, "to_version": "1.16.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58c63799-7d6a-417d-9992-4ab425ae1f1e?source=api-scan" ], "published": "2021-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58c79117-3a36-4a23-9f3d-067094d13edf": { "id": "58c79117-3a36-4a23-9f3d-067094d13edf", "title": "Wordfence Security \u2013 Firewall & Malware Scan <= 5.1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "* - 5.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58c79117-3a36-4a23-9f3d-067094d13edf?source=api-scan" ], "published": "2014-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb": { "id": "58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb", "title": "ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58cfb328-40d0-4bea-a707-d5d6c1ce364a": { "id": "58cfb328-40d0-4bea-a707-d5d6c1ce364a", "title": "Sticky Social Media Icons <= 2.0 - Missing Authorization via ajax_request_handle", "software": [ { "type": "plugin", "name": "Sticky Social Media Icons", "slug": "sticky-social-media-icons", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58cfb328-40d0-4bea-a707-d5d6c1ce364a?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58d25eeb-b12c-4850-8308-eaa30982b5a8": { "id": "58d25eeb-b12c-4850-8308-eaa30982b5a8", "title": "BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58da5adc-bb2e-409d-a623-12b19e6da138": { "id": "58da5adc-bb2e-409d-a623-12b19e6da138", "title": "WP Google Map <= 1.8.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Maps Plugin using Google Maps for WordPress \u2013 WP Google Map", "slug": "gmap-embed", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58da5adc-bb2e-409d-a623-12b19e6da138?source=api-scan" ], "published": "2021-12-08 12:44:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58dfd766-7156-4aec-b8db-76908b775ba0": { "id": "58dfd766-7156-4aec-b8db-76908b775ba0", "title": "Elementor Addons by Livemesh <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marquee Text Widget, Testimonials Widget, and Testimonial Slider Widgets", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58dfd766-7156-4aec-b8db-76908b775ba0?source=api-scan" ], "published": "2024-07-03 14:51:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58e1a5a1-800f-45e8-a356-759ba568d7c5": { "id": "58e1a5a1-800f-45e8-a356-759ba568d7c5", "title": "SEUR Oficial < 1.7.2 - Authenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "SEUR Oficial", "slug": "seur", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58e1a5a1-800f-45e8-a356-759ba568d7c5?source=api-scan" ], "published": "2022-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58e3b7f1-26f4-453a-ae1f-a1e6eed0348c": { "id": "58e3b7f1-26f4-453a-ae1f-a1e6eed0348c", "title": "WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58e3b7f1-26f4-453a-ae1f-a1e6eed0348c?source=api-scan" ], "published": "2019-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58e84d8f-a091-493f-8e5d-52c1ad5afcdb": { "id": "58e84d8f-a091-493f-8e5d-52c1ad5afcdb", "title": "Elegance <= 2.4 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Elegance", "slug": "elegance", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58e84d8f-a091-493f-8e5d-52c1ad5afcdb?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58e8befa-bc8d-4731-be2c-ccf613b39fdd": { "id": "58e8befa-bc8d-4731-be2c-ccf613b39fdd", "title": "Shipping with Venipak for WooCommerce <= 1.19.5 - Reflected Cross-Site Scripting via 'venipak_labels_link'", "software": [ { "type": "plugin", "name": "Shipping with Venipak for WooCommerce", "slug": "wc-venipak-shipping", "affected_versions": { "* - 1.19.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.19.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58e8befa-bc8d-4731-be2c-ccf613b39fdd?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58ea0c9c-f63d-4c31-b02e-a86d5fe732aa": { "id": "58ea0c9c-f63d-4c31-b02e-a86d5fe732aa", "title": "Flash News (All Versions) - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Flash News", "slug": "flashnews", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58ea0c9c-f63d-4c31-b02e-a86d5fe732aa?source=api-scan" ], "published": "2013-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58ee5f31-7d10-4772-929c-98249a351342": { "id": "58ee5f31-7d10-4772-929c-98249a351342", "title": "Custom post types <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom post types, Custom Fields & more", "slug": "custom-post-types", "affected_versions": { "* - 5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58ee5f31-7d10-4772-929c-98249a351342?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58f86bdb-2332-4972-bf00-f7370ffd0c57": { "id": "58f86bdb-2332-4972-bf00-f7370ffd0c57", "title": "Watu Quiz <= 3.4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 3.4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58f86bdb-2332-4972-bf00-f7370ffd0c57?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58f8bba4-1be5-4111-aa41-d076a6f06948": { "id": "58f8bba4-1be5-4111-aa41-d076a6f06948", "title": "Loginizer <= 1.6.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Loginizer", "slug": "loginizer", "affected_versions": { "[*, 1.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58f8bba4-1be5-4111-aa41-d076a6f06948?source=api-scan" ], "published": "2020-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58f9ba6c-1754-4da2-8bfd-b473c7928805": { "id": "58f9ba6c-1754-4da2-8bfd-b473c7928805", "title": "Editorial Calendar <= 2.6 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Editorial Calendar", "slug": "editorial-calendar", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58f9ba6c-1754-4da2-8bfd-b473c7928805?source=api-scan" ], "published": "2013-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "58fa1235-846f-4bd4-ba0d-be6b039f411e": { "id": "58fa1235-846f-4bd4-ba0d-be6b039f411e", "title": "RK Responsive Contact Form <= 1.0.0 - SQL Injection", "software": [ { "type": "plugin", "name": "RK Responsive Contact Form", "slug": "rk-responsive-contact-form", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/58fa1235-846f-4bd4-ba0d-be6b039f411e?source=api-scan" ], "published": "2017-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5900d571-dc97-4c81-8ff3-7d7350b4c89f": { "id": "5900d571-dc97-4c81-8ff3-7d7350b4c89f", "title": "RokIntroScroller <= 1.8 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "RokIntroScroller", "slug": "wp_rokintroscroller", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5900d571-dc97-4c81-8ff3-7d7350b4c89f?source=api-scan" ], "published": "2013-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5909513d-8877-40ff-bee9-d565141b7ed2": { "id": "5909513d-8877-40ff-bee9-d565141b7ed2", "title": "nsc <= 1.0 - Prototype Pollution to Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "NSC WordPress Theme", "slug": "nsc", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5909513d-8877-40ff-bee9-d565141b7ed2?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59170f0a-975e-487c-bdb0-585c802b3127": { "id": "59170f0a-975e-487c-bdb0-585c802b3127", "title": "JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59170f0a-975e-487c-bdb0-585c802b3127?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "591ddcd7-9ed1-47b5-89c5-fd477bc9f9a9": { "id": "591ddcd7-9ed1-47b5-89c5-fd477bc9f9a9", "title": "Better Elementor Addons <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Elementor Addons", "slug": "better-elementor-addons", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/591ddcd7-9ed1-47b5-89c5-fd477bc9f9a9?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "592440ab-60ac-419f-b615-e5617460aea9": { "id": "592440ab-60ac-419f-b615-e5617460aea9", "title": "WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.12.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/592440ab-60ac-419f-b615-e5617460aea9?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59278214-b0ce-44bf-8d8f-265c5c50006a": { "id": "59278214-b0ce-44bf-8d8f-265c5c50006a", "title": "Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Coming Soon & Maintenance Mode Page & Under Construction", "slug": "nifty-coming-soon-and-under-construction-page", "affected_versions": { "* - 1.57": { "from_version": "*", "from_inclusive": true, "to_version": "1.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59278214-b0ce-44bf-8d8f-265c5c50006a?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "592867de-17b5-4461-a479-ecfbbef55a0b": { "id": "592867de-17b5-4461-a479-ecfbbef55a0b", "title": "Relevanssi <= 4.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/592867de-17b5-4461-a479-ecfbbef55a0b?source=api-scan" ], "published": "2018-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "592b1df5-74d5-4414-aacb-7497f0f307f1": { "id": "592b1df5-74d5-4414-aacb-7497f0f307f1", "title": "Digital Publications by Supsystic <= 1.6.12 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Flipbook by Supsystic", "slug": "digital-publications-by-supsystic", "affected_versions": { "* - 1.6.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/592b1df5-74d5-4414-aacb-7497f0f307f1?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5931ad4e-7de3-41ac-b783-f7e58aaef569": { "id": "5931ad4e-7de3-41ac-b783-f7e58aaef569", "title": "WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=api-scan" ], "published": "2024-06-19 12:20:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "593299e5-d9eb-4240-8413-c0fe5ab79d82": { "id": "593299e5-d9eb-4240-8413-c0fe5ab79d82", "title": "Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sensei LMS \u2013 Online Courses, Quizzes, & Learning", "slug": "sensei-lms", "affected_versions": { "* - 4.23.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.0" ] }, { "type": "plugin", "name": "Sensei Pro (WC Paid Courses)", "slug": "woothemes-sensei", "affected_versions": { "* - 4.23.1.1.23.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.1.1.23.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.0.1.24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/593299e5-d9eb-4240-8413-c0fe5ab79d82?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5933fc11-8f06-4d58-9483-d06997e5d731": { "id": "5933fc11-8f06-4d58-9483-d06997e5d731", "title": "WP-Filebase Download Manager <= 0.3.0.03 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WP-Filebase", "slug": "wp-filebase", "affected_versions": { "* - 0.3.0.03": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.0.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.0.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5933fc11-8f06-4d58-9483-d06997e5d731?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "593b2ea2-0627-45ce-b672-cc815bff338b": { "id": "593b2ea2-0627-45ce-b672-cc815bff338b", "title": "Glossary <= 2.2.26 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Glossary", "slug": "glossary-by-codeat", "affected_versions": { "* - 2.2.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/593b2ea2-0627-45ce-b672-cc815bff338b?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "593eb5bc-59f9-4944-b147-4ba66d49abe6": { "id": "593eb5bc-59f9-4944-b147-4ba66d49abe6", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/593eb5bc-59f9-4944-b147-4ba66d49abe6?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5947f7cb-de84-4a62-bef7-cbeb1f20bb72": { "id": "5947f7cb-de84-4a62-bef7-cbeb1f20bb72", "title": "Flexible Woocommerce Checkout Field Editor <= 2.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Flexible Woocommerce Checkout Field Editor", "slug": "flexible-woocommerce-checkout-field-editor", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5947f7cb-de84-4a62-bef7-cbeb1f20bb72?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59532447-1d74-4d34-85f5-d89b65a001d8": { "id": "59532447-1d74-4d34-85f5-d89b65a001d8", "title": "JetBackup \u2013 WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59532447-1d74-4d34-85f5-d89b65a001d8?source=api-scan" ], "published": "2020-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5954369b-ff1b-40ff-a20d-1b2b237a6f42": { "id": "5954369b-ff1b-40ff-a20d-1b2b237a6f42", "title": "WP-SpamFree Anti-Spam <= 2.1.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-spamfree", "slug": "wp-spamfree", "affected_versions": { "* - 2.1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5954369b-ff1b-40ff-a20d-1b2b237a6f42?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5954bdc0-09e9-4691-95ff-02f7304514c9": { "id": "5954bdc0-09e9-4691-95ff-02f7304514c9", "title": "ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "ACF Quick Edit Fields", "slug": "acf-quickedit-fields", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5954bdc0-09e9-4691-95ff-02f7304514c9?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5954c35a-7d0a-4bc5-9cad-3223e7be56eb": { "id": "5954c35a-7d0a-4bc5-9cad-3223e7be56eb", "title": "InstaWP Connect <= 0.1.0.8 - Cross-Site Request Forgery via create_file_db_manager", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5954c35a-7d0a-4bc5-9cad-3223e7be56eb?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "595d0401-55b9-418e-8b99-48b23e9a2662": { "id": "595d0401-55b9-418e-8b99-48b23e9a2662", "title": "Rucy <= 0.4.4 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Rucy", "slug": "rucy", "affected_versions": { "* - 0.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/595d0401-55b9-418e-8b99-48b23e9a2662?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "595d6cdb-8a42-480e-8b04-52998156488c": { "id": "595d6cdb-8a42-480e-8b04-52998156488c", "title": "Giveaways and Contests by RafflePress <= 1.12.7 - Unauthenticated IP Spoofing", "software": [ { "type": "plugin", "name": "Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers", "slug": "rafflepress", "affected_versions": { "* - 1.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/595d6cdb-8a42-480e-8b04-52998156488c?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "595fac73-c583-4712-ad37-fbd0fa3eb147": { "id": "595fac73-c583-4712-ad37-fbd0fa3eb147", "title": "Loginizer <= 1.3.5 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "Loginizer", "slug": "loginizer", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/595fac73-c583-4712-ad37-fbd0fa3eb147?source=api-scan" ], "published": "2017-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5964dd2a-e388-4454-89f6-aa71e1734d35": { "id": "5964dd2a-e388-4454-89f6-aa71e1734d35", "title": "Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Gutenberg Forms \u2013 WordPress Form Builder Plugin", "slug": "forms-gutenberg", "affected_versions": { "* - 2.2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5964dd2a-e388-4454-89f6-aa71e1734d35?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5965a8b6-116e-4029-9a76-b64c03c25ece": { "id": "5965a8b6-116e-4029-9a76-b64c03c25ece", "title": "WP Fastest Cache <= 0.8.8.5 - Cross-Site Request Forgery via page to wpfastestcacheoptions", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5965a8b6-116e-4029-9a76-b64c03c25ece?source=api-scan" ], "published": "2018-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5966a86c-f1e6-4d53-b32a-fa1440d65819": { "id": "5966a86c-f1e6-4d53-b32a-fa1440d65819", "title": "Import Export WordPress Users and WooCommerce Customers <= 1.3.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Export and Import Users and Customers", "slug": "users-customers-import-export-for-wp-woocommerce", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5966a86c-f1e6-4d53-b32a-fa1440d65819?source=api-scan" ], "published": "2018-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "596d1083-2030-41f0-92d4-82e98bf07331": { "id": "596d1083-2030-41f0-92d4-82e98bf07331", "title": "Skysa App Bar Integration < 1.04 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Skysa App Bar Integration", "slug": "skysa-official", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/596d1083-2030-41f0-92d4-82e98bf07331?source=api-scan" ], "published": "2011-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "596e970b-5a40-46cd-aa32-ac6ace39c21b": { "id": "596e970b-5a40-46cd-aa32-ac6ace39c21b", "title": "Ocean Extra <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/596e970b-5a40-46cd-aa32-ac6ace39c21b?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59707c64-a34c-45bc-bbbe-d447fe2ca6ab": { "id": "59707c64-a34c-45bc-bbbe-d447fe2ca6ab", "title": "Loggedin \u2013 Limit Active Logins <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Loggedin \u2013 Limit Active Logins", "slug": "loggedin", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59707c64-a34c-45bc-bbbe-d447fe2ca6ab?source=api-scan" ], "published": "2024-09-30 19:43:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5971447d-0634-49a5-91d0-c4f0c0825a86": { "id": "5971447d-0634-49a5-91d0-c4f0c0825a86", "title": "Staff Directory Plugin <= 3.6 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Staff Directory Plugin: Company Directory", "slug": "staff-directory-pro", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5971447d-0634-49a5-91d0-c4f0c0825a86?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5973afaa-5a64-4db1-8e32-3b39d1367eb8": { "id": "5973afaa-5a64-4db1-8e32-3b39d1367eb8", "title": "SIS Handball <= 1.0.45 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SIS Handball", "slug": "sis-handball", "affected_versions": { "* - 1.0.45": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.45", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5973afaa-5a64-4db1-8e32-3b39d1367eb8?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5975a107-8083-4f9e-b2b2-8c6ae1ac8f39": { "id": "5975a107-8083-4f9e-b2b2-8c6ae1ac8f39", "title": "itemprop WP for SERP\/SEO Rich snippets <= 3.5.201706131 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "itemprop WP for SERP\/SEO Rich snippets", "slug": "itempropwp", "affected_versions": { "* - 3.5.201706131": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.201706131", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5975a107-8083-4f9e-b2b2-8c6ae1ac8f39?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "597660c5-8c99-40b1-8780-5a2ab9c07656": { "id": "597660c5-8c99-40b1-8780-5a2ab9c07656", "title": "Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Pexels: Free Stock Photos", "slug": "wp-pexels-free-stock-photos", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/597660c5-8c99-40b1-8780-5a2ab9c07656?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "597786ce-58eb-4e96-a80e-bad3e75787fa": { "id": "597786ce-58eb-4e96-a80e-bad3e75787fa", "title": "Payment gateway per Product for WooCommerce <= 3.2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Payment gateway per Product for WooCommerce", "slug": "woocommerce-product-payments", "affected_versions": { "[*, 3.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/597786ce-58eb-4e96-a80e-bad3e75787fa?source=api-scan" ], "published": "2023-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5979f2eb-2ca8-4b06-814c-c4236bb81af0": { "id": "5979f2eb-2ca8-4b06-814c-c4236bb81af0", "title": "Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "597f06ac-f9c7-4dcb-bb72-15ed7e9d8ac6": { "id": "597f06ac-f9c7-4dcb-bb72-15ed7e9d8ac6", "title": "UpdraftPlus <= 1.23.3 - Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "* - 1.23.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/597f06ac-f9c7-4dcb-bb72-15ed7e9d8ac6?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "597fe53e-769e-4edd-b0b9-2bd2cff50da6": { "id": "597fe53e-769e-4edd-b0b9-2bd2cff50da6", "title": "Video Contest WordPress Plugin <= 3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Video Contest WordPress Plugin", "slug": "video-contest", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/597fe53e-769e-4edd-b0b9-2bd2cff50da6?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5981209b-5dc7-4823-bd90-2f9514beb616": { "id": "5981209b-5dc7-4823-bd90-2f9514beb616", "title": "Announcer \u2013 Notification & message bars <= 6.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Announcer \u2013 Sticky Message Banner, Notification Bar \u2013 Add to Top, Bottom of your Website", "slug": "announcer", "affected_versions": { "* - 6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5981209b-5dc7-4823-bd90-2f9514beb616?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59859583-49e5-4a80-8659-b9ca7ddc089d": { "id": "59859583-49e5-4a80-8659-b9ca7ddc089d", "title": "Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation", "software": [ { "type": "plugin", "name": "Tutor LMS Pro", "slug": "tutor-pro", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59859583-49e5-4a80-8659-b9ca7ddc089d?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "598768fe-e36d-48d8-925e-64513f36b18b": { "id": "598768fe-e36d-48d8-925e-64513f36b18b", "title": "CTT Expresso para WooCommerce <= 3.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CTT Expresso para WooCommerce", "slug": "ctt-expresso-para-woocommerce", "affected_versions": { "* - 3.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/598768fe-e36d-48d8-925e-64513f36b18b?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "598875c5-65f4-4512-bf76-a9c02fc16992": { "id": "598875c5-65f4-4512-bf76-a9c02fc16992", "title": "Masterstudy Elementor Widgets <= 1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Masterstudy Elementor Widgets", "slug": "masterstudy-elementor-widgets", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/598875c5-65f4-4512-bf76-a9c02fc16992?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5988fb74-01d1-426f-9a38-62336a59211b": { "id": "5988fb74-01d1-426f-9a38-62336a59211b", "title": "Post Teaser <= 4.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Post Teaser", "slug": "post-teaser", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5988fb74-01d1-426f-9a38-62336a59211b?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "598e2c2e-7dd5-435e-a366-6c7569243f2a": { "id": "598e2c2e-7dd5-435e-a366-6c7569243f2a", "title": "Export WP Page to Static HTML\/CSS <= 2.2.2 - Open Redirect", "software": [ { "type": "plugin", "name": "Export WP Page to Static HTML\/CSS", "slug": "export-wp-page-to-static-html", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=api-scan" ], "published": "2024-06-19 12:17:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "598e38d7-b5a9-43c1-b908-dab8bbe24115": { "id": "598e38d7-b5a9-43c1-b908-dab8bbe24115", "title": "breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "breadcrumb simple", "slug": "breadcrumb-simple", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/598e38d7-b5a9-43c1-b908-dab8bbe24115?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "598fffcd-0318-4e41-8837-f65761390c19": { "id": "598fffcd-0318-4e41-8837-f65761390c19", "title": "WP OAuth Server (OAuth Authentication) < 3.1.5 - Pseudorandom Number Generation", "software": [ { "type": "plugin", "name": "WP OAuth Server (OAuth Authentication)", "slug": "oauth2-provider", "affected_versions": { "[*, 3.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/598fffcd-0318-4e41-8837-f65761390c19?source=api-scan" ], "published": "2015-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59926d18-215e-4de3-acf2-19870026a13f": { "id": "59926d18-215e-4de3-acf2-19870026a13f", "title": "Lets-Box < 1.15.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lets-Box", "slug": "lets-box", "affected_versions": { "[*, 1.15.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59926d18-215e-4de3-acf2-19870026a13f?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59931266-766f-42d2-bcde-04d694a444b0": { "id": "59931266-766f-42d2-bcde-04d694a444b0", "title": "Smart WooCommerce Search <= 2.5.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Smart WooCommerce Search", "slug": "smart-woocommerce-search", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59931266-766f-42d2-bcde-04d694a444b0?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59971f3d-2f98-44fd-a105-621a315721ae": { "id": "59971f3d-2f98-44fd-a105-621a315721ae", "title": "WP Symposium <= 15.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "* - 15.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "15.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59971f3d-2f98-44fd-a105-621a315721ae?source=api-scan" ], "published": "2015-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "599c6984-5d52-4d0f-86a1-b88f6c9797ed": { "id": "599c6984-5d52-4d0f-86a1-b88f6c9797ed", "title": "Post, Registration and Profile Form Builder \u2013 FrontEnd Editor BuddyForms \u2013 Easy WordPress Forms <= 2.2.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/599c6984-5d52-4d0f-86a1-b88f6c9797ed?source=api-scan" ], "published": "2018-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59a05868-7457-4fb1-845e-bf7044d5cb81": { "id": "59a05868-7457-4fb1-845e-bf7044d5cb81", "title": "Workreap - Freelance Marketplace and Directory WordPress Theme < 2.2.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Workreap - Freelance Marketplace and Directory WordPress Theme", "slug": "workreap", "affected_versions": { "[*, 2.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59a05868-7457-4fb1-845e-bf7044d5cb81?source=api-scan" ], "published": "2021-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59a349f2-048d-49a5-92ea-c19f1d1cd45e": { "id": "59a349f2-048d-49a5-92ea-c19f1d1cd45e", "title": "MultiVendorX Marketplace \u2013 WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 4.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59a349f2-048d-49a5-92ea-c19f1d1cd45e?source=api-scan" ], "published": "2024-06-05 20:34:43", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59a645e4-2a23-4440-a463-fa197dfa20b2": { "id": "59a645e4-2a23-4440-a463-fa197dfa20b2", "title": "WA Form Builder <= 1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WA Form Builder", "slug": "wa-form-builder", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59a645e4-2a23-4440-a463-fa197dfa20b2?source=api-scan" ], "published": "2016-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59ada382-5559-49a5-84ea-69201d185829": { "id": "59ada382-5559-49a5-84ea-69201d185829", "title": "Goto - Tour & Travel WordPress Theme < 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Goto - Tour & Travel WordPress Theme", "slug": "goto", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59ada382-5559-49a5-84ea-69201d185829?source=api-scan" ], "published": "2021-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59b09f36-79e8-4f14-b970-a7994d193782": { "id": "59b09f36-79e8-4f14-b970-a7994d193782", "title": "WooCommerce Warranty Requests <= 2.1.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Warranty Requests", "slug": "woocommerce-warranty", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59b09f36-79e8-4f14-b970-a7994d193782?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59b63a01-fd8b-4742-a52f-c0a7b59e9e04": { "id": "59b63a01-fd8b-4742-a52f-c0a7b59e9e04", "title": "Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "* - 21.3": { "from_version": "*", "from_inclusive": true, "to_version": "21.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59b63a01-fd8b-4742-a52f-c0a7b59e9e04?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59b90bf9-c053-4c70-ab30-e1565a65cbce": { "id": "59b90bf9-c053-4c70-ab30-e1565a65cbce", "title": "wpDataTables \u2013 WordPress Tables & Table Charts Plugin <= 2.1.27 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 2.1.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59b90bf9-c053-4c70-ab30-e1565a65cbce?source=api-scan" ], "published": "2022-04-04 07:05:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59bc1c34-15f4-473b-a988-a1c80997e438": { "id": "59bc1c34-15f4-473b-a988-a1c80997e438", "title": "Simple SEO <= 1.7.91 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple SEO", "slug": "cds-simple-seo", "affected_versions": { "* - 1.7.91": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59bc1c34-15f4-473b-a988-a1c80997e438?source=api-scan" ], "published": "2022-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59bcd246-ca2f-4336-9a6e-89afe873ed25": { "id": "59bcd246-ca2f-4336-9a6e-89afe873ed25", "title": "Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 22.6": { "from_version": "*", "from_inclusive": true, "to_version": "22.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "22.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59bcd246-ca2f-4336-9a6e-89afe873ed25?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59be1fc7-2854-404d-8e9d-dd9bd26e6a2c": { "id": "59be1fc7-2854-404d-8e9d-dd9bd26e6a2c", "title": "Rencontre \u2013 Dating Site <= 3.10.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "* - 3.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59be1fc7-2854-404d-8e9d-dd9bd26e6a2c?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59be2283-1356-48aa-bbda-f796fd799330": { "id": "59be2283-1356-48aa-bbda-f796fd799330", "title": "DMCA WaterMarker < 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DMCA WaterMarker", "slug": "dmca-watermarker", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59be2283-1356-48aa-bbda-f796fd799330?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59bf14a9-5abe-4b83-9364-d318eedaba83": { "id": "59bf14a9-5abe-4b83-9364-d318eedaba83", "title": "AccessPress Themes and Plugin <= Various Versions - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "The Monday", "slug": "the-monday", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Doko", "slug": "doko", "affected_versions": { "* - 1.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "theme", "name": "Eight Sec", "slug": "eight-sec", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Revolve", "slug": "revolve", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Bingle", "slug": "bingle", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "theme", "name": "ParallaxSome", "slug": "parallaxsome", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] }, { "type": "theme", "name": "Uncode Lite", "slug": "uncode-lite", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "EightLaw Lite", "slug": "eightlaw-lite", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] }, { "type": "theme", "name": "AccessPress Lite", "slug": "accesspress-lite", "affected_versions": { "* - 2.92": { "from_version": "*", "from_inclusive": true, "to_version": "2.92", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.93" ] }, { "type": "theme", "name": "FotoGraphy", "slug": "fotography", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "theme", "name": "Arrival", "slug": "arrival", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "theme", "name": "VMag", "slug": "vmag", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] }, { "type": "theme", "name": "AccessPress Mag", "slug": "accesspress-mag", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] }, { "type": "theme", "name": "Sakala", "slug": "sakala", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "theme", "name": "VMagazine Lite", "slug": "vmagazine-lite", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "theme", "name": "Digital Agency Lite", "slug": "digital-agency-lite", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] }, { "type": "theme", "name": "The Launcher", "slug": "the-launcher", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] }, { "type": "theme", "name": "Zigcy Lite", "slug": "zigcy-lite", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] }, { "type": "theme", "name": "Brovy", "slug": "brovy", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Eightmedi Lite", "slug": "eightmedi-lite", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] }, { "type": "theme", "name": "WPparallax", "slug": "wpparallax", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Enlighten", "slug": "enlighten", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "theme", "name": "EightStore Lite", "slug": "eightstore-lite", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "theme", "name": "AccessPress Store", "slug": "accesspress-store", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] }, { "type": "theme", "name": "Swing Lite", "slug": "swing-lite", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "theme", "name": "Ripple", "slug": "ripple", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Access Demo Importer", "slug": "access-demo-importer", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "theme", "name": "Punte", "slug": "punte", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "theme", "name": "Accesspress Basic", "slug": "accesspress-basic", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] }, { "type": "theme", "name": "Zigcy Baby", "slug": "zigcy-baby", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "theme", "name": "ScrollMe", "slug": "scrollme", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Zigcy Cosmetics", "slug": "zigcy-cosmetics", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "Construction Lite", "slug": "construction-lite", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "theme", "name": "Vmagazine News", "slug": "vmagazine-news", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "AccessPress Parallax", "slug": "accesspress-parallax-new", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] }, { "type": "theme", "name": "AccessPress Root", "slug": "accesspress-root", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] }, { "type": "theme", "name": "AccessPress Staple", "slug": "accesspress-staple", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "StoreVilla", "slug": "storevilla", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "theme", "name": "Ultra Seven", "slug": "ultra-seven", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "The100", "slug": "the100", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Edict Lite", "slug": "edict-lite", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "WP Store", "slug": "wp-store", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "theme", "name": "Opstore", "slug": "opstore", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "theme", "name": "Bloger", "slug": "bloger", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59bf14a9-5abe-4b83-9364-d318eedaba83?source=api-scan" ], "published": "2022-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59c1b745-7559-4b80-9118-152ee2340c47": { "id": "59c1b745-7559-4b80-9118-152ee2340c47", "title": "Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.13.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59c1b745-7559-4b80-9118-152ee2340c47?source=api-scan" ], "published": "2019-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59c40a86-ea1c-4015-ac47-2b7b91cc3519": { "id": "59c40a86-ea1c-4015-ac47-2b7b91cc3519", "title": "wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wordpress vertical image slider plugin", "slug": "wp-vertical-image-slider", "affected_versions": { "* - 1.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59c40a86-ea1c-4015-ac47-2b7b91cc3519?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59c41620-c6f3-4728-a849-156c5f0ca1a7": { "id": "59c41620-c6f3-4728-a849-156c5f0ca1a7", "title": "WP Poll Maker <= 3.1 - Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "ePoll \u2013 Best WordPress Voting Plugin for Poll & Contest", "slug": "epoll-wp-voting", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59c41620-c6f3-4728-a849-156c5f0ca1a7?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59c5b6e7-74b0-430d-8b4a-5a42220f3ec9": { "id": "59c5b6e7-74b0-430d-8b4a-5a42220f3ec9", "title": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 4.15.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59c5b6e7-74b0-430d-8b4a-5a42220f3ec9?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59cdb3e3-06ca-4325-9dae-73ad3cdfd910": { "id": "59cdb3e3-06ca-4325-9dae-73ad3cdfd910", "title": "Client Invoicing by Sprout Invoices <= 19.9.6 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Client Invoicing by Sprout Invoices \u2013 Easy Estimates and Invoices for WordPress", "slug": "sprout-invoices", "affected_versions": { "[*, 19.9.7)": { "from_version": "*", "from_inclusive": true, "to_version": "19.9.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "19.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59cdb3e3-06ca-4325-9dae-73ad3cdfd910?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59cefa5d-f270-48e1-bb3e-98f710a055d8": { "id": "59cefa5d-f270-48e1-bb3e-98f710a055d8", "title": "Contact Form 7 Dynamic Text Extension < 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 \u2013 Dynamic Text Extension", "slug": "contact-form-7-dynamic-text-extension", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59cefa5d-f270-48e1-bb3e-98f710a055d8?source=api-scan" ], "published": "2019-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59da86c4-1a68-4077-8b56-9c6c8afe26ad": { "id": "59da86c4-1a68-4077-8b56-9c6c8afe26ad", "title": "Support Plus Responsive Ticket System < 7.1.0 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "[*, 7.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59da86c4-1a68-4077-8b56-9c6c8afe26ad?source=api-scan" ], "published": "2016-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59e60d00-985e-4152-a3d8-d2ba8075fab8": { "id": "59e60d00-985e-4152-a3d8-d2ba8075fab8", "title": "Depicter Slider <= 3.2.2 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", "slug": "depicter", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59e60d00-985e-4152-a3d8-d2ba8075fab8?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59ec4bbd-5192-45f8-8cfc-d43858b46901": { "id": "59ec4bbd-5192-45f8-8cfc-d43858b46901", "title": "Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Redirect 404 Error Page to Homepage or Custom Page with Logs", "slug": "redirect-404-error-page-to-homepage-or-custom-page", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59ec4bbd-5192-45f8-8cfc-d43858b46901?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59ee0b56-c11f-4951-aac0-8344200e4484": { "id": "59ee0b56-c11f-4951-aac0-8344200e4484", "title": "WP Font Awesome <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Font Awesome", "slug": "wp-font-awesome", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59ee0b56-c11f-4951-aac0-8344200e4484?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59f7a1b2-f718-40e7-8030-b9212edf71b7": { "id": "59f7a1b2-f718-40e7-8030-b9212edf71b7", "title": "Formilla Edge <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaPluginID'", "software": [ { "type": "plugin", "name": "Formilla Edge Targeted Messaging Platform for Sales and Marketing", "slug": "formilla-edge", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59f7a1b2-f718-40e7-8030-b9212edf71b7?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3": { "id": "59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateProductOnlyToCommon function", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a0974a5-cfed-4d4d-ae91-f74d9cd531e7": { "id": "5a0974a5-cfed-4d4d-ae91-f74d9cd531e7", "title": "Frontend Uploader < 0.9.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Frontend Uploader", "slug": "frontend-uploader", "affected_versions": { "[*, 0.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a0974a5-cfed-4d4d-ae91-f74d9cd531e7?source=api-scan" ], "published": "2014-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a1a727e-3b06-41ca-b684-f31d48f685c0": { "id": "5a1a727e-3b06-41ca-b684-f31d48f685c0", "title": "Count per Day < 3.2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "[*, 3.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a1a727e-3b06-41ca-b684-f31d48f685c0?source=api-scan" ], "published": "2013-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a1d5fd1-80b6-4d62-9837-59ee1e020373": { "id": "5a1d5fd1-80b6-4d62-9837-59ee1e020373", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.22 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.22": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a1d5fd1-80b6-4d62-9837-59ee1e020373?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a2b7aac-b11d-4c52-b3d8-7b3f4b3eecd5": { "id": "5a2b7aac-b11d-4c52-b3d8-7b3f4b3eecd5", "title": "Open Graph Metabox <= 1.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Open Graph Metabox", "slug": "open-graph-metabox", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a2b7aac-b11d-4c52-b3d8-7b3f4b3eecd5?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a2eb266-a050-48b9-a0bb-5d48b2c0f970": { "id": "5a2eb266-a050-48b9-a0bb-5d48b2c0f970", "title": "WP smart CRM & Invoices FREE <= 1.8.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP smart CRM & Invoices FREE", "slug": "wp-smart-crm-invoices-free", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a2eb266-a050-48b9-a0bb-5d48b2c0f970?source=api-scan" ], "published": "2020-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a316c0a-452a-4205-b79b-8bd911016ab2": { "id": "5a316c0a-452a-4205-b79b-8bd911016ab2", "title": "Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via datef", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a316c0a-452a-4205-b79b-8bd911016ab2?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a334947-296d-4f26-95e1-594487e8b6c8": { "id": "5a334947-296d-4f26-95e1-594487e8b6c8", "title": "Broken Link Checker < 1.10.6 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "[*, 1.10.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a334947-296d-4f26-95e1-594487e8b6c8?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a355a83-fece-4303-af37-8c01d159776a": { "id": "5a355a83-fece-4303-af37-8c01d159776a", "title": "iThemes Security <= 7.0.2 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 7.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a355a83-fece-4303-af37-8c01d159776a?source=api-scan" ], "published": "2018-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a38a72a-7336-4aa5-8491-6879dfa4d0ea": { "id": "5a38a72a-7336-4aa5-8491-6879dfa4d0ea", "title": "User Activity <= 1.0.1 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "User Activity", "slug": "user-activity", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a38a72a-7336-4aa5-8491-6879dfa4d0ea?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a3a5dd8-1608-4a73-a571-25da811e4605": { "id": "5a3a5dd8-1608-4a73-a571-25da811e4605", "title": "Yoo Slider \u2013 Image Slider & Video Slider <= 2.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Yoo Slider \u2013 Image Slider & Video Slider", "slug": "yoo-slider", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a3a5dd8-1608-4a73-a571-25da811e4605?source=api-scan" ], "published": "2022-03-21 21:17:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a3e2d1c-8879-4def-8861-3d6d8b683b7e": { "id": "5a3e2d1c-8879-4def-8861-3d6d8b683b7e", "title": "BuddyPress 2.0 - 2.7.3 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "2.0 - 2.7.3": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a3e2d1c-8879-4def-8861-3d6d8b683b7e?source=api-scan" ], "published": "2016-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a40bac7-d3b8-486d-938a-30591ff3016c": { "id": "5a40bac7-d3b8-486d-938a-30591ff3016c", "title": "Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "[*, 3.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a40bac7-d3b8-486d-938a-30591ff3016c?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a418687-7359-4ebf-8912-2c9f511fe46d": { "id": "5a418687-7359-4ebf-8912-2c9f511fe46d", "title": "Weberino Timed Quiz <= 0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Weberino Timed Quiz", "slug": "weberino-timed-quiz-creator", "affected_versions": { "* - 0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a418687-7359-4ebf-8912-2c9f511fe46d?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a425bf5-de09-4f8c-8766-c9912d337512": { "id": "5a425bf5-de09-4f8c-8766-c9912d337512", "title": "Quote-O-Matic <= 1.0.5 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Quote-O-Matic", "slug": "quote-o-matic", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a425bf5-de09-4f8c-8766-c9912d337512?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a425e1c-9b18-468f-975a-57239ce24601": { "id": "5a425e1c-9b18-468f-975a-57239ce24601", "title": "Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Order Export For WooCommerce", "slug": "woo-order-export-lite", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a425e1c-9b18-468f-975a-57239ce24601?source=api-scan" ], "published": "2022-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a4eeb77-7a8b-489f-8ded-bbe09e881758": { "id": "5a4eeb77-7a8b-489f-8ded-bbe09e881758", "title": "WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Roles at Registration", "slug": "wp-roles-at-registration", "affected_versions": { "* - 0.23": { "from_version": "*", "from_inclusive": true, "to_version": "0.23", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a4eeb77-7a8b-489f-8ded-bbe09e881758?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a52af45-30a6-4dea-b6ce-7d2e8af1910c": { "id": "5a52af45-30a6-4dea-b6ce-7d2e8af1910c", "title": "Wp EMember <= 10.6.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a52af45-30a6-4dea-b6ce-7d2e8af1910c?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a563439-c1c2-4a19-b5f7-22ed7be87ad7": { "id": "5a563439-c1c2-4a19-b5f7-22ed7be87ad7", "title": "Smooth Scroll Page Up\/Down Buttons <= 1.3 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smooth Page Scroll Up\/Down Buttons", "slug": "smooth-page-scroll-updown-buttons", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a563439-c1c2-4a19-b5f7-22ed7be87ad7?source=api-scan" ], "published": "2021-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a56e621-2508-4500-b865-4d5e4463b91a": { "id": "5a56e621-2508-4500-b865-4d5e4463b91a", "title": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.17": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a56e621-2508-4500-b865-4d5e4463b91a?source=api-scan" ], "published": "2024-05-22 16:40:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a580a7a-d477-47ba-a7c1-21d7312c53ba": { "id": "5a580a7a-d477-47ba-a7c1-21d7312c53ba", "title": "MAZ Loader \u2013 Preloader Builder for WordPress <= 1.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MAZ Loader \u2013 Preloader Builder for WordPress", "slug": "maz-loader", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a580a7a-d477-47ba-a7c1-21d7312c53ba?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a5d3a62-f7e5-4776-bed9-7ff3f81da452": { "id": "5a5d3a62-f7e5-4776-bed9-7ff3f81da452", "title": "Replace Image <= 1.1.10 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Replace Image", "slug": "replace-image", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=api-scan" ], "published": "2024-06-18 14:34:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a5d5dbd-36f0-4886-adf8-045ec9c2e306": { "id": "5a5d5dbd-36f0-4886-adf8-045ec9c2e306", "title": "WP Mobile Detector <= 3.5 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Mobile Detector", "slug": "wp-mobile-detector", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a5d5dbd-36f0-4886-adf8-045ec9c2e306?source=api-scan" ], "published": "2016-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a604c8d-1e4a-42c2-b7cf-ee6cae54730c": { "id": "5a604c8d-1e4a-42c2-b7cf-ee6cae54730c", "title": "TWIPLA (Visitor Analytics IO) <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TWIPLA (Visitor Analytics IO) \u2013 Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys", "slug": "visitor-analytics-io", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a604c8d-1e4a-42c2-b7cf-ee6cae54730c?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a628eef-937c-4391-afac-22128ec5b51c": { "id": "5a628eef-937c-4391-afac-22128ec5b51c", "title": "Better Elementor Addons <= 1.3.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Better Elementor Addons", "slug": "better-elementor-addons", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a628eef-937c-4391-afac-22128ec5b51c?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a62e8b2-7606-4842-8be5-dff8634539d0": { "id": "5a62e8b2-7606-4842-8be5-dff8634539d0", "title": "Orders Tracking for WooCommerce <= 1.2.5 - Authenticated (Administrator+) Directory Traversal via 'file_url'", "software": [ { "type": "plugin", "name": "Orders Tracking for WooCommerce", "slug": "woo-orders-tracking", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a62e8b2-7606-4842-8be5-dff8634539d0?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a64e522-781e-4112-a319-3eea9a4a45d3": { "id": "5a64e522-781e-4112-a319-3eea9a4a45d3", "title": "Enter Addons <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enter Addons \u2013 Ultimate Template Builder for Elementor", "slug": "enteraddons", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a64e522-781e-4112-a319-3eea9a4a45d3?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a679863-3c22-4d34-9994-1f8ec121ad86": { "id": "5a679863-3c22-4d34-9994-1f8ec121ad86", "title": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 - Reflected Cross-Site Scripting.", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 3.4.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a679863-3c22-4d34-9994-1f8ec121ad86?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a680db1-3db2-4884-b2fe-c6d29457df4f": { "id": "5a680db1-3db2-4884-b2fe-c6d29457df4f", "title": "Clever Addons for Elementor <=2.0.15 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clever Addons for Elementor", "slug": "cafe-lite", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a680db1-3db2-4884-b2fe-c6d29457df4f?source=api-scan" ], "published": "2021-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a6cda1f-8af9-44b1-98e2-619d29c28a88": { "id": "5a6cda1f-8af9-44b1-98e2-619d29c28a88", "title": "CAOS <= 4.1.8 - Admin+ Arbitrary Folder Deletion via Path Traversal", "software": [ { "type": "plugin", "name": "CAOS | Host Google Analytics Locally", "slug": "host-analyticsjs-local", "affected_versions": { "* - 4.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a6cda1f-8af9-44b1-98e2-619d29c28a88?source=api-scan" ], "published": "2021-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a7358cd-fec8-4a16-ae6b-14194bb63396": { "id": "5a7358cd-fec8-4a16-ae6b-14194bb63396", "title": "Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "* - 2.9.9.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a7358cd-fec8-4a16-ae6b-14194bb63396?source=api-scan" ], "published": "2024-09-06 23:03:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a7609bf-5b20-440c-9984-eeb26962ada8": { "id": "5a7609bf-5b20-440c-9984-eeb26962ada8", "title": "Bookly <= 21.7.1 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly", "slug": "bookly-responsive-appointment-booking-tool", "affected_versions": { "* - 21.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "21.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a7609bf-5b20-440c-9984-eeb26962ada8?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a7bb428-dd65-47f7-aaf6-ecdad4ae3049": { "id": "5a7bb428-dd65-47f7-aaf6-ecdad4ae3049", "title": "Simple Post Notes <= 1.7.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Post Notes", "slug": "simple-post-notes", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a7bb428-dd65-47f7-aaf6-ecdad4ae3049?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a7de576-5809-432f-a6fd-364a3a49967f": { "id": "5a7de576-5809-432f-a6fd-364a3a49967f", "title": "Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a7de576-5809-432f-a6fd-364a3a49967f?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a7f869d-e915-4048-b0e1-36cf25e732f9": { "id": "5a7f869d-e915-4048-b0e1-36cf25e732f9", "title": "Audio Record <= 1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Audio Record", "slug": "audio-record", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a7f869d-e915-4048-b0e1-36cf25e732f9?source=api-scan" ], "published": "2019-01-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a806bc8-cff4-47ff-a295-82520c9079e9": { "id": "5a806bc8-cff4-47ff-a295-82520c9079e9", "title": "Posts in Page <= 1.2.4 - Authenticated Directory Traversal leading to Local File Inclusion", "software": [ { "type": "plugin", "name": "Posts in Page", "slug": "posts-in-page", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a806bc8-cff4-47ff-a295-82520c9079e9?source=api-scan" ], "published": "2017-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a85e1e9-ef40-40f6-a652-17acf0a2d33d": { "id": "5a85e1e9-ef40-40f6-a652-17acf0a2d33d", "title": "Mang Board WP <= 1.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mang Board WP", "slug": "mangboard", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a85e1e9-ef40-40f6-a652-17acf0a2d33d?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a8f4ec8-d66e-4892-9770-67450aaa83d9": { "id": "5a8f4ec8-d66e-4892-9770-67450aaa83d9", "title": "HurryTimer \u2013 An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HurryTimer \u2013 An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce", "slug": "hurrytimer", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a8f4ec8-d66e-4892-9770-67450aaa83d9?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a9000e3-a313-48f7-88cd-3041c8da8288": { "id": "5a9000e3-a313-48f7-88cd-3041c8da8288", "title": "Post Duplicator <= 2.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Duplicator", "slug": "post-duplicator", "affected_versions": { "* - 2.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a9000e3-a313-48f7-88cd-3041c8da8288?source=api-scan" ], "published": "2016-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a91e786-f570-4c6c-b1c7-0110774cb808": { "id": "5a91e786-f570-4c6c-b1c7-0110774cb808", "title": "GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "* - 2.3.48": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a91e786-f570-4c6c-b1c7-0110774cb808?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a925c74-9f12-41e1-9443-d533b645c3f5": { "id": "5a925c74-9f12-41e1-9443-d533b645c3f5", "title": "Login With Ajax < 3.0.4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login With Ajax \u2013 Fast Logins, 2FA, Redirects", "slug": "login-with-ajax", "affected_versions": { "[*, 3.0.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a925c74-9f12-41e1-9443-d533b645c3f5?source=api-scan" ], "published": "2012-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a92916c-42d4-44a6-a9b7-ff0338042b2a": { "id": "5a92916c-42d4-44a6-a9b7-ff0338042b2a", "title": "Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Off-Canvas Sidebars & Menus (Slidebars)", "slug": "off-canvas-sidebars", "affected_versions": { "* - 0.5.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a92916c-42d4-44a6-a9b7-ff0338042b2a?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a92945b-79ce-4bea-a1fc-0f03024f5f48": { "id": "5a92945b-79ce-4bea-a1fc-0f03024f5f48", "title": "Optinferex Plugin (All Known Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "optinfirex", "slug": "optinfirex", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a92945b-79ce-4bea-a1fc-0f03024f5f48?source=api-scan" ], "published": "2013-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a94c5e7-a3d6-435b-9d10-0c325a13124f": { "id": "5a94c5e7-a3d6-435b-9d10-0c325a13124f", "title": "Awesome Support <= 6.1.1 - Insecure Direct Object Reference to (Subscriber+) Ticket Export", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a94c5e7-a3d6-435b-9d10-0c325a13124f?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a9746d0-6a0b-47cf-b9fa-246af6b54323": { "id": "5a9746d0-6a0b-47cf-b9fa-246af6b54323", "title": "Shortcode Addons <= 3.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension", "slug": "shortcode-addons", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a9746d0-6a0b-47cf-b9fa-246af6b54323?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a97877b-fb4d-4e87-bcff-56be65fee6ce": { "id": "5a97877b-fb4d-4e87-bcff-56be65fee6ce", "title": "User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "slug": "user-submitted-posts", "affected_versions": { "[*, 20190426)": { "from_version": "*", "from_inclusive": true, "to_version": "20190426", "to_inclusive": false } }, "patched": true, "patched_versions": [ "20190426" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=api-scan" ], "published": "2019-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a9a496a-7806-426a-a39b-0b236b1d56b5": { "id": "5a9a496a-7806-426a-a39b-0b236b1d56b5", "title": "JetWidgets for Elementor and WooCommerce <= 1.1.7 - Authenticated (Contributor+) Limited Local File Inclusion", "software": [ { "type": "plugin", "name": "JetWidgets for Elementor and WooCommerce", "slug": "jetwoo-widgets-for-elementor", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a9a496a-7806-426a-a39b-0b236b1d56b5?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a9b284a-2af9-4d20-9663-a40b9330da35": { "id": "5a9b284a-2af9-4d20-9663-a40b9330da35", "title": "Comparison Slider <= 1.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Comparison Slider", "slug": "comparison-slider", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a9b284a-2af9-4d20-9663-a40b9330da35?source=api-scan" ], "published": "2024-05-29 19:51:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a9bbe79-a4c3-42eb-8d4d-47d26dbe9f43": { "id": "5a9bbe79-a4c3-42eb-8d4d-47d26dbe9f43", "title": "Houzez Theme - Functionality <= 3.2.2 - Authenticated (Seller+) SQL Injection", "software": [ { "type": "plugin", "name": "Houzez Theme - Functionality", "slug": "houzez-theme-functionality", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a9bbe79-a4c3-42eb-8d4d-47d26dbe9f43?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a9c5f98-3457-443c-a87d-64f9c26b4f79": { "id": "5a9c5f98-3457-443c-a87d-64f9c26b4f79", "title": "SoundPress Plugin <= 2.2.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SoundPress Plugin", "slug": "soundpress", "affected_versions": { "[*, 3.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a9c5f98-3457-443c-a87d-64f9c26b4f79?source=api-scan" ], "published": "2019-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5a9e62de-3e70-424f-b8e5-2a5f07ca182d": { "id": "5a9e62de-3e70-424f-b8e5-2a5f07ca182d", "title": "Events Made Easy <= 2.3.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "Events Made Easy", "slug": "events-made-easy", "affected_versions": { "* - 2.3.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5a9e62de-3e70-424f-b8e5-2a5f07ca182d?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aa2ff1f-c018-4c35-859e-f7e42134b937": { "id": "5aa2ff1f-c018-4c35-859e-f7e42134b937", "title": "WordPress Landing Pages <= 1.8.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Landing Pages", "slug": "landing-pages", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aa2ff1f-c018-4c35-859e-f7e42134b937?source=api-scan" ], "published": "2015-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aa41416-c945-489b-81a3-1222a5e24469": { "id": "5aa41416-c945-489b-81a3-1222a5e24469", "title": "WP MAPS \u2013 Easiest & Most Advanced WordPress Plugin for Google Maps < 4.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 4.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aa41416-c945-489b-81a3-1222a5e24469?source=api-scan" ], "published": "2018-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aa9d6cb-18c8-42e4-a466-cc35c1dc5010": { "id": "5aa9d6cb-18c8-42e4-a466-cc35c1dc5010", "title": "Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via RCCWP_CreateCustomFieldPage.php custom-field-css parameter", "software": [ { "type": "plugin", "name": "Magic Fields", "slug": "magic-fields", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aa9d6cb-18c8-42e4-a466-cc35c1dc5010?source=api-scan" ], "published": "2019-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aab3dea-5d14-4316-9a4c-97b0d30762bf": { "id": "5aab3dea-5d14-4316-9a4c-97b0d30762bf", "title": "Elementor Inline SVG <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Elementor Inline SVG", "slug": "inline-svg-elementor", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aab3dea-5d14-4316-9a4c-97b0d30762bf?source=api-scan" ], "published": "2024-10-09 13:29:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aacabb5-94af-485a-af24-e84db3e3726f": { "id": "5aacabb5-94af-485a-af24-e84db3e3726f", "title": "Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting", "software": [ { "type": "plugin", "name": "Mapplic Lite", "slug": "mapplic-lite", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] }, { "type": "plugin", "name": "Mapplic - Custom Interactive Map WordPress Plugin", "slug": "mapplic", "affected_versions": { "[*, 6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aacabb5-94af-485a-af24-e84db3e3726f?source=api-scan" ], "published": "2012-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aaf9bb4-bafe-415f-923d-041ef80cabac": { "id": "5aaf9bb4-bafe-415f-923d-041ef80cabac", "title": "Google Doc Embedder <= 2.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Google Doc Embedder", "slug": "google-document-embedder", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aaf9bb4-bafe-415f-923d-041ef80cabac?source=api-scan" ], "published": "2016-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ab0d9a2-ca77-439b-bced-8ab5d7b0518a": { "id": "5ab0d9a2-ca77-439b-bced-8ab5d7b0518a", "title": "Manage Notification E-mails <= 1.8.2 - Cross-Site Request Forgery to Plugin Options Update", "software": [ { "type": "plugin", "name": "Manage Notification E-mails", "slug": "manage-notification-emails", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ab0d9a2-ca77-439b-bced-8ab5d7b0518a?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ab2e2ae-6f46-4815-a2d2-407767bfaba8": { "id": "5ab2e2ae-6f46-4815-a2d2-407767bfaba8", "title": "PostX - Gutenberg Post Grid Blocks <= 3.0.5 - Reflected Cross-Site Scripting via 'postx_type'", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ab2e2ae-6f46-4815-a2d2-407767bfaba8?source=api-scan" ], "published": "2023-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ab513d4-4cb9-4761-92af-a2224cb6a306": { "id": "5ab513d4-4cb9-4761-92af-a2224cb6a306", "title": "Profile Builder \u2013 User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 1.1.66)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.66", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ab513d4-4cb9-4761-92af-a2224cb6a306?source=api-scan" ], "published": "2014-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ab989ea-f498-4c74-b761-416d73059108": { "id": "5ab989ea-f498-4c74-b761-416d73059108", "title": "Image Source Control Lite < 2.3.1 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Image Source Control Lite \u2013 Show Image Credits and Captions", "slug": "image-source-control-isc", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ab989ea-f498-4c74-b761-416d73059108?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ab9c383-14da-479d-9709-1ae154dae398": { "id": "5ab9c383-14da-479d-9709-1ae154dae398", "title": "Shariff Wrapper <= 4.6.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shariff Wrapper", "slug": "shariff", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ab9c383-14da-479d-9709-1ae154dae398?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5abc0853-5888-4538-a6f3-78acef88ff63": { "id": "5abc0853-5888-4538-a6f3-78acef88ff63", "title": "E2Pdf \u2013 Export To Pdf Tool for WordPress <= 1.20.27 - Missing Authorization", "software": [ { "type": "plugin", "name": "E2Pdf \u2013 Export Pdf Tool for WordPress", "slug": "e2pdf", "affected_versions": { "* - 1.20.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.00" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5abc0853-5888-4538-a6f3-78acef88ff63?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5abc282d-68c9-423c-a15c-d4d3f7035661": { "id": "5abc282d-68c9-423c-a15c-d4d3f7035661", "title": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order Export", "software": [ { "type": "plugin", "name": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels", "slug": "print-invoices-packing-slip-labels-for-woocommerce", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5abc282d-68c9-423c-a15c-d4d3f7035661?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5abc627d-2d8e-44e6-8e8e-ad9f55cbb0d8": { "id": "5abc627d-2d8e-44e6-8e8e-ad9f55cbb0d8", "title": "WP Bing Map Pro <= 4.1.4 - Cross-Site Request Forgery via AJAX actions", "software": [ { "type": "plugin", "name": "WP Bing Map Pro", "slug": "api-bing-map-2018", "affected_versions": { "[*, 5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5abc627d-2d8e-44e6-8e8e-ad9f55cbb0d8?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ac47137-eecf-4f85-a29d-88a86b2a9c48": { "id": "5ac47137-eecf-4f85-a29d-88a86b2a9c48", "title": "Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Responsive Menu \u2013 Create Mobile-Friendly Menu", "slug": "responsive-menu", "affected_versions": { "[*, 4.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ac47137-eecf-4f85-a29d-88a86b2a9c48?source=api-scan" ], "published": "2021-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ac7408d-8ec7-415b-bf52-024182888cb4": { "id": "5ac7408d-8ec7-415b-bf52-024182888cb4", "title": "W4 Post List <= 2.4.5 - Information Disclosure via post_excerpt", "software": [ { "type": "plugin", "name": "W4 Post List", "slug": "w4-post-list", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ac7408d-8ec7-415b-bf52-024182888cb4?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ac8e551-7995-4201-b711-87773da1be9e": { "id": "5ac8e551-7995-4201-b711-87773da1be9e", "title": "Export All URLs <= 4.2 - Cross-Site Request Forgery to Sensitive Data Export", "software": [ { "type": "plugin", "name": "Export All URLs", "slug": "export-all-urls", "affected_versions": { "[*, 4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ac8e551-7995-4201-b711-87773da1be9e?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aca31f5-310f-441b-8d8c-51b7bf2b0b7d": { "id": "5aca31f5-310f-441b-8d8c-51b7bf2b0b7d", "title": "Fetch JFT <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fetch JFT", "slug": "fetch-jft", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aca31f5-310f-441b-8d8c-51b7bf2b0b7d?source=api-scan" ], "published": "2024-05-28 16:54:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ad12146-200b-48e5-82de-7572541edcc4": { "id": "5ad12146-200b-48e5-82de-7572541edcc4", "title": "AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ad12146-200b-48e5-82de-7572541edcc4?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5adc88e9-3fcd-4ad6-8eb9-1a111bf9cdc7": { "id": "5adc88e9-3fcd-4ad6-8eb9-1a111bf9cdc7", "title": "Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.3.18)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5adc88e9-3fcd-4ad6-8eb9-1a111bf9cdc7?source=api-scan" ], "published": "2018-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5adf03ff-5b87-4ed3-b7ec-b89bc814aba6": { "id": "5adf03ff-5b87-4ed3-b7ec-b89bc814aba6", "title": "Spiffy Calendar <= 4.9.3 - Reflected Cross-Site Scripting via page parameter", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "[*, 4.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5adf03ff-5b87-4ed3-b7ec-b89bc814aba6?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aea8574-d90f-4359-a0c2-631019a22917": { "id": "5aea8574-d90f-4359-a0c2-631019a22917", "title": "Ajax Custom CSS\/JS <= 2.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ajax Custom CSS\/JS", "slug": "ajax-awesome-css", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aea8574-d90f-4359-a0c2-631019a22917?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aeb5f26-32a4-4eba-829d-759e4c92a034": { "id": "5aeb5f26-32a4-4eba-829d-759e4c92a034", "title": "WP FuneralPress <= 1.1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP FuneralPress", "slug": "wp-funeral-press", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aeb5f26-32a4-4eba-829d-759e4c92a034?source=api-scan" ], "published": "2013-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aeca3b6-6b1b-40b5-8824-de4a90c7ddc3": { "id": "5aeca3b6-6b1b-40b5-8824-de4a90c7ddc3", "title": "Gantry 4 Framework <= 4.1.3 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Gantry 4 Framework", "slug": "gantry", "affected_versions": { "* - 4.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aeca3b6-6b1b-40b5-8824-de4a90c7ddc3?source=api-scan" ], "published": "2015-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aef1bc6-b155-4a70-9d08-75951e0725ad": { "id": "5aef1bc6-b155-4a70-9d08-75951e0725ad", "title": "WPcalc \u2013 Create any online calculators <= 2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WPcalc \u2013 create any online calculators", "slug": "wpcalc", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aef1bc6-b155-4a70-9d08-75951e0725ad?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aef5113-6b80-4fe8-ac98-59c1a10a146f": { "id": "5aef5113-6b80-4fe8-ac98-59c1a10a146f", "title": "Buddyboss Platform <= 2.5.91 - Insecure Direct Object Reference to Authenticated (Subscriber+) Link on Private Post", "software": [ { "type": "plugin", "name": "Buddyboss Platform", "slug": "buddyboss-platform", "affected_versions": { "* - 2.5.91": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aef5113-6b80-4fe8-ac98-59c1a10a146f?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5af2f2a8-ab10-4623-abcd-234017424ab9": { "id": "5af2f2a8-ab10-4623-abcd-234017424ab9", "title": "FoxyShop <= 4.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FoxyShop", "slug": "foxyshop", "affected_versions": { "* - 4.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5af2f2a8-ab10-4623-abcd-234017424ab9?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5af799a4-0aee-4601-943e-82cbc860ede5": { "id": "5af799a4-0aee-4601-943e-82cbc860ede5", "title": "Advanced Database Cleaner <= 3.1.1 - Cross-Site Request Forgery via aDBc_save_settings_callback", "software": [ { "type": "plugin", "name": "Advanced Database Cleaner", "slug": "advanced-database-cleaner", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5af799a4-0aee-4601-943e-82cbc860ede5?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5afb3c3a-17d1-4cfb-9058-ae6a58e04c6b": { "id": "5afb3c3a-17d1-4cfb-9058-ae6a58e04c6b", "title": "collectchat <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chatbot for WordPress by Collect.chat \u26a1\ufe0f", "slug": "collectchat", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5afb3c3a-17d1-4cfb-9058-ae6a58e04c6b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5aff79ef-6c96-4386-abf1-b4e6931ef0d2": { "id": "5aff79ef-6c96-4386-abf1-b4e6931ef0d2", "title": "Tutor LMS <= 2.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5aff79ef-6c96-4386-abf1-b4e6931ef0d2?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b05e973-c0ab-492f-8b51-e7c2f33475ad": { "id": "5b05e973-c0ab-492f-8b51-e7c2f33475ad", "title": "leads5050-visitor-insights < 1.0.4 - Unauthenticated Arbitrary License Change", "software": [ { "type": "plugin", "name": "Leads and Visitor Insights", "slug": "leads-5050-visitor-insights", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b05e973-c0ab-492f-8b51-e7c2f33475ad?source=api-scan" ], "published": "2021-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b07ea6a-511d-44ab-b0b7-5124702ad47d": { "id": "5b07ea6a-511d-44ab-b0b7-5124702ad47d", "title": "Login as User or Customer (User Switching) <= 3.8 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Login as User or Customer", "slug": "login-as-customer-or-user", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b07ea6a-511d-44ab-b0b7-5124702ad47d?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b127a47-d22f-47b5-92a8-440a5892a181": { "id": "5b127a47-d22f-47b5-92a8-440a5892a181", "title": "HT Politic <= 2.3.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "HT Politic \u2013 For Political WordPress Themes \/ Website", "slug": "wp-politic", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b127a47-d22f-47b5-92a8-440a5892a181?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b12f597-c34c-4b3b-80a6-8fd25f60b862": { "id": "5b12f597-c34c-4b3b-80a6-8fd25f60b862", "title": "WP Datepicker <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Datepicker", "slug": "wp-datepicker", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b12f597-c34c-4b3b-80a6-8fd25f60b862?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b168045-9b68-43a7-89ce-d00a88bf8acd": { "id": "5b168045-9b68-43a7-89ce-d00a88bf8acd", "title": "WP Inventory Manager <= 2.1.0.12 - Reflected Cross-Site Scripting via 'message'", "software": [ { "type": "plugin", "name": "WP Inventory Manager", "slug": "wp-inventory-manager", "affected_versions": { "* - 2.1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b168045-9b68-43a7-89ce-d00a88bf8acd?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b17e416-7ca5-4447-ad7e-d3da2fddab86": { "id": "5b17e416-7ca5-4447-ad7e-d3da2fddab86", "title": "About Author Box < 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "About Author Box", "slug": "about-author-box", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b17e416-7ca5-4447-ad7e-d3da2fddab86?source=api-scan" ], "published": "2021-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b1a2126-978c-48fa-b260-abfd26d0ec97": { "id": "5b1a2126-978c-48fa-b260-abfd26d0ec97", "title": "Photo Gallery by 10Web <= 1.5.22 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.5.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b1a2126-978c-48fa-b260-abfd26d0ec97?source=api-scan" ], "published": "2019-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b1b0dbd-084a-44e5-b711-1d5bafb0a300": { "id": "5b1b0dbd-084a-44e5-b711-1d5bafb0a300", "title": "WP Custom Pages <= 0.5.0.1 - Path Traversal", "software": [ { "type": "plugin", "name": "WP Custom Pages", "slug": "wp-custom-pages", "affected_versions": { "* - 0.5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b1b0dbd-084a-44e5-b711-1d5bafb0a300?source=api-scan" ], "published": "2011-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b25908a-d394-4ce8-b853-4bdf643b9b5b": { "id": "5b25908a-d394-4ce8-b853-4bdf643b9b5b", "title": "YITH Custom Login <= 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH Custom Login", "slug": "yith-custom-login", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b25908a-d394-4ce8-b853-4bdf643b9b5b?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b266a09-22f3-4ac3-a2ba-8321503200e7": { "id": "5b266a09-22f3-4ac3-a2ba-8321503200e7", "title": "JVM WooCommerce Wishlist <= 1.2.6 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "JVM WooCommerce Wishlist", "slug": "jvm-woocommerce-wishlist", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b266a09-22f3-4ac3-a2ba-8321503200e7?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b2840ee-3b48-415e-9bed-d34d0b6e36d7": { "id": "5b2840ee-3b48-415e-9bed-d34d0b6e36d7", "title": "ProfilePress <= 4.13.1 - Limited Privilege Escalation via 'acceptable_defined_roles'", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "[*, 4.13.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.13.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b2840ee-3b48-415e-9bed-d34d0b6e36d7?source=api-scan" ], "published": "2023-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b28a733-2459-46f0-87c3-1a573a8cd55e": { "id": "5b28a733-2459-46f0-87c3-1a573a8cd55e", "title": "Simple Popup <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Popup Plugin", "slug": "simple-popup-plugin", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b28a733-2459-46f0-87c3-1a573a8cd55e?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b2bef63-c871-45e4-bb05-12bbba20ca5e": { "id": "5b2bef63-c871-45e4-bb05-12bbba20ca5e", "title": "Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name", "software": [ { "type": "theme", "name": "Weaver Xtreme", "slug": "weaver-xtreme", "affected_versions": { "* - 5.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b2bef63-c871-45e4-bb05-12bbba20ca5e?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b2db550-c1cf-4c5b-91b1-349da3fd859d": { "id": "5b2db550-c1cf-4c5b-91b1-349da3fd859d", "title": "MSMC Redirect After Comment <= 2.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MSMC \u2013 Redirect After Comment", "slug": "msmc-redirect-after-comment", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b2db550-c1cf-4c5b-91b1-349da3fd859d?source=api-scan" ], "published": "2017-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b3029c6-3a0f-4c83-8faf-f74d03852278": { "id": "5b3029c6-3a0f-4c83-8faf-f74d03852278", "title": "Grid Kit Premium < 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Grid Kit Premium", "slug": "grid-kit-premium", "affected_versions": { "[*, 2.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b3029c6-3a0f-4c83-8faf-f74d03852278?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b3081ff-9898-46a2-8e02-30cd83f4fbe4": { "id": "5b3081ff-9898-46a2-8e02-30cd83f4fbe4", "title": "WP Ultimate CSV Importer <= 6.4.2 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "[*, 6.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b3081ff-9898-46a2-8e02-30cd83f4fbe4?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b3268c2-7cdd-4839-9859-42218d4d632b": { "id": "5b3268c2-7cdd-4839-9859-42218d4d632b", "title": "User Access Manager <= 1.2.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Access Manager", "slug": "user-access-manager", "affected_versions": { "* - 1.2.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b3268c2-7cdd-4839-9859-42218d4d632b?source=api-scan" ], "published": "2017-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b3aca44-0d47-4285-93e5-5cf147b5800e": { "id": "5b3aca44-0d47-4285-93e5-5cf147b5800e", "title": "Arconix Shortcodes <= 2.1.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "Arconix Shortcodes", "slug": "arconix-shortcodes", "affected_versions": { "* - 2.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b3aca44-0d47-4285-93e5-5cf147b5800e?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2": { "id": "5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2", "title": "AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9.2": { "from_version": "4.9.2", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.1", "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b48e0cc-5691-4df0-81ef-72f47d29ce30": { "id": "5b48e0cc-5691-4df0-81ef-72f47d29ce30", "title": "Contact Form by Supsystic <= 1.7.14 - Reflected Cross-Site scripting", "software": [ { "type": "plugin", "name": "Contact Form by Supsystic", "slug": "contact-form-by-supsystic", "affected_versions": { "* - 1.7.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b48e0cc-5691-4df0-81ef-72f47d29ce30?source=api-scan" ], "published": "2021-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b49f379-7ae1-4da9-8e1b-cbe5a561b803": { "id": "5b49f379-7ae1-4da9-8e1b-cbe5a561b803", "title": "Photo Gallery by 10Web <= 1.2.10 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.2.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b49f379-7ae1-4da9-8e1b-cbe5a561b803?source=api-scan" ], "published": "2015-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b4a2291-cf86-4d3f-8d6e-670b1b6ab124": { "id": "5b4a2291-cf86-4d3f-8d6e-670b1b6ab124", "title": "Piotnet Addons For Elementor Pro <= 7.1.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor Pro", "slug": "piotnet-addons-for-elementor-pro", "affected_versions": { "* - 7.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b4a2291-cf86-4d3f-8d6e-670b1b6ab124?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b4f563c-a17b-4d69-9e94-7287da976e85": { "id": "5b4f563c-a17b-4d69-9e94-7287da976e85", "title": "FluentAuth <= 1.0.1 - IP Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "FluentAuth \u2013 The Ultimate Authorization & Security Plugin for WordPress", "slug": "fluent-security", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b4f563c-a17b-4d69-9e94-7287da976e85?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b53fa6f-7fb8-4643-a365-7630102e7e46": { "id": "5b53fa6f-7fb8-4643-a365-7630102e7e46", "title": "BigContact Contact Page < 1.4.7 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "BigContact Contact Page", "slug": "bigcontact", "affected_versions": { "[*, 1.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b53fa6f-7fb8-4643-a365-7630102e7e46?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b546d24-82c1-4598-8926-6e73a4784b38": { "id": "5b546d24-82c1-4598-8926-6e73a4784b38", "title": "Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 4.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b546d24-82c1-4598-8926-6e73a4784b38?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b559a48-3c8b-4f8a-9627-c4f838d20af3": { "id": "5b559a48-3c8b-4f8a-9627-c4f838d20af3", "title": "Interactive World Map <= 3.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Interactive World Map", "slug": "interactive-world-map", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b559a48-3c8b-4f8a-9627-c4f838d20af3?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b5c2a74-c1e8-4381-8d0d-66a2ed3b937e": { "id": "5b5c2a74-c1e8-4381-8d0d-66a2ed3b937e", "title": "Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Redux Framework", "slug": "redux-framework", "affected_versions": { "* - 4.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b5c2a74-c1e8-4381-8d0d-66a2ed3b937e?source=api-scan" ], "published": "2021-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b5c8733-7396-4ae5-862d-15db370dbdd7": { "id": "5b5c8733-7396-4ae5-862d-15db370dbdd7", "title": "Creates 3D Flipbook, PDF Flipbook <= 1.2 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Creates 3D Flipbook, PDF Flipbook in WordPress", "slug": "create-flipbook-from-pdf", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b5c8733-7396-4ae5-862d-15db370dbdd7?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b5e0204-4a05-45c1-833a-c2e4016d9830": { "id": "5b5e0204-4a05-45c1-833a-c2e4016d9830", "title": "Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stockists Manager for Woocommerce", "slug": "stockists-manager", "affected_versions": { "* - 1.0.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b5e0204-4a05-45c1-833a-c2e4016d9830?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b5fb356-df9a-45c1-a663-b762ca1b65c5": { "id": "5b5fb356-df9a-45c1-a663-b762ca1b65c5", "title": "WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "[*, 5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b5fb356-df9a-45c1-a663-b762ca1b65c5?source=api-scan" ], "published": "2022-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b611abb-460c-44d4-9f77-052a208f8d85": { "id": "5b611abb-460c-44d4-9f77-052a208f8d85", "title": "Booking Package <= 1.6.27 - Unauthenticated Price Manipulation", "software": [ { "type": "plugin", "name": "Booking Package", "slug": "booking-package", "affected_versions": { "* - 1.6.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b611abb-460c-44d4-9f77-052a208f8d85?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b624e9b-d21e-43d2-83ad-7760ed63a75c": { "id": "5b624e9b-d21e-43d2-83ad-7760ed63a75c", "title": "Jeg Elementor Kit <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b624e9b-d21e-43d2-83ad-7760ed63a75c?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b655b04-1f2f-4745-8237-7ef3f8e31ace": { "id": "5b655b04-1f2f-4745-8237-7ef3f8e31ace", "title": "Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 27.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "27.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b655b04-1f2f-4745-8237-7ef3f8e31ace?source=api-scan" ], "published": "2024-08-29 16:16:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b6739b5-0df4-49b2-a655-4f0cff5886b7": { "id": "5b6739b5-0df4-49b2-a655-4f0cff5886b7", "title": "Float menu <= 5.0.2 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Float menu \u2013 awesome floating side menu", "slug": "float-menu", "affected_versions": { "* - 5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b6739b5-0df4-49b2-a655-4f0cff5886b7?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b680158-0752-46bd-a5bb-343b65c0aeb4": { "id": "5b680158-0752-46bd-a5bb-343b65c0aeb4", "title": "Table & Contact Form 7 Database \u2013 Tablesome <= 1.0.33 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Tablesome \u2013 Form DB & Automation \u2013 WPForms, Contact Form 7, Elementor, Forminator, Fluent, Gravity", "slug": "tablesome", "affected_versions": { "* - 1.0.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b680158-0752-46bd-a5bb-343b65c0aeb4?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b68e26d-1680-42ed-9b8e-23c80c19b1be": { "id": "5b68e26d-1680-42ed-9b8e-23c80c19b1be", "title": "Pie Register <= 1.30 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "* - 1.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b68e26d-1680-42ed-9b8e-23c80c19b1be?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b6d0a38-ac28-41c9-9da1-b30b3657b463": { "id": "5b6d0a38-ac28-41c9-9da1-b30b3657b463", "title": "Elementor <= 3.18.1 - Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.18.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.18.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.18.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b6d0a38-ac28-41c9-9da1-b30b3657b463?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b720612-f3ec-4cc0-9cc8-b9e01421ca87": { "id": "5b720612-f3ec-4cc0-9cc8-b9e01421ca87", "title": "Post List With Featured Image <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post List With Featured Image", "slug": "post-list-with-featured-image", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b720612-f3ec-4cc0-9cc8-b9e01421ca87?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b75c322-539d-44e9-8f26-5ff929874b67": { "id": "5b75c322-539d-44e9-8f26-5ff929874b67", "title": "Epsilon Framework Themes (Various Versions) - Function Injection", "software": [ { "type": "theme", "name": "Allegiant", "slug": "allegiant", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "theme", "name": "NatureMag Lite", "slug": "naturemag-lite", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "theme", "name": "NewsMag", "slug": "newsmag", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] }, { "type": "theme", "name": "Shapely", "slug": "shapely", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] }, { "type": "theme", "name": "Bonkers", "slug": "bonkers", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "Regina Lite", "slug": "regina-lite", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] }, { "type": "theme", "name": "Transcend", "slug": "transcend", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "theme", "name": "Sparkling", "slug": "sparkling", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] }, { "type": "theme", "name": "Newspaper X", "slug": "newspaper-x", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] }, { "type": "theme", "name": "Antreas", "slug": "antreas", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "theme", "name": "Affluent", "slug": "affluent", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] }, { "type": "theme", "name": "Brilliance", "slug": "brilliance", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "theme", "name": "Activello", "slug": "activello", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "theme", "name": "Illdy", "slug": "illdy", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] }, { "type": "theme", "name": "MedZone Lite", "slug": "medzone-lite", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "theme", "name": "Pixova Lite", "slug": "pixova-lite", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan" ], "published": "2020-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b783cc6-d79d-43ef-948a-a1953d383ca3": { "id": "5b783cc6-d79d-43ef-948a-a1953d383ca3", "title": "Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale", "software": [ { "type": "plugin", "name": "Advanced File Manager", "slug": "file-manager-advanced", "affected_versions": { "* - 5.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b783cc6-d79d-43ef-948a-a1953d383ca3?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b7cc660-b430-4b0f-b2d1-68ba458de8a9": { "id": "5b7cc660-b430-4b0f-b2d1-68ba458de8a9", "title": "Stylish Cost Calculator < 7.9.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stylish Cost Calculator", "slug": "stylish-cost-calculator-premium", "affected_versions": { "[*, 7.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b7cc660-b430-4b0f-b2d1-68ba458de8a9?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b80638b-4dd1-47f5-9a70-6bd626ac6986": { "id": "5b80638b-4dd1-47f5-9a70-6bd626ac6986", "title": "Subway \u2013 Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API", "software": [ { "type": "plugin", "name": "Subway \u2013 Private Site Option", "slug": "subway", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b80638b-4dd1-47f5-9a70-6bd626ac6986?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b80fc93-212e-481d-907c-275139782e77": { "id": "5b80fc93-212e-481d-907c-275139782e77", "title": "Confetti Fall Animation <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode", "software": [ { "type": "plugin", "name": "Confetti Fall Animation", "slug": "confetti-fall-animation", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b80fc93-212e-481d-907c-275139782e77?source=api-scan" ], "published": "2024-09-23 18:36:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b826595-c977-4550-aa52-93bcd4a365fe": { "id": "5b826595-c977-4550-aa52-93bcd4a365fe", "title": "Antioch <= 1.3 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Antioch", "slug": "antioch", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b826595-c977-4550-aa52-93bcd4a365fe?source=api-scan" ], "published": "2014-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b91ad8b-79ec-4ef7-bb39-edb06309da5e": { "id": "5b91ad8b-79ec-4ef7-bb39-edb06309da5e", "title": "authLdap <= 2.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "authLdap", "slug": "authldap", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b91ad8b-79ec-4ef7-bb39-edb06309da5e?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b930316-7a2f-4539-8599-360751d49cde": { "id": "5b930316-7a2f-4539-8599-360751d49cde", "title": "Smart Email Alerts <= 1.0.10 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Email Alerts", "slug": "smart-email-alerts", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b930316-7a2f-4539-8599-360751d49cde?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b96e5ff-804c-41b6-ae34-5184a704b38e": { "id": "5b96e5ff-804c-41b6-ae34-5184a704b38e", "title": "WP Affiliate Platform <= 6.3.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "* - 6.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b96e5ff-804c-41b6-ae34-5184a704b38e?source=api-scan" ], "published": "2022-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b974e9e-9897-400c-b145-dc8a2d54b553": { "id": "5b974e9e-9897-400c-b145-dc8a2d54b553", "title": "Art Decoration Shortcode <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Art Decoration Shortcode", "slug": "art-decoration-shortcode", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b974e9e-9897-400c-b145-dc8a2d54b553?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b9a0751-934f-4830-80c9-39260ec1cb4f": { "id": "5b9a0751-934f-4830-80c9-39260ec1cb4f", "title": "Popup-Maker <= 1.8.12 - Unauthenticated information disclosure", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.8.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b9a0751-934f-4830-80c9-39260ec1cb4f?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5b9e037d-30bd-479b-9c4f-4c9082a04e08": { "id": "5b9e037d-30bd-479b-9c4f-4c9082a04e08", "title": "Construct <= 1.4 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Construct", "slug": "construct", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5b9e037d-30bd-479b-9c4f-4c9082a04e08?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ba22ed2-4cc2-4e1e-a475-a697a8bb697d": { "id": "5ba22ed2-4cc2-4e1e-a475-a697a8bb697d", "title": "Side Menu Lite <= 2.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Side Menu Lite \u2013 add sticky fixed buttons", "slug": "side-menu-lite", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ba22ed2-4cc2-4e1e-a475-a697a8bb697d?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ba48e88-6e32-428f-9592-bd955e176765": { "id": "5ba48e88-6e32-428f-9592-bd955e176765", "title": "Mail Masta <= 1.0 - SQL Injection via id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ba48e88-6e32-428f-9592-bd955e176765?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ba5ddf2-8ae2-4bfa-9f15-16425baea6e1": { "id": "5ba5ddf2-8ae2-4bfa-9f15-16425baea6e1", "title": "Multi-page Toolkit <= 2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multi-page Toolkit", "slug": "multi-page-toolkit", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ba5ddf2-8ae2-4bfa-9f15-16425baea6e1?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5badcfc6-aaff-4c8e-8649-98d71d7a47ec": { "id": "5badcfc6-aaff-4c8e-8649-98d71d7a47ec", "title": "Music Request Manager <= 1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Music Request Manager", "slug": "music-request-manager", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5badcfc6-aaff-4c8e-8649-98d71d7a47ec?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bae7516-e9dd-4c0c-b687-9cbe09b4c8bc": { "id": "5bae7516-e9dd-4c0c-b687-9cbe09b4c8bc", "title": "Download Shortcode <= 0.2.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "Download Shortcode", "slug": "download-shortcode", "affected_versions": { "* - 0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bae7516-e9dd-4c0c-b687-9cbe09b4c8bc?source=api-scan" ], "published": "2013-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5baea929-0c46-4a43-b2af-367c0b5037bb": { "id": "5baea929-0c46-4a43-b2af-367c0b5037bb", "title": "EventPrime <= 3.3.5 - Missing Authorization to Private Event Disclosure", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5baea929-0c46-4a43-b2af-367c0b5037bb?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5baec449-59f9-47f3-af80-eb31adeacb7a": { "id": "5baec449-59f9-47f3-af80-eb31adeacb7a", "title": "ActiveDEMAND <= 0.2.41 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ActiveDEMAND", "slug": "activedemand", "affected_versions": { "* - 0.2.41": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5baec449-59f9-47f3-af80-eb31adeacb7a?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bb45de4-2c83-4c77-aec0-f28ade966468": { "id": "5bb45de4-2c83-4c77-aec0-f28ade966468", "title": "CoolClock <= 4.3.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CoolClock \u2013 a Javascript Analog Clock", "slug": "coolclock", "affected_versions": { "[*, 4.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bb45de4-2c83-4c77-aec0-f28ade966468?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bbccacf-0c34-4656-834b-b3b4c0a84abe": { "id": "5bbccacf-0c34-4656-834b-b3b4c0a84abe", "title": "Slideshow, Image Slider by 2J <= 1.3.54 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow, Image Slider by 2J", "slug": "2j-slideshow", "affected_versions": { "* - 1.3.54": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.54", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bbccacf-0c34-4656-834b-b3b4c0a84abe?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bbd8851-09ae-40a1-ba88-0a2c439f102d": { "id": "5bbd8851-09ae-40a1-ba88-0a2c439f102d", "title": "Ultimate Auction <= 4.0.5 - Cross-Site Request Forgery and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate WordPress Auction Plugin", "slug": "ultimate-auction", "affected_versions": { "* - 4.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bbd8851-09ae-40a1-ba88-0a2c439f102d?source=api-scan" ], "published": "2019-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bc03b4a-f7ec-4827-b914-0560b9268b6f": { "id": "5bc03b4a-f7ec-4827-b914-0560b9268b6f", "title": "Front User Submit | Front Editor <= 3.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Guest posting \/ Frontend Posting wordpress plugin \u2013 WP Front User Submit \/ Front Editor", "slug": "front-editor", "affected_versions": { "[*, 3.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bc03b4a-f7ec-4827-b914-0560b9268b6f?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bc531a3-e246-4f2e-8657-bbdfb91dbf39": { "id": "5bc531a3-e246-4f2e-8657-bbdfb91dbf39", "title": "Smart Manager - WooCommerce Advanced Bulk Edit, Inventory Management & more... <= 8.27.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) \u2013 Smart Manager", "slug": "smart-manager-for-wp-e-commerce", "affected_versions": { "* - 8.27.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.27.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.28.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bc531a3-e246-4f2e-8657-bbdfb91dbf39?source=api-scan" ], "published": "2024-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bc6d354-65f5-4c1e-8a43-a6ddd1280a2f": { "id": "5bc6d354-65f5-4c1e-8a43-a6ddd1280a2f", "title": "MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "MainWP Rocket Extension", "slug": "mainwp-rocket-extension", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bc6d354-65f5-4c1e-8a43-a6ddd1280a2f?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bd03cd0-34f0-491c-8247-79656eba32a8": { "id": "5bd03cd0-34f0-491c-8247-79656eba32a8", "title": "Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Favorites", "slug": "favorites", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bd03cd0-34f0-491c-8247-79656eba32a8?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bd06e1e-505d-491e-a92b-61d390c97ea8": { "id": "5bd06e1e-505d-491e-a92b-61d390c97ea8", "title": "Homepage Product Organizer for WooCommerce <= 1.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Homepage Product Organizer for WooCommerce", "slug": "homepage-product-organizer-for-woocommerce", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bd06e1e-505d-491e-a92b-61d390c97ea8?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bd58f59-09c2-417c-89ea-5906d413288c": { "id": "5bd58f59-09c2-417c-89ea-5906d413288c", "title": "Quiz And Survey Master <= 7.1.11 - Authenticated SQL injection via shortcode", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bd58f59-09c2-417c-89ea-5906d413288c?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bd803c7-c120-4967-84e3-5f97fc35a79e": { "id": "5bd803c7-c120-4967-84e3-5f97fc35a79e", "title": "Digital Publications by Supsystic <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Flipbook by Supsystic", "slug": "digital-publications-by-supsystic", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bd803c7-c120-4967-84e3-5f97fc35a79e?source=api-scan" ], "published": "2022-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bdba43c-0156-4a6b-b7b9-3f74b506e8f8": { "id": "5bdba43c-0156-4a6b-b7b9-3f74b506e8f8", "title": "Contact Form <= 2.0.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form", "slug": "contact-form-ready", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bdba43c-0156-4a6b-b7b9-3f74b506e8f8?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5be1b4b2-4b33-45d7-82fd-b4d51e16535c": { "id": "5be1b4b2-4b33-45d7-82fd-b4d51e16535c", "title": "Charitable <= 1.5.13 - Unauthorized Access to Information Disclosure", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "[*, 1.5.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5be1b4b2-4b33-45d7-82fd-b4d51e16535c?source=api-scan" ], "published": "2018-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5be2c2e7-f982-410d-a5dc-f3ef976dff02": { "id": "5be2c2e7-f982-410d-a5dc-f3ef976dff02", "title": "Subscribe To Comments Reloaded <= 211130 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Subscribe To Comments Reloaded", "slug": "subscribe-to-comments-reloaded", "affected_versions": { "* - 211130": { "from_version": "*", "from_inclusive": true, "to_version": "211130", "to_inclusive": true } }, "patched": true, "patched_versions": [ "220502" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5be2c2e7-f982-410d-a5dc-f3ef976dff02?source=api-scan" ], "published": "2022-04-29 12:07:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5be89866-f60d-4cc6-ac00-80ad15a07fe3": { "id": "5be89866-f60d-4cc6-ac00-80ad15a07fe3", "title": "WP-Ban <= 1.69 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Ban", "slug": "wp-ban", "affected_versions": { "* - 1.69": { "from_version": "*", "from_inclusive": true, "to_version": "1.69", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.69.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5be89866-f60d-4cc6-ac00-80ad15a07fe3?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5be9d0ff-5d9c-4e80-a4d7-66ef4859a959": { "id": "5be9d0ff-5d9c-4e80-a4d7-66ef4859a959", "title": "PeproDev Ultimate Invoice <= 1.9.7 - Unauthenticated Sensitive Information Exposure via init_plugin", "software": [ { "type": "plugin", "name": "PeproDev Ultimate Invoice", "slug": "pepro-ultimate-invoice", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5be9d0ff-5d9c-4e80-a4d7-66ef4859a959?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bea454e-bd1a-4cdf-acec-7bf15f6a6cda": { "id": "5bea454e-bd1a-4cdf-acec-7bf15f6a6cda", "title": "Extensions for Elementor <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Extensions for Elementor", "slug": "extensions-for-elementor", "affected_versions": { "* - 2.0.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bea454e-bd1a-4cdf-acec-7bf15f6a6cda?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5beb0f93-baa7-4400-ab40-d63f3430169e": { "id": "5beb0f93-baa7-4400-ab40-d63f3430169e", "title": "Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Events Rich Snippets for Google", "slug": "rich-snippets-vevents", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5beb0f93-baa7-4400-ab40-d63f3430169e?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bf0267d-b84f-4ad2-8bb3-cc2aa4996af1": { "id": "5bf0267d-b84f-4ad2-8bb3-cc2aa4996af1", "title": "PostmagThemes Demo Import <= 1.0.6 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "PostmagThemes Demo Import", "slug": "postmagthemes-demo-import", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bf0267d-b84f-4ad2-8bb3-cc2aa4996af1?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bf209b8-7c12-4fc3-af7f-4fd25777caab": { "id": "5bf209b8-7c12-4fc3-af7f-4fd25777caab", "title": "WP Full Auto Tags Manager <= 2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Full Auto Tags Manager", "slug": "wp-full-auto-tags-manager", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bf209b8-7c12-4fc3-af7f-4fd25777caab?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bf4ffaa-5192-4fb6-95d0-d19c4fe45b93": { "id": "5bf4ffaa-5192-4fb6-95d0-d19c4fe45b93", "title": "Chat Bee <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chat Bee", "slug": "chat-bee", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bf4ffaa-5192-4fb6-95d0-d19c4fe45b93?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bf6d60f-57ac-4cbc-895f-a7db548cbf67": { "id": "5bf6d60f-57ac-4cbc-895f-a7db548cbf67", "title": "Api2Cart Bridge Connector <= 1.1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Api2Cart Bridge Connector", "slug": "api2cart-bridge-connector", "affected_versions": { "1.1.0": { "from_version": "1.1.0", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bf6d60f-57ac-4cbc-895f-a7db548cbf67?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bfd1650-0cc1-4b1c-9fc2-c940d841a147": { "id": "5bfd1650-0cc1-4b1c-9fc2-c940d841a147", "title": "WordPress Core < 1.5.2 - Full Path Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bfd1650-0cc1-4b1c-9fc2-c940d841a147?source=api-scan" ], "published": "2006-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bfe0a05-6bf9-4acc-bf9d-05079c3b3664": { "id": "5bfe0a05-6bf9-4acc-bf9d-05079c3b3664", "title": "Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.11.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bfe0a05-6bf9-4acc-bf9d-05079c3b3664?source=api-scan" ], "published": "2024-07-26 22:45:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5bfedb93-76e6-4d3f-bf44-1e6d8947c7d1": { "id": "5bfedb93-76e6-4d3f-bf44-1e6d8947c7d1", "title": "WP Job Board <= 4.4.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Job Board", "slug": "wpjobboard", "affected_versions": { "[*, 4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5bfedb93-76e6-4d3f-bf44-1e6d8947c7d1?source=api-scan" ], "published": "2018-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c024c77-31a8-45b8-9fcb-7ba729bec32c": { "id": "5c024c77-31a8-45b8-9fcb-7ba729bec32c", "title": "GraceMedia Media Player <= 1.0 - Local File Inclusion", "software": [ { "type": "plugin", "name": "GraceMedia Media Player", "slug": "gracemedia-media-player", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c024c77-31a8-45b8-9fcb-7ba729bec32c?source=api-scan" ], "published": "2019-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c068079-0857-4116-8edb-1bc2fea3c6b7": { "id": "5c068079-0857-4116-8edb-1bc2fea3c6b7", "title": "WooLentor <= 2.6.2 - Cross-Site Request Forgery via process_data", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c068079-0857-4116-8edb-1bc2fea3c6b7?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c0963b2-210b-4dca-96a8-d048e4c53b5b": { "id": "5c0963b2-210b-4dca-96a8-d048e4c53b5b", "title": "Mime Types Extended <= 0.11 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Mime Types Extended", "slug": "mime-types-extended", "affected_versions": { "0.11": { "from_version": "0.11", "from_inclusive": true, "to_version": "0.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c0963b2-210b-4dca-96a8-d048e4c53b5b?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c1464ab-217e-4c66-94f8-49376755dba7": { "id": "5c1464ab-217e-4c66-94f8-49376755dba7", "title": "WPFunnels <= 2.7.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels", "slug": "wpfunnels", "affected_versions": { "* - 2.7.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c1464ab-217e-4c66-94f8-49376755dba7?source=api-scan" ], "published": "2023-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c17678e-6598-4e80-b121-beae822b9f81": { "id": "5c17678e-6598-4e80-b121-beae822b9f81", "title": "Sermon'e \u2013 Sermons Online <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sermon'e \u2013 Sermons Online", "slug": "sermone-online-sermons-management", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c17678e-6598-4e80-b121-beae822b9f81?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c17b388-1f9a-473f-a71b-a3f72bdf301b": { "id": "5c17b388-1f9a-473f-a71b-a3f72bdf301b", "title": "WP Snap App <= 1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Snap App", "slug": "wpsnapapp", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c17b388-1f9a-473f-a71b-a3f72bdf301b?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c18a9b8-5041-4451-a3cc-91952c234d9c": { "id": "5c18a9b8-5041-4451-a3cc-91952c234d9c", "title": "Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting via PHP_SELF", "software": [ { "type": "plugin", "name": "Cornerstone", "slug": "cornerstone", "affected_versions": { "* - 0.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c18a9b8-5041-4451-a3cc-91952c234d9c?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c1d671c-017e-454b-8aa3-86f6d396b437": { "id": "5c1d671c-017e-454b-8aa3-86f6d396b437", "title": "Widgets Controller <= 1.1 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widgets Controller", "slug": "widgets-controller", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c1d671c-017e-454b-8aa3-86f6d396b437?source=api-scan" ], "published": "2024-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c1e6685-44a7-452e-89ab-b9fffb65a12b": { "id": "5c1e6685-44a7-452e-89ab-b9fffb65a12b", "title": "WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Unauthenticated Settings Import\/Export", "software": [ { "type": "plugin", "name": "WooCommerce Dynamic Pricing and Discounts", "slug": "wc-dynamic-pricing-and-discounts", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=api-scan" ], "published": "2021-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c24ee66-7b57-4e4c-bbb5-0451fc24ce4b": { "id": "5c24ee66-7b57-4e4c-bbb5-0451fc24ce4b", "title": "Newsletter <= 8.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 8.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c24ee66-7b57-4e4c-bbb5-0451fc24ce4b?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c275b40-1155-4a86-8854-b0660e117fcb": { "id": "5c275b40-1155-4a86-8854-b0660e117fcb", "title": "Simple Staff List <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Staff List", "slug": "simple-staff-list", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c275b40-1155-4a86-8854-b0660e117fcb?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c2cc9a3-cd20-4c9e-baa4-1aea69f84331": { "id": "5c2cc9a3-cd20-4c9e-baa4-1aea69f84331", "title": "WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce", "slug": "wc-multivendor-marketplace", "affected_versions": { "* - 3.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c2cc9a3-cd20-4c9e-baa4-1aea69f84331?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c31072d-9921-4bef-809c-b97a1020a2cf": { "id": "5c31072d-9921-4bef-809c-b97a1020a2cf", "title": "Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 6.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c31072d-9921-4bef-809c-b97a1020a2cf?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c39fded-8b32-463f-9d22-adb371ca217e": { "id": "5c39fded-8b32-463f-9d22-adb371ca217e", "title": "Car Dealer Automotive WordPress Theme < 1.1.9 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Car Dealer Automotive WordPress Theme \u2013 Responsive", "slug": "cardealer", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c39fded-8b32-463f-9d22-adb371ca217e?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c402fcf-0c02-4a5e-89a9-8a1ddaa630d0": { "id": "5c402fcf-0c02-4a5e-89a9-8a1ddaa630d0", "title": "Grow Social <= 1.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons", "slug": "social-pug", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c402fcf-0c02-4a5e-89a9-8a1ddaa630d0?source=api-scan" ], "published": "2016-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c408a27-7ed9-4106-8b65-9169ecc0e6f5": { "id": "5c408a27-7ed9-4106-8b65-9169ecc0e6f5", "title": "NextGen Cu3er Gallery <= 0.1 - Multiple Full Path Disclosures", "software": [ { "type": "plugin", "name": "NextGen Cu3er Gallery", "slug": "nextgen-cu3er-gallery", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c408a27-7ed9-4106-8b65-9169ecc0e6f5?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c42a966-0035-4c12-8aa1-226a0157d98f": { "id": "5c42a966-0035-4c12-8aa1-226a0157d98f", "title": "WP eCommerce <= 3.8.9 - SQL Injection", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "* - 3.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c42a966-0035-4c12-8aa1-226a0157d98f?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c482b6e-ce1e-46e2-8847-10c485594448": { "id": "5c482b6e-ce1e-46e2-8847-10c485594448", "title": "Quiz And Survey Master <= 8.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c482b6e-ce1e-46e2-8847-10c485594448?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c4e8106-6e0b-4b0b-a693-f30bfe87ff92": { "id": "5c4e8106-6e0b-4b0b-a693-f30bfe87ff92", "title": "Booking.com Banner Creator <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking.com Banner Creator", "slug": "bookingcom-banner-creator", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c4e8106-6e0b-4b0b-a693-f30bfe87ff92?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c4fb14c-de6d-4247-8f83-050f1350f6a2": { "id": "5c4fb14c-de6d-4247-8f83-050f1350f6a2", "title": "WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-UserOnline", "slug": "wp-useronline", "affected_versions": { "* - 2.88.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.88.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.88.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c50b451-519c-4da8-93ce-b84e594e6775": { "id": "5c50b451-519c-4da8-93ce-b84e594e6775", "title": "Advanced Access Manager <= 6.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "* - 6.9.15": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c50b451-519c-4da8-93ce-b84e594e6775?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c517278-9d2a-4ef6-bf0e-a62f6b00dd20": { "id": "5c517278-9d2a-4ef6-bf0e-a62f6b00dd20", "title": "140+ Widgets | Best Addons For Elementor \u2013 FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "140+ Widgets | Xpro Addons For Elementor \u2013 FREE", "slug": "xpro-elementor-addons", "affected_versions": { "* - 1.4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c517278-9d2a-4ef6-bf0e-a62f6b00dd20?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c51f55f-6e8c-467c-999b-4e6a1a6f7bbc": { "id": "5c51f55f-6e8c-467c-999b-4e6a1a6f7bbc", "title": "WC Fields Factory <= 4.1.5 - Authenticated(Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WC Fields Factory", "slug": "wc-fields-factory", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c51f55f-6e8c-467c-999b-4e6a1a6f7bbc?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c59cfc2-2a2c-4b0b-88f7-f6a96caa25c4": { "id": "5c59cfc2-2a2c-4b0b-88f7-f6a96caa25c4", "title": "Admin Pack by SITE CASEIRO <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Pack by SITE CASEIRO", "slug": "admin-pack-by-site-caseiro", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c59cfc2-2a2c-4b0b-88f7-f6a96caa25c4?source=api-scan" ], "published": "2015-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c5b6501-23c5-401b-815d-1729594e6a59": { "id": "5c5b6501-23c5-401b-815d-1729594e6a59", "title": "Social LikeBox & Feed <= 2.8.4 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social LikeBox & Feed", "slug": "facebook-by-weblizar", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c5b6501-23c5-401b-815d-1729594e6a59?source=api-scan" ], "published": "2019-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671": { "id": "5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671", "title": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode", "software": [ { "type": "plugin", "name": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce", "slug": "wp-cafe", "affected_versions": { "* - 2.2.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671?source=api-scan" ], "published": "2024-06-24 16:59:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c637882-1854-4502-9907-88053d141cfc": { "id": "5c637882-1854-4502-9907-88053d141cfc", "title": "WP Cumulus < 1.22 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Cumulus", "slug": "wp-cumulus", "affected_versions": { "[*, 1.22)": { "from_version": "*", "from_inclusive": true, "to_version": "1.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c637882-1854-4502-9907-88053d141cfc?source=api-scan" ], "published": "2009-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c6a88c3-18b7-470f-8014-373ead66dcfa": { "id": "5c6a88c3-18b7-470f-8014-373ead66dcfa", "title": "Blog-in-Blog <= 1.1.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Blog-in-Blog", "slug": "blog-in-blog", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c6a88c3-18b7-470f-8014-373ead66dcfa?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c6a9cfc-0b30-456e-bac5-4ad79cd08dce": { "id": "5c6a9cfc-0b30-456e-bac5-4ad79cd08dce", "title": "Injection Guard <= 1.2.1 - Missing Authorization via ig_update", "software": [ { "type": "plugin", "name": "Injection Guard", "slug": "injection-guard", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c6a9cfc-0b30-456e-bac5-4ad79cd08dce?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c6ac166-d8ad-4ee0-b637-91816cb41eca": { "id": "5c6ac166-d8ad-4ee0-b637-91816cb41eca", "title": "Foxiz <= 2.3.5 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "theme", "name": "Foxiz", "slug": "foxiz", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c6ac166-d8ad-4ee0-b637-91816cb41eca?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c6f4890-8bc9-4ead-8d69-478fa51c2176": { "id": "5c6f4890-8bc9-4ead-8d69-478fa51c2176", "title": "W-DALIL <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "W-DALIL", "slug": "w-dalil", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c6f4890-8bc9-4ead-8d69-478fa51c2176?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c71dc22-0b1b-4628-bbab-4154714e8804": { "id": "5c71dc22-0b1b-4628-bbab-4154714e8804", "title": "weForms <= 1.6.20 - Missing Authorization", "software": [ { "type": "plugin", "name": "weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress", "slug": "weforms", "affected_versions": { "* - 1.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c71dc22-0b1b-4628-bbab-4154714e8804?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c75c156-225c-465a-8d03-35a6669e9c04": { "id": "5c75c156-225c-465a-8d03-35a6669e9c04", "title": "Calculated Fields Form <= 1.0.11 - Cross-Site Request Forgery to SQL Injection", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c75c156-225c-465a-8d03-35a6669e9c04?source=api-scan" ], "published": "2015-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c76871e-b774-4284-ad00-f8ef7f6df389": { "id": "5c76871e-b774-4284-ad00-f8ef7f6df389", "title": "HollerBox <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fast & Effective Popups & Lead-Generation for WordPress \u2013 HollerBox", "slug": "holler-box", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c76871e-b774-4284-ad00-f8ef7f6df389?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c79cbc1-4d8f-4330-b063-e5987238fca1": { "id": "5c79cbc1-4d8f-4330-b063-e5987238fca1", "title": "WordPress Countdown Widget <= 3.1.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Countdown Widget", "slug": "wordpress-countdown-widget", "affected_versions": { "* - 3.1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c79cbc1-4d8f-4330-b063-e5987238fca1?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c79d861-e2e8-4fca-883f-79401544b0b1": { "id": "5c79d861-e2e8-4fca-883f-79401544b0b1", "title": "RLSWordPressSearch (All Versions) - SQL Injection", "software": [ { "type": "plugin", "name": "RLSWordPressSearch", "slug": "RLSWordPressSearch", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c79d861-e2e8-4fca-883f-79401544b0b1?source=api-scan" ], "published": "2013-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c7d4401-33aa-43c4-8659-a5664b3cf1da": { "id": "5c7d4401-33aa-43c4-8659-a5664b3cf1da", "title": "WP Ultimate Recipe < 3.12.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Ultimate Recipe", "slug": "wp-ultimate-recipe", "affected_versions": { "[*, 3.12.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c7d4401-33aa-43c4-8659-a5664b3cf1da?source=api-scan" ], "published": "2019-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c7edfad-b45b-4297-876d-a063e02af0bf": { "id": "5c7edfad-b45b-4297-876d-a063e02af0bf", "title": "Top 10 \u2013 Popular posts plugin for WordPress <= 3.2.3 - Cross-Site Request Forgery via tptn_ajax_clearcache", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c7edfad-b45b-4297-876d-a063e02af0bf?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c830689-70bd-42cc-a385-fe8552f342a0": { "id": "5c830689-70bd-42cc-a385-fe8552f342a0", "title": "Community Lite Video Chat < 1.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Community Lite Video Chat", "slug": "avchat-3", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c830689-70bd-42cc-a385-fe8552f342a0?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c8404d2-7b37-40df-b756-328f827f273d": { "id": "5c8404d2-7b37-40df-b756-328f827f273d", "title": "Integration for Contact Form 7 and Constant Contact <= 1.1.4 - Open Redirect", "software": [ { "type": "plugin", "name": "Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "cf7-constant-contact", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c8404d2-7b37-40df-b756-328f827f273d?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c852fa1-698b-4e72-b781-095e2a98df81": { "id": "5c852fa1-698b-4e72-b781-095e2a98df81", "title": "Clock In Portal <= 2.1 - Cross-Site Request Forgery to Holidays Deletion", "software": [ { "type": "plugin", "name": "Clock In Portal- Staff & Attendance Management", "slug": "clock-in-portal", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c852fa1-698b-4e72-b781-095e2a98df81?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c8a4708-eb74-45e1-ba47-e245491a8c2f": { "id": "5c8a4708-eb74-45e1-ba47-e245491a8c2f", "title": "WP Mail Logging <= 1.8.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Mail Logging", "slug": "wp-mail-logging", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c8a4708-eb74-45e1-ba47-e245491a8c2f?source=api-scan" ], "published": "2017-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c8b91c7-c5e9-4d39-a9ea-ed16d26031a4": { "id": "5c8b91c7-c5e9-4d39-a9ea-ed16d26031a4", "title": "Simple Responsive Slider <= 0.2.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Responsive Slider", "slug": "simple-responsive-slider", "affected_versions": { "* - 0.2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c8b91c7-c5e9-4d39-a9ea-ed16d26031a4?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c8caf17-7844-4f26-b989-d29593b3ffda": { "id": "5c8caf17-7844-4f26-b989-d29593b3ffda", "title": "Fluid Checkout for WooCommerce \u2013 Lite <= 2.3.1 - Cross-Site Request Forgery via dismiss_notice", "software": [ { "type": "plugin", "name": "Fluid Checkout for WooCommerce \u2013 Lite", "slug": "fluid-checkout", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c8caf17-7844-4f26-b989-d29593b3ffda?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c92beb0-1fcf-4352-bd34-00e31b265c04": { "id": "5c92beb0-1fcf-4352-bd34-00e31b265c04", "title": "Ultimate Responsive Image Slider <= 3.5.11 - Missing Authorization via AJAX action", "software": [ { "type": "plugin", "name": "Slider \u2013 Ultimate Responsive Image Slider", "slug": "ultimate-responsive-image-slider", "affected_versions": { "* - 3.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c92beb0-1fcf-4352-bd34-00e31b265c04?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c9a23a3-5eb5-4f5b-bf32-c9d163426f29": { "id": "5c9a23a3-5eb5-4f5b-bf32-c9d163426f29", "title": "LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection", "software": [ { "type": "plugin", "name": "LatePoint Plugin", "slug": "latepoint", "affected_versions": { "* - 5.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=api-scan" ], "published": "2024-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c9a5613-770f-4294-997e-17fd5194ab70": { "id": "5c9a5613-770f-4294-997e-17fd5194ab70", "title": "Custom Permalinks <= 1.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Custom Permalinks", "slug": "custom-permalinks", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c9a5613-770f-4294-997e-17fd5194ab70?source=api-scan" ], "published": "2018-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5c9d08f5-7c94-40e7-979f-023456aeb54e": { "id": "5c9d08f5-7c94-40e7-979f-023456aeb54e", "title": "Event Tickets and Registration <= 5.8.0 Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure", "software": [ { "type": "plugin", "name": "Events Tickets Plus", "slug": "event-tickets-plus", "affected_versions": { "* - 5.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.1" ] }, { "type": "plugin", "name": "Event Tickets and Registration", "slug": "event-tickets", "affected_versions": { "* - 5.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5c9d08f5-7c94-40e7-979f-023456aeb54e?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ca1c55a-cd4e-429a-ab74-dd1bad1a65f5": { "id": "5ca1c55a-cd4e-429a-ab74-dd1bad1a65f5", "title": "SupportCandy <= 3.1.4 - Unauthenticated SQL Injection via parse_user_filters", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ca1c55a-cd4e-429a-ab74-dd1bad1a65f5?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ca21247-c443-4808-8397-790669453bfc": { "id": "5ca21247-c443-4808-8397-790669453bfc", "title": "Schema & Structured Data for WP & AMP <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Schema & Structured Data for WP & AMP", "slug": "schema-and-structured-data-for-wp", "affected_versions": { "* - 1.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ca21247-c443-4808-8397-790669453bfc?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ca7b7c0-a94e-47ff-996d-4c7bbd62f0de": { "id": "5ca7b7c0-a94e-47ff-996d-4c7bbd62f0de", "title": "Easy Google Maps <= 1.11.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Google Maps", "slug": "google-maps-easy", "affected_versions": { "* - 1.11.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ca7b7c0-a94e-47ff-996d-4c7bbd62f0de?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5caa9c7c-07b3-4288-803f-f60e5b428953": { "id": "5caa9c7c-07b3-4288-803f-f60e5b428953", "title": "Contact Form by WPForms \u2013 Drag & Drop Form Builder for WordPress <= 1.4.7.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More", "slug": "wpforms-lite", "affected_versions": { "[*, 1.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5caa9c7c-07b3-4288-803f-f60e5b428953?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cb5368f-99b1-43e3-a2e4-67e90c8edfcf": { "id": "5cb5368f-99b1-43e3-a2e4-67e90c8edfcf", "title": "Share This Image <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter", "software": [ { "type": "plugin", "name": "Share This Image", "slug": "share-this-image", "affected_versions": { "* - 2.01": { "from_version": "*", "from_inclusive": true, "to_version": "2.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf?source=api-scan" ], "published": "2024-08-30 20:12:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cb79fbc-705a-4fb4-b441-7fe7ab6dea10": { "id": "5cb79fbc-705a-4fb4-b441-7fe7ab6dea10", "title": "Bulk NoIndex & NoFollow Toolkit <= 1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Bulk NoIndex & NoFollow Toolkit", "slug": "bulk-noindex-nofollow-toolkit-by-mad-fish", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cb79fbc-705a-4fb4-b441-7fe7ab6dea10?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cba7026-04e4-4ace-9298-0177902b7529": { "id": "5cba7026-04e4-4ace-9298-0177902b7529", "title": "Newsletters <= 4.6.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.6.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cba7026-04e4-4ace-9298-0177902b7529?source=api-scan" ], "published": "2017-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cba9501-2eb1-4702-889c-d0f4777e72e9": { "id": "5cba9501-2eb1-4702-889c-d0f4777e72e9", "title": "Super Store Finder <= 6.9.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Super Store Finder", "slug": "superstorefinder-wp", "affected_versions": { "* - 6.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cba9501-2eb1-4702-889c-d0f4777e72e9?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cbb8495-70e0-48cc-84d9-6d3cf3ec5355": { "id": "5cbb8495-70e0-48cc-84d9-6d3cf3ec5355", "title": "WebP Converter for Media \u2013 Convert WebP and AVIF & Optimize Images <= 1.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Converter for Media \u2013 Optimize images | Convert WebP & AVIF", "slug": "webp-converter-for-media", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cbb8495-70e0-48cc-84d9-6d3cf3ec5355?source=api-scan" ], "published": "2019-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cbbce9e-bfb5-49b3-9829-1f90e0d8f517": { "id": "5cbbce9e-bfb5-49b3-9829-1f90e0d8f517", "title": "WP User Groups <= 2.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP User Groups", "slug": "wp-user-groups", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cbbce9e-bfb5-49b3-9829-1f90e0d8f517?source=api-scan" ], "published": "2018-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cbcb659-6732-4893-b6a0-52a558cea351": { "id": "5cbcb659-6732-4893-b6a0-52a558cea351", "title": "WOOCS <= 1.3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cbcb659-6732-4893-b6a0-52a558cea351?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cbd6040-0446-41fe-8fef-c9065beeaa3a": { "id": "5cbd6040-0446-41fe-8fef-c9065beeaa3a", "title": "ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ND Shortcodes", "slug": "nd-shortcodes", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cbd6040-0446-41fe-8fef-c9065beeaa3a?source=api-scan" ], "published": "2024-05-24 11:33:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cbf597e-7a2f-416c-8969-3679b487f57a": { "id": "5cbf597e-7a2f-416c-8969-3679b487f57a", "title": "WooCommerce <= 6.2.0 - Path Traversal via Tax Importer", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 6.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cbf597e-7a2f-416c-8969-3679b487f57a?source=api-scan" ], "published": "2022-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cc590fe-94c8-47cc-bd5b-eef70da138b1": { "id": "5cc590fe-94c8-47cc-bd5b-eef70da138b1", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.7 - Open Redirect", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cc590fe-94c8-47cc-bd5b-eef70da138b1?source=api-scan" ], "published": "2022-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ccd7f4e-46c6-4783-9a3f-30c72bbc981e": { "id": "5ccd7f4e-46c6-4783-9a3f-30c72bbc981e", "title": "WP Database Backup <= 5.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "* - 5.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ccd7f4e-46c6-4783-9a3f-30c72bbc981e?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ccece54-18fa-42e4-ba1a-d0879b73d66d": { "id": "5ccece54-18fa-42e4-ba1a-d0879b73d66d", "title": "Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.986": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.986", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.987" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ccece54-18fa-42e4-ba1a-d0879b73d66d?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ccfafaf-902f-4142-90b3-9f70800eb377": { "id": "5ccfafaf-902f-4142-90b3-9f70800eb377", "title": "Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion", "software": [ { "type": "plugin", "name": "Front End Users", "slug": "front-end-only-users", "affected_versions": { "* - 3.2.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ccfafaf-902f-4142-90b3-9f70800eb377?source=api-scan" ], "published": "2023-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cd0e015-abf2-4905-8b42-46b685be2c74": { "id": "5cd0e015-abf2-4905-8b42-46b685be2c74", "title": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.7.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cd0e015-abf2-4905-8b42-46b685be2c74?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cd5e6f3-b791-48a8-b7eb-42cdd8975530": { "id": "5cd5e6f3-b791-48a8-b7eb-42cdd8975530", "title": "Rich Reviews by Starfish <= 1.9.14 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Rich Reviews by Starfish", "slug": "rich-reviews", "affected_versions": { "* - 1.9.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cd5e6f3-b791-48a8-b7eb-42cdd8975530?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cdbd5fd-bb12-4202-b6c7-f314ad8987f5": { "id": "5cdbd5fd-bb12-4202-b6c7-f314ad8987f5", "title": "Client Invoicing by Sprout Invoices \u2013 Easy Estimates and Invoices for WordPress <= 9.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Client Invoicing by Sprout Invoices \u2013 Easy Estimates and Invoices for WordPress", "slug": "sprout-invoices", "affected_versions": { "* - 9.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cdbd5fd-bb12-4202-b6c7-f314ad8987f5?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cdd64a4-040b-4dc9-a8df-dbecfeb928c8": { "id": "5cdd64a4-040b-4dc9-a8df-dbecfeb928c8", "title": "Download Manager <= 3.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.85": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.85", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.86" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cde239c-20bf-41fa-b7d6-e21b14dcbc22": { "id": "5cde239c-20bf-41fa-b7d6-e21b14dcbc22", "title": "Shareaholic <= 9.7.11 - Missing Authorization via accept_terms_of_service", "software": [ { "type": "plugin", "name": "Professional Social Sharing Buttons, Icons & Related Posts \u2013 Shareaholic", "slug": "shareaholic", "affected_versions": { "* - 9.7.11": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cde239c-20bf-41fa-b7d6-e21b14dcbc22?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ce039db-b597-4bbf-8067-933a262ae1b6": { "id": "5ce039db-b597-4bbf-8067-933a262ae1b6", "title": "WP Job Portal <= 2.0.1 - Missing Authorization to Settings Modification", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ce039db-b597-4bbf-8067-933a262ae1b6?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ce22e5b-7f5c-41be-a50e-dc8100348122": { "id": "5ce22e5b-7f5c-41be-a50e-dc8100348122", "title": "Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Olevmedia Shortcodes", "slug": "olevmedia-shortcodes", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ce22e5b-7f5c-41be-a50e-dc8100348122?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ce70e87-6dee-4d4a-b2fc-93fd4d50957d": { "id": "5ce70e87-6dee-4d4a-b2fc-93fd4d50957d", "title": "hCaptcha for WordPress <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode", "software": [ { "type": "plugin", "name": "hCaptcha for WP", "slug": "hcaptcha-for-forms-and-more", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ce70e87-6dee-4d4a-b2fc-93fd4d50957d?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ce729a2-a106-45ab-b96c-cfe75246def7": { "id": "5ce729a2-a106-45ab-b96c-cfe75246def7", "title": "Opal Estate <= 1.6.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "Opal Estate", "slug": "opal-estate", "affected_versions": { "* - 1.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ce729a2-a106-45ab-b96c-cfe75246def7?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ce9dd21-3c89-4ddd-9022-f1edf1224e2d": { "id": "5ce9dd21-3c89-4ddd-9022-f1edf1224e2d", "title": "WordPress Mortgage Calculator Estatik <= 2.0.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Estatik Mortgage Calculator", "slug": "estatik-mortgage-calculator", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ce9dd21-3c89-4ddd-9022-f1edf1224e2d?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ceb8f67-0c7a-4028-81b9-f2cdbcba1a80": { "id": "5ceb8f67-0c7a-4028-81b9-f2cdbcba1a80", "title": "LuckyWP Table of Contents <= 2.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LuckyWP Table of Contents", "slug": "luckywp-table-of-contents", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ceb8f67-0c7a-4028-81b9-f2cdbcba1a80?source=api-scan" ], "published": "2024-05-21 19:04:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ceba1b2-2d39-4561-838b-b46e758517a3": { "id": "5ceba1b2-2d39-4561-838b-b46e758517a3", "title": "WordPress Core < 5.3.1 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.31": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.31", "to_inclusive": true }, "3.8 - 3.8.31": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.31", "to_inclusive": true }, "3.9 - 3.9.29": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.29", "to_inclusive": true }, "4.0 - 4.0.28": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.28", "to_inclusive": true }, "4.1 - 4.1.28": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.28", "to_inclusive": true }, "4.2 - 4.2.25": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.25", "to_inclusive": true }, "4.3 - 4.3.21": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.21", "to_inclusive": true }, "4.4 - 4.4.20": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.20", "to_inclusive": true }, "4.5 - 4.5.19": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.19", "to_inclusive": true }, "4.6 - 4.6.16": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.16", "to_inclusive": true }, "4.7 - 4.7.15": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.15", "to_inclusive": true }, "4.8 - 4.8.11": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.11", "to_inclusive": true }, "4.9 - 4.9.12": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.12", "to_inclusive": true }, "5.0 - 5.0.7": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true }, "5.1 - 5.1.3": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true }, "5.2 - 5.2.4": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": true }, "5.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.32", "3.8.32", "3.9.30", "4.0.29", "4.1.29", "4.2.26", "4.3.22", "4.4.21", "4.5.20", "4.6.17", "4.7.16", "4.8.12", "4.9.13", "5.0.8", "5.1.4", "5.2.5", "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ceba1b2-2d39-4561-838b-b46e758517a3?source=api-scan" ], "published": "2019-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cf17465-59a9-475d-bd1a-9e3623190926": { "id": "5cf17465-59a9-475d-bd1a-9e3623190926", "title": "Themify Ultra <= 7.3.5 - Missing Authorization", "software": [ { "type": "theme", "name": "Themify Ultra", "slug": "themify-ultra", "affected_versions": { "* - 7.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cf17465-59a9-475d-bd1a-9e3623190926?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cf62f45-a142-497e-9838-ce0b1b1bb3d3": { "id": "5cf62f45-a142-497e-9838-ce0b1b1bb3d3", "title": "Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation", "software": [ { "type": "plugin", "name": "Multiline files upload for contact form 7", "slug": "multiline-files-for-contact-form-7", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cf62f45-a142-497e-9838-ce0b1b1bb3d3?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cf7075f-7209-49e6-acf9-6739b178d4dc": { "id": "5cf7075f-7209-49e6-acf9-6739b178d4dc", "title": "WooCommerce PDF Invoices & Packing Slips <= 2.0.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "[*, 2.0.13)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cf7075f-7209-49e6-acf9-6739b178d4dc?source=api-scan" ], "published": "2017-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cf85717-179a-4539-b57d-fccd8d9dda58": { "id": "5cf85717-179a-4539-b57d-fccd8d9dda58", "title": "Category Grid View Gallery <= 2.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Category Grid View Gallery", "slug": "category-grid-view-gallery", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cf85717-179a-4539-b57d-fccd8d9dda58?source=api-scan" ], "published": "2013-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cfc38c0-f940-4c4d-ba7b-0d772146ea2d": { "id": "5cfc38c0-f940-4c4d-ba7b-0d772146ea2d", "title": "Preloader for Website <= 1.2.2 - Missing Authorization via plwao_register_settings()", "software": [ { "type": "plugin", "name": "Preloader for Website", "slug": "preloader-for-website", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cfc38c0-f940-4c4d-ba7b-0d772146ea2d?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5cfe9ab3-45b8-4ee5-9de1-45182a4fc46f": { "id": "5cfe9ab3-45b8-4ee5-9de1-45182a4fc46f", "title": "OG Tags <= 2.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "OG Tags", "slug": "og-tags", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5cfe9ab3-45b8-4ee5-9de1-45182a4fc46f?source=api-scan" ], "published": "2021-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d01548e-91bf-44db-83dc-10c7d5962f9b": { "id": "5d01548e-91bf-44db-83dc-10c7d5962f9b", "title": "Optimize Database after Deleting Revisions <= 5.0.110 - Cross-Site Request Forgery via 'odb_csv_download'", "software": [ { "type": "plugin", "name": "Optimize Database after Deleting Revisions", "slug": "rvg-optimize-database", "affected_versions": { "* - 5.0.110": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.110", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d01548e-91bf-44db-83dc-10c7d5962f9b?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d03c798-dc77-407c-8674-d0bd2f1ada8c": { "id": "5d03c798-dc77-407c-8674-d0bd2f1ada8c", "title": "Pure Chat \u2013 Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pure Chat \u2013 Live Chat & More!", "slug": "pure-chat", "affected_versions": { "* - 2.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d03c798-dc77-407c-8674-d0bd2f1ada8c?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d07d5e9-be7c-4c16-b931-d909ed8be361": { "id": "5d07d5e9-be7c-4c16-b931-d909ed8be361", "title": "Login with WHMCS <= 1.11.3 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Login with WHMCS", "slug": "miniorange-login-with-whmcs", "affected_versions": { "* - 1.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d07d5e9-be7c-4c16-b931-d909ed8be361?source=api-scan" ], "published": "2022-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d080f5b-6646-47ef-8ae7-8b94270f9f59": { "id": "5d080f5b-6646-47ef-8ae7-8b94270f9f59", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d080f5b-6646-47ef-8ae7-8b94270f9f59?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d096d29-6fdb-4f89-91d3-9ebfc1169f0d": { "id": "5d096d29-6fdb-4f89-91d3-9ebfc1169f0d", "title": "Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "[*, 4.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d096d29-6fdb-4f89-91d3-9ebfc1169f0d?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d0d44bb-a6b9-44cc-ba38-0e28ad318594": { "id": "5d0d44bb-a6b9-44cc-ba38-0e28ad318594", "title": "Trade Runner <= 3.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Trade Runner", "slug": "traderunner", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d0d44bb-a6b9-44cc-ba38-0e28ad318594?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d106394-0dad-4d96-9063-6824fce65bdd": { "id": "5d106394-0dad-4d96-9063-6824fce65bdd", "title": "WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'action=rp'", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "* - 1.5.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d106394-0dad-4d96-9063-6824fce65bdd?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d128197-802c-48fb-8782-eb4e10126e55": { "id": "5d128197-802c-48fb-8782-eb4e10126e55", "title": "WP Tiles <= 1.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WP Tiles", "slug": "wp-tiles", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d128197-802c-48fb-8782-eb4e10126e55?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d166a77-d57b-4827-96ca-b8eb423861f0": { "id": "5d166a77-d57b-4827-96ca-b8eb423861f0", "title": "OAuth Single Sign On \u2013 SSO (OAuth Client) <= 6.23.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "OAuth Single Sign On \u2013 SSO (OAuth Client)", "slug": "miniorange-login-with-eve-online-google-facebook", "affected_versions": { "* - 6.23.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.23.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.23.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d166a77-d57b-4827-96ca-b8eb423861f0?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d173077-06c4-4a23-a664-0be8516053ec": { "id": "5d173077-06c4-4a23-a664-0be8516053ec", "title": "SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SendPress Newsletters", "slug": "sendpress", "affected_versions": { "* - 1.23.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.11.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d173077-06c4-4a23-a664-0be8516053ec?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d178852-53bc-440b-8217-67ae68749349": { "id": "5d178852-53bc-440b-8217-67ae68749349", "title": "WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection", "software": [ { "type": "plugin", "name": "Cookie Consent for WP \u2013 Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)", "slug": "gdpr-cookie-consent", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d178852-53bc-440b-8217-67ae68749349?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d1d012a-46cd-4c86-ac6f-993736a91acb": { "id": "5d1d012a-46cd-4c86-ac6f-993736a91acb", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'statusBulkEdit' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d1d012a-46cd-4c86-ac6f-993736a91acb?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d20eb50-3b54-475f-8a67-8ca61c0474cc": { "id": "5d20eb50-3b54-475f-8a67-8ca61c0474cc", "title": "Selio - Real Estate Directory <= 1.1 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Selio", "slug": "selio", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d20eb50-3b54-475f-8a67-8ca61c0474cc?source=api-scan" ], "published": "2019-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d21aad7-dbee-4204-afbd-0a5fdeaca50e": { "id": "5d21aad7-dbee-4204-afbd-0a5fdeaca50e", "title": "Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Related Posts for WordPress", "slug": "related-posts-for-wp", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d22435f-f0e3-42c3-935b-d26bb1ea846a": { "id": "5d22435f-f0e3-42c3-935b-d26bb1ea846a", "title": "Photo Gallery by 10Web <= 1.6.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d22435f-f0e3-42c3-935b-d26bb1ea846a?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d255ca7-37a5-4c1b-84be-356ae3900f7e": { "id": "5d255ca7-37a5-4c1b-84be-356ae3900f7e", "title": "Block for Font Awesome <= 1.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Block for Font Awesome", "slug": "block-for-font-awesome", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d255ca7-37a5-4c1b-84be-356ae3900f7e?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d276502-6154-468e-b028-eadf29debe56": { "id": "5d276502-6154-468e-b028-eadf29debe56", "title": "Retain Live Chat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Retain Live Chat", "slug": "retain", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d276502-6154-468e-b028-eadf29debe56?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d281333-d9af-4eb7-bc5c-ea7ceeddac03": { "id": "5d281333-d9af-4eb7-bc5c-ea7ceeddac03", "title": "Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=api-scan" ], "published": "2022-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d2d8ba7-269b-4830-8551-c2291199fb67": { "id": "5d2d8ba7-269b-4830-8551-c2291199fb67", "title": "M Chart <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "M Chart", "slug": "m-chart", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d2d8ba7-269b-4830-8551-c2291199fb67?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d350095-125a-4445-89c1-bce437e4098c": { "id": "5d350095-125a-4445-89c1-bce437e4098c", "title": "Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Mollie Payments for WooCommerce", "slug": "mollie-payments-for-woocommerce", "affected_versions": { "* - 7.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d350095-125a-4445-89c1-bce437e4098c?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d3bcd2c-4cdd-4a11-83a5-b727a2b2b6a6": { "id": "5d3bcd2c-4cdd-4a11-83a5-b727a2b2b6a6", "title": "Admin Block Country <= 7.1.4 - Cross-Site Request Forgery via admin_block_country_initial_page", "software": [ { "type": "plugin", "name": "Admin Block Country", "slug": "admin-block-country", "affected_versions": { "* - 7.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d3bcd2c-4cdd-4a11-83a5-b727a2b2b6a6?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d432ea5-9ffd-43da-8988-6dd77b907655": { "id": "5d432ea5-9ffd-43da-8988-6dd77b907655", "title": "myStickymenu <= 2.5.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme \u2013 My Sticky Bar (formerly myStickymenu)", "slug": "mystickymenu", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d432ea5-9ffd-43da-8988-6dd77b907655?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d45d870-dd00-40aa-9e98-4be4d06b3a0a": { "id": "5d45d870-dd00-40aa-9e98-4be4d06b3a0a", "title": "Multi Step Form <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multi Step Form", "slug": "multi-step-form", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d45d870-dd00-40aa-9e98-4be4d06b3a0a?source=api-scan" ], "published": "2022-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d463709-8afd-4db6-bd0a-524d7b27f4ea": { "id": "5d463709-8afd-4db6-bd0a-524d7b27f4ea", "title": "Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Psychological tests & quizzes", "slug": "wp-testing", "affected_versions": { "* - 0.21.19": { "from_version": "*", "from_inclusive": true, "to_version": "0.21.19", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d463709-8afd-4db6-bd0a-524d7b27f4ea?source=api-scan" ], "published": "2022-04-26 13:33:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d4bd61c-858d-457f-a482-77939fe0caf9": { "id": "5d4bd61c-858d-457f-a482-77939fe0caf9", "title": "AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AdSense-Deluxe", "slug": "adsense-deluxe", "affected_versions": { "* - 0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d4bd61c-858d-457f-a482-77939fe0caf9?source=api-scan" ], "published": "2007-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d50e9bb-e357-42d3-b131-468511b8e98a": { "id": "5d50e9bb-e357-42d3-b131-468511b8e98a", "title": "Send Users Email <= 1.4.3 - Sensitive Information Exposure via Error Logs", "software": [ { "type": "plugin", "name": "Send Users Email \u2013 Email Subscribers, Email Marketing Newsletter", "slug": "send-users-email", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d50e9bb-e357-42d3-b131-468511b8e98a?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d54788a-ebfd-4291-94f2-d220fbf9050a": { "id": "5d54788a-ebfd-4291-94f2-d220fbf9050a", "title": "Contact Form 7 Connector <= 1.1.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Connector", "slug": "ari-cf7-connector", "affected_versions": { "* - 1.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d54788a-ebfd-4291-94f2-d220fbf9050a?source=api-scan" ], "published": "2022-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d572cac-b8e3-4c52-9b35-80fe5ee9e900": { "id": "5d572cac-b8e3-4c52-9b35-80fe5ee9e900", "title": "ClickCease Click Fraud Protection <= 3.2.4 - Improper Authorization to sensitive information exposure via get_settings", "software": [ { "type": "plugin", "name": "ClickCease Click Fraud Protection", "slug": "clickcease-click-fraud-protection", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d572cac-b8e3-4c52-9b35-80fe5ee9e900?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d58a6a4-de2c-485f-a8b0-7a7d144fbf3c": { "id": "5d58a6a4-de2c-485f-a8b0-7a7d144fbf3c", "title": "Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Non-Arbitrary User Deletion", "software": [ { "type": "plugin", "name": "Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha", "slug": "feather-login-page", "affected_versions": { "1.0.7 - 1.1.1": { "from_version": "1.0.7", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d58a6a4-de2c-485f-a8b0-7a7d144fbf3c?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d5d9ef7-3832-495c-b61b-7e24c2e60893": { "id": "5d5d9ef7-3832-495c-b61b-7e24c2e60893", "title": "Various Affected Software (Various Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Piwik PRO", "slug": "piwik-pro", "affected_versions": { "0.2.35 - 0.4.3": { "from_version": "0.2.35", "from_inclusive": true, "to_version": "0.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.4" ] }, { "type": "plugin", "name": "Woopra Analytics Plugin", "slug": "woopra", "affected_versions": { "* - 1.4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d5d9ef7-3832-495c-b61b-7e24c2e60893?source=api-scan" ], "published": "2009-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d635669-ee85-4fb5-8238-3edb3bbb8fb4": { "id": "5d635669-ee85-4fb5-8238-3edb3bbb8fb4", "title": "Draw Attention <= 2.0.15 - Improper Access Control via register_cpt", "software": [ { "type": "plugin", "name": "Interactive Image Map Plugin \u2013 Draw Attention", "slug": "draw-attention", "affected_versions": { "* - 2.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d635669-ee85-4fb5-8238-3edb3bbb8fb4?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d652b50-9c9c-4418-bd6b-ae862a1c8786": { "id": "5d652b50-9c9c-4418-bd6b-ae862a1c8786", "title": "LearnPress <= 4.1.3.1 - Stored Cross-Site Scripting via $custom_profile", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d652b50-9c9c-4418-bd6b-ae862a1c8786?source=api-scan" ], "published": "2021-10-18 17:16:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d6b5a4c-1dc9-4d86-ac41-61880637fcbb": { "id": "5d6b5a4c-1dc9-4d86-ac41-61880637fcbb", "title": "Stock market charts from finviz <= 1.0.1 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stock market charts from finviz", "slug": "stock-market-charts-from-finviz", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d6b5a4c-1dc9-4d86-ac41-61880637fcbb?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d6bebb7-375c-45b8-9b54-58c6dbc0bb70": { "id": "5d6bebb7-375c-45b8-9b54-58c6dbc0bb70", "title": "404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "404 SEO Redirection", "slug": "404-redirection-manager", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d6bebb7-375c-45b8-9b54-58c6dbc0bb70?source=api-scan" ], "published": "2021-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d6d9852-424a-4d98-9926-e849bef99c2d": { "id": "5d6d9852-424a-4d98-9926-e849bef99c2d", "title": "Guten Post Layout \u2013 An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute", "software": [ { "type": "plugin", "name": "Guten Post Layout \u2013 An Advanced Post Grid Collection for WordPress Gutenberg", "slug": "guten-post-layout", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d6d9852-424a-4d98-9926-e849bef99c2d?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d70b447-4f7f-4196-a37b-167679cef229": { "id": "5d70b447-4f7f-4196-a37b-167679cef229", "title": "WordPress Core < 3.6.1 - HTML File Upload", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d70b447-4f7f-4196-a37b-167679cef229?source=api-scan" ], "published": "2013-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d74ca27-7be9-4ab3-a6be-0c23b195a3cb": { "id": "5d74ca27-7be9-4ab3-a6be-0c23b195a3cb", "title": "Smart Slider 2 <= 2.3.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "smart-slider-2", "slug": "smart-slider-2", "affected_versions": { "[*, 2.3.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d74ca27-7be9-4ab3-a6be-0c23b195a3cb?source=api-scan" ], "published": "2015-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d762b22-5563-454f-8c1c-485a2a3a0d0f": { "id": "5d762b22-5563-454f-8c1c-485a2a3a0d0f", "title": "Tracked Tweets <= 0.2.9 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tracked Tweets", "slug": "tracked-tweets", "affected_versions": { "* - 0.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d762b22-5563-454f-8c1c-485a2a3a0d0f?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d7b33c5-ced5-4ce5-acc1-4c3d935f8749": { "id": "5d7b33c5-ced5-4ce5-acc1-4c3d935f8749", "title": "Alert Before Your Post <= 0.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alert Before Your Post", "slug": "alert-before-your-post", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d7b33c5-ced5-4ce5-acc1-4c3d935f8749?source=api-scan" ], "published": "2011-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d7bcd71-e299-47fe-a749-e72c49b8129e": { "id": "5d7bcd71-e299-47fe-a749-e72c49b8129e", "title": "BuddyPress - 7.0.0 - 7.2.0 - Insufficient Privilege De-escalation", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "[7.0.0, 7.2.1)": { "from_version": "7.0.0", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d7bcd71-e299-47fe-a749-e72c49b8129e?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6": { "id": "5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6", "title": "Contact Form 7 <= 5.8.3 - Authenticated (Editor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Contact Form 7", "slug": "contact-form-7", "affected_versions": { "* - 5.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d7fb9fd-5551-43aa-8bab-e99430a08124": { "id": "5d7fb9fd-5551-43aa-8bab-e99430a08124", "title": "WonderPlugin Audio Player <= 2.0 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "WonderPlugin Audio Player", "slug": "wonderplugin-audio", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d7fb9fd-5551-43aa-8bab-e99430a08124?source=api-scan" ], "published": "2015-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d858f96-7363-4098-af2d-f6f96fc80071": { "id": "5d858f96-7363-4098-af2d-f6f96fc80071", "title": "Advanced Youtube Channel Pagination <= 1.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Youtube Channel Pagination", "slug": "advanced-youtube-channel-pagination", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d858f96-7363-4098-af2d-f6f96fc80071?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d875004-a589-4657-953c-ca175e3157c2": { "id": "5d875004-a589-4657-953c-ca175e3157c2", "title": "Travel Booking WordPress Theme < 2.8.4 - SQL Injection", "software": [ { "type": "theme", "name": "Travel Booking WordPress Theme", "slug": "traveler", "affected_versions": { "[*, 2.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d875004-a589-4657-953c-ca175e3157c2?source=api-scan" ], "published": "2020-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d896366-a85d-49c9-9509-3f7454712474": { "id": "5d896366-a85d-49c9-9509-3f7454712474", "title": "Cloud Manager <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cloud Manager", "slug": "cloud-manager", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d896366-a85d-49c9-9509-3f7454712474?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d8e3832-b3ed-4687-94d8-8ba2c832584c": { "id": "5d8e3832-b3ed-4687-94d8-8ba2c832584c", "title": "SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.71": { "from_version": "*", "from_inclusive": true, "to_version": "4.71", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d8e3832-b3ed-4687-94d8-8ba2c832584c?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d92687e-cdf2-4dd2-b984-eaf9f0a56625": { "id": "5d92687e-cdf2-4dd2-b984-eaf9f0a56625", "title": "ND Shortcodes <= 6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "ND Shortcodes", "slug": "nd-shortcodes", "affected_versions": { "* - 6.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d92687e-cdf2-4dd2-b984-eaf9f0a56625?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d94f38f-4b52-4b0d-800c-a6fca40bda3c": { "id": "5d94f38f-4b52-4b0d-800c-a6fca40bda3c", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "0.9.89": { "from_version": "0.9.89", "from_inclusive": true, "to_version": "0.9.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d9689ed-2be0-4573-a794-2c5bfadafdf5": { "id": "5d9689ed-2be0-4573-a794-2c5bfadafdf5", "title": "Testimonials <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonials", "slug": "testimonials", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d9689ed-2be0-4573-a794-2c5bfadafdf5?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d9736e0-1a10-4ea0-a514-62ff49e36c43": { "id": "5d9736e0-1a10-4ea0-a514-62ff49e36c43", "title": "Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure", "software": [ { "type": "plugin", "name": "Cart66 Lite :: WordPress Ecommerce", "slug": "cart66-lite", "affected_versions": { "[*, 1.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d9736e0-1a10-4ea0-a514-62ff49e36c43?source=api-scan" ], "published": "2015-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d9ab83f-6d0b-4fe4-a121-87b09dcc0953": { "id": "5d9ab83f-6d0b-4fe4-a121-87b09dcc0953", "title": "Cart2Cart: Magento to WooCommerce Migration <= 2.0.0 - Missing Authorization via setToken", "software": [ { "type": "plugin", "name": "Cart2Cart: Magento to WooCommerce Migration", "slug": "cart2cart-magento-to-woocommerce-migration", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d9ab83f-6d0b-4fe4-a121-87b09dcc0953?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d9e0147-74ae-481a-bdc2-16bb3cdc10d7": { "id": "5d9e0147-74ae-481a-bdc2-16bb3cdc10d7", "title": "Testimonial Slider <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial Slider", "slug": "testimonial-slider", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d9e0147-74ae-481a-bdc2-16bb3cdc10d7?source=api-scan" ], "published": "2015-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5d9e20f7-813c-4691-bce4-d0ff4774ae48": { "id": "5d9e20f7-813c-4691-bce4-d0ff4774ae48", "title": "Reviews Feed \u2013 Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Reviews Feed \u2013 Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More", "slug": "reviews-feed", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5d9e20f7-813c-4691-bce4-d0ff4774ae48?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5da2dac6-940c-419e-853f-6cfd5d53d427": { "id": "5da2dac6-940c-419e-853f-6cfd5d53d427", "title": "Advanced Menu Widget <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Advanced Menu Widget", "slug": "advanced-menu-widget", "affected_versions": { "* - 0.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5da2dac6-940c-419e-853f-6cfd5d53d427?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dabfdab-2c7a-4c9b-9c8f-a93639da1a35": { "id": "5dabfdab-2c7a-4c9b-9c8f-a93639da1a35", "title": "Void Elementor WHMCS Elements For Elementor Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Void Elementor WHMCS Elements For Elementor Page Builder", "slug": "void-elementor-whmcs-elements", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dabfdab-2c7a-4c9b-9c8f-a93639da1a35?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dad7348-39ba-4163-a5eb-939601645edb": { "id": "5dad7348-39ba-4163-a5eb-939601645edb", "title": "Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Arbitrary File Read via Shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.12.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dad7348-39ba-4163-a5eb-939601645edb?source=api-scan" ], "published": "2023-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dae8e82-e252-48d9-ae1f-62acfcd17e2b": { "id": "5dae8e82-e252-48d9-ae1f-62acfcd17e2b", "title": "BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite", "software": [ { "type": "plugin", "name": "BadgeOS", "slug": "badgeos", "affected_versions": { "* - 3.7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dae8e82-e252-48d9-ae1f-62acfcd17e2b?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5db00eb6-3e05-42fa-bb84-2df4bcae3955": { "id": "5db00eb6-3e05-42fa-bb84-2df4bcae3955", "title": "Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5db00eb6-3e05-42fa-bb84-2df4bcae3955?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5db41cdb-0795-43e7-bd36-9a85a882a760": { "id": "5db41cdb-0795-43e7-bd36-9a85a882a760", "title": "Sync QCloud COS Plugin < 2.0.1 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sync QCloud COS", "slug": "sync-qcloud-cos", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5db41cdb-0795-43e7-bd36-9a85a882a760?source=api-scan" ], "published": "2022-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5db42c7e-49bc-48ee-8129-b8a0df0c8d98": { "id": "5db42c7e-49bc-48ee-8129-b8a0df0c8d98", "title": "Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Forms by CaptainForm \u2013 Form Builder for WordPress", "slug": "captainform", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5db42c7e-49bc-48ee-8129-b8a0df0c8d98?source=api-scan" ], "published": "2022-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5db4709d-0121-4b37-b0d2-79aa7943b442": { "id": "5db4709d-0121-4b37-b0d2-79aa7943b442", "title": "HitPay Payment Gateway for WooCommerce <= 4.1.3 - Information Exposure via Log Files", "software": [ { "type": "plugin", "name": "HitPay Payment Gateway for WooCommerce", "slug": "hitpay-payment-gateway", "affected_versions": { "* - 4.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5db4709d-0121-4b37-b0d2-79aa7943b442?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5db5c5e0-f2ba-4082-b3eb-33cc0ce418e8": { "id": "5db5c5e0-f2ba-4082-b3eb-33cc0ce418e8", "title": "Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id", "software": [ { "type": "plugin", "name": "Ultimate Addons for Contact Form 7", "slug": "ultimate-addons-for-contact-form-7", "affected_versions": { "* - 3.1.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5db5c5e0-f2ba-4082-b3eb-33cc0ce418e8?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5db5ea76-f0b6-4e30-aebf-c3769d0b3480": { "id": "5db5ea76-f0b6-4e30-aebf-c3769d0b3480", "title": "Popup by Supsystic < 1.7.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Popup by Supsystic", "slug": "popup-by-supsystic", "affected_versions": { "[*, 1.7.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5db5ea76-f0b6-4e30-aebf-c3769d0b3480?source=api-scan" ], "published": "2016-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dbba038-da5f-44d9-b72a-44cbff01596e": { "id": "5dbba038-da5f-44d9-b72a-44cbff01596e", "title": "EazyDocs \u2013 Most Powerful Knowledge base, wiki, Documentation Builder Plugin <= 2.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EazyDocs \u2013 Most Powerful Knowledge base, wiki, Documentation Builder Plugin", "slug": "eazydocs", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dbba038-da5f-44d9-b72a-44cbff01596e?source=api-scan" ], "published": "2024-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dbbd1a0-de05-4510-b06b-8bc396b65a97": { "id": "5dbbd1a0-de05-4510-b06b-8bc396b65a97", "title": "Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion\/Setting", "software": [ { "type": "plugin", "name": "Quick Featured Images", "slug": "quick-featured-images", "affected_versions": { "* - 13.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "13.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dbbd1a0-de05-4510-b06b-8bc396b65a97?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dbd29ba-c4e8-4a43-b17c-332807570309": { "id": "5dbd29ba-c4e8-4a43-b17c-332807570309", "title": "Highlight Searched Terms in Results <= 1.03 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Highlight Searched Terms in Results", "slug": "highlight-search-terms-results", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dbd29ba-c4e8-4a43-b17c-332807570309?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dbebce4-599b-4241-aa9a-3d2486a57d52": { "id": "5dbebce4-599b-4241-aa9a-3d2486a57d52", "title": "WikiPop <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WikiPop", "slug": "wikipop", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dbebce4-599b-4241-aa9a-3d2486a57d52?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dce15ea-70cf-4b4c-959a-8adf2cdcdca4": { "id": "5dce15ea-70cf-4b4c-959a-8adf2cdcdca4", "title": "Social Slider < 7.4.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Social Slider", "slug": "social-slider", "affected_versions": { "[*, 7.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dce15ea-70cf-4b4c-959a-8adf2cdcdca4?source=api-scan" ], "published": "2011-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dd2a4cb-dd74-4b00-82f5-3bf1452e71a3": { "id": "5dd2a4cb-dd74-4b00-82f5-3bf1452e71a3", "title": "10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status", "software": [ { "type": "plugin", "name": "10WebAnalytics", "slug": "wd-google-analytics", "affected_versions": { "* - 1.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dd2a4cb-dd74-4b00-82f5-3bf1452e71a3?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dd7eb74-20ec-4949-9ba2-34081849d7f7": { "id": "5dd7eb74-20ec-4949-9ba2-34081849d7f7", "title": "GC Testimonials <= 1.3.2 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GC Testimonials", "slug": "gc-testimonials", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dd7eb74-20ec-4949-9ba2-34081849d7f7?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dd962a5-ec0e-415f-8efa-91e78bb80d16": { "id": "5dd962a5-ec0e-415f-8efa-91e78bb80d16", "title": "Brooklyn <= 4.9.7.6 - PHP Object Injection", "software": [ { "type": "theme", "name": "brooklyn", "slug": "brooklyn", "affected_versions": { "* - 4.9.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.7.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dd962a5-ec0e-415f-8efa-91e78bb80d16?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dde4850-347f-40e6-9cea-87284aa655e7": { "id": "5dde4850-347f-40e6-9cea-87284aa655e7", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.75 - Authenticated (Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.75": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dde4850-347f-40e6-9cea-87284aa655e7?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ddfa2a1-39e1-4ead-85c5-1624749bd353": { "id": "5ddfa2a1-39e1-4ead-85c5-1624749bd353", "title": "Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link", "software": [ { "type": "plugin", "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)", "slug": "image-hover-effects-ultimate", "affected_versions": { "* - 9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ddfa2a1-39e1-4ead-85c5-1624749bd353?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ddfea92-b790-4cf3-8b98-39c2374c7c31": { "id": "5ddfea92-b790-4cf3-8b98-39c2374c7c31", "title": "ContentLock <= 1.0.3 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "ContentLock", "slug": "contentlock", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ddfea92-b790-4cf3-8b98-39c2374c7c31?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5de488a2-72d6-4eeb-9b92-7f5bea1ee4ff": { "id": "5de488a2-72d6-4eeb-9b92-7f5bea1ee4ff", "title": "Gallery Blocks with Lightbox <= 2.2.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery", "slug": "simply-gallery-block", "affected_versions": { "[*, 2.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5de488a2-72d6-4eeb-9b92-7f5bea1ee4ff?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5de56a2e-f8e2-47d9-8a2b-989de640f018": { "id": "5de56a2e-f8e2-47d9-8a2b-989de640f018", "title": "WP Comment Remix < 1.4.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Comment Remix", "slug": "wp-comment-remix", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5de56a2e-f8e2-47d9-8a2b-989de640f018?source=api-scan" ], "published": "2008-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5de8b93a-d7b1-4679-8c3c-2ac099a1f58f": { "id": "5de8b93a-d7b1-4679-8c3c-2ac099a1f58f", "title": "XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion", "software": [ { "type": "plugin", "name": "XforWooCommerce", "slug": "xforwoocommerce", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5de8b93a-d7b1-4679-8c3c-2ac099a1f58f?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5de937cc-da05-4b95-807d-dc19a8b7d6b0": { "id": "5de937cc-da05-4b95-807d-dc19a8b7d6b0", "title": "Child Theme Generator <= 2.2.7 Cross-Site Request Forgery to Arbitrary Folder Deletion", "software": [ { "type": "plugin", "name": "Child Theme Generator", "slug": "child-theme-generator", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5de937cc-da05-4b95-807d-dc19a8b7d6b0?source=api-scan" ], "published": "2021-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5de953ee-8a01-4372-a376-74a4cff674ce": { "id": "5de953ee-8a01-4372-a376-74a4cff674ce", "title": "DecaLog <= 3.7.0 - Cross-Site Request Forgery via get_settings_page", "software": [ { "type": "plugin", "name": "DecaLog", "slug": "decalog", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5de953ee-8a01-4372-a376-74a4cff674ce?source=api-scan" ], "published": "2023-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dea4293-0496-4cee-9d8a-c15beaa51b14": { "id": "5dea4293-0496-4cee-9d8a-c15beaa51b14", "title": "WHMpress <= 6.2-revision-5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WHMpress - WHMCS WordPress Integration Plugin", "slug": "whmpress", "affected_versions": { "[*, 6.2-revision-5]": { "from_version": "*", "from_inclusive": true, "to_version": "6.2-revision-5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dea4293-0496-4cee-9d8a-c15beaa51b14?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dec045a-b87c-4db5-960e-8888e410a950": { "id": "5dec045a-b87c-4db5-960e-8888e410a950", "title": "Login With Ajax < 3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Login With Ajax \u2013 Fast Logins, 2FA, Redirects", "slug": "login-with-ajax", "affected_versions": { "[*, 3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dec045a-b87c-4db5-960e-8888e410a950?source=api-scan" ], "published": "2013-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dee21da-dd92-41e7-8547-fb49eecec03c": { "id": "5dee21da-dd92-41e7-8547-fb49eecec03c", "title": "WordPress Core < 3.3.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dee21da-dd92-41e7-8547-fb49eecec03c?source=api-scan" ], "published": "2012-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5df238dd-6269-4ee0-a0f4-12bdb74f74e8": { "id": "5df238dd-6269-4ee0-a0f4-12bdb74f74e8", "title": "YOP Poll <= 6.2.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "* - 6.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5df238dd-6269-4ee0-a0f4-12bdb74f74e8?source=api-scan" ], "published": "2021-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5df2dfcd-2fda-4f09-bd77-f437422d20bb": { "id": "5df2dfcd-2fda-4f09-bd77-f437422d20bb", "title": "LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter", "software": [ { "type": "plugin", "name": "LoginPress | wp-login Custom Login Page Customizer", "slug": "loginpress", "affected_versions": { "[*, 1.5.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5df2dfcd-2fda-4f09-bd77-f437422d20bb?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5df8983e-16c9-4a23-9bf4-331d70384e74": { "id": "5df8983e-16c9-4a23-9bf4-331d70384e74", "title": "Digg Digg < 5.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "digg-digg", "slug": "digg-digg", "affected_versions": { "[*, 5.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5df8983e-16c9-4a23-9bf4-331d70384e74?source=api-scan" ], "published": "2013-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dfa4ddf-bbe7-49b1-8b0d-c030ae81d0e8": { "id": "5dfa4ddf-bbe7-49b1-8b0d-c030ae81d0e8", "title": "Visitors Online by BestWebSoft <= 0.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Visitors Online by BestWebSoft", "slug": "visitors-online", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dfa4ddf-bbe7-49b1-8b0d-c030ae81d0e8?source=api-scan" ], "published": "2015-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dfaa23f-05df-423c-a5f6-02f2b714b5b6": { "id": "5dfaa23f-05df-423c-a5f6-02f2b714b5b6", "title": "Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 27.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "27.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "27.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dfaa23f-05df-423c-a5f6-02f2b714b5b6?source=api-scan" ], "published": "2024-09-12 17:35:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5dfc145e-d2d4-4137-a5c6-dec2ebb41876": { "id": "5dfc145e-d2d4-4137-a5c6-dec2ebb41876", "title": "rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "[*, 4.6.15)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5dfc145e-d2d4-4137-a5c6-dec2ebb41876?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e04edb6-ef37-4ea8-a734-dbdcf689ba9b": { "id": "5e04edb6-ef37-4ea8-a734-dbdcf689ba9b", "title": "Survey Maker \u2013 Customer Satisfaction Questionnaire, Chat Survey, Calculation Form, Payment Forms <= 4.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 4.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e04edb6-ef37-4ea8-a734-dbdcf689ba9b?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e0767a8-9e82-4ce4-9df9-19b458dc5ce0": { "id": "5e0767a8-9e82-4ce4-9df9-19b458dc5ce0", "title": "eRoom \u2013 Zoom Meetings & Webinar <= 1.4.6 - Missing Authorization via stm_wpcfto_get_settings_callback", "software": [ { "type": "plugin", "name": "eRoom \u2013 Zoom Meetings & Webinars", "slug": "eroom-zoom-meetings-webinar", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e0767a8-9e82-4ce4-9df9-19b458dc5ce0?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e0a7108-15ef-42d0-adce-fd5b0e6faf3c": { "id": "5e0a7108-15ef-42d0-adce-fd5b0e6faf3c", "title": "Master Slider - Responsive Touch Slider <= 3.9.10 - Cross-Site Request Forgery via process_bulk_action", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e0b5709-70cd-482c-8ffe-3e40e3d35465": { "id": "5e0b5709-70cd-482c-8ffe-3e40e3d35465", "title": "GDPR Cookie Consent <= 2.6.0 - Cross-Site Request Forgery to Bulk Delete", "software": [ { "type": "plugin", "name": "GDPR Cookie Consent", "slug": "webtoffee-gdpr-cookie-consent", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e0b5709-70cd-482c-8ffe-3e40e3d35465?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e0ce0dc-34eb-4577-82a5-8ed822847ff4": { "id": "5e0ce0dc-34eb-4577-82a5-8ed822847ff4", "title": "WPS Limit Login < 1.4.6.1 - Authorization Bypass via IP Spoofing", "software": [ { "type": "plugin", "name": "WPS Limit Login", "slug": "wps-limit-login", "affected_versions": { "[*, 1.4.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e0ce0dc-34eb-4577-82a5-8ed822847ff4?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e21524e-2470-49e1-983a-a62a0ae478f6": { "id": "5e21524e-2470-49e1-983a-a62a0ae478f6", "title": "Fast Secure Contact Form <= 4.0.37 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fast Secure Contact Form", "slug": "si-contact-form", "affected_versions": { "* - 4.0.37": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e21524e-2470-49e1-983a-a62a0ae478f6?source=api-scan" ], "published": "2015-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e24be91-6a58-42c3-84dd-4090da55b720": { "id": "5e24be91-6a58-42c3-84dd-4090da55b720", "title": "GTranslate <= 3.0.3 - Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters", "software": [ { "type": "plugin", "name": "Translate WordPress with GTranslate", "slug": "gtranslate", "affected_versions": { "[*, 3.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e24be91-6a58-42c3-84dd-4090da55b720?source=api-scan" ], "published": "2023-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e29b10e-81d5-4247-bfe8-2400bcd9aef9": { "id": "5e29b10e-81d5-4247-bfe8-2400bcd9aef9", "title": "LearnDash <= 3.1.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "LearnDash LMS", "slug": "sfwd-lms", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e29b10e-81d5-4247-bfe8-2400bcd9aef9?source=api-scan" ], "published": "2020-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e2c83b6-3444-4cd1-82ec-567937c563b9": { "id": "5e2c83b6-3444-4cd1-82ec-567937c563b9", "title": "Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Captcha Them All", "slug": "captcha-them-all", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e2c83b6-3444-4cd1-82ec-567937c563b9?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e2e6775-219d-472c-8ebb-794bbff3e5ec": { "id": "5e2e6775-219d-472c-8ebb-794bbff3e5ec", "title": "oik <= 4.12.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "oik", "slug": "oik", "affected_versions": { "* - 4.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e2e6775-219d-472c-8ebb-794bbff3e5ec?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e3593e8-3840-4db0-8269-61bbcb50d569": { "id": "5e3593e8-3840-4db0-8269-61bbcb50d569", "title": "amCharts: Charts and Maps <= 1.4.4 - Reflected Cross-Site Scripting via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "amCharts: Charts and Maps", "slug": "amcharts-charts-and-maps", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e3593e8-3840-4db0-8269-61bbcb50d569?source=api-scan" ], "published": "2024-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e364f0c-17ea-4962-92d3-35bf5eb666ad": { "id": "5e364f0c-17ea-4962-92d3-35bf5eb666ad", "title": "PropertyHive < 1.4.15 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "[*, 1.4.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e364f0c-17ea-4962-92d3-35bf5eb666ad?source=api-scan" ], "published": "2018-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e38ee27-30a4-45be-bab6-a3e65ada215f": { "id": "5e38ee27-30a4-45be-bab6-a3e65ada215f", "title": "WP Affiliate Disclosure <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via $id", "software": [ { "type": "plugin", "name": "WP Affiliate Disclosure", "slug": "wp-affiliate-disclosure", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e38ee27-30a4-45be-bab6-a3e65ada215f?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e3bcd70-d19c-4c0f-80d0-a69e2ab947d2": { "id": "5e3bcd70-d19c-4c0f-80d0-a69e2ab947d2", "title": "WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via IP", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e3bcd70-d19c-4c0f-80d0-a69e2ab947d2?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd": { "id": "5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in stopOptimizeAll", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e491592-a17f-4789-8faa-d2a60b8ced70": { "id": "5e491592-a17f-4789-8faa-d2a60b8ced70", "title": "WordPress Download Manager <= 2.7.4 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e491592-a17f-4789-8faa-d2a60b8ced70?source=api-scan" ], "published": "2014-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e49afbd-9038-4d1d-b545-4dc86bb1be61": { "id": "5e49afbd-9038-4d1d-b545-4dc86bb1be61", "title": "Video Metabox <= 1.1 - Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Video Metabox", "slug": "video-metabox", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e49afbd-9038-4d1d-b545-4dc86bb1be61?source=api-scan" ], "published": "2013-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e5143f2-6641-4ae3-baa1-e5b83d784799": { "id": "5e5143f2-6641-4ae3-baa1-e5b83d784799", "title": "Team Members <= 5.0.3 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Members", "slug": "tc-team-members", "affected_versions": { "[*, 5.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e5143f2-6641-4ae3-baa1-e5b83d784799?source=api-scan" ], "published": "2020-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e54dbf9-a5d1-413d-96ac-93dd499c21a4": { "id": "5e54dbf9-a5d1-413d-96ac-93dd499c21a4", "title": "Blossom Spa <= 1.3.3 - Sensitive Information Exposure", "software": [ { "type": "theme", "name": "Blossom Spa", "slug": "blossom-spa", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e54dbf9-a5d1-413d-96ac-93dd499c21a4?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e584e2e-0625-4777-b44c-2d682c9a4c34": { "id": "5e584e2e-0625-4777-b44c-2d682c9a4c34", "title": "WP Time Slots Booking Form <= 1.1.62 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Time Slots Booking Form", "slug": "wp-time-slots-booking-form", "affected_versions": { "* - 1.1.62": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.62", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e584e2e-0625-4777-b44c-2d682c9a4c34?source=api-scan" ], "published": "2022-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e5bdc92-e682-4121-9ba5-167742f61138": { "id": "5e5bdc92-e682-4121-9ba5-167742f61138", "title": "Custom 404 Pro <= 3.7.2 - Reflected Cross-Site Scripting via 's'", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "* - 3.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e5bdc92-e682-4121-9ba5-167742f61138?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e618864-e862-4d4f-aa28-3e2fb78882fc": { "id": "5e618864-e862-4d4f-aa28-3e2fb78882fc", "title": "iPanorama 360 WordPress Virtual Tour Builder < 1.6.22 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iPanorama 360 \u2013 WordPress Virtual Tour Builder", "slug": "ipanorama-360-virtual-tour-builder-lite", "affected_versions": { "[*, 1.6.22)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e618864-e862-4d4f-aa28-3e2fb78882fc?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e6218e5-84d9-4180-8275-7da24c554c72": { "id": "5e6218e5-84d9-4180-8275-7da24c554c72", "title": "Unify <= 3.2.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unify", "slug": "unify", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e6218e5-84d9-4180-8275-7da24c554c72?source=api-scan" ], "published": "2022-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e65bafd-471a-498a-a6ac-1bc87d25de67": { "id": "5e65bafd-471a-498a-a6ac-1bc87d25de67", "title": "GG Woo Feed for WooCommerce Shopping Feed <= 1.2.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels", "slug": "gg-woo-feed", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e65bafd-471a-498a-a6ac-1bc87d25de67?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e6a7f09-2166-426e-a548-daafb23363a6": { "id": "5e6a7f09-2166-426e-a548-daafb23363a6", "title": "Simply Excerpts <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simply Excerpts", "slug": "simply-excerpts", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e6a7f09-2166-426e-a548-daafb23363a6?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e6de586-5621-4eb2-8150-cb42562d289f": { "id": "5e6de586-5621-4eb2-8150-cb42562d289f", "title": "Advanced Access Manager <= 6.6.1 - Authenticated Authorization Bypass and Privilege Escalation", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "* - 6.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e6de586-5621-4eb2-8150-cb42562d289f?source=api-scan" ], "published": "2020-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e722b30-f136-4f57-a248-cf9cdd499552": { "id": "5e722b30-f136-4f57-a248-cf9cdd499552", "title": "MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar", "slug": "mp3-music-player-by-sonaar", "affected_versions": { "* - 5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e722b30-f136-4f57-a248-cf9cdd499552?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e74ee0d-f03d-4139-a192-2a45d5f619dc": { "id": "5e74ee0d-f03d-4139-a192-2a45d5f619dc", "title": "ShopConstruct \u2013 Product Catalog, Shopping Cart and eCommerce solution for Store <= 1.1.2 - Reflected Cross-Site Scripting via multiple parameters", "software": [ { "type": "plugin", "name": "ShopConstruct \u2013 Product Catalog, Shopping Cart and eCommerce solution for Store", "slug": "shopconstruct", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e74ee0d-f03d-4139-a192-2a45d5f619dc?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e75e877-14e6-4e51-b435-d78f8ab95d12": { "id": "5e75e877-14e6-4e51-b435-d78f8ab95d12", "title": "Ultimate Member <= 2.0.3 - Unauthorized Image File Upload", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e75e877-14e6-4e51-b435-d78f8ab95d12?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e78ec78-61e0-4c99-9e73-89fc6606fb97": { "id": "5e78ec78-61e0-4c99-9e73-89fc6606fb97", "title": "Photo Gallery by 10Web <= 1.2.41 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.2.42)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.42", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e78ec78-61e0-4c99-9e73-89fc6606fb97?source=api-scan" ], "published": "2014-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e79b62b-1d60-4c4c-bd0b-4207b20fa3cd": { "id": "5e79b62b-1d60-4c4c-bd0b-4207b20fa3cd", "title": "Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Proof Popups & Real-Time Notifications \u2013 Herd Effects", "slug": "mwp-herd-effect", "affected_versions": { "[*, 5.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e79b62b-1d60-4c4c-bd0b-4207b20fa3cd?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e79bdfe-5b91-4459-9e0f-f25859e4d0ce": { "id": "5e79bdfe-5b91-4459-9e0f-f25859e4d0ce", "title": "vCita Online Booking & Scheduling Calendar <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e79bdfe-5b91-4459-9e0f-f25859e4d0ce?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e7b29aa-9dff-420b-8f3e-2beca0b19593": { "id": "5e7b29aa-9dff-420b-8f3e-2beca0b19593", "title": "StreamCast \u2013 Radio Player for WordPress <= 2.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StreamCast \u2013 Radio Player for WordPress", "slug": "streamcast", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e7b29aa-9dff-420b-8f3e-2beca0b19593?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e7cde2e-28e6-417a-900a-38d0a77800d3": { "id": "5e7cde2e-28e6-417a-900a-38d0a77800d3", "title": "EU Cookie Law <= 3.1.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EU Cookie Law for GDPR\/CCPA", "slug": "eu-cookie-law", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e7cde2e-28e6-417a-900a-38d0a77800d3?source=api-scan" ], "published": "2019-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e8933b8-1e09-4cd7-8206-711cc0716dba": { "id": "5e8933b8-1e09-4cd7-8206-711cc0716dba", "title": "Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress", "slug": "learning-management-system", "affected_versions": { "[*, 1.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e8933b8-1e09-4cd7-8206-711cc0716dba?source=api-scan" ], "published": "2023-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e8a8e0e-6dc0-4d9f-aee3-1fd940c49d3d": { "id": "5e8a8e0e-6dc0-4d9f-aee3-1fd940c49d3d", "title": "Triberr <= 4.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Triberr", "slug": "triberr-wordpress-plugin", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e8a8e0e-6dc0-4d9f-aee3-1fd940c49d3d?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e8c06c7-dbe0-4b2b-99bc-89f18277e540": { "id": "5e8c06c7-dbe0-4b2b-99bc-89f18277e540", "title": "Export WordPress Data with Advanced Filters <= 1.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Export All Posts, Products, Orders, Refunds & Users", "slug": "wp-ultimate-exporter", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e8c06c7-dbe0-4b2b-99bc-89f18277e540?source=api-scan" ], "published": "2018-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e8e7199-f5f1-4036-b2cd-88b7e806873d": { "id": "5e8e7199-f5f1-4036-b2cd-88b7e806873d", "title": "WP SMS <= 6.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e8e7199-f5f1-4036-b2cd-88b7e806873d?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e90704e-1a0c-448c-9139-542927cfa4f8": { "id": "5e90704e-1a0c-448c-9139-542927cfa4f8", "title": "Sniplets < 1.2.3 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Sniplets", "slug": "sniplets", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e90704e-1a0c-448c-9139-542927cfa4f8?source=api-scan" ], "published": "2008-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e91a6bd-05ae-4088-8c1f-bc5598545606": { "id": "5e91a6bd-05ae-4088-8c1f-bc5598545606", "title": "Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enhanced WP Contact Form", "slug": "enhanced-wordpress-contactform", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e91a6bd-05ae-4088-8c1f-bc5598545606?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e91f4af-7ac6-4c85-bbf4-ac06d516a570": { "id": "5e91f4af-7ac6-4c85-bbf4-ac06d516a570", "title": "WordPress GDPR & CCPA <= 1.9.26 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress GDPR & CCPA", "slug": "wordpress-gdpr", "affected_versions": { "[*, 1.9.27)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e91f4af-7ac6-4c85-bbf4-ac06d516a570?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e959ac0-e5ac-4d28-8161-311d952b993c": { "id": "5e959ac0-e5ac-4d28-8161-311d952b993c", "title": "Essential Real Estate <= 3.9.5 - Reflected Cross-Site-Scripting", "software": [ { "type": "plugin", "name": "Essential Real Estate", "slug": "essential-real-estate", "affected_versions": { "* - 3.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e959ac0-e5ac-4d28-8161-311d952b993c?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e95ded5-ebf7-4ed3-a194-7e7e494d0c40": { "id": "5e95ded5-ebf7-4ed3-a194-7e7e494d0c40", "title": "Qards (Unspecified Version) - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quards", "slug": "qards", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e95ded5-ebf7-4ed3-a194-7e7e494d0c40?source=api-scan" ], "published": "2017-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e999e0f-463c-4676-ad18-f4b467bc4bfc": { "id": "5e999e0f-463c-4676-ad18-f4b467bc4bfc", "title": "Email Subscribers & Newsletters <= 4.1.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 4.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e999e0f-463c-4676-ad18-f4b467bc4bfc?source=api-scan" ], "published": "2019-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5e9ba1cb-62f5-4d6a-9727-ae62bb0edb98": { "id": "5e9ba1cb-62f5-4d6a-9727-ae62bb0edb98", "title": "Contact Form 7 Database Addon \u2013 CFDB7 <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Database Addon \u2013 CFDB7", "slug": "contact-form-cfdb7", "affected_versions": { "* - 1.2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5e9ba1cb-62f5-4d6a-9727-ae62bb0edb98?source=api-scan" ], "published": "2021-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ea02dd5-d837-471c-aa6a-264ffcedd55d": { "id": "5ea02dd5-d837-471c-aa6a-264ffcedd55d", "title": "GiveWP <= 2.25.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ea02dd5-d837-471c-aa6a-264ffcedd55d?source=api-scan" ], "published": "2023-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ea53fb7-9bf8-445b-ad33-f3b6e6ed1665": { "id": "5ea53fb7-9bf8-445b-ad33-f3b6e6ed1665", "title": "Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations", "software": [ { "type": "plugin", "name": "Complianz Premium \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr-premium", "affected_versions": { "* - 6.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.6" ] }, { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ea53fb7-9bf8-445b-ad33-f3b6e6ed1665?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5eaac50c-c585-4587-91b7-9d0613345ef2": { "id": "5eaac50c-c585-4587-91b7-9d0613345ef2", "title": "Ask Me <= 6.8.3 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Ask Me - Responsive Questions & Answers WordPress", "slug": "ask-me", "affected_versions": { "* - 6.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5eaac50c-c585-4587-91b7-9d0613345ef2?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5eab8a5d-8eb8-495f-a953-b468360cc5d5": { "id": "5eab8a5d-8eb8-495f-a953-b468360cc5d5", "title": "Advanced Custom Fields <= 5.7.11 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 5.7.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5eab8a5d-8eb8-495f-a953-b468360cc5d5?source=api-scan" ], "published": "2019-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5eafb620-f5dd-4e60-b9a6-859832ae706c": { "id": "5eafb620-f5dd-4e60-b9a6-859832ae706c", "title": "Integration for Szamlazz.hu & WooCommerce <= 5.6.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sz\u00e1ml\u00e1zz.hu integr\u00e1ci\u00f3 WooCommerce-hez", "slug": "integration-for-szamlazzhu-woocommerce", "affected_versions": { "* - 5.6.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5eafb620-f5dd-4e60-b9a6-859832ae706c?source=api-scan" ], "published": "2022-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5eb66ca3-768e-4d8c-a0fa-74e78250aee3": { "id": "5eb66ca3-768e-4d8c-a0fa-74e78250aee3", "title": "Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "* - 4.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5eb66ca3-768e-4d8c-a0fa-74e78250aee3?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5eb85bc1-cffd-4363-ba53-30e3f6f6fc56": { "id": "5eb85bc1-cffd-4363-ba53-30e3f6f6fc56", "title": "Temporary Login Without Password <= 1.7.0 - Subscriber+ Plugin Settings Update", "software": [ { "type": "plugin", "name": "Temporary Login Without Password", "slug": "temporary-login-without-password", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5eb85bc1-cffd-4363-ba53-30e3f6f6fc56?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5eba6825-9a3a-4af5-8d8a-9439ab374cc7": { "id": "5eba6825-9a3a-4af5-8d8a-9439ab374cc7", "title": "eCommerce Product Catalog <= 3.0.38 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "[*, 3.0.39)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.39", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5eba6825-9a3a-4af5-8d8a-9439ab374cc7?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ebdf903-828e-4a22-953a-17d85984b576": { "id": "5ebdf903-828e-4a22-953a-17d85984b576", "title": "AutomatorWP <= 2.5.8 - Cross Site Request Forgery via bulk_delete", "software": [ { "type": "plugin", "name": "AutomatorWP \u2013 The #1 automator plugin for no-code automation in WordPress", "slug": "automatorwp", "affected_versions": { "* - 2.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ebdf903-828e-4a22-953a-17d85984b576?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ebe34fd-6860-4074-ae86-37f979f54dc9": { "id": "5ebe34fd-6860-4074-ae86-37f979f54dc9", "title": "WordPress Comments Fields <= 4.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comments Extra Fields For Post,Pages and CPT", "slug": "wp-comment-fields", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ebe34fd-6860-4074-ae86-37f979f54dc9?source=api-scan" ], "published": "2022-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ebf1e83-50b8-4f56-ba76-10100375edda": { "id": "5ebf1e83-50b8-4f56-ba76-10100375edda", "title": "PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PixelYourSite Pro \u2013 Your smart PIXEL (TAG) Manager", "slug": "pixelyoursite-pro", "affected_versions": { "* - 9.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.2" ] }, { "type": "plugin", "name": "PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager", "slug": "pixelyoursite", "affected_versions": { "* - 9.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ebf1e83-50b8-4f56-ba76-10100375edda?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ec1ce79-bc10-4b04-8e49-15e16e6730a8": { "id": "5ec1ce79-bc10-4b04-8e49-15e16e6730a8", "title": "Redirection for Contact Form 7 <= 2.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ec1ce79-bc10-4b04-8e49-15e16e6730a8?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ec1fd03-f865-4f58-b63b-e70c0c7e701d": { "id": "5ec1fd03-f865-4f58-b63b-e70c0c7e701d", "title": "CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update", "software": [ { "type": "plugin", "name": "CAOS | Host Google Analytics Locally", "slug": "host-analyticsjs-local", "affected_versions": { "* - 4.7.14": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ec1fd03-f865-4f58-b63b-e70c0c7e701d?source=api-scan" ], "published": "2023-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ec2743d-0d96-4056-8fdf-dc81d4e9b76f": { "id": "5ec2743d-0d96-4056-8fdf-dc81d4e9b76f", "title": "OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion", "software": [ { "type": "theme", "name": "OceanWP", "slug": "oceanwp", "affected_versions": { "* - 3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ec2743d-0d96-4056-8fdf-dc81d4e9b76f?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ec401d8-bbdf-4be6-bcc5-51f8c8ec7cfd": { "id": "5ec401d8-bbdf-4be6-bcc5-51f8c8ec7cfd", "title": "e2pdf < 1.20.20 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "E2Pdf \u2013 Export Pdf Tool for WordPress", "slug": "e2pdf", "affected_versions": { "[*, 1.20.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ec401d8-bbdf-4be6-bcc5-51f8c8ec7cfd?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ec6211b-783b-4375-972b-adcaf9f9f526": { "id": "5ec6211b-783b-4375-972b-adcaf9f9f526", "title": "Easy Author Image <= 1.5 - Email Information Exposure", "software": [ { "type": "plugin", "name": "Easy Author Image", "slug": "easy-author-image", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ec6211b-783b-4375-972b-adcaf9f9f526?source=api-scan" ], "published": "2015-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ecc0811-916d-4c60-9047-a09242de36bd": { "id": "5ecc0811-916d-4c60-9047-a09242de36bd", "title": "Post Indexer <= 3.0.6.1 - Authenticated (Super Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Post Indexer", "slug": "post-indexer", "affected_versions": { "[*, 3.0.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ecc0811-916d-4c60-9047-a09242de36bd?source=api-scan" ], "published": "2016-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5edaf310-c410-47dd-89cf-9aa15ab97acd": { "id": "5edaf310-c410-47dd-89cf-9aa15ab97acd", "title": "Gerencianet Oficial <= 1.4.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ef\u00ed Bank", "slug": "woo-gerencianet-official", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5edaf310-c410-47dd-89cf-9aa15ab97acd?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5edd72d9-3086-4f4f-ae5b-830c8621b83a": { "id": "5edd72d9-3086-4f4f-ae5b-830c8621b83a", "title": "Slideshow Gallery LITE <= 1.8.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5edd72d9-3086-4f4f-ae5b-830c8621b83a?source=api-scan" ], "published": "2024-06-11 12:10:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ee19031-1e48-43b6-b492-980f2610f6cc": { "id": "5ee19031-1e48-43b6-b492-980f2610f6cc", "title": "ProductX \u2013 Gutenberg WooCommerce Blocks \u2013 WooCommerce Builder, Wishlist for WooCommerce, Products Comparison, Quick View, Online Store \u2013 All in One Solution <= 2.2.5 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Builder & Gutenberg WooCommerce Blocks \u2013 WowStore", "slug": "product-blocks", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ee19031-1e48-43b6-b492-980f2610f6cc?source=api-scan" ], "published": "2022-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ee333a6-6b4b-4abb-9fc9-1afd9598b321": { "id": "5ee333a6-6b4b-4abb-9fc9-1afd9598b321", "title": "Custom Simple RSS < 2.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Simple Rss", "slug": "custom-simple-rss", "affected_versions": { "[*, 2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ee333a6-6b4b-4abb-9fc9-1afd9598b321?source=api-scan" ], "published": "2019-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ee3416b-d6df-4f8b-834b-4e78516c00ba": { "id": "5ee3416b-d6df-4f8b-834b-4e78516c00ba", "title": "WP Backup Manager <= 1.13.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Backup Manager", "slug": "wp-backup-manager", "affected_versions": { "* - 1.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ee3416b-d6df-4f8b-834b-4e78516c00ba?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ee7f904-d150-4da1-a79c-502fe2ca3b37": { "id": "5ee7f904-d150-4da1-a79c-502fe2ca3b37", "title": "Podcast Importer SecondLine <= 1.1.4 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Podcast Importer SecondLine", "slug": "podcast-importer-secondline", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ee7f904-d150-4da1-a79c-502fe2ca3b37?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5eeae0eb-bc24-4a34-b393-e84831edaba6": { "id": "5eeae0eb-bc24-4a34-b393-e84831edaba6", "title": "ImageRecycle pdf & image compression <= 3.1.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "[*, 3.1.11)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5eeae0eb-bc24-4a34-b393-e84831edaba6?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5eeebd5f-6062-4ddd-a7bf-6afbeeed568e": { "id": "5eeebd5f-6062-4ddd-a7bf-6afbeeed568e", "title": "Share This Image <= 2.01 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Share This Image", "slug": "share-this-image", "affected_versions": { "* - 2.01": { "from_version": "*", "from_inclusive": true, "to_version": "2.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5eeebd5f-6062-4ddd-a7bf-6afbeeed568e?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ef104ae-b67c-4669-adeb-e5397561c0ae": { "id": "5ef104ae-b67c-4669-adeb-e5397561c0ae", "title": "WP Lightbox 2 <= 3.0.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "WP Lightbox 2", "slug": "wp-lightbox-2", "affected_versions": { "* - 3.0.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ef104ae-b67c-4669-adeb-e5397561c0ae?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ef2196d-3617-44ba-a8c5-dc1b45408293": { "id": "5ef2196d-3617-44ba-a8c5-dc1b45408293", "title": "Contact Forms by Cimatti <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Contact Forms by Cimatti", "slug": "contact-forms", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ef2196d-3617-44ba-a8c5-dc1b45408293?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ef36265-bf71-4b6a-ae76-9318d6896aac": { "id": "5ef36265-bf71-4b6a-ae76-9318d6896aac", "title": "WP Donate <= 1.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Donate", "slug": "wp-donate", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ef36265-bf71-4b6a-ae76-9318d6896aac?source=api-scan" ], "published": "2023-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5efbac99-561c-4abf-9e07-b5fdcfeb188b": { "id": "5efbac99-561c-4abf-9e07-b5fdcfeb188b", "title": "DS Site Message <= 1.14.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DS Site Message", "slug": "ds-site-message", "affected_versions": { "* - 1.14.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5efbac99-561c-4abf-9e07-b5fdcfeb188b?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f1700c2-9c1f-4882-9f11-13b4ee8477a9": { "id": "5f1700c2-9c1f-4882-9f11-13b4ee8477a9", "title": "WP Shop <= 3.9.6 - Missing Authentication to Settings Change and Order Deletion", "software": [ { "type": "plugin", "name": "WP Shop", "slug": "wp-shop-original", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f1700c2-9c1f-4882-9f11-13b4ee8477a9?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f1a861b-43d6-4315-9ec4-802dbae32f43": { "id": "5f1a861b-43d6-4315-9ec4-802dbae32f43", "title": "MC Woocommerce Wishlist <= 1.7.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)", "slug": "smart-wishlist-for-more-convert", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f1a861b-43d6-4315-9ec4-802dbae32f43?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f1e0dfa-f99a-43d1-bdc9-6fc7a4ea381d": { "id": "5f1e0dfa-f99a-43d1-bdc9-6fc7a4ea381d", "title": "Smart Online Order for Clover <= 1.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f1e0dfa-f99a-43d1-bdc9-6fc7a4ea381d?source=api-scan" ], "published": "2023-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f1f3562-f869-4442-b77f-c06c5683c1b2": { "id": "5f1f3562-f869-4442-b77f-c06c5683c1b2", "title": "Website Monetization by MageNet <= 1.0.29.1 - Cross-Site Request Forgery via admin_magenet_settings", "software": [ { "type": "plugin", "name": "Website Monetization by MageNet", "slug": "website-monetization-by-magenet", "affected_versions": { "* - 1.0.29.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.29.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.29.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f1f3562-f869-4442-b77f-c06c5683c1b2?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f29de7a-3f15-4b6d-aad7-6a08151e2113": { "id": "5f29de7a-3f15-4b6d-aad7-6a08151e2113", "title": "Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition", "software": [ { "type": "plugin", "name": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress", "slug": "file-manager", "affected_versions": { "6.0 - 6.5.5": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f2c157b-cd5a-459d-8e26-859e686148dc": { "id": "5f2c157b-cd5a-459d-8e26-859e686148dc", "title": "Ajax Search Lite <= 4.10.3 - Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Ajax Search Lite", "slug": "ajax-search-lite", "affected_versions": { "* - 4.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f2c157b-cd5a-459d-8e26-859e686148dc?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f2f34e1-3b08-4e23-a29b-21e61e6a6063": { "id": "5f2f34e1-3b08-4e23-a29b-21e61e6a6063", "title": "Admin Custom Login <= 2.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Custom Login", "slug": "admin-custom-login", "affected_versions": { "[*, 2.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f2f34e1-3b08-4e23-a29b-21e61e6a6063?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f2fa602-79db-4bb3-a55c-75da59116f06": { "id": "5f2fa602-79db-4bb3-a55c-75da59116f06", "title": "WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maintenance", "slug": "wp-maintenance", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f2fa602-79db-4bb3-a55c-75da59116f06?source=api-scan" ], "published": "2019-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f319613-2709-449c-9e13-b0f95ee0b88b": { "id": "5f319613-2709-449c-9e13-b0f95ee0b88b", "title": "Advanced Dewplayer < 1.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "Advanced Dewplayer", "slug": "advanced-dewplayer", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f319613-2709-449c-9e13-b0f95ee0b88b?source=api-scan" ], "published": "2013-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f388049-b453-406c-abdf-2a51c7abed2d": { "id": "5f388049-b453-406c-abdf-2a51c7abed2d", "title": "iQ Block Country <= 1.2.13 - Protection Bypass due to IP Spoofing", "software": [ { "type": "plugin", "name": "iQ Block Country", "slug": "iq-block-country", "affected_versions": { "* - 1.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f388049-b453-406c-abdf-2a51c7abed2d?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f3c6d98-6f30-4a98-91c9-e77c1f960527": { "id": "5f3c6d98-6f30-4a98-91c9-e77c1f960527", "title": "WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test", "software": [ { "type": "plugin", "name": "WP Helper Premium", "slug": "wp-helper-lite", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=api-scan" ], "published": "2024-10-09 13:29:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f42c8a0-2dbc-4902-83e4-d9d9ea441e1a": { "id": "5f42c8a0-2dbc-4902-83e4-d9d9ea441e1a", "title": "Multivendor Marketplace Solution for WooCommerce \u2013 WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 3.8.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f42c8a0-2dbc-4902-83e4-d9d9ea441e1a?source=api-scan" ], "published": "2022-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f459033-1c95-4781-93f4-1ee5e310933a": { "id": "5f459033-1c95-4781-93f4-1ee5e310933a", "title": "WPBITS Addons For Elementor Page Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "WPBITS Addons For Elementor Page Builder", "slug": "wpbits-addons-for-elementor", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f459033-1c95-4781-93f4-1ee5e310933a?source=api-scan" ], "published": "2024-07-08 22:00:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f49670e-6a7f-46f9-ad1e-44f66dc32f7b": { "id": "5f49670e-6a7f-46f9-ad1e-44f66dc32f7b", "title": "WP Database Backup <= 5.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "* - 5.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f49670e-6a7f-46f9-ad1e-44f66dc32f7b?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f4d57e4-1b82-45bb-9824-b7b2eaa73b6d": { "id": "5f4d57e4-1b82-45bb-9824-b7b2eaa73b6d", "title": "All-in-one Floating Contact Form <= 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs \u2013 My Sticky Elements", "slug": "mystickyelements", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f4d57e4-1b82-45bb-9824-b7b2eaa73b6d?source=api-scan" ], "published": "2022-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f550bac-b047-4276-bde5-c15bfd4ceb49": { "id": "5f550bac-b047-4276-bde5-c15bfd4ceb49", "title": "Media Library Folders <= 8.2.0 - Reflected Cross-Site Scripting via 's'", "software": [ { "type": "plugin", "name": "Media Library Folders", "slug": "media-library-plus", "affected_versions": { "* - 8.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f550bac-b047-4276-bde5-c15bfd4ceb49?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f59d905-0b43-4a63-b5da-273b051f201b": { "id": "5f59d905-0b43-4a63-b5da-273b051f201b", "title": "Monetize <= 1.03 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Monetize", "slug": "monetize", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f59d905-0b43-4a63-b5da-273b051f201b?source=api-scan" ], "published": "2015-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f62045b-4fb7-4dde-8d3c-d04b4e5e4810": { "id": "5f62045b-4fb7-4dde-8d3c-d04b4e5e4810", "title": "Easy Appointments < 1.12.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Appointments", "slug": "easy-appointments", "affected_versions": { "[*, 1.12.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f62045b-4fb7-4dde-8d3c-d04b4e5e4810?source=api-scan" ], "published": "2017-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f6b88fb-1070-427b-a51f-23fbede3dd59": { "id": "5f6b88fb-1070-427b-a51f-23fbede3dd59", "title": "Under Construction, Coming Soon & Maintenance Mode <= 1.1.1 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Under Construction, Coming Soon & Maintenance Mode", "slug": "under-construction-maintenance-mode", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f6b88fb-1070-427b-a51f-23fbede3dd59?source=api-scan" ], "published": "2021-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f6da693-4610-4875-aa14-102809309b8d": { "id": "5f6da693-4610-4875-aa14-102809309b8d", "title": "Cron Jobs <= 1.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cron Jobs", "slug": "leira-cron-jobs", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f6da693-4610-4875-aa14-102809309b8d?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f6eba90-3e9d-48d0-aae2-81ff216315da": { "id": "5f6eba90-3e9d-48d0-aae2-81ff216315da", "title": "Posterity <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Posterity", "slug": "posterity", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f6eba90-3e9d-48d0-aae2-81ff216315da?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f6ee92e-4ccb-41b3-855f-adbfae4888ee": { "id": "5f6ee92e-4ccb-41b3-855f-adbfae4888ee", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio <= 6.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "* - 6.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f6ee92e-4ccb-41b3-855f-adbfae4888ee?source=api-scan" ], "published": "2021-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f7014fc-a502-4f72-899f-c21d3ca5e5b3": { "id": "5f7014fc-a502-4f72-899f-c21d3ca5e5b3", "title": "iThemes Security < 3.6.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 3.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f7014fc-a502-4f72-899f-c21d3ca5e5b3?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f75dfef-b30f-45a5-ba3e-cb82c1443800": { "id": "5f75dfef-b30f-45a5-ba3e-cb82c1443800", "title": "Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cornerstone", "slug": "cornerstone", "affected_versions": { "* - 0.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f75dfef-b30f-45a5-ba3e-cb82c1443800?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f75e37d-a94e-4103-b706-5fead24f1f73": { "id": "5f75e37d-a94e-4103-b706-5fead24f1f73", "title": "Funnel Builder by CartFlows <= 2.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce", "slug": "cartflows", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f75e37d-a94e-4103-b706-5fead24f1f73?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f78dd75-d853-4b16-843e-e0c9c55a103c": { "id": "5f78dd75-d853-4b16-843e-e0c9c55a103c", "title": "File Away <= 3.9.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "File Away", "slug": "file-away", "affected_versions": { "* - 3.9.9.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.9.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f78dd75-d853-4b16-843e-e0c9c55a103c?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f7a5d4b-8ba2-45d8-92d4-3c66a81fb4f8": { "id": "5f7a5d4b-8ba2-45d8-92d4-3c66a81fb4f8", "title": "Quotes for WooCommerce <= 2.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Quotes for WooCommerce", "slug": "quotes-for-woocommerce", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f7a5d4b-8ba2-45d8-92d4-3c66a81fb4f8?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f7b15ba-5d7b-448d-ae95-b7d3ae7ff1c0": { "id": "5f7b15ba-5d7b-448d-ae95-b7d3ae7ff1c0", "title": "Welcart e-Commerce <= 2.11.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f7b15ba-5d7b-448d-ae95-b7d3ae7ff1c0?source=api-scan" ], "published": "2024-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f7c4c26-ff77-4be0-946c-5480b4a28017": { "id": "5f7c4c26-ff77-4be0-946c-5480b4a28017", "title": "Home Villas | Real Estate WordPress Theme <= 2.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Home Villas | Real Estate WordPress Theme", "slug": "homevillas-real-estate", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f7c4c26-ff77-4be0-946c-5480b4a28017?source=api-scan" ], "published": "2020-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f7dc2c7-1a23-4677-b331-951960e76d43": { "id": "5f7dc2c7-1a23-4677-b331-951960e76d43", "title": "Ninja Forms \u2013 The Contact Form Builder That Grows With You <= 3.8.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "3.8.6 - 3.8.10": { "from_version": "3.8.6", "from_inclusive": true, "to_version": "3.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f7dc2c7-1a23-4677-b331-951960e76d43?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f800156-1ccc-431f-9b2b-3b2ba3428bbc": { "id": "5f800156-1ccc-431f-9b2b-3b2ba3428bbc", "title": "Realtyna Organic IDX plugin <= 4.14.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Realtyna Organic IDX plugin + WPL Real Estate", "slug": "real-estate-listing-realtyna-wpl", "affected_versions": { "* - 4.14.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.14.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f800156-1ccc-431f-9b2b-3b2ba3428bbc?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f829d21-5347-46ec-9218-2b3cbe7d7b95": { "id": "5f829d21-5347-46ec-9218-2b3cbe7d7b95", "title": "BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BigBlueButton", "slug": "bigbluebutton", "affected_versions": { "[*, 3.0.0-beta.4]": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0-beta.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f829d21-5347-46ec-9218-2b3cbe7d7b95?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f83c19e-1b75-4fea-b4de-f7f844a449c0": { "id": "5f83c19e-1b75-4fea-b4de-f7f844a449c0", "title": "WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce", "slug": "wp-cafe", "affected_versions": { "* - 2.2.23": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=api-scan" ], "published": "2024-05-22 13:15:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f84814e-f7b7-4228-b331-63027a0770af": { "id": "5f84814e-f7b7-4228-b331-63027a0770af", "title": "Email Subscription Popup <= 1.2.18 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Subscription Popup", "slug": "email-subscribe", "affected_versions": { "* - 1.2.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f84814e-f7b7-4228-b331-63027a0770af?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f86dd96-fc87-4dc8-8435-f279a8def021": { "id": "5f86dd96-fc87-4dc8-8435-f279a8def021", "title": "Blocksy <= 2.0.22 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Blocksy", "slug": "blocksy", "affected_versions": { "* - 2.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.23" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f86dd96-fc87-4dc8-8435-f279a8def021?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f8e0021-f305-45c1-b658-405ad22334ac": { "id": "5f8e0021-f305-45c1-b658-405ad22334ac", "title": "spam-byebye <= 2.2.1 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "spam-byebye", "slug": "spam-byebye", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f8e0021-f305-45c1-b658-405ad22334ac?source=api-scan" ], "published": "2019-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f8f8d46-d7e7-4b07-9b10-15e579973474": { "id": "5f8f8d46-d7e7-4b07-9b10-15e579973474", "title": "Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Auto Refresh Single Page", "slug": "auto-refresh-single-page", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f8f8d46-d7e7-4b07-9b10-15e579973474?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f958a43-1753-4605-9e98-ba1468f75ab0": { "id": "5f958a43-1753-4605-9e98-ba1468f75ab0", "title": "XLTab \u2013 Accordions and Tabs for Elementor Page Builder <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XLTab \u2013 Accordions and Tabs for Elementor Page Builder", "slug": "xl-tab", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f958a43-1753-4605-9e98-ba1468f75ab0?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f98f4b3-8cce-45dd-a138-5f2c8031fab5": { "id": "5f98f4b3-8cce-45dd-a138-5f2c8031fab5", "title": "WooCommerce Help Scout <= 2.9.1 - Arbitrary File Upload to Remote Code Execution", "software": [ { "type": "plugin", "name": "WooCommerce Help Scout", "slug": "woocommerce-help-scout", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f98f4b3-8cce-45dd-a138-5f2c8031fab5?source=api-scan" ], "published": "2021-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f994141-f361-4a0e-99dc-1e1951e1e76e": { "id": "5f994141-f361-4a0e-99dc-1e1951e1e76e", "title": "Access Demo Importer <= 1.0.7 - Cross-Site Request Forgery to Data Reset", "software": [ { "type": "plugin", "name": "Access Demo Importer", "slug": "access-demo-importer", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f994141-f361-4a0e-99dc-1e1951e1e76e?source=api-scan" ], "published": "2022-01-24 12:01:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f9cece7-a158-41ae-816b-1054da830724": { "id": "5f9cece7-a158-41ae-816b-1054da830724", "title": "Download Manager <= 3.2.82 - Unauthenticated Password Leak", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.82": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f9cece7-a158-41ae-816b-1054da830724?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f9cf9c5-d836-4414-a53f-adee2784bd96": { "id": "5f9cf9c5-d836-4414-a53f-adee2784bd96", "title": "Media from FTP <= 11.15 - Improper Privilege Management", "software": [ { "type": "plugin", "name": "Media from FTP", "slug": "media-from-ftp", "affected_versions": { "[*, 11.16)": { "from_version": "*", "from_inclusive": true, "to_version": "11.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f9cf9c5-d836-4414-a53f-adee2784bd96?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5f9d237c-110e-4e71-9d2c-db99358468e6": { "id": "5f9d237c-110e-4e71-9d2c-db99358468e6", "title": "Autoptimize <= 3.0.4 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5f9d237c-110e-4e71-9d2c-db99358468e6?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fa2ec9e-2859-4a96-9e33-9e22d37e544f": { "id": "5fa2ec9e-2859-4a96-9e33-9e22d37e544f", "title": "EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fa2ec9e-2859-4a96-9e33-9e22d37e544f?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fa75f3a-3582-4851-a67c-6c4981fb9abb": { "id": "5fa75f3a-3582-4851-a67c-6c4981fb9abb", "title": "Templately <= 3.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Templately \u2013 Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!", "slug": "templately", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fa75f3a-3582-4851-a67c-6c4981fb9abb?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fab1ae8-2aa4-452a-a594-64088c92b5c3": { "id": "5fab1ae8-2aa4-452a-a594-64088c92b5c3", "title": "NOO Timetable <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NOO Timetable", "slug": "noo-timetable", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fab1ae8-2aa4-452a-a594-64088c92b5c3?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fb338c2-f458-42bc-b147-d5024875e977": { "id": "5fb338c2-f458-42bc-b147-d5024875e977", "title": "Sunshine Photo Cart <= 3.2.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 3.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fb338c2-f458-42bc-b147-d5024875e977?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fb90b3b-08bd-4887-a6bf-054b42d3e403": { "id": "5fb90b3b-08bd-4887-a6bf-054b42d3e403", "title": "KB Support \u2013 WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions", "software": [ { "type": "plugin", "name": "KB Support \u2013 WordPress Help Desk and Knowledge Base", "slug": "kb-support", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fc5fb44-8264-46b7-9486-f145d6cbfde2": { "id": "5fc5fb44-8264-46b7-9486-f145d6cbfde2", "title": "Cost Calculator Builder <= 3.2.15 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Cost Calculator Builder", "slug": "cost-calculator-builder", "affected_versions": { "* - 3.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fc5fb44-8264-46b7-9486-f145d6cbfde2?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fca3dae-43a9-4130-ad04-8624aeb0c26b": { "id": "5fca3dae-43a9-4130-ad04-8624aeb0c26b", "title": "Church Admin < 1.2550 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "[*, 1.2550)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2550", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2550" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fca3dae-43a9-4130-ad04-8624aeb0c26b?source=api-scan" ], "published": "2018-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fd000dd-f75a-4ff0-bc71-20db878caca7": { "id": "5fd000dd-f75a-4ff0-bc71-20db878caca7", "title": "OneTone Companion <= 1.1.1 - Open Mailer", "software": [ { "type": "plugin", "name": "OneTone Companion", "slug": "onetone-companion", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fd000dd-f75a-4ff0-bc71-20db878caca7?source=api-scan" ], "published": "2022-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fd470bb-d791-45dc-a743-6f03fc75f00c": { "id": "5fd470bb-d791-45dc-a743-6f03fc75f00c", "title": "Editorialmag <= 1.2.0 - Missing Authorization to Authenticated Plugin Activation", "software": [ { "type": "theme", "name": "Editorialmag", "slug": "editorialmag", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fd470bb-d791-45dc-a743-6f03fc75f00c?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fd495e8-d7e8-4949-b7aa-43ef40063ca1": { "id": "5fd495e8-d7e8-4949-b7aa-43ef40063ca1", "title": "FooGallery <= 2.2.44 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fd495e8-d7e8-4949-b7aa-43ef40063ca1?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fdb8e77-1323-43a0-a012-04d983390de1": { "id": "5fdb8e77-1323-43a0-a012-04d983390de1", "title": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels", "slug": "print-invoices-packing-slip-labels-for-woocommerce", "affected_versions": { "* - 4.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fdb8e77-1323-43a0-a012-04d983390de1?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fdba41f-daa5-44e8-bc47-aa8b7bd31054": { "id": "5fdba41f-daa5-44e8-bc47-aa8b7bd31054", "title": "WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=api-scan" ], "published": "2023-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fdd2919-396b-41ff-ae92-1b6fee5c6f5e": { "id": "5fdd2919-396b-41ff-ae92-1b6fee5c6f5e", "title": "FloLaunch <= 2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "FloLaunch", "slug": "flo-launch", "affected_versions": { "[*, 2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fdd2919-396b-41ff-ae92-1b6fee5c6f5e?source=api-scan" ], "published": "2022-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fdf6407-388c-4fb4-b00d-7ed389a9067d": { "id": "5fdf6407-388c-4fb4-b00d-7ed389a9067d", "title": "Subscriptions & Memberships for PayPal <= 1.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscriptions & Memberships for PayPal", "slug": "subscriptions-memberships-for-paypal", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fdf6407-388c-4fb4-b00d-7ed389a9067d?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fe317a6-a391-441a-aac8-c8fa57e73169": { "id": "5fe317a6-a391-441a-aac8-c8fa57e73169", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fe317a6-a391-441a-aac8-c8fa57e73169?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fe374ff-85eb-4285-8d51-71e9275613cc": { "id": "5fe374ff-85eb-4285-8d51-71e9275613cc", "title": "Core Web Vitals & PageSpeed Booster <= 1.0.12 - Open Redirect via _wp_http_referer", "software": [ { "type": "plugin", "name": "Core Web Vitals & PageSpeed Booster", "slug": "core-web-vitals-pagespeed-booster", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fe374ff-85eb-4285-8d51-71e9275613cc?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fe46da6-add5-42d4-a2db-7a8bada2968c": { "id": "5fe46da6-add5-42d4-a2db-7a8bada2968c", "title": "WP Post Popup <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Post Popup", "slug": "wp-post-modal", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fe46da6-add5-42d4-a2db-7a8bada2968c?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5fe983d6-ad48-460f-ba5d-f6de19f06be4": { "id": "5fe983d6-ad48-460f-ba5d-f6de19f06be4", "title": "NewStatPress <= 1.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5fe983d6-ad48-460f-ba5d-f6de19f06be4?source=api-scan" ], "published": "2015-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ff589ec-756d-4183-8bb8-61dae9be7c5d": { "id": "5ff589ec-756d-4183-8bb8-61dae9be7c5d", "title": "Elements kit Elementor addons <= 2.9.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ff589ec-756d-4183-8bb8-61dae9be7c5d?source=api-scan" ], "published": "2023-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ff7ccb7-08fc-43de-8579-2a30d28e2de7": { "id": "5ff7ccb7-08fc-43de-8579-2a30d28e2de7", "title": "WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Banner Editing", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "[*, 6.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ff7ccb7-08fc-43de-8579-2a30d28e2de7?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "5ffb31a5-a692-4817-ad46-cf804b97d480": { "id": "5ffb31a5-a692-4817-ad46-cf804b97d480", "title": "Slideshow Gallery <= 1.6.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/5ffb31a5-a692-4817-ad46-cf804b97d480?source=api-scan" ], "published": "2017-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60030ee9-ad5d-4d84-a019-1906b20ebbc1": { "id": "60030ee9-ad5d-4d84-a019-1906b20ebbc1", "title": "WP-Picasa-Image <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Picasa-Image", "slug": "wp-picasa-image", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60030ee9-ad5d-4d84-a019-1906b20ebbc1?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6003b1bf-b176-4ca9-9de2-58133259e0f6": { "id": "6003b1bf-b176-4ca9-9de2-58133259e0f6", "title": "WP Docs <= 1.9.8 - Cross-Site Request Forgery to folder management", "software": [ { "type": "plugin", "name": "WP Docs", "slug": "wp-docs", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6003b1bf-b176-4ca9-9de2-58133259e0f6?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60083262-198d-4a7d-bb0a-717a744e20f9": { "id": "60083262-198d-4a7d-bb0a-717a744e20f9", "title": "WP Directory Kit <= 1.2.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60083262-198d-4a7d-bb0a-717a744e20f9?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60116e60-ebf3-4f32-b536-52ce2a9672df": { "id": "60116e60-ebf3-4f32-b536-52ce2a9672df", "title": "RoyalSlider <= 3.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RoyalSlider", "slug": "new-royalslider", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60116e60-ebf3-4f32-b536-52ce2a9672df?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6015e204-1e07-4c75-ad22-969045934468": { "id": "6015e204-1e07-4c75-ad22-969045934468", "title": "Coupon Referral Program <= 1.7.2 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Coupon Referral Program", "slug": "coupon-referral-program", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6015e204-1e07-4c75-ad22-969045934468?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "601ad4f3-2160-4af6-b3d5-c2af52746aab": { "id": "601ad4f3-2160-4af6-b3d5-c2af52746aab", "title": "Digital Goods < 2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Digital Goods for WooCommerce Checkout", "slug": "woo-checkout-for-digital-goods", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/601ad4f3-2160-4af6-b3d5-c2af52746aab?source=api-scan" ], "published": "2018-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "601d70ff-2e0e-403b-9c58-130d378a8240": { "id": "601d70ff-2e0e-403b-9c58-130d378a8240", "title": "WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WooCommerce Ninja Forms Product Add-ons", "slug": "woocommerce-ninjaforms-product-addons", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/601d70ff-2e0e-403b-9c58-130d378a8240?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "601e52b6-36eb-4739-9b04-db779befa899": { "id": "601e52b6-36eb-4739-9b04-db779befa899", "title": "Donations <= 1.8 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Donations", "slug": "nd-donations", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/601e52b6-36eb-4739-9b04-db779befa899?source=api-scan" ], "published": "2022-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60242725-200e-4794-acdc-2ab4a1e8e4fc": { "id": "60242725-200e-4794-acdc-2ab4a1e8e4fc", "title": "ShiftThis Newsletter <= 2.3.1 - SQL Injection", "software": [ { "type": "plugin", "name": "ShiftThis", "slug": "st_newsletter", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60242725-200e-4794-acdc-2ab4a1e8e4fc?source=api-scan" ], "published": "2008-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "602a8030-087b-459f-b649-b4116404cf3e": { "id": "602a8030-087b-459f-b649-b4116404cf3e", "title": "WordPress + Microsoft Office 365 \/ Azure AD | LOGIN <= 27.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via pintra Shortcode", "software": [ { "type": "plugin", "name": "WordPress + Microsoft Office 365 \/ Azure AD | LOGIN", "slug": "wpo365-login", "affected_versions": { "* - 27.2": { "from_version": "*", "from_inclusive": true, "to_version": "27.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "28.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/602a8030-087b-459f-b649-b4116404cf3e?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "602b3b9c-76a7-4b0b-8aad-e554c2fd6910": { "id": "602b3b9c-76a7-4b0b-8aad-e554c2fd6910", "title": "Comments by Startbit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Comments by Startbit", "slug": "facebook-comment-by-vivacity", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/602b3b9c-76a7-4b0b-8aad-e554c2fd6910?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "602c8145-dcf7-4844-8e54-bc50efa307f4": { "id": "602c8145-dcf7-4844-8e54-bc50efa307f4", "title": "Contact Form Clean and Simple <= 4.7.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Clean and Simple", "slug": "clean-and-simple-contact-form-by-meg-nicholas", "affected_versions": { "[*, 4.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/602c8145-dcf7-4844-8e54-bc50efa307f4?source=api-scan" ], "published": "2020-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "602d1302-138f-4ee4-a36c-179f24a2bf0b": { "id": "602d1302-138f-4ee4-a36c-179f24a2bf0b", "title": "Bannerlid <= 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bannerlid", "slug": "bannerlid", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/602d1302-138f-4ee4-a36c-179f24a2bf0b?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "602d337e-0778-4182-8e77-0eb3b37d5a7a": { "id": "602d337e-0778-4182-8e77-0eb3b37d5a7a", "title": "Easy PayPal Events <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Easy PayPal Events", "slug": "easy-paypal-events-tickets", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/602d337e-0778-4182-8e77-0eb3b37d5a7a?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "602df370-cd5b-46dc-a653-6522aef0c62f": { "id": "602df370-cd5b-46dc-a653-6522aef0c62f", "title": "Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.5.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/602df370-cd5b-46dc-a653-6522aef0c62f?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "603087d1-49cb-4080-b0ef-14f04dce3fed": { "id": "603087d1-49cb-4080-b0ef-14f04dce3fed", "title": "Social Author Bio <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Author Bio", "slug": "social-autho-bio", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/603087d1-49cb-4080-b0ef-14f04dce3fed?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6031edec-4274-4e42-9e3a-ce0c94958b17": { "id": "6031edec-4274-4e42-9e3a-ce0c94958b17", "title": "RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 9.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "9.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6031edec-4274-4e42-9e3a-ce0c94958b17?source=api-scan" ], "published": "2022-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60379757-fe43-4a76-a65a-ee09163dab0a": { "id": "60379757-fe43-4a76-a65a-ee09163dab0a", "title": "SMTP Mail Plugin <= 1.3.20 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "SMTP Mail", "slug": "smtp-mail", "affected_versions": { "* - 1.3.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60379757-fe43-4a76-a65a-ee09163dab0a?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "603813a4-73e1-47fd-8a6c-9416d21b6c88": { "id": "603813a4-73e1-47fd-8a6c-9416d21b6c88", "title": "YITH WooCommerce Wishlist <= 3.32.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Wishlist", "slug": "yith-woocommerce-wishlist", "affected_versions": { "* - 3.32.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.32.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.33.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/603813a4-73e1-47fd-8a6c-9416d21b6c88?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "603846de-5d3b-498f-844b-306d80df80da": { "id": "603846de-5d3b-498f-844b-306d80df80da", "title": "Two Factor Authentication (2FA , MFA, OTP SMS and Email) <= 1.0.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Two Factor Authentication (2FA , MFA, OTP SMS and Email)", "slug": "miniorange-login-security", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/603846de-5d3b-498f-844b-306d80df80da?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "603b1f0e-185c-4a0a-a6a2-c63105b2c9f3": { "id": "603b1f0e-185c-4a0a-a6a2-c63105b2c9f3", "title": "Finale WooCommerce Sale Countdown <= 2.9.0 - Authenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce", "slug": "finale-woocommerce-sales-countdown-timer-discount", "affected_versions": { "[*, 2.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/603b1f0e-185c-4a0a-a6a2-c63105b2c9f3?source=api-scan" ], "published": "2019-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c": { "id": "603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c", "title": "Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update", "software": [ { "type": "theme", "name": "Royal Elementor Kit", "slug": "royal-elementor-kit", "affected_versions": { "* - 1.0.116": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.116", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.117" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "603f0c9d-6964-4911-b4a5-bdad24a1a8dd": { "id": "603f0c9d-6964-4911-b4a5-bdad24a1a8dd", "title": "Kiwiz - Certification de facturation - Woocommerce <= 2.1.3 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Kiwiz - Certification de facturation - Woocommerce", "slug": "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/603f0c9d-6964-4911-b4a5-bdad24a1a8dd?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6042e3d9-cced-43b8-8b3c-eaca9855b842": { "id": "6042e3d9-cced-43b8-8b3c-eaca9855b842", "title": "Email Log <= 2.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Log", "slug": "email-log", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6042e3d9-cced-43b8-8b3c-eaca9855b842?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6045475f-f95a-4618-82ed-e42637d1c1d8": { "id": "6045475f-f95a-4618-82ed-e42637d1c1d8", "title": "Easy PayPal Shopping Cart <= 1.1.9 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy PayPal Shopping Cart", "slug": "easy-paypal-shopping-cart", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6045475f-f95a-4618-82ed-e42637d1c1d8?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "604862d9-e032-4806-8a14-3e4ad0ae1ee2": { "id": "604862d9-e032-4806-8a14-3e4ad0ae1ee2", "title": "Flash & HTML5 Video <= 2.5.31 - Authenticated (Subscriber+) Information Exposure", "software": [ { "type": "plugin", "name": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block", "slug": "html5-video-player", "affected_versions": { "* - 2.5.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/604862d9-e032-4806-8a14-3e4ad0ae1ee2?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60493635-b1b0-4e76-8f73-16c223d7b4d7": { "id": "60493635-b1b0-4e76-8f73-16c223d7b4d7", "title": "Header Footer Code Manager <= 1.1.34 - Cross-Site Request Forgery via process_bulk_action", "software": [ { "type": "plugin", "name": "Header Footer Code Manager", "slug": "header-footer-code-manager", "affected_versions": { "[*, 1.1.35)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60493635-b1b0-4e76-8f73-16c223d7b4d7?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "604975b9-fe2f-4d8f-af13-995f08d72e8f": { "id": "604975b9-fe2f-4d8f-af13-995f08d72e8f", "title": "Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/604975b9-fe2f-4d8f-af13-995f08d72e8f?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6054a885-e67a-4731-93ea-64d7f90d9ea8": { "id": "6054a885-e67a-4731-93ea-64d7f90d9ea8", "title": "WPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters", "software": [ { "type": "plugin", "name": "WPKoi Templates for Elementor", "slug": "wpkoi-templates-for-elementor", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6054a885-e67a-4731-93ea-64d7f90d9ea8?source=api-scan" ], "published": "2024-05-21 15:42:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60564e6b-9eea-4bba-b9b9-391a0f37cc95": { "id": "60564e6b-9eea-4bba-b9b9-391a0f37cc95", "title": "Bold Page Builder <= 5.1.- - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60564e6b-9eea-4bba-b9b9-391a0f37cc95?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6058da9e-8ca3-4966-bb10-e5da526e8c7e": { "id": "6058da9e-8ca3-4966-bb10-e5da526e8c7e", "title": "Pearl <= 1.3.4 - Cross-Site Request Forgery via stm_save_hb_settings", "software": [ { "type": "plugin", "name": "WordPress Header Builder Plugin \u2013 Pearl", "slug": "pearl-header-builder", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6058da9e-8ca3-4966-bb10-e5da526e8c7e?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "605b49a9-caa2-4bcd-8849-eb777b03ab01": { "id": "605b49a9-caa2-4bcd-8849-eb777b03ab01", "title": "Quill Forms <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress", "slug": "quillforms", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/605b49a9-caa2-4bcd-8849-eb777b03ab01?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "605fac87-e1e8-4354-a9d3-4440e54bc161": { "id": "605fac87-e1e8-4354-a9d3-4440e54bc161", "title": "Duplica <= 0.6 - Authenticated (Subscriber+) Missing Authorization to Users\/Posts Duplicates Creation", "software": [ { "type": "plugin", "name": "Duplica \u2013 Duplicate Posts, Pages, Custom Posts or Users", "slug": "duplica", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/605fac87-e1e8-4354-a9d3-4440e54bc161?source=api-scan" ], "published": "2024-07-18 08:55:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "605fbfb9-85d8-43ff-a738-ad1a8a9584c3": { "id": "605fbfb9-85d8-43ff-a738-ad1a8a9584c3", "title": "Bulk Resize Media <= 1.1 - Cross-Site Request Forgery via bulk_resize_resize_image", "software": [ { "type": "plugin", "name": "Bulk Resize Media", "slug": "bulk-resize-media", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/605fbfb9-85d8-43ff-a738-ad1a8a9584c3?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6065ad75-1685-4f1d-9ba9-d4c8ec840521": { "id": "6065ad75-1685-4f1d-9ba9-d4c8ec840521", "title": "Stop Spammers Security <= 2022.5 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms", "slug": "stop-spammer-registrations-plugin", "affected_versions": { "* - 2022.5": { "from_version": "*", "from_inclusive": true, "to_version": "2022.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2022.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6065ad75-1685-4f1d-9ba9-d4c8ec840521?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6065d77d-33ca-4f54-b485-ff1ce71b5e2b": { "id": "6065d77d-33ca-4f54-b485-ff1ce71b5e2b", "title": "WP-Table Reloaded <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Table Reloaded", "slug": "wp-table-reloaded", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6065d77d-33ca-4f54-b485-ff1ce71b5e2b?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60679026-13a3-4702-91a3-876636f3c5bc": { "id": "60679026-13a3-4702-91a3-876636f3c5bc", "title": "Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booster Elite for WooCommerce", "slug": "booster-elite-for-woocommerce", "affected_versions": { "[*, 1.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60679026-13a3-4702-91a3-876636f3c5bc?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "606b9002-5f3a-49ef-9714-49eeac86f800": { "id": "606b9002-5f3a-49ef-9714-49eeac86f800", "title": "Cybersoldier < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cybersoldier", "slug": "cybersoldier", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/606b9002-5f3a-49ef-9714-49eeac86f800?source=api-scan" ], "published": "2021-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6077a093-b2ec-4491-a4a7-d70b2858d772": { "id": "6077a093-b2ec-4491-a4a7-d70b2858d772", "title": "Nelio AB Testing < 4.5.11 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Nelio AB Testing", "slug": "nelio-ab-testing", "affected_versions": { "[*, 4.5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6077a093-b2ec-4491-a4a7-d70b2858d772?source=api-scan" ], "published": "2016-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "607a5846-4112-4f0d-b353-68903b2a4cb8": { "id": "607a5846-4112-4f0d-b353-68903b2a4cb8", "title": "DMSGuestbook < 1.9.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DMSGuestbook", "slug": "dmsguestbook", "affected_versions": { "[*, 1.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/607a5846-4112-4f0d-b353-68903b2a4cb8?source=api-scan" ], "published": "2008-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "607c20b1-f8da-4f3f-a070-abdae64c8fc8": { "id": "607c20b1-f8da-4f3f-a070-abdae64c8fc8", "title": "Image Slider <= 1.1.95 - SQL Injection", "software": [ { "type": "plugin", "name": "Image Slider", "slug": "image-slider-widget", "affected_versions": { "* - 1.1.95": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.95", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/607c20b1-f8da-4f3f-a070-abdae64c8fc8?source=api-scan" ], "published": "2018-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "607d1a6e-2277-4960-a5bd-95e94c510856": { "id": "607d1a6e-2277-4960-a5bd-95e94c510856", "title": "FoodBakery <= 1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "FoodBakery | Delivery Restaurant Directory WordPress Theme", "slug": "foodbakery", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/607d1a6e-2277-4960-a5bd-95e94c510856?source=api-scan" ], "published": "2020-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6082791e-feac-41f7-b565-9d98624ddf50": { "id": "6082791e-feac-41f7-b565-9d98624ddf50", "title": "PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "PWA for WP & AMP", "slug": "pwa-for-wp", "affected_versions": { "* - 1.7.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6082791e-feac-41f7-b565-9d98624ddf50?source=api-scan" ], "published": "2021-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6091faeb-f8a0-40f3-963c-6c5814219832": { "id": "6091faeb-f8a0-40f3-963c-6c5814219832", "title": "phpinfo() WP <= 5.0 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "phpinfo() WP", "slug": "phpinfo-wp", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6091faeb-f8a0-40f3-963c-6c5814219832?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60922f97-0155-43b5-921c-0ffb288a1d2f": { "id": "60922f97-0155-43b5-921c-0ffb288a1d2f", "title": "Rife Free <= 2.4.19 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Rife Free", "slug": "rife-free", "affected_versions": { "* - 2.4.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60922f97-0155-43b5-921c-0ffb288a1d2f?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "609d9ecf-4f91-4a78-ad8c-22e436c000ed": { "id": "609d9ecf-4f91-4a78-ad8c-22e436c000ed", "title": "PowerPack Addons for Elementor <= 2.3.1 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/609d9ecf-4f91-4a78-ad8c-22e436c000ed?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60a35848-1fdd-44c0-a5d4-92abf637e15c": { "id": "60a35848-1fdd-44c0-a5d4-92abf637e15c", "title": "Responsive Mobile <= 1.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Responsive Mobile", "slug": "responsive-mobile", "affected_versions": { "* - 1.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60a35848-1fdd-44c0-a5d4-92abf637e15c?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60a574c7-47de-4427-8d38-d510ea996f75": { "id": "60a574c7-47de-4427-8d38-d510ea996f75", "title": "Monolit <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Monolit", "slug": "monolit", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60a574c7-47de-4427-8d38-d510ea996f75?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60ae8b8f-bc65-40df-b6ae-4ec8e328dbe5": { "id": "60ae8b8f-bc65-40df-b6ae-4ec8e328dbe5", "title": "Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard <= 5.0.6.3 and <= 2.11.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard", "slug": "drag-n-drop-upload-cf7-pro", "affected_versions": { "2.0 - 2.11.0": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": true }, "5.0 - 5.0.6.3": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.1", "5.0.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60ae8b8f-bc65-40df-b6ae-4ec8e328dbe5?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60af0a7c-014b-4f71-9918-7ddc1186bee4": { "id": "60af0a7c-014b-4f71-9918-7ddc1186bee4", "title": "Livemesh Addons for WPBakery Page Builder <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBakery Page Builder Addons by Livemesh", "slug": "addons-for-visual-composer", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60af0a7c-014b-4f71-9918-7ddc1186bee4?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60b05809-c70d-4670-9d49-d56164961074": { "id": "60b05809-c70d-4670-9d49-d56164961074", "title": "SP Project & Document Manager <= 4.71 - Insecure Direct Object Reference to Information Exposure", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.71": { "from_version": "*", "from_inclusive": true, "to_version": "4.71", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60b05809-c70d-4670-9d49-d56164961074?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60b16755-ac0e-4069-b21a-cca003fecbdc": { "id": "60b16755-ac0e-4069-b21a-cca003fecbdc", "title": "FlightLog <= 3.0.2 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "FlightLog", "slug": "flightlog", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60b16755-ac0e-4069-b21a-cca003fecbdc?source=api-scan" ], "published": "2021-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60b1abeb-b11a-4de7-b747-53b166276a28": { "id": "60b1abeb-b11a-4de7-b747-53b166276a28", "title": "Hermit \u97f3\u4e50\u64ad\u653e\u5668 <= 3.1.6 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Hermit \u97f3\u4e50\u64ad\u653e\u5668", "slug": "hermit", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60b1abeb-b11a-4de7-b747-53b166276a28?source=api-scan" ], "published": "2022-04-28 12:01:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60ba7f68-1fe1-4349-a3eb-11a63ae11e38": { "id": "60ba7f68-1fe1-4349-a3eb-11a63ae11e38", "title": "Add to Calendar Button <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Add to Calendar Button", "slug": "add-to-calendar-button", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60ba7f68-1fe1-4349-a3eb-11a63ae11e38?source=api-scan" ], "published": "2023-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60c2e8eb-d01b-44f2-8e0d-009ff00887fd": { "id": "60c2e8eb-d01b-44f2-8e0d-009ff00887fd", "title": "Appointment and Event Booking Calendar for WordPress - Amelia < 1.0.47 - Arbitrary Booking Update and Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "[*, 1.0.47)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.47", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60c2e8eb-d01b-44f2-8e0d-009ff00887fd?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60c63be2-dd17-4224-ba96-ba30ed0b25ce": { "id": "60c63be2-dd17-4224-ba96-ba30ed0b25ce", "title": "DoFollow Case by Case <= 3.4.2 Cross-Site Request Forgery via getEmail and getUrl", "software": [ { "type": "plugin", "name": "DoFollow Case by Case", "slug": "dofollow-case-by-case", "affected_versions": { "[*, 3.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60c63be2-dd17-4224-ba96-ba30ed0b25ce?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60c6c9a8-e04d-49e2-96e8-16d7580a3e2c": { "id": "60c6c9a8-e04d-49e2-96e8-16d7580a3e2c", "title": "Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.15.20 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode", "slug": "coming-soon", "affected_versions": { "* - 6.15.20": { "from_version": "*", "from_inclusive": true, "to_version": "6.15.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.15.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60c6c9a8-e04d-49e2-96e8-16d7580a3e2c?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60c96210-d6ed-4838-b2fc-419e6a68f689": { "id": "60c96210-d6ed-4838-b2fc-419e6a68f689", "title": "Rate my Post \u2013 WP Rating System <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Rate My Post \u2013 Star Rating Plugin by FeedbackWP", "slug": "rate-my-post", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60c96210-d6ed-4838-b2fc-419e6a68f689?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60d59753-5b6b-4f3e-8faf-8053750ae05d": { "id": "60d59753-5b6b-4f3e-8faf-8053750ae05d", "title": "AN_GradeBook <= 5.0.1 - Authenticated (Subscriber+) SQL Injection via 'id'", "software": [ { "type": "plugin", "name": "AN_GradeBook", "slug": "an-gradebook", "affected_versions": { "* - 5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60d59753-5b6b-4f3e-8faf-8053750ae05d?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60db100b-7a09-4ac1-81ec-9b400c9cce47": { "id": "60db100b-7a09-4ac1-81ec-9b400c9cce47", "title": "WP-FormAssembly <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-FormAssembly", "slug": "formassembly-web-forms", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60db100b-7a09-4ac1-81ec-9b400c9cce47?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60de55c6-e4fa-453e-84bd-309f2887e3cb": { "id": "60de55c6-e4fa-453e-84bd-309f2887e3cb", "title": "BSK PDF Manager <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "BSK PDF Manager", "slug": "bsk-pdf-manager", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60de55c6-e4fa-453e-84bd-309f2887e3cb?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60e0fd59-a69c-4ddf-80cd-4312d2689397": { "id": "60e0fd59-a69c-4ddf-80cd-4312d2689397", "title": "eRoom \u2013 Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "eRoom \u2013 Zoom Meetings & Webinars", "slug": "eroom-zoom-meetings-webinar", "affected_versions": { "* - 1.4.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60e0fd59-a69c-4ddf-80cd-4312d2689397?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60e4c186-5239-464d-be83-1b873f821b3e": { "id": "60e4c186-5239-464d-be83-1b873f821b3e", "title": "All in One SEO <= 2.1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60e4c186-5239-464d-be83-1b873f821b3e?source=api-scan" ], "published": "2014-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60e642f9-74ff-47f1-a49d-99c8fdb26f4a": { "id": "60e642f9-74ff-47f1-a49d-99c8fdb26f4a", "title": "Scheduling Plugin \u2013 Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection", "software": [ { "type": "plugin", "name": "Scheduling Plugin \u2013 Online Booking for WordPress", "slug": "calendar-booking", "affected_versions": { "* - 3.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=api-scan" ], "published": "2024-06-17 14:10:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60e6b9e0-6e2f-4a2d-b967-cc410ebd3d7d": { "id": "60e6b9e0-6e2f-4a2d-b967-cc410ebd3d7d", "title": "WP QuickLaTeX <= 3.8.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP QuickLaTeX", "slug": "wp-quicklatex", "affected_versions": { "* - 3.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60e6b9e0-6e2f-4a2d-b967-cc410ebd3d7d?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60e9351a-302b-4a31-8a9c-c0a0b6ee3fcd": { "id": "60e9351a-302b-4a31-8a9c-c0a0b6ee3fcd", "title": "Captcha\/Honeypot for Contact Form 7 <= 1.11.3 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Captcha for WordPress", "slug": "captcha-for-contact-form-7", "affected_versions": { "* - 1.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60e9351a-302b-4a31-8a9c-c0a0b6ee3fcd?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60ea00e2-e33d-452d-969b-4022d6a00417": { "id": "60ea00e2-e33d-452d-969b-4022d6a00417", "title": "Mobile Events Manager < 1.4.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mobile Events Manager", "slug": "mobile-events-manager", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60ea00e2-e33d-452d-969b-4022d6a00417?source=api-scan" ], "published": "2021-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60ee9cfc-016d-45ee-b3f4-da999d093776": { "id": "60ee9cfc-016d-45ee-b3f4-da999d093776", "title": "Booster Elementor Addons <= 1.4.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Booster Elementor Addons", "slug": "booster-for-elementor", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60ee9cfc-016d-45ee-b3f4-da999d093776?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60f043e9-7947-4fff-a9a8-94a1f421db7c": { "id": "60f043e9-7947-4fff-a9a8-94a1f421db7c", "title": "Woodmart Core <= 1.0.36 - Authentication Bypass to Privilege Escalation", "software": [ { "type": "plugin", "name": "Woodmart Core", "slug": "woodmart-core", "affected_versions": { "* - 1.0.36": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60f043e9-7947-4fff-a9a8-94a1f421db7c?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60f16abd-951b-48a0-a363-0221f7e0957d": { "id": "60f16abd-951b-48a0-a363-0221f7e0957d", "title": "Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget", "software": [ { "type": "plugin", "name": "Sydney Toolbox", "slug": "sydney-toolbox", "affected_versions": { "* - 1.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60f16abd-951b-48a0-a363-0221f7e0957d?source=api-scan" ], "published": "2024-05-13 23:40:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60f63cdc-9c19-4f6c-a555-519bdb61ce6d": { "id": "60f63cdc-9c19-4f6c-a555-519bdb61ce6d", "title": "RokMicroNews <= 1.5 - Multiple Vulnerabilities", "software": [ { "type": "plugin", "name": "RokMicroNews", "slug": "wp_rokmicronews", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60f63cdc-9c19-4f6c-a555-519bdb61ce6d?source=api-scan" ], "published": "2013-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "60ffe162-5bcd-4ffc-af45-81240751bc62": { "id": "60ffe162-5bcd-4ffc-af45-81240751bc62", "title": "Responsive CSS EDITOR <= 1.0 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Responsive CSS EDITOR", "slug": "responsive-css-editor", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/60ffe162-5bcd-4ffc-af45-81240751bc62?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6106c972-5475-4c19-8630-3a01edc616ad": { "id": "6106c972-5475-4c19-8630-3a01edc616ad", "title": "Master Addons for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6106c972-5475-4c19-8630-3a01edc616ad?source=api-scan" ], "published": "2024-05-16 08:37:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "611871cc-737f-44e3-baf5-dbaa8bd8eb81": { "id": "611871cc-737f-44e3-baf5-dbaa8bd8eb81", "title": "List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "List category posts", "slug": "list-category-posts", "affected_versions": { "* - 0.89.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.89.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.89.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/611871cc-737f-44e3-baf5-dbaa8bd8eb81?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "611af50f-7f60-4c09-be64-3f2705e06206": { "id": "611af50f-7f60-4c09-be64-3f2705e06206", "title": "Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "* - 6.3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/611af50f-7f60-4c09-be64-3f2705e06206?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "611b88f4-96ae-47e4-8642-e09bee333468": { "id": "611b88f4-96ae-47e4-8642-e09bee333468", "title": "Royal Custom CSS for Page and Post <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Royal Custom CSS for Page and Post", "slug": "rt-custom-css-page-and-post", "affected_versions": { "1.2": { "from_version": "1.2", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/611b88f4-96ae-47e4-8642-e09bee333468?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61206bfb-1669-4c67-a9bd-ba3a20ceb810": { "id": "61206bfb-1669-4c67-a9bd-ba3a20ceb810", "title": "Culqi <= 3.0.14 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Culqi", "slug": "culqi-checkout", "affected_versions": { "* - 3.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61206bfb-1669-4c67-a9bd-ba3a20ceb810?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6125a8e6-4c87-4136-ba39-c3a089948733": { "id": "6125a8e6-4c87-4136-ba39-c3a089948733", "title": "CPT Shortcode Generator <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CPT Shortcode Generator", "slug": "cpt-shortcode", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6125a8e6-4c87-4136-ba39-c3a089948733?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "612fb73f-e488-453f-a2a4-32969f91122b": { "id": "612fb73f-e488-453f-a2a4-32969f91122b", "title": "Perfmatters <= 2.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Perfmatters", "slug": "perfmatters", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/612fb73f-e488-453f-a2a4-32969f91122b?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6130d49f-61b7-4b70-b1a5-036346f82650": { "id": "6130d49f-61b7-4b70-b1a5-036346f82650", "title": "Baggage Freight Shipping Australia <= 0.1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Baggage Freight Shipping Australia", "slug": "baggage-freight", "affected_versions": { "* - 0.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6130d49f-61b7-4b70-b1a5-036346f82650?source=api-scan" ], "published": "2019-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6134c76d-754b-4e54-aa4e-b791d9321b8e": { "id": "6134c76d-754b-4e54-aa4e-b791d9321b8e", "title": "TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "TheGem", "slug": "thegem", "affected_versions": { "[*, 5.8.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6134c76d-754b-4e54-aa4e-b791d9321b8e?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "613b4ad3-9aea-4c1c-9d73-1fb51da26477": { "id": "613b4ad3-9aea-4c1c-9d73-1fb51da26477", "title": "WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Lister Lite for eBay", "slug": "wp-lister-for-ebay", "affected_versions": { "* - 3.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/613b4ad3-9aea-4c1c-9d73-1fb51da26477?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "613e1862-e0b7-4012-a77d-b5fb56cbbb9c": { "id": "613e1862-e0b7-4012-a77d-b5fb56cbbb9c", "title": "360 Product Rotation <= 1.2.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "360 Product Rotation", "slug": "360-product-rotation", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/613e1862-e0b7-4012-a77d-b5fb56cbbb9c?source=api-scan" ], "published": "2016-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "613f22f2-2f84-4d01-a1ea-c14a25843700": { "id": "613f22f2-2f84-4d01-a1ea-c14a25843700", "title": "Listing, Classified Ads & Business Directory \u2013 uListing <= 2.0.5 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/613f22f2-2f84-4d01-a1ea-c14a25843700?source=api-scan" ], "published": "2021-07-27 05:17:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "613f4bd1-e29a-4853-84a2-3e1437f06d33": { "id": "613f4bd1-e29a-4853-84a2-3e1437f06d33", "title": "Events Made Easy <= 2.2.80 - SQL Injection", "software": [ { "type": "plugin", "name": "Events Made Easy", "slug": "events-made-easy", "affected_versions": { "* - 2.2.80": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.80", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/613f4bd1-e29a-4853-84a2-3e1437f06d33?source=api-scan" ], "published": "2022-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6147582f-578a-47ad-b16c-65c37896783d": { "id": "6147582f-578a-47ad-b16c-65c37896783d", "title": "ThemeIsle SDK <= Various Versions - Missing Authorization", "software": [ { "type": "plugin", "name": "PPOM \u2013 Product Addons & Custom Fields for WooCommerce", "slug": "woocommerce-product-addon", "affected_versions": { "* - 32.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "32.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "32.0.10" ] }, { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] }, { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.7" ] }, { "type": "plugin", "name": "Super Page Cache", "slug": "wp-cloudflare-page-cache", "affected_versions": { "* - 4.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.6" ] }, { "type": "plugin", "name": "Revive Social \u2013 Social Media Auto Post and Scheduling Automation Plugin", "slug": "tweet-old-post", "affected_versions": { "* - 9.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.26" ] }, { "type": "plugin", "name": "Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP & AVIF", "slug": "optimole-wp", "affected_versions": { "* - 3.12.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.5" ] }, { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.2" ] }, { "type": "plugin", "name": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-blocks", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] }, { "type": "plugin", "name": "LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder", "slug": "wp-maintenance-mode", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.10" ] }, { "type": "plugin", "name": "Menu Icons by ThemeIsle", "slug": "menu-icons", "affected_versions": { "* - 0.13.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.13.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.13.9" ] }, { "type": "plugin", "name": "Cloud Templates & Patterns collection", "slug": "templates-patterns-collection", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] }, { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6150c355-1046-483e-aa8b-463c3752021d": { "id": "6150c355-1046-483e-aa8b-463c3752021d", "title": "Master Addons for Elementor <= 2.0.5.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6150c355-1046-483e-aa8b-463c3752021d?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6150fd60-069f-4ba6-8f0c-773039eaaec6": { "id": "6150fd60-069f-4ba6-8f0c-773039eaaec6", "title": "Snap Pixel <= 1.5.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Snap Pixel", "slug": "snap-pixel", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6150fd60-069f-4ba6-8f0c-773039eaaec6?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61516b71-3346-4033-b55b-a35c5b4ca3dc": { "id": "61516b71-3346-4033-b55b-a35c5b4ca3dc", "title": "Unlimited Pop-Ups < 1.4.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unlimited PopUps", "slug": "unlimited-popups", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61516b71-3346-4033-b55b-a35c5b4ca3dc?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6153d71e-66c8-49d1-80d8-6a121883172d": { "id": "6153d71e-66c8-49d1-80d8-6a121883172d", "title": "Event List <= 0.7.9 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event List", "slug": "event-list", "affected_versions": { "* - 0.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6153d71e-66c8-49d1-80d8-6a121883172d?source=api-scan" ], "published": "2017-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6156a351-d681-4661-9131-62251b715a94": { "id": "6156a351-d681-4661-9131-62251b715a94", "title": "Role Scoper <= 1.3.64 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Role Scoper (Obsolete \u2013 Please install PublishPress Permissions)", "slug": "role-scoper", "affected_versions": { "* - 1.3.64": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.64", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6156a351-d681-4661-9131-62251b715a94?source=api-scan" ], "published": "2015-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61584724-fa1d-4823-af3d-d44501dc1f60": { "id": "61584724-fa1d-4823-af3d-d44501dc1f60", "title": "Chat Bubble <= 2.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back", "slug": "chat-bubble", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61584724-fa1d-4823-af3d-d44501dc1f60?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61585a02-fe7b-4a54-959f-346e4e0d6658": { "id": "61585a02-fe7b-4a54-959f-346e4e0d6658", "title": "Featured Post Creative <= 1.2.7 - Missing Authorization via wpfp_update_featured_post", "software": [ { "type": "plugin", "name": "Featured Post Creative", "slug": "featured-post-creative", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61585a02-fe7b-4a54-959f-346e4e0d6658?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61589c29-3f81-49e2-b001-c51892141c76": { "id": "61589c29-3f81-49e2-b001-c51892141c76", "title": "WPZOOM Addons for Elementor (Templates, Widgets) <= <=1.1.35 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPZOOM Addons for Elementor (Templates, Widgets)", "slug": "wpzoom-elementor-addons", "affected_versions": { "* - 1.1.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61589c29-3f81-49e2-b001-c51892141c76?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6158ec37-a6fb-42f9-bab6-bf547ea28ea0": { "id": "6158ec37-a6fb-42f9-bab6-bf547ea28ea0", "title": "ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6158ec37-a6fb-42f9-bab6-bf547ea28ea0?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "615d35dd-a92e-4910-b0fc-ac0a7d03741a": { "id": "615d35dd-a92e-4910-b0fc-ac0a7d03741a", "title": "WP DSGVO Tools (GDPR) <= 2.2.18 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP DSGVO Tools (GDPR)", "slug": "shapepress-dsgvo", "affected_versions": { "[*, 2.2.19)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/615d35dd-a92e-4910-b0fc-ac0a7d03741a?source=api-scan" ], "published": "2019-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "615efe27-3f3f-4d99-ba8d-a575608121c8": { "id": "615efe27-3f3f-4d99-ba8d-a575608121c8", "title": "WordPress Integrator <= 1.32 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Integrator", "slug": "wp-integrator", "affected_versions": { "* - 1.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.32", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/615efe27-3f3f-4d99-ba8d-a575608121c8?source=api-scan" ], "published": "2012-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6164c161-f764-4064-8139-609caad82204": { "id": "6164c161-f764-4064-8139-609caad82204", "title": "Image Gallery with Slideshow <= 1.5.2 - SQL Injection via gallery_name", "software": [ { "type": "plugin", "name": "Image Gallery with Slideshow Plugin", "slug": "image-gallery-with-slideshow", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6164c161-f764-4064-8139-609caad82204?source=api-scan" ], "published": "2017-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61684e5a-9ee1-4ae9-b26a-4552af957017": { "id": "61684e5a-9ee1-4ae9-b26a-4552af957017", "title": "XO Security < 1.5.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XO Security", "slug": "xo-security", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61684e5a-9ee1-4ae9-b26a-4552af957017?source=api-scan" ], "published": "2017-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "616b34e8-d853-4176-9fda-427fc9900b97": { "id": "616b34e8-d853-4176-9fda-427fc9900b97", "title": "FV Flowplayer Video Player <= 7.5.41.7212 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.41.7212": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.41.7212", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.44.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/616b34e8-d853-4176-9fda-427fc9900b97?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "616c65e7-8d0c-4be8-bd6f-f98187ff1539": { "id": "616c65e7-8d0c-4be8-bd6f-f98187ff1539", "title": "User Meta Manager Plugin < 3.4.7 - Privilege Escalation", "software": [ { "type": "plugin", "name": "User Meta Manager", "slug": "user-meta-manager", "affected_versions": { "[*, 3.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/616c65e7-8d0c-4be8-bd6f-f98187ff1539?source=api-scan" ], "published": "2016-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "616c8ab8-3200-41fb-9d31-5d36873742cb": { "id": "616c8ab8-3200-41fb-9d31-5d36873742cb", "title": "Change WP Admin Login <= 1.0.9 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "All In One Login \u2014 WordPress Login Security Plugin to Protect and Customize WP Admin", "slug": "change-wp-admin-login", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/616c8ab8-3200-41fb-9d31-5d36873742cb?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "616de170-6645-4a06-a393-51bec1d8bd8c": { "id": "616de170-6645-4a06-a393-51bec1d8bd8c", "title": "MW WP Form <= 4.4.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "MW WP Form", "slug": "mw-wp-form", "affected_versions": { "* - 4.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/616de170-6645-4a06-a393-51bec1d8bd8c?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61737fea-cf91-4a08-bfec-363aeaca21f7": { "id": "61737fea-cf91-4a08-bfec-363aeaca21f7", "title": "FormBuilder <= 1.05 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FormBuilder", "slug": "formbuilder", "affected_versions": { "* - 1.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61737fea-cf91-4a08-bfec-363aeaca21f7?source=api-scan" ], "published": "2016-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6173d307-9917-4d76-b6bf-d5646b9e33d6": { "id": "6173d307-9917-4d76-b6bf-d5646b9e33d6", "title": "WP Activity Log 1.5 - 2.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "1.5 - 2.4.3": { "from_version": "1.5", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6173d307-9917-4d76-b6bf-d5646b9e33d6?source=api-scan" ], "published": "2016-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61771b13-4554-49b8-8829-6345174c4a69": { "id": "61771b13-4554-49b8-8829-6345174c4a69", "title": "WappPress <= 6.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WappPress \u2013 Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute", "slug": "wapppress-builds-android-app-for-website", "affected_versions": { "* - 6.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61771b13-4554-49b8-8829-6345174c4a69?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61799fbc-05dc-4de9-90f9-8712ba554607": { "id": "61799fbc-05dc-4de9-90f9-8712ba554607", "title": "Welcart e-Commerce <= 2.9.14 - Missing Authorization", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.9.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61799fbc-05dc-4de9-90f9-8712ba554607?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "617b2ef0-dc7b-4032-a145-5eaffb8194c3": { "id": "617b2ef0-dc7b-4032-a145-5eaffb8194c3", "title": "Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/617b2ef0-dc7b-4032-a145-5eaffb8194c3?source=api-scan" ], "published": "2023-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "617c850f-8d7b-42d4-ac40-2381c4c6bde6": { "id": "617c850f-8d7b-42d4-ac40-2381c4c6bde6", "title": "WP Humans.txt <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Humans.txt", "slug": "wp-humanstxt", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/617c850f-8d7b-42d4-ac40-2381c4c6bde6?source=api-scan" ], "published": "2022-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "617dcc0e-e212-4da0-8918-e55e6b3895fa": { "id": "617dcc0e-e212-4da0-8918-e55e6b3895fa", "title": "Zotpress <= 7.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zotpress", "slug": "zotpress", "affected_versions": { "* - 7.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/617dcc0e-e212-4da0-8918-e55e6b3895fa?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "617f3062-2848-4c23-89e4-17a0f0d44977": { "id": "617f3062-2848-4c23-89e4-17a0f0d44977", "title": "Import and export users and customers <= 1.14.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "[*, 1.14.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.14.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/617f3062-2848-4c23-89e4-17a0f0d44977?source=api-scan" ], "published": "2019-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61808624-b2c7-4e86-b5a1-56f32fca9eaa": { "id": "61808624-b2c7-4e86-b5a1-56f32fca9eaa", "title": "WP-dTree <= 4.4.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-dTree", "slug": "wp-dtree-30", "affected_versions": { "* - 4.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61808624-b2c7-4e86-b5a1-56f32fca9eaa?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "618854b9-fa85-4302-9a38-ae5cbd7c7b9f": { "id": "618854b9-fa85-4302-9a38-ae5cbd7c7b9f", "title": "Site Reviews <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 5.17.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.17.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.17.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/618854b9-fa85-4302-9a38-ae5cbd7c7b9f?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6189368d-5925-4c84-9f0f-694b9ebcd45e": { "id": "6189368d-5925-4c84-9f0f-694b9ebcd45e", "title": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6189368d-5925-4c84-9f0f-694b9ebcd45e?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "618f644b-a92c-4f7f-aaea-c03ee7d6e0f9": { "id": "618f644b-a92c-4f7f-aaea-c03ee7d6e0f9", "title": "Ultimate Member \u2013 User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion\/Read", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.45": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/618f644b-a92c-4f7f-aaea-c03ee7d6e0f9?source=api-scan" ], "published": "2019-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61901d83-0d05-4be8-a318-43bea086293a": { "id": "61901d83-0d05-4be8-a318-43bea086293a", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61901d83-0d05-4be8-a318-43bea086293a?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6197c194-5a17-41da-be79-58a6f5c68a0b": { "id": "6197c194-5a17-41da-be79-58a6f5c68a0b", "title": "WP Meteor Website Speed Optimization Addon <= 3.4.3 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "WP Meteor Website Speed Optimization Addon", "slug": "wp-meteor", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6197c194-5a17-41da-be79-58a6f5c68a0b?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61992821-a053-4bc6-853a-1a826d096746": { "id": "61992821-a053-4bc6-853a-1a826d096746", "title": "Uncanny Toolkit for LearnDash <= 3.6.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Uncanny Toolkit for LearnDash", "slug": "uncanny-learndash-toolkit", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61992821-a053-4bc6-853a-1a826d096746?source=api-scan" ], "published": "2022-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "619ca4b6-95bb-4c87-b8db-78e6d6b79384": { "id": "619ca4b6-95bb-4c87-b8db-78e6d6b79384", "title": "Social Sharing (by Danny) <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Sharing (by Danny)", "slug": "dvk-social-sharing", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/619ca4b6-95bb-4c87-b8db-78e6d6b79384?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61a050bd-deaa-4115-baa5-f63790816450": { "id": "61a050bd-deaa-4115-baa5-f63790816450", "title": "Backup and Restore WordPress <= 1.50 - Missing Authorization", "software": [ { "type": "plugin", "name": "Backup and Restore WordPress \u2013 Backup Plugin", "slug": "wp-backitup", "affected_versions": { "* - 1.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.50", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61a050bd-deaa-4115-baa5-f63790816450?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61a3c83f-1910-4c25-9b79-293c75d06e5a": { "id": "61a3c83f-1910-4c25-9b79-293c75d06e5a", "title": "Unlimited PopUps <= 4.5.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Unlimited PopUps", "slug": "unlimited-popups", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61a3c83f-1910-4c25-9b79-293c75d06e5a?source=api-scan" ], "published": "2021-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61a63ba6-129a-4ce2-be40-89c2fa44a670": { "id": "61a63ba6-129a-4ce2-be40-89c2fa44a670", "title": "Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lifetime free Drag & Drop Contact Form Builder for WordPress VForm", "slug": "v-form", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61a63ba6-129a-4ce2-be40-89c2fa44a670?source=api-scan" ], "published": "2024-07-30 17:00:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61aaeca4-6b5c-4b00-ab71-bba976d9e1b5": { "id": "61aaeca4-6b5c-4b00-ab71-bba976d9e1b5", "title": "Lucky Wheel for WooCommerce \u2013 Spin a Sale <= 1.0.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lucky Wheel for WooCommerce \u2013 Spin a Sale", "slug": "woo-lucky-wheel", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61aaeca4-6b5c-4b00-ab71-bba976d9e1b5?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61b07604-b206-4f13-b25f-7a6d54236eb1": { "id": "61b07604-b206-4f13-b25f-7a6d54236eb1", "title": "Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61b07604-b206-4f13-b25f-7a6d54236eb1?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61b28b8c-4588-4b4e-85e8-d3d37b791f3d": { "id": "61b28b8c-4588-4b4e-85e8-d3d37b791f3d", "title": "Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "[*, 4.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61b28b8c-4588-4b4e-85e8-d3d37b791f3d?source=api-scan" ], "published": "2020-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61bac919-90be-4fb5-859a-d135e87fe0bb": { "id": "61bac919-90be-4fb5-859a-d135e87fe0bb", "title": "Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.18": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61bac919-90be-4fb5-859a-d135e87fe0bb?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61bbd7fe-cacf-4390-b976-3b931fc84af3": { "id": "61bbd7fe-cacf-4390-b976-3b931fc84af3", "title": "bbPress Move Topics <= 1.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "bbPress Move Topics", "slug": "bbp-move-topics", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61bbd7fe-cacf-4390-b976-3b931fc84af3?source=api-scan" ], "published": "2018-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61bd2f32-23a2-4dfe-90f3-81d597b97592": { "id": "61bd2f32-23a2-4dfe-90f3-81d597b97592", "title": "Multivendor Marketplace Solution for WooCommerce \u2013 WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 3.8.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61bd2f32-23a2-4dfe-90f3-81d597b97592?source=api-scan" ], "published": "2022-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61c39f5f-3b17-4e4d-824e-241159a73400": { "id": "61c39f5f-3b17-4e4d-824e-241159a73400", "title": "Contact Form Builder by vcita <= 4.9.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Builder by vcita", "slug": "contact-form-with-a-meeting-scheduler-by-vcita", "affected_versions": { "* - 4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61c39f5f-3b17-4e4d-824e-241159a73400?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61c3a517-70c8-4fc2-b8d6-1dcb2ad811d8": { "id": "61c3a517-70c8-4fc2-b8d6-1dcb2ad811d8", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61c3a517-70c8-4fc2-b8d6-1dcb2ad811d8?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61c71bbf-ddae-4f35-ac8d-9753fb3fb67f": { "id": "61c71bbf-ddae-4f35-ac8d-9753fb3fb67f", "title": "Ads by datafeedr.com <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ads by datafeedr.com", "slug": "ads-by-datafeedrcom", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61c71bbf-ddae-4f35-ac8d-9753fb3fb67f?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61c815c2-a5ea-431c-bfde-c08a4eb5fda6": { "id": "61c815c2-a5ea-431c-bfde-c08a4eb5fda6", "title": "Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings", "software": [ { "type": "plugin", "name": "Schedule Posts Calendar", "slug": "schedule-posts-calendar", "affected_versions": { "* - 5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61c815c2-a5ea-431c-bfde-c08a4eb5fda6?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61ca5ab6-5fe9-4313-9b0d-8736663d0e89": { "id": "61ca5ab6-5fe9-4313-9b0d-8736663d0e89", "title": "LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API", "software": [ { "type": "plugin", "name": "LearnDash LMS", "slug": "sfwd-lms", "affected_versions": { "* - 4.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61ca5ab6-5fe9-4313-9b0d-8736663d0e89?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61d3f1f4-4cb9-4dd2-bda7-d08b2ccdbcba": { "id": "61d3f1f4-4cb9-4dd2-bda7-d08b2ccdbcba", "title": "Minimal Coming Soon & Maintenance Mode <= 2.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Minimal Coming Soon \u2013 Coming Soon Page", "slug": "minimal-coming-soon-maintenance-mode", "affected_versions": { "[*, 2.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61d3f1f4-4cb9-4dd2-bda7-d08b2ccdbcba?source=api-scan" ], "published": "2019-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61d6b2b8-dcaa-4419-b61d-4def743def95": { "id": "61d6b2b8-dcaa-4419-b61d-4def743def95", "title": "Bookshelf <= 2.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bookshelf", "slug": "bookshelf", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61d6b2b8-dcaa-4419-b61d-4def743def95?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61d731cb-2c1b-4835-b8ea-4d1b330fdad9": { "id": "61d731cb-2c1b-4835-b8ea-4d1b330fdad9", "title": "View All Post's Pages <= 0.9.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "View All Post's Pages", "slug": "view-all-posts-pages", "affected_versions": { "* - 0.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61d731cb-2c1b-4835-b8ea-4d1b330fdad9?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba": { "id": "61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba", "title": "WP Job Manager <= 1.29.2 - PHP Object Injection", "software": [ { "type": "plugin", "name": "WP Job Manager", "slug": "wp-job-manager", "affected_versions": { "* - 1.29.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61e6db2f-5dfd-44ef-9500-9f0cb5cd67ba?source=api-scan" ], "published": "2018-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61ec0e78-b367-438f-929d-94e055c83477": { "id": "61ec0e78-b367-438f-929d-94e055c83477", "title": "Recently viewed and most viewed products <= 1.1.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recently viewed and most viewed products", "slug": "recently-viewed-and-most-viewed-products", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61ec0e78-b367-438f-929d-94e055c83477?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61f7e01e-c9ce-47f6-96d0-de908ce7e90c": { "id": "61f7e01e-c9ce-47f6-96d0-de908ce7e90c", "title": "WP Ultimate Exporter <= 2.4.1 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Export All Posts, Products, Orders, Refunds & Users", "slug": "wp-ultimate-exporter", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61f7e01e-c9ce-47f6-96d0-de908ce7e90c?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61fce18a-44ec-442f-879e-f4ceab93d972": { "id": "61fce18a-44ec-442f-879e-f4ceab93d972", "title": "QS Dark Mode Plugin <= 2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "QS Dark Mode Plugin", "slug": "qs-dark-mode", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61fce18a-44ec-442f-879e-f4ceab93d972?source=api-scan" ], "published": "2024-09-30 21:09:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "61fdc6e9-75ea-4226-9527-a5fd02efde70": { "id": "61fdc6e9-75ea-4226-9527-a5fd02efde70", "title": "Coming Soon Page & Maintenance Mode <= 1.8.1 - Unauthenticated Settings Reset", "software": [ { "type": "plugin", "name": "Coming Soon Page & Maintenance Mode", "slug": "responsive-coming-soon", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/61fdc6e9-75ea-4226-9527-a5fd02efde70?source=api-scan" ], "published": "2019-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62029ce5-ab97-4594-93e6-469ef5692320": { "id": "62029ce5-ab97-4594-93e6-469ef5692320", "title": "Restrict <= 2.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restrict \u2013 membership, site, content and user access restrictions for WordPress", "slug": "restricted-content", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62029ce5-ab97-4594-93e6-469ef5692320?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6203a15d-f90f-4147-8e43-afc424bbb750": { "id": "6203a15d-f90f-4147-8e43-afc424bbb750", "title": "Template Kit \u2013 Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload", "software": [ { "type": "plugin", "name": "Template Kit \u2013 Import", "slug": "template-kit-import", "affected_versions": { "* - 1.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6203a15d-f90f-4147-8e43-afc424bbb750?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6205b0fe-6c68-4550-b9aa-87c3fbc88ddf": { "id": "6205b0fe-6c68-4550-b9aa-87c3fbc88ddf", "title": "Simple Slideshow Manager <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Slideshow Manager", "slug": "simple-slideshow-manager", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6205b0fe-6c68-4550-b9aa-87c3fbc88ddf?source=api-scan" ], "published": "2015-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62061cf9-cdbf-4cb2-9890-36bdcbc65c21": { "id": "62061cf9-cdbf-4cb2-9890-36bdcbc65c21", "title": "Stop Spam Comments <= 0.2.1.2 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Stop Spam Comments", "slug": "stop-spam-comments", "affected_versions": { "* - 0.2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62061cf9-cdbf-4cb2-9890-36bdcbc65c21?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6208afdb-502c-44e8-b50a-22fa87ee80df": { "id": "6208afdb-502c-44e8-b50a-22fa87ee80df", "title": "File Manager <= 3.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6208afdb-502c-44e8-b50a-22fa87ee80df?source=api-scan" ], "published": "2018-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "620e8931-64f0-4d9c-9a4c-1f5a703845ff": { "id": "620e8931-64f0-4d9c-9a4c-1f5a703845ff", "title": "Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Automatic Plugin", "slug": "wp-automatic", "affected_versions": { "* - 3.92.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.92.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.92.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/620e8931-64f0-4d9c-9a4c-1f5a703845ff?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62128061-1ecc-484c-a054-4925f9ac6105": { "id": "62128061-1ecc-484c-a054-4925f9ac6105", "title": "Unconfirmed < 1.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unconfirmed", "slug": "unconfirmed", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62128061-1ecc-484c-a054-4925f9ac6105?source=api-scan" ], "published": "2014-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6215fa9f-06bc-4dc8-b1f5-a3bb75749f1d": { "id": "6215fa9f-06bc-4dc8-b1f5-a3bb75749f1d", "title": "LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR", "software": [ { "type": "plugin", "name": "LatePoint Plugin", "slug": "latepoint", "affected_versions": { "* - 4.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6215fa9f-06bc-4dc8-b1f5-a3bb75749f1d?source=api-scan" ], "published": "2024-06-13 21:00:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "621e3b3f-9647-41ec-aa06-e961e3525fea": { "id": "621e3b3f-9647-41ec-aa06-e961e3525fea", "title": "Car Dealer <= 3.04 - Missing Authorization to Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "Car Dealer (Dealership) and Vehicle sales", "slug": "cardealer", "affected_versions": { "* - 3.04": { "from_version": "*", "from_inclusive": true, "to_version": "3.04", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/621e3b3f-9647-41ec-aa06-e961e3525fea?source=api-scan" ], "published": "2022-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "621ef583-bf99-4b81-ae9c-b4f1c86b86aa": { "id": "621ef583-bf99-4b81-ae9c-b4f1c86b86aa", "title": "UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "plugin", "name": "UberMenu", "slug": "ubermenu", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/621ef583-bf99-4b81-ae9c-b4f1c86b86aa?source=api-scan" ], "published": "2024-06-21 16:39:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62233370-3b54-4d89-93e7-07afdae4a413": { "id": "62233370-3b54-4d89-93e7-07afdae4a413", "title": "WP Review Slider <= 12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Review Slider", "slug": "wp-facebook-reviews", "affected_versions": { "* - 12.7": { "from_version": "*", "from_inclusive": true, "to_version": "12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62233370-3b54-4d89-93e7-07afdae4a413?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "622b9b46-774d-4251-9a79-73e5b398de57": { "id": "622b9b46-774d-4251-9a79-73e5b398de57", "title": "Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Composer Website Builder", "slug": "visualcomposer", "affected_versions": { "* - 45.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "45.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "45.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/622b9b46-774d-4251-9a79-73e5b398de57?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6230275e-8742-40f4-869f-a0e0984d85ba": { "id": "6230275e-8742-40f4-869f-a0e0984d85ba", "title": "Playlist for Youtube <= 1.32 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Playlist for Youtube", "slug": "playlist-for-youtube", "affected_versions": { "* - 1.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6230275e-8742-40f4-869f-a0e0984d85ba?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6231e47e-2120-4746-97c1-2aa80aa18f4e": { "id": "6231e47e-2120-4746-97c1-2aa80aa18f4e", "title": "WordPress Automatic Plugin <= 3.92.1 Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Automatic Plugin", "slug": "wp-automatic", "affected_versions": { "* - 3.92.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.92.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.93.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6231e47e-2120-4746-97c1-2aa80aa18f4e?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "623acb6d-9cab-483c-ad51-88adff8847a4": { "id": "623acb6d-9cab-483c-ad51-88adff8847a4", "title": "Search Everything <= 8.1.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Search Everything", "slug": "search-everything", "affected_versions": { "[*, 8.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/623acb6d-9cab-483c-ad51-88adff8847a4?source=api-scan" ], "published": "2016-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "623b139e-c5a1-4d2e-b05c-72707f421ef8": { "id": "623b139e-c5a1-4d2e-b05c-72707f421ef8", "title": "Smash Balloon Social Post Feed <= 4.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Smash Balloon Social Post Feed \u2013 Simple Social Feeds for WordPress", "slug": "custom-facebook-feed", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/623b139e-c5a1-4d2e-b05c-72707f421ef8?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "623decc5-bdb7-42c9-8531-8004ddc16682": { "id": "623decc5-bdb7-42c9-8531-8004ddc16682", "title": "WP Plugin Manager <= 1.1.7 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "WP Plugin Manager \u2013 Deactivate plugins per page", "slug": "wp-plugin-manager", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/623decc5-bdb7-42c9-8531-8004ddc16682?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62402e53-ff46-410e-9cc1-a87b677e6526": { "id": "62402e53-ff46-410e-9cc1-a87b677e6526", "title": "Role Based Pricing for WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Role Based Pricing for WooCommerce", "slug": "role-based-pricing-for-woocommerce", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62402e53-ff46-410e-9cc1-a87b677e6526?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6245d74b-89ad-4229-8c99-dbfeaa048400": { "id": "6245d74b-89ad-4229-8c99-dbfeaa048400", "title": "Easy Bootstrap Shortcode <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Bootstrap Shortcode", "slug": "easy-bootstrap-shortcodes", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6245d74b-89ad-4229-8c99-dbfeaa048400?source=api-scan" ], "published": "2022-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62475d8f-a0f6-45ab-abd0-ad24e1887c91": { "id": "62475d8f-a0f6-45ab-abd0-ad24e1887c91", "title": "Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Attachments", "slug": "download-attachments", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62475d8f-a0f6-45ab-abd0-ad24e1887c91?source=api-scan" ], "published": "2024-06-03 16:38:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "624a3174-03fa-4a8e-9c02-5e24add92392": { "id": "624a3174-03fa-4a8e-9c02-5e24add92392", "title": "Table of Contents Plus <= 2302 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Table of Contents Plus", "slug": "table-of-contents-plus", "affected_versions": { "* - 2302": { "from_version": "*", "from_inclusive": true, "to_version": "2302", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2309" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/624a3174-03fa-4a8e-9c02-5e24add92392?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "624a87c7-d43e-48d5-8489-d4f7b3ea10da": { "id": "624a87c7-d43e-48d5-8489-d4f7b3ea10da", "title": "Relevanssi \u2013 A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "[*, 3.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/624a87c7-d43e-48d5-8489-d4f7b3ea10da?source=api-scan" ], "published": "2017-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "624af5e1-dc40-4d33-bfac-1a409b81a096": { "id": "624af5e1-dc40-4d33-bfac-1a409b81a096", "title": "SpeakOut! Email Petitions <= 4.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpeakOut! Email Petitions", "slug": "speakout", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/624af5e1-dc40-4d33-bfac-1a409b81a096?source=api-scan" ], "published": "2022-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "624bdb9e-6c50-4a00-9a04-1a32c938d48b": { "id": "624bdb9e-6c50-4a00-9a04-1a32c938d48b", "title": "Image Hotspot by DevVN <= 1.2.5 - Authenticated (Author+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Image Hotspot by DevVN", "slug": "devvn-image-hotspot", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/624bdb9e-6c50-4a00-9a04-1a32c938d48b?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "624d9627-0ffc-409f-beb7-60e80177aa9b": { "id": "624d9627-0ffc-409f-beb7-60e80177aa9b", "title": "TheRoof <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "TheRoof", "slug": "theroof", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/624d9627-0ffc-409f-beb7-60e80177aa9b?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6251d0f6-b536-4122-8fdf-bb77665a4f41": { "id": "6251d0f6-b536-4122-8fdf-bb77665a4f41", "title": "DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DPD Baltic Shipping", "slug": "woo-shipping-dpd-baltic", "affected_versions": { "* - 1.2.83": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.83", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6251d0f6-b536-4122-8fdf-bb77665a4f41?source=api-scan" ], "published": "2024-10-17 15:44:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6252f038-f3ae-41f1-8a5b-0557d3e1252f": { "id": "6252f038-f3ae-41f1-8a5b-0557d3e1252f", "title": "Move Addons for Elementor <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Move Addons for Elementor", "slug": "move-addons", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6252f038-f3ae-41f1-8a5b-0557d3e1252f?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62559fd6-a338-4f0f-ab1a-33fffbdc687e": { "id": "62559fd6-a338-4f0f-ab1a-33fffbdc687e", "title": "WordPress RSS Feed Retriever <= 1.6.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "RSS Feed Retriever", "slug": "wp-rss-retriever", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62559fd6-a338-4f0f-ab1a-33fffbdc687e?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6257739a-cd7c-4797-882a-016a01fe84b4": { "id": "6257739a-cd7c-4797-882a-016a01fe84b4", "title": "Social Share, Social Login and Social Comments <= 7.13.51 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "[*, 7.13.52)": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.52", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.13.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6257739a-cd7c-4797-882a-016a01fe84b4?source=api-scan" ], "published": "2023-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "625c1df5-6655-4319-8833-5519b464e53e": { "id": "625c1df5-6655-4319-8833-5519b464e53e", "title": "WP GPX Map <= 1.7.05 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP GPX Maps", "slug": "wp-gpx-maps", "affected_versions": { "* - 1.7.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/625c1df5-6655-4319-8833-5519b464e53e?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6263e0cd-5843-444d-8d12-61a898a77724": { "id": "6263e0cd-5843-444d-8d12-61a898a77724", "title": "WP125 <= 1.5.4 - Cross-Site Request Forgery to Arbitrary Ad Deletion", "software": [ { "type": "plugin", "name": "WP125", "slug": "wp125", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6263e0cd-5843-444d-8d12-61a898a77724?source=api-scan" ], "published": "2021-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62687f24-4be2-49de-9a7d-265325b0f72b": { "id": "62687f24-4be2-49de-9a7d-265325b0f72b", "title": "Dewplayer <= 1.2 and Advanced Dewplayer < 1.5 - Content Spoofing\/Injection", "software": [ { "type": "plugin", "name": "Dewplayer", "slug": "dewplayer-flash-mp3-player", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Advanced Dewplayer", "slug": "advanced-dewplayer", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62687f24-4be2-49de-9a7d-265325b0f72b?source=api-scan" ], "published": "2013-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "626dac34-6b25-42c9-8f7d-9899e4bcc039": { "id": "626dac34-6b25-42c9-8f7d-9899e4bcc039", "title": "WordSurvey <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via sounding_title Parameter", "software": [ { "type": "plugin", "name": "WordSurvey", "slug": "wordsurvey", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/626dac34-6b25-42c9-8f7d-9899e4bcc039?source=api-scan" ], "published": "2024-08-20 17:26:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "626ea1f2-df66-4903-9cbe-7186cf62291b": { "id": "626ea1f2-df66-4903-9cbe-7186cf62291b", "title": "Bitcoin \/ AltCoin Payment Gateway for WooCommerce & Multivendor store \/ shop <= 1.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bitcoin \/ AltCoin Payment Gateway for WooCommerce & Multivendor store \/ shop", "slug": "woo-altcoin-payment-gateway", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/626ea1f2-df66-4903-9cbe-7186cf62291b?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62731e0e-8843-4f79-b887-c595fbefae26": { "id": "62731e0e-8843-4f79-b887-c595fbefae26", "title": "Motors \u2013 Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Motors \u2013 Car Dealer, Classifieds & Listing", "slug": "motors-car-dealership-classified-listings", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62731e0e-8843-4f79-b887-c595fbefae26?source=api-scan" ], "published": "2024-07-01 18:52:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6276a405-4879-4429-8fc1-2d567ded5112": { "id": "6276a405-4879-4429-8fc1-2d567ded5112", "title": "Meta Box \u2013 WordPress Custom Fields Framework <= 5.9.3 - Authenticated (Contributor+) Information Exposure via Post Meta", "software": [ { "type": "plugin", "name": "Meta Box \u2013 WordPress Custom Fields Framework", "slug": "meta-box", "affected_versions": { "* - 5.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6276a405-4879-4429-8fc1-2d567ded5112?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6278c70a-7b25-45f0-bc64-ecb231e1bf55": { "id": "6278c70a-7b25-45f0-bc64-ecb231e1bf55", "title": "Contact Bank \u2013 Contact Form Builder for WordPress < 2.1.23 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Bank \u2013 Contact Form Builder for WordPress", "slug": "contact-bank", "affected_versions": { "[*, 2.1.23)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6278c70a-7b25-45f0-bc64-ecb231e1bf55?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "627cb8f8-3684-48ab-953e-555f84cfb32d": { "id": "627cb8f8-3684-48ab-953e-555f84cfb32d", "title": "SP Project & Document Manager <= 4.71 - Authenticated (Subscriber+) Directory Traversal", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.71": { "from_version": "*", "from_inclusive": true, "to_version": "4.71", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/627cb8f8-3684-48ab-953e-555f84cfb32d?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62805bc2-16e6-4252-bea1-5c2b69cf9bc8": { "id": "62805bc2-16e6-4252-bea1-5c2b69cf9bc8", "title": "Builder for WooCommerce reviews shortcodes \u2013 ReviewShort <= 1.01.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Builder for WooCommerce product reviews shortcodes \u2013 ReviewShort", "slug": "woo-product-reviews-shortcode", "affected_versions": { "* - 1.01.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.01.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.01.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62805bc2-16e6-4252-bea1-5c2b69cf9bc8?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62831b8a-2c6c-44cd-9ed1-f188893bed35": { "id": "62831b8a-2c6c-44cd-9ed1-f188893bed35", "title": "Store Locator WordPress <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Locator WordPress", "slug": "agile-store-locator", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62831b8a-2c6c-44cd-9ed1-f188893bed35?source=api-scan" ], "published": "2022-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6288fddf-926f-4506-94de-696e0a23766d": { "id": "6288fddf-926f-4506-94de-696e0a23766d", "title": "Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 6.4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6288fddf-926f-4506-94de-696e0a23766d?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "628eef73-1725-4290-bb30-07792d1d5b6c": { "id": "628eef73-1725-4290-bb30-07792d1d5b6c", "title": "Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "* - 21.2": { "from_version": "*", "from_inclusive": true, "to_version": "21.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/628eef73-1725-4290-bb30-07792d1d5b6c?source=api-scan" ], "published": "2022-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6290c671-c8e5-4cc3-a233-9fed584ca02f": { "id": "6290c671-c8e5-4cc3-a233-9fed584ca02f", "title": "WP JobSearch < 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Careerfy", "slug": "careerfy", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6290c671-c8e5-4cc3-a233-9fed584ca02f?source=api-scan" ], "published": "2020-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6297753c-72c0-4926-9365-d0c760ddfd2a": { "id": "6297753c-72c0-4926-9365-d0c760ddfd2a", "title": "Yotpo Reviews for WooCommerce (Unofficial) <= 2.0.4 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Yotpo Reviews for WooCommerce (Unofficial)", "slug": "yotpo-reviews-for-woocommerce", "affected_versions": { "2.0.4": { "from_version": "2.0.4", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6297753c-72c0-4926-9365-d0c760ddfd2a?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62988723-4e58-4eb3-a483-127b23574a40": { "id": "62988723-4e58-4eb3-a483-127b23574a40", "title": "Colorful Categories < 2.0.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Colorful Categories", "slug": "colorful-categories", "affected_versions": { "[*, 2.0.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62988723-4e58-4eb3-a483-127b23574a40?source=api-scan" ], "published": "2021-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6299876c-9db4-4f8d-897d-9a013a67238c": { "id": "6299876c-9db4-4f8d-897d-9a013a67238c", "title": "Register IPs <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Register IPs", "slug": "register-ip-multisite", "affected_versions": { "[*, 1.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6299876c-9db4-4f8d-897d-9a013a67238c?source=api-scan" ], "published": "2019-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62998f65-5c99-490d-829f-4d63a9a20287": { "id": "62998f65-5c99-490d-829f-4d63a9a20287", "title": "Church Admin <= 4.1.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62998f65-5c99-490d-829f-4d63a9a20287?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "629d4809-1dd2-4b67-8d8d-9c55f5240f94": { "id": "629d4809-1dd2-4b67-8d8d-9c55f5240f94", "title": "Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Hotel Listing", "slug": "hotel-listing", "affected_versions": { "[*, 1.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7" ] }, { "type": "plugin", "name": "Directory Pro", "slug": "directory-pro", "affected_versions": { "[*, 1.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.5" ] }, { "type": "plugin", "name": "Photographer Directory", "slug": "photographer-directory", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] }, { "type": "plugin", "name": "Lawyer Directory", "slug": "lawyer-directory", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] }, { "type": "plugin", "name": "Real Estate Pro - WordPress Plugin", "slug": "real-estate-pro", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] }, { "type": "plugin", "name": "Institutions Directory", "slug": "institutions-directory", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "plugin", "name": "Fitness Trainer- Training Membership Plugin", "slug": "fitness-trainer", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] }, { "type": "plugin", "name": "Hospital & Doctor Directory", "slug": "doctor-listing", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "plugin", "name": "WP Membership", "slug": "wp-membership", "affected_versions": { "[*, 1.5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.7" ] }, { "type": "plugin", "name": "producer-retailer", "slug": "producer-retailer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Final User - WP Front-end User Profiles", "slug": "final-user-wp-frontend-user-profiles", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "629fe670-f48b-4eb6-86f9-e1bac3771530": { "id": "629fe670-f48b-4eb6-86f9-e1bac3771530", "title": "WP Smiley <= 1.4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-smiley", "slug": "wp-smiley", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/629fe670-f48b-4eb6-86f9-e1bac3771530?source=api-scan" ], "published": "2015-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62a4dd6a-f970-483e-b1a8-d57f604b7b66": { "id": "62a4dd6a-f970-483e-b1a8-d57f604b7b66", "title": "Enter Addons \u2013 Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget", "software": [ { "type": "plugin", "name": "Enter Addons \u2013 Ultimate Template Builder for Elementor", "slug": "enteraddons", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62a4dd6a-f970-483e-b1a8-d57f604b7b66?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62a5c796-1c14-4cb1-9f21-340b40e418df": { "id": "62a5c796-1c14-4cb1-9f21-340b40e418df", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62a5c796-1c14-4cb1-9f21-340b40e418df?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62a6fc85-db3c-4696-8102-d0247daae56c": { "id": "62a6fc85-db3c-4696-8102-d0247daae56c", "title": "StaffList <= 3.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StaffList", "slug": "stafflist", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62a6fc85-db3c-4696-8102-d0247daae56c?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62a79a8e-905c-4bed-b24d-84e56d7bb850": { "id": "62a79a8e-905c-4bed-b24d-84e56d7bb850", "title": "Five Star Restaurant Reservations <= 2.6.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "Five Star Restaurant Reservations \u2013 WordPress Booking Plugin", "slug": "restaurant-reservations", "affected_versions": { "* - 2.6.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62a79a8e-905c-4bed-b24d-84e56d7bb850?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62aa0cc4-ef8e-4727-ac07-3481c0464b05": { "id": "62aa0cc4-ef8e-4727-ac07-3481c0464b05", "title": "Molongui <= 4.7.7 - Authenticated (Author+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui", "slug": "molongui-authorship", "affected_versions": { "* - 4.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62aa0cc4-ef8e-4727-ac07-3481c0464b05?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62abc1e8-155d-4726-81d3-ed2cc7dd7373": { "id": "62abc1e8-155d-4726-81d3-ed2cc7dd7373", "title": "Advanced Recent Posts <= 0.6.14 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Advanced Recent Posts", "slug": "advanced-recent-posts", "affected_versions": { "* - 0.6.14": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62abc1e8-155d-4726-81d3-ed2cc7dd7373?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62ac2725-0071-4a7d-8561-256e6a232de3": { "id": "62ac2725-0071-4a7d-8561-256e6a232de3", "title": "Tiempo.com <= 0.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tiempo.com", "slug": "tiempocom", "affected_versions": { "* - 0.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62ac2725-0071-4a7d-8561-256e6a232de3?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62ac66d8-fc10-4ec2-a567-7b95eb6f2c76": { "id": "62ac66d8-fc10-4ec2-a567-7b95eb6f2c76", "title": "MapPress Maps for WordPress <= 2.73.12 - Admin+ File Upload to Remote Code Execution", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "[*, 2.73.13)": { "from_version": "*", "from_inclusive": true, "to_version": "2.73.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.73.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62ac66d8-fc10-4ec2-a567-7b95eb6f2c76?source=api-scan" ], "published": "2022-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62ace939-3c14-4e68-897b-ec845182ca50": { "id": "62ace939-3c14-4e68-897b-ec845182ca50", "title": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", "slug": "leaflet-maps-marker", "affected_versions": { "* - 3.12.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62ace939-3c14-4e68-897b-ec845182ca50?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62b2113a-70a2-4223-8c6c-6cd15057d72d": { "id": "62b2113a-70a2-4223-8c6c-6cd15057d72d", "title": "Seos Contact Form <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seos Contact Form", "slug": "seos-contact-form", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62b2113a-70a2-4223-8c6c-6cd15057d72d?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62b56928-7125-4211-b233-07b5b51881c1": { "id": "62b56928-7125-4211-b233-07b5b51881c1", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62b56928-7125-4211-b233-07b5b51881c1?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62b809dc-4089-4822-8aeb-7049fcfe376e": { "id": "62b809dc-4089-4822-8aeb-7049fcfe376e", "title": "User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62b809dc-4089-4822-8aeb-7049fcfe376e?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62bc3794-a2c2-4c1a-b1c9-2be6e2526635": { "id": "62bc3794-a2c2-4c1a-b1c9-2be6e2526635", "title": "Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification", "software": [ { "type": "plugin", "name": "Zita Elementor Site Library", "slug": "zita-site-library", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62bc3794-a2c2-4c1a-b1c9-2be6e2526635?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62bc53ae-7cdb-491c-a315-5bf8fa80c27b": { "id": "62bc53ae-7cdb-491c-a315-5bf8fa80c27b", "title": "Listingo <= 3.2.5 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "theme", "name": "Listingo", "slug": "listingo", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62bc53ae-7cdb-491c-a315-5bf8fa80c27b?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62c1b5ce-cd58-4805-9a40-1af529604406": { "id": "62c1b5ce-cd58-4805-9a40-1af529604406", "title": "About Me 3000 widget <= 2.2.6 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "About Me 3000 widget", "slug": "about-me-3000", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62c1b5ce-cd58-4805-9a40-1af529604406?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62c3f844-ed88-4a6c-a8c2-7b573096ec8b": { "id": "62c3f844-ed88-4a6c-a8c2-7b573096ec8b", "title": "App Builder <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "App Builder \u2013 Create Native Android & iOS Apps On The Flight", "slug": "app-builder", "affected_versions": { "* - 3.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62c3f844-ed88-4a6c-a8c2-7b573096ec8b?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62c46925-8e97-4989-8c2c-56223d6911a2": { "id": "62c46925-8e97-4989-8c2c-56223d6911a2", "title": "Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Database Cleaner", "slug": "advanced-database-cleaner", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62c46925-8e97-4989-8c2c-56223d6911a2?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62d1b4a2-5c1e-4381-a455-082bee734ff2": { "id": "62d1b4a2-5c1e-4381-a455-082bee734ff2", "title": "WordPress Team Manager <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Manager \u2013 WordPress Showcase Team Members", "slug": "wp-team-manager", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62d1b4a2-5c1e-4381-a455-082bee734ff2?source=api-scan" ], "published": "2022-06-14 09:26:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62dacee5-9b55-4d0e-aa35-d97a1666f9e1": { "id": "62dacee5-9b55-4d0e-aa35-d97a1666f9e1", "title": "White Label CMS < 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "White Label CMS", "slug": "white-label-cms", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62dacee5-9b55-4d0e-aa35-d97a1666f9e1?source=api-scan" ], "published": "2012-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62de6922-f3f2-4996-a749-2d6d3a8be042": { "id": "62de6922-f3f2-4996-a749-2d6d3a8be042", "title": "Royal PrettyPhoto <= 1.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Royal PrettyPhoto", "slug": "rt-prettyphoto", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62de6922-f3f2-4996-a749-2d6d3a8be042?source=api-scan" ], "published": "2016-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62e01d59-e649-4b84-993b-9faf28a24274": { "id": "62e01d59-e649-4b84-993b-9faf28a24274", "title": "Simple History Plugin < 2.7.5 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Simple History \u2013 Track, Log, and Audit WordPress Changes", "slug": "simple-history", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62e01d59-e649-4b84-993b-9faf28a24274?source=api-scan" ], "published": "2016-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62e1aa14-b762-40ea-9a64-b1ecb6ed7153": { "id": "62e1aa14-b762-40ea-9a64-b1ecb6ed7153", "title": "GPT AI Power <= 1.4.37 - Missing Authorization", "software": [ { "type": "plugin", "name": "AI Power: Complete AI Pack", "slug": "gpt3-ai-content-generator", "affected_versions": { "* - 1.4.37": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62e1aa14-b762-40ea-9a64-b1ecb6ed7153?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62e30cef-ce5d-4450-989e-f08f09b7638f": { "id": "62e30cef-ce5d-4450-989e-f08f09b7638f", "title": "Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Kathmag", "slug": "kathmag", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Online eStore", "slug": "online-estore", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "SpiderMag", "slug": "spidermag", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Medical Heed", "slug": "medical-heed", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Appzend", "slug": "appzend", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "BuzzStore", "slug": "buzzstore", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Craft Blog", "slug": "craft-blog", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Fitness Park", "slug": "fitness-park", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Kingcabs", "slug": "kingcabs", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "MetroStore", "slug": "metrostore", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "SparkleStore", "slug": "sparklestore", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62e75bb6-83d9-43db-8c89-0995698ca0ca": { "id": "62e75bb6-83d9-43db-8c89-0995698ca0ca", "title": "Betheme <= 27.1.1 - Missing Authorization via '_tool_history_delete'", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 27.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "27.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "27.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62e75bb6-83d9-43db-8c89-0995698ca0ca?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62e903c6-36f1-45cb-8164-23a8d1ca3966": { "id": "62e903c6-36f1-45cb-8164-23a8d1ca3966", "title": "Goodnews \u2013 Responsive WordPress News\/Magazine | News \/ Editorial <= 5.11.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Goodnews \u2013 Responsive WordPress News\/Magazine | News \/ Editorial", "slug": "goodnews5", "affected_versions": { "* - 5.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.11.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62e903c6-36f1-45cb-8164-23a8d1ca3966?source=api-scan" ], "published": "2016-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62ea1427-0990-4645-aa1a-42da6fd3944f": { "id": "62ea1427-0990-4645-aa1a-42da6fd3944f", "title": "miniorange otp verification <= 4.2.1 - Missing Authorization via dismiss_notice", "software": [ { "type": "plugin", "name": "Email Verification \/ SMS Verification \/ OTP Verification \/ OTP Authentication \/ WooCommerce Notification", "slug": "miniorange-otp-verification", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62ea1427-0990-4645-aa1a-42da6fd3944f?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62ea9e85-7752-4d0f-aafb-cbbc94294335": { "id": "62ea9e85-7752-4d0f-aafb-cbbc94294335", "title": "JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title", "software": [ { "type": "plugin", "name": "JS Job Manager", "slug": "js-jobs", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62ea9e85-7752-4d0f-aafb-cbbc94294335?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62eb136f-3cb0-40dc-a154-015a7fa1077b": { "id": "62eb136f-3cb0-40dc-a154-015a7fa1077b", "title": "ContentStudio <= 1.2.5 - Information Exposure", "software": [ { "type": "plugin", "name": "ContentStudio", "slug": "contentstudio", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62eb136f-3cb0-40dc-a154-015a7fa1077b?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62f19301-2311-4989-a5f2-9f845b72dd54": { "id": "62f19301-2311-4989-a5f2-9f845b72dd54", "title": "GenerateBlocks <= 1.8.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "GenerateBlocks", "slug": "generateblocks", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62f19301-2311-4989-a5f2-9f845b72dd54?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62fd2c51-eac1-47c0-adbc-90bdd8dbbc8e": { "id": "62fd2c51-eac1-47c0-adbc-90bdd8dbbc8e", "title": "Schreikasten <= 0.14.18 - Authenticated (Author+) SQL Injection", "software": [ { "type": "plugin", "name": "Schreikasten", "slug": "schreikasten", "affected_versions": { "* - 0.14.18": { "from_version": "*", "from_inclusive": true, "to_version": "0.14.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62fd2c51-eac1-47c0-adbc-90bdd8dbbc8e?source=api-scan" ], "published": "2021-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "62fd472e-208b-48db-8f98-3d935c7a678c": { "id": "62fd472e-208b-48db-8f98-3d935c7a678c", "title": "Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "* - 1.11.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/62fd472e-208b-48db-8f98-3d935c7a678c?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6300c8c2-f539-46b2-9ee0-80bebbe4cad3": { "id": "6300c8c2-f539-46b2-9ee0-80bebbe4cad3", "title": "WordPress Core < 6.2.1 - Shortcode Execution in User Generated Content", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[5.9, 5.9.6)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.6", "to_inclusive": false }, "[6.0, 6.0.4)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": false }, "[6.1, 6.1.2)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": false }, "[6.2, 6.2.1)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9.6", "6.0.4", "6.1.2", "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6300c8c2-f539-46b2-9ee0-80bebbe4cad3?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63089b8f-0e0f-4951-9f8b-8b64d539b4c0": { "id": "63089b8f-0e0f-4951-9f8b-8b64d539b4c0", "title": "WooCommerce Product Table Lite <= 3.5.1 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "WooCommerce Product Table Lite", "slug": "wc-product-table-lite", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63089b8f-0e0f-4951-9f8b-8b64d539b4c0?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6309258e-e4fc-4edf-a771-2d82a9a85a5c": { "id": "6309258e-e4fc-4edf-a771-2d82a9a85a5c", "title": "Buy Me a Coffee \u2013 Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Buy Me a Coffee \u2013 Button and Widget Plugin", "slug": "buymeacoffee", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6309258e-e4fc-4edf-a771-2d82a9a85a5c?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6309c706-f84a-4997-9a9b-1bd8cf8f711a": { "id": "6309c706-f84a-4997-9a9b-1bd8cf8f711a", "title": "Knowledge Center <= 2.7 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Accordion FAQ and Knowledge Base Software for WordPress", "slug": "knowledge-center", "affected_versions": { "[*, 2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6309c706-f84a-4997-9a9b-1bd8cf8f711a?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "630d5dcc-ee51-4c2d-b4fb-191637311d6b": { "id": "630d5dcc-ee51-4c2d-b4fb-191637311d6b", "title": "Woo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report Retrieval", "software": [ { "type": "plugin", "name": "Woo Total Sales", "slug": "woo-total-sales", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/630d5dcc-ee51-4c2d-b4fb-191637311d6b?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "630e4595-4be3-4886-8771-f781bcee674d": { "id": "630e4595-4be3-4886-8771-f781bcee674d", "title": "WP Job Portal <= 2.1.8 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/630e4595-4be3-4886-8771-f781bcee674d?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "631d200f-7b0b-4105-b91e-030af459ba99": { "id": "631d200f-7b0b-4105-b91e-030af459ba99", "title": "EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/631d200f-7b0b-4105-b91e-030af459ba99?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "631e1061-50b1-4df2-b876-37b4cd3e2478": { "id": "631e1061-50b1-4df2-b876-37b4cd3e2478", "title": "WP-Members Membership Plugin <= 3.4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "* - 3.4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/631e1061-50b1-4df2-b876-37b4cd3e2478?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "631fc709-98e8-4655-96fc-c37717705a80": { "id": "631fc709-98e8-4655-96fc-c37717705a80", "title": "USM Premium <= 16.2 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "USM Premium", "slug": "Ultimate-Premium-Plugin", "affected_versions": { "* - 16.2": { "from_version": "*", "from_inclusive": true, "to_version": "16.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/631fc709-98e8-4655-96fc-c37717705a80?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6320cd5f-c5a9-4731-9374-9b8b0838a1ec": { "id": "6320cd5f-c5a9-4731-9374-9b8b0838a1ec", "title": "Minimal Coming Soon & Maintenance Mode <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Setting Changes", "software": [ { "type": "plugin", "name": "Minimal Coming Soon \u2013 Coming Soon Page", "slug": "minimal-coming-soon-maintenance-mode", "affected_versions": { "* - 2.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6320cd5f-c5a9-4731-9374-9b8b0838a1ec?source=api-scan" ], "published": "2020-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6322e9be-ad71-4a91-ab9f-760107d920be": { "id": "6322e9be-ad71-4a91-ab9f-760107d920be", "title": "Revive Old Posts <= 9.0.10 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Revive Social \u2013 Social Media Auto Post and Scheduling Automation Plugin", "slug": "tweet-old-post", "affected_versions": { "* - 9.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6322e9be-ad71-4a91-ab9f-760107d920be?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6324795d-3fab-4806-b7d8-f122d31429ff": { "id": "6324795d-3fab-4806-b7d8-f122d31429ff", "title": "WP TripAdvisor Review Slider <= 10.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP TripAdvisor Review Slider", "slug": "wp-tripadvisor-review-slider", "affected_versions": { "* - 10.7": { "from_version": "*", "from_inclusive": true, "to_version": "10.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6324795d-3fab-4806-b7d8-f122d31429ff?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "632c0a1a-6ac2-44c3-b66c-44fa4cf05b2d": { "id": "632c0a1a-6ac2-44c3-b66c-44fa4cf05b2d", "title": "Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Private Gallery Title Disclosure", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.21": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/632c0a1a-6ac2-44c3-b66c-44fa4cf05b2d?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63306df3-4972-426f-bfda-6af75a09971c": { "id": "63306df3-4972-426f-bfda-6af75a09971c", "title": "Extensions for Elementor <= 2.0.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter", "software": [ { "type": "plugin", "name": "Extensions for Elementor", "slug": "extensions-for-elementor", "affected_versions": { "* - 2.0.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63306df3-4972-426f-bfda-6af75a09971c?source=api-scan" ], "published": "2024-06-28 19:02:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63323552-354b-44b6-81a4-0b6e82480910": { "id": "63323552-354b-44b6-81a4-0b6e82480910", "title": "Simply Poll <= 1.4.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "simply-poll", "slug": "simply-poll", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63323552-354b-44b6-81a4-0b6e82480910?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6334b02e-ffab-49f9-969b-d015c2babc29": { "id": "6334b02e-ffab-49f9-969b-d015c2babc29", "title": "Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6334b02e-ffab-49f9-969b-d015c2babc29?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63370972-a6cb-40ed-91f2-4f469dc5335b": { "id": "63370972-a6cb-40ed-91f2-4f469dc5335b", "title": "TinyMCE Professional Formats and Styles <= 1.1.2 - Cross-Site Request Forgery via bb_taps_backend_page", "software": [ { "type": "plugin", "name": "TinyMCE and TinyMCE Advanced Professsional Formats and Styles", "slug": "tinymce-and-tinymce-advanced-professsional-formats-and-styles", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63370972-a6cb-40ed-91f2-4f469dc5335b?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6338620f-925a-4226-9557-313a7f8a6b6a": { "id": "6338620f-925a-4226-9557-313a7f8a6b6a", "title": "WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFront User Role Editor", "slug": "wpfront-user-role-editor", "affected_versions": { "[*, 3.2.1.11184)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1.11184", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1.11184" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6338620f-925a-4226-9557-313a7f8a6b6a?source=api-scan" ], "published": "2021-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "633a9cbf-451d-4fd1-822b-ef8966ff9a1a": { "id": "633a9cbf-451d-4fd1-822b-ef8966ff9a1a", "title": "Activity Log <= 2.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Activity Log \u2013 Monitor & Record User Changes", "slug": "aryo-activity-log", "affected_versions": { "[*, 2.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/633a9cbf-451d-4fd1-822b-ef8966ff9a1a?source=api-scan" ], "published": "2016-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "633d6921-eece-4e7a-8ed8-48b7c579b5ed": { "id": "633d6921-eece-4e7a-8ed8-48b7c579b5ed", "title": "Download Alt Text AI <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alt Text AI \u2013 Automatically generate image alt text for SEO and accessibility", "slug": "alttext-ai", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/633d6921-eece-4e7a-8ed8-48b7c579b5ed?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63412848-6b1f-460a-8776-cd1cc5eb002e": { "id": "63412848-6b1f-460a-8776-cd1cc5eb002e", "title": "Ldap WP Login \/ Active Directory Integration <= 3.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ldap WP Login \/ Active Directory Integration", "slug": "ldap-wp-login-integration-with-active-directory", "affected_versions": { "[*, 3.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63412848-6b1f-460a-8776-cd1cc5eb002e?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6341bdcc-c99f-40c3-81c4-ad90ff19f802": { "id": "6341bdcc-c99f-40c3-81c4-ad90ff19f802", "title": "Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 3.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6341bdcc-c99f-40c3-81c4-ad90ff19f802?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "634303eb-b120-4384-9780-b950de491099": { "id": "634303eb-b120-4384-9780-b950de491099", "title": "\u00b5Audio Player <= 0.6.2 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "\u00b5Audio Player", "slug": "microaudio", "affected_versions": { "* - 0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/634303eb-b120-4384-9780-b950de491099?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6345d360-5f58-44d2-bc2d-1a20ee43e146": { "id": "6345d360-5f58-44d2-bc2d-1a20ee43e146", "title": "WordPress Core < 5.5.3 - PHP Object Injection Gadget", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "[3.7, 3.7.35)": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.35", "to_inclusive": false }, "[3.8, 3.8.35)": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.35", "to_inclusive": false }, "[3.9, 3.9.33)": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.33", "to_inclusive": false }, "[4.0, 4.0.32)": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.32", "to_inclusive": false }, "[4.1, 4.1.32)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.32", "to_inclusive": false }, "[4.2, 4.2.29)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.29", "to_inclusive": false }, "[4.3, 4.3.25)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.25", "to_inclusive": false }, "[4.4, 4.4.24)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.24", "to_inclusive": false }, "[4.5, 4.5.23)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.23", "to_inclusive": false }, "[4.6, 4.6.20)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.20", "to_inclusive": false }, "[4.7, 4.7.19)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.19", "to_inclusive": false }, "[4.8, 4.8.15)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.15", "to_inclusive": false }, "[4.9, 4.9.16)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.16", "to_inclusive": false }, "[5.0, 5.0.11)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.11", "to_inclusive": false }, "[5.1, 5.1.8)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.8", "to_inclusive": false }, "[5.2, 5.2.9)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.9", "to_inclusive": false }, "[5.3, 5.3.6)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.6", "to_inclusive": false }, "[5.4, 5.4.4)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.4", "to_inclusive": false }, "[5.5, 5.5.3)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.8", "5.2.9", "5.3.6", "5.4.4", "5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6345d360-5f58-44d2-bc2d-1a20ee43e146?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6346024c-61d5-4f73-b7f2-3a8fd3fb838e": { "id": "6346024c-61d5-4f73-b7f2-3a8fd3fb838e", "title": "WordPress Core < 4.1.2 - Cross-Site Scripting via Ephox in Plupload", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.5": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.5", "to_inclusive": true }, "3.8 - 3.8.5": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": true }, "3.9 - 3.9.3": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true }, "4.0 - 4.0.1": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true }, "4.1 - 4.1.1": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.6", "3.8.6", "3.9.4", "4.0.2", "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6346024c-61d5-4f73-b7f2-3a8fd3fb838e?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6347f588-a3fd-4909-ad57-9d78787b5728": { "id": "6347f588-a3fd-4909-ad57-9d78787b5728", "title": "Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Web Application Firewall \u2013 website security", "slug": "web-application-firewall", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] }, { "type": "plugin", "name": "Malware Scanner", "slug": "miniorange-malware-protection", "affected_versions": { "* - 4.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6347f588-a3fd-4909-ad57-9d78787b5728?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "634bec5f-e511-4047-9a46-09147ccc3a25": { "id": "634bec5f-e511-4047-9a46-09147ccc3a25", "title": "Download Plugin <= 1.6.2 - Missing Authorization and Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Download Plugin", "slug": "download-plugin", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/634bec5f-e511-4047-9a46-09147ccc3a25?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "634c1e9d-85ba-4860-a3e4-a65bf3f23919": { "id": "634c1e9d-85ba-4860-a3e4-a65bf3f23919", "title": "Tin Canny Reporting for LearnDash <= 4.3.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tin Canny Reporting for LearnDash", "slug": "tin-canny-learndash-reporting", "affected_versions": { "* - 4.3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/634c1e9d-85ba-4860-a3e4-a65bf3f23919?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "634ccd08-4f2e-4a06-8c64-dfe38fa3a481": { "id": "634ccd08-4f2e-4a06-8c64-dfe38fa3a481", "title": "WP Super Cache <= 1.4.4 - PHP Object Injection", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/634ccd08-4f2e-4a06-8c64-dfe38fa3a481?source=api-scan" ], "published": "2015-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "634d4062-7004-4e89-89a8-323c939aae93": { "id": "634d4062-7004-4e89-89a8-323c939aae93", "title": "WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/634d4062-7004-4e89-89a8-323c939aae93?source=api-scan" ], "published": "2024-05-10 09:04:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6351d3f7-2d10-4fcf-b7c1-88ce529cd9f4": { "id": "6351d3f7-2d10-4fcf-b7c1-88ce529cd9f4", "title": "GD Rating System <= 2.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6351d3f7-2d10-4fcf-b7c1-88ce529cd9f4?source=api-scan" ], "published": "2018-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63567094-9fb1-44b2-a3e6-99194389c4b6": { "id": "63567094-9fb1-44b2-a3e6-99194389c4b6", "title": "1003 Mortgage Application <= 1.75 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "1003 Mortgage Application", "slug": "1003-mortgage-application", "affected_versions": { "* - 1.75": { "from_version": "*", "from_inclusive": true, "to_version": "1.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.80" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63567094-9fb1-44b2-a3e6-99194389c4b6?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6356e226-a449-4cd0-be60-2a1c9c70aa59": { "id": "6356e226-a449-4cd0-be60-2a1c9c70aa59", "title": "Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication", "software": [ { "type": "plugin", "name": "Image Slider", "slug": "image-slider-widget", "affected_versions": { "* - 1.1.121": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.121", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.123" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6356e226-a449-4cd0-be60-2a1c9c70aa59?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6358fc29-5b09-481a-9040-a7890b61f419": { "id": "6358fc29-5b09-481a-9040-a7890b61f419", "title": "Amministrazione Trasparente <= 7.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Amministrazione Trasparente", "slug": "amministrazione-trasparente", "affected_versions": { "* - 7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6358fc29-5b09-481a-9040-a7890b61f419?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63590140-9723-4e91-884c-f2b11b67eb8d": { "id": "63590140-9723-4e91-884c-f2b11b67eb8d", "title": "WordPress Core < 5.2.3 - Authenticated Cross-Site Scripting via Post Previews", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.29": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.29", "to_inclusive": true }, "3.8 - 3.8.29": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.29", "to_inclusive": true }, "3.9 - 3.9.27": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.27", "to_inclusive": true }, "4.0 - 4.0.26": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true }, "4.1 - 4.1.26": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.26", "to_inclusive": true }, "4.2 - 4.2.23": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.23", "to_inclusive": true }, "4.3 - 4.3.19": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.19", "to_inclusive": true }, "4.4 - 4.4.18": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.18", "to_inclusive": true }, "4.5 - 4.5.17": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.17", "to_inclusive": true }, "4.6 - 4.6.13": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.8 - 4.8.9": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9 - 4.9.10": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true }, "5.0 - 5.0.5": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true }, "5.1 - 5.1.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true }, "5.2 - 5.2.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.30", "3.8.30", "3.9.28", "4.0.27", "4.1.27", "4.2.24", "4.3.20", "4.4.19", "4.5.18", "4.6.15", "4.7.14", "4.8.10", "4.9.11", "5.0.6", "5.1.2", "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63590140-9723-4e91-884c-f2b11b67eb8d?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "635e02a8-42f3-4098-aa3e-839099f40bfb": { "id": "635e02a8-42f3-4098-aa3e-839099f40bfb", "title": "Restaurant Reservations <= 1.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Restaurant Reservations", "slug": "nd-restaurant-reservations", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/635e02a8-42f3-4098-aa3e-839099f40bfb?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "635f448b-5c51-4152-b6f5-076a686709bf": { "id": "635f448b-5c51-4152-b6f5-076a686709bf", "title": "Rocket Font <= 1.2.3 - Cross-Site Request Forgery via update_option_check_match_default", "software": [ { "type": "plugin", "name": "Rocket Font", "slug": "rocket-font", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/635f448b-5c51-4152-b6f5-076a686709bf?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63666c16-9f68-4a27-b163-4c25f0a7589e": { "id": "63666c16-9f68-4a27-b163-4c25f0a7589e", "title": "10Web Map Builder for Google Maps <= 1.0.73 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "10Web Map Builder for Google Maps", "slug": "wd-google-maps", "affected_versions": { "[*, 1.0.74)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.74", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.74" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63666c16-9f68-4a27-b163-4c25f0a7589e?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6368c397-0570-4304-a764-869bacc526c7": { "id": "6368c397-0570-4304-a764-869bacc526c7", "title": "GiveWP <= 2.25.1 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6368c397-0570-4304-a764-869bacc526c7?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63779ab7-ba8b-459d-beb3-a32faf8f4394": { "id": "63779ab7-ba8b-459d-beb3-a32faf8f4394", "title": "Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63779ab7-ba8b-459d-beb3-a32faf8f4394?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "637972a3-1936-4add-88a2-3fbafba4b5c8": { "id": "637972a3-1936-4add-88a2-3fbafba4b5c8", "title": "Image Hover Effects \u2013 Elementor Addon <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via eihe_link Parameter", "software": [ { "type": "plugin", "name": "Image Hover Effects \u2013 Elementor Addon", "slug": "image-hover-effects-addon-for-elementor", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/637972a3-1936-4add-88a2-3fbafba4b5c8?source=api-scan" ], "published": "2024-07-15 17:33:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "637af5d1-eed3-4216-8d47-e68f83c63f43": { "id": "637af5d1-eed3-4216-8d47-e68f83c63f43", "title": "MicroCopy <= 1.1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "MicroCopy", "slug": "microcopy", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/637af5d1-eed3-4216-8d47-e68f83c63f43?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "637f07c6-68cd-4ac6-83fd-65dbaab882fc": { "id": "637f07c6-68cd-4ac6-83fd-65dbaab882fc", "title": "Custom Field Template <= 2.6.1 - Authenticated(Constibutor+) Stored Cross-Site Scripting via Custom Field Name", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6387f210-ed4f-4f98-9e16-30f80c2889a2": { "id": "6387f210-ed4f-4f98-9e16-30f80c2889a2", "title": "Blockbooster <= 1.0.10 - Missing Authorization", "software": [ { "type": "theme", "name": "Blockbooster", "slug": "blockbooster", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6387f210-ed4f-4f98-9e16-30f80c2889a2?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "638d18ea-1ff6-432d-abe5-38e84916c106": { "id": "638d18ea-1ff6-432d-abe5-38e84916c106", "title": "SlingBlocks \u2013 Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlingBlocks \u2013 Gutenberg Blocks by FunnelKit (Formerly WooFunnels)", "slug": "slingblocks", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/638d18ea-1ff6-432d-abe5-38e84916c106?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "639009f6-9877-45a9-b9f3-7256bc6f3360": { "id": "639009f6-9877-45a9-b9f3-7256bc6f3360", "title": "Media Library Assistant <= 3.07 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/639009f6-9877-45a9-b9f3-7256bc6f3360?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63902f5b-98e2-4586-9e20-4b900b6f861a": { "id": "63902f5b-98e2-4586-9e20-4b900b6f861a", "title": "WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "WPIDE \u2013 File Manager & Code Editor", "slug": "wpide", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63902f5b-98e2-4586-9e20-4b900b6f861a?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6397f917-7d74-43f6-96b0-4aca6447eb86": { "id": "6397f917-7d74-43f6-96b0-4aca6447eb86", "title": "Post-Plugin Library <= 2.6.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post-Plugin Library", "slug": "post-plugin-library", "affected_versions": { "* - 2.6.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6397f917-7d74-43f6-96b0-4aca6447eb86?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "639a46b3-d19f-4ab4-995e-fd3de556b76e": { "id": "639a46b3-d19f-4ab4-995e-fd3de556b76e", "title": "MojoPlug Slide Panel <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MojoPlug Slide Panel", "slug": "mojoplug-slide-panel", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/639a46b3-d19f-4ab4-995e-fd3de556b76e?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "639bf20c-04d4-49e5-8da1-685421a6f63a": { "id": "639bf20c-04d4-49e5-8da1-685421a6f63a", "title": "Download Manager <= 2.8.7 - Sensitive Information Disclosure via Directory Listing", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/639bf20c-04d4-49e5-8da1-685421a6f63a?source=api-scan" ], "published": "2016-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "639f3941-7783-4500-aca4-5e8155db6460": { "id": "639f3941-7783-4500-aca4-5e8155db6460", "title": "BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/639f3941-7783-4500-aca4-5e8155db6460?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63a2d09d-9cb8-47ba-8e40-5b43894552e3": { "id": "63a2d09d-9cb8-47ba-8e40-5b43894552e3", "title": "Wordfence Security <= 3.8.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63a2d09d-9cb8-47ba-8e40-5b43894552e3?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63a456e3-5bae-4a4b-850f-b35134de4cfb": { "id": "63a456e3-5bae-4a4b-850f-b35134de4cfb", "title": "Responsive Zoom In\/Out Slider WordPress Plugin (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Zoom In\/Out Slider WordPress Plugin", "slug": "lbg_zoominoutslider", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63a456e3-5bae-4a4b-850f-b35134de4cfb?source=api-scan" ], "published": "2013-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63a4a077-c99e-4742-9fa1-f323fd24b950": { "id": "63a4a077-c99e-4742-9fa1-f323fd24b950", "title": "IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload'", "software": [ { "type": "plugin", "name": "IMGspider \u2013 \u56fe\u7247\u91c7\u96c6\u6293\u53d6\u63d2\u4ef6", "slug": "imgspider", "affected_versions": { "* - 2.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63a4a077-c99e-4742-9fa1-f323fd24b950?source=api-scan" ], "published": "2024-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63a9fd8b-c71a-4945-bc02-1761331df832": { "id": "63a9fd8b-c71a-4945-bc02-1761331df832", "title": "WordPress Simple PayPal Shopping Cart <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Simple Shopping Cart", "slug": "wordpress-simple-paypal-shopping-cart", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63a9fd8b-c71a-4945-bc02-1761331df832?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63ab02c1-baeb-4fd1-a527-4287d0b17a03": { "id": "63ab02c1-baeb-4fd1-a527-4287d0b17a03", "title": "GetPaid <= 2.8.11 - Missing Authorization via column_subscription()", "software": [ { "type": "plugin", "name": "Payment forms, Buy now buttons, and Invoicing System | GetPaid", "slug": "invoicing", "affected_versions": { "* - 2.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63ab02c1-baeb-4fd1-a527-4287d0b17a03?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63ab255f-e061-447b-a2b6-21a85eed9d57": { "id": "63ab255f-e061-447b-a2b6-21a85eed9d57", "title": "WooCommerce Ship to Multiple Addresses <= 3.8.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Ship to Multiple Addresses", "slug": "woocommerce-shipping-multiple-addresses", "affected_versions": { "* - 3.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63ab255f-e061-447b-a2b6-21a85eed9d57?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63ac9de6-8713-4223-aaad-a70115d3bee7": { "id": "63ac9de6-8713-4223-aaad-a70115d3bee7", "title": "Accordion Image Menu <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accordion Image Menu", "slug": "accordion-image-menu", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63ac9de6-8713-4223-aaad-a70115d3bee7?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63ae3a9d-1e6b-4784-8429-04be2a89b6cb": { "id": "63ae3a9d-1e6b-4784-8429-04be2a89b6cb", "title": "Images to WebP <= 1.8 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Images to WebP", "slug": "images-to-webp", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63ae3a9d-1e6b-4784-8429-04be2a89b6cb?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63af18df-a3e4-48e6-be84-15d33edf3b46": { "id": "63af18df-a3e4-48e6-be84-15d33edf3b46", "title": "WP Easy Post Types < 1.4.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Easy Post Types", "slug": "easy-post-types", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63af18df-a3e4-48e6-be84-15d33edf3b46?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63af783b-5593-4f84-8a4b-e4a19d9c994c": { "id": "63af783b-5593-4f84-8a4b-e4a19d9c994c", "title": "Admin Log <= 1.50 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Admin Log", "slug": "admin-log", "affected_versions": { "* - 1.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.50", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63af783b-5593-4f84-8a4b-e4a19d9c994c?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63af91ef-54ef-4322-9931-a0d29dbd2aec": { "id": "63af91ef-54ef-4322-9931-a0d29dbd2aec", "title": "Email Artillery (MASS EMAIL) <= 4.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Email Artillery (MASS EMAIL)", "slug": "email-artillery", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63af91ef-54ef-4322-9931-a0d29dbd2aec?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63b272f5-08d1-4c5b-a500-d919903793b7": { "id": "63b272f5-08d1-4c5b-a500-d919903793b7", "title": "Yada Wiki <= 3.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yada Wiki", "slug": "yada-wiki", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63b272f5-08d1-4c5b-a500-d919903793b7?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63b30d03-43d2-4696-aa36-8b39ec2c4ed0": { "id": "63b30d03-43d2-4696-aa36-8b39ec2c4ed0", "title": "Email Subscription Popup <= 1.2.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Subscription Popup", "slug": "email-subscribe", "affected_versions": { "[*, 1.2.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63b30d03-43d2-4696-aa36-8b39ec2c4ed0?source=api-scan" ], "published": "2023-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63b472fb-c853-4e56-b34c-3cf986c4cf80": { "id": "63b472fb-c853-4e56-b34c-3cf986c4cf80", "title": "Asgaros Forum <= 2.7.0 - Insufficient Authorization to Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Asgaros Forum", "slug": "asgaros-forum", "affected_versions": { "[*, 2.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63b472fb-c853-4e56-b34c-3cf986c4cf80?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63b67652-d10e-4a5a-97d5-04e6c848b752": { "id": "63b67652-d10e-4a5a-97d5-04e6c848b752", "title": "Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63b67652-d10e-4a5a-97d5-04e6c848b752?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63bced7f-89ec-4c52-9e58-63ef2d311b31": { "id": "63bced7f-89ec-4c52-9e58-63ef2d311b31", "title": "Catch Web Tools <= 2.7.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Catch Web Tools", "slug": "catch-web-tools", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63bced7f-89ec-4c52-9e58-63ef2d311b31?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63c1e570-c0de-44e0-ac39-0b9006c43efa": { "id": "63c1e570-c0de-44e0-ac39-0b9006c43efa", "title": "All in One Invite Codes <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One Invite Codes", "slug": "all-in-one-invite-codes", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63c1e570-c0de-44e0-ac39-0b9006c43efa?source=api-scan" ], "published": "2022-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63c681e5-3110-4790-a075-4996fa1f2129": { "id": "63c681e5-3110-4790-a075-4996fa1f2129", "title": "Article Directory Redux <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Article Directory Redux", "slug": "article-directory-redux", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63c681e5-3110-4790-a075-4996fa1f2129?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63c6eca6-9b55-48b5-ada3-97dd20d60f31": { "id": "63c6eca6-9b55-48b5-ada3-97dd20d60f31", "title": "WP Activity Log <= 4.6.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63c6eca6-9b55-48b5-ada3-97dd20d60f31?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63c74d96-84da-408f-ba2c-cde0ff108bf1": { "id": "63c74d96-84da-408f-ba2c-cde0ff108bf1", "title": "Profile Builder <= 3.4.8 - Admin Access via Password Reset", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 3.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63c74d96-84da-408f-ba2c-cde0ff108bf1?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63c7bb29-c8b2-49ee-8ac4-1046b61b7e6a": { "id": "63c7bb29-c8b2-49ee-8ac4-1046b61b7e6a", "title": "User Feedback <= 1.0.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds", "slug": "userfeedback-lite", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63c7bb29-c8b2-49ee-8ac4-1046b61b7e6a?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63d0cb9b-e6ac-474e-ac6b-c0cbd14a19bd": { "id": "63d0cb9b-e6ac-474e-ac6b-c0cbd14a19bd", "title": "DirectoryPress <= 3.6.10 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "DirectoryPress \u2013 Business Directory And Classified Ad Listing", "slug": "directorypress", "affected_versions": { "* - 3.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63d0cb9b-e6ac-474e-ac6b-c0cbd14a19bd?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63d806ed-2cfc-4ac6-9ebb-75c13d2cfad4": { "id": "63d806ed-2cfc-4ac6-9ebb-75c13d2cfad4", "title": "Teardrop - Fullscreen Photography Theme | Portfolio <= 1.8.5 - Arbitrary Options Update", "software": [ { "type": "theme", "name": "Teardrop - Fullscreen Photography Theme | Portfolio", "slug": "teardrop", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63d806ed-2cfc-4ac6-9ebb-75c13d2cfad4?source=api-scan" ], "published": "2015-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63df43cc-7f84-4316-80fc-b0242b9f454c": { "id": "63df43cc-7f84-4316-80fc-b0242b9f454c", "title": "Careerfy <= 4.0.0 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63df43cc-7f84-4316-80fc-b0242b9f454c?source=api-scan" ], "published": "2020-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63e108f4-5d9d-4bcf-aef9-aa856f4241ea": { "id": "63e108f4-5d9d-4bcf-aef9-aa856f4241ea", "title": "Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images \u2013 Lite <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images \u2013 Lite", "slug": "image-map-pro-lite", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63e108f4-5d9d-4bcf-aef9-aa856f4241ea?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63e167ef-9f03-45a8-b3dc-240ccf1ea6c3": { "id": "63e167ef-9f03-45a8-b3dc-240ccf1ea6c3", "title": "Photo Gallery by 10Web <= 1.6.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63e167ef-9f03-45a8-b3dc-240ccf1ea6c3?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63ecb518-50d6-49ad-92e4-c5a7494ced82": { "id": "63ecb518-50d6-49ad-92e4-c5a7494ced82", "title": "RevivePress \u2013 Keep your Old Content Evergreen <= 1.5.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "RevivePress \u2013 Keep your Old Content Evergreen", "slug": "wp-auto-republish", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63ecb518-50d6-49ad-92e4-c5a7494ced82?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63ed73c9-2b61-4811-ba7f-1803982f17bc": { "id": "63ed73c9-2b61-4811-ba7f-1803982f17bc", "title": "Media Library Assistant <= 3.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63ed73c9-2b61-4811-ba7f-1803982f17bc?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63ef7383-d684-473b-aa0f-45027ef245f6": { "id": "63ef7383-d684-473b-aa0f-45027ef245f6", "title": "Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63ef7383-d684-473b-aa0f-45027ef245f6?source=api-scan" ], "published": "2024-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63effbe3-e509-4f62-a7aa-7727e855bebf": { "id": "63effbe3-e509-4f62-a7aa-7727e855bebf", "title": "Wp2android <= 1.1.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Wp2android", "slug": "wp2android-turn-wp-site-into-android-app", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63effbe3-e509-4f62-a7aa-7727e855bebf?source=api-scan" ], "published": "2017-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f10214-69ef-4b5d-8d2b-2e2c1bafa7e7": { "id": "63f10214-69ef-4b5d-8d2b-2e2c1bafa7e7", "title": "InfiniteWP Client <= 1.9.4.4 - Authentication Bypass", "software": [ { "type": "plugin", "name": "InfiniteWP Client", "slug": "iwp-client", "affected_versions": { "* - 1.9.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f10214-69ef-4b5d-8d2b-2e2c1bafa7e7?source=api-scan" ], "published": "2020-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f1c60f-8f72-4c99-92af-340c67b7411f": { "id": "63f1c60f-8f72-4c99-92af-340c67b7411f", "title": "Logaster Logo Generator <= 1.3 - Missing Authorization to Arbitrary Media Deletion and Creation", "software": [ { "type": "plugin", "name": "Logaster Logo Generator", "slug": "logaster-logo-generator", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f1c60f-8f72-4c99-92af-340c67b7411f?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f26380-0bc2-4fe7-9e9d-05c688c201f9": { "id": "63f26380-0bc2-4fe7-9e9d-05c688c201f9", "title": "Gutenberg 12.9.0 - 18.0.0 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block", "software": [ { "type": "plugin", "name": "Gutenberg", "slug": "gutenberg", "affected_versions": { "12.9.0 - 18.0.0": { "from_version": "12.9.0", "from_inclusive": true, "to_version": "18.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "18.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f26380-0bc2-4fe7-9e9d-05c688c201f9?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f2e02c-baa4-446c-bf1c-96ce099ad02e": { "id": "63f2e02c-baa4-446c-bf1c-96ce099ad02e", "title": "Web Stories for WordPress <= 1.31.0 - Insufficient Authorization", "software": [ { "type": "plugin", "name": "Web Stories", "slug": "web-stories", "affected_versions": { "[*, 1.32.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.32.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.32.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f2e02c-baa4-446c-bf1c-96ce099ad02e?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f43fb9-3d8d-48ea-b760-0e068570b16d": { "id": "63f43fb9-3d8d-48ea-b760-0e068570b16d", "title": "Happyforms <= 1.26.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms", "slug": "happyforms", "affected_versions": { "* - 1.26.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f43fb9-3d8d-48ea-b760-0e068570b16d?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f53e3c-b038-4722-b5ba-7212e50b5978": { "id": "63f53e3c-b038-4722-b5ba-7212e50b5978", "title": "WP Coder <= 2.5.1 - Remote File Inclusion leading to Remote Code Execution via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Coder \u2013 Code Snippets + HTML, CSS, JS and PHP Injection", "slug": "wp-coder", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f53e3c-b038-4722-b5ba-7212e50b5978?source=api-scan" ], "published": "2021-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f588c6-6bad-44d2-a9d9-832d3a7d33ea": { "id": "63f588c6-6bad-44d2-a9d9-832d3a7d33ea", "title": "WP Statistics <= 12.0.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 12.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "12.0.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f588c6-6bad-44d2-a9d9-832d3a7d33ea?source=api-scan" ], "published": "2017-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f6ca11-abfb-4f87-a9f7-0321f1de9abe": { "id": "63f6ca11-abfb-4f87-a9f7-0321f1de9abe", "title": "Formidable PRO2PDF <= 3.09 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Formidable PRO2PDF", "slug": "formidablepro-2-pdf", "affected_versions": { "* - 3.09": { "from_version": "*", "from_inclusive": true, "to_version": "3.09", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f6ca11-abfb-4f87-a9f7-0321f1de9abe?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f86449-144c-494f-85d8-ce7c8d7d65d3": { "id": "63f86449-144c-494f-85d8-ce7c8d7d65d3", "title": "Contact Form & Lead Form Elementor Builder <= 1.6.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Contact Form Builder & Lead Generation Plugin", "slug": "lead-form-builder", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f86449-144c-494f-85d8-ce7c8d7d65d3?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63f98fd6-eee8-4281-98ea-a267d0442c85": { "id": "63f98fd6-eee8-4281-98ea-a267d0442c85", "title": "Page Restrict <= 2.5.5 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Page Restrict", "slug": "pagerestrict", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63f98fd6-eee8-4281-98ea-a267d0442c85?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63fb6727-8225-481c-8252-0224577a9560": { "id": "63fb6727-8225-481c-8252-0224577a9560", "title": "Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Regenerate post permalink", "slug": "regenerate-post-permalinks", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63fb6727-8225-481c-8252-0224577a9560?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63fc381e-ce72-4c90-bb35-daba520be40d": { "id": "63fc381e-ce72-4c90-bb35-daba520be40d", "title": "All In One WP Security <= 5.2.4 - Protection Bypass of Renamed Login Page via URL Encoding", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 5.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63fc381e-ce72-4c90-bb35-daba520be40d?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "63fd62b2-455e-449b-b46a-78c5d2b86cde": { "id": "63fd62b2-455e-449b-b46a-78c5d2b86cde", "title": "WordPress Core < 2.1 - Full Path Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/63fd62b2-455e-449b-b46a-78c5d2b86cde?source=api-scan" ], "published": "2007-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6404476e-0c32-4f8e-882f-6a1785ba5748": { "id": "6404476e-0c32-4f8e-882f-6a1785ba5748", "title": "WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6404476e-0c32-4f8e-882f-6a1785ba5748?source=api-scan" ], "published": "2023-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64087631-3514-4fec-ad2f-b095d7c727bd": { "id": "64087631-3514-4fec-ad2f-b095d7c727bd", "title": "Houzez <= 2.8.2 - Unauthenticated SQL Injection", "software": [ { "type": "theme", "name": "Houzez", "slug": "houzez", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64087631-3514-4fec-ad2f-b095d7c727bd?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "640b1800-3b59-4b06-a803-08cb76d62d99": { "id": "640b1800-3b59-4b06-a803-08cb76d62d99", "title": "File Manager <= 6.3 - Authenticated (Admin+) Arbitrary OS File Access via Path Traversal", "software": [ { "type": "plugin", "name": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress", "slug": "file-manager", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/640b1800-3b59-4b06-a803-08cb76d62d99?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "640d36ac-7a25-437e-8b0a-8c5beceb14bf": { "id": "640d36ac-7a25-437e-8b0a-8c5beceb14bf", "title": "Myriad <= 2.0 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Myriad", "slug": "myriad", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/640d36ac-7a25-437e-8b0a-8c5beceb14bf?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "640f0b06-9af2-4b79-8f87-97f93b2c51c0": { "id": "640f0b06-9af2-4b79-8f87-97f93b2c51c0", "title": "Menu - Ordering - Reservations <= 2.3.6 - Reflected Cross-Site Scripting via 'redirect'", "software": [ { "type": "plugin", "name": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation", "slug": "menu-ordering-reservations", "affected_versions": { "[*, 2.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/640f0b06-9af2-4b79-8f87-97f93b2c51c0?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "640f2616-f3a5-4be6-901e-848d2d77506e": { "id": "640f2616-f3a5-4be6-901e-848d2d77506e", "title": "Autoptimize <= 2.7.7 - Arbitrary File Upload (and Remote Code Execution) via Import Settings", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "[*, 2.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/640f2616-f3a5-4be6-901e-848d2d77506e?source=api-scan" ], "published": "2020-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "641123af-1ec6-4549-a58c-0a08b4678f45": { "id": "641123af-1ec6-4549-a58c-0a08b4678f45", "title": "Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.20": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/641123af-1ec6-4549-a58c-0a08b4678f45?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64117878-2fa3-4f80-bec4-f3f10b879f83": { "id": "64117878-2fa3-4f80-bec4-f3f10b879f83", "title": "Church Admin <= 4.1.32 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.1.32": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64117878-2fa3-4f80-bec4-f3f10b879f83?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6417269d-3d49-4f33-b92a-5aacb052bab0": { "id": "6417269d-3d49-4f33-b92a-5aacb052bab0", "title": "ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "ElementsKit Pro", "slug": "elementskit", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6417269d-3d49-4f33-b92a-5aacb052bab0?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64188179-1d7d-476f-866c-62bc10c85a3d": { "id": "64188179-1d7d-476f-866c-62bc10c85a3d", "title": "Estatik <= 2.2.5 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Estatik Real Estate Plugin", "slug": "estatik", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64188179-1d7d-476f-866c-62bc10c85a3d?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64196936-a0b8-48a7-ba5c-01ce061df82c": { "id": "64196936-a0b8-48a7-ba5c-01ce061df82c", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64196936-a0b8-48a7-ba5c-01ce061df82c?source=api-scan" ], "published": "2022-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "641e52d1-d046-4c15-9624-3b1919cd674f": { "id": "641e52d1-d046-4c15-9624-3b1919cd674f", "title": "Accept Donations with PayPal <= 1.3.3 - Arbitrary Post Deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Accept Donations with PayPal & Stripe", "slug": "easy-paypal-donation", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/641e52d1-d046-4c15-9624-3b1919cd674f?source=api-scan" ], "published": "2021-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "642012fa-28a5-46dc-a68f-3a4ce1cbced3": { "id": "642012fa-28a5-46dc-a68f-3a4ce1cbced3", "title": "Contact Form DB <= 2.8.29 - Cross-site request forgery via a request in the CF7DBPluginSubmissions page to wp-admin\/admin.php", "software": [ { "type": "plugin", "name": "Contact Form DB", "slug": "contact-form-7-to-database-extension", "affected_versions": { "* - 2.8.29": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/642012fa-28a5-46dc-a68f-3a4ce1cbced3?source=api-scan" ], "published": "2015-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64225f1c-3981-4bae-bb6a-95d1a27ad6aa": { "id": "64225f1c-3981-4bae-bb6a-95d1a27ad6aa", "title": "WP Twitter Mega Fan Box Widget <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Twitter Mega Fan Box Widget", "slug": "wp-twitter-mega-fan-box", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64225f1c-3981-4bae-bb6a-95d1a27ad6aa?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "642400f6-9579-4065-a5a5-6fec23131778": { "id": "642400f6-9579-4065-a5a5-6fec23131778", "title": "Task Manager Pro <= 1.3.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Task Manager Pro - Task Management Plugin For Wordpress", "slug": "task-manager-pro", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/642400f6-9579-4065-a5a5-6fec23131778?source=api-scan" ], "published": "2017-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64248d15-e6a7-442f-b269-e9f629d297d3": { "id": "64248d15-e6a7-442f-b269-e9f629d297d3", "title": "Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64248d15-e6a7-442f-b269-e9f629d297d3?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6428cf3c-a784-4e64-a6ef-041b3793ff67": { "id": "6428cf3c-a784-4e64-a6ef-041b3793ff67", "title": "Hercules Core <= 6.4 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Hercules Core", "slug": "hercules-core", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6428cf3c-a784-4e64-a6ef-041b3793ff67?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "642a6d42-100f-4461-b568-35e089287902": { "id": "642a6d42-100f-4461-b568-35e089287902", "title": "CRM WordPress Plugin \u2013 RepairBuddy <= 3.72 - SQL Injection", "software": [ { "type": "plugin", "name": "CRM WordPress Plugin \u2013 RepairBuddy", "slug": "computer-repair-shop", "affected_versions": { "* - 3.72": { "from_version": "*", "from_inclusive": true, "to_version": "3.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/642a6d42-100f-4461-b568-35e089287902?source=api-scan" ], "published": "2022-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "642a8e71-c267-41f5-bcf5-f5627be9038e": { "id": "642a8e71-c267-41f5-bcf5-f5627be9038e", "title": "Csomagpontok \u00e9s sz\u00e1ll\u00edt\u00e1si c\u00edmk\u00e9k WooCommerce hez <= 1.9.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Csomagpontok \u00e9s C\u00edmk\u00e9k WooCommerce-hez", "slug": "hungarian-pickup-points-for-woocommerce", "affected_versions": { "* - 1.9.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/642a8e71-c267-41f5-bcf5-f5627be9038e?source=api-scan" ], "published": "2022-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "642b589d-cb4b-46a0-b9f3-fad8b26bba0e": { "id": "642b589d-cb4b-46a0-b9f3-fad8b26bba0e", "title": "WooCommerce Address Book < 1.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Address Book", "slug": "woo-address-book", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/642b589d-cb4b-46a0-b9f3-fad8b26bba0e?source=api-scan" ], "published": "2019-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "642c03f4-f12c-4ae2-a4ab-4f49d6bd033c": { "id": "642c03f4-f12c-4ae2-a4ab-4f49d6bd033c", "title": "GD bbPress Attachments <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD bbPress Attachments", "slug": "gd-bbpress-attachments", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/642c03f4-f12c-4ae2-a4ab-4f49d6bd033c?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "642f0ad9-1085-4590-b736-9dd88440d047": { "id": "642f0ad9-1085-4590-b736-9dd88440d047", "title": "Exchange Addon Invoices < 1.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exchange Addon Invoices", "slug": "exchange-addon-invoices", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/642f0ad9-1085-4590-b736-9dd88440d047?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64338fc4-e8c9-4fa5-bb77-861fb5142286": { "id": "64338fc4-e8c9-4fa5-bb77-861fb5142286", "title": "Ninja Tables <= 4.1.7 - Admin+ Stored Cross-Site Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Tables \u2013 Easiest Data Table Builder", "slug": "ninja-tables", "affected_versions": { "* - 4.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64338fc4-e8c9-4fa5-bb77-861fb5142286?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6435fc6b-a5dc-4de3-9c53-5d1bfe8cfd88": { "id": "6435fc6b-a5dc-4de3-9c53-5d1bfe8cfd88", "title": "Random Banner <= 4.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Random Banner", "slug": "random-banner", "affected_versions": { "* - 4.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6435fc6b-a5dc-4de3-9c53-5d1bfe8cfd88?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64371d43-3acd-4863-80e4-deab071777b9": { "id": "64371d43-3acd-4863-80e4-deab071777b9", "title": "PowerPress <= 10.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Feed[title]'", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 10.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "10.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64371d43-3acd-4863-80e4-deab071777b9?source=api-scan" ], "published": "2023-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6439ea1f-78de-432f-bb1a-9ffc731a4ff4": { "id": "6439ea1f-78de-432f-bb1a-9ffc731a4ff4", "title": "PDF Viewer <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "PDF Viewer", "slug": "pdf-viewer", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6439ea1f-78de-432f-bb1a-9ffc731a4ff4?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "643cca2d-5a9a-4561-adf8-af9f0b3b0242": { "id": "643cca2d-5a9a-4561-adf8-af9f0b3b0242", "title": "Embed Articles <= 7.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "embed-articles", "slug": "embed-articles", "affected_versions": { "* - 7.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/643cca2d-5a9a-4561-adf8-af9f0b3b0242?source=api-scan" ], "published": "2015-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64452bb0-32bc-4acf-8e89-f6ae7c75cef4": { "id": "64452bb0-32bc-4acf-8e89-f6ae7c75cef4", "title": "Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64452bb0-32bc-4acf-8e89-f6ae7c75cef4?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "644624d8-c193-4ee6-bc82-7ccda5d7f2ac": { "id": "644624d8-c193-4ee6-bc82-7ccda5d7f2ac", "title": "Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6447de64-b484-4f64-ad78-7df81b5a0ed7": { "id": "6447de64-b484-4f64-ad78-7df81b5a0ed7", "title": "Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme", "slug": "kingcomposer", "affected_versions": { "[*, 2.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6447de64-b484-4f64-ad78-7df81b5a0ed7?source=api-scan" ], "published": "2020-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64480862-c076-4ea9-a03b-9aed81f876d5": { "id": "64480862-c076-4ea9-a03b-9aed81f876d5", "title": "PowerPack Addons for Elementor <= 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.7.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64480862-c076-4ea9-a03b-9aed81f876d5?source=api-scan" ], "published": "2024-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "644c8702-08ad-4048-ae91-041f1771f1dc": { "id": "644c8702-08ad-4048-ae91-041f1771f1dc", "title": "Easy Digital Downloads \u2013 Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/644c8702-08ad-4048-ae91-041f1771f1dc?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6450dafd-5992-4831-87af-e5e47cc8663e": { "id": "6450dafd-5992-4831-87af-e5e47cc8663e", "title": "Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Edwiser Bridge \u2013 WordPress Moodle LMS Integration", "slug": "edwiser-bridge", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6450dafd-5992-4831-87af-e5e47cc8663e?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "645328f3-2bcb-4287-952c-2e23ec57bb4e": { "id": "645328f3-2bcb-4287-952c-2e23ec57bb4e", "title": "WP Maintenance <= 6.1.6 - Information Exposure", "software": [ { "type": "plugin", "name": "WP Maintenance", "slug": "wp-maintenance", "affected_versions": { "* - 6.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=api-scan" ], "published": "2024-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "645552ef-84aa-4f51-93d4-cb85c43fed58": { "id": "645552ef-84aa-4f51-93d4-cb85c43fed58", "title": "Photospace Responsive <= 1.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photospace Responsive Gallery", "slug": "photospace-responsive", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/645552ef-84aa-4f51-93d4-cb85c43fed58?source=api-scan" ], "published": "2019-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64559d37-0c6b-45f5-8a2a-6e70cb5e423c": { "id": "64559d37-0c6b-45f5-8a2a-6e70cb5e423c", "title": "WP Custom Widget area <= 1.2.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Custom Widget area", "slug": "wp-custom-widget-area", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64559d37-0c6b-45f5-8a2a-6e70cb5e423c?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64584fcd-be84-4d40-bfa8-e6131d0afd58": { "id": "64584fcd-be84-4d40-bfa8-e6131d0afd58", "title": "Quiz And Survey Master <= 7.3.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64584fcd-be84-4d40-bfa8-e6131d0afd58?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "645ab4b9-e421-4610-b99b-960a7fbb7779": { "id": "645ab4b9-e421-4610-b99b-960a7fbb7779", "title": "Schema Pro <= 2.7.8 - Authenticated(Contributor+) Missing Authorization", "software": [ { "type": "plugin", "name": "Schema Pro", "slug": "wp-schema-pro", "affected_versions": { "* - 2.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/645ab4b9-e421-4610-b99b-960a7fbb7779?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "645ad965-4da3-45e4-aa9e-d5f5f8c9f087": { "id": "645ad965-4da3-45e4-aa9e-d5f5f8c9f087", "title": "Qards (All Versions) - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quards", "slug": "qards", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/645ad965-4da3-45e4-aa9e-d5f5f8c9f087?source=api-scan" ], "published": "2017-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64624d4c-3ffb-4516-a938-0accde24c79f": { "id": "64624d4c-3ffb-4516-a938-0accde24c79f", "title": "Photoswipe Masonry Gallery <= 1.2.14 Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photoswipe Masonry Gallery", "slug": "photoswipe-masonry", "affected_versions": { "* - 1.2.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64624d4c-3ffb-4516-a938-0accde24c79f?source=api-scan" ], "published": "2022-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64694d30-a780-4655-9a65-af1cfa542ccc": { "id": "64694d30-a780-4655-9a65-af1cfa542ccc", "title": "Blog Designer - Post and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Blog Designer \u2013 Post and Widget", "slug": "blog-designer-for-post-and-widget", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64694d30-a780-4655-9a65-af1cfa542ccc?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "646e3a57-92e1-4502-a0dd-8921e99cfe2d": { "id": "646e3a57-92e1-4502-a0dd-8921e99cfe2d", "title": "FancyBox for WordPress <= 3.0.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FancyBox for WordPress", "slug": "fancybox-for-wordpress", "affected_versions": { "[*, 3.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/646e3a57-92e1-4502-a0dd-8921e99cfe2d?source=api-scan" ], "published": "2015-02-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6478cdbc-a20e-4fe2-bbd6-8a550e5da895": { "id": "6478cdbc-a20e-4fe2-bbd6-8a550e5da895", "title": "RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6478cdbc-a20e-4fe2-bbd6-8a550e5da895?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64792dd9-f16b-4929-a2ba-a6f53b2e975f": { "id": "64792dd9-f16b-4929-a2ba-a6f53b2e975f", "title": "Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64792dd9-f16b-4929-a2ba-a6f53b2e975f?source=api-scan" ], "published": "2023-01-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "647a2f27-092a-4db1-932d-87ae8c2efcca": { "id": "647a2f27-092a-4db1-932d-87ae8c2efcca", "title": "Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Dropbox Folder Share", "slug": "dropbox-folder-share", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/647a2f27-092a-4db1-932d-87ae8c2efcca?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "647cc71d-4d3a-4722-b498-baaee2450809": { "id": "647cc71d-4d3a-4722-b498-baaee2450809", "title": "RSVPMaker <= 10.6.6 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 10.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/647cc71d-4d3a-4722-b498-baaee2450809?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64827b61-42ea-454a-b41d-85ce8d6ad866": { "id": "64827b61-42ea-454a-b41d-85ce8d6ad866", "title": "LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting via rul_login_url, rul_logout_url Parameter", "software": [ { "type": "plugin", "name": "LoginWP (Formerly Peter's Login Redirect)", "slug": "peters-login-redirect", "affected_versions": { "[*, 3.0.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64827b61-42ea-454a-b41d-85ce8d6ad866?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64852bc8-aeba-458d-9235-94bd4c4ec429": { "id": "64852bc8-aeba-458d-9235-94bd4c4ec429", "title": "Slider Revolution <= 6.7.10 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64852bc8-aeba-458d-9235-94bd4c4ec429?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "649cbd38-d926-4638-9fb9-6704befa1660": { "id": "649cbd38-d926-4638-9fb9-6704befa1660", "title": "WP AmASIN \u2013 The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WP AmASIN \u2013 The Amazon Affiliate Shop", "slug": "wp-amasin-the-amazon-affiliate-shop", "affected_versions": { "* - 0.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/649cbd38-d926-4638-9fb9-6704befa1660?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64a0bfa9-beb3-4926-bfed-af55a101aff1": { "id": "64a0bfa9-beb3-4926-bfed-af55a101aff1", "title": "Login With Ajax <= 3.1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login With Ajax \u2013 Fast Logins, 2FA, Redirects", "slug": "login-with-ajax", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64a0bfa9-beb3-4926-bfed-af55a101aff1?source=api-scan" ], "published": "2017-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64a36778-c17c-44ee-8b09-c221d27184f8": { "id": "64a36778-c17c-44ee-8b09-c221d27184f8", "title": "WP Dashboard Notes <= 1.0.10 - Missing Authorization to Arbitrary Private Notes Update", "software": [ { "type": "plugin", "name": "WP Dashboard Notes", "slug": "wp-dashboard-notes", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64a36778-c17c-44ee-8b09-c221d27184f8?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64a7a4db-8b28-4085-91b0-4ea5343c5643": { "id": "64a7a4db-8b28-4085-91b0-4ea5343c5643", "title": "Import WooCommerce < 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import WooCommerce Suite", "slug": "import-woocommerce", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64a7a4db-8b28-4085-91b0-4ea5343c5643?source=api-scan" ], "published": "2016-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64a833df-1cb8-40a1-9a8f-c53dcf50c877": { "id": "64a833df-1cb8-40a1-9a8f-c53dcf50c877", "title": "AMP for WP <= 0.9.97.20 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 0.9.97.20": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.97.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.97.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64a833df-1cb8-40a1-9a8f-c53dcf50c877?source=api-scan" ], "published": "2018-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64aa45bd-7bf8-4fe9-85e7-ace226e09f34": { "id": "64aa45bd-7bf8-4fe9-85e7-ace226e09f34", "title": "WooCommerce Product Feed for Google, Facebook, eBay and Many More <= 3.1.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CTX Feed \u2013 WooCommerce Product Feed Manager Plugin", "slug": "webappick-product-feed-for-woocommerce", "affected_versions": { "* - 3.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64aa45bd-7bf8-4fe9-85e7-ace226e09f34?source=api-scan" ], "published": "2019-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64abe00c-05b7-4661-b560-bae3957ad3e2": { "id": "64abe00c-05b7-4661-b560-bae3957ad3e2", "title": "Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bulk Creator", "slug": "bulk-creator", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64abe00c-05b7-4661-b560-bae3957ad3e2?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64ae36a3-d102-4d51-b685-395283155101": { "id": "64ae36a3-d102-4d51-b685-395283155101", "title": "Happy Addons for Elementor <= 3.9.1.1 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "[*, 3.10.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64ae36a3-d102-4d51-b685-395283155101?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64b10a7d-ca11-47ec-ba8a-e2b838fd8a2a": { "id": "64b10a7d-ca11-47ec-ba8a-e2b838fd8a2a", "title": "The Sorter <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "The Sorter", "slug": "the-sorter", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64b10a7d-ca11-47ec-ba8a-e2b838fd8a2a?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64b22728-cb07-48be-94b7-1089156490cd": { "id": "64b22728-cb07-48be-94b7-1089156490cd", "title": "Smush \u2013 Lazy Load Images, Optimize & Compress Images <= 3.9.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smush Image Optimization \u2013 Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN", "slug": "wp-smushit", "affected_versions": { "* - 3.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64b22728-cb07-48be-94b7-1089156490cd?source=api-scan" ], "published": "2022-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64b49f24-db48-4199-9ce2-3ea70c68d6af": { "id": "64b49f24-db48-4199-9ce2-3ea70c68d6af", "title": "Recent Posts Widget Extended <= 0.9.9.3 - Cross Site-Scripting", "software": [ { "type": "plugin", "name": "Recent Posts Widget Extended", "slug": "recent-posts-widget-extended", "affected_versions": { "* - 0.9.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64b49f24-db48-4199-9ce2-3ea70c68d6af?source=api-scan" ], "published": "2015-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64b4faf1-c2f2-43cd-900e-22edce3145a8": { "id": "64b4faf1-c2f2-43cd-900e-22edce3145a8", "title": "WordPress Core <= 2.2.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true }, "2.2 - 2.2.1": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11", "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64b4faf1-c2f2-43cd-900e-22edce3145a8?source=api-scan" ], "published": "2007-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64b7985e-bb35-4648-8159-4424661b52a9": { "id": "64b7985e-bb35-4648-8159-4424661b52a9", "title": "Podlove Podcast Publisher <= 4.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64b7985e-bb35-4648-8159-4424661b52a9?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64bae119-12c3-4b3e-88a7-2eb5a7b1b537": { "id": "64bae119-12c3-4b3e-88a7-2eb5a7b1b537", "title": "Tutor LMS \u2013 eLearning and online course solution <= 1.7.6 - Unprotected AJAX including Privilege Escalation", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64bae119-12c3-4b3e-88a7-2eb5a7b1b537?source=api-scan" ], "published": "2021-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64be6e85-00c9-49f5-9ee2-08dbe434a848": { "id": "64be6e85-00c9-49f5-9ee2-08dbe434a848", "title": "User Activity Log <= 1.6.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64be6e85-00c9-49f5-9ee2-08dbe434a848?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64c2c8c2-58f5-4b7d-b226-39ba39e887d5": { "id": "64c2c8c2-58f5-4b7d-b226-39ba39e887d5", "title": "WP Club Manager \u2013 WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update", "software": [ { "type": "plugin", "name": "WP Club Manager \u2013 WordPress Sports Club Plugin", "slug": "wp-club-manager", "affected_versions": { "* - 2.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64c72788-a8fa-4f5b-a5b0-8754e952a14d": { "id": "64c72788-a8fa-4f5b-a5b0-8754e952a14d", "title": "WP Mail Log <= 1.1.2 - Authenticated (Contributor+) SQL injection via key", "software": [ { "type": "plugin", "name": "WP Mail Log", "slug": "wp-mail-log", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64c72788-a8fa-4f5b-a5b0-8754e952a14d?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64cce528-0ad0-45ec-a8f6-e8791b0bece0": { "id": "64cce528-0ad0-45ec-a8f6-e8791b0bece0", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Import", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64cce528-0ad0-45ec-a8f6-e8791b0bece0?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64ccf609-5cdf-4f05-ad83-4fb7aa475ba5": { "id": "64ccf609-5cdf-4f05-ad83-4fb7aa475ba5", "title": "iThemes Mobile < 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Mobile", "slug": "ithemes-mobile", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64ccf609-5cdf-4f05-ad83-4fb7aa475ba5?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d": { "id": "64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d", "title": "Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Uncanny Groups for LearnDash", "slug": "uncanny-learndash-groups", "affected_versions": { "* - 6.1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64cf73fa-cdb9-4703-869e-343ee6f8178e": { "id": "64cf73fa-cdb9-4703-869e-343ee6f8178e", "title": "TinyChat Room Spy <= 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TinyChat Room Spy", "slug": "tinychat-roomspy", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64cf73fa-cdb9-4703-869e-343ee6f8178e?source=api-scan" ], "published": "2015-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64d2174e-ee69-4e71-b8cb-ff7a1ba0f52f": { "id": "64d2174e-ee69-4e71-b8cb-ff7a1ba0f52f", "title": "Locatoraid Store Locator <= 3.9.23 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Locatoraid Store Locator", "slug": "locatoraid", "affected_versions": { "* - 3.9.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64d2174e-ee69-4e71-b8cb-ff7a1ba0f52f?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64d2d161-678a-4c0a-b0c5-c28a29a66a5b": { "id": "64d2d161-678a-4c0a-b0c5-c28a29a66a5b", "title": "Real Testimonials <= 2.5.11 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Real Testimonials \u2013 Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider", "slug": "testimonial-free", "affected_versions": { "* - 2.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64d2d161-678a-4c0a-b0c5-c28a29a66a5b?source=api-scan" ], "published": "2022-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64db63e5-ff76-494a-be4f-d820f0cc9ab0": { "id": "64db63e5-ff76-494a-be4f-d820f0cc9ab0", "title": "Information Reel <= 10.0 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Information Reel", "slug": "information-reel", "affected_versions": { "* - 10.0": { "from_version": "*", "from_inclusive": true, "to_version": "10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64db63e5-ff76-494a-be4f-d820f0cc9ab0?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64de1220-52f5-46a9-b8ba-cf808d5d2e29": { "id": "64de1220-52f5-46a9-b8ba-cf808d5d2e29", "title": "Newsletters <= 4.9.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64de1220-52f5-46a9-b8ba-cf808d5d2e29?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64df8260-603b-48ba-b88b-f89994dd8329": { "id": "64df8260-603b-48ba-b88b-f89994dd8329", "title": "WholesaleX <= 1.3.1 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "WholesaleX \u2013 WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)", "slug": "wholesalex", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64df8260-603b-48ba-b88b-f89994dd8329?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64e0adbc-c524-4f9d-9741-ce69edf888f7": { "id": "64e0adbc-c524-4f9d-9741-ce69edf888f7", "title": "BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries", "software": [ { "type": "plugin", "name": "BadgeOS", "slug": "badgeos", "affected_versions": { "* - 3.7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64e0adbc-c524-4f9d-9741-ce69edf888f7?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64e125c7-3f1e-43ed-8655-e0fbb95bc84b": { "id": "64e125c7-3f1e-43ed-8655-e0fbb95bc84b", "title": "CStar Design WordPress Theme <= 4.9 - SQL Injection", "software": [ { "type": "theme", "name": "CStar Design WordPress Theme", "slug": "cstardesign", "affected_versions": { "* - 4.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64e125c7-3f1e-43ed-8655-e0fbb95bc84b?source=api-scan" ], "published": "2012-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64e14944-db83-413f-82a3-cda594398c7e": { "id": "64e14944-db83-413f-82a3-cda594398c7e", "title": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder <= 1.34.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.34.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.34.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.34.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64e14944-db83-413f-82a3-cda594398c7e?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64e806df-4919-4a58-8f21-075f09668174": { "id": "64e806df-4919-4a58-8f21-075f09668174", "title": "10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters", "software": [ { "type": "plugin", "name": "10Web Map Builder for Google Maps", "slug": "wd-google-maps", "affected_versions": { "* - 1.0.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64e806df-4919-4a58-8f21-075f09668174?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64eb3d67-7056-4a03-ba3b-a04c2e96648d": { "id": "64eb3d67-7056-4a03-ba3b-a04c2e96648d", "title": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education <= 3.3.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64eb4bfe-09b4-43c7-9d7e-f14fc5edf3c1": { "id": "64eb4bfe-09b4-43c7-9d7e-f14fc5edf3c1", "title": "WP Block and Stop Bad Bots <= 6.88 - SQL Injection", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "[*, 6.88)": { "from_version": "*", "from_inclusive": true, "to_version": "6.88", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64eb4bfe-09b4-43c7-9d7e-f14fc5edf3c1?source=api-scan" ], "published": "2022-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64ed8547-0dc1-4f0a-8b0b-27ce20b8bbd6": { "id": "64ed8547-0dc1-4f0a-8b0b-27ce20b8bbd6", "title": "W4 Post List <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options", "software": [ { "type": "plugin", "name": "W4 Post List", "slug": "w4-post-list", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64ed8547-0dc1-4f0a-8b0b-27ce20b8bbd6?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64f11bc9-88b5-43d5-bc76-129dc5909210": { "id": "64f11bc9-88b5-43d5-bc76-129dc5909210", "title": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "* - 3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64f11bc9-88b5-43d5-bc76-129dc5909210?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64f4009e-2715-4c58-acbd-e516f1a76646": { "id": "64f4009e-2715-4c58-acbd-e516f1a76646", "title": "Constant Contact Forms <= 1.8.7 Editor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Constant Contact Forms", "slug": "constant-contact-forms", "affected_versions": { "[*, 1.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64f4009e-2715-4c58-acbd-e516f1a76646?source=api-scan" ], "published": "2020-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64f43aee-01ee-4fbb-a174-966ed3c06b21": { "id": "64f43aee-01ee-4fbb-a174-966ed3c06b21", "title": "RSFirewall! <= 1.1.24 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "RSFirewall!", "slug": "rsfirewall", "affected_versions": { "* - 1.1.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64f43aee-01ee-4fbb-a174-966ed3c06b21?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64f51991-f767-4f7b-94e7-68c0e2214849": { "id": "64f51991-f767-4f7b-94e7-68c0e2214849", "title": "WordPress Core < 3.0.6 - Incorrect Authorization Checks", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64f51991-f767-4f7b-94e7-68c0e2214849?source=api-scan" ], "published": "2011-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64f879af-aa8f-4edf-8369-ca032603d529": { "id": "64f879af-aa8f-4edf-8369-ca032603d529", "title": "WC Vendors Marketplace <= 2.4.7 - Authenticated (Shop manager+) SQL Injection via search dates", "software": [ { "type": "plugin", "name": "WC Vendors \u2013 WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors", "slug": "wc-vendors", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64f879af-aa8f-4edf-8369-ca032603d529?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "64fd32a1-da2a-42db-9597-06366a34f543": { "id": "64fd32a1-da2a-42db-9597-06366a34f543", "title": "Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Lightbox Photo Gallery", "slug": "lightbox-photo-gallery", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/64fd32a1-da2a-42db-9597-06366a34f543?source=api-scan" ], "published": "2014-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6504ae5c-a36d-495e-aa93-40a3753857c6": { "id": "6504ae5c-a36d-495e-aa93-40a3753857c6", "title": "Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation", "software": [ { "type": "plugin", "name": "Envo's Elementor Templates & Widgets for WooCommerce", "slug": "envo-elementor-for-woocommerce", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6504ae5c-a36d-495e-aa93-40a3753857c6?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "650b5677-7c70-415f-81bf-12514393e4c9": { "id": "650b5677-7c70-415f-81bf-12514393e4c9", "title": "Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/650b5677-7c70-415f-81bf-12514393e4c9?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "650dbbaa-4348-42a6-973c-487f53430955": { "id": "650dbbaa-4348-42a6-973c-487f53430955", "title": "Sassy Social Share <= 3.3.39 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Sassy Social Share", "slug": "sassy-social-share", "affected_versions": { "[*, 3.3.40)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.40", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/650dbbaa-4348-42a6-973c-487f53430955?source=api-scan" ], "published": "2022-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "650dfc4c-d851-481c-af8f-4dfe1e128a1d": { "id": "650dfc4c-d851-481c-af8f-4dfe1e128a1d", "title": "XML Sitemap Generator for Google <= 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XML Sitemap Generator for Google", "slug": "www-xml-sitemap-generator-org", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/650dfc4c-d851-481c-af8f-4dfe1e128a1d?source=api-scan" ], "published": "2022-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "650f7232-7279-401d-beb1-26f70c69164b": { "id": "650f7232-7279-401d-beb1-26f70c69164b", "title": "connectDaily <= 1.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Events Calendar Plugin \u2013 connectDaily", "slug": "connect-daily-web-calendar", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/650f7232-7279-401d-beb1-26f70c69164b?source=api-scan" ], "published": "2022-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65166432-a877-4070-94c1-cdaf7e5d7586": { "id": "65166432-a877-4070-94c1-cdaf7e5d7586", "title": "Booking Package <= 1.5.98 - Authorization Bypass to Arbitrary Password Reset", "software": [ { "type": "plugin", "name": "Booking Package", "slug": "booking-package", "affected_versions": { "[*, 1.5.99)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.99", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65166432-a877-4070-94c1-cdaf7e5d7586?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65189c49-600d-4a69-a687-0ff9e327783e": { "id": "65189c49-600d-4a69-a687-0ff9e327783e", "title": "TeraWallet \u2013 For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via lock_unlock_terawallet", "software": [ { "type": "plugin", "name": "Wallet for WooCommerce", "slug": "woo-wallet", "affected_versions": { "* - 1.3.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65189c49-600d-4a69-a687-0ff9e327783e?source=api-scan" ], "published": "2022-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "651df16c-2472-4124-90a3-69b98e478ed3": { "id": "651df16c-2472-4124-90a3-69b98e478ed3", "title": "WP Fusion Lite <= 3.37.18 \u2013 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Fusion Lite \u2013 Marketing Automation and CRM Integration for WordPress", "slug": "wp-fusion-lite", "affected_versions": { "* - 3.37.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.37.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.37.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/651df16c-2472-4124-90a3-69b98e478ed3?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "652367a0-fca2-4313-8217-d8811ada0ab5": { "id": "652367a0-fca2-4313-8217-d8811ada0ab5", "title": "WooCommerce PDF Invoice Builder <= 1.2.101 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PDF Builder for WooCommerce. Create invoices,packing slips and more", "slug": "woo-pdf-invoice-builder", "affected_versions": { "* - 1.2.101": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.101", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.102" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/652367a0-fca2-4313-8217-d8811ada0ab5?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6528041a-0217-43d5-bf29-9208e23aadd9": { "id": "6528041a-0217-43d5-bf29-9208e23aadd9", "title": "Weblizar Pin It Button On Image Hover And Post < 3.4 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Weblizar Pin It Button On Image Hover And Post", "slug": "pinterest-pin-it-button-on-image-hover-and-post", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6528041a-0217-43d5-bf29-9208e23aadd9?source=api-scan" ], "published": "2022-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65329e2c-0ce2-4033-93a8-ba52ae3774c1": { "id": "65329e2c-0ce2-4033-93a8-ba52ae3774c1", "title": "Audio <= 0.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Audio", "slug": "audio", "affected_versions": { "* - 0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65329e2c-0ce2-4033-93a8-ba52ae3774c1?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6535f932-3aa4-4686-adf6-4e7a1f494e02": { "id": "6535f932-3aa4-4686-adf6-4e7a1f494e02", "title": "User Profile Picture <= 2.4.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "User Profile Picture", "slug": "users-profile-picture", "affected_versions": { "[*, 2.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6535f932-3aa4-4686-adf6-4e7a1f494e02?source=api-scan" ], "published": "2021-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "653ab9cb-7084-47e4-b5e3-6788fa5d7496": { "id": "653ab9cb-7084-47e4-b5e3-6788fa5d7496", "title": "SupportCandy <= 2.2.4 - Unauthenticated Arbitrary Ticket Deletion", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/653ab9cb-7084-47e4-b5e3-6788fa5d7496?source=api-scan" ], "published": "2022-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "653bf021-370d-4787-9ded-c5c915aed1d6": { "id": "653bf021-370d-4787-9ded-c5c915aed1d6", "title": "Maintenance Page <= 1.0.8 - Security Mechanism Bypass via REST API", "software": [ { "type": "plugin", "name": "Maintenance Page", "slug": "maintenance-page", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/653bf021-370d-4787-9ded-c5c915aed1d6?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "653fbe5d-3388-4227-8a0a-46764b6be4d2": { "id": "653fbe5d-3388-4227-8a0a-46764b6be4d2", "title": "Post Grid <= 2.1.15 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "[*, 2.1.16)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/653fbe5d-3388-4227-8a0a-46764b6be4d2?source=api-scan" ], "published": "2022-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65402225-99ba-49ff-807b-b8e4cf474ffb": { "id": "65402225-99ba-49ff-807b-b8e4cf474ffb", "title": "Photo Gallery <= 1.5.67 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.68)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.68", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65402225-99ba-49ff-807b-b8e4cf474ffb?source=api-scan" ], "published": "2021-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6543e6e2-e052-466e-ad19-656fd8d01805": { "id": "6543e6e2-e052-466e-ad19-656fd8d01805", "title": "Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi Builder <= 2.5.51 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi Builder", "slug": "supreme-modules-for-divi", "affected_versions": { "* - 2.5.51": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6543e6e2-e052-466e-ad19-656fd8d01805?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65465de9-c527-4b18-8a52-c9cd2d594f72": { "id": "65465de9-c527-4b18-8a52-c9cd2d594f72", "title": "WordPress Core < 3.5.2 - XXE Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65465de9-c527-4b18-8a52-c9cd2d594f72?source=api-scan" ], "published": "2013-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "654727e0-6129-47c7-94f3-10567b1a42d4": { "id": "654727e0-6129-47c7-94f3-10567b1a42d4", "title": "SendPulse Free Web Push <= 1.3.1 - Cross-Site Request Forgery via sendpulse_config", "software": [ { "type": "plugin", "name": "SendPulse Free Web Push", "slug": "sendpulse-web-push", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/654727e0-6129-47c7-94f3-10567b1a42d4?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65504747-7f1b-43f9-be4d-48b9547e7c45": { "id": "65504747-7f1b-43f9-be4d-48b9547e7c45", "title": "Content Views \u2013 Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter", "software": [ { "type": "plugin", "name": "Content Views \u2013 Post Grid & Filter, Recent Posts, Category Posts \u2026 (Shortcode, Blocks, and Elementor Widgets)", "slug": "content-views-query-and-display-post-page", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65504747-7f1b-43f9-be4d-48b9547e7c45?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "655077b2-7152-4fc6-845d-068a5af730bb": { "id": "655077b2-7152-4fc6-845d-068a5af730bb", "title": "Team Members <= 5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Members", "slug": "team-members", "affected_versions": { "* - 5.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/655077b2-7152-4fc6-845d-068a5af730bb?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6551eea6-1059-4caa-876c-3d08083130f6": { "id": "6551eea6-1059-4caa-876c-3d08083130f6", "title": "Ninja Forms <= 3.6.25 - Missing Authorization to Contributor+ Form Submission Export", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6551eea6-1059-4caa-876c-3d08083130f6?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65526517-aec5-454b-94c0-973359d840e1": { "id": "65526517-aec5-454b-94c0-973359d840e1", "title": "Tutor LMS <= 1.9.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65526517-aec5-454b-94c0-973359d840e1?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65581fa6-110f-4ae3-a903-dbf649b44417": { "id": "65581fa6-110f-4ae3-a903-dbf649b44417", "title": "ClickFunnels <= 3.1.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "ClickFunnels", "slug": "clickfunnels", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65581fa6-110f-4ae3-a903-dbf649b44417?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "655b35a7-a532-4ceb-aa02-4a8192e6449d": { "id": "655b35a7-a532-4ceb-aa02-4a8192e6449d", "title": "SVS Pricing Tables <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SVS Pricing Tables", "slug": "svs-pricing-tables", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/655b35a7-a532-4ceb-aa02-4a8192e6449d?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "655b3a54-34b1-4c1a-a1b5-51d87e3134d4": { "id": "655b3a54-34b1-4c1a-a1b5-51d87e3134d4", "title": "Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery allowing Option Update", "software": [ { "type": "plugin", "name": "Facebook for WooCommerce", "slug": "facebook-for-woocommerce", "affected_versions": { "* - 1.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/655b3a54-34b1-4c1a-a1b5-51d87e3134d4?source=api-scan" ], "published": "2019-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "655c08e6-4ef2-438e-b381-1bc3748c3771": { "id": "655c08e6-4ef2-438e-b381-1bc3748c3771", "title": "ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings", "software": [ { "type": "plugin", "name": "ImagePress \u2013 Image Gallery", "slug": "image-gallery", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/655c08e6-4ef2-438e-b381-1bc3748c3771?source=api-scan" ], "published": "2024-10-11 16:56:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "655cd6ec-088f-4610-ae7f-76a959c290af": { "id": "655cd6ec-088f-4610-ae7f-76a959c290af", "title": "Edwiser Bridge <= 3.0.7 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Edwiser Bridge \u2013 WordPress Moodle LMS Integration", "slug": "edwiser-bridge", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/655cd6ec-088f-4610-ae7f-76a959c290af?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "655e6486-e35f-4e7b-b894-55606d3eba56": { "id": "655e6486-e35f-4e7b-b894-55606d3eba56", "title": "WP Fast Cache <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Fast Cache", "slug": "wp-fast-cache", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/655e6486-e35f-4e7b-b894-55606d3eba56?source=api-scan" ], "published": "2015-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "655fc91d-5920-4214-8ef1-8191e2683f9d": { "id": "655fc91d-5920-4214-8ef1-8191e2683f9d", "title": "WPC Smart Wishlist for WooCommerce <= 4.7.1 - Cross-Site Request Forgery via wishlist_add and wishlist_remove", "software": [ { "type": "plugin", "name": "WPC Smart Wishlist for WooCommerce", "slug": "woo-smart-wishlist", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/655fc91d-5920-4214-8ef1-8191e2683f9d?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "656300ce-6e94-4382-b0ed-9cecca5b917c": { "id": "656300ce-6e94-4382-b0ed-9cecca5b917c", "title": "Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage", "software": [ { "type": "plugin", "name": "Watermark RELOADED", "slug": "watermark-reloaded", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/656300ce-6e94-4382-b0ed-9cecca5b917c?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "656bf2b4-1930-4e96-b92b-01593889a43f": { "id": "656bf2b4-1930-4e96-b92b-01593889a43f", "title": "Final Tiles Gallery <= 3.4.18 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Photo Gallery Final Tiles Grid", "slug": "final-tiles-grid-gallery-lite", "affected_versions": { "* - 3.4.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/656bf2b4-1930-4e96-b92b-01593889a43f?source=api-scan" ], "published": "2020-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6571a899-f217-434f-bbed-b1faf77a8d8b": { "id": "6571a899-f217-434f-bbed-b1faf77a8d8b", "title": "Divi <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Divi", "slug": "Divi", "affected_versions": { "* - 4.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6571a899-f217-434f-bbed-b1faf77a8d8b?source=api-scan" ], "published": "2024-06-17 19:31:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "657226b4-db55-4859-8f38-65b4ace11f4a": { "id": "657226b4-db55-4859-8f38-65b4ace11f4a", "title": "ND Shortcodes <= 5.9.1 - Unauthenticated WordPress Options Update", "software": [ { "type": "plugin", "name": "ND Shortcodes", "slug": "nd-shortcodes", "affected_versions": { "[*, 6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/657226b4-db55-4859-8f38-65b4ace11f4a?source=api-scan" ], "published": "2019-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "657b1b7b-eac2-4935-a50f-0849c4e96b16": { "id": "657b1b7b-eac2-4935-a50f-0849c4e96b16", "title": "Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "[*, 4.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/657b1b7b-eac2-4935-a50f-0849c4e96b16?source=api-scan" ], "published": "2023-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "657f3bd7-2cdc-4eb6-ba50-7c7fca468df0": { "id": "657f3bd7-2cdc-4eb6-ba50-7c7fca468df0", "title": "SiteGround Optimizer <= 5.0.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "Speed Optimizer \u2013 The All-In-One Performance-Boosting Plugin", "slug": "sg-cachepress", "affected_versions": { "[*, 5.0.13)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/657f3bd7-2cdc-4eb6-ba50-7c7fca468df0?source=api-scan" ], "published": "2019-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65869722-1147-4fdd-a844-944c51a07f2e": { "id": "65869722-1147-4fdd-a844-944c51a07f2e", "title": "Redirection Page <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Redirection Page", "slug": "redirection-page", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65869722-1147-4fdd-a844-944c51a07f2e?source=api-scan" ], "published": "2015-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "658ba848-fbfe-4cee-b997-77bc4cae53dc": { "id": "658ba848-fbfe-4cee-b997-77bc4cae53dc", "title": "Disable WordPress Update Notifications <= 2.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Disable WordPress Update Notifications and auto-update Email Notifications", "slug": "disable-update-notifications", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/658ba848-fbfe-4cee-b997-77bc4cae53dc?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "658ccd08-5f46-4a11-8d86-38b49027f83e": { "id": "658ccd08-5f46-4a11-8d86-38b49027f83e", "title": "Export any WordPress data to XML\/CSV <= 1.3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Export any WordPress data to XML\/CSV", "slug": "wp-all-export", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/658ccd08-5f46-4a11-8d86-38b49027f83e?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "658ff7da-6496-4cca-8b1c-76b794c20aad": { "id": "658ff7da-6496-4cca-8b1c-76b794c20aad", "title": "Quantity Plus Minus Button for WooCommerce by CodeAstrology <= 1.1.9 - Cross-Site Request Forgery via wqpmb_form_submit", "software": [ { "type": "plugin", "name": "Quantity Plus Minus Button for WooCommerce by CodeAstrology", "slug": "wc-quantity-plus-minus-button", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/658ff7da-6496-4cca-8b1c-76b794c20aad?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6591c2a5-d238-418f-be00-1bb5c2fa77e9": { "id": "6591c2a5-d238-418f-be00-1bb5c2fa77e9", "title": "Traveler \u2013 Travel Booking WordPress Theme < 2.8.4 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Travel Booking WordPress Theme", "slug": "traveler", "affected_versions": { "[*, 2.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6591c2a5-d238-418f-be00-1bb5c2fa77e9?source=api-scan" ], "published": "2020-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6593b0de-db7a-4b7e-bd74-cc2b1e36ac60": { "id": "6593b0de-db7a-4b7e-bd74-cc2b1e36ac60", "title": "EmbedSocial \u2013 Social Media Feeds, Reviews and Galleries <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EmbedSocial \u2013 Social Media Feeds, Reviews and Galleries", "slug": "embedalbum-pro", "affected_versions": { "* - 1.1.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6593b0de-db7a-4b7e-bd74-cc2b1e36ac60?source=api-scan" ], "published": "2024-06-18 14:30:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6594b5ba-57e4-4ef1-93b9-ac1e90ed13be": { "id": "6594b5ba-57e4-4ef1-93b9-ac1e90ed13be", "title": "Social Sharing Toolkit <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Sharing Toolkit", "slug": "social-sharing-toolkit", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6594b5ba-57e4-4ef1-93b9-ac1e90ed13be?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65963ce0-6589-4753-837c-14ef37a1a9e3": { "id": "65963ce0-6589-4753-837c-14ef37a1a9e3", "title": "Simple Restrict <= 1.2.6 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Simple Restrict", "slug": "simple-restrict", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65963ce0-6589-4753-837c-14ef37a1a9e3?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "659bbf79-f4f2-49fa-8ba5-60e821c798fc": { "id": "659bbf79-f4f2-49fa-8ba5-60e821c798fc", "title": "WPExperts Square For GiveWP <= 1.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WPExperts Square For GiveWP", "slug": "wpexperts-square-for-give", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/659bbf79-f4f2-49fa-8ba5-60e821c798fc?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "659f5a99-84f4-44b0-8546-445831c7e0d1": { "id": "659f5a99-84f4-44b0-8546-445831c7e0d1", "title": "Fitness Calculators <= 1.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "fitness calculators", "slug": "fitness-calculators", "affected_versions": { "* - 1.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/659f5a99-84f4-44b0-8546-445831c7e0d1?source=api-scan" ], "published": "2021-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "659fcb95-9041-443e-9b75-0d2f8c6108aa": { "id": "659fcb95-9041-443e-9b75-0d2f8c6108aa", "title": "WP Travel Engine <= 5.7.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator Software", "slug": "wp-travel-engine", "affected_versions": { "* - 5.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/659fcb95-9041-443e-9b75-0d2f8c6108aa?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65a0033d-2266-429c-aab2-80bd46c93b91": { "id": "65a0033d-2266-429c-aab2-80bd46c93b91", "title": "Ultimate Member <= 2.1.2 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65a0033d-2266-429c-aab2-80bd46c93b91?source=api-scan" ], "published": "2020-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65a02152-be62-4e27-8a31-e88f23e0236f": { "id": "65a02152-be62-4e27-8a31-e88f23e0236f", "title": "WordPress File Upload < 2.7.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 2.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65a02152-be62-4e27-8a31-e88f23e0236f?source=api-scan" ], "published": "2015-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65a9e877-e870-4e36-985d-c0629abe3f78": { "id": "65a9e877-e870-4e36-985d-c0629abe3f78", "title": "WP Cost Estimation < 9.660 - Upload Directory Traversal", "software": [ { "type": "plugin", "name": "WP Cost Estimation", "slug": "WP_Estimation_Form", "affected_versions": { "[*, 9.660)": { "from_version": "*", "from_inclusive": true, "to_version": "9.660", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.660" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65a9e877-e870-4e36-985d-c0629abe3f78?source=api-scan" ], "published": "2019-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65aa6694-0ed9-40a4-bd1c-1b51cd5e537d": { "id": "65aa6694-0ed9-40a4-bd1c-1b51cd5e537d", "title": "THE Leads Management System: 59sec LITE <= 3.4.1 - Authorization Bypass", "software": [ { "type": "plugin", "name": "THE Leads Management System: 59sec LITE", "slug": "59sec-lite-contact-form-7-push-notifications-on-ios-and-android", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65aa6694-0ed9-40a4-bd1c-1b51cd5e537d?source=api-scan" ], "published": "2022-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65ab07e8-4cba-4d81-8e80-8c6c96c1095e": { "id": "65ab07e8-4cba-4d81-8e80-8c6c96c1095e", "title": "1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "1app Business Forms", "slug": "1app-business-forms", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65ab07e8-4cba-4d81-8e80-8c6c96c1095e?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65aedeef-d370-4d04-9396-1cf6a2b29033": { "id": "65aedeef-d370-4d04-9396-1cf6a2b29033", "title": "WP Armour Extended <= 1.26 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Armour Extended", "slug": "wp-armour-extended", "affected_versions": { "* - 1.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65aedeef-d370-4d04-9396-1cf6a2b29033?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65b2b72a-5c76-463e-9513-26b400b40a65": { "id": "65b2b72a-5c76-463e-9513-26b400b40a65", "title": "One Click Plugin Updater <= 2.4.14 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "One Click Plugin Updater", "slug": "one-click-plugin-updater", "affected_versions": { "* - 2.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65b2b72a-5c76-463e-9513-26b400b40a65?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65b3baaf-86e4-4dd2-b3eb-84c21eabdd6d": { "id": "65b3baaf-86e4-4dd2-b3eb-84c21eabdd6d", "title": "WP Fastest Cache <= 0.8.7.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65b3baaf-86e4-4dd2-b3eb-84c21eabdd6d?source=api-scan" ], "published": "2018-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65b55b54-9af5-4f83-93f9-079cd51d8c91": { "id": "65b55b54-9af5-4f83-93f9-079cd51d8c91", "title": "Simple Local Avatars <= 2.7.10 - Cross-Site Request Forgery via save_default_avatar_file_id()", "software": [ { "type": "plugin", "name": "Simple Local Avatars", "slug": "simple-local-avatars", "affected_versions": { "* - 2.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65b55b54-9af5-4f83-93f9-079cd51d8c91?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65b8e9b3-6078-4a78-86f9-7251c1978199": { "id": "65b8e9b3-6078-4a78-86f9-7251c1978199", "title": "Eventify - Simple Events <= 1.7.f - SQL Injection via eventid", "software": [ { "type": "plugin", "name": "Eventify\u2122 \u2013 Simple Events", "slug": "eventify", "affected_versions": { "* - 1.7.f": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.f", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.g" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65b8e9b3-6078-4a78-86f9-7251c1978199?source=api-scan" ], "published": "2011-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65b9fea3-323a-4123-ad83-3d713eb5552f": { "id": "65b9fea3-323a-4123-ad83-3d713eb5552f", "title": "Perelink Pro <= 2.1.4 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Perelink Pro", "slug": "perelink", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65b9fea3-323a-4123-ad83-3d713eb5552f?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65c72e79-f0a9-4293-98be-956d8e4afb83": { "id": "65c72e79-f0a9-4293-98be-956d8e4afb83", "title": "WordPress Core < 2.1.3 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65c72e79-f0a9-4293-98be-956d8e4afb83?source=api-scan" ], "published": "2007-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65c8ea6c-85f1-4e96-995f-57200819280e": { "id": "65c8ea6c-85f1-4e96-995f-57200819280e", "title": "Myriad <= 2.0 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Myriad", "slug": "myriad", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65c8ea6c-85f1-4e96-995f-57200819280e?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65cb692f-b518-4581-ba63-c43eb450c56e": { "id": "65cb692f-b518-4581-ba63-c43eb450c56e", "title": "zM Ajax Login & Register <= 1.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ZM Ajax Login & Register", "slug": "zm-ajax-login-register", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65cb692f-b518-4581-ba63-c43eb450c56e?source=api-scan" ], "published": "2015-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65db0063-63c4-400b-9192-ddcc16c0a541": { "id": "65db0063-63c4-400b-9192-ddcc16c0a541", "title": "Zoho Forms <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form plugin for WordPress \u2013 Zoho Forms", "slug": "zoho-forms", "affected_versions": { "3.0.0": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65db0063-63c4-400b-9192-ddcc16c0a541?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65db2345-4b55-466c-b148-7d954de96a87": { "id": "65db2345-4b55-466c-b148-7d954de96a87", "title": "WP Forum Server < 1.7.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Forum Server", "slug": "forum-server", "affected_versions": { "[*, 1.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65db2345-4b55-466c-b148-7d954de96a87?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65e2e9e3-2778-4baf-8269-fc13d5ef1212": { "id": "65e2e9e3-2778-4baf-8269-fc13d5ef1212", "title": "JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65e2e9e3-2778-4baf-8269-fc13d5ef1212?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65e68147-84cc-4b2d-85b9-e5b7bde2e604": { "id": "65e68147-84cc-4b2d-85b9-e5b7bde2e604", "title": "DirectoriesPro Plugin by SabaiApps <= 1.3.45 - Cross-Site Scripting via _drts_form_build_id, _t_ Parameters", "software": [ { "type": "plugin", "name": "directories", "slug": "directories", "affected_versions": { "[*, 1.3.46)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.46", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65e68147-84cc-4b2d-85b9-e5b7bde2e604?source=api-scan" ], "published": "2020-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65e76681-80e0-40aa-a68b-87cb0c42b4f8": { "id": "65e76681-80e0-40aa-a68b-87cb0c42b4f8", "title": "Pinyin Slugs <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pinyin Slugs", "slug": "so-pinyin-slugs", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65e76681-80e0-40aa-a68b-87cb0c42b4f8?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65f30cd4-1d47-4ebe-a6de-acdb3a813c9c": { "id": "65f30cd4-1d47-4ebe-a6de-acdb3a813c9c", "title": "Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dynamic QR Code Generator", "slug": "dynamic-qr-code-generator", "affected_versions": { "* - 0.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65f30cd4-1d47-4ebe-a6de-acdb3a813c9c?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65f49fe0-6aad-445e-a86e-ad1089239303": { "id": "65f49fe0-6aad-445e-a86e-ad1089239303", "title": "Empty Cart Button for WooCommerce <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Empty Cart Button for WooCommerce", "slug": "empty-cart-button-for-woocommerce", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65f49fe0-6aad-445e-a86e-ad1089239303?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "65fc55bb-2b86-466a-b43b-554628283f02": { "id": "65fc55bb-2b86-466a-b43b-554628283f02", "title": "LoginPress <= 1.1.15 - Authenticated Stored Cross-SIte Scripting", "software": [ { "type": "plugin", "name": "LoginPress | wp-login Custom Login Page Customizer", "slug": "loginpress", "affected_versions": { "[*, 1.1.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/65fc55bb-2b86-466a-b43b-554628283f02?source=api-scan" ], "published": "2018-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "660058f0-ccd9-4bb9-9e11-f1e1d1100ef2": { "id": "660058f0-ccd9-4bb9-9e11-f1e1d1100ef2", "title": "Display Users <= 2.0.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Display Users", "slug": "wp-display-users", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/660058f0-ccd9-4bb9-9e11-f1e1d1100ef2?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66019297-a8a8-4bbc-99db-4b47066f3e50": { "id": "66019297-a8a8-4bbc-99db-4b47066f3e50", "title": "Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset", "software": [ { "type": "plugin", "name": "Comments Like Dislike", "slug": "comments-like-dislike", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66019297-a8a8-4bbc-99db-4b47066f3e50?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66082207-33b6-45e4-ae93-24c9a9611300": { "id": "66082207-33b6-45e4-ae93-24c9a9611300", "title": "Sitewide Notice WP <= 2.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sitewide Notice WP", "slug": "sitewide-notice-wp", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66082207-33b6-45e4-ae93-24c9a9611300?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66122be6-7c28-44cc-a8dd-7b2ec64346f7": { "id": "66122be6-7c28-44cc-a8dd-7b2ec64346f7", "title": "Defender Security <= 4.2.0 - Masked Login Area Security Feature Bypass", "software": [ { "type": "plugin", "name": "Defender Security \u2013 Malware Scanner, Login Security & Firewall", "slug": "defender-security", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66122be6-7c28-44cc-a8dd-7b2ec64346f7?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66130071-668e-4692-afd3-5fcc9039f10f": { "id": "66130071-668e-4692-afd3-5fcc9039f10f", "title": "Tutor LMS <= 1.9.11 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66130071-668e-4692-afd3-5fcc9039f10f?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66182fc4-863a-4a7b-92a8-2f43717b8579": { "id": "66182fc4-863a-4a7b-92a8-2f43717b8579", "title": "Captcha Code <= 2.7 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Captcha Code", "slug": "captcha-code-authentication", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66182fc4-863a-4a7b-92a8-2f43717b8579?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6619b370-dd2a-4945-a776-1fecf407119e": { "id": "6619b370-dd2a-4945-a776-1fecf407119e", "title": "wp-Monalisa <= 6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-Monalisa", "slug": "wp-monalisa", "affected_versions": { "* - 6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6619b370-dd2a-4945-a776-1fecf407119e?source=api-scan" ], "published": "2022-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66293047-1d1d-434f-bde6-130197fa93ca": { "id": "66293047-1d1d-434f-bde6-130197fa93ca", "title": "Accordion & FAQ \u2013 Helpie WordPress Accordion FAQ Plugin <= 1.27 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FAQ \/ Accordion \/ Docs \u2013 Helpie WordPress FAQ Accordion plugin", "slug": "helpie-faq", "affected_versions": { "* - 1.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66293047-1d1d-434f-bde6-130197fa93ca?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6629e1a9-3b28-4c8c-95d4-3c0011a7364a": { "id": "6629e1a9-3b28-4c8c-95d4-3c0011a7364a", "title": "Good LMS <= 2.1.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Good LMS - Learning Management System WP Plugin", "slug": "goodlms", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6629e1a9-3b28-4c8c-95d4-3c0011a7364a?source=api-scan" ], "published": "2020-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "662ca451-5c69-4973-afc8-5dc1caf57ad7": { "id": "662ca451-5c69-4973-afc8-5dc1caf57ad7", "title": "Defender Security <= 3.3.2 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Defender Security \u2013 Malware Scanner, Login Security & Firewall", "slug": "defender-security", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/662ca451-5c69-4973-afc8-5dc1caf57ad7?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "662fcf6c-1095-4cea-949f-91af8fba1e47": { "id": "662fcf6c-1095-4cea-949f-91af8fba1e47", "title": "User Meta <= 3.0 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "User Meta \u2013 User Profile Builder and User management plugin", "slug": "user-meta", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/662fcf6c-1095-4cea-949f-91af8fba1e47?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66351875-42d7-45f4-a47f-22e3e26b2770": { "id": "66351875-42d7-45f4-a47f-22e3e26b2770", "title": "Calendar Event Multi View <= 1.3.99 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calendar Event Multi View", "slug": "cp-multi-view-calendar", "affected_versions": { "* - 1.3.99": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.99", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66351875-42d7-45f4-a47f-22e3e26b2770?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6635db72-8302-421d-9011-7eabb57c43a2": { "id": "6635db72-8302-421d-9011-7eabb57c43a2", "title": "Contempo Real Estate Custom Posts <= 3.2.6 - Unauthorized File Upload", "software": [ { "type": "plugin", "name": "Contempo Real Estate Custom Posts", "slug": "contempo-real-estate-custom-posts", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6635db72-8302-421d-9011-7eabb57c43a2?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6635ff4d-cbb4-4e78-9df1-1274eaa737aa": { "id": "6635ff4d-cbb4-4e78-9df1-1274eaa737aa", "title": "All-in-One WP Migration <= 7.40 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "* - 7.40": { "from_version": "*", "from_inclusive": true, "to_version": "7.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6635ff4d-cbb4-4e78-9df1-1274eaa737aa?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66377ee2-cc87-4cfe-a4e4-cef4459bf2ec": { "id": "66377ee2-cc87-4cfe-a4e4-cef4459bf2ec", "title": "Seraphinite Alternative Slugs Manager <= 1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Seraphinite Alternative Slugs Manager", "slug": "seraphinite-old-slugs-mgr", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66377ee2-cc87-4cfe-a4e4-cef4459bf2ec?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "663c54f4-4ca5-4916-b2a5-de3cabe77f38": { "id": "663c54f4-4ca5-4916-b2a5-de3cabe77f38", "title": "SupportCandy <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/663c54f4-4ca5-4916-b2a5-de3cabe77f38?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6647856b-19f2-475a-8d45-d33c7b3a8f92": { "id": "6647856b-19f2-475a-8d45-d33c7b3a8f92", "title": "Easy Property Listings <= 3.5.3 - Missing Authorization via epl_update_listing_coordinates()", "software": [ { "type": "plugin", "name": "Easy Property Listings", "slug": "easy-property-listings", "affected_versions": { "* - 3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6647856b-19f2-475a-8d45-d33c7b3a8f92?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "664d22f2-b7a3-42df-9530-4040160ead2c": { "id": "664d22f2-b7a3-42df-9530-4040160ead2c", "title": "Ajax Archive Calendar <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ajax Archive Calendar", "slug": "ajax-archive-calendar", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/664d22f2-b7a3-42df-9530-4040160ead2c?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66518929-d5e7-4b4d-a04c-a96ad0df308c": { "id": "66518929-d5e7-4b4d-a04c-a96ad0df308c", "title": "weebotLite <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "weebotLite", "slug": "weebotlite", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66518929-d5e7-4b4d-a04c-a96ad0df308c?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66519150-7719-4598-8302-b3437719f0a0": { "id": "66519150-7719-4598-8302-b3437719f0a0", "title": "All-in-One WP Migration <= 7.62 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "* - 7.62": { "from_version": "*", "from_inclusive": true, "to_version": "7.62", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66519150-7719-4598-8302-b3437719f0a0?source=api-scan" ], "published": "2022-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66529116-7b0e-4e2f-96f1-a4d91fa7f956": { "id": "66529116-7b0e-4e2f-96f1-a4d91fa7f956", "title": "Easy Textillate <= 2.01 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Textillate", "slug": "easy-textillate", "affected_versions": { "* - 2.01": { "from_version": "*", "from_inclusive": true, "to_version": "2.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66529116-7b0e-4e2f-96f1-a4d91fa7f956?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66585943-cb70-4296-af66-5b786d1bafb9": { "id": "66585943-cb70-4296-af66-5b786d1bafb9", "title": "reCAPTCHA for all <= 1.22 - Missing Authorization via recaptcha_for_all_image_select", "software": [ { "type": "plugin", "name": "Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.", "slug": "recaptcha-for-all", "affected_versions": { "* - 1.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66585943-cb70-4296-af66-5b786d1bafb9?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66607be6-cca1-4cbb-b1c0-708d640b1151": { "id": "66607be6-cca1-4cbb-b1c0-708d640b1151", "title": "Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Olevmedia Shortcodes", "slug": "olevmedia-shortcodes", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66607be6-cca1-4cbb-b1c0-708d640b1151?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6662581b-a057-4b88-951d-824c64f9cdfd": { "id": "6662581b-a057-4b88-951d-824c64f9cdfd", "title": "YaMaps for WordPress <= 0.6.27 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YaMaps for WordPress Plugin", "slug": "yamaps", "affected_versions": { "* - 0.6.27": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.27", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6662581b-a057-4b88-951d-824c64f9cdfd?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6662c336-c8b6-4017-835f-a91f1abda400": { "id": "6662c336-c8b6-4017-835f-a91f1abda400", "title": "Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Code Insert Manager (Q2W3 Inc Manager)", "slug": "q2w3-inc-manager", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6662c336-c8b6-4017-835f-a91f1abda400?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66697f3e-c023-496d-b553-7d20352e33b5": { "id": "66697f3e-c023-496d-b553-7d20352e33b5", "title": "HubSpot \u2013 CRM, Email Marketing, Live Chat, Forms & Analytics <= 8.8.13 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "HubSpot \u2013 CRM, Email Marketing, Live Chat, Forms & Analytics", "slug": "leadin", "affected_versions": { "[*, 8.8.15)": { "from_version": "*", "from_inclusive": true, "to_version": "8.8.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.8.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66697f3e-c023-496d-b553-7d20352e33b5?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6669d04c-9f97-43a5-a312-1cb3d67d21fa": { "id": "6669d04c-9f97-43a5-a312-1cb3d67d21fa", "title": "Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Rate My Post \u2013 Star Rating Plugin by FeedbackWP", "slug": "rate-my-post", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6669d04c-9f97-43a5-a312-1cb3d67d21fa?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "666b8b39-fab0-4e99-b365-a4ac9f964494": { "id": "666b8b39-fab0-4e99-b365-a4ac9f964494", "title": "Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Symbiostock \u2013 Sell Photos Online For Free!", "slug": "symbiostock", "affected_versions": { "* - 6.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/666b8b39-fab0-4e99-b365-a4ac9f964494?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "666c02bd-d3e2-4e40-b189-b73e1136610b": { "id": "666c02bd-d3e2-4e40-b189-b73e1136610b", "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/666c02bd-d3e2-4e40-b189-b73e1136610b?source=api-scan" ], "published": "2020-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "667023f9-9c45-4182-b1f1-9d85d17aaf58": { "id": "667023f9-9c45-4182-b1f1-9d85d17aaf58", "title": "Video Embed <= 1.0 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Video Embed", "slug": "video-embed-box", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/667023f9-9c45-4182-b1f1-9d85d17aaf58?source=api-scan" ], "published": "2021-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66717800-31ab-4e68-979a-4967dd2caeb8": { "id": "66717800-31ab-4e68-979a-4967dd2caeb8", "title": "Participants Database <= 1.7.5.9 - Unauthorized Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "* - 1.7.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66717800-31ab-4e68-979a-4967dd2caeb8?source=api-scan" ], "published": "2017-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66749606-e76f-41fb-bcf1-c06681de2ee3": { "id": "66749606-e76f-41fb-bcf1-c06681de2ee3", "title": "Master Slider Pro <= 3.6.5 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "masterslider", "slug": "masterslider", "affected_versions": { "* - 3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66749606-e76f-41fb-bcf1-c06681de2ee3?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "667547a9-0dc5-4810-aba9-025f0c222d24": { "id": "667547a9-0dc5-4810-aba9-025f0c222d24", "title": "Account Manager for WooCommerce <= 2.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Account Manager for WooCommerce", "slug": "account-manager-woocommerce", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/667547a9-0dc5-4810-aba9-025f0c222d24?source=api-scan" ], "published": "2022-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6677aa22-3248-41d5-a257-5330455d5bcc": { "id": "6677aa22-3248-41d5-a257-5330455d5bcc", "title": "Book Your Travel <= 8.18.17 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "theme", "name": "Book Your Travel", "slug": "bookyourtravel", "affected_versions": { "* - 8.18.17": { "from_version": "*", "from_inclusive": true, "to_version": "8.18.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.18.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6677aa22-3248-41d5-a257-5330455d5bcc?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "667870b0-916d-4add-a391-ffcc177a3757": { "id": "667870b0-916d-4add-a391-ffcc177a3757", "title": "Site Reviews <= 6.11.8 - IP Address Spoofing to Blocking Bypass", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 6.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/667870b0-916d-4add-a391-ffcc177a3757?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "667d964a-dba6-424a-b3f5-af433616c132": { "id": "667d964a-dba6-424a-b3f5-af433616c132", "title": "BSK PDF Manager 1.3 - 2.9 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BSK PDF Manager", "slug": "bsk-pdf-manager", "affected_versions": { "1.3 - 2.9": { "from_version": "1.3", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/667d964a-dba6-424a-b3f5-af433616c132?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "668621b0-67ef-44fc-a126-e8c4e372666e": { "id": "668621b0-67ef-44fc-a126-e8c4e372666e", "title": "Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/668621b0-67ef-44fc-a126-e8c4e372666e?source=api-scan" ], "published": "2024-08-29 20:31:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "668a77e4-9d0a-4835-be5c-4c1acfe7ba43": { "id": "668a77e4-9d0a-4835-be5c-4c1acfe7ba43", "title": "WP Tools <= 3.42 - Missing Authorization to Select Plugin Installation", "software": [ { "type": "plugin", "name": "WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log", "slug": "wptools", "affected_versions": { "* - 3.42": { "from_version": "*", "from_inclusive": true, "to_version": "3.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/668a77e4-9d0a-4835-be5c-4c1acfe7ba43?source=api-scan" ], "published": "2022-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "668afa62-1326-4067-8d0a-f16788e85ae5": { "id": "668afa62-1326-4067-8d0a-f16788e85ae5", "title": "Post Grid < 2.1.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "[*, 2.1.16)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/668afa62-1326-4067-8d0a-f16788e85ae5?source=api-scan" ], "published": "2022-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "668ba3a9-d53c-45ab-854f-1a9e83dd54b8": { "id": "668ba3a9-d53c-45ab-854f-1a9e83dd54b8", "title": "WP e-Commerce \u2013 Store Exporter <= 1.6.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP e-Commerce \u2013 Store Exporter", "slug": "wp-e-commerce-exporter", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/668ba3a9-d53c-45ab-854f-1a9e83dd54b8?source=api-scan" ], "published": "2016-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "668d4bd3-adde-4347-9169-67c3c96e1743": { "id": "668d4bd3-adde-4347-9169-67c3c96e1743", "title": "ARMember <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/668d4bd3-adde-4347-9169-67c3c96e1743?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66925385-d89e-45c0-a87b-4ad4f7b89d60": { "id": "66925385-d89e-45c0-a87b-4ad4f7b89d60", "title": "Blocks <= 1.6.42 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blocks", "slug": "blocks", "affected_versions": { "* - 1.6.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.42", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66925385-d89e-45c0-a87b-4ad4f7b89d60?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66969472-4b3c-4d56-b761-523ea854e3db": { "id": "66969472-4b3c-4d56-b761-523ea854e3db", "title": "Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "mapsmarker", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66969472-4b3c-4d56-b761-523ea854e3db?source=api-scan" ], "published": "2014-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "669c50b8-316c-4f63-8b78-361cfcfd4d5f": { "id": "669c50b8-316c-4f63-8b78-361cfcfd4d5f", "title": "Limit Login Attempts Reloaded <= 2.17.3 - Login Rate Limiting Bypass", "software": [ { "type": "plugin", "name": "Limit Login Attempts Reloaded", "slug": "limit-login-attempts-reloaded", "affected_versions": { "* - 2.17.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.17.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/669c50b8-316c-4f63-8b78-361cfcfd4d5f?source=api-scan" ], "published": "2020-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "669df758-0c7d-41c9-a9bd-9b3697898c77": { "id": "669df758-0c7d-41c9-a9bd-9b3697898c77", "title": "Plainview Activity Monitor < 20180826 - Remote Command Injection", "software": [ { "type": "plugin", "name": "Plainview Activity Monitor", "slug": "plainview-activity-monitor", "affected_versions": { "[*, 20180826)": { "from_version": "*", "from_inclusive": true, "to_version": "20180826", "to_inclusive": false } }, "patched": true, "patched_versions": [ "20180826" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/669df758-0c7d-41c9-a9bd-9b3697898c77?source=api-scan" ], "published": "2018-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "669f5363-22af-4526-b375-3cca2b1db0ec": { "id": "669f5363-22af-4526-b375-3cca2b1db0ec", "title": "Jazz Popups <= 1.8.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Jazz Popups", "slug": "jazz-popups", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/669f5363-22af-4526-b375-3cca2b1db0ec?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "669fa0eb-9b75-4508-82e7-b1a991f3b01a": { "id": "669fa0eb-9b75-4508-82e7-b1a991f3b01a", "title": "WP Visitors Tracker <= 2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Visitors Tracker", "slug": "wp_visitorstracker", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/669fa0eb-9b75-4508-82e7-b1a991f3b01a?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66a2a159-5748-49bd-9204-e85e1c6729df": { "id": "66a2a159-5748-49bd-9204-e85e1c6729df", "title": "Woo Email Control < 1.02 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woo Email Control", "slug": "woo-email-control", "affected_versions": { "[*, 1.02)": { "from_version": "*", "from_inclusive": true, "to_version": "1.02", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66a2a159-5748-49bd-9204-e85e1c6729df?source=api-scan" ], "published": "2016-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66a5a011-4c2f-4da9-9b17-96af830ba880": { "id": "66a5a011-4c2f-4da9-9b17-96af830ba880", "title": "Nictitate <= 1.1.4 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Nictitate", "slug": "nictitate", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66a5a011-4c2f-4da9-9b17-96af830ba880?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66a65270-182b-44b1-968b-4fc2d8de1ea6": { "id": "66a65270-182b-44b1-968b-4fc2d8de1ea6", "title": "Royal Slider Plugin < 3.2.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RoyalSlider", "slug": "royal-slider", "affected_versions": { "[*, 3.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66a65270-182b-44b1-968b-4fc2d8de1ea6?source=api-scan" ], "published": "2015-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66a6569b-88ec-42d8-8396-6e62f1c51b24": { "id": "66a6569b-88ec-42d8-8396-6e62f1c51b24", "title": "Invit0r <= 0.22 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Invit0r", "slug": "invit0r", "affected_versions": { "* - 0.22": { "from_version": "*", "from_inclusive": true, "to_version": "0.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66a6569b-88ec-42d8-8396-6e62f1c51b24?source=api-scan" ], "published": "2012-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66abfe6b-c706-4e70-b35b-ee04da613933": { "id": "66abfe6b-c706-4e70-b35b-ee04da613933", "title": "Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Remote Content Shortcode", "slug": "remote-content-shortcode", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66abfe6b-c706-4e70-b35b-ee04da613933?source=api-scan" ], "published": "2024-05-29 19:59:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66afddee-a136-4c71-9e5d-3cc1552010cf": { "id": "66afddee-a136-4c71-9e5d-3cc1552010cf", "title": "WP Reset PRO 5.00-5.98 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Reset Pro \u2013 Most Advanced WordPress Reset Tool", "slug": "wp-reset", "affected_versions": { "5.00 - 5.98": { "from_version": "5.00", "from_inclusive": true, "to_version": "5.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66afddee-a136-4c71-9e5d-3cc1552010cf?source=api-scan" ], "published": "2021-11-10 14:45:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66b1f539-9192-43f5-a77d-9763024e6b74": { "id": "66b1f539-9192-43f5-a77d-9763024e6b74", "title": "WP Editor <= 1.2.7 - Sensitive Information Exposure via log file", "software": [ { "type": "plugin", "name": "WP Editor", "slug": "wp-editor", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66b1f539-9192-43f5-a77d-9763024e6b74?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66b1f597-f357-4525-8c67-e0be3a07bcfa": { "id": "66b1f597-f357-4525-8c67-e0be3a07bcfa", "title": "WordPress Core 5.9-6.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Navigation Attributes", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "5.9 - 5.9.7": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.7", "to_inclusive": true }, "6.0 - 6.0.5": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true }, "6.1 - 6.1.3": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true }, "6.2 - 6.2.2": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": true }, "6.3 - 6.3.1": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.8", "6.0.6", "6.1.4", "6.2.3", "6.3.2" ] }, { "type": "plugin", "name": "Gutenberg", "slug": "gutenberg", "affected_versions": { "* - 16.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "16.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66b1f597-f357-4525-8c67-e0be3a07bcfa?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66b6443a-3bd0-4f45-8ad3-424d11ec24e1": { "id": "66b6443a-3bd0-4f45-8ad3-424d11ec24e1", "title": "No Page Comment <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "No Page Comment", "slug": "no-page-comment", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66b6443a-3bd0-4f45-8ad3-424d11ec24e1?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66b7d455-0959-4a7a-b37c-02d1ecac666b": { "id": "66b7d455-0959-4a7a-b37c-02d1ecac666b", "title": "Rotating Posts <= 1.11 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Rotating Posts", "slug": "rotating-posts", "affected_versions": { "* - 1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66b7d455-0959-4a7a-b37c-02d1ecac666b?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66b86375-81e3-4ac8-90e3-8ae34c28c1c2": { "id": "66b86375-81e3-4ac8-90e3-8ae34c28c1c2", "title": "Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dropdown Menu Widget", "slug": "dropdown-menu-widget", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66b86375-81e3-4ac8-90e3-8ae34c28c1c2?source=api-scan" ], "published": "2022-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66b91fe9-ceb3-485c-bf5f-a672656d4e86": { "id": "66b91fe9-ceb3-485c-bf5f-a672656d4e86", "title": "All-in-One WP Migration <= 2.0.2 - Authorization Bypass to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66b91fe9-ceb3-485c-bf5f-a672656d4e86?source=api-scan" ], "published": "2014-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66bc83f5-0f6c-425f-a560-e79e777b76ca": { "id": "66bc83f5-0f6c-425f-a560-e79e777b76ca", "title": "WooCommerce Order Status Change Notifier <= 1.1.0 - Authenticated (Subscriber+) Arbitrary Order Status Update", "software": [ { "type": "plugin", "name": "WooCommerce Order Status Change Notifier", "slug": "woocommerce-order-status-change-notifier", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66bc83f5-0f6c-425f-a560-e79e777b76ca?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66bc8d9c-1a5f-4dca-b15f-8fdf821dbc6f": { "id": "66bc8d9c-1a5f-4dca-b15f-8fdf821dbc6f", "title": "WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP RSS By Publishers", "slug": "wp-rss-by-publishers", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66bc8d9c-1a5f-4dca-b15f-8fdf821dbc6f?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66bca09b-7f53-4e7a-a58c-a28ad6a4825e": { "id": "66bca09b-7f53-4e7a-a58c-a28ad6a4825e", "title": "Download buttons for Youtube videos <= 1.03 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download buttons for Youtube videos", "slug": "audio-video-download-buttons-for-youtube", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66bca09b-7f53-4e7a-a58c-a28ad6a4825e?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66bd0a9f-66ec-42a5-a123-0a468bb43ed8": { "id": "66bd0a9f-66ec-42a5-a123-0a468bb43ed8", "title": "Advanced Coupons for WooCommerce Coupons <= 4.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Coupons \u2013 WooCommerce Coupons, Store Credit, Gift Cards, Loyalty Program, BOGO Coupons, Discount Rules", "slug": "advanced-coupons-for-woocommerce-free", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66bd0a9f-66ec-42a5-a123-0a468bb43ed8?source=api-scan" ], "published": "2022-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66bd5065-aa4c-4b5b-a312-2f7bd1643d35": { "id": "66bd5065-aa4c-4b5b-a312-2f7bd1643d35", "title": "Opal Hotel Room Booking plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Opal Hotel Room Booking", "slug": "opal-hotel-room-booking", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66bd5065-aa4c-4b5b-a312-2f7bd1643d35?source=api-scan" ], "published": "2022-05-17 14:10:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66bf7ac2-8f6b-4064-9474-f0f4192a8b33": { "id": "66bf7ac2-8f6b-4064-9474-f0f4192a8b33", "title": "WebP & SVG Support <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "WebP & SVG Support", "slug": "webp-svg-support", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66bf7ac2-8f6b-4064-9474-f0f4192a8b33?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66c0a19a-d94f-4de0-85a8-de7c7e489e33": { "id": "66c0a19a-d94f-4de0-85a8-de7c7e489e33", "title": "Blossom Recipe Maker <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blossom Recipe Maker", "slug": "blossom-recipe-maker", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66c0a19a-d94f-4de0-85a8-de7c7e489e33?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66c3c02c-0ef4-4d71-97fa-f7b786ae64b9": { "id": "66c3c02c-0ef4-4d71-97fa-f7b786ae64b9", "title": "WordPress Video <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Video", "slug": "wordpress-video", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66c3c02c-0ef4-4d71-97fa-f7b786ae64b9?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66c58d4c-8c36-40af-827d-0e86f2110e3c": { "id": "66c58d4c-8c36-40af-827d-0e86f2110e3c", "title": "WP Login Box <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Login Box", "slug": "wp-login-box", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66c58d4c-8c36-40af-827d-0e86f2110e3c?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66c90387-af23-48fc-94da-708b9c223fe3": { "id": "66c90387-af23-48fc-94da-708b9c223fe3", "title": "Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Swifty Bar, sticky bar by WPGens", "slug": "swifty-bar", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66c90387-af23-48fc-94da-708b9c223fe3?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9": { "id": "66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9?source=api-scan" ], "published": "2024-07-26 23:26:31", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66cd0ed5-070a-4408-9faa-b3d840279f77": { "id": "66cd0ed5-070a-4408-9faa-b3d840279f77", "title": "WordPress Announcement & Notification Banner Plugin \u2013 Bulletin <= 3.8.5 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Announcement & Notification Banner \u2013 Bulletin", "slug": "bulletin-announcements", "affected_versions": { "* - 3.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66cd0ed5-070a-4408-9faa-b3d840279f77?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66ce2d12-8f57-4140-b3cf-0fc8c1c4f3d5": { "id": "66ce2d12-8f57-4140-b3cf-0fc8c1c4f3d5", "title": "Appointment Booking Calendar <= 1.1.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66ce2d12-8f57-4140-b3cf-0fc8c1c4f3d5?source=api-scan" ], "published": "2015-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66d217f1-03cf-496d-b3a4-09f9b5bb7966": { "id": "66d217f1-03cf-496d-b3a4-09f9b5bb7966", "title": "Configure Login Timeout <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Configure Login Timeout", "slug": "configure-login-timeout", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66d217f1-03cf-496d-b3a4-09f9b5bb7966?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66d70cf6-494f-4221-af3b-ee76cf22a305": { "id": "66d70cf6-494f-4221-af3b-ee76cf22a305", "title": "Responsive Cookie Consent < 1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Cookie Consent", "slug": "responsive-cookie-consent", "affected_versions": { "[*, 1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66d70cf6-494f-4221-af3b-ee76cf22a305?source=api-scan" ], "published": "2018-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66d77518-a258-4e79-b483-275855c0a416": { "id": "66d77518-a258-4e79-b483-275855c0a416", "title": "Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.19.20": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66d77518-a258-4e79-b483-275855c0a416?source=api-scan" ], "published": "2024-07-16 18:30:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66da0ad7-18a3-42b9-b59a-5927c6bc836b": { "id": "66da0ad7-18a3-42b9-b59a-5927c6bc836b", "title": "Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata'", "software": [ { "type": "plugin", "name": "Order Your Posts Manually", "slug": "order-your-posts-manually", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66da0ad7-18a3-42b9-b59a-5927c6bc836b?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66dc7618-3d84-4a55-9bed-0f41415ed9e9": { "id": "66dc7618-3d84-4a55-9bed-0f41415ed9e9", "title": "Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaflet Map", "slug": "leaflet-map", "affected_versions": { "* - 2.23.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66dc7618-3d84-4a55-9bed-0f41415ed9e9?source=api-scan" ], "published": "2021-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66ddb0f7-4d4c-4c4f-b766-9a07609cd0e5": { "id": "66ddb0f7-4d4c-4c4f-b766-9a07609cd0e5", "title": "Fruitful < 3.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Fruitful", "slug": "fruitful", "affected_versions": { "[*, 3.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66ddb0f7-4d4c-4c4f-b766-9a07609cd0e5?source=api-scan" ], "published": "2020-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66e55302-f889-4054-817f-aadbdd3c88de": { "id": "66e55302-f889-4054-817f-aadbdd3c88de", "title": "Get Custom Field Values <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta Widget", "software": [ { "type": "plugin", "name": "Get Custom Field Values", "slug": "get-custom-field-values", "affected_versions": { "[*, 4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66e55302-f889-4054-817f-aadbdd3c88de?source=api-scan" ], "published": "2023-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66e5a569-1dd5-40e9-8356-d7c82c8e30ed": { "id": "66e5a569-1dd5-40e9-8356-d7c82c8e30ed", "title": "Uncanny Toolkit for LearnDash <= 3.6.4.3 - Open Redirect", "software": [ { "type": "plugin", "name": "Uncanny Toolkit for LearnDash", "slug": "uncanny-learndash-toolkit", "affected_versions": { "[*, 3.6.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66e5a569-1dd5-40e9-8356-d7c82c8e30ed?source=api-scan" ], "published": "2023-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66e78219-b3fd-40e9-a58c-8e27ef3c5e4a": { "id": "66e78219-b3fd-40e9-a58c-8e27ef3c5e4a", "title": "Subscribers \u2013 Free Web Push Notifications <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscribers \u2013 Free Web Push Notifications", "slug": "subscribers-com", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66e78219-b3fd-40e9-a58c-8e27ef3c5e4a?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66e89753-f83e-4e60-b165-6d3d101d6c59": { "id": "66e89753-f83e-4e60-b165-6d3d101d6c59", "title": "IP Vault \u2013 WP Firewall <= 1.1 - IP Address Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Two-factor authentication (formerly IP Vault)", "slug": "ip-vault-wp-firewall", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66e89753-f83e-4e60-b165-6d3d101d6c59?source=api-scan" ], "published": "2024-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66ed3f4d-1977-487a-942e-3dd599586957": { "id": "66ed3f4d-1977-487a-942e-3dd599586957", "title": "WP Jobs < 1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Jobs", "slug": "wp-jobs", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66ed3f4d-1977-487a-942e-3dd599586957?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66edd8e5-1d5e-425d-a4f4-5359683c1e36": { "id": "66edd8e5-1d5e-425d-a4f4-5359683c1e36", "title": "Simple Vimeo Shortcode <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Simple Vimeo Shortcode", "slug": "the-very-simple-vimeo-shortcode", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66edd8e5-1d5e-425d-a4f4-5359683c1e36?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66efc65e-48d3-4ef9-a369-51448e47686a": { "id": "66efc65e-48d3-4ef9-a369-51448e47686a", "title": "Responsive Image Gallery, Gallery Album <= 2.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66efc65e-48d3-4ef9-a369-51448e47686a?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66f392d0-d5fb-4a8c-b972-becfac6cf6e7": { "id": "66f392d0-d5fb-4a8c-b972-becfac6cf6e7", "title": "iFrame <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via srcdoc", "software": [ { "type": "plugin", "name": "iframe", "slug": "iframe", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66f392d0-d5fb-4a8c-b972-becfac6cf6e7?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66f71de2-055d-42f0-9eb1-145c64f44d5b": { "id": "66f71de2-055d-42f0-9eb1-145c64f44d5b", "title": "Google Analytics MU < 2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Google Analytics MU", "slug": "google-analytics-mu", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66f71de2-055d-42f0-9eb1-145c64f44d5b?source=api-scan" ], "published": "2014-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "66f73c3d-3937-4b9f-a7d6-29c249e46b92": { "id": "66f73c3d-3937-4b9f-a7d6-29c249e46b92", "title": "Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Mapwiz", "slug": "mapwiz", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/66f73c3d-3937-4b9f-a7d6-29c249e46b92?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67008179-2e79-4d20-b36e-b63047fdedd8": { "id": "67008179-2e79-4d20-b36e-b63047fdedd8", "title": "Mailster <= 4.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mailster - Email Newsletter Plugin for WordPress", "slug": "mailster", "affected_versions": { "* - 4.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67008179-2e79-4d20-b36e-b63047fdedd8?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6700e926-21c1-45c9-bca9-62ef0218e998": { "id": "6700e926-21c1-45c9-bca9-62ef0218e998", "title": "Dynamic Featured Image <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dfiFeatured Parameter", "software": [ { "type": "plugin", "name": "Dynamic Featured Image", "slug": "dynamic-featured-image", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6700e926-21c1-45c9-bca9-62ef0218e998?source=api-scan" ], "published": "2024-09-04 21:23:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67021dde-a21c-4281-b4f2-acc840efcc69": { "id": "67021dde-a21c-4281-b4f2-acc840efcc69", "title": "JS Help Desk <= 2.7.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67021dde-a21c-4281-b4f2-acc840efcc69?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6702c762-14c1-490a-92e4-313b785b3407": { "id": "6702c762-14c1-490a-92e4-313b785b3407", "title": "WP REST API <= 1.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP REST API (WP API)", "slug": "json-rest-api", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6702c762-14c1-490a-92e4-313b785b3407?source=api-scan" ], "published": "2015-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6709f9b0-0915-4361-9fb0-1f2696e26c2f": { "id": "6709f9b0-0915-4361-9fb0-1f2696e26c2f", "title": "RSVPMaker <= 10.5.4 - Authenticated (Administrator+) SQL Injection via 'resend'", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "[*, 10.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "10.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "10.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6709f9b0-0915-4361-9fb0-1f2696e26c2f?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "670e92d6-4136-48f1-88d1-69a9fa772a65": { "id": "670e92d6-4136-48f1-88d1-69a9fa772a65", "title": "Easy Digital Downloads \u2013 Simple eCommerce for Selling Digital Files <= 2.11.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 2.11.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/670e92d6-4136-48f1-88d1-69a9fa772a65?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "670ea03e-2f76-48a4-9f40-bc4cfd987a89": { "id": "670ea03e-2f76-48a4-9f40-bc4cfd987a89", "title": "Video PopUp <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Video PopUp", "slug": "video-popup", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/670ea03e-2f76-48a4-9f40-bc4cfd987a89?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6711f542-8b75-4968-86ac-9686ded775b7": { "id": "6711f542-8b75-4968-86ac-9686ded775b7", "title": "WordPress Core 2.1.1 - Supply Chain Compromise", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "2.1.1": { "from_version": "2.1.1", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6711f542-8b75-4968-86ac-9686ded775b7?source=api-scan" ], "published": "2007-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6714ccff-ab6f-4222-96eb-7f442e94f225": { "id": "6714ccff-ab6f-4222-96eb-7f442e94f225", "title": "YellowPencil Visual CSS Style Editor <= 7.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual CSS Style Editor", "slug": "yellow-pencil-visual-theme-customizer", "affected_versions": { "* - 7.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6714ccff-ab6f-4222-96eb-7f442e94f225?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67176209-443c-4f66-b5a8-1dde2f7f0837": { "id": "67176209-443c-4f66-b5a8-1dde2f7f0837", "title": "Postie < 1.4.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Postie", "slug": "postie", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67176209-443c-4f66-b5a8-1dde2f7f0837?source=api-scan" ], "published": "2012-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "671f5ba5-1f18-49fa-aa97-eaebdb3417bb": { "id": "671f5ba5-1f18-49fa-aa97-eaebdb3417bb", "title": "Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 2.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67279c70-c416-4d18-9951-470773b9221a": { "id": "67279c70-c416-4d18-9951-470773b9221a", "title": "Woo Custom and Sequential Order Number <= 2.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Woo Custom and Sequential Order Number", "slug": "woo-custom-and-sequential-order-number", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67279c70-c416-4d18-9951-470773b9221a?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "672edfd2-ca4b-4937-8237-3c0a4acc8690": { "id": "672edfd2-ca4b-4937-8237-3c0a4acc8690", "title": "pb-embedFlash <= 1.5.1 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "pb-embedflash", "slug": "pb-embedflash", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/672edfd2-ca4b-4937-8237-3c0a4acc8690?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "673f0910-8121-4344-b756-2ed5418fdc6b": { "id": "673f0910-8121-4344-b756-2ed5418fdc6b", "title": "Infinite <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via project_url Parameter", "software": [ { "type": "theme", "name": "Infinite", "slug": "infinite", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/673f0910-8121-4344-b756-2ed5418fdc6b?source=api-scan" ], "published": "2024-06-27 18:55:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6741b770-79d3-4797-8f8f-4ca83fde4705": { "id": "6741b770-79d3-4797-8f8f-4ca83fde4705", "title": "WP htaccess Control <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP htaccess Control", "slug": "wp-htaccess-control", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6741b770-79d3-4797-8f8f-4ca83fde4705?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "674461ad-9b61-48c4-af2a-5dfcaeb38215": { "id": "674461ad-9b61-48c4-af2a-5dfcaeb38215", "title": "Shield Security <= 17.0.17 - Missing Authorization", "software": [ { "type": "plugin", "name": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security", "slug": "wp-simple-firewall", "affected_versions": { "[*, 17.0.18)": { "from_version": "*", "from_inclusive": true, "to_version": "17.0.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "17.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/674461ad-9b61-48c4-af2a-5dfcaeb38215?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6745be2e-d151-452a-8e65-0db2409dd54d": { "id": "6745be2e-d151-452a-8e65-0db2409dd54d", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6745be2e-d151-452a-8e65-0db2409dd54d?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6746d20c-d528-4c69-95e4-9f22d6460463": { "id": "6746d20c-d528-4c69-95e4-9f22d6460463", "title": "Zephyr Project Manager <= 3.3.102 - Missing Authorization to Authenticated (Subscriber+) Status Updates", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.102": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.102", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.103" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6746d20c-d528-4c69-95e4-9f22d6460463?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6748841a-0984-4840-90ba-0eeff8564198": { "id": "6748841a-0984-4840-90ba-0eeff8564198", "title": "SALERT <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SALERT \u2013 Fake Sales Notification WooCommerce", "slug": "salert", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6748841a-0984-4840-90ba-0eeff8564198?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "674e6722-d293-4572-80bf-984e74c3e33f": { "id": "674e6722-d293-4572-80bf-984e74c3e33f", "title": "WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute", "software": [ { "type": "plugin", "name": "WPBakery Visual Composer", "slug": "js_composer", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/674e6722-d293-4572-80bf-984e74c3e33f?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "674f75d7-83de-4d0b-80f2-ee83dd474728": { "id": "674f75d7-83de-4d0b-80f2-ee83dd474728", "title": "NextGEN Gallery <= 2.2.44 - Cross-Site Scripting via image alt and title text", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.2.44": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/674f75d7-83de-4d0b-80f2-ee83dd474728?source=api-scan" ], "published": "2018-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6753a37b-7242-4895-a439-f726ad835f61": { "id": "6753a37b-7242-4895-a439-f726ad835f61", "title": "myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6753a37b-7242-4895-a439-f726ad835f61?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6755c415-427e-4572-908c-061ab8f7490a": { "id": "6755c415-427e-4572-908c-061ab8f7490a", "title": "Link Library <= 5.9.13.26 \u2013 SQL Injection", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 5.9.13.26": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.13.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.13.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6755c415-427e-4572-908c-061ab8f7490a?source=api-scan" ], "published": "2017-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "675937dc-a032-4bc4-a449-c815fcb12db6": { "id": "675937dc-a032-4bc4-a449-c815fcb12db6", "title": "Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.19.20": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/675937dc-a032-4bc4-a449-c815fcb12db6?source=api-scan" ], "published": "2024-07-16 18:30:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "675b029a-70f2-434d-8d14-0b9e9c02bd6e": { "id": "675b029a-70f2-434d-8d14-0b9e9c02bd6e", "title": "DZS Video Gallery < 7.95 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DZS Video Gallery", "slug": "dzs-videogallery", "affected_versions": { "[*, 7.95)": { "from_version": "*", "from_inclusive": true, "to_version": "7.95", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.95" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/675b029a-70f2-434d-8d14-0b9e9c02bd6e?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "675c86fb-e01f-4957-a49c-31b96383304f": { "id": "675c86fb-e01f-4957-a49c-31b96383304f", "title": "Cart66 Lite :: WordPress Ecommerce < 1.5.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Cart66 Lite :: WordPress Ecommerce", "slug": "cart66-lite", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/675c86fb-e01f-4957-a49c-31b96383304f?source=api-scan" ], "published": "2014-12-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67631693-ae8a-4532-a9e3-f21b385131a2": { "id": "67631693-ae8a-4532-a9e3-f21b385131a2", "title": "Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "[*, 5.149)": { "from_version": "*", "from_inclusive": true, "to_version": "5.149", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.149" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67631693-ae8a-4532-a9e3-f21b385131a2?source=api-scan" ], "published": "2020-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6763d445-0d4f-4ac0-b41a-a30e09fcb21c": { "id": "6763d445-0d4f-4ac0-b41a-a30e09fcb21c", "title": "LoginPress Pro < 3.0 - Captcha Bypass", "software": [ { "type": "plugin", "name": "LoginPress Pro", "slug": "loginpress-pro", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6763d445-0d4f-4ac0-b41a-a30e09fcb21c?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67678796-61d4-423f-b8f4-3f5667184d06": { "id": "67678796-61d4-423f-b8f4-3f5667184d06", "title": "Quiz Maker <= 6.4.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.4.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67678796-61d4-423f-b8f4-3f5667184d06?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6767cc8e-f327-4891-8d3c-555ba7f5062c": { "id": "6767cc8e-f327-4891-8d3c-555ba7f5062c", "title": "Post Teaser <= 4.1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Post Teaser", "slug": "post-teaser", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6767cc8e-f327-4891-8d3c-555ba7f5062c?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "676c8ed5-5a59-413f-af7a-49d6927cd9b1": { "id": "676c8ed5-5a59-413f-af7a-49d6927cd9b1", "title": "Citadela Listing <= 5.18.1 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Citadela Directory", "slug": "citadela-directory", "affected_versions": { "* - 5.18.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.18.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/676c8ed5-5a59-413f-af7a-49d6927cd9b1?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "676cb664-dd9d-4b6e-80d6-c2afb2298541": { "id": "676cb664-dd9d-4b6e-80d6-c2afb2298541", "title": "ClickSold IDX < 1.49 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ClickSold IDX", "slug": "clicksold-wordpress-plugin", "affected_versions": { "* - 1.48": { "from_version": "*", "from_inclusive": true, "to_version": "1.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/676cb664-dd9d-4b6e-80d6-c2afb2298541?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6776b586-95c9-4e67-b7a3-a016e75d77d1": { "id": "6776b586-95c9-4e67-b7a3-a016e75d77d1", "title": "Sketchfab Embed <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sketchfab Embed", "slug": "sketchfab-oembed", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6776b586-95c9-4e67-b7a3-a016e75d77d1?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67790c0b-c078-4955-a175-977a695392fc": { "id": "67790c0b-c078-4955-a175-977a695392fc", "title": "Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67790c0b-c078-4955-a175-977a695392fc?source=api-scan" ], "published": "2024-06-11 20:53:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67817d5a-2d7a-4b96-9c04-cd1ad9c90b29": { "id": "67817d5a-2d7a-4b96-9c04-cd1ad9c90b29", "title": "Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Ni Purchase Order(PO) For WooCommerce", "slug": "ni-purchase-orderpo-for-woocommerce", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67817d5a-2d7a-4b96-9c04-cd1ad9c90b29?source=api-scan" ], "published": "2023-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6781b7b7-c11a-4328-8d14-ffafc2ccb127": { "id": "6781b7b7-c11a-4328-8d14-ffafc2ccb127", "title": "Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6781b7b7-c11a-4328-8d14-ffafc2ccb127?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6781c76b-bfcb-43b3-8275-5b4c2aa1fe07": { "id": "6781c76b-bfcb-43b3-8275-5b4c2aa1fe07", "title": "Avada <= 5.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "[*, 5.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6781c76b-bfcb-43b3-8275-5b4c2aa1fe07?source=api-scan" ], "published": "2017-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6782d8b3-32f9-42e1-874c-35a1e93ffde0": { "id": "6782d8b3-32f9-42e1-874c-35a1e93ffde0", "title": "Woo Custom Emails <= 2.2 - Reflected Cross-Site Scripting via wcemails_edit", "software": [ { "type": "plugin", "name": "Woo Custom Emails", "slug": "woo-custom-emails", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6782d8b3-32f9-42e1-874c-35a1e93ffde0?source=api-scan" ], "published": "2023-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67856d6b-9be9-494a-b713-f36d5e29e7f1": { "id": "67856d6b-9be9-494a-b713-f36d5e29e7f1", "title": "Piotnet Addons For Elementor Pro <= 7.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor Pro", "slug": "piotnet-addons-for-elementor-pro", "affected_versions": { "* - 7.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67856d6b-9be9-494a-b713-f36d5e29e7f1?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6785be1c-85d4-48f1-be15-275c71284b3e": { "id": "6785be1c-85d4-48f1-be15-275c71284b3e", "title": "Import External Images <= 1.4 - Cross-Site Request Forgery via external_image_import_all_ajax", "software": [ { "type": "plugin", "name": "Import External Images", "slug": "import-external-images", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6785be1c-85d4-48f1-be15-275c71284b3e?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6788b92c-8a2c-4ebb-85ca-eb1fd0f3b0e0": { "id": "6788b92c-8a2c-4ebb-85ca-eb1fd0f3b0e0", "title": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery <= 1.8.14 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery", "slug": "envira-gallery-lite", "affected_versions": { "* - 1.8.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6788b92c-8a2c-4ebb-85ca-eb1fd0f3b0e0?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6788e2ee-ce61-494b-8d7f-6d1144466e58": { "id": "6788e2ee-ce61-494b-8d7f-6d1144466e58", "title": "WP Show Posts <= 1.1.4 - Information Exposure", "software": [ { "type": "plugin", "name": "WP Show Posts", "slug": "wp-show-posts", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67953bf3-5465-4f25-874c-46dff59b2199": { "id": "67953bf3-5465-4f25-874c-46dff59b2199", "title": "Simple Banner <= 2.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Banner \u2013 Easily add multiple Banners\/Bars\/Notifications\/Announcements to the top or bottom of your website", "slug": "simple-banner", "affected_versions": { "* - 2.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67953bf3-5465-4f25-874c-46dff59b2199?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67981160-6c91-48a4-ba1c-68204d538ed6": { "id": "67981160-6c91-48a4-ba1c-68204d538ed6", "title": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes", "software": [ { "type": "plugin", "name": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-blocks", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67981160-6c91-48a4-ba1c-68204d538ed6?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "679da7c0-98b9-4da0-bf1f-5c991e8a8111": { "id": "679da7c0-98b9-4da0-bf1f-5c991e8a8111", "title": "Security Optimizer \u2013 The All-In-One Protection Plugin <= 1.5.0 - Missing Authorization via hide_notice()", "software": [ { "type": "plugin", "name": "Security Optimizer \u2013 The All-In-One Protection Plugin", "slug": "sg-security", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/679da7c0-98b9-4da0-bf1f-5c991e8a8111?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67a44d4c-da3f-4c3d-997b-1417c6906a9c": { "id": "67a44d4c-da3f-4c3d-997b-1417c6906a9c", "title": "Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real Media Library: Media Library Folder & File Manager", "slug": "real-media-library-lite", "affected_versions": { "* - 4.22.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.22.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.22.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67a44d4c-da3f-4c3d-997b-1417c6906a9c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67aa489c-5c54-4163-bc32-5d3ac9ba4e33": { "id": "67aa489c-5c54-4163-bc32-5d3ac9ba4e33", "title": "G Auto-Hyperlink <= 1.0.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "G Auto-Hyperlink", "slug": "g-auto-hyperlink", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67aa489c-5c54-4163-bc32-5d3ac9ba4e33?source=api-scan" ], "published": "2021-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67aaf9fa-e92b-42f2-94ac-f27c5d073002": { "id": "67aaf9fa-e92b-42f2-94ac-f27c5d073002", "title": "WP-Hijri <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Hijri", "slug": "wp-hijri", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67aaf9fa-e92b-42f2-94ac-f27c5d073002?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67ad04d4-49ef-4bc4-b3b0-f2752566145e": { "id": "67ad04d4-49ef-4bc4-b3b0-f2752566145e", "title": "ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions", "software": [ { "type": "plugin", "name": "ARI Adminer \u2013 WordPress Database Manager", "slug": "ari-adminer", "affected_versions": { "* - 1.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67ad04d4-49ef-4bc4-b3b0-f2752566145e?source=api-scan" ], "published": "2019-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67ae29ee-ec3d-41d2-8691-ba1c615d243d": { "id": "67ae29ee-ec3d-41d2-8691-ba1c615d243d", "title": "Meow Gallery (+ Gallery Block) <= 4.1.9 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Meow Gallery", "slug": "meow-gallery", "affected_versions": { "* - 4.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67ae29ee-ec3d-41d2-8691-ba1c615d243d?source=api-scan" ], "published": "2021-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67aee1ec-44af-4904-8a9b-ecfbb8d3b302": { "id": "67aee1ec-44af-4904-8a9b-ecfbb8d3b302", "title": "Check & Log Email <= 1.0.2 - Admin+ SQL Injection via Order and OrderBy parameters", "software": [ { "type": "plugin", "name": "Check & Log Email \u2013 Easy Email Testing & Mail logging", "slug": "check-email", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67aee1ec-44af-4904-8a9b-ecfbb8d3b302?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67b0ddc6-9381-4b18-b623-372a149ffa49": { "id": "67b0ddc6-9381-4b18-b623-372a149ffa49", "title": "SearchIQ \u2013 The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SearchIQ \u2013 The Search Solution", "slug": "searchiq", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67b0ddc6-9381-4b18-b623-372a149ffa49?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67b14116-8708-401c-a037-4976a360256a": { "id": "67b14116-8708-401c-a037-4976a360256a", "title": "WordPress Bitcoin Payments \u2013 Blockonomics <= 3.5.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Bitcoin Payments \u2013 Blockonomics", "slug": "blockonomics-bitcoin-payments", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67b14116-8708-401c-a037-4976a360256a?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67b152b5-e662-4dbd-a7db-87fc63cfb307": { "id": "67b152b5-e662-4dbd-a7db-87fc63cfb307", "title": "Top Quark Architecture Plugin < 2.1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Top Quark Architecture", "slug": "topquark", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67b152b5-e662-4dbd-a7db-87fc63cfb307?source=api-scan" ], "published": "2012-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67b36ed7-d7f4-4944-b721-219d1990971a": { "id": "67b36ed7-d7f4-4944-b721-219d1990971a", "title": "EventPrime <= 4.0.3.2 - Missing Authorization via calendar_event_create()", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 4.0.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67b36ed7-d7f4-4944-b721-219d1990971a?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67b468f7-21c7-424a-a65c-172ef47f0465": { "id": "67b468f7-21c7-424a-a65c-172ef47f0465", "title": "markdown-it < 1.3.2 - Uncontrolled Resource Consumption", "software": [ { "type": "plugin", "name": "Block for Apple Maps", "slug": "maps-block-apple", "affected_versions": { "1.0.3": { "from_version": "1.0.3", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67b468f7-21c7-424a-a65c-172ef47f0465?source=api-scan" ], "published": "2022-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67b5d20b-4032-4d41-8ab7-6063b7e47827": { "id": "67b5d20b-4032-4d41-8ab7-6063b7e47827", "title": "Great Quotes <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Great Quotes", "slug": "great-quotes", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67b5d20b-4032-4d41-8ab7-6063b7e47827?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67c2cac8-c3cf-46d1-a592-229081bc31e1": { "id": "67c2cac8-c3cf-46d1-a592-229081bc31e1", "title": "Reusable Blocks Extended <= 0.9 - Cross-Site Request Forgery via reblex_reusable_screen_block_pattern_registration", "software": [ { "type": "plugin", "name": "Reusable Blocks Extended", "slug": "reusable-blocks-extended", "affected_versions": { "* - 0.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67c2cac8-c3cf-46d1-a592-229081bc31e1?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67c7e67e-3e68-4f49-9d81-fa0ed451376e": { "id": "67c7e67e-3e68-4f49-9d81-fa0ed451376e", "title": "Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67c7e67e-3e68-4f49-9d81-fa0ed451376e?source=api-scan" ], "published": "2015-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67c86b04-fdbd-4782-a362-fdec5e1f7c92": { "id": "67c86b04-fdbd-4782-a362-fdec5e1f7c92", "title": "VM Backups <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VM Backups", "slug": "vm-backups", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67c86b04-fdbd-4782-a362-fdec5e1f7c92?source=api-scan" ], "published": "2021-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67ca3305-9a04-421f-a38e-66b69d2bbd38": { "id": "67ca3305-9a04-421f-a38e-66b69d2bbd38", "title": "Frontend File Manager & Sharing \u2013 User Private Files <= 1.1.2 - Subscriber+ Arbitrary File Upload", "software": [ { "type": "plugin", "name": "User Private Files \u2013 File Upload & Download Manager with Secure File Sharing", "slug": "user-private-files", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67ca3305-9a04-421f-a38e-66b69d2bbd38?source=api-scan" ], "published": "2022-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67cb10e4-5d42-464b-a24f-66811a5d0991": { "id": "67cb10e4-5d42-464b-a24f-66811a5d0991", "title": "ARForms <= 6.4 - Missing Authorization to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67cb10e4-5d42-464b-a24f-66811a5d0991?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67d2364c-6c8b-4b30-8a0e-2f9ee94a3c26": { "id": "67d2364c-6c8b-4b30-8a0e-2f9ee94a3c26", "title": "Side Cart Woocommerce (Ajax) < 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Side Cart Woocommerce | Woocommerce Cart", "slug": "side-cart-woocommerce", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67d2364c-6c8b-4b30-8a0e-2f9ee94a3c26?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52": { "id": "67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52", "title": "Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Products, Order & Customers Export for WooCommerce", "slug": "export-woocommerce", "affected_versions": { "* - 2.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67ddca02-2e92-4aea-ada9-ace0df29c775": { "id": "67ddca02-2e92-4aea-ada9-ace0df29c775", "title": "Ninja Job Board <= 1.3.2 - Information Disclosure", "software": [ { "type": "plugin", "name": "Ninja Job Board \u2013 Ultimate WordPress Job Board Plugin", "slug": "ninja-job-board", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67ddca02-2e92-4aea-ada9-ace0df29c775?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67e0e59d-879c-434f-9ffb-1b97d8105bfa": { "id": "67e0e59d-879c-434f-9ffb-1b97d8105bfa", "title": "Cookie Notice & Consent Banner for GDPR & CCPA Compliance <= 1.7.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Notice & Consent Banner for\u00a0GDPR & CCPA Compliance", "slug": "cookie-notice-and-consent-banner", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67e0e59d-879c-434f-9ffb-1b97d8105bfa?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67e1f412-3b3d-4b36-b4ff-557c4790362a": { "id": "67e1f412-3b3d-4b36-b4ff-557c4790362a", "title": "E Search <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "E-Search", "slug": "e-search", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67e1f412-3b3d-4b36-b4ff-557c4790362a?source=api-scan" ], "published": "2016-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67e2636a-1a5d-4526-aace-b276faf321a7": { "id": "67e2636a-1a5d-4526-aace-b276faf321a7", "title": "WP Live Chat Support <= 8.0.15 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 8.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67e2636a-1a5d-4526-aace-b276faf321a7?source=api-scan" ], "published": "2018-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67e3096e-7641-4f95-9e16-c1b45028c7eb": { "id": "67e3096e-7641-4f95-9e16-c1b45028c7eb", "title": "eCommerce Product Catalog Plugin for WordPress <= 3.0.70 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.0.70": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.70", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67e3096e-7641-4f95-9e16-c1b45028c7eb?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67e3b25e-176f-4a0d-a10d-678ea772ce3c": { "id": "67e3b25e-176f-4a0d-a10d-678ea772ce3c", "title": "amCharts: Charts and Maps <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "amCharts: Charts and Maps", "slug": "amcharts-charts-and-maps", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67e3b25e-176f-4a0d-a10d-678ea772ce3c?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67eef869-a57f-40b5-b289-9353bf5b680a": { "id": "67eef869-a57f-40b5-b289-9353bf5b680a", "title": "WP Testimonial Widget <= 3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Testimonial Widget", "slug": "wp-testimonial-widget", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67eef869-a57f-40b5-b289-9353bf5b680a?source=api-scan" ], "published": "2024-08-20 17:22:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67f143a4-2467-48cf-8024-8529ef4ed449": { "id": "67f143a4-2467-48cf-8024-8529ef4ed449", "title": "WPIDE \u2013 File Manager & Code Editor <= 2.6 - Authenticated (Admininstrator+) Local File Inclusion", "software": [ { "type": "plugin", "name": "WPIDE \u2013 File Manager & Code Editor", "slug": "wpide", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67f143a4-2467-48cf-8024-8529ef4ed449?source=api-scan" ], "published": "2022-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67f405d0-7139-4b5c-ab3c-cd1de5592866": { "id": "67f405d0-7139-4b5c-ab3c-cd1de5592866", "title": "WP Go Maps (formerly WP Google Maps) <= 9.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.32": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67f405d0-7139-4b5c-ab3c-cd1de5592866?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67f81b8a-ef0a-4b6d-a1ee-3e19bda6fd96": { "id": "67f81b8a-ef0a-4b6d-a1ee-3e19bda6fd96", "title": "Stream <= 3.9.1 - Missing Authorization to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Stream", "slug": "stream", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67f81b8a-ef0a-4b6d-a1ee-3e19bda6fd96?source=api-scan" ], "published": "2023-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67f9f44b-badc-48d5-b1d9-11cd6501fa9b": { "id": "67f9f44b-badc-48d5-b1d9-11cd6501fa9b", "title": "Ultimate FAQ <= 1.8.24 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate FAQ Accordion Plugin", "slug": "ultimate-faqs", "affected_versions": { "[*, 1.8.25)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67f9f44b-badc-48d5-b1d9-11cd6501fa9b?source=api-scan" ], "published": "2019-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67fc4141-7875-459b-98d8-d14e0a6f566c": { "id": "67fc4141-7875-459b-98d8-d14e0a6f566c", "title": "EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67fc4141-7875-459b-98d8-d14e0a6f566c?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "67fe46cd-a6c4-4d0a-842a-f61334559731": { "id": "67fe46cd-a6c4-4d0a-842a-f61334559731", "title": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation <= 2.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation", "slug": "menu-ordering-reservations", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/67fe46cd-a6c4-4d0a-842a-f61334559731?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "680219f5-631e-4318-bf1b-598947bec7d6": { "id": "680219f5-631e-4318-bf1b-598947bec7d6", "title": "GetResponse for WordPress <= 5.5.35 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GetResponse for WordPress", "slug": "getresponse-integration", "affected_versions": { "* - 5.5.35": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.35", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/680219f5-631e-4318-bf1b-598947bec7d6?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68042416-efa6-4814-a8d9-c74ab652c4ed": { "id": "68042416-efa6-4814-a8d9-c74ab652c4ed", "title": "ZenLite <= 4.3 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "ZenLite", "slug": "zenlite", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68042416-efa6-4814-a8d9-c74ab652c4ed?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68052614-204f-4237-af0e-4b8210ebd59f": { "id": "68052614-204f-4237-af0e-4b8210ebd59f", "title": "Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "* - 5.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.15.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.15.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68052614-204f-4237-af0e-4b8210ebd59f?source=api-scan" ], "published": "2023-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "680746a3-8a72-4ec2-9f58-d744f40168ed": { "id": "680746a3-8a72-4ec2-9f58-d744f40168ed", "title": "MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder < 1.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder", "slug": "mailchimp-subscribe-sm", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/680746a3-8a72-4ec2-9f58-d744f40168ed?source=api-scan" ], "published": "2015-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "680b2194-0c5e-4d5c-86d8-4c1e8de378d7": { "id": "680b2194-0c5e-4d5c-86d8-4c1e8de378d7", "title": "Master Addons for Elementor <= 1.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "[*, 1.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/680b2194-0c5e-4d5c-86d8-4c1e8de378d7?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68110321-db1a-4634-98cd-0afd3ec933b8": { "id": "68110321-db1a-4634-98cd-0afd3ec933b8", "title": "Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68110321-db1a-4634-98cd-0afd3ec933b8?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "681fd20b-6d89-4434-bf38-ccd2fa33a912": { "id": "681fd20b-6d89-4434-bf38-ccd2fa33a912", "title": "Upload Fields for WPForms <= 1.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Upload Fields for WPForms \u2013 Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms", "slug": "upload-fields-for-wpforms", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/681fd20b-6d89-4434-bf38-ccd2fa33a912?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68263c7d-6da0-46b2-bb78-45acf615359d": { "id": "68263c7d-6da0-46b2-bb78-45acf615359d", "title": "Yoast Duplicate Post <= 2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast Duplicate Post", "slug": "duplicate-post", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68263c7d-6da0-46b2-bb78-45acf615359d?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "682a7439-d10a-48b7-84c5-60ac00cf7879": { "id": "682a7439-d10a-48b7-84c5-60ac00cf7879", "title": "Paid Memberships Pro <= 3.0.5 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/682a7439-d10a-48b7-84c5-60ac00cf7879?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "682b40ad-ca62-47eb-9abc-fd43122d11c8": { "id": "682b40ad-ca62-47eb-9abc-fd43122d11c8", "title": "InLinks <= 1.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "inlinks", "slug": "inlinks", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/682b40ad-ca62-47eb-9abc-fd43122d11c8?source=api-scan" ], "published": "2017-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6830f98b-21f8-4089-9091-1dcd31697425": { "id": "6830f98b-21f8-4089-9091-1dcd31697425", "title": "WP Markdown Editor (Formerly Dark Mode) < 1.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Markdown Editor (Formerly Dark Mode)", "slug": "dark-mode", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6830f98b-21f8-4089-9091-1dcd31697425?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "683131a0-eec3-4251-b322-5c2088855687": { "id": "683131a0-eec3-4251-b322-5c2088855687", "title": "Bulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization", "software": [ { "type": "plugin", "name": "Bulk Posts Editing For WordPress", "slug": "ithemeland-bulk-posts-editing-lite", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/683131a0-eec3-4251-b322-5c2088855687?source=api-scan" ], "published": "2024-05-14 12:16:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6837b91d-b3ba-435a-965b-fa18d9b9b9c8": { "id": "6837b91d-b3ba-435a-965b-fa18d9b9b9c8", "title": "RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 9.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "9.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6837b91d-b3ba-435a-965b-fa18d9b9b9c8?source=api-scan" ], "published": "2022-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68394503-d989-40d8-b033-24c011294158": { "id": "68394503-d989-40d8-b033-24c011294158", "title": "Tutor LMS <= 2.7.2 - Authenticated (Tutor Instructor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68394503-d989-40d8-b033-24c011294158?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "683cc327-e17e-49f6-a903-f8a40bb832d1": { "id": "683cc327-e17e-49f6-a903-f8a40bb832d1", "title": "XStore <= 9.3.8 - Unauthenticated SQL Injection", "software": [ { "type": "theme", "name": "XStore", "slug": "xstore", "affected_versions": { "* - 9.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/683cc327-e17e-49f6-a903-f8a40bb832d1?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "683e10af-5414-4959-9823-93e88e84bb1b": { "id": "683e10af-5414-4959-9823-93e88e84bb1b", "title": "Crowdsignal Dashboard < 2.0.21 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "[*, 2.0.21)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/683e10af-5414-4959-9823-93e88e84bb1b?source=api-scan" ], "published": "2013-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6840add4-62db-4b99-b48b-0b51aa2451b8": { "id": "6840add4-62db-4b99-b48b-0b51aa2451b8", "title": "Product Enquiry for WooCommerce <= 3.1 - Unauthenticated Stored Cross-Site Scripting via name", "software": [ { "type": "plugin", "name": "Product Enquiry for WooCommerce", "slug": "gm-woocommerce-quote-popup", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6840add4-62db-4b99-b48b-0b51aa2451b8?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6840c91f-a5d9-4940-8a08-d62acc5d43eb": { "id": "6840c91f-a5d9-4940-8a08-d62acc5d43eb", "title": "Themify Builder <= 7.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Themify Builder", "slug": "themify-builder", "affected_versions": { "* - 7.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6840c91f-a5d9-4940-8a08-d62acc5d43eb?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "684253b3-0a96-4822-84c8-bde8ed45f35e": { "id": "684253b3-0a96-4822-84c8-bde8ed45f35e", "title": "Paid Membership, User Registration, User Profile & Restrict Content Plugin \u2013 ProfilePress <= 3.1.10 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 3.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/684253b3-0a96-4822-84c8-bde8ed45f35e?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6843939b-889f-45d7-9758-4b76a20d15f1": { "id": "6843939b-889f-45d7-9758-4b76a20d15f1", "title": "Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Dynamic Font Replacement DFR4WP EN", "slug": "dynamic-font-replacement-4wp", "affected_versions": { "* - 1.3 EN": { "from_version": "*", "from_inclusive": true, "to_version": "1.3 EN", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6843939b-889f-45d7-9758-4b76a20d15f1?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6845b506-3d38-47f6-9348-d7931e65707a": { "id": "6845b506-3d38-47f6-9348-d7931e65707a", "title": "WooCommerce PensoPay <= 6.3.1 - Reflected Cross-Site Scripting via 'pensopay_action'", "software": [ { "type": "plugin", "name": "WooCommerce PensoPay", "slug": "woo-pensopay", "affected_versions": { "* - 6.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6845b506-3d38-47f6-9348-d7931e65707a?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "684a1e8e-30f2-47dd-9df6-145198030c52": { "id": "684a1e8e-30f2-47dd-9df6-145198030c52", "title": "Avada <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "[*, 6.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/684a1e8e-30f2-47dd-9df6-145198030c52?source=api-scan" ], "published": "2020-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "684b0166-56fc-433f-ae34-0ff5071e7f05": { "id": "684b0166-56fc-433f-ae34-0ff5071e7f05", "title": "Bold Page Builder <= 2.3.1 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/684b0166-56fc-433f-ae34-0ff5071e7f05?source=api-scan" ], "published": "2019-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "684e199b-c3c9-47d5-a67e-8f4735eaed84": { "id": "684e199b-c3c9-47d5-a67e-8f4735eaed84", "title": "Photo Gallery by 10Web <= 1.8.27 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/684e199b-c3c9-47d5-a67e-8f4735eaed84?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6867d573-4ba1-4b82-b285-0696134d42fc": { "id": "6867d573-4ba1-4b82-b285-0696134d42fc", "title": "th23 Social <= 1.2.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "th23 Social", "slug": "th23-social", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6867d573-4ba1-4b82-b285-0696134d42fc?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6870e237-2c2f-46c7-bf00-b3f1bedb8d8d": { "id": "6870e237-2c2f-46c7-bf00-b3f1bedb8d8d", "title": "Ad-minister <= 0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ad-minister", "slug": "ad-minister", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6870e237-2c2f-46c7-bf00-b3f1bedb8d8d?source=api-scan" ], "published": "2013-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68721ded-0a80-4cff-aaf0-59b2fcf67456": { "id": "68721ded-0a80-4cff-aaf0-59b2fcf67456", "title": "Ultimate Product Catalogue <= 5.2.15 - Cross-Site Request Forgery via reset_settings()", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "* - 5.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68721ded-0a80-4cff-aaf0-59b2fcf67456?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68774d9c-7abc-416d-8ab9-2713a1bad377": { "id": "68774d9c-7abc-416d-8ab9-2713a1bad377", "title": "teachPress <= 8.1.8 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "teachPress", "slug": "teachpress", "affected_versions": { "* - 8.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68774d9c-7abc-416d-8ab9-2713a1bad377?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "687c86af-915e-4028-910e-ab83bcd86a1a": { "id": "687c86af-915e-4028-910e-ab83bcd86a1a", "title": "ExactMetrics <= 7.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ExactMetrics \u2013 Google Analytics Dashboard for WordPress (Website Stats Plugin)", "slug": "google-analytics-dashboard-for-wp", "affected_versions": { "* - 7.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.14.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.14.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/687c86af-915e-4028-910e-ab83bcd86a1a?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "687cd0ac-5f78-4429-b6b5-dd1113143a4d": { "id": "687cd0ac-5f78-4429-b6b5-dd1113143a4d", "title": "Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mobile browser color select", "slug": "mobile-browser-color-select", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/687cd0ac-5f78-4429-b6b5-dd1113143a4d?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6881b0ad-7f11-4709-8c17-37aa505bad4c": { "id": "6881b0ad-7f11-4709-8c17-37aa505bad4c", "title": "\u0c24\u0c46\u0c32\u0c41\u0c17\u0c41 \u0c2c\u0c48\u0c2c\u0c3f\u0c32\u0c4d \u0c35\u0c1a\u0c28\u0c2e\u0c41\u0c32\u0c41 <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\u0c24\u0c46\u0c32\u0c41\u0c17\u0c41 \u0c2c\u0c48\u0c2c\u0c3f\u0c32\u0c4d \u0c35\u0c1a\u0c28\u0c2e\u0c41\u0c32\u0c41", "slug": "telugu-bible-verse-daily", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6881b0ad-7f11-4709-8c17-37aa505bad4c?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6881c774-a20f-4b18-8ce2-7e60d89073d6": { "id": "6881c774-a20f-4b18-8ce2-7e60d89073d6", "title": "Admin Management Xtended <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Management Xtended", "slug": "admin-management-xtended", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6881c774-a20f-4b18-8ce2-7e60d89073d6?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "688353c9-e4e5-4717-9651-15d05248554f": { "id": "688353c9-e4e5-4717-9651-15d05248554f", "title": "Footer Putter <= 6.1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Footer Putter", "slug": "footer-putter", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/688353c9-e4e5-4717-9651-15d05248554f?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "688d30ac-9b30-4298-a935-316e5503a31b": { "id": "688d30ac-9b30-4298-a935-316e5503a31b", "title": "SpiderFAQ <= 1.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpiderFAQ", "slug": "spider-faq", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/688d30ac-9b30-4298-a935-316e5503a31b?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6892fefa-3866-4dbf-8604-dd4bc1e7d481": { "id": "6892fefa-3866-4dbf-8604-dd4bc1e7d481", "title": "The Awesome Feed \u2013 Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "The Awesome Feed \u2013 Custom Feed", "slug": "wp-facebook-feed", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6892fefa-3866-4dbf-8604-dd4bc1e7d481?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "689511e0-1355-4fcb-8a72-d819abc8e9a3": { "id": "689511e0-1355-4fcb-8a72-d819abc8e9a3", "title": "ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update", "software": [ { "type": "plugin", "name": "ACF Photo Gallery Field", "slug": "navz-photo-gallery", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/689511e0-1355-4fcb-8a72-d819abc8e9a3?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6897a8fe-c32e-430a-847c-23d1add2355d": { "id": "6897a8fe-c32e-430a-847c-23d1add2355d", "title": "Various Orange themes (Various Unspecified Versions) - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "theme", "name": "Rockstar Theme", "slug": "rockstar-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Bulteno Theme", "slug": "bulteno-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Oxygen Theme", "slug": "oxygen-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Reganto Theme", "slug": "reganto-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Rayoflight Theme", "slug": "rayoflight-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Bordeaux Theme", "slug": "bordeaux-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Radial Theme", "slug": "radial-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "AgriTourismo", "slug": "agritourismo-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6897a8fe-c32e-430a-847c-23d1add2355d?source=api-scan" ], "published": "2013-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "689abb68-0c19-4f89-91db-fd15ab8bca8e": { "id": "689abb68-0c19-4f89-91db-fd15ab8bca8e", "title": "Event Espresso 4 Decaf \u2013 Event Registration Event Ticketing <= 4.10.46.decaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification", "software": [ { "type": "plugin", "name": "Event Espresso \u2013 Event Registration & Ticketing Sales", "slug": "event-espresso-decaf", "affected_versions": { "* - 4.10.46.decaf": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.46.decaf", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.22.decaf" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/689abb68-0c19-4f89-91db-fd15ab8bca8e?source=api-scan" ], "published": "2024-08-20 17:26:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "689eb95b-2f72-4aa4-9f21-6ae186346061": { "id": "689eb95b-2f72-4aa4-9f21-6ae186346061", "title": "Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Author+) HTML Injection", "software": [ { "type": "plugin", "name": "Elementor Header & Footer Builder", "slug": "header-footer-elementor", "affected_versions": { "* - 1.6.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/689eb95b-2f72-4aa4-9f21-6ae186346061?source=api-scan" ], "published": "2024-05-16 08:08:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "689ed1b8-8ef9-4994-8a39-9e0b079aed9a": { "id": "689ed1b8-8ef9-4994-8a39-9e0b079aed9a", "title": "WP ADA Compliance Check Basic \u2013 Most Comprehensive Web Accessibility Solution for WordPress <= 3.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP ADA Compliance Check Basic \u2013 Most Comprehensive Web Accessibility Solution for WordPress", "slug": "wp-ada-compliance-check-basic", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/689ed1b8-8ef9-4994-8a39-9e0b079aed9a?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "689f3667-2dda-40a8-8627-d38c6c6816fc": { "id": "689f3667-2dda-40a8-8627-d38c6c6816fc", "title": "Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contests by Rewards Fuel", "slug": "contests-from-rewards-fuel", "affected_versions": { "* - 2.0.62": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.62", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/689f3667-2dda-40a8-8627-d38c6c6816fc?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68a509ae-9943-4b9a-8ede-2b5732e96e6d": { "id": "68a509ae-9943-4b9a-8ede-2b5732e96e6d", "title": "Contact Form by WPForms \u2013 Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation", "software": [ { "type": "plugin", "name": "WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More", "slug": "wpforms-lite", "affected_versions": { "* - 1.8.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68a509ae-9943-4b9a-8ede-2b5732e96e6d?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68a520bb-261a-43f0-993d-de208035afe5": { "id": "68a520bb-261a-43f0-993d-de208035afe5", "title": "WP-Piwik <= 1.0.27 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Display Name", "software": [ { "type": "plugin", "name": "Connect Matomo (WP-Matomo, WP-Piwik)", "slug": "wp-piwik", "affected_versions": { "* - 1.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68a520bb-261a-43f0-993d-de208035afe5?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68aba88f-e7f9-42d7-9dea-045e7fef7056": { "id": "68aba88f-e7f9-42d7-9dea-045e7fef7056", "title": "Google Language Translator <= 5.0.05 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translate WordPress \u2013 Google Language Translator", "slug": "google-language-translator", "affected_versions": { "[*, 5.0.06)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.06", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68aba88f-e7f9-42d7-9dea-045e7fef7056?source=api-scan" ], "published": "2016-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68b202f7-fff1-4056-9b5b-b42b25189706": { "id": "68b202f7-fff1-4056-9b5b-b42b25189706", "title": "Contact Form Integrated With Google Maps 1.0 - 2.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Integrated With Google Maps", "slug": "contact-form-integrated-with-google-maps", "affected_versions": { "1.0 - 2.4": { "from_version": "1.0", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68b202f7-fff1-4056-9b5b-b42b25189706?source=api-scan" ], "published": "2014-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68b4ef1f-93cc-4fbd-9713-9cbc6ad59f5e": { "id": "68b4ef1f-93cc-4fbd-9713-9cbc6ad59f5e", "title": "Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "leaflet-maps-marker-pro", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68b4ef1f-93cc-4fbd-9713-9cbc6ad59f5e?source=api-scan" ], "published": "2014-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68c1776e-8e29-4eea-87d0-cf7318a64f7d": { "id": "68c1776e-8e29-4eea-87d0-cf7318a64f7d", "title": "Store Locator Plus <= 5.5.15 - Authenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Store Locator Plus\u00ae for WordPress", "slug": "store-locator-le", "affected_versions": { "* - 5.5.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68c1776e-8e29-4eea-87d0-cf7318a64f7d?source=api-scan" ], "published": "2021-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68c22e71-c704-44c1-86e6-856f6244393d": { "id": "68c22e71-c704-44c1-86e6-856f6244393d", "title": "Simple Long Form <= 2.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Long Form", "slug": "simple-long-form", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68c22e71-c704-44c1-86e6-856f6244393d?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68cc2aec-f21d-482d-a8bd-bbc60f593cb5": { "id": "68cc2aec-f21d-482d-a8bd-bbc60f593cb5", "title": "flickrRSS <= 5.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "flickrRSS", "slug": "flickr-rss", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68cc2aec-f21d-482d-a8bd-bbc60f593cb5?source=api-scan" ], "published": "2018-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68d44dd9-cfe4-4bc0-aa2e-9b7fb766870a": { "id": "68d44dd9-cfe4-4bc0-aa2e-9b7fb766870a", "title": "ScrollReveal.js Effects <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ScrollReveal.js Effects", "slug": "scrollrevealjs-effects", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68d44dd9-cfe4-4bc0-aa2e-9b7fb766870a?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68d71bd0-176c-4eee-99c2-9b591d6f70d3": { "id": "68d71bd0-176c-4eee-99c2-9b591d6f70d3", "title": "ECPay Logistics for WooCommerce <= 1.2.181030 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ECPay Logistics for WooCommerce", "slug": "ecpay-logistics-for-woocommerce", "affected_versions": { "* - 1.2.181030": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.181030", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1910240" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68d71bd0-176c-4eee-99c2-9b591d6f70d3?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a": { "id": "68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a", "title": "WPLegalPages <= 2.9.2 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages", "slug": "wplegalpages", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a?source=api-scan" ], "published": "2023-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68d9aeac-2c01-4afd-8307-906f1bc595d7": { "id": "68d9aeac-2c01-4afd-8307-906f1bc595d7", "title": "Ultimate Bootstrap Elements for Elementor <= 1.4.4 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Ultimate Bootstrap Elements for Elementor", "slug": "ultimate-bootstrap-elements-for-elementor", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68d9aeac-2c01-4afd-8307-906f1bc595d7?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68d9b56b-2460-48d5-95ca-b64e65592b16": { "id": "68d9b56b-2460-48d5-95ca-b64e65592b16", "title": "Polldaddy Polls & Rating < 2.0.24 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "[*, 2.0.24)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68d9b56b-2460-48d5-95ca-b64e65592b16?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68ddc0a1-2f5a-446d-9d83-b6028d012956": { "id": "68ddc0a1-2f5a-446d-9d83-b6028d012956", "title": "WP LiveChat <= 3.7.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LiveChat \u2013 WP live chat plugin for WordPress", "slug": "wp-live-chat-software-for-wordpress", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68ddc0a1-2f5a-446d-9d83-b6028d012956?source=api-scan" ], "published": "2019-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68e0f54d-08ec-4e41-ac9b-d72cdde5a724": { "id": "68e0f54d-08ec-4e41-ac9b-d72cdde5a724", "title": "Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion", "software": [ { "type": "plugin", "name": "Where I Was, Where I Will Be", "slug": "where-i-was-where-i-will-be", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68e0f54d-08ec-4e41-ac9b-d72cdde5a724?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68e6675e-b9f4-41e5-8ebf-abab53f5d542": { "id": "68e6675e-b9f4-41e5-8ebf-abab53f5d542", "title": "Far Future Expiry Header <= 1.4 - Plugin's Settings Update via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Far Future Expiry Header", "slug": "far-future-expiry-header", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68e6675e-b9f4-41e5-8ebf-abab53f5d542?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68e6ec3a-c5fd-4f63-a9a0-2c9ddfb96e2e": { "id": "68e6ec3a-c5fd-4f63-a9a0-2c9ddfb96e2e", "title": "YaySMTP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting via Email", "software": [ { "type": "plugin", "name": "YaySMTP \u2013 WP SMTP Plugin with Full Email Log & 15+ SMTP Services", "slug": "yaysmtp", "affected_versions": { "2.4.5": { "from_version": "2.4.5", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68e6ec3a-c5fd-4f63-a9a0-2c9ddfb96e2e?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68e838d4-2ff2-4925-b2ff-ba3f7b379010": { "id": "68e838d4-2ff2-4925-b2ff-ba3f7b379010", "title": "ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "3.0.0 - 3.1.3": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68e838d4-2ff2-4925-b2ff-ba3f7b379010?source=api-scan" ], "published": "2021-06-28 19:45:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68ec28e8-345c-4017-ab0d-04ac4facd60c": { "id": "68ec28e8-345c-4017-ab0d-04ac4facd60c", "title": "Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68ec28e8-345c-4017-ab0d-04ac4facd60c?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68eec693-bffe-4f3a-8e76-edf9f13093d4": { "id": "68eec693-bffe-4f3a-8e76-edf9f13093d4", "title": "WooCommerce <= 8.5.2 - Missing Authorization to Private\/Draft Product Disclosure", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "post-new", "affected_versions": { "[*, 8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68eec693-bffe-4f3a-8e76-edf9f13093d4?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68f41e88-ed36-4361-bddd-41495a540cd9": { "id": "68f41e88-ed36-4361-bddd-41495a540cd9", "title": "WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness", "software": [ { "type": "plugin", "name": "WP Reset \u2013 Most Advanced WordPress Reset Tool", "slug": "wp-reset", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68f41e88-ed36-4361-bddd-41495a540cd9?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68f460dc-bb7f-4477-821b-925c7c2c2de5": { "id": "68f460dc-bb7f-4477-821b-925c7c2c2de5", "title": "WordPress Landing Pages <= 1.8.4 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Landing Pages", "slug": "landing-pages", "affected_versions": { "[*, 1.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68f460dc-bb7f-4477-821b-925c7c2c2de5?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68f5bc13-b0b2-48b6-82ac-ff02367f4780": { "id": "68f5bc13-b0b2-48b6-82ac-ff02367f4780", "title": "WooPayments \u2013 Fully Integrated Solution Built and Supported by Woo <= 6.6.2 - Unauthenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WooPayments: Integrated WooCommerce Payments", "slug": "woocommerce-payments", "affected_versions": { "* - 6.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68f5bc13-b0b2-48b6-82ac-ff02367f4780?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68f87cc7-fde5-4cd6-ab25-bf05cd3b5cde": { "id": "68f87cc7-fde5-4cd6-ab25-bf05cd3b5cde", "title": "WordPress Core < 5.4.1 - Cross-Site Scripting in the Block Editor", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.32": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.32", "to_inclusive": true }, "3.8 - 3.8.32": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.32", "to_inclusive": true }, "3.9 - 3.9.30": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.30", "to_inclusive": true }, "4.0 - 4.0.29": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.29", "to_inclusive": true }, "4.1 - 4.1.29": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.29", "to_inclusive": true }, "4.2 - 4.2.26": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.26", "to_inclusive": true }, "4.3 - 4.3.22": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.22", "to_inclusive": true }, "4.4 - 4.4.21": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.21", "to_inclusive": true }, "4.5 - 4.5.20": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.20", "to_inclusive": true }, "4.6 - 4.6.17": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.17", "to_inclusive": true }, "4.7 - 4.7.16": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.16", "to_inclusive": true }, "4.8 - 4.8.12": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.12", "to_inclusive": true }, "4.9 - 4.9.13": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true }, "5.0 - 5.0.8": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true }, "5.1 - 5.1.4": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true }, "5.2 - 5.2.5": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true }, "5.3 - 5.3.2": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true }, "5.4": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.33", "3.8.33", "3.9.31", "4.0.30", "4.1.30", "4.2.27", "4.3.23", "4.4.22", "4.5.21", "4.6.18", "4.7.17", "4.8.13", "4.9.14", "5.0.9", "5.1.5", "5.2.6", "5.3.3", "5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68f87cc7-fde5-4cd6-ab25-bf05cd3b5cde?source=api-scan" ], "published": "2020-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68fc0a8b-b667-49fd-b015-ced27f5ccce8": { "id": "68fc0a8b-b667-49fd-b015-ced27f5ccce8", "title": "WP Server Health Stats <= 1.7.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Server Health Stats", "slug": "wp-server-stats", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68fc0a8b-b667-49fd-b015-ced27f5ccce8?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68fd5e6f-9883-4e8f-9c4f-5905b487629a": { "id": "68fd5e6f-9883-4e8f-9c4f-5905b487629a", "title": "MS-Reviews <= 1.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MS-Reviews", "slug": "ms-reviews", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68fd5e6f-9883-4e8f-9c4f-5905b487629a?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68fe0f74-96d7-4d5b-99a2-dff4f1c9d30b": { "id": "68fe0f74-96d7-4d5b-99a2-dff4f1c9d30b", "title": "Plugmatter Pricing Table Lite <= 1.0.32 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plugmatter Pricing Table Lite ", "slug": "plugmatter-pricing-table", "affected_versions": { "* - 1.0.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.32", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68fe0f74-96d7-4d5b-99a2-dff4f1c9d30b?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68fe17e2-d5ab-4ebd-a5c6-d65cea327abd": { "id": "68fe17e2-d5ab-4ebd-a5c6-d65cea327abd", "title": "Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Template Kit \u2013 Import", "slug": "template-kit-import", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] }, { "type": "plugin", "name": "Envato Elements \u2013 Photos & Elementor Templates", "slug": "envato-elements", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68fe17e2-d5ab-4ebd-a5c6-d65cea327abd?source=api-scan" ], "published": "2021-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "68fee8cb-476d-4962-b830-59fd823329ac": { "id": "68fee8cb-476d-4962-b830-59fd823329ac", "title": "Better Messages <= 1.9.10.57 - Resource Exhaustion", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "* - 1.9.10.57": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.10.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68fee8cb-476d-4962-b830-59fd823329ac?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69007bd5-cbfa-47f1-acef-29ff493959f0": { "id": "69007bd5-cbfa-47f1-acef-29ff493959f0", "title": "Checkout Mestres WP <= 8.6 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Checkout Mestres do WP for WooCommerce", "slug": "checkout-mestres-wp", "affected_versions": { "* - 8.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69007bd5-cbfa-47f1-acef-29ff493959f0?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69025975-9fb7-47a7-9dea-68f4c01d5fdc": { "id": "69025975-9fb7-47a7-9dea-68f4c01d5fdc", "title": "Email Encoder <= 2.1.1 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers", "slug": "email-encoder-bundle", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69025975-9fb7-47a7-9dea-68f4c01d5fdc?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6903e37e-5251-47bb-8023-755821af4689": { "id": "6903e37e-5251-47bb-8023-755821af4689", "title": "User Avatar <= 1.4.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Avatar", "slug": "user-avatar", "affected_versions": { "* - 1.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6903e37e-5251-47bb-8023-755821af4689?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "690cc457-7951-4a4d-979b-8464513a3b50": { "id": "690cc457-7951-4a4d-979b-8464513a3b50", "title": "Memberpress <= 1.11.34 - Missing Authorization", "software": [ { "type": "plugin", "name": "Memberpress", "slug": "memberpress", "affected_versions": { "* - 1.11.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/690cc457-7951-4a4d-979b-8464513a3b50?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69150437-dfd6-436a-b100-99f5001c7fe7": { "id": "69150437-dfd6-436a-b100-99f5001c7fe7", "title": "iThemes Exchange < 1.12.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ithemes-exchange", "slug": "ithemes-exchange", "affected_versions": { "[*, 1.12.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69150437-dfd6-436a-b100-99f5001c7fe7?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "691962c2-e67f-4f6e-9002-6f2a4ccbbdee": { "id": "691962c2-e67f-4f6e-9002-6f2a4ccbbdee", "title": "Modula Image Gallery <= 2.2.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modula Image Gallery", "slug": "modula-best-grid-gallery", "affected_versions": { "[*, 2.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/691962c2-e67f-4f6e-9002-6f2a4ccbbdee?source=api-scan" ], "published": "2020-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "691b080c-052a-4967-a251-98a17038448d": { "id": "691b080c-052a-4967-a251-98a17038448d", "title": "WP e-Commerce Swipe plugin <= 3.1.0 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP e-Commerce Swipe plugin", "slug": "swipehq-payment-gateway-wp-e-commerce", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/691b080c-052a-4967-a251-98a17038448d?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "691b7428-73e5-4800-85a1-19daa85aff4e": { "id": "691b7428-73e5-4800-85a1-19daa85aff4e", "title": "Prime Slider \u2013 Addons For Elementor <= 3.11.10 - Incorrect Authorization via bdt_duplicate_as_draft", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.11.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/691b7428-73e5-4800-85a1-19daa85aff4e?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "691c0f3b-b723-4310-b4df-ed3e1db9d548": { "id": "691c0f3b-b723-4310-b4df-ed3e1db9d548", "title": "WP Plugin Info Card < 2.3.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Plugin Info Card", "slug": "wp-plugin-info-card", "affected_versions": { "[*, 2.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/691c0f3b-b723-4310-b4df-ed3e1db9d548?source=api-scan" ], "published": "2015-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "691eb4c1-18ba-433b-8725-70f2ecf89b0a": { "id": "691eb4c1-18ba-433b-8725-70f2ecf89b0a", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/691eb4c1-18ba-433b-8725-70f2ecf89b0a?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6921c5a7-4895-40f0-99c4-90f78416820d": { "id": "6921c5a7-4895-40f0-99c4-90f78416820d", "title": "Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team", "slug": "adl-team", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6921c5a7-4895-40f0-99c4-90f78416820d?source=api-scan" ], "published": "2022-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6921da1b-e63d-479a-9786-9b1bd8201d69": { "id": "6921da1b-e63d-479a-9786-9b1bd8201d69", "title": "Mosaic <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Mosaic", "slug": "mosaic", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6921da1b-e63d-479a-9786-9b1bd8201d69?source=api-scan" ], "published": "2024-06-21 15:08:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "692e995d-cdfc-4ab8-8a8a-5423eb7f8d15": { "id": "692e995d-cdfc-4ab8-8a8a-5423eb7f8d15", "title": "Download SpamReferrerBlock <= 2.22 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpamReferrerBlock", "slug": "spamreferrerblock", "affected_versions": { "* - 2.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/692e995d-cdfc-4ab8-8a8a-5423eb7f8d15?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6935bca8-ad64-4c55-9cf0-c7dd088d8c0c": { "id": "6935bca8-ad64-4c55-9cf0-c7dd088d8c0c", "title": "Google Places Reviews < 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Reviews Block for Google", "slug": "google-places-reviews", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6935bca8-ad64-4c55-9cf0-c7dd088d8c0c?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "693fbac2-46b8-4771-99b5-6cd97096286e": { "id": "693fbac2-46b8-4771-99b5-6cd97096286e", "title": "WP Visitor Statistics (Real Time Traffic) <= 5.4 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Visitor Statistics (Real Time Traffic)", "slug": "wp-stats-manager", "affected_versions": { "* - 5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/693fbac2-46b8-4771-99b5-6cd97096286e?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "694005fc-7703-4343-a7b4-d36906869df3": { "id": "694005fc-7703-4343-a7b4-d36906869df3", "title": "CampTix Event Ticketing <= 1.4.2 - CSV Injection", "software": [ { "type": "plugin", "name": "CampTix Event Ticketing", "slug": "camptix", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/694005fc-7703-4343-a7b4-d36906869df3?source=api-scan" ], "published": "2016-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69401e9f-6bd3-49b8-8ebd-6904db680610": { "id": "69401e9f-6bd3-49b8-8ebd-6904db680610", "title": "WP Tabs \u2013 Responsive Tabs Plugin for WordPress <= 1.8.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Tabs \u2013 Responsive Tabs and Custom Product Tabs", "slug": "wp-expand-tabs-free", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69401e9f-6bd3-49b8-8ebd-6904db680610?source=api-scan" ], "published": "2018-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6942b352-2468-4310-a69c-2590b3b3a4a8": { "id": "6942b352-2468-4310-a69c-2590b3b3a4a8", "title": "TAKETIN To WP Membership <= 2.8.0 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "TAKETIN To WP Membership", "slug": "taketin-to-wp-membership", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6942b352-2468-4310-a69c-2590b3b3a4a8?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69430e1a-db2f-4715-84aa-5a1dfd712180": { "id": "69430e1a-db2f-4715-84aa-5a1dfd712180", "title": "WP Job Manager <= 2.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Job Manager", "slug": "wp-job-manager", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69430e1a-db2f-4715-84aa-5a1dfd712180?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69435cb6-9591-45bb-86e3-eaf1a9bc46f9": { "id": "69435cb6-9591-45bb-86e3-eaf1a9bc46f9", "title": "Ninja Forms Contact Form <= 2.9.18 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 2.9.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69435cb6-9591-45bb-86e3-eaf1a9bc46f9?source=api-scan" ], "published": "2015-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69475bec-1f27-4793-8697-1132ac701c62": { "id": "69475bec-1f27-4793-8697-1132ac701c62", "title": "WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage()", "software": [ { "type": "plugin", "name": "WP To Do", "slug": "wp-todo", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69475bec-1f27-4793-8697-1132ac701c62?source=api-scan" ], "published": "2024-05-29 15:54:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "694c120a-d9cb-46a6-be24-9f1530bc2183": { "id": "694c120a-d9cb-46a6-be24-9f1530bc2183", "title": "All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 4.2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/694c120a-d9cb-46a6-be24-9f1530bc2183?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "694d0b49-c4dd-40f0-99c9-5eb8c3c08ba9": { "id": "694d0b49-c4dd-40f0-99c9-5eb8c3c08ba9", "title": "Brizy \u2013 Page Builder <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.43": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/694d0b49-c4dd-40f0-99c9-5eb8c3c08ba9?source=api-scan" ], "published": "2024-06-04 17:29:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "694fe940-3d0a-4a71-99d3-bcf3a8010585": { "id": "694fe940-3d0a-4a71-99d3-bcf3a8010585", "title": "Amelia <= 1.0.46 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/694fe940-3d0a-4a71-99d3-bcf3a8010585?source=api-scan" ], "published": "2022-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69527d4b-49b6-47cd-93b6-39350f881ec9": { "id": "69527d4b-49b6-47cd-93b6-39350f881ec9", "title": "Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69527d4b-49b6-47cd-93b6-39350f881ec9?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6953dea2-ca2d-4283-97c2-45c3420d9390": { "id": "6953dea2-ca2d-4283-97c2-45c3420d9390", "title": "WP Responsive header image slider <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Responsive header image slider", "slug": "responsive-header-image-slider", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6953dea2-ca2d-4283-97c2-45c3420d9390?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6954364e-567c-407c-afc6-983b7257cc88": { "id": "6954364e-567c-407c-afc6-983b7257cc88", "title": "Quotes for WooCommerce <= 2.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quotes for WooCommerce", "slug": "quotes-for-woocommerce", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6954364e-567c-407c-afc6-983b7257cc88?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "695819e6-2574-4047-a55d-a78289c29ba0": { "id": "695819e6-2574-4047-a55d-a78289c29ba0", "title": "Photo Gallery by 10Web <= 1.5.54 - SQL Injection via bwg_search_x Parameter", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.55)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.55", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/695819e6-2574-4047-a55d-a78289c29ba0?source=api-scan" ], "published": "2020-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69618c44-5298-4b03-a63a-76f195206c8b": { "id": "69618c44-5298-4b03-a63a-76f195206c8b", "title": "Export Users With Meta < 0.6.5 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Export Users With Meta", "slug": "user-export-with-their-meta-data", "affected_versions": { "[*, 0.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69618c44-5298-4b03-a63a-76f195206c8b?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6963b3ed-1b88-49bb-aa2e-99905c14f4c6": { "id": "6963b3ed-1b88-49bb-aa2e-99905c14f4c6", "title": "UpQode Google Maps <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "UpQode Google Maps", "slug": "upqode-google-maps", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6963b3ed-1b88-49bb-aa2e-99905c14f4c6?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69654827-842f-483d-ae4c-b9c7ae271f82": { "id": "69654827-842f-483d-ae4c-b9c7ae271f82", "title": "Admin Columns Free < 4.3.2 and Pro < 5.5.2 Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Columns", "slug": "codepress-admin-columns", "affected_versions": { "[*, 4.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.2" ] }, { "type": "plugin", "name": "Admin Columns Pro", "slug": "admin-columns-pro", "affected_versions": { "[*, 5.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69654827-842f-483d-ae4c-b9c7ae271f82?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69693a9a-fc9e-49ea-8c41-438ee6af7ee8": { "id": "69693a9a-fc9e-49ea-8c41-438ee6af7ee8", "title": "Event List < 0.8.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event List", "slug": "event-list", "affected_versions": { "* - 0.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69693a9a-fc9e-49ea-8c41-438ee6af7ee8?source=api-scan" ], "published": "2022-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69695e2e-2086-4d50-8518-0b2f5ab9ea56": { "id": "69695e2e-2086-4d50-8518-0b2f5ab9ea56", "title": "myCred <= 2.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69695e2e-2086-4d50-8518-0b2f5ab9ea56?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6969d281-f280-4714-9859-38ac66e9cc60": { "id": "6969d281-f280-4714-9859-38ac66e9cc60", "title": "Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check", "software": [ { "type": "plugin", "name": "Edwiser Bridge \u2013 WordPress Moodle LMS Integration", "slug": "edwiser-bridge", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6969d281-f280-4714-9859-38ac66e9cc60?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "696c379a-c5a4-489f-8363-8aea9a4da814": { "id": "696c379a-c5a4-489f-8363-8aea9a4da814", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/696c379a-c5a4-489f-8363-8aea9a4da814?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "696d5fe3-1344-461b-a26f-e5099a836c33": { "id": "696d5fe3-1344-461b-a26f-e5099a836c33", "title": "WP Job Manager < 1.23.8 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Job Manager", "slug": "wp-job-manager", "affected_versions": { "[*, 1.23.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.23.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/696d5fe3-1344-461b-a26f-e5099a836c33?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "696f7c68-d19a-48ee-abc0-044f1734dfdb": { "id": "696f7c68-d19a-48ee-abc0-044f1734dfdb", "title": "WordPress Core < 3.8.2 - Contributor Users Can Publish Posts", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.1": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true }, "3.8 - 3.8.1": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2", "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/696f7c68-d19a-48ee-abc0-044f1734dfdb?source=api-scan" ], "published": "2014-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69711a11-96c2-458d-87f5-a3d8152ab20c": { "id": "69711a11-96c2-458d-87f5-a3d8152ab20c", "title": "Bulk Block Converter <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bulk Block Converter", "slug": "bulk-block-converter", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69711a11-96c2-458d-87f5-a3d8152ab20c?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6971eea0-9d0b-4a7f-be05-001c34770c2f": { "id": "6971eea0-9d0b-4a7f-be05-001c34770c2f", "title": "Ping List Pro <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ping List Pro", "slug": "ping-list-pro", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6971eea0-9d0b-4a7f-be05-001c34770c2f?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69725919-490c-4357-872c-d8112af5fe40": { "id": "69725919-490c-4357-872c-d8112af5fe40", "title": "Import all XML, CSV & TXT into WordPress < 6.4.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 6.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69725919-490c-4357-872c-d8112af5fe40?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6972f776-993c-4e5f-b347-5c784c42601c": { "id": "6972f776-993c-4e5f-b347-5c784c42601c", "title": "Social Media Feather <= 2.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Feather | social media sharing", "slug": "social-media-feather", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6972f776-993c-4e5f-b347-5c784c42601c?source=api-scan" ], "published": "2022-02-10 14:33:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6973c8e0-d14b-4945-be1c-b7c8b44a4bcf": { "id": "6973c8e0-d14b-4945-be1c-b7c8b44a4bcf", "title": "Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking", "slug": "tourfic", "affected_versions": { "* - 2.11.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6973c8e0-d14b-4945-be1c-b7c8b44a4bcf?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6975e84e-06ab-41b1-ae39-64685a878d15": { "id": "6975e84e-06ab-41b1-ae39-64685a878d15", "title": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress <= 7.3.4 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6975e84e-06ab-41b1-ae39-64685a878d15?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "697ce433-f321-4977-a2ad-68369d9ce9c3": { "id": "697ce433-f321-4977-a2ad-68369d9ce9c3", "title": "Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/697ce433-f321-4977-a2ad-68369d9ce9c3?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "697e8954-5adb-472a-a961-4e14f22d3b66": { "id": "697e8954-5adb-472a-a961-4e14f22d3b66", "title": "Popup Maker <= 1.16.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.16.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/697e8954-5adb-472a-a961-4e14f22d3b66?source=api-scan" ], "published": "2022-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "697e9828-2bc9-4732-b564-4cb44a1dc369": { "id": "697e9828-2bc9-4732-b564-4cb44a1dc369", "title": "WP Sentry <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Sentry", "slug": "wp-sentry", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/697e9828-2bc9-4732-b564-4cb44a1dc369?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "698079d0-b539-431c-98c3-c69d0352d214": { "id": "698079d0-b539-431c-98c3-c69d0352d214", "title": "Custom More Link Complete <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom More Link Complete", "slug": "custom-more-link-complete", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/698079d0-b539-431c-98c3-c69d0352d214?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6985a8bb-0ad5-4b02-9a95-9dbc6018dec0": { "id": "6985a8bb-0ad5-4b02-9a95-9dbc6018dec0", "title": "Category SEO Meta Tags <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Category SEO Meta Tags", "slug": "category-seo-meta-tags", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6985a8bb-0ad5-4b02-9a95-9dbc6018dec0?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6985e92d-0e7c-409c-a4ab-1edbadad3715": { "id": "6985e92d-0e7c-409c-a4ab-1edbadad3715", "title": "SEO Redirection Plugin \u2013 301 Redirect Manager <= 8.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "* - 8.9": { "from_version": "*", "from_inclusive": true, "to_version": "8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6985e92d-0e7c-409c-a4ab-1edbadad3715?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6989e54b-ce5e-4c79-bd0d-0f7978a4bd44": { "id": "6989e54b-ce5e-4c79-bd0d-0f7978a4bd44", "title": "NEX-Forms \u2013 Ultimate Form Builder < 4.6.1 - SQL Injection", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "[*, 4.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6989e54b-ce5e-4c79-bd0d-0f7978a4bd44?source=api-scan" ], "published": "2015-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "698c8c4e-77ca-491c-bdd5-4a3d3b99b1b4": { "id": "698c8c4e-77ca-491c-bdd5-4a3d3b99b1b4", "title": "Custom WooCommerce Checkout Fields Editor <= 1.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom WooCommerce Checkout Fields Editor", "slug": "add-fields-to-checkout-page-woocommerce", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/698c8c4e-77ca-491c-bdd5-4a3d3b99b1b4?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69902627-ce79-4a43-8949-43db6a9cc0dd": { "id": "69902627-ce79-4a43-8949-43db6a9cc0dd", "title": "Left right image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Left right image slideshow gallery", "slug": "left-right-image-slideshow-gallery", "affected_versions": { "* - 12.0": { "from_version": "*", "from_inclusive": true, "to_version": "12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69902627-ce79-4a43-8949-43db6a9cc0dd?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69903c2e-749a-4a7d-99a2-b63c26d4170a": { "id": "69903c2e-749a-4a7d-99a2-b63c26d4170a", "title": "Eunoia (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Eunoia", "slug": "eunoia", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69903c2e-749a-4a7d-99a2-b63c26d4170a?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6990abdc-232f-4c25-8cba-c2639f315434": { "id": "6990abdc-232f-4c25-8cba-c2639f315434", "title": "Cab fare calculator <= 1.0.3 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Cab fare calculator", "slug": "cab-fare-calculator", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6990abdc-232f-4c25-8cba-c2639f315434?source=api-scan" ], "published": "2022-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69938f8a-cd43-426c-8746-0c7dc1d65582": { "id": "69938f8a-cd43-426c-8746-0c7dc1d65582", "title": "REVIEWS.io <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "REVIEWS.io for WooCommerce", "slug": "reviewscouk-for-woocommerce", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69938f8a-cd43-426c-8746-0c7dc1d65582?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "699459a1-d407-4561-9d08-dd5d918ea601": { "id": "699459a1-d407-4561-9d08-dd5d918ea601", "title": "Ajax Domain Checker <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ajax Domain Checker", "slug": "ajax-domain-checker", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/699459a1-d407-4561-9d08-dd5d918ea601?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69971673-e317-452c-8c54-97de006a214f": { "id": "69971673-e317-452c-8c54-97de006a214f", "title": "HTTP Headers <= 1.18.11 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "HTTP Headers", "slug": "http-headers", "affected_versions": { "* - 1.18.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69971673-e317-452c-8c54-97de006a214f?source=api-scan" ], "published": "2023-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6998cf4c-6086-402b-a95f-ee6a4980dffb": { "id": "6998cf4c-6086-402b-a95f-ee6a4980dffb", "title": "tagDiv Composer <= 4.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6998cf4c-6086-402b-a95f-ee6a4980dffb?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "699a83e0-1b92-4f16-9e8f-40576afaaa01": { "id": "699a83e0-1b92-4f16-9e8f-40576afaaa01", "title": "WPMobile.App \u2014 Android and iOS Mobile Application <= 11.41 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPMobile.App \u2014 Android and iOS Mobile Application", "slug": "wpappninja", "affected_versions": { "* - 11.41": { "from_version": "*", "from_inclusive": true, "to_version": "11.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/699a83e0-1b92-4f16-9e8f-40576afaaa01?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "699e5c80-8a11-4f67-8b17-41170d9c6411": { "id": "699e5c80-8a11-4f67-8b17-41170d9c6411", "title": "Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced iFrame", "slug": "advanced-iframe", "affected_versions": { "* - 2024.1": { "from_version": "*", "from_inclusive": true, "to_version": "2024.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2024.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/699e5c80-8a11-4f67-8b17-41170d9c6411?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69a0262e-6061-4139-ac59-b1a13dd2f147": { "id": "69a0262e-6061-4139-ac59-b1a13dd2f147", "title": "Sermon Browser < 0.43.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sermon Browser", "slug": "sermon-browser", "affected_versions": { "[*, 0.43.6)": { "from_version": "*", "from_inclusive": true, "to_version": "0.43.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.43.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69a0262e-6061-4139-ac59-b1a13dd2f147?source=api-scan" ], "published": "2011-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69a14e2f-442e-421c-bf5d-0bff3b822911": { "id": "69a14e2f-442e-421c-bf5d-0bff3b822911", "title": "GivingPress Lite <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "GivingPress Lite", "slug": "givingpress-lite", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69a14e2f-442e-421c-bf5d-0bff3b822911?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69a9f449-9f94-4da3-9fd0-4eac72b6d8be": { "id": "69a9f449-9f94-4da3-9fd0-4eac72b6d8be", "title": "Custom Body Class <= 0.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Body Class", "slug": "wp-custom-body-class", "affected_versions": { "* - 0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69a9f449-9f94-4da3-9fd0-4eac72b6d8be?source=api-scan" ], "published": "2019-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69ab17fc-8290-4230-8c44-25d12009c08a": { "id": "69ab17fc-8290-4230-8c44-25d12009c08a", "title": "Paid Member Subscriptions <= 2.10.4 - Cross-Site Request Forgery via ajax_add_log_entry", "software": [ { "type": "plugin", "name": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction", "slug": "paid-member-subscriptions", "affected_versions": { "* - 2.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69ab17fc-8290-4230-8c44-25d12009c08a?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69ab404b-1c2f-441b-8622-3cf830587d95": { "id": "69ab404b-1c2f-441b-8622-3cf830587d95", "title": "Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Title", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69ab404b-1c2f-441b-8622-3cf830587d95?source=api-scan" ], "published": "2024-07-24 00:12:34", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69b173ec-f7e9-4473-9b85-9a204a51cdf5": { "id": "69b173ec-f7e9-4473-9b85-9a204a51cdf5", "title": "Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 11.5": { "from_version": "*", "from_inclusive": true, "to_version": "11.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.6-RC5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69b173ec-f7e9-4473-9b85-9a204a51cdf5?source=api-scan" ], "published": "2019-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69b2f126-8f57-4bea-b0e9-14b4566ac470": { "id": "69b2f126-8f57-4bea-b0e9-14b4566ac470", "title": "404 to 301 \u2013 Redirect, Log and Notify 404 Errors <= 2.0.2 - SQL Injection", "software": [ { "type": "plugin", "name": "404 to 301 \u2013 Redirect, Log and Notify 404 Errors", "slug": "404-to-301", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69b2f126-8f57-4bea-b0e9-14b4566ac470?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69ba1a39-ddb0-4661-8104-d8bb71710e0c": { "id": "69ba1a39-ddb0-4661-8104-d8bb71710e0c", "title": "Interact: Embed A Quiz On Your Site <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Interact: Embed A Quiz On Your Site", "slug": "interact-quiz-embed", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69ba1a39-ddb0-4661-8104-d8bb71710e0c?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69bc3b17-87fd-4e69-b769-85bbf13b214e": { "id": "69bc3b17-87fd-4e69-b769-85bbf13b214e", "title": "Chained Quiz <= 1.3.2.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69bc3b17-87fd-4e69-b769-85bbf13b214e?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69bd850d-79bf-429e-b133-6caefeba7377": { "id": "69bd850d-79bf-429e-b133-6caefeba7377", "title": "WPML <= 4.5.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 4.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69bd850d-79bf-429e-b133-6caefeba7377?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69bdd5e6-1334-42bc-a13f-215eb61733e7": { "id": "69bdd5e6-1334-42bc-a13f-215eb61733e7", "title": "Contus Video Comments <= 1.0 - Authorization Bypass", "software": [ { "type": "plugin", "name": "contus-video-comments", "slug": "contus-video-comments", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69bdd5e6-1334-42bc-a13f-215eb61733e7?source=api-scan" ], "published": "2016-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69c7b0e4-89bf-480c-8e89-b1514d2bfefe": { "id": "69c7b0e4-89bf-480c-8e89-b1514d2bfefe", "title": "WP Meta SEO <= 4.4.8 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69c7b0e4-89bf-480c-8e89-b1514d2bfefe?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69cc7b6c-b6c2-4bba-afb4-86ba1b36b295": { "id": "69cc7b6c-b6c2-4bba-afb4-86ba1b36b295", "title": "WP Recipe Maker <= 9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69cc7b6c-b6c2-4bba-afb4-86ba1b36b295?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69cf2f28-33ae-441e-95d2-01d187c7745a": { "id": "69cf2f28-33ae-441e-95d2-01d187c7745a", "title": "Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Upload Images", "slug": "auto-upload-images", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69cf2f28-33ae-441e-95d2-01d187c7745a?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69d3d66c-5557-4fb4-8bd7-05d76d6b86ab": { "id": "69d3d66c-5557-4fb4-8bd7-05d76d6b86ab", "title": "Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing", "software": [ { "type": "plugin", "name": "Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin", "slug": "page-builder-sandwich", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69d957d3-a0d5-44ec-a9b0-8c9b41175379": { "id": "69d957d3-a0d5-44ec-a9b0-8c9b41175379", "title": "Livestream Notice <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Livestream Notice", "slug": "livestream-notice", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69d957d3-a0d5-44ec-a9b0-8c9b41175379?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69dc9236-8079-434f-b2b5-060a0c5eba46": { "id": "69dc9236-8079-434f-b2b5-060a0c5eba46", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69dc9236-8079-434f-b2b5-060a0c5eba46?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69e15a1b-4984-4889-8c57-a731a0334963": { "id": "69e15a1b-4984-4889-8c57-a731a0334963", "title": "Ultimate Reviews <= 3.2.8 - Unauthenticated stored Cross-Site Scripting via reviews", "software": [ { "type": "plugin", "name": "Ultimate Reviews", "slug": "ultimate-reviews", "affected_versions": { "* - 3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69e15a1b-4984-4889-8c57-a731a0334963?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69e92c75-5b14-43d9-a169-a1f8b51ab41d": { "id": "69e92c75-5b14-43d9-a169-a1f8b51ab41d", "title": "File Manager <= 2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69e92c75-5b14-43d9-a169-a1f8b51ab41d?source=api-scan" ], "published": "2018-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69ec31f3-8ec8-40ad-ba7f-77f9132ad51f": { "id": "69ec31f3-8ec8-40ad-ba7f-77f9132ad51f", "title": "iubenda | All-in-one Compliance for GDPR \/ CCPA Cookie Consent + more <= 3.0.8 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "iubenda | All-in-one Compliance for GDPR \/ CCPA Cookie Consent + more", "slug": "iubenda-cookie-law-solution", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69ec31f3-8ec8-40ad-ba7f-77f9132ad51f?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69ed990e-6c40-49d5-859c-768a5a6a803f": { "id": "69ed990e-6c40-49d5-859c-768a5a6a803f", "title": "Mail Masta <= 1.0 - SQL Injection via filter_list parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69ed990e-6c40-49d5-859c-768a5a6a803f?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69f29a7a-5671-4de1-a010-413f20b41495": { "id": "69f29a7a-5671-4de1-a010-413f20b41495", "title": "Bit Form \u2013 Contact Form Plugin <= 2.13.11 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "* - 2.13.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69f29a7a-5671-4de1-a010-413f20b41495?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69f2fc37-4c02-48da-b1e8-350ecc8ba086": { "id": "69f2fc37-4c02-48da-b1e8-350ecc8ba086", "title": "Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69f2fc37-4c02-48da-b1e8-350ecc8ba086?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69f54737-4b0f-49ba-a331-1b252a5e45cb": { "id": "69f54737-4b0f-49ba-a331-1b252a5e45cb", "title": "Translate WordPress with GTranslate <= 2.9.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translate WordPress with GTranslate", "slug": "gtranslate", "affected_versions": { "[*, 2.9.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69f54737-4b0f-49ba-a331-1b252a5e45cb?source=api-scan" ], "published": "2022-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69f861bf-933f-4413-a5c0-fd39ee78e594": { "id": "69f861bf-933f-4413-a5c0-fd39ee78e594", "title": "WP Statistics <= 12.6.6.1 - Unauthenticated Stored Cross-Site Scripting via IP Manipulation", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "[*, 12.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "12.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "12.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69f861bf-933f-4413-a5c0-fd39ee78e594?source=api-scan" ], "published": "2019-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69fa0b8f-8509-47a8-951a-830271b2b29e": { "id": "69fa0b8f-8509-47a8-951a-830271b2b29e", "title": "WooCommerce <= 3.2.3 - Authenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 3.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69fa0b8f-8509-47a8-951a-830271b2b29e?source=api-scan" ], "published": "2017-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69fd1068-4bbd-4e8a-9d35-5e9a072c72e1": { "id": "69fd1068-4bbd-4e8a-9d35-5e9a072c72e1", "title": "Relevanssi <= 3.6.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "[*, 3.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69fd1068-4bbd-4e8a-9d35-5e9a072c72e1?source=api-scan" ], "published": "2018-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69fd66db-5693-4976-96c0-60dbfeccd14f": { "id": "69fd66db-5693-4976-96c0-60dbfeccd14f", "title": "InPost Gallery <= 2.1.4.1 - Reflected Cross-Site Scripting via 'imgurl'", "software": [ { "type": "plugin", "name": "InPost Gallery", "slug": "inpost-gallery", "affected_versions": { "* - 2.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69fd66db-5693-4976-96c0-60dbfeccd14f?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "69ffb5fb-16f5-4ef8-81c5-b119da859488": { "id": "69ffb5fb-16f5-4ef8-81c5-b119da859488", "title": "SEO Backlinks <= 4.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SEO Backlinks", "slug": "seo-backlinks", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/69ffb5fb-16f5-4ef8-81c5-b119da859488?source=api-scan" ], "published": "2021-07-26 06:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a03792a-7e14-41c6-a60c-cb5d389f7539": { "id": "6a03792a-7e14-41c6-a60c-cb5d389f7539", "title": "Exchange Addon Table Rate Shipping < 1.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "exchange-addon-table-rate-shipping", "slug": "exchange-addon-table-rate-shipping", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a03792a-7e14-41c6-a60c-cb5d389f7539?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a061553-c988-4a31-a0a2-7a2608faa33f": { "id": "6a061553-c988-4a31-a0a2-7a2608faa33f", "title": "Backuply \u2013 Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Backuply \u2013 Backup, Restore, Migrate and Clone", "slug": "backuply", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a061553-c988-4a31-a0a2-7a2608faa33f?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a09e351-8326-4b31-bba5-5da34b417843": { "id": "6a09e351-8326-4b31-bba5-5da34b417843", "title": "DZS Video Gallery <= 9.63 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DZS Video Gallery", "slug": "dzs-videogallery", "affected_versions": { "* - 9.63": { "from_version": "*", "from_inclusive": true, "to_version": "9.63", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a09e351-8326-4b31-bba5-5da34b417843?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a0a0395-c193-4686-ba97-73fdd40d3048": { "id": "6a0a0395-c193-4686-ba97-73fdd40d3048", "title": "HUSKY \u2013 Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a0a0395-c193-4686-ba97-73fdd40d3048?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a0be61b-a1ee-499f-b991-58d5494bce18": { "id": "6a0be61b-a1ee-499f-b991-58d5494bce18", "title": "Zendrop \u2013 Global Dropshipping <= 1.0.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Zendrop \u2013 Global Dropshipping", "slug": "zendrop-dropshipping-and-fulfillment", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a0be61b-a1ee-499f-b991-58d5494bce18?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a0c948b-7f14-450e-858a-77c1d3dd0761": { "id": "6a0c948b-7f14-450e-858a-77c1d3dd0761", "title": "All in One SEO <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "[*, 2.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a0c948b-7f14-450e-858a-77c1d3dd0761?source=api-scan" ], "published": "2018-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a11e7c9-f565-4a8c-895f-425c6654b5a9": { "id": "6a11e7c9-f565-4a8c-895f-425c6654b5a9", "title": "Rescue Shortcodes <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rescue Shortcodes", "slug": "rescue-shortcodes", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a11e7c9-f565-4a8c-895f-425c6654b5a9?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a12acf0-932e-4dff-9da6-9fbace11dbe1": { "id": "6a12acf0-932e-4dff-9da6-9fbace11dbe1", "title": "Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a19972e-6ff9-4d18-a327-5cafef96a637": { "id": "6a19972e-6ff9-4d18-a327-5cafef96a637", "title": "Like Button Rating <= 2.6.37 - Unauthorised Vote Export to Email & IP Addresses Disclosure", "software": [ { "type": "plugin", "name": "Like Button Rating \u2665 LikeBtn", "slug": "likebtn-like-button", "affected_versions": { "* - 2.6.37": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a19972e-6ff9-4d18-a327-5cafef96a637?source=api-scan" ], "published": "2021-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a19d494-08d1-479a-8ba4-edeb2873866a": { "id": "6a19d494-08d1-479a-8ba4-edeb2873866a", "title": "Multi Currency For WooCommerce <= 1.5.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multi Currency For WooCommerce", "slug": "wc-multi-currency", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a19d494-08d1-479a-8ba4-edeb2873866a?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a1de2d6-d4a0-4770-be38-9bd09b2243b7": { "id": "6a1de2d6-d4a0-4770-be38-9bd09b2243b7", "title": "Simple Newsletter Plugin \u2013 Noptin <= 1.10.3 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "Simple Newsletter Plugin \u2013 Noptin", "slug": "newsletter-optin-box", "affected_versions": { "* - 1.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a1de2d6-d4a0-4770-be38-9bd09b2243b7?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a1f2a7d-f91c-4dd2-b275-0e27f65498b1": { "id": "6a1f2a7d-f91c-4dd2-b275-0e27f65498b1", "title": "Hero Maps Premium <= 2.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hero Maps Premium", "slug": "hmapsprem", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a1f2a7d-f91c-4dd2-b275-0e27f65498b1?source=api-scan" ], "published": "2020-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a216505-7ab3-4ec7-bb11-e1c6ceaa2aed": { "id": "6a216505-7ab3-4ec7-bb11-e1c6ceaa2aed", "title": "RedSteel (All Versions) - File Disclosure", "software": [ { "type": "theme", "name": "RedSteel", "slug": "RedSteel", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a216505-7ab3-4ec7-bb11-e1c6ceaa2aed?source=api-scan" ], "published": "2015-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a21d834-db8a-471f-b062-59ecfbab0dd6": { "id": "6a21d834-db8a-471f-b062-59ecfbab0dd6", "title": "[GWA] AutoResponder <= 2.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "[GWA] AutoResponder", "slug": "autoresponder-gwa", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a21d834-db8a-471f-b062-59ecfbab0dd6?source=api-scan" ], "published": "2022-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a226790-0774-43f6-a476-a2dac7ae153b": { "id": "6a226790-0774-43f6-a476-a2dac7ae153b", "title": "Freshdesk (official) <= 2.3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Freshdesk (official)", "slug": "freshdesk-support", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a226790-0774-43f6-a476-a2dac7ae153b?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a24378f-cf76-4937-99e5-a5fb2d206859": { "id": "6a24378f-cf76-4937-99e5-a5fb2d206859", "title": "Sendinblue for WooCommerce <= 4.0.17 - Authenticated (Editor+) Arbitrary File Download and Deletion", "software": [ { "type": "plugin", "name": "Brevo for WooCommerce", "slug": "woocommerce-sendinblue-newsletter-subscription", "affected_versions": { "* - 4.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a24378f-cf76-4937-99e5-a5fb2d206859?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a27fcc6-b1ac-4649-892b-7e0dee3f0d08": { "id": "6a27fcc6-b1ac-4649-892b-7e0dee3f0d08", "title": "Poll Maker <= 4.7.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a27fcc6-b1ac-4649-892b-7e0dee3f0d08?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a3dddda-3a65-42b6-9dc8-760bc3a24dcf": { "id": "6a3dddda-3a65-42b6-9dc8-760bc3a24dcf", "title": "Spreadsheet Integration and Spreadsheet Integration Pro <= 3.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Spreadsheet Integration \u2013 Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.", "slug": "wpgsi", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] }, { "type": "plugin", "name": "wpgsi-professional", "slug": "wpgsi-professional", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a3dddda-3a65-42b6-9dc8-760bc3a24dcf?source=api-scan" ], "published": "2021-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a40ed3c-1f4b-4bf7-b6f4-fc1e145cc989": { "id": "6a40ed3c-1f4b-4bf7-b6f4-fc1e145cc989", "title": "EleForms \u2013 All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "EleForms \u2013 All In One Form Integration including DB for Elementor", "slug": "all-contact-form-integration-for-elementor", "affected_versions": { "* - 2.9.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a40ed3c-1f4b-4bf7-b6f4-fc1e145cc989?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a44a55e-a96a-4698-9948-6ef33138a834": { "id": "6a44a55e-a96a-4698-9948-6ef33138a834", "title": "WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-UserOnline", "slug": "wp-useronline", "affected_versions": { "* - 2.87.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.87.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.88.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a44a55e-a96a-4698-9948-6ef33138a834?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a4559f8-bd13-4a38-91c2-8569a9967700": { "id": "6a4559f8-bd13-4a38-91c2-8569a9967700", "title": "Invite Anyone <= 1.3.15 - Improper Input Validation", "software": [ { "type": "plugin", "name": "Invite Anyone", "slug": "invite-anyone", "affected_versions": { "* - 1.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a4559f8-bd13-4a38-91c2-8569a9967700?source=api-scan" ], "published": "2017-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a466c8f-835d-4d37-a273-7b5689dfbcea": { "id": "6a466c8f-835d-4d37-a273-7b5689dfbcea", "title": "WooCommerce Cart Abandonment Recovery <= 1.2.26 - Cross-Site Request Forgery to Templates\/Abandoned Orders Deletion", "software": [ { "type": "plugin", "name": "WooCommerce Cart Abandonment Recovery", "slug": "woo-cart-abandonment-recovery", "affected_versions": { "* - 1.2.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a466c8f-835d-4d37-a273-7b5689dfbcea?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a4d5a40-2ec0-468e-bafb-a713629f6006": { "id": "6a4d5a40-2ec0-468e-bafb-a713629f6006", "title": "Webcam Video Conference < 4.51 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Webcam Video Conference", "slug": "videowhisper-video-conference-integration", "affected_versions": { "[*, 4.51)": { "from_version": "*", "from_inclusive": true, "to_version": "4.51", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a4d5a40-2ec0-468e-bafb-a713629f6006?source=api-scan" ], "published": "2012-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a4def27-eff6-43f3-93dc-e2472f858d1b": { "id": "6a4def27-eff6-43f3-93dc-e2472f858d1b", "title": "Simple AL Slider <= 1.2.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple AL Slider", "slug": "simple-al-slider", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a4def27-eff6-43f3-93dc-e2472f858d1b?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a50e142-59f4-488b-8120-5bf505a9039d": { "id": "6a50e142-59f4-488b-8120-5bf505a9039d", "title": "Instant Images <= 5.1.0.1 - Authenticated (Author+) Server-Side Request Forgery via instant_images_download", "software": [ { "type": "plugin", "name": "Instant Images \u2013 One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels", "slug": "instant-images", "affected_versions": { "* - 5.1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a50e142-59f4-488b-8120-5bf505a9039d?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a583966-f58a-41a0-8856-7b7b6a0eb559": { "id": "6a583966-f58a-41a0-8856-7b7b6a0eb559", "title": "Medialist <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Medialist", "slug": "media-list", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a583966-f58a-41a0-8856-7b7b6a0eb559?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a586bab-df87-4e21-9b05-994c4fc991de": { "id": "6a586bab-df87-4e21-9b05-994c4fc991de", "title": "Easy Social Feed <= 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a586bab-df87-4e21-9b05-994c4fc991de?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a595b3c-2b21-43fe-8d4e-6721f4541c9b": { "id": "6a595b3c-2b21-43fe-8d4e-6721f4541c9b", "title": "Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Automatic Youtube Video Posts Plugin", "slug": "automatic-youtube-video-posts", "affected_versions": { "* - 5.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a595b3c-2b21-43fe-8d4e-6721f4541c9b?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a5e4708-db3e-483c-852f-1a487825cf92": { "id": "6a5e4708-db3e-483c-852f-1a487825cf92", "title": "WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts", "slug": "wedevs-project-manager", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a5e4708-db3e-483c-852f-1a487825cf92?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a6390d2-58cd-468e-9936-e16954e2d3ee": { "id": "6a6390d2-58cd-468e-9936-e16954e2d3ee", "title": "Download Manager <= 2.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a6390d2-58cd-468e-9936-e16954e2d3ee?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a639d27-8704-4841-b2b5-6afbf342a0ff": { "id": "6a639d27-8704-4841-b2b5-6afbf342a0ff", "title": "LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 3.2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a639d27-8704-4841-b2b5-6afbf342a0ff?source=api-scan" ], "published": "2020-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a6debe9-e0bb-4ea7-be91-757a250515ca": { "id": "6a6debe9-e0bb-4ea7-be91-757a250515ca", "title": "Responsive Lightbox2 <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Lightbox2", "slug": "responsive-lightbox2", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a6debe9-e0bb-4ea7-be91-757a250515ca?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a6eb430-cf86-4e13-a4f7-173fada9fddf": { "id": "6a6eb430-cf86-4e13-a4f7-173fada9fddf", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a6eb430-cf86-4e13-a4f7-173fada9fddf?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a75c8b0-fa1a-4032-a6fd-b504f5b05a08": { "id": "6a75c8b0-fa1a-4032-a6fd-b504f5b05a08", "title": "Timetics <= 1.0.23 - Authorization Bypass", "software": [ { "type": "plugin", "name": "WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin", "slug": "timetics", "affected_versions": { "* - 1.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a75c8b0-fa1a-4032-a6fd-b504f5b05a08?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a76116a-1e84-4114-9baa-3986be92d051": { "id": "6a76116a-1e84-4114-9baa-3986be92d051", "title": "Calculated Fields Form <= 1.2.54 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.2.54": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.54", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a76116a-1e84-4114-9baa-3986be92d051?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a765360-8603-4ba1-a6db-dd0175ff3ddf": { "id": "6a765360-8603-4ba1-a6db-dd0175ff3ddf", "title": "WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Builder for WooCommerce. Create invoices,packing slips and more", "slug": "woo-pdf-invoice-builder", "affected_versions": { "* - 1.2.90": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.90", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a765360-8603-4ba1-a6db-dd0175ff3ddf?source=api-scan" ], "published": "2023-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a76b224-9b55-4294-8a04-44c94a3115f7": { "id": "6a76b224-9b55-4294-8a04-44c94a3115f7", "title": "avalex \u2013 Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "avalex \u2013 Automatisch sichere Rechtstexte", "slug": "avalex", "affected_versions": { "[*, 3.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a76b224-9b55-4294-8a04-44c94a3115f7?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a830fb8-de5f-40c7-bb6c-464ed916b440": { "id": "6a830fb8-de5f-40c7-bb6c-464ed916b440", "title": "My WP Customize Admin\/Frontend <= 1.21.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "My WP Customize Admin\/Frontend", "slug": "my-wp", "affected_versions": { "[*, 1.21.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.21.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a830fb8-de5f-40c7-bb6c-464ed916b440?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a85fe7f-2d28-4509-99f2-875cb63c6500": { "id": "6a85fe7f-2d28-4509-99f2-875cb63c6500", "title": "DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DX Share Selection", "slug": "dx-share-selection", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a85fe7f-2d28-4509-99f2-875cb63c6500?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a8c5d9b-4535-4edb-a92e-a9b83a0d22c3": { "id": "6a8c5d9b-4535-4edb-a92e-a9b83a0d22c3", "title": "hostel <= 1.1.5.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hostel", "slug": "hostel", "affected_versions": { "* - 1.1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a8c5d9b-4535-4edb-a92e-a9b83a0d22c3?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a8cb8ef-a2e5-47ef-8d8c-759ed83a015b": { "id": "6a8cb8ef-a2e5-47ef-8d8c-759ed83a015b", "title": "Import Content in WordPress & WooCommerce with Excel <= 4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import Content in WordPress & WooCommerce with Excel", "slug": "content-excel-importer", "affected_versions": { "* - 4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a8cb8ef-a2e5-47ef-8d8c-759ed83a015b?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a8d0f86-73fe-43a6-a03a-38bf815dd30b": { "id": "6a8d0f86-73fe-43a6-a03a-38bf815dd30b", "title": "Import Export WordPress Users <= 2.5.2 - Authenticated (Shop Manager+) Path Traversal", "software": [ { "type": "plugin", "name": "Export and Import Users and Customers", "slug": "users-customers-import-export-for-wp-woocommerce", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a8d0f86-73fe-43a6-a03a-38bf815dd30b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a8d121d-434d-4445-874f-d3cf6b6e7233": { "id": "6a8d121d-434d-4445-874f-d3cf6b6e7233", "title": "PilotPress <= 2.0.30 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX functions", "software": [ { "type": "plugin", "name": "PilotPress", "slug": "pilotpress", "affected_versions": { "* - 2.0.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a8d121d-434d-4445-874f-d3cf6b6e7233?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a906f90-fac2-43cf-8f67-99f8862dc636": { "id": "6a906f90-fac2-43cf-8f67-99f8862dc636", "title": "Ibtana - Ecommerce Product Addons <= 0.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ibtana \u2013 Ecommerce Product Addons", "slug": "ibtana-ecommerce-product-addons", "affected_versions": { "* - 0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a906f90-fac2-43cf-8f67-99f8862dc636?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6a92b96b-ecbc-4414-8e42-04b5c3a02131": { "id": "6a92b96b-ecbc-4414-8e42-04b5c3a02131", "title": "Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Event post", "slug": "event-post", "affected_versions": { "* - 5.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6a92b96b-ecbc-4414-8e42-04b5c3a02131?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aa0dfdf-95b0-48a2-8281-1872b99b87d6": { "id": "6aa0dfdf-95b0-48a2-8281-1872b99b87d6", "title": "Download Monitor <= 4.5.97 - Authenticated (Administrator+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.5.97": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.97", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.98" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aa0dfdf-95b0-48a2-8281-1872b99b87d6?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aa2be6c-299e-4769-9070-a3c337bce990": { "id": "6aa2be6c-299e-4769-9070-a3c337bce990", "title": "OpenID <= 3.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OpenID", "slug": "openid", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aa2be6c-299e-4769-9070-a3c337bce990?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aa2d172-73b6-487d-ae65-0920f915e750": { "id": "6aa2d172-73b6-487d-ae65-0920f915e750", "title": "Multiple Page Generator Plugin <= 3.3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aa2d172-73b6-487d-ae65-0920f915e750?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aa3d312-485a-4a93-a075-fa7152395f11": { "id": "6aa3d312-485a-4a93-a075-fa7152395f11", "title": "Royal Elementor Addons <=1.3.55 - Authenticated (Subscriber+) Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aa3d312-485a-4a93-a075-fa7152395f11?source=api-scan" ], "published": "2022-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aa43e74-9911-4c7a-b01a-cb77c2c3fe99": { "id": "6aa43e74-9911-4c7a-b01a-cb77c2c3fe99", "title": "Newspaper <= 11.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "* - 11.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "11.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aa43e74-9911-4c7a-b01a-cb77c2c3fe99?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aa4fd08-a1b1-4f61-a9d1-9812071b61c9": { "id": "6aa4fd08-a1b1-4f61-a9d1-9812071b61c9", "title": "InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aa4fd08-a1b1-4f61-a9d1-9812071b61c9?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aaa22f5-7304-4efc-9579-80ec053c2f7e": { "id": "6aaa22f5-7304-4efc-9579-80ec053c2f7e", "title": "Beaver Builder <= 2.8.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.8.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aaa22f5-7304-4efc-9579-80ec053c2f7e?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aab08c1-20db-46a2-b93a-d864bb57bf4d": { "id": "6aab08c1-20db-46a2-b93a-d864bb57bf4d", "title": "WP-TopBar <= 4.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-TopBar", "slug": "wp-topbar", "affected_versions": { "* - 4.02": { "from_version": "*", "from_inclusive": true, "to_version": "4.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aab08c1-20db-46a2-b93a-d864bb57bf4d?source=api-scan" ], "published": "2012-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aae5b1d-9b84-4628-b0b6-7b39054e08a0": { "id": "6aae5b1d-9b84-4628-b0b6-7b39054e08a0", "title": "Import any XML or CSV File to WordPress <= 3.2.4 - Missing Authorization and Cross-Site Request Forgery Checks", "software": [ { "type": "plugin", "name": "WP All Import Pro", "slug": "wp-all-import-pro", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] }, { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aae5b1d-9b84-4628-b0b6-7b39054e08a0?source=api-scan" ], "published": "2020-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aaeb0df-75e8-44ac-8964-03e3389d202c": { "id": "6aaeb0df-75e8-44ac-8964-03e3389d202c", "title": "WPBook <= 2.7 - Unauthenticated Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPBook", "slug": "wpbook", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aaeb0df-75e8-44ac-8964-03e3389d202c?source=api-scan" ], "published": "2015-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ab0d342-bfa7-4760-b839-37c3354414ca": { "id": "6ab0d342-bfa7-4760-b839-37c3354414ca", "title": "Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator", "software": [ { "type": "plugin", "name": "Pedalo Connector", "slug": "pedalo-connector", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ab0d342-bfa7-4760-b839-37c3354414ca?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ab26526-9fbb-4c2e-be41-73450225b834": { "id": "6ab26526-9fbb-4c2e-be41-73450225b834", "title": "WooCommerce <= 3.4.4 - Authenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 3.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ab26526-9fbb-4c2e-be41-73450225b834?source=api-scan" ], "published": "2018-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2": { "id": "6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2", "title": "LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ab975b0-4216-46df-bf5e-91e403728e5b": { "id": "6ab975b0-4216-46df-bf5e-91e403728e5b", "title": "wpDataTables <= 1.5.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "[*, 1.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ab975b0-4216-46df-bf5e-91e403728e5b?source=api-scan" ], "published": "2014-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6abbdecd-782a-44a2-981a-ae6caa50dd6a": { "id": "6abbdecd-782a-44a2-981a-ae6caa50dd6a", "title": "Article Analytics <= 1.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Article analytics", "slug": "article-analytics", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6abbdecd-782a-44a2-981a-ae6caa50dd6a?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6abde5cf-9335-4ce0-a95f-94c5c29fd207": { "id": "6abde5cf-9335-4ce0-a95f-94c5c29fd207", "title": "Ajax Search Lite < 4.12 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ajax Search Lite", "slug": "ajax-search-lite", "affected_versions": { "* - 4.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6abde5cf-9335-4ce0-a95f-94c5c29fd207?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6abe93e8-b088-49d3-a658-9c6265bfbcdb": { "id": "6abe93e8-b088-49d3-a658-9c6265bfbcdb", "title": "All in One Support Button + Callback Request <= 1.8.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Us all-in-one button", "slug": "ar-contactus", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6abe93e8-b088-49d3-a658-9c6265bfbcdb?source=api-scan" ], "published": "2020-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ac3b00e-26f2-471d-a682-6cb4939e819e": { "id": "6ac3b00e-26f2-471d-a682-6cb4939e819e", "title": "WP PayPal <= 1.2.3.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Payment Button for PayPal", "slug": "wp-paypal", "affected_versions": { "* - 1.2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ac3b00e-26f2-471d-a682-6cb4939e819e?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ac72136-7911-4980-92b0-9bf18bed2201": { "id": "6ac72136-7911-4980-92b0-9bf18bed2201", "title": "WP Adminify <= 3.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Adminify \u2013 Custom WordPress Dashboard, Login and Admin Customizer", "slug": "adminify", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ac72136-7911-4980-92b0-9bf18bed2201?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ad70391-7ea0-49c0-ac5c-ecf7ddb3c948": { "id": "6ad70391-7ea0-49c0-ac5c-ecf7ddb3c948", "title": "Tags Cloud Manager <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tags Cloud Manager", "slug": "tags-cloud-manager", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ad70391-7ea0-49c0-ac5c-ecf7ddb3c948?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ad84e6e-5498-4bf1-b662-15b7628ceba2": { "id": "6ad84e6e-5498-4bf1-b662-15b7628ceba2", "title": "Conversios.io <= 6.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress", "slug": "enhanced-e-commerce-for-woocommerce-store", "affected_versions": { "* - 6.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ad84e6e-5498-4bf1-b662-15b7628ceba2?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ad895db-5fe9-419b-8884-9a840bd350f6": { "id": "6ad895db-5fe9-419b-8884-9a840bd350f6", "title": "Pinpoint Booking System <= 2.9.9.3.4 - Content Spoofing", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "* - 2.9.9.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ad895db-5fe9-419b-8884-9a840bd350f6?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6adc0154-169a-4d72-8687-66dbf6766139": { "id": "6adc0154-169a-4d72-8687-66dbf6766139", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6adc0154-169a-4d72-8687-66dbf6766139?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6adf6f3b-aff0-4495-92a4-13855dac5030": { "id": "6adf6f3b-aff0-4495-92a4-13855dac5030", "title": "Kubio AI Page Builder <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kubio AI Page Builder", "slug": "kubio", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6adf6f3b-aff0-4495-92a4-13855dac5030?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aeb0352-66ab-45d4-ad61-f425d7d41f45": { "id": "6aeb0352-66ab-45d4-ad61-f425d7d41f45", "title": "Daily Edition <= 1.6.2 - SQL Injection", "software": [ { "type": "theme", "name": "Daily Edition", "slug": "dailyedition", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aeb0352-66ab-45d4-ad61-f425d7d41f45?source=api-scan" ], "published": "2015-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aed9434-1681-47d6-bbc1-0815db548a24": { "id": "6aed9434-1681-47d6-bbc1-0815db548a24", "title": "WP-PostRatings <= 1.91 - IP Spoofing", "software": [ { "type": "plugin", "name": "WP-PostRatings", "slug": "wp-postratings", "affected_versions": { "* - 1.91": { "from_version": "*", "from_inclusive": true, "to_version": "1.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.91.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aed9434-1681-47d6-bbc1-0815db548a24?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6af1224e-0ed3-4770-96c0-c15cc895d36d": { "id": "6af1224e-0ed3-4770-96c0-c15cc895d36d", "title": "Post Status Notifier Lite <= 1.11.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Status Notifier Lite", "slug": "post-status-notifier-lite", "affected_versions": { "* - 1.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6af1224e-0ed3-4770-96c0-c15cc895d36d?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6af20a2c-065c-48d5-a95c-2883ceeb50c6": { "id": "6af20a2c-065c-48d5-a95c-2883ceeb50c6", "title": "Add Widgets to Page <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Widgets to Page", "slug": "add-widgets-to-page", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6af20a2c-065c-48d5-a95c-2883ceeb50c6?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6af83daa-ad8c-43ba-b77e-ad085889277c": { "id": "6af83daa-ad8c-43ba-b77e-ad085889277c", "title": "WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting via Customizer", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.30": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.30", "to_inclusive": true }, "3.8 - 3.8.30": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.30", "to_inclusive": true }, "3.9 - 3.9.28": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.28", "to_inclusive": true }, "4.0 - 4.0.27": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true }, "4.1 - 4.1.27": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.27", "to_inclusive": true }, "4.2 - 4.2.24": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.24", "to_inclusive": true }, "4.3 - 4.3.20": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true }, "4.4 - 4.4.19": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.19", "to_inclusive": true }, "4.5 - 4.5.18": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.18", "to_inclusive": true }, "4.6 - 4.6.15": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true }, "4.7 - 4.7.14": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.14", "to_inclusive": true }, "4.8 - 4.8.10": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.10", "to_inclusive": true }, "4.9 - 4.9.11": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.11", "to_inclusive": true }, "5.0 - 5.0.6": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true }, "5.1 - 5.1.2": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true }, "5.2 - 5.2.3": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.31", "3.8.31", "3.9.29", "4.0.28", "4.1.28", "4.2.25", "4.3.21", "4.4.20", "4.5.19", "4.6.16", "4.7.15", "4.8.11", "4.9.12", "5.0.7", "5.1.3", "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6af83daa-ad8c-43ba-b77e-ad085889277c?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6aff1ea6-c6d2-4195-899b-3a038b73a7f0": { "id": "6aff1ea6-c6d2-4195-899b-3a038b73a7f0", "title": "WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Bookings Calendar", "slug": "woo-bookings-calendar", "affected_versions": { "* - 1.0.36": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6aff1ea6-c6d2-4195-899b-3a038b73a7f0?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b028923-82fe-4dd6-af77-69d7744f2812": { "id": "6b028923-82fe-4dd6-af77-69d7744f2812", "title": "WPFunnels <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels", "slug": "wpfunnels", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b028923-82fe-4dd6-af77-69d7744f2812?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b06667f-cda1-4177-b168-c7d26a0cd815": { "id": "6b06667f-cda1-4177-b168-c7d26a0cd815", "title": "Coalition (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Coalition", "slug": "coalition", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b06667f-cda1-4177-b168-c7d26a0cd815?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b08105d-711e-49ea-a0bc-7179eb021300": { "id": "6b08105d-711e-49ea-a0bc-7179eb021300", "title": "SS Quiz <= 1.12.2 - Unspecified Vulnerabilities", "software": [ { "type": "plugin", "name": "SS Quiz", "slug": "ssquiz", "affected_versions": { "* - 1.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b08105d-711e-49ea-a0bc-7179eb021300?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b0f85d5-6ef7-4e6d-a03b-75672fca654c": { "id": "6b0f85d5-6ef7-4e6d-a03b-75672fca654c", "title": "Moova for WooCommerce <= 3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Moova for WooCommerce", "slug": "moova-for-woocommerce", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b0f85d5-6ef7-4e6d-a03b-75672fca654c?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b213baa-8508-4eb2-ac09-d320e2b4276c": { "id": "6b213baa-8508-4eb2-ac09-d320e2b4276c", "title": "Grid Plus <= 1.3.4 - Reflected Cross-Site Scripting via grid_id", "software": [ { "type": "plugin", "name": "Grid Plus \u2013 Unlimited grid layout", "slug": "grid-plus", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b213baa-8508-4eb2-ac09-d320e2b4276c?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b226067-0287-4f7e-9415-dc3c83f2fd27": { "id": "6b226067-0287-4f7e-9415-dc3c83f2fd27", "title": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via \"Social Icons\" Block", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b226067-0287-4f7e-9415-dc3c83f2fd27?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b26093a-ffb8-4d22-add1-eecd94f88129": { "id": "6b26093a-ffb8-4d22-add1-eecd94f88129", "title": "Advanced Custom Fields <= 6.0.2 - Authenticated (Contributor+) Information Disclosure", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 6.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b26093a-ffb8-4d22-add1-eecd94f88129?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b26dd2e-3d0b-4c6b-8819-6d1e437207fd": { "id": "6b26dd2e-3d0b-4c6b-8819-6d1e437207fd", "title": "TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TheCartPress eCommerce Shopping Cart", "slug": "thecartpress", "affected_versions": { "* - 1.5.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b26dd2e-3d0b-4c6b-8819-6d1e437207fd?source=api-scan" ], "published": "2015-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b28908b-ffad-46d5-b6de-6b9c7bbe0134": { "id": "6b28908b-ffad-46d5-b6de-6b9c7bbe0134", "title": "JobRoller <= 1.7.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "JobRoller", "slug": "jobroller", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b28908b-ffad-46d5-b6de-6b9c7bbe0134?source=api-scan" ], "published": "2013-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b2e210b-e5e3-46f1-b730-64d970160a5e": { "id": "6b2e210b-e5e3-46f1-b730-64d970160a5e", "title": "All In One WP Security & Firewall <= 3.8.7 - SQL Injection", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 3.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b2e210b-e5e3-46f1-b730-64d970160a5e?source=api-scan" ], "published": "2015-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b2e61aa-617b-450e-8859-50b1012fc0c3": { "id": "6b2e61aa-617b-450e-8859-50b1012fc0c3", "title": "JobBoardWP \u2013 Job Board Listings and Submissions <= 1.0.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobBoardWP \u2013 Job Board Listings and Submissions", "slug": "jobboardwp", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b2e61aa-617b-450e-8859-50b1012fc0c3?source=api-scan" ], "published": "2021-10-15 19:23:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b33c180-10b4-4550-8c24-72c9e53664a5": { "id": "6b33c180-10b4-4550-8c24-72c9e53664a5", "title": "Powerpress <= 11.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via skipto Shortcode", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 11.9.18": { "from_version": "*", "from_inclusive": true, "to_version": "11.9.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.9.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b33c180-10b4-4550-8c24-72c9e53664a5?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b36938e-5333-4331-9bb1-34465fe03f2f": { "id": "6b36938e-5333-4331-9bb1-34465fe03f2f", "title": "ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b36938e-5333-4331-9bb1-34465fe03f2f?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b36fcc5-1f09-43b9-8877-7af6c7652db7": { "id": "6b36fcc5-1f09-43b9-8877-7af6c7652db7", "title": "White Label CMS <= 1.5.2 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "White Label CMS", "slug": "white-label-cms", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b36fcc5-1f09-43b9-8877-7af6c7652db7?source=api-scan" ], "published": "2015-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b3fc000-57e7-4be4-959f-27dac9717b9e": { "id": "6b3fc000-57e7-4be4-959f-27dac9717b9e", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b3fc000-57e7-4be4-959f-27dac9717b9e?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b4087e9-071c-4cfc-b23d-ae8dd0059a2b": { "id": "6b4087e9-071c-4cfc-b23d-ae8dd0059a2b", "title": "Live Scores for SportsPress <= 1.9.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Live Scores for SportsPress", "slug": "live-scores-for-sportspress", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b4087e9-071c-4cfc-b23d-ae8dd0059a2b?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b431493-fd96-495b-aaa7-6dfeef04b011": { "id": "6b431493-fd96-495b-aaa7-6dfeef04b011", "title": "BadgeOS <= 3.7.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "BadgeOS", "slug": "badgeos", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b431493-fd96-495b-aaa7-6dfeef04b011?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b443610-416c-41d6-9449-9e20f719af06": { "id": "6b443610-416c-41d6-9449-9e20f719af06", "title": "Contus Video Gallery <= 1.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Contus Video Gallery", "slug": "contus-video-galleryversion-10", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b443610-416c-41d6-9449-9e20f719af06?source=api-scan" ], "published": "2012-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b456815-ffdf-41fb-b4a8-0f22fd059d34": { "id": "6b456815-ffdf-41fb-b4a8-0f22fd059d34", "title": "AJAX Store Locator <= 1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "AJAX Store Locator", "slug": "ajax-store-locator", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b456815-ffdf-41fb-b4a8-0f22fd059d34?source=api-scan" ], "published": "2015-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b48cae6-254c-4882-a464-3a44a63cadf5": { "id": "6b48cae6-254c-4882-a464-3a44a63cadf5", "title": "Ultimate Addons for WPBakery <= 3.16.11 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.16.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b48cae6-254c-4882-a464-3a44a63cadf5?source=api-scan" ], "published": "2017-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b4b05a8-3a32-4fa9-9ff5-a2a62b11a05d": { "id": "6b4b05a8-3a32-4fa9-9ff5-a2a62b11a05d", "title": "WebLibrarian <= 3.5.8.1 - Reflected Cross-Site Scripting via multiple parameters", "software": [ { "type": "plugin", "name": "WebLibrarian", "slug": "weblibrarian", "affected_versions": { "* - 3.5.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b4b05a8-3a32-4fa9-9ff5-a2a62b11a05d?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b50656b-6cb4-4920-aa36-2634d4d41f5c": { "id": "6b50656b-6cb4-4920-aa36-2634d4d41f5c", "title": "WordPress Core < 4.2.3 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.8": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.8", "to_inclusive": true }, "3.8 - 3.8.8": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.8", "to_inclusive": true }, "3.9 - 3.9.6": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true }, "4.0 - 4.0.5": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true }, "4.1 - 4.1.5": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true }, "4.2 - 4.2.2": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.9", "3.8.9", "3.9.7", "4.0.6", "4.1.6", "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b50656b-6cb4-4920-aa36-2634d4d41f5c?source=api-scan" ], "published": "2015-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b524fc5-4beb-49f6-bafa-c788c6d1d78c": { "id": "6b524fc5-4beb-49f6-bafa-c788c6d1d78c", "title": "Complianz \u2013 GDPR\/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery to Data Request Deletion", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b524fc5-4beb-49f6-bafa-c788c6d1d78c?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b53ed24-2821-440f-9aba-69d75b7459a3": { "id": "6b53ed24-2821-440f-9aba-69d75b7459a3", "title": "Custom User CSS <= 0.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Custom User CSS", "slug": "custom-user-css", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b53ed24-2821-440f-9aba-69d75b7459a3?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b558818-f459-4bc1-893c-8c1c7bf9d6d2": { "id": "6b558818-f459-4bc1-893c-8c1c7bf9d6d2", "title": "WordPress Core < 4.8.2 - SQL Injection via Mishandled Placeholders", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b558818-f459-4bc1-893c-8c1c7bf9d6d2?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b5964a7-410b-4fea-9de2-22ffda80c8e8": { "id": "6b5964a7-410b-4fea-9de2-22ffda80c8e8", "title": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more <= 8.5.5 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b5964a7-410b-4fea-9de2-22ffda80c8e8?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b5a2a2a-a204-4265-b81e-4b785a407871": { "id": "6b5a2a2a-a204-4265-b81e-4b785a407871", "title": "MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "MultiSafepay plugin for WooCommerce", "slug": "multisafepay", "affected_versions": { "* - 4.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b5a2a2a-a204-4265-b81e-4b785a407871?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b5d31c5-0516-4089-9867-2922670e1b04": { "id": "6b5d31c5-0516-4089-9867-2922670e1b04", "title": "Gravityforms <= 1.9.15.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gravity Forms", "slug": "gravityforms", "affected_versions": { "* - 1.9.15.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.15.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b5d31c5-0516-4089-9867-2922670e1b04?source=api-scan" ], "published": "2016-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b5e9c7f-e0c9-4c27-8b39-87e15fd29604": { "id": "6b5e9c7f-e0c9-4c27-8b39-87e15fd29604", "title": "Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Quick Call Button", "slug": "quick-call-button", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b5e9c7f-e0c9-4c27-8b39-87e15fd29604?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b6250d0-8f5e-4283-8d16-0b2f467e1224": { "id": "6b6250d0-8f5e-4283-8d16-0b2f467e1224", "title": "Greg's High Performance SEO <= 1.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Greg's High Performance SEO", "slug": "gregs-high-performance-seo", "affected_versions": { "[*, 1.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b6250d0-8f5e-4283-8d16-0b2f467e1224?source=api-scan" ], "published": "2015-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b6ab7bc-e815-4b3f-bda1-dd816ca457cd": { "id": "6b6ab7bc-e815-4b3f-bda1-dd816ca457cd", "title": "Twitter Cards Meta <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Twitter Cards Meta \u2013 Best Twitter Card Plugin for WordPress", "slug": "twitter-cards-meta", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b6ab7bc-e815-4b3f-bda1-dd816ca457cd?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b6dc426-7066-46fb-886a-0bf005829abf": { "id": "6b6dc426-7066-46fb-886a-0bf005829abf", "title": "Brands for WooCommerce <= 3.7.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Brands for WooCommerce", "slug": "brands-for-woocommerce", "affected_versions": { "* - 3.7.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b6dc426-7066-46fb-886a-0bf005829abf?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b6f6f93-4c24-4b81-bd5d-470f6dccab92": { "id": "6b6f6f93-4c24-4b81-bd5d-470f6dccab92", "title": "Shortcodes Ultimate <= 7.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b6f6f93-4c24-4b81-bd5d-470f6dccab92?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e": { "id": "6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e", "title": "MonsterInsights - Google Analytics Dashboard for WordPress <= 5.4.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 5.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b6fa5c6-e9a9-45c6-a02b-3630d8ef130e?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b76734b-96ed-4643-b11b-bba0f0f228ab": { "id": "6b76734b-96ed-4643-b11b-bba0f0f228ab", "title": "Featurific For WordPress <= 1.6.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Featurific For WordPress", "slug": "featurific-for-wordpress", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b76734b-96ed-4643-b11b-bba0f0f228ab?source=api-scan" ], "published": "2011-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b78e1e8-2298-4889-955c-e9b7472ffbff": { "id": "6b78e1e8-2298-4889-955c-e9b7472ffbff", "title": "Favicon by RealFaviconGenerator <= 1.2.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Favicon by RealFaviconGenerator", "slug": "favicon-by-realfavicongenerator", "affected_versions": { "[*, 1.2.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b78e1e8-2298-4889-955c-e9b7472ffbff?source=api-scan" ], "published": "2015-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b7ad031-e15b-4315-9905-9f258f7c4ade": { "id": "6b7ad031-e15b-4315-9905-9f258f7c4ade", "title": "Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.4.34.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.34.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.34.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b7ad031-e15b-4315-9905-9f258f7c4ade?source=api-scan" ], "published": "2021-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b7f700f-e40c-4b45-b651-ab1752255083": { "id": "6b7f700f-e40c-4b45-b651-ab1752255083", "title": "Spiffy XSPF Player <= 0.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Spiffy XSPF Player", "slug": "spiffy", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b7f700f-e40c-4b45-b651-ab1752255083?source=api-scan" ], "published": "2013-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b83527a-aedd-4cc5-9416-1cbdfc2b8850": { "id": "6b83527a-aedd-4cc5-9416-1cbdfc2b8850", "title": "Loco Translate <= 2.6.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Loco Translate", "slug": "loco-translate", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b83527a-aedd-4cc5-9416-1cbdfc2b8850?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b839c7d-76fb-465e-9f27-1882cf0099fa": { "id": "6b839c7d-76fb-465e-9f27-1882cf0099fa", "title": "WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WooCommerce Chained Products", "slug": "woocommerce-chained-products", "affected_versions": { "[*, 2.12.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b839c7d-76fb-465e-9f27-1882cf0099fa?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b83e971-7e97-47e3-81a5-ff357692bca2": { "id": "6b83e971-7e97-47e3-81a5-ff357692bca2", "title": "Coming soon and Maintenance mode <= 3.6.7 - Cross-Site request Forgery to Arbitrary Email Send", "software": [ { "type": "plugin", "name": "Coming soon and Maintenance mode", "slug": "coming-soon-page", "affected_versions": { "[*, 3.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b83e971-7e97-47e3-81a5-ff357692bca2?source=api-scan" ], "published": "2022-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b84b13a-b46c-48fc-a7a8-de32c575d576": { "id": "6b84b13a-b46c-48fc-a7a8-de32c575d576", "title": "WP-Recall \u2013 Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment", "software": [ { "type": "plugin", "name": "WP-Recall \u2013 Registration, Profile, Commerce & More", "slug": "wp-recall", "affected_versions": { "* - 16.26.6": { "from_version": "*", "from_inclusive": true, "to_version": "16.26.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.26.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b84b13a-b46c-48fc-a7a8-de32c575d576?source=api-scan" ], "published": "2024-06-05 15:33:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b84df5b-ff93-43b3-b9e4-cf963cf2af10": { "id": "6b84df5b-ff93-43b3-b9e4-cf963cf2af10", "title": "List all posts by Authors, nested Categories and Title <= 2.8.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "List all posts by Authors, nested Categories and Titles", "slug": "list-all-posts-by-authors-nested-categories-and-titles", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b84df5b-ff93-43b3-b9e4-cf963cf2af10?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b8655a6-f410-480d-8c45-2527b53fa129": { "id": "6b8655a6-f410-480d-8c45-2527b53fa129", "title": "Blog2Social: Social Media Auto Post & Scheduler < 5.0.1 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "[*, 5.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b8655a6-f410-480d-8c45-2527b53fa129?source=api-scan" ], "published": "2018-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b87f741-4115-4ded-8dff-dc36cfdf1df1": { "id": "6b87f741-4115-4ded-8dff-dc36cfdf1df1", "title": "Hyphenator <= 5.1.5 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Hyphenator", "slug": "hyphenator", "affected_versions": { "* - 5.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b87f741-4115-4ded-8dff-dc36cfdf1df1?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b89b6ac-aa00-4ba6-a1e3-382e7b630fc8": { "id": "6b89b6ac-aa00-4ba6-a1e3-382e7b630fc8", "title": "Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pricing Table by Supsystic", "slug": "pricing-table-by-supsystic", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b89b6ac-aa00-4ba6-a1e3-382e7b630fc8?source=api-scan" ], "published": "2020-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b8a0cf1-2be7-4d57-8ef6-137035ceb422": { "id": "6b8a0cf1-2be7-4d57-8ef6-137035ceb422", "title": "Neuvoo Jobroll <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "neuvoo-jobroll", "slug": "neuvoo-jobroll", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b8a0cf1-2be7-4d57-8ef6-137035ceb422?source=api-scan" ], "published": "2015-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b8ed659-0590-411f-9017-f695c9c2f322": { "id": "6b8ed659-0590-411f-9017-f695c9c2f322", "title": "Quiz And Survey Master <= 7.3.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b8ed659-0590-411f-9017-f695c9c2f322?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b8f64ed-abf8-4a8b-b32f-75afeaccea5c": { "id": "6b8f64ed-abf8-4a8b-b32f-75afeaccea5c", "title": "Novelist <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Book Information Fields", "software": [ { "type": "plugin", "name": "Novelist", "slug": "novelist", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b8f64ed-abf8-4a8b-b32f-75afeaccea5c?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b8fac8f-619a-442e-8b8f-43a0c0a44b07": { "id": "6b8fac8f-619a-442e-8b8f-43a0c0a44b07", "title": "WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Feed Actions", "software": [ { "type": "plugin", "name": "WooCommerce Google Feed Manager", "slug": "wp-product-feed-manager", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b8fac8f-619a-442e-8b8f-43a0c0a44b07?source=api-scan" ], "published": "2024-08-22 16:29:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b96d79b-cd9c-4925-9c15-d0aaf3c0556a": { "id": "6b96d79b-cd9c-4925-9c15-d0aaf3c0556a", "title": "AZIndex <= 0.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AZIndex", "slug": "azindex", "affected_versions": { "* - 0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b96d79b-cd9c-4925-9c15-d0aaf3c0556a?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b978749-7ea5-45f4-9f69-66a19c0e39ca": { "id": "6b978749-7ea5-45f4-9f69-66a19c0e39ca", "title": "WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore'", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b978749-7ea5-45f4-9f69-66a19c0e39ca?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6b9793e5-2a56-49d3-8c59-f552a4b08166": { "id": "6b9793e5-2a56-49d3-8c59-f552a4b08166", "title": "Uji Countdown <= 2.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Uji Countdown", "slug": "uji-countdown", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6b9793e5-2a56-49d3-8c59-f552a4b08166?source=api-scan" ], "published": "2016-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ba8037d-986f-4930-80af-a2912889af2a": { "id": "6ba8037d-986f-4930-80af-a2912889af2a", "title": "CP Polls <= 1.0.74 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Polls CP", "slug": "cp-polls", "affected_versions": { "* - 1.0.74": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.74", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.75" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ba8037d-986f-4930-80af-a2912889af2a?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6baa44c7-1c13-45ad-9fb5-da06933f3cd0": { "id": "6baa44c7-1c13-45ad-9fb5-da06933f3cd0", "title": "Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget", "software": [ { "type": "plugin", "name": "Beaver Builder Addons by WPZOOM", "slug": "wpzoom-addons-for-beaver-builder", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6baa44c7-1c13-45ad-9fb5-da06933f3cd0?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6badba6d-1ff1-4d6f-bccf-1f0278edb17d": { "id": "6badba6d-1ff1-4d6f-bccf-1f0278edb17d", "title": "Random Text <= 0.3.0 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Random Text", "slug": "randomtext", "affected_versions": { "* - 0.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6badba6d-1ff1-4d6f-bccf-1f0278edb17d?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bb0462a-e801-4aa7-a98a-c5032cb8304c": { "id": "6bb0462a-e801-4aa7-a98a-c5032cb8304c", "title": "The School Management Pro <= 9.9.6 - Remote Code Execution", "software": [ { "type": "plugin", "name": "The School Management Pro", "slug": "school-management-pro", "affected_versions": { "* - 9.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "9.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bb0462a-e801-4aa7-a98a-c5032cb8304c?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bb13a69-be75-48f0-9bcc-a33c5add7bd3": { "id": "6bb13a69-be75-48f0-9bcc-a33c5add7bd3", "title": "Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Latest Tweets Widget", "slug": "latest-tweets-widget", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bb13a69-be75-48f0-9bcc-a33c5add7bd3?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bb785cf-9924-4b47-ac89-5273c6ba8ee6": { "id": "6bb785cf-9924-4b47-ac89-5273c6ba8ee6", "title": "Custom CSS Pro <= 1.0.3 - Cross-site Request Forgery", "software": [ { "type": "plugin", "name": "Custom CSS Pro", "slug": "custom-css-pro", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bb785cf-9924-4b47-ac89-5273c6ba8ee6?source=api-scan" ], "published": "2019-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bb97b95-fa6a-4566-b448-b774bb732455": { "id": "6bb97b95-fa6a-4566-b448-b774bb732455", "title": "Business Pro <= 1.10.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Business Pro", "slug": "business-pro", "affected_versions": { "* - 1.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bb97b95-fa6a-4566-b448-b774bb732455?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bbb0e81-8edd-44fa-9588-16c163a82ed1": { "id": "6bbb0e81-8edd-44fa-9588-16c163a82ed1", "title": "JobCareer <= 3.4 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "JobCareer", "slug": "jobcareer", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bbb0e81-8edd-44fa-9588-16c163a82ed1?source=api-scan" ], "published": "2020-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bcb7d69-a444-4f45-a81d-631d95ec2a60": { "id": "6bcb7d69-a444-4f45-a81d-631d95ec2a60", "title": "Mini Loops <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mini Loops", "slug": "mini-loops", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bcb7d69-a444-4f45-a81d-631d95ec2a60?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bcb9d95-acb4-4405-b785-1e5eace10dc9": { "id": "6bcb9d95-acb4-4405-b785-1e5eace10dc9", "title": "MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10 - Missing Authorization to Template Import", "software": [ { "type": "plugin", "name": "MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar", "slug": "mp3-music-player-by-sonaar", "affected_versions": { "* - 4.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bcb9d95-acb4-4405-b785-1e5eace10dc9?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bcbdf6f-770c-4496-a643-94dbf63e893a": { "id": "6bcbdf6f-770c-4496-a643-94dbf63e893a", "title": "WP Staging (Free <= 3.3.3, Pro <= 5.3.3) - Authenticated (Administrator+) Stored Cross-Site-Scripting", "software": [ { "type": "plugin", "name": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "slug": "wp-staging", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] }, { "type": "plugin", "name": "WP STAGING Pro WordPress Backup Plugin", "slug": "wp-staging-pro", "affected_versions": { "* - 5.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bcbdf6f-770c-4496-a643-94dbf63e893a?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bcc353f-cdf2-4e28-a0e0-ad149ecb1c3b": { "id": "6bcc353f-cdf2-4e28-a0e0-ad149ecb1c3b", "title": "Tera Charts < 1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "Tera Charts", "slug": "tera-charts", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bcc353f-cdf2-4e28-a0e0-ad149ecb1c3b?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bcc8b84-34ac-4f8f-9a74-43b230877e92": { "id": "6bcc8b84-34ac-4f8f-9a74-43b230877e92", "title": "Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crisp \u2013 Live Chat and Chatbot", "slug": "crisp", "affected_versions": { "* - 0.31": { "from_version": "*", "from_inclusive": true, "to_version": "0.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bcc8b84-34ac-4f8f-9a74-43b230877e92?source=api-scan" ], "published": "2021-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bcd770c-a93e-4622-8c19-d0c64aad9768": { "id": "6bcd770c-a93e-4622-8c19-d0c64aad9768", "title": "Logo Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Slider \u2013 Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin", "slug": "logo-slider-wp", "affected_versions": { "* - 3.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bcd770c-a93e-4622-8c19-d0c64aad9768?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bd03b86-e9b7-44d5-9528-efd94f0f79f5": { "id": "6bd03b86-e9b7-44d5-9528-efd94f0f79f5", "title": "Event Manager for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bd03b86-e9b7-44d5-9528-efd94f0f79f5?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bd670f5-390d-4380-b674-8846fde18d6e": { "id": "6bd670f5-390d-4380-b674-8846fde18d6e", "title": "Advanced Admin Search <= 1.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Admin Search", "slug": "advanced-admin-search", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bd670f5-390d-4380-b674-8846fde18d6e?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bd74c3f-3caf-4238-9478-81a4cfa50410": { "id": "6bd74c3f-3caf-4238-9478-81a4cfa50410", "title": "WP OAuth2 Server <= 1.0.1 - Authentication Bypass", "software": [ { "type": "plugin", "name": "WP OAuth2 Server", "slug": "oauth2-server", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bd74c3f-3caf-4238-9478-81a4cfa50410?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bd92b9d-b4b7-4106-bee4-d12b0479d0c5": { "id": "6bd92b9d-b4b7-4106-bee4-d12b0479d0c5", "title": "S2W \u2013 Import Shopify to WooCommerce <= 1.1.12 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "S2W \u2013 Import Shopify to WooCommerce", "slug": "import-shopify-to-woocommerce", "affected_versions": { "* - 1.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bd92b9d-b4b7-4106-bee4-d12b0479d0c5?source=api-scan" ], "published": "2022-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bde6384-0fcc-4726-a7e5-bad6c3993bce": { "id": "6bde6384-0fcc-4726-a7e5-bad6c3993bce", "title": "AccessAlly < 3.3.2 - Arbitrary Code Execution", "software": [ { "type": "plugin", "name": "AccessAlly", "slug": "accessally", "affected_versions": { "[*, 3.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bde6384-0fcc-4726-a7e5-bad6c3993bce?source=api-scan" ], "published": "2020-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6be26c07-cac4-42d8-becb-03045a54cd6c": { "id": "6be26c07-cac4-42d8-becb-03045a54cd6c", "title": "Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Protected Posts Logout Button", "slug": "protected-posts-logout-button", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6be26c07-cac4-42d8-becb-03045a54cd6c?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6be64d8d-fc71-40c2-baa8-985445d953ea": { "id": "6be64d8d-fc71-40c2-baa8-985445d953ea", "title": "SmartIdeo <= 2.7.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smartideo", "slug": "smartideo", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6be64d8d-fc71-40c2-baa8-985445d953ea?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bea6a77-79e8-4d3a-bd3e-2bb3d20b6fe9": { "id": "6bea6a77-79e8-4d3a-bd3e-2bb3d20b6fe9", "title": "WordPress Core <= 6.3.1 - Authenticated(Contributor+) Sensitive Information Exposure via Comments on Protected Posts", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 4.1.38": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.38", "to_inclusive": true }, "4.2 - 4.2.35": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.35", "to_inclusive": true }, "4.3 - 4.3.31": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.31", "to_inclusive": true }, "4.4 - 4.4.30": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.30", "to_inclusive": true }, "4.5 - 4.5.29": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.29", "to_inclusive": true }, "4.6 - 4.6.26": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.26", "to_inclusive": true }, "4.7 - 4.7.26": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.26", "to_inclusive": true }, "4.8 - 4.8.22": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.22", "to_inclusive": true }, "4.9 - 4.9.23": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": true }, "5.0 - 5.0.19": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.19", "to_inclusive": true }, "5.1 - 5.1.16": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": true }, "5.2 - 5.2.18": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.18", "to_inclusive": true }, "5.3 - 5.3.15": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": true }, "5.4 - 5.4.13": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": true }, "5.5 - 5.5.12": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.12", "to_inclusive": true }, "5.6 - 5.6.11": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true }, "5.7 - 5.7.9": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true }, "5.8 - 5.8.7": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": true }, "5.9 - 5.9.7": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.7", "to_inclusive": true }, "6.0 - 6.0.5": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true }, "6.1 - 6.1.3": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true }, "6.2 - 6.2.2": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": true }, "6.3 - 6.3.1": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.39", "4.2.36", "4.3.32", "4.4.31", "4.5.30", "4.6.27", "4.7.27", "4.8.23", "4.9.24", "5.0.20", "5.1.17", "5.2.19", "5.3.16", "5.4.14", "5.5.13", "5.6.12", "5.7.10", "5.8.8", "5.9.8", "6.0.6", "6.1.4", "6.2.3", "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bea6a77-79e8-4d3a-bd3e-2bb3d20b6fe9?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bef7dcd-920b-4aee-b227-c7eec9fe73fc": { "id": "6bef7dcd-920b-4aee-b227-c7eec9fe73fc", "title": "CubeWP \u2013 All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "CubeWP \u2013 All-in-One Dynamic Content Framework", "slug": "cubewp-framework", "affected_versions": { "* - 1.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bef7dcd-920b-4aee-b227-c7eec9fe73fc?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bf743b1-5a59-4e22-8c59-3c17b2646ec8": { "id": "6bf743b1-5a59-4e22-8c59-3c17b2646ec8", "title": "Store Locator < 3.34 - SQL Injection", "software": [ { "type": "plugin", "name": "Store Locator for WordPress with Google Maps \u2013 LotsOfLocales", "slug": "store-locator", "affected_versions": { "[*, 3.34)": { "from_version": "*", "from_inclusive": true, "to_version": "3.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bf743b1-5a59-4e22-8c59-3c17b2646ec8?source=api-scan" ], "published": "2015-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bf7a5c3-f30d-42d6-91f9-8eb11089a499": { "id": "6bf7a5c3-f30d-42d6-91f9-8eb11089a499", "title": "Gallery \u2013 Photo Albums Plugin < 1.2.29 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery \u2013 Photo Albums Plugin", "slug": "easy-media-gallery", "affected_versions": { "[*, 1.2.29)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.29", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bf7a5c3-f30d-42d6-91f9-8eb11089a499?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bfb8874-a2e2-474f-9f91-fefb980e2a93": { "id": "6bfb8874-a2e2-474f-9f91-fefb980e2a93", "title": "Rock Convert <= 2.10.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rock Convert", "slug": "rock-convert", "affected_versions": { "* - 2.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bfb8874-a2e2-474f-9f91-fefb980e2a93?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bfc0128-a8ef-4bb9-b5c8-7003f270aa36": { "id": "6bfc0128-a8ef-4bb9-b5c8-7003f270aa36", "title": "Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login with TOTP (Google Authenticator, Microsoft Authenticator)", "slug": "miniorange-google-authenticator", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bfc0128-a8ef-4bb9-b5c8-7003f270aa36?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6bfda384-2b39-471d-bf2a-4a8f580ddd1a": { "id": "6bfda384-2b39-471d-bf2a-4a8f580ddd1a", "title": "Envo Extra <= 1.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Envo Extra", "slug": "envo-extra", "affected_versions": { "* - 1.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6bfda384-2b39-471d-bf2a-4a8f580ddd1a?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c01da54-fbbe-42f9-a76e-8e823027d62a": { "id": "6c01da54-fbbe-42f9-a76e-8e823027d62a", "title": "WP-dTree <= 4.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-dTree", "slug": "wp-dtree-30", "affected_versions": { "* - 4.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c01da54-fbbe-42f9-a76e-8e823027d62a?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c021296-e0e8-481d-a46d-a97934492857": { "id": "6c021296-e0e8-481d-a46d-a97934492857", "title": "News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode", "software": [ { "type": "plugin", "name": "Blog Grid & Post Grid \u2013 Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack", "slug": "blog-designer-pack", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c021296-e0e8-481d-a46d-a97934492857?source=api-scan" ], "published": "2023-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c06b79a-0803-4973-ba88-b97d7145f82b": { "id": "6c06b79a-0803-4973-ba88-b97d7145f82b", "title": "Import any XML or CSV File to WordPress <= 3.6.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c06b79a-0803-4973-ba88-b97d7145f82b?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c098b35-606e-4dde-8683-4c90f518ddb5": { "id": "6c098b35-606e-4dde-8683-4c90f518ddb5", "title": "WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c098b35-606e-4dde-8683-4c90f518ddb5?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c0c6cb5-2cc7-4790-9338-11211974d5fb": { "id": "6c0c6cb5-2cc7-4790-9338-11211974d5fb", "title": "FAQs Manager <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FAQs Manager", "slug": "faqs-manager", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c0c6cb5-2cc7-4790-9338-11211974d5fb?source=api-scan" ], "published": "2013-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c18938b-6c0d-461e-b83e-26bc8e7bc1b3": { "id": "6c18938b-6c0d-461e-b83e-26bc8e7bc1b3", "title": "Ask Me < 6.8.7 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Ask Me - Responsive Questions & Answers WordPress", "slug": "ask-me", "affected_versions": { "[*, 6.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c18938b-6c0d-461e-b83e-26bc8e7bc1b3?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c18ab1b-02f1-4679-8cff-679d98dc9f4a": { "id": "6c18ab1b-02f1-4679-8cff-679d98dc9f4a", "title": "WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP DSGVO Tools (GDPR)", "slug": "shapepress-dsgvo", "affected_versions": { "[*, 3.1.24)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c18ab1b-02f1-4679-8cff-679d98dc9f4a?source=api-scan" ], "published": "2021-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c26ecf2-f5bb-427f-9f09-6b3d1fb5da3c": { "id": "6c26ecf2-f5bb-427f-9f09-6b3d1fb5da3c", "title": "Content Egg <= 5.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Egg", "slug": "content-egg", "affected_versions": { "[*, 5.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c26ecf2-f5bb-427f-9f09-6b3d1fb5da3c?source=api-scan" ], "published": "2022-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c291da3-1326-40d8-b8e1-dfcf006ace0f": { "id": "6c291da3-1326-40d8-b8e1-dfcf006ace0f", "title": "Weblizar Pin Feeds < 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Weblizar Pin Feeds", "slug": "weblizar-pinterest-feeds", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c291da3-1326-40d8-b8e1-dfcf006ace0f?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c3032ae-eb86-47d0-b160-320a67a380e1": { "id": "6c3032ae-eb86-47d0-b160-320a67a380e1", "title": "WooCommerce Reviews Plugin with Multi-criteria Rating by ReviewX < 1.2.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c3032ae-eb86-47d0-b160-320a67a380e1?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c31d037-1f9e-4887-aaff-3c32fb8b4501": { "id": "6c31d037-1f9e-4887-aaff-3c32fb8b4501", "title": "WP Hotel Booking <= 1.10.3 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 1.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c31d037-1f9e-4887-aaff-3c32fb8b4501?source=api-scan" ], "published": "2020-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c31f7d3-1f2f-4ec5-802b-ec0b22087d43": { "id": "6c31f7d3-1f2f-4ec5-802b-ec0b22087d43", "title": "WP Event Manager <= 3.1.22 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", "slug": "wp-event-manager", "affected_versions": { "* - 3.1.22": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c31f7d3-1f2f-4ec5-802b-ec0b22087d43?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c338010-9281-44dc-a121-dc2ab5fd6707": { "id": "6c338010-9281-44dc-a121-dc2ab5fd6707", "title": "PowerPack for Beaver Builder <= 2.33.0 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "PowerPack for Beaver Builder", "slug": "bbpowerpack", "affected_versions": { "* - 2.33.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.33.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c338010-9281-44dc-a121-dc2ab5fd6707?source=api-scan" ], "published": "2024-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c384f05-96dd-47bb-822d-16212527091a": { "id": "6c384f05-96dd-47bb-822d-16212527091a", "title": "Image Hover Effects for Elementor with Lightbox and Flipbox <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters", "software": [ { "type": "plugin", "name": "Image Hover Effects for Elementor with Lightbox and Flipbox", "slug": "image-hover-effects-with-carousel", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c384f05-96dd-47bb-822d-16212527091a?source=api-scan" ], "published": "2024-06-05 13:04:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c3954af-f7db-495c-b6f0-49f24d6f4b18": { "id": "6c3954af-f7db-495c-b6f0-49f24d6f4b18", "title": "GamiPress \u2013 Link <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GamiPress \u2013 Link", "slug": "gamipress-link", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c3954af-f7db-495c-b6f0-49f24d6f4b18?source=api-scan" ], "published": "2024-06-04 20:43:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c396ae6-d34c-4554-b670-28868dc136a5": { "id": "6c396ae6-d34c-4554-b670-28868dc136a5", "title": "Responsive Thumbnail Slider < 1.0.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Thumbnail carousel slider", "slug": "wp-responsive-thumbnail-slider", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c396ae6-d34c-4554-b670-28868dc136a5?source=api-scan" ], "published": "2015-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c3f4796-3496-4786-9afb-bd32827764ff": { "id": "6c3f4796-3496-4786-9afb-bd32827764ff", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c3f4796-3496-4786-9afb-bd32827764ff?source=api-scan" ], "published": "2022-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c3fe739-eed0-432c-8608-50dc08ef1456": { "id": "6c3fe739-eed0-432c-8608-50dc08ef1456", "title": "Reviews Plus <= 1.3.4 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Reviews Plus", "slug": "reviews-plus", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c3fe739-eed0-432c-8608-50dc08ef1456?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c4357a3-ef54-4843-a9ea-b1f86f542e06": { "id": "6c4357a3-ef54-4843-a9ea-b1f86f542e06", "title": "Media Slider \u2013 Photo Sleder, Video Slider, Link Slider, Carousal Slideshow <= 1.3.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Media Slider \u2013 Photo Slider, Video Slider, Link Slider, Carousal Slideshow", "slug": "media-slider", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c4357a3-ef54-4843-a9ea-b1f86f542e06?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c439914-1d5a-4607-8e5c-9279fa3b462c": { "id": "6c439914-1d5a-4607-8e5c-9279fa3b462c", "title": "Ajax Search Lite < 3.11 - Missing Authorization to Remote Code Execution", "software": [ { "type": "plugin", "name": "Ajax Search Lite", "slug": "ajax-search-lite", "affected_versions": { "[*, 3.11)": { "from_version": "*", "from_inclusive": true, "to_version": "3.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c439914-1d5a-4607-8e5c-9279fa3b462c?source=api-scan" ], "published": "2015-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c449e92-a176-4e18-a65a-df2c8275898b": { "id": "6c449e92-a176-4e18-a65a-df2c8275898b", "title": "Auto Coupons for WooCommerce <= 3.0.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Coupons for WooCommerce", "slug": "woo-auto-coupons", "affected_versions": { "* - 3.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c449e92-a176-4e18-a65a-df2c8275898b?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c48f94b-d193-429a-9383-628ae12bfdf3": { "id": "6c48f94b-d193-429a-9383-628ae12bfdf3", "title": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c48f94b-d193-429a-9383-628ae12bfdf3?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c4a9092-fd49-42fe-a84d-a9f7fe708122": { "id": "6c4a9092-fd49-42fe-a84d-a9f7fe708122", "title": "Stock Exporter for WooCommerce <= 1.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Stock Exporter for WooCommerce", "slug": "stock-exporter-for-woocommerce", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c4a9092-fd49-42fe-a84d-a9f7fe708122?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c4ae561-85f6-4fc5-bbd6-a4946dc1a714": { "id": "6c4ae561-85f6-4fc5-bbd6-a4946dc1a714", "title": "WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Profile Update", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "[*, 6.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c4ae561-85f6-4fc5-bbd6-a4946dc1a714?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c4baf2e-7f5e-4954-88f9-76d32f297aab": { "id": "6c4baf2e-7f5e-4954-88f9-76d32f297aab", "title": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026 <= 4.3 - Missing Authorization via init_endpoint", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c4baf2e-7f5e-4954-88f9-76d32f297aab?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c4f8798-c0f9-4d05-808e-375864a0ad95": { "id": "6c4f8798-c0f9-4d05-808e-375864a0ad95", "title": "UserPro <= 5.1.1 - Missing Authorization via multiple functions", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c50568c-c0ec-43f9-bf06-7347f9cfc662": { "id": "6c50568c-c0ec-43f9-bf06-7347f9cfc662", "title": "New User Email Set Up <= 0.5.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "New User Email Set Up", "slug": "new-user-email-set-up", "affected_versions": { "* - 0.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c50568c-c0ec-43f9-bf06-7347f9cfc662?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c563616-e405-4b3e-a70a-543f42118a97": { "id": "6c563616-e405-4b3e-a70a-543f42118a97", "title": "MainWP (Various Extensions) - Authenticated (Subscriber+) Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "MainWP Favorites Extension", "slug": "mainwp-favorites-extension", "affected_versions": { "* - 4.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.11" ] }, { "type": "plugin", "name": "MainWP BlogVault Backup Extension", "slug": "mainwp-blogvault-backup-extension", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c563616-e405-4b3e-a70a-543f42118a97?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c568897-a8ff-4d3d-88b5-b7aeff454cf9": { "id": "6c568897-a8ff-4d3d-88b5-b7aeff454cf9", "title": "Camera slideshow <= 1.4.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Camera slideshow", "slug": "camera-slideshow", "affected_versions": { "* - 1.4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c568897-a8ff-4d3d-88b5-b7aeff454cf9?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c57f27b-2441-4f16-ab4b-bfb68b7b793f": { "id": "6c57f27b-2441-4f16-ab4b-bfb68b7b793f", "title": "Smart Slider 3 <= 3.5.0.8 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Slider 3", "slug": "smart-slider-3", "affected_versions": { "[*, 3.5.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c57f27b-2441-4f16-ab4b-bfb68b7b793f?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c671f1e-21a7-45b7-951d-41b1c308dc9d": { "id": "6c671f1e-21a7-45b7-951d-41b1c308dc9d", "title": "Cincopa video and media plug-in < 1.137 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cincopa video and media plug-in", "slug": "video-playlist-and-gallery-plugin", "affected_versions": { "[*, 1.137)": { "from_version": "*", "from_inclusive": true, "to_version": "1.137", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.137" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c671f1e-21a7-45b7-951d-41b1c308dc9d?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c694bce-e389-492a-827d-ae5293730612": { "id": "6c694bce-e389-492a-827d-ae5293730612", "title": "Welcart e-Commerce <= 1.9.35 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 1.9.36)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.36", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c694bce-e389-492a-827d-ae5293730612?source=api-scan" ], "published": "2020-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c6a4c5f-7a02-4c53-a0ba-a2c7f592a3a8": { "id": "6c6a4c5f-7a02-4c53-a0ba-a2c7f592a3a8", "title": "Easy Digital Downloads \u2013 Simple eCommerce for Selling Digital Files <= 2.3.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c6a4c5f-7a02-4c53-a0ba-a2c7f592a3a8?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c6d0868-e5d6-4497-8967-6af46f4fe7d8": { "id": "6c6d0868-e5d6-4497-8967-6af46f4fe7d8", "title": "Flatsome <= 3.16.8 - Reflected Cross-Site Scripting in UX Builder", "software": [ { "type": "theme", "name": "Flatsome", "slug": "flatsome", "affected_versions": { "* - 3.16.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.17.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c6d0868-e5d6-4497-8967-6af46f4fe7d8?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c6e9884-0b60-4ea8-b042-55cf0fb6a6d0": { "id": "6c6e9884-0b60-4ea8-b042-55cf0fb6a6d0", "title": "Dropdown Menu Widget <= 1.9.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dropdown Menu Widget", "slug": "dropdown-menu-widget", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c6e9884-0b60-4ea8-b042-55cf0fb6a6d0?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c6fc6be-7e9a-40cb-b9cd-bb71d4f487f7": { "id": "6c6fc6be-7e9a-40cb-b9cd-bb71d4f487f7", "title": "Coupon Affiliates <= 5.4.5 - Reflected Cross-Site Scripting via 'page'", "software": [ { "type": "plugin", "name": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce", "slug": "woo-coupon-usage", "affected_versions": { "* - 5.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c6fc6be-7e9a-40cb-b9cd-bb71d4f487f7?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c704356-e5f7-4b91-a162-647717cbbb7b": { "id": "6c704356-e5f7-4b91-a162-647717cbbb7b", "title": "ApplyOnline \u2013 Application Form Builder and Manager <= 2.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ApplyOnline \u2013 Application Form Builder and Manager", "slug": "apply-online", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c704356-e5f7-4b91-a162-647717cbbb7b?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c71183f-45e7-44de-a957-614ce417db90": { "id": "6c71183f-45e7-44de-a957-614ce417db90", "title": "Vrm 360 3D Model Viewer <= 1.2.1 - Authenticated(Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Vrm 360 3D Model Viewer", "slug": "vrm360", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c71183f-45e7-44de-a957-614ce417db90?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c718d65-eb40-43db-821f-344c6eca2384": { "id": "6c718d65-eb40-43db-821f-344c6eca2384", "title": "WP-Appbox <= 4.3.17 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WP-Appbox", "slug": "wp-appbox", "affected_versions": { "* - 4.3.17": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c718d65-eb40-43db-821f-344c6eca2384?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c728fa3-e917-40ca-84ca-e907c22b0a3f": { "id": "6c728fa3-e917-40ca-84ca-e907c22b0a3f", "title": "SearchIQ <= 4.5 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "SearchIQ \u2013 The Search Solution", "slug": "searchiq", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c728fa3-e917-40ca-84ca-e907c22b0a3f?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c7871b8-6364-4821-891e-5c809c7bc4d5": { "id": "6c7871b8-6364-4821-891e-5c809c7bc4d5", "title": "QuickieBar <= 1.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "QuickieBar", "slug": "quickiebar", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c7871b8-6364-4821-891e-5c809c7bc4d5?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c8456fa-939c-4ceb-8361-a8758aec7708": { "id": "6c8456fa-939c-4ceb-8361-a8758aec7708", "title": "TI WooCommerce Wishlist <= 2.8.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "TI WooCommerce Wishlist", "slug": "ti-woocommerce-wishlist", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c8456fa-939c-4ceb-8361-a8758aec7708?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c85b895-7a55-45c6-aafb-66c7447be355": { "id": "6c85b895-7a55-45c6-aafb-66c7447be355", "title": "BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BannerMan", "slug": "bannerman", "affected_versions": { "* - 0.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c85b895-7a55-45c6-aafb-66c7447be355?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c87204d-6697-4d06-aad2-279fa95f503a": { "id": "6c87204d-6697-4d06-aad2-279fa95f503a", "title": "LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.3.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c87204d-6697-4d06-aad2-279fa95f503a?source=api-scan" ], "published": "2024-05-22 15:27:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c8b8b0a-2d84-499b-8646-0a84e47620e7": { "id": "6c8b8b0a-2d84-499b-8646-0a84e47620e7", "title": "Salon booking system <= 10.9 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 10.9": { "from_version": "*", "from_inclusive": true, "to_version": "10.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c8b8b0a-2d84-499b-8646-0a84e47620e7?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c8eaba3-9c23-4f35-8669-0ce345918fa6": { "id": "6c8eaba3-9c23-4f35-8669-0ce345918fa6", "title": "WP Shieldon <= 1.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shieldon \u2013 WordPress Firewall", "slug": "wp-shieldon", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c8eaba3-9c23-4f35-8669-0ce345918fa6?source=api-scan" ], "published": "2021-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c98430d-0881-4f45-b934-c393739ef71c": { "id": "6c98430d-0881-4f45-b934-c393739ef71c", "title": "Cryptocurrency Donation Box \u2013 Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Cryptocurrency Payment & Donation Box \u2013 Accept Payments in any Cryptocurrency on your WP Site for Free", "slug": "cryptocurrency-donation-box", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c98430d-0881-4f45-b934-c393739ef71c?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c9aaa7a-d6a7-488f-9800-7e978a765288": { "id": "6c9aaa7a-d6a7-488f-9800-7e978a765288", "title": "Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Bulk Delete Users by Email", "slug": "bulk-delete-users-by-email", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c9aaa7a-d6a7-488f-9800-7e978a765288?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6c9e5cd4-303c-48a7-aef8-20c804aa5985": { "id": "6c9e5cd4-303c-48a7-aef8-20c804aa5985", "title": "FoodBakery | Delivery Restaurant Directory WordPress Theme <= 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "FoodBakery | Delivery Restaurant Directory WordPress Theme", "slug": "foodbakery", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6c9e5cd4-303c-48a7-aef8-20c804aa5985?source=api-scan" ], "published": "2021-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ca0681a-59ca-42e6-8ee2-574590fc3ae2": { "id": "6ca0681a-59ca-42e6-8ee2-574590fc3ae2", "title": "Header Footer Code Manager <= 1.1.23 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Header Footer Code Manager", "slug": "header-footer-code-manager", "affected_versions": { "* - 1.1.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ca0681a-59ca-42e6-8ee2-574590fc3ae2?source=api-scan" ], "published": "2022-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ca08679-6aed-46c5-823c-6144112eed02": { "id": "6ca08679-6aed-46c5-823c-6144112eed02", "title": "Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Side Cart Woocommerce | Woocommerce Cart", "slug": "side-cart-woocommerce", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ca08679-6aed-46c5-823c-6144112eed02?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ca0ce12-4759-4182-b69e-665e189b92f7": { "id": "6ca0ce12-4759-4182-b69e-665e189b92f7", "title": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers <= 3.1.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ca0ce12-4759-4182-b69e-665e189b92f7?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ca16602-52e6-4d14-99a5-ca4e26b9f377": { "id": "6ca16602-52e6-4d14-99a5-ca4e26b9f377", "title": "POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Account Compromise", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ca16602-52e6-4d14-99a5-ca4e26b9f377?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ca2311c-7b44-4dad-bea0-131776205319": { "id": "6ca2311c-7b44-4dad-bea0-131776205319", "title": "Multi Rating <= 5.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Multi Rating", "slug": "multi-rating", "affected_versions": { "* - 5.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ca2311c-7b44-4dad-bea0-131776205319?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ca28c91-f75e-4691-91cf-459cc9da5ad8": { "id": "6ca28c91-f75e-4691-91cf-459cc9da5ad8", "title": "Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ca28c91-f75e-4691-91cf-459cc9da5ad8?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ca2d1d4-fcf8-4943-b9c5-9560968ae2d8": { "id": "6ca2d1d4-fcf8-4943-b9c5-9560968ae2d8", "title": "Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Add SVG Support for Media Uploader | inventivo", "slug": "add-svg-support-for-media-uploader-inventivo", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ca2d1d4-fcf8-4943-b9c5-9560968ae2d8?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ca4dff0-ca3a-44cf-a30b-36b31d2848ab": { "id": "6ca4dff0-ca3a-44cf-a30b-36b31d2848ab", "title": "Materialis Companion <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode", "software": [ { "type": "plugin", "name": "Materialis Companion", "slug": "materialis-companion", "affected_versions": { "* - 1.3.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ca4dff0-ca3a-44cf-a30b-36b31d2848ab?source=api-scan" ], "published": "2024-06-05 15:30:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cad85e1-9af0-44fa-97c7-a108b30891e2": { "id": "6cad85e1-9af0-44fa-97c7-a108b30891e2", "title": "Hacklog Down As PDF <= 2.3.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hacklog Down As PDF", "slug": "down-as-pdf", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cad85e1-9af0-44fa-97c7-a108b30891e2?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cae5b10-516a-4b60-bc15-884ece5102cf": { "id": "6cae5b10-516a-4b60-bc15-884ece5102cf", "title": "Simple Slideshow Manager <= 2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Slideshow Manager", "slug": "simple-slideshow-manager", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cae5b10-516a-4b60-bc15-884ece5102cf?source=api-scan" ], "published": "2017-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cbb51fe-ae7f-4fe8-89ad-38f6d3238cea": { "id": "6cbb51fe-ae7f-4fe8-89ad-38f6d3238cea", "title": "Store Hours for WooCommerce <= 4.3.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Hours for WooCommerce", "slug": "order-hours-scheduler-for-woocommerce", "affected_versions": { "* - 4.3.20": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cbb51fe-ae7f-4fe8-89ad-38f6d3238cea?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cbe4748-6e87-4332-b84f-615aec67bcec": { "id": "6cbe4748-6e87-4332-b84f-615aec67bcec", "title": "Getwid \u2013 Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cbe4748-6e87-4332-b84f-615aec67bcec?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cbf9636-9d9d-44d4-b873-8920f2dbb846": { "id": "6cbf9636-9d9d-44d4-b873-8920f2dbb846", "title": "Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.2.20.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.20.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cbf9636-9d9d-44d4-b873-8920f2dbb846?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cc1d7f2-053d-42d4-afb7-6fb69fd71b91": { "id": "6cc1d7f2-053d-42d4-afb7-6fb69fd71b91", "title": "Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Banner Cycler", "slug": "banner-cycler", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cc1d7f2-053d-42d4-afb7-6fb69fd71b91?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cc218fb-6c2a-4676-b2d7-86abe01c1530": { "id": "6cc218fb-6c2a-4676-b2d7-86abe01c1530", "title": "Direct checkout, Add to cart redirect for Woocommerce <= 2.1.48 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce", "slug": "add-to-cart-direct-checkout-for-woocommerce", "affected_versions": { "* - 2.1.48": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cc218fb-6c2a-4676-b2d7-86abe01c1530?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cc308f4-c94f-48ae-9d65-0685236cdfbd": { "id": "6cc308f4-c94f-48ae-9d65-0685236cdfbd", "title": "JobSearch WP Job Board <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cc308f4-c94f-48ae-9d65-0685236cdfbd?source=api-scan" ], "published": "2020-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cc4a67b-81fa-4ef6-9167-eab5cb9002ec": { "id": "6cc4a67b-81fa-4ef6-9167-eab5cb9002ec", "title": "Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via \"Price List\" Element", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cc4a67b-81fa-4ef6-9167-eab5cb9002ec?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cc5f274-6e71-47a1-b4ec-9b3ba46fd7bf": { "id": "6cc5f274-6e71-47a1-b4ec-9b3ba46fd7bf", "title": "123ContactForm for WordPress <= 1.5.6 - Validation Bypass via Plugin Verification", "software": [ { "type": "plugin", "name": "123ContactForm for WordPress", "slug": "123contactform-for-wordpress", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cc5f274-6e71-47a1-b4ec-9b3ba46fd7bf?source=api-scan" ], "published": "2021-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cc65564-bda7-4e59-be74-f0341913618f": { "id": "6cc65564-bda7-4e59-be74-f0341913618f", "title": "Stripe Payments For WooCommerce by Checkout <= 1.9.1 - Unauthenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Stripe Payments For WooCommerce by Checkout Plugins", "slug": "checkout-plugins-stripe-woo", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cc65564-bda7-4e59-be74-f0341913618f?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cc6d71c-fb19-4142-a8be-4175afc1713c": { "id": "6cc6d71c-fb19-4142-a8be-4175afc1713c", "title": "WordPress Core < 5.2.4 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.30": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.30", "to_inclusive": true }, "3.8 - 3.8.30": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.30", "to_inclusive": true }, "3.9 - 3.9.28": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.28", "to_inclusive": true }, "4.0 - 4.0.27": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true }, "4.1 - 4.1.27": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.27", "to_inclusive": true }, "4.2 - 4.2.24": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.24", "to_inclusive": true }, "4.3 - 4.3.20": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true }, "4.4 - 4.4.19": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.19", "to_inclusive": true }, "4.5 - 4.5.18": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.18", "to_inclusive": true }, "4.6 - 4.6.15": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true }, "4.7 - 4.7.14": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.14", "to_inclusive": true }, "4.8 - 4.8.10": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.10", "to_inclusive": true }, "4.9 - 4.9.11": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.11", "to_inclusive": true }, "5.0 - 5.0.6": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true }, "5.1 - 5.1.2": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true }, "5.2 - 5.2.3": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.31", "3.8.31", "3.9.29", "4.0.28", "4.1.28", "4.2.25", "4.3.21", "4.4.20", "4.5.19", "4.6.16", "4.7.15", "4.8.11", "4.9.12", "5.0.7", "5.1.3", "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cc6d71c-fb19-4142-a8be-4175afc1713c?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cc83edb-44ce-4dc9-8cba-734775a94779": { "id": "6cc83edb-44ce-4dc9-8cba-734775a94779", "title": "Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More < 3.3.1.0 - Authenticated SQL Injection via product_id Parameter", "software": [ { "type": "plugin", "name": "Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More", "slug": "purple-xmls-google-product-feed-for-woocommerce", "affected_versions": { "[*, 3.3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cc83edb-44ce-4dc9-8cba-734775a94779?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cd49c60-e845-4dbb-b6b1-bd59aa1bb3ba": { "id": "6cd49c60-e845-4dbb-b6b1-bd59aa1bb3ba", "title": "Crayon Syntax Highlighter 2.0 - 2.6.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Crayon Syntax Highlighter", "slug": "crayon-syntax-highlighter", "affected_versions": { "2.0 - 2.6.10": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cd49c60-e845-4dbb-b6b1-bd59aa1bb3ba?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cd58adb-31cd-49e2-9c9d-e248b4b0a778": { "id": "6cd58adb-31cd-49e2-9c9d-e248b4b0a778", "title": "Product Catalog Simple <= 1.6.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Catalog Simple", "slug": "post-type-x", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cd58adb-31cd-49e2-9c9d-e248b4b0a778?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cd64ab0-007b-4778-9d92-06e530638fad": { "id": "6cd64ab0-007b-4778-9d92-06e530638fad", "title": "Getwid \u2013 Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cd64ab0-007b-4778-9d92-06e530638fad?source=api-scan" ], "published": "2023-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cd9cbba-10b0-4fb0-ad49-4593a307a615": { "id": "6cd9cbba-10b0-4fb0-ad49-4593a307a615", "title": "WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "* - 9.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cdc0096-8e21-4b82-b9d0-961f48907a09": { "id": "6cdc0096-8e21-4b82-b9d0-961f48907a09", "title": "WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 4.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cdc0096-8e21-4b82-b9d0-961f48907a09?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ce726da-4860-4809-b579-9ec0d31a2fb1": { "id": "6ce726da-4860-4809-b579-9ec0d31a2fb1", "title": "Easy Social Feed <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via fb_appid", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ce726da-4860-4809-b579-9ec0d31a2fb1?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cee8cd9-7fa9-4154-9d74-ab54da18e521": { "id": "6cee8cd9-7fa9-4154-9d74-ab54da18e521", "title": "Easy Textillate <= 2.02 - Authenticated(Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Textillate", "slug": "easy-textillate", "affected_versions": { "* - 2.02": { "from_version": "*", "from_inclusive": true, "to_version": "2.02", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cee8cd9-7fa9-4154-9d74-ab54da18e521?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6cf64714-69e9-4734-b9f9-eb906a554005": { "id": "6cf64714-69e9-4734-b9f9-eb906a554005", "title": "Patricia Blog <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Patricia Blog", "slug": "patricia-blog", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6cf64714-69e9-4734-b9f9-eb906a554005?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d041edb-70f3-4894-8a78-f6881541054c": { "id": "6d041edb-70f3-4894-8a78-f6881541054c", "title": "Shop as a Customer for WooCommerce <= 1.1.7 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Shop as a Customer for WooCommerce", "slug": "shop-as-a-customer-for-woocommerce", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d041edb-70f3-4894-8a78-f6881541054c?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d063374-ecb2-41de-872d-18f94aac7e03": { "id": "6d063374-ecb2-41de-872d-18f94aac7e03", "title": "LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LifterLMS Paypal", "slug": "lifterlms-gateway-paypal", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d063374-ecb2-41de-872d-18f94aac7e03?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d0fcd82-6d4a-454f-8056-a896e8d41d00": { "id": "6d0fcd82-6d4a-454f-8056-a896e8d41d00", "title": "LifterLMS <= 7.4.2 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "* - 7.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d0fcd82-6d4a-454f-8056-a896e8d41d00?source=api-scan" ], "published": "2023-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d0fff4d-e9fa-45ef-9593-753b40a71d38": { "id": "6d0fff4d-e9fa-45ef-9593-753b40a71d38", "title": "Basil <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Basil", "slug": "basil", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d0fff4d-e9fa-45ef-9593-753b40a71d38?source=api-scan" ], "published": "2024-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d14a90d-65ea-45da-956b-0735e2e2b538": { "id": "6d14a90d-65ea-45da-956b-0735e2e2b538", "title": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d14a90d-65ea-45da-956b-0735e2e2b538?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d1517d4-79d0-4d4b-b54d-86e00dabd874": { "id": "6d1517d4-79d0-4d4b-b54d-86e00dabd874", "title": "Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for Contact Form 7", "slug": "ultimate-addons-for-contact-form-7", "affected_versions": { "[*, 3.1.29)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.29", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d1517d4-79d0-4d4b-b54d-86e00dabd874?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d1ad409-d5d3-4231-9a7c-de881c7b9de2": { "id": "6d1ad409-d5d3-4231-9a7c-de881c7b9de2", "title": "WP Fastest Cache <= 0.8.9.0 - Directory Traversal to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d1ad409-d5d3-4231-9a7c-de881c7b9de2?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d1b255f-d775-4bd5-892e-42bf82dd5632": { "id": "6d1b255f-d775-4bd5-892e-42bf82dd5632", "title": "Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "* - 2.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d1b255f-d775-4bd5-892e-42bf82dd5632?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d1b948a-7a7e-4bdf-af1d-559f34d4baa3": { "id": "6d1b948a-7a7e-4bdf-af1d-559f34d4baa3", "title": "Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d1b948a-7a7e-4bdf-af1d-559f34d4baa3?source=api-scan" ], "published": "2024-06-28 17:53:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d1d541b-7010-4dbf-9b1c-d59c84390065": { "id": "6d1d541b-7010-4dbf-9b1c-d59c84390065", "title": "FlyingPress <= 3.9.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "FlyingPress", "slug": "flying-press", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d1d541b-7010-4dbf-9b1c-d59c84390065?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d27544c-97a5-42cd-ab07-358f819acbc4": { "id": "6d27544c-97a5-42cd-ab07-358f819acbc4", "title": "Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.10.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d27544c-97a5-42cd-ab07-358f819acbc4?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d2e3252-454c-47a2-a09d-5d0474c82e2b": { "id": "6d2e3252-454c-47a2-a09d-5d0474c82e2b", "title": "Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access", "software": [ { "type": "plugin", "name": "Custom Content Shortcode", "slug": "custom-content-shortcode", "affected_versions": { "* - 3.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d2e3252-454c-47a2-a09d-5d0474c82e2b?source=api-scan" ], "published": "2022-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d3089d3-8ea4-47f7-bbcd-3408a099ae94": { "id": "6d3089d3-8ea4-47f7-bbcd-3408a099ae94", "title": "Corsa Theme <= 1.5 - Authenticated Arbitrary File Upload", "software": [ { "type": "theme", "name": "Corsa", "slug": "corsa", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d3089d3-8ea4-47f7-bbcd-3408a099ae94?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d3668b3-2bf9-48fa-af14-d0917c8b99f5": { "id": "6d3668b3-2bf9-48fa-af14-d0917c8b99f5", "title": "Payment Form for PayPal Pro < 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Payment Form for PayPal Pro", "slug": "payment-form-for-paypal-pro", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d3668b3-2bf9-48fa-af14-d0917c8b99f5?source=api-scan" ], "published": "2015-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d3b9d15-f6a9-4d1c-ada5-8c48add839a2": { "id": "6d3b9d15-f6a9-4d1c-ada5-8c48add839a2", "title": "Bit Form Pro <= 2.6.4 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Bit Form Pro", "slug": "bitformpro", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d3b9d15-f6a9-4d1c-ada5-8c48add839a2?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d3bb015-5a01-4450-80d3-c37d5d7d8926": { "id": "6d3bb015-5a01-4450-80d3-c37d5d7d8926", "title": "Flash Video Player <= 5.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Flash Video Player", "slug": "flash-video-player", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d3bb015-5a01-4450-80d3-c37d5d7d8926?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d3bfb78-0538-4627-a206-8d8b5b200bc7": { "id": "6d3bfb78-0538-4627-a206-8d8b5b200bc7", "title": "Custom Contact Forms <= 5.1.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Custom Contact Forms", "slug": "custom-contact-forms", "affected_versions": { "[*, 5.1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d3bfb78-0538-4627-a206-8d8b5b200bc7?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d3c51e9-d66c-434f-8b01-e5af258c9a8b": { "id": "6d3c51e9-d66c-434f-8b01-e5af258c9a8b", "title": "TemplatesNext OnePager <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TemplatesNext OnePager", "slug": "templatesnext-onepager", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d3c51e9-d66c-434f-8b01-e5af258c9a8b?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d3cff57-ea8a-4082-bc05-d62b9d92f0e6": { "id": "6d3cff57-ea8a-4082-bc05-d62b9d92f0e6", "title": "Hide login page <= 1.1.7 - Login Page Disclosure", "software": [ { "type": "plugin", "name": "Hide login page, Hide wp admin \u2013 stop attack on login page", "slug": "hide-login-page", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d3cff57-ea8a-4082-bc05-d62b9d92f0e6?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d420e73-24d5-4da8-8257-e0c7f0273031": { "id": "6d420e73-24d5-4da8-8257-e0c7f0273031", "title": "Five Star Restaurant Reservations <= 2.6.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Five Star Restaurant Reservations \u2013 WordPress Booking Plugin", "slug": "restaurant-reservations", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d420e73-24d5-4da8-8257-e0c7f0273031?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d43235b-9c5e-4d7f-99f0-28dcab4b2a91": { "id": "6d43235b-9c5e-4d7f-99f0-28dcab4b2a91", "title": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction", "slug": "paid-member-subscriptions", "affected_versions": { "* - 2.12.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d43235b-9c5e-4d7f-99f0-28dcab4b2a91?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d4544b9-bb15-47e2-b377-0bae91aba4da": { "id": "6d4544b9-bb15-47e2-b377-0bae91aba4da", "title": "3com \u2013 Asesor de Cookies <= 3.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3com \u2013 Asesor de Cookies para normativa espa\u00f1ola", "slug": "3com-asesor-de-cookies", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d4544b9-bb15-47e2-b377-0bae91aba4da?source=api-scan" ], "published": "2022-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d48c52b-f42f-4c25-892f-3cce9ed8cbee": { "id": "6d48c52b-f42f-4c25-892f-3cce9ed8cbee", "title": "Count per Day <= 3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d48c52b-f42f-4c25-892f-3cce9ed8cbee?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d490bfb-6560-428e-ad91-0f8d8bc9b1f2": { "id": "6d490bfb-6560-428e-ad91-0f8d8bc9b1f2", "title": "ProfileGrid <= 5.5.0 - Hardcoded Encryption Key", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d53cd00-3d7b-4096-bc25-354fd4020f8b": { "id": "6d53cd00-3d7b-4096-bc25-354fd4020f8b", "title": "WP Job Manager <= 2.2.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "WP Job Manager", "slug": "wp-job-manager", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d53cd00-3d7b-4096-bc25-354fd4020f8b?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d564606-695e-4e8c-90de-1d55afc06103": { "id": "6d564606-695e-4e8c-90de-1d55afc06103", "title": "Photo Gallery <= 1.5.66 - Authenticated Stored Cross-Site Scripting via Gallery Title", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.67)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d564606-695e-4e8c-90de-1d55afc06103?source=api-scan" ], "published": "2021-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d571dcc-74a4-4380-8961-890f10443b80": { "id": "6d571dcc-74a4-4380-8961-890f10443b80", "title": "WP-CORS <= 0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-CORS", "slug": "wp-cors", "affected_versions": { "* - 0.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d571dcc-74a4-4380-8961-890f10443b80?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d5c17cb-98a9-45f0-b94f-02b48193949f": { "id": "6d5c17cb-98a9-45f0-b94f-02b48193949f", "title": "Larsens Calender <= 1.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Larsens Calender", "slug": "larsens-calender", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d5c17cb-98a9-45f0-b94f-02b48193949f?source=api-scan" ], "published": "2021-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d5ef392-6aea-4fab-95ce-d36d1cd17026": { "id": "6d5ef392-6aea-4fab-95ce-d36d1cd17026", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio < 3.1.0 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "[*, 3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d5ef392-6aea-4fab-95ce-d36d1cd17026?source=api-scan" ], "published": "2012-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d63e898-43e5-42b5-96b6-1453352e0cae": { "id": "6d63e898-43e5-42b5-96b6-1453352e0cae", "title": "Bricks Builder <= 1.9.8 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Bricks Builder", "slug": "bricksbuilder", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d63e898-43e5-42b5-96b6-1453352e0cae?source=api-scan" ], "published": "2024-06-21 15:59:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d643d07-7533-430b-a1d8-8e66a2a2c5e6": { "id": "6d643d07-7533-430b-a1d8-8e66a2a2c5e6", "title": "WordPress Infinite Scroll \u2013 Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d643d07-7533-430b-a1d8-8e66a2a2c5e6?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d700580-1374-4a17-a6b3-59ba1d063030": { "id": "6d700580-1374-4a17-a6b3-59ba1d063030", "title": "WordPress Download Manager < 3.1.23 - Arbitrary Asset Manager Usage", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.1.23)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d700580-1374-4a17-a6b3-59ba1d063030?source=api-scan" ], "published": "2021-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d797f36-f485-4049-83f0-01d0cb409a92": { "id": "6d797f36-f485-4049-83f0-01d0cb409a92", "title": "Generate Dummy Posts <= 1.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Generate Dummy Posts", "slug": "generate-dummy-posts", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d797f36-f485-4049-83f0-01d0cb409a92?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d79ebec-2a80-4b9a-b6d3-f3e9be30047a": { "id": "6d79ebec-2a80-4b9a-b6d3-f3e9be30047a", "title": "Blue Admin <= 21.06.01 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Blue Admin", "slug": "blue-admin", "affected_versions": { "* - 21.06.01": { "from_version": "*", "from_inclusive": true, "to_version": "21.06.01", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d79ebec-2a80-4b9a-b6d3-f3e9be30047a?source=api-scan" ], "published": "2021-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d7f9291-5a57-4aca-b18f-623bf07348a4": { "id": "6d7f9291-5a57-4aca-b18f-623bf07348a4", "title": "WooCommerce PDF Invoices & Packing Slips <= 2.10.4 - Reflected Cross-Site Scripting via tab and section parameter", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "[*, 2.10.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d7f9291-5a57-4aca-b18f-623bf07348a4?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d84fa60-f780-41e2-96dc-57057c646e01": { "id": "6d84fa60-f780-41e2-96dc-57057c646e01", "title": "Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery via deleteRedirect()", "software": [ { "type": "plugin", "name": "Premmerce Redirect Manager", "slug": "premmerce-redirect-manager", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d84fa60-f780-41e2-96dc-57057c646e01?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d88433a-dff4-4524-9b1a-1ef929568a52": { "id": "6d88433a-dff4-4524-9b1a-1ef929568a52", "title": "SEO Redirection Plugin - 301 Redirect Manager <= 6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "* - 6.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d88433a-dff4-4524-9b1a-1ef929568a52?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d8f59b0-da92-43aa-990d-5271aa40d6b4": { "id": "6d8f59b0-da92-43aa-990d-5271aa40d6b4", "title": "AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable <= 1.6.82 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "[*, 1.6.83)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.83", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d8f59b0-da92-43aa-990d-5271aa40d6b4?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d8f7252-5e91-4e42-a6a5-056da491b4f1": { "id": "6d8f7252-5e91-4e42-a6a5-056da491b4f1", "title": "Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "* - 5.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.5" ] }, { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d8f7252-5e91-4e42-a6a5-056da491b4f1?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d923bbe-5976-43c5-a34d-d2758c83f607": { "id": "6d923bbe-5976-43c5-a34d-d2758c83f607", "title": "ProfileGrid <= 5.8.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d923bbe-5976-43c5-a34d-d2758c83f607?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d93ce6c-0139-472c-a5ec-21fdf33cd898": { "id": "6d93ce6c-0139-472c-a5ec-21fdf33cd898", "title": "Titan Anti-spam & Security <= 4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Titan Anti-spam & Security", "slug": "anti-spam", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d93ce6c-0139-472c-a5ec-21fdf33cd898?source=api-scan" ], "published": "2016-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d9431b3-d37e-4d19-b07d-d5357affe346": { "id": "6d9431b3-d37e-4d19-b07d-d5357affe346", "title": "iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iPanorama 360 \u2013 WordPress Virtual Tour Builder", "slug": "ipanorama-360-virtual-tour-builder-lite", "affected_versions": { "* - 1.6.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d9431b3-d37e-4d19-b07d-d5357affe346?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d9a3ad3-90fa-46bc-b42a-7616c02a8b50": { "id": "6d9a3ad3-90fa-46bc-b42a-7616c02a8b50", "title": "Add From Server <= 3.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Add From Server", "slug": "add-from-server", "affected_versions": { "[*, 3.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d9a3ad3-90fa-46bc-b42a-7616c02a8b50?source=api-scan" ], "published": "2016-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d9eb54f-4ff2-49d6-94d7-73aa75edb97b": { "id": "6d9eb54f-4ff2-49d6-94d7-73aa75edb97b", "title": "Easy Digital Downloads <= 3.2.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d9eb54f-4ff2-49d6-94d7-73aa75edb97b?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d9f5901-dc11-4877-b753-deb9c03f4a4e": { "id": "6d9f5901-dc11-4877-b753-deb9c03f4a4e", "title": "Zita Elementor Site Library <= 1.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Zita Elementor Site Library", "slug": "zita-site-library", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d9f5901-dc11-4877-b753-deb9c03f4a4e?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6d9fb74d-58fd-4881-970d-86944c8784c4": { "id": "6d9fb74d-58fd-4881-970d-86944c8784c4", "title": "KN Fix Your Title <= 1.0.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "KN Fix Your Title", "slug": "kn-fix-your", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6d9fb74d-58fd-4881-970d-86944c8784c4?source=api-scan" ], "published": "2021-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6da00adc-8fc0-4d8f-9ff3-8c21223199f4": { "id": "6da00adc-8fc0-4d8f-9ff3-8c21223199f4", "title": "Scroll post excerpt <= 8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scroll post excerpt", "slug": "scroll-post-excerpt", "affected_versions": { "* - 8.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6da00adc-8fc0-4d8f-9ff3-8c21223199f4?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6da0a85d-0c6f-40ae-8a3d-85222f0e7cc5": { "id": "6da0a85d-0c6f-40ae-8a3d-85222f0e7cc5", "title": "Ivory Search \u2013 WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "* - 4.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6da0a85d-0c6f-40ae-8a3d-85222f0e7cc5?source=api-scan" ], "published": "2021-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6da7046e-2717-4a3c-bba9-88f27de29ede": { "id": "6da7046e-2717-4a3c-bba9-88f27de29ede", "title": "PublishPress Capabilities <= 2.5.1 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "PublishPress Capabilities Pro", "slug": "capabilities-pro", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] }, { "type": "plugin", "name": "PublishPress Capabilities \u2013 User Role Editor, Access Permissions, Admin Menus", "slug": "capability-manager-enhanced", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6da7046e-2717-4a3c-bba9-88f27de29ede?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6dac6353-9e70-482d-b54b-ffde661b212c": { "id": "6dac6353-9e70-482d-b54b-ffde661b212c", "title": "OSM - OpenStreetMap <= 6.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via 'osm_map' Shortcode", "software": [ { "type": "plugin", "name": "OSM \u2013 OpenStreetMap", "slug": "osm", "affected_versions": { "* - 6.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6dac6353-9e70-482d-b54b-ffde661b212c?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6dafc81c-f1be-422d-b34f-87f1956e8849": { "id": "6dafc81c-f1be-422d-b34f-87f1956e8849", "title": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026 <= 4.4 - Missing Authorization on publish_lp()", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6dafc81c-f1be-422d-b34f-87f1956e8849?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6db51b8e-2e4b-4041-b261-d46cfdb372dc": { "id": "6db51b8e-2e4b-4041-b261-d46cfdb372dc", "title": "Backup and Restore WordPress WordPress <= 1.45 - Unauthenticated Information Exposure via Log Files", "software": [ { "type": "plugin", "name": "Backup and Restore WordPress \u2013 Backup Plugin", "slug": "wp-backitup", "affected_versions": { "* - 1.45": { "from_version": "*", "from_inclusive": true, "to_version": "1.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6db51b8e-2e4b-4041-b261-d46cfdb372dc?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6db5f214-ba1a-4528-9bb6-0592822bf8bb": { "id": "6db5f214-ba1a-4528-9bb6-0592822bf8bb", "title": "WOOCS \u2013 WooCommerce Currency Switcher <= 1.4.1.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.4.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6db5f214-ba1a-4528-9bb6-0592822bf8bb?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6db9c59e-16bc-4e61-9040-7000b212675f": { "id": "6db9c59e-16bc-4e61-9040-7000b212675f", "title": "Tutor LMS <= 1.9.8 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "[*, 1.9.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6db9c59e-16bc-4e61-9040-7000b212675f?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6dbc64eb-1da6-4086-9fe1-3d9080bef12e": { "id": "6dbc64eb-1da6-4086-9fe1-3d9080bef12e", "title": "MyCurator Content Curation <= 3.76 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MyCurator Content Curation", "slug": "mycurator", "affected_versions": { "* - 3.76": { "from_version": "*", "from_inclusive": true, "to_version": "3.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6dbc64eb-1da6-4086-9fe1-3d9080bef12e?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6dc144cd-7119-477f-9fa1-b00cab215077": { "id": "6dc144cd-7119-477f-9fa1-b00cab215077", "title": "Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass", "software": [ { "type": "plugin", "name": "Coming Soon, Under Construction & Maintenance Mode By Dazzler", "slug": "coming-soon-wp", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6dc144cd-7119-477f-9fa1-b00cab215077?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6dc2e720-85d9-42d9-94ef-eb172425993d": { "id": "6dc2e720-85d9-42d9-94ef-eb172425993d", "title": "SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.67": { "from_version": "*", "from_inclusive": true, "to_version": "4.67", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6dc2e720-85d9-42d9-94ef-eb172425993d?source=api-scan" ], "published": "2023-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6dc3f308-d1e1-430b-bccd-168c0972fe7c": { "id": "6dc3f308-d1e1-430b-bccd-168c0972fe7c", "title": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update", "software": [ { "type": "plugin", "name": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block", "slug": "html5-video-player", "affected_versions": { "* - 2.5.34": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6dc3f308-d1e1-430b-bccd-168c0972fe7c?source=api-scan" ], "published": "2024-09-10 15:52:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6dd6e04c-bac4-49c3-a934-7d3f43767684": { "id": "6dd6e04c-bac4-49c3-a934-7d3f43767684", "title": "Konzept (Unknown Version) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Konzept - Fullscreen Portfolio WordPress Theme", "slug": "konzept", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6dd6e04c-bac4-49c3-a934-7d3f43767684?source=api-scan" ], "published": "2012-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ddf0452-3afe-4ada-bccc-30c818968a81": { "id": "6ddf0452-3afe-4ada-bccc-30c818968a81", "title": "Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change", "software": [ { "type": "plugin", "name": "Simplr Registration Form Plus+", "slug": "simplr-registration-form", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ddf0452-3afe-4ada-bccc-30c818968a81?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6de73c31-a58d-41d9-aaed-2d7853ad1f25": { "id": "6de73c31-a58d-41d9-aaed-2d7853ad1f25", "title": "Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 6.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6de73c31-a58d-41d9-aaed-2d7853ad1f25?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6defd072-0203-471a-96cf-579a9eebcd9f": { "id": "6defd072-0203-471a-96cf-579a9eebcd9f", "title": "RT Easy Builder \u2013 Advanced addons for Elementor <= 2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "RT Easy Builder \u2013 Advanced addons for Elementor", "slug": "rt-easy-builder-advanced-addons-for-elementor", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6defd072-0203-471a-96cf-579a9eebcd9f?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6df29b14-0c9d-4ecf-96be-8c39c93121e2": { "id": "6df29b14-0c9d-4ecf-96be-8c39c93121e2", "title": "The Events Calendar <= 6.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6df29b14-0c9d-4ecf-96be-8c39c93121e2?source=api-scan" ], "published": "2024-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6df68d66-7294-4dff-8ba8-394932a64281": { "id": "6df68d66-7294-4dff-8ba8-394932a64281", "title": "Layer Slider <= 1.1.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Layer Slider", "slug": "slider-slideshow", "affected_versions": { "* - 1.1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6df68d66-7294-4dff-8ba8-394932a64281?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6df7bd57-7d2f-4098-b2d0-ffb2e8ed5868": { "id": "6df7bd57-7d2f-4098-b2d0-ffb2e8ed5868", "title": "Enable SVG, WebP & ICO Upload <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Enable SVG, WebP & ICO Upload \u00a0", "slug": "enable-svg-webp-ico-upload", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6df7bd57-7d2f-4098-b2d0-ffb2e8ed5868?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6dfe91d5-305b-414a-bbed-23c089be6176": { "id": "6dfe91d5-305b-414a-bbed-23c089be6176", "title": "Gallery Bank \u2013 WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Media Upload", "software": [ { "type": "plugin", "name": "Gallery Bank \u2013 WordPress Photo Gallery Plugin", "slug": "gallery-bank", "affected_versions": { "* - 4.0.50": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.50", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6dfe91d5-305b-414a-bbed-23c089be6176?source=api-scan" ], "published": "2022-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e00b187-9a28-45fb-8d4d-e9401d739486": { "id": "6e00b187-9a28-45fb-8d4d-e9401d739486", "title": "Popup Like box <= 3.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Like box \u2013 Page Plugin", "slug": "ays-facebook-popup-likebox", "affected_versions": { "[*, 3.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e00b187-9a28-45fb-8d4d-e9401d739486?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e0384c0-9b34-4af8-af86-75ef1e8d933b": { "id": "6e0384c0-9b34-4af8-af86-75ef1e8d933b", "title": "ReDi Restaurant Reservation <= 21.0307 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ReDi Restaurant Reservation", "slug": "redi-restaurant-reservation", "affected_versions": { "* - 21.0307": { "from_version": "*", "from_inclusive": true, "to_version": "21.0307", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.0426" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e0384c0-9b34-4af8-af86-75ef1e8d933b?source=api-scan" ], "published": "2021-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e0945eb-ceec-4536-822a-fe864c21b580": { "id": "6e0945eb-ceec-4536-822a-fe864c21b580", "title": "REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "REST API TO MiniProgram", "slug": "rest-api-to-miniprogram", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e0945eb-ceec-4536-822a-fe864c21b580?source=api-scan" ], "published": "2024-09-24 12:22:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e0bdbba-2b67-42b9-8c26-115d472aed0e": { "id": "6e0bdbba-2b67-42b9-8c26-115d472aed0e", "title": "Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "slug": "astra-sites", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] }, { "type": "plugin", "name": "Premium Starter Templates", "slug": "astra-pro-sites", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e0bdbba-2b67-42b9-8c26-115d472aed0e?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e0e8f5f-8216-4276-a810-860f9b52c447": { "id": "6e0e8f5f-8216-4276-a810-860f9b52c447", "title": "WPLMS Learning Management System for WordPress, WordPress LMS <= 1.8.4.1 - Privilege Escalation", "software": [ { "type": "theme", "name": "WPLMS Learning Management System for WordPress, WordPress LMS", "slug": "wplms", "affected_versions": { "* - 1.8.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e0e8f5f-8216-4276-a810-860f9b52c447?source=api-scan" ], "published": "2015-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e15a7b0-2b0e-468d-a245-cec2ed77d73b": { "id": "6e15a7b0-2b0e-468d-a245-cec2ed77d73b", "title": "Menu Item Visibility Control <= 0.5 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Menu Item Visibility Control", "slug": "menu-items-visibility-control", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e15a7b0-2b0e-468d-a245-cec2ed77d73b?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e15d285-aa1d-461d-bdc2-642e7ccd789b": { "id": "6e15d285-aa1d-461d-bdc2-642e7ccd789b", "title": "Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization", "software": [ { "type": "plugin", "name": "Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce", "slug": "a4-barcode-generator", "affected_versions": { "* - 3.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e15d285-aa1d-461d-bdc2-642e7ccd789b?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e273662-935f-45ad-b424-612da0799eba": { "id": "6e273662-935f-45ad-b424-612da0799eba", "title": "Landingi Landing Pages <= 3.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Landingi Landing Pages", "slug": "landingi-landing-pages", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e273662-935f-45ad-b424-612da0799eba?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e29fd6b-462a-42be-9a2a-b6717b20a937": { "id": "6e29fd6b-462a-42be-9a2a-b6717b20a937", "title": "WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db", "software": [ { "type": "plugin", "name": "WP Activity Log Premium", "slug": "wp-security-audit-log-premium", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e29fd6b-462a-42be-9a2a-b6717b20a937?source=api-scan" ], "published": "2023-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e2d0b38-8241-456f-a79b-5d31132b3233": { "id": "6e2d0b38-8241-456f-a79b-5d31132b3233", "title": "Premium Addons for Elementor <= 4.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner, Team Members, and Image Scroll Widgets", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.21": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e2d0b38-8241-456f-a79b-5d31132b3233?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e32504a-0365-4ff7-9637-11ee04441a17": { "id": "6e32504a-0365-4ff7-9637-11ee04441a17", "title": "WP Social Feed Gallery <= 4.3.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Feed Gallery", "slug": "insta-gallery", "affected_versions": { "* - 4.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e32504a-0365-4ff7-9637-11ee04441a17?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e327239-b4f0-4d21-b25e-f015498981cb": { "id": "6e327239-b4f0-4d21-b25e-f015498981cb", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e327239-b4f0-4d21-b25e-f015498981cb?source=api-scan" ], "published": "2014-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e32ff58-e205-4c81-82d1-2a1048256747": { "id": "6e32ff58-e205-4c81-82d1-2a1048256747", "title": "MailCWP <= 1.100 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MailCWP", "slug": "mailcwp", "affected_versions": { "* - 1.100": { "from_version": "*", "from_inclusive": true, "to_version": "1.100", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e32ff58-e205-4c81-82d1-2a1048256747?source=api-scan" ], "published": "2015-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e330894-9a15-4ce3-b388-90fda3d98f8b": { "id": "6e330894-9a15-4ce3-b388-90fda3d98f8b", "title": "External Media without Import <= 1.1.2 - Authenticated (Subscriber+) Blind Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "External Media without Import", "slug": "external-media-without-import", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e330894-9a15-4ce3-b388-90fda3d98f8b?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e349cae-a996-4a32-807a-a98ebcb01edd": { "id": "6e349cae-a996-4a32-807a-a98ebcb01edd", "title": "ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url", "software": [ { "type": "plugin", "name": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "slug": "arforms-form-builder", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e349cae-a996-4a32-807a-a98ebcb01edd?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e3524a6-4f12-4640-96a0-da60afa0b770": { "id": "6e3524a6-4f12-4640-96a0-da60afa0b770", "title": "Quick Paypal Payments < 3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Paypal Payments", "slug": "quick-paypal-payments", "affected_versions": { "[*, 3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e3524a6-4f12-4640-96a0-da60afa0b770?source=api-scan" ], "published": "2013-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e363a62-8d31-4140-878b-5034d6c7b6a1": { "id": "6e363a62-8d31-4140-878b-5034d6c7b6a1", "title": "Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.92": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.92", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=api-scan" ], "published": "2024-06-11 19:58:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e385a61-a6c7-41a8-b0f4-619055b66b3a": { "id": "6e385a61-a6c7-41a8-b0f4-619055b66b3a", "title": "Highlight <= 1.0.29 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Highlight", "slug": "highlight", "affected_versions": { "* - 1.0.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e385a61-a6c7-41a8-b0f4-619055b66b3a?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e3e73b4-591d-4520-afd5-44e2bb76e4f1": { "id": "6e3e73b4-591d-4520-afd5-44e2bb76e4f1", "title": "Polls CP < 1.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Polls CP", "slug": "cp-polls", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e3e73b4-591d-4520-afd5-44e2bb76e4f1?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e50081f-6658-4cc7-bf0a-d04464820926": { "id": "6e50081f-6658-4cc7-bf0a-d04464820926", "title": "ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.14.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e50081f-6658-4cc7-bf0a-d04464820926?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e520850-5cc7-40f8-9222-e7e50d21f347": { "id": "6e520850-5cc7-40f8-9222-e7e50d21f347", "title": "WP-Planet <= 0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Planet", "slug": "wp-planet", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e520850-5cc7-40f8-9222-e7e50d21f347?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e53e70f-45fc-41a6-8436-a8b14f7685d0": { "id": "6e53e70f-45fc-41a6-8436-a8b14f7685d0", "title": "Contact Form by Supsystic < 1.7.20 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by Supsystic", "slug": "contact-form-by-supsystic", "affected_versions": { "[*, 1.7.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e53e70f-45fc-41a6-8436-a8b14f7685d0?source=api-scan" ], "published": "2021-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e54a627-7882-47de-ba36-1c34754bd64a": { "id": "6e54a627-7882-47de-ba36-1c34754bd64a", "title": "Houzez <= 1.8.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Houzez", "slug": "houzez", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e54a627-7882-47de-ba36-1c34754bd64a?source=api-scan" ], "published": "2020-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e5a4ebe-5d01-4d5e-b62b-a264b61fc6ee": { "id": "6e5a4ebe-5d01-4d5e-b62b-a264b61fc6ee", "title": "CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "CPO Companion", "slug": "cpo-companion", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e5a4ebe-5d01-4d5e-b62b-a264b61fc6ee?source=api-scan" ], "published": "2023-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e5c6bf7-a653-4571-9566-574d2bb35c4f": { "id": "6e5c6bf7-a653-4571-9566-574d2bb35c4f", "title": "SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup", "software": [ { "type": "plugin", "name": "Security Optimizer \u2013 The All-In-One Protection Plugin", "slug": "sg-security", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=api-scan" ], "published": "2022-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e6cda1a-e137-4c30-a66b-c10a88070c50": { "id": "6e6cda1a-e137-4c30-a66b-c10a88070c50", "title": "NativeChurch <= 1.6.1 - Arbitrary File Download", "software": [ { "type": "theme", "name": "NativeChurch", "slug": "NativeChurch", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e6cda1a-e137-4c30-a66b-c10a88070c50?source=api-scan" ], "published": "2015-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e6f993b-ce09-4050-84a1-cbe9953f36b1": { "id": "6e6f993b-ce09-4050-84a1-cbe9953f36b1", "title": "WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 6.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e736e75-5ad4-4773-b1f7-358dc74848f0": { "id": "6e736e75-5ad4-4773-b1f7-358dc74848f0", "title": "Easy SVG Support <= 3.2.0 - Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Easy SVG Support", "slug": "easy-svg", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e736e75-5ad4-4773-b1f7-358dc74848f0?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e766de1-10fd-43de-b487-56895a4b8db0": { "id": "6e766de1-10fd-43de-b487-56895a4b8db0", "title": "RokNewsPager <= 1.17 - Missing Domain Restriction", "software": [ { "type": "plugin", "name": "RokNewsPager", "slug": "wp_roknewspager", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e766de1-10fd-43de-b487-56895a4b8db0?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e770e98-3c13-4e37-b51b-4c39bce2cb42": { "id": "6e770e98-3c13-4e37-b51b-4c39bce2cb42", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e770e98-3c13-4e37-b51b-4c39bce2cb42?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e77d240-475d-41a2-9b88-1332fc60b72d": { "id": "6e77d240-475d-41a2-9b88-1332fc60b72d", "title": "My Calendar <= 3.3.16 - Open Redirect", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.3.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e77d240-475d-41a2-9b88-1332fc60b72d?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e7c629f-e9c6-4254-ba37-46de5206d77d": { "id": "6e7c629f-e9c6-4254-ba37-46de5206d77d", "title": "Booking and Rental Manager <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration \u2013 WpRently | WordPress plugin", "slug": "booking-and-rental-manager-for-woocommerce", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e7c629f-e9c6-4254-ba37-46de5206d77d?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e7e6445-c1c5-48a8-a76d-819f2db1efc2": { "id": "6e7e6445-c1c5-48a8-a76d-819f2db1efc2", "title": "Enable Media Replace <= 4.1.2 - Authenticated(Author+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Enable Media Replace", "slug": "enable-media-replace", "affected_versions": { "[*, 4.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e7e6445-c1c5-48a8-a76d-819f2db1efc2?source=api-scan" ], "published": "2023-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e81cbe3-1310-4f6f-ae42-8d09b321657a": { "id": "6e81cbe3-1310-4f6f-ae42-8d09b321657a", "title": "Redirection <= 2.7.3 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirection", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e81cbe3-1310-4f6f-ae42-8d09b321657a?source=api-scan" ], "published": "2018-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e834db1-0859-4e58-a11c-96e8f201b097": { "id": "6e834db1-0859-4e58-a11c-96e8f201b097", "title": "Marketplace <= 2.4.0 - Path Traversal", "software": [ { "type": "plugin", "name": "WP Marketplace \u2013 Complete Shopping Cart \/ eCommerce Solution", "slug": "wpmarketplace", "affected_versions": { "[*, 2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e834db1-0859-4e58-a11c-96e8f201b097?source=api-scan" ], "published": "2015-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e8d038d-8e2d-442d-932d-0fd31a8c501c": { "id": "6e8d038d-8e2d-442d-932d-0fd31a8c501c", "title": "Download IP2Location Country Blocker <= 2.34.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "IP2Location Country Blocker", "slug": "ip2location-country-blocker", "affected_versions": { "* - 2.34.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.34.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.34.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e8d038d-8e2d-442d-932d-0fd31a8c501c?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e90fe49-4ead-4468-b3cc-30040e4f278f": { "id": "6e90fe49-4ead-4468-b3cc-30040e4f278f", "title": "UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 4.9.23": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e90fe49-4ead-4468-b3cc-30040e4f278f?source=api-scan" ], "published": "2018-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e953bc0-a934-43fc-8147-4555dde069cc": { "id": "6e953bc0-a934-43fc-8147-4555dde069cc", "title": "GA Universal < 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GA Universal", "slug": "ga-universal", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e953bc0-a934-43fc-8147-4555dde069cc?source=api-scan" ], "published": "2013-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e954190-7c58-4044-a85e-a188fe5b6d89": { "id": "6e954190-7c58-4044-a85e-a188fe5b6d89", "title": "Soledad <= 8.4.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e954190-7c58-4044-a85e-a188fe5b6d89?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e984ff1-9dcf-4cd3-b617-1f9e25ecae0c": { "id": "6e984ff1-9dcf-4cd3-b617-1f9e25ecae0c", "title": "WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WC Builder \u2013 WooCommerce Page Builder for WPBakery", "slug": "wc-builder", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e984ff1-9dcf-4cd3-b617-1f9e25ecae0c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6e98fb74-46f2-4a6a-8012-e2824bd77070": { "id": "6e98fb74-46f2-4a6a-8012-e2824bd77070", "title": "TH Variation Swatches <= 1.2.7 - Cross-Site Request Forgery via delete_settings", "software": [ { "type": "plugin", "name": "Variation Swatches for WooCommerce", "slug": "th-variation-swatches", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6e98fb74-46f2-4a6a-8012-e2824bd77070?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ea07ba1-9d0c-4c90-9eb2-d6f1a573dca2": { "id": "6ea07ba1-9d0c-4c90-9eb2-d6f1a573dca2", "title": "Ultimate Auction <= 4.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate WordPress Auction Plugin", "slug": "ultimate-auction", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ea07ba1-9d0c-4c90-9eb2-d6f1a573dca2?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ea36692-2bf3-490d-8293-7de6dcc5e5c9": { "id": "6ea36692-2bf3-490d-8293-7de6dcc5e5c9", "title": "PublishPress Capabilities <= 2.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PublishPress Capabilities \u2013 User Role Editor, Access Permissions, Admin Menus", "slug": "capability-manager-enhanced", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ea36692-2bf3-490d-8293-7de6dcc5e5c9?source=api-scan" ], "published": "2022-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ea9dda4-d667-46f3-893b-a1ae60b6ba75": { "id": "6ea9dda4-d667-46f3-893b-a1ae60b6ba75", "title": "WP Ultimate Email Marketer <= 1.2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Ultimate Email Marketer", "slug": "wp-ultimate-email-marketer", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ea9dda4-d667-46f3-893b-a1ae60b6ba75?source=api-scan" ], "published": "2013-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eab3497-bf77-43a8-962d-d63db7290777": { "id": "6eab3497-bf77-43a8-962d-d63db7290777", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Improper Access Control to Information Disclosure", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eab3497-bf77-43a8-962d-d63db7290777?source=api-scan" ], "published": "2014-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ead05d3-a5b1-474f-bc72-67570ff060da": { "id": "6ead05d3-a5b1-474f-bc72-67570ff060da", "title": "Responsive Lightbox <= 2.4.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Responsive Lightbox & Gallery", "slug": "responsive-lightbox", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ead05d3-a5b1-474f-bc72-67570ff060da?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eb099c3-f6f6-4d9c-a9c7-fa1b81ce082e": { "id": "6eb099c3-f6f6-4d9c-a9c7-fa1b81ce082e", "title": "Telegram Bot & Channel <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Telegram Bot & Channel", "slug": "telegram-bot", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eb099c3-f6f6-4d9c-a9c7-fa1b81ce082e?source=api-scan" ], "published": "2023-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eb0aa16-a269-4297-861f-6bad88066c68": { "id": "6eb0aa16-a269-4297-861f-6bad88066c68", "title": "Events Manager <= 6.4.6.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 6.4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eb0aa16-a269-4297-861f-6bad88066c68?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eb19d3a-b180-4141-8c9b-bec436eeea6b": { "id": "6eb19d3a-b180-4141-8c9b-bec436eeea6b", "title": "Ocean Extra <= 2.0.4 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eb19d3a-b180-4141-8c9b-bec436eeea6b?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eb23014-7bc6-4505-85d7-91d29bb2d8fb": { "id": "6eb23014-7bc6-4505-85d7-91d29bb2d8fb", "title": "WCFM - Frontend Manager for WooCommerce <= 6.5.11 - Customer\/Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible", "slug": "wc-frontend-manager", "affected_versions": { "* - 6.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eb23014-7bc6-4505-85d7-91d29bb2d8fb?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eb3ad80-3510-4018-91af-b733ef62e28f": { "id": "6eb3ad80-3510-4018-91af-b733ef62e28f", "title": "Favicon Generator <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Favicon Generator (CLOSED)", "slug": "favicon-generator", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eb3ad80-3510-4018-91af-b733ef62e28f?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eb99654-c0f4-4c75-9b9d-f3075db623fc": { "id": "6eb99654-c0f4-4c75-9b9d-f3075db623fc", "title": "Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eb99654-c0f4-4c75-9b9d-f3075db623fc?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eba6056-e087-4347-ad36-96501ceb4cdd": { "id": "6eba6056-e087-4347-ad36-96501ceb4cdd", "title": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eba6056-e087-4347-ad36-96501ceb4cdd?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ebb5654-ba3e-4f18-8720-a6595a771964": { "id": "6ebb5654-ba3e-4f18-8720-a6595a771964", "title": "Elementor Addon Elements <= 1.12.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "1.12.11": { "from_version": "1.12.11", "from_inclusive": true, "to_version": "1.12.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ebb5654-ba3e-4f18-8720-a6595a771964?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ebc1b85-4682-4467-b17c-9a35cc3f0f15": { "id": "6ebc1b85-4682-4467-b17c-9a35cc3f0f15", "title": "Shopping Cart & eCommerce Store <= 5.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ebc1b85-4682-4467-b17c-9a35cc3f0f15?source=api-scan" ], "published": "2022-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ec02202-18e3-4a57-be2c-7dbf50e500dc": { "id": "6ec02202-18e3-4a57-be2c-7dbf50e500dc", "title": "MainWP File Uploader Extension <= 4.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MainWP File Uploader Extension", "slug": "mainwp-file-uploader-extension", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ec02202-18e3-4a57-be2c-7dbf50e500dc?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33": { "id": "6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33", "title": "Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eccf601-ad95-4fb5-a3a6-e916df6a6b56": { "id": "6eccf601-ad95-4fb5-a3a6-e916df6a6b56", "title": "Slider by Supsystic <= 1.8.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Slider by Supsystic", "slug": "slider-by-supsystic", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eccf601-ad95-4fb5-a3a6-e916df6a6b56?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ecd0fa6-4fdb-4780-9560-0bb126800685": { "id": "6ecd0fa6-4fdb-4780-9560-0bb126800685", "title": "Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ecd0fa6-4fdb-4780-9560-0bb126800685?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ece7e74-ffd9-48f9-b66b-58708233b24b": { "id": "6ece7e74-ffd9-48f9-b66b-58708233b24b", "title": "Vitepos <= 3.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Vitepos \u2013 Point of sale (POS) plugin for WooCommerce", "slug": "vitepos-lite", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ece7e74-ffd9-48f9-b66b-58708233b24b?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ecf99ef-f879-426f-8a05-129be77f1157": { "id": "6ecf99ef-f879-426f-8a05-129be77f1157", "title": "Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Mihdan: Yandex Turbo Feed", "slug": "mihdan-yandex-turbo-feed", "affected_versions": { "* - 1.6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ecf99ef-f879-426f-8a05-129be77f1157?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ed8f004-f68d-40fb-bca1-b0b92cf24fdb": { "id": "6ed8f004-f68d-40fb-bca1-b0b92cf24fdb", "title": "ChatBot <= 4.3.0 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ed8f004-f68d-40fb-bca1-b0b92cf24fdb?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ed9a567-fde4-4b6f-81c1-423c5cbba0a9": { "id": "6ed9a567-fde4-4b6f-81c1-423c5cbba0a9", "title": "WordPress Core 5.8 beta - Block Editor Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "5.8 beta 1": { "from_version": "5.8 beta 1", "from_inclusive": true, "to_version": "5.8 beta 1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ed9a567-fde4-4b6f-81c1-423c5cbba0a9?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6edb6604-9da8-421e-933b-bac02b179bd0": { "id": "6edb6604-9da8-421e-933b-bac02b179bd0", "title": "MDTF \u2013 Meta Data and Taxonomies Filter <= 1.3.0.1 - Relected Cross-Site Scripting via 'tax_name'", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6edb6604-9da8-421e-933b-bac02b179bd0?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ee04e4d-4385-4854-9bfe-1b957ca13963": { "id": "6ee04e4d-4385-4854-9bfe-1b957ca13963", "title": "WooCommerce Stripe Payment Gateway <= 7.6.1 - Insecure Direct Object Reference via update_payment_intent_ajax", "software": [ { "type": "plugin", "name": "WooCommerce Stripe Payment Gateway", "slug": "woocommerce-gateway-stripe", "affected_versions": { "* - 7.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ee04e4d-4385-4854-9bfe-1b957ca13963?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ee577bb-7a7c-451a-a658-d3520a7475f5": { "id": "6ee577bb-7a7c-451a-a658-d3520a7475f5", "title": "Timetable and Event Schedule <= 2.4.13 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Timetable and Event Schedule by MotoPress", "slug": "mp-timetable", "affected_versions": { "* - 2.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ee577bb-7a7c-451a-a658-d3520a7475f5?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ee6dedb-72bc-43b0-a7cb-9069533df705": { "id": "6ee6dedb-72bc-43b0-a7cb-9069533df705", "title": "User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection", "software": [ { "type": "plugin", "name": "User Blocker", "slug": "user-blocker", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ee6dedb-72bc-43b0-a7cb-9069533df705?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eeb6df1-9857-47a2-ad7d-f1eb082e9448": { "id": "6eeb6df1-9857-47a2-ad7d-f1eb082e9448", "title": "ULTIMATE TABLES <= 1.6.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ULTIMATE TABLES", "slug": "ultimate-tables", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eeb6df1-9857-47a2-ad7d-f1eb082e9448?source=api-scan" ], "published": "2022-11-17 14:44:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eebeb72-7a4b-46d0-a585-4e44c03d187a": { "id": "6eebeb72-7a4b-46d0-a585-4e44c03d187a", "title": "Solid Security <= 9.3.1 - IP Address Spoofing to Denial of Service", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 9.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eebeb72-7a4b-46d0-a585-4e44c03d187a?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eed2941-d9fe-4020-b1ab-fb0885f47d80": { "id": "6eed2941-d9fe-4020-b1ab-fb0885f47d80", "title": "Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Correos Oficial", "slug": "correos-oficial", "affected_versions": { "* - 1.3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eed2941-d9fe-4020-b1ab-fb0885f47d80?source=api-scan" ], "published": "2023-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eed4626-1fa5-49b1-864e-c37e4cf58ad8": { "id": "6eed4626-1fa5-49b1-864e-c37e4cf58ad8", "title": "WP Media folder <= 5.7.2 - Missing Authorization to Authenticated(Subscriber+) Title Modification", "software": [ { "type": "plugin", "name": "WP Media folder", "slug": "wp-media-folder", "affected_versions": { "* - 5.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eed4626-1fa5-49b1-864e-c37e4cf58ad8?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eedf009-116c-4a98-8b84-e01bd35e7e60": { "id": "6eedf009-116c-4a98-8b84-e01bd35e7e60", "title": "Ultimate Member <= 2.0.53 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.53": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eedf009-116c-4a98-8b84-e01bd35e7e60?source=api-scan" ], "published": "2019-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6eef5549-3f89-4d6f-8c4e-6e4ee6082042": { "id": "6eef5549-3f89-4d6f-8c4e-6e4ee6082042", "title": "WP 404 Auto Redirect to Similar Post <= 1.0.3 - Reflected Cross-Site Scripting via request", "software": [ { "type": "plugin", "name": "WP 404 Auto Redirect to Similar Post", "slug": "wp-404-auto-redirect-to-similar-post", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ef18e0e-8fad-464b-943b-54fbbe169ce9": { "id": "6ef18e0e-8fad-464b-943b-54fbbe169ce9", "title": "uDesign Theme 2.3.0 - 2.7.9 - Unauthenticated DOM Cross-Site Scripting", "software": [ { "type": "theme", "name": "uDesign - Responsive WordPress Theme", "slug": "u-design", "affected_versions": { "2.3.0 - 2.7.9": { "from_version": "2.3.0", "from_inclusive": true, "to_version": "2.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ef18e0e-8fad-464b-943b-54fbbe169ce9?source=api-scan" ], "published": "2015-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ef48df5-dc3f-45d2-87af-35a3a0ed8c2d": { "id": "6ef48df5-dc3f-45d2-87af-35a3a0ed8c2d", "title": "404s <= 3.4.9 - Administrator+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "404s", "slug": "404s", "affected_versions": { "* - 3.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ef48df5-dc3f-45d2-87af-35a3a0ed8c2d?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ef70f07-ef60-4842-91a9-879478d3f4d2": { "id": "6ef70f07-ef60-4842-91a9-879478d3f4d2", "title": "Kunze Law < 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kunze Law", "slug": "kunze-law", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ef70f07-ef60-4842-91a9-879478d3f4d2?source=api-scan" ], "published": "2022-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ef8bf27-3b20-4d90-8d29-b9713d2c41d6": { "id": "6ef8bf27-3b20-4d90-8d29-b9713d2c41d6", "title": "Contact Form Maker <= 1.7.30 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form by WD \u2013 responsive drag & drop contact form builder tool", "slug": "contact-form-maker", "affected_versions": { "[*, 1.7.31)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.31", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ef8bf27-3b20-4d90-8d29-b9713d2c41d6?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ef9a757-625b-417a-b0ec-f13e2ff4f0f4": { "id": "6ef9a757-625b-417a-b0ec-f13e2ff4f0f4", "title": "WP Visitor Statistics (Real Time Traffic) <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Visitor Statistics (Real Time Traffic)", "slug": "wp-stats-manager", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ef9a757-625b-417a-b0ec-f13e2ff4f0f4?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6efadbe7-ee9b-44cb-b7c6-4c38a872abf2": { "id": "6efadbe7-ee9b-44cb-b7c6-4c38a872abf2", "title": "User Spam Remover <= 1.0 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "User Spam Remover", "slug": "user-spam-remover", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6efadbe7-ee9b-44cb-b7c6-4c38a872abf2?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f00bbab-ef84-42cf-baa7-23c434416981": { "id": "6f00bbab-ef84-42cf-baa7-23c434416981", "title": "Geo Controller <= 8.6.4 - Unauthenticated PHP Object Injection via shortcode REST API Route", "software": [ { "type": "plugin", "name": "Geo Controller", "slug": "cf-geoplugin", "affected_versions": { "* - 8.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f00bbab-ef84-42cf-baa7-23c434416981?source=api-scan" ], "published": "2024-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f00dfd7-3194-4459-b895-f16d3aa8d66f": { "id": "6f00dfd7-3194-4459-b895-f16d3aa8d66f", "title": "Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Slider Factory \u2013 Responsive Photo Slider, Image Slider, Video Slider, Carousel Slideshow", "slug": "slider-factory", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f00dfd7-3194-4459-b895-f16d3aa8d66f?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f01ecab-2dfe-45d2-9d9a-ba1e30c7d75f": { "id": "6f01ecab-2dfe-45d2-9d9a-ba1e30c7d75f", "title": "Molongui <= 4.7.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui", "slug": "molongui-authorship", "affected_versions": { "* - 4.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f01ecab-2dfe-45d2-9d9a-ba1e30c7d75f?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f05b58a-3cab-4069-ae9e-fec82bb5cd47": { "id": "6f05b58a-3cab-4069-ae9e-fec82bb5cd47", "title": "Naver Map <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Naver Map", "slug": "naver-map", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f05b58a-3cab-4069-ae9e-fec82bb5cd47?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f0a332f-b761-44b3-86e8-82411455ba3e": { "id": "6f0a332f-b761-44b3-86e8-82411455ba3e", "title": "Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "* - 12.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "12.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f0a332f-b761-44b3-86e8-82411455ba3e?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f14f19d-95b3-474b-a2ea-d846c85644cd": { "id": "6f14f19d-95b3-474b-a2ea-d846c85644cd", "title": "Maintenance Switch <= 1.5.2 - Cross-Site Request Forgery via 'admin_action_request'", "software": [ { "type": "plugin", "name": "Maintenance Switch", "slug": "maintenance-switch", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f14f19d-95b3-474b-a2ea-d846c85644cd?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f17d54b-4890-455b-832f-9fa2376ab819": { "id": "6f17d54b-4890-455b-832f-9fa2376ab819", "title": "Hercules Core <= 6.5 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Hercules Core", "slug": "hercules-core", "affected_versions": { "* - 6.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f17d54b-4890-455b-832f-9fa2376ab819?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f1856bc-6d57-416e-86e9-9114bbbe5c8d": { "id": "6f1856bc-6d57-416e-86e9-9114bbbe5c8d", "title": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.5.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", "slug": "leaflet-maps-marker", "affected_versions": { "[*, 3.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f1856bc-6d57-416e-86e9-9114bbbe5c8d?source=api-scan" ], "published": "2013-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f1e3586-99f7-4cac-bbb2-1a6406c4f8a4": { "id": "6f1e3586-99f7-4cac-bbb2-1a6406c4f8a4", "title": "Performance Lab <= 2.2.0 - Cross-Site Request Forgery via dismiss-wp-pointer", "software": [ { "type": "plugin", "name": "Performance Lab", "slug": "performance-lab", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f1e3586-99f7-4cac-bbb2-1a6406c4f8a4?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f21955b-1fd2-4d92-acfd-07fc1ff194fa": { "id": "6f21955b-1fd2-4d92-acfd-07fc1ff194fa", "title": "WP EasyCart <= 5.5.19 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.5.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f21955b-1fd2-4d92-acfd-07fc1ff194fa?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f26b04f-2a25-40a6-9b2c-27d9970acb8f": { "id": "6f26b04f-2a25-40a6-9b2c-27d9970acb8f", "title": "HT Mega <= 2.3.3 - Cross-Site Request Forgery via Several Functions", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f26b04f-2a25-40a6-9b2c-27d9970acb8f?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f2b4ac7-f888-408b-a77a-bd73ac8e967d": { "id": "6f2b4ac7-f888-408b-a77a-bd73ac8e967d", "title": "Drop Shadow Boxes <= 1.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Drop Shadow Boxes", "slug": "drop-shadow-boxes", "affected_versions": { "* - 1.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f2b4ac7-f888-408b-a77a-bd73ac8e967d?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f34b94f-ea72-4a42-abea-2f2eb565ffdd": { "id": "6f34b94f-ea72-4a42-abea-2f2eb565ffdd", "title": "Forminator \u2013 Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.26.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.27.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f34b94f-ea72-4a42-abea-2f2eb565ffdd?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f36d866-aa94-478b-8b62-0906bc95e413": { "id": "6f36d866-aa94-478b-8b62-0906bc95e413", "title": "Booking Calendar <= 6.2 - Cross-Site Request Forgery leading to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "[*, 6.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f36d866-aa94-478b-8b62-0906bc95e413?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f3e4e53-3a4a-4b9d-845c-927a59e03488": { "id": "6f3e4e53-3a4a-4b9d-845c-927a59e03488", "title": "HashBar \u2013 WordPress Notification Bar <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HashBar \u2013 WordPress Notification Bar", "slug": "hashbar-wp-notification-bar", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f3e4e53-3a4a-4b9d-845c-927a59e03488?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f4424be-d63d-431d-a237-2bff6c4a647a": { "id": "6f4424be-d63d-431d-a237-2bff6c4a647a", "title": "Restaurant and Cafe <= 1.2.1 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Restaurant and Cafe", "slug": "restaurant-and-cafe", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f4424be-d63d-431d-a237-2bff6c4a647a?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f526959-be34-48d1-8aa1-e36f7708bd20": { "id": "6f526959-be34-48d1-8aa1-e36f7708bd20", "title": "Podlove Podcast Publisher < 2.3.16 - SQL Injection", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "[*, 2.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f526959-be34-48d1-8aa1-e36f7708bd20?source=api-scan" ], "published": "2016-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f54fb59-03c1-45e9-a498-1fa1409c4466": { "id": "6f54fb59-03c1-45e9-a498-1fa1409c4466", "title": "Pretty Url <= 1.5.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pretty Url", "slug": "pretty-url", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f54fb59-03c1-45e9-a498-1fa1409c4466?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f561cce-1c0c-40f5-abba-ada8bc503aa8": { "id": "6f561cce-1c0c-40f5-abba-ada8bc503aa8", "title": "WP Statistics <= 13.0.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "[*, 13.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "13.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "13.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f561cce-1c0c-40f5-abba-ada8bc503aa8?source=api-scan" ], "published": "2021-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f589b5d-9cdb-4521-bc60-c8f19d0ef982": { "id": "6f589b5d-9cdb-4521-bc60-c8f19d0ef982", "title": "Animated Headline <= 4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Animated Headline", "slug": "animated-headline", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f589b5d-9cdb-4521-bc60-c8f19d0ef982?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f6883e4-3de6-4ca9-a26c-0b4f3bd5b70f": { "id": "6f6883e4-3de6-4ca9-a26c-0b4f3bd5b70f", "title": "RegistrationMagic - Custom Registration Forms <= 3.7.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 3.7.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f6883e4-3de6-4ca9-a26c-0b4f3bd5b70f?source=api-scan" ], "published": "2017-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f6aa094-6bac-463f-b46d-c65f591abbb3": { "id": "6f6aa094-6bac-463f-b46d-c65f591abbb3", "title": "WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f6aa094-6bac-463f-b46d-c65f591abbb3?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f6ea94a-c8c7-4ff9-9fdd-a40acd6ec4f9": { "id": "6f6ea94a-c8c7-4ff9-9fdd-a40acd6ec4f9", "title": "Newspaper - News & WooCommerce WordPress Theme < 6.7.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "[*, 6.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f6ea94a-c8c7-4ff9-9fdd-a40acd6ec4f9?source=api-scan" ], "published": "2016-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f6ece0e-7c7c-4c9b-b860-3b279e98c087": { "id": "6f6ece0e-7c7c-4c9b-b860-3b279e98c087", "title": "Recipe Card Blocks by WPZOOM <= 2.8.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recipe Card Blocks for Gutenberg & Elementor \u2013 Best WordPress Recipe Plugin", "slug": "recipe-card-blocks-by-wpzoom", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f6ece0e-7c7c-4c9b-b860-3b279e98c087?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f6f8412-f1b1-4566-ad31-f006c19de948": { "id": "6f6f8412-f1b1-4566-ad31-f006c19de948", "title": "Cyklodev WP Notify <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cyklodev WP Notify", "slug": "cyklodev-wp-notify", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f6f8412-f1b1-4566-ad31-f006c19de948?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f721aa1-d12f-4829-8e82-61f9af6a3519": { "id": "6f721aa1-d12f-4829-8e82-61f9af6a3519", "title": "Simple Membership <= 3.3.2 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f721aa1-d12f-4829-8e82-61f9af6a3519?source=api-scan" ], "published": "2016-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f7386bf-3968-46b8-9c47-5fbc41801e04": { "id": "6f7386bf-3968-46b8-9c47-5fbc41801e04", "title": "Community by PeepSo <= 6.3.1.1 - Cross-Site Request Forgery to User Post Creation", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f7386bf-3968-46b8-9c47-5fbc41801e04?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f73b12b-813d-49fa-84a0-3345023a16c6": { "id": "6f73b12b-813d-49fa-84a0-3345023a16c6", "title": "RSVP and Event Management <= 2.7.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSVP and Event Management", "slug": "rsvp", "affected_versions": { "[*, 2.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f73b12b-813d-49fa-84a0-3345023a16c6?source=api-scan" ], "published": "2022-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f781533-b633-4452-95bd-c32ed0de2ea9": { "id": "6f781533-b633-4452-95bd-c32ed0de2ea9", "title": "Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Simple Membership WP user Import", "slug": "simple-membership-wp-user-import", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f781533-b633-4452-95bd-c32ed0de2ea9?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f782dd7-df49-4c3b-b6d9-de618ab32b87": { "id": "6f782dd7-df49-4c3b-b6d9-de618ab32b87", "title": "Gettext override translations <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gettext override translations", "slug": "gettext-override-translations", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f782dd7-df49-4c3b-b6d9-de618ab32b87?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f789ff9-5d86-4911-8b2f-2a425393c61d": { "id": "6f789ff9-5d86-4911-8b2f-2a425393c61d", "title": "FunnelKit Checkout <= 3.10.3 - Authenticated(Subscriber+) Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "FunnelKit Checkout", "slug": "woofunnels-aero-checkout", "affected_versions": { "* - 3.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f789ff9-5d86-4911-8b2f-2a425393c61d?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f7c164f-2f78-4857-94b9-077c2dea13df": { "id": "6f7c164f-2f78-4857-94b9-077c2dea13df", "title": "SiteOrigin Widgets Bundle <= 1.58.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SiteOrigin Widgets Bundle", "slug": "so-widgets-bundle", "affected_versions": { "* - 1.58.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.58.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.58.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f7c164f-2f78-4857-94b9-077c2dea13df?source=api-scan" ], "published": "2024-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f7e0aa7-8834-4ff1-9ced-5d740936c721": { "id": "6f7e0aa7-8834-4ff1-9ced-5d740936c721", "title": "Advanced Access Manager <= 6.7.9 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "[*, 6.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f7e0aa7-8834-4ff1-9ced-5d740936c721?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f7e632f-eada-4a3f-9e92-ba00c6aa503e": { "id": "6f7e632f-eada-4a3f-9e92-ba00c6aa503e", "title": "WP Word Count <= 3.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Word Count", "slug": "wp-word-count", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f7e632f-eada-4a3f-9e92-ba00c6aa503e?source=api-scan" ], "published": "2022-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f837d6b-d1fa-4019-892a-dca3c0f29ca7": { "id": "6f837d6b-d1fa-4019-892a-dca3c0f29ca7", "title": "Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export", "software": [ { "type": "plugin", "name": "Order Tip for WooCommerce", "slug": "order-tip-woo", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f837d6b-d1fa-4019-892a-dca3c0f29ca7?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f8514c9-0e11-4e26-ba0b-1d08a990b56c": { "id": "6f8514c9-0e11-4e26-ba0b-1d08a990b56c", "title": "CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CHP Ads Block Detector", "slug": "chp-ads-block-detector", "affected_versions": { "* - 3.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f8514c9-0e11-4e26-ba0b-1d08a990b56c?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f8814b0-6818-47c2-9f2a-8fe12485bd33": { "id": "6f8814b0-6818-47c2-9f2a-8fe12485bd33", "title": "Elementor Addon Elements <= 1.13.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f8814b0-6818-47c2-9f2a-8fe12485bd33?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f8945e9-51db-46aa-b198-3762b6628553": { "id": "6f8945e9-51db-46aa-b198-3762b6628553", "title": "WP-Print <= 2.51 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-Print", "slug": "wp-print", "affected_versions": { "[*, 2.52)": { "from_version": "*", "from_inclusive": true, "to_version": "2.52", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f8945e9-51db-46aa-b198-3762b6628553?source=api-scan" ], "published": "2013-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f89c43c-6729-40c5-bd32-3c328f83e366": { "id": "6f89c43c-6729-40c5-bd32-3c328f83e366", "title": "RSVPMaker <= 6.1.9 - SQL Injection", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 6.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f89c43c-6729-40c5-bd32-3c328f83e366?source=api-scan" ], "published": "2019-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f8a2bb9-5310-4a1f-b21c-253e3d0cb74d": { "id": "6f8a2bb9-5310-4a1f-b21c-253e3d0cb74d", "title": "WP Favorite Posts <= 1.6.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Favorite Posts", "slug": "wp-favorite-posts", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f8a2bb9-5310-4a1f-b21c-253e3d0cb74d?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f8b75a1-f0f2-445b-a1c7-1628916470d3": { "id": "6f8b75a1-f0f2-445b-a1c7-1628916470d3", "title": "Winters <= 1.4.3 - Prototype Pollution to Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Winters - WordPress Blog Theme", "slug": "winters", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f8b75a1-f0f2-445b-a1c7-1628916470d3?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f90c0d8-ede6-4f24-870f-19e888238e93": { "id": "6f90c0d8-ede6-4f24-870f-19e888238e93", "title": "Display post meta, term meta, comment meta, and user meta <= 0.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Display post meta, term meta, comment meta, and user meta", "slug": "display-metadata", "affected_versions": { "* - 0.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f90c0d8-ede6-4f24-870f-19e888238e93?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f917973-e207-4ba3-b61b-e562e884fe0f": { "id": "6f917973-e207-4ba3-b61b-e562e884fe0f", "title": "Booked <= 2.4 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Booked - Appointment Booking for WordPress", "slug": "booked", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f917973-e207-4ba3-b61b-e562e884fe0f?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f946251-c7be-4ef6-885f-8b378c0c234c": { "id": "6f946251-c7be-4ef6-885f-8b378c0c234c", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f946251-c7be-4ef6-885f-8b378c0c234c?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f947843-7a6f-48b0-b3cd-2f3dd1708898": { "id": "6f947843-7a6f-48b0-b3cd-2f3dd1708898", "title": "Coming Soon < 1.1.19 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "[*, 1.1.19)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f947843-7a6f-48b0-b3cd-2f3dd1708898?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f95c786-900b-4069-8509-fab623f5f988": { "id": "6f95c786-900b-4069-8509-fab623f5f988", "title": "Popup Maker <= 1.16.4 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f95c786-900b-4069-8509-fab623f5f988?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f998b76-9fa8-47c4-a95b-bdb5db5893e4": { "id": "6f998b76-9fa8-47c4-a95b-bdb5db5893e4", "title": "WordPress Core <= 2.0.3 - Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f998b76-9fa8-47c4-a95b-bdb5db5893e4?source=api-scan" ], "published": "2006-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6f9a6fc2-0375-480e-8c42-c6b97613bf68": { "id": "6f9a6fc2-0375-480e-8c42-c6b97613bf68", "title": "W3 Total Cache <= 0.9.2.8 - Remote Code Execution", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6f9a6fc2-0375-480e-8c42-c6b97613bf68?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fa1299e-308e-47ea-843c-c76b8a412ce9": { "id": "6fa1299e-308e-47ea-843c-c76b8a412ce9", "title": "wpDiscuz <= 7.6.10 - Unauthenticated Content Injection", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fa1299e-308e-47ea-843c-c76b8a412ce9?source=api-scan" ], "published": "2023-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fa560b2-6283-42ab-a482-1e02d08181f8": { "id": "6fa560b2-6283-42ab-a482-1e02d08181f8", "title": "Paytm Payment Gateway <= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post'", "software": [ { "type": "plugin", "name": "Paytm Payment Gateway", "slug": "paytm-payments", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fa560b2-6283-42ab-a482-1e02d08181f8?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fa70ddc-9a5c-4001-967a-5aad789c862c": { "id": "6fa70ddc-9a5c-4001-967a-5aad789c862c", "title": "WP Links Page <= 4.9.4 - Cross-Site Request Forgery via wplf_ajax_update_screenshots", "software": [ { "type": "plugin", "name": "WP Links Page", "slug": "wp-links-page", "affected_versions": { "* - 4.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fa70ddc-9a5c-4001-967a-5aad789c862c?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6faf7e36-52d7-4578-bb71-2b64a761692b": { "id": "6faf7e36-52d7-4578-bb71-2b64a761692b", "title": "Geo Controller <= 8.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Geo Controller", "slug": "cf-geoplugin", "affected_versions": { "* - 8.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6faf7e36-52d7-4578-bb71-2b64a761692b?source=api-scan" ], "published": "2023-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fb01045-d38f-469f-8aaf-ff8882132acc": { "id": "6fb01045-d38f-469f-8aaf-ff8882132acc", "title": "iThemes Sync <= 2.0.17 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Solid Central \u2013 Site Management, Backups, Security, and Reporting", "slug": "ithemes-sync", "affected_versions": { "[*, 2.0.18)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fb01045-d38f-469f-8aaf-ff8882132acc?source=api-scan" ], "published": "2019-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fb2d9ec-1082-4209-9fc9-6f10ba3a2398": { "id": "6fb2d9ec-1082-4209-9fc9-6f10ba3a2398", "title": "User Login History <= 1.7.0 - SQL Injection via OrderBy", "software": [ { "type": "plugin", "name": "User Login History", "slug": "user-login-history", "affected_versions": { "1.7.0": { "from_version": "1.7.0", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fb2d9ec-1082-4209-9fc9-6f10ba3a2398?source=api-scan" ], "published": "2019-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fb79409-441a-4991-bc0d-c0f46eb72bb9": { "id": "6fb79409-441a-4991-bc0d-c0f46eb72bb9", "title": "Swift Performance Lite <= 2.3.6.20 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Swift Performance Lite", "slug": "swift-performance-lite", "affected_versions": { "* - 2.3.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fb79409-441a-4991-bc0d-c0f46eb72bb9?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fb9c8c3-e491-4bca-adeb-b87d9f8f3b32": { "id": "6fb9c8c3-e491-4bca-adeb-b87d9f8f3b32", "title": "Legal Pages <= 1.3.8 - Cross-Site Request Forgery via moveToTrash and fetch_and_insert_template_data", "software": [ { "type": "plugin", "name": "Legal Pages \u2013 Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator", "slug": "legal-pages", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fb9c8c3-e491-4bca-adeb-b87d9f8f3b32?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fbcab49-5765-497b-a98e-d87c5b468b11": { "id": "6fbcab49-5765-497b-a98e-d87c5b468b11", "title": "Responsive Contact Form Builder & Lead Generation Plugin < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Contact Form Builder & Lead Generation Plugin", "slug": "lead-form-builder", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fbcab49-5765-497b-a98e-d87c5b468b11?source=api-scan" ], "published": "2022-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fbd5ac8-11c0-4628-9a7b-620b17cc8ba6": { "id": "6fbd5ac8-11c0-4628-9a7b-620b17cc8ba6", "title": "OOPSpam Anti-Spam <= 1.1.35 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OOPSpam Anti-Spam", "slug": "oopspam-anti-spam", "affected_versions": { "* - 1.1.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fbd5ac8-11c0-4628-9a7b-620b17cc8ba6?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fbde737-0730-49a4-a84e-a9c5e0e32af5": { "id": "6fbde737-0730-49a4-a84e-a9c5e0e32af5", "title": "WP VR <= 8.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fbde737-0730-49a4-a84e-a9c5e0e32af5?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fbf8a8f-56f7-42ae-bf96-30a2df6da378": { "id": "6fbf8a8f-56f7-42ae-bf96-30a2df6da378", "title": "Microblog Poster < 1.6.2 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "Microblog Poster \u2013 Auto Publish on Social Media", "slug": "microblog-poster", "affected_versions": { "[*, 1.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fbf8a8f-56f7-42ae-bf96-30a2df6da378?source=api-scan" ], "published": "2015-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fc15a59-e555-450b-836e-5c3d52451b12": { "id": "6fc15a59-e555-450b-836e-5c3d52451b12", "title": "Simple Spoiler <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Spoiler", "slug": "simple-spoiler", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fc15a59-e555-450b-836e-5c3d52451b12?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fc2b2a5-00b0-424e-8678-c6b5cd76baec": { "id": "6fc2b2a5-00b0-424e-8678-c6b5cd76baec", "title": "Beds24 Online Booking <= 2.0.24 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beds24 Online Booking", "slug": "beds24-online-booking", "affected_versions": { "* - 2.0.24": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fc2b2a5-00b0-424e-8678-c6b5cd76baec?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fc92b8f-6794-461a-b6b6-598de21f5e2d": { "id": "6fc92b8f-6794-461a-b6b6-598de21f5e2d", "title": "WoodMart <= 7.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Woodmart", "slug": "woodmart", "affected_versions": { "* - 7.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fc92b8f-6794-461a-b6b6-598de21f5e2d?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fcc3a82-f116-446e-9e5f-4f074e20403b": { "id": "6fcc3a82-f116-446e-9e5f-4f074e20403b", "title": "EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.8 (Free) - Cross-Site Request Forgery via save_virtual_event_settings", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fcc3a82-f116-446e-9e5f-4f074e20403b?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fd46539-a55e-45ab-93b2-6a1703a91271": { "id": "6fd46539-a55e-45ab-93b2-6a1703a91271", "title": "Drag and Drop Multiple File Upload \u2013 Contact Form 7 <= 1.3.6.4 - File Upload Size Limit Bypass", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload \u2013 Contact Form 7", "slug": "drag-and-drop-multiple-file-upload-contact-form-7", "affected_versions": { "* - 1.3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fd46539-a55e-45ab-93b2-6a1703a91271?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fd4fa08-e326-47ab-96b1-be7b702a32ff": { "id": "6fd4fa08-e326-47ab-96b1-be7b702a32ff", "title": "Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Code Snippets Extended", "slug": "code-snippets-extended", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fd4fa08-e326-47ab-96b1-be7b702a32ff?source=api-scan" ], "published": "2022-05-17 14:52:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fd6cb72-c508-46b1-99fb-cbd6b12b45de": { "id": "6fd6cb72-c508-46b1-99fb-cbd6b12b45de", "title": "Stop User Enumeration <= 1.3.8 - Unauthenticated Username Enumeration", "software": [ { "type": "plugin", "name": "Stop User Enumeration", "slug": "stop-user-enumeration", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fd6cb72-c508-46b1-99fb-cbd6b12b45de?source=api-scan" ], "published": "2017-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fd87d34-2e7f-4c75-8816-b39820309077": { "id": "6fd87d34-2e7f-4c75-8816-b39820309077", "title": "Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fd87d34-2e7f-4c75-8816-b39820309077?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fd9cfbe-2bf4-4218-a29d-c4b70ed132af": { "id": "6fd9cfbe-2bf4-4218-a29d-c4b70ed132af", "title": "Zoho SalesIQ <= 1.0.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zoho SalesIQ \u2013 Live chat, chatbots, and visitor tracking", "slug": "zoho-salesiq", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fd9cfbe-2bf4-4218-a29d-c4b70ed132af?source=api-scan" ], "published": "2019-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fde9239-edac-4f85-be12-80825595a332": { "id": "6fde9239-edac-4f85-be12-80825595a332", "title": "RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - SQL Injection", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 3.8.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fde9239-edac-4f85-be12-80825595a332?source=api-scan" ], "published": "2017-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fe8b2c8-3bb1-463a-a64c-15d7bcc29985": { "id": "6fe8b2c8-3bb1-463a-a64c-15d7bcc29985", "title": "Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints", "software": [ { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "* - 1.1.99": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.99", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fe8b2c8-3bb1-463a-a64c-15d7bcc29985?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6feae1c4-3735-4a33-85a5-867d458d2e8a": { "id": "6feae1c4-3735-4a33-85a5-867d458d2e8a", "title": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP", "slug": "yotuwp-easy-youtube-embed", "affected_versions": { "* - 1.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6feae1c4-3735-4a33-85a5-867d458d2e8a?source=api-scan" ], "published": "2024-06-14 20:13:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6fed4181-400b-4414-aa50-1e7bc92d542f": { "id": "6fed4181-400b-4414-aa50-1e7bc92d542f", "title": "HUSKY \u2013 Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 - Authenticated (Subscriber+) Remote Code Execution", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6fed4181-400b-4414-aa50-1e7bc92d542f?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ff184e6-c36b-4bbb-8dc2-f87d1d800d53": { "id": "6ff184e6-c36b-4bbb-8dc2-f87d1d800d53", "title": "Coming Soon \u2013 Under Construction <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coming Soon \u2013 Under Construction", "slug": "coming-soons", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ff184e6-c36b-4bbb-8dc2-f87d1d800d53?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ff53647-572f-419f-ad39-965658a10263": { "id": "6ff53647-572f-419f-ad39-965658a10263", "title": "Church Admin <= 3.7.56 - Server-Side Request Forgery via church_admin_import_csv", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 3.7.56": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ff53647-572f-419f-ad39-965658a10263?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e": { "id": "6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e", "title": "Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ffb078c-2a92-4682-aaa9-c519e28e7e18": { "id": "6ffb078c-2a92-4682-aaa9-c519e28e7e18", "title": "Zippy <= 1.6.2 - Missing Authorization via adminInit", "software": [ { "type": "plugin", "name": "Zippy", "slug": "zippy", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ffb078c-2a92-4682-aaa9-c519e28e7e18?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "6ffb494a-e9b3-46f5-825a-35ad88d5d6fa": { "id": "6ffb494a-e9b3-46f5-825a-35ad88d5d6fa", "title": "Eleblog \u2013 Elementor Blog And Magazine Addons <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Eleblog \u2013 Elementor Blog And Magazine Addons", "slug": "ele-blog", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ffb494a-e9b3-46f5-825a-35ad88d5d6fa?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7006aa50-8fcf-46ad-921b-b47cbdb7d9e3": { "id": "7006aa50-8fcf-46ad-921b-b47cbdb7d9e3", "title": "WP Page Post Widget Clone <= 1.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Page Post Widget Clone", "slug": "wp-page-post-widget-clone", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7006aa50-8fcf-46ad-921b-b47cbdb7d9e3?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7008a8a9-dd6f-413b-b530-755528391bca": { "id": "7008a8a9-dd6f-413b-b530-755528391bca", "title": "Pootle Pagebuilder \u2013 WordPress Page builder <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pootle Pagebuilder \u2013 WordPress Page builder", "slug": "pootle-page-builder", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7008a8a9-dd6f-413b-b530-755528391bca?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70110d50-853d-4972-a5a0-b5c566ba7de6": { "id": "70110d50-853d-4972-a5a0-b5c566ba7de6", "title": "Advanced Custom Fields <= 5.8.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "[*, 5.8.12)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70110d50-853d-4972-a5a0-b5c566ba7de6?source=api-scan" ], "published": "2020-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7012b34d-8d65-4575-9965-417739206b5f": { "id": "7012b34d-8d65-4575-9965-417739206b5f", "title": "Protect WP Admin <= 3.8 - Unauthenticated Information Disclosure to Protection Bypass", "software": [ { "type": "plugin", "name": "Protect WP Admin", "slug": "protect-wp-admin", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7012b34d-8d65-4575-9965-417739206b5f?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "701910b7-6da3-40db-a48b-46a93398953a": { "id": "701910b7-6da3-40db-a48b-46a93398953a", "title": "Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/701910b7-6da3-40db-a48b-46a93398953a?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7019b542-9b9a-4d16-94a0-412cccf1e6eb": { "id": "7019b542-9b9a-4d16-94a0-412cccf1e6eb", "title": "XStore Core <= 5.3.8 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "XStore Core", "slug": "et-core-plugin", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7019b542-9b9a-4d16-94a0-412cccf1e6eb?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "701a037d-bbd5-436d-bfc8-394c9dcf6bab": { "id": "701a037d-bbd5-436d-bfc8-394c9dcf6bab", "title": "Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "Bricksforge", "slug": "bricksforge", "affected_versions": { "* - 2.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/701a037d-bbd5-436d-bfc8-394c9dcf6bab?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "701bcf98-fcb4-4722-9bf1-b94efe3bb1fd": { "id": "701bcf98-fcb4-4722-9bf1-b94efe3bb1fd", "title": "WordPress Menu Plugin \u2014 Superfly Responsive Menu <= 5.0.25 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Menu Plugin \u2014 Superfly Responsive Menu", "slug": "superfly-menu", "affected_versions": { "* - 5.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.25", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/701bcf98-fcb4-4722-9bf1-b94efe3bb1fd?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "701bf711-d692-4eb1-8459-befa62264b97": { "id": "701bf711-d692-4eb1-8459-befa62264b97", "title": "Fontiran <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fontiran", "slug": "fontiran", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/701bf711-d692-4eb1-8459-befa62264b97?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "701d6bee-6eb2-4497-bf54-fbc384d9d2e5": { "id": "701d6bee-6eb2-4497-bf54-fbc384d9d2e5", "title": "BuddyForms <= 2.8.5 - Reflected Cross-Site Scripting via page", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/701d6bee-6eb2-4497-bf54-fbc384d9d2e5?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "701d99b7-759f-4543-824d-dad84c35f5f3": { "id": "701d99b7-759f-4543-824d-dad84c35f5f3", "title": "Payment Form for PayPal Pro < 1.1.65 - SQL Injection", "software": [ { "type": "plugin", "name": "Payment Form for PayPal Pro", "slug": "payment-form-for-paypal-pro", "affected_versions": { "[*, 1.1.65)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.65", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/701d99b7-759f-4543-824d-dad84c35f5f3?source=api-scan" ], "published": "2020-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "701e349b-ce59-4724-8304-3871a3abbe8b": { "id": "701e349b-ce59-4724-8304-3871a3abbe8b", "title": "zBench <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "zBench", "slug": "zbench", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/701e349b-ce59-4724-8304-3871a3abbe8b?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7020d5a1-a4a6-489c-8615-bc7898553bcf": { "id": "7020d5a1-a4a6-489c-8615-bc7898553bcf", "title": "Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3.2" ] }, { "type": "plugin", "name": "Permalink Manager Pro", "slug": "permalink-manager-pro", "affected_versions": { "* - 2.4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7020d5a1-a4a6-489c-8615-bc7898553bcf?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "702261eb-4f85-4388-9f82-75476640e8ed": { "id": "702261eb-4f85-4388-9f82-75476640e8ed", "title": "AForms <= 2.2.6 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "AForms \u2014 Form Builder for Price Calculator & Cost Estimation", "slug": "aforms-form-builder-for-price-calculator-cost-estimation", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/702261eb-4f85-4388-9f82-75476640e8ed?source=api-scan" ], "published": "2024-07-15 19:52:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70254a2f-08da-4f78-85d1-08c746167e0f": { "id": "70254a2f-08da-4f78-85d1-08c746167e0f", "title": "WP Best Quiz <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Best Quiz", "slug": "wp-best-quiz", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70254a2f-08da-4f78-85d1-08c746167e0f?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "702715a9-b180-4d31-a1df-37b732ae8226": { "id": "702715a9-b180-4d31-a1df-37b732ae8226", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/702715a9-b180-4d31-a1df-37b732ae8226?source=api-scan" ], "published": "2024-08-07 16:50:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "702aa972-7b74-4417-8d33-a26c3831934f": { "id": "702aa972-7b74-4417-8d33-a26c3831934f", "title": "Ever Compare <= 1.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "Ever Compare \u2013 Products Compare Plugin for WooCommerce", "slug": "ever-compare", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/702aa972-7b74-4417-8d33-a26c3831934f?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "702dca65-fa8c-48c7-89e4-cba4b151e2c4": { "id": "702dca65-fa8c-48c7-89e4-cba4b151e2c4", "title": "Permalinks Customizer <= 2.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Permalinks Customizer", "slug": "permalinks-customizer", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/702dca65-fa8c-48c7-89e4-cba4b151e2c4?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "702f9d3b-5d33-4215-ac76-9aae3162d775": { "id": "702f9d3b-5d33-4215-ac76-9aae3162d775", "title": "WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation'", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/702f9d3b-5d33-4215-ac76-9aae3162d775?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70352973-5fa7-40b0-9e07-eab2e96520b7": { "id": "70352973-5fa7-40b0-9e07-eab2e96520b7", "title": "WordPress Core < 4.9.5 - Security Misconfiguration with URL Hostnames", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.25": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.25", "to_inclusive": true }, "3.8 - 3.8.25": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.25", "to_inclusive": true }, "3.9 - 3.9.23": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.23", "to_inclusive": true }, "4.0 - 4.0.22": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.22", "to_inclusive": true }, "4.1 - 4.1.22": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.22", "to_inclusive": true }, "4.2 - 4.2.19": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.19", "to_inclusive": true }, "4.3 - 4.3.15": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.15", "to_inclusive": true }, "4.4 - 4.4.14": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.14", "to_inclusive": true }, "4.5 - 4.5.13": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.13", "to_inclusive": true }, "4.6 - 4.6.10": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.10", "to_inclusive": true }, "4.7 - 4.7.9": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.9", "to_inclusive": true }, "4.8 - 4.8.5": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.5", "to_inclusive": true }, "4.9 - 4.9.4": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.26", "3.8.26", "3.9.24", "4.0.23", "4.1.23", "4.2.20", "4.3.16", "4.4.15", "4.5.14", "4.6.11", "4.7.10", "4.8.6", "4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70352973-5fa7-40b0-9e07-eab2e96520b7?source=api-scan" ], "published": "2018-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7036400d-022c-4e7e-a463-6ac6f5373474": { "id": "7036400d-022c-4e7e-a463-6ac6f5373474", "title": "CSV Import Export <= 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CSV Import Export", "slug": "csv-import-export", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7036400d-022c-4e7e-a463-6ac6f5373474?source=api-scan" ], "published": "2017-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7047d53e-c9e4-46f9-8b5f-3489a1fb7e97": { "id": "7047d53e-c9e4-46f9-8b5f-3489a1fb7e97", "title": "Database Management tool \u2013 Adminer <= 1.1.5 - Information Exposure", "software": [ { "type": "plugin", "name": "Database Management tool \u2013 Adminer", "slug": "pexlechris-adminer", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7047d53e-c9e4-46f9-8b5f-3489a1fb7e97?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70493df9-82b8-4160-8d75-889fada7541f": { "id": "70493df9-82b8-4160-8d75-889fada7541f", "title": "Simple Download Monitor <= 3.9.5 - Log Reset", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "* - 3.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70493df9-82b8-4160-8d75-889fada7541f?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "704a26f1-36d9-4503-b200-5a6b604ceddc": { "id": "704a26f1-36d9-4503-b200-5a6b604ceddc", "title": "Radio Player <= 2.0.73 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/704a26f1-36d9-4503-b200-5a6b604ceddc?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "704a60e1-bdb0-498f-a9f1-c9de1c29df7c": { "id": "704a60e1-bdb0-498f-a9f1-c9de1c29df7c", "title": "Stockholm Core <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Stockholm Core", "slug": "stockholm-core", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/704a60e1-bdb0-498f-a9f1-c9de1c29df7c?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "704eed2c-5ea8-4c31-99c5-8c1b0572997c": { "id": "704eed2c-5ea8-4c31-99c5-8c1b0572997c", "title": "Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder by SiteOrigin", "slug": "siteorigin-panels", "affected_versions": { "* - 2.10.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/704eed2c-5ea8-4c31-99c5-8c1b0572997c?source=api-scan" ], "published": "2020-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "704f9077-61c1-4105-80e6-906fe6bdddc6": { "id": "704f9077-61c1-4105-80e6-906fe6bdddc6", "title": "Easy Table of Contents <= 2.0.67 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Table of Contents", "slug": "easy-table-of-contents", "affected_versions": { "* - 2.0.67": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.67", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.67.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/704f9077-61c1-4105-80e6-906fe6bdddc6?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70544986-af4a-48e4-8497-8ee78589676e": { "id": "70544986-af4a-48e4-8497-8ee78589676e", "title": "FLASH PLAYER PLUGIN <= 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FLASH PLAYER PLUGIN", "slug": "wp-flash-player", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70544986-af4a-48e4-8497-8ee78589676e?source=api-scan" ], "published": "2015-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70582781-9de5-4124-bde4-d3d26724e9b3": { "id": "70582781-9de5-4124-bde4-d3d26724e9b3", "title": "Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.971": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.971", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.972" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70582781-9de5-4124-bde4-d3d26724e9b3?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7058306f-ec20-4722-aaa1-552a75945a1e": { "id": "7058306f-ec20-4722-aaa1-552a75945a1e", "title": "Setka Editor <= 2.1.20 - Cross-Site Request Forgery via handleRequest", "software": [ { "type": "plugin", "name": "A no-code page builder for beautiful performance-based content", "slug": "setka-editor", "affected_versions": { "* - 2.1.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7058306f-ec20-4722-aaa1-552a75945a1e?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70587bb9-6f76-4073-b5db-06ffda0194e9": { "id": "70587bb9-6f76-4073-b5db-06ffda0194e9", "title": "NEX-Forms <= 7.8.7 Authorization Bypass", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 7.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70587bb9-6f76-4073-b5db-06ffda0194e9?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "705a0e1f-79c6-4c2a-8622-fb3df944cf22": { "id": "705a0e1f-79c6-4c2a-8622-fb3df944cf22", "title": "WordPress Core < 4.0.1 - Cross-Site Scripting via Shortcode Brackets", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.2": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5", "3.8.5", "3.9.3", "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/705a0e1f-79c6-4c2a-8622-fb3df944cf22?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "705d11b1-0924-46ae-a6e6-8fab16a4df00": { "id": "705d11b1-0924-46ae-a6e6-8fab16a4df00", "title": "wordpress publish post email notification <= 1.0.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wordpress publish post email notification", "slug": "publish-post-email-notification", "affected_versions": { "* - 1.0.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/705d11b1-0924-46ae-a6e6-8fab16a4df00?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "706549d9-aa2f-4b1e-83b8-0eea38654565": { "id": "706549d9-aa2f-4b1e-83b8-0eea38654565", "title": "Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Print-O-Matic", "slug": "print-o-matic", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/706549d9-aa2f-4b1e-83b8-0eea38654565?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70682a2d-16f6-4d7e-bf69-f0f3999f03de": { "id": "70682a2d-16f6-4d7e-bf69-f0f3999f03de", "title": "Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Salient Shortcodes", "slug": "salient-shortcodes", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70682a2d-16f6-4d7e-bf69-f0f3999f03de?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70724bc7-c1f4-4965-8bba-99b2ed21d34b": { "id": "70724bc7-c1f4-4965-8bba-99b2ed21d34b", "title": "NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70724bc7-c1f4-4965-8bba-99b2ed21d34b?source=api-scan" ], "published": "2024-05-21 18:34:01", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7072b93b-4d18-464e-802d-a6c17a224593": { "id": "7072b93b-4d18-464e-802d-a6c17a224593", "title": "Shared Files <= 1.7.19 - Missing Authorization", "software": [ { "type": "plugin", "name": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "slug": "shared-files", "affected_versions": { "* - 1.7.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7072b93b-4d18-464e-802d-a6c17a224593?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7076c253-91ac-46b4-91ad-89a296408959": { "id": "7076c253-91ac-46b4-91ad-89a296408959", "title": "WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'adminhash'", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "* - 1.5.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7076c253-91ac-46b4-91ad-89a296408959?source=api-scan" ], "published": "2019-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7082c181-88c7-40f0-b49c-ffc16ab41dcc": { "id": "7082c181-88c7-40f0-b49c-ffc16ab41dcc", "title": "Zephyr Project Manager <= 3.2.42 - Missing Authorization to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true }, "3.2.41": { "from_version": "3.2.41", "from_inclusive": true, "to_version": "3.2.41", "to_inclusive": true }, "3.2.42": { "from_version": "3.2.42", "from_inclusive": true, "to_version": "3.2.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7082c181-88c7-40f0-b49c-ffc16ab41dcc?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7085e16a-cdf3-4467-b957-23ab372416e6": { "id": "7085e16a-cdf3-4467-b957-23ab372416e6", "title": "Calendar Event Multi View < 1.0.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Calendar Event Multi View", "slug": "cp-multi-view-calendar", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7085e16a-cdf3-4467-b957-23ab372416e6?source=api-scan" ], "published": "2014-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7087221f-c092-4803-8725-687ffbbbd941": { "id": "7087221f-c092-4803-8725-687ffbbbd941", "title": "Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Cross-Site Request Forgery in upload and delete_file", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload for WooCommerce", "slug": "drag-and-drop-multiple-file-upload-for-woocommerce", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7087221f-c092-4803-8725-687ffbbbd941?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "708c2c69-aa1b-4bfb-bef5-f2faa1e49a10": { "id": "708c2c69-aa1b-4bfb-bef5-f2faa1e49a10", "title": "Photo Gallery by 10Web <= 1.5.30 - SQL Injection", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.31)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.31", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/708c2c69-aa1b-4bfb-bef5-f2faa1e49a10?source=api-scan" ], "published": "2019-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7092ce4a-bad9-4426-b94e-d9d688344272": { "id": "7092ce4a-bad9-4426-b94e-d9d688344272", "title": "Brizy \u2013 Page Builder <= 2.4.43 - Missing Authorization", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.43": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7092ce4a-bad9-4426-b94e-d9d688344272?source=api-scan" ], "published": "2024-05-22 17:00:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70968476-b064-477f-999f-4aa2c51d89cc": { "id": "70968476-b064-477f-999f-4aa2c51d89cc", "title": "Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset", "software": [ { "type": "plugin", "name": "Widgets for Google Reviews", "slug": "wp-reviews-plugin-for-google", "affected_versions": { "* - 10.9": { "from_version": "*", "from_inclusive": true, "to_version": "10.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70968476-b064-477f-999f-4aa2c51d89cc?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70971072-d743-466b-affe-d7f79d5712aa": { "id": "70971072-d743-466b-affe-d7f79d5712aa", "title": "WooCommerce Stripe Payment Gateway <= 7.4.0 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "WooCommerce Stripe Payment Gateway", "slug": "woocommerce-gateway-stripe", "affected_versions": { "* - 5.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.0", "to_inclusive": true }, "[5.5.0, 5.5.1)": { "from_version": "5.5.0", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": false }, "[5.6.0, 5.6.3)": { "from_version": "5.6.0", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": false }, "[5.7.0, 5.7.1)": { "from_version": "5.7.0", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": false }, "[5.8.0, 5.8.2)": { "from_version": "5.8.0", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": false }, "[5.9.0, 5.9.1)": { "from_version": "5.9.0", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": false }, "[6.0.0, 6.0.1)": { "from_version": "6.0.0", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": false }, "[6.1.0, 6.1.1)": { "from_version": "6.1.0", "from_inclusive": true, "to_version": "6.1.1", "to_inclusive": false }, "[6.2.0, 6.2.1)": { "from_version": "6.2.0", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false }, "[6.3.0, 6.3.1)": { "from_version": "6.3.0", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": false }, "[6.4.0, 6.4.4)": { "from_version": "6.4.0", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": false }, "[6.5.0, 6.5.2)": { "from_version": "6.5.0", "from_inclusive": true, "to_version": "6.5.2", "to_inclusive": false }, "[6.6.0, 6.6.1)": { "from_version": "6.6.0", "from_inclusive": true, "to_version": "6.6.1", "to_inclusive": false }, "[6.7.0, 6.7.1)": { "from_version": "6.7.0", "from_inclusive": true, "to_version": "6.7.1", "to_inclusive": false }, "[6.8.0, 6.8.1)": { "from_version": "6.8.0", "from_inclusive": true, "to_version": "6.8.1", "to_inclusive": false }, "[6.9.0, 6.9.1)": { "from_version": "6.9.0", "from_inclusive": true, "to_version": "6.9.1", "to_inclusive": false }, "[7.0.0, 7.0.3)": { "from_version": "7.0.0", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": false }, "[7.1.0, 7.1.1)": { "from_version": "7.1.0", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": false }, "[7.2.0, 7.2.1)": { "from_version": "7.2.0", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": false }, "[7.3.0, 7.3.1)": { "from_version": "7.3.0", "from_inclusive": true, "to_version": "7.3.1", "to_inclusive": false }, "7.4.0": { "from_version": "7.4.0", "from_inclusive": true, "to_version": "7.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.1", "5.6.3", "5.7.1", "5.8.2", "5.9.1", "6.0.1", "6.1.1", "6.2.1", "6.3.1", "6.4.4", "6.5.2", "6.6.1", "6.7.1", "6.8.1", "6.9.1", "7.0.3", "7.1.1", "7.2.1", "7.3.1", "7.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70971072-d743-466b-affe-d7f79d5712aa?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70a14d11-6525-465c-8fc6-0920af748027": { "id": "70a14d11-6525-465c-8fc6-0920af748027", "title": "Squeeze <= 1.4 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Squeeze", "slug": "squeeze", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70a14d11-6525-465c-8fc6-0920af748027?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70aaef82-c93b-4f2b-8d57-6c28d45942ad": { "id": "70aaef82-c93b-4f2b-8d57-6c28d45942ad", "title": "Editable Table Simple Fast FrontEnd From Sql tables <= 0.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Editable Table Simple Fast FrontEnd From Sql tables", "slug": "editable-table", "affected_versions": { "* - 0.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70aaef82-c93b-4f2b-8d57-6c28d45942ad?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70ac8447-3d42-4577-8d46-528966a9f002": { "id": "70ac8447-3d42-4577-8d46-528966a9f002", "title": "WP-Cron Dashboard < 1.1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Cron Dashboard", "slug": "wp-cron-dashboard", "affected_versions": { "[*, 1.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70ac8447-3d42-4577-8d46-528966a9f002?source=api-scan" ], "published": "2013-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70ae0f3e-75a8-41c7-91c0-52d672809835": { "id": "70ae0f3e-75a8-41c7-91c0-52d672809835", "title": "Realbig <= 1.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Realbig For WordPress", "slug": "realbig-media", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70ae0f3e-75a8-41c7-91c0-52d672809835?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70b00cfc-4a9b-442a-9c80-fd080924ca34": { "id": "70b00cfc-4a9b-442a-9c80-fd080924ca34", "title": "SalesKing <= 1.6.15 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "salesking", "slug": "salesking", "affected_versions": { "* - 1.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70b00cfc-4a9b-442a-9c80-fd080924ca34?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70bac5e0-8182-426c-94da-e6832af8c487": { "id": "70bac5e0-8182-426c-94da-e6832af8c487", "title": "MkRapel Regiones y Ciudades de Chile para WC <= 4.3.0 - Cross-Site Request Forgery via multiple functions", "software": [ { "type": "plugin", "name": "MkRapel Regiones y Ciudades de Chile para WC", "slug": "wc-ciudades-y-regiones-de-chile", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70bac5e0-8182-426c-94da-e6832af8c487?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70bda4b7-e442-4956-b3cb-8df96043bcde": { "id": "70bda4b7-e442-4956-b3cb-8df96043bcde", "title": "Elementor Addons by Livemesh <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70bda4b7-e442-4956-b3cb-8df96043bcde?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70c144c9-2d96-404d-bcca-707519c9b71c": { "id": "70c144c9-2d96-404d-bcca-707519c9b71c", "title": "WP Content Copy Protection & No Right Click <= 3.3 - Cross-Site Request Forgery to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "WP Content Copy Protection & No Right Click", "slug": "wp-content-copy-protector", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70c144c9-2d96-404d-bcca-707519c9b71c?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70c1ee04-cfb1-4819-95ab-497e814da16f": { "id": "70c1ee04-cfb1-4819-95ab-497e814da16f", "title": "WP Test Email <= 1.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Test Email", "slug": "wp-test-email", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70c1ee04-cfb1-4819-95ab-497e814da16f?source=api-scan" ], "published": "2024-09-12 18:16:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70c6bfb9-46d4-43ed-a6b4-9fe1fc9aa945": { "id": "70c6bfb9-46d4-43ed-a6b4-9fe1fc9aa945", "title": "Link2Player <= 0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link2Player", "slug": "link2player", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70c6bfb9-46d4-43ed-a6b4-9fe1fc9aa945?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70ca7ad4-6848-4f87-ae2d-4b9c2ffa668e": { "id": "70ca7ad4-6848-4f87-ae2d-4b9c2ffa668e", "title": "WC Fields Factory <= 4.1.5 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WC Fields Factory", "slug": "wc-fields-factory", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70ca7ad4-6848-4f87-ae2d-4b9c2ffa668e?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70cd028d-122d-4e3c-ac09-150dec07a2cd": { "id": "70cd028d-122d-4e3c-ac09-150dec07a2cd", "title": "Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70cd028d-122d-4e3c-ac09-150dec07a2cd?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70ce4450-e38b-422e-a171-09f428dfe0d8": { "id": "70ce4450-e38b-422e-a171-09f428dfe0d8", "title": "Child Theme Creator by Orbisius <= 1.2.7 - Arbitrary File Write", "software": [ { "type": "plugin", "name": "Child Theme Creator by Orbisius", "slug": "orbisius-child-theme-creator", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70ce4450-e38b-422e-a171-09f428dfe0d8?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70d046c9-a0c2-4059-aa1d-47caa1ffe76c": { "id": "70d046c9-a0c2-4059-aa1d-47caa1ffe76c", "title": "Scroll To Top <= 1.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scroll To Top", "slug": "scroll-top", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70d046c9-a0c2-4059-aa1d-47caa1ffe76c?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70d05b9e-bead-42f9-9d19-c92c8e6440cd": { "id": "70d05b9e-bead-42f9-9d19-c92c8e6440cd", "title": "WP-Lister Lite for eBay <= 3.5.7 - Reflected Cross-Site Scripting via 's'", "software": [ { "type": "plugin", "name": "WP-Lister Lite for eBay", "slug": "wp-lister-for-ebay", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70d05b9e-bead-42f9-9d19-c92c8e6440cd?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70d168a4-a659-4354-889e-7907215351a2": { "id": "70d168a4-a659-4354-889e-7907215351a2", "title": "Woocommerce Product Designer <= 4.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Woocommerce Products Designer by ORION \u2013 online product customizer for t-shirts, print cards, phone cases Lettering & Decals", "slug": "woocommerce-products-designer", "affected_versions": { "* - 4.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70d168a4-a659-4354-889e-7907215351a2?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70d4041e-4b38-4be0-8e51-5a9db4d6c697": { "id": "70d4041e-4b38-4be0-8e51-5a9db4d6c697", "title": "Responsive Menu 4.0 - 4.0.3 - Authenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Responsive Menu \u2013 Create Mobile-Friendly Menu", "slug": "responsive-menu", "affected_versions": { "[4.0, 4.0.4)": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70d4041e-4b38-4be0-8e51-5a9db4d6c697?source=api-scan" ], "published": "2021-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70d5fccb-a5df-4ffc-a716-f00e6b968b40": { "id": "70d5fccb-a5df-4ffc-a716-f00e6b968b40", "title": "ShareThis <= 7.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "share-this", "slug": "share-this", "affected_versions": { "* - 7.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70d5fccb-a5df-4ffc-a716-f00e6b968b40?source=api-scan" ], "published": "2013-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70da8039-6526-47fa-934d-53fa29ca1bf0": { "id": "70da8039-6526-47fa-934d-53fa29ca1bf0", "title": "Tainacan <= 0.20.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.20.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.20.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.20.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70da8039-6526-47fa-934d-53fa29ca1bf0?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70db1a8e-ebff-4505-9e43-1ce48e94f3c5": { "id": "70db1a8e-ebff-4505-9e43-1ce48e94f3c5", "title": "WP Statistics <= 9.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 9.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70db1a8e-ebff-4505-9e43-1ce48e94f3c5?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70e1d701-2cff-4793-9e4c-5b16a4038e8d": { "id": "70e1d701-2cff-4793-9e4c-5b16a4038e8d", "title": "ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "* - 1.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70e1d701-2cff-4793-9e4c-5b16a4038e8d?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70e1e2b8-90cc-40eb-94ae-1d4e5b2259f3": { "id": "70e1e2b8-90cc-40eb-94ae-1d4e5b2259f3", "title": "Akismet htaccess writer <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Akismet htaccess writer", "slug": "akismet-htaccess-writer", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70e1e2b8-90cc-40eb-94ae-1d4e5b2259f3?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70e227a5-fc33-4ff2-a843-ef9484707ae7": { "id": "70e227a5-fc33-4ff2-a843-ef9484707ae7", "title": "NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "NS Coupon To Become Customer", "slug": "ns-coupon-to-become-customer", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70e227a5-fc33-4ff2-a843-ef9484707ae7?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70e29aa5-6f36-498f-ad85-f9d9ab8d9bcb": { "id": "70e29aa5-6f36-498f-ad85-f9d9ab8d9bcb", "title": "sem-wysiwyg <= 1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "sem-wysiwyg", "slug": "sem-wysiwyg", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70e29aa5-6f36-498f-ad85-f9d9ab8d9bcb?source=api-scan" ], "published": "2012-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70e6a0b9-5bf2-4d0b-976e-6d5c56dff37c": { "id": "70e6a0b9-5bf2-4d0b-976e-6d5c56dff37c", "title": "Zoho Marketing Automation <= 1.2.7 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Zoho Marketing Automation", "slug": "zoho-marketinghub", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70e6a0b9-5bf2-4d0b-976e-6d5c56dff37c?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70ede219-e59d-40dd-9e5e-4f44089d7524": { "id": "70ede219-e59d-40dd-9e5e-4f44089d7524", "title": "MM Forms Community <= 2.2.6 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "mm-forms-community", "slug": "mm-forms-community", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70ede219-e59d-40dd-9e5e-4f44089d7524?source=api-scan" ], "published": "2012-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70eea51c-d4dd-4b9b-a1ad-6077370dec1f": { "id": "70eea51c-d4dd-4b9b-a1ad-6077370dec1f", "title": "PDF24 Articles To PDF <= 4.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PDF24 Articles To PDF", "slug": "pdf24-posts-to-pdf", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70eea51c-d4dd-4b9b-a1ad-6077370dec1f?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70effa22-fbf6-44cb-9d1b-8625969c10ac": { "id": "70effa22-fbf6-44cb-9d1b-8625969c10ac", "title": "Backuply \u2013 Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal", "software": [ { "type": "plugin", "name": "Backuply \u2013 Backup, Restore, Migrate and Clone", "slug": "backuply", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70f14d9d-6ed6-4bcb-944d-f9c5aa6a17a6": { "id": "70f14d9d-6ed6-4bcb-944d-f9c5aa6a17a6", "title": "System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)", "software": [ { "type": "plugin", "name": "System Dashboard", "slug": "system-dashboard", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70f14d9d-6ed6-4bcb-944d-f9c5aa6a17a6?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70f2965a-37fe-4b7e-890a-9bf73b5de1c7": { "id": "70f2965a-37fe-4b7e-890a-9bf73b5de1c7", "title": "Better Messages <= 1.9.10.68 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "* - 1.9.10.68": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.10.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70f2965a-37fe-4b7e-890a-9bf73b5de1c7?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70f2c885-14b6-4ac3-b819-502bc618d9c9": { "id": "70f2c885-14b6-4ac3-b819-502bc618d9c9", "title": "Connections Business Directory <= 9.6 - Authenticated CSV Injection", "software": [ { "type": "plugin", "name": "Connections Business Directory", "slug": "connections", "affected_versions": { "* - 9.6": { "from_version": "*", "from_inclusive": true, "to_version": "9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70f2c885-14b6-4ac3-b819-502bc618d9c9?source=api-scan" ], "published": "2020-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70fa060f-11eb-4b51-b985-59421f44414e": { "id": "70fa060f-11eb-4b51-b985-59421f44414e", "title": "Simple Membership <= 4.0.8 - Cross-Site Request Forgery to Arbitrary Member Deletion", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "[*, 4.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70fa060f-11eb-4b51-b985-59421f44414e?source=api-scan" ], "published": "2022-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "70fee28f-7a2b-4d57-9fca-04a805dca3f6": { "id": "70fee28f-7a2b-4d57-9fca-04a805dca3f6", "title": "Float to Top Button <= 2.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Float to Top Button", "slug": "float-to-top-button", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/70fee28f-7a2b-4d57-9fca-04a805dca3f6?source=api-scan" ], "published": "2022-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7100927e-fbcc-44ed-b7e1-475a5692c173": { "id": "7100927e-fbcc-44ed-b7e1-475a5692c173", "title": "Flo Forms <= 1.0.42 - Missing Authorization", "software": [ { "type": "plugin", "name": "Flo Forms \u2013 Easy Drag & Drop Form Builder", "slug": "flo-forms", "affected_versions": { "* - 1.0.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.42", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7100927e-fbcc-44ed-b7e1-475a5692c173?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7102fb7f-eb69-4c2f-956b-61ceace968e4": { "id": "7102fb7f-eb69-4c2f-956b-61ceace968e4", "title": "Soundy Background Music <= 3.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Soundy Background Music", "slug": "soundy-background-music", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7102fb7f-eb69-4c2f-956b-61ceace968e4?source=api-scan" ], "published": "2018-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71053df9-c4b6-4c27-9582-600363b82a36": { "id": "71053df9-c4b6-4c27-9582-600363b82a36", "title": "WP Newsletter Subscription <= 1.1 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Newsletter Subscription", "slug": "wp-newsletter-subscription", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71053df9-c4b6-4c27-9582-600363b82a36?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "710574a8-a6e2-4ee6-9ea7-03a34994fec7": { "id": "710574a8-a6e2-4ee6-9ea7-03a34994fec7", "title": "User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 3.2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/710574a8-a6e2-4ee6-9ea7-03a34994fec7?source=api-scan" ], "published": "2024-05-31 18:57:59", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71078aaf-9803-4b46-bc94-dbcb43745629": { "id": "71078aaf-9803-4b46-bc94-dbcb43745629", "title": "wpForo Forum <= 2.2.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71078aaf-9803-4b46-bc94-dbcb43745629?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71083db7-377b-47a1-ac8b-83d8974a2654": { "id": "71083db7-377b-47a1-ac8b-83d8974a2654", "title": "Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71083db7-377b-47a1-ac8b-83d8974a2654?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "710aa0fd-34e2-4f0e-b354-0722d9692410": { "id": "710aa0fd-34e2-4f0e-b354-0722d9692410", "title": "WP-Cirrus <= 0.6.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-Cirrus", "slug": "wp-cirrus", "affected_versions": { "* - 0.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/710aa0fd-34e2-4f0e-b354-0722d9692410?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "710b8e4e-01de-4e99-8cf2-31abc2419b29": { "id": "710b8e4e-01de-4e99-8cf2-31abc2419b29", "title": "BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.76": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/710b8e4e-01de-4e99-8cf2-31abc2419b29?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "710f663a-c8ff-457b-8b3f-4f6601ba321f": { "id": "710f663a-c8ff-457b-8b3f-4f6601ba321f", "title": "WholesaleX <= 1.3.1 - Sensitive Information Exposure via export_users", "software": [ { "type": "plugin", "name": "WholesaleX \u2013 WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)", "slug": "wholesalex", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/710f663a-c8ff-457b-8b3f-4f6601ba321f?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71105a3c-4eb7-49b4-ba47-7997ddeb62c3": { "id": "71105a3c-4eb7-49b4-ba47-7997ddeb62c3", "title": "GeoDirectory <= 2.3.61 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "* - 2.3.61": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.61", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71105a3c-4eb7-49b4-ba47-7997ddeb62c3?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7110d8f1-8978-494e-afdb-ca96ee503ab7": { "id": "7110d8f1-8978-494e-afdb-ca96ee503ab7", "title": "JTRT Responsive Tables < 4.1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "JTRT Responsive Tables", "slug": "jtrt-responsive-tables", "affected_versions": { "[*, 4.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7110d8f1-8978-494e-afdb-ca96ee503ab7?source=api-scan" ], "published": "2017-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71114965-c8e3-4f2f-b308-f75adc7f2d31": { "id": "71114965-c8e3-4f2f-b308-f75adc7f2d31", "title": "W3 Total Cache <= 0.9.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71114965-c8e3-4f2f-b308-f75adc7f2d31?source=api-scan" ], "published": "2014-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71130bae-d871-43b5-81cd-b8459c8db316": { "id": "71130bae-d871-43b5-81cd-b8459c8db316", "title": "Google Map Generator <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Map Generator", "slug": "google-map-generator", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71130bae-d871-43b5-81cd-b8459c8db316?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "711a7307-0a7a-4640-8d88-5c370b0156de": { "id": "711a7307-0a7a-4640-8d88-5c370b0156de", "title": "Custom Search by BestWebSoft <= 1.35 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Search by BestWebSoft \u2013 Advanced WordPress Search Bar Plugin", "slug": "custom-search-plugin", "affected_versions": { "* - 1.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/711a7307-0a7a-4640-8d88-5c370b0156de?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "711b2889-8d12-4f7c-88e7-d3bb79e9c800": { "id": "711b2889-8d12-4f7c-88e7-d3bb79e9c800", "title": "Simple Balance <= 2.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Simple Balance", "slug": "simplebalance", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/711b2889-8d12-4f7c-88e7-d3bb79e9c800?source=api-scan" ], "published": "2011-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "711d2c4d-700d-4d6e-911f-99abf86eff32": { "id": "711d2c4d-700d-4d6e-911f-99abf86eff32", "title": "CBX Currency Converter <= 3.0.3 - Cross-Site Request Forgery leading to Plugin Settings Leakage\/Changes", "software": [ { "type": "plugin", "name": "CBX Currency Converter", "slug": "cbcurrencyconverter", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/711d2c4d-700d-4d6e-911f-99abf86eff32?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7126e39a-f3aa-4815-b039-485995d6bba3": { "id": "7126e39a-f3aa-4815-b039-485995d6bba3", "title": "CorreosExpress <= 2.6.0 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "CorreosExpress \u2013 Shipping Management \u2013 Tags", "slug": "correos-express", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7126e39a-f3aa-4815-b039-485995d6bba3?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "712887d9-25fd-4d8f-a2e6-e6f2855f5ddb": { "id": "712887d9-25fd-4d8f-a2e6-e6f2855f5ddb", "title": "Music <= 1.5 - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Music", "slug": "music", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/712887d9-25fd-4d8f-a2e6-e6f2855f5ddb?source=api-scan" ], "published": "2013-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "712b0976-09a5-41d6-8f96-79006a8d41ba": { "id": "712b0976-09a5-41d6-8f96-79006a8d41ba", "title": "Integration for Contact Form 7 and Constant Contact <= 1.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "cf7-constant-contact", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/712b0976-09a5-41d6-8f96-79006a8d41ba?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "712d2d8b-2103-4262-807e-bb26cabb771c": { "id": "712d2d8b-2103-4262-807e-bb26cabb771c", "title": "Wonder Slider Lite <= 13.9 - Reflected Cross-Site Scripting via 'page'", "software": [ { "type": "plugin", "name": "Wonder Slider Lite", "slug": "wonderplugin-slider-lite", "affected_versions": { "* - 13.9": { "from_version": "*", "from_inclusive": true, "to_version": "13.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/712d2d8b-2103-4262-807e-bb26cabb771c?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "712e9754-a6f2-43b5-97be-9d23970b46ea": { "id": "712e9754-a6f2-43b5-97be-9d23970b46ea", "title": "Indeed Job Importer <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Indeed Job Importer", "slug": "indeed-job-importer", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/712e9754-a6f2-43b5-97be-9d23970b46ea?source=api-scan" ], "published": "2021-10-15 19:23:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "712ffe0a-45a5-41c7-a2b9-e88fb381a684": { "id": "712ffe0a-45a5-41c7-a2b9-e88fb381a684", "title": "Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bulk Delete Users by Email", "slug": "bulk-delete-users-by-email", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/712ffe0a-45a5-41c7-a2b9-e88fb381a684?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71371a44-fed4-4aea-9f86-a37ca26a57b1": { "id": "71371a44-fed4-4aea-9f86-a37ca26a57b1", "title": "Link Log \u2013 external link click monitor <= 1.4 - HTTP Response Splitting", "software": [ { "type": "plugin", "name": "Smart External Link Click Monitor [Link Log]", "slug": "link-log", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71371a44-fed4-4aea-9f86-a37ca26a57b1?source=api-scan" ], "published": "2015-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71408e0b-aed8-4077-add2-7f3b249e85f5": { "id": "71408e0b-aed8-4077-add2-7f3b249e85f5", "title": "Reviews and Rating \u2013 Google Reviews <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Reviews and Rating \u2013 Google Reviews", "slug": "g-business-reviews-rating", "affected_versions": { "* - 5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71408e0b-aed8-4077-add2-7f3b249e85f5?source=api-scan" ], "published": "2024-05-24 14:53:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71415e73-0c7c-4f4a-9322-8d8a1d61c0d4": { "id": "71415e73-0c7c-4f4a-9322-8d8a1d61c0d4", "title": "WP Edit Menu <= 1.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Edit Menu", "slug": "wp-edit-menu", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71415e73-0c7c-4f4a-9322-8d8a1d61c0d4?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71463210-d65f-4a6c-ab5f-ebaafebb83e2": { "id": "71463210-d65f-4a6c-ab5f-ebaafebb83e2", "title": "Related Posts < 2.7.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Related Posts", "slug": "related-posts", "affected_versions": { "[*, 2.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71463210-d65f-4a6c-ab5f-ebaafebb83e2?source=api-scan" ], "published": "2013-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7147cb69-294e-4270-bf8b-3a32a5552d1e": { "id": "7147cb69-294e-4270-bf8b-3a32a5552d1e", "title": "MM-email2image <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "MM-email2image", "slug": "mm-email2image", "affected_versions": { "* - 0.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7147cb69-294e-4270-bf8b-3a32a5552d1e?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7148e182-858c-42b1-b9db-9b7a267483e1": { "id": "7148e182-858c-42b1-b9db-9b7a267483e1", "title": "WPtouch <= 4.3.44 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "* - 4.3.44": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7148e182-858c-42b1-b9db-9b7a267483e1?source=api-scan" ], "published": "2022-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "714acd7d-6d19-4087-bb27-b9a4ccbb678b": { "id": "714acd7d-6d19-4087-bb27-b9a4ccbb678b", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.112": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.112", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.113" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/714acd7d-6d19-4087-bb27-b9a4ccbb678b?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "714d7811-0425-4833-a7b2-a408799181e4": { "id": "714d7811-0425-4833-a7b2-a408799181e4", "title": "Who Hit The Page \u2013 Hit Counter <= 1.4.14.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Who Hit The Page \u2013 Hit Counter", "slug": "who-hit-the-page-hit-counter", "affected_versions": { "* - 1.4.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.14.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/714d7811-0425-4833-a7b2-a408799181e4?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7152253a-7bb8-4b5c-bffd-86e46df54b7e": { "id": "7152253a-7bb8-4b5c-bffd-86e46df54b7e", "title": "WDContactFormBuilder <= 1.0.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WDContactFormBuilder", "slug": "contact-form-builder", "affected_versions": { "* - 1.0.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.72", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7152253a-7bb8-4b5c-bffd-86e46df54b7e?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71548a7f-43a5-4f71-8add-45f675e8aa66": { "id": "71548a7f-43a5-4f71-8add-45f675e8aa66", "title": "Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enhanced WP Contact Form", "slug": "enhanced-wordpress-contactform", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71548a7f-43a5-4f71-8add-45f675e8aa66?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71564eec-426a-46fa-b614-388bebae6ebd": { "id": "71564eec-426a-46fa-b614-388bebae6ebd", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 7.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71564eec-426a-46fa-b614-388bebae6ebd?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "715b0d61-1fac-4039-b18c-e9371788c24c": { "id": "715b0d61-1fac-4039-b18c-e9371788c24c", "title": "GiveWP - Donation Plugin and Fundraising Platform <= 2.5.0 - SQL Injection", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/715b0d61-1fac-4039-b18c-e9371788c24c?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "715dc265-253e-4409-b57d-474d3740adbe": { "id": "715dc265-253e-4409-b57d-474d3740adbe", "title": "Email Subscribers & Newsletters <= 4.5.5 - Unauthenticated Email Forgery", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "[*, 4.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/715dc265-253e-4409-b57d-474d3740adbe?source=api-scan" ], "published": "2020-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "715e3947-922e-4549-b601-6a2ae441ddf6": { "id": "715e3947-922e-4549-b601-6a2ae441ddf6", "title": "PeproDev Ultimate Invoice <= 2.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "PeproDev Ultimate Invoice", "slug": "pepro-ultimate-invoice", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/715e3947-922e-4549-b601-6a2ae441ddf6?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7167a731-8677-4ae2-a790-00a8295c9191": { "id": "7167a731-8677-4ae2-a790-00a8295c9191", "title": "Fancy Product Designer <= 6.1.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "* - 6.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7167a731-8677-4ae2-a790-00a8295c9191?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71782003-3fbf-44d3-a5fd-7370acff2eea": { "id": "71782003-3fbf-44d3-a5fd-7370acff2eea", "title": "PayPlus Payment Gateway <= 6.6.8 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "PayPlus Payment Gateway", "slug": "payplus-payment-gateway", "affected_versions": { "* - 6.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71782003-3fbf-44d3-a5fd-7370acff2eea?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7179fe0d-8cfa-4b43-82d6-5523d65ff780": { "id": "7179fe0d-8cfa-4b43-82d6-5523d65ff780", "title": "WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP-Lister Lite for eBay", "slug": "wp-lister-for-ebay", "affected_versions": { "* - 3.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7179fe0d-8cfa-4b43-82d6-5523d65ff780?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "717dfceb-dc0b-45ef-bc06-72658486d1f1": { "id": "717dfceb-dc0b-45ef-bc06-72658486d1f1", "title": "Simple Testimonials Showcase <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Testimonials Showcase", "slug": "simple-testimonials-showcase", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/717dfceb-dc0b-45ef-bc06-72658486d1f1?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "717e77b7-8b42-4fca-b288-2415db2d68e6": { "id": "717e77b7-8b42-4fca-b288-2415db2d68e6", "title": "Slider by Supsystic <= 1.8.10 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider by Supsystic", "slug": "slider-by-supsystic", "affected_versions": { "* - 1.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/717e77b7-8b42-4fca-b288-2415db2d68e6?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71823e36-3899-4253-a1d2-c6f8921d18dc": { "id": "71823e36-3899-4253-a1d2-c6f8921d18dc", "title": "The Moneytizer <= 9.6.3 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "The Moneytizer", "slug": "the-moneytizer", "affected_versions": { "* - 9.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71823e36-3899-4253-a1d2-c6f8921d18dc?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7183288f-47f1-477b-974d-e5e21c170d0f": { "id": "7183288f-47f1-477b-974d-e5e21c170d0f", "title": "FBGorilla (All Versions) - SQL Injection", "software": [ { "type": "plugin", "name": "fbgorilla", "slug": "fbgorilla", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7183288f-47f1-477b-974d-e5e21c170d0f?source=api-scan" ], "published": "2014-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "718615b1-9c25-4119-bc30-683ef51e5861": { "id": "718615b1-9c25-4119-bc30-683ef51e5861", "title": "Organizer <= 1.2.1 - Path Disclosure", "software": [ { "type": "plugin", "name": "Organizer", "slug": "organizer", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/718615b1-9c25-4119-bc30-683ef51e5861?source=api-scan" ], "published": "2012-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "718c60c1-6117-4959-a907-d0ef457f7185": { "id": "718c60c1-6117-4959-a907-d0ef457f7185", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.27": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/718c60c1-6117-4959-a907-d0ef457f7185?source=api-scan" ], "published": "2024-08-12 16:05:31", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "718d12fe-31e4-4fa1-ba9a-8626df8ddbfe": { "id": "718d12fe-31e4-4fa1-ba9a-8626df8ddbfe", "title": "MemberPress <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters", "software": [ { "type": "plugin", "name": "Memberpress", "slug": "memberpress", "affected_versions": { "* - 1.11.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/718d12fe-31e4-4fa1-ba9a-8626df8ddbfe?source=api-scan" ], "published": "2024-08-29 15:03:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "718e54f5-f040-42d6-958d-255d905615d5": { "id": "718e54f5-f040-42d6-958d-255d905615d5", "title": "Forminator <= 1.22.1 - Missing Authorization on 'load_recaptcha_preview' AJAX function", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.22.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/718e54f5-f040-42d6-958d-255d905615d5?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7191955e-0db1-4ad1-878b-74f90ca59c91": { "id": "7191955e-0db1-4ad1-878b-74f90ca59c91", "title": "LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments", "software": [ { "type": "plugin", "name": "LearnDash LMS", "slug": "sfwd-lms", "affected_versions": { "* - 4.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7191955e-0db1-4ad1-878b-74f90ca59c91?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "719289ef-30a1-4582-99e2-5aee50b80e43": { "id": "719289ef-30a1-4582-99e2-5aee50b80e43", "title": "Kanban Boards for WordPress <= 2.5.21 - Missing Authorization", "software": [ { "type": "plugin", "name": "Kanban Boards for WordPress", "slug": "kanban", "affected_versions": { "* - 2.5.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/719289ef-30a1-4582-99e2-5aee50b80e43?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7193052f-1bef-426c-b0fe-4d70931f47ed": { "id": "7193052f-1bef-426c-b0fe-4d70931f47ed", "title": "WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Amazon Affiliates - Wordpress Plugin", "slug": "woozone", "affected_versions": { "* - 14.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "14.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7193052f-1bef-426c-b0fe-4d70931f47ed?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7193b373-a0c9-4cd7-8a53-4f35ceff8f23": { "id": "7193b373-a0c9-4cd7-8a53-4f35ceff8f23", "title": "Alkubot \u2013 Gamify discounts, sell more and give less at the right time < 3.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Alkubot \u2013 Gamify discounts, sell more and give less at the right time", "slug": "alkubot", "affected_versions": { "[*, 3.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7193b373-a0c9-4cd7-8a53-4f35ceff8f23?source=api-scan" ], "published": "2021-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71955ba0-42ba-49a1-8b91-81069c6132ea": { "id": "71955ba0-42ba-49a1-8b91-81069c6132ea", "title": "User Registration, User Profiles, Login & Membership \u2013 ProfilePress (Formerly WP User Avatar) 3.0.0 - 3.1.3 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "3.0.0 - 3.1.3": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71955ba0-42ba-49a1-8b91-81069c6132ea?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "719fe585-369b-47ef-b3c1-15729f88ae2d": { "id": "719fe585-369b-47ef-b3c1-15729f88ae2d", "title": "WordPress Core < 5.8 - Dependency Confusion", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 5.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/719fe585-369b-47ef-b3c1-15729f88ae2d?source=api-scan" ], "published": "2021-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71a0aa95-f2a9-4537-a8d1-d78336e36125": { "id": "71a0aa95-f2a9-4537-a8d1-d78336e36125", "title": "Scheduling Plugin \u2013 Online Booking for WordPress <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scheduling Plugin \u2013 Online Booking for WordPress", "slug": "calendar-booking", "affected_versions": { "* - 3.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71a0aa95-f2a9-4537-a8d1-d78336e36125?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71a45950-bae1-4b14-8935-251b8713c570": { "id": "71a45950-bae1-4b14-8935-251b8713c570", "title": "Product Delivery Date for WooCommerce \u2013 Lite <= 2.7.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Delivery Date for WooCommerce \u2013 Lite", "slug": "product-delivery-date-for-woocommerce-lite", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71a45950-bae1-4b14-8935-251b8713c570?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71aa14b8-39bc-4b91-a7cf-9d203fdf44ea": { "id": "71aa14b8-39bc-4b91-a7cf-9d203fdf44ea", "title": "uListing <= 1.6.6 - Unauthenticated Arbitrary Post\/Page Deletion", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71aa14b8-39bc-4b91-a7cf-9d203fdf44ea?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71aeca29-a9bd-42c0-8150-814b79e931fa": { "id": "71aeca29-a9bd-42c0-8150-814b79e931fa", "title": "Insert Html Snippet <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Insert Html Snippet", "slug": "insert-html-snippet", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71aeca29-a9bd-42c0-8150-814b79e931fa?source=api-scan" ], "published": "2016-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71b3bec2-3fb2-4b0a-aa6d-5c761d0796e2": { "id": "71b3bec2-3fb2-4b0a-aa6d-5c761d0796e2", "title": "UpdraftPlus <= 1.13.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "* - 1.13.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71b3bec2-3fb2-4b0a-aa6d-5c761d0796e2?source=api-scan" ], "published": "2017-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71b521b5-acb5-4439-90f8-7d341291d583": { "id": "71b521b5-acb5-4439-90f8-7d341291d583", "title": "WordPress Core < 2.0.3 - IP Address Spoofing", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71b521b5-acb5-4439-90f8-7d341291d583?source=api-scan" ], "published": "2006-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71bf0ae5-7c32-42ac-a9bc-96cb1269a458": { "id": "71bf0ae5-7c32-42ac-a9bc-96cb1269a458", "title": "Kioskprox (Unkown Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kioskprox", "slug": "kioskprox", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71bf0ae5-7c32-42ac-a9bc-96cb1269a458?source=api-scan" ], "published": "2013-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71c21af1-a007-4535-98ea-a6f25142bcf6": { "id": "71c21af1-a007-4535-98ea-a6f25142bcf6", "title": "Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Accessibility Suite by Ability, Inc", "slug": "online-accessibility", "affected_versions": { "* - 4.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71c21af1-a007-4535-98ea-a6f25142bcf6?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71c7ed80-dd39-4581-8792-31dbc75471e6": { "id": "71c7ed80-dd39-4581-8792-31dbc75471e6", "title": "MBE eShip <= 2.1.2 - Information Exposure", "software": [ { "type": "plugin", "name": "MBE eShip", "slug": "mail-boxes-etc", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71c7ed80-dd39-4581-8792-31dbc75471e6?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71caa071-d279-4807-88ad-a71673b9d17d": { "id": "71caa071-d279-4807-88ad-a71673b9d17d", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'instantEditRedirect' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71caa071-d279-4807-88ad-a71673b9d17d?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71cc804f-6146-4594-8e7a-854754a1ff20": { "id": "71cc804f-6146-4594-8e7a-854754a1ff20", "title": "WP JobSearch <= 2.3.3 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71cc804f-6146-4594-8e7a-854754a1ff20?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71d63f0d-ce01-489e-bcc4-7632f1a4bb04": { "id": "71d63f0d-ce01-489e-bcc4-7632f1a4bb04", "title": "MainWP Dashboard and MainWP Child <= 2.0.22 - Unspecified Vulnerability", "software": [ { "type": "plugin", "name": "MainWP Child \u2013 Securely Connects to the MainWP Dashboard to Manage Multiple Sites", "slug": "mainwp-child", "affected_versions": { "* - 2.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.23" ] }, { "type": "plugin", "name": "MainWP Dashboard: WordPress Management without the SaaS", "slug": "mainwp", "affected_versions": { "* - 2.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71d63f0d-ce01-489e-bcc4-7632f1a4bb04?source=api-scan" ], "published": "2015-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71d657d4-b326-4655-808a-913bbc9a8d1d": { "id": "71d657d4-b326-4655-808a-913bbc9a8d1d", "title": "Event List < 0.7.9 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Event List", "slug": "event-list", "affected_versions": { "[*, 0.7.9)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71d657d4-b326-4655-808a-913bbc9a8d1d?source=api-scan" ], "published": "2017-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71d8a8cf-4653-4515-95ce-8d71697e189c": { "id": "71d8a8cf-4653-4515-95ce-8d71697e189c", "title": "The Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71d8a8cf-4653-4515-95ce-8d71697e189c?source=api-scan" ], "published": "2024-08-19 14:59:59", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71d916aa-5382-495b-8142-80de0a0912e7": { "id": "71d916aa-5382-495b-8142-80de0a0912e7", "title": "Themify Portfolio Post <= 1.1.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Portfolio Post", "slug": "themify-portfolio-post", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71d916aa-5382-495b-8142-80de0a0912e7?source=api-scan" ], "published": "2020-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71da4bd0-79d7-42ec-9e79-3a44411c2313": { "id": "71da4bd0-79d7-42ec-9e79-3a44411c2313", "title": "Add Subtitle <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Subtitle", "slug": "add-subtitle", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71da4bd0-79d7-42ec-9e79-3a44411c2313?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71dd864f-1975-4cee-be26-0cdb0d54be95": { "id": "71dd864f-1975-4cee-be26-0cdb0d54be95", "title": "Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Verge3D Publishing and E-Commerce", "slug": "verge3d", "affected_versions": { "* - 4.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71dd864f-1975-4cee-be26-0cdb0d54be95?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71df1c9a-b4fa-47c7-93c7-f2cb09fad3ab": { "id": "71df1c9a-b4fa-47c7-93c7-f2cb09fad3ab", "title": "Donations <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donations", "slug": "nd-donations", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71df1c9a-b4fa-47c7-93c7-f2cb09fad3ab?source=api-scan" ], "published": "2022-05-13 14:27:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71e2db7c-53a7-4b17-b00a-ce71a00bf546": { "id": "71e2db7c-53a7-4b17-b00a-ce71a00bf546", "title": "Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass", "software": [ { "type": "plugin", "name": "Ultimate Addons for Elementor", "slug": "ultimate-elementor", "affected_versions": { "[*, 1.24.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.24.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71e2db7c-53a7-4b17-b00a-ce71a00bf546?source=api-scan" ], "published": "2020-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71e55161-f5ad-44e5-8a61-ce48c05e6dba": { "id": "71e55161-f5ad-44e5-8a61-ce48c05e6dba", "title": "Media File Renamer <= 5.6.9 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Media File Renamer: Rename for better SEO (AI-Powered)", "slug": "media-file-renamer", "affected_versions": { "* - 5.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71e55161-f5ad-44e5-8a61-ce48c05e6dba?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71e951af-cb01-4c72-b113-e89539d29a4f": { "id": "71e951af-cb01-4c72-b113-e89539d29a4f", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71e951af-cb01-4c72-b113-e89539d29a4f?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71eeddf4-5693-41bc-93ad-3c93dafdd3bc": { "id": "71eeddf4-5693-41bc-93ad-3c93dafdd3bc", "title": "Webico Slider Flatsome Addons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode", "software": [ { "type": "plugin", "name": "Webico Slider Flatsome Addons", "slug": "webico-slider-flatsome-addons", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71eeddf4-5693-41bc-93ad-3c93dafdd3bc?source=api-scan" ], "published": "2024-07-08 19:37:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71f059ba-1874-4e8a-80e9-3f7826f9341d": { "id": "71f059ba-1874-4e8a-80e9-3f7826f9341d", "title": "Simply Schedule Appointments <= 1.5.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.5.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71f059ba-1874-4e8a-80e9-3f7826f9341d?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71f58781-3fb3-4eba-8e5a-f98f006f4607": { "id": "71f58781-3fb3-4eba-8e5a-f98f006f4607", "title": "WP Google Map Plugin <= 4.4.2 - Cross-Site Request Forgery via delete()", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71f58781-3fb3-4eba-8e5a-f98f006f4607?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71f7733a-1350-4e22-98d8-28be401aee69": { "id": "71f7733a-1350-4e22-98d8-28be401aee69", "title": "Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cleverwise Daily Quotes", "slug": "cleverwise-daily-quotes", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71f7733a-1350-4e22-98d8-28be401aee69?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71fb1cef-6e01-4bd7-b0bc-5d21295f119a": { "id": "71fb1cef-6e01-4bd7-b0bc-5d21295f119a", "title": "ProfileGrid <= 5.6.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71fb1cef-6e01-4bd7-b0bc-5d21295f119a?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71fb90b6-a484-4a70-a9dc-795cbf2e275e": { "id": "71fb90b6-a484-4a70-a9dc-795cbf2e275e", "title": "Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Order Delivery Date for WP e-Commerce", "slug": "order-delivery-date", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=api-scan" ], "published": "2024-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71fe1729-4bb5-4b95-9183-b4d793bcfd72": { "id": "71fe1729-4bb5-4b95-9183-b4d793bcfd72", "title": "WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 1.10.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71fe1729-4bb5-4b95-9183-b4d793bcfd72?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "71fe2687-0dc9-4c56-91a4-447420818cca": { "id": "71fe2687-0dc9-4c56-91a4-447420818cca", "title": "WordPress Core < 5.4.1 - Password Reset Link Non-Expiration", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.32": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.32", "to_inclusive": true }, "3.8 - 3.8.32": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.32", "to_inclusive": true }, "3.9 - 3.9.30": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.30", "to_inclusive": true }, "4.0 - 4.0.29": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.29", "to_inclusive": true }, "4.1 - 4.1.29": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.29", "to_inclusive": true }, "4.2 - 4.2.26": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.26", "to_inclusive": true }, "4.3 - 4.3.22": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.22", "to_inclusive": true }, "4.4 - 4.4.21": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.21", "to_inclusive": true }, "4.5 - 4.5.20": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.20", "to_inclusive": true }, "4.6 - 4.6.17": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.17", "to_inclusive": true }, "4.7 - 4.7.16": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.16", "to_inclusive": true }, "4.8 - 4.8.12": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.12", "to_inclusive": true }, "4.9 - 4.9.13": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true }, "5.0 - 5.0.8": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true }, "5.1 - 5.1.4": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true }, "5.2 - 5.2.5": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true }, "5.3 - 5.3.2": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true }, "5.4": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.33", "3.8.33", "3.9.31", "4.0.30", "4.1.30", "4.2.27", "4.3.23", "4.4.22", "4.5.21", "4.6.18", "4.7.17", "4.8.13", "4.9.14", "5.0.9", "5.1.5", "5.2.6", "5.3.3", "5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/71fe2687-0dc9-4c56-91a4-447420818cca?source=api-scan" ], "published": "2020-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7202c0f7-cde7-4588-95f4-367d91f2eb67": { "id": "7202c0f7-cde7-4588-95f4-367d91f2eb67", "title": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters <= 10.15 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters", "slug": "subscribe2", "affected_versions": { "[*, 10.16)": { "from_version": "*", "from_inclusive": true, "to_version": "10.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "10.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7202c0f7-cde7-4588-95f4-367d91f2eb67?source=api-scan" ], "published": "2014-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72094f97-c1cc-48df-9c88-1352e6d6e67e": { "id": "72094f97-c1cc-48df-9c88-1352e6d6e67e", "title": "Jetpack <= 3.7.1 - Information disclosure", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72094f97-c1cc-48df-9c88-1352e6d6e67e?source=api-scan" ], "published": "2015-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "720a3525-01dd-4cfd-9403-2bc3f87df618": { "id": "720a3525-01dd-4cfd-9403-2bc3f87df618", "title": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", "slug": "gamipress", "affected_versions": { "* - 6.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/720a3525-01dd-4cfd-9403-2bc3f87df618?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "720d1d50-06ae-4b47-ac64-115c00d81223": { "id": "720d1d50-06ae-4b47-ac64-115c00d81223", "title": "Estatik Real Estate Plugin <= 4.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Estatik Real Estate Plugin", "slug": "estatik", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/720d1d50-06ae-4b47-ac64-115c00d81223?source=api-scan" ], "published": "2024-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72113d42-1a93-4979-849b-ba8038231417": { "id": "72113d42-1a93-4979-849b-ba8038231417", "title": "Easy Call With Twilio <= 1.0.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Call With Twilio", "slug": "twl-easy-call", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72113d42-1a93-4979-849b-ba8038231417?source=api-scan" ], "published": "2022-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "721f7c9e-34f3-4c41-992d-df35b56f95cd": { "id": "721f7c9e-34f3-4c41-992d-df35b56f95cd", "title": "Count per Day < 3.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "[*, 3.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/721f7c9e-34f3-4c41-992d-df35b56f95cd?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "721f8943-5d59-41ee-935e-999dff2e590d": { "id": "721f8943-5d59-41ee-935e-999dff2e590d", "title": "Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests", "slug": "giveasap", "affected_versions": { "* - 2.46.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.46.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.46.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/721f8943-5d59-41ee-935e-999dff2e590d?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72256ac2-72a7-4c3c-a892-1f1795671c5d": { "id": "72256ac2-72a7-4c3c-a892-1f1795671c5d", "title": "Vimeotheque <= 2.2.1 - Reflected Cross-Site Scripting via 'view' and 'page'", "software": [ { "type": "plugin", "name": "Vimeotheque: Vimeo WordPress Plugin", "slug": "codeflavors-vimeo-video-post-lite", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72256ac2-72a7-4c3c-a892-1f1795671c5d?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "722956ec-d2f5-42ad-bb95-776ad620d788": { "id": "722956ec-d2f5-42ad-bb95-776ad620d788", "title": "Grid Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Grid Shortcodes", "slug": "grid-shortcodes", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/722956ec-d2f5-42ad-bb95-776ad620d788?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "722aae99-fcfb-4234-9245-5db57aaa03c5": { "id": "722aae99-fcfb-4234-9245-5db57aaa03c5", "title": "Meks Smart Social Widget <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meks Smart Social Widget", "slug": "meks-smart-social-widget", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/722aae99-fcfb-4234-9245-5db57aaa03c5?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "722c35e5-4084-46a4-a3d4-c73f8e7a1882": { "id": "722c35e5-4084-46a4-a3d4-c73f8e7a1882", "title": "Rencontre \u2013 Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "* - 3.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/722c35e5-4084-46a4-a3d4-c73f8e7a1882?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "722d3a5e-40dc-4153-b8ce-4a94ae391896": { "id": "722d3a5e-40dc-4153-b8ce-4a94ae391896", "title": "CityBook <= 2.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "CityBook - Directory & Listing WordPress Theme", "slug": "citybook", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/722d3a5e-40dc-4153-b8ce-4a94ae391896?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7234d4b9-a575-428a-9d08-2dc62ba41c30": { "id": "7234d4b9-a575-428a-9d08-2dc62ba41c30", "title": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7234d4b9-a575-428a-9d08-2dc62ba41c30?source=api-scan" ], "published": "2024-05-29 14:39:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "723ed5c7-041f-4e03-83ad-43438e3265a1": { "id": "723ed5c7-041f-4e03-83ad-43438e3265a1", "title": "Logo Slider <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Slider \u2013 Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin", "slug": "logo-slider-wp", "affected_versions": { "* - 3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/723ed5c7-041f-4e03-83ad-43438e3265a1?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7242d808-9c33-4b3f-bda6-b4b72ca37de9": { "id": "7242d808-9c33-4b3f-bda6-b4b72ca37de9", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7242d808-9c33-4b3f-bda6-b4b72ca37de9?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "724a1790-811a-4ec5-a664-a22e6b72fba1": { "id": "724a1790-811a-4ec5-a664-a22e6b72fba1", "title": "WP-FormAssembly <= 2.0.5 - Authenticated (Contributor+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "WP-FormAssembly", "slug": "formassembly-web-forms", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/724a1790-811a-4ec5-a664-a22e6b72fba1?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "724a7579-74c6-46b2-b1b4-a92e980aaa83": { "id": "724a7579-74c6-46b2-b1b4-a92e980aaa83", "title": "Custom 404 Pro <= 3.11.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "* - 3.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/724a7579-74c6-46b2-b1b4-a92e980aaa83?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "724d8382-cef3-4584-a255-c2ecc7c986b3": { "id": "724d8382-cef3-4584-a255-c2ecc7c986b3", "title": "Brooklyn <= 4.9.7.6 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "brooklyn", "slug": "brooklyn", "affected_versions": { "* - 4.9.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.7.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/724d8382-cef3-4584-a255-c2ecc7c986b3?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "724d8f79-f683-4b06-841d-a9104c87f3c6": { "id": "724d8f79-f683-4b06-841d-a9104c87f3c6", "title": "Track Geolocation Of Users Using Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Track Geolocation Of Users Using Contact Form 7", "slug": "track-geolocation-of-users-using-contact-form-7", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/724d8f79-f683-4b06-841d-a9104c87f3c6?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "724dead7-0e4a-420d-a5a3-fca578451211": { "id": "724dead7-0e4a-420d-a5a3-fca578451211", "title": "Simple Social Media Share Buttons <= 3.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Social Media Share Buttons \u2013 Social Sharing for Everyone", "slug": "simple-social-buttons", "affected_versions": { "[*, 3.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/724dead7-0e4a-420d-a5a3-fca578451211?source=api-scan" ], "published": "2020-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72505ab0-8545-4735-af15-e8794d0ac9c9": { "id": "72505ab0-8545-4735-af15-e8794d0ac9c9", "title": "All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 4.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72505ab0-8545-4735-af15-e8794d0ac9c9?source=api-scan" ], "published": "2016-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7250da0a-1ac6-48a6-a480-0721d604add3": { "id": "7250da0a-1ac6-48a6-a480-0721d604add3", "title": "JobSearch <= 2.3.4 - Authentication Bypass to Account Takeover", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7250da0a-1ac6-48a6-a480-0721d604add3?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7252075f-9326-4f04-bdd9-b244609c9cd3": { "id": "7252075f-9326-4f04-bdd9-b244609c9cd3", "title": "Hitsteps Web Analytics <= 5.86 - Cross-Site Request Forgery via hst_optionpage", "software": [ { "type": "plugin", "name": "Hitsteps Web Analytics", "slug": "hitsteps-visitor-manager", "affected_versions": { "* - 5.86": { "from_version": "*", "from_inclusive": true, "to_version": "5.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.87" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7252075f-9326-4f04-bdd9-b244609c9cd3?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7255319c-8175-4885-8f94-3f46f9e577a6": { "id": "7255319c-8175-4885-8f94-3f46f9e577a6", "title": "Super Progressive Web Apps <= 2.2.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Super Progressive Web Apps", "slug": "super-progressive-web-apps", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7255319c-8175-4885-8f94-3f46f9e577a6?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "725bce1b-ec76-411d-928c-2aea47867292": { "id": "725bce1b-ec76-411d-928c-2aea47867292", "title": "Finale Lite <= 2.16.0 - Missing Authorization to Content Deletion", "software": [ { "type": "plugin", "name": "Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce", "slug": "finale-woocommerce-sales-countdown-timer-discount", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.17.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/725bce1b-ec76-411d-928c-2aea47867292?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72662a59-f41c-4df7-aa04-7243ff43c48d": { "id": "72662a59-f41c-4df7-aa04-7243ff43c48d", "title": "Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "Move Addons for Elementor", "slug": "move-addons", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72662a59-f41c-4df7-aa04-7243ff43c48d?source=api-scan" ], "published": "2024-05-20 20:45:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7267ede1-7745-47cc-ac0d-4362140b4c23": { "id": "7267ede1-7745-47cc-ac0d-4362140b4c23", "title": "miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7267ede1-7745-47cc-ac0d-4362140b4c23?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "726f5063-e904-4512-bbdc-305049219003": { "id": "726f5063-e904-4512-bbdc-305049219003", "title": "Order Export & Order Import for WooCommerce <= 2.4.9 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Order Export & Order Import for WooCommerce", "slug": "order-import-export-for-woocommerce", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/726f5063-e904-4512-bbdc-305049219003?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "727a0649-082f-46d0-8d6f-de53ee7fb18e": { "id": "727a0649-082f-46d0-8d6f-de53ee7fb18e", "title": "Zip Recipes <= 8.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Recipe Cards For Your Food Blog from Zip Recipes", "slug": "zip-recipes", "affected_versions": { "[*, 8.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/727a0649-082f-46d0-8d6f-de53ee7fb18e?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72800e9b-8e2c-4725-9a87-a9b187ad5967": { "id": "72800e9b-8e2c-4725-9a87-a9b187ad5967", "title": "CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "* - 15.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "15.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72800e9b-8e2c-4725-9a87-a9b187ad5967?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72835a3e-e842-4146-ae7d-4aea722de11f": { "id": "72835a3e-e842-4146-ae7d-4aea722de11f", "title": "Clio Grow <= 1.0.0 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Clio Grow", "slug": "clio-grow-form", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72835a3e-e842-4146-ae7d-4aea722de11f?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72880e44-b0e0-47f4-82f0-c36c81091ba8": { "id": "72880e44-b0e0-47f4-82f0-c36c81091ba8", "title": "Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options", "software": [ { "type": "plugin", "name": "Easy PayPal Gift Certificate", "slug": "paypal-gift-certificate", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72880e44-b0e0-47f4-82f0-c36c81091ba8?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "728cec6e-a246-4e2c-a906-750518bae0a4": { "id": "728cec6e-a246-4e2c-a906-750518bae0a4", "title": "Fathom Analytics <= 3.0.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fathom Analytics for WP", "slug": "fathom-analytics", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/728cec6e-a246-4e2c-a906-750518bae0a4?source=api-scan" ], "published": "2021-12-08 13:23:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72934d2f-fd52-46d1-8cf9-9a20968899f7": { "id": "72934d2f-fd52-46d1-8cf9-9a20968899f7", "title": "Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72934d2f-fd52-46d1-8cf9-9a20968899f7?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72a06690-f40a-472b-b9d1-985a49b914b3": { "id": "72a06690-f40a-472b-b9d1-985a49b914b3", "title": "WPCS \u2013 WordPress Currency Switcher Professional <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPCS \u2013 WordPress Currency Switcher Professional", "slug": "currency-switcher", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72a06690-f40a-472b-b9d1-985a49b914b3?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72a0df23-38cd-4926-9099-8eb652e05a15": { "id": "72a0df23-38cd-4926-9099-8eb652e05a15", "title": "Variation Swatches for WooCommerce <= 2.3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Variation Swatches for WooCommerce", "slug": "woo-product-variation-swatches", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72a0df23-38cd-4926-9099-8eb652e05a15?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72a2449c-4292-45e6-bfe8-106f8043fcad": { "id": "72a2449c-4292-45e6-bfe8-106f8043fcad", "title": "vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "vSlider Multi Image Slider for WordPress", "slug": "vslider", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72a2449c-4292-45e6-bfe8-106f8043fcad?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72a74483-e159-4c51-a9e0-4a128cbf72dd": { "id": "72a74483-e159-4c51-a9e0-4a128cbf72dd", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72a74483-e159-4c51-a9e0-4a128cbf72dd?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72aa362f-927d-427f-8de9-f5119d53497e": { "id": "72aa362f-927d-427f-8de9-f5119d53497e", "title": "WP Editor < 1.2.6 - Incorrect Permission Assignment or Protection", "software": [ { "type": "plugin", "name": "WP Editor", "slug": "wp-editor", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72aa362f-927d-427f-8de9-f5119d53497e?source=api-scan" ], "published": "2021-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72aa9128-eecb-4090-ab9e-e5fbbfc1fb5c": { "id": "72aa9128-eecb-4090-ab9e-e5fbbfc1fb5c", "title": "WPQA - Builder forms Addon For WordPress plugin <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "* - 6.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72aa9128-eecb-4090-ab9e-e5fbbfc1fb5c?source=api-scan" ], "published": "2024-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72b14197-560a-4dc2-9c23-a250f51dc51e": { "id": "72b14197-560a-4dc2-9c23-a250f51dc51e", "title": "WordPress Core < 4.9.1 - Cross-domain Flash injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.24": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.24", "to_inclusive": true }, "3.8 - 3.8.24": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.24", "to_inclusive": true }, "3.9 - 3.9.23": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.23", "to_inclusive": true }, "4.0 - 4.0.21": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.21", "to_inclusive": true }, "4.1 - 4.1.21": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.21", "to_inclusive": true }, "4.2 - 4.2.18": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.18", "to_inclusive": true }, "4.3 - 4.3.14": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.14", "to_inclusive": true }, "4.4 - 4.4.13": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.13", "to_inclusive": true }, "4.5 - 4.5.12": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.12", "to_inclusive": true }, "4.6 - 4.6.9": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true }, "4.7 - 4.7.8": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.8", "to_inclusive": true }, "4.8 - 4.8.4": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": true }, "4.9 - 4.9.1": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.25", "3.8.25", "3.9.24", "4.0.22", "4.1.22", "4.2.19", "4.3.15", "4.4.14", "4.5.13", "4.6.10", "4.7.9", "4.8.5", "4.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72b14197-560a-4dc2-9c23-a250f51dc51e?source=api-scan" ], "published": "2017-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72b4f6bb-59dd-453c-b089-4777dcefb11f": { "id": "72b4f6bb-59dd-453c-b089-4777dcefb11f", "title": "FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "* - 3.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72b4f6bb-59dd-453c-b089-4777dcefb11f?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72b4fe0f-13cd-4580-9010-1a3e66000251": { "id": "72b4fe0f-13cd-4580-9010-1a3e66000251", "title": "HTML2WP <= 1.0.0 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "HTML2WP", "slug": "html2wp", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72b4fe0f-13cd-4580-9010-1a3e66000251?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72bcfd2a-6803-4073-8fa9-62bcf0a10571": { "id": "72bcfd2a-6803-4073-8fa9-62bcf0a10571", "title": "SVG Support <= 2.5.7 - Authenticated (Author+) Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "SVG Support", "slug": "svg-support", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72bcfd2a-6803-4073-8fa9-62bcf0a10571?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72bdc81e-1a9d-4dd8-93a5-fb1026d6a2d9": { "id": "72bdc81e-1a9d-4dd8-93a5-fb1026d6a2d9", "title": "Betheme <= 27.1.1 - Missing Authorization", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 27.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "27.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "27.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72bdc81e-1a9d-4dd8-93a5-fb1026d6a2d9?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72be8df6-7489-4214-af6e-d1d95f79fd8f": { "id": "72be8df6-7489-4214-af6e-d1d95f79fd8f", "title": "SchedulePress <= 5.0.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "SchedulePress \u2013 Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher", "slug": "wp-scheduled-posts", "affected_versions": { "* - 5.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72be8df6-7489-4214-af6e-d1d95f79fd8f?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72c04de6-78d2-4a45-834a-01ed879b528f": { "id": "72c04de6-78d2-4a45-834a-01ed879b528f", "title": "Visibility Logic for Elementor <= 2.3.4 - Missing Authorization via admin_post 'toggle_option'", "software": [ { "type": "plugin", "name": "Visibility Logic for Elementor", "slug": "visibility-logic-elementor", "affected_versions": { "[*, 2.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72c04de6-78d2-4a45-834a-01ed879b528f?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72c0fc66-44c7-4657-878a-e5109178e8e3": { "id": "72c0fc66-44c7-4657-878a-e5109178e8e3", "title": "Visual Composer Starter <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Visual Composer Starter", "slug": "visual-composer-starter", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72c0fc66-44c7-4657-878a-e5109178e8e3?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72c16a66-05fa-4d47-937d-415f18cec0ab": { "id": "72c16a66-05fa-4d47-937d-415f18cec0ab", "title": "WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Time Slots Booking Form", "slug": "wp-time-slots-booking-form", "affected_versions": { "* - 1.1.81": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.81", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.82" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72c16a66-05fa-4d47-937d-415f18cec0ab?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72c2a5d4-f201-4cc8-ac49-cde1160ca468": { "id": "72c2a5d4-f201-4cc8-ac49-cde1160ca468", "title": "Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter", "software": [ { "type": "plugin", "name": "Boostify Header Footer Builder for Elementor", "slug": "boostify-header-footer-builder", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72c2a5d4-f201-4cc8-ac49-cde1160ca468?source=api-scan" ], "published": "2024-06-04 18:59:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72c5d1b1-00bf-4352-b885-a8a7875c2bc6": { "id": "72c5d1b1-00bf-4352-b885-a8a7875c2bc6", "title": "MonsterInsights Pro <= 8.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "google-analytics-premium", "slug": "google-analytics-premium", "affected_versions": { "* - 8.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.14.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72c5d1b1-00bf-4352-b885-a8a7875c2bc6?source=api-scan" ], "published": "2023-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72c5fd31-f457-494a-a160-1f64366e3e63": { "id": "72c5fd31-f457-494a-a160-1f64366e3e63", "title": "Pondol Form to Mail <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pondol Form to Mail", "slug": "pondol-formmail", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72c5fd31-f457-494a-a160-1f64366e3e63?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72c8be2b-b52a-47e5-91f7-aac1e89e00f3": { "id": "72c8be2b-b52a-47e5-91f7-aac1e89e00f3", "title": "Falang multilanguage <= 1.3.51 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Falang multilanguage for WordPress", "slug": "falang", "affected_versions": { "* - 1.3.51": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72c8be2b-b52a-47e5-91f7-aac1e89e00f3?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72d18504-7b12-43f0-b2ea-40dbc25912c4": { "id": "72d18504-7b12-43f0-b2ea-40dbc25912c4", "title": "\u591a\u5408\u4e00\u641c\u7d22\u81ea\u52a8\u63a8\u9001\u7ba1\u7406\u63d2\u4ef6-\u652f\u6301Baidu\/Google\/Bing\/IndexNow\/Yandex\/\u5934\u6761 <= 4.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "\u591a\u5408\u4e00\u641c\u7d22\u81ea\u52a8\u63a8\u9001\u7ba1\u7406\u63d2\u4ef6-\u652f\u6301Baidu\/Google\/Bing\/IndexNow\/Yandex\/\u5934\u6761", "slug": "baidu-submit-link", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72d18504-7b12-43f0-b2ea-40dbc25912c4?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72d33132-aba7-4e97-90c6-359298b1c06e": { "id": "72d33132-aba7-4e97-90c6-359298b1c06e", "title": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 6.61 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "* - 6.61": { "from_version": "*", "from_inclusive": true, "to_version": "6.61", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72d33132-aba7-4e97-90c6-359298b1c06e?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72d9efad-9afd-4d7a-a1dd-7623a9e5a7db": { "id": "72d9efad-9afd-4d7a-a1dd-7623a9e5a7db", "title": "Sell Downloads <= 1.0.1 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "Sell Downloads", "slug": "sell-downloads", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72d9efad-9afd-4d7a-a1dd-7623a9e5a7db?source=api-scan" ], "published": "2014-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72daa533-8b17-420c-9b51-b5f72da2726c": { "id": "72daa533-8b17-420c-9b51-b5f72da2726c", "title": "Widget Responsive for Youtube <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Widget Responsive for Youtube", "slug": "youtube-widget-responsive", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72daa533-8b17-420c-9b51-b5f72da2726c?source=api-scan" ], "published": "2023-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72e1482c-0f55-4f43-8590-d4f2758f0eea": { "id": "72e1482c-0f55-4f43-8590-d4f2758f0eea", "title": "Infogram <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Infogram \u2013 Add charts, maps and infographics", "slug": "infogram", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72e1482c-0f55-4f43-8590-d4f2758f0eea?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72e1fbce-86ae-4518-a613-7c322193acf4": { "id": "72e1fbce-86ae-4518-a613-7c322193acf4", "title": "Friends <= 2.8.5 - Authenticated (Admin+) Blind Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Friends", "slug": "friends", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72e1fbce-86ae-4518-a613-7c322193acf4?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72e4428b-d2cd-471f-9821-947f4601fd64": { "id": "72e4428b-d2cd-471f-9821-947f4601fd64", "title": "Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72e4428b-d2cd-471f-9821-947f4601fd64?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72e7dbe0-0e48-4511-9e35-77af7d3d13e5": { "id": "72e7dbe0-0e48-4511-9e35-77af7d3d13e5", "title": "Contact Form Clean and Simple < 4.4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Clean and Simple", "slug": "clean-and-simple-contact-form-by-meg-nicholas", "affected_versions": { "[*, 4.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72e7dbe0-0e48-4511-9e35-77af7d3d13e5?source=api-scan" ], "published": "2014-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72eb1cd3-47cb-4d9b-9bfd-87fef7859974": { "id": "72eb1cd3-47cb-4d9b-9bfd-87fef7859974", "title": "Meks ThemeForest Smart Widget <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meks ThemeForest Smart Widget", "slug": "meks-themeforest-smart-widget", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72eb1cd3-47cb-4d9b-9bfd-87fef7859974?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72ed9cba-fe5c-4cee-9e1b-c3edde2521ca": { "id": "72ed9cba-fe5c-4cee-9e1b-c3edde2521ca", "title": "WP Support Plus Responsive Ticket System <= 9.0.2 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "* - 9.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72ed9cba-fe5c-4cee-9e1b-c3edde2521ca?source=api-scan" ], "published": "2018-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72eda38d-34e9-4a0e-a760-a9b991e590de": { "id": "72eda38d-34e9-4a0e-a760-a9b991e590de", "title": "Starter Templates by Kadence WP <= 1.2.16 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "AI Powered Starter Templates by Kadence WP", "slug": "kadence-starter-templates", "affected_versions": { "* - 1.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72eda38d-34e9-4a0e-a760-a9b991e590de?source=api-scan" ], "published": "2022-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72f1ffe1-d8af-4aa2-bc58-5f1cd4eaa856": { "id": "72f1ffe1-d8af-4aa2-bc58-5f1cd4eaa856", "title": "Happyforms <= 1.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks", "software": [ { "type": "plugin", "name": "Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms", "slug": "happyforms", "affected_versions": { "* - 1.21.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72f1ffe1-d8af-4aa2-bc58-5f1cd4eaa856?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72f3541e-e589-4f21-ab51-89dba704b271": { "id": "72f3541e-e589-4f21-ab51-89dba704b271", "title": "Realteo < 1.2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Realteo", "slug": "findeo", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72f3541e-e589-4f21-ab51-89dba704b271?source=api-scan" ], "published": "2021-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72f3925d-6b3a-43bf-bfd1-fef7e71d5e43": { "id": "72f3925d-6b3a-43bf-bfd1-fef7e71d5e43", "title": "WP Photo Album Plus <= 8.5.02.005 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.5.02.005": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.02.005", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.01.005" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72f3925d-6b3a-43bf-bfd1-fef7e71d5e43?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72fa6b56-dfbf-4c27-a6f3-418d1ab5dc0f": { "id": "72fa6b56-dfbf-4c27-a6f3-418d1ab5dc0f", "title": "Lara Google Analytics <= 2.0.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lara's Google Analytics (GA4)", "slug": "lara-google-analytics", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72fa6b56-dfbf-4c27-a6f3-418d1ab5dc0f?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "72fadfa8-4b53-4661-8b6c-69cdb79d3fd7": { "id": "72fadfa8-4b53-4661-8b6c-69cdb79d3fd7", "title": "Customizer Export\/Import <= 0.9.4 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Customizer Export\/Import", "slug": "customizer-export-import", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/72fadfa8-4b53-4661-8b6c-69cdb79d3fd7?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73017e92-d95e-4b9c-a44a-779b498f58b7": { "id": "73017e92-d95e-4b9c-a44a-779b498f58b7", "title": "WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection", "software": [ { "type": "theme", "name": "Woodmart", "slug": "woodmart", "affected_versions": { "* - 7.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73017e92-d95e-4b9c-a44a-779b498f58b7?source=api-scan" ], "published": "2023-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "730a3cde-bcbd-4d60-80bb-3944cc5386e5": { "id": "730a3cde-bcbd-4d60-80bb-3944cc5386e5", "title": "SAM Pro (Free Edition) < 1.9.7.69 & Simple Ads Manager <= 2.10.0.130 & SAM Pro Lite < 1.9.0.53 - Local\/Remote File Inclusion", "software": [ { "type": "plugin", "name": "Simple Ads Manager", "slug": "simple-ads-manager", "affected_versions": { "* - 2.10.0.130": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.0.130", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "SAM Pro Lite", "slug": "sam-pro-lite", "affected_versions": { "[*, 1.9.0.53)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0.53", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.0.53" ] }, { "type": "plugin", "name": "SAM Pro (Free Edition)", "slug": "sam-pro-free", "affected_versions": { "[*, 1.9.7.69)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7.69", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.7.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/730a3cde-bcbd-4d60-80bb-3944cc5386e5?source=api-scan" ], "published": "2016-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "730dac2b-edc2-4bfc-a1c5-ffeba71308ad": { "id": "730dac2b-edc2-4bfc-a1c5-ffeba71308ad", "title": "Popular Posts by BestWebSoft < 1.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popular Posts by BestWebSoft", "slug": "bws-popular-posts", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/730dac2b-edc2-4bfc-a1c5-ffeba71308ad?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73115c27-86f1-4421-9fe5-bf5d8cf54d9f": { "id": "73115c27-86f1-4421-9fe5-bf5d8cf54d9f", "title": "WPLocalPlaces (Unknown Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "WPLocalPlaces", "slug": "wplocalplaces", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73115c27-86f1-4421-9fe5-bf5d8cf54d9f?source=api-scan" ], "published": "2013-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73163743-2bff-459d-bed9-593f6ce837fa": { "id": "73163743-2bff-459d-bed9-593f6ce837fa", "title": "WordPress Core < 3.1.3 - Username Enumeration", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73163743-2bff-459d-bed9-593f6ce837fa?source=api-scan" ], "published": "2011-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7317d716-39e0-40d6-92a8-e59bd8470e5d": { "id": "7317d716-39e0-40d6-92a8-e59bd8470e5d", "title": "Form Maker by 10Web <= 1.12.21 - CSV Injection", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "[*, 1.12.22)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7317d716-39e0-40d6-92a8-e59bd8470e5d?source=api-scan" ], "published": "2018-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7317ecf5-d43d-4080-ad2a-7644764dd41e": { "id": "7317ecf5-d43d-4080-ad2a-7644764dd41e", "title": "Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7317ecf5-d43d-4080-ad2a-7644764dd41e?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7319293e-f921-46d1-aea6-2578d1a251a7": { "id": "7319293e-f921-46d1-aea6-2578d1a251a7", "title": "avalex \u2013 Automatisch sichere Rechtstexte <= 3.0.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "avalex \u2013 Automatisch sichere Rechtstexte", "slug": "avalex", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7319293e-f921-46d1-aea6-2578d1a251a7?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "731cbeed-d4aa-448f-878a-8c51a3da4e18": { "id": "731cbeed-d4aa-448f-878a-8c51a3da4e18", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.2.10 - Missing Authorization to Account Logout", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/731cbeed-d4aa-448f-878a-8c51a3da4e18?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73232bff-b11a-4580-8cde-5bf085ba749c": { "id": "73232bff-b11a-4580-8cde-5bf085ba749c", "title": "WP Chat App <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Chat App", "slug": "wp-whatsapp", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73232bff-b11a-4580-8cde-5bf085ba749c?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73241750-cd21-4eee-9d43-8c5e26f9b9cf": { "id": "73241750-cd21-4eee-9d43-8c5e26f9b9cf", "title": "Events Manager <= 5.8.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.8.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73241750-cd21-4eee-9d43-8c5e26f9b9cf?source=api-scan" ], "published": "2018-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7327f439-0088-4ad8-898a-30740fc62d6e": { "id": "7327f439-0088-4ad8-898a-30740fc62d6e", "title": "Pixiv Custom < 2.1.6 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Pixiv Custom", "slug": "pixiv-custom", "affected_versions": { "[*, 2.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7327f439-0088-4ad8-898a-30740fc62d6e?source=api-scan" ], "published": "2011-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "732f6458-c39f-4e77-8ce6-68d74c67084a": { "id": "732f6458-c39f-4e77-8ce6-68d74c67084a", "title": "Call Now Accessibility Button <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Call Now Accessibility Button", "slug": "accessibility-help-button", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/732f6458-c39f-4e77-8ce6-68d74c67084a?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73323c62-c23f-4bf2-b266-df63db63d4d3": { "id": "73323c62-c23f-4bf2-b266-df63db63d4d3", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.3.1 - HTML Injection in Emails", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73323c62-c23f-4bf2-b266-df63db63d4d3?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7332fe2e-9bef-42b7-946e-4a2ee812ca26": { "id": "7332fe2e-9bef-42b7-946e-4a2ee812ca26", "title": "ERE Recently Viewed <= 1.3 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "ERE Recently Viewed \u2013 Essential Real Estate Add-On", "slug": "ere-recently-viewed", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7332fe2e-9bef-42b7-946e-4a2ee812ca26?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "733ae8c8-fa52-418d-b42e-75516906fb66": { "id": "733ae8c8-fa52-418d-b42e-75516906fb66", "title": "WP Super Cache <= 1.7.2 - Authenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "[*, 1.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/733ae8c8-fa52-418d-b42e-75516906fb66?source=api-scan" ], "published": "2021-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "733ddf62-278b-4a2d-9dc5-28db3491cb29": { "id": "733ddf62-278b-4a2d-9dc5-28db3491cb29", "title": "MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update", "software": [ { "type": "plugin", "name": "moveto", "slug": "moveto", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/733ddf62-278b-4a2d-9dc5-28db3491cb29?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "733f5ded-e8cb-4895-b938-889cea32f027": { "id": "733f5ded-e8cb-4895-b938-889cea32f027", "title": "Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget", "software": [ { "type": "plugin", "name": "Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )", "slug": "magical-addons-for-elementor", "affected_versions": { "* - 1.1.37": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/733f5ded-e8cb-4895-b938-889cea32f027?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73442cf9-615a-47a0-860e-fb8263ae65ee": { "id": "73442cf9-615a-47a0-860e-fb8263ae65ee", "title": "Custom Fields Search by BestWebSoft < 1.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Fields Search by BestWebSoft", "slug": "custom-fields-search", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73442cf9-615a-47a0-860e-fb8263ae65ee?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73445d8f-1f9c-4ba7-9e3c-3e6221f3b23e": { "id": "73445d8f-1f9c-4ba7-9e3c-3e6221f3b23e", "title": "Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Update", "software": [ { "type": "plugin", "name": "Bricksforge", "slug": "bricksforge", "affected_versions": { "* - 2.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73445d8f-1f9c-4ba7-9e3c-3e6221f3b23e?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7346eeba-904b-4cf9-9d10-33a33120aea4": { "id": "7346eeba-904b-4cf9-9d10-33a33120aea4", "title": "The Events Calendar: Eventbrite Tickets < 3.10.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Events Calendar: Eventbrite Tickets", "slug": "the-events-calendar-eventbrite-tickets", "affected_versions": { "[*, 3.10.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7346eeba-904b-4cf9-9d10-33a33120aea4?source=api-scan" ], "published": "2015-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73472066-8e5c-46a4-906d-f459a2ebf40d": { "id": "73472066-8e5c-46a4-906d-f459a2ebf40d", "title": "WP Voting Contest < 3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Voting Contest Lite", "slug": "wp-voting-contest", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73472066-8e5c-46a4-906d-f459a2ebf40d?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "734b6ae0-b2f6-4bad-a6d3-bef48fd8cdd0": { "id": "734b6ae0-b2f6-4bad-a6d3-bef48fd8cdd0", "title": "Events Manager <= 5.5.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/734b6ae0-b2f6-4bad-a6d3-bef48fd8cdd0?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73524687-7703-4912-aad5-2a31122ba9b2": { "id": "73524687-7703-4912-aad5-2a31122ba9b2", "title": "Popup Maker <= 1.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.19.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.19.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73524687-7703-4912-aad5-2a31122ba9b2?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7352ab6d-b582-4512-a9fa-4b42b78fa862": { "id": "7352ab6d-b582-4512-a9fa-4b42b78fa862", "title": "Icon Widget <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Icon Widget", "slug": "icon-widget", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7352ab6d-b582-4512-a9fa-4b42b78fa862?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "735d44ae-8072-48bb-a498-a0f130d1130b": { "id": "735d44ae-8072-48bb-a498-a0f130d1130b", "title": "Widget Bundle <= 2.0.0 - Cross-Site Request Forgery to Widget Disable\/Enable", "software": [ { "type": "plugin", "name": "Widget Bundle", "slug": "wp-widget-bundle", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/735d44ae-8072-48bb-a498-a0f130d1130b?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73600498-f55c-4b8e-a625-4f292e58e0ee": { "id": "73600498-f55c-4b8e-a625-4f292e58e0ee", "title": "UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73600498-f55c-4b8e-a625-4f292e58e0ee?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73643d45-9542-4372-a7a2-0a443819b8a2": { "id": "73643d45-9542-4372-a7a2-0a443819b8a2", "title": "404 Solution <= 2.33.0 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "404 Solution", "slug": "404-solution", "affected_versions": { "* - 2.33.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.33.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73643d45-9542-4372-a7a2-0a443819b8a2?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "736cb9a4-bd43-4aaa-a918-d15ca3ff4dbf": { "id": "736cb9a4-bd43-4aaa-a918-d15ca3ff4dbf", "title": "Ivory Search <= 5.4 - Multiple Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "* - 5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/736cb9a4-bd43-4aaa-a918-d15ca3ff4dbf?source=api-scan" ], "published": "2022-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "736d08ca-3f65-4232-96a9-303bafbf3471": { "id": "736d08ca-3f65-4232-96a9-303bafbf3471", "title": "Feed Them Social <= 3.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/736d08ca-3f65-4232-96a9-303bafbf3471?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "736e51d4-da1d-4252-a10f-d89eb6a68de4": { "id": "736e51d4-da1d-4252-a10f-d89eb6a68de4", "title": "IP2Location Country Blocker <= 2.26.4 - Subscriber+ Arbitrary Country Ban", "software": [ { "type": "plugin", "name": "IP2Location Country Blocker", "slug": "ip2location-country-blocker", "affected_versions": { "* - 2.26.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.26.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.26.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/736e51d4-da1d-4252-a10f-d89eb6a68de4?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7370e3c3-90e6-4698-88e7-baf56832528d": { "id": "7370e3c3-90e6-4698-88e7-baf56832528d", "title": "Plugin: Newsletter <= 1.5 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "Plugin: Newsletter", "slug": "plugin-newsletter", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7370e3c3-90e6-4698-88e7-baf56832528d?source=api-scan" ], "published": "2012-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73720e67-79e5-4b4c-8720-e28ad718b2b3": { "id": "73720e67-79e5-4b4c-8720-e28ad718b2b3", "title": "Ultimate Addons for Contact Form 7 <= 3.2.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ultimate Addons for Contact Form 7", "slug": "ultimate-addons-for-contact-form-7", "affected_versions": { "* - 3.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73720e67-79e5-4b4c-8720-e28ad718b2b3?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73776e0a-4d2a-44f9-97a2-f06055ce2c63": { "id": "73776e0a-4d2a-44f9-97a2-f06055ce2c63", "title": "TimThumb <= 2.8.13 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WordThumb", "slug": "wordthumb", "affected_versions": { "* - 1.07": { "from_version": "*", "from_inclusive": true, "to_version": "1.07", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "TimThumb", "slug": "timthumb", "affected_versions": { "* - 2.8.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73776e0a-4d2a-44f9-97a2-f06055ce2c63?source=api-scan" ], "published": "2014-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73837bb4-8af9-4455-93dc-522d64258014": { "id": "73837bb4-8af9-4455-93dc-522d64258014", "title": "BuddyPress Better Registration <= 1.6 - Authentication Bypass to Administrator", "software": [ { "type": "plugin", "name": "BuddyPress Better Registration", "slug": "better-bp-registration", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73837bb4-8af9-4455-93dc-522d64258014?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73878d57-dd94-41d7-a26a-47c8e6eac0fd": { "id": "73878d57-dd94-41d7-a26a-47c8e6eac0fd", "title": "Related Posts by Zemanta <= 1.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Related Posts by Zemanta", "slug": "related-posts-by-zemanta", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73878d57-dd94-41d7-a26a-47c8e6eac0fd?source=api-scan" ], "published": "2013-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "738a9651-974e-4861-be7a-2d9b191d582b": { "id": "738a9651-974e-4861-be7a-2d9b191d582b", "title": "Events Manager <= 5.8.1.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/738a9651-974e-4861-be7a-2d9b191d582b?source=api-scan" ], "published": "2018-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "738c6c77-97ef-4e47-9f14-9b73ea425bc2": { "id": "738c6c77-97ef-4e47-9f14-9b73ea425bc2", "title": "Coming Soon Page & Maintenance Mode <= 1.8.1 - Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Coming Soon Page & Maintenance Mode", "slug": "responsive-coming-soon", "affected_versions": { "[*, 1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/738c6c77-97ef-4e47-9f14-9b73ea425bc2?source=api-scan" ], "published": "2019-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "738e5946-65e4-4403-bb23-f84910289a45": { "id": "738e5946-65e4-4403-bb23-f84910289a45", "title": "ACF to REST API <= 3.2.0 - Insecure direct object reference via permalinks manipulation", "software": [ { "type": "plugin", "name": "ACF to REST API", "slug": "acf-to-rest-api", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/738e5946-65e4-4403-bb23-f84910289a45?source=api-scan" ], "published": "2020-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "738eb021-1166-4fbe-a502-2db12c6533c3": { "id": "738eb021-1166-4fbe-a502-2db12c6533c3", "title": "OSS Aliyun <= 1.4.10 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "OSS Aliyun", "slug": "oss-aliyun", "affected_versions": { "* - 1.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/738eb021-1166-4fbe-a502-2db12c6533c3?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7391dd8c-0170-48c6-8451-9e7a00e268d0": { "id": "7391dd8c-0170-48c6-8451-9e7a00e268d0", "title": "Aruba HiSpeed Cache <= 2.0.6 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Aruba HiSpeed Cache", "slug": "aruba-hispeed-cache", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7391dd8c-0170-48c6-8451-9e7a00e268d0?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7392fcb8-f125-4a1e-bb33-5614aeacb4cc": { "id": "7392fcb8-f125-4a1e-bb33-5614aeacb4cc", "title": "xPinner Lite <= 2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "xPinner Lite", "slug": "xpinner-lite", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7392fcb8-f125-4a1e-bb33-5614aeacb4cc?source=api-scan" ], "published": "2015-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7394be7e-9a1f-4c85-ac2d-cace39def330": { "id": "7394be7e-9a1f-4c85-ac2d-cace39def330", "title": "Location Picker at Checkout for WooCommerce <= 1.8.9 - Missing Authorization via checkout_map_rules_order_ajax_handler", "software": [ { "type": "plugin", "name": "Kikote \u2013 Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce", "slug": "map-location-picker-at-checkout-for-woocommerce", "affected_versions": { "* - 1.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7394be7e-9a1f-4c85-ac2d-cace39def330?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7394f468-b1d6-477e-9213-e01c74e2e504": { "id": "7394f468-b1d6-477e-9213-e01c74e2e504", "title": "WP Coder <= 3.5 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Coder \u2013 Code Snippets + HTML, CSS, JS and PHP Injection", "slug": "wp-coder", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7394f468-b1d6-477e-9213-e01c74e2e504?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7397898c-8d43-4399-9c2b-22f9287aa12d": { "id": "7397898c-8d43-4399-9c2b-22f9287aa12d", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2" ] }, { "type": "plugin", "name": "Complianz - GDPR\/CCPA Cookie Consent (Premium)", "slug": "complianz-gdpr-premium", "affected_versions": { "* - 6.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7397898c-8d43-4399-9c2b-22f9287aa12d?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73980a90-bb17-46e4-a0ea-691f80500fe3": { "id": "73980a90-bb17-46e4-a0ea-691f80500fe3", "title": "MainWP Dashboard <= 4.5.1.2 - Authenticated(Administrator+) CSS Injection", "software": [ { "type": "plugin", "name": "MainWP Dashboard: WordPress Management without the SaaS", "slug": "mainwp", "affected_versions": { "* - 4.5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73980a90-bb17-46e4-a0ea-691f80500fe3?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73986641-b3a4-438d-90ae-6ff0f6f73f01": { "id": "73986641-b3a4-438d-90ae-6ff0f6f73f01", "title": "WP TFeed <= 1.6.9 - Cross-Site Request Forgery via aptf_delete_cache", "software": [ { "type": "plugin", "name": "WP TFeed", "slug": "accesspress-twitter-feed", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73986641-b3a4-438d-90ae-6ff0f6f73f01?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73a049de-f4b2-4b87-a78b-62cd333853b8": { "id": "73a049de-f4b2-4b87-a78b-62cd333853b8", "title": "TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "TheCartPress eCommerce Shopping Cart", "slug": "thecartpress", "affected_versions": { "* - 1.5.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73a049de-f4b2-4b87-a78b-62cd333853b8?source=api-scan" ], "published": "2015-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73a0d7a9-374b-430d-a7e5-3c7cdaff5785": { "id": "73a0d7a9-374b-430d-a7e5-3c7cdaff5785", "title": "Login As Users <= 1.4.2 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Login As Users", "slug": "login-as-users", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73a0d7a9-374b-430d-a7e5-3c7cdaff5785?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73a1174d-fb5a-4cc0-ada0-dbf1e011619a": { "id": "73a1174d-fb5a-4cc0-ada0-dbf1e011619a", "title": "Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\u067e\u0644\u0627\u06af\u06cc\u0646 \u067e\u0631\u062f\u0627\u062e\u062a \u062f\u0644\u062e\u0648\u0627\u0647", "slug": "pardakht-delkhah", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73a1174d-fb5a-4cc0-ada0-dbf1e011619a?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73a15b12-20d5-4448-b69c-9a577ff907b9": { "id": "73a15b12-20d5-4448-b69c-9a577ff907b9", "title": "Contact Form by BestWebSoft <= 3.51 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "* - 3.51": { "from_version": "*", "from_inclusive": true, "to_version": "3.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73a15b12-20d5-4448-b69c-9a577ff907b9?source=api-scan" ], "published": "2013-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73a25208-81fe-4337-a344-1c129bd80862": { "id": "73a25208-81fe-4337-a344-1c129bd80862", "title": "Mynx Page Builder <= 0.27.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Mynx Page Builder", "slug": "mynx-page-builder", "affected_versions": { "* - 0.27.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.27.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73a25208-81fe-4337-a344-1c129bd80862?source=api-scan" ], "published": "2024-10-11 16:35:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73a83f2b-835b-44cd-9d09-1b4fba3e9c8b": { "id": "73a83f2b-835b-44cd-9d09-1b4fba3e9c8b", "title": "Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Active Products Tables for WooCommerce. Use constructor to create tables\u00a0", "slug": "profit-products-tables-for-woocommerce", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73a83f2b-835b-44cd-9d09-1b4fba3e9c8b?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73aa7b26-dbdf-4859-8fb9-f71dc734bb87": { "id": "73aa7b26-dbdf-4859-8fb9-f71dc734bb87", "title": "Cardoza AJAX Search < 1.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Cardoza AJAX Search", "slug": "cardoza-ajax-search", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73aa7b26-dbdf-4859-8fb9-f71dc734bb87?source=api-scan" ], "published": "2012-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73ab9f95-05cc-47fc-bfcb-1787f6f80789": { "id": "73ab9f95-05cc-47fc-bfcb-1787f6f80789", "title": "Read More & Accordion <= 3.2.6.1 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Read More & Accordion", "slug": "expand-maker", "affected_versions": { "* - 3.2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73ab9f95-05cc-47fc-bfcb-1787f6f80789?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73aebd68-4f36-4999-844c-f09b10462ef8": { "id": "73aebd68-4f36-4999-844c-f09b10462ef8", "title": "GamiPress \u2013 Vimeo integration <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GamiPress \u2013 Vimeo integration", "slug": "gamipress-vimeo-integration", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73aebd68-4f36-4999-844c-f09b10462ef8?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73b6b22a-4699-4307-8a03-148dd9e95d36": { "id": "73b6b22a-4699-4307-8a03-148dd9e95d36", "title": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "2.0 - 2.13.9": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.13.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73b6b22a-4699-4307-8a03-148dd9e95d36?source=api-scan" ], "published": "2024-08-19 15:01:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73b93a44-1d91-4755-ae48-73f74a6fe415": { "id": "73b93a44-1d91-4755-ae48-73f74a6fe415", "title": "Simple Social Media Share Buttons <= 3.2.2 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Social Media Share Buttons \u2013 Social Sharing for Everyone", "slug": "simple-social-buttons", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73b93a44-1d91-4755-ae48-73f74a6fe415?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73b99342-65ca-4f63-b1ea-638255821265": { "id": "73b99342-65ca-4f63-b1ea-638255821265", "title": "Popup by Supsystic <= 1.10.27 - Missing Authorization", "software": [ { "type": "plugin", "name": "Popup by Supsystic", "slug": "popup-by-supsystic", "affected_versions": { "* - 1.10.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73b99342-65ca-4f63-b1ea-638255821265?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73c3dfc7-58de-4b24-ad91-0f8040d1f75e": { "id": "73c3dfc7-58de-4b24-ad91-0f8040d1f75e", "title": "WP-Appbox <= 4.3.20 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Appbox", "slug": "wp-appbox", "affected_versions": { "* - 4.3.20": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73c3dfc7-58de-4b24-ad91-0f8040d1f75e?source=api-scan" ], "published": "2022-04-05 09:55:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73c6522a-cb95-4037-92e9-3dca0f52f538": { "id": "73c6522a-cb95-4037-92e9-3dca0f52f538", "title": "Cooked \u2013 Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery via cooked_get_recipe_ids", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.7.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73c6522a-cb95-4037-92e9-3dca0f52f538?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73ca6a08-b01f-4df6-89ab-32b917c92236": { "id": "73ca6a08-b01f-4df6-89ab-32b917c92236", "title": "RomethemeKit For Elementor <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RomethemeKit For Elementor", "slug": "rometheme-for-elementor", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73ca6a08-b01f-4df6-89ab-32b917c92236?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73cbb65e-b4e3-4374-9916-9a3d1be5a014": { "id": "73cbb65e-b4e3-4374-9916-9a3d1be5a014", "title": "Events Manager <= 6.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 6.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73cbb65e-b4e3-4374-9916-9a3d1be5a014?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73d3f73f-5407-4acf-ac65-1f7eadbaa58f": { "id": "73d3f73f-5407-4acf-ac65-1f7eadbaa58f", "title": "Marmoset Viewer < 1.9.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Marmoset Viewer", "slug": "marmoset-viewer", "affected_versions": { "[*, 1.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73d3f73f-5407-4acf-ac65-1f7eadbaa58f?source=api-scan" ], "published": "2021-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73d89f61-e34a-493b-a856-63f1553f3000": { "id": "73d89f61-e34a-493b-a856-63f1553f3000", "title": "Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Child Theme Generator", "slug": "child-theme-generator", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73d89f61-e34a-493b-a856-63f1553f3000?source=api-scan" ], "published": "2021-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73dd286e-5338-42d2-9928-1e14150ccf56": { "id": "73dd286e-5338-42d2-9928-1e14150ccf56", "title": "Button Generator \u2013 easily Button Builder <= 2.3.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Button Generator \u2013 easily Button Builder", "slug": "button-generation", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73dd286e-5338-42d2-9928-1e14150ccf56?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73e19ad5-97a9-4c0d-a350-eb556bf20772": { "id": "73e19ad5-97a9-4c0d-a350-eb556bf20772", "title": "Direct Checkout for WooCommerce \u2013 Skip Cart with Buy Buttons <= 1.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Direct Checkout for WooCommerce \u2013 Skip Cart with Buy Buttons", "slug": "direct-checkout-for-woocommerce", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73e19ad5-97a9-4c0d-a350-eb556bf20772?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73e2c5bd-c81d-48ee-a5fc-346dd820d0a4": { "id": "73e2c5bd-c81d-48ee-a5fc-346dd820d0a4", "title": "WP Helper Premium <= 4.5.1 - Cross-Site Request Forgery via whp_fields", "software": [ { "type": "plugin", "name": "WP Helper Premium", "slug": "wp-helper-lite", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73e2c5bd-c81d-48ee-a5fc-346dd820d0a4?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73e4b097-a33b-47c4-8899-f14e2858a1d0": { "id": "73e4b097-a33b-47c4-8899-f14e2858a1d0", "title": "WP Easy Gallery <= 2.7 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73e4b097-a33b-47c4-8899-f14e2858a1d0?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73e4ec2f-f4e1-469d-a4b7-5a10d44b7a2f": { "id": "73e4ec2f-f4e1-469d-a4b7-5a10d44b7a2f", "title": "Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73e4ec2f-f4e1-469d-a4b7-5a10d44b7a2f?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73ea7672-4e3f-4a26-a59e-043c2cd10a7a": { "id": "73ea7672-4e3f-4a26-a59e-043c2cd10a7a", "title": "Page Generator <= 1.7.1 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Page Generator", "slug": "page-generator", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73ea7672-4e3f-4a26-a59e-043c2cd10a7a?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73f12f22-c0a4-4010-9634-ce7308254028": { "id": "73f12f22-c0a4-4010-9634-ce7308254028", "title": "Amelia <= 1.0.46 - Stored Cross Site Scripting via lastName", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73f12f22-c0a4-4010-9634-ce7308254028?source=api-scan" ], "published": "2022-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73fae3a0-6987-45bf-a20e-4ea9c6f73924": { "id": "73fae3a0-6987-45bf-a20e-4ea9c6f73924", "title": "WebLibrarian < 3.4.8.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WebLibrarian", "slug": "weblibrarian", "affected_versions": { "[*, 3.4.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73fae3a0-6987-45bf-a20e-4ea9c6f73924?source=api-scan" ], "published": "2017-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73fca37e-c6cf-420c-b984-3ef89acf3216": { "id": "73fca37e-c6cf-420c-b984-3ef89acf3216", "title": "JetElements <= 2.6.10 - Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "JetElements", "slug": "jet-elements", "affected_versions": { "* - 2.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73fca37e-c6cf-420c-b984-3ef89acf3216?source=api-scan" ], "published": "2023-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "73fd35b4-16b3-4f57-a3e4-46e4de0ee822": { "id": "73fd35b4-16b3-4f57-a3e4-46e4de0ee822", "title": "Cookie Notice & Compliance for GDPR \/ CCPA <= 2.4.17.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Notice & Compliance for GDPR \/ CCPA", "slug": "cookie-notice", "affected_versions": { "* - 2.4.17.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.17.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/73fd35b4-16b3-4f57-a3e4-46e4de0ee822?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74089b16-76fa-4654-9007-3f0c2e894894": { "id": "74089b16-76fa-4654-9007-3f0c2e894894", "title": "Active Directory Integration \/ LDAP Integration <= 4.1.4 - Cross-Site Request Forgery to SQL Injection", "software": [ { "type": "plugin", "name": "Active Directory Integration \/ LDAP Integration", "slug": "ldap-login-for-intranet-sites", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74089b16-76fa-4654-9007-3f0c2e894894?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "741028c9-6021-4522-b7e5-b31f0c3a9f10": { "id": "741028c9-6021-4522-b7e5-b31f0c3a9f10", "title": "UserPro <= 4.9.34 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 4.9.34": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.35.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/741028c9-6021-4522-b7e5-b31f0c3a9f10?source=api-scan" ], "published": "2019-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7414779e-7241-4ab2-9b1f-34c3e1acc66b": { "id": "7414779e-7241-4ab2-9b1f-34c3e1acc66b", "title": "Doofinder for WooCommerce <= 1.5.49 - Unauthenticated Open Redirect", "software": [ { "type": "plugin", "name": "DOOFINDER Search and Discovery for WP & WooCommerce", "slug": "doofinder-for-woocommerce", "affected_versions": { "* - 1.5.49": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.49", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7414779e-7241-4ab2-9b1f-34c3e1acc66b?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74160271-b27d-49fe-9550-e3949ecad048": { "id": "74160271-b27d-49fe-9550-e3949ecad048", "title": "Bitly's WordPress Plugin <= 2.7.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Bitly's WordPress Plugin", "slug": "wp-bitly", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74160271-b27d-49fe-9550-e3949ecad048?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7416f5e2-5c59-4192-a87c-b3174fd84a01": { "id": "7416f5e2-5c59-4192-a87c-b3174fd84a01", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7416f5e2-5c59-4192-a87c-b3174fd84a01?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "741915a7-c88d-41e1-9347-1d5d6494d051": { "id": "741915a7-c88d-41e1-9347-1d5d6494d051", "title": "mTheme-Unus (All Versions) - Local File Inclusion", "software": [ { "type": "theme", "name": "mTheme-Unus", "slug": "mTheme-Unus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/741915a7-c88d-41e1-9347-1d5d6494d051?source=api-scan" ], "published": "2015-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "741ad2f5-d5cf-44bc-ac4a-7894df77a3d1": { "id": "741ad2f5-d5cf-44bc-ac4a-7894df77a3d1", "title": "Keep Backup Daily <= 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keep Backup Daily", "slug": "keep-backup-daily", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/741ad2f5-d5cf-44bc-ac4a-7894df77a3d1?source=api-scan" ], "published": "2022-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "741c479a-520b-46d7-b145-ffa8e6382788": { "id": "741c479a-520b-46d7-b145-ffa8e6382788", "title": "Responsive <= 5.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Responsive", "slug": "responsive", "affected_versions": { "* - 5.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/741c479a-520b-46d7-b145-ffa8e6382788?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "742acb6b-a799-4bb8-b4dc-f7359e7fdd4e": { "id": "742acb6b-a799-4bb8-b4dc-f7359e7fdd4e", "title": "iframe <= 4.4 - Authenticated Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "iframe", "slug": "iframe", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/742acb6b-a799-4bb8-b4dc-f7359e7fdd4e?source=api-scan" ], "published": "2020-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7431ee0f-f485-48a4-9cdd-8fb2ac43e216": { "id": "7431ee0f-f485-48a4-9cdd-8fb2ac43e216", "title": "Weaver Xtreme Theme Support <= 6.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Weaver Xtreme Theme Support", "slug": "weaverx-theme-support", "affected_versions": { "* - 6.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7431ee0f-f485-48a4-9cdd-8fb2ac43e216?source=api-scan" ], "published": "2023-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74386b2f-9686-4f55-be30-c02ea8fb12b0": { "id": "74386b2f-9686-4f55-be30-c02ea8fb12b0", "title": "LoginPress <= 1.1.15 - Authenticated SQL Injection via Settings Import", "software": [ { "type": "plugin", "name": "LoginPress | wp-login Custom Login Page Customizer", "slug": "loginpress", "affected_versions": { "[*, 1.1.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74386b2f-9686-4f55-be30-c02ea8fb12b0?source=api-scan" ], "published": "2018-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "743d7370-cf33-481c-8d0a-c6f969e38b42": { "id": "743d7370-cf33-481c-8d0a-c6f969e38b42", "title": "Email Before Download <= 3.4 - SQL Injection", "software": [ { "type": "plugin", "name": "Email Before Download", "slug": "email-before-download", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/743d7370-cf33-481c-8d0a-c6f969e38b42?source=api-scan" ], "published": "2015-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "743e40f6-dde3-4d8f-938e-b2a0dcdfb901": { "id": "743e40f6-dde3-4d8f-938e-b2a0dcdfb901", "title": "Build App Online <= 1.0.21 - Authentication Bypass via Header", "software": [ { "type": "plugin", "name": "Build App Online", "slug": "build-app-online", "affected_versions": { "* - 1.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/743e40f6-dde3-4d8f-938e-b2a0dcdfb901?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "743f6e8b-4694-4d6a-94db-093162ba94b3": { "id": "743f6e8b-4694-4d6a-94db-093162ba94b3", "title": "Shortcodes and extra features for Phlox theme <= 2.10.5 - PHP Objection Injection", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.10.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/743f6e8b-4694-4d6a-94db-093162ba94b3?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74403688-06a0-453f-ac44-bd731c389892": { "id": "74403688-06a0-453f-ac44-bd731c389892", "title": "JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "2.7.1": { "from_version": "2.7.1", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74403688-06a0-453f-ac44-bd731c389892?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "744310b2-ebe9-4dd5-8f18-6ba72c52dd61": { "id": "744310b2-ebe9-4dd5-8f18-6ba72c52dd61", "title": "WP Matterport Shortcode <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Matterport Shortcode", "slug": "shortcode-gallery-for-matterport-showcase", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/744310b2-ebe9-4dd5-8f18-6ba72c52dd61?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "744354bc-3663-40bd-b799-589cb0978b40": { "id": "744354bc-3663-40bd-b799-589cb0978b40", "title": "Timetable and Event Schedule by MotoPress <= 2.4.1 - Unauthorised Event TimeSlot Deletion", "software": [ { "type": "plugin", "name": "Timetable and Event Schedule by MotoPress", "slug": "mp-timetable", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/744354bc-3663-40bd-b799-589cb0978b40?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7446bf86-81fa-4f89-8773-44b993ae2f7c": { "id": "7446bf86-81fa-4f89-8773-44b993ae2f7c", "title": "WP Photo Album Plus <= 8.8.02.002 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.8.02.002": { "from_version": "*", "from_inclusive": true, "to_version": "8.8.02.002", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.8.02.003" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7446bf86-81fa-4f89-8773-44b993ae2f7c?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7447fc39-a517-4ba0-93d6-381a6eeb5b7b": { "id": "7447fc39-a517-4ba0-93d6-381a6eeb5b7b", "title": "NextGen Gallery <= 2.1.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7447fc39-a517-4ba0-93d6-381a6eeb5b7b?source=api-scan" ], "published": "2015-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7448983b-47ad-4a71-84a8-ee1f96b3f6cb": { "id": "7448983b-47ad-4a71-84a8-ee1f96b3f6cb", "title": "BulletProof Security < .47.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "[*, .47.1)": { "from_version": "*", "from_inclusive": true, "to_version": ".47.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ ".47.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7448983b-47ad-4a71-84a8-ee1f96b3f6cb?source=api-scan" ], "published": "2012-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7449ed1e-cc09-4b8b-8226-7cdc70be2b36": { "id": "7449ed1e-cc09-4b8b-8226-7cdc70be2b36", "title": "LearnPress <= 4.2.6.8.2 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7449ed1e-cc09-4b8b-8226-7cdc70be2b36?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74506798-a198-4ea8-8628-01ce4df27abe": { "id": "74506798-a198-4ea8-8628-01ce4df27abe", "title": "Secure Downloads <= 1.2.2 - Authenticated (Admin+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Secure Downloads", "slug": "secure-downloads", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74506798-a198-4ea8-8628-01ce4df27abe?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "745262f6-4f73-453e-b650-15115536f221": { "id": "745262f6-4f73-453e-b650-15115536f221", "title": "PowerPress Podcasting plugin by Blubrry <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 11.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "11.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/745262f6-4f73-453e-b650-15115536f221?source=api-scan" ], "published": "2024-07-11 17:50:34", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7456ce70-dfa1-46b4-af9e-8185c4f7e5f8": { "id": "7456ce70-dfa1-46b4-af9e-8185c4f7e5f8", "title": "Image Gallery - Responsive Photo Gallery <= 1.9.57 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Image Gallery - Responsive Photo Gallery", "slug": "gallery-images", "affected_versions": { "* - 1.9.57": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7456ce70-dfa1-46b4-af9e-8185c4f7e5f8?source=api-scan" ], "published": "2016-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "745709f4-bb9c-41c4-ab60-d9fc18e406a8": { "id": "745709f4-bb9c-41c4-ab60-d9fc18e406a8", "title": "Modal Window \u2013 create popup modal window <= 5.3.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Modal Window \u2013 create popup modal window", "slug": "modal-window", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/745709f4-bb9c-41c4-ab60-d9fc18e406a8?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "745cf98c-ad3a-4ec9-9ee8-ae817d5d7358": { "id": "745cf98c-ad3a-4ec9-9ee8-ae817d5d7358", "title": "Easy Hide Login <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Hide Login", "slug": "easy-hide-login", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/745cf98c-ad3a-4ec9-9ee8-ae817d5d7358?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "746385e0-6bb9-47f2-a3e7-72f8e28be731": { "id": "746385e0-6bb9-47f2-a3e7-72f8e28be731", "title": "Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget", "software": [ { "type": "plugin", "name": "Beaver Builder Addons by WPZOOM", "slug": "wpzoom-addons-for-beaver-builder", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/746385e0-6bb9-47f2-a3e7-72f8e28be731?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "746b77c9-64f8-43e8-9c2a-ce6bc35fd24c": { "id": "746b77c9-64f8-43e8-9c2a-ce6bc35fd24c", "title": "Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification", "software": [ { "type": "plugin", "name": "Web and WooCommerce Addons for WPBakery Builder", "slug": "vc-addons-by-bit14", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/746b77c9-64f8-43e8-9c2a-ce6bc35fd24c?source=api-scan" ], "published": "2024-07-15 21:28:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "746b9ecc-49c1-4f6e-9f86-4147c98fe325": { "id": "746b9ecc-49c1-4f6e-9f86-4147c98fe325", "title": "ProfilePress <= 3.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/746b9ecc-49c1-4f6e-9f86-4147c98fe325?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "747afa58-182a-4fb3-bfe3-f15db0b1d85a": { "id": "747afa58-182a-4fb3-bfe3-f15db0b1d85a", "title": "WP SMS <= 6.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "[*, 6.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/747afa58-182a-4fb3-bfe3-f15db0b1d85a?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "747c86f4-118b-4a9c-899c-e9067d2c7a02": { "id": "747c86f4-118b-4a9c-899c-e9067d2c7a02", "title": "BackupWordPress <= 3.12 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure", "software": [ { "type": "plugin", "name": "BackUpWordPress", "slug": "backupwordpress", "affected_versions": { "3.12": { "from_version": "3.12", "from_inclusive": true, "to_version": "3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/747c86f4-118b-4a9c-899c-e9067d2c7a02?source=api-scan" ], "published": "2022-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "748101c3-0a47-4a3d-b2c1-e05d0919432b": { "id": "748101c3-0a47-4a3d-b2c1-e05d0919432b", "title": "CJ Change Howdy <= 3.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CJ Change Howdy", "slug": "cj-change-howdy", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/748101c3-0a47-4a3d-b2c1-e05d0919432b?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "748220a6-9882-458c-8f80-a928f449c400": { "id": "748220a6-9882-458c-8f80-a928f449c400", "title": "Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Easy WP SMTP \u2013 WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more", "slug": "easy-wp-smtp", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/748220a6-9882-458c-8f80-a928f449c400?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74831bf8-0a30-4758-bfe6-5a5b4ee7ec24": { "id": "74831bf8-0a30-4758-bfe6-5a5b4ee7ec24", "title": "SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SendPulse Free Web Push", "slug": "sendpulse-web-push", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74831bf8-0a30-4758-bfe6-5a5b4ee7ec24?source=api-scan" ], "published": "2024-10-16 20:37:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74841c33-83fa-465e-a5a9-88c34bbc9f6c": { "id": "74841c33-83fa-465e-a5a9-88c34bbc9f6c", "title": "Floating Action Button <= 1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Floating Action Button", "slug": "floating-action-button", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74841c33-83fa-465e-a5a9-88c34bbc9f6c?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7487f72c-9852-4651-a848-239d4882bbf8": { "id": "7487f72c-9852-4651-a848-239d4882bbf8", "title": "Enhanced Text Widget <= 1.5.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Enhanced Text Widget", "slug": "enhanced-text-widget", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7487f72c-9852-4651-a848-239d4882bbf8?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "748bc714-25ba-404e-ac3d-e588fd95b2f9": { "id": "748bc714-25ba-404e-ac3d-e588fd95b2f9", "title": "HUSKY \u2013 Products Filter for WooCommerce Professional <= 1.3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/748bc714-25ba-404e-ac3d-e588fd95b2f9?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "748d01ca-9dd5-4d03-88e7-e80932744fdc": { "id": "748d01ca-9dd5-4d03-88e7-e80932744fdc", "title": "Download Monitor <= 4.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/748d01ca-9dd5-4d03-88e7-e80932744fdc?source=api-scan" ], "published": "2021-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "748e2f67-cd28-4d02-9460-ef88a609d811": { "id": "748e2f67-cd28-4d02-9460-ef88a609d811", "title": "mTouch Quiz <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mTouch Quiz", "slug": "mtouch-quiz", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/748e2f67-cd28-4d02-9460-ef88a609d811?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7492cffe-6e17-4c59-8979-2fa168b4f41d": { "id": "7492cffe-6e17-4c59-8979-2fa168b4f41d", "title": "Cryptocurrency All-in-One <= 3.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cryptocurrency All-in-One", "slug": "cryptocurrency-prices", "affected_versions": { "* - 3.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.19", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7492cffe-6e17-4c59-8979-2fa168b4f41d?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b": { "id": "749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b", "title": "WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Recipe Notes", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74a26e81-c063-4590-abe8-6cac9ec62316": { "id": "74a26e81-c063-4590-abe8-6cac9ec62316", "title": "MarketPress <= 3.2.6 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "MarketPress \u2013 WordPress eCommerce", "slug": "wordpress-ecommerce", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74a26e81-c063-4590-abe8-6cac9ec62316?source=api-scan" ], "published": "2017-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74a280e1-e4b6-4bd9-882b-d9f185332d61": { "id": "74a280e1-e4b6-4bd9-882b-d9f185332d61", "title": "BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "BadgeOS", "slug": "badgeos", "affected_versions": { "* - 3.7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74a280e1-e4b6-4bd9-882b-d9f185332d61?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74a33813-ca5a-4cf4-9d36-b71ca76b8915": { "id": "74a33813-ca5a-4cf4-9d36-b71ca76b8915", "title": "Flow-Flow Social Feed Stream <= 3.0.71 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flow-Flow Social Feed Stream", "slug": "flow-flow-social-streams", "affected_versions": { "[*, 3.0.72)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.72", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74a33813-ca5a-4cf4-9d36-b71ca76b8915?source=api-scan" ], "published": "2018-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74a74817-30ff-42ec-9bd4-7d0638d6643c": { "id": "74a74817-30ff-42ec-9bd4-7d0638d6643c", "title": "Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Order Delivery Date for WP e-Commerce", "slug": "order-delivery-date", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74a74817-30ff-42ec-9bd4-7d0638d6643c?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74aad4b3-3e35-4abe-ba26-48334da0face": { "id": "74aad4b3-3e35-4abe-ba26-48334da0face", "title": "Zephyr Project Manager < 3.2.55 - Missing Authorization to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "[*, 3.2.55)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.55", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74aad4b3-3e35-4abe-ba26-48334da0face?source=api-scan" ], "published": "2022-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74ab025d-4e76-46e5-b8f8-963eeea5b802": { "id": "74ab025d-4e76-46e5-b8f8-963eeea5b802", "title": "Uncode Core <= 2.8.8 - Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "uncode-core", "slug": "uncode-core", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74ab025d-4e76-46e5-b8f8-963eeea5b802?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74ac2b14-aea1-4366-acf4-d2d86cdec4c2": { "id": "74ac2b14-aea1-4366-acf4-d2d86cdec4c2", "title": "Sticky Buttons \u2013 floating buttons builder <= 3.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sticky Buttons \u2013 floating buttons builder", "slug": "sticky-buttons", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74ac2b14-aea1-4366-acf4-d2d86cdec4c2?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74b284b7-ec0a-42c1-82e5-0c8cb422c0c5": { "id": "74b284b7-ec0a-42c1-82e5-0c8cb422c0c5", "title": "Save as Image plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Save as Image Plugin by Pdfcrowd", "slug": "save-as-image-by-pdfcrowd", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74b284b7-ec0a-42c1-82e5-0c8cb422c0c5?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74b81d31-8ee6-47cf-a5e8-3cf0900ebea0": { "id": "74b81d31-8ee6-47cf-a5e8-3cf0900ebea0", "title": "Events Manager < 5.9.7.2 & Events Manager Pro < 2.6.7.2 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "Events Manager Pro", "slug": "events-manager-pro", "affected_versions": { "[*, 2.6.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.7.2" ] }, { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.9.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74b81d31-8ee6-47cf-a5e8-3cf0900ebea0?source=api-scan" ], "published": "2020-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74bbe655-ce86-4a87-a79f-f25bd0680e49": { "id": "74bbe655-ce86-4a87-a79f-f25bd0680e49", "title": "Selection Lite <= 1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Selection Lite", "slug": "selection-lite", "affected_versions": { "* - 1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74bbe655-ce86-4a87-a79f-f25bd0680e49?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74bd595b-d2fa-4c62-82d2-dba2c2b128f0": { "id": "74bd595b-d2fa-4c62-82d2-dba2c2b128f0", "title": "WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password\/Email Reset\/Account Takeover", "software": [ { "type": "plugin", "name": "WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin", "slug": "timetics", "affected_versions": { "* - 1.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74bd595b-d2fa-4c62-82d2-dba2c2b128f0?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74bf6cb2-318f-4b2a-b79c-729fe09570fe": { "id": "74bf6cb2-318f-4b2a-b79c-729fe09570fe", "title": "BestWebSoft's Twitter <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BestWebSoft's Twitter", "slug": "twitter-plugin", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74bf6cb2-318f-4b2a-b79c-729fe09570fe?source=api-scan" ], "published": "2014-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74cc9d91-5b6a-48fc-8bd1-01100b45ffdb": { "id": "74cc9d91-5b6a-48fc-8bd1-01100b45ffdb", "title": "Custom Post Type Relations <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Post Type Relations", "slug": "custom-post-type-relations", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74cc9d91-5b6a-48fc-8bd1-01100b45ffdb?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74d222b9-22e9-485d-8111-d3bee505b200": { "id": "74d222b9-22e9-485d-8111-d3bee505b200", "title": "Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation", "software": [ { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Member Reviews", "slug": "bp-user-profile-reviews", "affected_versions": { "[*, 2.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.0" ] }, { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Create Group Type", "slug": "bp-create-group-type", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Wbcom Designs \u2013 Custom Font Uploader", "slug": "custom-font-uploader", "affected_versions": { "[*, 2.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0" ] }, { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Search", "slug": "wbcom-designs-buddypress-search", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "BuddyPress Sticky Post", "slug": "buddypress-sticky-post", "affected_versions": { "[*, 1.9.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.9" ] }, { "type": "plugin", "name": "Activity Log WinterLock", "slug": "winterlock", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Wbcom Designs BuddyPress Todo List", "slug": "bp-user-to-do-list", "affected_versions": { "[*, 3.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0" ] }, { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Group Reviews", "slug": "review-buddypress-groups", "affected_versions": { "[*, 2.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.1" ] }, { "type": "plugin", "name": "BP Job Manager integration", "slug": "bp-job-manager-integration", "affected_versions": { "[*, 2.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.1" ] }, { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Activity Social Share", "slug": "bp-activity-social-share", "affected_versions": { "[*, 3.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.0" ] }, { "type": "plugin", "name": "Custom Email Options", "slug": "custom-email-options", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Audio Preview for WooCommerce", "slug": "woo-audio-preview", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Activity Filter", "slug": "bp-activity-filter", "affected_versions": { "[*, 2.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.0" ] }, { "type": "plugin", "name": "Document Preview For WooCommerce", "slug": "woo-document-preview", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Ads", "slug": "wbcom-designs-buddypress-ads", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "plugin", "name": "BuddyPress Check-ins Pro", "slug": "buddypress-check-ins-pro", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Wbcom Designs \u2013 Private Community for BuddyPress", "slug": "lock-my-bp", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] }, { "type": "plugin", "name": "BuddyPress Hashtags", "slug": "buddypress-hashtag", "affected_versions": { "[*, 2.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.0" ] }, { "type": "plugin", "name": "Wbcom Designs \u2013 Check-ins for BuddyPress Activity", "slug": "bp-check-in", "affected_versions": { "[*, 1.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74d222b9-22e9-485d-8111-d3bee505b200?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74d3606f-bd62-4844-ac17-8e47feddab92": { "id": "74d3606f-bd62-4844-ac17-8e47feddab92", "title": "Login Configurator <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login Configurator", "slug": "login-configurator", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74d3606f-bd62-4844-ac17-8e47feddab92?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74d635b6-2b4a-49af-af5c-6bfa1b5d220e": { "id": "74d635b6-2b4a-49af-af5c-6bfa1b5d220e", "title": "Slider by 10Web \u2013 Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter", "software": [ { "type": "plugin", "name": "Slider by 10Web \u2013 Responsive Image Slider", "slug": "slider-wd", "affected_versions": { "* - 1.2.57": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74d635b6-2b4a-49af-af5c-6bfa1b5d220e?source=api-scan" ], "published": "2024-08-07 17:31:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74dad6f0-0760-4420-b8cc-dc84cafd9b0d": { "id": "74dad6f0-0760-4420-b8cc-dc84cafd9b0d", "title": "Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update", "software": [ { "type": "plugin", "name": "Revolut Gateway for WooCommerce", "slug": "revolut-gateway-for-woocommerce", "affected_versions": { "* - 4.17.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.17.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.17.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74dad6f0-0760-4420-b8cc-dc84cafd9b0d?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74db4d3a-ee3f-460a-b880-f61a8e33ea57": { "id": "74db4d3a-ee3f-460a-b880-f61a8e33ea57", "title": "myCred Plugin <= 1.7.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "[*, 1.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74db4d3a-ee3f-460a-b880-f61a8e33ea57?source=api-scan" ], "published": "2017-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74e15c52-4245-41b0-8005-41e9ac2c2edc": { "id": "74e15c52-4245-41b0-8005-41e9ac2c2edc", "title": "Widget Post Slider <= 1.3.5. - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widget Post Slider", "slug": "widget-post-slider", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74e15c52-4245-41b0-8005-41e9ac2c2edc?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74e25ef2-ca4d-416e-8a9b-2ed09a93d1aa": { "id": "74e25ef2-ca4d-416e-8a9b-2ed09a93d1aa", "title": "Lattice < 1.1.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Lattice", "slug": "lattice", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74e25ef2-ca4d-416e-8a9b-2ed09a93d1aa?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74e38291-b312-4742-857e-b080321d8225": { "id": "74e38291-b312-4742-857e-b080321d8225", "title": "Filter & Grids <= 2.8.32 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Filter & Grids", "slug": "ymc-smart-filter", "affected_versions": { "* - 2.8.32": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74e38291-b312-4742-857e-b080321d8225?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74e5bed8-3c6a-479a-9f2f-f15a467cd896": { "id": "74e5bed8-3c6a-479a-9f2f-f15a467cd896", "title": "Contact Form Widget \u2013 Contact Query, Contact Page, Form Maker, Query Table <= 1.3.8 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form Widget \u2013 Contact Query, Contact Page, Form Maker, Query Table", "slug": "new-contact-form-widget", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74e5bed8-3c6a-479a-9f2f-f15a467cd896?source=api-scan" ], "published": "2019-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74e8259b-b702-4cdd-a0ec-4fed255069c9": { "id": "74e8259b-b702-4cdd-a0ec-4fed255069c9", "title": "Uncanny Automator Pro <= 5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Uncanny Automator Pro", "slug": "uncanny-automator-pro", "affected_versions": { "* - 5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74e8259b-b702-4cdd-a0ec-4fed255069c9?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74ea8f1e-d6ff-4a32-b8bf-5d4c8e69433e": { "id": "74ea8f1e-d6ff-4a32-b8bf-5d4c8e69433e", "title": "Flyzoo Chat <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flyzoo Chat", "slug": "flyzoo", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74ea8f1e-d6ff-4a32-b8bf-5d4c8e69433e?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74ee6bf0-7091-40b8-a3e7-9ba1411b7ea4": { "id": "74ee6bf0-7091-40b8-a3e7-9ba1411b7ea4", "title": "WPDating <= 7.4.0 - SQL Injection", "software": [ { "type": "plugin", "name": "WPDating", "slug": "dsp_dating", "affected_versions": { "* - 7.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74ee6bf0-7091-40b8-a3e7-9ba1411b7ea4?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74f0af24-e4d9-4b89-b91e-c6ec3e3918e7": { "id": "74f0af24-e4d9-4b89-b91e-c6ec3e3918e7", "title": "Post to CSV by BestWebSoft <= 1.4.0 - Authenticated (Author+) CSV Injection", "software": [ { "type": "plugin", "name": "Post to CSV by BestWebSoft", "slug": "post-to-csv", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74f0af24-e4d9-4b89-b91e-c6ec3e3918e7?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74f1966c-f465-4c8f-b7ae-131974961d72": { "id": "74f1966c-f465-4c8f-b7ae-131974961d72", "title": "My Calendar <= 3.4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74f1966c-f465-4c8f-b7ae-131974961d72?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74f212b1-9f70-44c8-a7bb-ee8887be9ea6": { "id": "74f212b1-9f70-44c8-a7bb-ee8887be9ea6", "title": "MailChimp Subscribe Forms <= 4.0.9.8 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder", "slug": "mailchimp-subscribe-sm", "affected_versions": { "* - 4.0.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74f212b1-9f70-44c8-a7bb-ee8887be9ea6?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74f4068b-224e-4523-9a8d-8713b779a262": { "id": "74f4068b-224e-4523-9a8d-8713b779a262", "title": "WordPress Button Plugin MaxButtons <= 9.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 9.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74f4068b-224e-4523-9a8d-8713b779a262?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74f59ee0-19dd-4cc9-ab24-22f26d71d248": { "id": "74f59ee0-19dd-4cc9-ab24-22f26d71d248", "title": "LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Elementor <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Elementor", "slug": "include-lottie-animation-for-elementor", "affected_versions": { "* - 1.10.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74f59ee0-19dd-4cc9-ab24-22f26d71d248?source=api-scan" ], "published": "2024-05-23 18:30:59", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74f6bf42-3406-47c5-b255-6cc1e8084fb5": { "id": "74f6bf42-3406-47c5-b255-6cc1e8084fb5", "title": "Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74f6bf42-3406-47c5-b255-6cc1e8084fb5?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74f8af2b-69fb-41db-b978-62709322aed3": { "id": "74f8af2b-69fb-41db-b978-62709322aed3", "title": "Email Newsletter <= 20.13.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Newsletter", "slug": "email-newsletter", "affected_versions": { "* - 20.13.6": { "from_version": "*", "from_inclusive": true, "to_version": "20.13.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20.13.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74f8af2b-69fb-41db-b978-62709322aed3?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74f92bd4-c752-4620-b506-d7588ff2e586": { "id": "74f92bd4-c752-4620-b506-d7588ff2e586", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_create_pages", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74f92bd4-c752-4620-b506-d7588ff2e586?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74fa5a77-3c66-4aa5-aa58-3e608e3cba70": { "id": "74fa5a77-3c66-4aa5-aa58-3e608e3cba70", "title": "Essential Real Estate <= 4.3.5 - Missing Authorization to Denial of Service", "software": [ { "type": "plugin", "name": "Essential Real Estate", "slug": "essential-real-estate", "affected_versions": { "* - 4.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74fa5a77-3c66-4aa5-aa58-3e608e3cba70?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "74fac72d-6f16-475c-bc80-e77968dd23ad": { "id": "74fac72d-6f16-475c-bc80-e77968dd23ad", "title": "Smash Balloon Social Post Feed <= 4.0 - Arbitrary Plugin Settings Update to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smash Balloon Social Post Feed \u2013 Simple Social Feeds for WordPress", "slug": "custom-facebook-feed", "affected_versions": { "[*, 4.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/74fac72d-6f16-475c-bc80-e77968dd23ad?source=api-scan" ], "published": "2021-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75067f95-48b6-4c1d-8d8b-2601185b1f81": { "id": "75067f95-48b6-4c1d-8d8b-2601185b1f81", "title": "WPForms Google Sheet Connector <= 3.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPForms Google Sheet Connector Pro", "slug": "gsheetconnector-wpforms-pro", "affected_versions": { "[*, 2.5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.7" ] }, { "type": "plugin", "name": "WPForms Google Sheet Connector", "slug": "gsheetconnector-wpforms", "affected_versions": { "* - 3.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75067f95-48b6-4c1d-8d8b-2601185b1f81?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "750a4a94-458c-4944-a99b-a1c8e23e57d1": { "id": "750a4a94-458c-4944-a99b-a1c8e23e57d1", "title": "Sticky Ad Bar <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sticky Ad Bar Plugin", "slug": "sticky-ad-bar", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/750a4a94-458c-4944-a99b-a1c8e23e57d1?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "750be90d-dc12-4974-8921-75259d56c7b3": { "id": "750be90d-dc12-4974-8921-75259d56c7b3", "title": "Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cost Calculator", "slug": "nd-projects", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/750be90d-dc12-4974-8921-75259d56c7b3?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7520010f-c402-4fe9-82dc-a973ce446765": { "id": "7520010f-c402-4fe9-82dc-a973ce446765", "title": "Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read", "software": [ { "type": "plugin", "name": "Admin Word Count Column", "slug": "admin-word-count-column", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7520010f-c402-4fe9-82dc-a973ce446765?source=api-scan" ], "published": "2022-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "752a07c4-ae88-4152-b449-68228a54604a": { "id": "752a07c4-ae88-4152-b449-68228a54604a", "title": "Custom Field Template <= 2.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/752a07c4-ae88-4152-b449-68228a54604a?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "752b9c5f-4c36-4182-9dd4-0e840a727ceb": { "id": "752b9c5f-4c36-4182-9dd4-0e840a727ceb", "title": "Redirection for Contact Form 7 <= 2.4.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/752b9c5f-4c36-4182-9dd4-0e840a727ceb?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "752caefe-7e87-4d4f-89e0-fbd28e4076c4": { "id": "752caefe-7e87-4d4f-89e0-fbd28e4076c4", "title": "NextScripts: Social Networks Auto-Poster <= 4.3.25 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "* - 4.3.25": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/752caefe-7e87-4d4f-89e0-fbd28e4076c4?source=api-scan" ], "published": "2022-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "752d5de4-34c2-4a40-af47-69bd7e0ee48e": { "id": "752d5de4-34c2-4a40-af47-69bd7e0ee48e", "title": "WS Form LITE <= 1.9.238 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress", "slug": "ws-form", "affected_versions": { "* - 1.9.238": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.238", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.244" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/752d5de4-34c2-4a40-af47-69bd7e0ee48e?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "752e3d68-001b-4523-9040-b1ef8fbffa7e": { "id": "752e3d68-001b-4523-9040-b1ef8fbffa7e", "title": "Asset CleanUp: Page Speed Booster <= 1.3.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Asset CleanUp: Page Speed Booster", "slug": "wp-asset-clean-up", "affected_versions": { "* - 1.3.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/752e3d68-001b-4523-9040-b1ef8fbffa7e?source=api-scan" ], "published": "2022-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7533b65e-3612-4c8e-8b67-3cbcb80b4331": { "id": "7533b65e-3612-4c8e-8b67-3cbcb80b4331", "title": "Lazyest Gallery < 1.1.21 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lazyest Gallery", "slug": "lazyest-gallery", "affected_versions": { "[*, 1.1.21)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7533b65e-3612-4c8e-8b67-3cbcb80b4331?source=api-scan" ], "published": "2014-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7534f2e5-a296-4c54-99e3-d84f5c9a5b51": { "id": "7534f2e5-a296-4c54-99e3-d84f5c9a5b51", "title": "WordPress File Upload <= 4.16.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.16.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7534f2e5-a296-4c54-99e3-d84f5c9a5b51?source=api-scan" ], "published": "2022-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "753a4f7a-7bd4-43a4-b8fb-9e982239ba0e": { "id": "753a4f7a-7bd4-43a4-b8fb-9e982239ba0e", "title": "YayExtra \u2013 WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function", "software": [ { "type": "plugin", "name": "YayExtra \u2013 WooCommerce Extra Product Options", "slug": "yayextra", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/753a4f7a-7bd4-43a4-b8fb-9e982239ba0e?source=api-scan" ], "published": "2024-08-02 21:03:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75413c3f-7880-4b10-bf1a-fcfdab877ff5": { "id": "75413c3f-7880-4b10-bf1a-fcfdab877ff5", "title": "PWA for WP & AMP <= 1.7.72 - Missing Authorization", "software": [ { "type": "plugin", "name": "PWA for WP & AMP", "slug": "pwa-for-wp", "affected_versions": { "* - 1.7.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75413c3f-7880-4b10-bf1a-fcfdab877ff5?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75424878-5976-4dc6-8a09-8eb46a7425b8": { "id": "75424878-5976-4dc6-8a09-8eb46a7425b8", "title": "Mail Subscribe List <= 2.1.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mail Subscribe List", "slug": "mail-subscribe-list", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75424878-5976-4dc6-8a09-8eb46a7425b8?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75432cfd-7c0d-4d93-9b62-cac0fd9b49d5": { "id": "75432cfd-7c0d-4d93-9b62-cac0fd9b49d5", "title": "ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75432cfd-7c0d-4d93-9b62-cac0fd9b49d5?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7546b0b7-8081-4762-9e20-76dfb3c8a8a7": { "id": "7546b0b7-8081-4762-9e20-76dfb3c8a8a7", "title": "TK Google Fonts GDPR Compliant <= 2.2.11 - Missing Authorization to Font Addition", "software": [ { "type": "plugin", "name": "TK Google Fonts GDPR Compliant", "slug": "tk-google-fonts", "affected_versions": { "* - 2.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7546b0b7-8081-4762-9e20-76dfb3c8a8a7?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75537b61-5622-4b35-b80e-389526bd99f0": { "id": "75537b61-5622-4b35-b80e-389526bd99f0", "title": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin", "slug": "wp-event-solution", "affected_versions": { "* - 4.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75537b61-5622-4b35-b80e-389526bd99f0?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "755454cc-b1a8-4a38-9e73-c47a6ef562a2": { "id": "755454cc-b1a8-4a38-9e73-c47a6ef562a2", "title": "Super Socializer <= 7.13.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "* - 7.13.53": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/755454cc-b1a8-4a38-9e73-c47a6ef562a2?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "755a2c02-f442-46ca-9b45-644b7098b1e3": { "id": "755a2c02-f442-46ca-9b45-644b7098b1e3", "title": "Heateor Social Login WordPress <= 1.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Heateor Social Login WordPress", "slug": "heateor-social-login", "affected_versions": { "* - 1.1.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/755a2c02-f442-46ca-9b45-644b7098b1e3?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "755ae574-9df3-44d1-a14b-16887f234510": { "id": "755ae574-9df3-44d1-a14b-16887f234510", "title": "Scheduled Announcements Widget <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scheduled Announcements Widget", "slug": "scheduled-announcements-widget", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/755ae574-9df3-44d1-a14b-16887f234510?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "755b53e4-051a-4a25-8fd9-fe10c28acc25": { "id": "755b53e4-051a-4a25-8fd9-fe10c28acc25", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/755b53e4-051a-4a25-8fd9-fe10c28acc25?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "755e0998-0f0d-4259-881d-ed07aecb0b10": { "id": "755e0998-0f0d-4259-881d-ed07aecb0b10", "title": "Themedy Toolbox <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes", "software": [ { "type": "plugin", "name": "Themedy Toolbox", "slug": "themedy-toolbox", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/755e0998-0f0d-4259-881d-ed07aecb0b10?source=api-scan" ], "published": "2024-09-26 00:45:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7561a71a-c3f0-45f1-8230-2c17cbeff916": { "id": "7561a71a-c3f0-45f1-8230-2c17cbeff916", "title": "Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card", "software": [ { "type": "plugin", "name": "Gestpay for WooCommerce", "slug": "gestpay-for-woocommerce", "affected_versions": { "* - 20221130": { "from_version": "*", "from_inclusive": true, "to_version": "20221130", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240307" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7561bce2-bd70-4da3-bbf0-318e59cd1852": { "id": "7561bce2-bd70-4da3-bbf0-318e59cd1852", "title": "Gallery Blocks with Lightbox <= 3.0.7 - Missing Authorization in pgc_sgb_action_wizard", "software": [ { "type": "plugin", "name": "Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery", "slug": "simply-gallery-block", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7561bce2-bd70-4da3-bbf0-318e59cd1852?source=api-scan" ], "published": "2023-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7566beda-649f-4dfc-860f-fb1c48809461": { "id": "7566beda-649f-4dfc-860f-fb1c48809461", "title": "Word Search Puzzles game <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Word Search Puzzles game", "slug": "wha-wordsearch", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7566beda-649f-4dfc-860f-fb1c48809461?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "756810c0-d805-4391-a67b-19b40597d219": { "id": "756810c0-d805-4391-a67b-19b40597d219", "title": "Yandex.News Feed by Teplitsa <= 1.12.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yandex.News Feed by Teplitsa", "slug": "yandexnews-feed-by-teplitsa", "affected_versions": { "* - 1.12.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/756810c0-d805-4391-a67b-19b40597d219?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75685f2f-b1d0-4f38-a2b4-1cc0259aedc7": { "id": "75685f2f-b1d0-4f38-a2b4-1cc0259aedc7", "title": "Backup and Restore WordPress \u2013 Backup Plugin <= 1.9 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Backup and Restore WordPress \u2013 Backup Plugin", "slug": "wp-backitup", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75685f2f-b1d0-4f38-a2b4-1cc0259aedc7?source=api-scan" ], "published": "2014-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75699831-de38-4c3b-840d-82a04fc97048": { "id": "75699831-de38-4c3b-840d-82a04fc97048", "title": "Ghost (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Ghost", "slug": "ghost", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75699831-de38-4c3b-840d-82a04fc97048?source=api-scan" ], "published": "2013-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "756b5e3e-46fa-483e-945a-86166e79d989": { "id": "756b5e3e-46fa-483e-945a-86166e79d989", "title": "Affiliates Manager <= 2.9.31 - Cross-Site Request Forgery via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.9.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/756b5e3e-46fa-483e-945a-86166e79d989?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7575e290-ad31-4c1b-9a89-eaa8b3eda6d1": { "id": "7575e290-ad31-4c1b-9a89-eaa8b3eda6d1", "title": "Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Arconix Shortcodes", "slug": "arconix-shortcodes", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7575e290-ad31-4c1b-9a89-eaa8b3eda6d1?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "757690b0-6c59-4e74-aad2-f5fde9f7a2fb": { "id": "757690b0-6c59-4e74-aad2-f5fde9f7a2fb", "title": "MailerLite \u2013 WooCommerce integration <= 2.0.8 - Missing Authorization via Multiple Functions", "software": [ { "type": "plugin", "name": "MailerLite \u2013 WooCommerce integration", "slug": "woo-mailerlite", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/757690b0-6c59-4e74-aad2-f5fde9f7a2fb?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "757938f4-c6ef-4152-a0d6-f14d2a043c85": { "id": "757938f4-c6ef-4152-a0d6-f14d2a043c85", "title": "Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings\/Options Update", "software": [ { "type": "plugin", "name": "Ecwid by Lightspeed Ecommerce Shopping Cart", "slug": "ecwid-shopping-cart", "affected_versions": { "* - 6.10.23": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.10.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/757938f4-c6ef-4152-a0d6-f14d2a043c85?source=api-scan" ], "published": "2022-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75824b96-8674-4340-9e56-b0cb0f52503d": { "id": "75824b96-8674-4340-9e56-b0cb0f52503d", "title": "Robokassa payment gateway for Woocommerce <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Robokassa payment gateway for Woocommerce", "slug": "robokassa", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75824b96-8674-4340-9e56-b0cb0f52503d?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "758beea4-809c-4837-839d-76ee982d0ae5": { "id": "758beea4-809c-4837-839d-76ee982d0ae5", "title": "Knight Lab Timeline <= 3.9.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Knight Lab Timeline", "slug": "knight-lab-timelinejs", "affected_versions": { "* - 3.9.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/758beea4-809c-4837-839d-76ee982d0ae5?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "758ccfd2-e984-46d9-9643-29299d64940e": { "id": "758ccfd2-e984-46d9-9643-29299d64940e", "title": "My Category Order <= 4.3 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "my-category-order", "slug": "my-category-order", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/758ccfd2-e984-46d9-9643-29299d64940e?source=api-scan" ], "published": "2015-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "758e035f-5713-4af0-a771-8214c753a9ba": { "id": "758e035f-5713-4af0-a771-8214c753a9ba", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/758e035f-5713-4af0-a771-8214c753a9ba?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "758e23e4-72e6-4dc1-94f9-d02b75bb9857": { "id": "758e23e4-72e6-4dc1-94f9-d02b75bb9857", "title": "Ultimate Maps by Supsystic <= 1.1.16 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Ultimate Maps by Supsystic", "slug": "ultimate-maps-by-supsystic", "affected_versions": { "[*, 1.1.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/758e23e4-72e6-4dc1-94f9-d02b75bb9857?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75993820-e3bb-43c4-92a6-5aad2a7187e9": { "id": "75993820-e3bb-43c4-92a6-5aad2a7187e9", "title": "Review & testimonial widgets <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Review & testimonial widgets", "slug": "trustmary", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75993820-e3bb-43c4-92a6-5aad2a7187e9?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "759f5687-4ff1-4b8d-a5e7-3fb409fc2ba0": { "id": "759f5687-4ff1-4b8d-a5e7-3fb409fc2ba0", "title": "StopBadBots <= 7.23 - Missing Authorization to Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "* - 7.23": { "from_version": "*", "from_inclusive": true, "to_version": "7.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/759f5687-4ff1-4b8d-a5e7-3fb409fc2ba0?source=api-scan" ], "published": "2022-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75a1f49d-2352-40f0-a830-7cff0e5163f2": { "id": "75a1f49d-2352-40f0-a830-7cff0e5163f2", "title": "Responsive Pricing Table <= 5.1.10 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Pricing Table", "slug": "dk-pricr-responsive-pricing-table", "affected_versions": { "* - 5.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75a1f49d-2352-40f0-a830-7cff0e5163f2?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75a5853a-7497-4312-b7e1-e21b1425dc05": { "id": "75a5853a-7497-4312-b7e1-e21b1425dc05", "title": "SodaHead Polls < 2.0.4 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SodaHead Polls", "slug": "sodahead-polls", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75a5853a-7497-4312-b7e1-e21b1425dc05?source=api-scan" ], "published": "2011-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75aa7541-d9d4-4526-9831-238327d0f3ae": { "id": "75aa7541-d9d4-4526-9831-238327d0f3ae", "title": "Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Plugin for Google Reviews", "slug": "widget-google-reviews", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75aa7541-d9d4-4526-9831-238327d0f3ae?source=api-scan" ], "published": "2023-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75aadbf5-763b-48cb-9d9e-fb8edb894d08": { "id": "75aadbf5-763b-48cb-9d9e-fb8edb894d08", "title": "Survey Maker <= 4.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75aadbf5-763b-48cb-9d9e-fb8edb894d08?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75ac23b7-bcc0-41ce-8cfc-e1de3954d169": { "id": "75ac23b7-bcc0-41ce-8cfc-e1de3954d169", "title": "Include Me <= 1.2.1 - Local File Inclusion leading to Authenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Include Me", "slug": "include-me", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75ac23b7-bcc0-41ce-8cfc-e1de3954d169?source=api-scan" ], "published": "2022-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75b09cf8-cfe4-4a8a-838c-e4b1cedf5d5a": { "id": "75b09cf8-cfe4-4a8a-838c-e4b1cedf5d5a", "title": "Magical Addons For Elementor <= 1.1.41 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )", "slug": "magical-addons-for-elementor", "affected_versions": { "* - 1.1.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75b09cf8-cfe4-4a8a-838c-e4b1cedf5d5a?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75b84eae-6ff2-49af-a420-2aeef50224e3": { "id": "75b84eae-6ff2-49af-a420-2aeef50224e3", "title": "HTTP Headers <= 1.18.10 - Authenticated(Administrator+) Remote Code Execution", "software": [ { "type": "plugin", "name": "HTTP Headers", "slug": "http-headers", "affected_versions": { "* - 1.18.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75b84eae-6ff2-49af-a420-2aeef50224e3?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75b8f71d-9f75-4b42-ac5f-c6ffb476aae4": { "id": "75b8f71d-9f75-4b42-ac5f-c6ffb476aae4", "title": "Swifty Page Manager <= 3.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Swifty Page Manager", "slug": "swifty-page-manager", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75b8f71d-9f75-4b42-ac5f-c6ffb476aae4?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75b91e92-7c00-447d-80fa-6e20ca8df7ce": { "id": "75b91e92-7c00-447d-80fa-6e20ca8df7ce", "title": "WP CSV <= 1.8.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP CSV", "slug": "wp-csv", "affected_versions": { "* - 1.8.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75b91e92-7c00-447d-80fa-6e20ca8df7ce?source=api-scan" ], "published": "2022-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75c325a1-1a88-4b67-a5f8-6307627d8c6a": { "id": "75c325a1-1a88-4b67-a5f8-6307627d8c6a", "title": "WP User Profile Avatar <= 1.0.0 - Authenticated (Author+) Insecure Direct Object Reference to Avatar Deletion\/Update", "software": [ { "type": "plugin", "name": "WP User Profile Avatar", "slug": "wp-user-profile-avatar", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75c325a1-1a88-4b67-a5f8-6307627d8c6a?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd": { "id": "75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd", "title": "Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure", "software": [ { "type": "plugin", "name": "Themesflat Addons For Elementor", "slug": "themesflat-addons-for-elementor", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75c6697c-bc1d-456f-baee-ee9c57e40d21": { "id": "75c6697c-bc1d-456f-baee-ee9c57e40d21", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75c6697c-bc1d-456f-baee-ee9c57e40d21?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75cc74f6-aaab-4d5a-bd71-c238fa74a9bb": { "id": "75cc74f6-aaab-4d5a-bd71-c238fa74a9bb", "title": "Appointment Hour Booking <= 1.3.16 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "[*, 1.3.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75cc74f6-aaab-4d5a-bd71-c238fa74a9bb?source=api-scan" ], "published": "2021-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75d5366e-2908-4b8d-9ee2-1f11e483add1": { "id": "75d5366e-2908-4b8d-9ee2-1f11e483add1", "title": "Elements Kit Lite\/Pro <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75d5366e-2908-4b8d-9ee2-1f11e483add1?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75da181d-3162-448f-afb8-dc05748184f6": { "id": "75da181d-3162-448f-afb8-dc05748184f6", "title": "Exclusive Addons Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75da181d-3162-448f-afb8-dc05748184f6?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75dafb36-7596-492f-a377-32315b1abe33": { "id": "75dafb36-7596-492f-a377-32315b1abe33", "title": "BuddyMeet <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "BuddyMeet", "slug": "buddymeet", "affected_versions": { "[*, 2.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75dafb36-7596-492f-a377-32315b1abe33?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75ddf732-ddb2-47ba-884a-477fcc6595b4": { "id": "75ddf732-ddb2-47ba-884a-477fcc6595b4", "title": "Replace Word <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Replace Word", "slug": "replace-word", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75ddf732-ddb2-47ba-884a-477fcc6595b4?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75e02357-391a-4f21-9024-ca4a0ea24d50": { "id": "75e02357-391a-4f21-9024-ca4a0ea24d50", "title": "Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Easy WP SMTP \u2013 WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more", "slug": "easy-wp-smtp", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75e02357-391a-4f21-9024-ca4a0ea24d50?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75e55138-b091-4113-89da-e1ca45fb99ea": { "id": "75e55138-b091-4113-89da-e1ca45fb99ea", "title": "Google Doc Embedder <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Google Doc Embedder", "slug": "google-document-embedder", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75e55138-b091-4113-89da-e1ca45fb99ea?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75e5e1eb-300f-4ddf-aec5-4fae9dba0f5d": { "id": "75e5e1eb-300f-4ddf-aec5-4fae9dba0f5d", "title": "Unlimited Category slider for WooCommerce <= 2.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Category slider for WooCommerce", "slug": "wc-basic-slider", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75e5e1eb-300f-4ddf-aec5-4fae9dba0f5d?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75e89574-a0d4-4383-a6f8-bf977e2ffe4d": { "id": "75e89574-a0d4-4383-a6f8-bf977e2ffe4d", "title": "Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Image Popup", "slug": "simple-image-popup", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75e89574-a0d4-4383-a6f8-bf977e2ffe4d?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75eab54b-dbe0-4440-b4ab-601c5041e180": { "id": "75eab54b-dbe0-4440-b4ab-601c5041e180", "title": "WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "slug": "wp-staging", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] }, { "type": "plugin", "name": "WP STAGING Pro WordPress Backup Plugin", "slug": "wp-staging-pro", "affected_versions": { "* - 5.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75eab54b-dbe0-4440-b4ab-601c5041e180?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75ec04f1-8bea-4514-b1d0-da5b305219d7": { "id": "75ec04f1-8bea-4514-b1d0-da5b305219d7", "title": "Brizy \u2013 Page Builder <= 2.5.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75ec04f1-8bea-4514-b1d0-da5b305219d7?source=api-scan" ], "published": "2024-08-07 15:16:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75f01eb4-5d53-441d-9bee-e97857dadaf9": { "id": "75f01eb4-5d53-441d-9bee-e97857dadaf9", "title": "SupportCandy <= 3.1.6 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75f01eb4-5d53-441d-9bee-e97857dadaf9?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75f0bc5a-f588-4aeb-9e55-72e180d39ddf": { "id": "75f0bc5a-f588-4aeb-9e55-72e180d39ddf", "title": "ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Missing Authorization to Order Information Disclosure", "software": [ { "type": "plugin", "name": "ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce", "slug": "woo-alidropship", "affected_versions": { "* - 1.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75f0bc5a-f588-4aeb-9e55-72e180d39ddf?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75f45345-216e-48a8-b131-672aa12a0e0f": { "id": "75f45345-216e-48a8-b131-672aa12a0e0f", "title": "SportsPress \u2013 Sports Club & League Manager <= 2.7.21 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SportsPress \u2013 Sports Club & League Manager", "slug": "sportspress", "affected_versions": { "* - 2.7.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75f45345-216e-48a8-b131-672aa12a0e0f?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75f87f99-9f0d-46c2-a6f1-3c1ea0176303": { "id": "75f87f99-9f0d-46c2-a6f1-3c1ea0176303", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.59": { "from_version": "*", "from_inclusive": true, "to_version": "3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.59.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75f87f99-9f0d-46c2-a6f1-3c1ea0176303?source=api-scan" ], "published": "2024-04-05 12:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75f964a8-a5eb-4990-a6d4-e911a20d0035": { "id": "75f964a8-a5eb-4990-a6d4-e911a20d0035", "title": "Real3D Flipbook <= 2.8 - Reflected Cross-Site Scripting via bookId parameter", "software": [ { "type": "plugin", "name": "Real3D Flipbook", "slug": "real3d-flipbook", "affected_versions": { "[*, 2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75f964a8-a5eb-4990-a6d4-e911a20d0035?source=api-scan" ], "published": "2016-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75f98731-f5a1-46aa-bf00-3b119a3b917e": { "id": "75f98731-f5a1-46aa-bf00-3b119a3b917e", "title": "NEX-Forms \u2013 Ultimate Form Builder <= 8.7.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75f98731-f5a1-46aa-bf00-3b119a3b917e?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "75fc21c8-352c-48dc-9d3f-53a738306f97": { "id": "75fc21c8-352c-48dc-9d3f-53a738306f97", "title": "Role Based Pricing for WooCommerce <= 1.6.2 - Missing Authorization to PHAR Deserialization", "software": [ { "type": "plugin", "name": "Role Based Pricing for WooCommerce", "slug": "role-based-pricing-for-woocommerce", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/75fc21c8-352c-48dc-9d3f-53a738306f97?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7600e7df-725d-4877-b0bf-5329f814723f": { "id": "7600e7df-725d-4877-b0bf-5329f814723f", "title": "Customizer Export\/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import", "software": [ { "type": "plugin", "name": "Customizer Export\/Import", "slug": "customizer-export-import", "affected_versions": { "* - 0.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7600e7df-725d-4877-b0bf-5329f814723f?source=api-scan" ], "published": "2024-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76044985-477c-4d62-aec3-1905add0a9e2": { "id": "76044985-477c-4d62-aec3-1905add0a9e2", "title": "Duplicate Page Plugins <= (Various Versions) - SQL Injection", "software": [ { "type": "plugin", "name": "Duplicate Page and Post", "slug": "duplicate-wp-page-post", "affected_versions": { "[*, 2.5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.7" ] }, { "type": "plugin", "name": "WP Post Page Clone", "slug": "wp-post-page-clone", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] }, { "type": "plugin", "name": "Duplicate Page", "slug": "duplicate-page", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76044985-477c-4d62-aec3-1905add0a9e2?source=api-scan" ], "published": "2020-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7612b680-fb4a-4c5a-aa46-fb3473da78b4": { "id": "7612b680-fb4a-4c5a-aa46-fb3473da78b4", "title": "Count Per Day <= 3.2.3 - Path Disclosure and Denial of Service", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7612b680-fb4a-4c5a-aa46-fb3473da78b4?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "761a4801-fc4a-40a0-b5aa-303d88a87062": { "id": "761a4801-fc4a-40a0-b5aa-303d88a87062", "title": "User Registration <= 1.5.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/761a4801-fc4a-40a0-b5aa-303d88a87062?source=api-scan" ], "published": "2019-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "761ec035-5961-45a5-8197-b5209df8bc3a": { "id": "761ec035-5961-45a5-8197-b5209df8bc3a", "title": "Jigoshop \u2013 Store Toolkit <= 1.3.8 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Jigoshop \u2013 Store Toolkit", "slug": "jigoshop-store-toolkit", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/761ec035-5961-45a5-8197-b5209df8bc3a?source=api-scan" ], "published": "2016-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "762190dc-cd19-4bc1-8204-9219881d95e9": { "id": "762190dc-cd19-4bc1-8204-9219881d95e9", "title": "Disqus Conditional Load <= 11.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings.", "software": [ { "type": "plugin", "name": "Disqus Conditional Load", "slug": "disqus-conditional-load", "affected_versions": { "* - 11.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "11.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/762190dc-cd19-4bc1-8204-9219881d95e9?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7632fe73-4011-4e6e-8ce7-38a9359ac259": { "id": "7632fe73-4011-4e6e-8ce7-38a9359ac259", "title": "Laposta <= 1.12 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Laposta", "slug": "laposta", "affected_versions": { "* - 1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7632fe73-4011-4e6e-8ce7-38a9359ac259?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7633b5cd-0e8f-4744-bfee-d6d54a44c143": { "id": "7633b5cd-0e8f-4744-bfee-d6d54a44c143", "title": "MyCryptoCheckout <= 2.123 - Reflected Cross-Site Scripting via url", "software": [ { "type": "plugin", "name": "MyCryptoCheckout \u2013 Bitcoin, Ethereum, and 100+ altcoins for WooCommerce", "slug": "mycryptocheckout", "affected_versions": { "* - 2.123": { "from_version": "*", "from_inclusive": true, "to_version": "2.123", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.124" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7633b5cd-0e8f-4744-bfee-d6d54a44c143?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7633efe4-f914-4683-a79b-baaa60975282": { "id": "7633efe4-f914-4683-a79b-baaa60975282", "title": "Contact Form by WPForms <= 1.5.8.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More", "slug": "wpforms-lite", "affected_versions": { "[*, 1.5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7633efe4-f914-4683-a79b-baaa60975282?source=api-scan" ], "published": "2020-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76345533-ec81-4a6e-bb20-12449dd63a27": { "id": "76345533-ec81-4a6e-bb20-12449dd63a27", "title": "AddThis <= 5.0.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Share Buttons Plugin \u2013 AddThis", "slug": "addthis", "affected_versions": { "[*, 5.0.13)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76345533-ec81-4a6e-bb20-12449dd63a27?source=api-scan" ], "published": "2015-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7638fd24-d376-4b5b-98bb-4a40ada6a4da": { "id": "7638fd24-d376-4b5b-98bb-4a40ada6a4da", "title": "WP Statistics <= 13.2.10 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "13.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7638fd24-d376-4b5b-98bb-4a40ada6a4da?source=api-scan" ], "published": "2023-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "763f0c23-49c8-4e7a-b1c1-d33eb5b1b7c2": { "id": "763f0c23-49c8-4e7a-b1c1-d33eb5b1b7c2", "title": "Digital Publications by Supsystic <= 1.7.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WordPress Flipbook by Supsystic", "slug": "digital-publications-by-supsystic", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/763f0c23-49c8-4e7a-b1c1-d33eb5b1b7c2?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "763fec04-72c5-4910-af97-f58b5b69a02e": { "id": "763fec04-72c5-4910-af97-f58b5b69a02e", "title": "WP Shortcode by MyThemeShop <= 1.4.16 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Shortcode by MyThemeShop", "slug": "wp-shortcode", "affected_versions": { "* - 1.4.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/763fec04-72c5-4910-af97-f58b5b69a02e?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "764aec73-f291-4372-9dde-812ffaf025ed": { "id": "764aec73-f291-4372-9dde-812ffaf025ed", "title": "WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps'", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/764aec73-f291-4372-9dde-812ffaf025ed?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76516f23-487f-48f6-82c0-88df651ddc65": { "id": "76516f23-487f-48f6-82c0-88df651ddc65", "title": "WordPress Core < 4.9.1 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.23": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.23", "to_inclusive": true }, "3.8 - 3.8.23": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.23", "to_inclusive": true }, "3.9 - 3.9.21": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.21", "to_inclusive": true }, "4.0 - 4.0.20": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.20", "to_inclusive": true }, "4.1 - 4.1.20": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.20", "to_inclusive": true }, "4.2 - 4.2.17": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.17", "to_inclusive": true }, "4.3 - 4.3.13": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.13", "to_inclusive": true }, "4.4 - 4.4.12": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.12", "to_inclusive": true }, "4.5 - 4.5.11": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.11", "to_inclusive": true }, "4.6 - 4.6.8": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.8", "to_inclusive": true }, "4.7 - 4.7.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true }, "4.8 - 4.8.3": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": true }, "4.9": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.24", "3.8.24", "3.9.22", "4.0.21", "4.1.21", "4.2.18", "4.3.14", "4.4.13", "4.5.12", "4.6.9", "4.7.8", "4.8.4", "4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76516f23-487f-48f6-82c0-88df651ddc65?source=api-scan" ], "published": "2017-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7659ac9b-fa4e-4cb7-9887-38aa65b6d1c3": { "id": "7659ac9b-fa4e-4cb7-9887-38aa65b6d1c3", "title": "tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "tagDiv Opt-In Builder", "slug": "td-subscription", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7659ac9b-fa4e-4cb7-9887-38aa65b6d1c3?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "765b09ef-dd6d-4c4e-a381-7bb0dc8d6652": { "id": "765b09ef-dd6d-4c4e-a381-7bb0dc8d6652", "title": "Easy Form by AYS <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Form by AYS \u2013 Form Builder Plugin for WordPress", "slug": "easy-form", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/765b09ef-dd6d-4c4e-a381-7bb0dc8d6652?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "765d0933-8db2-471c-ad4e-e19d3b4ff015": { "id": "765d0933-8db2-471c-ad4e-e19d3b4ff015", "title": "EventPrime \u2013 Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "765df8f4-438c-41b6-ac74-494f1b74cf33": { "id": "765df8f4-438c-41b6-ac74-494f1b74cf33", "title": "Cookiebot | GDPR\/CCPA Compliant Cookie Consent and Control <= 3.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie banner plugin for WordPress \u2013 Cookiebot CMP by Usercentrics", "slug": "cookiebot", "affected_versions": { "[*, 3.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/765df8f4-438c-41b6-ac74-494f1b74cf33?source=api-scan" ], "published": "2020-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "766003e7-712e-481b-b09d-91d62a325718": { "id": "766003e7-712e-481b-b09d-91d62a325718", "title": "Get URL Cron <= 1.4.7 - Missing Authorization via geturlcron_action_handle", "software": [ { "type": "plugin", "name": "Cron Setup and Monitor \u2013 Get URL Cron", "slug": "get-url-cron", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/766003e7-712e-481b-b09d-91d62a325718?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7661d648-543e-46c8-a859-fb722a0c3fc2": { "id": "7661d648-543e-46c8-a859-fb722a0c3fc2", "title": "ThirstyAffiliates Affiliate Link Manager <= 3.10.4 - Subscriber+ Arbitrary Affiliate Links Creation", "software": [ { "type": "plugin", "name": "ThirstyAffiliates \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "thirstyaffiliates", "affected_versions": { "* - 3.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7661d648-543e-46c8-a859-fb722a0c3fc2?source=api-scan" ], "published": "2022-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "766ac399-7280-4186-8972-94da813da85e": { "id": "766ac399-7280-4186-8972-94da813da85e", "title": "Newsletter2Go <= 4.0.14 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style", "software": [ { "type": "plugin", "name": "Newsletter2Go", "slug": "newsletter2go", "affected_versions": { "* - 4.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/766ac399-7280-4186-8972-94da813da85e?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "766b0bde-c555-40c1-b174-20045bd89c11": { "id": "766b0bde-c555-40c1-b174-20045bd89c11", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.37": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/766b0bde-c555-40c1-b174-20045bd89c11?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "766b5c62-0701-47d5-9839-445c2654d3e0": { "id": "766b5c62-0701-47d5-9839-445c2654d3e0", "title": "WP Accessibility < 1.7.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Accessibility", "slug": "wp-accessibility", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/766b5c62-0701-47d5-9839-445c2654d3e0?source=api-scan" ], "published": "2019-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "766c2aa5-e829-45b9-b6e3-0a522a0977d4": { "id": "766c2aa5-e829-45b9-b6e3-0a522a0977d4", "title": "Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "Posts and Users Stats", "slug": "posts-and-users-stats", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/766c2aa5-e829-45b9-b6e3-0a522a0977d4?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "766e34a9-ed95-4049-ba48-0bf69134e4ba": { "id": "766e34a9-ed95-4049-ba48-0bf69134e4ba", "title": "EventPrime < 3.2.0 - Reflected Cross-Site Scripting via keyword and ep_filter_date", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "[*, 3.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/766e34a9-ed95-4049-ba48-0bf69134e4ba?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "766e3966-157a-4db3-9179-813032343f76": { "id": "766e3966-157a-4db3-9179-813032343f76", "title": "RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/766e3966-157a-4db3-9179-813032343f76?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76734ad0-e8e8-4106-858b-0f77d2ac17ec": { "id": "76734ad0-e8e8-4106-858b-0f77d2ac17ec", "title": "Donation Block For PayPal <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donation Block For PayPal", "slug": "donations-block", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76734ad0-e8e8-4106-858b-0f77d2ac17ec?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7673b2ba-5d7a-4ae9-92e7-1a910687fdb8": { "id": "7673b2ba-5d7a-4ae9-92e7-1a910687fdb8", "title": "Brizy \u2013 Page Builder <= 2.4.39 - Authenticated (Contributor+) Directory Traversal", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.40": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7678b80f-3184-4979-b1f4-25cd75836010": { "id": "7678b80f-3184-4979-b1f4-25cd75836010", "title": "LWS Hide Login <= 2.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LWS Hide Login", "slug": "lws-hide-login", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7678b80f-3184-4979-b1f4-25cd75836010?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "767b1234-5b4a-4baa-9048-7b2e413cdba5": { "id": "767b1234-5b4a-4baa-9048-7b2e413cdba5", "title": "KB Support \u2013 WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure", "software": [ { "type": "plugin", "name": "KB Support \u2013 WordPress Help Desk and Knowledge Base", "slug": "kb-support", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/767b1234-5b4a-4baa-9048-7b2e413cdba5?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "767bd8dd-993f-48d3-92f1-669d2329f1ab": { "id": "767bd8dd-993f-48d3-92f1-669d2329f1ab", "title": "Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Universal Star Rating", "slug": "universal-star-rating", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/767bd8dd-993f-48d3-92f1-669d2329f1ab?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7681a661-21bd-42fb-ac97-1da808435520": { "id": "7681a661-21bd-42fb-ac97-1da808435520", "title": "Qubely <= 1.7.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Qubely \u2013 Advanced Gutenberg Blocks", "slug": "qubely", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7681a661-21bd-42fb-ac97-1da808435520?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7681f984-d488-4da7-afe1-988e5ad012f2": { "id": "7681f984-d488-4da7-afe1-988e5ad012f2", "title": "POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7681f984-d488-4da7-afe1-988e5ad012f2?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7683a91d-8c16-481e-a300-590ac378890a": { "id": "7683a91d-8c16-481e-a300-590ac378890a", "title": "Prime Slider \u2013 Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7683a91d-8c16-481e-a300-590ac378890a?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7691152e-f962-4d82-b877-df1345b703cc": { "id": "7691152e-f962-4d82-b877-df1345b703cc", "title": "add2fav <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "add2fav", "slug": "add2fav", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7691152e-f962-4d82-b877-df1345b703cc?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "769fbe66-fcf5-4b16-8cc3-7c9bc561257a": { "id": "769fbe66-fcf5-4b16-8cc3-7c9bc561257a", "title": "The WP Remote WordPress Plugin <= 4.64 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The WP Remote WordPress Plugin", "slug": "wpremote", "affected_versions": { "* - 4.64": { "from_version": "*", "from_inclusive": true, "to_version": "4.64", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/769fbe66-fcf5-4b16-8cc3-7c9bc561257a?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76a0a87a-dff0-4a51-bad0-8868c342ecde": { "id": "76a0a87a-dff0-4a51-bad0-8868c342ecde", "title": "User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode", "software": [ { "type": "plugin", "name": "User Shortcodes Plus", "slug": "user-shortcodes-plus", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76a1d39e-8d69-4507-b75c-d376a2122d15": { "id": "76a1d39e-8d69-4507-b75c-d376a2122d15", "title": "Flickr Justified Gallery <= 3.5 - Cross-Site Request Forgery via fjgwpp_settings()", "software": [ { "type": "plugin", "name": "Flickr Justified Gallery", "slug": "flickr-justified-gallery", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76a1d39e-8d69-4507-b75c-d376a2122d15?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76a4dbcd-b3f3-48e9-8175-c701837ac2ae": { "id": "76a4dbcd-b3f3-48e9-8175-c701837ac2ae", "title": "Chained Quiz <= 0.9.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 0.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76a4dbcd-b3f3-48e9-8175-c701837ac2ae?source=api-scan" ], "published": "2016-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76ac20e0-c4d1-40ad-8f15-70aad547f08f": { "id": "76ac20e0-c4d1-40ad-8f15-70aad547f08f", "title": "Expose (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Expose", "slug": "expose", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76ac20e0-c4d1-40ad-8f15-70aad547f08f?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76af3f0a-2e35-4059-960c-09769459bc01": { "id": "76af3f0a-2e35-4059-960c-09769459bc01", "title": "Resize at Upload Plus <= 1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Resize at Upload Plus", "slug": "resize-at-upload-plus", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76af3f0a-2e35-4059-960c-09769459bc01?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76af4656-547b-4daf-9078-8ed2b425d1ca": { "id": "76af4656-547b-4daf-9078-8ed2b425d1ca", "title": "WordPress Core < 4.8.2 - Open Redirect in Admin Dashboard", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76af4656-547b-4daf-9078-8ed2b425d1ca?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76b0c41c-c825-4ac2-8a7f-4b1a54f21f0b": { "id": "76b0c41c-c825-4ac2-8a7f-4b1a54f21f0b", "title": "Smart Start <= 1.0.8 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "SmartStart WP - Responsive HTML5 Theme | Creative", "slug": "smartstart", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76b0c41c-c825-4ac2-8a7f-4b1a54f21f0b?source=api-scan" ], "published": "2013-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76b11177-782a-4d9c-a974-4cb9ff55fa99": { "id": "76b11177-782a-4d9c-a974-4cb9ff55fa99", "title": "WPGlobus \u2013 Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[more_languages]", "software": [ { "type": "plugin", "name": "WPGlobus \u2013 Multilingual WordPress", "slug": "wpglobus", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76b11177-782a-4d9c-a974-4cb9ff55fa99?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76b25ae3-b813-4e79-a5e3-0af5e6eb8a06": { "id": "76b25ae3-b813-4e79-a5e3-0af5e6eb8a06", "title": "Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Platinum SEO", "slug": "platinum-seo-pack", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76b25ae3-b813-4e79-a5e3-0af5e6eb8a06?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76b3b5b7-fefe-44fb-a30e-c55226d4aaea": { "id": "76b3b5b7-fefe-44fb-a30e-c55226d4aaea", "title": "BrainCert \u2013 HTML5 Virtual Classroom <= 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BrainCert Virtual Classroom", "slug": "html5-virtual-classroom", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76b3b5b7-fefe-44fb-a30e-c55226d4aaea?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76b4e3d1-170c-4fe0-8e84-246b973d48b1": { "id": "76b4e3d1-170c-4fe0-8e84-246b973d48b1", "title": "Slideshow Gallery <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76b4e3d1-170c-4fe0-8e84-246b973d48b1?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76b8e263-7073-4f93-95cb-0b61580337b3": { "id": "76b8e263-7073-4f93-95cb-0b61580337b3", "title": "Send Emails with Mandrill <= 1.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Send Emails with Mandrill", "slug": "send-emails-with-mandrill", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76b8e263-7073-4f93-95cb-0b61580337b3?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76b987f1-2524-498a-a02c-a3ca390026e1": { "id": "76b987f1-2524-498a-a02c-a3ca390026e1", "title": "Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76b987f1-2524-498a-a02c-a3ca390026e1?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76ba273d-0919-45b3-8044-b8f0ff3972ab": { "id": "76ba273d-0919-45b3-8044-b8f0ff3972ab", "title": "Cooked <= 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.7.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76ba273d-0919-45b3-8044-b8f0ff3972ab?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76bb0578-d562-4612-b7aa-db49c43b2fe1": { "id": "76bb0578-d562-4612-b7aa-db49c43b2fe1", "title": "SmartIT Premium Responsive (Unspecified Version) - Information Disclosure", "software": [ { "type": "theme", "name": "SmartIT Premium Responsive", "slug": "smartit", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76bb0578-d562-4612-b7aa-db49c43b2fe1?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76c0d4f8-230d-452a-b39d-cbcb0af0fd72": { "id": "76c0d4f8-230d-452a-b39d-cbcb0af0fd72", "title": "Tutor LMS <= 1.8.7 - Authenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76c0d4f8-230d-452a-b39d-cbcb0af0fd72?source=api-scan" ], "published": "2021-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76c292dc-e9da-4256-82df-58ac5def4771": { "id": "76c292dc-e9da-4256-82df-58ac5def4771", "title": "Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76c292dc-e9da-4256-82df-58ac5def4771?source=api-scan" ], "published": "2024-09-12 17:39:27", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76c38826-4d49-4204-b6b6-b01d01373fa9": { "id": "76c38826-4d49-4204-b6b6-b01d01373fa9", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76c38826-4d49-4204-b6b6-b01d01373fa9?source=api-scan" ], "published": "2024-06-06 21:19:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76c39a00-b40a-4d06-96bc-864624e0ef8b": { "id": "76c39a00-b40a-4d06-96bc-864624e0ef8b", "title": "WP Spell Check <= 7.1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Spell Check", "slug": "wp-spell-check", "affected_versions": { "* - 7.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76c39a00-b40a-4d06-96bc-864624e0ef8b?source=api-scan" ], "published": "2019-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76c468cb-8ad6-4b62-8de5-dc8efd4b8e61": { "id": "76c468cb-8ad6-4b62-8de5-dc8efd4b8e61", "title": "Groundhogg <= 2.7.9.3 - Authenticated (Administrator)+ SQL Injection", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76c468cb-8ad6-4b62-8de5-dc8efd4b8e61?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76c8ffac-6971-4161-bd83-f53f6c6158db": { "id": "76c8ffac-6971-4161-bd83-f53f6c6158db", "title": "WP Event Aggregator <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress", "slug": "wp-event-aggregator", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76c8ffac-6971-4161-bd83-f53f6c6158db?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76ccc688-79c0-4b6e-aac9-cf18baf9af46": { "id": "76ccc688-79c0-4b6e-aac9-cf18baf9af46", "title": "Wufoo Shortcode <= 1.51 - Authenticated (Contributor+) Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Wufoo Shortcode", "slug": "wufoo-shortcode", "affected_versions": { "* - 1.51": { "from_version": "*", "from_inclusive": true, "to_version": "1.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76ccc688-79c0-4b6e-aac9-cf18baf9af46?source=api-scan" ], "published": "2023-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76cd5762-1ad4-4b76-8161-5a4ce4fc8118": { "id": "76cd5762-1ad4-4b76-8161-5a4ce4fc8118", "title": "Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "[*, 5.12.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.12.1" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "[*, 5.12.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76cd5762-1ad4-4b76-8161-5a4ce4fc8118?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76d57372-9fb5-4166-bfa9-835e3ff7b755": { "id": "76d57372-9fb5-4166-bfa9-835e3ff7b755", "title": "Tutor LMS <= 1.9.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76d57372-9fb5-4166-bfa9-835e3ff7b755?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76d7588e-7062-419a-b0a2-ddc1955a710c": { "id": "76d7588e-7062-419a-b0a2-ddc1955a710c", "title": "Counter Up \u2013 Animated Number Counter & Milestone Showcase <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Counter Up \u2013 Animated Number Counter & Milestone Showcase", "slug": "wp-counter-up", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76d7588e-7062-419a-b0a2-ddc1955a710c?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76d850dd-75f3-4671-9561-0e361d09a121": { "id": "76d850dd-75f3-4671-9561-0e361d09a121", "title": "Pods \u2013 Custom Content Types and Fields <= 2.7.28 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "* - 2.7.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76d850dd-75f3-4671-9561-0e361d09a121?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76d96ab1-e667-4242-aee3-95f8dfb07ccd": { "id": "76d96ab1-e667-4242-aee3-95f8dfb07ccd", "title": "WordPress File Monitor <= 2.3.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress File Monitor", "slug": "wordpress-file-monitor", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76d96ab1-e667-4242-aee3-95f8dfb07ccd?source=api-scan" ], "published": "2016-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76dc5fc0-adb9-401c-ab50-e0cb23a88fa3": { "id": "76dc5fc0-adb9-401c-ab50-e0cb23a88fa3", "title": "ListingPro <= 2.9.3 - Unauthenticated SQL Injection", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76dc5fc0-adb9-401c-ab50-e0cb23a88fa3?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76e185c3-d62b-42f7-a943-0498da2d76ce": { "id": "76e185c3-d62b-42f7-a943-0498da2d76ce", "title": "\u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS < 3.3.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS", "slug": "persian-woocommerce-sms", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76e185c3-d62b-42f7-a943-0498da2d76ce?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76e35dc6-a4d2-4dca-a186-395f0dd954aa": { "id": "76e35dc6-a4d2-4dca-a186-395f0dd954aa", "title": "ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Metadata", "software": [ { "type": "plugin", "name": "ActivityPub", "slug": "activitypub", "affected_versions": { "* - 0.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76e35dc6-a4d2-4dca-a186-395f0dd954aa?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76e41376-3db0-481b-9f86-bb77b00882e0": { "id": "76e41376-3db0-481b-9f86-bb77b00882e0", "title": "Mistape 1.4.0 - Backdoor", "software": [ { "type": "plugin", "name": "Mistape", "slug": "mistape", "affected_versions": { "1.4.0": { "from_version": "1.4.0", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76e41376-3db0-481b-9f86-bb77b00882e0?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76e46759-ff83-4a6b-b510-28965c88bb94": { "id": "76e46759-ff83-4a6b-b510-28965c88bb94", "title": "Additional Variation Images Gallery for WooCommerce <= 1.1.28 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Additional Variation Images Gallery for WooCommerce", "slug": "woo-variation-gallery", "affected_versions": { "[*, 1.1.29)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.29", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76e46759-ff83-4a6b-b510-28965c88bb94?source=api-scan" ], "published": "2019-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76eff464-69f0-47c1-bdcb-f8caa28a1280": { "id": "76eff464-69f0-47c1-bdcb-f8caa28a1280", "title": "User Photo <= 0.9.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "User Photo", "slug": "user-photo", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76eff464-69f0-47c1-bdcb-f8caa28a1280?source=api-scan" ], "published": "2011-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76f32441-ce6a-472d-a437-c284cb91eb8c": { "id": "76f32441-ce6a-472d-a437-c284cb91eb8c", "title": "WP Concours <= 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Concours", "slug": "wp-concours", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76f32441-ce6a-472d-a437-c284cb91eb8c?source=api-scan" ], "published": "2017-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76f9d37e-1339-4267-aaf6-38a591e97fa2": { "id": "76f9d37e-1339-4267-aaf6-38a591e97fa2", "title": "WP Database Backup <= 4.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "[*, 4.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76f9d37e-1339-4267-aaf6-38a591e97fa2?source=api-scan" ], "published": "2016-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76fb7f1d-4f41-4a73-acbf-c0f49f0123b4": { "id": "76fb7f1d-4f41-4a73-acbf-c0f49f0123b4", "title": "Two Factor Authentication <= 1.3.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Two Factor Authentication", "slug": "two-factor-authentication", "affected_versions": { "[*, 1.3.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76fb7f1d-4f41-4a73-acbf-c0f49f0123b4?source=api-scan" ], "published": "2018-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "76fe8746-582e-49a5-b0c1-19d2aaef44df": { "id": "76fe8746-582e-49a5-b0c1-19d2aaef44df", "title": "Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation", "software": [ { "type": "plugin", "name": "WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin", "slug": "timetics", "affected_versions": { "* - 1.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/76fe8746-582e-49a5-b0c1-19d2aaef44df?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7707ca04-e136-4d4b-869b-cd270359991e": { "id": "7707ca04-e136-4d4b-869b-cd270359991e", "title": "The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "[*, 2.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7707ca04-e136-4d4b-869b-cd270359991e?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "770f3c25-effb-40ea-bd1c-7874c456ab0e": { "id": "770f3c25-effb-40ea-bd1c-7874c456ab0e", "title": "Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Frontend Uploader", "slug": "frontend-uploader", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/770f3c25-effb-40ea-bd1c-7874c456ab0e?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "770fe29d-601b-487b-b102-d5027f09fc24": { "id": "770fe29d-601b-487b-b102-d5027f09fc24", "title": "what3words Address Field <= 4.0.0 - Authenticated (Administrator+) Sensitive Information Exposure in class-w3w-autosuggest-public.php", "software": [ { "type": "plugin", "name": "what3words Address Field", "slug": "3-word-address-validation-field", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/770fe29d-601b-487b-b102-d5027f09fc24?source=api-scan" ], "published": "2023-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77122403-5865-40d7-96d5-557147098c4e": { "id": "77122403-5865-40d7-96d5-557147098c4e", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77122403-5865-40d7-96d5-557147098c4e?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7717cd0f-6aac-4cb0-b27e-2517d5d7ecd9": { "id": "7717cd0f-6aac-4cb0-b27e-2517d5d7ecd9", "title": "Worthy \u2013 VG WORT Integration f\u00fcr WordPress <= 1.6.5-6497609 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Worthy \u2013 VG WORT Integration f\u00fcr WordPress", "slug": "wp-worthy", "affected_versions": { "[*, 1.6.5-6497609]": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5-6497609", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0-0cde1c2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7717cd0f-6aac-4cb0-b27e-2517d5d7ecd9?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "771da808-8962-46a3-8519-85d9422583f6": { "id": "771da808-8962-46a3-8519-85d9422583f6", "title": "Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Social Pixel", "slug": "ns-facebook-pixel-for-wp", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/771da808-8962-46a3-8519-85d9422583f6?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "771ecb8c-feb1-40ea-b47b-a2ae033b3c87": { "id": "771ecb8c-feb1-40ea-b47b-a2ae033b3c87", "title": "TM WooCommerce Compare & Wishlist <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "TM WooCommerce Compare & Wishlist", "slug": "tm-woocommerce-compare-wishlist", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/771ecb8c-feb1-40ea-b47b-a2ae033b3c87?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7720ae0a-edeb-4e76-9bb4-4a51265d192c": { "id": "7720ae0a-edeb-4e76-9bb4-4a51265d192c", "title": "Asset CleanUp: Page Speed Booster <= 1.3.9.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Asset CleanUp: Page Speed Booster", "slug": "wp-asset-clean-up", "affected_versions": { "* - 1.3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7720ae0a-edeb-4e76-9bb4-4a51265d192c?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77247a6b-2473-4b36-9ad8-b7802e4fad32": { "id": "77247a6b-2473-4b36-9ad8-b7802e4fad32", "title": "WP-WebAuthn <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode", "software": [ { "type": "plugin", "name": "WP-WebAuthn", "slug": "wp-webauthn", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77247a6b-2473-4b36-9ad8-b7802e4fad32?source=api-scan" ], "published": "2024-09-27 13:56:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "772c9330-97d5-42d5-a49c-d9a86a14b235": { "id": "772c9330-97d5-42d5-a49c-d9a86a14b235", "title": "Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/772c9330-97d5-42d5-a49c-d9a86a14b235?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "772e843b-00ea-45f5-b730-c9a793d4c2db": { "id": "772e843b-00ea-45f5-b730-c9a793d4c2db", "title": "Slider Revolution <= 6.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.6.14": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/772e843b-00ea-45f5-b730-c9a793d4c2db?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7730d670-d270-4755-bc9a-550498a28edb": { "id": "7730d670-d270-4755-bc9a-550498a28edb", "title": "Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Email posts to subscribers", "slug": "email-posts-to-subscribers", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7730d670-d270-4755-bc9a-550498a28edb?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7732742c-e8a9-4bd0-8013-76418a563fc2": { "id": "7732742c-e8a9-4bd0-8013-76418a563fc2", "title": "Contact List \u2013 Easy Business Directory, Staff Directory and Address Book Plugin <= 2.9.87 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Contact List \u2013 Premium Staff Listing, Business Directory Plugin & Address Book", "slug": "contact-list", "affected_versions": { "* - 2.9.87": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.88" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7732742c-e8a9-4bd0-8013-76418a563fc2?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "773b5a79-017a-4e16-b563-3aa2939fa179": { "id": "773b5a79-017a-4e16-b563-3aa2939fa179", "title": "Martins Free & Easy SEO BackLink Link Building Network <= 1.2.29 - Reflected Cross-Site Scripting via _wpnonce", "software": [ { "type": "plugin", "name": "Martins Free And Easy SEO BackLink Link Building Network, Improve Rankings And Traffic", "slug": "martins-link-network", "affected_versions": { "* - 1.2.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/773b5a79-017a-4e16-b563-3aa2939fa179?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "773ed184-1478-417d-9a57-93f3971d4bc8": { "id": "773ed184-1478-417d-9a57-93f3971d4bc8", "title": "Redirection for Contact Form 7 <= 2.3.3 - Unauthenticated Arbitrary Nonce Generation", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/773ed184-1478-417d-9a57-93f3971d4bc8?source=api-scan" ], "published": "2021-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77409977-6822-4d14-9842-cb6a5aff2162": { "id": "77409977-6822-4d14-9842-cb6a5aff2162", "title": "Radio Player <= 2.0.73 - Missing Authorization to Player Update", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77409977-6822-4d14-9842-cb6a5aff2162?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77440d6e-b660-433b-9953-c1f92644302e": { "id": "77440d6e-b660-433b-9953-c1f92644302e", "title": "Subscriber by BestWebSoft <= 1.3.4 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscriber by BestWebSoft", "slug": "subscriber", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77440d6e-b660-433b-9953-c1f92644302e?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77462f1f-f7d8-4d11-aaf1-82395897fcfa": { "id": "77462f1f-f7d8-4d11-aaf1-82395897fcfa", "title": "User Activity Log <= 1.6.6 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77462f1f-f7d8-4d11-aaf1-82395897fcfa?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "774776dc-3780-496c-907a-0d1f86a5d0ac": { "id": "774776dc-3780-496c-907a-0d1f86a5d0ac", "title": "Share This Image <= 1.98 - Open Redirect", "software": [ { "type": "plugin", "name": "Share This Image", "slug": "share-this-image", "affected_versions": { "* - 1.98": { "from_version": "*", "from_inclusive": true, "to_version": "1.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/774776dc-3780-496c-907a-0d1f86a5d0ac?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "774afb96-4385-4693-a446-c87f81b39feb": { "id": "774afb96-4385-4693-a446-c87f81b39feb", "title": "Redirection for Contact Form 7 <= 2.3.3 - Authenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/774afb96-4385-4693-a446-c87f81b39feb?source=api-scan" ], "published": "2021-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "774c00fb-82cd-44ca-bf96-3f6dfd1977d0": { "id": "774c00fb-82cd-44ca-bf96-3f6dfd1977d0", "title": "Getwid \u2013 Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/774c00fb-82cd-44ca-bf96-3f6dfd1977d0?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77537eb8-1c84-4702-aba1-727b0de1c3e1": { "id": "77537eb8-1c84-4702-aba1-727b0de1c3e1", "title": "Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "Mail Control \u2013 Email Customizer, SMTP Deliverability, logging, open and click Tracking", "slug": "mail-control", "affected_versions": { "* - 0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77537eb8-1c84-4702-aba1-727b0de1c3e1?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77582ba1-98b0-41c1-a665-e49704313823": { "id": "77582ba1-98b0-41c1-a665-e49704313823", "title": "TranslatePress <= 2.3.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Translate Multilingual sites \u2013 TranslatePress", "slug": "translatepress-multilingual", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77582ba1-98b0-41c1-a665-e49704313823?source=api-scan" ], "published": "2022-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "775860e5-87c9-4878-a629-d7a7cd0cbf1d": { "id": "775860e5-87c9-4878-a629-d7a7cd0cbf1d", "title": "WORDPRESS VIDEO GALLERY < 2.6 - SQL Injection", "software": [ { "type": "plugin", "name": "WORDPRESS VIDEO GALLERY", "slug": "contus-video-gallery", "affected_versions": { "[*, 2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/775860e5-87c9-4878-a629-d7a7cd0cbf1d?source=api-scan" ], "published": "2014-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7759b209-4211-4ee5-ae7a-42645f5d5e96": { "id": "7759b209-4211-4ee5-ae7a-42645f5d5e96", "title": "Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "[*, 13.1.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "13.1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7759b209-4211-4ee5-ae7a-42645f5d5e96?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7759d119-503f-4097-83ba-6c469276450d": { "id": "7759d119-503f-4097-83ba-6c469276450d", "title": "Cost Calculator <= 1.5 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cost Calculator", "slug": "nd-projects", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7759d119-503f-4097-83ba-6c469276450d?source=api-scan" ], "published": "2022-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "775d4ba7-7198-493c-bae0-7f3f78741b90": { "id": "775d4ba7-7198-493c-bae0-7f3f78741b90", "title": "Simply Schedule Appointments <= 1.6.5.27 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "[*, 1.6.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/775d4ba7-7198-493c-bae0-7f3f78741b90?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "775e9f94-b66d-4c22-81ef-c335c0654f08": { "id": "775e9f94-b66d-4c22-81ef-c335c0654f08", "title": "wpDataTables (Premium) <= 3.4 - SQL Injection", "software": [ { "type": "plugin", "name": "wpDataTables (Premium)", "slug": "wpdatatables", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/775e9f94-b66d-4c22-81ef-c335c0654f08?source=api-scan" ], "published": "2021-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7761fe7c-e7f5-4bab-8820-42e6fcabcb2f": { "id": "7761fe7c-e7f5-4bab-8820-42e6fcabcb2f", "title": "Ultimate Noindex Nofollow Tool II <= 1.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Noindex Nofollow Tool II", "slug": "ultimate-noindex-nofollow-tool-ii", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7761fe7c-e7f5-4bab-8820-42e6fcabcb2f?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7769f3d4-041d-445f-a5fc-d5bc9e45ed58": { "id": "7769f3d4-041d-445f-a5fc-d5bc9e45ed58", "title": "WPCOM Member <= 1.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPCOM Member", "slug": "wpcom-member", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7769f3d4-041d-445f-a5fc-d5bc9e45ed58?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "776a0059-9e9a-454a-a325-2e3a0e133000": { "id": "776a0059-9e9a-454a-a325-2e3a0e133000", "title": "SpiderVPlayer <= 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpiderVPlayer", "slug": "player", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/776a0059-9e9a-454a-a325-2e3a0e133000?source=api-scan" ], "published": "2013-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "776de802-5748-4b71-930b-6ff9e597ed93": { "id": "776de802-5748-4b71-930b-6ff9e597ed93", "title": "WPAdverts \u2013 Classifieds Plugin <= 2.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPAdverts \u2013 Classifieds Plugin", "slug": "wpadverts", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/776de802-5748-4b71-930b-6ff9e597ed93?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "776fc47e-a86c-43dc-8d5e-50273c4411b2": { "id": "776fc47e-a86c-43dc-8d5e-50273c4411b2", "title": "WordPress Download Manager <= 3.1.24 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.1.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/776fc47e-a86c-43dc-8d5e-50273c4411b2?source=api-scan" ], "published": "2021-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7770ab04-eb40-450e-ab8a-2a8e5d13d4a4": { "id": "7770ab04-eb40-450e-ab8a-2a8e5d13d4a4", "title": "GS Insever Portfolio <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GS Insever Portfolio", "slug": "gs-instagram-portfolio", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7770ab04-eb40-450e-ab8a-2a8e5d13d4a4?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7772c78e-3134-4855-ac4e-3520c584c2e7": { "id": "7772c78e-3134-4855-ac4e-3520c584c2e7", "title": "Simple Membership <= 4.2.1 - Authenticated (Contributor+) Cross Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7772c78e-3134-4855-ac4e-3520c584c2e7?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "777e2e60-46c3-496c-8263-f2e253014ba5": { "id": "777e2e60-46c3-496c-8263-f2e253014ba5", "title": "Get Use APIs \u2013 JSON Content Importer <= 1.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Get Use APIs \u2013 JSON Content Importer", "slug": "json-content-importer", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/777e2e60-46c3-496c-8263-f2e253014ba5?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7781e20b-c258-4bfd-9050-75a50a335628": { "id": "7781e20b-c258-4bfd-9050-75a50a335628", "title": "Export WP Page to Static HTML\/CSS <= 2.1.9 - Cross-Site Request Forgery via Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "Export WP Page to Static HTML\/CSS", "slug": "export-wp-page-to-static-html", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7781e20b-c258-4bfd-9050-75a50a335628?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77838bf8-7809-4dd6-87f1-a9bda40275a6": { "id": "77838bf8-7809-4dd6-87f1-a9bda40275a6", "title": "Otter Blocks PRO <= 2.6.3 - Unauthenticated Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Otter Blocks PRO \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-pro", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77838bf8-7809-4dd6-87f1-a9bda40275a6?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7783f6fd-02c9-4ff0-ba36-77a0ad5a4bb6": { "id": "7783f6fd-02c9-4ff0-ba36-77a0ad5a4bb6", "title": "Tainacan <= 0.21.8 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.21.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.21.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.21.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7783f6fd-02c9-4ff0-ba36-77a0ad5a4bb6?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77876d74-5825-4bd8-812e-87061d0470e6": { "id": "77876d74-5825-4bd8-812e-87061d0470e6", "title": "Advanced Custom Fields PRO 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "6.1 - 6.1.7": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77876d74-5825-4bd8-812e-87061d0470e6?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "778aa2be-ffcb-4d28-9efe-c29c8d5391bd": { "id": "778aa2be-ffcb-4d28-9efe-c29c8d5391bd", "title": "HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HDW Player Plugin (Video Player & Video Gallery)", "slug": "hdw-player-video-player-video-gallery", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/778aa2be-ffcb-4d28-9efe-c29c8d5391bd?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "778af777-4c98-45cd-9704-1bdc96054aa7": { "id": "778af777-4c98-45cd-9704-1bdc96054aa7", "title": "Poptin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Pop ups, WordPress Exit Intent Popup, Email Pop Up, Lightbox Pop Up, Spin the Wheel, Contact Form Builder \u2013 Poptin", "slug": "poptin", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/778af777-4c98-45cd-9704-1bdc96054aa7?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "778d8443-fc0f-4e97-8460-e5ceee8b62a1": { "id": "778d8443-fc0f-4e97-8460-e5ceee8b62a1", "title": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/778d8443-fc0f-4e97-8460-e5ceee8b62a1?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "778e2191-d764-44a1-9f52-9698e9183fd2": { "id": "778e2191-d764-44a1-9f52-9698e9183fd2", "title": "SlideOnline <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlideOnline", "slug": "slideonline", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/778e2191-d764-44a1-9f52-9698e9183fd2?source=api-scan" ], "published": "2023-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7790777d-9421-48c6-b789-f1feab109ec7": { "id": "7790777d-9421-48c6-b789-f1feab109ec7", "title": "Modal Window <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modal Window \u2013 create popup modal window", "slug": "modal-window", "affected_versions": { "* - 6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7790777d-9421-48c6-b789-f1feab109ec7?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77911b0f-c028-49ae-b85e-15909d806e30": { "id": "77911b0f-c028-49ae-b85e-15909d806e30", "title": "WhatsApp Share Button <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WhatsApp Share Button", "slug": "whatsapp", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77911b0f-c028-49ae-b85e-15909d806e30?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77930416-d79b-42bc-8a84-f7f140679a8a": { "id": "77930416-d79b-42bc-8a84-f7f140679a8a", "title": "SportsPress \u2013 Sports Club & League Manager <= 2.7.20 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "SportsPress \u2013 Sports Club & League Manager", "slug": "sportspress", "affected_versions": { "* - 2.7.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.21" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77930416-d79b-42bc-8a84-f7f140679a8a?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7794f043-0e0b-4ff3-b2dd-1caff8d7168d": { "id": "7794f043-0e0b-4ff3-b2dd-1caff8d7168d", "title": "Advanced Booking Calendar <= 1.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Booking Calendar", "slug": "advanced-booking-calendar", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7794f043-0e0b-4ff3-b2dd-1caff8d7168d?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "779ccc74-757d-4741-af82-53f8988ef9e0": { "id": "779ccc74-757d-4741-af82-53f8988ef9e0", "title": "Amazing Hover Effects <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Amazing Hover Effects", "slug": "amazing-hover-effects", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/779ccc74-757d-4741-af82-53f8988ef9e0?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "779ecd51-16d6-4799-aad7-372c5d5f2884": { "id": "779ecd51-16d6-4799-aad7-372c5d5f2884", "title": "WordPress Core < 3.4.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/779ecd51-16d6-4799-aad7-372c5d5f2884?source=api-scan" ], "published": "2012-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77a2d64f-852f-4cc2-9905-98c8f0930817": { "id": "77a2d64f-852f-4cc2-9905-98c8f0930817", "title": "FormCraft <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77a2d64f-852f-4cc2-9905-98c8f0930817?source=api-scan" ], "published": "2019-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77a85024-33ff-4056-89f6-991182d71b80": { "id": "77a85024-33ff-4056-89f6-991182d71b80", "title": "Dynamic Content for Elementor < 2.12.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Dynamic Content for Elementor", "slug": "dynamic-content-for-elementor", "affected_versions": { "[*, 2.12.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.12.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77a85024-33ff-4056-89f6-991182d71b80?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77a923d5-b73e-45cf-9617-09b4d5c8bb5a": { "id": "77a923d5-b73e-45cf-9617-09b4d5c8bb5a", "title": "Bit Assist <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button \u2013 Bit Assist", "slug": "bit-assist", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77a923d5-b73e-45cf-9617-09b4d5c8bb5a?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77acb885-1776-4a74-96d0-4edbf1a92917": { "id": "77acb885-1776-4a74-96d0-4edbf1a92917", "title": "Product Filter by WBW <= 2.5.0 - Missing Authorization via getListForTbl", "software": [ { "type": "plugin", "name": "Product Filter by WBW", "slug": "woo-product-filter", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77acb885-1776-4a74-96d0-4edbf1a92917?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77b7cf5d-2dad-4a4f-ae48-f1ab86065c2d": { "id": "77b7cf5d-2dad-4a4f-ae48-f1ab86065c2d", "title": "Careerfy <= 4.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77b7cf5d-2dad-4a4f-ae48-f1ab86065c2d?source=api-scan" ], "published": "2020-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77b7fb02-1b79-4b0b-99ab-fa042e86391a": { "id": "77b7fb02-1b79-4b0b-99ab-fa042e86391a", "title": "Meta Data Filter & Taxonomies Filter <= 1.2.7.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "[*, 2.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77b7fb02-1b79-4b0b-99ab-fa042e86391a?source=api-scan" ], "published": "2021-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77bed6ce-84e7-4b71-8acd-bb5b73e362d2": { "id": "77bed6ce-84e7-4b71-8acd-bb5b73e362d2", "title": "Email Obfuscate Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Obfuscate Shortcode", "slug": "email-obfuscate-shortcode", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77bed6ce-84e7-4b71-8acd-bb5b73e362d2?source=api-scan" ], "published": "2024-09-12 21:24:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77cb14b1-d9e5-4296-ad8c-6642327ef310": { "id": "77cb14b1-d9e5-4296-ad8c-6642327ef310", "title": "Remove slug from custom post type <= 1.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Remove slug from custom post type", "slug": "remove-slug-from-custom-post-type", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77cb14b1-d9e5-4296-ad8c-6642327ef310?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77cea6a1-d5e8-459c-97cc-9dc8f7c0f48f": { "id": "77cea6a1-d5e8-459c-97cc-9dc8f7c0f48f", "title": "IBS Mappro < 1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "IBS Mappro", "slug": "ibs-mappro", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77cea6a1-d5e8-459c-97cc-9dc8f7c0f48f?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77d56f61-7e45-405e-878d-fa3d53acede0": { "id": "77d56f61-7e45-405e-878d-fa3d53acede0", "title": "Kodex Posts likes <= 2.4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Kodex Posts likes", "slug": "kodex-posts-likes", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77d56f61-7e45-405e-878d-fa3d53acede0?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77d69631-9159-4619-9891-745dc2327e7c": { "id": "77d69631-9159-4619-9891-745dc2327e7c", "title": "ArtPlacer Widget <= 2.21.1 - Missing Authorization to Widget Deletion", "software": [ { "type": "plugin", "name": "ArtPlacer Widget", "slug": "artplacer-widget", "affected_versions": { "* - 2.21.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.21.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77d69631-9159-4619-9891-745dc2327e7c?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77d8d29b-b730-46be-a354-7abfa83ac664": { "id": "77d8d29b-b730-46be-a354-7abfa83ac664", "title": "Simple Page Ordering <= 2.5.0 - Missing Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Simple Page Ordering", "slug": "simple-page-ordering", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77d8d29b-b730-46be-a354-7abfa83ac664?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77db423c-af60-4539-8e3d-fde997741617": { "id": "77db423c-af60-4539-8e3d-fde997741617", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 3.38 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.38": { "from_version": "*", "from_inclusive": true, "to_version": "3.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77db423c-af60-4539-8e3d-fde997741617?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77db9906-ff6f-400c-bb02-8c64eb016a77": { "id": "77db9906-ff6f-400c-bb02-8c64eb016a77", "title": "Method <= 2.1 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Method", "slug": "method", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77db9906-ff6f-400c-bb02-8c64eb016a77?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77de0955-d6e4-4da0-8a71-772c404e5dc2": { "id": "77de0955-d6e4-4da0-8a71-772c404e5dc2", "title": "WP OAuth Server (OAuth Authentication) <= 4.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP OAuth Server (OAuth Authentication)", "slug": "oauth2-provider", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77de0955-d6e4-4da0-8a71-772c404e5dc2?source=api-scan" ], "published": "2022-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77ea4ba8-6c13-494a-92e3-12643003635b": { "id": "77ea4ba8-6c13-494a-92e3-12643003635b", "title": "WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "WooCommerce - Social Login", "slug": "woo-social-login", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77ea4ba8-6c13-494a-92e3-12643003635b?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77eb40c2-735a-49f2-9d07-5cf7535bd722": { "id": "77eb40c2-735a-49f2-9d07-5cf7535bd722", "title": "OptinMonster <= 2.6.4 - Unprotected REST-API Endpoints", "software": [ { "type": "plugin", "name": "Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation", "slug": "optinmonster", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77eb40c2-735a-49f2-9d07-5cf7535bd722?source=api-scan" ], "published": "2021-11-01 09:02:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77ebd648-3851-47ea-a5eb-86af4899727c": { "id": "77ebd648-3851-47ea-a5eb-86af4899727c", "title": "Tatsu <= 3.3.12 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Tatsu", "slug": "tatsu", "affected_versions": { "* - 3.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77ebd648-3851-47ea-a5eb-86af4899727c?source=api-scan" ], "published": "2022-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77f0c100-1e33-4f18-80df-ed607faba5f7": { "id": "77f0c100-1e33-4f18-80df-ed607faba5f7", "title": "Email Users < 4.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Email Users", "slug": "email-users", "affected_versions": { "[*, 4.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77f0c100-1e33-4f18-80df-ed607faba5f7?source=api-scan" ], "published": "2016-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77f12178-dc92-41fe-a289-222e83f72a27": { "id": "77f12178-dc92-41fe-a289-222e83f72a27", "title": "EPROLO Dropshipping <= 1.7.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "EPROLO Dropshipping", "slug": "eprolo-dropshipping", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77f12178-dc92-41fe-a289-222e83f72a27?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77f3db0c-d575-48a8-872a-a64fd77486de": { "id": "77f3db0c-d575-48a8-872a-a64fd77486de", "title": "WooCommerce <= 2.0.12 - Self-Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 2.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77f3db0c-d575-48a8-872a-a64fd77486de?source=api-scan" ], "published": "2013-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77fa042d-1e4f-4344-bf5a-3860add7aae3": { "id": "77fa042d-1e4f-4344-bf5a-3860add7aae3", "title": "Carrot <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Carrrot", "slug": "carrrot", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77fa042d-1e4f-4344-bf5a-3860add7aae3?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77faa23e-4475-43d9-b475-fe999cda7b62": { "id": "77faa23e-4475-43d9-b475-fe999cda7b62", "title": "No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "No Update Nag", "slug": "no-update-nag", "affected_versions": { "* - 1.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77faa23e-4475-43d9-b475-fe999cda7b62?source=api-scan" ], "published": "2024-08-08 20:35:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77fd0714-ae9d-4136-beed-7f37b1266dc9": { "id": "77fd0714-ae9d-4136-beed-7f37b1266dc9", "title": "iPages Flipbook < 1.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iPages Flipbook For WordPress", "slug": "ipages-flipbook", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77fd0714-ae9d-4136-beed-7f37b1266dc9?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77fdfb42-6540-43be-be5c-63dd6e1a34d7": { "id": "77fdfb42-6540-43be-be5c-63dd6e1a34d7", "title": "Headway < 3.8.9 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Headway", "slug": "headway", "affected_versions": { "[*, 3.8.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77fdfb42-6540-43be-be5c-63dd6e1a34d7?source=api-scan" ], "published": "2006-10-13 20:01:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77ff128b-952b-43a3-a57a-f274491ac022": { "id": "77ff128b-952b-43a3-a57a-f274491ac022", "title": "My Favorites <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Favorites", "slug": "my-favorites", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77ff128b-952b-43a3-a57a-f274491ac022?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "77ff6195-e2e6-49bd-a96e-d2f60b309368": { "id": "77ff6195-e2e6-49bd-a96e-d2f60b309368", "title": "Code Snippets <= 2.14.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Code Snippets", "slug": "code-snippets", "affected_versions": { "[*, 2.14.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.14.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/77ff6195-e2e6-49bd-a96e-d2f60b309368?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7801d3e1-90aa-434d-ae3d-9f19670280c0": { "id": "7801d3e1-90aa-434d-ae3d-9f19670280c0", "title": "LayerSlider <= 4.6.1 - Path Traversal", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7801d3e1-90aa-434d-ae3d-9f19670280c0?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7802ed1f-138c-4a3d-916c-80fb4f7699b2": { "id": "7802ed1f-138c-4a3d-916c-80fb4f7699b2", "title": "Booking Calendar <= 9.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 9.9": { "from_version": "*", "from_inclusive": true, "to_version": "9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7804c518-d0d6-474e-9a56-daf6a6eecccc": { "id": "7804c518-d0d6-474e-9a56-daf6a6eecccc", "title": "ZX_CSV Upload <= 1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "ZX_CSV Upload", "slug": "zx-csv-upload", "affected_versions": { "* - 1": { "from_version": "*", "from_inclusive": true, "to_version": "1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7804c518-d0d6-474e-9a56-daf6a6eecccc?source=api-scan" ], "published": "2016-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7808329f-1688-480c-a83c-c4ab2fa86da6": { "id": "7808329f-1688-480c-a83c-c4ab2fa86da6", "title": "WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "* - 1.5.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7808329f-1688-480c-a83c-c4ab2fa86da6?source=api-scan" ], "published": "2020-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7809697d-367a-4051-9865-440ba8ce7ad5": { "id": "7809697d-367a-4051-9865-440ba8ce7ad5", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7809697d-367a-4051-9865-440ba8ce7ad5?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7812dd30-2896-45a7-8920-92ea061f4da3": { "id": "7812dd30-2896-45a7-8920-92ea061f4da3", "title": "Elements Plus! <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elements Plus!", "slug": "elements-plus", "affected_versions": { "* - 2.16.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7812dd30-2896-45a7-8920-92ea061f4da3?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7815322d-a240-4855-b458-60caa3cec96c": { "id": "7815322d-a240-4855-b458-60caa3cec96c", "title": "Frontend Admin by DynamiApps Plugin <= 3.18.3 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Frontend Admin by DynamiApps", "slug": "acf-frontend-form-element", "affected_versions": { "* - 3.18.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.18.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.18.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7815322d-a240-4855-b458-60caa3cec96c?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7817a840-325a-4709-8374-84bb32d98d0e": { "id": "7817a840-325a-4709-8374-84bb32d98d0e", "title": "Web Stories <= 1.24.0 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Web Stories", "slug": "web-stories", "affected_versions": { "* - 1.24.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7817a840-325a-4709-8374-84bb32d98d0e?source=api-scan" ], "published": "2022-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7817f343-1ed6-4b76-afbe-1054de892422": { "id": "7817f343-1ed6-4b76-afbe-1054de892422", "title": "Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 6.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7817f343-1ed6-4b76-afbe-1054de892422?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "781987af-3753-46ec-9d56-fb8b6ef42277": { "id": "781987af-3753-46ec-9d56-fb8b6ef42277", "title": "Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget", "software": [ { "type": "plugin", "name": "Beaver Builder Addons by WPZOOM", "slug": "wpzoom-addons-for-beaver-builder", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/781987af-3753-46ec-9d56-fb8b6ef42277?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "781a15da-5747-4480-a8a6-2944632742c1": { "id": "781a15da-5747-4480-a8a6-2944632742c1", "title": "PHP Event Calendar for WordPress < 1.5.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "PHP Event Calendar for WordPress", "slug": "php-event-calendar", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/781a15da-5747-4480-a8a6-2944632742c1?source=api-scan" ], "published": "2015-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78203b98-15bc-4d8e-9278-c472b518be07": { "id": "78203b98-15bc-4d8e-9278-c472b518be07", "title": "Minimal Coming Soon \u2013 Coming Soon Page <= 2.37 - Unauthenticated Maintenance Mode Bypass", "software": [ { "type": "plugin", "name": "Minimal Coming Soon \u2013 Coming Soon Page", "slug": "minimal-coming-soon-maintenance-mode", "affected_versions": { "* - 2.37": { "from_version": "*", "from_inclusive": true, "to_version": "2.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78203b98-15bc-4d8e-9278-c472b518be07?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7821b17a-7da7-434f-8e3f-540e7d7cf6bb": { "id": "7821b17a-7da7-434f-8e3f-540e7d7cf6bb", "title": "Locatoraid Store Locator <= 3.9.47 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Locatoraid Store Locator", "slug": "locatoraid", "affected_versions": { "* - 3.9.47": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.47", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7821b17a-7da7-434f-8e3f-540e7d7cf6bb?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7826a6ab-50c4-4fc0-b58d-74084172b4e5": { "id": "7826a6ab-50c4-4fc0-b58d-74084172b4e5", "title": "Media Alt Renamer 0.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via _wp_attachment_image_alt postmeta", "software": [ { "type": "plugin", "name": "Media Alt Renamer", "slug": "media-alt-renamer", "affected_versions": { "0.0.1": { "from_version": "0.0.1", "from_inclusive": true, "to_version": "0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7826a6ab-50c4-4fc0-b58d-74084172b4e5?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "782bb81f-f325-4ed3-9154-3ce7831f5561": { "id": "782bb81f-f325-4ed3-9154-3ce7831f5561", "title": "Dynamics 365 Integration <= 1.3.17 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Dynamics 365 Integration", "slug": "integration-dynamics", "affected_versions": { "* - 1.3.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/782bb81f-f325-4ed3-9154-3ce7831f5561?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "782d0920-08dd-4df7-958c-3ed7128f3d55": { "id": "782d0920-08dd-4df7-958c-3ed7128f3d55", "title": "Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation", "software": [ { "type": "plugin", "name": "Child Theme Creator by Orbisius", "slug": "orbisius-child-theme-creator", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/782d0920-08dd-4df7-958c-3ed7128f3d55?source=api-scan" ], "published": "2020-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "782e30a7-6813-47b4-b447-d5f03dcb9dc4": { "id": "782e30a7-6813-47b4-b447-d5f03dcb9dc4", "title": "LearnPress <= 4.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "[*, 4.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/782e30a7-6813-47b4-b447-d5f03dcb9dc4?source=api-scan" ], "published": "2022-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "782e954f-1fdf-49fa-97bc-60f8fb8c4ecd": { "id": "782e954f-1fdf-49fa-97bc-60f8fb8c4ecd", "title": "AWP Classifieds <= 4.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds", "slug": "another-wordpress-classifieds-plugin", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/782e954f-1fdf-49fa-97bc-60f8fb8c4ecd?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78376368-4883-48ce-aad0-e1d5a993cd74": { "id": "78376368-4883-48ce-aad0-e1d5a993cd74", "title": "Image Hover Effects Ultimate <= 9.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)", "slug": "image-hover-effects-ultimate", "affected_versions": { "* - 9.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78376368-4883-48ce-aad0-e1d5a993cd74?source=api-scan" ], "published": "2022-05-04 06:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "783829c2-fe09-44a1-bbb5-2a694ad816ee": { "id": "783829c2-fe09-44a1-bbb5-2a694ad816ee", "title": "Easy Panorama <= 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Panorama", "slug": "easy-panorama", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/783829c2-fe09-44a1-bbb5-2a694ad816ee?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "783e5794-0d74-4b7a-a1cd-2b834a50c50c": { "id": "783e5794-0d74-4b7a-a1cd-2b834a50c50c", "title": "Reservation.Studio widget <= 1.0.11 - Cross-Site Request Forgery via plugin settings", "software": [ { "type": "plugin", "name": "Reservation.Studio widget", "slug": "reservation-studio-widget", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/783e5794-0d74-4b7a-a1cd-2b834a50c50c?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78422a30-bdc6-4e7c-a018-c3dc4b4be6a0": { "id": "78422a30-bdc6-4e7c-a018-c3dc4b4be6a0", "title": "Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxAddCategory", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78422a30-bdc6-4e7c-a018-c3dc4b4be6a0?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "784593ec-b635-4f59-9afb-ab506f786d21": { "id": "784593ec-b635-4f59-9afb-ab506f786d21", "title": "WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/784593ec-b635-4f59-9afb-ab506f786d21?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7848e904-b521-479b-bf7e-d695ad0163b0": { "id": "7848e904-b521-479b-bf7e-d695ad0163b0", "title": "Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 2.6.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7848e904-b521-479b-bf7e-d695ad0163b0?source=api-scan" ], "published": "2021-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "784e3b21-08f5-4cbc-b726-fe60e1faefea": { "id": "784e3b21-08f5-4cbc-b726-fe60e1faefea", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.4.95 - SQL Injection", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "* - 1.4.95": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.95", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.96" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/784e3b21-08f5-4cbc-b726-fe60e1faefea?source=api-scan" ], "published": "2015-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78579ed9-1540-44be-9884-51fc2afec2bd": { "id": "78579ed9-1540-44be-9884-51fc2afec2bd", "title": "WPBakery Page Builder for WordPress <= 6.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBakery Page Builder for WordPress", "slug": "js_composer", "affected_versions": { "* - 6.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78579ed9-1540-44be-9884-51fc2afec2bd?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7863f63c-11b5-43ac-9d68-8eb9925cdf7e": { "id": "7863f63c-11b5-43ac-9d68-8eb9925cdf7e", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7863f63c-11b5-43ac-9d68-8eb9925cdf7e?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78669d4f-3c1e-49e6-af8d-56f105f99d01": { "id": "78669d4f-3c1e-49e6-af8d-56f105f99d01", "title": "WordPress Core < 1.5.1.2 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 1.5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78669d4f-3c1e-49e6-af8d-56f105f99d01?source=api-scan" ], "published": "2005-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7867d651-dd15-4d91-a7ca-65f49cb94b65": { "id": "7867d651-dd15-4d91-a7ca-65f49cb94b65", "title": "Search Autocomplete < 1.0.9 - SQL Injection", "software": [ { "type": "plugin", "name": "SearchAutocomplete", "slug": "search-autocomplete", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7867d651-dd15-4d91-a7ca-65f49cb94b65?source=api-scan" ], "published": "2011-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "786d147b-2013-476b-a684-d070f07a166d": { "id": "786d147b-2013-476b-a684-d070f07a166d", "title": "AnyComment <= 0.3.4 - Open Redirect via redirect parameter", "software": [ { "type": "plugin", "name": "AnyComment", "slug": "anycomment", "affected_versions": { "[*, 0.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/786d147b-2013-476b-a684-d070f07a166d?source=api-scan" ], "published": "2021-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7870badf-a1c8-4a47-adac-d6535ab81d79": { "id": "7870badf-a1c8-4a47-adac-d6535ab81d79", "title": "CURCY <= 2.1.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CURCY \u2013 Multi Currency for WooCommerce \u2013 The best free currency exchange plugin \u2013 Run smoothly on WooCommerce 8.x", "slug": "woo-multi-currency", "affected_versions": { "* - 2.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7870badf-a1c8-4a47-adac-d6535ab81d79?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78759abf-4584-4beb-9ae7-39a5c3fe4b75": { "id": "78759abf-4584-4beb-9ae7-39a5c3fe4b75", "title": "YARPP \u2013 Yet Another Related Posts Plugin < 4.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "YARPP \u2013 Yet Another Related Posts Plugin", "slug": "yet-another-related-posts-plugin", "affected_versions": { "[*, 4.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78759abf-4584-4beb-9ae7-39a5c3fe4b75?source=api-scan" ], "published": "2015-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78760d4d-04fc-4a6c-8c0d-6bf897335651": { "id": "78760d4d-04fc-4a6c-8c0d-6bf897335651", "title": "Flamingo <= 2.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Flamingo", "slug": "flamingo", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78760d4d-04fc-4a6c-8c0d-6bf897335651?source=api-scan" ], "published": "2020-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78797c97-a5b8-4d2d-acd2-ebd508f2f836": { "id": "78797c97-a5b8-4d2d-acd2-ebd508f2f836", "title": "iFlyChat \u2013 WordPress Chat <= 4.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iFlyChat \u2013 WordPress Chat", "slug": "iflychat", "affected_versions": { "* - 4.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78797c97-a5b8-4d2d-acd2-ebd508f2f836?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "787a19cf-a553-4aec-96c5-978956826756": { "id": "787a19cf-a553-4aec-96c5-978956826756", "title": "WP Spell Check <= 9.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Spell Check", "slug": "wp-spell-check", "affected_versions": { "* - 9.12": { "from_version": "*", "from_inclusive": true, "to_version": "9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/787a19cf-a553-4aec-96c5-978956826756?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "787ab3f0-c8c4-46cd-bfbe-ac1ca508898a": { "id": "787ab3f0-c8c4-46cd-bfbe-ac1ca508898a", "title": "Better Font Awesome <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Better Font Awesome", "slug": "better-font-awesome", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/787ab3f0-c8c4-46cd-bfbe-ac1ca508898a?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78823184-e90a-4f5c-9f08-5ffc22787f16": { "id": "78823184-e90a-4f5c-9f08-5ffc22787f16", "title": "Avenir-soft Direct Download <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Avenir-soft Direct Download", "slug": "avenirsoft-directdownload", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78823184-e90a-4f5c-9f08-5ffc22787f16?source=api-scan" ], "published": "2015-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7886708a-8daa-465b-b820-53bf409e682c": { "id": "7886708a-8daa-465b-b820-53bf409e682c", "title": "Tidio Live Chat < 4.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tidio \u2013 Live Chat & AI Chatbots", "slug": "tidio-live-chat", "affected_versions": { "[*, 4.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7886708a-8daa-465b-b820-53bf409e682c?source=api-scan" ], "published": "2019-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7887e0a6-53bf-49c7-a7a6-7c65cec28cae": { "id": "7887e0a6-53bf-49c7-a7a6-7c65cec28cae", "title": "Refraction <= 1.3 - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Refraction", "slug": "refraction", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "rt_refraction_wp", "slug": "rt_refraction_wp", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7887e0a6-53bf-49c7-a7a6-7c65cec28cae?source=api-scan" ], "published": "2014-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "788bf199-bf09-4076-b5f1-129b6287096a": { "id": "788bf199-bf09-4076-b5f1-129b6287096a", "title": "Most Popular Posts Widget <= 0.8 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Most Popular Posts Widget", "slug": "most-popular-posts-widget-lite", "affected_versions": { "* - 0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/788bf199-bf09-4076-b5f1-129b6287096a?source=api-scan" ], "published": "2015-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "788e1c5c-67a9-4b06-a2cf-15c980e83618": { "id": "788e1c5c-67a9-4b06-a2cf-15c980e83618", "title": "CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "EasyBook \u2013 Hotel & Tour Booking WordPress Theme", "slug": "easybook", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "theme", "name": "TownHub - Directory & Listing WordPress Theme", "slug": "townhub", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "CityBook - Directory & Listing WordPress Theme", "slug": "citybook", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/788e1c5c-67a9-4b06-a2cf-15c980e83618?source=api-scan" ], "published": "2019-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "788fdee8-2eae-437e-8a8d-1d01776cbe6b": { "id": "788fdee8-2eae-437e-8a8d-1d01776cbe6b", "title": "Easyship WooCommerce Shipping Rates <= 0.8.9 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Easyship WooCommerce Shipping Rates", "slug": "easyship-woocommerce-shipping-rates", "affected_versions": { "* - 0.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/788fdee8-2eae-437e-8a8d-1d01776cbe6b?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78914fef-6ab4-49b8-8c67-3a634759194c": { "id": "78914fef-6ab4-49b8-8c67-3a634759194c", "title": "Tinymce Thumbnail Gallery <= 1.0.7 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Tinymce Thumbnail Gallery", "slug": "tinymce-thumbnail-gallery", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78914fef-6ab4-49b8-8c67-3a634759194c?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7891b657-a6bc-40e8-bf43-02b4c05d63a9": { "id": "7891b657-a6bc-40e8-bf43-02b4c05d63a9", "title": "Ultimate Store Kit Elementor Addons <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider", "slug": "ultimate-store-kit", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7891b657-a6bc-40e8-bf43-02b4c05d63a9?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "789497b1-36cf-4de2-bca0-52c0c2a08f72": { "id": "789497b1-36cf-4de2-bca0-52c0c2a08f72", "title": "BBSpoiler <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "BBSpoiler", "slug": "bbspoiler", "affected_versions": { "* - 2.01": { "from_version": "*", "from_inclusive": true, "to_version": "2.01", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/789497b1-36cf-4de2-bca0-52c0c2a08f72?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7894a19c-b873-4c5b-8c82-6656cc306ee2": { "id": "7894a19c-b873-4c5b-8c82-6656cc306ee2", "title": "Popup More <= 2.2.4 - Authenticated (Admin+) Directory Traversal to Limited Local File Inclusion", "software": [ { "type": "plugin", "name": "AI Popup", "slug": "popup-more", "affected_versions": { "2.1.6": { "from_version": "2.1.6", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7897ebc7-3ede-465e-b037-86096eb4435a": { "id": "7897ebc7-3ede-465e-b037-86096eb4435a", "title": "Photo Gallery by 10Web <= 1.8.20 - Missing Authorization", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7897ebc7-3ede-465e-b037-86096eb4435a?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78a411e3-5228-4ac2-bf39-6bdec5d9e313": { "id": "78a411e3-5228-4ac2-bf39-6bdec5d9e313", "title": "WP Login Security and History <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Login Security and History", "slug": "wp-login-security-and-history", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78a411e3-5228-4ac2-bf39-6bdec5d9e313?source=api-scan" ], "published": "2021-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78a464e0-f2d9-4916-aa93-d52a98757a91": { "id": "78a464e0-f2d9-4916-aa93-d52a98757a91", "title": "Bug Library <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bug Library", "slug": "bug-library", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78a464e0-f2d9-4916-aa93-d52a98757a91?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78a5b2ab-4735-41b9-8807-8f98586cd3d7": { "id": "78a5b2ab-4735-41b9-8807-8f98586cd3d7", "title": "The Plus Addons for Elementor Page Builder Lite <= 5.6.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78a5b2ab-4735-41b9-8807-8f98586cd3d7?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78a8feac-70f5-4593-a855-da66d3c7d6b6": { "id": "78a8feac-70f5-4593-a855-da66d3c7d6b6", "title": "Ultimate Blocks <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Blocks \u2013 WordPress Blocks Plugin", "slug": "ultimate-blocks", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78a8feac-70f5-4593-a855-da66d3c7d6b6?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78af081a-807b-48c8-82cd-f87fbef0fbe6": { "id": "78af081a-807b-48c8-82cd-f87fbef0fbe6", "title": "SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Edit\/Creation", "software": [ { "type": "plugin", "name": "SVS Pricing Tables", "slug": "svs-pricing-tables", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78af081a-807b-48c8-82cd-f87fbef0fbe6?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78b12984-72ce-493f-b1ef-200e96c6eb57": { "id": "78b12984-72ce-493f-b1ef-200e96c6eb57", "title": "Explicit (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Explicit", "slug": "explicit", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78b12984-72ce-493f-b1ef-200e96c6eb57?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78b24567-c185-4bef-b025-016b091be2e4": { "id": "78b24567-c185-4bef-b025-016b091be2e4", "title": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78b24567-c185-4bef-b025-016b091be2e4?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78b2e66b-7ef1-40f7-a65e-0ed979197a4c": { "id": "78b2e66b-7ef1-40f7-a65e-0ed979197a4c", "title": "WP Directory Kit <= 1.3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78b2e66b-7ef1-40f7-a65e-0ed979197a4c?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78b60dca-0225-43c8-b6cf-0213b1619b65": { "id": "78b60dca-0225-43c8-b6cf-0213b1619b65", "title": "PJ News Ticker <= 1.9.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "PJ News Ticker", "slug": "pj-news-ticker", "affected_versions": { "* - 1.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78b60dca-0225-43c8-b6cf-0213b1619b65?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78b79a03-f2d0-42bb-a6e9-298c6cdd2ffa": { "id": "78b79a03-f2d0-42bb-a6e9-298c6cdd2ffa", "title": "Better Comments <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Comments", "slug": "better-comments", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78b79a03-f2d0-42bb-a6e9-298c6cdd2ffa?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78b98f21-ac0c-496b-8cb9-8d2f3bd751b1": { "id": "78b98f21-ac0c-496b-8cb9-8d2f3bd751b1", "title": "WordPress Core < 5.3.1 - Stored Cross-Site Scripting via Block Editor", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.31": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.31", "to_inclusive": true }, "3.8 - 3.8.31": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.31", "to_inclusive": true }, "3.9 - 3.9.29": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.29", "to_inclusive": true }, "4.0 - 4.0.28": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.28", "to_inclusive": true }, "4.1 - 4.1.28": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.28", "to_inclusive": true }, "4.2 - 4.2.25": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.25", "to_inclusive": true }, "4.3 - 4.3.21": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.21", "to_inclusive": true }, "4.4 - 4.4.20": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.20", "to_inclusive": true }, "4.5 - 4.5.19": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.19", "to_inclusive": true }, "4.6 - 4.6.16": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.16", "to_inclusive": true }, "4.7 - 4.7.15": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.15", "to_inclusive": true }, "4.8 - 4.8.11": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.11", "to_inclusive": true }, "4.9 - 4.9.12": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.12", "to_inclusive": true }, "5.0 - 5.0.7": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true }, "5.1 - 5.1.3": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true }, "5.2 - 5.2.4": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": true }, "5.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.32", "3.8.32", "3.9.30", "4.0.29", "4.1.29", "4.2.26", "4.3.22", "4.4.21", "4.5.20", "4.6.17", "4.7.16", "4.8.12", "4.9.13", "5.0.8", "5.1.4", "5.2.5", "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78b98f21-ac0c-496b-8cb9-8d2f3bd751b1?source=api-scan" ], "published": "2019-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78ba132c-b5b4-4999-a0ec-67d17ae2857f": { "id": "78ba132c-b5b4-4999-a0ec-67d17ae2857f", "title": "Social Web Suite \u2013 Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download", "software": [ { "type": "plugin", "name": "Social Web Suite \u2013 Social Media Auto Post, Social Media Auto Publish", "slug": "social-web-suite", "affected_versions": { "* - 4.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78ba132c-b5b4-4999-a0ec-67d17ae2857f?source=api-scan" ], "published": "2024-10-02 15:30:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78bb5e18-5535-4cee-a38b-e38802059ef7": { "id": "78bb5e18-5535-4cee-a38b-e38802059ef7", "title": "Paid Memberships Pro <= 2.0.5 - Open Redirect", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78bb5e18-5535-4cee-a38b-e38802059ef7?source=api-scan" ], "published": "2019-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78c19531-550d-4b97-a30d-adcaad43b53b": { "id": "78c19531-550d-4b97-a30d-adcaad43b53b", "title": "Appointment Booking Calendar < 1.3.19 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "[*, 1.3.19)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78c19531-550d-4b97-a30d-adcaad43b53b?source=api-scan" ], "published": "2019-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78c6c5ff-8658-4a3d-be01-2141d1cff8bf": { "id": "78c6c5ff-8658-4a3d-be01-2141d1cff8bf", "title": "ARForms <= 6.4 - Missing Authorization to Arbitrary Option Deletion", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78c6c5ff-8658-4a3d-be01-2141d1cff8bf?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78c88402-52ca-44ff-8767-1f843fcb66fd": { "id": "78c88402-52ca-44ff-8767-1f843fcb66fd", "title": "Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update", "software": [ { "type": "plugin", "name": "Oxygen Builder", "slug": "oxygenbuilder", "affected_versions": { "* - 4.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78c88402-52ca-44ff-8767-1f843fcb66fd?source=api-scan" ], "published": "2024-08-26 15:48:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78ca8110-fd39-4fcb-bac7-94732c14aee2": { "id": "78ca8110-fd39-4fcb-bac7-94732c14aee2", "title": "PixelYourSite <= 5.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager", "slug": "pixelyoursite", "affected_versions": { "[*, 5.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78ca8110-fd39-4fcb-bac7-94732c14aee2?source=api-scan" ], "published": "2018-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78ce6a2a-aa28-4ae9-a2e7-ca3861a9677f": { "id": "78ce6a2a-aa28-4ae9-a2e7-ca3861a9677f", "title": "Internal Link Building <= 1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Internal Link Building", "slug": "internal-link-building-plugin", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78ce6a2a-aa28-4ae9-a2e7-ca3861a9677f?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78d7920b-3e20-43c7-a522-72bac824c2cb": { "id": "78d7920b-3e20-43c7-a522-72bac824c2cb", "title": "Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.15.21 - Missing Authorization via seedprod_lite_new_lpage", "software": [ { "type": "plugin", "name": "Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode", "slug": "coming-soon", "affected_versions": { "* - 6.15.21": { "from_version": "*", "from_inclusive": true, "to_version": "6.15.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.15.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78d7920b-3e20-43c7-a522-72bac824c2cb?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78d8ddc9-69ad-4d69-ac23-5a31dfeafd54": { "id": "78d8ddc9-69ad-4d69-ac23-5a31dfeafd54", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.107": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.107", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.108" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78d8ddc9-69ad-4d69-ac23-5a31dfeafd54?source=api-scan" ], "published": "2024-05-29 15:02:34", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78da1f88-2446-4ea5-9437-a118324ab6c2": { "id": "78da1f88-2446-4ea5-9437-a118324ab6c2", "title": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers", "slug": "email-encoder-bundle", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78da1f88-2446-4ea5-9437-a118324ab6c2?source=api-scan" ], "published": "2024-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78da9e79-399e-43e3-ac27-a162861cae71": { "id": "78da9e79-399e-43e3-ac27-a162861cae71", "title": "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request", "software": [ { "type": "plugin", "name": "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages", "slug": "wc4bp", "affected_versions": { "* - 3.4.20": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78da9e79-399e-43e3-ac27-a162861cae71?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78dae5be-a71b-45bc-8814-7cc86233ae90": { "id": "78dae5be-a71b-45bc-8814-7cc86233ae90", "title": "Divi Torque Lite \u2013 Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Divi Torque Lite \u2013 Divi Theme and Extra Theme", "slug": "addons-for-divi", "affected_versions": { "* - 3.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78dae5be-a71b-45bc-8814-7cc86233ae90?source=api-scan" ], "published": "2024-06-11 16:52:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78dc41f0-117e-44f6-b387-283353b1e8cc": { "id": "78dc41f0-117e-44f6-b387-283353b1e8cc", "title": "Cards for Beaver Builder <= 1.1.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cards for Beaver Builder", "slug": "bb-bootstrap-cards", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78dc41f0-117e-44f6-b387-283353b1e8cc?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78e27833-d5e5-4ed9-b8a2-98a14586651a": { "id": "78e27833-d5e5-4ed9-b8a2-98a14586651a", "title": "WP EasyCart <= 5.5.19 - Missing Authorization", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.5.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78e27833-d5e5-4ed9-b8a2-98a14586651a?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78e35c10-2480-4b23-8f5c-a196ccdc71f2": { "id": "78e35c10-2480-4b23-8f5c-a196ccdc71f2", "title": "Gallery Images Ape <= 2.2.8 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Images Ape", "slug": "gallery-images-ape", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78e35c10-2480-4b23-8f5c-a196ccdc71f2?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78e49869-5e7e-45f2-8239-4df18b28db53": { "id": "78e49869-5e7e-45f2-8239-4df18b28db53", "title": "Advanced WordPress Backgrounds <= 1.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via imageTag Parameter", "software": [ { "type": "plugin", "name": "Advanced WordPress Backgrounds", "slug": "advanced-backgrounds", "affected_versions": { "* - 1.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78e49869-5e7e-45f2-8239-4df18b28db53?source=api-scan" ], "published": "2024-09-10 18:48:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78e604e8-42f3-4c53-a59a-86a49043bde1": { "id": "78e604e8-42f3-4c53-a59a-86a49043bde1", "title": "Feed Comments Number <= 0.2.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Feed Comments Number", "slug": "feed-comments-number", "affected_versions": { "* - 0.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78e604e8-42f3-4c53-a59a-86a49043bde1?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78e79423-7b69-4d85-a939-96eb5385624c": { "id": "78e79423-7b69-4d85-a939-96eb5385624c", "title": "WP Basic Elements <= 5.2.15 - Cross-Site Request Forgery via wpbe_save_settings", "software": [ { "type": "plugin", "name": "WP Basic Elements", "slug": "wp-basic-elements", "affected_versions": { "* - 5.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78e79423-7b69-4d85-a939-96eb5385624c?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78e7b65d-91f8-477e-b992-3148c1b65d7b": { "id": "78e7b65d-91f8-477e-b992-3148c1b65d7b", "title": "FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing", "software": [ { "type": "plugin", "name": "FileOrganizer \u2013 Manage WordPress and Website Files", "slug": "fileorganizer", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78e7b65d-91f8-477e-b992-3148c1b65d7b?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78e7d0f7-b588-407b-bb3e-068589114ab0": { "id": "78e7d0f7-b588-407b-bb3e-068589114ab0", "title": "flashy <= 1.3 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "flashy", "slug": "flashy", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78e7d0f7-b588-407b-bb3e-068589114ab0?source=api-scan" ], "published": "2015-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78e9beef-4d2b-4004-8db7-4963882e405b": { "id": "78e9beef-4d2b-4004-8db7-4963882e405b", "title": "Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78e9beef-4d2b-4004-8db7-4963882e405b?source=api-scan" ], "published": "2024-07-03 14:51:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78eeef12-123b-42f6-b446-c3f2d43153fd": { "id": "78eeef12-123b-42f6-b446-c3f2d43153fd", "title": "jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode", "software": [ { "type": "plugin", "name": "jQuery T(-) Countdown Widget", "slug": "jquery-t-countdown-widget", "affected_versions": { "* - 2.3.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.25", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78eeef12-123b-42f6-b446-c3f2d43153fd?source=api-scan" ], "published": "2024-05-22 12:56:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f04982-7f42-4c10-9fad-2584a26a4c79": { "id": "78f04982-7f42-4c10-9fad-2584a26a4c79", "title": "Multilanguage by BestWebSoft < 1.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multilanguage by BestWebSoft \u2013 WordPress Translation Plugin and Language Switcher", "slug": "multilanguage", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f04982-7f42-4c10-9fad-2584a26a4c79?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f08c2b-c6e4-431e-bbbd-5dd082b29195": { "id": "78f08c2b-c6e4-431e-bbbd-5dd082b29195", "title": "Age Verify <= 0.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Age Verify", "slug": "age-verify", "affected_versions": { "* - 0.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f08c2b-c6e4-431e-bbbd-5dd082b29195?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f3c503-e255-44d2-8432-48dc2c5f553d": { "id": "78f3c503-e255-44d2-8432-48dc2c5f553d", "title": "MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Message Update", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f3c503-e255-44d2-8432-48dc2c5f553d?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f3e63b-1d60-47bb-9366-dbdd81d6ed19": { "id": "78f3e63b-1d60-47bb-9366-dbdd81d6ed19", "title": "SlideShare for WordPress by Yoast <= 1.9.1 - Admin+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlideShare for WordPress by Yoast", "slug": "slideshare", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f3e63b-1d60-47bb-9366-dbdd81d6ed19?source=api-scan" ], "published": "2016-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f4709b-0560-48c6-a26c-d806311758a3": { "id": "78f4709b-0560-48c6-a26c-d806311758a3", "title": "Annual Archive <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Annual Archive", "slug": "anual-archive", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f4709b-0560-48c6-a26c-d806311758a3?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f6d878-6ba8-4d80-9c9b-1a363d6aaed5": { "id": "78f6d878-6ba8-4d80-9c9b-1a363d6aaed5", "title": "Simple Blog Card <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Blog Card", "slug": "simple-blog-card", "affected_versions": { "* - 1.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f6d878-6ba8-4d80-9c9b-1a363d6aaed5?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f745f9-c44e-4458-9381-f639c842a31e": { "id": "78f745f9-c44e-4458-9381-f639c842a31e", "title": "Contest Gallery <= 13.1.0.9 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 13.1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f745f9-c44e-4458-9381-f639c842a31e?source=api-scan" ], "published": "2021-12-20 12:39:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f90656-49cb-4f13-8488-45a601048ade": { "id": "78f90656-49cb-4f13-8488-45a601048ade", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 5.5.2 - Reflected Cross-Site Scripting via s parameter", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "[*, 6.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f90656-49cb-4f13-8488-45a601048ade?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78f96d7f-aeca-4959-9573-0fb6402de007": { "id": "78f96d7f-aeca-4959-9573-0fb6402de007", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78f96d7f-aeca-4959-9573-0fb6402de007?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78fce739-5cc7-4a7f-bf3b-665f35ef3579": { "id": "78fce739-5cc7-4a7f-bf3b-665f35ef3579", "title": "LayerSlider <= 7.1.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "* - 7.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78fce739-5cc7-4a7f-bf3b-665f35ef3579?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78fd9dcf-228e-46ec-b34f-2cb0c87cc895": { "id": "78fd9dcf-228e-46ec-b34f-2cb0c87cc895", "title": "Guest Author <= 2.3 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Guest Author", "slug": "guest-author", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78fd9dcf-228e-46ec-b34f-2cb0c87cc895?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78fedd41-f0ab-4148-a798-88de62f27008": { "id": "78fedd41-f0ab-4148-a798-88de62f27008", "title": "NextGen Gallery <= 2.1.77 - SQL Injection", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.1.77": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.77", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.79" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78fedd41-f0ab-4148-a798-88de62f27008?source=api-scan" ], "published": "2017-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "78fef897-fcef-4238-9925-0ce610ee7686": { "id": "78fef897-fcef-4238-9925-0ce610ee7686", "title": "Import and export users and customers <= 1.14.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.14.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/78fef897-fcef-4238-9925-0ce610ee7686?source=api-scan" ], "published": "2019-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79097eee-f76b-459e-9e7d-03013ee21695": { "id": "79097eee-f76b-459e-9e7d-03013ee21695", "title": "Social Auto Poster <= 5.3.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79097eee-f76b-459e-9e7d-03013ee21695?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "790bd89d-3913-4b43-9b00-7d4de5c4227d": { "id": "790bd89d-3913-4b43-9b00-7d4de5c4227d", "title": "Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode", "software": [ { "type": "plugin", "name": "Progress Bar", "slug": "progress-bar", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/790bd89d-3913-4b43-9b00-7d4de5c4227d?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7911c774-3fb0-4d6c-a847-101e5ad8637a": { "id": "7911c774-3fb0-4d6c-a847-101e5ad8637a", "title": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.14.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7911c774-3fb0-4d6c-a847-101e5ad8637a?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79172fe3-c0cf-48c4-8bc5-862c628c1a09": { "id": "79172fe3-c0cf-48c4-8bc5-862c628c1a09", "title": "WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover\/Privilege Escalation", "software": [ { "type": "plugin", "name": "WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible", "slug": "wc-frontend-manager", "affected_versions": { "* - 6.7.12": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79172fe3-c0cf-48c4-8bc5-862c628c1a09?source=api-scan" ], "published": "2024-09-24 17:50:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "791a7063-fb1e-4147-b253-8baf889307c6": { "id": "791a7063-fb1e-4147-b253-8baf889307c6", "title": "MainWP <= 4.4.3.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "MainWP Dashboard: WordPress Management without the SaaS", "slug": "mainwp", "affected_versions": { "* - 4.4.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/791a7063-fb1e-4147-b253-8baf889307c6?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "791ae60d-f2b7-4a53-9008-35cd2d465124": { "id": "791ae60d-f2b7-4a53-9008-35cd2d465124", "title": "AddToAny Share Buttons <= 1.7.45 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AddToAny Share Buttons", "slug": "add-to-any", "affected_versions": { "[*, 1.7.46)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.46", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/791ae60d-f2b7-4a53-9008-35cd2d465124?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7921c896-dca4-460d-90dc-458eb0d82334": { "id": "7921c896-dca4-460d-90dc-458eb0d82334", "title": "Choices (All Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Choices", "slug": "choices", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7921c896-dca4-460d-90dc-458eb0d82334?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "792282d1-5f43-4511-becc-9c5bb5ae513a": { "id": "792282d1-5f43-4511-becc-9c5bb5ae513a", "title": "Simple Membership <= 4.1.2 - Membership Privilege Escalation", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/792282d1-5f43-4511-becc-9c5bb5ae513a?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7927edf2-b092-4b56-83aa-038f99ea658e": { "id": "7927edf2-b092-4b56-83aa-038f99ea658e", "title": "WooCommerce PDF Invoices <= 4.2.1 - Authenticated(Shop Manager+) Arbitrary Options Update via JSON Import", "software": [ { "type": "plugin", "name": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels", "slug": "print-invoices-packing-slip-labels-for-woocommerce", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7927edf2-b092-4b56-83aa-038f99ea658e?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79289ad7-f289-4472-973d-d0ec2996c5c5": { "id": "79289ad7-f289-4472-973d-d0ec2996c5c5", "title": "Visual Form Builder <= 2.8.2 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Visual Form Builder", "slug": "visual-form-builder", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79289ad7-f289-4472-973d-d0ec2996c5c5?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "792d6c70-4c17-493a-bb4a-08a55e8240d3": { "id": "792d6c70-4c17-493a-bb4a-08a55e8240d3", "title": "RSVP and Event Management Plugin <= 2.3.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSVP and Event Management", "slug": "rsvp", "affected_versions": { "[*, 2.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/792d6c70-4c17-493a-bb4a-08a55e8240d3?source=api-scan" ], "published": "2017-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "793082f8-5b5e-4973-819c-d2f11d1a596e": { "id": "793082f8-5b5e-4973-819c-d2f11d1a596e", "title": "BetterLinks \u2013 Shorten, Track and Manage any URL <= 1.2.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BetterLinks \u2013 An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing", "slug": "betterlinks", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/793082f8-5b5e-4973-819c-d2f11d1a596e?source=api-scan" ], "published": "2021-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7934c73c-17cf-4cec-a8da-654cee453b8f": { "id": "7934c73c-17cf-4cec-a8da-654cee453b8f", "title": "Backup by Supsystic <= 2.3.11 - Cross-Site Request Forgery to Arbitrary File Download\/Deletion", "software": [ { "type": "plugin", "name": "Backup by Supsystic", "slug": "backup-by-supsystic", "affected_versions": { "* - 2.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7934c73c-17cf-4cec-a8da-654cee453b8f?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "793594f7-6325-4561-ad74-a08aebc20c53": { "id": "793594f7-6325-4561-ad74-a08aebc20c53", "title": "SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "SKU Label Changer For WooCommerce", "slug": "woo-sku-label-changer", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/793594f7-6325-4561-ad74-a08aebc20c53?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "793df609-77bb-47fd-8383-93884675f217": { "id": "793df609-77bb-47fd-8383-93884675f217", "title": "CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CRM Perks Forms \u2013 WordPress Form Builder", "slug": "crm-perks-forms", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/793df609-77bb-47fd-8383-93884675f217?source=api-scan" ], "published": "2022-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "793e650c-27f7-4eff-9922-8e01ba24e96d": { "id": "793e650c-27f7-4eff-9922-8e01ba24e96d", "title": "MDC YouTube Downloader < 2.1.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "MDC YouTube Downloader", "slug": "mdc-youtube-downloader", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/793e650c-27f7-4eff-9922-8e01ba24e96d?source=api-scan" ], "published": "2015-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "793f27ec-a3bb-4273-a41c-cc5b04c8e8fc": { "id": "793f27ec-a3bb-4273-a41c-cc5b04c8e8fc", "title": "JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion", "software": [ { "type": "plugin", "name": "JetElements", "slug": "jet-elements", "affected_versions": { "* - 2.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/793f27ec-a3bb-4273-a41c-cc5b04c8e8fc?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7941a6d3-9785-4dcb-ac56-17d4611f5201": { "id": "7941a6d3-9785-4dcb-ac56-17d4611f5201", "title": "Gallery Slideshow <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Slideshow", "slug": "gallery-slideshow", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7941a6d3-9785-4dcb-ac56-17d4611f5201?source=api-scan" ], "published": "2024-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7943c21b-dfc3-4f31-a636-0a1a745628bf": { "id": "7943c21b-dfc3-4f31-a636-0a1a745628bf", "title": "Structured Content <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Structured Content (JSON-LD) #wpsc", "slug": "structured-content", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7943c21b-dfc3-4f31-a636-0a1a745628bf?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7945110e-2a9d-4e0e-b0e8-77c16694993b": { "id": "7945110e-2a9d-4e0e-b0e8-77c16694993b", "title": "Dynamics 365 Integration <= 1.3.12 - Cross-Site Request Forgery via wp_ajax_wpcrm_log", "software": [ { "type": "plugin", "name": "Dynamics 365 Integration", "slug": "integration-dynamics", "affected_versions": { "* - 1.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7945110e-2a9d-4e0e-b0e8-77c16694993b?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "794bc5cd-c9ac-4583-ae3d-a92361374b5f": { "id": "794bc5cd-c9ac-4583-ae3d-a92361374b5f", "title": "MAS Static Content <= 1.0.8 - Authenticated (Contributor+) Private Static Content Page Disclosure", "software": [ { "type": "plugin", "name": "MAS Static Content", "slug": "mas-static-content", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/794bc5cd-c9ac-4583-ae3d-a92361374b5f?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79545b24-b325-486b-b34f-87bba14b8cd4": { "id": "79545b24-b325-486b-b34f-87bba14b8cd4", "title": "Simple Download Monitor <= 3.9.4 - Contributor+ Arbitrary File Download", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "[*, 3.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79545b24-b325-486b-b34f-87bba14b8cd4?source=api-scan" ], "published": "2021-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "796e35bc-db5f-45e3-8f79-73b30add877f": { "id": "796e35bc-db5f-45e3-8f79-73b30add877f", "title": "Custom Post Types and Custom Fields creator <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Post Types and Custom Fields creator \u2013 WCK", "slug": "wck-custom-fields-and-custom-post-types-creator", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/796e35bc-db5f-45e3-8f79-73b30add877f?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "797554c9-7008-451a-8e8d-3242a207347e": { "id": "797554c9-7008-451a-8e8d-3242a207347e", "title": "Load More Anything <= 3.3.3 - Missing Authorization to Plugin Settings Modification", "software": [ { "type": "plugin", "name": "Load More Anything", "slug": "ajax-load-more-anything", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/797554c9-7008-451a-8e8d-3242a207347e?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79766bb2-a796-48b4-afb5-520303a73739": { "id": "79766bb2-a796-48b4-afb5-520303a73739", "title": "Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "3D Product configurator for WooCommerce", "slug": "expivi", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79766bb2-a796-48b4-afb5-520303a73739?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "797768b3-5e4b-4f6e-8c5b-3513eace447d": { "id": "797768b3-5e4b-4f6e-8c5b-3513eace447d", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.5.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/797768b3-5e4b-4f6e-8c5b-3513eace447d?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7977fbfd-9864-4883-955e-3d5646763b1b": { "id": "7977fbfd-9864-4883-955e-3d5646763b1b", "title": "Ninja Popups <= 4.7.5 - Open Redirect", "software": [ { "type": "plugin", "name": "Ninja Popups", "slug": "arscode-ninja-popups", "affected_versions": { "* - 4.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7977fbfd-9864-4883-955e-3d5646763b1b?source=api-scan" ], "published": "2023-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "797840ba-5589-42d6-9d50-52bf8c131d6e": { "id": "797840ba-5589-42d6-9d50-52bf8c131d6e", "title": "Conditional cart fee \/ Extra charge rule for WooCommerce extra fees <= 1.0.96 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Conditional cart fee \/ Extra charge rule for WooCommerce extra fees", "slug": "conditional-extra-fees-for-woocommerce", "affected_versions": { "* - 1.0.96": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/797840ba-5589-42d6-9d50-52bf8c131d6e?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "797c2c60-51bd-4992-86fc-23fda363ad76": { "id": "797c2c60-51bd-4992-86fc-23fda363ad76", "title": "Related Posts for WordPress <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Related Posts for WordPress", "slug": "related-posts-for-wp", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/797c2c60-51bd-4992-86fc-23fda363ad76?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "797faa73-401d-492c-a99d-0724df57b6e9": { "id": "797faa73-401d-492c-a99d-0724df57b6e9", "title": "Easy Social Share Buttons <= 9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Share Buttons for WordPress", "slug": "easy-social-share-buttons3", "affected_versions": { "* - 9.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/797faa73-401d-492c-a99d-0724df57b6e9?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79899dc1-4953-4f95-95f5-853d24e7b9ab": { "id": "79899dc1-4953-4f95-95f5-853d24e7b9ab", "title": "Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery on AJAX Actions", "software": [ { "type": "plugin", "name": "Just Custom Fields", "slug": "just-custom-fields", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79899dc1-4953-4f95-95f5-853d24e7b9ab?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "798b57ad-0922-435c-8b4d-8a96b388b314": { "id": "798b57ad-0922-435c-8b4d-8a96b388b314", "title": "WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible", "slug": "wc-frontend-manager", "affected_versions": { "* - 6.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/798b57ad-0922-435c-8b4d-8a96b388b314?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "799087f0-d9da-4061-a29f-5bd634147b2e": { "id": "799087f0-d9da-4061-a29f-5bd634147b2e", "title": "Search & Replace <= 3.2.1 - Authenticated (Administrator+) SQL injection", "software": [ { "type": "plugin", "name": "Search & Replace", "slug": "search-and-replace", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/799087f0-d9da-4061-a29f-5bd634147b2e?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7990f4f3-838c-4112-8958-2b2dd8fe54d5": { "id": "7990f4f3-838c-4112-8958-2b2dd8fe54d5", "title": "Anima <= <=1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Anima", "slug": "anima", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7990f4f3-838c-4112-8958-2b2dd8fe54d5?source=api-scan" ], "published": "2024-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7997ae20-88d2-4e12-87a0-a6e83808a495": { "id": "7997ae20-88d2-4e12-87a0-a6e83808a495", "title": "WP Social Bookmarking Light <= 2.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Social Bookmarking Light", "slug": "wp-social-bookmarking-light", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7997ae20-88d2-4e12-87a0-a6e83808a495?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "799975aa-44fe-48dc-8ac9-469c89a03c67": { "id": "799975aa-44fe-48dc-8ac9-469c89a03c67", "title": "Donations Made Easy \u2013 Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donations Made Easy \u2013 Smart Donations", "slug": "smart-donations", "affected_versions": { "* - 4.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/799975aa-44fe-48dc-8ac9-469c89a03c67?source=api-scan" ], "published": "2023-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "799b1f12-05f3-4b8b-9e1f-45c676e4f2a0": { "id": "799b1f12-05f3-4b8b-9e1f-45c676e4f2a0", "title": "Side Menu Lite <= 4.0 - Cross-Site Request Forgery to Item Deletion", "software": [ { "type": "plugin", "name": "Side Menu Lite \u2013 add sticky fixed buttons", "slug": "side-menu-lite", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/799b1f12-05f3-4b8b-9e1f-45c676e4f2a0?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79a41b84-2e19-46eb-9f6b-5155da0b15cc": { "id": "79a41b84-2e19-46eb-9f6b-5155da0b15cc", "title": "Google Tag Manager for WordPress <= 1.15 - Cross-Site Scripting via Cloudflare Country Code", "software": [ { "type": "plugin", "name": "GTM4WP \u2013 A Google Tag Manager (GTM) plugin for WordPress", "slug": "duracelltomi-google-tag-manager", "affected_versions": { "* - 1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79a41b84-2e19-46eb-9f6b-5155da0b15cc?source=api-scan" ], "published": "2022-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79a574c4-1faf-4572-801c-00b50923a669": { "id": "79a574c4-1faf-4572-801c-00b50923a669", "title": "Cookie Information | Free GDPR Consent Solution <= 1.5.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Information | Free GDPR Consent Solution", "slug": "wp-gdpr-compliance", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79a574c4-1faf-4572-801c-00b50923a669?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79a5c01d-3867-4b1e-b0ba-9a802f0bed92": { "id": "79a5c01d-3867-4b1e-b0ba-9a802f0bed92", "title": "Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update", "software": [ { "type": "plugin", "name": "Slick Social Share Buttons", "slug": "slick-social-share-buttons", "affected_versions": { "* - 2.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=api-scan" ], "published": "2023-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79ae6c3e-5584-448b-a5c5-0a105377b81d": { "id": "79ae6c3e-5584-448b-a5c5-0a105377b81d", "title": "Admin Columns PRO <= 6.4.9 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "Admin Columns Pro", "slug": "admin-columns-pro", "affected_versions": { "* - 6.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.10" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79ae6c3e-5584-448b-a5c5-0a105377b81d?source=api-scan" ], "published": "2019-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79b0a90b-5b75-4757-bd7b-909350f54175": { "id": "79b0a90b-5b75-4757-bd7b-909350f54175", "title": "Comments - wpDiscuz <= 5.3.5 - Blind SQL Injection via order Parameter", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "[*, 5.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79b0a90b-5b75-4757-bd7b-909350f54175?source=api-scan" ], "published": "2020-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79b5883b-a3be-497e-b911-7dc39e7fb418": { "id": "79b5883b-a3be-497e-b911-7dc39e7fb418", "title": "WordPress Download Manager <= 2.9.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 2.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79b5883b-a3be-497e-b911-7dc39e7fb418?source=api-scan" ], "published": "2018-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79b631a0-08a7-460f-8668-0b10b42f12d7": { "id": "79b631a0-08a7-460f-8668-0b10b42f12d7", "title": "Photo Gallery by Ays \u2013 Responsive Image Gallery < 1.0.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", "slug": "gallery-photo-gallery", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79b631a0-08a7-460f-8668-0b10b42f12d7?source=api-scan" ], "published": "2016-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79b859ef-5417-47e5-8b9a-763c62a6a127": { "id": "79b859ef-5417-47e5-8b9a-763c62a6a127", "title": "VDZ Verification <= 1.3.12 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VDZ VERIFICATION (Custom Meta Tags)", "slug": "vdz-verification", "affected_versions": { "* - 1.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79b859ef-5417-47e5-8b9a-763c62a6a127?source=api-scan" ], "published": "2021-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79bb311d-d10d-4e4e-b690-84c0051b9911": { "id": "79bb311d-d10d-4e4e-b690-84c0051b9911", "title": "Restrict Content <= 3.2.2 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Membership Plugin \u2013 Restrict Content", "slug": "restrict-content", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79bb311d-d10d-4e4e-b690-84c0051b9911?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79c296b1-e385-404d-96c0-a98f10b89f08": { "id": "79c296b1-e385-404d-96c0-a98f10b89f08", "title": "Password Protected <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Password Protected \u2013 Password Protect your WordPress Site, Pages, & WooCommerce Products \u2013 Restrict Content, Protect WooCommerce Category, and more", "slug": "password-protected", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79c296b1-e385-404d-96c0-a98f10b89f08?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79c3abc6-68fa-4c51-88fa-03ab7d26cc4c": { "id": "79c3abc6-68fa-4c51-88fa-03ab7d26cc4c", "title": "f(x) Private Site <= 1.2.1 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "f(x) Private Site", "slug": "fx-private-site", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79cce1fc-a27f-4842-b1a2-2c53857add4c": { "id": "79cce1fc-a27f-4842-b1a2-2c53857add4c", "title": "Ultimate Dashboard <= 3.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Ultimate Dashboard \u2013 Custom WordPress Dashboard", "slug": "ultimate-dashboard", "affected_versions": { "* - 3.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79cce1fc-a27f-4842-b1a2-2c53857add4c?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79d4e5a8-028a-488e-b419-77a0981a28a9": { "id": "79d4e5a8-028a-488e-b419-77a0981a28a9", "title": "WP Remote Site Search <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Remote Site Search", "slug": "wp-remote-site-search", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79d4e5a8-028a-488e-b419-77a0981a28a9?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79d828b8-aea2-4705-ae23-ac70133a6c3e": { "id": "79d828b8-aea2-4705-ae23-ac70133a6c3e", "title": "ConvertKit <= 2.4.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Kit (formerly ConvertKit) \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages", "slug": "convertkit", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79d828b8-aea2-4705-ae23-ac70133a6c3e?source=api-scan" ], "published": "2024-06-20 15:27:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79d96a6c-6191-44d8-aab8-f01bb2692767": { "id": "79d96a6c-6191-44d8-aab8-f01bb2692767", "title": "Ibtana \u2013 WordPress Website Builder <= 1.1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ibtana \u2013 WordPress Website Builder", "slug": "ibtana-visual-editor", "affected_versions": { "* - 1.1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79d96a6c-6191-44d8-aab8-f01bb2692767?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79da7239-0343-465e-8dda-44ff440939c4": { "id": "79da7239-0343-465e-8dda-44ff440939c4", "title": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.12.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79da7239-0343-465e-8dda-44ff440939c4?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79dabaa6-d907-4fa6-bc6f-f28f39578256": { "id": "79dabaa6-d907-4fa6-bc6f-f28f39578256", "title": "WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts", "slug": "wedevs-project-manager", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79dabaa6-d907-4fa6-bc6f-f28f39578256?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79dd492e-d4da-4209-83a8-d8059263ae92": { "id": "79dd492e-d4da-4209-83a8-d8059263ae92", "title": "Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Pexels: Free Stock Photos", "slug": "wp-pexels-free-stock-photos", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79dd492e-d4da-4209-83a8-d8059263ae92?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79e2011c-5e4d-4d02-831f-6b4dcfcaa51e": { "id": "79e2011c-5e4d-4d02-831f-6b4dcfcaa51e", "title": "Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79e68c5b-1f1a-4af3-acf4-1a38f2d72424": { "id": "79e68c5b-1f1a-4af3-acf4-1a38f2d72424", "title": "Cookies and Content Security Policy <= 2.15 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Cookies and Content Security Policy", "slug": "cookies-and-content-security-policy", "affected_versions": { "* - 2.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79e68c5b-1f1a-4af3-acf4-1a38f2d72424?source=api-scan" ], "published": "2023-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79e7542f-451b-4391-8367-42a1a93ceb18": { "id": "79e7542f-451b-4391-8367-42a1a93ceb18", "title": "VikBooking Hotel Booking Engine & PMS <= 1.6.7 - Insecure Direct Object Reference to Menu Access", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79e7542f-451b-4391-8367-42a1a93ceb18?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79e786ce-a3eb-40df-8dad-4c9c75243bec": { "id": "79e786ce-a3eb-40df-8dad-4c9c75243bec", "title": "LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "LeadConnector", "slug": "leadconnector", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79e786ce-a3eb-40df-8dad-4c9c75243bec?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79ea853e-9d1d-4be0-8fd4-a80a924018ae": { "id": "79ea853e-9d1d-4be0-8fd4-a80a924018ae", "title": "WordPress Core & WordPress MU < 2.8.1 - Full Path Disclosure", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79ea853e-9d1d-4be0-8fd4-a80a924018ae?source=api-scan" ], "published": "2009-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79ef7b33-ea6b-4cf2-bed4-8177927ab650": { "id": "79ef7b33-ea6b-4cf2-bed4-8177927ab650", "title": "WPDating <= 7.4.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WPDating", "slug": "dsp_dating", "affected_versions": { "* - 7.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79ef7b33-ea6b-4cf2-bed4-8177927ab650?source=api-scan" ], "published": "2023-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79f14b3f-3163-41c2-88ff-a1e0879e8248": { "id": "79f14b3f-3163-41c2-88ff-a1e0879e8248", "title": "WP Visitor Statistics (Real Time Traffic) <= 5.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Visitor Statistics (Real Time Traffic)", "slug": "wp-stats-manager", "affected_versions": { "* - 5.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79f14b3f-3163-41c2-88ff-a1e0879e8248?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79f9632e-cfaf-48bd-aeed-919fc729f2b4": { "id": "79f9632e-cfaf-48bd-aeed-919fc729f2b4", "title": "Tutor LMS <= 1.8.2 - SQL Injection via tutor_quiz_builder_get_question_form", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79f9632e-cfaf-48bd-aeed-919fc729f2b4?source=api-scan" ], "published": "2021-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79fb0600-6150-4e26-b447-4414460fd62e": { "id": "79fb0600-6150-4e26-b447-4414460fd62e", "title": "Taggbox <= 3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Tagbox \u2013 UGC Galleries, Social Media Widgets, User Reviews & Analytics", "slug": "taggbox-widget", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79fb0600-6150-4e26-b447-4414460fd62e?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79fb4f24-8a59-4e57-b583-c87ee2493cdb": { "id": "79fb4f24-8a59-4e57-b583-c87ee2493cdb", "title": "Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 21.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "21.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79fb4f24-8a59-4e57-b583-c87ee2493cdb?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79fcf18e-39f7-42f2-90e4-3a5bac3382e0": { "id": "79fcf18e-39f7-42f2-90e4-3a5bac3382e0", "title": "Download Manager <= 3.2.42 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.42": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79fcf18e-39f7-42f2-90e4-3a5bac3382e0?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "79ff583b-f18a-4e04-9c23-9d3a4eca8c6b": { "id": "79ff583b-f18a-4e04-9c23-9d3a4eca8c6b", "title": "WP Mail Logging < 1.10.0 - Unauthenticated Arbitrary Settings Change", "software": [ { "type": "plugin", "name": "WP Mail Logging", "slug": "wp-mail-logging", "affected_versions": { "[*, 1.10.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/79ff583b-f18a-4e04-9c23-9d3a4eca8c6b?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a027f8f-bec8-456c-804b-b18fdb9532db": { "id": "7a027f8f-bec8-456c-804b-b18fdb9532db", "title": "\u042eKassa \u0434\u043b\u044f WooCommerce <= 2.3.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "\u042eKassa \u0434\u043b\u044f WooCommerce", "slug": "yookassa", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a027f8f-bec8-456c-804b-b18fdb9532db?source=api-scan" ], "published": "2022-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a04705d-cd17-4b4b-b04d-de55d6479dab": { "id": "7a04705d-cd17-4b4b-b04d-de55d6479dab", "title": "Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.94": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.94", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.95" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a04705d-cd17-4b4b-b04d-de55d6479dab?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a09288c-b8de-4674-9f96-d26ff3c7d917": { "id": "7a09288c-b8de-4674-9f96-d26ff3c7d917", "title": "Bit Form Pro <= 2.6.4 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Bit Form Pro", "slug": "bitformpro", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a09288c-b8de-4674-9f96-d26ff3c7d917?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a0c6425-866d-4b50-b464-87a8173c4abd": { "id": "7a0c6425-866d-4b50-b464-87a8173c4abd", "title": "WP Statistics <= 13.2.5 - Information Disclosure", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "13.2.5": { "from_version": "13.2.5", "from_inclusive": true, "to_version": "13.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a0c6425-866d-4b50-b464-87a8173c4abd?source=api-scan" ], "published": "2022-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a1044f0-a49a-4746-b4bf-20f7de46f8c9": { "id": "7a1044f0-a49a-4746-b4bf-20f7de46f8c9", "title": "WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce <= 3.6.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce", "slug": "wc-multivendor-marketplace", "affected_versions": { "* - 3.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a1044f0-a49a-4746-b4bf-20f7de46f8c9?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a189e25-0d9e-4e0c-b74d-e7f9d2556872": { "id": "7a189e25-0d9e-4e0c-b74d-e7f9d2556872", "title": "WP Glossary <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Glossary", "slug": "wp-glossary", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a189e25-0d9e-4e0c-b74d-e7f9d2556872?source=api-scan" ], "published": "2022-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a1f91a3-6b8d-4be4-817c-9c88d2349723": { "id": "7a1f91a3-6b8d-4be4-817c-9c88d2349723", "title": "GD bbPress Attachments < 2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD bbPress Attachments", "slug": "gd-bbpress-attachments", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a1f91a3-6b8d-4be4-817c-9c88d2349723?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a20b65a-6d3a-41fc-80c5-94cce0459a6b": { "id": "7a20b65a-6d3a-41fc-80c5-94cce0459a6b", "title": "Product Feed Manager <= 7.3.15 - Authenticated (Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok Ads, and 180+ Popular Marketplaces", "slug": "best-woocommerce-feed", "affected_versions": { "* - 7.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a20b65a-6d3a-41fc-80c5-94cce0459a6b?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a2420ca-e079-429b-b1f1-47bf1d0a9f71": { "id": "7a2420ca-e079-429b-b1f1-47bf1d0a9f71", "title": "rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "* - 4.6.18": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a2420ca-e079-429b-b1f1-47bf1d0a9f71?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a36310c-8a61-40aa-9520-89ead37553c4": { "id": "7a36310c-8a61-40aa-9520-89ead37553c4", "title": "BestWebSoft's Like & Share <= 2.73 - Unauthenticated Password Protected Post Disclosure", "software": [ { "type": "plugin", "name": "BestWebSoft's Like & Share \u2013 Posts, Pages and Widget Social Extension plugin for WordPress", "slug": "facebook-button-plugin", "affected_versions": { "* - 2.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a36310c-8a61-40aa-9520-89ead37553c4?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a3e89cc-56cb-42d7-b4f6-bfc7ca0e03e6": { "id": "7a3e89cc-56cb-42d7-b4f6-bfc7ca0e03e6", "title": "JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "[*, 2.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a3e89cc-56cb-42d7-b4f6-bfc7ca0e03e6?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a44873c-5f14-4ff5-85ed-a6575aaa9347": { "id": "7a44873c-5f14-4ff5-85ed-a6575aaa9347", "title": "Felici (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Felici - WordPress Magazine Theme | Blog \/ Magazine", "slug": "felici", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a44873c-5f14-4ff5-85ed-a6575aaa9347?source=api-scan" ], "published": "2014-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a44d182-2a43-47c0-ab2e-36c0514c1d47": { "id": "7a44d182-2a43-47c0-ab2e-36c0514c1d47", "title": "ProfileGrid <= 5.8.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a44d182-2a43-47c0-ab2e-36c0514c1d47?source=api-scan" ], "published": "2024-06-04 19:31:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a44d391-63e0-46a5-83fd-5624055705ea": { "id": "7a44d391-63e0-46a5-83fd-5624055705ea", "title": "Mingle Forum <= 1.0.34 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mingle Forum", "slug": "mingle-forum", "affected_versions": { "* - 1.0.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a44d391-63e0-46a5-83fd-5624055705ea?source=api-scan" ], "published": "2013-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a46c049-367d-4a67-9607-c74ef0b96c71": { "id": "7a46c049-367d-4a67-9607-c74ef0b96c71", "title": "Ultimate CSV Importer < 3.6.75 - Information Disclosure", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "[*, 3.6.75)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.75", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.75" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a46c049-367d-4a67-9607-c74ef0b96c71?source=api-scan" ], "published": "2015-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a48eaf5-2d31-4f56-9669-027741c2034b": { "id": "7a48eaf5-2d31-4f56-9669-027741c2034b", "title": "ADIF Log Search Widget <= 1.0f - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ADIF Log Search Widget", "slug": "adif-log-search-widget", "affected_versions": { "* -1.0f": { "from_version": "* -1.0f", "from_inclusive": true, "to_version": "* -1.0f", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a48eaf5-2d31-4f56-9669-027741c2034b?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a4db03d-ec40-4145-aa95-fee78bda5205": { "id": "7a4db03d-ec40-4145-aa95-fee78bda5205", "title": "BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a4db03d-ec40-4145-aa95-fee78bda5205?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a4ef9e6-2299-4024-a6a9-482199ca06db": { "id": "7a4ef9e6-2299-4024-a6a9-482199ca06db", "title": "CareerUp < 2.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "CareerUp - Job Board WordPress Theme", "slug": "careerup", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a4ef9e6-2299-4024-a6a9-482199ca06db?source=api-scan" ], "published": "2020-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a5123a7-8eb4-481e-88fe-6310be37a077": { "id": "7a5123a7-8eb4-481e-88fe-6310be37a077", "title": "Delete Me <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Delete Me", "slug": "delete-me", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a5123a7-8eb4-481e-88fe-6310be37a077?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a52a278-1729-4027-8a00-e9804fa6698b": { "id": "7a52a278-1729-4027-8a00-e9804fa6698b", "title": "WP Hardening \u2013 Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration", "software": [ { "type": "plugin", "name": "WP Hardening (discontinued)", "slug": "wp-security-hardening", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a52a278-1729-4027-8a00-e9804fa6698b?source=api-scan" ], "published": "2024-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a571386-fae1-4a56-8567-9d3e23249de1": { "id": "7a571386-fae1-4a56-8567-9d3e23249de1", "title": "WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute", "software": [ { "type": "plugin", "name": "WPBakery Visual Composer", "slug": "js_composer", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a571386-fae1-4a56-8567-9d3e23249de1?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a5ab5f1-db14-4448-9186-35a5f382cd1a": { "id": "7a5ab5f1-db14-4448-9186-35a5f382cd1a", "title": "MDTF \u2013 Meta Data and Taxonomies Filter <= 1.3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a5ab5f1-db14-4448-9186-35a5f382cd1a?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a5e3d82-4722-47ff-b66f-448cb2851c1f": { "id": "7a5e3d82-4722-47ff-b66f-448cb2851c1f", "title": "Tiempo.com <= 0.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tiempo.com", "slug": "tiempocom", "affected_versions": { "* - 0.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a5e3d82-4722-47ff-b66f-448cb2851c1f?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a600f11-03c3-4777-b1fe-212b085bacba": { "id": "7a600f11-03c3-4777-b1fe-212b085bacba", "title": "SimpleMap Store Locator <= 2.6.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SimpleMap Store Locator", "slug": "simplemap", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a600f11-03c3-4777-b1fe-212b085bacba?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a659071-df11-4318-86c2-7881163c8b62": { "id": "7a659071-df11-4318-86c2-7881163c8b62", "title": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a659071-df11-4318-86c2-7881163c8b62?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a6b3ae2-796b-4084-ad19-4b67ea6dea25": { "id": "7a6b3ae2-796b-4084-ad19-4b67ea6dea25", "title": "Qubely \u2013 Advanced Gutenberg Blocks <= 1.8.5 - Insufficient Authorization", "software": [ { "type": "plugin", "name": "Qubely \u2013 Advanced Gutenberg Blocks", "slug": "qubely", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a6b3ae2-796b-4084-ad19-4b67ea6dea25?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a6b7639-3aaf-44e5-9482-291f8432b41a": { "id": "7a6b7639-3aaf-44e5-9482-291f8432b41a", "title": "Free Stock Photos Foter <= 1.5.4 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Free Stock Photos Foter", "slug": "free-stock-photos-foter", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a6b7639-3aaf-44e5-9482-291f8432b41a?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a6c16dd-3681-4867-b608-5501ff9e9331": { "id": "7a6c16dd-3681-4867-b608-5501ff9e9331", "title": "BuddyPress Docs <= 1.9.2 - Authorization Bypass", "software": [ { "type": "plugin", "name": "BuddyPress Docs", "slug": "buddypress-docs", "affected_versions": { "[*, 1.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a6c16dd-3681-4867-b608-5501ff9e9331?source=api-scan" ], "published": "2017-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a6c4945-68d3-4ce9-b00c-40591fa15ada": { "id": "7a6c4945-68d3-4ce9-b00c-40591fa15ada", "title": "Custom Admin Page by BestWebSoft <= 0.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Admin Page by BestWebSoft \u2013 Configurable WordPress Dashboard Pages Plugin", "slug": "custom-admin-page", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a6c4945-68d3-4ce9-b00c-40591fa15ada?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a747542-0601-4fa5-a97c-c72d1347013b": { "id": "7a747542-0601-4fa5-a97c-c72d1347013b", "title": "MStore API <= 3.9.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "[*, 3.9.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a747542-0601-4fa5-a97c-c72d1347013b?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a7677a4-0cd5-496e-82cb-f6582e63475d": { "id": "7a7677a4-0cd5-496e-82cb-f6582e63475d", "title": "Ocean Extra <= 1.5.7 - Unauthenticated Options update and CSS injection", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a7677a4-0cd5-496e-82cb-f6582e63475d?source=api-scan" ], "published": "2019-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a830d58-14e8-4929-a0f8-08ee4efae340": { "id": "7a830d58-14e8-4929-a0f8-08ee4efae340", "title": "FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Plugin Settings Reset", "software": [ { "type": "plugin", "name": "FL3R FeelBox", "slug": "fl3r-feelbox", "affected_versions": { "* - 8.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a830d58-14e8-4929-a0f8-08ee4efae340?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a874287-c648-4807-8387-b0b47187651e": { "id": "7a874287-c648-4807-8387-b0b47187651e", "title": "Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Hotel Booking Lite", "slug": "motopress-hotel-booking-lite", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a874287-c648-4807-8387-b0b47187651e?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a87f248-a613-44c5-aebc-970a8161ffba": { "id": "7a87f248-a613-44c5-aebc-970a8161ffba", "title": "Custom Author Base <= 1.1.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Custom Author Base", "slug": "custom-author-base", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a87f248-a613-44c5-aebc-970a8161ffba?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a8c4232-2e1e-4c99-83d5-d70f7ca1c879": { "id": "7a8c4232-2e1e-4c99-83d5-d70f7ca1c879", "title": "Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Stamped.io Product Reviews & UGC for WooCommerce", "slug": "stampedio-product-reviews", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a8c4232-2e1e-4c99-83d5-d70f7ca1c879?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a931496-f130-4910-9116-6c2c4df760f5": { "id": "7a931496-f130-4910-9116-6c2c4df760f5", "title": "My Shortcodes <= 2.3 - Missing Authorization via Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "My Shortcodes", "slug": "my-shortcodes", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a931496-f130-4910-9116-6c2c4df760f5?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a94229a-6316-48e7-bcaa-23cb2cc047b4": { "id": "7a94229a-6316-48e7-bcaa-23cb2cc047b4", "title": "Activity Log 2.3.5 - 2.6.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Activity Log \u2013 Monitor & Record User Changes", "slug": "aryo-activity-log", "affected_versions": { "2.3.5 - 2.6.1": { "from_version": "2.3.5", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a94229a-6316-48e7-bcaa-23cb2cc047b4?source=api-scan" ], "published": "2021-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a97f6f8-2226-4c63-965b-4dee58c254ad": { "id": "7a97f6f8-2226-4c63-965b-4dee58c254ad", "title": "bVerse Convert <= 1.3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bVerse Convert", "slug": "bverse-convert", "affected_versions": { "* - 1.3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a97f6f8-2226-4c63-965b-4dee58c254ad?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a9846c4-4678-4c25-84fd-b05d21ea34fb": { "id": "7a9846c4-4678-4c25-84fd-b05d21ea34fb", "title": "Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a9846c4-4678-4c25-84fd-b05d21ea34fb?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a9cfd7a-7e6a-4a1f-86bc-b53ef461dde2": { "id": "7a9cfd7a-7e6a-4a1f-86bc-b53ef461dde2", "title": "Recent Backups <= 0.7 - Directory Traversal", "software": [ { "type": "plugin", "name": "Recent Backups", "slug": "recent-backups", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a9cfd7a-7e6a-4a1f-86bc-b53ef461dde2?source=api-scan" ], "published": "2015-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7a9e958f-e53b-4aa0-b7d6-7469852f0d97": { "id": "7a9e958f-e53b-4aa0-b7d6-7469852f0d97", "title": "Math Comment Spam Protection <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Math Comment Spam Protection", "slug": "math-comment-spam-protection", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7a9e958f-e53b-4aa0-b7d6-7469852f0d97?source=api-scan" ], "published": "2007-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7aa05744-59c7-43ca-acb3-e6df09fa109b": { "id": "7aa05744-59c7-43ca-acb3-e6df09fa109b", "title": "month name translation benaceur <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "month name translation benaceur", "slug": "month-name-translation-benaceur", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7aa05744-59c7-43ca-acb3-e6df09fa109b?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7aa62be9-93b9-423f-89f8-809ca0035547": { "id": "7aa62be9-93b9-423f-89f8-809ca0035547", "title": "PHP Everywhere <= 2.0.3 - Remote Code Execution by Contributor+ users via gutenberg block", "software": [ { "type": "plugin", "name": "PHP Everywhere", "slug": "php-everywhere", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7aa62be9-93b9-423f-89f8-809ca0035547?source=api-scan" ], "published": "2022-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7aa6da4d-7221-4878-8532-5372227f906a": { "id": "7aa6da4d-7221-4878-8532-5372227f906a", "title": "Simple Membership <= 4.0.9 - Cross-Site Request Forgery to Arbitrary Transaction Deletion", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "[*, 4.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7aa6da4d-7221-4878-8532-5372227f906a?source=api-scan" ], "published": "2022-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7aa700ac-32de-4cd4-9d56-eea8ec0ba61b": { "id": "7aa700ac-32de-4cd4-9d56-eea8ec0ba61b", "title": "Spotlight Social Feeds <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spotlight Social Feeds \u2013 Block, Shortcode, and Widget", "slug": "spotlight-social-photo-feeds", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7aa700ac-32de-4cd4-9d56-eea8ec0ba61b?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7aa73c13-3f58-423a-ba5f-bebaae2b8371": { "id": "7aa73c13-3f58-423a-ba5f-bebaae2b8371", "title": "WordPress Core < 4.0.1 Cross-Site Request Forgery to Password Reset", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.2": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5", "3.8.5", "3.9.3", "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7aa73c13-3f58-423a-ba5f-bebaae2b8371?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ab15669-92f6-4e85-bfa5-684e82f341ea": { "id": "7ab15669-92f6-4e85-bfa5-684e82f341ea", "title": "WPCS ( WordPress Custom Search ) <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPCS ( WordPress Custom Search )", "slug": "wpcs-wp-custom-search", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ab15669-92f6-4e85-bfa5-684e82f341ea?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ab3e286-05db-430e-bbe7-bfaa31134c3c": { "id": "7ab3e286-05db-430e-bbe7-bfaa31134c3c", "title": "Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets", "software": [ { "type": "plugin", "name": "Elegant Addons for elementor", "slug": "elegant-addons-for-elementor", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ab3e286-05db-430e-bbe7-bfaa31134c3c?source=api-scan" ], "published": "2024-05-21 17:05:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ab99751-24b7-41db-8a27-d86eda3eeee5": { "id": "7ab99751-24b7-41db-8a27-d86eda3eeee5", "title": "WP Encryption \u2013 One Click Free SSL Certificate & SSL \/ HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files", "software": [ { "type": "plugin", "name": "WP Encryption \u2013 One Click Free SSL Certificate & SSL \/ HTTPS Redirect to Force HTTPS, Security+", "slug": "wp-letsencrypt-ssl", "affected_versions": { "* - 7.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ab99751-24b7-41db-8a27-d86eda3eeee5?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7abb5103-7063-4a8d-8ca0-66074954acd5": { "id": "7abb5103-7063-4a8d-8ca0-66074954acd5", "title": "Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.16 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Envo's Elementor Templates & Widgets for WooCommerce", "slug": "envo-elementor-for-woocommerce", "affected_versions": { "* - 1.4.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7abb5103-7063-4a8d-8ca0-66074954acd5?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7abf84ff-15e6-4fde-ae7d-23283ec83a28": { "id": "7abf84ff-15e6-4fde-ae7d-23283ec83a28", "title": "HTML Forms \u2013 Simple WordPress Forms <= 1.3.32 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML Forms \u2013 Simple WordPress Forms Plugin", "slug": "html-forms", "affected_versions": { "* - 1.3.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7abf84ff-15e6-4fde-ae7d-23283ec83a28?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ac15c0d-74d3-4121-a63e-97dbbe594274": { "id": "7ac15c0d-74d3-4121-a63e-97dbbe594274", "title": "WP Docs <= 1.9.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Docs", "slug": "wp-docs", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ac15c0d-74d3-4121-a63e-97dbbe594274?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ac251c8-4ade-4391-aedd-f48b13045a31": { "id": "7ac251c8-4ade-4391-aedd-f48b13045a31", "title": "Gameplan - Event and Gym Fitness WordPress Theme <= 1.6.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Gameplan - Event and Gym Fitness WordPress Theme", "slug": "gameplan", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ac251c8-4ade-4391-aedd-f48b13045a31?source=api-scan" ], "published": "2017-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7aca3b02-6c97-4d86-9378-e808c184e84c": { "id": "7aca3b02-6c97-4d86-9378-e808c184e84c", "title": "WP-DBManager < 2.72 - Command Injection", "software": [ { "type": "plugin", "name": "WP-DBManager", "slug": "wp-dbmanager", "affected_versions": { "[*, 2.72)": { "from_version": "*", "from_inclusive": true, "to_version": "2.72", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7aca3b02-6c97-4d86-9378-e808c184e84c?source=api-scan" ], "published": "2014-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7acb52d3-7bed-40fb-95dc-ad0bf262649b": { "id": "7acb52d3-7bed-40fb-95dc-ad0bf262649b", "title": "WappPress <= 6.0.4 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WappPress \u2013 Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute", "slug": "wapppress-builds-android-app-for-website", "affected_versions": { "* - 6.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7acb52d3-7bed-40fb-95dc-ad0bf262649b?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7acbcf74-2bae-412b-bf9d-70287a91deea": { "id": "7acbcf74-2bae-412b-bf9d-70287a91deea", "title": "Better Search <= 2.5.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Better Search \u2013 Relevant search results for WordPress", "slug": "better-search", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7acbcf74-2bae-412b-bf9d-70287a91deea?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ad16d1e-e778-4cb4-a15d-ddb906f27762": { "id": "7ad16d1e-e778-4cb4-a15d-ddb906f27762", "title": "Checkout Mestres WP <= 7.1.9.6 - Authentication Bypass via Password Reset", "software": [ { "type": "plugin", "name": "Checkout Mestres do WP for WooCommerce", "slug": "checkout-mestres-wp", "affected_versions": { "* - 7.1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ad16d1e-e778-4cb4-a15d-ddb906f27762?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ad4272c-75a1-4bc9-be3b-add80de45871": { "id": "7ad4272c-75a1-4bc9-be3b-add80de45871", "title": "WooCommerce <= 9.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 9.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ad4272c-75a1-4bc9-be3b-add80de45871?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ad6aaf4-7727-4b4a-920a-0d1754405163": { "id": "7ad6aaf4-7727-4b4a-920a-0d1754405163", "title": "Logo Slider <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Slider \u2013 Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin", "slug": "logo-slider-wp", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ad6aaf4-7727-4b4a-920a-0d1754405163?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ad6b011-ffe0-4548-b8e8-d03508960413": { "id": "7ad6b011-ffe0-4548-b8e8-d03508960413", "title": "Alpine Photo Tile for Instagram < 1.2.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alpine Photo Tile for Instagram", "slug": "alpine-photo-tile-for-instagram", "affected_versions": { "[*, 1.2.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ad6b011-ffe0-4548-b8e8-d03508960413?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7addc83b-cde5-4f91-b286-70db6f384a9f": { "id": "7addc83b-cde5-4f91-b286-70db6f384a9f", "title": "Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action", "software": [ { "type": "plugin", "name": "JetTabs for Elementor", "slug": "jet-tabs", "affected_versions": { "* - 2.1.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.25.2" ] }, { "type": "plugin", "name": "JetBlog for Elementor", "slug": "jet-blog", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5.1" ] }, { "type": "plugin", "name": "JetThemeCore for Elementor", "slug": "jet-theme-core", "affected_versions": { "* - 2.1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2.2" ] }, { "type": "plugin", "name": "JetCompareWishlist for Elementor", "slug": "jet-compare-wishlist", "affected_versions": { "* - 1.5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5.2" ] }, { "type": "plugin", "name": "JetElements", "slug": "jet-elements", "affected_versions": { "* - 2.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.13.1" ] }, { "type": "plugin", "name": "JetWooBuilder for Elementor", "slug": "jet-woo-builder", "affected_versions": { "* - 2.1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7.3" ] }, { "type": "plugin", "name": "JetReviews for Elementor", "slug": "jet-reviews", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2.1" ] }, { "type": "plugin", "name": "JetTricks for Elementor", "slug": "jet-tricks", "affected_versions": { "* - 1.4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6.2" ] }, { "type": "plugin", "name": "JetMenu for Elementor", "slug": "jet-menu", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] }, { "type": "plugin", "name": "JetBlocks for Elementor", "slug": "jet-blocks", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8.1" ] }, { "type": "plugin", "name": "JetProductGallery", "slug": "jet-woo-product-gallery", "affected_versions": { "* - 2.1.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.13.2" ] }, { "type": "plugin", "name": "JetSmartFilters for Elementor", "slug": "jet-smart-filters", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7adebd83-8186-402a-8327-c7f9c009ed62": { "id": "7adebd83-8186-402a-8327-c7f9c009ed62", "title": "Simple Schools Staff Directory <= 1.1 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Simple Schools Staff Directory", "slug": "simple-schools-staff-directory", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7adebd83-8186-402a-8327-c7f9c009ed62?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ae14765-ba85-4aba-83ae-41f7de2f2551": { "id": "7ae14765-ba85-4aba-83ae-41f7de2f2551", "title": "Login rebuilder <= 2.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login rebuilder", "slug": "login-rebuilder", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ae14765-ba85-4aba-83ae-41f7de2f2551?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ae17154-bd68-4260-9b3a-bb73f2a70694": { "id": "7ae17154-bd68-4260-9b3a-bb73f2a70694", "title": "MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MF Gig Calendar", "slug": "mf-gig-calendar", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ae17154-bd68-4260-9b3a-bb73f2a70694?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ae1d155-deb4-4847-858b-37b5cd9ac1c5": { "id": "7ae1d155-deb4-4847-858b-37b5cd9ac1c5", "title": "FormBuilder < 1.08 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FormBuilder", "slug": "formbuilder", "affected_versions": { "* - 1.07": { "from_version": "*", "from_inclusive": true, "to_version": "1.07", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.08" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ae1d155-deb4-4847-858b-37b5cd9ac1c5?source=api-scan" ], "published": "2016-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ae1e8fd-4d1b-4590-a141-f93d6347c0f2": { "id": "7ae1e8fd-4d1b-4590-a141-f93d6347c0f2", "title": "Password Protected Store for WooCommerce <= 2.2 - Information Exposure via REST API", "software": [ { "type": "plugin", "name": "Password Protected Store for WooCommerce", "slug": "password-protected-woo-store", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ae1e8fd-4d1b-4590-a141-f93d6347c0f2?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ae5bbd0-2f95-41f3-a484-a9bb21b23b0e": { "id": "7ae5bbd0-2f95-41f3-a484-a9bb21b23b0e", "title": "BBS e-Popup <= 2.4.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "BBS e-Popup", "slug": "bbs-e-popup", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ae5bbd0-2f95-41f3-a484-a9bb21b23b0e?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7af05793-b495-4cad-842b-f168d0dc8253": { "id": "7af05793-b495-4cad-842b-f168d0dc8253", "title": "Analytics Stats Counter Statistics <= 1.2.2.5 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Analytics Stats Counter Statistics", "slug": "stats-counter", "affected_versions": { "* - 1.2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7af05793-b495-4cad-842b-f168d0dc8253?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7af32d7b-3832-4192-bc31-b4ba1f419668": { "id": "7af32d7b-3832-4192-bc31-b4ba1f419668", "title": "Classipress <= 3.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Classipress", "slug": "classipress", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7af32d7b-3832-4192-bc31-b4ba1f419668?source=api-scan" ], "published": "2011-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b039c23-51d4-422a-a57b-59abaeca682c": { "id": "7b039c23-51d4-422a-a57b-59abaeca682c", "title": "WPAdmin AWS CDN <= 2.0.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPAdmin AWS CDN", "slug": "aws-cdn-by-wpadmin", "affected_versions": { "* - 2.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b039c23-51d4-422a-a57b-59abaeca682c?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b0b02ad-6ab6-47f3-9cf8-fd993a8051db": { "id": "7b0b02ad-6ab6-47f3-9cf8-fd993a8051db", "title": "GEO my WordPress <= 4.5.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GEO my WP", "slug": "geo-my-wp", "affected_versions": { "* - 4.5.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b0b02ad-6ab6-47f3-9cf8-fd993a8051db?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b0d5d92-1aba-4a0a-a989-a2d797112ade": { "id": "7b0d5d92-1aba-4a0a-a989-a2d797112ade", "title": "Crowdsignal Dashboard <= 2.0.24 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "* - 2.0.24": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b0d5d92-1aba-4a0a-a989-a2d797112ade?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b0ff45d-0514-4090-bfa3-c3b75766ac61": { "id": "7b0ff45d-0514-4090-bfa3-c3b75766ac61", "title": "Slash Admin <= 3.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Slash Admin", "slug": "slash-admin", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b0ff45d-0514-4090-bfa3-c3b75766ac61?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b110a6c-fd6d-4c00-bdd6-08fce116b937": { "id": "7b110a6c-fd6d-4c00-bdd6-08fce116b937", "title": "Five Star Restaurant Menu <= 2.2.0 - Unauthenticated Arbitrary Object Deserialization leading to Remote Code Execution", "software": [ { "type": "plugin", "name": "Five Star Restaurant Menu and Food Ordering", "slug": "food-and-drink-menu", "affected_versions": { "[*, 2.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b110a6c-fd6d-4c00-bdd6-08fce116b937?source=api-scan" ], "published": "2021-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b121abf-3842-43ac-a3dc-bde6d5e0b263": { "id": "7b121abf-3842-43ac-a3dc-bde6d5e0b263", "title": "Export Media URLs <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Export Media URLs", "slug": "export-media-urls", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b121abf-3842-43ac-a3dc-bde6d5e0b263?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b1242fc-1bbf-4686-ba7d-d948336f65a3": { "id": "7b1242fc-1bbf-4686-ba7d-d948336f65a3", "title": "WP TopBar <= 5.36 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-TopBar", "slug": "wp-topbar", "affected_versions": { "* - 5.36": { "from_version": "*", "from_inclusive": true, "to_version": "5.36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b1242fc-1bbf-4686-ba7d-d948336f65a3?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b1771f2-6741-410d-9544-4178a0b962eb": { "id": "7b1771f2-6741-410d-9544-4178a0b962eb", "title": "Job Manager <= 0.7.18 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Job Manager", "slug": "job-manager", "affected_versions": { "* - 0.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b1771f2-6741-410d-9544-4178a0b962eb?source=api-scan" ], "published": "2012-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b19b0b2-d6cb-4d92-9925-c77d517ddfb7": { "id": "7b19b0b2-d6cb-4d92-9925-c77d517ddfb7", "title": "rtMedia for WordPress, BuddyPress and bbPress <= 3.10.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "[*, 3.10.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b19b0b2-d6cb-4d92-9925-c77d517ddfb7?source=api-scan" ], "published": "2016-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b23308d-7439-4dd2-9ec7-57b987909121": { "id": "7b23308d-7439-4dd2-9ec7-57b987909121", "title": "WordPress Core & WordPress MU < 2.8.1 - Username Enumeration", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b23308d-7439-4dd2-9ec7-57b987909121?source=api-scan" ], "published": "2009-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b24fe1d-1b21-4f8f-b66e-6df3bfc0e180": { "id": "7b24fe1d-1b21-4f8f-b66e-6df3bfc0e180", "title": "KB Support <= 1.5.88 - Missing Authorization to Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "KB Support \u2013 WordPress Help Desk and Knowledge Base", "slug": "kb-support", "affected_versions": { "* - 1.5.88": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.88", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.89" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b24fe1d-1b21-4f8f-b66e-6df3bfc0e180?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b26e5f7-bd35-4412-a608-9cdfeff0b025": { "id": "7b26e5f7-bd35-4412-a608-9cdfeff0b025", "title": "WP Event Aggregator <= 1.7.6 - Cross-Site Request Forgery via wpea_deauthorize_user()", "software": [ { "type": "plugin", "name": "WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress", "slug": "wp-event-aggregator", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b26e5f7-bd35-4412-a608-9cdfeff0b025?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8": { "id": "7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8", "title": "Relevanssi \u2013 A Better Search <= 4.22.0 - Missing Authorization to Unauthenticated Query Log Export", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "* - 4.22.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.22.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.22.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b2d1879-c337-41c9-9f47-f9c2fe8e5928": { "id": "7b2d1879-c337-41c9-9f47-f9c2fe8e5928", "title": "WooCommerce <= 7.8.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 7.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b2d1879-c337-41c9-9f47-f9c2fe8e5928?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b2ebbb5-0590-4e4a-a9b6-abc80b220d18": { "id": "7b2ebbb5-0590-4e4a-a9b6-abc80b220d18", "title": "Tradetracker-Store < 4.6.60 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Tradetracker-Store", "slug": "tradetracker-store", "affected_versions": { "[*, 4.6.60)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.60", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b2ebbb5-0590-4e4a-a9b6-abc80b220d18?source=api-scan" ], "published": "2021-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73": { "id": "7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73", "title": "Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export", "software": [ { "type": "plugin", "name": "Advanced Forms for ACF", "slug": "advanced-forms", "affected_versions": { "* - 1.9.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b34f50a-4d2d-49b8-86e4-0416c8be202b": { "id": "7b34f50a-4d2d-49b8-86e4-0416c8be202b", "title": "Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squeeze Pages <= 1.7.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squeeze Pages", "slug": "landing-page-cat", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2": { "id": "7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2", "title": "Download Manager <= 3.2.84 - Missing Authorization", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.84": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.84", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.85" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b3c77d8-0e90-41ee-b7e4-6160f1d5760f": { "id": "7b3c77d8-0e90-41ee-b7e4-6160f1d5760f", "title": "DethemeKit For Elementor <= 1.5.5.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DethemeKit For Elementor", "slug": "dethemekit-for-elementor", "affected_versions": { "[*, 1.5.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b3c77d8-0e90-41ee-b7e4-6160f1d5760f?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b3ce7e7-c816-49d3-b794-91b71cb3e9c7": { "id": "7b3ce7e7-c816-49d3-b794-91b71cb3e9c7", "title": "Stripe Add-on for iThemes Exchange < 1.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stripe Add-on for iThemes Exchange", "slug": "exchange-addon-stripe", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b3ce7e7-c816-49d3-b794-91b71cb3e9c7?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b3d39be-83de-46e7-9eab-57c1e94ab59a": { "id": "7b3d39be-83de-46e7-9eab-57c1e94ab59a", "title": "Like Button Rating <= 2.6.53 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Like Button Rating \u2665 LikeBtn", "slug": "likebtn-like-button", "affected_versions": { "* - 2.6.53": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b3d39be-83de-46e7-9eab-57c1e94ab59a?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b3d68d9-fa82-4be3-8692-39a9dc216d17": { "id": "7b3d68d9-fa82-4be3-8692-39a9dc216d17", "title": "Profile Box Shortcode And Widget <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Profile Box Shortcode And Widget", "slug": "facebook-likebox-widget-and-shortcode", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b3d68d9-fa82-4be3-8692-39a9dc216d17?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b41a6bd-8b0c-4d00-8cc3-9589fca5e406": { "id": "7b41a6bd-8b0c-4d00-8cc3-9589fca5e406", "title": "Pz-LinkCard <= 2.4.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pz-LinkCard", "slug": "pz-linkcard", "affected_versions": { "* - 2.4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b41a6bd-8b0c-4d00-8cc3-9589fca5e406?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b44130c-b526-4670-bde2-e47fe823ac62": { "id": "7b44130c-b526-4670-bde2-e47fe823ac62", "title": "Profile Builder \u2013 User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b44130c-b526-4670-bde2-e47fe823ac62?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b452283-9f0d-469b-b1b8-4bd253f9ea1d": { "id": "7b452283-9f0d-469b-b1b8-4bd253f9ea1d", "title": "URL Shortify <= 1.7.5 - Unauthenticated Stored Cross-Site Scripting via Referrer Header", "software": [ { "type": "plugin", "name": "URL Shortify \u2013 Simple, Powerful and Easy URL Shortener Plugin For WordPress", "slug": "url-shortify", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b452283-9f0d-469b-b1b8-4bd253f9ea1d?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b498c5a-9fd1-43b8-b456-f6cec65d5077": { "id": "7b498c5a-9fd1-43b8-b456-f6cec65d5077", "title": "WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation", "software": [ { "type": "plugin", "name": "WP Shamsi \u2013 \u0627\u0641\u0632\u0648\u0646\u0647 \u062a\u0627\u0631\u06cc\u062e \u0634\u0645\u0633\u06cc \u0648 \u0641\u0627\u0631\u0633\u06cc \u0633\u0627\u0632 \u0648\u0631\u062f\u067e\u0631\u0633", "slug": "wp-shamsi", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b498c5a-9fd1-43b8-b456-f6cec65d5077?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b49af95-2310-4f71-921b-ee66588dd6d5": { "id": "7b49af95-2310-4f71-921b-ee66588dd6d5", "title": "WP Affiliate Platform <= 6.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "* - 6.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b49af95-2310-4f71-921b-ee66588dd6d5?source=api-scan" ], "published": "2022-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b4f63af-cb43-4287-8fdd-0ff1df70c6d6": { "id": "7b4f63af-cb43-4287-8fdd-0ff1df70c6d6", "title": "Rencontre \u2013 Dating Site <= 3.2.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b4f63af-cb43-4287-8fdd-0ff1df70c6d6?source=api-scan" ], "published": "2019-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b509887-6d32-4e7f-bdff-fd4f6c76f6f2": { "id": "7b509887-6d32-4e7f-bdff-fd4f6c76f6f2", "title": "Ni WooCommerce Sales Report <= 3.7.3 - Missing Authorization via ajax_sales_order", "software": [ { "type": "plugin", "name": "Ni WooCommerce Sales Report", "slug": "ni-woocommerce-sales-report", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b509887-6d32-4e7f-bdff-fd4f6c76f6f2?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b56c684-90f6-4e8b-86fc-355a13b5368c": { "id": "7b56c684-90f6-4e8b-86fc-355a13b5368c", "title": "Mendeley <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mendeley Plugin", "slug": "mendeleyplugin", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b56c684-90f6-4e8b-86fc-355a13b5368c?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b57e750-71ec-4c52-999b-6c14a78c3bff": { "id": "7b57e750-71ec-4c52-999b-6c14a78c3bff", "title": "InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Delete", "software": [ { "type": "plugin", "name": "InPost PL", "slug": "inpost-for-woocommerce", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] }, { "type": "plugin", "name": "InPost for WooCommerce", "slug": "woo-inpost", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b57e750-71ec-4c52-999b-6c14a78c3bff?source=api-scan" ], "published": "2024-08-16 14:24:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b5e5b0a-dd6a-401f-86db-940b3386ed21": { "id": "7b5e5b0a-dd6a-401f-86db-940b3386ed21", "title": "Blog2Social: Social Media Auto Post & Scheduler <= 5.5.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "[*, 5.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b5e5b0a-dd6a-401f-86db-940b3386ed21?source=api-scan" ], "published": "2019-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b5ef9de-ba5e-463e-a528-098d724b1657": { "id": "7b5ef9de-ba5e-463e-a528-098d724b1657", "title": "Meta Box <= 4.16.1 - Mishandling of File Upload", "software": [ { "type": "plugin", "name": "Meta Box \u2013 WordPress Custom Fields Framework", "slug": "meta-box", "affected_versions": { "* - 4.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b5ef9de-ba5e-463e-a528-098d724b1657?source=api-scan" ], "published": "2019-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b6557de-fd4f-4172-ad7d-940f9f3ea2db": { "id": "7b6557de-fd4f-4172-ad7d-940f9f3ea2db", "title": "Running Line <= 1.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Running Line", "slug": "running-line", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b6557de-fd4f-4172-ad7d-940f9f3ea2db?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b6ac72f-11f4-46bd-a972-fbcb46b34ce6": { "id": "7b6ac72f-11f4-46bd-a972-fbcb46b34ce6", "title": "PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "[*, 2.4.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b6ac72f-11f4-46bd-a972-fbcb46b34ce6?source=api-scan" ], "published": "2021-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b6db928-f8ff-4e78-bfc7-51f1d1ccd1fa": { "id": "7b6db928-f8ff-4e78-bfc7-51f1d1ccd1fa", "title": "Clone <= 2.3.7 - Missing Authorization via wp_ajax_tifm_save_decision", "software": [ { "type": "plugin", "name": "Clone", "slug": "wp-clone-by-wp-academy", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b6db928-f8ff-4e78-bfc7-51f1d1ccd1fa?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b70b152-eb65-4273-8063-37cfec7ecefb": { "id": "7b70b152-eb65-4273-8063-37cfec7ecefb", "title": "Audio Player <= 2.0.4.5 - Cross-Site Scripting via playerID Parameter", "software": [ { "type": "plugin", "name": "audio-player", "slug": "audio-player", "affected_versions": { "[*, 2.0.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b70b152-eb65-4273-8063-37cfec7ecefb?source=api-scan" ], "published": "2013-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b712d9c-a1d0-422d-8a6e-76c298744838": { "id": "7b712d9c-a1d0-422d-8a6e-76c298744838", "title": "Print My Blog <= 3.27.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Print My Blog \u2013 Print, PDF, & eBook Converter WordPress Plugin", "slug": "print-my-blog", "affected_versions": { "* - 3.27.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.27.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.27.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b712d9c-a1d0-422d-8a6e-76c298744838?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b738676-250d-4af4-81ff-cee9efcf996e": { "id": "7b738676-250d-4af4-81ff-cee9efcf996e", "title": "NewStatPress <= 1.0.0 - SQL Injection", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b738676-250d-4af4-81ff-cee9efcf996e?source=api-scan" ], "published": "2015-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b73d309-5c3a-4a46-95df-fd7a59c66275": { "id": "7b73d309-5c3a-4a46-95df-fd7a59c66275", "title": "Database Backup for WordPress <= 2.2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Database Backup for WordPress", "slug": "wp-db-backup", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b73d309-5c3a-4a46-95df-fd7a59c66275?source=api-scan" ], "published": "2014-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b76ce38-d9ee-4998-ba3b-9f21158ce18a": { "id": "7b76ce38-d9ee-4998-ba3b-9f21158ce18a", "title": "WP Matterport Shortcode <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Matterport Shortcode", "slug": "shortcode-gallery-for-matterport-showcase", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b76ce38-d9ee-4998-ba3b-9f21158ce18a?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b78004e-caa5-4478-ba16-5f1a10e31541": { "id": "7b78004e-caa5-4478-ba16-5f1a10e31541", "title": "DX Delete Attached Media <= 2.0.2 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "DX Delete Attached Media", "slug": "dx-delete-attached-media", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b78004e-caa5-4478-ba16-5f1a10e31541?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b795352-fad8-485e-bd1b-68c0913555e2": { "id": "7b795352-fad8-485e-bd1b-68c0913555e2", "title": "FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "7.5.0.727 - 7.5.2.727": { "from_version": "7.5.0.727", "from_inclusive": true, "to_version": "7.5.2.727", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.3.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b795352-fad8-485e-bd1b-68c0913555e2?source=api-scan" ], "published": "2021-10-05 20:14:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b7dee9e-1272-4e70-926c-a73e2897968c": { "id": "7b7dee9e-1272-4e70-926c-a73e2897968c", "title": "CURCY \u2013 Multi Currency for WooCommerce <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CURCY \u2013 Multi Currency for WooCommerce \u2013 The best free currency exchange plugin \u2013 Run smoothly on WooCommerce 8.x", "slug": "woo-multi-currency", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b7dee9e-1272-4e70-926c-a73e2897968c?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b834a3c-6af0-48fd-aa13-985d226b546d": { "id": "7b834a3c-6af0-48fd-aa13-985d226b546d", "title": "Nextend Facebook Connect <= 1.5.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Nextend Social Login and Register", "slug": "nextend-facebook-connect", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b834a3c-6af0-48fd-aa13-985d226b546d?source=api-scan" ], "published": "2016-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b8483b8-07b4-436f-992f-35e16fef867b": { "id": "7b8483b8-07b4-436f-992f-35e16fef867b", "title": "Kadence WooCommerce Email Designer <= 1.5.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Kadence WooCommerce Email Designer", "slug": "kadence-woocommerce-email-designer", "affected_versions": { "* - 1.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b8483b8-07b4-436f-992f-35e16fef867b?source=api-scan" ], "published": "2023-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b851fd6-1477-4370-abf9-42ae2b6f8899": { "id": "7b851fd6-1477-4370-abf9-42ae2b6f8899", "title": "WordPress Core 5.4 - 5.8 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[5.4, 5.4.7)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.7", "to_inclusive": false }, "[5.5, 5.5.6)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": false }, "[5.6, 5.6.5)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.5", "to_inclusive": false }, "[5.7, 5.7.3)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.3", "to_inclusive": false }, "[5.8, 5.8.1)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.7", "5.5.6", "5.6.5", "5.7.3", "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b851fd6-1477-4370-abf9-42ae2b6f8899?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b86a774-a420-41a8-85ad-44fe8b32d4c2": { "id": "7b86a774-a420-41a8-85ad-44fe8b32d4c2", "title": "Welcart e-Commerce < 1.8.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 1.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b86a774-a420-41a8-85ad-44fe8b32d4c2?source=api-scan" ], "published": "2016-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b941db0-9d6d-4b89-8e04-8770499b6a9a": { "id": "7b941db0-9d6d-4b89-8e04-8770499b6a9a", "title": "Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 2.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b941db0-9d6d-4b89-8e04-8770499b6a9a?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b971ae0-624d-416e-b2f2-92ce44e96418": { "id": "7b971ae0-624d-416e-b2f2-92ce44e96418", "title": "Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Randomize", "slug": "randomize", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b971ae0-624d-416e-b2f2-92ce44e96418?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7b9aaafb-cb39-4a3b-85db-d0a8e9498d60": { "id": "7b9aaafb-cb39-4a3b-85db-d0a8e9498d60", "title": "Author Avatars List\/Block <= 2.1.21 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Author Avatars List\/Block", "slug": "author-avatars", "affected_versions": { "* - 2.1.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7b9aaafb-cb39-4a3b-85db-d0a8e9498d60?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ba2b270-5f02-4cd8-8a22-1723c3873d67": { "id": "7ba2b270-5f02-4cd8-8a22-1723c3873d67", "title": "Quiz Maker <= 6.5.2.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.5.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ba2b270-5f02-4cd8-8a22-1723c3873d67?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bacae6f-d23d-414c-8d8a-0f1702eafd84": { "id": "7bacae6f-d23d-414c-8d8a-0f1702eafd84", "title": "WP-Table Reloaded <= 1.9.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Table Reloaded", "slug": "wp-table-reloaded", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bacae6f-d23d-414c-8d8a-0f1702eafd84?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bae3acf-bbb3-4b10-b46f-8086240a2f02": { "id": "7bae3acf-bbb3-4b10-b46f-8086240a2f02", "title": "Mukioplayer For WordPress <= 1.6 - SQL injection", "software": [ { "type": "plugin", "name": "Mukioplayer For WordPress", "slug": "mukioplayer-for-wordpress", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bae3acf-bbb3-4b10-b46f-8086240a2f02?source=api-scan" ], "published": "2013-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bb1be6d-5af9-4b58-a641-05a913548fe7": { "id": "7bb1be6d-5af9-4b58-a641-05a913548fe7", "title": "BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "BadgeOS", "slug": "badgeos", "affected_versions": { "* - 3.7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bb1be6d-5af9-4b58-a641-05a913548fe7?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bb377a9-fd31-4e1e-97d0-b764acba3122": { "id": "7bb377a9-fd31-4e1e-97d0-b764acba3122", "title": "Zoho Campaigns <= 2.0.7 - Cross-Site Request Forgery via zcwc_integration_disconnect", "software": [ { "type": "plugin", "name": "Zoho Campaigns", "slug": "zoho-campaigns", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bb377a9-fd31-4e1e-97d0-b764acba3122?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bb6caf6-5676-49cd-8577-5a41b44b00c0": { "id": "7bb6caf6-5676-49cd-8577-5a41b44b00c0", "title": "Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.12.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bb6caf6-5676-49cd-8577-5a41b44b00c0?source=api-scan" ], "published": "2023-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bb7ee83-f75a-4f19-8595-f5cf2ee97ae0": { "id": "7bb7ee83-f75a-4f19-8595-f5cf2ee97ae0", "title": "WP-Cal <= 0.3 - SQL Injection", "software": [ { "type": "plugin", "name": "wp-cal", "slug": "wp-cal", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bb7ee83-f75a-4f19-8595-f5cf2ee97ae0?source=api-scan" ], "published": "2008-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bbc181f-318e-48ea-a2f7-c668ad15c8a6": { "id": "7bbc181f-318e-48ea-a2f7-c668ad15c8a6", "title": "Eyes Only: User Access Shortcode <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Eyes Only: User Access Shortcode", "slug": "eyes-only-user-access-shortcode", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bbc181f-318e-48ea-a2f7-c668ad15c8a6?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bc2eebb-d232-4aef-94e5-68876bba0f93": { "id": "7bc2eebb-d232-4aef-94e5-68876bba0f93", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bc2eebb-d232-4aef-94e5-68876bba0f93?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bc33a05-d462-492e-9ea5-cf37b887cc94": { "id": "7bc33a05-d462-492e-9ea5-cf37b887cc94", "title": "Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function", "software": [ { "type": "plugin", "name": "Kognetiks Chatbot for WordPress", "slug": "chatbot-chatgpt", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=api-scan" ], "published": "2024-05-10 16:31:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bc875b3-8250-4447-b921-243926849fa2": { "id": "7bc875b3-8250-4447-b921-243926849fa2", "title": "Attorney <= 3 - Missing Authorization to Unauthenticated Arbitrary Content Deletion", "software": [ { "type": "theme", "name": "Attorney", "slug": "attorney", "affected_versions": { "* - 3": { "from_version": "*", "from_inclusive": true, "to_version": "3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bc875b3-8250-4447-b921-243926849fa2?source=api-scan" ], "published": "2022-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bc9f86f-fd60-48bc-8df0-3b122facb0a0": { "id": "7bc9f86f-fd60-48bc-8df0-3b122facb0a0", "title": "Learning Courses < 5.0 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Learning Courses", "slug": "nd-learning", "affected_versions": { "[*, 5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bc9f86f-fd60-48bc-8df0-3b122facb0a0?source=api-scan" ], "published": "2021-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bcbc6b6-ed05-4709-bf05-214418798339": { "id": "7bcbc6b6-ed05-4709-bf05-214418798339", "title": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu <= 2.8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt", "software": [ { "type": "plugin", "name": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu", "slug": "mobile-menu", "affected_versions": { "* - 2.8.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bcbc6b6-ed05-4709-bf05-214418798339?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bccc409-e16f-4c32-ad3b-743defd7200f": { "id": "7bccc409-e16f-4c32-ad3b-743defd7200f", "title": "Inazo Advanced Ads Management < 1.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced ads Management by Inazo", "slug": "inazo-advanced-ads-management", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bccc409-e16f-4c32-ad3b-743defd7200f?source=api-scan" ], "published": "2016-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bd057d5-5350-43c9-abfc-34d8f6537d2e": { "id": "7bd057d5-5350-43c9-abfc-34d8f6537d2e", "title": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.37": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bd057d5-5350-43c9-abfc-34d8f6537d2e?source=api-scan" ], "published": "2024-08-16 23:05:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bd89bd9-4f99-4828-bacc-15d2cfe13066": { "id": "7bd89bd9-4f99-4828-bacc-15d2cfe13066", "title": "Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 2.9.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bd89bd9-4f99-4828-bacc-15d2cfe13066?source=api-scan" ], "published": "2015-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bd931a9-18ec-48fa-9382-d4c2d99258c5": { "id": "7bd931a9-18ec-48fa-9382-d4c2d99258c5", "title": "Impreza <= 8.17.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Impreza \u2013 WordPress Website and WooCommerce Builder", "slug": "impreza", "affected_versions": { "* - 8.17.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.17.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bd931a9-18ec-48fa-9382-d4c2d99258c5?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bde76d9-34f3-46c9-a05a-e5204b661b26": { "id": "7bde76d9-34f3-46c9-a05a-e5204b661b26", "title": "Advanced WP Columns <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced WP Columns", "slug": "advanced-wp-columns", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bde76d9-34f3-46c9-a05a-e5204b661b26?source=api-scan" ], "published": "2022-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bdebd9c-f6fb-4de7-bd6b-5f52ef34ffb3": { "id": "7bdebd9c-f6fb-4de7-bd6b-5f52ef34ffb3", "title": "Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions", "software": [ { "type": "plugin", "name": "Pricing Table by Supsystic", "slug": "pricing-table-by-supsystic", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bdebd9c-f6fb-4de7-bd6b-5f52ef34ffb3?source=api-scan" ], "published": "2020-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7be28b54-def9-46b7-bb59-58b0ae5ea674": { "id": "7be28b54-def9-46b7-bb59-58b0ae5ea674", "title": "Insert or Embed Articulate Content into WordPress < 4.2999 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Insert or Embed Articulate Content into WordPress", "slug": "insert-or-embed-articulate-content-into-wordpress", "affected_versions": { "[*, 4.2999)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2999", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2999" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7be28b54-def9-46b7-bb59-58b0ae5ea674?source=api-scan" ], "published": "2019-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7be3688d-61f5-457d-a38b-0560205b2f8d": { "id": "7be3688d-61f5-457d-a38b-0560205b2f8d", "title": "ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio \/ music \/ podcast \u2013 HTML5 <= 1.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio \/ music \/ podcast \u2013 HTML5", "slug": "1-jquery-photo-gallery-slideshow-flash", "affected_versions": { "* - 1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7be3688d-61f5-457d-a38b-0560205b2f8d?source=api-scan" ], "published": "2011-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7be75b0a-737d-4f0d-b024-e207af4573cd": { "id": "7be75b0a-737d-4f0d-b024-e207af4573cd", "title": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation", "software": [ { "type": "plugin", "name": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms", "slug": "kali-forms", "affected_versions": { "* - 2.3.41": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7be75b0a-737d-4f0d-b024-e207af4573cd?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7becdab6-f952-4649-8cea-4efadf841619": { "id": "7becdab6-f952-4649-8cea-4efadf841619", "title": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7becdab6-f952-4649-8cea-4efadf841619?source=api-scan" ], "published": "2024-06-04 19:46:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bf4fe42-435b-449e-bb8c-57cef3b93471": { "id": "7bf4fe42-435b-449e-bb8c-57cef3b93471", "title": "Conditional Payment Methods for WooCommerce <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Conditional Payment Methods for WooCommerce", "slug": "conditional-payment-methods-for-woocommerce", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bf4fe42-435b-449e-bb8c-57cef3b93471?source=api-scan" ], "published": "2022-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bfabeb4-c57d-412a-b27b-a6387d30081f": { "id": "7bfabeb4-c57d-412a-b27b-a6387d30081f", "title": "HappyFiles Pro <= 1.8.1 - Missing Authorization to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "HappyFiles Pro", "slug": "happyfiles-pro", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bfabeb4-c57d-412a-b27b-a6387d30081f?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bfd4e4c-63c2-4442-b91a-ca940a31c3be": { "id": "7bfd4e4c-63c2-4442-b91a-ca940a31c3be", "title": "Photo Gallery by 10Web <= 1.2.10 - Authenticated SQL Injection via asc_or_desc Parameter", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.2.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bfd4e4c-63c2-4442-b91a-ca940a31c3be?source=api-scan" ], "published": "2015-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7bff8172-b879-40b0-a229-a54787baa38a": { "id": "7bff8172-b879-40b0-a229-a54787baa38a", "title": "Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Admin side data storage for Contact Form 7", "slug": "admin-side-data-storage-for-contact-form-7", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7bff8172-b879-40b0-a229-a54787baa38a?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c043945-d327-4f26-98b4-99ac5b4761f1": { "id": "7c043945-d327-4f26-98b4-99ac5b4761f1", "title": "Pre* Party Resource Hints < 1.8.19 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Pre* Party Resource Hints", "slug": "pre-party-browser-hints", "affected_versions": { "[*, 1.8.19)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c043945-d327-4f26-98b4-99ac5b4761f1?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c10be28-43ff-4b43-8186-6ad9a487321e": { "id": "7c10be28-43ff-4b43-8186-6ad9a487321e", "title": "Ultimate 410 Gone Status Code <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate 410 Gone Status Code", "slug": "ultimate-410", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c10be28-43ff-4b43-8186-6ad9a487321e?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c1811f7-0fb4-4f50-93ac-6abd9e6a1d66": { "id": "7c1811f7-0fb4-4f50-93ac-6abd9e6a1d66", "title": "Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart External Link Click Monitor [Link Log]", "slug": "link-log", "affected_versions": { "* - 5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c1811f7-0fb4-4f50-93ac-6abd9e6a1d66?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c1c24cc-9388-4d91-8dc6-c67d3420cc94": { "id": "7c1c24cc-9388-4d91-8dc6-c67d3420cc94", "title": "10WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings Change", "software": [ { "type": "plugin", "name": "10Web Map Builder for Google Maps", "slug": "wd-google-maps", "affected_versions": { "[*, 1.0.64)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.64", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c1c24cc-9388-4d91-8dc6-c67d3420cc94?source=api-scan" ], "published": "2020-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c1e005f-c0f1-4dff-928b-18919f117048": { "id": "7c1e005f-c0f1-4dff-928b-18919f117048", "title": "TK Google Fonts GDPR Compliant <= 2.2.7 - Authorization Bypass", "software": [ { "type": "plugin", "name": "TK Google Fonts GDPR Compliant", "slug": "tk-google-fonts", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c1e005f-c0f1-4dff-928b-18919f117048?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c1e63df-d326-40bf-a428-fdb11150e8d1": { "id": "7c1e63df-d326-40bf-a428-fdb11150e8d1", "title": "Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin\/Shop Manager+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Booster Elite for WooCommerce", "slug": "booster-elite-for-woocommerce", "affected_versions": { "[*, 1.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c1e63df-d326-40bf-a428-fdb11150e8d1?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c23bd29-ba02-4c90-a631-5ce6294d7760": { "id": "7c23bd29-ba02-4c90-a631-5ce6294d7760", "title": "Avada | Website Builder For WordPress & eCommerce <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode", "software": [ { "type": "plugin", "name": "Fusion Builder", "slug": "fusion-builder", "affected_versions": { "* - 3.11.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c23bd29-ba02-4c90-a631-5ce6294d7760?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c307d66-11f9-4593-9ada-252d034fd421": { "id": "7c307d66-11f9-4593-9ada-252d034fd421", "title": "Quotes and Tips by BestWebSoft < 1.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quotes and Tips by BestWebSoft", "slug": "quotes-and-tips", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c307d66-11f9-4593-9ada-252d034fd421?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c312478-0d6e-400b-81c2-172c2c5798ff": { "id": "7c312478-0d6e-400b-81c2-172c2c5798ff", "title": "jQuery HTML5 File Upload <= 3.0 - Unauthenticated Settings Update", "software": [ { "type": "plugin", "name": "JQuery Html5 File Upload", "slug": "jquery-html5-file-upload", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c312478-0d6e-400b-81c2-172c2c5798ff?source=api-scan" ], "published": "2017-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c32d967-85b9-4c93-a948-0126efb78f39": { "id": "7c32d967-85b9-4c93-a948-0126efb78f39", "title": "WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Information Disclosure", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false }, "[4.0, 4.0.3)": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": false }, "[4.1, 4.1.3)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": false }, "[4.2, 4.2.4)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.4", "to_inclusive": false }, "[4.3, 4.3.5)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": false }, "[4.4, 4.4.3)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": false }, "[4.5, 4.5.4)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": false }, "[4.6, 4.6.4)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": false }, "[4.7, 4.7.3)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.3", "to_inclusive": false }, "[4.8, 4.8.2)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.2", "to_inclusive": false }, "[4.9, 4.9.4)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": false }, "[5.0, 5.0.2)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": false }, "[5.1, 5.1.2)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": false }, "[5.2, 5.2.4)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": false }, "[5.3, 5.3.2)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": false }, "[5.4, 5.4.3)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.3", "to_inclusive": false }, "[5.5, 5.5.3)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": false }, "[5.6, 5.6.1)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.3", "4.1.3", "4.2.4", "4.3.5", "4.4.3", "4.5.4", "4.6.4", "4.7.3", "4.8.2", "4.9.4", "5.0.2", "5.1.2", "5.2.4", "5.3.2", "5.4.3", "5.5.3", "5.6.1", "5.7.0" ] }, { "type": "plugin", "name": "WooCommerce Admin", "slug": "woocommerce-admin", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true }, "[1.0, 1.0.4)": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false }, "[1.1, 1.1.4)": { "from_version": "1.1", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false }, "[1.2, 1.2.5)": { "from_version": "1.2", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false }, "[1.3, 1.3.3)": { "from_version": "1.3", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": false }, "[1.4, 1.4.1)": { "from_version": "1.4", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false }, "[1.5, 1.5.1)": { "from_version": "1.5", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false }, "[1.6, 1.6.4)": { "from_version": "1.6", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": false }, "[1.7, 1.7.4)": { "from_version": "1.7", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": false }, "[1.8, 1.8.4)": { "from_version": "1.8", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": false }, "[1.9, 1.9.1)": { "from_version": "1.9", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": false }, "[2.0, 2.0.4)": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false }, "[2.1, 2.1.6)": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": false }, "[2.2, 2.2.7)": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": false }, "[2.3, 2.3.2)": { "from_version": "2.3", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false }, "[2.4, 2.4.5)": { "from_version": "2.4", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": false }, "[2.5, 2.5.2)": { "from_version": "2.5", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false }, "[2.6, 2.6.4)": { "from_version": "2.6", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4", "1.1.4", "1.2.5", "1.3.3", "1.4.1", "1.5.1", "1.6.4", "1.7.4", "1.8.4", "1.9.1", "2.0.4", "2.1.6", "2.2.7", "2.3.2", "2.4.5", "2.5.2", "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c32d967-85b9-4c93-a948-0126efb78f39?source=api-scan" ], "published": "2022-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c336530-09b2-4ead-923f-f1a6266e3e8e": { "id": "7c336530-09b2-4ead-923f-f1a6266e3e8e", "title": "ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c336530-09b2-4ead-923f-f1a6266e3e8e?source=api-scan" ], "published": "2024-07-18 08:02:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c3726fa-e3ee-4c5d-a727-b33d0d077ef1": { "id": "7c3726fa-e3ee-4c5d-a727-b33d0d077ef1", "title": "Infusionsoft Gravity Forms Add-on <= 1.5.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Infusionsoft Gravity Forms Add-on", "slug": "infusionsoft", "affected_versions": { "[*, 1.5.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c3726fa-e3ee-4c5d-a727-b33d0d077ef1?source=api-scan" ], "published": "2016-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c387a20-47dd-42d9-bf22-a28c613c5bde": { "id": "7c387a20-47dd-42d9-bf22-a28c613c5bde", "title": "Comic Book Management System < 2.2.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Comic Book Management System", "slug": "comicbookmanagementsystemweeklypicks", "affected_versions": { "[*, 2.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c387a20-47dd-42d9-bf22-a28c613c5bde?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c3ae610-44ef-4354-b085-00c00a486dc9": { "id": "7c3ae610-44ef-4354-b085-00c00a486dc9", "title": "Login with Cognito <= 1.4.6 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Login with Cognito", "slug": "login-with-cognito", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c3ae610-44ef-4354-b085-00c00a486dc9?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c44efe0-bdc0-42e0-9bdd-cf25bff1d2d5": { "id": "7c44efe0-bdc0-42e0-9bdd-cf25bff1d2d5", "title": "weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.17 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress", "slug": "weforms", "affected_versions": { "* - 1.6.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c44efe0-bdc0-42e0-9bdd-cf25bff1d2d5?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c4797a6-43c1-4183-95ec-4e150a1d774a": { "id": "7c4797a6-43c1-4183-95ec-4e150a1d774a", "title": "Google Analytics Dashboard <= 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "google-analytics-dashboard", "slug": "google-analytics-dashboard", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c4797a6-43c1-4183-95ec-4e150a1d774a?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c4ceb2e-c718-43e2-bb7b-ab0404271134": { "id": "7c4ceb2e-c718-43e2-bb7b-ab0404271134", "title": "Passwords Manager <= 1.4.4 - Cross-Site Scripting via pwdms_csv_category parameter", "software": [ { "type": "plugin", "name": "Passwords Manager", "slug": "passwords-manager", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c4ceb2e-c718-43e2-bb7b-ab0404271134?source=api-scan" ], "published": "2022-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c4f9958-0e5a-483c-926e-ceaee00ffa45": { "id": "7c4f9958-0e5a-483c-926e-ceaee00ffa45", "title": "Easy Accordion <= 2.0.21 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Accordion \u2013 Responsive Accordion FAQ Builder and Product FAQ", "slug": "easy-accordion-free", "affected_versions": { "* - 2.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c4f9958-0e5a-483c-926e-ceaee00ffa45?source=api-scan" ], "published": "2021-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c4fc322-1f62-48e3-8177-4894c947624b": { "id": "7c4fc322-1f62-48e3-8177-4894c947624b", "title": "Shared Files <= 1.7.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "slug": "shared-files", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c4fc322-1f62-48e3-8177-4894c947624b?source=api-scan" ], "published": "2023-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c500c5b-04b9-47d7-9296-dd5378cd5ab0": { "id": "7c500c5b-04b9-47d7-9296-dd5378cd5ab0", "title": "Event Banner <= 1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Event Banner", "slug": "free-event-banner", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c500c5b-04b9-47d7-9296-dd5378cd5ab0?source=api-scan" ], "published": "2021-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c5092fa-a2ea-4a84-8ebd-273faf6c8707": { "id": "7c5092fa-a2ea-4a84-8ebd-273faf6c8707", "title": "Kish Guest Posting <= 1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Kish Guest Posting", "slug": "kish-guest-posting", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c5092fa-a2ea-4a84-8ebd-273faf6c8707?source=api-scan" ], "published": "2012-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c66894a-8d0f-4946-ae4d-bffd35f3ffb7": { "id": "7c66894a-8d0f-4946-ae4d-bffd35f3ffb7", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ucss_connect'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c66fdab-d067-4043-a602-9bbe94962a00": { "id": "7c66fdab-d067-4043-a602-9bbe94962a00", "title": "Responsive Tabs <= 4.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Tabs", "slug": "responsive-tabs", "affected_versions": { "* - 4.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c66fdab-d067-4043-a602-9bbe94962a00?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c67d2f8-d918-42ef-a301-27eed7fa41b2": { "id": "7c67d2f8-d918-42ef-a301-27eed7fa41b2", "title": "Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.97": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.97", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.98" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c67d2f8-d918-42ef-a301-27eed7fa41b2?source=api-scan" ], "published": "2024-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c6aef41-e4f9-4494-a5fd-47f55973d1d9": { "id": "7c6aef41-e4f9-4494-a5fd-47f55973d1d9", "title": "WP Debugging <= 2.10.2 - Unauthenticated Plugin Settings Update", "software": [ { "type": "plugin", "name": "WP Debugging", "slug": "wp-debugging", "affected_versions": { "* - 2.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c6aef41-e4f9-4494-a5fd-47f55973d1d9?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c6b7dca-dd82-45b4-b9e2-0b44201396e9": { "id": "7c6b7dca-dd82-45b4-b9e2-0b44201396e9", "title": "GamiPress <= 2.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", "slug": "gamipress", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c6b7dca-dd82-45b4-b9e2-0b44201396e9?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c6be4e1-1b24-4a95-a6fd-3196f47796a6": { "id": "7c6be4e1-1b24-4a95-a6fd-3196f47796a6", "title": "TDO Mini Forms <= 0.13.9 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "TDO Mini Forms", "slug": "tdo-mini-forms", "affected_versions": { "* - 0.13.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.13.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c6be4e1-1b24-4a95-a6fd-3196f47796a6?source=api-scan" ], "published": "2012-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c6be7f2-5526-4fba-9fe0-003b8460c926": { "id": "7c6be7f2-5526-4fba-9fe0-003b8460c926", "title": "Redirects <= 1.2.1 - Missing Authorization via save", "software": [ { "type": "plugin", "name": "Redirects", "slug": "redirects", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c6be7f2-5526-4fba-9fe0-003b8460c926?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c6e233f-c612-4625-8097-0637e976190d": { "id": "7c6e233f-c612-4625-8097-0637e976190d", "title": "User Access Manager <= 2.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Access Manager", "slug": "user-access-manager", "affected_versions": { "[*, 2.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c6e233f-c612-4625-8097-0637e976190d?source=api-scan" ], "published": "2017-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c6ea33f-ee43-4df8-9633-60303b68b859": { "id": "7c6ea33f-ee43-4df8-9633-60303b68b859", "title": "AdPlugg WordPress Ad Plugin < 1.1.34 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AdPlugg WordPress Ad Plugin", "slug": "adplugg", "affected_versions": { "[*, 1.1.34)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c6ea33f-ee43-4df8-9633-60303b68b859?source=api-scan" ], "published": "2015-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c6fe986-df68-4a62-9a43-5632c622b5fc": { "id": "7c6fe986-df68-4a62-9a43-5632c622b5fc", "title": "Elementor Addon Elements <= 1.11.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "[*, 1.11.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c6fe986-df68-4a62-9a43-5632c622b5fc?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c7115f9-a0b0-43ed-9153-a9fe87176e4e": { "id": "7c7115f9-a0b0-43ed-9153-a9fe87176e4e", "title": "WordPress Exit Strategy <= 1.55 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Exit Strategy", "slug": "exit-strategy", "affected_versions": { "* - 1.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c7115f9-a0b0-43ed-9153-a9fe87176e4e?source=api-scan" ], "published": "2013-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c734aa9-ee9e-4605-a4b8-5075ce4b941f": { "id": "7c734aa9-ee9e-4605-a4b8-5075ce4b941f", "title": "Fusion Builder <= 3.11.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Fusion Builder", "slug": "fusion-builder", "affected_versions": { "* - 3.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c734aa9-ee9e-4605-a4b8-5075ce4b941f?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c77259a-cdf3-4fa0-b468-9e98645293fe": { "id": "7c77259a-cdf3-4fa0-b468-9e98645293fe", "title": "WPFactory Helper <= 1.5.2 - Reflected Cross-Site Scripting via item_slug", "software": [ { "type": "plugin", "name": "WPFactory Helper", "slug": "wpcodefactory-helper", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c77259a-cdf3-4fa0-b468-9e98645293fe?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c7f6ef2-6c50-4739-8844-0db7d9ffe7f7": { "id": "7c7f6ef2-6c50-4739-8844-0db7d9ffe7f7", "title": "MC Woocommerce Wishlist <= 1.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)", "slug": "smart-wishlist-for-more-convert", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c7f6ef2-6c50-4739-8844-0db7d9ffe7f7?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c84b432-4d33-47ad-8057-0bc831929879": { "id": "7c84b432-4d33-47ad-8057-0bc831929879", "title": "Plausible Analytics <= 1.2.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plausible Analytics", "slug": "plausible-analytics", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c84b432-4d33-47ad-8057-0bc831929879?source=api-scan" ], "published": "2022-04-07 10:58:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c8529fc-9995-45c5-ad21-c960eb796fb3": { "id": "7c8529fc-9995-45c5-ad21-c960eb796fb3", "title": "WP Post Styling <= 1.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Post Styling", "slug": "wp-post-styling", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c8529fc-9995-45c5-ad21-c960eb796fb3?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c8faa22-ff1f-4267-b690-a2c51c4807f5": { "id": "7c8faa22-ff1f-4267-b690-a2c51c4807f5", "title": "Advanced Cron Manager \u2013 debug & control <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Cron Manager \u2013 debug & control", "slug": "advanced-cron-manager", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c8faa22-ff1f-4267-b690-a2c51c4807f5?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c911773-79f5-4d91-b0f9-a05bc17516b2": { "id": "7c911773-79f5-4d91-b0f9-a05bc17516b2", "title": "Event Easy Calendar <= 1.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Easy Calendar", "slug": "event-easy-calendar", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c911773-79f5-4d91-b0f9-a05bc17516b2?source=api-scan" ], "published": "2013-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c94f47a-4a1b-434c-b446-0ff1a7290e16": { "id": "7c94f47a-4a1b-434c-b446-0ff1a7290e16", "title": "Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Simple 301 Redirects \u2013 Addon \u2013 Bulk Uploader", "slug": "simple-301-redirects-addon-bulk-uploader", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c94f47a-4a1b-434c-b446-0ff1a7290e16?source=api-scan" ], "published": "2019-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c959f9c-8ac4-4f59-9d93-8f96e650b02d": { "id": "7c959f9c-8ac4-4f59-9d93-8f96e650b02d", "title": "WP Category Dropdown <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter", "software": [ { "type": "plugin", "name": "Category Dropdown by GCS Design", "slug": "wp-category-dropdown", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c959f9c-8ac4-4f59-9d93-8f96e650b02d?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c95bbba-6459-420f-a072-3b02c7d58ea0": { "id": "7c95bbba-6459-420f-a072-3b02c7d58ea0", "title": "Portfolio \u2013 WordPress Portfolio Plugin <= 2.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Portfolio \u2013 WordPress Portfolio Plugin", "slug": "tlp-portfolio", "affected_versions": { "* - 2.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c95bbba-6459-420f-a072-3b02c7d58ea0?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c964abb-8b7b-4dc4-a64a-817d450eb3b9": { "id": "7c964abb-8b7b-4dc4-a64a-817d450eb3b9", "title": "DOP Shortcodes <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "DOP Shortcodes", "slug": "dop-shortcodes", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c964abb-8b7b-4dc4-a64a-817d450eb3b9?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c9a2045-7d24-4871-b962-32bc0fdf5476": { "id": "7c9a2045-7d24-4871-b962-32bc0fdf5476", "title": "Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Lessons Manager \u2013 WordPress LMS Plugin", "slug": "cm-video-lesson-manager", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] }, { "type": "plugin", "name": "Video Lessons Manager Pro \u2013 Best Video Course LMS", "slug": "cm-video-lesson-manager-pro", "affected_versions": { "* - 3.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c9a2045-7d24-4871-b962-32bc0fdf5476?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7c9d088c-e71a-4e73-a7e3-d99f3511e519": { "id": "7c9d088c-e71a-4e73-a7e3-d99f3511e519", "title": "Login Lockdown \u2013 Protect Login Form <= 2.06 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Login Lockdown & Protection", "slug": "login-lockdown", "affected_versions": { "[*, 2.07)": { "from_version": "*", "from_inclusive": true, "to_version": "2.07", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7c9d088c-e71a-4e73-a7e3-d99f3511e519?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ca83efe-298c-4ce9-a726-dbe76607aebf": { "id": "7ca83efe-298c-4ce9-a726-dbe76607aebf", "title": "SEO Redirection <= 2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "[*, 2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ca83efe-298c-4ce9-a726-dbe76607aebf?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7caa4c73-cf57-4f99-8bc6-6fd02308a58f": { "id": "7caa4c73-cf57-4f99-8bc6-6fd02308a58f", "title": "Reservation.Studio widget <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Reservation.Studio widget", "slug": "reservation-studio-widget", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7caa4c73-cf57-4f99-8bc6-6fd02308a58f?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7caaaaef-075b-44f6-8809-a02d5f034f26": { "id": "7caaaaef-075b-44f6-8809-a02d5f034f26", "title": "Dragfy Addons for Elementor <= 1.0.2 - Missing Authorization via save_settings", "software": [ { "type": "plugin", "name": "Dragfy Addons for Elementor", "slug": "dragfy-addons-for-elementor", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7caaaaef-075b-44f6-8809-a02d5f034f26?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cb00342-64f9-4eeb-ba75-1c1544b11334": { "id": "7cb00342-64f9-4eeb-ba75-1c1544b11334", "title": "Product Catalog Enquiry for WooCommerce by MultiVendorX <= 5.0.5 - Cross-Site Request Forgery via REST API", "software": [ { "type": "plugin", "name": "CatalogX \u2013 Product Catalog Mode For WooCommerce", "slug": "woocommerce-catalog-enquiry", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cb00342-64f9-4eeb-ba75-1c1544b11334?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cb08fc1-fb8b-4478-8569-eb9b28aff50b": { "id": "7cb08fc1-fb8b-4478-8569-eb9b28aff50b", "title": "Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Style Kits \u2013 Advanced Theme Styles for Elementor", "slug": "analogwp-templates", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cb428db-b56b-4c21-b119-ca7a1a95181e": { "id": "7cb428db-b56b-4c21-b119-ca7a1a95181e", "title": "BackupBuddy <= 8.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BackupBuddy", "slug": "backupbuddy", "affected_versions": { "* - 8.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cb428db-b56b-4c21-b119-ca7a1a95181e?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cb81956-856a-49cc-a437-a2094d958b5d": { "id": "7cb81956-856a-49cc-a437-a2094d958b5d", "title": "Realteo <= 1.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Realteo", "slug": "findeo", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cb81956-856a-49cc-a437-a2094d958b5d?source=api-scan" ], "published": "2021-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cb9cc24-920f-402d-8a87-8b6c6a1b1a51": { "id": "7cb9cc24-920f-402d-8a87-8b6c6a1b1a51", "title": "WP Data Access <= 4.3.1 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "WP Data Access \u2013 WordPress App, Table and Form Builder plugin", "slug": "wp-data-access", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cb9cc24-920f-402d-8a87-8b6c6a1b1a51?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cbb1e71-baf1-4d1d-96c8-93fd2686297d": { "id": "7cbb1e71-baf1-4d1d-96c8-93fd2686297d", "title": "WP Google Review Slider <= 11.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Google Review Slider", "slug": "wp-google-places-review-slider", "affected_versions": { "* - 11.7": { "from_version": "*", "from_inclusive": true, "to_version": "11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cbb1e71-baf1-4d1d-96c8-93fd2686297d?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40": { "id": "7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40", "title": "UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cc416cc-49a4-4752-86e7-acc52ba4f92d": { "id": "7cc416cc-49a4-4752-86e7-acc52ba4f92d", "title": "SendGrid <= 1.11.8 - Authorization Bypass", "software": [ { "type": "plugin", "name": "SendGrid", "slug": "sendgrid-email-delivery-simplified", "affected_versions": { "* - 1.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cc416cc-49a4-4752-86e7-acc52ba4f92d?source=api-scan" ], "published": "2021-07-21 15:18:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cc618c8-63a9-4321-ad18-ee5277a5f5e0": { "id": "7cc618c8-63a9-4321-ad18-ee5277a5f5e0", "title": "SMTP2GO <= 1.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings", "software": [ { "type": "plugin", "name": "SMTP2GO for WordPress \u2013 Email Made Easy", "slug": "smtp2go", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cc618c8-63a9-4321-ad18-ee5277a5f5e0?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cc7ec8b-4480-4422-8831-97f20a5d8d67": { "id": "7cc7ec8b-4480-4422-8831-97f20a5d8d67", "title": "WPCargo Track & Trace <= 6.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPCargo Track & Trace", "slug": "wpcargo", "affected_versions": { "* - 6.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cc7ec8b-4480-4422-8831-97f20a5d8d67?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cc86970-7e63-47d0-9971-ddd0fc992a5a": { "id": "7cc86970-7e63-47d0-9971-ddd0fc992a5a", "title": "AddToAny Share Buttons <= 1.7.14 - HTTP Host Header Injection", "software": [ { "type": "plugin", "name": "AddToAny Share Buttons", "slug": "add-to-any", "affected_versions": { "* - 1.7.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cc86970-7e63-47d0-9971-ddd0fc992a5a?source=api-scan" ], "published": "2017-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cc96e83-28d9-4c6e-876f-23f1836ffd74": { "id": "7cc96e83-28d9-4c6e-876f-23f1836ffd74", "title": "Google Maps <= 2.1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Maps", "slug": "google-maps", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cc96e83-28d9-4c6e-876f-23f1836ffd74?source=api-scan" ], "published": "2016-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cce2f9f-5f47-4e10-a846-0aab4bcad616": { "id": "7cce2f9f-5f47-4e10-a846-0aab4bcad616", "title": "Donations Made Easy \u2013 Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donations Made Easy \u2013 Smart Donations", "slug": "smart-donations", "affected_versions": { "* - 4.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cce2f9f-5f47-4e10-a846-0aab4bcad616?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ccf6945-6f18-410b-9f1a-6d52a3cdda1a": { "id": "7ccf6945-6f18-410b-9f1a-6d52a3cdda1a", "title": "GiveWP <= 2.17.2 - Reflected Cross-Site Scripting via Import Tool", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.17.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.17.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ccf6945-6f18-410b-9f1a-6d52a3cdda1a?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cd3c84b-dacc-44e8-a236-bfc80e6dceba": { "id": "7cd3c84b-dacc-44e8-a236-bfc80e6dceba", "title": "Content Grabber <= 1.0 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Grabber", "slug": "content-grabber", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cd3c84b-dacc-44e8-a236-bfc80e6dceba?source=api-scan" ], "published": "2015-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cd4b1da-faee-4c4e-b323-e77c4c033149": { "id": "7cd4b1da-faee-4c4e-b323-e77c4c033149", "title": "Grab & Save <= 1.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Grab & Save", "slug": "save-grab", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cd4b1da-faee-4c4e-b323-e77c4c033149?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cd8ea73-81f3-41fe-bb1e-403d2645ff39": { "id": "7cd8ea73-81f3-41fe-bb1e-403d2645ff39", "title": "Shibboleth <= 1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shibboleth", "slug": "shibboleth", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cd8ea73-81f3-41fe-bb1e-403d2645ff39?source=api-scan" ], "published": "2016-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ce32ecf-6995-4794-8559-2f84533ecf50": { "id": "7ce32ecf-6995-4794-8559-2f84533ecf50", "title": "GD Security Headers <= 1.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD Security Headers", "slug": "gd-security-headers", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ce32ecf-6995-4794-8559-2f84533ecf50?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ce6e40e-b090-447a-9bf9-6337d30e7da3": { "id": "7ce6e40e-b090-447a-9bf9-6337d30e7da3", "title": "Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ce6e40e-b090-447a-9bf9-6337d30e7da3?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ce8ae7d-c2a5-4da3-8bdd-20dfdb5ce700": { "id": "7ce8ae7d-c2a5-4da3-8bdd-20dfdb5ce700", "title": "WP Quick FrontEnd Editor <= 5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Quick FrontEnd Editor \u2013 WordPress Plugin", "slug": "wp-quick-front-end-editor", "affected_versions": { "* - 5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ce8ae7d-c2a5-4da3-8bdd-20dfdb5ce700?source=api-scan" ], "published": "2021-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ce9bac7-60bb-4880-9e37-4d71f02ee941": { "id": "7ce9bac7-60bb-4880-9e37-4d71f02ee941", "title": "GiveWP <= 3.15.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.15.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ce9bac7-60bb-4880-9e37-4d71f02ee941?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cfaf155-7766-4bb9-b89a-368d8adb889f": { "id": "7cfaf155-7766-4bb9-b89a-368d8adb889f", "title": "WordPress Core < 4.7.2 - Authorization Bypass to Term Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.17": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.17", "to_inclusive": true }, "3.8 - 3.8.17": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.17", "to_inclusive": true }, "3.9 - 3.9.15": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.15", "to_inclusive": true }, "4.0 - 4.0.14": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": true }, "4.1 - 4.1.14": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.14", "to_inclusive": true }, "4.2 - 4.2.11": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.11", "to_inclusive": true }, "4.3 - 4.3.7": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true }, "4.4 - 4.4.6": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true }, "4.5 - 4.5.5": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.5", "to_inclusive": true }, "4.6 - 4.6.2": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true }, "4.7 - 4.7.1": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.18", "3.8.18", "3.9.16", "4.0.15", "4.1.15", "4.2.12", "4.3.8", "4.4.7", "4.5.6", "4.6.3", "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cfaf155-7766-4bb9-b89a-368d8adb889f?source=api-scan" ], "published": "2017-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cfbaa87-1af7-4f5d-820b-1f2194765121": { "id": "7cfbaa87-1af7-4f5d-820b-1f2194765121", "title": "WPCB <= 2.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPCB", "slug": "wpcb", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cfbaa87-1af7-4f5d-820b-1f2194765121?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cfc1f42-c9dd-4dcb-8be5-c440a568a02e": { "id": "7cfc1f42-c9dd-4dcb-8be5-c440a568a02e", "title": "WordPress Core < 5.4.1 - Reflected Cross Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.32": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.32", "to_inclusive": true }, "3.8 - 3.8.32": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.32", "to_inclusive": true }, "3.9 - 3.9.30": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.30", "to_inclusive": true }, "4.0 - 4.0.29": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.29", "to_inclusive": true }, "4.1 - 4.1.29": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.29", "to_inclusive": true }, "4.2 - 4.2.26": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.26", "to_inclusive": true }, "4.3 - 4.3.22": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.22", "to_inclusive": true }, "4.4 - 4.4.21": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.21", "to_inclusive": true }, "4.5 - 4.5.20": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.20", "to_inclusive": true }, "4.6 - 4.6.17": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.17", "to_inclusive": true }, "4.7 - 4.7.16": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.16", "to_inclusive": true }, "4.8 - 4.8.12": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.12", "to_inclusive": true }, "4.9 - 4.9.13": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true }, "5.0 - 5.0.8": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true }, "5.1 - 5.1.4": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true }, "5.2 - 5.2.5": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true }, "5.3 - 5.3.2": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true }, "5.4": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.33", "3.8.33", "3.9.31", "4.0.30", "4.1.30", "4.2.27", "4.3.23", "4.4.22", "4.5.21", "4.6.18", "4.7.17", "4.8.13", "4.9.14", "5.0.9", "5.1.5", "5.2.6", "5.3.3", "5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cfc1f42-c9dd-4dcb-8be5-c440a568a02e?source=api-scan" ], "published": "2020-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cfeed0f-ab3e-4b35-9b69-08cc7e7ffb45": { "id": "7cfeed0f-ab3e-4b35-9b69-08cc7e7ffb45", "title": "Flexi Quote Rotator <= 0.9.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flexi Quote Rotator", "slug": "flexi-quote-rotator", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cfeed0f-ab3e-4b35-9b69-08cc7e7ffb45?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cff7dc5-23e1-424c-923b-68eef49dec6f": { "id": "7cff7dc5-23e1-424c-923b-68eef49dec6f", "title": "Simple Membership <= 4.3.4 - Privilege escalation via Registration", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cff7dc5-23e1-424c-923b-68eef49dec6f?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7cffdb27-c87b-467b-93d0-e92001caea9a": { "id": "7cffdb27-c87b-467b-93d0-e92001caea9a", "title": "Trendy News <= 1.0.15 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Trendy News", "slug": "trendy-news", "affected_versions": { "* - 1.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7cffdb27-c87b-467b-93d0-e92001caea9a?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d02bed5-c45b-46db-a2c2-9c741f8b1dc5": { "id": "7d02bed5-c45b-46db-a2c2-9c741f8b1dc5", "title": "Woocommerce Category Banner Management <= 1.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Banner Management For WooCommerce", "slug": "banner-management-for-woocommerce", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d02bed5-c45b-46db-a2c2-9c741f8b1dc5?source=api-scan" ], "published": "2018-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d047fe7-bf00-4f93-91d2-c5da41664bfc": { "id": "7d047fe7-bf00-4f93-91d2-c5da41664bfc", "title": "Age Gate <= 2.13.4 - Open Redirect", "software": [ { "type": "plugin", "name": "Age Gate", "slug": "age-gate", "affected_versions": { "[*, 2.13.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.13.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d047fe7-bf00-4f93-91d2-c5da41664bfc?source=api-scan" ], "published": "2022-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d19800a-bff3-414f-a809-0159f49d263a": { "id": "7d19800a-bff3-414f-a809-0159f49d263a", "title": "Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Order Numbers for WooCommerce", "slug": "custom-order-numbers-for-woocommerce", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d19800a-bff3-414f-a809-0159f49d263a?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d1cc8c4-6c14-4d0c-9420-02d709f88b2f": { "id": "7d1cc8c4-6c14-4d0c-9420-02d709f88b2f", "title": "MStore API <= 3.9.8 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d1cc8c4-6c14-4d0c-9420-02d709f88b2f?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d1e0423-a91b-4096-ad65-19e2d11cfea1": { "id": "7d1e0423-a91b-4096-ad65-19e2d11cfea1", "title": "Birthdays Widget <= 1.7.18 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Birthdays Widget", "slug": "birthdays-widget", "affected_versions": { "* - 1.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d1e0423-a91b-4096-ad65-19e2d11cfea1?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03": { "id": "7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03", "title": "Featured Image from URL (FIFU) <= 4.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url", "software": [ { "type": "plugin", "name": "Featured Image from URL (FIFU)", "slug": "featured-image-from-url", "affected_versions": { "* - 4.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d25cca1-eb57-4ba2-8923-a3c56f41ce22": { "id": "7d25cca1-eb57-4ba2-8923-a3c56f41ce22", "title": "Profile Builder <= 3.9.7 - Missing Authorization to Initial Page Creation", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 3.9.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d25cca1-eb57-4ba2-8923-a3c56f41ce22?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d25e85f-28f7-4cc5-9856-25cc5aaf1418": { "id": "7d25e85f-28f7-4cc5-9856-25cc5aaf1418", "title": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d25e85f-28f7-4cc5-9856-25cc5aaf1418?source=api-scan" ], "published": "2024-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d264e88-7137-48ff-8ce3-5fff77e2474a": { "id": "7d264e88-7137-48ff-8ce3-5fff77e2474a", "title": "WHMpress <= 6.2-revision-5 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "WHMpress - WHMCS WordPress Integration Plugin", "slug": "whmpress", "affected_versions": { "[*, 6.2-revision-5]": { "from_version": "*", "from_inclusive": true, "to_version": "6.2-revision-5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d264e88-7137-48ff-8ce3-5fff77e2474a?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d2f30e7-75f2-40c2-a421-aec13d436efc": { "id": "7d2f30e7-75f2-40c2-a421-aec13d436efc", "title": "WP Content Copy Protection & No Right Click (PRO) <= 15.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Content Copy Protection & No Right Click (PRO)", "slug": "wccp-pro", "affected_versions": { "* - 15.0": { "from_version": "*", "from_inclusive": true, "to_version": "15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d2f30e7-75f2-40c2-a421-aec13d436efc?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d30adc5-27a5-4549-84fc-b930f27f03e5": { "id": "7d30adc5-27a5-4549-84fc-b930f27f03e5", "title": "UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d30adc5-27a5-4549-84fc-b930f27f03e5?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d30e813-010f-4881-8b8e-f3d62d928c57": { "id": "7d30e813-010f-4881-8b8e-f3d62d928c57", "title": "Easy Affiliate Links <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Settings", "software": [ { "type": "plugin", "name": "Easy Affiliate Links", "slug": "easy-affiliate-links", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d30e813-010f-4881-8b8e-f3d62d928c57?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d32b2cc-9336-432e-9d2e-67db8b0e3f90": { "id": "7d32b2cc-9336-432e-9d2e-67db8b0e3f90", "title": "WP Blocks Hub <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "WP Blocks Hub", "slug": "wp-blocks-hub", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d32b2cc-9336-432e-9d2e-67db8b0e3f90?source=api-scan" ], "published": "2024-10-03 13:31:01", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d33594b-e7b7-4685-97c1-37a2fecc1b8a": { "id": "7d33594b-e7b7-4685-97c1-37a2fecc1b8a", "title": "Yoast SEO <= 1.4.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d33594b-e7b7-4685-97c1-37a2fecc1b8a?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d379721-d629-433d-ba89-a74c9dec537e": { "id": "7d379721-d629-433d-ba89-a74c9dec537e", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.3 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d379721-d629-433d-ba89-a74c9dec537e?source=api-scan" ], "published": "2022-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d3a6650-5be0-4162-93eb-369538a2ebc5": { "id": "7d3a6650-5be0-4162-93eb-369538a2ebc5", "title": "Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_set_default_card", "software": [ { "type": "plugin", "name": "Gestpay for WooCommerce", "slug": "gestpay-for-woocommerce", "affected_versions": { "* - 20221130": { "from_version": "*", "from_inclusive": true, "to_version": "20221130", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240307" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d3c44eb-ef25-43f5-a872-6ef52c3d9c1f": { "id": "7d3c44eb-ef25-43f5-a872-6ef52c3d9c1f", "title": "Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More <= 2.7.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More", "slug": "woocommerce-exporter", "affected_versions": { "* - 2.7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d3c44eb-ef25-43f5-a872-6ef52c3d9c1f?source=api-scan" ], "published": "2024-09-30 19:46:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d4ae4a7-aec1-4cc1-bea0-61dde44027fc": { "id": "7d4ae4a7-aec1-4cc1-bea0-61dde44027fc", "title": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.34": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d4ae4a7-aec1-4cc1-bea0-61dde44027fc?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d4f490e-c86e-490e-8041-36c154b890aa": { "id": "7d4f490e-c86e-490e-8041-36c154b890aa", "title": "Schedule Posts Calendar <= 5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Schedule Posts Calendar", "slug": "schedule-posts-calendar", "affected_versions": { "* - 5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d4f490e-c86e-490e-8041-36c154b890aa?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d500729-3b1a-4ece-81de-4c1f9afbf798": { "id": "7d500729-3b1a-4ece-81de-4c1f9afbf798", "title": "Redirect Redirection <= 1.1.4 - Cross-Site Request Forgery to Plugin De-Installation", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d500729-3b1a-4ece-81de-4c1f9afbf798?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d525c50-5911-4be6-a860-b48db619adba": { "id": "7d525c50-5911-4be6-a860-b48db619adba", "title": "Limit Login Attempts (Spam Protection) <= 2.9 - Cross-Site Request Forgery to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Limit Login Attempts (Spam Protection)", "slug": "wp-limit-failed-login-attempts", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d525c50-5911-4be6-a860-b48db619adba?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d536acc-b297-4acd-97e2-87eae2e2b95a": { "id": "7d536acc-b297-4acd-97e2-87eae2e2b95a", "title": "Yoast SEO: Local <= 14.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Yoast SEO: Local", "slug": "wpseo-local", "affected_versions": { "* - 14.8": { "from_version": "*", "from_inclusive": true, "to_version": "14.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d536acc-b297-4acd-97e2-87eae2e2b95a?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d546f05-4aad-49c8-aefd-9f5d10529be5": { "id": "7d546f05-4aad-49c8-aefd-9f5d10529be5", "title": "DZS Video Gallery < 7.95 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DZS Video Gallery", "slug": "dzs-videogallery", "affected_versions": { "[*, 7.95)": { "from_version": "*", "from_inclusive": true, "to_version": "7.95", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.95" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d546f05-4aad-49c8-aefd-9f5d10529be5?source=api-scan" ], "published": "2014-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d55c2b8-c05e-419b-8c2d-8c07c8655c17": { "id": "7d55c2b8-c05e-419b-8c2d-8c07c8655c17", "title": "WDContactFormBuilder <= 1.0.24 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "WDContactFormBuilder", "slug": "contact-form-builder", "affected_versions": { "* - 1.0.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d55c2b8-c05e-419b-8c2d-8c07c8655c17?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d567665-543c-4a6b-bb07-9388fea09ee9": { "id": "7d567665-543c-4a6b-bb07-9388fea09ee9", "title": "Link Whisper Free <= 0.6.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Whisper Free", "slug": "link-whisper", "affected_versions": { "* - 0.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d567665-543c-4a6b-bb07-9388fea09ee9?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d5dd7cd-f96a-48df-a553-be5e59d8290f": { "id": "7d5dd7cd-f96a-48df-a553-be5e59d8290f", "title": "Link Whisper Free <= 0.7.1 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Link Whisper Free", "slug": "link-whisper", "affected_versions": { "* - 0.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d5dd7cd-f96a-48df-a553-be5e59d8290f?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d61b06b-6709-4f60-8324-53775dbb3c04": { "id": "7d61b06b-6709-4f60-8324-53775dbb3c04", "title": "WordPress Core < 5.0.1 - Arbitrary File Deletion", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d61b06b-6709-4f60-8324-53775dbb3c04?source=api-scan" ], "published": "2018-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d623512-ee99-4a73-a752-ecbb6ad96b63": { "id": "7d623512-ee99-4a73-a752-ecbb6ad96b63", "title": "Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d623512-ee99-4a73-a752-ecbb6ad96b63?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d65a987-e8a6-4615-b681-9f48b7caed4f": { "id": "7d65a987-e8a6-4615-b681-9f48b7caed4f", "title": "WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 4.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d65a987-e8a6-4615-b681-9f48b7caed4f?source=api-scan" ], "published": "2018-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d66694a-c99f-44f8-8004-1a47ad9f9250": { "id": "7d66694a-c99f-44f8-8004-1a47ad9f9250", "title": "Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call", "software": [ { "type": "plugin", "name": "Frontend Dashboard", "slug": "frontend-dashboard", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d66694a-c99f-44f8-8004-1a47ad9f9250?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d692242-4779-449a-94a7-88e202aaefc2": { "id": "7d692242-4779-449a-94a7-88e202aaefc2", "title": "Page Builder Gutenberg Blocks \u2013 CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder Gutenberg Blocks \u2013 CoBlocks", "slug": "coblocks", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d692242-4779-449a-94a7-88e202aaefc2?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d6a09f5-029a-4710-b2bd-974d0d8348b1": { "id": "7d6a09f5-029a-4710-b2bd-974d0d8348b1", "title": "WordPress Core < 5.5.2 - Cross-Site Request Forgery to Theme Image Change", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d6a09f5-029a-4710-b2bd-974d0d8348b1?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d6c19e2-b280-4937-8f66-eac1da3cd365": { "id": "7d6c19e2-b280-4937-8f66-eac1da3cd365", "title": "The Plus Blocks for Block Editor | Gutenberg <= 3.2.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Nexter Blocks \u2013 WordPress Gutenberg Blocks & 1000+ Starter Templates", "slug": "the-plus-addons-for-block-editor", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d6c19e2-b280-4937-8f66-eac1da3cd365?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d713de0-40a4-4926-9942-e5e2bf7434c4": { "id": "7d713de0-40a4-4926-9942-e5e2bf7434c4", "title": "Awesome Support <= 6.1.5 - Missing Authorization via wpas_load_reply_history", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d713de0-40a4-4926-9942-e5e2bf7434c4?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d770e25-3b76-49a1-896b-adbdd91d1e47": { "id": "7d770e25-3b76-49a1-896b-adbdd91d1e47", "title": "Configure SMTP <= 3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Configure SMTP", "slug": "configure-smtp", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d770e25-3b76-49a1-896b-adbdd91d1e47?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d7abd28-43be-49a7-9b2e-2e44e9208db1": { "id": "7d7abd28-43be-49a7-9b2e-2e44e9208db1", "title": "Rara Business <= 1.2.5 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Rara Business", "slug": "rara-business", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d7abd28-43be-49a7-9b2e-2e44e9208db1?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d7da9c3-dc46-4c61-8737-052844939e93": { "id": "7d7da9c3-dc46-4c61-8737-052844939e93", "title": "123ContactForm for WordPress <= 1.5.6 - Arbitrary Post Creation", "software": [ { "type": "plugin", "name": "123ContactForm for WordPress", "slug": "123contactform-for-wordpress", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d7da9c3-dc46-4c61-8737-052844939e93?source=api-scan" ], "published": "2021-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d81bc83-9e36-4fe9-8274-c65d17905f6e": { "id": "7d81bc83-9e36-4fe9-8274-c65d17905f6e", "title": "Grimag <= 1.1.0 - Open Redirection", "software": [ { "type": "theme", "name": "Grimag", "slug": "Grimag", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d81bc83-9e36-4fe9-8274-c65d17905f6e?source=api-scan" ], "published": "2014-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d8365a6-dfa2-4753-b655-3c2bcadeae75": { "id": "7d8365a6-dfa2-4753-b655-3c2bcadeae75", "title": "phpCAS authentication library < 1.6.0 - Service Hostname Discovery Exploitation", "software": [ { "type": "plugin", "name": "Authorizer", "slug": "authorizer", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d8365a6-dfa2-4753-b655-3c2bcadeae75?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d849eda-4c61-47e2-af7c-59a57fffab65": { "id": "7d849eda-4c61-47e2-af7c-59a57fffab65", "title": "Quiz And Survey Master <= 7.3.4 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d849eda-4c61-47e2-af7c-59a57fffab65?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d8bee60-33f8-465b-80a9-90bc7a4d2054": { "id": "7d8bee60-33f8-465b-80a9-90bc7a4d2054", "title": "Ultimate Member <= 1.3.17 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 1.3.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d8bee60-33f8-465b-80a9-90bc7a4d2054?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d8dcf85-9009-4788-9a12-7f2656aa5595": { "id": "7d8dcf85-9009-4788-9a12-7f2656aa5595", "title": "JS Restaurant (All Versions) - SQL Injection", "software": [ { "type": "plugin", "name": "js-restaurant", "slug": "js-restaurant", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d8dcf85-9009-4788-9a12-7f2656aa5595?source=api-scan" ], "published": "2013-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d90dad3-d7ef-4060-8328-fd551cee92e2": { "id": "7d90dad3-d7ef-4060-8328-fd551cee92e2", "title": "Custom 404 Pro <= 3.8.1 - Reflected Cross-Site Scripting via 'page'", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d90dad3-d7ef-4060-8328-fd551cee92e2?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d977636-a509-4f32-9ad3-762720fdb433": { "id": "7d977636-a509-4f32-9ad3-762720fdb433", "title": "MF Gig Calendar <=1.2.1 - Authenticated(Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "MF Gig Calendar", "slug": "mf-gig-calendar", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d977636-a509-4f32-9ad3-762720fdb433?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d98034d-e91e-4f37-8309-621555fcf309": { "id": "7d98034d-e91e-4f37-8309-621555fcf309", "title": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers <= 2.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers", "slug": "email-encoder-bundle", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d98034d-e91e-4f37-8309-621555fcf309?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d9b5f4e-5d98-49b2-adbb-1db906b07c45": { "id": "7d9b5f4e-5d98-49b2-adbb-1db906b07c45", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 1.14.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 1.14.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d9b5f4e-5d98-49b2-adbb-1db906b07c45?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7d9d7cab-c840-469f-ba2d-f81c785ffb8f": { "id": "7d9d7cab-c840-469f-ba2d-f81c785ffb8f", "title": "GEO my WordPress <= 4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GEO my WP", "slug": "geo-my-wp", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7d9d7cab-c840-469f-ba2d-f81c785ffb8f?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7da00af0-edd1-4c39-ae33-a0dc21bd25a2": { "id": "7da00af0-edd1-4c39-ae33-a0dc21bd25a2", "title": "Prime Slider \u2013 Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7da00af0-edd1-4c39-ae33-a0dc21bd25a2?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7da1d7cf-e8b5-4b7c-bdc1-13ef8c11b663": { "id": "7da1d7cf-e8b5-4b7c-bdc1-13ef8c11b663", "title": "WP Users Exporter <= 1.4.2 - CSV Injection", "software": [ { "type": "plugin", "name": "WP Users Exporter", "slug": "wp-users-exporter", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7da1d7cf-e8b5-4b7c-bdc1-13ef8c11b663?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dab03b8-6ed9-4f08-bd52-0f507de882de": { "id": "7dab03b8-6ed9-4f08-bd52-0f507de882de", "title": "Real3D Flipbook <= 1.0.0 - File Upload to User Controlled Location", "software": [ { "type": "plugin", "name": "Real3D Flipbook", "slug": "real3d-flipbook", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dab03b8-6ed9-4f08-bd52-0f507de882de?source=api-scan" ], "published": "2016-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7db04a93-a384-4093-8cab-6f1d6822f625": { "id": "7db04a93-a384-4093-8cab-6f1d6822f625", "title": "Formidable Forms <= 6.1.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 6.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7db04a93-a384-4093-8cab-6f1d6822f625?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dbb6c21-8a70-44b9-9915-3f146a2066ce": { "id": "7dbb6c21-8a70-44b9-9915-3f146a2066ce", "title": "Heat Trackr < 1.01 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "heat-trackr", "slug": "heat-trackr", "affected_versions": { "[*, 1.01)": { "from_version": "*", "from_inclusive": true, "to_version": "1.01", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dbb6c21-8a70-44b9-9915-3f146a2066ce?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dbd3b23-cebc-4212-bcae-c6f23031c040": { "id": "7dbd3b23-cebc-4212-bcae-c6f23031c040", "title": "Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 21.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "21.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dbd3b23-cebc-4212-bcae-c6f23031c040?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dbf982f-c83f-4980-b758-9e241e0de67b": { "id": "7dbf982f-c83f-4980-b758-9e241e0de67b", "title": "Customify Site Library <= 0.0.9 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Customify Site Library", "slug": "customify-sites", "affected_versions": { "* - 0.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dbf982f-c83f-4980-b758-9e241e0de67b?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dc267d5-ecea-4732-b716-dfaf63167b81": { "id": "7dc267d5-ecea-4732-b716-dfaf63167b81", "title": "Claptastic Clap! Button <= 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Claptastic Clap! Button", "slug": "claptastic-clap-button", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dc267d5-ecea-4732-b716-dfaf63167b81?source=api-scan" ], "published": "2016-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dc34ff1-1b7e-4974-907a-745911df5dc8": { "id": "7dc34ff1-1b7e-4974-907a-745911df5dc8", "title": "FG Drupal to WordPress <= 3.67.0 - Cross-Site Request Forgery via ajax_importer", "software": [ { "type": "plugin", "name": "FG Joomla to WordPress", "slug": "fg-joomla-to-wordpress", "affected_versions": { "* - 4.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.17.0" ] }, { "type": "plugin", "name": "FG PrestaShop to WooCommerce", "slug": "fg-prestashop-to-woocommerce", "affected_versions": { "* - 4.44.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.44.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.45.0" ] }, { "type": "plugin", "name": "FG Drupal to WordPress", "slug": "fg-drupal-to-wp", "affected_versions": { "* - 3.67.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.67.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.68.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dc34ff1-1b7e-4974-907a-745911df5dc8?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dc41eb7-5c9a-4a67-902d-9a855840668b": { "id": "7dc41eb7-5c9a-4a67-902d-9a855840668b", "title": "Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion", "software": [ { "type": "plugin", "name": "Essential Real Estate", "slug": "essential-real-estate", "affected_versions": { "* - 4.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dc41eb7-5c9a-4a67-902d-9a855840668b?source=api-scan" ], "published": "2024-06-03 16:39:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dc6d1db-37ae-4198-84bd-944dad4926c7": { "id": "7dc6d1db-37ae-4198-84bd-944dad4926c7", "title": "Appointment Booking Calendar <= 1.3.82 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar", "slug": "appointment-booking-calendar", "affected_versions": { "* - 1.3.82": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dc6d1db-37ae-4198-84bd-944dad4926c7?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dc9973a-4b5f-4efb-8df5-df1cbf9fe3b0": { "id": "7dc9973a-4b5f-4efb-8df5-df1cbf9fe3b0", "title": "EZ Portfolio (Unmaintained) < 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EZ Portfolio (Unmaintained)", "slug": "ez-portfolio", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dc9973a-4b5f-4efb-8df5-df1cbf9fe3b0?source=api-scan" ], "published": "2015-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dc9c0ed-a77c-4ad8-8e6e-75c1a2998fe6": { "id": "7dc9c0ed-a77c-4ad8-8e6e-75c1a2998fe6", "title": "Slideshow Gallery <= 1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dc9c0ed-a77c-4ad8-8e6e-75c1a2998fe6?source=api-scan" ], "published": "2016-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dc9dc1c-2d79-4dc3-9fee-be5d591d2400": { "id": "7dc9dc1c-2d79-4dc3-9fee-be5d591d2400", "title": "Google Analytics Counter Tracker <= 3.4.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Google Analytics Counter Tracker", "slug": "analytics-counter", "affected_versions": { "[*, 3.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dc9dc1c-2d79-4dc3-9fee-be5d591d2400?source=api-scan" ], "published": "2016-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dcc3c09-8bd2-4a08-a368-3f406170081e": { "id": "7dcc3c09-8bd2-4a08-a368-3f406170081e", "title": "BackupBuddy < 3.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "BackupBuddy", "slug": "backupbuddy", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dcc3c09-8bd2-4a08-a368-3f406170081e?source=api-scan" ], "published": "2013-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dcd0c5a-757d-4256-ac0a-36620914bc45": { "id": "7dcd0c5a-757d-4256-ac0a-36620914bc45", "title": "Lightbox Plus <= 2.7.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lightbox Plus", "slug": "lightbox-plus", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dcd0c5a-757d-4256-ac0a-36620914bc45?source=api-scan" ], "published": "2016-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dcd3452-a340-44e5-b292-347dc69ab863": { "id": "7dcd3452-a340-44e5-b292-347dc69ab863", "title": "Regina Lite <= 2.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Regina Lite", "slug": "regina-lite", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dcd3452-a340-44e5-b292-347dc69ab863?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dcde10d-4eb7-42fe-926e-05e56affc521": { "id": "7dcde10d-4eb7-42fe-926e-05e56affc521", "title": "RegistrationMagic <= 5.2.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dcde10d-4eb7-42fe-926e-05e56affc521?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dd2732d-5586-404f-b3fe-98748361b5f0": { "id": "7dd2732d-5586-404f-b3fe-98748361b5f0", "title": "Olive One Click Demo Import <= 1.1.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Olive One Click Demo Import", "slug": "olive-one-click-demo-import", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dd2732d-5586-404f-b3fe-98748361b5f0?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dd45dc7-b37c-42f3-a4b5-c4564174148c": { "id": "7dd45dc7-b37c-42f3-a4b5-c4564174148c", "title": "amtyThumb <= 4.2.0 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "amtyThumb", "slug": "amtythumb", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dd45dc7-b37c-42f3-a4b5-c4564174148c?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dd67111-514f-4f7d-8cdd-7b10ea718530": { "id": "7dd67111-514f-4f7d-8cdd-7b10ea718530", "title": "Theme Tweaker <= 5.20 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Theme Tweaker", "slug": "theme-tweaker-lite", "affected_versions": { "* - 5.20": { "from_version": "*", "from_inclusive": true, "to_version": "5.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dd67111-514f-4f7d-8cdd-7b10ea718530?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dd6f9d2-e6c2-49fa-a4bb-1f2126809a06": { "id": "7dd6f9d2-e6c2-49fa-a4bb-1f2126809a06", "title": "Careerfy - Job Board WordPress Theme <= 3.9.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dd6f9d2-e6c2-49fa-a4bb-1f2126809a06?source=api-scan" ], "published": "2020-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dd95956-d86b-4198-a3b9-d5d9308f36dd": { "id": "7dd95956-d86b-4198-a3b9-d5d9308f36dd", "title": "Cryptocurrency Pricing list and Ticker <= 1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cryptocurrency Pricing list and Ticker", "slug": "cryptocurrency-pricing-list", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dd95956-d86b-4198-a3b9-d5d9308f36dd?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ddabda2-1e27-4b87-b643-b0166112a890": { "id": "7ddabda2-1e27-4b87-b643-b0166112a890", "title": "Better Notifications for WP <= 1.9.2 - Cross-Site Request Forgery via handle_actions", "software": [ { "type": "plugin", "name": "Customize WordPress Emails and Alerts \u2013 Better Notifications for WP", "slug": "bnfw", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ddabda2-1e27-4b87-b643-b0166112a890?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ddd27ba-ae65-4bb4-989d-0d677e15077a": { "id": "7ddd27ba-ae65-4bb4-989d-0d677e15077a", "title": "Print Invoice & Delivery Notes for WooCommerce <= 4.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Print Invoice & Delivery Notes for WooCommerce", "slug": "woocommerce-delivery-notes", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ddd27ba-ae65-4bb4-989d-0d677e15077a?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7de132d5-51c9-464c-b687-8e367dd8d846": { "id": "7de132d5-51c9-464c-b687-8e367dd8d846", "title": "WordPress Backup & Migration <= 1.4.3 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "WebToffee WP Backup and Migration", "slug": "wp-migration-duplicator", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7de132d5-51c9-464c-b687-8e367dd8d846?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7de4282f-157b-4ba0-b400-e4e9982beb31": { "id": "7de4282f-157b-4ba0-b400-e4e9982beb31", "title": "The Post Grid <= 7.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7de4282f-157b-4ba0-b400-e4e9982beb31?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7de51bf2-f3dc-40d7-8d63-c85c267c4e98": { "id": "7de51bf2-f3dc-40d7-8d63-c85c267c4e98", "title": "School Management System \u2013 WPSchoolPress <= 2.1.9 - SQL Injection", "software": [ { "type": "plugin", "name": "School Management System \u2013 WPSchoolPress", "slug": "wpschoolpress", "affected_versions": { "[*, 2.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7de51bf2-f3dc-40d7-8d63-c85c267c4e98?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7de5cb89-240a-4ba3-a82c-261629620948": { "id": "7de5cb89-240a-4ba3-a82c-261629620948", "title": "TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "TemplatesNext ToolKit", "slug": "templatesnext-toolkit", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7de5cb89-240a-4ba3-a82c-261629620948?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7de6415a-5236-46ec-ae2e-f4ec40c90f4d": { "id": "7de6415a-5236-46ec-ae2e-f4ec40c90f4d", "title": "Ultimate Social Comments \u2013 Email Notification & Lazy Load <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Social Comments \u2013 Email Notification & Lazy Load", "slug": "ultimate-facebook-comments", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7de6415a-5236-46ec-ae2e-f4ec40c90f4d?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7def307b-5788-4cb4-82a4-517c5c9fe500": { "id": "7def307b-5788-4cb4-82a4-517c5c9fe500", "title": "Easy Media Download <= 1.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Media Download", "slug": "easy-media-download", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7def307b-5788-4cb4-82a4-517c5c9fe500?source=api-scan" ], "published": "2020-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7df2996f-bc0e-4608-a80e-6167ac26469a": { "id": "7df2996f-bc0e-4608-a80e-6167ac26469a", "title": "Premium Packages <= 5.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Packages \u2013 Sell Digital Products Securely", "slug": "wpdm-premium-packages", "affected_versions": { "* - 5.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7df2996f-bc0e-4608-a80e-6167ac26469a?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7df39a64-76c5-4ebe-a271-44bd147a3a86": { "id": "7df39a64-76c5-4ebe-a271-44bd147a3a86", "title": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.228": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.228", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.229" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7df39a64-76c5-4ebe-a271-44bd147a3a86?source=api-scan" ], "published": "2024-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7df85c11-6308-4b23-8c41-eea6bff5ca50": { "id": "7df85c11-6308-4b23-8c41-eea6bff5ca50", "title": "Easy Social Feed <= 6.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7df85c11-6308-4b23-8c41-eea6bff5ca50?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dfa84ed-0edf-4a75-8ec3-986c3880353c": { "id": "7dfa84ed-0edf-4a75-8ec3-986c3880353c", "title": "Easy Social Icons <= 3.1.4 - Admin+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dfa84ed-0edf-4a75-8ec3-986c3880353c?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dfd0246-4265-4dde-8a1e-18b7042eae74": { "id": "7dfd0246-4265-4dde-8a1e-18b7042eae74", "title": "BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dfd0246-4265-4dde-8a1e-18b7042eae74?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dff5a77-a5d6-4aba-bf39-aa110a4f4996": { "id": "7dff5a77-a5d6-4aba-bf39-aa110a4f4996", "title": "WordPress Core < 4.2.2 - Cross-Site Scripting via Comments", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.7": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.7", "to_inclusive": true }, "3.8 - 3.8.7": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.7", "to_inclusive": true }, "3.9 - 3.9.5": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": true }, "4.0 - 4.0.4": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true }, "4.1 - 4.1.4": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true }, "4.2 - 4.2.1": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.8", "3.8.8", "3.9.6", "4.0.5", "4.1.5", "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dff5a77-a5d6-4aba-bf39-aa110a4f4996?source=api-scan" ], "published": "2015-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7dff9b5f-def3-420b-a28f-e0d225747c52": { "id": "7dff9b5f-def3-420b-a28f-e0d225747c52", "title": "ElementsReady Addons for Elementor 6.4.2 - Open Redirect", "software": [ { "type": "plugin", "name": "ElementsReady Addons for Elementor", "slug": "element-ready-lite", "affected_versions": { "6.4.2": { "from_version": "6.4.2", "from_inclusive": true, "to_version": "6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7dff9b5f-def3-420b-a28f-e0d225747c52?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e069678-0c0a-4e4a-b0ee-404f488f9d01": { "id": "7e069678-0c0a-4e4a-b0ee-404f488f9d01", "title": "MailChimp Forms by MailMunch <= 3.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MailChimp Forms by MailMunch", "slug": "mailchimp-forms-by-mailmunch", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e069678-0c0a-4e4a-b0ee-404f488f9d01?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e092d67-ab81-4366-824c-cfb240ba3042": { "id": "7e092d67-ab81-4366-824c-cfb240ba3042", "title": "Webpushr <= 4.34.0 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Web Push Notifications \u2013 Webpushr", "slug": "webpushr-web-push-notifications", "affected_versions": { "* - 4.34.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.34.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.35.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e092d67-ab81-4366-824c-cfb240ba3042?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e0b9dd4-d882-4f56-9f6b-2f2955690a05": { "id": "7e0b9dd4-d882-4f56-9f6b-2f2955690a05", "title": "Bonuspressx (All Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bonuspressx", "slug": "bonuspressx", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e0b9dd4-d882-4f56-9f6b-2f2955690a05?source=api-scan" ], "published": "2014-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e0ccf7e-1276-4aa8-872f-440528699ba9": { "id": "7e0ccf7e-1276-4aa8-872f-440528699ba9", "title": "Popup box <= 4.5.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e0ccf7e-1276-4aa8-872f-440528699ba9?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e0e00ec-f7c2-4c1b-802a-acf0892d2083": { "id": "7e0e00ec-f7c2-4c1b-802a-acf0892d2083", "title": "Order Tracking <= 3.3.11 - Missing Authorization via send_test_email()", "software": [ { "type": "plugin", "name": "Order Tracking \u2013 WordPress Status Tracking Plugin", "slug": "order-tracking", "affected_versions": { "* - 3.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.12b", "3.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e0e00ec-f7c2-4c1b-802a-acf0892d2083?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e0ef4a5-42d7-4cea-b19f-51917e3ee55f": { "id": "7e0ef4a5-42d7-4cea-b19f-51917e3ee55f", "title": "AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 5.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e0ef4a5-42d7-4cea-b19f-51917e3ee55f?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e0f903a-e882-4de9-953a-c377b591004e": { "id": "7e0f903a-e882-4de9-953a-c377b591004e", "title": "Help Center by BestWebSoft < 0.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timesheet by BestWebSoft", "slug": "timesheet", "affected_versions": { "[*, 0.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e0f903a-e882-4de9-953a-c377b591004e?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e0fd44d-e152-4883-a734-031f68e3ba97": { "id": "7e0fd44d-e152-4883-a734-031f68e3ba97", "title": "LinkWorth plugin <= 3.3.3 - Cross-Site Request Forgery to Plugin Setting Update", "software": [ { "type": "plugin", "name": "LinkWorth Plugin", "slug": "linkworth-wp-plugin", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e0fd44d-e152-4883-a734-031f68e3ba97?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e10babc-fc65-46f9-8b88-95b00f66d01b": { "id": "7e10babc-fc65-46f9-8b88-95b00f66d01b", "title": "Showing URL in QR Code <= 0.0.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Showing URL in QR Code", "slug": "get-site-to-phone-by-qr-code", "affected_versions": { "* - 0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e10babc-fc65-46f9-8b88-95b00f66d01b?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e15f804-f5a9-4e29-8aeb-4ba2b116dc46": { "id": "7e15f804-f5a9-4e29-8aeb-4ba2b116dc46", "title": "Product Size Chart For WooCommerce <= 1.1.5 - Cross-Site Request Forgery via get_save_option", "software": [ { "type": "plugin", "name": "Product Size Chart For WooCommerce", "slug": "product-size-chart-for-woo", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e15f804-f5a9-4e29-8aeb-4ba2b116dc46?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e1885be-dc9f-4858-a155-ad6fcc117d0d": { "id": "7e1885be-dc9f-4858-a155-ad6fcc117d0d", "title": "Piotnet Addons For Elementor <= 2.4.27 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor", "slug": "piotnet-addons-for-elementor", "affected_versions": { "* - 2.4.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e1885be-dc9f-4858-a155-ad6fcc117d0d?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e199cd3-e2ce-4969-a517-4a9c2a84bf44": { "id": "7e199cd3-e2ce-4969-a517-4a9c2a84bf44", "title": "Travelpayouts <= 1.0.16 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Travelpayouts: All Travel Brands in One Place", "slug": "travelpayouts", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e199cd3-e2ce-4969-a517-4a9c2a84bf44?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e1bb306-c1a4-4b59-ad57-a9ca4500b049": { "id": "7e1bb306-c1a4-4b59-ad57-a9ca4500b049", "title": "Icegram <= 1.10.28.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 1.10.28.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.28.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e1bb306-c1a4-4b59-ad57-a9ca4500b049?source=api-scan" ], "published": "2019-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e1cdaf3-76fe-4b73-b30b-4554f0d34d11": { "id": "7e1cdaf3-76fe-4b73-b30b-4554f0d34d11", "title": "Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e1cdaf3-76fe-4b73-b30b-4554f0d34d11?source=api-scan" ], "published": "2024-05-21 11:13:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e1d4080-cd8a-455a-85f4-87f195ebe4a2": { "id": "7e1d4080-cd8a-455a-85f4-87f195ebe4a2", "title": "Betheme <= 26.6.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "26.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e1d4080-cd8a-455a-85f4-87f195ebe4a2?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e2014bd-2809-4f79-913d-d7a35eda63ef": { "id": "7e2014bd-2809-4f79-913d-d7a35eda63ef", "title": "Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Publish to Schedule", "slug": "publish-to-schedule", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e2014bd-2809-4f79-913d-d7a35eda63ef?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e232114-c14a-43a7-bc78-423f7e5b35fb": { "id": "7e232114-c14a-43a7-bc78-423f7e5b35fb", "title": "OnePress <= 2.3.6 - Cross-Site Request Forgery via save_settings()", "software": [ { "type": "theme", "name": "OnePress", "slug": "onepress", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e232114-c14a-43a7-bc78-423f7e5b35fb?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e24383b-5b0f-4114-908b-4c2778632f73": { "id": "7e24383b-5b0f-4114-908b-4c2778632f73", "title": "wp image slideshow <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "wp image slideshow", "slug": "wp-image-slideshow", "affected_versions": { "* - 12.0": { "from_version": "*", "from_inclusive": true, "to_version": "12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e24383b-5b0f-4114-908b-4c2778632f73?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e289b06-66c8-4d50-a8f7-e07c5ae8f7c8": { "id": "7e289b06-66c8-4d50-a8f7-e07c5ae8f7c8", "title": "Shortcodes AnyWhere <= 1.0.1 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Shortcodes AnyWhere", "slug": "shortcodes-anywhere", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e289b06-66c8-4d50-a8f7-e07c5ae8f7c8?source=api-scan" ], "published": "2024-10-09 13:34:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e3a1e3c-eba0-4ef4-bcb8-929799bb56a8": { "id": "7e3a1e3c-eba0-4ef4-bcb8-929799bb56a8", "title": "LifterLMS \u2013 WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "* - 7.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e3a1e3c-eba0-4ef4-bcb8-929799bb56a8?source=api-scan" ], "published": "2024-06-04 19:34:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e3ae5e7-1f41-48cd-8aea-698e3b00066c": { "id": "7e3ae5e7-1f41-48cd-8aea-698e3b00066c", "title": "Total Poll Lite <= 4.8.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Poll | Vote | Contest \u2013 Best Poll Plugin for WordPress", "slug": "totalpoll-lite", "affected_versions": { "* - 4.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e3ae5e7-1f41-48cd-8aea-698e3b00066c?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e3f3104-e213-4b0f-9821-b3f1a5c06191": { "id": "7e3f3104-e213-4b0f-9821-b3f1a5c06191", "title": "WP EXtra <= 6.4 - Cross-Site Request Forgery ToolImport", "software": [ { "type": "plugin", "name": "WP EXtra", "slug": "wp-extra", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e3f3104-e213-4b0f-9821-b3f1a5c06191?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e3fd472-c8ea-42dc-93df-872361ec97f3": { "id": "7e3fd472-c8ea-42dc-93df-872361ec97f3", "title": "Attachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Attachment File Icons (AF Icons)", "slug": "attachment-file-icons", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e3fd472-c8ea-42dc-93df-872361ec97f3?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e42954c-1ae3-41ef-8dd3-16e5820aa36f": { "id": "7e42954c-1ae3-41ef-8dd3-16e5820aa36f", "title": "WordPress Core <= 3.5.1 - Content-Spoofing Attacks", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e42954c-1ae3-41ef-8dd3-16e5820aa36f?source=api-scan" ], "published": "2013-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e49d389-0ae8-48e1-8ff7-67ddaa5b2867": { "id": "7e49d389-0ae8-48e1-8ff7-67ddaa5b2867", "title": "Social Media Follow Buttons Bar <= 4.73 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Follow Buttons Bar", "slug": "social-media-buttons-toolbar", "affected_versions": { "* - 4.73": { "from_version": "*", "from_inclusive": true, "to_version": "4.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e49d389-0ae8-48e1-8ff7-67ddaa5b2867?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e4e1afd-604d-45c2-ab6b-fa9ccac0c361": { "id": "7e4e1afd-604d-45c2-ab6b-fa9ccac0c361", "title": "All Import Pro Plugin < 4.1.2 - SQL injection", "software": [ { "type": "plugin", "name": "WP All Import Pro", "slug": "wp-all-import-pro", "affected_versions": { "[*, 4.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e4e1afd-604d-45c2-ab6b-fa9ccac0c361?source=api-scan" ], "published": "2020-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e501592-4411-4c0a-aa67-e2d0a29d5d35": { "id": "7e501592-4411-4c0a-aa67-e2d0a29d5d35", "title": "User Location and IP <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Location and IP", "slug": "user-location-and-ip", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e501592-4411-4c0a-aa67-e2d0a29d5d35?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e52882e-d86f-4863-bdb6-e33c0449d14c": { "id": "7e52882e-d86f-4863-bdb6-e33c0449d14c", "title": "PHP Everywhere <= 2.0.3 - Authenticated (Contributor+) Remote Code Execution via Metabox", "software": [ { "type": "plugin", "name": "PHP Everywhere", "slug": "php-everywhere", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e52882e-d86f-4863-bdb6-e33c0449d14c?source=api-scan" ], "published": "2022-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e539549-1125-4b0e-aa3c-c8844041c23a": { "id": "7e539549-1125-4b0e-aa3c-c8844041c23a", "title": "Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Debug Log Manager", "slug": "debug-log-manager", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e539549-1125-4b0e-aa3c-c8844041c23a?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e697e7f-8d5b-4a9f-9148-f2dc5fb1ba38": { "id": "7e697e7f-8d5b-4a9f-9148-f2dc5fb1ba38", "title": "Web and WooCommerce Addons for WPBakery Builder <= 1.4.4.1 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Web and WooCommerce Addons for WPBakery Builder", "slug": "vc-addons-by-bit14", "affected_versions": { "* - 1.4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e697e7f-8d5b-4a9f-9148-f2dc5fb1ba38?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9": { "id": "7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e6f9f8c-a36b-412d-a2ae-cc90e3a840f6": { "id": "7e6f9f8c-a36b-412d-a2ae-cc90e3a840f6", "title": "Kimili Flash Embed <= 2.5.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Kimili Flash Embed", "slug": "kimili-flash-embed", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e6f9f8c-a36b-412d-a2ae-cc90e3a840f6?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e7741d1-8b30-460d-bf1b-edc475841c71": { "id": "7e7741d1-8b30-460d-bf1b-edc475841c71", "title": "MailOptin <= 1.2.54.0 - Authenticated (Admin+) Cross Site Scripting", "software": [ { "type": "plugin", "name": "Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber \u2013 MailOptin", "slug": "mailoptin", "affected_versions": { "1.2.54.0": { "from_version": "1.2.54.0", "from_inclusive": true, "to_version": "1.2.54.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.54.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e7741d1-8b30-460d-bf1b-edc475841c71?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e78d678-1560-401d-a409-21207332e062": { "id": "7e78d678-1560-401d-a409-21207332e062", "title": "WP SVG Icons <= 3.2.3 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP SVG Icons", "slug": "svg-vector-icon-plugin", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e78d678-1560-401d-a409-21207332e062?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e7a289f-39ef-4961-bd08-34e6a7dfdac5": { "id": "7e7a289f-39ef-4961-bd08-34e6a7dfdac5", "title": "WP ULike 4.7.1 - 4.7.2 - Authenticated (Subscriber+) Stored-Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "4.7.1 - 4.7.2": { "from_version": "4.7.1", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e7a289f-39ef-4961-bd08-34e6a7dfdac5?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e7b24b5-13e4-4164-8462-fd81b1033f2c": { "id": "7e7b24b5-13e4-4164-8462-fd81b1033f2c", "title": "301 Redirects - Easy Redirect Manager < 2.51 - SQL Injection", "software": [ { "type": "plugin", "name": "301 Redirects \u2013 Easy Redirect Manager", "slug": "eps-301-redirects", "affected_versions": { "[*, 2.51)": { "from_version": "*", "from_inclusive": true, "to_version": "2.51", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e7b24b5-13e4-4164-8462-fd81b1033f2c?source=api-scan" ], "published": "2021-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e7d3bf0-1860-45b0-b928-2291b0f98902": { "id": "7e7d3bf0-1860-45b0-b928-2291b0f98902", "title": "Top 10 <= 3.3.2 - Cross-Site Request Forgery via edit_count_ajax", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e7d3bf0-1860-45b0-b928-2291b0f98902?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5": { "id": "7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5", "title": "Schema & Structured Data for WP & AMP <= 1.26 - Authenticated (Custom) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Schema & Structured Data for WP & AMP", "slug": "schema-and-structured-data-for-wp", "affected_versions": { "* - 1.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e82e1c5-0ed4-4dee-9990-976591693eb5": { "id": "7e82e1c5-0ed4-4dee-9990-976591693eb5", "title": "EventPrime \u2013 Events Calendar, Bookings and Tickets <= 3.4.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e8745da-fd3a-44b3-b288-9a2b83e8dcd8": { "id": "7e8745da-fd3a-44b3-b288-9a2b83e8dcd8", "title": "WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-EMail", "slug": "wp-email", "affected_versions": { "[*, 2.69.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.69.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.69.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e8745da-fd3a-44b3-b288-9a2b83e8dcd8?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e8911a3-ce0f-420c-bf2a-1c2929d01cef": { "id": "7e8911a3-ce0f-420c-bf2a-1c2929d01cef", "title": "POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e8911a3-ce0f-420c-bf2a-1c2929d01cef?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e89b33e-fc3c-44e9-823c-e9349147acf5": { "id": "7e89b33e-fc3c-44e9-823c-e9349147acf5", "title": "Allow SVG Files <= 1.0 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Allow svg files", "slug": "asf-allow-svg-files", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e89b33e-fc3c-44e9-823c-e9349147acf5?source=api-scan" ], "published": "2020-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e8ab165-57b8-4509-86b8-6e5226812264": { "id": "7e8ab165-57b8-4509-86b8-6e5226812264", "title": "Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "2.6.0 - 2.7.7": { "from_version": "2.6.0", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e8ab165-57b8-4509-86b8-6e5226812264?source=api-scan" ], "published": "2022-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e8f230e-3f96-4efd-806d-72725b960303": { "id": "7e8f230e-3f96-4efd-806d-72725b960303", "title": "Appointments <= 2.2.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Appointments", "slug": "appointments", "affected_versions": { "[*, 2.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e8f230e-3f96-4efd-806d-72725b960303?source=api-scan" ], "published": "2017-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e95773c-b968-47b3-8ae7-9a8d3389666c": { "id": "7e95773c-b968-47b3-8ae7-9a8d3389666c", "title": "YITH WooCommerce Product Add-Ons <= 4.2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "YITH WooCommerce Product Add-Ons", "slug": "yith-woocommerce-product-add-ons", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e95773c-b968-47b3-8ae7-9a8d3389666c?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e977be1-d346-4fcc-89a5-332cbd010d18": { "id": "7e977be1-d346-4fcc-89a5-332cbd010d18", "title": "Download Attachments <= 1.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Download Attachments", "slug": "download-attachments", "affected_versions": { "* - 1.2.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e977be1-d346-4fcc-89a5-332cbd010d18?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e97d9dd-7d4a-4862-abba-6e8816bbbe9b": { "id": "7e97d9dd-7d4a-4862-abba-6e8816bbbe9b", "title": "Crisp <= 0.44 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crisp \u2013 Live Chat and Chatbot", "slug": "crisp", "affected_versions": { "* - 0.44": { "from_version": "*", "from_inclusive": true, "to_version": "0.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e97d9dd-7d4a-4862-abba-6e8816bbbe9b?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e9b004a-2050-47e8-ac4d-491b715c87d2": { "id": "7e9b004a-2050-47e8-ac4d-491b715c87d2", "title": "Zenon Lite <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Zenon Lite", "slug": "zenon-lite", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e9b004a-2050-47e8-ac4d-491b715c87d2?source=api-scan" ], "published": "2024-07-17 14:01:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5": { "id": "7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5", "title": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress <= 5.3.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 5.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7e9dcedd-aa81-47c4-9fc5-cecc7bc394b5?source=api-scan" ], "published": "2015-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ea2726a-a601-45ac-9f20-c34b82edf441": { "id": "7ea2726a-a601-45ac-9f20-c34b82edf441", "title": "WooCommerce Predictive Search <= 5.8.0 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Predictive Search for WooCommerce", "slug": "woocommerce-predictive-search", "affected_versions": { "* - 5.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ea2726a-a601-45ac-9f20-c34b82edf441?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ea2bb8c-cc8b-49de-9c8e-2c8c0569f4ac": { "id": "7ea2bb8c-cc8b-49de-9c8e-2c8c0569f4ac", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.37": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ea2bb8c-cc8b-49de-9c8e-2c8c0569f4ac?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ea4ca2d-6a67-43ad-817d-960cad3030b8": { "id": "7ea4ca2d-6a67-43ad-817d-960cad3030b8", "title": "Uncanny Toolkit for LearnDash <= 3.6.4.1 - Cross-Site Request Forgery to Arbitrary Plugin Install and Activation", "software": [ { "type": "plugin", "name": "Uncanny Toolkit for LearnDash", "slug": "uncanny-learndash-toolkit", "affected_versions": { "* - 3.6.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ea4ca2d-6a67-43ad-817d-960cad3030b8?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7eaa196b-429a-4d15-903b-16f33cc0bd6f": { "id": "7eaa196b-429a-4d15-903b-16f33cc0bd6f", "title": "Ultimate FAQ <= 1.8.29 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate FAQ Accordion Plugin", "slug": "ultimate-faqs", "affected_versions": { "* - 1.8.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7eaa196b-429a-4d15-903b-16f33cc0bd6f?source=api-scan" ], "published": "2020-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7eada9b7-8d53-4e95-858e-aa706f74b2a1": { "id": "7eada9b7-8d53-4e95-858e-aa706f74b2a1", "title": "Simple File List <= 6.1.9 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 6.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7eada9b7-8d53-4e95-858e-aa706f74b2a1?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e": { "id": "7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e", "title": "Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress", "slug": "enhanced-e-commerce-for-woocommerce-store", "affected_versions": { "* - 7.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ebd4936-9d68-42cb-a427-a1db894b49ec": { "id": "7ebd4936-9d68-42cb-a427-a1db894b49ec", "title": "Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin <= 5.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin", "slug": "amazon-auto-links", "affected_versions": { "* - 5.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ebd4936-9d68-42cb-a427-a1db894b49ec?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ec03e35-9de7-44e8-88be-5a374edd8984": { "id": "7ec03e35-9de7-44e8-88be-5a374edd8984", "title": "Financio <= 1.1.3 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Financio", "slug": "financio", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ec03e35-9de7-44e8-88be-5a374edd8984?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ec15c74-5188-4769-ab16-98d9c85bb0c2": { "id": "7ec15c74-5188-4769-ab16-98d9c85bb0c2", "title": "All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All In One Redirection", "slug": "all-in-one-redirection", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ec15c74-5188-4769-ab16-98d9c85bb0c2?source=api-scan" ], "published": "2024-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ec1d883-147f-4a15-89ab-bd9c41893589": { "id": "7ec1d883-147f-4a15-89ab-bd9c41893589", "title": "Automation By Autonami <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit", "slug": "wp-marketing-automations", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ec1d883-147f-4a15-89ab-bd9c41893589?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ec6b03c-e594-4b20-9da0-78413048ba70": { "id": "7ec6b03c-e594-4b20-9da0-78413048ba70", "title": "Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ec6b03c-e594-4b20-9da0-78413048ba70?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ecc92c7-619d-442a-811f-4606e6d85d48": { "id": "7ecc92c7-619d-442a-811f-4606e6d85d48", "title": "cSlider <= 2.4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "cSlider", "slug": "cslider", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ecc92c7-619d-442a-811f-4606e6d85d48?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7eccbf15-db22-439b-a733-1ce9b991728f": { "id": "7eccbf15-db22-439b-a733-1ce9b991728f", "title": "WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Customer Editing", "software": [ { "type": "plugin", "name": "WP eStore", "slug": "wp-cart-for-digital-products", "affected_versions": { "* - 8.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7eccbf15-db22-439b-a733-1ce9b991728f?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7edad4f6-e470-4a72-b618-d2dad64e0ac1": { "id": "7edad4f6-e470-4a72-b618-d2dad64e0ac1", "title": "YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Options Module", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7edad4f6-e470-4a72-b618-d2dad64e0ac1?source=api-scan" ], "published": "2021-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7edc150f-5c38-4bb7-a65c-44a91c24325a": { "id": "7edc150f-5c38-4bb7-a65c-44a91c24325a", "title": "Calendar.online \/ Kalender.digital <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calendar.online \/ Kalender.digital \u2013 Plugin", "slug": "kalender-digital", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7edc150f-5c38-4bb7-a65c-44a91c24325a?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7edd06d9-3897-4644-a77e-e58ab6d14c95": { "id": "7edd06d9-3897-4644-a77e-e58ab6d14c95", "title": "YITH WooCommerce Product Add-Ons <= 4.3.0 - Authenticated(Shop Manager+) PHP Object Injection", "software": [ { "type": "plugin", "name": "YITH WooCommerce Product Add-Ons", "slug": "yith-woocommerce-product-add-ons", "affected_versions": { "[*, 4.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7edd06d9-3897-4644-a77e-e58ab6d14c95?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ee1660e-10c0-447b-8562-c3af07997f56": { "id": "7ee1660e-10c0-447b-8562-c3af07997f56", "title": "Woo Custom Emails <= 2.2 - Missing Authorization to Unauthenticated Settings Change", "software": [ { "type": "plugin", "name": "Woo Custom Emails", "slug": "woo-custom-emails", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ee1660e-10c0-447b-8562-c3af07997f56?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ee267ff-b650-44a5-994b-3a22d34722e8": { "id": "7ee267ff-b650-44a5-994b-3a22d34722e8", "title": "WordPress Backup and Migrate Plugin \u2013 Backup Guard < 1.0.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ee267ff-b650-44a5-994b-3a22d34722e8?source=api-scan" ], "published": "2016-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5": { "id": "7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ee73abf-0ab8-48ab-bd94-18ed66f877fd": { "id": "7ee73abf-0ab8-48ab-bd94-18ed66f877fd", "title": "Formzu WP <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id", "software": [ { "type": "plugin", "name": "Formzu WP", "slug": "formzu-wp", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ee73abf-0ab8-48ab-bd94-18ed66f877fd?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7eed1ae6-ee59-4616-9564-9aa5ec302ea9": { "id": "7eed1ae6-ee59-4616-9564-9aa5ec302ea9", "title": "YAWPP (Yet Another WordPress Petition Plugin) <= 1.2.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "YAWPP (Yet Another WordPress Petition Plugin)", "slug": "yawpp", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7eed1ae6-ee59-4616-9564-9aa5ec302ea9?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7eee591c-2676-479c-ab15-96da10f51ae0": { "id": "7eee591c-2676-479c-ab15-96da10f51ae0", "title": "Click To Tweet <= 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Click To Tweet", "slug": "click-to-tweet", "affected_versions": { "* - 2.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7eee591c-2676-479c-ab15-96da10f51ae0?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ef23b03-8452-4730-860c-2c2ef1686202": { "id": "7ef23b03-8452-4730-860c-2c2ef1686202", "title": "Namaste! LMS <= 2.5.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'accept_other_payment_methods', 'other_payment_methods' Parameters", "software": [ { "type": "plugin", "name": "Namaste! LMS", "slug": "namaste-lms", "affected_versions": { "* - 2.5.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ef23b03-8452-4730-860c-2c2ef1686202?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ef37e72-f98f-4df6-8adb-514690350a82": { "id": "7ef37e72-f98f-4df6-8adb-514690350a82", "title": "Photos and Files Contest Gallery \u2013 Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress <= 21.3.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 21.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "21.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ef37e72-f98f-4df6-8adb-514690350a82?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ef64118-b388-4260-930b-6a31992d4076": { "id": "7ef64118-b388-4260-930b-6a31992d4076", "title": "Gravitate QA Tracker <= 1.2.1 - Object Injection", "software": [ { "type": "plugin", "name": "Gravitate QA Tracker", "slug": "gravitate-qa-tracker", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ef64118-b388-4260-930b-6a31992d4076?source=api-scan" ], "published": "2017-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ef6f598-e1a7-4036-9485-1aad0416349a": { "id": "7ef6f598-e1a7-4036-9485-1aad0416349a", "title": "WP MapIt <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP MapIt", "slug": "wp-mapit", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ef6f598-e1a7-4036-9485-1aad0416349a?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ef79c77-53e7-439d-985a-786eb73c44eb": { "id": "7ef79c77-53e7-439d-985a-786eb73c44eb", "title": "Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ef79c77-53e7-439d-985a-786eb73c44eb?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7efe0cd8-e8a0-43e8-b797-ddb690ba9e51": { "id": "7efe0cd8-e8a0-43e8-b797-ddb690ba9e51", "title": "AdPush <= 1.50 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AdPush", "slug": "adsense-plugin", "affected_versions": { "* - 1.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.50", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7efe0cd8-e8a0-43e8-b797-ddb690ba9e51?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f01ad95-7a51-408c-917f-4350dbeabb2b": { "id": "7f01ad95-7a51-408c-917f-4350dbeabb2b", "title": "Editorial Calendar <= 3.7.12 - Authenticated (Contributor+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Editorial Calendar", "slug": "editorial-calendar", "affected_versions": { "* - 3.7.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f01ad95-7a51-408c-917f-4350dbeabb2b?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f051566-ac84-4ab6-b0ce-4dbcafc09d67": { "id": "7f051566-ac84-4ab6-b0ce-4dbcafc09d67", "title": "Easy Social Box \/ Page Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Social Box \/ Page Plugin", "slug": "easy-facebook-like-box", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f051566-ac84-4ab6-b0ce-4dbcafc09d67?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f0be29a-7896-4166-a2a6-64f99d845236": { "id": "7f0be29a-7896-4166-a2a6-64f99d845236", "title": "Sitekit <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe ' shortcode", "software": [ { "type": "plugin", "name": "Sitekit", "slug": "sitekit", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f0be29a-7896-4166-a2a6-64f99d845236?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f0eac1e-4988-4b73-bf13-c959b0dc11e2": { "id": "7f0eac1e-4988-4b73-bf13-c959b0dc11e2", "title": "Form Maker <= 1.15.16 - Missing Authorization in check_score", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f0eac1e-4988-4b73-bf13-c959b0dc11e2?source=api-scan" ], "published": "2023-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f13a432-e37d-4183-85ff-e2a04b40cda8": { "id": "7f13a432-e37d-4183-85ff-e2a04b40cda8", "title": "WP Crowdfunding <= 2.1.6 - Reflected Cross-Site Scripting via postid", "software": [ { "type": "plugin", "name": "WP Crowdfunding", "slug": "wp-crowdfunding", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f13a432-e37d-4183-85ff-e2a04b40cda8?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f15ac06-b5d3-4265-b69b-1d46b12a0522": { "id": "7f15ac06-b5d3-4265-b69b-1d46b12a0522", "title": "Spreadshop Plugin <= 1.6.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Spreadshop Plugin", "slug": "spreadshop", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f15ac06-b5d3-4265-b69b-1d46b12a0522?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f17e055-ad49-4115-89c5-dd76b6c531f7": { "id": "7f17e055-ad49-4115-89c5-dd76b6c531f7", "title": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f17e055-ad49-4115-89c5-dd76b6c531f7?source=api-scan" ], "published": "2024-08-09 13:41:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f192811-378b-422d-8086-9a957b464bb7": { "id": "7f192811-378b-422d-8086-9a957b464bb7", "title": "Tainacan <= 0.20.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.20.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.20.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.20.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f192811-378b-422d-8086-9a957b464bb7?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f1a0d90-2574-4d48-b673-f47c8bc65d21": { "id": "7f1a0d90-2574-4d48-b673-f47c8bc65d21", "title": "Easy Forms for Mailchimp <= 6.5.2 - Code Injection", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "[*, 6.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f1a0d90-2574-4d48-b673-f47c8bc65d21?source=api-scan" ], "published": "2019-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f20352f-386f-45ab-b719-8a70f5c11b02": { "id": "7f20352f-386f-45ab-b719-8a70f5c11b02", "title": "JQueryFileTree <= 2.1.5 - Directory Traversal", "software": [ { "type": "plugin", "name": "Better Search TMC", "slug": "better-search-tmc", "affected_versions": { "* - 1.0.52": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.52", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Admin Page Framework", "slug": "admin-page-framework", "affected_versions": { "* - 3.8.34": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.0" ] }, { "type": "plugin", "name": "Task Scheduler", "slug": "task-scheduler", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] }, { "type": "plugin", "name": "Faculty Weekly Schedule", "slug": "faculty-weekly-schedule", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Read Offline", "slug": "read-offline", "affected_versions": { "* - 0.9.17": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Revision Manager TMC", "slug": "revision-manager-tmc", "affected_versions": { "* - 2.7.91": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] }, { "type": "plugin", "name": "Delightful Downloads", "slug": "delightful-downloads", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-scan" ], "published": "2017-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f2d3acb-5931-4629-8f03-4ab40fadf7c7": { "id": "7f2d3acb-5931-4629-8f03-4ab40fadf7c7", "title": "Kama SpamBlock <= 1.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kama SpamBlock", "slug": "kama-spamblock", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f2d3acb-5931-4629-8f03-4ab40fadf7c7?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f33bc98-167d-4913-8de5-b80296955673": { "id": "7f33bc98-167d-4913-8de5-b80296955673", "title": "3CX Free Live Chat <= 6.2.03 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 6.2.03": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f33bc98-167d-4913-8de5-b80296955673?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f341562-232e-437f-8d3d-83a06402e8ef": { "id": "7f341562-232e-437f-8d3d-83a06402e8ef", "title": "Envira Photo Gallery <= 1.8.7.3 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery", "slug": "envira-gallery-lite", "affected_versions": { "* - 1.8.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f341562-232e-437f-8d3d-83a06402e8ef?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f34f4a6-9092-4e67-8a1e-7c60edde0b2a": { "id": "7f34f4a6-9092-4e67-8a1e-7c60edde0b2a", "title": "MailerLite \u2013 Signup forms (official) 1.5.0 - 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailerLite \u2013 Signup forms (official)", "slug": "official-mailerlite-sign-up-forms", "affected_versions": { "1.5.0 - 1.7.6": { "from_version": "1.5.0", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f34f4a6-9092-4e67-8a1e-7c60edde0b2a?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f380786-7fd8-4a01-b491-63a2c6098a9e": { "id": "7f380786-7fd8-4a01-b491-63a2c6098a9e", "title": "CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "CBX Petition for WordPress", "slug": "cbxpetition", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f380786-7fd8-4a01-b491-63a2c6098a9e?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f447d25-1a38-48fe-8079-5ff425382046": { "id": "7f447d25-1a38-48fe-8079-5ff425382046", "title": "eCommerce Product Catalog Plugin for WordPress <= 3.0.69 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.0.69": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.69", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f447d25-1a38-48fe-8079-5ff425382046?source=api-scan" ], "published": "2022-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f46ab3d-83fc-46a2-863e-7ce9b5391524": { "id": "7f46ab3d-83fc-46a2-863e-7ce9b5391524", "title": "Availability Calendar <= 1.2.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Availability Calendar", "slug": "availability-calendar", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f46ab3d-83fc-46a2-863e-7ce9b5391524?source=api-scan" ], "published": "2021-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f49477f-7a43-489b-8d3c-db8d0efeb596": { "id": "7f49477f-7a43-489b-8d3c-db8d0efeb596", "title": "Cancel order request WooCommerce <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cancel order request \/ Return order \/ Repeat Order \/ Reorder for WooCommerce", "slug": "cancel-order-request-woocommerce", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f49477f-7a43-489b-8d3c-db8d0efeb596?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f4c9a5b-93ec-4979-921a-91134cb09566": { "id": "7f4c9a5b-93ec-4979-921a-91134cb09566", "title": "Welcart e-Commerce <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f4c9a5b-93ec-4979-921a-91134cb09566?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f4df92b-b6b5-441e-a772-fed63cb83bf7": { "id": "7f4df92b-b6b5-441e-a772-fed63cb83bf7", "title": "Authenticator <= 1.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Authenticator", "slug": "authenticator", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f4df92b-b6b5-441e-a772-fed63cb83bf7?source=api-scan" ], "published": "2022-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f4f188f-ca84-44df-9738-d61094c2e695": { "id": "7f4f188f-ca84-44df-9738-d61094c2e695", "title": "Find and Replace All <= 1.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Find and Replace All", "slug": "find-and-replace-all", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f4f188f-ca84-44df-9738-d61094c2e695?source=api-scan" ], "published": "2022-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f50769c-77b8-42ff-b67d-b9b289fc51da": { "id": "7f50769c-77b8-42ff-b67d-b9b289fc51da", "title": "Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Affiliate Super Assistent", "slug": "amazonsimpleadmin", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f50769c-77b8-42ff-b67d-b9b289fc51da?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f51ae93-6880-4dc8-b183-424a8407f441": { "id": "7f51ae93-6880-4dc8-b183-424a8407f441", "title": "Livefyre Comments 3 <= 4.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Livefyre Comments 3", "slug": "livefyre-comments", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f51ae93-6880-4dc8-b183-424a8407f441?source=api-scan" ], "published": "2015-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f562b4c-8934-45fd-b9a4-eeb3a6bcf609": { "id": "7f562b4c-8934-45fd-b9a4-eeb3a6bcf609", "title": "Delete All Comments Easily <= 1.3 - All Comments Deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Delete All Comments Easily", "slug": "delete-all-comments-easily", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f562b4c-8934-45fd-b9a4-eeb3a6bcf609?source=api-scan" ], "published": "2020-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f5bc5cc-fe96-48f6-b9c9-a2b9d83406b6": { "id": "7f5bc5cc-fe96-48f6-b9c9-a2b9d83406b6", "title": "Custom TinyMCE Shortcode Button <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom TinyMCE Shortcode Button", "slug": "custom-tinymce-shortcode-button", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f5bc5cc-fe96-48f6-b9c9-a2b9d83406b6?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f5d3973-5bbb-4c85-9790-e12f3fc14f30": { "id": "7f5d3973-5bbb-4c85-9790-e12f3fc14f30", "title": "Donations Made Easy \u2013 Smart Donations <= 4.0.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Donations Made Easy \u2013 Smart Donations", "slug": "smart-donations", "affected_versions": { "* - 4.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f5d3973-5bbb-4c85-9790-e12f3fc14f30?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f6693fd-2ffc-4281-9da3-bdbf70e20cfa": { "id": "7f6693fd-2ffc-4281-9da3-bdbf70e20cfa", "title": "Single Post Exporter <= 1.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Single Post Exporter", "slug": "single-post-exporter", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f6693fd-2ffc-4281-9da3-bdbf70e20cfa?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f690ea9-b773-49d4-9fa4-2a8bb7593d62": { "id": "7f690ea9-b773-49d4-9fa4-2a8bb7593d62", "title": "Forms by CaptainForm <= 2.5.3 - Reflected Cross-Site Scripting via REQUEST_URI", "software": [ { "type": "plugin", "name": "Forms by CaptainForm \u2013 Form Builder for WordPress", "slug": "captainform", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f690ea9-b773-49d4-9fa4-2a8bb7593d62?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f6c33f4-58e7-4a0b-8293-5cb951f63ffc": { "id": "7f6c33f4-58e7-4a0b-8293-5cb951f63ffc", "title": "Webba Booking <= 4.2.21 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment & Event Booking Calendar Plugin \u2013 Webba Booking", "slug": "webba-booking-lite", "affected_versions": { "* - 4.2.21": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f6c33f4-58e7-4a0b-8293-5cb951f63ffc?source=api-scan" ], "published": "2022-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f706c15-56c8-4eb4-9790-b394d37b0e33": { "id": "7f706c15-56c8-4eb4-9790-b394d37b0e33", "title": "Stripe for WooCommerce 3.0.0 - 3.3.9 - Missing Authorization Controls to Financial Account Hijacking", "software": [ { "type": "plugin", "name": "Stripe for WooCommerce", "slug": "stripe-for-woocommerce", "affected_versions": { "3.0.0 - 3.3.9": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f706c15-56c8-4eb4-9790-b394d37b0e33?source=api-scan" ], "published": "2021-10-01 15:29:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f734db8-216e-43f3-8082-ebdcc28d3606": { "id": "7f734db8-216e-43f3-8082-ebdcc28d3606", "title": "Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Wholesale For WooCommerce", "slug": "woocommerce-wholesale-pricing", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f734db8-216e-43f3-8082-ebdcc28d3606?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f73d0a6-2eae-4d85-96ce-db5902bd6e3a": { "id": "7f73d0a6-2eae-4d85-96ce-db5902bd6e3a", "title": "WooCommerce Pre-Orders <= 2.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Pre-Orders", "slug": "woocommerce-pre-orders", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f73d0a6-2eae-4d85-96ce-db5902bd6e3a?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f745e44-fdf1-416d-b1aa-27305533464e": { "id": "7f745e44-fdf1-416d-b1aa-27305533464e", "title": "Table of Contents Plus <= 2408 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Table of Contents Plus", "slug": "table-of-contents-plus", "affected_versions": { "* - 2408": { "from_version": "*", "from_inclusive": true, "to_version": "2408", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f745e44-fdf1-416d-b1aa-27305533464e?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f765327-3872-46cc-a4f9-40219bf0dd99": { "id": "7f765327-3872-46cc-a4f9-40219bf0dd99", "title": "Click To Tweet <= 2.0.14 - Missing Authorization", "software": [ { "type": "plugin", "name": "Click To Tweet", "slug": "click-to-tweet", "affected_versions": { "* - 2.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f765327-3872-46cc-a4f9-40219bf0dd99?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f787c75-7b27-4256-ac0c-abc2988ea7c8": { "id": "7f787c75-7b27-4256-ac0c-abc2988ea7c8", "title": "Auto Affiliate Links <= 6.2.1.5 - Authenticated (Subscriber+) Plugin Settings Change", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "* - 6.2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f787c75-7b27-4256-ac0c-abc2988ea7c8?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f7a8ee7-af69-4aff-abf7-6d69d920fe61": { "id": "7f7a8ee7-af69-4aff-abf7-6d69d920fe61", "title": "Spam Free WordPress <= 1.9.3 - IP Protection Bypass", "software": [ { "type": "plugin", "name": "Spam Free WordPress", "slug": "spam-free-wordpress", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f7a8ee7-af69-4aff-abf7-6d69d920fe61?source=api-scan" ], "published": "2013-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f7d16d2-ecc0-4352-b7b9-2c3242f43dbf": { "id": "7f7d16d2-ecc0-4352-b7b9-2c3242f43dbf", "title": "RegistrationMagic \u2013 Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings and User Data Export", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "[*, 4.6.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f7d16d2-ecc0-4352-b7b9-2c3242f43dbf?source=api-scan" ], "published": "2020-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f7ffa58-d942-4d60-9df4-6e646fadc23a": { "id": "7f7ffa58-d942-4d60-9df4-6e646fadc23a", "title": "Ahime Image Printer <= 1.0.0 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Ahime Image Printer", "slug": "ahime-image-printer", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f7ffa58-d942-4d60-9df4-6e646fadc23a?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f8839cf-9e48-4981-8a0d-bb0c06cdf441": { "id": "7f8839cf-9e48-4981-8a0d-bb0c06cdf441", "title": "Client Dash <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Client Dash", "slug": "client-dash", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f8839cf-9e48-4981-8a0d-bb0c06cdf441?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f89ce1c-3f5e-43cb-9dd2-7ab5880d78d3": { "id": "7f89ce1c-3f5e-43cb-9dd2-7ab5880d78d3", "title": "Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Image Sitemap", "slug": "advanced-image-sitemap", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f89ce1c-3f5e-43cb-9dd2-7ab5880d78d3?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f8e836e-c9af-4614-83b2-c15e77d51155": { "id": "7f8e836e-c9af-4614-83b2-c15e77d51155", "title": "WordPrezi <= 0.8.2 - Authenticated (Contributor+) Strored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPrezi", "slug": "wordprezi", "affected_versions": { "* - 0.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f8e836e-c9af-4614-83b2-c15e77d51155?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f91992e-33fb-4384-af34-e27f68e1ca6e": { "id": "7f91992e-33fb-4384-af34-e27f68e1ca6e", "title": "Login by Auth0 Plugin <= 3.11.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login by Auth0", "slug": "auth0", "affected_versions": { "* - 3.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f91992e-33fb-4384-af34-e27f68e1ca6e?source=api-scan" ], "published": "2020-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f94efa6-b88b-442d-8162-f03efa7f2f65": { "id": "7f94efa6-b88b-442d-8162-f03efa7f2f65", "title": "Elespare \u2013 Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation", "software": [ { "type": "plugin", "name": "EleSpare: SEO-Optimized Elementor Addons for Blogs, News, & Magazine Websites \u2013 35+ Responsive Post Grids, Sliders, Carousels Widgets, 350+ Customizable Templates, Header\/Footer Builder, and Fast-Loading Starter Site Imports. No Coding Needed!", "slug": "elespare", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f94efa6-b88b-442d-8162-f03efa7f2f65?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f97af51-1532-4034-8b2a-8356b65cb617": { "id": "7f97af51-1532-4034-8b2a-8356b65cb617", "title": "Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f97af51-1532-4034-8b2a-8356b65cb617?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7f9b86a3-c68a-443f-a2f3-5f31f3280a6f": { "id": "7f9b86a3-c68a-443f-a2f3-5f31f3280a6f", "title": "ShortPixel Image Optimizer <= 4.22.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShortPixel Image Optimizer \u2013 Optimize Images, Convert WebP & AVIF", "slug": "shortpixel-image-optimiser", "affected_versions": { "* - 4.22.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.22.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.22.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7f9b86a3-c68a-443f-a2f3-5f31f3280a6f?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fa57b92-3a3e-418c-bfc2-7ed2602004e4": { "id": "7fa57b92-3a3e-418c-bfc2-7ed2602004e4", "title": "OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion", "software": [ { "type": "theme", "name": "OceanWP", "slug": "oceanwp", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fa57b92-3a3e-418c-bfc2-7ed2602004e4?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fa5ac48-57b6-4367-81a0-8310360d0c7d": { "id": "7fa5ac48-57b6-4367-81a0-8310360d0c7d", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fa5ac48-57b6-4367-81a0-8310360d0c7d?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fa8c406-e64d-4093-a102-436ecfb7dd76": { "id": "7fa8c406-e64d-4093-a102-436ecfb7dd76", "title": "GiveWP <= 2.25.3 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.26.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fa8c406-e64d-4093-a102-436ecfb7dd76?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fa986aa-e899-42e1-9b86-8b205e247cbf": { "id": "7fa986aa-e899-42e1-9b86-8b205e247cbf", "title": "HC Custom WP-Admin URL <= 1.4 - Information Exposure", "software": [ { "type": "plugin", "name": "HC Custom WP-Admin URL", "slug": "hc-custom-wp-admin-url", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fa986aa-e899-42e1-9b86-8b205e247cbf?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fab0e10-d388-41d4-a01f-9bbb8c3cfb5f": { "id": "7fab0e10-d388-41d4-a01f-9bbb8c3cfb5f", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fab0e10-d388-41d4-a01f-9bbb8c3cfb5f?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fad30c8-fd8a-4cf2-a3aa-16a374231b87": { "id": "7fad30c8-fd8a-4cf2-a3aa-16a374231b87", "title": "WPBakery <= 7.7 - Authenticated (Author+) Local File Inclusion", "software": [ { "type": "plugin", "name": "WPBakery Visual Composer", "slug": "js_composer", "affected_versions": { "* - 7.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fad30c8-fd8a-4cf2-a3aa-16a374231b87?source=api-scan" ], "published": "2024-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fb0cb21-6645-4a28-a78c-d5dbeaddbf21": { "id": "7fb0cb21-6645-4a28-a78c-d5dbeaddbf21", "title": "Conditional Checkout Fields & Edit Checkout Fields for WooCommerce <= 1.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Conditional Checkout Fields & Edit Checkout Fields for WooCommerce", "slug": "conditional-checkout-fields-for-woocommerce", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fb0cb21-6645-4a28-a78c-d5dbeaddbf21?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fb42402-4cd8-4d5d-b95a-47076ace27c0": { "id": "7fb42402-4cd8-4d5d-b95a-47076ace27c0", "title": "WP Crowdfunding <= 2.1.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Crowdfunding", "slug": "wp-crowdfunding", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fb42402-4cd8-4d5d-b95a-47076ace27c0?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fb646c4-6269-4354-b3a6-872c6303a6d2": { "id": "7fb646c4-6269-4354-b3a6-872c6303a6d2", "title": "FastDup <= 2.1.9 - Sensitive Information Exposure via Directory Listing", "software": [ { "type": "plugin", "name": "FastDup \u2013 Fastest WordPress Migration & Duplicator", "slug": "fastdup", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fb646c4-6269-4354-b3a6-872c6303a6d2?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fb7dd8f-6258-46e1-9cc5-87ec73d5736c": { "id": "7fb7dd8f-6258-46e1-9cc5-87ec73d5736c", "title": "Responsive Pricing Table < 5.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Responsive Pricing Table", "slug": "dk-pricr-responsive-pricing-table", "affected_versions": { "[*, 5.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fb7dd8f-6258-46e1-9cc5-87ec73d5736c?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fb9ceb4-84a6-41bc-97e4-5e4e12a6ea15": { "id": "7fb9ceb4-84a6-41bc-97e4-5e4e12a6ea15", "title": "Awesome Filterable Portfolio <= 1.9.7 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "Awesome Filterable Portfolio", "slug": "awesome-filterable-portfolio", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fb9ceb4-84a6-41bc-97e4-5e4e12a6ea15?source=api-scan" ], "published": "2022-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fbb7a39-936b-48f1-97f1-46dc23180b00": { "id": "7fbb7a39-936b-48f1-97f1-46dc23180b00", "title": "Mongoose Page Plugin <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Mongoose Page Plugin", "slug": "facebook-page-feed-graph-api", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fbb7a39-936b-48f1-97f1-46dc23180b00?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fbbd0d7-882f-4bc8-a67a-4d6dc05cb796": { "id": "7fbbd0d7-882f-4bc8-a67a-4d6dc05cb796", "title": "LearnDash LMS - Reports Free <= 1.8.2.1 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "LearnDash LMS \u2013 Reports", "slug": "wisdm-reports-for-learndash", "affected_versions": { "* - 1.8.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fbbd0d7-882f-4bc8-a67a-4d6dc05cb796?source=api-scan" ], "published": "2024-07-08 20:01:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fc72cff-b708-4fa2-a734-481446641a61": { "id": "7fc72cff-b708-4fa2-a734-481446641a61", "title": "Export Users to CSV <= 1.1.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Export Users to CSV", "slug": "export-users-to-csv", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fc72cff-b708-4fa2-a734-481446641a61?source=api-scan" ], "published": "2018-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fc8436b-f787-41dd-8404-9e85cca38cdf": { "id": "7fc8436b-f787-41dd-8404-9e85cca38cdf", "title": "Video Gallery \u2013 YouTube Gallery <= 1.7.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 Best WordPress YouTube Gallery Plugin", "slug": "gallery-videos", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fc8436b-f787-41dd-8404-9e85cca38cdf?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fcd0410-9423-4349-8d1c-3551de38a7c7": { "id": "7fcd0410-9423-4349-8d1c-3551de38a7c7", "title": "Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Information Exposure", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fcd0410-9423-4349-8d1c-3551de38a7c7?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fcde31b-6a58-4d8a-887f-1b2221b72c77": { "id": "7fcde31b-6a58-4d8a-887f-1b2221b72c77", "title": "Carts Guru <= 1.4.5 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Carts Guru", "slug": "carts-guru", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fcde31b-6a58-4d8a-887f-1b2221b72c77?source=api-scan" ], "published": "2019-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fd179ab-f2ab-4ce3-851f-d6da3f0243c6": { "id": "7fd179ab-f2ab-4ce3-851f-d6da3f0243c6", "title": "AceIDE <= 2.6.2 - Authenticated (Admin+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "AceIDE", "slug": "aceide", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fd179ab-f2ab-4ce3-851f-d6da3f0243c6?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fd7a515-6389-4152-8dac-d5497dd94f6d": { "id": "7fd7a515-6389-4152-8dac-d5497dd94f6d", "title": "PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion", "software": [ { "type": "plugin", "name": "PixelYourSite Pro \u2013 Your smart PIXEL (TAG) Manager", "slug": "pixelyoursite-pro", "affected_versions": { "* - 10.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "10.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.4.3" ] }, { "type": "plugin", "name": "PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager", "slug": "pixelyoursite", "affected_versions": { "* - 9.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fd7a515-6389-4152-8dac-d5497dd94f6d?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fd8277c-b096-4cee-bd13-fcb8c8b00ca0": { "id": "7fd8277c-b096-4cee-bd13-fcb8c8b00ca0", "title": "WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fd8277c-b096-4cee-bd13-fcb8c8b00ca0?source=api-scan" ], "published": "2019-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fd9bb08-1093-4ccd-9817-052760c19588": { "id": "7fd9bb08-1093-4ccd-9817-052760c19588", "title": "Depicter Slider <= 3.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", "slug": "depicter", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fd9bb08-1093-4ccd-9817-052760c19588?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fdad62e-d43a-4eb8-a637-0a257f3f18d4": { "id": "7fdad62e-d43a-4eb8-a637-0a257f3f18d4", "title": "Essential Addons for Elementor Pro <= 5.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag'", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor Pro", "slug": "essential-addons-elementor", "affected_versions": { "* - 5.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fdad62e-d43a-4eb8-a637-0a257f3f18d4?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fdb93fa-e9b4-4d00-8bb3-ff171a916b65": { "id": "7fdb93fa-e9b4-4d00-8bb3-ff171a916b65", "title": "MainWP Page Speed Extension <= 4.0.2 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP Page Speed Extension", "slug": "mainwp-page-speed-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fdb93fa-e9b4-4d00-8bb3-ff171a916b65?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fdc9003-35e9-4fe9-a3e9-353d6bab525a": { "id": "7fdc9003-35e9-4fe9-a3e9-353d6bab525a", "title": "Magazine Blocks <= 1.3.6 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magazine Blocks \u2013 Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid", "slug": "magazine-blocks", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fdc9003-35e9-4fe9-a3e9-353d6bab525a?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fdd1b1c-84b5-451a-a921-80be3b154398": { "id": "7fdd1b1c-84b5-451a-a921-80be3b154398", "title": "Tutor LMS Elementor Addons <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget", "software": [ { "type": "plugin", "name": "Tutor LMS Elementor Addons", "slug": "tutor-lms-elementor-addons", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fdd1b1c-84b5-451a-a921-80be3b154398?source=api-scan" ], "published": "2024-08-19 16:30:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fe140ea-9d29-49be-a425-ada274290932": { "id": "7fe140ea-9d29-49be-a425-ada274290932", "title": "Tito <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tito", "slug": "tito", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fe140ea-9d29-49be-a425-ada274290932?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fe3e55e-7286-4d12-b24f-fce69248a446": { "id": "7fe3e55e-7286-4d12-b24f-fce69248a446", "title": "Kanban Boards for WordPress <= 2.5.20 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kanban Boards for WordPress", "slug": "kanban", "affected_versions": { "* - 2.5.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fe3e55e-7286-4d12-b24f-fce69248a446?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fe412b3-038b-4cc7-88e9-d30f719273ab": { "id": "7fe412b3-038b-4cc7-88e9-d30f719273ab", "title": "Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jobs for WordPress", "slug": "job-postings", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fe412b3-038b-4cc7-88e9-d30f719273ab?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fe4c0ee-8b85-488f-81be-98316d21e160": { "id": "7fe4c0ee-8b85-488f-81be-98316d21e160", "title": "User Rights Access Manager <= 1.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "User Rights Access Manager", "slug": "user-rights-access-manager", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fe4c0ee-8b85-488f-81be-98316d21e160?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fe50510-6736-4bcf-b62f-0b8d2cb8ff3a": { "id": "7fe50510-6736-4bcf-b62f-0b8d2cb8ff3a", "title": "Spam protection, AntiSpam, FireWall by CleanTalk <= 5.153.3 - Unauthenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "* - 5.153.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.153.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.153.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fe50510-6736-4bcf-b62f-0b8d2cb8ff3a?source=api-scan" ], "published": "2021-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7fe97e7a-5a4e-43e7-b4f3-81786e9ee3dc": { "id": "7fe97e7a-5a4e-43e7-b4f3-81786e9ee3dc", "title": "Nextend Social Login and Register <= 1.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nextend Social Login and Register", "slug": "nextend-facebook-connect", "affected_versions": { "[*, 1.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7fe97e7a-5a4e-43e7-b4f3-81786e9ee3dc?source=api-scan" ], "published": "2015-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7feecce5-f2ce-4278-b648-e363b1fa5d7a": { "id": "7feecce5-f2ce-4278-b648-e363b1fa5d7a", "title": "Locatoraid Store Locator <= 3.9.11 - Cross Site Request Forgery in grab", "software": [ { "type": "plugin", "name": "Locatoraid Store Locator", "slug": "locatoraid", "affected_versions": { "* - 3.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7feecce5-f2ce-4278-b648-e363b1fa5d7a?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ff038a7-4997-4a14-9846-2b8aea9a2bf3": { "id": "7ff038a7-4997-4a14-9846-2b8aea9a2bf3", "title": "Preschool and Kindergarten <= 1.2.1 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Preschool and Kindergarten", "slug": "preschool-and-kindergarten", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ff038a7-4997-4a14-9846-2b8aea9a2bf3?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ff230b0-c186-41fc-93a5-2ed90e8aab4d": { "id": "7ff230b0-c186-41fc-93a5-2ed90e8aab4d", "title": "ARMember <= 3.4.11 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 3.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ff230b0-c186-41fc-93a5-2ed90e8aab4d?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ff58a34-93ab-4e51-b857-fed1107631ea": { "id": "7ff58a34-93ab-4e51-b857-fed1107631ea", "title": "Affiliates Manager <= 2.7.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "[*, 2.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ff58a34-93ab-4e51-b857-fed1107631ea?source=api-scan" ], "published": "2020-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ffac29d-d1cc-4d5d-aff8-0cb639a1e3d7": { "id": "7ffac29d-d1cc-4d5d-aff8-0cb639a1e3d7", "title": "EWWW Image Optimizer <= 2.8.4 - Remote Code Execution", "software": [ { "type": "plugin", "name": "EWWW Image Optimizer", "slug": "ewww-image-optimizer", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ffac29d-d1cc-4d5d-aff8-0cb639a1e3d7?source=api-scan" ], "published": "2016-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ffba592-6d0d-408f-89fa-079066750b0a": { "id": "7ffba592-6d0d-408f-89fa-079066750b0a", "title": "Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Waiting: One-click countdowns", "slug": "waiting", "affected_versions": { "* - 0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ffba592-6d0d-408f-89fa-079066750b0a?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "7ffddc03-d4ae-460e-972a-98804d947d09": { "id": "7ffddc03-d4ae-460e-972a-98804d947d09", "title": "Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/7ffddc03-d4ae-460e-972a-98804d947d09?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8004a306-4c8f-40e9-accc-a12d65b5f2f9": { "id": "8004a306-4c8f-40e9-accc-a12d65b5f2f9", "title": "Woocommerce Support System <= 1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Woocommerce Support System", "slug": "wc-support-system", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8004a306-4c8f-40e9-accc-a12d65b5f2f9?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80064e3b-6996-49eb-a475-0ffe0e894f9e": { "id": "80064e3b-6996-49eb-a475-0ffe0e894f9e", "title": "MemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode", "software": [ { "type": "plugin", "name": "Memberpress", "slug": "memberpress", "affected_versions": { "* - 1.11.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80064e3b-6996-49eb-a475-0ffe0e894f9e?source=api-scan" ], "published": "2024-05-21 20:06:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80098d80-79f5-4016-860a-15f7f608da29": { "id": "80098d80-79f5-4016-860a-15f7f608da29", "title": "Simple Matted Thumbnails <= 1.01 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Matted Thumbnails", "slug": "simple-matted-thumbnails", "affected_versions": { "* - 1.01": { "from_version": "*", "from_inclusive": true, "to_version": "1.01", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80098d80-79f5-4016-860a-15f7f608da29?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "800a06f3-8a5b-4ba1-ad16-3d3a214f372f": { "id": "800a06f3-8a5b-4ba1-ad16-3d3a214f372f", "title": "UpdraftPlus WordPress Backup <= 1.9.6.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "* - 1.9.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/800a06f3-8a5b-4ba1-ad16-3d3a214f372f?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "800eba54-1bfb-4f44-9d5f-ca650e7fea30": { "id": "800eba54-1bfb-4f44-9d5f-ca650e7fea30", "title": "Cooked Pro < 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cooked Pro", "slug": "cooked-pro", "affected_versions": { "[*, 1.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/800eba54-1bfb-4f44-9d5f-ca650e7fea30?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "800fa098-b29f-4979-b7bd-b1186a4dafcb": { "id": "800fa098-b29f-4979-b7bd-b1186a4dafcb", "title": "wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/800fa098-b29f-4979-b7bd-b1186a4dafcb?source=api-scan" ], "published": "2023-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "801132f5-e4ea-4d56-8429-9f33896f6dff": { "id": "801132f5-e4ea-4d56-8429-9f33896f6dff", "title": "My Calendar <= 3.3.16 - Administrator+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.3.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/801132f5-e4ea-4d56-8429-9f33896f6dff?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80127842-a931-41c7-9af8-3f0452a8c1a8": { "id": "80127842-a931-41c7-9af8-3f0452a8c1a8", "title": "ProfilePress <= 4.3.2 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80127842-a931-41c7-9af8-3f0452a8c1a8?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80178b72-56ff-448f-a558-de0b63198e44": { "id": "80178b72-56ff-448f-a558-de0b63198e44", "title": "Simple Registration for WooCommerce <= 1.5.6 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Simple Registration for WooCommerce", "slug": "woocommerce-simple-registration", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80178b72-56ff-448f-a558-de0b63198e44?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80192348-dcf4-4bab-80d1-ae7a4d194270": { "id": "80192348-dcf4-4bab-80d1-ae7a4d194270", "title": "Breeze <= 2.0.8 - Cross-Site Request Forgery via import_json_settings", "software": [ { "type": "plugin", "name": "Breeze \u2013 WordPress Cache Plugin", "slug": "breeze", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80192348-dcf4-4bab-80d1-ae7a4d194270?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8019da67-fd2c-48f8-8983-6fb8fb30510b": { "id": "8019da67-fd2c-48f8-8983-6fb8fb30510b", "title": "BookingPress <= 1.0.30 - Unauthenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8019da67-fd2c-48f8-8983-6fb8fb30510b?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "801b593c-2822-4ac4-8411-29ef1e1484b1": { "id": "801b593c-2822-4ac4-8411-29ef1e1484b1", "title": "Quick Restaurant Reservations <= 1.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quick Restaurant Reservations", "slug": "quick-restaurant-reservations", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/801b593c-2822-4ac4-8411-29ef1e1484b1?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "801d6cde-f9c6-4e68-8bfc-ff8c0593372d": { "id": "801d6cde-f9c6-4e68-8bfc-ff8c0593372d", "title": "Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Advanced File Manager", "slug": "file-manager-advanced", "affected_versions": { "* - 5.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/801d6cde-f9c6-4e68-8bfc-ff8c0593372d?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "801d6f21-1f52-48d4-9f8e-5c971dd037f7": { "id": "801d6f21-1f52-48d4-9f8e-5c971dd037f7", "title": "WordPress Core < 4.7.5 - Authorization Bypass Allowing Post Meta Updates", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.20": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.20", "to_inclusive": true }, "3.8 - 3.8.20": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.20", "to_inclusive": true }, "3.9 - 3.9.18": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.18", "to_inclusive": true }, "4.0 - 4.0.17": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.17", "to_inclusive": true }, "4.1 - 4.1.17": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.17", "to_inclusive": true }, "4.2 - 4.2.14": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.14", "to_inclusive": true }, "4.3 - 4.3.10": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.10", "to_inclusive": true }, "4.4 - 4.4.9": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true }, "4.5 - 4.5.8": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": true }, "4.6 - 4.6.5": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": true }, "4.7 - 4.7.4": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.21", "3.8.21", "3.9.19", "4.0.18", "4.1.18", "4.2.15", "4.3.11", "4.4.10", "4.5.9", "4.6.6", "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/801d6f21-1f52-48d4-9f8e-5c971dd037f7?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8027fa07-6bc2-4e63-89d0-98079729921d": { "id": "8027fa07-6bc2-4e63-89d0-98079729921d", "title": "PhastPress <= 1.110 - Open Redirect", "software": [ { "type": "plugin", "name": "PhastPress", "slug": "phastpress", "affected_versions": { "* - 1.110": { "from_version": "*", "from_inclusive": true, "to_version": "1.110", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.111" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8027fa07-6bc2-4e63-89d0-98079729921d?source=api-scan" ], "published": "2021-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8028b14b-8a41-4284-9560-4b8595e7eaa9": { "id": "8028b14b-8a41-4284-9560-4b8595e7eaa9", "title": "WordSpew <= 3.71 - SQL Injection", "software": [ { "type": "plugin", "name": "WordSpew", "slug": "wordspew", "affected_versions": { "* - 3.71": { "from_version": "*", "from_inclusive": true, "to_version": "3.71", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8028b14b-8a41-4284-9560-4b8595e7eaa9?source=api-scan" ], "published": "2008-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "802c83c6-4da2-4286-b1a3-f964cf5e789a": { "id": "802c83c6-4da2-4286-b1a3-f964cf5e789a", "title": "Email Subscribers & Newsletters <= 3.4.7 - Unauthenticated Subscriber Download", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 3.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/802c83c6-4da2-4286-b1a3-f964cf5e789a?source=api-scan" ], "published": "2018-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80303684-5e10-474b-b6be-a63327015826": { "id": "80303684-5e10-474b-b6be-a63327015826", "title": "Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook <= 1.1.12 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook", "slug": "forms-to-zapier", "affected_versions": { "* - 1.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80303684-5e10-474b-b6be-a63327015826?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8035023c-347f-4227-98cb-5b277fba4812": { "id": "8035023c-347f-4227-98cb-5b277fba4812", "title": "Google Forms <= 0.95 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Forms", "slug": "wpgform", "affected_versions": { "* - 0.95": { "from_version": "*", "from_inclusive": true, "to_version": "0.95", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8035023c-347f-4227-98cb-5b277fba4812?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8035484b-dc2f-4d54-802b-b09bd88a8bf6": { "id": "8035484b-dc2f-4d54-802b-b09bd88a8bf6", "title": "Comments Ratings <= 1.1.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Comments Ratings", "slug": "comments-ratings", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8035484b-dc2f-4d54-802b-b09bd88a8bf6?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8036bd83-9af5-4b71-8974-9b0690ea6769": { "id": "8036bd83-9af5-4b71-8974-9b0690ea6769", "title": "LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 6.2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8036bd83-9af5-4b71-8974-9b0690ea6769?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80388709-77ee-4f18-9da2-b99f562a20cd": { "id": "80388709-77ee-4f18-9da2-b99f562a20cd", "title": "Invite Anyone <= 1.3.14 - Change of Email Invitation Content", "software": [ { "type": "plugin", "name": "Invite Anyone", "slug": "invite-anyone", "affected_versions": { "[*, 1.3.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80388709-77ee-4f18-9da2-b99f562a20cd?source=api-scan" ], "published": "2017-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80399759-88dd-478d-a20e-04e8750e12c4": { "id": "80399759-88dd-478d-a20e-04e8750e12c4", "title": "Quiz And Survey Master <= 8.1.10 - Excessive Quiz Attempts", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80399759-88dd-478d-a20e-04e8750e12c4?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "803c32e9-665c-40a0-b52d-f2c0b8fbe931": { "id": "803c32e9-665c-40a0-b52d-f2c0b8fbe931", "title": "FluentSMTP <= 2.2.2 - Authenticated (Author+) Stored Cross-Site Scripting via Email Logs", "software": [ { "type": "plugin", "name": "FluentSMTP \u2013 WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider", "slug": "fluent-smtp", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/803c32e9-665c-40a0-b52d-f2c0b8fbe931?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "803e9059-7606-42eb-9193-1a18d57153b1": { "id": "803e9059-7606-42eb-9193-1a18d57153b1", "title": "Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/803e9059-7606-42eb-9193-1a18d57153b1?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "804169d3-a53a-42ba-821d-e9647ac075c4": { "id": "804169d3-a53a-42ba-821d-e9647ac075c4", "title": "Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass", "software": [ { "type": "theme", "name": "restricted-site-access", "slug": "restricted-site-access", "affected_versions": { "* - 7.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/804169d3-a53a-42ba-821d-e9647ac075c4?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80440bfa-4a02-4441-bbdb-52d7dd065a9d": { "id": "80440bfa-4a02-4441-bbdb-52d7dd065a9d", "title": "Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature", "software": [ { "type": "plugin", "name": "Wordapp", "slug": "wordapp", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80440bfa-4a02-4441-bbdb-52d7dd065a9d?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8049bff1-3262-464b-a9fa-d216eb3ab299": { "id": "8049bff1-3262-464b-a9fa-d216eb3ab299", "title": "Seers | GDPR & CCPA Cookie Consent & Compliance <= 8.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Seers | GDPR & CCPA Cookie Consent & Compliance", "slug": "seers-cookie-consent-banner-privacy-policy", "affected_versions": { "* - 8.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8049bff1-3262-464b-a9fa-d216eb3ab299?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "804a973e-4650-428c-910f-09e4fc3aa4bb": { "id": "804a973e-4650-428c-910f-09e4fc3aa4bb", "title": "Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/804a973e-4650-428c-910f-09e4fc3aa4bb?source=api-scan" ], "published": "2024-05-31 18:10:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "804dafd1-0f18-4248-a243-8b26d161bc85": { "id": "804dafd1-0f18-4248-a243-8b26d161bc85", "title": "API KEY for Google Maps <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "API KEY for Google Maps", "slug": "api-key-for-google-maps", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/804dafd1-0f18-4248-a243-8b26d161bc85?source=api-scan" ], "published": "2022-06-08 10:50:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8051fb03-7c38-4902-bbff-049c270d2be2": { "id": "8051fb03-7c38-4902-bbff-049c270d2be2", "title": "BP Profile Search <= 5.5 - Reflected Cross-Site Scripting via BPS_FORM", "software": [ { "type": "plugin", "name": "BP Profile Search", "slug": "bp-profile-search", "affected_versions": { "* - 5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8051fb03-7c38-4902-bbff-049c270d2be2?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8053e812-21c0-4e3a-8d5b-52ef9991eb61": { "id": "8053e812-21c0-4e3a-8d5b-52ef9991eb61", "title": "Judge.me Product Reviews for WooCommerce <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Judge.me Product Reviews for WooCommerce", "slug": "judgeme-product-reviews-woocommerce", "affected_versions": { "* - 1.3.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8053e812-21c0-4e3a-8d5b-52ef9991eb61?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8055886f-d0a9-4784-8430-41816db6c884": { "id": "8055886f-d0a9-4784-8430-41816db6c884", "title": "WordPress Core < 5.4.2 - Comment Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.33": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.33", "to_inclusive": true }, "3.8 - 3.8.33": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.33", "to_inclusive": true }, "3.9 - 3.9.31": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.31", "to_inclusive": true }, "4.0 - 4.0.30": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.30", "to_inclusive": true }, "4.1 - 4.1.30": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.30", "to_inclusive": true }, "4.2 - 4.2.27": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.27", "to_inclusive": true }, "4.3 - 4.3.23": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.23", "to_inclusive": true }, "4.4 - 4.4.22": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.22", "to_inclusive": true }, "4.5 - 4.5.21": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.21", "to_inclusive": true }, "4.6 - 4.6.18": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.18", "to_inclusive": true }, "4.7 - 4.7.17": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.17", "to_inclusive": true }, "4.8 - 4.8.13": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.13", "to_inclusive": true }, "4.9 - 4.9.14": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.14", "to_inclusive": true }, "5.0 - 5.0.9": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true }, "5.1 - 5.1.5": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true }, "5.2 - 5.2.6": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true }, "5.3 - 5.3.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.34", "3.8.34", "3.9.32", "4.0.31", "4.1.31", "4.2.28", "4.3.24", "4.4.23", "4.5.22", "4.6.19", "4.7.18", "4.8.14", "4.9.15", "5.0.10", "5.1.6", "5.2.7", "5.3.4", "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8055886f-d0a9-4784-8430-41816db6c884?source=api-scan" ], "published": "2020-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8056af63-e81f-4321-991e-d201ad1095c4": { "id": "8056af63-e81f-4321-991e-d201ad1095c4", "title": "Gutenverse <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenverse \u2013 Ultimate Block Addons and Page Builder for Site Editor", "slug": "gutenverse", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8056af63-e81f-4321-991e-d201ad1095c4?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8059ea88-55b9-423e-9827-075d0aa90938": { "id": "8059ea88-55b9-423e-9827-075d0aa90938", "title": "Easy Canadian Sales Taxes Add-On for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Canadian Sales Taxes Add-On for iThemes Exchange", "slug": "exchange-addon-easy-canadian-sales-taxes", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8059ea88-55b9-423e-9827-075d0aa90938?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "805a7bef-d56b-4678-8db9-798ad401352f": { "id": "805a7bef-d56b-4678-8db9-798ad401352f", "title": "Organizer <= 1.2.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Organizer", "slug": "organizer", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/805a7bef-d56b-4678-8db9-798ad401352f?source=api-scan" ], "published": "2012-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "805c46ec-0b8a-4a40-bfc9-5d2d8d43a17b": { "id": "805c46ec-0b8a-4a40-bfc9-5d2d8d43a17b", "title": "WP Booking System <= 2.0.19.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Booking System \u2013 Booking Calendar", "slug": "wp-booking-system", "affected_versions": { "* - 2.0.19.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.19.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.19.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/805c46ec-0b8a-4a40-bfc9-5d2d8d43a17b?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "805d70d8-084b-4849-bf3e-c9cc7ec02bc5": { "id": "805d70d8-084b-4849-bf3e-c9cc7ec02bc5", "title": "GS Testimonial Slider <= 1.9.6 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials", "slug": "gs-testimonial", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/805d70d8-084b-4849-bf3e-c9cc7ec02bc5?source=api-scan" ], "published": "2022-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "805e3eba-639e-48a1-a867-a2c56fa01081": { "id": "805e3eba-639e-48a1-a867-a2c56fa01081", "title": "Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages < 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages", "slug": "wplegalpages", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/805e3eba-639e-48a1-a867-a2c56fa01081?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8063a545-4792-4ab7-b188-0e51a0fcfed4": { "id": "8063a545-4792-4ab7-b188-0e51a0fcfed4", "title": "NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8063a545-4792-4ab7-b188-0e51a0fcfed4?source=api-scan" ], "published": "2024-05-21 18:29:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8064526f-edd3-43e4-9732-47b25ab256fe": { "id": "8064526f-edd3-43e4-9732-47b25ab256fe", "title": "Cryptocurrency Widgets Pack <= 1.8.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Cryptocurrency Widgets Pack", "slug": "cryptocurrency-widgets-pack", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8064526f-edd3-43e4-9732-47b25ab256fe?source=api-scan" ], "published": "2022-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8069e16d-a68a-4c72-934f-f79e50777565": { "id": "8069e16d-a68a-4c72-934f-f79e50777565", "title": "White Label CMS <= 2.7.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "White Label CMS", "slug": "white-label-cms", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8069e16d-a68a-4c72-934f-f79e50777565?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "806bbfb8-ebf3-4823-a241-91e01dc95228": { "id": "806bbfb8-ebf3-4823-a241-91e01dc95228", "title": "Photo Gallery <= 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/806bbfb8-ebf3-4823-a241-91e01dc95228?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "806d3919-7a10-43f3-9c68-ce38ba359a35": { "id": "806d3919-7a10-43f3-9c68-ce38ba359a35", "title": "Prime Mover <= 1.9.2 - Sensitive Information Exposure via Directory Listing", "software": [ { "type": "plugin", "name": "Migrate WordPress Website & Backups \u2013 Prime Mover", "slug": "prime-mover", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/806d3919-7a10-43f3-9c68-ce38ba359a35?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "806e5056-5c29-49d0-9150-add6ee485758": { "id": "806e5056-5c29-49d0-9150-add6ee485758", "title": "Simple Ads Manager <= 2.9.4.116 - SQL Injection", "software": [ { "type": "plugin", "name": "Simple Ads Manager", "slug": "simple-ads-manager", "affected_versions": { "[*, 2.9.5.118)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.5.118", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.5.118" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/806e5056-5c29-49d0-9150-add6ee485758?source=api-scan" ], "published": "2015-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8071f117-c341-45bc-8d6e-8aa5d677d65c": { "id": "8071f117-c341-45bc-8d6e-8aa5d677d65c", "title": "WordPress WP-Advanced-Search <= 3.3.3 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WordPress WP-Advanced-Search", "slug": "wp-advanced-search", "affected_versions": { "[*, 3.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8071f117-c341-45bc-8d6e-8aa5d677d65c?source=api-scan" ], "published": "2020-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8073cc59-e5cc-4940-bce0-e501f0d959cc": { "id": "8073cc59-e5cc-4940-bce0-e501f0d959cc", "title": "MapSVG Lite < 3.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MapSVG Lite", "slug": "mapsvg-lite-interactive-vector-maps", "affected_versions": { "[*, 3.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8073cc59-e5cc-4940-bce0-e501f0d959cc?source=api-scan" ], "published": "2019-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80797183-c69f-4dce-a2e0-52a395ceffaa": { "id": "80797183-c69f-4dce-a2e0-52a395ceffaa", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80797183-c69f-4dce-a2e0-52a395ceffaa?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "807eadff-b39e-4d7a-9b0a-06fc18a90626": { "id": "807eadff-b39e-4d7a-9b0a-06fc18a90626", "title": "3D FlipBook \u2013 PDF Flipbook WordPress <= 1.15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks", "software": [ { "type": "plugin", "name": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery", "slug": "interactive-3d-flipbook-powered-physics-engine", "affected_versions": { "* - 1.15.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "808e5246-30b1-4706-b11f-27fb74b117ed": { "id": "808e5246-30b1-4706-b11f-27fb74b117ed", "title": "WP Maintenance Mode & Site Under Construction < 1.8.2 - Missing Authorization to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "WP Maintenance Mode & Site Under Construction", "slug": "wp-maintenance-mode-site-under-construction", "affected_versions": { "[*, 1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/808e5246-30b1-4706-b11f-27fb74b117ed?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "808ef87d-298c-4622-9fcd-cf879e7157bd": { "id": "808ef87d-298c-4622-9fcd-cf879e7157bd", "title": "Advanced iFrame <= 2024.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Advanced iFrame", "slug": "advanced-iframe", "affected_versions": { "* - 2024.2": { "from_version": "*", "from_inclusive": true, "to_version": "2024.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2024.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/808ef87d-298c-4622-9fcd-cf879e7157bd?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "809d0632-39a7-44a7-b368-9dc58270c666": { "id": "809d0632-39a7-44a7-b368-9dc58270c666", "title": "Wordfence Security \u2013 Firewall & Malware Scan 6.1.1 - 6.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "6.1.1 - 6.1.6": { "from_version": "6.1.1", "from_inclusive": true, "to_version": "6.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/809d0632-39a7-44a7-b368-9dc58270c666?source=api-scan" ], "published": "2016-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80a627a5-6b76-4525-a76a-ac96986bd21b": { "id": "80a627a5-6b76-4525-a76a-ac96986bd21b", "title": "Animal Captcha <= 1.6.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Animal Captcha", "slug": "animal-captcha", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80a627a5-6b76-4525-a76a-ac96986bd21b?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80ad0b55-bd85-4240-ae54-f72d6b81ea7c": { "id": "80ad0b55-bd85-4240-ae54-f72d6b81ea7c", "title": "Multi Rating <= 5.0.6 - Cross-Site Request Forgery to Arbitrary Ratings Value Change", "software": [ { "type": "plugin", "name": "Multi Rating", "slug": "multi-rating", "affected_versions": { "* - 5.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80ad0b55-bd85-4240-ae54-f72d6b81ea7c?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80ae05c4-64de-48df-b302-6110403b79d0": { "id": "80ae05c4-64de-48df-b302-6110403b79d0", "title": "Easy PayPal Buy Now Button <= 1.7.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy PayPal & Stripe Buy Now Button", "slug": "wp-ecommerce-paypal", "affected_versions": { "[*, 1.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80ae05c4-64de-48df-b302-6110403b79d0?source=api-scan" ], "published": "2017-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80afca9d-8f9c-412f-b2dd-f0078ec8173c": { "id": "80afca9d-8f9c-412f-b2dd-f0078ec8173c", "title": "Cookie Bar <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Bar", "slug": "cookie-bar", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80afca9d-8f9c-412f-b2dd-f0078ec8173c?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80b02df4-9003-44bc-8d6e-695b2cd87bc0": { "id": "80b02df4-9003-44bc-8d6e-695b2cd87bc0", "title": "Uploadcare File Uploader and Adaptive Delivery (beta) <= 3.0.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Uploadcare File Uploader and Adaptive Delivery (beta)", "slug": "uploadcare", "affected_versions": { "* - 3.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80b02df4-9003-44bc-8d6e-695b2cd87bc0?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80b15512-210c-4c6b-a3ad-f5d6042091a3": { "id": "80b15512-210c-4c6b-a3ad-f5d6042091a3", "title": "myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "[*, 2.4.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80b15512-210c-4c6b-a3ad-f5d6042091a3?source=api-scan" ], "published": "2022-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80b31295-474e-4375-b566-c628e869da10": { "id": "80b31295-474e-4375-b566-c628e869da10", "title": "WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "[*, 9.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80b31295-474e-4375-b566-c628e869da10?source=api-scan" ], "published": "2019-02-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80b3c2d3-b8dc-429f-b2d7-6a697ad47a9a": { "id": "80b3c2d3-b8dc-429f-b2d7-6a697ad47a9a", "title": "Ultimate FAQ <= 2.1.1 - Missing Authorization to Arbitrary FAQ Creation", "software": [ { "type": "plugin", "name": "Ultimate FAQ Accordion Plugin", "slug": "ultimate-faqs", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80b3c2d3-b8dc-429f-b2d7-6a697ad47a9a?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80b57df9-f5a6-408b-be1b-1cc7fc28ed76": { "id": "80b57df9-f5a6-408b-be1b-1cc7fc28ed76", "title": "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.19 - Missing Authorization", "software": [ { "type": "plugin", "name": "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages", "slug": "wc4bp", "affected_versions": { "* - 3.4.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80b57df9-f5a6-408b-be1b-1cc7fc28ed76?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80b5ca3d-d651-4c8a-8c64-6938d4a03710": { "id": "80b5ca3d-d651-4c8a-8c64-6938d4a03710", "title": "Kenta Gutenberg Blocks <= 1.0.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Kenta Blocks \u2013 Responsive Blocks and block templates library", "slug": "kenta-blocks", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80b5ca3d-d651-4c8a-8c64-6938d4a03710?source=api-scan" ], "published": "2022-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80b6f2e6-1f06-4ead-8c31-fc4fffe8323b": { "id": "80b6f2e6-1f06-4ead-8c31-fc4fffe8323b", "title": "Hostel <= 1.1.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hostel", "slug": "hostel", "affected_versions": { "* - 1.1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80b6f2e6-1f06-4ead-8c31-fc4fffe8323b?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80ba732f-b3cc-4b42-8c56-9fa1cee08c7b": { "id": "80ba732f-b3cc-4b42-8c56-9fa1cee08c7b", "title": "Best Contact Management Software <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Best Contact Management Software for WordPress", "slug": "wp-easy-contact", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80ba732f-b3cc-4b42-8c56-9fa1cee08c7b?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80bfb470-a3df-497f-940d-051ccaa6215b": { "id": "80bfb470-a3df-497f-940d-051ccaa6215b", "title": "s2Member \u2013 Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 230815 - Information Exposure", "software": [ { "type": "plugin", "name": "s2Member \u2013 Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions", "slug": "s2member", "affected_versions": { "* - 230815": { "from_version": "*", "from_inclusive": true, "to_version": "230815", "to_inclusive": true } }, "patched": true, "patched_versions": [ "240315" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80bfb470-a3df-497f-940d-051ccaa6215b?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80c90bc0-ca24-4c7f-93b9-a9d0804ee459": { "id": "80c90bc0-ca24-4c7f-93b9-a9d0804ee459", "title": "Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.77 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", "slug": "mailin", "affected_versions": { "* - 3.1.77": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.77", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.78" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80c90bc0-ca24-4c7f-93b9-a9d0804ee459?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80c9f2e3-afdc-4ba2-a1ef-4c1d166d0757": { "id": "80c9f2e3-afdc-4ba2-a1ef-4c1d166d0757", "title": "RestroPress <= 2.8.2 - Cross-Site Request Forgery to Cart Manipulation", "software": [ { "type": "plugin", "name": "RestroPress \u2013 Online Food Ordering System", "slug": "restropress", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80c9f2e3-afdc-4ba2-a1ef-4c1d166d0757?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80d113aa-7401-4b58-a755-f64146d9fb08": { "id": "80d113aa-7401-4b58-a755-f64146d9fb08", "title": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.30": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80d113aa-7401-4b58-a755-f64146d9fb08?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80d976f3-cf78-498e-a3c3-a88624426414": { "id": "80d976f3-cf78-498e-a3c3-a88624426414", "title": "Advanced XML Reader Plugin <= 0.3.4 - XML External Entity Injection", "software": [ { "type": "plugin", "name": "Advanced XML Reader", "slug": "advanced-xml-reader", "affected_versions": { "* - 0.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80d976f3-cf78-498e-a3c3-a88624426414?source=api-scan" ], "published": "2013-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80dbb49d-d21d-41ef-90af-f74f46e5b703": { "id": "80dbb49d-d21d-41ef-90af-f74f46e5b703", "title": "YourMembers <= 3.0 - SQL Injection", "software": [ { "type": "plugin", "name": "YourMembers", "slug": "yourmembers", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80dbb49d-d21d-41ef-90af-f74f46e5b703?source=api-scan" ], "published": "2014-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80dfc293-a182-4ed5-9127-6ec788312416": { "id": "80dfc293-a182-4ed5-9127-6ec788312416", "title": "Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80dfc293-a182-4ed5-9127-6ec788312416?source=api-scan" ], "published": "2020-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80e74852-517e-4cd0-a7d3-6f6fe3433bff": { "id": "80e74852-517e-4cd0-a7d3-6f6fe3433bff", "title": "WPGraphQL <= 0.2.3 - Administrative User Creation", "software": [ { "type": "plugin", "name": "WPGraphQL", "slug": "wp-graphql", "affected_versions": { "* - 0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80e74852-517e-4cd0-a7d3-6f6fe3433bff?source=api-scan" ], "published": "2019-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80e85c7e-41e5-4b21-aa99-aa2097dfc4a9": { "id": "80e85c7e-41e5-4b21-aa99-aa2097dfc4a9", "title": "Video Downloader for TikTok < 1.4 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Video Downloader for TikTok", "slug": "downloader-tiktok", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80e85c7e-41e5-4b21-aa99-aa2097dfc4a9?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80e9aa1f-166f-47df-bc50-c7dd55c6e7cc": { "id": "80e9aa1f-166f-47df-bc50-c7dd55c6e7cc", "title": "TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TypeSquare Webfonts for ConoHa", "slug": "ts-webfonts-for-conoha", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80e9aa1f-166f-47df-bc50-c7dd55c6e7cc?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80f32108-16a5-478f-9966-7153735cad6d": { "id": "80f32108-16a5-478f-9966-7153735cad6d", "title": "Ditty 3.1.39 - 3.1.45 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "3.1.39 - 3.1.45": { "from_version": "3.1.39", "from_inclusive": true, "to_version": "3.1.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80f32108-16a5-478f-9966-7153735cad6d?source=api-scan" ], "published": "2024-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80f39182-9835-4bd5-b3cd-41fe20983e1e": { "id": "80f39182-9835-4bd5-b3cd-41fe20983e1e", "title": "Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Filter Custom Fields & Taxonomies Light", "slug": "filter-custom-fields-taxonomies-light", "affected_versions": { "* - 1.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.05", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80f39182-9835-4bd5-b3cd-41fe20983e1e?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80f7e161-b071-4cb1-8080-ff0ad926a5ca": { "id": "80f7e161-b071-4cb1-8080-ff0ad926a5ca", "title": "WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.6.03.004": { "from_version": "*", "from_inclusive": true, "to_version": "8.6.03.004", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.03.005" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80f7e161-b071-4cb1-8080-ff0ad926a5ca?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80fb6ac9-29af-4a11-ad2f-52cc1bfda6b3": { "id": "80fb6ac9-29af-4a11-ad2f-52cc1bfda6b3", "title": "Backend Localization <= 1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Backend Localization", "slug": "kau-boys-backend-localization", "affected_versions": { "1.6.1": { "from_version": "1.6.1", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80fb6ac9-29af-4a11-ad2f-52cc1bfda6b3?source=api-scan" ], "published": "2012-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "80fce3ef-ab77-40e1-a98f-bb0c3f9924d6": { "id": "80fce3ef-ab77-40e1-a98f-bb0c3f9924d6", "title": "Ali2Woo Lite <= 3.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AliExpress Dropshipping Plugin for WooCommerce \u2013 AliNext", "slug": "ali2woo-lite", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/80fce3ef-ab77-40e1-a98f-bb0c3f9924d6?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81022d05-d1fc-4f27-9f89-b6f9c79cc084": { "id": "81022d05-d1fc-4f27-9f89-b6f9c79cc084", "title": "WordPress Core < 3.5.2 - Cross-Site Scripting via Multiple Vectors", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81022d05-d1fc-4f27-9f89-b6f9c79cc084?source=api-scan" ], "published": "2013-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81062f13-98ed-4ba7-8725-35406ac71568": { "id": "81062f13-98ed-4ba7-8725-35406ac71568", "title": "ThinkIT WP Contact Form Plugin < 0.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ThinkIT WP Contact Form", "slug": "thinkit-wp-contact-form", "affected_versions": { "[*, 0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81062f13-98ed-4ba7-8725-35406ac71568?source=api-scan" ], "published": "2013-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8107ed0c-c4eb-4704-9261-4e320e10cdb5": { "id": "8107ed0c-c4eb-4704-9261-4e320e10cdb5", "title": "Featured Comments < 1.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Featured Comments", "slug": "feature-comments", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8107ed0c-c4eb-4704-9261-4e320e10cdb5?source=api-scan" ], "published": "2014-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81099cdc-bce6-4ee6-b819-c3925acf96a8": { "id": "81099cdc-bce6-4ee6-b819-c3925acf96a8", "title": "Google Analytics by Monster Insights <= 8.21.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 8.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.22.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81099cdc-bce6-4ee6-b819-c3925acf96a8?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "810a999d-c5d5-4004-9399-bb5d64734266": { "id": "810a999d-c5d5-4004-9399-bb5d64734266", "title": "XPlainer - WooCommerce Product FAQ <= 1.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XPlainer \u2013 Product FAQs for WooCommerce & AI FAQ Generator", "slug": "faq-for-woocommerce", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/810a999d-c5d5-4004-9399-bb5d64734266?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "810adc9a-d4e1-46a8-89e4-22615cbbb9c6": { "id": "810adc9a-d4e1-46a8-89e4-22615cbbb9c6", "title": "WP Captcha <= 2.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Captcha", "slug": "wp-captcha", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/810adc9a-d4e1-46a8-89e4-22615cbbb9c6?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "810c641b-e9e0-462c-96ef-008c083208a0": { "id": "810c641b-e9e0-462c-96ef-008c083208a0", "title": "Simplr Registration Form Plus+ <= 2.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simplr Registration Form Plus+", "slug": "simplr-registration-form", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/810c641b-e9e0-462c-96ef-008c083208a0?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "810faad2-b63d-497c-af00-b57a07705608": { "id": "810faad2-b63d-497c-af00-b57a07705608", "title": "Simple Iframe <= 1.1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes", "software": [ { "type": "plugin", "name": "Simple Iframe", "slug": "simple-iframe", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/810faad2-b63d-497c-af00-b57a07705608?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81108abb-69e5-4571-8209-484b4b0f5617": { "id": "81108abb-69e5-4571-8209-484b4b0f5617", "title": "Blog2Social: Social Media Auto Post & Scheduler < 5.9.0 - Reflected Cross-Site Scripting via b2s_id Parameter", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "[*, 5.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81108abb-69e5-4571-8209-484b4b0f5617?source=api-scan" ], "published": "2019-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "811253a4-6dc9-45a2-b08f-74069fdcc9ea": { "id": "811253a4-6dc9-45a2-b08f-74069fdcc9ea", "title": "Speed Optimizer <= 7.4.6 - Missing Authorization via purge_on_other_events()", "software": [ { "type": "plugin", "name": "Speed Optimizer \u2013 The All-In-One Performance-Boosting Plugin", "slug": "sg-cachepress", "affected_versions": { "* - 7.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/811253a4-6dc9-45a2-b08f-74069fdcc9ea?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81141b8c-9677-4267-9026-33267e3135f5": { "id": "81141b8c-9677-4267-9026-33267e3135f5", "title": "iFlyChat \u2013 WordPress Chat <= 4.6.4 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iFlyChat \u2013 WordPress Chat", "slug": "iflychat", "affected_versions": { "[*, 4.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81141b8c-9677-4267-9026-33267e3135f5?source=api-scan" ], "published": "2021-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8114905a-f08c-425f-ae48-06302cfcb20a": { "id": "8114905a-f08c-425f-ae48-06302cfcb20a", "title": "Switchblade - Powerful WordPress Theme <= 1.3.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "switchblade", "slug": "switchblade", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8114905a-f08c-425f-ae48-06302cfcb20a?source=api-scan" ], "published": "2013-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8122afe3-35bf-463b-8443-c093f00bf210": { "id": "8122afe3-35bf-463b-8443-c093f00bf210", "title": "Wp Ultimate Review <= 2.2.5 - Unauthenticated Review Restriction Bypass", "software": [ { "type": "plugin", "name": "WP Ultimate Review", "slug": "wp-ultimate-review", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8122afe3-35bf-463b-8443-c093f00bf210?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81258fcc-18cc-4614-a644-5cfb004d019b": { "id": "81258fcc-18cc-4614-a644-5cfb004d019b", "title": "HT Slider For Elementor <= 1.3.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "HT Slider For Elementor", "slug": "ht-slider-for-elementor", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81258fcc-18cc-4614-a644-5cfb004d019b?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "812cc8f1-f89e-47c4-b029-f6a3dbc55d70": { "id": "812cc8f1-f89e-47c4-b029-f6a3dbc55d70", "title": "Piotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor", "slug": "piotnet-addons-for-elementor", "affected_versions": { "* - 2.4.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/812cc8f1-f89e-47c4-b029-f6a3dbc55d70?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "812d99bc-8d86-44a9-bafa-be8ce979229c": { "id": "812d99bc-8d86-44a9-bafa-be8ce979229c", "title": "WordPress Core < 4.2.4 - Cross-Site Request Forgery to Post Lockage", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.9": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true }, "3.8 - 3.8.9": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true }, "3.9 - 3.9.7": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": true }, "4.0 - 4.0.6": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true }, "4.1 - 4.1.6": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true }, "4.2 - 4.2.3": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.10", "3.8.10", "3.9.8", "4.0.7", "4.1.7", "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/812d99bc-8d86-44a9-bafa-be8ce979229c?source=api-scan" ], "published": "2015-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81330ff8-25a5-403d-abaf-e7c54467abbc": { "id": "81330ff8-25a5-403d-abaf-e7c54467abbc", "title": "Image Map Pro <= 5.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images", "slug": "image-map-pro", "affected_versions": { "* - 5.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81330ff8-25a5-403d-abaf-e7c54467abbc?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "813532fd-0613-47df-a4d0-54d6b33f37b3": { "id": "813532fd-0613-47df-a4d0-54d6b33f37b3", "title": "Zynith SEO <= 7.4.9 - Missing Authorization to Unauthenticated Arbitrary Option Deletion", "software": [ { "type": "plugin", "name": "Zynith SEO", "slug": "zynith-seo", "affected_versions": { "* - 7.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/813532fd-0613-47df-a4d0-54d6b33f37b3?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81354461-70a9-4a5d-9a75-1f2445f7e8aa": { "id": "81354461-70a9-4a5d-9a75-1f2445f7e8aa", "title": "WPRealty <= 2.9.1 - Time-Based Blind SQL Injection", "software": [ { "type": "plugin", "name": "WPRealty", "slug": "wp-realty", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81354461-70a9-4a5d-9a75-1f2445f7e8aa?source=api-scan" ], "published": "2013-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "813821c8-a9f9-408e-b85e-1c24d90f5e4a": { "id": "813821c8-a9f9-408e-b85e-1c24d90f5e4a", "title": "WP-Recall \u2013 Registration, Profile, Commerce & More <= 16.26.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP-Recall \u2013 Registration, Profile, Commerce & More", "slug": "wp-recall", "affected_versions": { "* - 16.26.5": { "from_version": "*", "from_inclusive": true, "to_version": "16.26.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/813821c8-a9f9-408e-b85e-1c24d90f5e4a?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8139bc38-2b78-4b02-bce8-c28dd258ee49": { "id": "8139bc38-2b78-4b02-bce8-c28dd258ee49", "title": "Adminer < 1.4.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "adminer", "slug": "adminer", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8139bc38-2b78-4b02-bce8-c28dd258ee49?source=api-scan" ], "published": "2016-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81437db2-252e-4031-884e-34112bc7b179": { "id": "81437db2-252e-4031-884e-34112bc7b179", "title": "Top 10 \u2013 Popular posts plugin for WordPress < 2.3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81437db2-252e-4031-884e-34112bc7b179?source=api-scan" ], "published": "2016-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81463022-c075-40e8-962d-b2ca27fd4f70": { "id": "81463022-c075-40e8-962d-b2ca27fd4f70", "title": "Extra User Details <= 0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Extra User Details", "slug": "extra-user-details", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81463022-c075-40e8-962d-b2ca27fd4f70?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8148b6d0-190a-4b97-8af7-edd6943116d1": { "id": "8148b6d0-190a-4b97-8af7-edd6943116d1", "title": "Kiwi Social Sharing 2.1.0 - 2.1.2 - Arbitrary Options Change", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Kiwi", "slug": "kiwi-social-share", "affected_versions": { "2.1.0 - 2.1.2": { "from_version": "2.1.0", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8148b6d0-190a-4b97-8af7-edd6943116d1?source=api-scan" ], "published": "2021-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "814cce39-ef25-4d0f-b793-dca5c873f468": { "id": "814cce39-ef25-4d0f-b793-dca5c873f468", "title": "Gutenberg Block Editor Toolkit \u2013 EditorsKit <= 1.40.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenberg Block Editor Toolkit \u2013 EditorsKit", "slug": "block-options", "affected_versions": { "* - 1.40.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.40.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.40.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/814cce39-ef25-4d0f-b793-dca5c873f468?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "814f46c2-ac89-4743-81da-3b81a7853afc": { "id": "814f46c2-ac89-4743-81da-3b81a7853afc", "title": "Menubar <= 5.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Menubar", "slug": "menubar", "affected_versions": { "* - 5.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/814f46c2-ac89-4743-81da-3b81a7853afc?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "814fcd67-9788-4392-8910-7a2bc8782fd8": { "id": "814fcd67-9788-4392-8910-7a2bc8782fd8", "title": "Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Short URL", "slug": "shorten-url", "affected_versions": { "1.6.4": { "from_version": "1.6.4", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/814fcd67-9788-4392-8910-7a2bc8782fd8?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "814fd060-8781-46ad-86e6-e2b75a7fffc0": { "id": "814fd060-8781-46ad-86e6-e2b75a7fffc0", "title": "Download IP2Location Country Blocker <= 2.29.1 - Bypass via IP Spoofing", "software": [ { "type": "plugin", "name": "IP2Location Country Blocker", "slug": "ip2location-country-blocker", "affected_versions": { "* - 2.29.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.29.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.29.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/814fd060-8781-46ad-86e6-e2b75a7fffc0?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8155585e-c29c-484c-ab2e-371b5723539e": { "id": "8155585e-c29c-484c-ab2e-371b5723539e", "title": "Link Whisper Free <= 0.6.9", "software": [ { "type": "plugin", "name": "Link Whisper Free", "slug": "link-whisper", "affected_versions": { "* - 0.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8155585e-c29c-484c-ab2e-371b5723539e?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8159ee7c-69ac-4422-ba8b-664f1fee8e07": { "id": "8159ee7c-69ac-4422-ba8b-664f1fee8e07", "title": "Product Slider For WooCommerce Lite <= 1.1.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Keys", "software": [ { "type": "plugin", "name": "Product Slider For WooCommerce Lite", "slug": "product-slider-for-woocommerce-lite", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8159ee7c-69ac-4422-ba8b-664f1fee8e07?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81638472-b635-4100-8fb9-3daf35fa172e": { "id": "81638472-b635-4100-8fb9-3daf35fa172e", "title": "When Last Login <= 1.2.1 - Cross-Site Request Forgery via wll_hide_subscription_notice", "software": [ { "type": "plugin", "name": "When Last Login", "slug": "when-last-login", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81638472-b635-4100-8fb9-3daf35fa172e?source=api-scan" ], "published": "2023-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "816573b7-e720-4470-a929-a6cad0d73dc8": { "id": "816573b7-e720-4470-a929-a6cad0d73dc8", "title": "Easy restaurant menu manager <= 1.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy restaurant menu manager", "slug": "easy-pdf-restaurant-menu-upload", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/816573b7-e720-4470-a929-a6cad0d73dc8?source=api-scan" ], "published": "2019-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "816ec7bd-dd0f-4c52-b73f-72cd25c410b2": { "id": "816ec7bd-dd0f-4c52-b73f-72cd25c410b2", "title": "Print-O-Matic <= 2.0.2 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Print-O-Matic", "slug": "print-o-matic", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/816ec7bd-dd0f-4c52-b73f-72cd25c410b2?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "816f5fc1-e4e6-4c0d-b222-fe733f026e33": { "id": "816f5fc1-e4e6-4c0d-b222-fe733f026e33", "title": "Funnelforms Free <= 3.4 - Missing Authorization to Post Modification", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/816f5fc1-e4e6-4c0d-b222-fe733f026e33?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8173596d-a127-4dc1-a72a-640381536c67": { "id": "8173596d-a127-4dc1-a72a-640381536c67", "title": "Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.30 - Reflected Cross-Site Scripting via lang & pid Parameters", "software": [ { "type": "plugin", "name": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", "slug": "mailin", "affected_versions": { "[*, 3.1.31)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.31", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8173596d-a127-4dc1-a72a-640381536c67?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8176dd33-80d2-4cc7-9edb-e1d7a1277f28": { "id": "8176dd33-80d2-4cc7-9edb-e1d7a1277f28", "title": "Integration for WooCommerce and QuickBooks <= 1.2.3 - Open Redirect via setup_plugin", "software": [ { "type": "plugin", "name": "Integration for WooCommerce and QuickBooks", "slug": "wp-woocommerce-quickbooks", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8176dd33-80d2-4cc7-9edb-e1d7a1277f28?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "817ca119-ddaf-4525-beee-68c4e0aac544": { "id": "817ca119-ddaf-4525-beee-68c4e0aac544", "title": "Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated(Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Ultimate Addons for Contact Form 7", "slug": "ultimate-addons-for-contact-form-7", "affected_versions": { "3.1.23": { "from_version": "3.1.23", "from_inclusive": true, "to_version": "3.1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/817ca119-ddaf-4525-beee-68c4e0aac544?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81850474-5e85-4c4b-95ca-80092b05c6ff": { "id": "81850474-5e85-4c4b-95ca-80092b05c6ff", "title": "WP Accessibility Helper (WAH) <= 0.6.2.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Accessibility Helper (WAH)", "slug": "wp-accessibility-helper", "affected_versions": { "* - 0.6.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81850474-5e85-4c4b-95ca-80092b05c6ff?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8185c7a4-3d8e-4a24-9746-536337afbcfe": { "id": "8185c7a4-3d8e-4a24-9746-536337afbcfe", "title": "classyfrieds <= 3.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "classyfrieds", "slug": "classyfrieds", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8185c7a4-3d8e-4a24-9746-536337afbcfe?source=api-scan" ], "published": "2021-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8187c6eb-d962-48a7-bbe8-5949cfdefbce": { "id": "8187c6eb-d962-48a7-bbe8-5949cfdefbce", "title": "reSmush.it Image Optimizer <= 0.4.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "reSmush.it : The original free image compressor and optimizer plugin", "slug": "resmushit-image-optimizer", "affected_versions": { "* - 0.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8187c6eb-d962-48a7-bbe8-5949cfdefbce?source=api-scan" ], "published": "2022-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "818c9ddc-be95-4997-8041-cf856a964657": { "id": "818c9ddc-be95-4997-8041-cf856a964657", "title": "PowerPack for Beaver Builder <= 2.37.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack for Beaver Builder", "slug": "bbpowerpack", "affected_versions": { "* - 2.37.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.37.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.37.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/818c9ddc-be95-4997-8041-cf856a964657?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "818d3418-8e14-49b9-a112-8eab9eb3c283": { "id": "818d3418-8e14-49b9-a112-8eab9eb3c283", "title": "Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/818d3418-8e14-49b9-a112-8eab9eb3c283?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "818de7f7-913a-4ade-927e-bba281b4709a": { "id": "818de7f7-913a-4ade-927e-bba281b4709a", "title": "iframe forms <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode", "software": [ { "type": "plugin", "name": "iframe forms", "slug": "iframe-forms", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/818de7f7-913a-4ade-927e-bba281b4709a?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "818ef655-aef3-4808-88ae-ecf2ba209d67": { "id": "818ef655-aef3-4808-88ae-ecf2ba209d67", "title": "GiveWP <= 2.5.9 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.5.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/818ef655-aef3-4808-88ae-ecf2ba209d67?source=api-scan" ], "published": "2019-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81936c52-feb7-4f10-940d-cfce5963f400": { "id": "81936c52-feb7-4f10-940d-cfce5963f400", "title": "Watu Quiz <= 3.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81936c52-feb7-4f10-940d-cfce5963f400?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81939cc9-b8f7-4c40-b963-4f6f8c7043e7": { "id": "81939cc9-b8f7-4c40-b963-4f6f8c7043e7", "title": "Smart Forms < 2.6.26 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "[*, 2.6.26)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.26", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81939cc9-b8f7-4c40-b963-4f6f8c7043e7?source=api-scan" ], "published": "2019-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "819b3e0c-1cd0-45f9-8621-41817ad1de5e": { "id": "819b3e0c-1cd0-45f9-8621-41817ad1de5e", "title": "Elementor Timeline Widget <= 2.2 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Elementor Timeline Widget", "slug": "3r-elementor-timeline-widget", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/819b3e0c-1cd0-45f9-8621-41817ad1de5e?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "819e2a4a-d282-4c52-852a-e3a2051a04e9": { "id": "819e2a4a-d282-4c52-852a-e3a2051a04e9", "title": "Klarna Checkout for WooCommerce <= 2.0.9 - Arbitrary Plugin Installation, Activation and Deactivation", "software": [ { "type": "plugin", "name": "Klarna Checkout for WooCommerce", "slug": "klarna-checkout-for-woocommerce", "affected_versions": { "[*, 2.0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/819e2a4a-d282-4c52-852a-e3a2051a04e9?source=api-scan" ], "published": "2020-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "819f93ae-cfbd-4ba5-979f-18adc7b9c8fe": { "id": "819f93ae-cfbd-4ba5-979f-18adc7b9c8fe", "title": "Booster for WooCommerce <= 7.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/819f93ae-cfbd-4ba5-979f-18adc7b9c8fe?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81a293ea-abda-4c90-a109-791ca5ba89a4": { "id": "81a293ea-abda-4c90-a109-791ca5ba89a4", "title": "RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate", "software": [ { "type": "plugin", "name": "RomethemeForm For Elementor", "slug": "romethemeform", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81a293ea-abda-4c90-a109-791ca5ba89a4?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81a3460e-f2c8-422f-9256-3aef24afb42b": { "id": "81a3460e-f2c8-422f-9256-3aef24afb42b", "title": "Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting via AJAX Action", "software": [ { "type": "plugin", "name": "Asset CleanUp: Page Speed Booster", "slug": "wp-asset-clean-up", "affected_versions": { "[*, 1.3.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81a3460e-f2c8-422f-9256-3aef24afb42b?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81a48c61-4191-4252-9230-9df8fc5e3443": { "id": "81a48c61-4191-4252-9230-9df8fc5e3443", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81a48c61-4191-4252-9230-9df8fc5e3443?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81a7afc0-05be-4966-b762-081ef553d4e8": { "id": "81a7afc0-05be-4966-b762-081ef553d4e8", "title": "Contextual Related Posts <= 1.8.6 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contextual Related Posts", "slug": "contextual-related-posts", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81a7afc0-05be-4966-b762-081ef553d4e8?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81a82caf-4013-42c4-ad63-4e13bfa4322f": { "id": "81a82caf-4013-42c4-ad63-4e13bfa4322f", "title": "Rank Math SEO with AI SEO Tools <= 1.0.214 - Authenticated(Contributor+) Stored Cross-Site Scripting via HowTo block attributes", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.214": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.214", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.215" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81a82caf-4013-42c4-ad63-4e13bfa4322f?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81ac0ec4-8476-4ed5-9b00-a0456afef191": { "id": "81ac0ec4-8476-4ed5-9b00-a0456afef191", "title": "FV Flowplayer Video Player <= 7.5.45.7212 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.45.7212": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.45.7212", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.46.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81ac0ec4-8476-4ed5-9b00-a0456afef191?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81b49050-84e4-4fb4-b8ed-baf21c8bb5a3": { "id": "81b49050-84e4-4fb4-b8ed-baf21c8bb5a3", "title": "Logo Carousel < 1.7.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Carousel", "slug": "kiwi-logo-carousel", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81b49050-84e4-4fb4-b8ed-baf21c8bb5a3?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81b4a218-7752-4276-a523-1edbe1e36442": { "id": "81b4a218-7752-4276-a523-1edbe1e36442", "title": "Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in Product XML Feeds Module", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "[*, 5.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81b4a218-7752-4276-a523-1edbe1e36442?source=api-scan" ], "published": "2021-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81b76824-8099-433d-88e3-c05df9434fd6": { "id": "81b76824-8099-433d-88e3-c05df9434fd6", "title": "Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscribe to Comments", "slug": "subscribe-to-comments", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81b76824-8099-433d-88e3-c05df9434fd6?source=api-scan" ], "published": "2006-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81b9cebd-eff6-4650-977e-ee81089e683a": { "id": "81b9cebd-eff6-4650-977e-ee81089e683a", "title": "Levo Slideshow <= 2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Levo Slideshow", "slug": "wp-levoslideshow", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81b9cebd-eff6-4650-977e-ee81089e683a?source=api-scan" ], "published": "2016-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81bb4b60-a674-4276-b7e5-5626f9eb3ff8": { "id": "81bb4b60-a674-4276-b7e5-5626f9eb3ff8", "title": "Himer - Social Questions and Answers <= 2.1.2 - Cross-Site Request Forgery to Arbitrary User Invites", "software": [ { "type": "theme", "name": "Himer - Social Questions and Answers WordPress Theme", "slug": "himer", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81bb4b60-a674-4276-b7e5-5626f9eb3ff8?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81bcbf7d-d33f-4cf2-8411-613cf54095b4": { "id": "81bcbf7d-d33f-4cf2-8411-613cf54095b4", "title": "Print, PDF, Email by PrintFriendly <= 5.2.2 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Print, PDF, Email by PrintFriendly", "slug": "printfriendly", "affected_versions": { "[*, 5.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81bcbf7d-d33f-4cf2-8411-613cf54095b4?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81bedea8-fbf7-411b-a31b-51af23522498": { "id": "81bedea8-fbf7-411b-a31b-51af23522498", "title": "Soundcloud Is Gold <= 2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SoundCloud Is Gold", "slug": "soundcloud-is-gold", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81bedea8-fbf7-411b-a31b-51af23522498?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81bf9a8d-fc70-45d9-a352-4a5bfb2c43f4": { "id": "81bf9a8d-fc70-45d9-a352-4a5bfb2c43f4", "title": "WordPress Core <= 2.8.4 - Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81bf9a8d-fc70-45d9-a352-4a5bfb2c43f4?source=api-scan" ], "published": "2009-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81c4dd54-a248-48a0-a407-ffd3162e0abe": { "id": "81c4dd54-a248-48a0-a407-ffd3162e0abe", "title": "Icon Widget <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Icon Widget", "slug": "icon-widget", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81c4dd54-a248-48a0-a407-ffd3162e0abe?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81c80424-3ecb-4740-b458-00a983f35298": { "id": "81c80424-3ecb-4740-b458-00a983f35298", "title": "IBPS Online Exam Plugin for WordPress <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "IBPS Online Exam Plugin for WordPress", "slug": "examapp", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81c80424-3ecb-4740-b458-00a983f35298?source=api-scan" ], "published": "2017-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81ca577d-5337-4d46-94bb-93c230cf0348": { "id": "81ca577d-5337-4d46-94bb-93c230cf0348", "title": "The7 \u2014 Website and eCommerce Builder for WordPress <= 2.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "The7 \u2014 Website and eCommerce Builder for WordPress", "slug": "dt-the7", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81ca577d-5337-4d46-94bb-93c230cf0348?source=api-scan" ], "published": "2015-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81d73996-d192-485b-bc47-1db7e6ca70e6": { "id": "81d73996-d192-485b-bc47-1db7e6ca70e6", "title": "Secure Copy Content Protection and Content Locking <= 4.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure Copy Content Protection and Content Locking", "slug": "secure-copy-content-protection", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81d73996-d192-485b-bc47-1db7e6ca70e6?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81e6e266-078a-4f4f-a335-c9d388f41ef2": { "id": "81e6e266-078a-4f4f-a335-c9d388f41ef2", "title": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.35.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.35.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.36.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81e6e266-078a-4f4f-a335-c9d388f41ef2?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81eb8963-548f-4e94-83bd-266a19c09aab": { "id": "81eb8963-548f-4e94-83bd-266a19c09aab", "title": "Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice", "software": [ { "type": "plugin", "name": "Checkout Field Editor (Checkout Manager) for WooCommerce", "slug": "woo-checkout-field-editor-pro", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81eb8963-548f-4e94-83bd-266a19c09aab?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81ed1733-0073-464c-8ef7-28db228618e1": { "id": "81ed1733-0073-464c-8ef7-28db228618e1", "title": "Poll, Survey, Questionnaire and Voting system <= 1.7.4 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Poll, Survey, Questionnaire and Voting system", "slug": "polls-widget", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81ed1733-0073-464c-8ef7-28db228618e1?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81f025da-c28c-4a80-8b4f-27dae07b2b04": { "id": "81f025da-c28c-4a80-8b4f-27dae07b2b04", "title": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", "slug": "depicter", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81f025da-c28c-4a80-8b4f-27dae07b2b04?source=api-scan" ], "published": "2024-08-13 19:54:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81f4f8e8-cac3-4865-a686-212f6c7f7b65": { "id": "81f4f8e8-cac3-4865-a686-212f6c7f7b65", "title": "CAPTCHA in Thai <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CAPTCHA in Thai", "slug": "captcha-in-thai", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81f4f8e8-cac3-4865-a686-212f6c7f7b65?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81f993ec-9a7f-4e55-bc88-ea832ce49773": { "id": "81f993ec-9a7f-4e55-bc88-ea832ce49773", "title": "WP Lead Plus X <= 0.98 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Landing Page \u2013 Squeeze Page \u2013 Responsive Landing Page Builder Free \u2013 WP Lead Plus X", "slug": "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make", "affected_versions": { "* - 0.98": { "from_version": "*", "from_inclusive": true, "to_version": "0.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81f993ec-9a7f-4e55-bc88-ea832ce49773?source=api-scan" ], "published": "2020-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3": { "id": "81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3", "title": "Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Order Tracking \u2013 WordPress Status Tracking Plugin", "slug": "order-tracking", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81fa4987-d019-4d0c-a002-eceef956161e": { "id": "81fa4987-d019-4d0c-a002-eceef956161e", "title": "GeoDirectory <= 2.2.23 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "* - 2.2.23": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81fa4987-d019-4d0c-a002-eceef956161e?source=api-scan" ], "published": "2023-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81fc41a4-9206-404c-bd5b-821c77ff3593": { "id": "81fc41a4-9206-404c-bd5b-821c77ff3593", "title": "Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81fc41a4-9206-404c-bd5b-821c77ff3593?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81fd3ac1-91af-4cfa-ac4e-712beb4236c0": { "id": "81fd3ac1-91af-4cfa-ac4e-712beb4236c0", "title": "LearnPress <= 4.2.5.3 - Reflected Cross-Site Scripting via add_internal_scripts_to_head", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "[*, 4.2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81fd3ac1-91af-4cfa-ac4e-712beb4236c0?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "81fd6ec4-9cff-4604-8b7f-5b8683096c34": { "id": "81fd6ec4-9cff-4604-8b7f-5b8683096c34", "title": "WP Compress \u2013 Image Optimizer [All-In-One] <= 6.10.35 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Compress \u2013 Instant Performance & Speed Optimization", "slug": "wp-compress-image-optimizer", "affected_versions": { "* - 6.10.35": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.11.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/81fd6ec4-9cff-4604-8b7f-5b8683096c34?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8202e9e7-b05b-4603-9ebd-8084bf17a230": { "id": "8202e9e7-b05b-4603-9ebd-8084bf17a230", "title": "MapPress Maps <= 2.54.5 - Remote Code Execution via Improper Capability Checks in AJAX Calls", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "* - 2.54.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.54.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.54.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8202e9e7-b05b-4603-9ebd-8084bf17a230?source=api-scan" ], "published": "2020-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8206d00c-7eb1-4ef2-b3d3-be78d39036db": { "id": "8206d00c-7eb1-4ef2-b3d3-be78d39036db", "title": "Accommodation System <= 1.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Accommodation System", "slug": "accommodation-system", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8206d00c-7eb1-4ef2-b3d3-be78d39036db?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "820b289c-f907-42b1-8b22-52d614398fba": { "id": "820b289c-f907-42b1-8b22-52d614398fba", "title": "SEUR Oficial <= 2.2.10.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "SEUR Oficial", "slug": "seur", "affected_versions": { "* - 2.2.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/820b289c-f907-42b1-8b22-52d614398fba?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82137302-60ca-44d5-b087-dc96e2815fca": { "id": "82137302-60ca-44d5-b087-dc96e2815fca", "title": "Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Premium Packages \u2013 Sell Digital Products Securely", "slug": "wpdm-premium-packages", "affected_versions": { "* - 5.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82137302-60ca-44d5-b087-dc96e2815fca?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "821462d6-970e-4e3e-b91d-e7153296ba9f": { "id": "821462d6-970e-4e3e-b91d-e7153296ba9f", "title": "Greenshift \u2013 animation and page builder blocks <= 7.6.2 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Greenshift \u2013 animation and page builder blocks", "slug": "greenshift-animation-and-page-builder-blocks", "affected_versions": { "* - 7.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/821462d6-970e-4e3e-b91d-e7153296ba9f?source=api-scan" ], "published": "2023-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82173c1b-dce8-4713-87c7-2c54ba8cc02c": { "id": "82173c1b-dce8-4713-87c7-2c54ba8cc02c", "title": "User Registration, Login & Landing Pages <= 1.2.7 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Registration, Login & Landing Pages \u2013 LeadMagic", "slug": "custom-landing-pages-leadmagic", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82173c1b-dce8-4713-87c7-2c54ba8cc02c?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "821b8ed1-10be-4798-826a-aaaef4888950": { "id": "821b8ed1-10be-4798-826a-aaaef4888950", "title": "WpGenius Job Listing <= 1.0.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WpGenius Job Listing", "slug": "wpgenious-job-listing", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/821b8ed1-10be-4798-826a-aaaef4888950?source=api-scan" ], "published": "2021-10-14 13:46:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "821e763a-fe84-4471-99d0-515e036122c0": { "id": "821e763a-fe84-4471-99d0-515e036122c0", "title": "Icegram Collect \u2013 Easy Form, Lead Collection and Subscription plugin <= 1.3.14 - Missing Authorization", "software": [ { "type": "plugin", "name": "Icegram Collect \u2013 Easy Form, Lead Collection and Subscription plugin", "slug": "icegram-rainmaker", "affected_versions": { "* - 1.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/821e763a-fe84-4471-99d0-515e036122c0?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8223f9dd-1c2d-40bd-a17d-1bb317829d3b": { "id": "8223f9dd-1c2d-40bd-a17d-1bb317829d3b", "title": "Sell Photo <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sell Photo", "slug": "sell-photo", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8223f9dd-1c2d-40bd-a17d-1bb317829d3b?source=api-scan" ], "published": "2020-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82246b72-3c29-4574-af86-d0435eecce5d": { "id": "82246b72-3c29-4574-af86-d0435eecce5d", "title": "Quartz <= 1.01.1 - SQL Injection", "software": [ { "type": "plugin", "name": "quartz", "slug": "quartz", "affected_versions": { "* - 1.01.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.01.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82246b72-3c29-4574-af86-d0435eecce5d?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82253cd8-e9ff-4f3d-8844-c270dae445a4": { "id": "82253cd8-e9ff-4f3d-8844-c270dae445a4", "title": "MediaElement.js \u2013 HTML5 Video & Audio Player <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "MediaElement.js \u2013 HTML5 Video & Audio Player", "slug": "media-element-html5-video-and-audio-player", "affected_versions": { "* - 4.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82253cd8-e9ff-4f3d-8844-c270dae445a4?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82259b54-0313-41a2-ace4-41e583b93e8a": { "id": "82259b54-0313-41a2-ace4-41e583b93e8a", "title": "Easy Digital Downloads \u2013 Simple eCommerce for Selling Digital Files <= 2.9.15 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "[*, 2.9.16)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82259b54-0313-41a2-ace4-41e583b93e8a?source=api-scan" ], "published": "2019-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "822a3b3b-db39-4edc-ae68-80fb82359316": { "id": "822a3b3b-db39-4edc-ae68-80fb82359316", "title": "WordPress RSS Feed Retriever <= 1.6.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "RSS Feed Retriever", "slug": "wp-rss-retriever", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/822a3b3b-db39-4edc-ae68-80fb82359316?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "822b5a6b-0be6-4511-bf5d-c32574f27865": { "id": "822b5a6b-0be6-4511-bf5d-c32574f27865", "title": "LearnPress <= 3.2.6.6 - Privilege Escalation", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 3.2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/822b5a6b-0be6-4511-bf5d-c32574f27865?source=api-scan" ], "published": "2020-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "822c0a33-e57e-48c7-b8df-fddf3bb2e552": { "id": "822c0a33-e57e-48c7-b8df-fddf3bb2e552", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/822c0a33-e57e-48c7-b8df-fddf3bb2e552?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "822f5b92-8c58-4132-80a7-d15e1215c934": { "id": "822f5b92-8c58-4132-80a7-d15e1215c934", "title": "WP-DownloadManager Plugin < 1.61 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-download-manager", "slug": "wp-download-manager", "affected_versions": { "[*, 1.61)": { "from_version": "*", "from_inclusive": true, "to_version": "1.61", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/822f5b92-8c58-4132-80a7-d15e1215c934?source=api-scan" ], "published": "2013-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8232ff9e-e8de-4bd1-9a73-2383a4a25b80": { "id": "8232ff9e-e8de-4bd1-9a73-2383a4a25b80", "title": "The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)", "slug": "the-pack-addon", "affected_versions": { "* - 2.0.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8232ff9e-e8de-4bd1-9a73-2383a4a25b80?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "823418d9-a231-4306-8575-2937a491509f": { "id": "823418d9-a231-4306-8575-2937a491509f", "title": "Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 6.11.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.11.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/823418d9-a231-4306-8575-2937a491509f?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "823dc422-12f4-4f7d-a305-2e4db18bafdf": { "id": "823dc422-12f4-4f7d-a305-2e4db18bafdf", "title": "WRC Pricing Tables <= 2.3.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WRC Pricing Tables \u2013 WordPress Responsive CSS3 Pricing Tables", "slug": "wrc-pricing-tables", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/823dc422-12f4-4f7d-a305-2e4db18bafdf?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "823dce74-2688-4573-b0c8-353f1789ea48": { "id": "823dce74-2688-4573-b0c8-353f1789ea48", "title": "Blogger Buzz <= 1.2.4 - Missing Authorization via activate_plugin", "software": [ { "type": "theme", "name": "Blogger Buzz", "slug": "blogger-buzz", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/823dce74-2688-4573-b0c8-353f1789ea48?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "823fee99-5c91-456d-9a09-f942f42aa8fa": { "id": "823fee99-5c91-456d-9a09-f942f42aa8fa", "title": "Appointment Hour Booking <= 1.4.23 - Missing Authorization to Double Booking", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "* - 1.4.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/823fee99-5c91-456d-9a09-f942f42aa8fa?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82420667-9ba6-46ed-9a53-d16850755bb9": { "id": "82420667-9ba6-46ed-9a53-d16850755bb9", "title": "TI WooCommerce Wishlist <= 2.7.3 - Unauthenticated Blind SQL Injection via Rest API", "software": [ { "type": "plugin", "name": "TI WooCommerce Wishlist", "slug": "ti-woocommerce-wishlist", "affected_versions": { "[*, 2.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82420667-9ba6-46ed-9a53-d16850755bb9?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8242e0f0-b9c5-46fe-b691-3275cd0f9a43": { "id": "8242e0f0-b9c5-46fe-b691-3275cd0f9a43", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8242e0f0-b9c5-46fe-b691-3275cd0f9a43?source=api-scan" ], "published": "2024-08-31 21:37:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "824360ab-c797-465a-8480-baeae941af29": { "id": "824360ab-c797-465a-8480-baeae941af29", "title": "Jetpack <= 12.8-a.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 12.8-a.1]": { "from_version": "*", "from_inclusive": true, "to_version": "12.8-a.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.8-a.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/824360ab-c797-465a-8480-baeae941af29?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8246ea9f-3ccb-4448-bf32-135c8140b09b": { "id": "8246ea9f-3ccb-4448-bf32-135c8140b09b", "title": "Upload Resume <= 1.2.0 - Authenticated Sensitive Information Disclosure via resume_upload_form_list shortcode", "software": [ { "type": "plugin", "name": "Upload Resume", "slug": "resume-upload-form", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8246ea9f-3ccb-4448-bf32-135c8140b09b?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8247acc4-04dc-463a-906a-f6085116cf40": { "id": "8247acc4-04dc-463a-906a-f6085116cf40", "title": "Zingiri Web Shop <= 2.2.3 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Zingiri Web Shop", "slug": "g-web-shop", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8247acc4-04dc-463a-906a-f6085116cf40?source=api-scan" ], "published": "2011-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8247c654-0082-4677-a0a6-b90a0256de81": { "id": "8247c654-0082-4677-a0a6-b90a0256de81", "title": "Smash Balloon Social Photo Feed <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smash Balloon Social Photo Feed \u2013 Easy Social Feeds Plugin", "slug": "instagram-feed", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8247c654-0082-4677-a0a6-b90a0256de81?source=api-scan" ], "published": "2018-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "824b27e8-1f07-4cd0-9335-5860d1b58562": { "id": "824b27e8-1f07-4cd0-9335-5860d1b58562", "title": "Bookmarkify <= 1.1.3 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bookmarkify", "slug": "bookmarkify", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/824b27e8-1f07-4cd0-9335-5860d1b58562?source=api-scan" ], "published": "2015-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "824ec2ba-b701-46e9-b237-53cd7d0e46da": { "id": "824ec2ba-b701-46e9-b237-53cd7d0e46da", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/824ec2ba-b701-46e9-b237-53cd7d0e46da?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8250434a-2fad-4f44-9813-90e734d32d2e": { "id": "8250434a-2fad-4f44-9813-90e734d32d2e", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'LoadTab' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8250434a-2fad-4f44-9813-90e734d32d2e?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8250c277-200a-4808-98ae-ede169aad3fd": { "id": "8250c277-200a-4808-98ae-ede169aad3fd", "title": "Front End PM < 11.4.3 - Sensitive Information Exposure via Directory Listing", "software": [ { "type": "plugin", "name": "Front End PM", "slug": "front-end-pm", "affected_versions": { "[*, 11.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "11.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8250c277-200a-4808-98ae-ede169aad3fd?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8254f4ab-b7a4-4823-8bf9-0673cea1248e": { "id": "8254f4ab-b7a4-4823-8bf9-0673cea1248e", "title": "SP Project & Document Manager <= 4.57 - Sensitive File Disclosure", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.57": { "from_version": "*", "from_inclusive": true, "to_version": "4.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8254f4ab-b7a4-4823-8bf9-0673cea1248e?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8256b8e4-f8c5-4feb-b6e4-668ed3b6fccd": { "id": "8256b8e4-f8c5-4feb-b6e4-668ed3b6fccd", "title": "Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Boot Store", "slug": "boot-store", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8256b8e4-f8c5-4feb-b6e4-668ed3b6fccd?source=api-scan" ], "published": "2024-07-01 13:24:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "825af974-dccd-4409-8f22-fa70240b0c66": { "id": "825af974-dccd-4409-8f22-fa70240b0c66", "title": "Easy Set Favicon <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Set Favicon", "slug": "easy-set-favicon", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/825af974-dccd-4409-8f22-fa70240b0c66?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "825d9154-7385-4652-b258-cf813be9bcdb": { "id": "825d9154-7385-4652-b258-cf813be9bcdb", "title": "Site Reviews <= 2.15.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "[*, 2.15.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/825d9154-7385-4652-b258-cf813be9bcdb?source=api-scan" ], "published": "2018-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8260a74a-e338-42f6-ad9d-cb30f1a9bc86": { "id": "8260a74a-e338-42f6-ad9d-cb30f1a9bc86", "title": "Simple Post Notes <= 1.7.5 - Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Post Notes", "slug": "simple-post-notes", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8260a74a-e338-42f6-ad9d-cb30f1a9bc86?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82619274-4339-44ba-b50c-d1194c34b695": { "id": "82619274-4339-44ba-b50c-d1194c34b695", "title": "IgnitionDeck Crowdfunding Platform <= 1.1.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "IgnitionDeck Crowdfunding Platform", "slug": "ignitiondeck", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82619274-4339-44ba-b50c-d1194c34b695?source=api-scan" ], "published": "2015-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82644c46-205b-4005-bba8-6b3e45769639": { "id": "82644c46-205b-4005-bba8-6b3e45769639", "title": "Elementor Header & Footer Builder <= 1.6.24 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Header & Footer Builder", "slug": "header-footer-elementor", "affected_versions": { "* - 1.6.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82644c46-205b-4005-bba8-6b3e45769639?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "826483d7-948d-46c4-890c-71001b03847c": { "id": "826483d7-948d-46c4-890c-71001b03847c", "title": "Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/826483d7-948d-46c4-890c-71001b03847c?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8269f83b-5d7d-4f01-85ee-fd7262fed5b1": { "id": "8269f83b-5d7d-4f01-85ee-fd7262fed5b1", "title": "12 Step Meeting List <= 3.14.28 - Missing Authorization", "software": [ { "type": "plugin", "name": "12 Step Meeting List", "slug": "12-step-meeting-list", "affected_versions": { "* - 3.14.28": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8269f83b-5d7d-4f01-85ee-fd7262fed5b1?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "826a3fa2-ee41-4960-becb-0df8813a964a": { "id": "826a3fa2-ee41-4960-becb-0df8813a964a", "title": "Multiple Plugins By ThemeHunk (Various Versions) - Missing Authorization via settings_init", "software": [ { "type": "plugin", "name": "Product Compare for WooCommerce", "slug": "th-product-compare", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "plugin", "name": "Responsive Contact Form Builder & Lead Generation Plugin", "slug": "lead-form-builder", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5" ] }, { "type": "plugin", "name": "Advance WordPress Search Plugin", "slug": "th-advance-product-search", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/826a3fa2-ee41-4960-becb-0df8813a964a?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "826b3913-9a37-4e15-80fd-b35cefb51af8": { "id": "826b3913-9a37-4e15-80fd-b35cefb51af8", "title": "GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation\/Overwrite\/Deletion)", "software": [ { "type": "plugin", "name": "GMAce", "slug": "gmace", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/826b3913-9a37-4e15-80fd-b35cefb51af8?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "826b5dac-4a54-44c7-979b-8901bb468777": { "id": "826b5dac-4a54-44c7-979b-8901bb468777", "title": "Greenshift \u2013 animation and page builder blocks <= 4.9.9 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Greenshift \u2013 animation and page builder blocks", "slug": "greenshift-animation-and-page-builder-blocks", "affected_versions": { "* - 4.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/826b5dac-4a54-44c7-979b-8901bb468777?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "826e7e0a-79b1-4828-8eeb-159ef3cc2c65": { "id": "826e7e0a-79b1-4828-8eeb-159ef3cc2c65", "title": "Community by PeepSo <= 6.2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/826e7e0a-79b1-4828-8eeb-159ef3cc2c65?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "826f75dd-ff37-459a-8a28-c70e403b720a": { "id": "826f75dd-ff37-459a-8a28-c70e403b720a", "title": "Thinkific Uploader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thinkific Uploader", "slug": "thinkific-uploader", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/826f75dd-ff37-459a-8a28-c70e403b720a?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "826fe5a8-3290-4f70-b9bb-8bd4aec3634c": { "id": "826fe5a8-3290-4f70-b9bb-8bd4aec3634c", "title": "WooCommerce Product Recommendations < 2.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Product Recommendations", "slug": "woocommerce-product-recommendations", "affected_versions": { "[*, 2.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/826fe5a8-3290-4f70-b9bb-8bd4aec3634c?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8278f5bf-2f40-4f3d-b38d-0ecea9d47f83": { "id": "8278f5bf-2f40-4f3d-b38d-0ecea9d47f83", "title": "Whizzy <= 1.1.18 - Missing Authorization", "software": [ { "type": "plugin", "name": "Whizzy", "slug": "whizzy", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8278f5bf-2f40-4f3d-b38d-0ecea9d47f83?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "827c5dc2-3195-47d9-9e44-ca2043748eed": { "id": "827c5dc2-3195-47d9-9e44-ca2043748eed", "title": "Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset", "software": [ { "type": "plugin", "name": "Conditional Fields for Contact Form 7", "slug": "cf7-conditional-fields", "affected_versions": { "* - 2.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/827c5dc2-3195-47d9-9e44-ca2043748eed?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82802e80-efb5-4aa3-9fea-9c21bfb71efa": { "id": "82802e80-efb5-4aa3-9fea-9c21bfb71efa", "title": "Real3D Flipbook <= 2.8 - Unauthenticated Arbitrary File or Directory Delete", "software": [ { "type": "plugin", "name": "Real3D Flipbook", "slug": "real3d-flipbook", "affected_versions": { "[*, 2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82802e80-efb5-4aa3-9fea-9c21bfb71efa?source=api-scan" ], "published": "2016-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8281cb20-73d3-4ab5-910e-d353b2a5cbd8": { "id": "8281cb20-73d3-4ab5-910e-d353b2a5cbd8", "title": "WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Popup Banners", "slug": "wp-popup-banners", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8281cb20-73d3-4ab5-910e-d353b2a5cbd8?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8283a502-6fb8-43ff-8f46-8afbfdbb22f7": { "id": "8283a502-6fb8-43ff-8f46-8afbfdbb22f7", "title": "BSK Forms Blacklist <= 3.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BSK Forms Blacklist", "slug": "bsk-gravityforms-blacklist", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8283a502-6fb8-43ff-8f46-8afbfdbb22f7?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8291fd89-aea1-4f7b-abd8-dee8438c3ed5": { "id": "8291fd89-aea1-4f7b-abd8-dee8438c3ed5", "title": "The Events Calendar <= 6.2.8 - Information Disclosure", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "[*, 6.2.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8291fd89-aea1-4f7b-abd8-dee8438c3ed5?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8298f1fb-3165-40e3-9192-805a07c14cae": { "id": "8298f1fb-3165-40e3-9192-805a07c14cae", "title": "Plugin Groups <= 2.0.6 - Missing Authorization to Unauthenticated Denial of Service", "software": [ { "type": "plugin", "name": "Plugin Groups", "slug": "plugin-groups", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8298f1fb-3165-40e3-9192-805a07c14cae?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "829a19fc-f262-4b67-b499-76580779eb9a": { "id": "829a19fc-f262-4b67-b499-76580779eb9a", "title": "Atarim <= 4.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/829a19fc-f262-4b67-b499-76580779eb9a?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82a26836-44fc-47cf-ad09-bd3d264e8635": { "id": "82a26836-44fc-47cf-ad09-bd3d264e8635", "title": "Welcome Bar <= 2.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Welcome Bar", "slug": "intelly-welcome-bar", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82a26836-44fc-47cf-ad09-bd3d264e8635?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82acefe0-a839-4721-858d-120326e45664": { "id": "82acefe0-a839-4721-858d-120326e45664", "title": "Post Snippets <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Snippets \u2013 Custom WordPress Code Snippets Customizer", "slug": "post-snippets", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82acefe0-a839-4721-858d-120326e45664?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82b4291c-5e31-4909-b743-778e68a0fe20": { "id": "82b4291c-5e31-4909-b743-778e68a0fe20", "title": "WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via REQUEST_URI", "software": [ { "type": "plugin", "name": "WP eStore", "slug": "wp-cart-for-digital-products", "affected_versions": { "* - 8.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82b4291c-5e31-4909-b743-778e68a0fe20?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82b46474-9a32-4d7e-8fa4-91f6465c5fa7": { "id": "82b46474-9a32-4d7e-8fa4-91f6465c5fa7", "title": "ZM Ajax Login & Register <= 1.0.9 - Local File Inclusion", "software": [ { "type": "plugin", "name": "ZM Ajax Login & Register", "slug": "zm-ajax-login-register", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82b46474-9a32-4d7e-8fa4-91f6465c5fa7?source=api-scan" ], "published": "2015-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82b48e39-4f8f-48b8-ba46-49e06bee2cc7": { "id": "82b48e39-4f8f-48b8-ba46-49e06bee2cc7", "title": "LiteSpeed Cache <= 4.4.3 - Reflected Cross-Site Scripting via qc_res", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "1.0.15 - 4.4.3": { "from_version": "1.0.15", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82b48e39-4f8f-48b8-ba46-49e06bee2cc7?source=api-scan" ], "published": "2021-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82c08769-2bb6-4c87-b198-f18216b3e744": { "id": "82c08769-2bb6-4c87-b198-f18216b3e744", "title": "Library Viewer <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Library Viewer", "slug": "library-viewer", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82c08769-2bb6-4c87-b198-f18216b3e744?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82c3c97d-f9dd-4667-a1a8-94cf12947618": { "id": "82c3c97d-f9dd-4667-a1a8-94cf12947618", "title": "Goto - Tour & Travel WordPress Theme < 2.1 - SQL Injection", "software": [ { "type": "theme", "name": "Goto - Tour & Travel WordPress Theme", "slug": "goto", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82c3c97d-f9dd-4667-a1a8-94cf12947618?source=api-scan" ], "published": "2021-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82c6ed2f-20e8-46d1-a460-16d32b7536cd": { "id": "82c6ed2f-20e8-46d1-a460-16d32b7536cd", "title": "WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82c6ed2f-20e8-46d1-a460-16d32b7536cd?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82cde234-ae87-438f-911e-bdd0e3ac1132": { "id": "82cde234-ae87-438f-911e-bdd0e3ac1132", "title": "FileBird \u2013 WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "FileBird \u2013 WordPress Media Library Folders & File Manager", "slug": "filebird", "affected_versions": { "* - 5.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82cde234-ae87-438f-911e-bdd0e3ac1132?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82ce66d0-dc53-4433-b499-30bfd48efaf2": { "id": "82ce66d0-dc53-4433-b499-30bfd48efaf2", "title": "Elegant Themes Divi 3.23 - 4.0.9, Divi Extra 2.23 - 4.0.9, Divi Builder 2.23 - 4.0.9 - PHP Code Injection", "software": [ { "type": "plugin", "name": "Divi Builder", "slug": "divi-builder", "affected_versions": { "2.23 - 4.0.9": { "from_version": "2.23", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.10" ] }, { "type": "theme", "name": "Divi", "slug": "Divi", "affected_versions": { "3.23 - 4.0.9": { "from_version": "3.23", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.10" ] }, { "type": "theme", "name": "Divi Extra", "slug": "extra", "affected_versions": { "2.23 - 4.0.9": { "from_version": "2.23", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82ce66d0-dc53-4433-b499-30bfd48efaf2?source=api-scan" ], "published": "2020-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82da75f4-f036-40e0-ae4c-5011d6a39df4": { "id": "82da75f4-f036-40e0-ae4c-5011d6a39df4", "title": "2 Click Social Media Buttons < 0.34 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "2 Click Social Media Buttons", "slug": "2-click-socialmedia-buttons", "affected_versions": { "[*, 0.34)": { "from_version": "*", "from_inclusive": true, "to_version": "0.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82da75f4-f036-40e0-ae4c-5011d6a39df4?source=api-scan" ], "published": "2012-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82de0a8c-2be9-4780-9d2e-1c6788be5249": { "id": "82de0a8c-2be9-4780-9d2e-1c6788be5249", "title": "Paid Memberships Pro - Membership Maps Add On < 0.7 - Authenticated (contributor+) Information Disclosure", "software": [ { "type": "plugin", "name": "Paid Memberships Pro - Membership Maps Add On", "slug": "pmpro-membership-maps", "affected_versions": { "[*, 0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82de0a8c-2be9-4780-9d2e-1c6788be5249?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82df7569-919a-4f95-b0e2-f866133771eb": { "id": "82df7569-919a-4f95-b0e2-f866133771eb", "title": "User Domain Whitelist <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "User Domain Whitelist", "slug": "user-domain-whitelist", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82df7569-919a-4f95-b0e2-f866133771eb?source=api-scan" ], "published": "2014-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab": { "id": "82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab", "title": "Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82e9bd78-726f-421f-8bf0-560fa9eeab2c": { "id": "82e9bd78-726f-421f-8bf0-560fa9eeab2c", "title": "weMail <= 1.14.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "weMail \u2013 Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A\/B Testing, and Automation", "slug": "wemail", "affected_versions": { "* - 1.14.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82e9bd78-726f-421f-8bf0-560fa9eeab2c?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82eb759f-e8d5-40c6-998f-f6981d9d6644": { "id": "82eb759f-e8d5-40c6-998f-f6981d9d6644", "title": "Guest posting \/ Frontend Posting wordpress plugin \u2013 WP Front User Submit \/ Front Editor <= 4.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Guest posting \/ Frontend Posting wordpress plugin \u2013 WP Front User Submit \/ Front Editor", "slug": "front-editor", "affected_versions": { "* - 4.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82eb759f-e8d5-40c6-998f-f6981d9d6644?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82f311a5-6ef3-4052-ab9d-fdb23f7b7406": { "id": "82f311a5-6ef3-4052-ab9d-fdb23f7b7406", "title": "QR Redirector <= 1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "QR Redirector", "slug": "qr-redirector", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82f311a5-6ef3-4052-ab9d-fdb23f7b7406?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82f4ad21-bc55-4daf-bc46-90969dcbabdd": { "id": "82f4ad21-bc55-4daf-bc46-90969dcbabdd", "title": "We\u2019re Open! <= 1.44 - Missing Authorization", "software": [ { "type": "plugin", "name": "We\u2019re Open!", "slug": "opening-hours", "affected_versions": { "* - 1.44": { "from_version": "*", "from_inclusive": true, "to_version": "1.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82f4ad21-bc55-4daf-bc46-90969dcbabdd?source=api-scan" ], "published": "2023-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82f5e976-2564-4f8b-96d5-cfac9945737c": { "id": "82f5e976-2564-4f8b-96d5-cfac9945737c", "title": "Call Now Icon Animate <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Call Now Icon Animate", "slug": "call-now-icon-animate", "affected_versions": { "* - 0.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82f5e976-2564-4f8b-96d5-cfac9945737c?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82f80916-37ab-4c5a-9787-2544c620acac": { "id": "82f80916-37ab-4c5a-9787-2544c620acac", "title": "WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "[*, 0.9.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82f80916-37ab-4c5a-9787-2544c620acac?source=api-scan" ], "published": "2020-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82fb1ea4-12cc-4c8c-b51e-cf878a791d0e": { "id": "82fb1ea4-12cc-4c8c-b51e-cf878a791d0e", "title": "Accept Stripe Payments <= 2.0.63 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accept Stripe Payments", "slug": "stripe-payments", "affected_versions": { "* - 2.0.63": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.63", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82fb1ea4-12cc-4c8c-b51e-cf878a791d0e?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "82fe99af-f254-4f4f-ac27-3e1997c370f6": { "id": "82fe99af-f254-4f4f-ac27-3e1997c370f6", "title": "CiviCRM < 5.28.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CiviCRM for WordPress", "slug": "civicrm", "affected_versions": { "* - 5.28.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.28.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.28.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/82fe99af-f254-4f4f-ac27-3e1997c370f6?source=api-scan" ], "published": "2021-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83009e29-6860-4d0c-954a-8035dc361cdc": { "id": "83009e29-6860-4d0c-954a-8035dc361cdc", "title": "WP-lightpop <= 0.8.5.6 - Remote Media File Inclusion", "software": [ { "type": "plugin", "name": "wp-lightpop", "slug": "wp-lightpop", "affected_versions": { "* - 0.8.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83009e29-6860-4d0c-954a-8035dc361cdc?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8303c84f-8065-4394-a692-29cb72bada0a": { "id": "8303c84f-8065-4394-a692-29cb72bada0a", "title": "Hunk External Links <= 3.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hunk External Links", "slug": "hunk-external-links", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8303c84f-8065-4394-a692-29cb72bada0a?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8305be9c-cad5-4bbc-beab-0730a9abe1d9": { "id": "8305be9c-cad5-4bbc-beab-0730a9abe1d9", "title": "Download Monitor < 1.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8305be9c-cad5-4bbc-beab-0730a9abe1d9?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "830a8e85-6134-4f85-996f-b0cb7ccb9d5c": { "id": "830a8e85-6134-4f85-996f-b0cb7ccb9d5c", "title": "PostX Gutenberg Blocks Saved Templates Addon <= 2.4.9 - Private Content Disclosure", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/830a8e85-6134-4f85-996f-b0cb7ccb9d5c?source=api-scan" ], "published": "2021-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "830ac75b-708a-435c-8837-b79a2f41575c": { "id": "830ac75b-708a-435c-8837-b79a2f41575c", "title": "Starbox <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter URL Field", "software": [ { "type": "plugin", "name": "Starbox \u2013 the Author Box for Humans", "slug": "starbox", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/830ac75b-708a-435c-8837-b79a2f41575c?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "830f53a4-da3b-4a95-99f1-c4a4c8e6944c": { "id": "830f53a4-da3b-4a95-99f1-c4a4c8e6944c", "title": "WP Compress \u2013 Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Compress \u2013 Instant Performance & Speed Optimization", "slug": "wp-compress-image-optimizer", "affected_versions": { "* - 6.20.01": { "from_version": "*", "from_inclusive": true, "to_version": "6.20.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.20.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/830f53a4-da3b-4a95-99f1-c4a4c8e6944c?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "830ff660-0265-46e5-8d16-ecd03cdf9f52": { "id": "830ff660-0265-46e5-8d16-ecd03cdf9f52", "title": "Importify <= 1.0.4 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Importify \u2013 Dropshipping WooCommerce Plugin for Aliexpress, Amazon, Etsy, Alibaba, Walmart & More", "slug": "importify", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/830ff660-0265-46e5-8d16-ecd03cdf9f52?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83106660-0678-44c0-894d-7287230f616e": { "id": "83106660-0678-44c0-894d-7287230f616e", "title": "Enfold <= 5.6.9 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Enfold - Responsive Multi-Purpose Theme", "slug": "enfold", "affected_versions": { "* - 5.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83106660-0678-44c0-894d-7287230f616e?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8314f607-5904-4da8-b2a2-5d77e2edc764": { "id": "8314f607-5904-4da8-b2a2-5d77e2edc764", "title": "WP GoToWebinar <= 15.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP GoToWebinar", "slug": "wp-gotowebinar", "affected_versions": { "* - 15.6": { "from_version": "*", "from_inclusive": true, "to_version": "15.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8314f607-5904-4da8-b2a2-5d77e2edc764?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83157b37-75f6-4ab9-8759-3d9a9cb9303d": { "id": "83157b37-75f6-4ab9-8759-3d9a9cb9303d", "title": "Updater by BestWebSoft <= 1.34 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Updater by BestWebSoft", "slug": "updater", "affected_versions": { "* - 1.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83157b37-75f6-4ab9-8759-3d9a9cb9303d?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83189c51-2605-4808-a0fa-3e5245cc0806": { "id": "83189c51-2605-4808-a0fa-3e5245cc0806", "title": "WordPress Tooltips <= 9.4.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Tooltips", "slug": "wordpress-tooltips", "affected_versions": { "* - 9.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83189c51-2605-4808-a0fa-3e5245cc0806?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8321f68f-da2d-4382-979d-54008de2cae7": { "id": "8321f68f-da2d-4382-979d-54008de2cae7", "title": "Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export", "software": [ { "type": "plugin", "name": "Swift Performance Lite", "slug": "swift-performance-lite", "affected_versions": { "* - 2.3.6.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8321f68f-da2d-4382-979d-54008de2cae7?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "833006a6-462a-4729-8f3e-dca74a3802a2": { "id": "833006a6-462a-4729-8f3e-dca74a3802a2", "title": "ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/833006a6-462a-4729-8f3e-dca74a3802a2?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "833eb481-4fb4-432e-8e93-3f497ccbf1eb": { "id": "833eb481-4fb4-432e-8e93-3f497ccbf1eb", "title": "Wordfence Security \u2013 Firewall & Malware Scan <= 7.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "* - 7.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/833eb481-4fb4-432e-8e93-3f497ccbf1eb?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8341c7fb-6f3f-45ee-86c3-9c9d2617594a": { "id": "8341c7fb-6f3f-45ee-86c3-9c9d2617594a", "title": "Meta Box - WordPress Custom Fields Framework <= 4.16.2 - File Deletion via attachment_id Parameter", "software": [ { "type": "plugin", "name": "Meta Box \u2013 WordPress Custom Fields Framework", "slug": "meta-box", "affected_versions": { "[*, 4.16.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.16.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8341c7fb-6f3f-45ee-86c3-9c9d2617594a?source=api-scan" ], "published": "2019-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8341eaea-cc54-43e2-bc4f-a892e3756fa3": { "id": "8341eaea-cc54-43e2-bc4f-a892e3756fa3", "title": "Advanced Cron Manager \u2013 debug & control <= 2.5.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Advanced Cron Manager \u2013 debug & control", "slug": "advanced-cron-manager", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8341eaea-cc54-43e2-bc4f-a892e3756fa3?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83460136-5a51-4c11-a695-ea2b2d60d68f": { "id": "83460136-5a51-4c11-a695-ea2b2d60d68f", "title": "WP-Property \u2013 WordPress Powered Real Estate and Property Management < 1.38.4 - Information Disclosure", "software": [ { "type": "plugin", "name": "WP-Property \u2013 WordPress Powered Real Estate and Property Management", "slug": "wp-property", "affected_versions": { "[*, 1.38.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.38.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.38.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83460136-5a51-4c11-a695-ea2b2d60d68f?source=api-scan" ], "published": "2014-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "834bedf0-a2bc-4396-a160-3d3f399c1897": { "id": "834bedf0-a2bc-4396-a160-3d3f399c1897", "title": "Download Manager <= 3.2.98 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.98": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/834bedf0-a2bc-4396-a160-3d3f399c1897?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "834c4ca9-7173-4c84-8287-9916ec72935d": { "id": "834c4ca9-7173-4c84-8287-9916ec72935d", "title": "Tutor LMS \u2013 eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/834c4ca9-7173-4c84-8287-9916ec72935d?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "834c92ba-8b48-4ae3-9073-085e8f559762": { "id": "834c92ba-8b48-4ae3-9073-085e8f559762", "title": "WordPress Core < 6.2.1 - Insufficient Sanitization of Block Attributes", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": false }, "[4.1, 4.1.38)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.38", "to_inclusive": false }, "[4.2, 4.2.35)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.35", "to_inclusive": false }, "[4.3, 4.3.31)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.31", "to_inclusive": false }, "[4.4, 4.4.30)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.30", "to_inclusive": false }, "[4.5, 4.5.29)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.29", "to_inclusive": false }, "[4.6, 4.6.26)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.26", "to_inclusive": false }, "[4.7, 4.7.26)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.26", "to_inclusive": false }, "[4.8, 4.8.22)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.22", "to_inclusive": false }, "[4.9, 4.9.23)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": false }, "[5.0, 5.0.19)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.19", "to_inclusive": false }, "[5.1, 5.1.16)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": false }, "[5.2, 5.2.18)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.18", "to_inclusive": false }, "[5.3, 5.3.15)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": false }, "[5.4, 5.4.13)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": false }, "[5.5, 5.5.12)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.12", "to_inclusive": false }, "[5.6, 5.6.11)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": false }, "[5.7, 5.7.9)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": false }, "[5.8, 5.8.7)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": false }, "[5.9, 5.9.6)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.6", "to_inclusive": false }, "[6.0, 6.0.4)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": false }, "[6.1, 6.1.2)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": false }, "[6.2, 6.2.1)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.38", "4.2.35", "4.3.31", "4.4.30", "4.5.29", "4.6.26", "4.7.26", "4.8.22", "4.9.23", "5.0.19", "5.1.16", "5.2.18", "5.3.15", "5.4.13", "5.5.12", "5.6.11", "5.7.9", "5.8.7", "5.9.6", "6.0.4", "6.1.2", "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/834c92ba-8b48-4ae3-9073-085e8f559762?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "834e86c6-f516-4991-a693-d23db2bf14ce": { "id": "834e86c6-f516-4991-a693-d23db2bf14ce", "title": "Student Result or Employee Database <= 1.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Student Result or Employee Database", "slug": "simple-student-result", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/834e86c6-f516-4991-a693-d23db2bf14ce?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "834ff44a-4259-49a5-bad3-26fce393fb98": { "id": "834ff44a-4259-49a5-bad3-26fce393fb98", "title": "Docket Cache \u2013 Object Cache Accelerator <= 21.08.01 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Docket Cache \u2013 Object Cache Accelerator", "slug": "docket-cache", "affected_versions": { "* - 21.08.01": { "from_version": "*", "from_inclusive": true, "to_version": "21.08.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.08.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/834ff44a-4259-49a5-bad3-26fce393fb98?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "835941f1-e2f6-41aa-9a46-cdbeb5741d20": { "id": "835941f1-e2f6-41aa-9a46-cdbeb5741d20", "title": "Event Calendar <= 1.1.50 - Subscriber+ Event Creation", "software": [ { "type": "plugin", "name": "Event Calendar WD version", "slug": "event-calendar-wd", "affected_versions": { "* - 1.1.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/835941f1-e2f6-41aa-9a46-cdbeb5741d20?source=api-scan" ], "published": "2021-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "835aaf5e-08c8-4bf8-add7-82a1f1fdc2c0": { "id": "835aaf5e-08c8-4bf8-add7-82a1f1fdc2c0", "title": "Themesflat Addons For Elementor <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themesflat Addons For Elementor", "slug": "themesflat-addons-for-elementor", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/835aaf5e-08c8-4bf8-add7-82a1f1fdc2c0?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "835b254a-9135-4b9d-8607-7122304601bc": { "id": "835b254a-9135-4b9d-8607-7122304601bc", "title": "Spambam <= 2.1 - Authorization Bypass", "software": [ { "type": "plugin", "name": "SpamBam", "slug": "spambam", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/835b254a-9135-4b9d-8607-7122304601bc?source=api-scan" ], "published": "2008-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "835cbcfa-bb8d-4b46-9316-500e1b47cfb5": { "id": "835cbcfa-bb8d-4b46-9316-500e1b47cfb5", "title": "HK Exif Tags <= 1.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HK Exif Tags", "slug": "hk-exif-tags", "affected_versions": { "* - 1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/835cbcfa-bb8d-4b46-9316-500e1b47cfb5?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "835db0c0-f3c9-4acd-aee8-bf7b52447ac9": { "id": "835db0c0-f3c9-4acd-aee8-bf7b52447ac9", "title": "WP Facethumb <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-FaceThumb", "slug": "wp-facethumb", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/835db0c0-f3c9-4acd-aee8-bf7b52447ac9?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "835f553b-9c43-47f2-aecf-61c9397e6b5b": { "id": "835f553b-9c43-47f2-aecf-61c9397e6b5b", "title": "Photo Gallery <= 1.5.74 - Stored Cross-Site Scripting via Uploaded SVG", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.75)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.75", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.75" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/835f553b-9c43-47f2-aecf-61c9397e6b5b?source=api-scan" ], "published": "2021-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "835f6efd-636e-411f-97a1-fa14b9a629b3": { "id": "835f6efd-636e-411f-97a1-fa14b9a629b3", "title": "Quick Event Manager <= 9.7.4 - Unauthenticated Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Quick Event Manager", "slug": "quick-event-manager", "affected_versions": { "* - 9.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/835f6efd-636e-411f-97a1-fa14b9a629b3?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83603d33-b616-4332-aa05-b8ac61424614": { "id": "83603d33-b616-4332-aa05-b8ac61424614", "title": "InventoryPress <= 1.7 - Authenticated(Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "InventoryPress", "slug": "inventorypress", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83603d33-b616-4332-aa05-b8ac61424614?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83660c88-1115-450d-88b0-29d62319dac7": { "id": "83660c88-1115-450d-88b0-29d62319dac7", "title": "Advanced post slider <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced post slider", "slug": "advanced-post-slider", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83660c88-1115-450d-88b0-29d62319dac7?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8369d83a-bfbf-4e29-8b0b-ceb371a271b6": { "id": "8369d83a-bfbf-4e29-8b0b-ceb371a271b6", "title": "WP-Footnotes <= 2.2 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Footnotes", "slug": "wp-footnotes", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8369d83a-bfbf-4e29-8b0b-ceb371a271b6?source=api-scan" ], "published": "2008-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "836bac94-fd74-4ef9-a79b-4ea13de8f44f": { "id": "836bac94-fd74-4ef9-a79b-4ea13de8f44f", "title": "W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/836bac94-fd74-4ef9-a79b-4ea13de8f44f?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "836e3ca0-9f41-4ab2-a9bf-64a593f37c8a": { "id": "836e3ca0-9f41-4ab2-a9bf-64a593f37c8a", "title": "WP Keyword link <= 1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-keyword-link", "slug": "wp-keyword-link", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/836e3ca0-9f41-4ab2-a9bf-64a593f37c8a?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8376556e-ed78-4a0e-a23f-9b2a39db94d9": { "id": "8376556e-ed78-4a0e-a23f-9b2a39db94d9", "title": "Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Photo Video Gallery Master", "slug": "photo-video-gallery-master", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8376556e-ed78-4a0e-a23f-9b2a39db94d9?source=api-scan" ], "published": "2024-06-18 14:35:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "837e596e-a4a7-4fcf-a761-aed35a789770": { "id": "837e596e-a4a7-4fcf-a761-aed35a789770", "title": "WP-Reply Notify <= 1.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP-Reply Notify", "slug": "wp-reply-notify", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/837e596e-a4a7-4fcf-a761-aed35a789770?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "837eea49-0b2c-46b4-a325-526d7c143fdc": { "id": "837eea49-0b2c-46b4-a325-526d7c143fdc", "title": "Easy WP SMTP <= 1.4.2 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Easy WP SMTP \u2013 WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more", "slug": "easy-wp-smtp", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/837eea49-0b2c-46b4-a325-526d7c143fdc?source=api-scan" ], "published": "2020-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83804c2a-2c4a-4f69-b833-dcd53ddab94d": { "id": "83804c2a-2c4a-4f69-b833-dcd53ddab94d", "title": "WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 10.5": { "from_version": "*", "from_inclusive": true, "to_version": "10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83804c2a-2c4a-4f69-b833-dcd53ddab94d?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "838bfa4c-2eb7-4f76-a6c3-ab4684f3913c": { "id": "838bfa4c-2eb7-4f76-a6c3-ab4684f3913c", "title": "Aggregator Advanced Settings <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Aggregator Advanced Settings", "slug": "aggregator-advanced-settings", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/838bfa4c-2eb7-4f76-a6c3-ab4684f3913c?source=api-scan" ], "published": "2024-10-03 13:31:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "838ccf02-2b01-42f8-b5bf-6fafbb2db673": { "id": "838ccf02-2b01-42f8-b5bf-6fafbb2db673", "title": "Simple Job Board <= 2.9.6 - Information Disclosure", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/838ccf02-2b01-42f8-b5bf-6fafbb2db673?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8390ab61-197a-4eb7-a589-47bf46a0e123": { "id": "8390ab61-197a-4eb7-a589-47bf46a0e123", "title": "Simple Giveaways <= 2.46 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests", "slug": "giveasap", "affected_versions": { "* - 2.46": { "from_version": "*", "from_inclusive": true, "to_version": "2.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.46.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8390ab61-197a-4eb7-a589-47bf46a0e123?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8395e0c4-3feb-4551-9f2f-7b80cd187eca": { "id": "8395e0c4-3feb-4551-9f2f-7b80cd187eca", "title": "Website Contact Form With File Upload <= 1.3.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Website Contact Form With File Upload", "slug": "website-contact-form-with-file-upload", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8395e0c4-3feb-4551-9f2f-7b80cd187eca?source=api-scan" ], "published": "2015-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "839957ea-5186-4cce-971d-57eed84639d5": { "id": "839957ea-5186-4cce-971d-57eed84639d5", "title": "Simple Membership <= 3.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "[*, 3.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/839957ea-5186-4cce-971d-57eed84639d5?source=api-scan" ], "published": "2019-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "839a0cc0-a656-4107-a748-4ad85e950237": { "id": "839a0cc0-a656-4107-a748-4ad85e950237", "title": "JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/839a0cc0-a656-4107-a748-4ad85e950237?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "839b68e6-0462-4f88-ac13-ed4b69887d6b": { "id": "839b68e6-0462-4f88-ac13-ed4b69887d6b", "title": "Tutor LMS <= 2.7.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/839b68e6-0462-4f88-ac13-ed4b69887d6b?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "839ecd06-9c74-4ddc-b455-26ec3e627889": { "id": "839ecd06-9c74-4ddc-b455-26ec3e627889", "title": "OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes", "software": [ { "type": "plugin", "name": "OSM \u2013 OpenStreetMap", "slug": "osm", "affected_versions": { "* - 6.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/839ecd06-9c74-4ddc-b455-26ec3e627889?source=api-scan" ], "published": "2024-09-26 18:40:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83a0150d-a9fa-4cc2-8fe8-a429747a9964": { "id": "83a0150d-a9fa-4cc2-8fe8-a429747a9964", "title": "Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid\/Slider Widget", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.980": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.980", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.981" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83a0150d-a9fa-4cc2-8fe8-a429747a9964?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83a35d16-526d-4e45-b2cf-a6858b2b2f21": { "id": "83a35d16-526d-4e45-b2cf-a6858b2b2f21", "title": "Header Footer Code Manager Pro <= 1.0.16 - Reflected Cross-Site Scripting via message", "software": [ { "type": "plugin", "name": "Header Footer Code Manager Pro", "slug": "99robots-header-footer-code-manager-pro", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83a35d16-526d-4e45-b2cf-a6858b2b2f21?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83a3ed21-bfef-4aef-a32d-5af5be23a067": { "id": "83a3ed21-bfef-4aef-a32d-5af5be23a067", "title": "WpTravelly <= 1.7.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTravelly", "slug": "tour-booking-manager", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83a3ed21-bfef-4aef-a32d-5af5be23a067?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83a3f61c-2385-456f-bca3-6d3f3ffd9694": { "id": "83a3f61c-2385-456f-bca3-6d3f3ffd9694", "title": "MultiParcels Shipping For WooCommerce <= 1.15.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MultiParcels Shipping For WooCommerce", "slug": "multiparcels-shipping-for-woocommerce", "affected_versions": { "* - 1.15.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83a3f61c-2385-456f-bca3-6d3f3ffd9694?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83a595b7-379c-4202-abdd-d8ba4a30c6a4": { "id": "83a595b7-379c-4202-abdd-d8ba4a30c6a4", "title": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio", "slug": "play-ht", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83a595b7-379c-4202-abdd-d8ba4a30c6a4?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83a81b1c-40cf-43ea-a36d-eaf342e65fc2": { "id": "83a81b1c-40cf-43ea-a36d-eaf342e65fc2", "title": "Sensei Pro (WC Paid Courses) <= 4.23.1.1.23.1 - Authenticated (Student+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sensei Pro (WC Paid Courses)", "slug": "woothemes-sensei", "affected_versions": { "* - 4.23.1.1.23.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.1.1.23.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.0.1.24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83a81b1c-40cf-43ea-a36d-eaf342e65fc2?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83ac0dfc-88cd-48f0-9914-2258d5dfe834": { "id": "83ac0dfc-88cd-48f0-9914-2258d5dfe834", "title": "Upfrontwp <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Upfrontwp", "slug": "upfrontwp", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83ac0dfc-88cd-48f0-9914-2258d5dfe834?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83ad7ab2-4257-4aac-9388-bfcbc2938984": { "id": "83ad7ab2-4257-4aac-9388-bfcbc2938984", "title": "Adminimize < 1.7.22 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Adminimize", "slug": "adminimize", "affected_versions": { "[*, 1.7.22)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83ad7ab2-4257-4aac-9388-bfcbc2938984?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83b0534e-1b8d-46a8-9698-e7ca73e5ab57": { "id": "83b0534e-1b8d-46a8-9698-e7ca73e5ab57", "title": "All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "All-in-One Video Gallery", "slug": "all-in-one-video-gallery", "affected_versions": { "2.5.8 - 2.6.0": { "from_version": "2.5.8", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83b062c8-4884-4ffa-89e6-71140c99e422": { "id": "83b062c8-4884-4ffa-89e6-71140c99e422", "title": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - SQL Injection", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "mapsmarker", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83b062c8-4884-4ffa-89e6-71140c99e422?source=api-scan" ], "published": "2012-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83b1740c-6392-4b52-82e0-377201aa61ac": { "id": "83b1740c-6392-4b52-82e0-377201aa61ac", "title": "Search Unleashed <= 0.2.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Search Unleashed", "slug": "search-unleashed", "affected_versions": { "* - 0.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83b1740c-6392-4b52-82e0-377201aa61ac?source=api-scan" ], "published": "2008-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83b48cfc-04e7-4929-8da2-cf6beee6d88e": { "id": "83b48cfc-04e7-4929-8da2-cf6beee6d88e", "title": "CopyRightPro <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CopyRightPro", "slug": "copyrightpro", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83b48cfc-04e7-4929-8da2-cf6beee6d88e?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83b91ce9-a060-47db-8120-bbed45889f9f": { "id": "83b91ce9-a060-47db-8120-bbed45889f9f", "title": "Cooked \u2013 Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Template Reset", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.7.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83b91ce9-a060-47db-8120-bbed45889f9f?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83bd221e-7d01-4cba-8577-ce0a69e4a75c": { "id": "83bd221e-7d01-4cba-8577-ce0a69e4a75c", "title": "WPsc MijnPress <= 0.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPsc MijnPress", "slug": "wpsc-mijnpress", "affected_versions": { "* - 0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83bd221e-7d01-4cba-8577-ce0a69e4a75c?source=api-scan" ], "published": "2012-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83c0e096-f054-4367-a85f-582c0771e3fe": { "id": "83c0e096-f054-4367-a85f-582c0771e3fe", "title": "Becustom <= 1.0.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Becustom", "slug": "becustom", "affected_versions": { "* - 1.0.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83c0e096-f054-4367-a85f-582c0771e3fe?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83cb1333-3c74-426d-9838-a5cb90be29b2": { "id": "83cb1333-3c74-426d-9838-a5cb90be29b2", "title": "wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) HTML Injection", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83cb1333-3c74-426d-9838-a5cb90be29b2?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83d162f9-32a9-4d03-845e-6fc9b8574fb5": { "id": "83d162f9-32a9-4d03-845e-6fc9b8574fb5", "title": "Darcie <= 1.1.5 - Reflected Cross-Site Scripting via JS split", "software": [ { "type": "theme", "name": "Darcie", "slug": "darcie", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83d162f9-32a9-4d03-845e-6fc9b8574fb5?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83d46dce-b218-49ed-85ee-0e8d2a391eb9": { "id": "83d46dce-b218-49ed-85ee-0e8d2a391eb9", "title": "Contact Form Entries \u2013 Contact Form 7, WPforms and more <= 1.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83d46dce-b218-49ed-85ee-0e8d2a391eb9?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83d4f114-c113-4c66-be74-2d438aa00502": { "id": "83d4f114-c113-4c66-be74-2d438aa00502", "title": "WP125 <= 1.4.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP125", "slug": "wp125", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83d4f114-c113-4c66-be74-2d438aa00502?source=api-scan" ], "published": "2013-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83d63545-00f3-411b-9d4a-6837759bc3af": { "id": "83d63545-00f3-411b-9d4a-6837759bc3af", "title": "Better Author Bio <= 2.7.10.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Author Bio", "slug": "better-author-bio", "affected_versions": { "* - 2.7.10.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.10.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83d63545-00f3-411b-9d4a-6837759bc3af?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83d78ff7-bd59-431e-b579-156e23ede053": { "id": "83d78ff7-bd59-431e-b579-156e23ede053", "title": "Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Envo Extra", "slug": "envo-extra", "affected_versions": { "* - 1.8.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83d78ff7-bd59-431e-b579-156e23ede053?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83d935fc-7d7b-4c25-97f8-d3fe35307c7a": { "id": "83d935fc-7d7b-4c25-97f8-d3fe35307c7a", "title": "Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont", "software": [ { "type": "plugin", "name": "Snow Monkey Forms", "slug": "snow-monkey-forms", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83d935fc-7d7b-4c25-97f8-d3fe35307c7a?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83e396c3-e843-4337-bf90-894d9d7de2a8": { "id": "83e396c3-e843-4337-bf90-894d9d7de2a8", "title": "Web-Stat <= 1.4.0 - API Key Disclosure", "software": [ { "type": "plugin", "name": "Web-Stat Analytics \u2013 Free Real-Time Web Analytics", "slug": "web-stat", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83e396c3-e843-4337-bf90-894d9d7de2a8?source=api-scan" ], "published": "2021-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83e53dc4-84fe-4835-aaea-b72dfe8f7475": { "id": "83e53dc4-84fe-4835-aaea-b72dfe8f7475", "title": "Contact Form 7 Database Addon <= 1.2.5.4 - CSV Injection", "software": [ { "type": "plugin", "name": "Contact Form 7 Database Addon \u2013 CFDB7", "slug": "contact-form-cfdb7", "affected_versions": { "[*, 1.2.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83e53dc4-84fe-4835-aaea-b72dfe8f7475?source=api-scan" ], "published": "2021-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83e5a0dc-fc51-4565-945f-190cf9175874": { "id": "83e5a0dc-fc51-4565-945f-190cf9175874", "title": "PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode", "software": [ { "type": "plugin", "name": "PHP to Page", "slug": "php-to-page", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83e5a0dc-fc51-4565-945f-190cf9175874?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83ea2ec3-5d5b-44ea-83e6-41c4fa6e2e5f": { "id": "83ea2ec3-5d5b-44ea-83e6-41c4fa6e2e5f", "title": "Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.971": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.971", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.972" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83ea2ec3-5d5b-44ea-83e6-41c4fa6e2e5f?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83ec5fa5-2fd9-4c7d-a2f1-de885746d2d3": { "id": "83ec5fa5-2fd9-4c7d-a2f1-de885746d2d3", "title": "WordPress Core <= 2.0.4 - Directory Traversal", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83ec5fa5-2fd9-4c7d-a2f1-de885746d2d3?source=api-scan" ], "published": "2006-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83f6bdda-e489-4e85-b510-7bfaa2329609": { "id": "83f6bdda-e489-4e85-b510-7bfaa2329609", "title": "Page Generator <= 1.6.5 - Cross-Site Request Forgery to Arbitrary Keywords Deletion\/Duplication", "software": [ { "type": "plugin", "name": "Page Generator", "slug": "page-generator", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83f6bdda-e489-4e85-b510-7bfaa2329609?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83f8adea-4735-4c72-b274-58e813cab6ab": { "id": "83f8adea-4735-4c72-b274-58e813cab6ab", "title": "WordPress Core <= 4.5.3 - Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83f8adea-4735-4c72-b274-58e813cab6ab?source=api-scan" ], "published": "2016-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "83fd4f00-e8a8-4a33-af6b-20ff539fbfeb": { "id": "83fd4f00-e8a8-4a33-af6b-20ff539fbfeb", "title": "MoneyTheme (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "MoneyTheme", "slug": "moneytheme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/83fd4f00-e8a8-4a33-af6b-20ff539fbfeb?source=api-scan" ], "published": "2013-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84003388-c47c-41db-8d2d-4643aa375a89": { "id": "84003388-c47c-41db-8d2d-4643aa375a89", "title": "Appsero <= 1.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "PT Addons for Elementor Lite", "slug": "pt-elementor-addons-lite", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters", "slug": "subscribe2", "affected_versions": { "* - 10.37": { "from_version": "*", "from_inclusive": true, "to_version": "10.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.38" ] }, { "type": "plugin", "name": "wePOS \u2013 Point Of Sale (POS) for WooCommerce", "slug": "wepos", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "plugin", "name": "Easy Video Reviews \u2013 Video Testimonial Plugin for WordPress & WooCommerce with Texts Reviews, Review Widget, Testimonial Grid & Social Proof", "slug": "easy-video-reviews", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Worth The Read", "slug": "worth-the-read", "affected_versions": { "* - 1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.1" ] }, { "type": "plugin", "name": "Woostify Sites Library", "slug": "woostify-sites-library", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "plugin", "name": "Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration \u2013 FlexTable", "slug": "sheets-to-wp-table-live-sync", "affected_versions": { "* - 2.12.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.15" ] }, { "type": "plugin", "name": "Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget", "slug": "post-grid-carousel-ultimate", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] }, { "type": "plugin", "name": "Wp Edit Password Protected \u2013 Create Member\/User Only Page & Design Password Protected Form", "slug": "wp-edit-password-protected", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Product Carousel Slider & Grid Ultimate for WooCommerce", "slug": "woo-product-carousel-slider-and-grid-ultimate", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] }, { "type": "plugin", "name": "Product Gallery Slider, Additional Variation Images for WooCommerce", "slug": "woo-product-gallery-slider", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] }, { "type": "plugin", "name": "WP Markdown Editor (Formerly Dark Mode)", "slug": "dark-mode", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] }, { "type": "plugin", "name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts", "slug": "wedevs-project-manager", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Dashboard Welcome for Elementor", "slug": "dashboard-welcome-for-elementor", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "plugin", "name": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing", "slug": "wp-dark-mode", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] }, { "type": "plugin", "name": "Fuse Social Floating Sidebar", "slug": "fuse-social-floating-sidebar", "affected_versions": { "* - 5.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.7" ] }, { "type": "plugin", "name": "Stylish Cost Calculator \u2013 Quote Generator, Lead Gen & Price Estimator", "slug": "stylish-cost-calculator", "affected_versions": { "* - 7.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.7" ] }, { "type": "plugin", "name": "Slider, Gallery, and Carousel by MetaSlider \u2013 Image Sliders, Video Sliders", "slug": "ml-slider", "affected_versions": { "* - 3.28.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.28.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.28.1" ] }, { "type": "plugin", "name": "Product Category Slider for WooCommerce", "slug": "woo-category-slider-by-pluginever", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] }, { "type": "plugin", "name": "Webinar and Video Conference with Jitsi Meet \u2013 Create Branded Webinars for WordPress, Meetings & Livestreaming", "slug": "webinar-and-video-conference-with-jitsi-meet", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "W4 Post List", "slug": "w4-post-list", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] }, { "type": "plugin", "name": "weMail \u2013 Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A\/B Testing, and Automation", "slug": "wemail", "affected_versions": { "* - 1.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.2" ] }, { "type": "plugin", "name": "BuddyPress Builder for Elementor \u2013 BuddyBuilder", "slug": "stax-buddy-builder", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] }, { "type": "plugin", "name": "Legal Pages \u2013 Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator", "slug": "legal-pages", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] }, { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.6" ] }, { "type": "plugin", "name": "WooCommerce Conversion Tracking", "slug": "woocommerce-conversion-tracking", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] }, { "type": "plugin", "name": "A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials", "slug": "gs-testimonial", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] }, { "type": "plugin", "name": "Increase Maximum Upload File Size | Increase Execution Time", "slug": "wp-maximum-upload-file-size", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "weDocs \u2013 Knowledgebase, Documentation, and Wiki Plugin for WP", "slug": "wedocs", "affected_versions": { "1.6 - 1.7.5": { "from_version": "1.6", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] }, { "type": "plugin", "name": "Bangladeshi Payment Gateways \u2013 Make Payment Using QR Code", "slug": "bangladeshi-payment-gateways", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] }, { "type": "plugin", "name": "Texty \u2013 SMS Notification for WordPress, WooCommerce, Dokan and more", "slug": "texty", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] }, { "type": "plugin", "name": "Visibility Logic for Elementor", "slug": "visibility-logic-elementor", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] }, { "type": "plugin", "name": "Challan \u2013 PDF Invoice & Packing Slip for WooCommerce", "slug": "webappick-pdf-invoice-for-woocommerce", "affected_versions": { "* - 3.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.9" ] }, { "type": "plugin", "name": "Darklup \u2013 Enhanced WordPress Dark Mode, Dark Theme, Night Mode Plugin", "slug": "darklup-lite-wp-dark-mode", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] }, { "type": "plugin", "name": "Exclusive Team for Elementor", "slug": "exclusive-team-for-elementor", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Click to top", "slug": "click-to-top", "affected_versions": { "* - 1.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.20" ] }, { "type": "plugin", "name": "Update Image Tag Alt Attribute", "slug": "update-alt-attribute", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Magical Posts Display \u2013 Elementor Advanced Posts widgets", "slug": "magical-posts-display", "affected_versions": { "* - 1.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.16" ] }, { "type": "plugin", "name": "WordPress Pinterest Plugin \u2013 Make a Popup, User Profile, Masonry and Gallery Layout", "slug": "gs-pinterest-portfolio", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] }, { "type": "plugin", "name": "WP Mail Logging", "slug": "wp-mail-logging", "affected_versions": { "1.10.5": { "from_version": "1.10.5", "from_inclusive": true, "to_version": "1.10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.0" ] }, { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.2" ] }, { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] }, { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] }, { "type": "plugin", "name": "Boostify Header Footer Builder for Elementor", "slug": "boostify-header-footer-builder", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] }, { "type": "plugin", "name": "Elementor Addons, Widgets and Enhancements \u2013 Stax", "slug": "stax-addons-for-elementor", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "plugin", "name": "WP CTA \u2013 Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin", "slug": "easy-sticky-sidebar", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] }, { "type": "plugin", "name": "Gallery Box", "slug": "gallery-box", "affected_versions": { "* - 1.7.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.31" ] }, { "type": "plugin", "name": "Unlimited Elementor Inner Sections By BoomDevs", "slug": "unlimited-elementor-inner-sections-by-boomdevs", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] }, { "type": "plugin", "name": "Wiremo \u2013 Product Reviews for WooCommerce", "slug": "woo-reviews-by-wiremo", "affected_versions": { "* - 1.4.96": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.97" ] }, { "type": "plugin", "name": "Cart Lift \u2013 Abandoned Cart Recovery for WooCommerce and EDD", "slug": "cart-lift", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] }, { "type": "plugin", "name": "Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels", "slug": "wpfunnels", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] }, { "type": "plugin", "name": "Product Category Showcase for WooCommerce", "slug": "wc-category-showcase", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84003388-c47c-41db-8d2d-4643aa375a89?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84019c69-32fd-4331-95d7-53ea1aaff616": { "id": "84019c69-32fd-4331-95d7-53ea1aaff616", "title": "MainWP Child \u2013 Securely connects sites to the MainWP WordPress Manager Dashboard < 2.0.9.2 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MainWP Child \u2013 Securely Connects to the MainWP Dashboard to Manage Multiple Sites", "slug": "mainwp-child", "affected_versions": { "[*, 2.0.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84019c69-32fd-4331-95d7-53ea1aaff616?source=api-scan" ], "published": "2015-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8407b678-76c5-4232-b17e-8db05f9e7b12": { "id": "8407b678-76c5-4232-b17e-8db05f9e7b12", "title": "If-So Dynamic Content Personalization <= 1.6.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "If-So Dynamic Content Personalization", "slug": "if-so", "affected_versions": { "* - 1.6.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8407b678-76c5-4232-b17e-8db05f9e7b12?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "840dd4a9-103a-4ff9-ba26-3bf5b6e831a1": { "id": "840dd4a9-103a-4ff9-ba26-3bf5b6e831a1", "title": "Stratum \u2013 Elementor Widgets <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "software": [ { "type": "plugin", "name": "Stratum \u2013 Elementor Widgets", "slug": "stratum", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/840dd4a9-103a-4ff9-ba26-3bf5b6e831a1?source=api-scan" ], "published": "2024-06-14 21:36:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "840e9a50-ce53-4b9a-b6ae-c5016e11373b": { "id": "840e9a50-ce53-4b9a-b6ae-c5016e11373b", "title": "WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder", "slug": "wp-maintenance-mode", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/840e9a50-ce53-4b9a-b6ae-c5016e11373b?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84141197-b6a7-44fa-8058-e9f192d1d56f": { "id": "84141197-b6a7-44fa-8058-e9f192d1d56f", "title": "Droip <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Settings Change", "software": [ { "type": "plugin", "name": "Droip", "slug": "droip", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84141197-b6a7-44fa-8058-e9f192d1d56f?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84227fd2-c322-45e3-82cd-70e1d870eceb": { "id": "84227fd2-c322-45e3-82cd-70e1d870eceb", "title": "W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84227fd2-c322-45e3-82cd-70e1d870eceb?source=api-scan" ], "published": "2014-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84262b4a-a662-4aaf-9eae-f5cca8f6cd06": { "id": "84262b4a-a662-4aaf-9eae-f5cca8f6cd06", "title": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.6.7.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84262b4a-a662-4aaf-9eae-f5cca8f6cd06?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8429148b-e28e-4bb3-bd18-390216b74dc4": { "id": "8429148b-e28e-4bb3-bd18-390216b74dc4", "title": "Request for Quote < 1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Request For Quote", "slug": "wpheka-request-for-quote", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8429148b-e28e-4bb3-bd18-390216b74dc4?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84366708-9dcc-4f34-b1b5-7d956e3801af": { "id": "84366708-9dcc-4f34-b1b5-7d956e3801af", "title": "Tagregator <= 0.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tagregator", "slug": "tagregator", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84366708-9dcc-4f34-b1b5-7d956e3801af?source=api-scan" ], "published": "2018-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8436ba39-b236-4d76-95b6-d2bed3728d8a": { "id": "8436ba39-b236-4d76-95b6-d2bed3728d8a", "title": "Wholesale Market for WooCommerce < 2.0.0 - Authenticated (Administrator+) Arbitrary Log File Download", "software": [ { "type": "plugin", "name": "Wholesale Market for WooCommerce", "slug": "wholesale-market-for-woocommerce", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8436ba39-b236-4d76-95b6-d2bed3728d8a?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8437abcc-3e34-4a8a-bfe2-2ff7c9f41164": { "id": "8437abcc-3e34-4a8a-bfe2-2ff7c9f41164", "title": "Slider Revolution <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8437abcc-3e34-4a8a-bfe2-2ff7c9f41164?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "843822f0-dd4c-4ae6-823d-96dd7a59df8e": { "id": "843822f0-dd4c-4ae6-823d-96dd7a59df8e", "title": "WP Booking System Free version < 1.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Booking System \u2013 Booking Calendar", "slug": "wp-booking-system", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/843822f0-dd4c-4ae6-823d-96dd7a59df8e?source=api-scan" ], "published": "2019-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8438ea46-9ac1-4ef5-a436-e438c35a4321": { "id": "8438ea46-9ac1-4ef5-a436-e438c35a4321", "title": "Baidu Tongji generator <= 1.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Baidu Tongji generator", "slug": "baidu-tongji-generator", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8438ea46-9ac1-4ef5-a436-e438c35a4321?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "843ef712-6ca6-44d2-825f-7ce9a82d74e6": { "id": "843ef712-6ca6-44d2-825f-7ce9a82d74e6", "title": "Duplicator \u2013 WordPress Migration Plugin <= 1.4.7 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/843ef712-6ca6-44d2-825f-7ce9a82d74e6?source=api-scan" ], "published": "2022-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8445aed7-107c-4627-9390-b4b5eb402b11": { "id": "8445aed7-107c-4627-9390-b4b5eb402b11", "title": "VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in listenTosFieldSavingTask function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8445aed7-107c-4627-9390-b4b5eb402b11?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8445f318-ef4e-45c5-be9b-6080833c3bb6": { "id": "8445f318-ef4e-45c5-be9b-6080833c3bb6", "title": "Hide My WP Ghost \u2013 Security & Firewall <= 5.2.01 - Login Page Disclosure", "software": [ { "type": "plugin", "name": "Hide My WP Ghost \u2013 Security & Firewall", "slug": "hide-my-wp", "affected_versions": { "* - 5.2.01": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8445f318-ef4e-45c5-be9b-6080833c3bb6?source=api-scan" ], "published": "2024-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "844c5012-f823-46ae-8de2-e2803b7cd063": { "id": "844c5012-f823-46ae-8de2-e2803b7cd063", "title": "Lightweight Sidebar Manager <= 1.1.4 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Lightweight Sidebar Manager", "slug": "sidebar-manager", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/844c5012-f823-46ae-8de2-e2803b7cd063?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84520916-3c9e-4b01-918f-d1fc86eb5e0b": { "id": "84520916-3c9e-4b01-918f-d1fc86eb5e0b", "title": "WP Google Maps <= 8.1.12 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "[*, 8.1.13)": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84520916-3c9e-4b01-918f-d1fc86eb5e0b?source=api-scan" ], "published": "2021-09-08 10:12:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8457c5e1-9c31-4a1a-a221-36647753a877": { "id": "8457c5e1-9c31-4a1a-a221-36647753a877", "title": "BuddyPress <= 5.1.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8457c5e1-9c31-4a1a-a221-36647753a877?source=api-scan" ], "published": "2020-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8459c436-0c4d-40e6-a30d-94b8ac50df83": { "id": "8459c436-0c4d-40e6-a30d-94b8ac50df83", "title": "WooCommerce Custom Registration Form <= 1.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Custom Registration Form", "slug": "fma-additional-registration-attributes", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8459c436-0c4d-40e6-a30d-94b8ac50df83?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "845cea77-ea74-4459-817b-cfbdb877b75a": { "id": "845cea77-ea74-4459-817b-cfbdb877b75a", "title": "OSM \u2013 OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "OSM \u2013 OpenStreetMap", "slug": "osm", "affected_versions": { "* - 6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/845cea77-ea74-4459-817b-cfbdb877b75a?source=api-scan" ], "published": "2024-07-08 20:10:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "845e476a-cc0a-4ee1-853d-bb5b7b081e04": { "id": "845e476a-cc0a-4ee1-853d-bb5b7b081e04", "title": "Extra Product Options for WooCommerce <= 3.0.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Extra Product Options for WooCommerce", "slug": "extra-product-options-for-woocommerce", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/845e476a-cc0a-4ee1-853d-bb5b7b081e04?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "845fbf0f-c7c4-483e-b671-1a703d857792": { "id": "845fbf0f-c7c4-483e-b671-1a703d857792", "title": "WPB Show Core <= 2.2 - Unauthenticated Local File Inlclusion", "software": [ { "type": "plugin", "name": "WPB Show Core", "slug": "wpb-show-core", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/845fbf0f-c7c4-483e-b671-1a703d857792?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8464a63f-db39-4a2c-b408-d7fd7539d6dc": { "id": "8464a63f-db39-4a2c-b408-d7fd7539d6dc", "title": "Radio Station by netmix\u00ae \u2013 Manage and play your Show Schedule in WordPress! <= 2.5.7 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Radio Station by netmix\u00ae \u2013 Manage and play your Show Schedule in WordPress!", "slug": "radio-station", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8464a63f-db39-4a2c-b408-d7fd7539d6dc?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84683caa-8bc7-4adf-ad64-249f988047bf": { "id": "84683caa-8bc7-4adf-ad64-249f988047bf", "title": "Mobile Events Manager <= 1.4.7 - Authenticated (Administrator+) CSV Injection", "software": [ { "type": "plugin", "name": "Mobile Events Manager", "slug": "mobile-events-manager", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84683caa-8bc7-4adf-ad64-249f988047bf?source=api-scan" ], "published": "2022-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "846bd929-45cd-4e91-b232-ae16dd2b12a0": { "id": "846bd929-45cd-4e91-b232-ae16dd2b12a0", "title": "AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9.2": { "from_version": "4.9.2", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.1", "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8472cdbe-89a8-49ac-ab7e-065ebf717692": { "id": "8472cdbe-89a8-49ac-ab7e-065ebf717692", "title": "Yellow Yard Searchbar <= 2.7.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Yellow Yard Searchbar", "slug": "yellow-yard", "affected_versions": { "* - 2.7.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8472cdbe-89a8-49ac-ab7e-065ebf717692?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8479d002-f2c1-4456-a653-2469c6705718": { "id": "8479d002-f2c1-4456-a653-2469c6705718", "title": "Xpro Elementor Addons <= 1.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "140+ Widgets | Xpro Addons For Elementor \u2013 FREE", "slug": "xpro-elementor-addons", "affected_versions": { "* - 1.4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8479d002-f2c1-4456-a653-2469c6705718?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "847f1c00-0e8f-4d38-84af-fe959e2efe5c": { "id": "847f1c00-0e8f-4d38-84af-fe959e2efe5c", "title": "WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search'", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/847f1c00-0e8f-4d38-84af-fe959e2efe5c?source=api-scan" ], "published": "2023-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8483196e-f476-41e5-a988-bcd8a9952a64": { "id": "8483196e-f476-41e5-a988-bcd8a9952a64", "title": "User Activity Log <= 1.6.2 - Unauthenticated SQL Injection via username", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8483196e-f476-41e5-a988-bcd8a9952a64?source=api-scan" ], "published": "2023-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84888ea6-122d-4480-8262-d87c33113bd7": { "id": "84888ea6-122d-4480-8262-d87c33113bd7", "title": "EELV Newsletter <= 4.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "EELV Newsletter", "slug": "eelv-newsletter", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84888ea6-122d-4480-8262-d87c33113bd7?source=api-scan" ], "published": "2017-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "848cfa72-4211-4576-91c2-4f643e3161c3": { "id": "848cfa72-4211-4576-91c2-4f643e3161c3", "title": "Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 6.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/848cfa72-4211-4576-91c2-4f643e3161c3?source=api-scan" ], "published": "2024-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "848f36de-c62a-45ee-b259-46dab73e4439": { "id": "848f36de-c62a-45ee-b259-46dab73e4439", "title": "ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "ArtiBot Free Chat Bot for WebSites", "slug": "artibot", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/848f36de-c62a-45ee-b259-46dab73e4439?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "848f3b21-fb44-45c4-944e-7c4c62448ffc": { "id": "848f3b21-fb44-45c4-944e-7c4c62448ffc", "title": "L4 Shopping Cart Plugin < 8.1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Level Four Store Front", "slug": "levelfourstorefront", "affected_versions": { "* - 8.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/848f3b21-fb44-45c4-944e-7c4c62448ffc?source=api-scan" ], "published": "2013-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8494a0f6-7079-4fba-9901-76932b002c5a": { "id": "8494a0f6-7079-4fba-9901-76932b002c5a", "title": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8494a0f6-7079-4fba-9901-76932b002c5a?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "849d0d4a-bc4c-4a45-a2db-0ad12ddcf5e4": { "id": "849d0d4a-bc4c-4a45-a2db-0ad12ddcf5e4", "title": "StudioZen Theme (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Studio Zen | Photography Theme for WordPress", "slug": "studiozen", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/849d0d4a-bc4c-4a45-a2db-0ad12ddcf5e4?source=api-scan" ], "published": "2013-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "849e8ac6-73a8-4236-8c01-b341a2de3775": { "id": "849e8ac6-73a8-4236-8c01-b341a2de3775", "title": "IMDB Info Box <= 2.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IMDB Info Box", "slug": "imdb-info-box", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/849e8ac6-73a8-4236-8c01-b341a2de3775?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84b45b34-c74c-4b56-bcb0-c905a9a44969": { "id": "84b45b34-c74c-4b56-bcb0-c905a9a44969", "title": "UnGallery <= 2.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UnGallery", "slug": "ungallery", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84b45b34-c74c-4b56-bcb0-c905a9a44969?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84b609a5-d3d6-4a30-b55e-7f7972c64ccb": { "id": "84b609a5-d3d6-4a30-b55e-7f7972c64ccb", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84b609a5-d3d6-4a30-b55e-7f7972c64ccb?source=api-scan" ], "published": "2022-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84b616fa-ff64-49e8-8c4a-7d7bfdf758be": { "id": "84b616fa-ff64-49e8-8c4a-7d7bfdf758be", "title": "Jeg Elementor Kit <= 2.5.6 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84b616fa-ff64-49e8-8c4a-7d7bfdf758be?source=api-scan" ], "published": "2022-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84b6f093-afd4-401f-ba82-d5be10b0fff8": { "id": "84b6f093-afd4-401f-ba82-d5be10b0fff8", "title": "AI Twitter Feeds (Twitter widget & shortcode) <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI Twitter Feeds (Twitter widget & shortcode)", "slug": "ai-twitter-feeds", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84b6f093-afd4-401f-ba82-d5be10b0fff8?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84b75f7d-7258-46f6-aee6-b96d70bee264": { "id": "84b75f7d-7258-46f6-aee6-b96d70bee264", "title": "Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Easy WP SMTP \u2013 WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more", "slug": "easy-wp-smtp", "affected_versions": { "[*, 1.3.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84b75f7d-7258-46f6-aee6-b96d70bee264?source=api-scan" ], "published": "2019-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84bc611c-c38a-4282-9a9b-5bb9157fb1de": { "id": "84bc611c-c38a-4282-9a9b-5bb9157fb1de", "title": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.80": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.80", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84bc611c-c38a-4282-9a9b-5bb9157fb1de?source=api-scan" ], "published": "2024-05-20 14:10:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84c4e3cc-1f7c-4ed9-9072-32f3e84419c9": { "id": "84c4e3cc-1f7c-4ed9-9072-32f3e84419c9", "title": "Booking Calendar \u2013 Event Calendar <= 1.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Booking Calendar \u2013 Event Calendar", "slug": "hbook", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84c4e3cc-1f7c-4ed9-9072-32f3e84419c9?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84c61d00-20c1-4176-a74d-ea6ff6220f26": { "id": "84c61d00-20c1-4176-a74d-ea6ff6220f26", "title": "Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84c74c68-619f-4372-8abe-36c1b8eca858": { "id": "84c74c68-619f-4372-8abe-36c1b8eca858", "title": "ColorNews <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "ColorNews", "slug": "colornews", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84c74c68-619f-4372-8abe-36c1b8eca858?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84c79b0e-01d2-4710-9a02-edceab8db22d": { "id": "84c79b0e-01d2-4710-9a02-edceab8db22d", "title": "Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options", "software": [ { "type": "plugin", "name": "Scriptless Social Sharing", "slug": "scriptless-social-sharing", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84c79b0e-01d2-4710-9a02-edceab8db22d?source=api-scan" ], "published": "2023-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84cb907c-bd6b-4031-96a1-8a6de71923e0": { "id": "84cb907c-bd6b-4031-96a1-8a6de71923e0", "title": "WPZOOM Portfolio <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WPZOOM Portfolio Lite \u2013 Filterable Portfolio Plugin", "slug": "wpzoom-portfolio", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84cb907c-bd6b-4031-96a1-8a6de71923e0?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84ce21b9-91ac-4990-8665-69a1461147ab": { "id": "84ce21b9-91ac-4990-8665-69a1461147ab", "title": "Flash & HTML5 Video <= 2.5.30 - Missing Authorization", "software": [ { "type": "plugin", "name": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block", "slug": "html5-video-player", "affected_versions": { "* - 2.5.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84ce21b9-91ac-4990-8665-69a1461147ab?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84d43356-274e-42d5-ac40-10a34effce8d": { "id": "84d43356-274e-42d5-ac40-10a34effce8d", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirectRule' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84d43356-274e-42d5-ac40-10a34effce8d?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84d55f24-c4de-4574-b0cc-cc1b4935d281": { "id": "84d55f24-c4de-4574-b0cc-cc1b4935d281", "title": "PropertyHive <= 2.0.6 - Missing Authorization via activate_pro_feature", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84d55f24-c4de-4574-b0cc-cc1b4935d281?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84ed666c-3154-4f26-beae-aba190f7a2f4": { "id": "84ed666c-3154-4f26-beae-aba190f7a2f4", "title": "Import Spreadsheets from Microsoft Excel <= 10.1.4 - Authenticated (Editor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Import Spreadsheets from Microsoft Excel", "slug": "import-spreadsheets-from-microsoft-excel", "affected_versions": { "* - 10.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "10.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84ed666c-3154-4f26-beae-aba190f7a2f4?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84ef0f21-74af-4cb7-bab6-47c25df0522e": { "id": "84ef0f21-74af-4cb7-bab6-47c25df0522e", "title": "Morning Coffee < 3.6 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Morning Coffee", "slug": "morning-coffee", "affected_versions": { "[*, 3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84ef0f21-74af-4cb7-bab6-47c25df0522e?source=api-scan" ], "published": "2011-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84f10360-3c8b-487e-9213-dbdf1e41cbe7": { "id": "84f10360-3c8b-487e-9213-dbdf1e41cbe7", "title": "Ecommerce - Two Factor Authentication <= 1.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ecommerce \u2013 Two Factor Authentication \u00a0", "slug": "ecommerce-two-factor-authentication", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84f10360-3c8b-487e-9213-dbdf1e41cbe7?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84f2afb4-f1c6-4313-8958-38f1b5140a67": { "id": "84f2afb4-f1c6-4313-8958-38f1b5140a67", "title": "Digits <= 8.4.1 - Cross-Site Request Forgery to Privilege Escalation", "software": [ { "type": "plugin", "name": "Digits: WordPress Mobile Number Signup and Login", "slug": "digits", "affected_versions": { "8.4.1": { "from_version": "8.4.1", "from_inclusive": true, "to_version": "8.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "84f57623-b6a6-4717-857d-93fa9d279882": { "id": "84f57623-b6a6-4717-857d-93fa9d279882", "title": "LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews <= 3.3.76 - Information Exposure", "software": [ { "type": "plugin", "name": "LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews", "slug": "wp-poll", "affected_versions": { "* - 3.3.76": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/84f57623-b6a6-4717-857d-93fa9d279882?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8500ac5b-44e6-47b9-ab16-e7636c3fea66": { "id": "8500ac5b-44e6-47b9-ab16-e7636c3fea66", "title": "GF Custom Style <= 2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "GF Custom Style", "slug": "gf-custom-style", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8500ac5b-44e6-47b9-ab16-e7636c3fea66?source=api-scan" ], "published": "2024-09-25 21:21:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85013657-51a6-4d7f-bb9a-aca52d8669bf": { "id": "85013657-51a6-4d7f-bb9a-aca52d8669bf", "title": "Prime Slider \u2013 Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85013657-51a6-4d7f-bb9a-aca52d8669bf?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "850f554f-abb5-4b9f-9b7b-67439abb1a31": { "id": "850f554f-abb5-4b9f-9b7b-67439abb1a31", "title": "School Management System \u2013 WPSchoolPress <= 2.1.16 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "School Management System \u2013 WPSchoolPress", "slug": "wpschoolpress", "affected_versions": { "[*, 2.1.17)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/850f554f-abb5-4b9f-9b7b-67439abb1a31?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85150a6f-b2f3-4b95-9c9b-78f50cb8468f": { "id": "85150a6f-b2f3-4b95-9c9b-78f50cb8468f", "title": "XO Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XO Slider", "slug": "xo-liteslider", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85150a6f-b2f3-4b95-9c9b-78f50cb8468f?source=api-scan" ], "published": "2022-06-14 13:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85198759-0b9c-4c8a-b650-ad268d0cb784": { "id": "85198759-0b9c-4c8a-b650-ad268d0cb784", "title": "GiveWP 2.4.0 - 2.9.7 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[2.4.0, 2.10.0)": { "from_version": "2.4.0", "from_inclusive": true, "to_version": "2.10.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85198759-0b9c-4c8a-b650-ad268d0cb784?source=api-scan" ], "published": "2021-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "851daaab-4509-4a1e-b0bb-f9eda2b801c6": { "id": "851daaab-4509-4a1e-b0bb-f9eda2b801c6", "title": "Malmonation (All Versions) - SQL Injection", "software": [ { "type": "theme", "name": "Malmonation", "slug": "malmonation", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/851daaab-4509-4a1e-b0bb-f9eda2b801c6?source=api-scan" ], "published": "2012-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "851ff861-474e-4063-88ff-d8d35b10e9a0": { "id": "851ff861-474e-4063-88ff-d8d35b10e9a0", "title": "BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/851ff861-474e-4063-88ff-d8d35b10e9a0?source=api-scan" ], "published": "2024-07-16 18:09:31", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85201c44-34a9-4995-a162-242dfe703934": { "id": "85201c44-34a9-4995-a162-242dfe703934", "title": "Cooked \u2013 Recipe Management <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85201c44-34a9-4995-a162-242dfe703934?source=api-scan" ], "published": "2024-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85216580-f19e-4e69-93d9-8593b8524cdc": { "id": "85216580-f19e-4e69-93d9-8593b8524cdc", "title": "Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated (Author+) Stored Cross-Site Scripting via Code Injection", "software": [ { "type": "plugin", "name": "Insert or Embed Articulate Content into WordPress", "slug": "insert-or-embed-articulate-content-into-wordpress", "affected_versions": { "* - 4.3000000023": { "from_version": "*", "from_inclusive": true, "to_version": "4.3000000023", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85216580-f19e-4e69-93d9-8593b8524cdc?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85277960-2bba-4cd7-9f4c-e04f6743b96c": { "id": "85277960-2bba-4cd7-9f4c-e04f6743b96c", "title": "Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Sassy Social Share", "slug": "sassy-social-share", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85277960-2bba-4cd7-9f4c-e04f6743b96c?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85290224-a051-4913-83c7-f54f2b67621e": { "id": "85290224-a051-4913-83c7-f54f2b67621e", "title": "Social Media Widget 4.0 - Spam Link Injection", "software": [ { "type": "plugin", "name": "Social Media Widget", "slug": "social-media-widget", "affected_versions": { "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85290224-a051-4913-83c7-f54f2b67621e?source=api-scan" ], "published": "2013-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "852b1895-3bed-4c2f-912c-c136b38a09bb": { "id": "852b1895-3bed-4c2f-912c-c136b38a09bb", "title": "Paid Memberships Pro <= 2.12.6 - Information Exposure in Debug Logs", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/852b1895-3bed-4c2f-912c-c136b38a09bb?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "852c44ba-e5c5-4206-b727-f4c4c1b889a1": { "id": "852c44ba-e5c5-4206-b727-f4c4c1b889a1", "title": "WP etracker <= 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP etracker", "slug": "wp-etracker", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/852c44ba-e5c5-4206-b727-f4c4c1b889a1?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8530affb-0b6e-4b71-acab-3561cccc1855": { "id": "8530affb-0b6e-4b71-acab-3561cccc1855", "title": "Advanced Access Manager <= 3.2.1 - Unrestricted AJAX Actions allowing Privilege Escalation", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "[*, 3.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8530affb-0b6e-4b71-acab-3561cccc1855?source=api-scan" ], "published": "2016-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85317781-7e77-4a78-af67-0a1dce39364c": { "id": "85317781-7e77-4a78-af67-0a1dce39364c", "title": "Make Paths Relative <= 1.3.0 - Cross-Site Request Forgery via 'admin\/class-make-paths-relative-admin.php'", "software": [ { "type": "plugin", "name": "Make Paths Relative", "slug": "make-paths-relative", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85317781-7e77-4a78-af67-0a1dce39364c?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "853516b2-ec50-4937-89d3-d16042a6f71c": { "id": "853516b2-ec50-4937-89d3-d16042a6f71c", "title": "Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.3.2 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Vimeography: Vimeo Video Gallery WordPress Plugin", "slug": "vimeography", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/853516b2-ec50-4937-89d3-d16042a6f71c?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8540b8f3-aace-4559-b83c-6244f2249548": { "id": "8540b8f3-aace-4559-b83c-6244f2249548", "title": "Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS", "software": [ { "type": "plugin", "name": "Widgets for Google Reviews", "slug": "wp-reviews-plugin-for-google", "affected_versions": { "* - 9.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8540b8f3-aace-4559-b83c-6244f2249548?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85438fad-2111-494a-9ba6-854c66d21149": { "id": "85438fad-2111-494a-9ba6-854c66d21149", "title": "Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Homepage Pop-up", "slug": "homepage-pop-up", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85438fad-2111-494a-9ba6-854c66d21149?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "854ab1f3-5f7c-40a4-85a5-db4e20dc72cc": { "id": "854ab1f3-5f7c-40a4-85a5-db4e20dc72cc", "title": "Manager for Icomoon <= 2.0 - Unauthenticated Arbitrary File Upload via 'upload'", "software": [ { "type": "plugin", "name": "Manager for Icomoon", "slug": "manager-for-icomoon", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/854ab1f3-5f7c-40a4-85a5-db4e20dc72cc?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "854e5d70-f42f-48c4-b1bb-687610f86cfb": { "id": "854e5d70-f42f-48c4-b1bb-687610f86cfb", "title": "FireStorm Professional Real Estate Plugin <= 2.06.03 - SQL Injections", "software": [ { "type": "plugin", "name": "FireStorm Professional Real Estate Plugin", "slug": "fs-real-estate-plugin", "affected_versions": { "* - 2.06.03": { "from_version": "*", "from_inclusive": true, "to_version": "2.06.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.06.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/854e5d70-f42f-48c4-b1bb-687610f86cfb?source=api-scan" ], "published": "2012-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "855055d5-362e-4a92-9e9d-97eab328dcc3": { "id": "855055d5-362e-4a92-9e9d-97eab328dcc3", "title": "Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update", "software": [ { "type": "plugin", "name": "Swift Framework", "slug": "swift-framework", "affected_versions": { "* - 2.7.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.31", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/855055d5-362e-4a92-9e9d-97eab328dcc3?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8550a405-9fa2-41a3-b556-05ff9f577ce4": { "id": "8550a405-9fa2-41a3-b556-05ff9f577ce4", "title": "Swifty Page Manager <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Swifty Page Manager", "slug": "swifty-page-manager", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8550a405-9fa2-41a3-b556-05ff9f577ce4?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8551ae2f-4be4-4dc6-952d-1d25ae127150": { "id": "8551ae2f-4be4-4dc6-952d-1d25ae127150", "title": "Jeeng Push Notifications <= 2.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Jeeng Push Notifications", "slug": "jeeng-push-notifications", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8551ae2f-4be4-4dc6-952d-1d25ae127150?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85551ba1-6d6e-47a0-864f-f9d0a0a11056": { "id": "85551ba1-6d6e-47a0-864f-f9d0a0a11056", "title": "Shortcodes and extra features for Phlox theme <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85551ba1-6d6e-47a0-864f-f9d0a0a11056?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85555a8f-5d23-458d-9166-d30f8f0551e0": { "id": "85555a8f-5d23-458d-9166-d30f8f0551e0", "title": "Calculated Fields Form <= 1.2.28 - Authenticated (Contributor+) Open Redirect via Shortcode", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.2.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85555a8f-5d23-458d-9166-d30f8f0551e0?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8555b662-f1c8-418a-896e-1558e6e34c14": { "id": "8555b662-f1c8-418a-896e-1558e6e34c14", "title": "WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 2.3.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8555b662-f1c8-418a-896e-1558e6e34c14?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85581a5d-a898-4dac-af48-139b36728760": { "id": "85581a5d-a898-4dac-af48-139b36728760", "title": "Simple Behance Portfolio <= 0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Behance Portfolio", "slug": "simple-behace-portfolio", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85581a5d-a898-4dac-af48-139b36728760?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8558cd96-3b2a-4282-950b-6d9753698291": { "id": "8558cd96-3b2a-4282-950b-6d9753698291", "title": "Job Manager & Career \u2013 Manage job board listings, and recruitments <= 1.4.4 - Cross-Site Request Forgery to PHP Object Injection", "software": [ { "type": "plugin", "name": "Job Manager & Career \u2013 Manage job board listings, and recruitments", "slug": "job-manager-career", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8558cd96-3b2a-4282-950b-6d9753698291?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "855ca8f0-5078-48ec-a5d0-3f43a217a91e": { "id": "855ca8f0-5078-48ec-a5d0-3f43a217a91e", "title": "Location Manager < 2.1.0.10 - SQL Injection", "software": [ { "type": "plugin", "name": "Location Manager", "slug": "geodir_location_manager", "affected_versions": { "[*, 2.1.0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/855ca8f0-5078-48ec-a5d0-3f43a217a91e?source=api-scan" ], "published": "2021-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "855d3e2a-8ab1-4e7b-b435-f3c31171deeb": { "id": "855d3e2a-8ab1-4e7b-b435-f3c31171deeb", "title": "WP Cerber Security < 8.9.3 - Multifactor Bypass", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "[*, 8.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "8.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/855d3e2a-8ab1-4e7b-b435-f3c31171deeb?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "855f5cca-b0cc-4a1b-be33-d11776ad7c08": { "id": "855f5cca-b0cc-4a1b-be33-d11776ad7c08", "title": "WordPress Core < 3.9.2 - Authenticated Cross-Site Scripting via Avatar URL", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.3": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true }, "3.8 - 3.8.3": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true }, "3.9 - 3.9.1": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4", "3.8.4", "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/855f5cca-b0cc-4a1b-be33-d11776ad7c08?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8564fc82-ff23-44b6-91b0-d63e6afb1a73": { "id": "8564fc82-ff23-44b6-91b0-d63e6afb1a73", "title": "Icons Font Loader <= 1.1.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Icons Font Loader \u2013 Load Various Web Fonts & Icons on WP", "slug": "icons-font-loader", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8564fc82-ff23-44b6-91b0-d63e6afb1a73?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8566a5ad-df8a-4843-82c9-05da9d44582d": { "id": "8566a5ad-df8a-4843-82c9-05da9d44582d", "title": "Easy Quiz Maker <= 1.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Quiz Maker", "slug": "n-media-wp-simple-quiz", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8566a5ad-df8a-4843-82c9-05da9d44582d?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "856a6b88-f5fc-4b87-8a94-81e233f02e2f": { "id": "856a6b88-f5fc-4b87-8a94-81e233f02e2f", "title": "WordPress Core < 4.0.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.2": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5", "3.8.5", "3.9.3", "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/856a6b88-f5fc-4b87-8a94-81e233f02e2f?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "856e27ea-fec2-4805-bc66-f20b83b9610c": { "id": "856e27ea-fec2-4805-bc66-f20b83b9610c", "title": "Visual Composer Website Builder <= 45.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Composer Website Builder", "slug": "visualcomposer", "affected_versions": { "* - 45.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "45.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "45.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/856e27ea-fec2-4805-bc66-f20b83b9610c?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "856e3e77-d330-4fa0-9f07-f77a56dbb5bd": { "id": "856e3e77-d330-4fa0-9f07-f77a56dbb5bd", "title": "XStore Core <= 5.3.8 - Authenticated (Subscriber+) Local File Inclusion", "software": [ { "type": "plugin", "name": "XStore Core", "slug": "et-core-plugin", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/856e3e77-d330-4fa0-9f07-f77a56dbb5bd?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "856f8b5f-809e-4ce2-8ef1-3ed169bc2b19": { "id": "856f8b5f-809e-4ce2-8ef1-3ed169bc2b19", "title": "Custom 404 Pro <= 3.2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "[*, 3.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/856f8b5f-809e-4ce2-8ef1-3ed169bc2b19?source=api-scan" ], "published": "2019-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85730e9b-c5da-473c-a324-891c5c9f7ba3": { "id": "85730e9b-c5da-473c-a324-891c5c9f7ba3", "title": "WCFM Marketplace <= 3.4.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce", "slug": "wc-multivendor-marketplace", "affected_versions": { "* - 3.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85730e9b-c5da-473c-a324-891c5c9f7ba3?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85790564-811c-4087-ad36-345e443ae9f8": { "id": "85790564-811c-4087-ad36-345e443ae9f8", "title": "Private Only <= 3.5.1 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Private Only", "slug": "private-only", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85790564-811c-4087-ad36-345e443ae9f8?source=api-scan" ], "published": "2015-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "857ed49c-8d0f-44d6-a97b-d0bc142dd43f": { "id": "857ed49c-8d0f-44d6-a97b-d0bc142dd43f", "title": "Magical Posts Display \u2013 Elementor & Gutenberg Posts Blocks <= 1.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magical Posts Display \u2013 Elementor Advanced Posts widgets", "slug": "magical-posts-display", "affected_versions": { "* - 1.2.38": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/857ed49c-8d0f-44d6-a97b-d0bc142dd43f?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8588f9e8-441c-4b9e-bd78-8526d8c28fa3": { "id": "8588f9e8-441c-4b9e-bd78-8526d8c28fa3", "title": "Shariff Wrapper <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shariff Wrapper", "slug": "shariff", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "858d8641-7455-47c2-9639-480ce4ec3540": { "id": "858d8641-7455-47c2-9639-480ce4ec3540", "title": "Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Responsive Contact Form Builder & Lead Generation Plugin", "slug": "lead-form-builder", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/858d8641-7455-47c2-9639-480ce4ec3540?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8593b14e-672d-43b8-b516-d068cbd735b7": { "id": "8593b14e-672d-43b8-b516-d068cbd735b7", "title": "TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TheCartPress eCommerce Shopping Cart", "slug": "thecartpress", "affected_versions": { "* - 1.5.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8593b14e-672d-43b8-b516-d068cbd735b7?source=api-scan" ], "published": "2015-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8599cb81-4f51-40b5-a0aa-5d27f2ae085d": { "id": "8599cb81-4f51-40b5-a0aa-5d27f2ae085d", "title": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.8.5 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 2.9.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8599cb81-4f51-40b5-a0aa-5d27f2ae085d?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "859fe629-701e-4d47-8e90-59860f7c6b82": { "id": "859fe629-701e-4d47-8e90-59860f7c6b82", "title": "WP Fastest Cache < 0.9.5 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "[*, 0.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/859fe629-701e-4d47-8e90-59860f7c6b82?source=api-scan" ], "published": "2021-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85a33508-71f2-4aa1-8d51-667eb0690fbd": { "id": "85a33508-71f2-4aa1-8d51-667eb0690fbd", "title": "WP Data Access <= 5.5.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Data Access \u2013 WordPress App, Table and Form Builder plugin", "slug": "wp-data-access", "affected_versions": { "* - 5.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85a33508-71f2-4aa1-8d51-667eb0690fbd?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85a8a7df-b472-4a81-b808-a413c158c1cf": { "id": "85a8a7df-b472-4a81-b808-a413c158c1cf", "title": "Tainacan <= 0.21.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.21.10": { "from_version": "*", "from_inclusive": true, "to_version": "0.21.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.21.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85a8a7df-b472-4a81-b808-a413c158c1cf?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85a94f32-e1e5-48ea-822e-c54d0592da28": { "id": "85a94f32-e1e5-48ea-822e-c54d0592da28", "title": "WP Chat App <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes", "software": [ { "type": "plugin", "name": "WP Chat App", "slug": "wp-whatsapp", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85a94f32-e1e5-48ea-822e-c54d0592da28?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85abf905-ec47-4847-b3d6-8570fd5eb287": { "id": "85abf905-ec47-4847-b3d6-8570fd5eb287", "title": "BackWPup <= 4.0.3 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "BackWPup \u2013 WordPress Backup & Restore Plugin", "slug": "backwpup", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85abf905-ec47-4847-b3d6-8570fd5eb287?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85af2186-0807-4926-9285-f8ac93f76b93": { "id": "85af2186-0807-4926-9285-f8ac93f76b93", "title": "Spiffy Calendar <= 4.9.0 - Edit\/Delete event via IDOR", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85af2186-0807-4926-9285-f8ac93f76b93?source=api-scan" ], "published": "2022-02-10 13:33:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85b0841c-eae1-4cce-9bfb-0ef5ba6abccc": { "id": "85b0841c-eae1-4cce-9bfb-0ef5ba6abccc", "title": "Fonts <= 3.7.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts", "slug": "olympus-google-fonts", "affected_versions": { "* - 3.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85b0841c-eae1-4cce-9bfb-0ef5ba6abccc?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85b2557e-0420-4087-a6d8-1d54fd269261": { "id": "85b2557e-0420-4087-a6d8-1d54fd269261", "title": "Simple Video Directory <= 1.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Video Directory", "slug": "simple-media-directory", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85b2557e-0420-4087-a6d8-1d54fd269261?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85b439ea-08f9-4b4e-80da-7c5f80bc2818": { "id": "85b439ea-08f9-4b4e-80da-7c5f80bc2818", "title": "WOLF <= 1.0.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85b439ea-08f9-4b4e-80da-7c5f80bc2818?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85b6262c-2576-4177-a683-44464dba0978": { "id": "85b6262c-2576-4177-a683-44464dba0978", "title": "Constant Contact Forms <= 1.14.0 - Missing Authorization via constant_contact_optin_ajax_handler", "software": [ { "type": "plugin", "name": "Constant Contact Forms", "slug": "constant-contact-forms", "affected_versions": { "* - 1.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85b6262c-2576-4177-a683-44464dba0978?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85ba54cc-3ef8-49ee-bef0-6fef8e116871": { "id": "85ba54cc-3ef8-49ee-bef0-6fef8e116871", "title": "Translation Exchange <= 1.0.14 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translation Exchange \u2013 Translate Your WordPress Site In Minutes!", "slug": "translation-exchange", "affected_versions": { "* - 1.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85ba54cc-3ef8-49ee-bef0-6fef8e116871?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85ba90ae-8144-42f0-90db-e7f2638fec47": { "id": "85ba90ae-8144-42f0-90db-e7f2638fec47", "title": "CartFlows Pro <= 1.11.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "cartflows-pro", "slug": "cartflows-pro", "affected_versions": { "* - 1.11.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85ba90ae-8144-42f0-90db-e7f2638fec47?source=api-scan" ], "published": "2023-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85bd9922-3316-4fd0-b31e-c3ca5ab8a79d": { "id": "85bd9922-3316-4fd0-b31e-c3ca5ab8a79d", "title": "Email Verification for WooCommerce <= 1.8.1 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Customer Email Verification for WooCommerce", "slug": "emails-verification-for-woocommerce", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] }, { "type": "plugin", "name": "Email Verification for WooCommerce Pro", "slug": "email-verification-for-woocommerce-pro", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85bd9922-3316-4fd0-b31e-c3ca5ab8a79d?source=api-scan" ], "published": "2020-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85bea3da-f54a-4a77-9abe-6c24bbdcc25c": { "id": "85bea3da-f54a-4a77-9abe-6c24bbdcc25c", "title": "WordPress File Upload <= 2.4.6 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85bea3da-f54a-4a77-9abe-6c24bbdcc25c?source=api-scan" ], "published": "2015-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85ca96a6-7992-424b-8b88-9a0751925223": { "id": "85ca96a6-7992-424b-8b88-9a0751925223", "title": "Accelerated Mobile Pages <= 1.0.92.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 1.0.92.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.92.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.93" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85ca96a6-7992-424b-8b88-9a0751925223?source=api-scan" ], "published": "2024-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85d8bfaa-db94-4c15-8f55-eeefe5882f90": { "id": "85d8bfaa-db94-4c15-8f55-eeefe5882f90", "title": "Backup Scheduler <= 1.5.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Backup Scheduler", "slug": "backup-scheduler", "affected_versions": { "* - 1.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85d8bfaa-db94-4c15-8f55-eeefe5882f90?source=api-scan" ], "published": "2022-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85dc6513-90cb-433d-8f8f-5b56b4a76897": { "id": "85dc6513-90cb-433d-8f8f-5b56b4a76897", "title": "WP Forum Server <= 1.6.5 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Forum Server", "slug": "forum-server", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85dc6513-90cb-433d-8f8f-5b56b4a76897?source=api-scan" ], "published": "2011-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85e0e1c5-211f-434c-8cc8-1ca676a8c7c2": { "id": "85e0e1c5-211f-434c-8cc8-1ca676a8c7c2", "title": "Preloader Plus \u2013 WordPress Loading Screen Plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Preloader Plus \u2013 WordPress Loading Screen Plugin", "slug": "preloader-plus", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85e0e1c5-211f-434c-8cc8-1ca676a8c7c2?source=api-scan" ], "published": "2024-09-06 20:26:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85e17f3a-cec1-41de-b3e2-ac06a9c9290f": { "id": "85e17f3a-cec1-41de-b3e2-ac06a9c9290f", "title": "KODO Qiniu <= 1.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "KODO Qiniu", "slug": "kodo-qiniu", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85e17f3a-cec1-41de-b3e2-ac06a9c9290f?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85e70be3-3ed7-4ce1-a20c-046fb7c4ec31": { "id": "85e70be3-3ed7-4ce1-a20c-046fb7c4ec31", "title": "video carousel slider with lightbox <= 1.0.6 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "video carousel slider with lightbox", "slug": "wp-responsive-video-gallery-with-lightbox", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85e70be3-3ed7-4ce1-a20c-046fb7c4ec31?source=api-scan" ], "published": "2024-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "85fd3e3c-f1cb-4384-86fd-3691f1deb963": { "id": "85fd3e3c-f1cb-4384-86fd-3691f1deb963", "title": "uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR)", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/85fd3e3c-f1cb-4384-86fd-3691f1deb963?source=api-scan" ], "published": "2021-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8603d4cd-5e01-4a68-b127-8c99609e0413": { "id": "8603d4cd-5e01-4a68-b127-8c99609e0413", "title": "Zoho Forms <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form plugin for WordPress \u2013 Zoho Forms", "slug": "zoho-forms", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8603d4cd-5e01-4a68-b127-8c99609e0413?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86055b1b-23a6-4e33-8818-0af58c8e6383": { "id": "86055b1b-23a6-4e33-8818-0af58c8e6383", "title": "WiserNotify Social Proof <= 2.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "WiserNotify Social Proof & FOMO Notification, WooCommerce Sales Popup, Review Popups, Notification Bars & Urgency Widgets", "slug": "wiser-notify", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86055b1b-23a6-4e33-8818-0af58c8e6383?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86068c50-2f24-4af9-a20f-704d52e98ce2": { "id": "86068c50-2f24-4af9-a20f-704d52e98ce2", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86068c50-2f24-4af9-a20f-704d52e98ce2?source=api-scan" ], "published": "2024-08-12 16:29:27", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86079059-11c7-4545-b254-6bf524367b46": { "id": "86079059-11c7-4545-b254-6bf524367b46", "title": "Video Contest WordPress Plugin <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Contest WordPress Plugin", "slug": "video-contest", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86079059-11c7-4545-b254-6bf524367b46?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86090ab4-9f1d-4a92-a302-118524a5ffaa": { "id": "86090ab4-9f1d-4a92-a302-118524a5ffaa", "title": "Ajax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 7.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86090ab4-9f1d-4a92-a302-118524a5ffaa?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86098d46-9e88-4558-b9b2-e3905716f2a9": { "id": "86098d46-9e88-4558-b9b2-e3905716f2a9", "title": "Smart Image Gallery <= 1.0.18 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Smart Image Gallery", "slug": "photoshow", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86098d46-9e88-4558-b9b2-e3905716f2a9?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "860c2339-b2a9-4a4e-a186-07a5fb042b06": { "id": "860c2339-b2a9-4a4e-a186-07a5fb042b06", "title": "ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/860c2339-b2a9-4a4e-a186-07a5fb042b06?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "860ce27b-749d-497f-9038-7e035cb3fe1d": { "id": "860ce27b-749d-497f-9038-7e035cb3fe1d", "title": "Live Chat from ClickDesk \u2013 Live Chat \u2013 Help Desk Plugin for Websites <= 4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Live Chat from ClickDesk \u2013 Live Chat \u2013 Help Desk Plugin for Websites", "slug": "clickdesk-live-support-chat-plugin", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/860ce27b-749d-497f-9038-7e035cb3fe1d?source=api-scan" ], "published": "2014-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "860e70be-2ccd-4d4d-b0d9-bde8d163c211": { "id": "860e70be-2ccd-4d4d-b0d9-bde8d163c211", "title": "123ContactForm for WordPress <= 1.5.6 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "123ContactForm for WordPress", "slug": "123contactform-for-wordpress", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/860e70be-2ccd-4d4d-b0d9-bde8d163c211?source=api-scan" ], "published": "2021-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86167b8c-6d4e-495d-96f7-8cda8e2c80b8": { "id": "86167b8c-6d4e-495d-96f7-8cda8e2c80b8", "title": "Social Media Share Buttons & Social Sharing Icons <= 1.5.1 - Arbitrary Options Deletion", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86167b8c-6d4e-495d-96f7-8cda8e2c80b8?source=api-scan" ], "published": "2016-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8617dc53-8994-4fab-a3df-27863ad3dd10": { "id": "8617dc53-8994-4fab-a3df-27863ad3dd10", "title": "Black-Letterhead <= 1.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Black-Letterhead", "slug": "black-letterhead", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8617dc53-8994-4fab-a3df-27863ad3dd10?source=api-scan" ], "published": "2011-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8619c999-5cf7-4888-bdb2-815238411303": { "id": "8619c999-5cf7-4888-bdb2-815238411303", "title": "Royal Elementor Addons and Templates <= 1.3.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.91": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8619c999-5cf7-4888-bdb2-815238411303?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "861da9ac-fd73-4bb5-bc39-baf9efe71899": { "id": "861da9ac-fd73-4bb5-bc39-baf9efe71899", "title": "WordPress Core <= 3.1.2 - Arbitrary File Upload", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/861da9ac-fd73-4bb5-bc39-baf9efe71899?source=api-scan" ], "published": "2011-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8620bbc1-efb2-471d-89fc-02e945675e65": { "id": "8620bbc1-efb2-471d-89fc-02e945675e65", "title": "Simple Job Board <= 2.12.5 - Unauthenticated Resumes Download", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.12.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8620bbc1-efb2-471d-89fc-02e945675e65?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8620d181-22f9-4054-9d5c-1b26a315d10c": { "id": "8620d181-22f9-4054-9d5c-1b26a315d10c", "title": "WP 2FA \u2013 Two-factor authentication for WordPress <= 2.6.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP 2FA \u2013 Two-factor authentication for WordPress", "slug": "wp-2fa", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8620d181-22f9-4054-9d5c-1b26a315d10c?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8621bc52-3a71-4e01-9823-129ce0831ec4": { "id": "8621bc52-3a71-4e01-9823-129ce0831ec4", "title": "Simple Ads Manager <= 2.5.94 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Simple Ads Manager", "slug": "simple-ads-manager", "affected_versions": { "* - 2.5.94": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.94", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.96" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8621bc52-3a71-4e01-9823-129ce0831ec4?source=api-scan" ], "published": "2015-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86264c7d-d1a5-4f3a-872f-b27a94d796e3": { "id": "86264c7d-d1a5-4f3a-872f-b27a94d796e3", "title": "Mitsol Social Post Feed <= 1.10 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mitsol Social Post Feed", "slug": "facebook-wall-and-social-integration", "affected_versions": { "* - 1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86264c7d-d1a5-4f3a-872f-b27a94d796e3?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "862ab8c7-c4af-437e-a72d-31a401cd1765": { "id": "862ab8c7-c4af-437e-a72d-31a401cd1765", "title": "Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Infusionsoft Gravity Forms Add-on", "slug": "infusionsoft", "affected_versions": { "[*, 1.5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/862ab8c7-c4af-437e-a72d-31a401cd1765?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "862d6ae8-5684-4a33-b85c-1d46e48f10f5": { "id": "862d6ae8-5684-4a33-b85c-1d46e48f10f5", "title": "Wsify Widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wsify widget", "slug": "wsify-widget", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/862d6ae8-5684-4a33-b85c-1d46e48f10f5?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "862fa0c3-c16f-493e-9bf6-92debc0e30f6": { "id": "862fa0c3-c16f-493e-9bf6-92debc0e30f6", "title": "Multiple Roles <= 1.3.1- Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Multiple Roles", "slug": "multiple-roles", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/862fa0c3-c16f-493e-9bf6-92debc0e30f6?source=api-scan" ], "published": "2021-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86351e2c-8c5a-4d71-bd73-d5ae1f03038f": { "id": "86351e2c-8c5a-4d71-bd73-d5ae1f03038f", "title": "Events Manager <= 6.4.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 6.4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.7.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86351e2c-8c5a-4d71-bd73-d5ae1f03038f?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86364b6f-dec8-48d8-9d2d-de1ee4901872": { "id": "86364b6f-dec8-48d8-9d2d-de1ee4901872", "title": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8641aa6d-e865-46cd-91f5-faec81a7bb55": { "id": "8641aa6d-e865-46cd-91f5-faec81a7bb55", "title": "Youtube Feeder <= 2.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Youtube Feeder", "slug": "youtube-feeder", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8641aa6d-e865-46cd-91f5-faec81a7bb55?source=api-scan" ], "published": "2021-07-31 00:29:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8641dec6-a754-446a-a011-9b4b0fc252c0": { "id": "8641dec6-a754-446a-a011-9b4b0fc252c0", "title": "Speed Booster Pack PageSpeed Optimization Suite <= 4.1.9. - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Speed Booster Pack \u26a1 PageSpeed Optimization Suite", "slug": "speed-booster-pack", "affected_versions": { "[*, 4.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8641dec6-a754-446a-a011-9b4b0fc252c0?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8647005a-23ce-417f-9bdb-c54ac506942b": { "id": "8647005a-23ce-417f-9bdb-c54ac506942b", "title": "WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Responsive Tabs horizontal vertical and accordion Tabs", "slug": "responsive-horizontal-vertical-and-accordion-tabs", "affected_versions": { "* - 1.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8647005a-23ce-417f-9bdb-c54ac506942b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "864a3444-0479-4b9f-beca-584a4a9b8682": { "id": "864a3444-0479-4b9f-beca-584a4a9b8682", "title": "User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/864a3444-0479-4b9f-beca-584a4a9b8682?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8650383a-712b-4830-894f-cd7ec7b0d5bc": { "id": "8650383a-712b-4830-894f-cd7ec7b0d5bc", "title": "WordPress Spreadsheet (wpSS) <= 0.62 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Spreadsheet", "slug": "wpSS", "affected_versions": { "* - 0.62": { "from_version": "*", "from_inclusive": true, "to_version": "0.62", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8650383a-712b-4830-894f-cd7ec7b0d5bc?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86566819-ec2e-4d56-87f6-4cd4b6de6192": { "id": "86566819-ec2e-4d56-87f6-4cd4b6de6192", "title": "Quasar - WordPress Theme with Animation Builder <= 1.9.2 - Authorization Bypass", "software": [ { "type": "theme", "name": "Quasar - WordPress Theme with Animation Builder", "slug": "quasar", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86566819-ec2e-4d56-87f6-4cd4b6de6192?source=api-scan" ], "published": "2015-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8657003f-da37-4169-9f00-262d7f3d9a9c": { "id": "8657003f-da37-4169-9f00-262d7f3d9a9c", "title": "iThemes Security <= 5.6.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 5.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8657003f-da37-4169-9f00-262d7f3d9a9c?source=api-scan" ], "published": "2016-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86609dfe-2060-4db2-8c5c-4e541302fc50": { "id": "86609dfe-2060-4db2-8c5c-4e541302fc50", "title": "Ultimate Addons for Beaver Builder <= 1.24.0 - Missing Authentication Bypass", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder", "slug": "bb-ultimate-addon", "affected_versions": { "[*, 1.24.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.24.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86609dfe-2060-4db2-8c5c-4e541302fc50?source=api-scan" ], "published": "2019-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86616f56-74cb-4ceb-95ce-fbd4a3842edd": { "id": "86616f56-74cb-4ceb-95ce-fbd4a3842edd", "title": "Filtre de surveillance gouvernemental <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Filtre de surveillance gouvernemental", "slug": "filtre-de-surveillance-gouvernemental", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86616f56-74cb-4ceb-95ce-fbd4a3842edd?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8664fec3-4e11-4775-a5ca-b4f58931da76": { "id": "8664fec3-4e11-4775-a5ca-b4f58931da76", "title": "Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8664fec3-4e11-4775-a5ca-b4f58931da76?source=api-scan" ], "published": "2024-08-20 17:25:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "866e4bc3-080a-4498-b210-e692d72d3db0": { "id": "866e4bc3-080a-4498-b210-e692d72d3db0", "title": "Daily Prayer Time <= 2024.08.26 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Daily Prayer Time", "slug": "daily-prayer-time-for-mosques", "affected_versions": { "* - 2024.08.26": { "from_version": "*", "from_inclusive": true, "to_version": "2024.08.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2024.09.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/866e4bc3-080a-4498-b210-e692d72d3db0?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "866f780e-46fa-407a-b777-951a328003dd": { "id": "866f780e-46fa-407a-b777-951a328003dd", "title": "Business Hours Pro <= 5.5.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Business Hours Pro WordPress Plugin", "slug": "iva-business-hours-pro", "affected_versions": { "* - 5.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/866f780e-46fa-407a-b777-951a328003dd?source=api-scan" ], "published": "2021-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8671b549-2cce-4f38-ad2d-a9472f7e8e7b": { "id": "8671b549-2cce-4f38-ad2d-a9472f7e8e7b", "title": "Serial Numbers for WooCommerce \u2013 License Manager <= 1.6.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WC Serial Numbers \u2013 Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce", "slug": "wc-serial-numbers", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8671b549-2cce-4f38-ad2d-a9472f7e8e7b?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8671bf69-640d-4656-ae22-a46daadf58a0": { "id": "8671bf69-640d-4656-ae22-a46daadf58a0", "title": "POEditor <= 0.9.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "POEditor", "slug": "poeditor", "affected_versions": { "* - 0.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8671bf69-640d-4656-ae22-a46daadf58a0?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8679f4cd-2cb8-48ad-a531-a00c1b85ed2e": { "id": "8679f4cd-2cb8-48ad-a531-a00c1b85ed2e", "title": "ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8679f4cd-2cb8-48ad-a531-a00c1b85ed2e?source=api-scan" ], "published": "2024-07-09 15:38:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "867d706c-31f9-44ac-ae25-5b722b85a4c8": { "id": "867d706c-31f9-44ac-ae25-5b722b85a4c8", "title": "Similarity <= 3.0 - Cross-Site Request Forgery to Plugin Reset", "software": [ { "type": "plugin", "name": "Similarity", "slug": "similarity", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/867d706c-31f9-44ac-ae25-5b722b85a4c8?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "867f374c-633f-4384-aa2b-5bb8daa5b7a2": { "id": "867f374c-633f-4384-aa2b-5bb8daa5b7a2", "title": "Newsletters <= 4.9.5 - Information Exposure via Log files", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/867f374c-633f-4384-aa2b-5bb8daa5b7a2?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86837f87-ea91-404a-92ac-38d1abf14cde": { "id": "86837f87-ea91-404a-92ac-38d1abf14cde", "title": "Leadster <= 1.1.2 - Cross-Site Request Forgery via leadster_script_code_action", "software": [ { "type": "plugin", "name": "Leadster", "slug": "leadster-marketing-conversacional", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86837f87-ea91-404a-92ac-38d1abf14cde?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "868905af-ee6e-41a8-8040-84eee696b747": { "id": "868905af-ee6e-41a8-8040-84eee696b747", "title": "Sender \u2013 Newsletter, SMS and Email Marketing Automation for WooCommerce <= 2.6.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sender \u2013 Newsletter, SMS and Email Marketing Automation for WooCommerce", "slug": "sender-net-automated-emails", "affected_versions": { "* - 2.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/868905af-ee6e-41a8-8040-84eee696b747?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "868b7492-c550-4c06-adb0-3478eb7d9b55": { "id": "868b7492-c550-4c06-adb0-3478eb7d9b55", "title": "CSS & JavaScript Toolbox <= 8.4.1 - Information Exposure", "software": [ { "type": "plugin", "name": "CSS & JavaScript Toolbox", "slug": "css-javascript-toolbox", "affected_versions": { "* - 8.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/868b7492-c550-4c06-adb0-3478eb7d9b55?source=api-scan" ], "published": "2018-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "868bbe8c-6d21-4d4b-ae23-e08dfb7a1277": { "id": "868bbe8c-6d21-4d4b-ae23-e08dfb7a1277", "title": "Ultimate Profile Builder < 3.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Profile Builder", "slug": "ultimate-profile-builder", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/868bbe8c-6d21-4d4b-ae23-e08dfb7a1277?source=api-scan" ], "published": "2015-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86908097-a5b2-427a-85c9-fbe29b519883": { "id": "86908097-a5b2-427a-85c9-fbe29b519883", "title": "Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Short URL", "slug": "shorten-url", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86908097-a5b2-427a-85c9-fbe29b519883?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8693a8b1-15e1-4c9c-90fb-51fcaf5ff451": { "id": "8693a8b1-15e1-4c9c-90fb-51fcaf5ff451", "title": "Keep Backup Daily <= 2.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keep Backup Daily", "slug": "keep-backup-daily", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8693a8b1-15e1-4c9c-90fb-51fcaf5ff451?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8698d6dd-7376-4d29-8a5c-21c239a7aa03": { "id": "8698d6dd-7376-4d29-8a5c-21c239a7aa03", "title": "Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.20.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.20.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8698d6dd-7376-4d29-8a5c-21c239a7aa03?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86991143-d4e7-4114-b219-0deedd084858": { "id": "86991143-d4e7-4114-b219-0deedd084858", "title": "Simple Giveaways <= 2.45.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings", "software": [ { "type": "plugin", "name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests", "slug": "giveasap", "affected_versions": { "* - 2.45.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.45.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.45.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86991143-d4e7-4114-b219-0deedd084858?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8699142d-4ddd-4ca1-9886-9b2d905a36cd": { "id": "8699142d-4ddd-4ca1-9886-9b2d905a36cd", "title": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "* - 5.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8699142d-4ddd-4ca1-9886-9b2d905a36cd?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "869e57f8-7524-497a-8d24-bb9f2ee3898b": { "id": "869e57f8-7524-497a-8d24-bb9f2ee3898b", "title": "AP Pricing Tables Lite <= 1.1.6 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Pricing Table Builder \u2013 AP Pricing Tables Lite", "slug": "ap-pricing-tables-lite", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/869e57f8-7524-497a-8d24-bb9f2ee3898b?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86b2123f-9616-4dcc-904f-c7be802a8f8c": { "id": "86b2123f-9616-4dcc-904f-c7be802a8f8c", "title": "WordPress Core <= 3.1.2 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86b2123f-9616-4dcc-904f-c7be802a8f8c?source=api-scan" ], "published": "2011-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86b54c46-a637-4fc4-8d48-a02383c9814b": { "id": "86b54c46-a637-4fc4-8d48-a02383c9814b", "title": "LMS by LifterLMS \u2013 Online Course, Membership & Learning Management System Plugin <= 4.21.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "[*, 4.21.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.21.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86b54c46-a637-4fc4-8d48-a02383c9814b?source=api-scan" ], "published": "2021-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86b8844e-5d6f-4bc6-97b2-4ff487bb2188": { "id": "86b8844e-5d6f-4bc6-97b2-4ff487bb2188", "title": "Logo Showcase with Slick Slider \u2013 Logo Carousel, Logo Slider & Logo Grid <= 1.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Logo Showcase \u2013 Responsive Logo Carousel, Logo Slider & Logo Grid", "slug": "logo-showcase-with-slick-slider", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86b8844e-5d6f-4bc6-97b2-4ff487bb2188?source=api-scan" ], "published": "2021-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86bb44f0-142d-4c4e-8fc5-a50526118130": { "id": "86bb44f0-142d-4c4e-8fc5-a50526118130", "title": "Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update", "software": [ { "type": "plugin", "name": "All-in-One WP Migration Dropbox Extension", "slug": "all-in-one-wp-migration-dropbox-extension", "affected_versions": { "* - 3.75": { "from_version": "*", "from_inclusive": true, "to_version": "3.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.76" ] }, { "type": "plugin", "name": "All-in-One WP Migration OneDrive Extension", "slug": "all-in-one-wp-migration-onedrive-extension", "affected_versions": { "* - 1.66": { "from_version": "*", "from_inclusive": true, "to_version": "1.66", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.67" ] }, { "type": "plugin", "name": "All-in-One WP Migration Google Drive Extension", "slug": "all-in-one-wp-migration-gdrive-extension", "affected_versions": { "* - 2.79": { "from_version": "*", "from_inclusive": true, "to_version": "2.79", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.80" ] }, { "type": "plugin", "name": "All-in-One WP Migration Box Extension", "slug": "all-in-one-wp-migration-box-extension", "affected_versions": { "* - 1.53": { "from_version": "*", "from_inclusive": true, "to_version": "1.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86bb44f0-142d-4c4e-8fc5-a50526118130?source=api-scan" ], "published": "2023-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86bd6ae1-e74d-4aab-98e1-3c47cb484fe9": { "id": "86bd6ae1-e74d-4aab-98e1-3c47cb484fe9", "title": "Inline Image Upload for BBPress <= 1.1.18 - Cross-Site Request Forgery via hm_bbpui_admin_page", "software": [ { "type": "plugin", "name": "Inline Image Upload for BBPress", "slug": "image-upload-for-bbpress", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86bd6ae1-e74d-4aab-98e1-3c47cb484fe9?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86c04e9d-0bcd-4637-bd4a-aeb2e3f373ff": { "id": "86c04e9d-0bcd-4637-bd4a-aeb2e3f373ff", "title": "Modern Events Calendar Lite <= 5.1.6 - Missing Authorization to Stored Cross-Site Scripting and Settings Update", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "[*, 5.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86c04e9d-0bcd-4637-bd4a-aeb2e3f373ff?source=api-scan" ], "published": "2020-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86c0f530-bf4c-4de4-84db-e8469cea76c5": { "id": "86c0f530-bf4c-4de4-84db-e8469cea76c5", "title": "Woocommerce CSV importer <= 3.3.6 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Woocommerce CSV importer", "slug": "woocommerce-csvimport", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86c0f530-bf4c-4de4-84db-e8469cea76c5?source=api-scan" ], "published": "2017-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86c1b729-e8fe-46e8-8d57-c6312087c6b2": { "id": "86c1b729-e8fe-46e8-8d57-c6312087c6b2", "title": "Under Construction, Coming Soon & Maintenance Mode <= 1.1.1 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Under Construction, Coming Soon & Maintenance Mode", "slug": "under-construction-maintenance-mode", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86c1b729-e8fe-46e8-8d57-c6312087c6b2?source=api-scan" ], "published": "2021-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86c3ef76-d4d0-4106-850f-88e9ea176979": { "id": "86c3ef76-d4d0-4106-850f-88e9ea176979", "title": "Easy Social Icons <= 3.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86c3ef76-d4d0-4106-850f-88e9ea176979?source=api-scan" ], "published": "2021-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86c9bcf1-c69e-47ca-b74b-8ce6157f520b": { "id": "86c9bcf1-c69e-47ca-b74b-8ce6157f520b", "title": "Royal Elementor Addons <=1.3.70 - Unauthenticated MailChimp API Key Disclosure", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.70": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.70", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86c9bcf1-c69e-47ca-b74b-8ce6157f520b?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86cb08ae-aa21-4ee6-baed-03429e4d38e2": { "id": "86cb08ae-aa21-4ee6-baed-03429e4d38e2", "title": "MC4WP: Mailchimp for WordPress <= 4.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "* - 4.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86cb08ae-aa21-4ee6-baed-03429e4d38e2?source=api-scan" ], "published": "2019-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86cdbfec-b1af-48ec-ae70-f97768694e44": { "id": "86cdbfec-b1af-48ec-ae70-f97768694e44", "title": "WD WidgetTwitter <= 1.0.9 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "WD WidgetTwitter", "slug": "widget-twitter", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86cdbfec-b1af-48ec-ae70-f97768694e44?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86cee705-6874-4fcc-b13c-bd20f6e0704b": { "id": "86cee705-6874-4fcc-b13c-bd20f6e0704b", "title": "Compact WP Audio Player <= 1.9.6 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Compact WP Audio Player", "slug": "compact-wp-audio-player", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86cee705-6874-4fcc-b13c-bd20f6e0704b?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86cf664f-5de1-4692-96b3-2fd8ae35110b": { "id": "86cf664f-5de1-4692-96b3-2fd8ae35110b", "title": "Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86cf664f-5de1-4692-96b3-2fd8ae35110b?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86d3ff76-49be-4517-a62e-7522e26479b7": { "id": "86d3ff76-49be-4517-a62e-7522e26479b7", "title": "Slickr Flickr <= 2.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slickr Flickr", "slug": "slickr-flickr", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86d3ff76-49be-4517-a62e-7522e26479b7?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86d5af9f-ffe9-4d22-885d-e117da7687de": { "id": "86d5af9f-ffe9-4d22-885d-e117da7687de", "title": "Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Advanced Order Export For WooCommerce", "slug": "woo-order-export-lite", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86d5af9f-ffe9-4d22-885d-e117da7687de?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86dd9106-880d-49db-8021-4fac71ae865f": { "id": "86dd9106-880d-49db-8021-4fac71ae865f", "title": "Automation By Autonami <= 3.1.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit", "slug": "wp-marketing-automations", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86dd9106-880d-49db-8021-4fac71ae865f?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86ddd5fd-137b-478e-952e-b36fc6a5c28d": { "id": "86ddd5fd-137b-478e-952e-b36fc6a5c28d", "title": "Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86ddd5fd-137b-478e-952e-b36fc6a5c28d?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86dfdc4f-1cc2-4b0d-b79c-bee3d6956eb4": { "id": "86dfdc4f-1cc2-4b0d-b79c-bee3d6956eb4", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86dfdc4f-1cc2-4b0d-b79c-bee3d6956eb4?source=api-scan" ], "published": "2024-06-25 18:16:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86e0ae2b-128c-4406-aef9-357904be86fa": { "id": "86e0ae2b-128c-4406-aef9-357904be86fa", "title": "Index WP MySQL For Speed <= 1.4.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Index WP MySQL For Speed", "slug": "index-wp-mysql-for-speed", "affected_versions": { "* - 1.4.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86e0ae2b-128c-4406-aef9-357904be86fa?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86e3eae3-21bb-4695-8650-4c6ba6ababe3": { "id": "86e3eae3-21bb-4695-8650-4c6ba6ababe3", "title": "HUSKY \u2013 Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86e3eae3-21bb-4695-8650-4c6ba6ababe3?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86e62a7d-53d6-40c8-823d-811cfb3d75b2": { "id": "86e62a7d-53d6-40c8-823d-811cfb3d75b2", "title": "YouTube Channel < 3.0.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "My YouTube Channel", "slug": "youtube-channel", "affected_versions": { "* - 3.0.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86e62a7d-53d6-40c8-823d-811cfb3d75b2?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86e6a246-557a-42f7-8f1b-b1b914f9f928": { "id": "86e6a246-557a-42f7-8f1b-b1b914f9f928", "title": "Afterpay Gateway for WooCommerce <= 3.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Afterpay Gateway for WooCommerce", "slug": "afterpay-gateway-for-woocommerce", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86e6a246-557a-42f7-8f1b-b1b914f9f928?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86eb42de-a820-4ba7-99cb-03d068e208a9": { "id": "86eb42de-a820-4ba7-99cb-03d068e208a9", "title": "Category and Page Icons <= 0.9.1 - Arbitrary File Upload and Deletion", "software": [ { "type": "plugin", "name": "Category and Page Icons", "slug": "category-page-icons", "affected_versions": { "* - 0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86eb42de-a820-4ba7-99cb-03d068e208a9?source=api-scan" ], "published": "2014-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86ebb3d1-5fd1-48cb-95b7-f82014323f01": { "id": "86ebb3d1-5fd1-48cb-95b7-f82014323f01", "title": "RegistrationMagic <= 5.2.5.0 - Form Submission Limit Bypass", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86ebb3d1-5fd1-48cb-95b7-f82014323f01?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86ee1acb-6f0c-40e6-80a0-fc93b61c1602": { "id": "86ee1acb-6f0c-40e6-80a0-fc93b61c1602", "title": "WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email", "software": [ { "type": "plugin", "name": "WP Mail Log", "slug": "wp-mail-log", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86ee1acb-6f0c-40e6-80a0-fc93b61c1602?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86f15e94-6ca7-4eb2-8a38-b4add9251dab": { "id": "86f15e94-6ca7-4eb2-8a38-b4add9251dab", "title": "WP Hotel Booking <= 2.0.9.2 - Improper Authorization on Multiple REST API Routes", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 2.0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86f15e94-6ca7-4eb2-8a38-b4add9251dab?source=api-scan" ], "published": "2024-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86f3c549-2cdd-4294-bc62-0892e94ddbb7": { "id": "86f3c549-2cdd-4294-bc62-0892e94ddbb7", "title": "Qubely <= 1.7.9 - Incorrect Authorization", "software": [ { "type": "plugin", "name": "Qubely \u2013 Advanced Gutenberg Blocks", "slug": "qubely", "affected_versions": { "1.8.0": { "from_version": "1.8.0", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86f3c549-2cdd-4294-bc62-0892e94ddbb7?source=api-scan" ], "published": "2022-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86f67129-2042-4dff-85de-e189e9f6b53d": { "id": "86f67129-2042-4dff-85de-e189e9f6b53d", "title": "Contact Form Email <= 1.3.43 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.3.43": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86f67129-2042-4dff-85de-e189e9f6b53d?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86f6e8b8-ebfd-4d9f-a285-9d0aa2e961ff": { "id": "86f6e8b8-ebfd-4d9f-a285-9d0aa2e961ff", "title": "MailChimp Subscribe Forms <= 4.0.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder", "slug": "mailchimp-subscribe-sm", "affected_versions": { "* - 4.0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86f6e8b8-ebfd-4d9f-a285-9d0aa2e961ff?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86f7eb83-8483-4c6b-993e-ce11084241e8": { "id": "86f7eb83-8483-4c6b-993e-ce11084241e8", "title": "Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.39 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", "slug": "mailin", "affected_versions": { "* - 3.1.39": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86f7eb83-8483-4c6b-993e-ce11084241e8?source=api-scan" ], "published": "2022-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86f84434-ac85-4c5f-8dd7-11d02ae9ee89": { "id": "86f84434-ac85-4c5f-8dd7-11d02ae9ee89", "title": "Photo Engine <= 6.4.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Photo Engine (Media Organizer & Lightroom)", "slug": "wplr-sync", "affected_versions": { "* - 6.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86f84434-ac85-4c5f-8dd7-11d02ae9ee89?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86f95721-ff77-4137-adba-61d74373ee06": { "id": "86f95721-ff77-4137-adba-61d74373ee06", "title": "Jetapo | Jobboard WordPress Theme and Jetapo | Jobboard WordPress Theme with WooCommerce < 1.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Jetapo | Jobboard WordPress Theme with WooCommerce", "slug": "jetapo-with-woocommerce", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] }, { "type": "theme", "name": "Jetapo | Jobboard WordPress Theme", "slug": "jetapo", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86f95721-ff77-4137-adba-61d74373ee06?source=api-scan" ], "published": "2020-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "86ff2412-23c6-450e-b351-ba994d68aae6": { "id": "86ff2412-23c6-450e-b351-ba994d68aae6", "title": "Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86ff2412-23c6-450e-b351-ba994d68aae6?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8703c76b-89c6-438a-b953-03847d965096": { "id": "8703c76b-89c6-438a-b953-03847d965096", "title": "Ninja Forms <= 3.5.8.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.5.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8703c76b-89c6-438a-b953-03847d965096?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8706c3f6-64e0-440e-a802-5c80d9cc3643": { "id": "8706c3f6-64e0-440e-a802-5c80d9cc3643", "title": "Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Oxygen Builder", "slug": "oxygenbuilder", "affected_versions": { "* - 4.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8706c3f6-64e0-440e-a802-5c80d9cc3643?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "870ae326-a7c9-4201-bf0d-0fbda663a694": { "id": "870ae326-a7c9-4201-bf0d-0fbda663a694", "title": "Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "* - 1.3.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/870ae326-a7c9-4201-bf0d-0fbda663a694?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8714f5cc-56c7-4976-b021-956883a2bc73": { "id": "8714f5cc-56c7-4976-b021-956883a2bc73", "title": "BP Group Documents <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "BP Group Documents", "slug": "bp-group-documents", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8714f5cc-56c7-4976-b021-956883a2bc73?source=api-scan" ], "published": "2013-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "871e5091-bb20-4a53-83e2-85ed6f26247a": { "id": "871e5091-bb20-4a53-83e2-85ed6f26247a", "title": "Advanced Page Visit Counter <= 6.4.2 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress", "slug": "advanced-page-visit-counter", "affected_versions": { "* - 6.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/871e5091-bb20-4a53-83e2-85ed6f26247a?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "872a6264-f0e2-4936-a942-172a99892672": { "id": "872a6264-f0e2-4936-a942-172a99892672", "title": "Google Doc Embedder <= 2.6.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Doc Embedder", "slug": "google-document-embedder", "affected_versions": { "[*, 2.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/872a6264-f0e2-4936-a942-172a99892672?source=api-scan" ], "published": "2016-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "872c8328-9089-4bc0-af17-f755524da610": { "id": "872c8328-9089-4bc0-af17-f755524da610", "title": "WP GPX Maps <= 1.7.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via sgpx Shortcode", "software": [ { "type": "plugin", "name": "WP GPX Maps", "slug": "wp-gpx-maps", "affected_versions": { "* - 1.7.08": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.08", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/872c8328-9089-4bc0-af17-f755524da610?source=api-scan" ], "published": "2024-09-24 12:13:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "872f13bc-e6d0-4307-b2c9-b55a44df1016": { "id": "872f13bc-e6d0-4307-b2c9-b55a44df1016", "title": "LiveChat WooCommerce <= 2.2.16 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Live Chat Plugin for WooCommerce \u2013 LiveChat", "slug": "livechat-woocommerce", "affected_versions": { "* - 2.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/872f13bc-e6d0-4307-b2c9-b55a44df1016?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87333eee-36ae-4272-b300-7352eb133745": { "id": "87333eee-36ae-4272-b300-7352eb133745", "title": "WordPress Core <= 3.3.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87333eee-36ae-4272-b300-7352eb133745?source=api-scan" ], "published": "2012-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87368d85-04d4-42e6-9ba6-2a1fc3b945a8": { "id": "87368d85-04d4-42e6-9ba6-2a1fc3b945a8", "title": "WP Last Modified Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via lmt-post-modified-info Shortcode", "software": [ { "type": "plugin", "name": "WP Last Modified Info", "slug": "wp-last-modified-info", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87368d85-04d4-42e6-9ba6-2a1fc3b945a8?source=api-scan" ], "published": "2024-08-19 15:52:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8736cf81-3fb8-4c81-a878-7d73a3e68fc2": { "id": "8736cf81-3fb8-4c81-a878-7d73a3e68fc2", "title": "Branding <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Branding", "slug": "branding", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8736cf81-3fb8-4c81-a878-7d73a3e68fc2?source=api-scan" ], "published": "2024-10-17 16:06:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8736fb91-d05c-4f7e-81ff-00dfa44961f5": { "id": "8736fb91-d05c-4f7e-81ff-00dfa44961f5", "title": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8736fb91-d05c-4f7e-81ff-00dfa44961f5?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87399a07-d2d8-42cd-81f0-9060f6cfff48": { "id": "87399a07-d2d8-42cd-81f0-9060f6cfff48", "title": "WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87399a07-d2d8-42cd-81f0-9060f6cfff48?source=api-scan" ], "published": "2023-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "873b6ace-0377-42d8-a6c5-3fe0226cebc5": { "id": "873b6ace-0377-42d8-a6c5-3fe0226cebc5", "title": "Easy Forms for Mailchimp <= 6.8.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "[*, 6.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/873b6ace-0377-42d8-a6c5-3fe0226cebc5?source=api-scan" ], "published": "2021-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "874130f0-7dc9-49fe-a7b0-e0be432799bd": { "id": "874130f0-7dc9-49fe-a7b0-e0be432799bd", "title": "Google XML Sitemaps Generator < 3.2.9 - Authenticated (Admin+) PHP Code Injection", "software": [ { "type": "plugin", "name": "Google XML Sitemaps Generator", "slug": "google-xml-sitemaps-generator", "affected_versions": { "* - 3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/874130f0-7dc9-49fe-a7b0-e0be432799bd?source=api-scan" ], "published": "2013-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8746bd3a-6e2b-4ed2-9b21-4ed5a0e58de8": { "id": "8746bd3a-6e2b-4ed2-9b21-4ed5a0e58de8", "title": "WordPress Core < 5.4.2 - Arbitrary User Meta Update", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.33": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.33", "to_inclusive": true }, "3.8 - 3.8.33": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.33", "to_inclusive": true }, "3.9 - 3.9.31": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.31", "to_inclusive": true }, "4.0 - 4.0.30": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.30", "to_inclusive": true }, "4.1 - 4.1.30": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.30", "to_inclusive": true }, "4.2 - 4.2.27": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.27", "to_inclusive": true }, "4.3 - 4.3.23": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.23", "to_inclusive": true }, "4.4 - 4.4.22": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.22", "to_inclusive": true }, "4.5 - 4.5.21": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.21", "to_inclusive": true }, "4.6 - 4.6.18": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.18", "to_inclusive": true }, "4.7 - 4.7.17": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.17", "to_inclusive": true }, "4.8 - 4.8.13": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.13", "to_inclusive": true }, "4.9 - 4.9.14": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.14", "to_inclusive": true }, "5.0 - 5.0.9": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true }, "5.1 - 5.1.5": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true }, "5.2 - 5.2.6": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true }, "5.3 - 5.3.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.34", "3.8.34", "3.9.32", "4.0.31", "4.1.31", "4.2.28", "4.3.24", "4.4.23", "4.5.22", "4.6.19", "4.7.18", "4.8.14", "4.9.15", "5.0.10", "5.1.6", "5.2.7", "5.3.4", "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8746bd3a-6e2b-4ed2-9b21-4ed5a0e58de8?source=api-scan" ], "published": "2020-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "874e9e14-1330-40f0-8199-8abcaae58e98": { "id": "874e9e14-1330-40f0-8199-8abcaae58e98", "title": "WP Radio \u2013 Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Radio \u2013 Worldwide Online Radio Stations Directory for WordPress", "slug": "wp-radio", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/874e9e14-1330-40f0-8199-8abcaae58e98?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "875b15a1-c747-4a74-a77e-d541f92468a3": { "id": "875b15a1-c747-4a74-a77e-d541f92468a3", "title": "Leaflet Maps Marker Pro < 1.5.8 - Path Traversal", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "mapsmarker", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/875b15a1-c747-4a74-a77e-d541f92468a3?source=api-scan" ], "published": "2014-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "875c6474-5bf3-4556-b529-299cd2f65afe": { "id": "875c6474-5bf3-4556-b529-299cd2f65afe", "title": "Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/875c6474-5bf3-4556-b529-299cd2f65afe?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "875db71d-c799-40b9-95e1-74d53046b0a9": { "id": "875db71d-c799-40b9-95e1-74d53046b0a9", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/875db71d-c799-40b9-95e1-74d53046b0a9?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "876efd71-8867-44b8-8017-86fad2a1b89f": { "id": "876efd71-8867-44b8-8017-86fad2a1b89f", "title": "WP Fastest Cache <= 1.2.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/876efd71-8867-44b8-8017-86fad2a1b89f?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8772a00a-b285-4b1e-a903-6f8404cf21a3": { "id": "8772a00a-b285-4b1e-a903-6f8404cf21a3", "title": "Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Login Logout Menu", "slug": "login-logout-menu", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8772a00a-b285-4b1e-a903-6f8404cf21a3?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8773fa6e-6e81-4565-a9be-36ad0ea6ac88": { "id": "8773fa6e-6e81-4565-a9be-36ad0ea6ac88", "title": "Corona Virus (COVID-19) Banner & Live Data <= 1.7.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Website Banner", "slug": "corona-virus-covid-19-banner", "affected_versions": { "* - 1.7.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8773fa6e-6e81-4565-a9be-36ad0ea6ac88?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8774f448-ba63-428c-8a82-b229718fdd10": { "id": "8774f448-ba63-428c-8a82-b229718fdd10", "title": "Brizy - Page Builder <= 2.3.11 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8774f448-ba63-428c-8a82-b229718fdd10?source=api-scan" ], "published": "2021-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "877a42c9-958d-46ed-8f9a-5972bd5f43f8": { "id": "877a42c9-958d-46ed-8f9a-5972bd5f43f8", "title": "Elementor Website Builder <= 2.9.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/877a42c9-958d-46ed-8f9a-5972bd5f43f8?source=api-scan" ], "published": "2020-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "878246f7-17c5-4ea0-a450-27244ace2717": { "id": "878246f7-17c5-4ea0-a450-27244ace2717", "title": "Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "[*, 5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.11" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "[*, 5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/878246f7-17c5-4ea0-a450-27244ace2717?source=api-scan" ], "published": "2021-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "878420ce-3a39-494d-9169-44220b2c3307": { "id": "878420ce-3a39-494d-9169-44220b2c3307", "title": "iThemes2 < 1.4.3 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "iThemes2", "slug": "ithemes2", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/878420ce-3a39-494d-9169-44220b2c3307?source=api-scan" ], "published": "2013-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "878671d2-572c-43f9-8fba-f2e2e955b7a6": { "id": "878671d2-572c-43f9-8fba-f2e2e955b7a6", "title": "Protect WP Admin <= 3.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Protect WP Admin", "slug": "protect-wp-admin", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/878671d2-572c-43f9-8fba-f2e2e955b7a6?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87870d48-05ff-4f51-9ad9-091ce2ffaf01": { "id": "87870d48-05ff-4f51-9ad9-091ce2ffaf01", "title": "iMember360is 3.8.012 - 3.9.001 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iMember360is", "slug": "imember360", "affected_versions": { "[3.8.012, 3.9.002)": { "from_version": "3.8.012", "from_inclusive": true, "to_version": "3.9.002", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.002" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87870d48-05ff-4f51-9ad9-091ce2ffaf01?source=api-scan" ], "published": "2014-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87888350-1230-4fec-9de2-c58fa24e6a05": { "id": "87888350-1230-4fec-9de2-c58fa24e6a05", "title": "XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "XML Sitemap & Google News", "slug": "xml-sitemap-feed", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87888350-1230-4fec-9de2-c58fa24e6a05?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "878f27d3-bb57-46b4-aee4-03720d695504": { "id": "878f27d3-bb57-46b4-aee4-03720d695504", "title": "Recall Products <= 0.8 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Recall Products", "slug": "recall-products", "affected_versions": { "* - 0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/878f27d3-bb57-46b4-aee4-03720d695504?source=api-scan" ], "published": "2020-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "879384eb-bfea-4667-a7de-9f723dbea74b": { "id": "879384eb-bfea-4667-a7de-9f723dbea74b", "title": "TablePress \u2013 Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind", "software": [ { "type": "plugin", "name": "TablePress \u2013 Tables in WordPress made easy", "slug": "tablepress", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/879384eb-bfea-4667-a7de-9f723dbea74b?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87944086-a4a4-4152-99f1-847eef7569ea": { "id": "87944086-a4a4-4152-99f1-847eef7569ea", "title": "Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Blocks (Custom Post Widget)", "slug": "custom-post-widget", "affected_versions": { "* - 3.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87944086-a4a4-4152-99f1-847eef7569ea?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8794854d-e931-4a85-b767-2ab81bfcb780": { "id": "8794854d-e931-4a85-b767-2ab81bfcb780", "title": "CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "CataBlog", "slug": "catablog", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8794854d-e931-4a85-b767-2ab81bfcb780?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "879bd819-5513-4253-b6e0-a34dbebae287": { "id": "879bd819-5513-4253-b6e0-a34dbebae287", "title": "Better Find and Replace <= 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Find and Replace", "slug": "real-time-auto-find-and-replace", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/879bd819-5513-4253-b6e0-a34dbebae287?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "879c0a85-ed94-430c-8e8e-6389294b432b": { "id": "879c0a85-ed94-430c-8e8e-6389294b432b", "title": "LoginWP <= 2.9.1 - Multiple Cross-Site Request Forgery vulnerabilities", "software": [ { "type": "plugin", "name": "LoginWP (Formerly Peter's Login Redirect)", "slug": "peters-login-redirect", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/879c0a85-ed94-430c-8e8e-6389294b432b?source=api-scan" ], "published": "2019-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "879e7695-3a61-4e65-b102-fcdc63fac688": { "id": "879e7695-3a61-4e65-b102-fcdc63fac688", "title": "amr users <= 4.59.4 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "amr users", "slug": "amr-users", "affected_versions": { "* - 4.59.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.59.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/879e7695-3a61-4e65-b102-fcdc63fac688?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87a1cc00-330c-40c3-a174-8ea50075c4bd": { "id": "87a1cc00-330c-40c3-a174-8ea50075c4bd", "title": "WP Maintenance <= 6.1.3 - IP Restriction Bypass", "software": [ { "type": "plugin", "name": "WP Maintenance", "slug": "wp-maintenance", "affected_versions": { "* - 6.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87a1cc00-330c-40c3-a174-8ea50075c4bd?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87b26fcf-d0b3-4ab3-92d8-8f1ba72af0a3": { "id": "87b26fcf-d0b3-4ab3-92d8-8f1ba72af0a3", "title": "BuddyPress <= 9.0.0 - Information Disclosure via REST API", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 9.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87b26fcf-d0b3-4ab3-92d8-8f1ba72af0a3?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87b49bae-05e6-44cd-86a1-8df3249a25f9": { "id": "87b49bae-05e6-44cd-86a1-8df3249a25f9", "title": "Popup Like box \u2013 Page <= 3.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Like box \u2013 Page Plugin", "slug": "ays-facebook-popup-likebox", "affected_versions": { "* - 3.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87b49bae-05e6-44cd-86a1-8df3249a25f9?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87b7bc4a-4d2f-4bcb-a9d5-72e31c95c09e": { "id": "87b7bc4a-4d2f-4bcb-a9d5-72e31c95c09e", "title": "tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87b7bc4a-4d2f-4bcb-a9d5-72e31c95c09e?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87b8386e-863e-4a33-8beb-aab3e704ecb6": { "id": "87b8386e-863e-4a33-8beb-aab3e704ecb6", "title": "Built-in Widgets Query extend <= 1.05 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Built-in Widgets Query extend (Custom Post Types & more)", "slug": "widget-extend-builtin-query", "affected_versions": { "* - 1.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87b8386e-863e-4a33-8beb-aab3e704ecb6?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87bd0e6b-7f0d-4696-99aa-c87013efc5a8": { "id": "87bd0e6b-7f0d-4696-99aa-c87013efc5a8", "title": "TNC PDF viewer <= 3.1.0 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TNC PDF viewer", "slug": "pdf-viewer-by-themencode", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87bd0e6b-7f0d-4696-99aa-c87013efc5a8?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87c99299-d23b-4cab-b2dc-abeed89155ff": { "id": "87c99299-d23b-4cab-b2dc-abeed89155ff", "title": "Easy!Appointments <= 1.3.2 - Information Disclosure", "software": [ { "type": "plugin", "name": "Easy!Appointments", "slug": "easyappointments", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87c99299-d23b-4cab-b2dc-abeed89155ff?source=api-scan" ], "published": "2019-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87ca07ac-6080-45d7-a8f5-74a918adec43": { "id": "87ca07ac-6080-45d7-a8f5-74a918adec43", "title": "Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87ca07ac-6080-45d7-a8f5-74a918adec43?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87ca4c05-b9fc-4932-be4b-beb57ca3bb7e": { "id": "87ca4c05-b9fc-4932-be4b-beb57ca3bb7e", "title": "WordPress Content Slide <= 1.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Content Slide", "slug": "content-slide", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87ca4c05-b9fc-4932-be4b-beb57ca3bb7e?source=api-scan" ], "published": "2015-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87d064fc-923a-41f1-a14f-09ff91b2aaee": { "id": "87d064fc-923a-41f1-a14f-09ff91b2aaee", "title": "CM Download Manager <= 2.7.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "[*, 2.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87d064fc-923a-41f1-a14f-09ff91b2aaee?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87d153df-93b0-40a3-b119-9fad41fbd0ee": { "id": "87d153df-93b0-40a3-b119-9fad41fbd0ee", "title": "Listing, Classified Ads & Business Directory \u2013 uListing <= 2.0.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87d153df-93b0-40a3-b119-9fad41fbd0ee?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87d4c2f5-d285-4063-af97-d060ae8496d8": { "id": "87d4c2f5-d285-4063-af97-d060ae8496d8", "title": "ElementsReady Addons for Elementor <= 6.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsReady Addons for Elementor", "slug": "element-ready-lite", "affected_versions": { "* - 6.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87d4c2f5-d285-4063-af97-d060ae8496d8?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87da5300-1add-44fc-a3e0-e8912f946c84": { "id": "87da5300-1add-44fc-a3e0-e8912f946c84", "title": "Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 7.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87da5300-1add-44fc-a3e0-e8912f946c84?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87e32ddb-6f3e-4896-965c-f30b016f9a72": { "id": "87e32ddb-6f3e-4896-965c-f30b016f9a72", "title": "\u042eKassa \u0434\u043b\u044f WooCommerce <= 2.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "\u042eKassa \u0434\u043b\u044f WooCommerce", "slug": "yookassa", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87e32ddb-6f3e-4896-965c-f30b016f9a72?source=api-scan" ], "published": "2022-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87e3dd5e-0d77-4d78-8171-0beaf9482699": { "id": "87e3dd5e-0d77-4d78-8171-0beaf9482699", "title": "WP EXtra <= 6.2 - Missing Authorization to .htaccess File Modification", "software": [ { "type": "plugin", "name": "WP EXtra", "slug": "wp-extra", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87e3dd5e-0d77-4d78-8171-0beaf9482699?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87e408c4-55da-4765-8ca6-e709b9045c8b": { "id": "87e408c4-55da-4765-8ca6-e709b9045c8b", "title": "FireStorm Shopping Cart eCommerce Plugin <= 2.07.02 - SQL Injection", "software": [ { "type": "plugin", "name": "FireStorm Shopping Cart eCommerce Plugin", "slug": "fs-shopping-cart", "affected_versions": { "* - 2.07.02": { "from_version": "*", "from_inclusive": true, "to_version": "2.07.02", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87e408c4-55da-4765-8ca6-e709b9045c8b?source=api-scan" ], "published": "2016-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87e74f4f-8426-4550-8c4d-eb776f023d09": { "id": "87e74f4f-8426-4550-8c4d-eb776f023d09", "title": "WP Travel Gutenberg Blocks <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Travel Gutenberg Blocks", "slug": "wp-travel-blocks", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87e74f4f-8426-4550-8c4d-eb776f023d09?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87e9d29b-9e0d-409c-97a5-7c444dff7382": { "id": "87e9d29b-9e0d-409c-97a5-7c444dff7382", "title": "WP Related Posts <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Related Posts", "slug": "wp-related-posts", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87e9d29b-9e0d-409c-97a5-7c444dff7382?source=api-scan" ], "published": "2011-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87eaa518-44fb-48ae-b700-ac65141905b3": { "id": "87eaa518-44fb-48ae-b700-ac65141905b3", "title": "WP-PostViews < 1.63 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-PostViews", "slug": "wp-postviews", "affected_versions": { "[*, 1.63)": { "from_version": "*", "from_inclusive": true, "to_version": "1.63", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87eaa518-44fb-48ae-b700-ac65141905b3?source=api-scan" ], "published": "2013-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87eb6644-fd70-42a1-b05d-b166cb89c45c": { "id": "87eb6644-fd70-42a1-b05d-b166cb89c45c", "title": "Video Central for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Central for WordPress", "slug": "video-central", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87eb6644-fd70-42a1-b05d-b166cb89c45c?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "87ec5542-b6e7-4b18-a3ec-c258e749d32e": { "id": "87ec5542-b6e7-4b18-a3ec-c258e749d32e", "title": "RegistrationMagic <= 5.2.1.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/87ec5542-b6e7-4b18-a3ec-c258e749d32e?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88001f3c-f5cc-4051-a713-788014e2241a": { "id": "88001f3c-f5cc-4051-a713-788014e2241a", "title": "Insert PHP Code Snippet <= 1.3.6 - Cross-Site Request Forgery to Code Snippet Activate\/Deactivate\/Deletion", "software": [ { "type": "plugin", "name": "Insert PHP Code Snippet", "slug": "insert-php-code-snippet", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88001f3c-f5cc-4051-a713-788014e2241a?source=api-scan" ], "published": "2024-08-14 14:04:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "880573d8-6dad-4a1b-a5db-33e1dc243062": { "id": "880573d8-6dad-4a1b-a5db-33e1dc243062", "title": "FiboSearch - AJAX Search for WooCommerce <= 1.23.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FiboSearch \u2013 Ajax Search for WooCommerce", "slug": "ajax-search-for-woocommerce", "affected_versions": { "1.23.0": { "from_version": "1.23.0", "from_inclusive": true, "to_version": "1.23.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/880573d8-6dad-4a1b-a5db-33e1dc243062?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88068243-9e2a-4893-a432-fd1973db7ca8": { "id": "88068243-9e2a-4893-a432-fd1973db7ca8", "title": "Pop-up <= 1.1.5 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Pop-up", "slug": "pop-up-pop-up", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88068243-9e2a-4893-a432-fd1973db7ca8?source=api-scan" ], "published": "2022-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8806a1b7-03c9-40a8-a1ef-f122329e0443": { "id": "8806a1b7-03c9-40a8-a1ef-f122329e0443", "title": "FG Joomla to WordPress < 3.31.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FG Joomla to WordPress", "slug": "fg-joomla-to-wordpress", "affected_versions": { "[*, 3.31.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.31.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.31.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8806a1b7-03c9-40a8-a1ef-f122329e0443?source=api-scan" ], "published": "2017-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88075c15-079f-4de2-8e15-374eb7b8c77b": { "id": "88075c15-079f-4de2-8e15-374eb7b8c77b", "title": "LuckyWP Table of Contents <= 2.1.5 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LuckyWP Table of Contents", "slug": "luckywp-table-of-contents", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88075c15-079f-4de2-8e15-374eb7b8c77b?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8808e4bd-76ea-4e31-8a2c-92c5b7dd3c68": { "id": "8808e4bd-76ea-4e31-8a2c-92c5b7dd3c68", "title": "Schema Pro <= 2.7.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Schema Pro", "slug": "wp-schema-pro", "affected_versions": { "* - 2.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8808e4bd-76ea-4e31-8a2c-92c5b7dd3c68?source=api-scan" ], "published": "2023-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "880e5752-cc69-4c38-bd00-a3b8517e5fa6": { "id": "880e5752-cc69-4c38-bd00-a3b8517e5fa6", "title": "Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization", "software": [ { "type": "plugin", "name": "Filter Custom Fields & Taxonomies Light", "slug": "filter-custom-fields-taxonomies-light", "affected_versions": { "* - 1.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.05", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/880e5752-cc69-4c38-bd00-a3b8517e5fa6?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "880f1f3f-857c-46da-a65c-082348260f89": { "id": "880f1f3f-857c-46da-a65c-082348260f89", "title": "Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode", "software": [ { "type": "plugin", "name": "Passster \u2013 Password Protect Pages and Content", "slug": "content-protector", "affected_versions": { "* - 4.2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/880f1f3f-857c-46da-a65c-082348260f89?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8810d237-06d5-45a0-8402-a2e7e15418d0": { "id": "8810d237-06d5-45a0-8402-a2e7e15418d0", "title": "WP Popups <= 2.1.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Popups \u2013 WordPress Popup builder", "slug": "wp-popups-lite", "affected_versions": { "* - 2.1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8810d237-06d5-45a0-8402-a2e7e15418d0?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8815abff-6bd5-4ce4-9adf-afd699f628c4": { "id": "8815abff-6bd5-4ce4-9adf-afd699f628c4", "title": "WP User Manager <= 2.6.2 - Arbitrary User Password Reset", "software": [ { "type": "plugin", "name": "WP User Manager \u2013 User Profile Builder & Membership", "slug": "wp-user-manager", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8815abff-6bd5-4ce4-9adf-afd699f628c4?source=api-scan" ], "published": "2021-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88163d55-ab97-4697-a25b-d54615e2a843": { "id": "88163d55-ab97-4697-a25b-d54615e2a843", "title": "Solid Security Basic <= 9.0.0 - Unauthenticated Login Page Disclosure", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 9.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88163d55-ab97-4697-a25b-d54615e2a843?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "881e8096-e75f-49a7-87ed-c230e93ea378": { "id": "881e8096-e75f-49a7-87ed-c230e93ea378", "title": "Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.46.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.46.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.47.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/881e8096-e75f-49a7-87ed-c230e93ea378?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "882631ab-ef16-4158-adbc-60ad177ae6b8": { "id": "882631ab-ef16-4158-adbc-60ad177ae6b8", "title": "Memberpress <= 1.11.24 - Reflected Cross-Site Scripting via message and error", "software": [ { "type": "plugin", "name": "Memberpress", "slug": "memberpress", "affected_versions": { "* - 1.11.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/882631ab-ef16-4158-adbc-60ad177ae6b8?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "882639e3-615f-48df-9ddc-afbe0788d55f": { "id": "882639e3-615f-48df-9ddc-afbe0788d55f", "title": "MM-Breaking News <= 0.7.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MM-Breaking News", "slug": "mm-breaking-news", "affected_versions": { "* - 0.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/882639e3-615f-48df-9ddc-afbe0788d55f?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88290419-2086-4b43-b2b9-5d8128b208e2": { "id": "88290419-2086-4b43-b2b9-5d8128b208e2", "title": "Allure Real Estate Theme <= 0.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Allure Real Estate Theme", "slug": "allure-real-estate-theme-for-real-estate", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88290419-2086-4b43-b2b9-5d8128b208e2?source=api-scan" ], "published": "2013-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "882caa58-b56f-455f-ab3e-1fd8fd4e10e2": { "id": "882caa58-b56f-455f-ab3e-1fd8fd4e10e2", "title": "Circles Gallery <= 1.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings", "software": [ { "type": "plugin", "name": "Circles Gallery", "slug": "circles-gallery", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/882caa58-b56f-455f-ab3e-1fd8fd4e10e2?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8837e74c-677b-494d-9d7a-4bb166921bbf": { "id": "8837e74c-677b-494d-9d7a-4bb166921bbf", "title": "Reality <= 2.3.0 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Reality | Estate Multipurpose WordPress Theme", "slug": "reality", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8837e74c-677b-494d-9d7a-4bb166921bbf?source=api-scan" ], "published": "2019-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "883e1f3c-7e47-4522-ae8c-a9a6b4160be2": { "id": "883e1f3c-7e47-4522-ae8c-a9a6b4160be2", "title": "PowerPack Pro for Elementor <= 2.10.6 - Missing Authorization to Settings Reset", "software": [ { "type": "plugin", "name": "PowerPack Pro for Elementor", "slug": "powerpack-elements", "affected_versions": { "* - 2.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/883e1f3c-7e47-4522-ae8c-a9a6b4160be2?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8840bb3c-3e4b-48d5-bf01-2ed9bcfcf27a": { "id": "8840bb3c-3e4b-48d5-bf01-2ed9bcfcf27a", "title": "Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Infusionsoft Gravity Forms Add-on", "slug": "infusionsoft", "affected_versions": { "1.5.3 - 1.5.10": { "from_version": "1.5.3", "from_inclusive": true, "to_version": "1.5.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8840bb3c-3e4b-48d5-bf01-2ed9bcfcf27a?source=api-scan" ], "published": "2014-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8844c230-162d-46c4-9b34-fc9d18b93f4f": { "id": "8844c230-162d-46c4-9b34-fc9d18b93f4f", "title": "Popup | Custom Popup Builder <= 1.3.1 - Missing Capabilities Check", "software": [ { "type": "plugin", "name": "Popup | Custom Popup Builder", "slug": "m-wp-popup", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8844c230-162d-46c4-9b34-fc9d18b93f4f?source=api-scan" ], "published": "2022-06-14 14:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8848a247-52a6-48de-9ad5-deef89c2c599": { "id": "8848a247-52a6-48de-9ad5-deef89c2c599", "title": "Wow Forms \u2013 create any form with custom style <= 3.1.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Wow Forms \u2013 create any form with custom style", "slug": "mwp-forms", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8848a247-52a6-48de-9ad5-deef89c2c599?source=api-scan" ], "published": "2021-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "884973e2-3836-448f-8c0d-1235fb2c09b6": { "id": "884973e2-3836-448f-8c0d-1235fb2c09b6", "title": "WPML < 3.1.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpml", "slug": "wpml", "affected_versions": { "[*, 3.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/884973e2-3836-448f-8c0d-1235fb2c09b6?source=api-scan" ], "published": "2015-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88622945-9a55-4e44-86e3-f111b9490aa8": { "id": "88622945-9a55-4e44-86e3-f111b9490aa8", "title": "Sidebar Adder 2 <= 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sidebar Adder 2", "slug": "sidebar-adder", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88622945-9a55-4e44-86e3-f111b9490aa8?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8869a4fc-279f-4828-a271-8680d037fa85": { "id": "8869a4fc-279f-4828-a271-8680d037fa85", "title": "Essential Addons for Elementor Lite <= 5.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8869a4fc-279f-4828-a271-8680d037fa85?source=api-scan" ], "published": "2022-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8872eca8-4812-4f5f-b775-cbfab90ba2ca": { "id": "8872eca8-4812-4f5f-b775-cbfab90ba2ca", "title": "WooCommerce Box Office <= 1.1.51 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Box Office", "slug": "woocommerce-box-office", "affected_versions": { "* - 1.1.51": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8872eca8-4812-4f5f-b775-cbfab90ba2ca?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8876ecc4-1a50-43ac-9c8d-354f6de4abdd": { "id": "8876ecc4-1a50-43ac-9c8d-354f6de4abdd", "title": "Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Motor Racing League", "slug": "motor-racing-league", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8876ecc4-1a50-43ac-9c8d-354f6de4abdd?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "887a1697-608e-4bf8-8c15-188737cb22c6": { "id": "887a1697-608e-4bf8-8c15-188737cb22c6", "title": "TS Webfonts for SAKURA <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TS Webfonts for \u3055\u304f\u3089\u306e\u30ec\u30f3\u30bf\u30eb\u30b5\u30fc\u30d0", "slug": "ts-webfonts-for-sakura", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/887a1697-608e-4bf8-8c15-188737cb22c6?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "887ca432-5412-401c-8d4e-52dcb511e5ba": { "id": "887ca432-5412-401c-8d4e-52dcb511e5ba", "title": "Advanced Database Cleaner <= 3.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Database Cleaner", "slug": "advanced-database-cleaner", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/887ca432-5412-401c-8d4e-52dcb511e5ba?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "887ccf72-9ae1-4b7e-9f62-253dea459652": { "id": "887ccf72-9ae1-4b7e-9f62-253dea459652", "title": "Contact Form Multi by BestWebSoft \u2013 Multiple Forms Plugin for Single WordPress Website < 1.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Multi by BestWebSoft \u2013 Multiple Forms Plugin for Single WordPress Website", "slug": "contact-form-multi", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/887ccf72-9ae1-4b7e-9f62-253dea459652?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88809668-ea6b-41df-b2a7-ffe03a931c86": { "id": "88809668-ea6b-41df-b2a7-ffe03a931c86", "title": "Theme Blvd Shortcodes <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Theme Blvd Shortcodes", "slug": "theme-blvd-shortcodes", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88809668-ea6b-41df-b2a7-ffe03a931c86?source=api-scan" ], "published": "2023-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8881c74f-9941-4919-8a15-99407fca0946": { "id": "8881c74f-9941-4919-8a15-99407fca0946", "title": "WebLibrarian < 3.4.8.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WebLibrarian", "slug": "weblibrarian", "affected_versions": { "[*, 3.4.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8881c74f-9941-4919-8a15-99407fca0946?source=api-scan" ], "published": "2017-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88829cca-4389-4b1a-a376-7abfbc37508e": { "id": "88829cca-4389-4b1a-a376-7abfbc37508e", "title": "Visualizer <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88829cca-4389-4b1a-a376-7abfbc37508e?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88840d66-1644-4af0-b811-41f0e9fe2c0c": { "id": "88840d66-1644-4af0-b811-41f0e9fe2c0c", "title": "Product Category Tree <= 2.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Category Tree", "slug": "product-category-tree", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88840d66-1644-4af0-b811-41f0e9fe2c0c?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88855d83-d182-4b10-b44f-cd0edec07db1": { "id": "88855d83-d182-4b10-b44f-cd0edec07db1", "title": "WP Change Email Sender <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Change Email Sender", "slug": "wp-change-email-sender", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88855d83-d182-4b10-b44f-cd0edec07db1?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "888877c9-45e1-405a-ac0c-bbe512188141": { "id": "888877c9-45e1-405a-ac0c-bbe512188141", "title": "Youtube Freedown <= 1.0 - Remote Media File Inclusion", "software": [ { "type": "plugin", "name": "Youtube Freedown", "slug": "youtubefreedown", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/888877c9-45e1-405a-ac0c-bbe512188141?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88898997-6199-4b33-bd35-70a1a01812ec": { "id": "88898997-6199-4b33-bd35-70a1a01812ec", "title": "KiviCare \u2013 Clinic & Patient Management System (EHR) <= 3.2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "KiviCare \u2013 Clinic & Patient Management System (EHR)", "slug": "kivicare-clinic-management-system", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88898997-6199-4b33-bd35-70a1a01812ec?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88907f28-7b1d-4a5a-b846-67dfd21d6488": { "id": "88907f28-7b1d-4a5a-b846-67dfd21d6488", "title": "ARMember <= 4.0.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88907f28-7b1d-4a5a-b846-67dfd21d6488?source=api-scan" ], "published": "2024-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8896fa5a-1642-4fcd-8fff-1e5828c28523": { "id": "8896fa5a-1642-4fcd-8fff-1e5828c28523", "title": "QR code MeCard\/vCard generator <= 1.6.0 - Missing Authorization via wqm_make_url_permanent", "software": [ { "type": "plugin", "name": "QR code MeCard\/vCard generator", "slug": "wp-qrcode-me-v-card", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8896fa5a-1642-4fcd-8fff-1e5828c28523?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "889986f8-224e-4af4-a1d2-ef4b04a7e83f": { "id": "889986f8-224e-4af4-a1d2-ef4b04a7e83f", "title": "Product Enquiry for WooCommerce <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Enquiry for WooCommerce, WooCommerce product catalog", "slug": "enquiry-quotation-for-woocommerce", "affected_versions": { "* - 2.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/889986f8-224e-4af4-a1d2-ef4b04a7e83f?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "889cb1d5-7f5c-4904-9b5f-cc8a505eb65c": { "id": "889cb1d5-7f5c-4904-9b5f-cc8a505eb65c", "title": "Stop Spammers Security <= 2022.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms", "slug": "stop-spammer-registrations-plugin", "affected_versions": { "* - 2022.6": { "from_version": "*", "from_inclusive": true, "to_version": "2022.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2023" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/889cb1d5-7f5c-4904-9b5f-cc8a505eb65c?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88a3b4ad-7b8c-40ae-b81f-ccb979b49a47": { "id": "88a3b4ad-7b8c-40ae-b81f-ccb979b49a47", "title": "WordPress Core < 5.0.1 - Authenticated Stored Cross-Site Scripting via Comments", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88a3b4ad-7b8c-40ae-b81f-ccb979b49a47?source=api-scan" ], "published": "2018-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88a46a24-6d46-44cc-ac01-70a1c329cb51": { "id": "88a46a24-6d46-44cc-ac01-70a1c329cb51", "title": "WP Compress \u2013 Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification", "software": [ { "type": "plugin", "name": "WP Compress \u2013 Instant Performance & Speed Optimization", "slug": "wp-compress-image-optimizer", "affected_versions": { "* - 6.11.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.11.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.11.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88a46a24-6d46-44cc-ac01-70a1c329cb51?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88ade7a7-da31-4752-b100-40dae81735b0": { "id": "88ade7a7-da31-4752-b100-40dae81735b0", "title": "Magic Embeds <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Magic Embeds", "slug": "wp-embed-facebook", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88ade7a7-da31-4752-b100-40dae81735b0?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88b0e98b-3416-40d1-9901-6ab0dfb7dea1": { "id": "88b0e98b-3416-40d1-9901-6ab0dfb7dea1", "title": "WishList Member X <= 3.25.1 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wishlist Member", "slug": "wishlist-member-x", "affected_versions": { "* - 3.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.25.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88b0e98b-3416-40d1-9901-6ab0dfb7dea1?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88b2d8e6-d242-4943-a121-23898a8fde55": { "id": "88b2d8e6-d242-4943-a121-23898a8fde55", "title": "Master Addons for Elementor <= 2.0.5.4.1 - Missing Authorization via get_jltma_save_menuitem_settings()", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.5.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88b2d8e6-d242-4943-a121-23898a8fde55?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88b3a69d-2c94-48e6-b965-8a67b2fe42b2": { "id": "88b3a69d-2c94-48e6-b965-8a67b2fe42b2", "title": "WooCommerce <= 2.3.10 - PHP Object Injection", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 2.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88b3a69d-2c94-48e6-b965-8a67b2fe42b2?source=api-scan" ], "published": "2015-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88b8a93b-f34f-4188-8153-ce36b03b6a4c": { "id": "88b8a93b-f34f-4188-8153-ce36b03b6a4c", "title": "Spiffy Calendar <= 4.9.11 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88b8a93b-f34f-4188-8153-ce36b03b6a4c?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88c5752c-ef4e-4343-810e-ecf1f33d3538": { "id": "88c5752c-ef4e-4343-810e-ecf1f33d3538", "title": "User Access Manager <= 2.2.16 - IP Spoofing", "software": [ { "type": "plugin", "name": "User Access Manager", "slug": "user-access-manager", "affected_versions": { "* - 2.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88c5752c-ef4e-4343-810e-ecf1f33d3538?source=api-scan" ], "published": "2023-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88c85270-d464-4f20-84e5-80f63e7c73e2": { "id": "88c85270-d464-4f20-84e5-80f63e7c73e2", "title": "New Order Notification for Woocommerce <= 2.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "New Order Notification for Woocommerce", "slug": "new-order-notification-for-woocommerce", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88c85270-d464-4f20-84e5-80f63e7c73e2?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88ca14d5-bbdd-4efa-a729-40a73f701aae": { "id": "88ca14d5-bbdd-4efa-a729-40a73f701aae", "title": "Button Generator \u2013 easily Button Builder <= 2.3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Button Generator \u2013 easily Button Builder", "slug": "button-generation", "affected_versions": { "* - 2.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88ca14d5-bbdd-4efa-a729-40a73f701aae?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88cea535-1042-4011-aee9-684d7661e193": { "id": "88cea535-1042-4011-aee9-684d7661e193", "title": "Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Catalyst Connect Zoho CRM Client Portal", "slug": "catalyst-connect-client-portal", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88cea535-1042-4011-aee9-684d7661e193?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88cf21c3-52d7-472f-8f55-8e1a5819f133": { "id": "88cf21c3-52d7-472f-8f55-8e1a5819f133", "title": "Brave Popup Builder <= 0.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content", "slug": "brave-popup-builder", "affected_versions": { "* - 0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88cf21c3-52d7-472f-8f55-8e1a5819f133?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88d0d6b7-f33f-4c7b-9006-d54578fbe003": { "id": "88d0d6b7-f33f-4c7b-9006-d54578fbe003", "title": "Image Map Pro <= 5.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images", "slug": "image-map-pro", "affected_versions": { "* - 5.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88d0d6b7-f33f-4c7b-9006-d54578fbe003?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88d16ce2-a1cf-4402-b140-3cab17f8c638": { "id": "88d16ce2-a1cf-4402-b140-3cab17f8c638", "title": "Oliver POS \u2013 A WooCommerce Point of Sale (POS) <= 2.4.1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Oliver POS \u2013 A WooCommerce Point of Sale (POS)", "slug": "oliver-pos", "affected_versions": { "* - 2.4.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88d16ce2-a1cf-4402-b140-3cab17f8c638?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88d19782-492f-4306-a8c0-5eaa470e457d": { "id": "88d19782-492f-4306-a8c0-5eaa470e457d", "title": "Ticket Tailor <= 1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sell Tickets \u2013 Event Ticketing and Event Registration \u2013 Ticket Tailor for WordPress", "slug": "ticket-tailor", "affected_versions": { "* - 1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88d19782-492f-4306-a8c0-5eaa470e457d?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88d80702-a987-4b12-a003-2fa564fda409": { "id": "88d80702-a987-4b12-a003-2fa564fda409", "title": "Download Manager Pro <= 6.2.9 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Download Manager Pro", "slug": "download-manager", "affected_versions": { "[4.0, 6.3.0)": { "from_version": "4.0", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88d80702-a987-4b12-a003-2fa564fda409?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88d9f0b1-040d-4f95-95dd-021ceb0cdb39": { "id": "88d9f0b1-040d-4f95-95dd-021ceb0cdb39", "title": "Login As Users <= 1.4.3 - Missing Authorization to Privielge Escalation via Account Takeover", "software": [ { "type": "plugin", "name": "Login As Users", "slug": "login-as-users", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88d9f0b1-040d-4f95-95dd-021ceb0cdb39?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88db56a6-8e4c-4ef8-b51a-a2744c3132e2": { "id": "88db56a6-8e4c-4ef8-b51a-a2744c3132e2", "title": "File Manager <= 7.2.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 7.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88db56a6-8e4c-4ef8-b51a-a2744c3132e2?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88dc08ff-3966-4606-855c-57c25552599e": { "id": "88dc08ff-3966-4606-855c-57c25552599e", "title": "WP Events Manager <= 2.1.11 - Authenticated (Subscriber+) Time-Based SQL Injection", "software": [ { "type": "plugin", "name": "WP Events Manager", "slug": "wp-events-manager", "affected_versions": { "* - 2.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88dc08ff-3966-4606-855c-57c25552599e?source=api-scan" ], "published": "2024-08-30 19:50:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88dc4a77-0d81-4d90-9a43-cc4d3055e39c": { "id": "88dc4a77-0d81-4d90-9a43-cc4d3055e39c", "title": "Quiz And Survey Master <= 8.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88dc4a77-0d81-4d90-9a43-cc4d3055e39c?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88e74cb2-7b6f-43ac-bb30-4763c5afe493": { "id": "88e74cb2-7b6f-43ac-bb30-4763c5afe493", "title": "Geo Mashup <= 1.13.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via geo_mashup_visible_posts_list Shortcode", "software": [ { "type": "plugin", "name": "Geo Mashup", "slug": "geo-mashup", "affected_versions": { "* - 1.13.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88e74cb2-7b6f-43ac-bb30-4763c5afe493?source=api-scan" ], "published": "2024-09-30 18:40:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88f1eb9a-f3bb-4b62-975f-a6cb95850966": { "id": "88f1eb9a-f3bb-4b62-975f-a6cb95850966", "title": "File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload", "software": [ { "type": "plugin", "name": "File Manager Pro", "slug": "wp-file-manager-pro", "affected_versions": { "* - 8.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88f2fa28-5bb2-4633-b2bc-27cc6a4e304c": { "id": "88f2fa28-5bb2-4633-b2bc-27cc6a4e304c", "title": "Easy Accordion \u2013 Best Accordion FAQ Plugin for WordPress <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Accordion \u2013 Responsive Accordion FAQ Builder and Product FAQ", "slug": "easy-accordion-free", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88f2fa28-5bb2-4633-b2bc-27cc6a4e304c?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88f447d5-990f-4d86-93a3-fd11b63af408": { "id": "88f447d5-990f-4d86-93a3-fd11b63af408", "title": "Custom Product Tabs Lite for WooCommerce <= 1.7.6 - Authenticated (Store Manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Product Tabs Lite for WooCommerce", "slug": "woocommerce-custom-product-tabs-lite", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88f447d5-990f-4d86-93a3-fd11b63af408?source=api-scan" ], "published": "2022-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88f4c567-eb57-4f98-afdc-65f8863b90c3": { "id": "88f4c567-eb57-4f98-afdc-65f8863b90c3", "title": "WordPress Job Board and Recruitment Plugin \u2013 JobWP <= 2.0 - Arbitrary File Upload via 'jobwp_upload_resume'", "software": [ { "type": "plugin", "name": "WordPress Job Board and Recruitment Plugin \u2013 JobWP", "slug": "jobwp", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88f4c567-eb57-4f98-afdc-65f8863b90c3?source=api-scan" ], "published": "2023-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88f6a24f-f14a-4d0a-be5a-f8c84910b4fc": { "id": "88f6a24f-f14a-4d0a-be5a-f8c84910b4fc", "title": "Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.29": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.230" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88f78dd8-f720-4c10-98e8-bd7d522c3ceb": { "id": "88f78dd8-f720-4c10-98e8-bd7d522c3ceb", "title": "Dynamic Widgets <= 1.5.10 - Refletced Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dynamic Widgets", "slug": "dynamic-widgets", "affected_versions": { "[*, 1.5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88f78dd8-f720-4c10-98e8-bd7d522c3ceb?source=api-scan" ], "published": "2015-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88f90762-2d2b-4a31-ac8d-324eab702727": { "id": "88f90762-2d2b-4a31-ac8d-324eab702727", "title": "PowerPack Lite for Beaver Builder <= 1.3.0.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack Lite for Beaver Builder", "slug": "powerpack-addon-for-beaver-builder", "affected_versions": { "* - 1.3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88f90762-2d2b-4a31-ac8d-324eab702727?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88f9f4db-b15b-43d4-918a-a4c83e5735d1": { "id": "88f9f4db-b15b-43d4-918a-a4c83e5735d1", "title": "Video Gallery \u2013 YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 Best WordPress YouTube Gallery Plugin", "slug": "gallery-videos", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88f9f4db-b15b-43d4-918a-a4c83e5735d1?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88fb7e43-26b1-44e4-864a-e6bd6f2c48fa": { "id": "88fb7e43-26b1-44e4-864a-e6bd6f2c48fa", "title": "Featured Image from URL <= 4.8.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Featured Image from URL (FIFU)", "slug": "featured-image-from-url", "affected_versions": { "* - 4.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88fb7e43-26b1-44e4-864a-e6bd6f2c48fa?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88fdd087-4bce-4ead-bc78-c6bdbaa70d9c": { "id": "88fdd087-4bce-4ead-bc78-c6bdbaa70d9c", "title": "WooCommerce Amazon Pay 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Amazon Pay", "slug": "woocommerce-gateway-amazon-payments-advanced", "affected_versions": { "2.0.0": { "from_version": "2.0.0", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88fdd087-4bce-4ead-bc78-c6bdbaa70d9c?source=api-scan" ], "published": "2021-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "88fe46bf-8e85-4550-92ad-bdd426e5a745": { "id": "88fe46bf-8e85-4550-92ad-bdd426e5a745", "title": "Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Theme Editor", "slug": "theme-editor", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/88fe46bf-8e85-4550-92ad-bdd426e5a745?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89058e5a-0f67-4162-ba3b-0a4353d1e0a9": { "id": "89058e5a-0f67-4162-ba3b-0a4353d1e0a9", "title": "Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Podlove Subscribe button", "slug": "podlove-subscribe-button", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89058e5a-0f67-4162-ba3b-0a4353d1e0a9?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8909dafa-3383-405e-a264-f0770e6714a4": { "id": "8909dafa-3383-405e-a264-f0770e6714a4", "title": "Fluent Support <= 1.7.6 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Fluent Support \u2013 Helpdesk & Customer Support Ticket System", "slug": "fluent-support", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8909dafa-3383-405e-a264-f0770e6714a4?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "890bcce2-18c2-4df8-a945-0c23437534fc": { "id": "890bcce2-18c2-4df8-a945-0c23437534fc", "title": "ColibriWP Theme framework <= (Various Versions) - Missing Authorization", "software": [ { "type": "theme", "name": "Colibri WP", "slug": "colibri-wp", "affected_versions": { "* - 1.0.94": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.94", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.99" ] }, { "type": "theme", "name": "Elevate WP", "slug": "elevate-wp", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.17" ] }, { "type": "theme", "name": "Calliope", "slug": "calliope", "affected_versions": { "* - 1.0.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.35" ] }, { "type": "theme", "name": "Teluro", "slug": "teluro", "affected_versions": { "* - 1.0.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.36" ] }, { "type": "theme", "name": "Althea WP", "slug": "althea-wp", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] }, { "type": "theme", "name": "Hugo WP", "slug": "hugo-wp", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] }, { "type": "theme", "name": "Pathway", "slug": "pathway", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] }, { "type": "theme", "name": "Brite", "slug": "brite", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.15" ] }, { "type": "theme", "name": "Vertice", "slug": "vertice", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "890f83dc-d8d2-4fb2-a04a-c7b70d104b49": { "id": "890f83dc-d8d2-4fb2-a04a-c7b70d104b49", "title": "Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Export Post Info", "slug": "export-post-info", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/890f83dc-d8d2-4fb2-a04a-c7b70d104b49?source=api-scan" ], "published": "2022-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8910b6f0-1bf4-4ac0-93b7-54db7c15392c": { "id": "8910b6f0-1bf4-4ac0-93b7-54db7c15392c", "title": "Master Addons for Elementor <= 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8910b6f0-1bf4-4ac0-93b7-54db7c15392c?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8910d60c-45be-41a1-86fb-a0d60a78e660": { "id": "8910d60c-45be-41a1-86fb-a0d60a78e660", "title": "WordPress Landing Pages <= 2.2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Landing Pages", "slug": "landing-pages", "affected_versions": { "[*, 2.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8910d60c-45be-41a1-86fb-a0d60a78e660?source=api-scan" ], "published": "2016-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8911642f-6061-42a1-b733-8cc44b2870f1": { "id": "8911642f-6061-42a1-b733-8cc44b2870f1", "title": "Ultimate Member <= 1.3.75 - Missing Authorization to Password Reset", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 1.3.75": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8911642f-6061-42a1-b733-8cc44b2870f1?source=api-scan" ], "published": "2016-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "891a625e-8248-4d21-a796-bf0cff6fc253": { "id": "891a625e-8248-4d21-a796-bf0cff6fc253", "title": "ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery to Campaign Deletion", "software": [ { "type": "plugin", "name": "ENL Newsletter", "slug": "enl-newsletter", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/891a625e-8248-4d21-a796-bf0cff6fc253?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89209bcb-c74d-4bf9-b1a8-5b529f4d73be": { "id": "89209bcb-c74d-4bf9-b1a8-5b529f4d73be", "title": "Software License Manager <= 4.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Software License Manager", "slug": "software-license-manager", "affected_versions": { "[*, 4.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89209bcb-c74d-4bf9-b1a8-5b529f4d73be?source=api-scan" ], "published": "2021-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8921ea7f-5e27-4f05-b338-1c16366a8c8e": { "id": "8921ea7f-5e27-4f05-b338-1c16366a8c8e", "title": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8921ea7f-5e27-4f05-b338-1c16366a8c8e?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "892372c9-380c-43b2-b928-b5964574c414": { "id": "892372c9-380c-43b2-b928-b5964574c414", "title": "Wp Ultimate Review <= 2.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Ultimate Review", "slug": "wp-ultimate-review", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/892372c9-380c-43b2-b928-b5964574c414?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8925157c-8642-4cbc-89e3-fb2ac148eee6": { "id": "8925157c-8642-4cbc-89e3-fb2ac148eee6", "title": "Himer <= 2.1.0 - Cross-Site Request Forgery to Group Leave", "software": [ { "type": "theme", "name": "Himer - Social Questions and Answers WordPress Theme", "slug": "himer", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8925157c-8642-4cbc-89e3-fb2ac148eee6?source=api-scan" ], "published": "2024-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "892a1983-018b-480d-adab-29c32fd88be5": { "id": "892a1983-018b-480d-adab-29c32fd88be5", "title": "Photo Gallery by 10Web <= 1.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/892a1983-018b-480d-adab-29c32fd88be5?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "892fe839-57ca-45bc-aa9b-f1bf87994a77": { "id": "892fe839-57ca-45bc-aa9b-f1bf87994a77", "title": "Sticky Chat Widget <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sticky Chat Widget: Chat Icons, Contact form, Email, SMS, Call Button, Click to Chat, Social Chat Widget, Sticky Chat Buttons", "slug": "sticky-chat-widget", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/892fe839-57ca-45bc-aa9b-f1bf87994a77?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89321887-0116-47fb-b65b-008c9fb01b62": { "id": "89321887-0116-47fb-b65b-008c9fb01b62", "title": "WSB Brands <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via $logo", "software": [ { "type": "plugin", "name": "WSB Brands", "slug": "wsb-brands", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89321887-0116-47fb-b65b-008c9fb01b62?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "893500ba-cc16-4429-bbe1-725aa65589c9": { "id": "893500ba-cc16-4429-bbe1-725aa65589c9", "title": "Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization", "software": [ { "type": "plugin", "name": "JetSearch", "slug": "jet-search", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2.1" ] }, { "type": "plugin", "name": "JetTabs for Elementor", "slug": "jet-tabs", "affected_versions": { "* - 2.1.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.25.2" ] }, { "type": "plugin", "name": "JetBlog for Elementor", "slug": "jet-blog", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5.1" ] }, { "type": "plugin", "name": "JetThemeCore for Elementor", "slug": "jet-theme-core", "affected_versions": { "* - 2.1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2.2" ] }, { "type": "plugin", "name": "JetCompareWishlist for Elementor", "slug": "jet-compare-wishlist", "affected_versions": { "* - 1.5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5.2" ] }, { "type": "plugin", "name": "JetElements", "slug": "jet-elements", "affected_versions": { "* - 2.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.13.1" ] }, { "type": "plugin", "name": "JetPopup", "slug": "jet-popup", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2.1" ] }, { "type": "plugin", "name": "JetWooBuilder for Elementor", "slug": "jet-woo-builder", "affected_versions": { "* - 2.1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7.3" ] }, { "type": "plugin", "name": "JetReviews for Elementor", "slug": "jet-reviews", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2.1" ] }, { "type": "plugin", "name": "JetEngine", "slug": "jet-engine", "affected_versions": { "* - 3.2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5.2" ] }, { "type": "plugin", "name": "JetTricks for Elementor", "slug": "jet-tricks", "affected_versions": { "* - 1.4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6.2" ] }, { "type": "plugin", "name": "JetMenu for Elementor", "slug": "jet-menu", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] }, { "type": "plugin", "name": "JetBlocks for Elementor", "slug": "jet-blocks", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8.1" ] }, { "type": "plugin", "name": "JetProductGallery", "slug": "jet-woo-product-gallery", "affected_versions": { "* - 2.1.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.13.2" ] }, { "type": "plugin", "name": "JetSmartFilters for Elementor", "slug": "jet-smart-filters", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89384b42-8c66-469d-a7d2-1c50c89cfe7e": { "id": "89384b42-8c66-469d-a7d2-1c50c89cfe7e", "title": "WP DS Blog Map <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP DS Blog Map", "slug": "wp-ds-blog-map", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89384b42-8c66-469d-a7d2-1c50c89cfe7e?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8938c153-0640-418b-87ab-ae65d6c80b97": { "id": "8938c153-0640-418b-87ab-ae65d6c80b97", "title": "All 404 Redirect to Homepage < 1.21 - Reflected Cross-Site Scripting via tab Parameter", "software": [ { "type": "plugin", "name": "All 404 Redirect to Homepage", "slug": "all-404-redirect-to-homepage", "affected_versions": { "[*, 1.21)": { "from_version": "*", "from_inclusive": true, "to_version": "1.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8938c153-0640-418b-87ab-ae65d6c80b97?source=api-scan" ], "published": "2021-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89409461-c87e-4882-bf53-cc789e459b4f": { "id": "89409461-c87e-4882-bf53-cc789e459b4f", "title": "Wp-D3 <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Wp-D3", "slug": "wp-d3", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89409461-c87e-4882-bf53-cc789e459b4f?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8945128b-79b7-46c7-b981-78e6619d3f63": { "id": "8945128b-79b7-46c7-b981-78e6619d3f63", "title": "WPSID Shortcode <= 1.0.9.2 - Open Redirect", "software": [ { "type": "plugin", "name": "WPSID Shortcode", "slug": "wpsid-shortcode", "affected_versions": { "* - 1.0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8945128b-79b7-46c7-b981-78e6619d3f63?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89458095-2efe-4162-961a-7dc80852d312": { "id": "89458095-2efe-4162-961a-7dc80852d312", "title": "Booster Extension <= 1.2.0 - Basic Information Exposure via booster_extension_authorbox_shortcode_display", "software": [ { "type": "plugin", "name": "Booster Extension", "slug": "booster-extension", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89458095-2efe-4162-961a-7dc80852d312?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8945cd7a-4185-4f0f-b56b-8ddd193dfed7": { "id": "8945cd7a-4185-4f0f-b56b-8ddd193dfed7", "title": "Gallery Images Ape <= 1.6.14 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Images Ape", "slug": "gallery-images-ape", "affected_versions": { "* - 1.6.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8945cd7a-4185-4f0f-b56b-8ddd193dfed7?source=api-scan" ], "published": "2019-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89489218-263f-4157-a5cd-a12bc6a0dfe6": { "id": "89489218-263f-4157-a5cd-a12bc6a0dfe6", "title": "Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89489218-263f-4157-a5cd-a12bc6a0dfe6?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "894c875a-078f-4c1f-83d2-4a6e4a309c3e": { "id": "894c875a-078f-4c1f-83d2-4a6e4a309c3e", "title": "Dokan <= 3.0.8 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Dokan \u2013 Powerful WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy", "slug": "dokan-lite", "affected_versions": { "[*, 3.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/894c875a-078f-4c1f-83d2-4a6e4a309c3e?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8950b98d-7e7d-4cad-bb3d-d7a5d8edbdf5": { "id": "8950b98d-7e7d-4cad-bb3d-d7a5d8edbdf5", "title": "ARMember Premium <= 5.5.1 - Privilege Escalation", "software": [ { "type": "plugin", "name": "ARMember Premium \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember", "affected_versions": { "* - 5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8950b98d-7e7d-4cad-bb3d-d7a5d8edbdf5?source=api-scan" ], "published": "2022-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89525af0-105a-4d7d-93d1-af724a837e7a": { "id": "89525af0-105a-4d7d-93d1-af724a837e7a", "title": "Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Grid", "slug": "logo-showcase-ultimate", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89525af0-105a-4d7d-93d1-af724a837e7a?source=api-scan" ], "published": "2024-08-26 19:28:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8957413c-95e0-49c8-ba8a-02b9b5141e08": { "id": "8957413c-95e0-49c8-ba8a-02b9b5141e08", "title": "WordPress Infinite Scroll \u2013 Ajax Load More <= 5.5.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8957413c-95e0-49c8-ba8a-02b9b5141e08?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89584034-4a93-42a6-8fef-55dc3895c45c": { "id": "89584034-4a93-42a6-8fef-55dc3895c45c", "title": "Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via Job Application Fields", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89584034-4a93-42a6-8fef-55dc3895c45c?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89586fcc-f0f6-4f44-841b-04eee64c0ab3": { "id": "89586fcc-f0f6-4f44-841b-04eee64c0ab3", "title": "Pie Register <= 3.8.3.2 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "* - 3.8.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89586fcc-f0f6-4f44-841b-04eee64c0ab3?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "895d882b-f4ca-4837-9d8e-aca04c3fb9e3": { "id": "895d882b-f4ca-4837-9d8e-aca04c3fb9e3", "title": "Page View Count <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page View Count", "slug": "page-views-count", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/895d882b-f4ca-4837-9d8e-aca04c3fb9e3?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "895e9ead-14d8-432b-81dd-4d292eee462a": { "id": "895e9ead-14d8-432b-81dd-4d292eee462a", "title": "Salutation < 3.0.16 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Salutation", "slug": "salutation-wp", "affected_versions": { "[*, 3.0.16)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/895e9ead-14d8-432b-81dd-4d292eee462a?source=api-scan" ], "published": "2017-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "895f2db1-a2ed-4a17-a4f6-cd13ee8f84af": { "id": "895f2db1-a2ed-4a17-a4f6-cd13ee8f84af", "title": "Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Better Search Replace", "slug": "better-search-replace", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89614950-8517-4765-886a-1aa30a2f052e": { "id": "89614950-8517-4765-886a-1aa30a2f052e", "title": "Paid Member Subscriptions <= 2.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction", "slug": "paid-member-subscriptions", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89614950-8517-4765-886a-1aa30a2f052e?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89620065-b961-49c9-a662-bee300b5da72": { "id": "89620065-b961-49c9-a662-bee300b5da72", "title": "Lightspeed <= 1.1.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Lightspeed", "slug": "lightspeed", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89620065-b961-49c9-a662-bee300b5da72?source=api-scan" ], "published": "2013-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08": { "id": "8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08", "title": "Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Event Manager", "slug": "quick-event-manager", "affected_versions": { "* - 9.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89635463-966d-4f7d-995d-ad83a502d95b": { "id": "89635463-966d-4f7d-995d-ad83a502d95b", "title": "Remove Schema <= 1.5 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Remove Schema", "slug": "remove-schema", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89635463-966d-4f7d-995d-ad83a502d95b?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89655e84-acb5-40f2-a22f-a483a1bb29df": { "id": "89655e84-acb5-40f2-a22f-a483a1bb29df", "title": "NEX-Forms <= 7.9.6 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 7.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89655e84-acb5-40f2-a22f-a483a1bb29df?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "896a038f-fe54-4120-842e-093ef236a898": { "id": "896a038f-fe54-4120-842e-093ef236a898", "title": "Social Sharing Plugin \u2013 Kiwi <= 2.1.7 - Information Disclosure", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Kiwi", "slug": "kiwi-social-share", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/896a038f-fe54-4120-842e-093ef236a898?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "897824d0-17cc-4322-bcd9-5e41d141bf62": { "id": "897824d0-17cc-4322-bcd9-5e41d141bf62", "title": "Visual Form Builder <= 3.0.6 - Admin+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Form Builder", "slug": "visual-form-builder", "affected_versions": { "[*, 3.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/897824d0-17cc-4322-bcd9-5e41d141bf62?source=api-scan" ], "published": "2022-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8981ab1d-5957-444c-a5f1-57317a2e8395": { "id": "8981ab1d-5957-444c-a5f1-57317a2e8395", "title": "MyAlice \u2013 Live Chat, WhatsApp, Facebook Messenger, Instagram, & Chatbot for WooCommerce <= 1.2.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Live Chat Helpdesk \u2013 MyAlice", "slug": "myaliceai", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8981ab1d-5957-444c-a5f1-57317a2e8395?source=api-scan" ], "published": "2022-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "898af9aa-72c4-46a6-afc2-76dd17672fbc": { "id": "898af9aa-72c4-46a6-afc2-76dd17672fbc", "title": "Quick\/Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick\/Bulk Order Form for WooCommerce", "slug": "woocommerce-bulk-order-form", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/898af9aa-72c4-46a6-afc2-76dd17672fbc?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "898ba68f-2b0c-462a-87ee-272ee624396e": { "id": "898ba68f-2b0c-462a-87ee-272ee624396e", "title": "Jock on air now <= 5.6.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Jock On Air Now", "slug": "joan", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/898ba68f-2b0c-462a-87ee-272ee624396e?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "898c2851-27e9-493a-96c7-b6be1c1f5c7f": { "id": "898c2851-27e9-493a-96c7-b6be1c1f5c7f", "title": "Login by Auth0 3.11.0 - 3.11.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login by Auth0", "slug": "auth0", "affected_versions": { "3.11.0 - 3.11.2": { "from_version": "3.11.0", "from_inclusive": true, "to_version": "3.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/898c2851-27e9-493a-96c7-b6be1c1f5c7f?source=api-scan" ], "published": "2020-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89904362-4ac2-450a-89ac-8935fdb4976d": { "id": "89904362-4ac2-450a-89ac-8935fdb4976d", "title": "Simple Dropbox Upload < 1.8.8.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Simple Dropbox Upload", "slug": "simple-dropbox-upload-form", "affected_versions": { "[*, 1.8.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89904362-4ac2-450a-89ac-8935fdb4976d?source=api-scan" ], "published": "2013-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89a02485-a2a5-467d-ad19-6b267059389d": { "id": "89a02485-a2a5-467d-ad19-6b267059389d", "title": "WP-EMail <= 2.68.2 - Spam Protection Bypass", "software": [ { "type": "plugin", "name": "WP-EMail", "slug": "wp-email", "affected_versions": { "[*, 2.69.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.69.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.69.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89a02485-a2a5-467d-ad19-6b267059389d?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89a15f3d-8aa7-4f74-841e-f53347c02dc5": { "id": "89a15f3d-8aa7-4f74-841e-f53347c02dc5", "title": "Page Builder Sandwich \u2013 Front-End Page Builder <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin", "slug": "page-builder-sandwich", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89a15f3d-8aa7-4f74-841e-f53347c02dc5?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89a23d5a-7728-403e-b654-595d92c20b66": { "id": "89a23d5a-7728-403e-b654-595d92c20b66", "title": "eRoom \u2013 Zoom Meetings & Webinar <= 1.3.7 - Unauthorized Setting Update", "software": [ { "type": "plugin", "name": "eRoom \u2013 Zoom Meetings & Webinars", "slug": "eroom-zoom-meetings-webinar", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89a23d5a-7728-403e-b654-595d92c20b66?source=api-scan" ], "published": "2022-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89a44d42-a110-4f55-ad27-2be4ccb41a16": { "id": "89a44d42-a110-4f55-ad27-2be4ccb41a16", "title": "Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 2.9.55.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.55.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.55.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89a44d42-a110-4f55-ad27-2be4ccb41a16?source=api-scan" ], "published": "2016-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89a6aab0-e85b-4604-b911-03a01c5cca13": { "id": "89a6aab0-e85b-4604-b911-03a01c5cca13", "title": "wpForo Forum <= 1.6.5 - Cross-Site Scripting via wpf-dw-td-value class", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89a6aab0-e85b-4604-b911-03a01c5cca13?source=api-scan" ], "published": "2020-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89a98053-33c7-4e75-87a1-0f483a990641": { "id": "89a98053-33c7-4e75-87a1-0f483a990641", "title": "Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89a98053-33c7-4e75-87a1-0f483a990641?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89a9d925-6ca3-481f-ba7d-ea9869d51b52": { "id": "89a9d925-6ca3-481f-ba7d-ea9869d51b52", "title": "GiveWP <= 2.23.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.23.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89a9d925-6ca3-481f-ba7d-ea9869d51b52?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89b528f7-42a7-4b6a-b3f7-3176b91e0dfe": { "id": "89b528f7-42a7-4b6a-b3f7-3176b91e0dfe", "title": "Jeeng Push Notifications <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jeeng Push Notifications", "slug": "jeeng-push-notifications", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89b528f7-42a7-4b6a-b3f7-3176b91e0dfe?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89bc17fd-14e8-4210-8cf7-a043d1ea9c22": { "id": "89bc17fd-14e8-4210-8cf7-a043d1ea9c22", "title": "Simple PDF Viewer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode", "software": [ { "type": "plugin", "name": "Simple PDF Viewer", "slug": "simple-pdf-viewer", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89bc17fd-14e8-4210-8cf7-a043d1ea9c22?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89bdd732-a9ee-4ab8-a70e-195b92142fe1": { "id": "89bdd732-a9ee-4ab8-a70e-195b92142fe1", "title": "Video Conferencing with Zoom <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Video Conferencing with Zoom", "slug": "video-conferencing-with-zoom-api", "affected_versions": { "* - 4.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89bdd732-a9ee-4ab8-a70e-195b92142fe1?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89c32230-99e4-4d08-8afb-8f6f8bf94eab": { "id": "89c32230-99e4-4d08-8afb-8f6f8bf94eab", "title": "Simple Fields <= 1.4.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Fields", "slug": "simple-fields", "affected_versions": { "[*, 1.4.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89c32230-99e4-4d08-8afb-8f6f8bf94eab?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89c588e4-2f42-4ec5-8d05-3b45b23066c5": { "id": "89c588e4-2f42-4ec5-8d05-3b45b23066c5", "title": "ThreeWP Email Reflector < 1.16 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ThreeWP Email Reflector", "slug": "threewp-email-reflector", "affected_versions": { "[*, 1.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89c588e4-2f42-4ec5-8d05-3b45b23066c5?source=api-scan" ], "published": "2012-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89ca9214-145e-43c6-a642-7c371f635332": { "id": "89ca9214-145e-43c6-a642-7c371f635332", "title": "JTRT Responsive Tables <= 4.1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "JTRT Responsive Tables", "slug": "jtrt-responsive-tables", "affected_versions": { "* - 4.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89ca9214-145e-43c6-a642-7c371f635332?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89cbe41d-3765-4061-8ef6-b63556a5677c": { "id": "89cbe41d-3765-4061-8ef6-b63556a5677c", "title": "Site Notes <= 2.0.0 - Cross-Site Request Forgery to Admin Note Deletion", "software": [ { "type": "plugin", "name": "Site Notes", "slug": "site-notes", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89cbe41d-3765-4061-8ef6-b63556a5677c?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89d3a9da-2496-4f75-ad8f-65629f198fe5": { "id": "89d3a9da-2496-4f75-ad8f-65629f198fe5", "title": "Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Event Espresso \u2013 Event Registration & Ticketing Sales", "slug": "event-espresso-decaf", "affected_versions": { "* - 4.10.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89d3a9da-2496-4f75-ad8f-65629f198fe5?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89d42a87-6adc-43e6-868f-b9b2c51ed8e0": { "id": "89d42a87-6adc-43e6-868f-b9b2c51ed8e0", "title": "Feather Login Page <= 1.1.5 - Cross-Site Request Forgery via saveData()", "software": [ { "type": "plugin", "name": "Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha", "slug": "feather-login-page", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89d42a87-6adc-43e6-868f-b9b2c51ed8e0?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89dab433-91e9-4500-ab40-f4b500e66983": { "id": "89dab433-91e9-4500-ab40-f4b500e66983", "title": "Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "* - 6.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89dab433-91e9-4500-ab40-f4b500e66983?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89dbf14f-1cc8-4a66-b3d3-3568cba9a0aa": { "id": "89dbf14f-1cc8-4a66-b3d3-3568cba9a0aa", "title": "Live Preview for Contact Form 7 <= 1.2.0 - Missing Authorization via update_option", "software": [ { "type": "plugin", "name": "Live Preview for Contact Form 7", "slug": "cf7-live-preview", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89dbf14f-1cc8-4a66-b3d3-3568cba9a0aa?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89dec659-5427-46bb-8250-1e4a132611df": { "id": "89dec659-5427-46bb-8250-1e4a132611df", "title": "WP Google Maps <= 9.0.29 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.29": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89dec659-5427-46bb-8250-1e4a132611df?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89ea4709-f637-4932-9dbd-8b3fccab45a8": { "id": "89ea4709-f637-4932-9dbd-8b3fccab45a8", "title": "Featured Image from URL (FIFU) <= 4.0.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Featured Image from URL (FIFU)", "slug": "featured-image-from-url", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89ea4709-f637-4932-9dbd-8b3fccab45a8?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89ed1f07-a230-4478-b6d4-7f74c9dd7656": { "id": "89ed1f07-a230-4478-b6d4-7f74c9dd7656", "title": "Twitget <= 3.3.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Twitget", "slug": "twitget", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89ed1f07-a230-4478-b6d4-7f74c9dd7656?source=api-scan" ], "published": "2014-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89ee5d27-9123-4fd2-94f8-4395db5663ec": { "id": "89ee5d27-9123-4fd2-94f8-4395db5663ec", "title": "Quiz And Survey Master <= 8.1.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89ee5d27-9123-4fd2-94f8-4395db5663ec?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89f57714-7643-4839-9932-7a2918dc7127": { "id": "89f57714-7643-4839-9932-7a2918dc7127", "title": "YARPP <= 5.30.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "YARPP \u2013 Yet Another Related Posts Plugin", "slug": "yet-another-related-posts-plugin", "affected_versions": { "* - 5.30.10": { "from_version": "*", "from_inclusive": true, "to_version": "5.30.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89f57714-7643-4839-9932-7a2918dc7127?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89f6f1cd-91ab-416b-b76b-162b3b29d752": { "id": "89f6f1cd-91ab-416b-b76b-162b3b29d752", "title": "JS Help Desk <= 2.7.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89f6f1cd-91ab-416b-b76b-162b3b29d752?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "89fc8407-3d1f-4b1b-9b4c-13c0da928231": { "id": "89fc8407-3d1f-4b1b-9b4c-13c0da928231", "title": "PB SEO Friendly Images <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PB SEO Friendly Images", "slug": "pb-seo-friendly-images", "affected_versions": { "* - 4.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/89fc8407-3d1f-4b1b-9b4c-13c0da928231?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a01ed06-4b48-4958-9990-469bf43d3e00": { "id": "8a01ed06-4b48-4958-9990-469bf43d3e00", "title": "GuCherry Blog <= 1.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "GuCherry Blog", "slug": "gucherry-blog", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a01ed06-4b48-4958-9990-469bf43d3e00?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a02f5b1-5f0a-45f7-925c-1837a47dd051": { "id": "8a02f5b1-5f0a-45f7-925c-1837a47dd051", "title": "UDesign <= 4.7.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "uDesign - Responsive WordPress Theme", "slug": "u-design", "affected_versions": { "* - 4.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a02f5b1-5f0a-45f7-925c-1837a47dd051?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a052ca1-2c2c-4c8a-9213-5f01b0fa70dd": { "id": "8a052ca1-2c2c-4c8a-9213-5f01b0fa70dd", "title": "Limit Login Attempts Reloaded <= 2.15.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limit Login Attempts Reloaded", "slug": "limit-login-attempts-reloaded", "affected_versions": { "* - 2.15.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.17.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a052ca1-2c2c-4c8a-9213-5f01b0fa70dd?source=api-scan" ], "published": "2020-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a07d293-4c50-4be0-955f-b7c4a0eaef4b": { "id": "8a07d293-4c50-4be0-955f-b7c4a0eaef4b", "title": "Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Arconix Shortcodes", "slug": "arconix-shortcodes", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.11" ] }, { "type": "plugin", "name": "Arconix FAQ", "slug": "arconix-faq", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] }, { "type": "plugin", "name": "Print Invoice & Delivery Notes for WooCommerce", "slug": "woocommerce-delivery-notes", "affected_versions": { "* - 4.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a07d293-4c50-4be0-955f-b7c4a0eaef4b?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a1179bc-6f8d-4223-a80b-9834adc08d3b": { "id": "8a1179bc-6f8d-4223-a80b-9834adc08d3b", "title": "ark-commenteditor <= 2.15.6 - iframe Injection", "software": [ { "type": "plugin", "name": "ark-commenteditor", "slug": "ark-wysiwyg-comment-editor", "affected_versions": { "* - 2.15.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a1179bc-6f8d-4223-a80b-9834adc08d3b?source=api-scan" ], "published": "2021-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a11c169-a232-49a9-80be-40d45d0c6dc0": { "id": "8a11c169-a232-49a9-80be-40d45d0c6dc0", "title": "Frontend File Manager Plugin < 3.6 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a11c169-a232-49a9-80be-40d45d0c6dc0?source=api-scan" ], "published": "2014-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a15ab92-2142-43cb-9600-f4cfa164de31": { "id": "8a15ab92-2142-43cb-9600-f4cfa164de31", "title": "Active Directory Integration \/ LDAP Integration <= 4.1.9 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Active Directory Integration \/ LDAP Integration", "slug": "ldap-login-for-intranet-sites", "affected_versions": { "* - 4.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a15ab92-2142-43cb-9600-f4cfa164de31?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a19b102-e097-46b3-9804-71edb91b3daa": { "id": "8a19b102-e097-46b3-9804-71edb91b3daa", "title": "SEO ALert <= 1.5.9 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO ALert", "slug": "seo-alert", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a19b102-e097-46b3-9804-71edb91b3daa?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a1d90f6-40fc-40b5-a46c-9ba9ac2fc1b5": { "id": "8a1d90f6-40fc-40b5-a46c-9ba9ac2fc1b5", "title": "Search Meter <= 2.13.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Search Meter", "slug": "search-meter", "affected_versions": { "[*, 2.13.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a1d90f6-40fc-40b5-a46c-9ba9ac2fc1b5?source=api-scan" ], "published": "2020-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a20f582-10e7-4530-8d3c-9bc1e844badd": { "id": "8a20f582-10e7-4530-8d3c-9bc1e844badd", "title": "GiveWP <= 2.23.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.23.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a20f582-10e7-4530-8d3c-9bc1e844badd?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a2186c9-fa27-4d7d-be41-c82711c49334": { "id": "8a2186c9-fa27-4d7d-be41-c82711c49334", "title": "WP User Frontend < 2.3.11 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "[*, 2.3.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a2186c9-fa27-4d7d-be41-c82711c49334?source=api-scan" ], "published": "2016-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a22873f-6f09-4183-92c5-a84e0d378920": { "id": "8a22873f-6f09-4183-92c5-a84e0d378920", "title": "WP Pocket URLs <= 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Pocket URLs", "slug": "wp-pocket-urls", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a22873f-6f09-4183-92c5-a84e0d378920?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a23622a-f217-4e66-b3aa-1a6a701ed925": { "id": "8a23622a-f217-4e66-b3aa-1a6a701ed925", "title": "Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Product Carousel Slider & Grid Ultimate for WooCommerce", "slug": "woo-product-carousel-slider-and-grid-ultimate", "affected_versions": { "* - 1.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a23622a-f217-4e66-b3aa-1a6a701ed925?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a253b04-bbe9-42d1-b6d9-1a62ad37855c": { "id": "8a253b04-bbe9-42d1-b6d9-1a62ad37855c", "title": "WassUp Real Time Analytics <= 1.9.4.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WassUp Real Time Analytics", "slug": "wassup", "affected_versions": { "* - 1.9.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a253b04-bbe9-42d1-b6d9-1a62ad37855c?source=api-scan" ], "published": "2020-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a27253d-bfc1-40b5-9da4-d16cc403ad41": { "id": "8a27253d-bfc1-40b5-9da4-d16cc403ad41", "title": "Taggbox <= 3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Tagbox \u2013 UGC Galleries, Social Media Widgets, User Reviews & Analytics", "slug": "taggbox-widget", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a27253d-bfc1-40b5-9da4-d16cc403ad41?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a297784-96cd-4135-a8f1-e50f3a0d71bd": { "id": "8a297784-96cd-4135-a8f1-e50f3a0d71bd", "title": "One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "One Click Order Re-Order", "slug": "one-click-order-reorder", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a297784-96cd-4135-a8f1-e50f3a0d71bd?source=api-scan" ], "published": "2024-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a2cd4d3-12d3-43bd-bde1-927b793f04a8": { "id": "8a2cd4d3-12d3-43bd-bde1-927b793f04a8", "title": "SKT Blocks \u2013 Gutenberg based Page Builder <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SKT Blocks \u2013 Gutenberg based Page Builder", "slug": "skt-blocks", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a2cd4d3-12d3-43bd-bde1-927b793f04a8?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a303875-ad8c-40ed-a3ab-4a63080c9845": { "id": "8a303875-ad8c-40ed-a3ab-4a63080c9845", "title": "MainWP Child <= 4.1.7.1 - SQL Injection via orderby, order Parameters", "software": [ { "type": "plugin", "name": "MainWP Child \u2013 Securely Connects to the MainWP Dashboard to Manage Multiple Sites", "slug": "mainwp-child", "affected_versions": { "[*, 4.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a303875-ad8c-40ed-a3ab-4a63080c9845?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a345197-d8ba-47ef-a88c-c9e45ddc0319": { "id": "8a345197-d8ba-47ef-a88c-c9e45ddc0319", "title": "Melhor Envio <= 2.11.19 - Cross-Site Request Forgery and Authenticated Settings Change", "software": [ { "type": "plugin", "name": "Melhor Envio", "slug": "melhor-envio-cotacao", "affected_versions": { "* - 2.11.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a345197-d8ba-47ef-a88c-c9e45ddc0319?source=api-scan" ], "published": "2022-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a36b98b-7197-434e-88ac-6fcfa34d6abb": { "id": "8a36b98b-7197-434e-88ac-6fcfa34d6abb", "title": "Photo Feed <= 2.2.1 - Reflected Cross-Site Scripting via pf-gid", "software": [ { "type": "plugin", "name": "Photo Feed", "slug": "photo-feed", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a36b98b-7197-434e-88ac-6fcfa34d6abb?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a377ac8-7ef2-4450-9987-4d5c66378023": { "id": "8a377ac8-7ef2-4450-9987-4d5c66378023", "title": "Ad Inserter \u2013 Ad Manager & AdSense Ads < 1.5.3 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a377ac8-7ef2-4450-9987-4d5c66378023?source=api-scan" ], "published": "2015-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a3da2af-2273-44ff-addd-1ac8a75e1c3d": { "id": "8a3da2af-2273-44ff-addd-1ac8a75e1c3d", "title": "All in One Social Lite <= 1.0 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "All in One Social Lite", "slug": "all-in-one-social-lite", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a3da2af-2273-44ff-addd-1ac8a75e1c3d?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a41f96d-216f-4e5a-a28d-665b052666fb": { "id": "8a41f96d-216f-4e5a-a28d-665b052666fb", "title": "Amelia <= 1.0.75 - Unauthenticated Reflected Cross-Site Scripting via 'code'", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.75": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a41f96d-216f-4e5a-a28d-665b052666fb?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a43db90-2a9e-4223-bf55-fef1a6bb2280": { "id": "8a43db90-2a9e-4223-bf55-fef1a6bb2280", "title": "Simple Giveaways <= 2.36.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests", "slug": "giveasap", "affected_versions": { "[*, 2.36.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.36.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.36.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a43db90-2a9e-4223-bf55-fef1a6bb2280?source=api-scan" ], "published": "2021-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a43ec32-ed48-4590-8fef-c4f460ffcabc": { "id": "8a43ec32-ed48-4590-8fef-c4f460ffcabc", "title": "DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Missing Authorization to Blog Data Export", "software": [ { "type": "plugin", "name": "DeMomentSomTres WordPress Export Posts With Images", "slug": "demomentsomtres-wp-export", "affected_versions": { "* - 20220825": { "from_version": "*", "from_inclusive": true, "to_version": "20220825", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a43ec32-ed48-4590-8fef-c4f460ffcabc?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a48f82a-761b-4b7a-a51e-0f9c780e0306": { "id": "8a48f82a-761b-4b7a-a51e-0f9c780e0306", "title": "IFrame Admin Pages <= 0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IFrame Admin Pages", "slug": "iframe-admin-pages", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a48f82a-761b-4b7a-a51e-0f9c780e0306?source=api-scan" ], "published": "2012-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a4ae629-51c8-4acc-bf95-fb0282e88383": { "id": "8a4ae629-51c8-4acc-bf95-fb0282e88383", "title": "wpDataTables (Premium) <= 1.5.3 - SQL Injection", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a4ae629-51c8-4acc-bf95-fb0282e88383?source=api-scan" ], "published": "2014-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a4ee97c-63cd-4a5e-a112-6d4c4c627a57": { "id": "8a4ee97c-63cd-4a5e-a112-6d4c4c627a57", "title": "GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GN Publisher: Google News Compatible RSS Feeds", "slug": "gn-publisher", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a52bf70-667b-400f-8912-75fae20a3f5b": { "id": "8a52bf70-667b-400f-8912-75fae20a3f5b", "title": "Checkout Mestres WP <= 7.1.9.6 - Missing Authorization to Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Checkout Mestres do WP for WooCommerce", "slug": "checkout-mestres-wp", "affected_versions": { "* - 7.1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a52bf70-667b-400f-8912-75fae20a3f5b?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a530a55-44d7-4f78-9cbd-513ef290908a": { "id": "8a530a55-44d7-4f78-9cbd-513ef290908a", "title": "Responsive Pricing Table <= 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Pricing Table", "slug": "dk-pricr-responsive-pricing-table", "affected_versions": { "* - 5.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a530a55-44d7-4f78-9cbd-513ef290908a?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a539a4e-f4df-46c7-83c2-9f189f081405": { "id": "8a539a4e-f4df-46c7-83c2-9f189f081405", "title": "WP Fusion Lite <= 3.37.18 \u2013 Cross-Site Request Forgery to Data Deletion", "software": [ { "type": "plugin", "name": "WP Fusion Lite \u2013 Marketing Automation and CRM Integration for WordPress", "slug": "wp-fusion-lite", "affected_versions": { "* - 3.37.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.37.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.37.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a539a4e-f4df-46c7-83c2-9f189f081405?source=api-scan" ], "published": "2021-08-06 17:51:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a56c38c-93ba-4e22-92b4-72d79ba8cca4": { "id": "8a56c38c-93ba-4e22-92b4-72d79ba8cca4", "title": "WP Database Error Manager <= 2.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP DB Error Manager", "slug": "wp-database-error-manager", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a56c38c-93ba-4e22-92b4-72d79ba8cca4?source=api-scan" ], "published": "2020-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a5bcf8f-9aa0-4a78-b3a8-21571700ea8b": { "id": "8a5bcf8f-9aa0-4a78-b3a8-21571700ea8b", "title": "Spam Free WordPress <= 1.9.3 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Spam Free WordPress", "slug": "spam-free-wordpress", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a5bcf8f-9aa0-4a78-b3a8-21571700ea8b?source=api-scan" ], "published": "2013-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a5bf903-9da0-46fd-8134-3abe8e97e3b4": { "id": "8a5bf903-9da0-46fd-8134-3abe8e97e3b4", "title": "GiveWP <= 2.10.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.10.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a5bf903-9da0-46fd-8134-3abe8e97e3b4?source=api-scan" ], "published": "2021-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a613e56-54c0-4bf5-b87f-0e4e507c1337": { "id": "8a613e56-54c0-4bf5-b87f-0e4e507c1337", "title": "FormBuilder < 1.08 - SQL Injection", "software": [ { "type": "plugin", "name": "FormBuilder", "slug": "formbuilder", "affected_versions": { "[*, 1.08)": { "from_version": "*", "from_inclusive": true, "to_version": "1.08", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.08" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a613e56-54c0-4bf5-b87f-0e4e507c1337?source=api-scan" ], "published": "2016-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a643fa1-afdb-4710-ba1c-3b226b4098bd": { "id": "8a643fa1-afdb-4710-ba1c-3b226b4098bd", "title": "Smart Forms <= 2.6.91 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "* - 2.6.91": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.92" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a643fa1-afdb-4710-ba1c-3b226b4098bd?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a68d036-9109-4bc0-9451-47fa2f9fa628": { "id": "8a68d036-9109-4bc0-9451-47fa2f9fa628", "title": "Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a68d036-9109-4bc0-9451-47fa2f9fa628?source=api-scan" ], "published": "2020-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a6ca886-de4c-4d45-a934-3e90378e7eb3": { "id": "8a6ca886-de4c-4d45-a934-3e90378e7eb3", "title": "Simple Membership <= 4.4.2 - Unauthenticated Stored Self-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a6ca886-de4c-4d45-a934-3e90378e7eb3?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a6f7952-cb64-4cff-aae7-0f03692cd95f": { "id": "8a6f7952-cb64-4cff-aae7-0f03692cd95f", "title": "WP Courses LMS <= 3.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, Courses Solution, Education Courses", "slug": "wp-courses", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a6f7952-cb64-4cff-aae7-0f03692cd95f?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a711984-4eb2-4d96-b2b9-0ecd840679b1": { "id": "8a711984-4eb2-4d96-b2b9-0ecd840679b1", "title": "Bricks 1.0 - 1.5.3 - Missing Authorization to Arbitrary Content Creation\/Modification", "software": [ { "type": "theme", "name": "Bricks", "slug": "bricks", "affected_versions": { "1.0 - 1.5.3": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a711984-4eb2-4d96-b2b9-0ecd840679b1?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a79fda3-44eb-41fd-b049-971b959daecf": { "id": "8a79fda3-44eb-41fd-b049-971b959daecf", "title": "Vik Rent Car <= 1.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VikRentCar Car Rental Management System", "slug": "vikrentcar", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a79fda3-44eb-41fd-b049-971b959daecf?source=api-scan" ], "published": "2021-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a7a6da3-d67c-42b3-8826-7e7fc9b938b4": { "id": "8a7a6da3-d67c-42b3-8826-7e7fc9b938b4", "title": "WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change\/Delete, Demo Import, Directory Kit Modification\/Deletion via admin_page_display", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a7a6da3-d67c-42b3-8826-7e7fc9b938b4?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a7b4d0b-9845-4d0b-b255-a311076f5ca7": { "id": "8a7b4d0b-9845-4d0b-b255-a311076f5ca7", "title": "NEX-Forms \u2013 Ultimate Form Builder <= 8.4.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a7b4d0b-9845-4d0b-b255-a311076f5ca7?source=api-scan" ], "published": "2021-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a7bf74b-1dc7-4159-a874-29694fe5895e": { "id": "8a7bf74b-1dc7-4159-a874-29694fe5895e", "title": "Copy Or Move Comments <= 5.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Copy or Move Comments", "slug": "copy-or-move-comments", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a7bf74b-1dc7-4159-a874-29694fe5895e?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a7ced3b-4cb5-463a-aa32-3ccdc886e1a6": { "id": "8a7ced3b-4cb5-463a-aa32-3ccdc886e1a6", "title": "MapPress Maps for WordPress <= 2.88.15 - Insufficient Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "* - 2.88.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.88.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.88.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a7ced3b-4cb5-463a-aa32-3ccdc886e1a6?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a7e2ad0-8427-450d-aa7e-abdbbc668247": { "id": "8a7e2ad0-8427-450d-aa7e-abdbbc668247", "title": "Paid Memberships Pro < 1.7.15 - Directory Traversal", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 1.7.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a7e2ad0-8427-450d-aa7e-abdbbc668247?source=api-scan" ], "published": "2014-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a832e2b-a900-4057-96fc-1bd6899e3950": { "id": "8a832e2b-a900-4057-96fc-1bd6899e3950", "title": "WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPB Elementor Addons", "slug": "wpb-elementor-addons", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a832e2b-a900-4057-96fc-1bd6899e3950?source=api-scan" ], "published": "2024-05-29 15:16:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a876469-72b1-478f-926b-57da237e3a95": { "id": "8a876469-72b1-478f-926b-57da237e3a95", "title": "Sina Extension for Elementor < 2.2.1 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "[*, 2.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a876469-72b1-478f-926b-57da237e3a95?source=api-scan" ], "published": "2019-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a87bbfe-8cf5-4bba-90bc-902071b72bca": { "id": "8a87bbfe-8cf5-4bba-90bc-902071b72bca", "title": "Aspose.PDF Exporter < 2.0 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "Aspose.PDF Exporter", "slug": "aspose-pdf-exporter", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a87bbfe-8cf5-4bba-90bc-902071b72bca?source=api-scan" ], "published": "2015-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a8ac15a-9f9b-4bb8-81a4-1fdd11670a07": { "id": "8a8ac15a-9f9b-4bb8-81a4-1fdd11670a07", "title": "Community by PeepSo <= 6.0.9.0 - Cross-Site Request Forgery to Field Duplication", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.0.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a8ac15a-9f9b-4bb8-81a4-1fdd11670a07?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a8d3c6a-728d-44d4-ae24-655dd77232a8": { "id": "8a8d3c6a-728d-44d4-ae24-655dd77232a8", "title": "Progress Planner <= 0.9.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Progress Planner", "slug": "progress-planner", "affected_versions": { "* - 0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a8d3c6a-728d-44d4-ae24-655dd77232a8?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a8edf0c-1e40-4aab-b704-b67e41214ce0": { "id": "8a8edf0c-1e40-4aab-b704-b67e41214ce0", "title": "MobiLoud \u2013 WordPress Mobile Apps \u2013 Convert your WordPress Website to Native Mobile Apps < 2.3.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MobiLoud \u2013 WordPress Mobile Apps \u2013 Convert your WordPress Website to Native Mobile Apps", "slug": "mobiloud-mobile-app-plugin", "affected_versions": { "[*, 2.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a8edf0c-1e40-4aab-b704-b67e41214ce0?source=api-scan" ], "published": "2014-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a8ee823-74f2-4cab-99a1-f2f613929b44": { "id": "8a8ee823-74f2-4cab-99a1-f2f613929b44", "title": "Media Cleaner: Clean your WordPress! <= 6.7.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Media Cleaner: Clean your WordPress!", "slug": "media-cleaner", "affected_versions": { "* - 6.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a8ee823-74f2-4cab-99a1-f2f613929b44?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a8fc6a5-a28a-4d6b-8d63-c5e2f4d26422": { "id": "8a8fc6a5-a28a-4d6b-8d63-c5e2f4d26422", "title": "Slider Revolution <= 6.7.13 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.7.13": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a8fc6a5-a28a-4d6b-8d63-c5e2f4d26422?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a955d4f-6609-4aa8-806c-48af0c6dbac1": { "id": "8a955d4f-6609-4aa8-806c-48af0c6dbac1", "title": "Secure File Manager < 2.8.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Secure File Manager", "slug": "secure-file-manager", "affected_versions": { "[*, 2.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a955d4f-6609-4aa8-806c-48af0c6dbac1?source=api-scan" ], "published": "2020-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a95633f-b5e1-4a92-b566-90fb05a289ce": { "id": "8a95633f-b5e1-4a92-b566-90fb05a289ce", "title": "Software License Manager <= 4.4.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Software License Manager", "slug": "software-license-manager", "affected_versions": { "* - 4.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a95633f-b5e1-4a92-b566-90fb05a289ce?source=api-scan" ], "published": "2021-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a95af34-559c-4644-9941-7bd1551aba33": { "id": "8a95af34-559c-4644-9941-7bd1551aba33", "title": "Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter", "software": [ { "type": "plugin", "name": "Social Proof Popups & Real-Time Notifications \u2013 Herd Effects", "slug": "mwp-herd-effect", "affected_versions": { "* - 5.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.2" ] }, { "type": "plugin", "name": "Popup Box: Create Custom WordPress Popups Easily", "slug": "popup-box", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] }, { "type": "plugin", "name": "Wow Skype Buttons", "slug": "mwp-skype", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] }, { "type": "plugin", "name": "Float menu \u2013 awesome floating side menu", "slug": "float-menu", "affected_versions": { "* - 5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.2" ] }, { "type": "plugin", "name": "Side Menu Lite \u2013 add sticky fixed buttons", "slug": "side-menu-lite", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] }, { "type": "plugin", "name": "Floating button", "slug": "profit-button", "affected_versions": { "* - 5.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.1" ] }, { "type": "plugin", "name": "Sticky Buttons \u2013 floating buttons builder", "slug": "sticky-buttons", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] }, { "type": "plugin", "name": "Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site", "slug": "counter-box", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "plugin", "name": "Bubble Menu \u2013 Sticky Navigation with Floating Button Menu Solution", "slug": "bubble-menu", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] }, { "type": "plugin", "name": "Calculator Builder \u2013 Create an Online Calculator", "slug": "calculator-builder", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] }, { "type": "plugin", "name": "WP Coder \u2013 Code Snippets + HTML, CSS, JS and PHP Injection", "slug": "wp-coder", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] }, { "type": "plugin", "name": "Button Generator \u2013 easily Button Builder", "slug": "button-generation", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a99f19a-7874-4f55-bbdd-db23182a0ece": { "id": "8a99f19a-7874-4f55-bbdd-db23182a0ece", "title": "Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Live Composer \u2013 Free WordPress Website Builder", "slug": "live-composer-page-builder", "affected_versions": { "* - 1.5.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a99f19a-7874-4f55-bbdd-db23182a0ece?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a9b2ec2-edbe-45c5-bd36-45a6101356d1": { "id": "8a9b2ec2-edbe-45c5-bd36-45a6101356d1", "title": "bbPress Toolkit <= 1.0.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "bbPress Toolkit", "slug": "bbp-toolkit", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a9b2ec2-edbe-45c5-bd36-45a6101356d1?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8a9f17e3-f1cf-44c5-a4eb-38b43b00f912": { "id": "8a9f17e3-f1cf-44c5-a4eb-38b43b00f912", "title": "Easy Digital Downloads \u2013 Software Licensing < 3.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Software Licensing", "slug": "edd-software-licensing", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8a9f17e3-f1cf-44c5-a4eb-38b43b00f912?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8aa0eada-dc6c-4cd5-9ced-f162416ec439": { "id": "8aa0eada-dc6c-4cd5-9ced-f162416ec439", "title": "Essential Blocks for Gutenberg <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8aa0eada-dc6c-4cd5-9ced-f162416ec439?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8aa0fffa-475e-4227-9ab1-17ca6fcce529": { "id": "8aa0fffa-475e-4227-9ab1-17ca6fcce529", "title": "Firebase PHP-JWT < 6.0.0 - Algorithm Confusion", "software": [ { "type": "plugin", "name": "JWT Auth \u2013 WordPress JSON Web Token Authentication", "slug": "jwt-auth", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8aa0fffa-475e-4227-9ab1-17ca6fcce529?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8aa19b3a-229e-460d-b592-c0a2c7fd5c06": { "id": "8aa19b3a-229e-460d-b592-c0a2c7fd5c06", "title": "Transposh WordPress Translation <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation'", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8aa19b3a-229e-460d-b592-c0a2c7fd5c06?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8aa467ad-9744-4594-91b6-02df0970aa60": { "id": "8aa467ad-9744-4594-91b6-02df0970aa60", "title": "Unyson <= 2.7.29 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Unyson", "slug": "unyson", "affected_versions": { "* - 2.7.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8aa467ad-9744-4594-91b6-02df0970aa60?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8aac2717-0d1c-4c77-9dd2-b659fa2863a3": { "id": "8aac2717-0d1c-4c77-9dd2-b659fa2863a3", "title": "Photo Gallery by 10Web <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8aac2717-0d1c-4c77-9dd2-b659fa2863a3?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ab0cad4-1a82-4127-bedb-c0ddfce4ec10": { "id": "8ab0cad4-1a82-4127-bedb-c0ddfce4ec10", "title": "Business Directory Plugin <= 6.3.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 6.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ab0cad4-1a82-4127-bedb-c0ddfce4ec10?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ab2882e-60c6-4eb9-91e7-3be4fa625711": { "id": "8ab2882e-60c6-4eb9-91e7-3be4fa625711", "title": "cformsII <= 13.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "* - 13.1": { "from_version": "*", "from_inclusive": true, "to_version": "13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ab2882e-60c6-4eb9-91e7-3be4fa625711?source=api-scan" ], "published": "2014-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ab8eb9d-1427-4e99-8986-179147e0862e": { "id": "8ab8eb9d-1427-4e99-8986-179147e0862e", "title": "ElasticPress <= 3.5.3 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ab8eb9d-1427-4e99-8986-179147e0862e?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8abe5885-0f04-4545-a2fe-7aa2a1dcbbe6": { "id": "8abe5885-0f04-4545-a2fe-7aa2a1dcbbe6", "title": "WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Amazon Affiliates - Wordpress Plugin", "slug": "woozone", "affected_versions": { "* - 14.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "14.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8abe5885-0f04-4545-a2fe-7aa2a1dcbbe6?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ac66027-14b8-4e0a-a483-c014905ef04e": { "id": "8ac66027-14b8-4e0a-a483-c014905ef04e", "title": "HT Mega <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ac66027-14b8-4e0a-a483-c014905ef04e?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8acb7893-85b2-404a-b3fe-b4c1a835b3eb": { "id": "8acb7893-85b2-404a-b3fe-b4c1a835b3eb", "title": "Lana Text to Image <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Lana Text to Image", "slug": "lana-text-to-image", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8acb7893-85b2-404a-b3fe-b4c1a835b3eb?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8acb86fa-50b4-45b3-9bf8-ef65679b85ac": { "id": "8acb86fa-50b4-45b3-9bf8-ef65679b85ac", "title": "Herd Effects <= 5.2 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Social Proof Popups & Real-Time Notifications \u2013 Herd Effects", "slug": "mwp-herd-effect", "affected_versions": { "* - 5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8acb86fa-50b4-45b3-9bf8-ef65679b85ac?source=api-scan" ], "published": "2022-05-16 06:54:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8acf7327-2cdc-44ad-a04c-01cb0337d510": { "id": "8acf7327-2cdc-44ad-a04c-01cb0337d510", "title": "WordPress Core < 4.4.1 - Cross-Site Scripting via Theme Names", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.11": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.11", "to_inclusive": true }, "3.8 - 3.8.11": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.11", "to_inclusive": true }, "3.9 - 3.9.9": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.9", "to_inclusive": true }, "4.0 - 4.0.8": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true }, "4.1 - 4.1.8": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.8", "to_inclusive": true }, "4.2 - 4.2.5": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true }, "4.3 - 4.3.1": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true }, "4.4": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.12", "3.8.12", "3.9.10", "4.0.9", "4.1.9", "4.2.6", "4.3.2", "4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8acf7327-2cdc-44ad-a04c-01cb0337d510?source=api-scan" ], "published": "2016-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ad239d3-c761-4c78-903d-119133fcb79b": { "id": "8ad239d3-c761-4c78-903d-119133fcb79b", "title": "Special Text Boxes <= 5.9.110 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Special Text Boxes", "slug": "wp-special-textboxes", "affected_versions": { "* - 5.9.110": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.110", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ad239d3-c761-4c78-903d-119133fcb79b?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ad2890c-2385-414b-8630-f2c2f2199db9": { "id": "8ad2890c-2385-414b-8630-f2c2f2199db9", "title": "Animated AL List <= 1.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Animated AL List", "slug": "animated-al-list", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ad2890c-2385-414b-8630-f2c2f2199db9?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ad5db8f-c3c2-4b76-abc6-3d95e0567ab0": { "id": "8ad5db8f-c3c2-4b76-abc6-3d95e0567ab0", "title": "Category Specific RSS feed Subscription <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Category Specific RSS feed Subscription", "slug": "category-specific-rss-feed-menu", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ad5db8f-c3c2-4b76-abc6-3d95e0567ab0?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ad7c3d5-fce8-4214-a7f8-5aa2b9fe0934": { "id": "8ad7c3d5-fce8-4214-a7f8-5aa2b9fe0934", "title": "AdRotate \u2013 Ad manager & AdSense Ads <= 5.8.17 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "* - 5.8.17": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ad7c3d5-fce8-4214-a7f8-5aa2b9fe0934?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ada8a27-752c-4726-b330-895b967ea290": { "id": "8ada8a27-752c-4726-b330-895b967ea290", "title": "WordPress File Upload < 3.9.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 3.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ada8a27-752c-4726-b330-895b967ea290?source=api-scan" ], "published": "2016-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ade80e4-a05a-4418-9c01-67c0366213b6": { "id": "8ade80e4-a05a-4418-9c01-67c0366213b6", "title": "PageLayer <= 1.8.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ade80e4-a05a-4418-9c01-67c0366213b6?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8adfd055-833c-41f8-99b7-ebc4c2231973": { "id": "8adfd055-833c-41f8-99b7-ebc4c2231973", "title": "QR Code Composer \u2013 Automatic QR code Generator <= 2.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Automatic QR Code Generator \u2013 QR Code Composer", "slug": "qr-code-composer", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8adfd055-833c-41f8-99b7-ebc4c2231973?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ae4ffe1-ecb6-4bde-8ac4-baeea82a0299": { "id": "8ae4ffe1-ecb6-4bde-8ac4-baeea82a0299", "title": "Coming Soon Chop Chop <= 2.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coming Soon Chop Chop", "slug": "cc-coming-soon", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ae4ffe1-ecb6-4bde-8ac4-baeea82a0299?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ae734d1-0cd4-4ff5-8448-828b0fb64f70": { "id": "8ae734d1-0cd4-4ff5-8448-828b0fb64f70", "title": "SMTP Mail <= 1.3.21 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "SMTP Mail", "slug": "smtp-mail", "affected_versions": { "* - 1.3.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ae734d1-0cd4-4ff5-8448-828b0fb64f70?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ae9640f-b088-4d9f-9ced-6bf7940345a3": { "id": "8ae9640f-b088-4d9f-9ced-6bf7940345a3", "title": "FlatPM < 3.1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FlatPM \u2013 Ad Manager, AdSense and Custom Code", "slug": "flatpm-wp", "affected_versions": { "[*, 3.1.05)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.05", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ae9640f-b088-4d9f-9ced-6bf7940345a3?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8aec2a8b-c0d7-440f-a389-1d98cef77c2e": { "id": "8aec2a8b-c0d7-440f-a389-1d98cef77c2e", "title": "Akal - Multipurpose WordPress Theme (All Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Akal - Multipurpose WordPress Theme", "slug": "akal", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8aec2a8b-c0d7-440f-a389-1d98cef77c2e?source=api-scan" ], "published": "2016-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8aef0e9d-fc63-445d-a5fa-08e6cd5f0dbc": { "id": "8aef0e9d-fc63-445d-a5fa-08e6cd5f0dbc", "title": "WooCommerce Multilingual & Multicurrency <= 5.3.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Multilingual & Multicurrency with WPML", "slug": "woocommerce-multilingual", "affected_versions": { "* - 5.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8aef0e9d-fc63-445d-a5fa-08e6cd5f0dbc?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8af26db8-5cae-45ba-9573-2bc4e885de81": { "id": "8af26db8-5cae-45ba-9573-2bc4e885de81", "title": "Kudos Donations \u2013 Easy donations and payments with Mollie < 3.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Kudos Donations \u2013 Easy donations and payments with Mollie", "slug": "kudos-donations", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8af26db8-5cae-45ba-9573-2bc4e885de81?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8af44af4-ea56-4686-ad35-5bcdd98ba2cc": { "id": "8af44af4-ea56-4686-ad35-5bcdd98ba2cc", "title": "Automation By Autonami <= 2.6.1 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit", "slug": "wp-marketing-automations", "affected_versions": { "[*, 2.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8af44af4-ea56-4686-ad35-5bcdd98ba2cc?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8af960cd-6f39-4ce1-888a-f32f01b833df": { "id": "8af960cd-6f39-4ce1-888a-f32f01b833df", "title": "Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Web Icons", "slug": "icon", "affected_versions": { "* - 1.0.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8af960cd-6f39-4ce1-888a-f32f01b833df?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8afcb18c-71e6-4c77-b0f9-0700ee05966e": { "id": "8afcb18c-71e6-4c77-b0f9-0700ee05966e", "title": "WordPress Core < 2.3.3 & WordPress MU < 1.3.2 - Remote Code Execution", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8afcb18c-71e6-4c77-b0f9-0700ee05966e?source=api-scan" ], "published": "2007-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b007bf9-9756-4f18-81b9-7d4b15c5dca8": { "id": "8b007bf9-9756-4f18-81b9-7d4b15c5dca8", "title": "Keep Backup Daily <= 2.0.7 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Keep Backup Daily", "slug": "keep-backup-daily", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b007bf9-9756-4f18-81b9-7d4b15c5dca8?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b0140f2-ceaa-4589-b1ad-1daa244aa3cd": { "id": "8b0140f2-ceaa-4589-b1ad-1daa244aa3cd", "title": "SeoSamba for WordPress Webmasters <= 1.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SeoSamba for WordPress Webmasters", "slug": "seosamba-webmasters", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b0140f2-ceaa-4589-b1ad-1daa244aa3cd?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b019499-8edf-4921-9612-12d39c2e8e85": { "id": "8b019499-8edf-4921-9612-12d39c2e8e85", "title": "Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Insecure Direct Object Reference", "software": [ { "type": "theme", "name": "Listeo - Directory & Listings With Booking - WordPress Theme", "slug": "listeo", "affected_versions": { "[*, 1.6.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b019499-8edf-4921-9612-12d39c2e8e85?source=api-scan" ], "published": "2021-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b040f47-b126-4640-9fc5-bda8650f6c69": { "id": "8b040f47-b126-4640-9fc5-bda8650f6c69", "title": "WP Custom Admin Interface <= 7.31 - Missing Authorization via wpcai_pro_notice_disable", "software": [ { "type": "plugin", "name": "WP Custom Admin Interface", "slug": "wp-custom-admin-interface", "affected_versions": { "* - 7.31": { "from_version": "*", "from_inclusive": true, "to_version": "7.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.32" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b040f47-b126-4640-9fc5-bda8650f6c69?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b0504f3-f8df-4b37-bafa-5320920e9571": { "id": "8b0504f3-f8df-4b37-bafa-5320920e9571", "title": "WooCommerce Shipping Per Product <= 2.5.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Per Product Shipping", "slug": "woocommerce-shipping-per-product", "affected_versions": { "* - 2.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b0504f3-f8df-4b37-bafa-5320920e9571?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b06d68e-153d-4cee-94d5-cbeac7468665": { "id": "8b06d68e-153d-4cee-94d5-cbeac7468665", "title": "WooCommerce Easy Duplicate Product <= 0.3.0.0 - Reflected Cross-Site Scripting via wedp_duplicated", "software": [ { "type": "plugin", "name": "WooCommerce Easy Duplicate Product", "slug": "woo-easy-duplicate-product", "affected_versions": { "* - 0.3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b06d68e-153d-4cee-94d5-cbeac7468665?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b089114-b403-4e42-a578-c1f3b100978f": { "id": "8b089114-b403-4e42-a578-c1f3b100978f", "title": "Cookieless Backend Server Tracking for Google Analytics \u2013 WordPress Plugin < 1.2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookieless Backend Server Tracking for Google Analytics \u2013 WordPress Plugin", "slug": "ga-backend-tracking", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b089114-b403-4e42-a578-c1f3b100978f?source=api-scan" ], "published": "2019-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b0a47e0-5be1-418c-afdf-8bb2d784bcc9": { "id": "8b0a47e0-5be1-418c-afdf-8bb2d784bcc9", "title": "Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b0a47e0-5be1-418c-afdf-8bb2d784bcc9?source=api-scan" ], "published": "2022-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b0c54f2-3942-48bd-b821-b66a57fd1506": { "id": "8b0c54f2-3942-48bd-b821-b66a57fd1506", "title": "Contest Gallery <= 21.3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 21.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "21.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b0c54f2-3942-48bd-b821-b66a57fd1506?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b0df7f4-d916-414a-8d03-941aab06a001": { "id": "8b0df7f4-d916-414a-8d03-941aab06a001", "title": "Postman SMTP <= 1.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Postman SMTP", "slug": "postman-smtp", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b0df7f4-d916-414a-8d03-941aab06a001?source=api-scan" ], "published": "2017-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b0f58b8-46d6-4deb-bfcc-806bb635b060": { "id": "8b0f58b8-46d6-4deb-bfcc-806bb635b060", "title": "WooCommerce Multilingual & Multicurrency with WPML <= 5.3.3.1 - Authenticated (Shop Manager+) SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Multilingual & Multicurrency with WPML", "slug": "woocommerce-multilingual", "affected_versions": { "* - 5.3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b0f58b8-46d6-4deb-bfcc-806bb635b060?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b104666-a038-442f-8db8-78ccb64879a7": { "id": "8b104666-a038-442f-8db8-78ccb64879a7", "title": "ListingPro Plugin <= 2.9.3 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "ListingPro Plugin", "slug": "listingpro-plugin", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b104666-a038-442f-8db8-78ccb64879a7?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b145772-624e-4af0-9156-03c483bf8381": { "id": "8b145772-624e-4af0-9156-03c483bf8381", "title": "Social Feed <= 1.5.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Feed | All social media in one place", "slug": "add-facebook", "affected_versions": { "* - 1.5.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b145772-624e-4af0-9156-03c483bf8381?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b14bdec-9737-4b03-8cc0-e4018494d162": { "id": "8b14bdec-9737-4b03-8cc0-e4018494d162", "title": "Team Members <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Members", "slug": "team-members", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b14bdec-9737-4b03-8cc0-e4018494d162?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b14c07b-23bb-4a14-8018-fa2462383b35": { "id": "8b14c07b-23bb-4a14-8018-fa2462383b35", "title": "HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "HT Event \u2013 WordPress Event Manager Plugin for Elementor", "slug": "ht-event", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b14c07b-23bb-4a14-8018-fa2462383b35?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b1af76a-3836-4527-9ea6-8bffa173a84e": { "id": "8b1af76a-3836-4527-9ea6-8bffa173a84e", "title": "WP Job Manager <= 2.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Job Manager", "slug": "wp-job-manager", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b1af76a-3836-4527-9ea6-8bffa173a84e?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b1cf5dc-c823-4603-959a-5dfc21f7d338": { "id": "8b1cf5dc-c823-4603-959a-5dfc21f7d338", "title": "Media Library Assistant <= 3.00 - Information Disclosure", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.00": { "from_version": "*", "from_inclusive": true, "to_version": "3.00", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b1cf5dc-c823-4603-959a-5dfc21f7d338?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b1f0741-1ccc-497a-b239-3cefb1204f04": { "id": "8b1f0741-1ccc-497a-b239-3cefb1204f04", "title": "LoginWP < 2.9.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LoginWP (Formerly Peter's Login Redirect)", "slug": "peters-login-redirect", "affected_versions": { "[*, 2.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b1f0741-1ccc-497a-b239-3cefb1204f04?source=api-scan" ], "published": "2016-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b24c3da-4d4b-4cb3-836e-b58f38dd80cf": { "id": "8b24c3da-4d4b-4cb3-836e-b58f38dd80cf", "title": "Product Enquiry for WooCommerce <= 3.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Enquiry for WooCommerce", "slug": "product-enquiry-for-woocommerce", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b24c3da-4d4b-4cb3-836e-b58f38dd80cf?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b271f2f-d765-4d2d-bb0d-f8425ebc64ca": { "id": "8b271f2f-d765-4d2d-bb0d-f8425ebc64ca", "title": "Photo Gallery by 10Web <= 1.6.8 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b271f2f-d765-4d2d-bb0d-f8425ebc64ca?source=api-scan" ], "published": "2022-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b2a5938-232e-487c-b31b-f48e2b9acb65": { "id": "8b2a5938-232e-487c-b31b-f48e2b9acb65", "title": "Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin", "slug": "amazon-auto-links", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b2a5938-232e-487c-b31b-f48e2b9acb65?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b2afc70-6e93-4a7f-b452-c2481d25d8de": { "id": "8b2afc70-6e93-4a7f-b452-c2481d25d8de", "title": "MelaPress Login Security <= 1.3.0 - Authenticated (Admin+) Remote File Inclusion", "software": [ { "type": "plugin", "name": "MelaPress Login Security", "slug": "melapress-login-security", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b2afc70-6e93-4a7f-b452-c2481d25d8de?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b2d42ab-46c1-4c3e-b99a-1cdcade1b5bb": { "id": "8b2d42ab-46c1-4c3e-b99a-1cdcade1b5bb", "title": "Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Video List Manager", "slug": "video-list-manager", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b2d42ab-46c1-4c3e-b99a-1cdcade1b5bb?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b32c517-ef6b-4cc9-8316-6289676d8222": { "id": "8b32c517-ef6b-4cc9-8316-6289676d8222", "title": "WooCommerce Ship to Multiple Addresses <= 3.8.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Ship to Multiple Addresses", "slug": "woocommerce-shipping-multiple-addresses", "affected_versions": { "* - 3.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b32c517-ef6b-4cc9-8316-6289676d8222?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b40165b-17e3-4b87-8d0d-90d60ba4bf81": { "id": "8b40165b-17e3-4b87-8d0d-90d60ba4bf81", "title": "FareHarbor for WordPress <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FareHarbor for WordPress", "slug": "fareharbor", "affected_versions": { "* - 3.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b40165b-17e3-4b87-8d0d-90d60ba4bf81?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b421330-dd3c-4af0-9f42-95430117eb9b": { "id": "8b421330-dd3c-4af0-9f42-95430117eb9b", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'saveRedirectSettings' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b421330-dd3c-4af0-9f42-95430117eb9b?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b430f0a-d50c-4923-8916-2c26bf5d619a": { "id": "8b430f0a-d50c-4923-8916-2c26bf5d619a", "title": "WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto <= 5.1.4 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto", "slug": "tripetto", "affected_versions": { "* - 5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b430f0a-d50c-4923-8916-2c26bf5d619a?source=api-scan" ], "published": "2022-04-26 06:54:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b4568dc-afcd-4172-b39a-0d06dfa2f87a": { "id": "8b4568dc-afcd-4172-b39a-0d06dfa2f87a", "title": "WP No External Links < 3.5.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-noexternallinks", "slug": "wp-noexternallinks", "affected_versions": { "[*, 3.5.19)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b4568dc-afcd-4172-b39a-0d06dfa2f87a?source=api-scan" ], "published": "2017-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b481631-effc-40e8-8be0-18a36ea1c081": { "id": "8b481631-effc-40e8-8be0-18a36ea1c081", "title": "Word Balloon <= 4.21.1 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Word Balloon", "slug": "word-balloon", "affected_versions": { "* - 4.21.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.22.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b481631-effc-40e8-8be0-18a36ea1c081?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b4921c8-8e53-4f9d-be21-cf365869a435": { "id": "8b4921c8-8e53-4f9d-be21-cf365869a435", "title": "O2tweet <= 0.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "O2tweet", "slug": "o2tweet", "affected_versions": { "* - 0.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b4921c8-8e53-4f9d-be21-cf365869a435?source=api-scan" ], "published": "2014-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b4bc525-a21f-46f2-895a-c8474f72eb92": { "id": "8b4bc525-a21f-46f2-895a-c8474f72eb92", "title": "User Role by BestWebSoft <= 1.6.6 - Cross-Site Request Forgery to Privilege Escalation", "software": [ { "type": "plugin", "name": "User Role by BestWebSoft \u2013 Add and Customize Roles and Capabilities in WordPress", "slug": "user-role", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b4bc525-a21f-46f2-895a-c8474f72eb92?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b4effc8-7b24-4a6c-a161-176a22de6d6a": { "id": "8b4effc8-7b24-4a6c-a161-176a22de6d6a", "title": "Gum Elementor Addon <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets", "software": [ { "type": "plugin", "name": "Gum Elementor Addon", "slug": "gum-elementor-addon", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b4effc8-7b24-4a6c-a161-176a22de6d6a?source=api-scan" ], "published": "2024-05-29 21:25:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b4fcc97-1b6b-4411-8b55-0ef7a2c8d44e": { "id": "8b4fcc97-1b6b-4411-8b55-0ef7a2c8d44e", "title": "Image Hover Effects Ultimate <= 9.6.1 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)", "slug": "image-hover-effects-ultimate", "affected_versions": { "* - 9.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b4fcc97-1b6b-4411-8b55-0ef7a2c8d44e?source=api-scan" ], "published": "2021-12-15 14:44:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b510ffb-27fe-41f2-8176-676cf9540ee8": { "id": "8b510ffb-27fe-41f2-8176-676cf9540ee8", "title": "Bank Mellat <= 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Payment for Bank Mellat", "slug": "bank-mellat", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b510ffb-27fe-41f2-8176-676cf9540ee8?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b56dcd7-f261-42db-833d-5673c8805bb4": { "id": "8b56dcd7-f261-42db-833d-5673c8805bb4", "title": "Wordfence <= 5.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "[*, 5.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b56dcd7-f261-42db-833d-5673c8805bb4?source=api-scan" ], "published": "2014-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b5e86be-8a35-48d8-a676-9f7074b81cb7": { "id": "8b5e86be-8a35-48d8-a676-9f7074b81cb7", "title": "Quick Contact Form <= 8.0.3.1 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Quick Contact Form", "slug": "quick-contact-form", "affected_versions": { "* - 8.0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b5e86be-8a35-48d8-a676-9f7074b81cb7?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b602f33-ae2f-4349-a8be-901a9eec91c3": { "id": "8b602f33-ae2f-4349-a8be-901a9eec91c3", "title": "WordPress Download Manager <= 2.9.93 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.9.94)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.94", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b602f33-ae2f-4349-a8be-901a9eec91c3?source=api-scan" ], "published": "2019-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b639c5c-e4ff-4e43-9088-249c75046d39": { "id": "8b639c5c-e4ff-4e43-9088-249c75046d39", "title": "Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Portfolio for Elementor & Image Gallery | PowerFolio", "slug": "portfolio-elementor", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b639c5c-e4ff-4e43-9088-249c75046d39?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b6c6e10-3feb-4ecd-a17a-81e15c471d3d": { "id": "8b6c6e10-3feb-4ecd-a17a-81e15c471d3d", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b6c6e10-3feb-4ecd-a17a-81e15c471d3d?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b7321e8-153c-4586-8114-65583e06573e": { "id": "8b7321e8-153c-4586-8114-65583e06573e", "title": "HTML5 MP3 Player with Folder Feedburner <= 2.8.0 - Authenticated (Author+) PHP Object Injection", "software": [ { "type": "plugin", "name": "HTML5 MP3 Player with Folder Feedburner Playlist Free", "slug": "html5-mp3-player-with-mp3-folder-feedburner-playlist", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b7321e8-153c-4586-8114-65583e06573e?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b73f864-68b5-4ba8-93a3-37f2564cc240": { "id": "8b73f864-68b5-4ba8-93a3-37f2564cc240", "title": "Salon booking system <= 9.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 9.9": { "from_version": "*", "from_inclusive": true, "to_version": "9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=api-scan" ], "published": "2024-06-07 19:08:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b771d76-b79a-4ff2-9433-8d35734a4396": { "id": "8b771d76-b79a-4ff2-9433-8d35734a4396", "title": "WOLF <= 1.0.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b771d76-b79a-4ff2-9433-8d35734a4396?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b776a8a-b071-4caf-9e67-6f08ace4da2a": { "id": "8b776a8a-b071-4caf-9e67-6f08ace4da2a", "title": "ND Booking <= 2.4 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Hotel Booking", "slug": "nd-booking", "affected_versions": { "[*, 2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b776a8a-b071-4caf-9e67-6f08ace4da2a?source=api-scan" ], "published": "2019-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b783b94-7135-49c1-aff2-1c2ea24bbfcd": { "id": "8b783b94-7135-49c1-aff2-1c2ea24bbfcd", "title": "CIP4 Folder Download Widget < 1.11 - Local File Inclusion", "software": [ { "type": "plugin", "name": "CIP4 Folder Download Widget", "slug": "cip4-folder-download-widget", "affected_versions": { "[*, 1.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b783b94-7135-49c1-aff2-1c2ea24bbfcd?source=api-scan" ], "published": "2015-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b79fa47-f045-44e9-84b8-60aa3a302dac": { "id": "8b79fa47-f045-44e9-84b8-60aa3a302dac", "title": "filedownload plugin <= 1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "filedownload", "slug": "filedownload", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b79fa47-f045-44e9-84b8-60aa3a302dac?source=api-scan" ], "published": "2015-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b7ab27f-566f-46f4-9c8e-aedfa3410dec": { "id": "8b7ab27f-566f-46f4-9c8e-aedfa3410dec", "title": "SocialGrid <= 2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SocialGrid", "slug": "socialgrid", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b7ab27f-566f-46f4-9c8e-aedfa3410dec?source=api-scan" ], "published": "2011-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b7c9d89-c6bf-4973-87c8-0511758519f7": { "id": "8b7c9d89-c6bf-4973-87c8-0511758519f7", "title": "Photo Gallery by 10Web <= 1.5.34 - SQL Injection", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.35)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b7c9d89-c6bf-4973-87c8-0511758519f7?source=api-scan" ], "published": "2019-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b7d7373-e38a-428c-be8c-a5b05e8dc1e9": { "id": "8b7d7373-e38a-428c-be8c-a5b05e8dc1e9", "title": "JS MultiHotel <= 2.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JS Multi Hotel", "slug": "js-multihotel", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b7d7373-e38a-428c-be8c-a5b05e8dc1e9?source=api-scan" ], "published": "2013-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b84cc59-3820-4aba-a2d7-fa884b46c5b4": { "id": "8b84cc59-3820-4aba-a2d7-fa884b46c5b4", "title": "Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Content by Country (by Shield Security)", "slug": "custom-content-by-country", "affected_versions": { "3.1.2": { "from_version": "3.1.2", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b84cc59-3820-4aba-a2d7-fa884b46c5b4?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b85b1e3-4eb0-4ba1-8d61-ec82fac123ce": { "id": "8b85b1e3-4eb0-4ba1-8d61-ec82fac123ce", "title": "WPGlobus \u2013 Multilingual Everything! <= 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting via wpglobus_option[selector_wp_list_pages][show_selector]", "software": [ { "type": "plugin", "name": "WPGlobus \u2013 Multilingual WordPress", "slug": "wpglobus", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b85b1e3-4eb0-4ba1-8d61-ec82fac123ce?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b865fde-1c47-4574-932c-334ebefb3579": { "id": "8b865fde-1c47-4574-932c-334ebefb3579", "title": "Lytebox <= 1.3 - Local File Inclusion", "software": [ { "type": "plugin", "name": "wp-lytebox", "slug": "wp-lytebox", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b865fde-1c47-4574-932c-334ebefb3579?source=api-scan" ], "published": "2009-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b88b195-6c02-4a11-91de-d21c808650fb": { "id": "8b88b195-6c02-4a11-91de-d21c808650fb", "title": "Book Landing Page <= 1.2.3 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Book Landing Page", "slug": "book-landing-page", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b88b195-6c02-4a11-91de-d21c808650fb?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b8b7ee8-4c11-4353-b664-761955d49b8c": { "id": "8b8b7ee8-4c11-4353-b664-761955d49b8c", "title": "Book appointment online <= 1.38 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Book appointment online", "slug": "book-appointment-online", "affected_versions": { "* - 1.38": { "from_version": "*", "from_inclusive": true, "to_version": "1.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b8b7ee8-4c11-4353-b664-761955d49b8c?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b93655b-9a26-4515-8ae2-105271aba9c4": { "id": "8b93655b-9a26-4515-8ae2-105271aba9c4", "title": "The Events Calendar <= 6.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b93655b-9a26-4515-8ae2-105271aba9c4?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b968849-32ef-4cc9-8ac6-5477b2906952": { "id": "8b968849-32ef-4cc9-8ac6-5477b2906952", "title": "SULly <= 4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SULly", "slug": "sully", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b968849-32ef-4cc9-8ac6-5477b2906952?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b9e3aaf-5182-4622-9b5b-d67af200e2b6": { "id": "8b9e3aaf-5182-4622-9b5b-d67af200e2b6", "title": "Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "[*, 5.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b9e3aaf-5182-4622-9b5b-d67af200e2b6?source=api-scan" ], "published": "2022-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8b9f171f-56d8-4ab9-bf61-0daa7c0d928f": { "id": "8b9f171f-56d8-4ab9-bf61-0daa7c0d928f", "title": "AppMySite <= 3.11.0 - Unauthenticated Information Disclsoure", "software": [ { "type": "plugin", "name": "AppMySite \u2013 Create an app with the Best Mobile App Builder", "slug": "appmysite", "affected_versions": { "* - 3.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8b9f171f-56d8-4ab9-bf61-0daa7c0d928f?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ba30cbb-7a20-47aa-bbd6-82fdb27d4705": { "id": "8ba30cbb-7a20-47aa-bbd6-82fdb27d4705", "title": "WordPress Core <= 1.5.2 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ba30cbb-7a20-47aa-bbd6-82fdb27d4705?source=api-scan" ], "published": "2005-12-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ba90d0f-5ef9-4931-85a9-edf08275510f": { "id": "8ba90d0f-5ef9-4931-85a9-edf08275510f", "title": "WP-EMail <= 2.68.2 - Cross-Site Request Forgery to Log Deletion", "software": [ { "type": "plugin", "name": "WP-EMail", "slug": "wp-email", "affected_versions": { "[*, 2.69.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.69.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.69.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ba90d0f-5ef9-4931-85a9-edf08275510f?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bab0acc-5a5d-4dd4-9201-199b7f5aaa69": { "id": "8bab0acc-5a5d-4dd4-9201-199b7f5aaa69", "title": "Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bab0acc-5a5d-4dd4-9201-199b7f5aaa69?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8babc42a-c45c-423f-bd09-da7afb947691": { "id": "8babc42a-c45c-423f-bd09-da7afb947691", "title": "Posts Like Dislike <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset", "software": [ { "type": "plugin", "name": "Posts Like Dislike", "slug": "posts-like-dislike", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8babc42a-c45c-423f-bd09-da7afb947691?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bb2ce22-077b-41dd-a2ff-cc1db9d20d38": { "id": "8bb2ce22-077b-41dd-a2ff-cc1db9d20d38", "title": "Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Essential Real Estate", "slug": "essential-real-estate", "affected_versions": { "* - 4.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bb2ce22-077b-41dd-a2ff-cc1db9d20d38?source=api-scan" ], "published": "2023-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bb330be-f12c-475c-97b6-745a1e6edb58": { "id": "8bb330be-f12c-475c-97b6-745a1e6edb58", "title": "Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function", "software": [ { "type": "plugin", "name": "WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms \u2013 CRM, Bigin", "slug": "cf7-zoho", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bb330be-f12c-475c-97b6-745a1e6edb58?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bb5abff-d762-459a-b96c-5cbbb9f5a22e": { "id": "8bb5abff-d762-459a-b96c-5cbbb9f5a22e", "title": "Social Media Icons Widget <= 1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Media Icons Widget", "slug": "spoontalk-social-media-icons-widget", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bb5abff-d762-459a-b96c-5cbbb9f5a22e?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bbc6aa7-0625-4689-8afe-d7399009ee53": { "id": "8bbc6aa7-0625-4689-8afe-d7399009ee53", "title": "Recent Posts Slider <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recent Posts Slider", "slug": "recent-posts-slider", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bbc6aa7-0625-4689-8afe-d7399009ee53?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bbcbefa-f38d-4752-acca-3545976cc59f": { "id": "8bbcbefa-f38d-4752-acca-3545976cc59f", "title": "Pie Register <= 3.8.2.2 - Open Redirect", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "* - 3.8.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bbcbefa-f38d-4752-acca-3545976cc59f?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bc0969f-7b29-41fb-8d41-869049f87c7d": { "id": "8bc0969f-7b29-41fb-8d41-869049f87c7d", "title": "WP-Curriculo Vitae Free <= 6.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP-Curriculo Vitae Free", "slug": "wp-curriculo-vitae", "affected_versions": { "* - 6.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bc0969f-7b29-41fb-8d41-869049f87c7d?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bc34490-66a1-4e43-83a4-b6e680237008": { "id": "8bc34490-66a1-4e43-83a4-b6e680237008", "title": "Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion\/Creation", "software": [ { "type": "plugin", "name": "Simple SEO", "slug": "cds-simple-seo", "affected_versions": { "* - 1.8.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bc34490-66a1-4e43-83a4-b6e680237008?source=api-scan" ], "published": "2022-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bcae8d6-6dbd-4174-85ff-0b52d8e45c84": { "id": "8bcae8d6-6dbd-4174-85ff-0b52d8e45c84", "title": "TNC PDF viewer <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "TNC PDF viewer", "slug": "pdf-viewer-by-themencode", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bcae8d6-6dbd-4174-85ff-0b52d8e45c84?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bccefbe-2d20-40a7-b24f-d867d80250e3": { "id": "8bccefbe-2d20-40a7-b24f-d867d80250e3", "title": "Libsyn Publisher Hub <= 1.4.4 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Libsyn Publisher Hub", "slug": "libsyn-podcasting", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bccefbe-2d20-40a7-b24f-d867d80250e3?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bcd2c5e-4969-4530-b3ab-930c5051d8f1": { "id": "8bcd2c5e-4969-4530-b3ab-930c5051d8f1", "title": "Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.15.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bcd2c5e-4969-4530-b3ab-930c5051d8f1?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bcf22c7-bea5-4108-8fb4-ff9ff566c618": { "id": "8bcf22c7-bea5-4108-8fb4-ff9ff566c618", "title": "Responsive Menu <= 3.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Responsive Menu \u2013 Create Mobile-Friendly Menu", "slug": "responsive-menu", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bcf22c7-bea5-4108-8fb4-ff9ff566c618?source=api-scan" ], "published": "2020-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bd04a52-ed59-4305-831e-646ab5801d36": { "id": "8bd04a52-ed59-4305-831e-646ab5801d36", "title": "WPS Cleaner <= 1.4.4 - Arbitrary Media File Disclosure", "software": [ { "type": "plugin", "name": "WPS Cleaner", "slug": "wps-cleaner", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bd04a52-ed59-4305-831e-646ab5801d36?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bd81f3c-f801-4fc6-b2db-754e5ebed688": { "id": "8bd81f3c-f801-4fc6-b2db-754e5ebed688", "title": "InfiniteWP Client <= 1.6.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "InfiniteWP Client", "slug": "iwp-client", "affected_versions": { "[*, 1.6.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bd81f3c-f801-4fc6-b2db-754e5ebed688?source=api-scan" ], "published": "2017-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bdbd196-cb77-4042-86bb-7c67325c8c07": { "id": "8bdbd196-cb77-4042-86bb-7c67325c8c07", "title": "Collapsing Archives <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Collapsing Archives", "slug": "collapsing-archives", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bdbd196-cb77-4042-86bb-7c67325c8c07?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bde357d-e34a-4931-a1a4-bd3ed3b72cec": { "id": "8bde357d-e34a-4931-a1a4-bd3ed3b72cec", "title": "PPOM for WooCommerce <= 23.9 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PPOM \u2013 Product Addons & Custom Fields for WooCommerce", "slug": "woocommerce-product-addon", "affected_versions": { "* - 23.9": { "from_version": "*", "from_inclusive": true, "to_version": "23.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bde357d-e34a-4931-a1a4-bd3ed3b72cec?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8be16fec-8961-49ad-ba2f-8bec70c33ec0": { "id": "8be16fec-8961-49ad-ba2f-8bec70c33ec0", "title": "Video Slider WordPress <= 1.4.6 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Slider \u2013 Slider Carousel", "slug": "slider-video", "affected_versions": { "[*, 1.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8be16fec-8961-49ad-ba2f-8bec70c33ec0?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8be739cd-e594-41a5-85a4-9cf7d3436953": { "id": "8be739cd-e594-41a5-85a4-9cf7d3436953", "title": "WordPress Core < 4.8.2 - Directory Traversal during unzip", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8be739cd-e594-41a5-85a4-9cf7d3436953?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bebc229-9d15-439f-a8df-f68455bc5193": { "id": "8bebc229-9d15-439f-a8df-f68455bc5193", "title": "WS Facebook Like Box Widget <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WS Facebook Like Box Widget", "slug": "ws-facebook-likebox", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bebc229-9d15-439f-a8df-f68455bc5193?source=api-scan" ], "published": "2023-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bed0637-6d1b-4c30-b87c-01c88d573ae6": { "id": "8bed0637-6d1b-4c30-b87c-01c88d573ae6", "title": "WordPress Core < 4.7.2 - Path Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.17": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.17", "to_inclusive": true }, "3.8 - 3.8.17": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.17", "to_inclusive": true }, "3.9 - 3.9.15": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.15", "to_inclusive": true }, "4.0 - 4.0.14": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": true }, "4.1 - 4.1.14": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.14", "to_inclusive": true }, "4.2 - 4.2.11": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.11", "to_inclusive": true }, "4.3 - 4.3.7": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true }, "4.4 - 4.4.6": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true }, "4.5 - 4.5.5": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.5", "to_inclusive": true }, "4.6 - 4.6.2": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true }, "4.7 - 4.7.1": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.18", "3.8.18", "3.9.16", "4.0.15", "4.1.15", "4.2.12", "4.3.8", "4.4.7", "4.5.6", "4.6.3", "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bed0637-6d1b-4c30-b87c-01c88d573ae6?source=api-scan" ], "published": "2017-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bf009f5-cf9e-4d38-9679-d3abb5817d30": { "id": "8bf009f5-cf9e-4d38-9679-d3abb5817d30", "title": "Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal", "software": [ { "type": "plugin", "name": "Advanced File Manager Shortcodes", "slug": "file-manager-advanced-shortcode", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bf0e224-d8c7-4bf9-b9a3-97545da9d90c": { "id": "8bf0e224-d8c7-4bf9-b9a3-97545da9d90c", "title": "BMI Calculator Plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BMI Calculator Plugin", "slug": "bmi-calculator-shortcode", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bf0e224-d8c7-4bf9-b9a3-97545da9d90c?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8bfefe86-b25e-4ffe-9beb-28dc22a99d62": { "id": "8bfefe86-b25e-4ffe-9beb-28dc22a99d62", "title": "PayTR Taksit Tablosu <= 1.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "PayTR Taksit Tablosu \u2013 WooCommerce", "slug": "paytr-taksit-tablosu-woocommerce", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8bfefe86-b25e-4ffe-9beb-28dc22a99d62?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c04e40a-6d94-4688-9159-07bf27a9efe0": { "id": "8c04e40a-6d94-4688-9159-07bf27a9efe0", "title": "Create by Mediavine <= 1.9.8 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Create by Mediavine", "slug": "mediavine-create", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c04e40a-6d94-4688-9159-07bf27a9efe0?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c0b64a0-c462-4c39-bf67-e2af54ac4154": { "id": "8c0b64a0-c462-4c39-bf67-e2af54ac4154", "title": "Job Board Manager <= 2.1.58 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Job Board Manager", "slug": "job-board-manager", "affected_versions": { "* - 2.1.58": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.58", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c0b64a0-c462-4c39-bf67-e2af54ac4154?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c0dc694-854e-4f96-8c2d-7251c41a3ee9": { "id": "8c0dc694-854e-4f96-8c2d-7251c41a3ee9", "title": "ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset", "software": [ { "type": "plugin", "name": "ThemeGrill Demo Importer", "slug": "themegrill-demo-importer", "affected_versions": { "1.3.4 - 1.6.1": { "from_version": "1.3.4", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=api-scan" ], "published": "2020-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c107e4c-1ba5-4c22-ad56-bd03342a3418": { "id": "8c107e4c-1ba5-4c22-ad56-bd03342a3418", "title": "Job Manager - < 0.7.23 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Job Manager", "slug": "job-manager", "affected_versions": { "[*, 0.7.23)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c107e4c-1ba5-4c22-ad56-bd03342a3418?source=api-scan" ], "published": "2015-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c13701e-424d-462f-b152-4dc5ad3ef197": { "id": "8c13701e-424d-462f-b152-4dc5ad3ef197", "title": "Essential Addons for Elementor <= 5.8.8 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c13701e-424d-462f-b152-4dc5ad3ef197?source=api-scan" ], "published": "2023-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c1a7103-14be-46ce-bac3-fb88b7f51003": { "id": "8c1a7103-14be-46ce-bac3-fb88b7f51003", "title": "My Link Order <= 4.3 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Link Order", "slug": "my-link-order", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c1a7103-14be-46ce-bac3-fb88b7f51003?source=api-scan" ], "published": "2015-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c1d8c1a-3adb-4b0b-8e2a-96ee2ff94218": { "id": "8c1d8c1a-3adb-4b0b-8e2a-96ee2ff94218", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.5.68": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c1d8c1a-3adb-4b0b-8e2a-96ee2ff94218?source=api-scan" ], "published": "2021-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c1e1fe4-23be-4f66-ae9f-cabb83811b71": { "id": "8c1e1fe4-23be-4f66-ae9f-cabb83811b71", "title": "Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Easy Custom Auto Excerpt", "slug": "easy-custom-auto-excerpt", "affected_versions": { "* - 2.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c1e1fe4-23be-4f66-ae9f-cabb83811b71?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c2707ae-8dc0-417c-be4b-83db7dda9c76": { "id": "8c2707ae-8dc0-417c-be4b-83db7dda9c76", "title": "Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ePoll \u2013 Best WordPress Voting Plugin for Poll & Contest", "slug": "epoll-wp-voting", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c2707ae-8dc0-417c-be4b-83db7dda9c76?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c27fc2c-b515-4314-908d-435a4167ee99": { "id": "8c27fc2c-b515-4314-908d-435a4167ee99", "title": "Elementor \u2013 Header, Footer & Blocks Template <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Header & Footer Builder", "slug": "header-footer-elementor", "affected_versions": { "* - 1.6.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c27fc2c-b515-4314-908d-435a4167ee99?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c3e61e9-3610-41b5-9820-28012dc657fd": { "id": "8c3e61e9-3610-41b5-9820-28012dc657fd", "title": "Nested Pages <= 3.2.3 - Missing Authorization to Authenticated (Editor+) Plugin Settings Reset", "software": [ { "type": "plugin", "name": "Nested Pages", "slug": "wp-nested-pages", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c3e61e9-3610-41b5-9820-28012dc657fd?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae": { "id": "8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae", "title": "Newsletters <= 4.6.8.5 - Object Injection", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "[*, 4.6.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae?source=api-scan" ], "published": "2018-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c3f1202-886a-471c-9b93-0efbf4282618": { "id": "8c3f1202-886a-471c-9b93-0efbf4282618", "title": "The Plus Blocks for Block Editor | Gutenberg <= 3.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nexter Blocks \u2013 WordPress Gutenberg Blocks & 1000+ Starter Templates", "slug": "the-plus-addons-for-block-editor", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c3f1202-886a-471c-9b93-0efbf4282618?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c483cf9-fb63-4c43-ad42-1404448540c2": { "id": "8c483cf9-fb63-4c43-ad42-1404448540c2", "title": "WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.31": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.31", "to_inclusive": true }, "3.8 - 3.8.31": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.31", "to_inclusive": true }, "3.9 - 3.9.29": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.29", "to_inclusive": true }, "4.0 - 4.0.28": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.28", "to_inclusive": true }, "4.1 - 4.1.28": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.28", "to_inclusive": true }, "4.2 - 4.2.25": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.25", "to_inclusive": true }, "4.3 - 4.3.21": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.21", "to_inclusive": true }, "4.4 - 4.4.20": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.20", "to_inclusive": true }, "4.5 - 4.5.19": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.19", "to_inclusive": true }, "4.6 - 4.6.16": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.16", "to_inclusive": true }, "4.7 - 4.7.15": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.15", "to_inclusive": true }, "4.8 - 4.8.11": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.11", "to_inclusive": true }, "4.9 - 4.9.12": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.12", "to_inclusive": true }, "5.0 - 5.0.7": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true }, "5.1 - 5.1.3": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true }, "5.2 - 5.2.4": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": true }, "5.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.32", "3.8.32", "3.9.30", "4.0.29", "4.1.29", "4.2.26", "4.3.22", "4.4.21", "4.5.20", "4.6.17", "4.7.16", "4.8.12", "4.9.13", "5.0.8", "5.1.4", "5.2.5", "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c483cf9-fb63-4c43-ad42-1404448540c2?source=api-scan" ], "published": "2019-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c5642fa-d001-47c4-8acd-94ae944e5129": { "id": "8c5642fa-d001-47c4-8acd-94ae944e5129", "title": "Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms - File Uploads", "slug": "ninja-forms-uploads", "affected_versions": { "* - 3.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c5642fa-d001-47c4-8acd-94ae944e5129?source=api-scan" ], "published": "2021-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c57211a-f59d-4379-b09e-7c6049a6b04d": { "id": "8c57211a-f59d-4379-b09e-7c6049a6b04d", "title": "Controlled Admin Access < 1.5.6 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Controlled Admin Access", "slug": "controlled-admin-access", "affected_versions": { "[*, 1.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=api-scan" ], "published": "2021-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c5a065a-a81e-4963-af54-21f145632bed": { "id": "8c5a065a-a81e-4963-af54-21f145632bed", "title": "Booking Package <= 1.5.28 - Unauthenticated Sensitive Data Disclosure", "software": [ { "type": "plugin", "name": "Booking Package", "slug": "booking-package", "affected_versions": { "[*, 1.5.29)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.29", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c5a065a-a81e-4963-af54-21f145632bed?source=api-scan" ], "published": "2022-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c5a6fcb-72f0-4188-b883-d1dcaf1d13ff": { "id": "8c5a6fcb-72f0-4188-b883-d1dcaf1d13ff", "title": "Dynamic Widgets <= 1.5.10 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Dynamic Widgets", "slug": "dynamic-widgets", "affected_versions": { "* - 1.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c5a6fcb-72f0-4188-b883-d1dcaf1d13ff?source=api-scan" ], "published": "2015-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c62b50a-f760-40c5-a408-27a6cfd44126": { "id": "8c62b50a-f760-40c5-a408-27a6cfd44126", "title": "WP Post Page Clone <= 1.1 - Missing Authorization to Post Disclosure", "software": [ { "type": "plugin", "name": "WP Post Page Clone", "slug": "wp-post-page-clone", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c62b50a-f760-40c5-a408-27a6cfd44126?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c652a98-2762-4ecf-8037-58377d6e1b5a": { "id": "8c652a98-2762-4ecf-8037-58377d6e1b5a", "title": "wordTube <= 1.43 - Directory Traversal and File Inclusion", "software": [ { "type": "plugin", "name": "wordTube", "slug": "wordtube", "affected_versions": { "* - 1.43": { "from_version": "*", "from_inclusive": true, "to_version": "1.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c652a98-2762-4ecf-8037-58377d6e1b5a?source=api-scan" ], "published": "2007-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c68cf18-0210-452f-933e-6f1e50323b15": { "id": "8c68cf18-0210-452f-933e-6f1e50323b15", "title": "Popup box <= 2.3.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c68cf18-0210-452f-933e-6f1e50323b15?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c6c2695-6244-43fa-8920-7dba14668659": { "id": "8c6c2695-6244-43fa-8920-7dba14668659", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.75 - Authenticated (Administrator+) Path Traversal", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.75": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c6c2695-6244-43fa-8920-7dba14668659?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c6f5f8c-7a8c-4524-8cb8-e14a6f182bbf": { "id": "8c6f5f8c-7a8c-4524-8cb8-e14a6f182bbf", "title": "Ninja Forms <= 3.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c6f5f8c-7a8c-4524-8cb8-e14a6f182bbf?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c732b0e-9898-48f2-99b2-068f31532b17": { "id": "8c732b0e-9898-48f2-99b2-068f31532b17", "title": "WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission", "software": [ { "type": "plugin", "name": "WP Time Slots Booking Form", "slug": "wp-time-slots-booking-form", "affected_versions": { "* - 1.1.76": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c732b0e-9898-48f2-99b2-068f31532b17?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c7385c7-47de-4511-b474-7415c3977aa8": { "id": "8c7385c7-47de-4511-b474-7415c3977aa8", "title": "Garden Gnome Package <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Garden Gnome Package", "slug": "garden-gnome-package", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c7385c7-47de-4511-b474-7415c3977aa8?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c74d5ad-30f3-4fde-b240-97318fc3c7d6": { "id": "8c74d5ad-30f3-4fde-b240-97318fc3c7d6", "title": "Gmedia Photo Gallery < 1.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gmedia Photo Gallery", "slug": "grand-media", "affected_versions": { "[*, 1.20.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c74d5ad-30f3-4fde-b240-97318fc3c7d6?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c755b87-68b9-4a42-bb4d-ecdb4cff6de2": { "id": "8c755b87-68b9-4a42-bb4d-ecdb4cff6de2", "title": "WP Admin Style <= 0.1.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Admin Style", "slug": "wp-admin-style", "affected_versions": { "* - 0.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c755b87-68b9-4a42-bb4d-ecdb4cff6de2?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c78e14b-6925-4630-b19c-13b192f9fea3": { "id": "8c78e14b-6925-4630-b19c-13b192f9fea3", "title": "SQL Shortcode <= 1.1 - SQL Execution", "software": [ { "type": "plugin", "name": "SQL Shortcode", "slug": "sql-shortcode", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c78e14b-6925-4630-b19c-13b192f9fea3?source=api-scan" ], "published": "2017-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c7d208b-84e4-4759-8b61-3ef43c1d0732": { "id": "8c7d208b-84e4-4759-8b61-3ef43c1d0732", "title": "Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Remote Code Execution", "software": [ { "type": "plugin", "name": "Code Snippets Extended", "slug": "code-snippets-extended", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c7d208b-84e4-4759-8b61-3ef43c1d0732?source=api-scan" ], "published": "2022-05-04 14:51:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c7d5fbe-d272-46d4-9b33-889ba77dcc52": { "id": "8c7d5fbe-d272-46d4-9b33-889ba77dcc52", "title": "Ultimate Member \u2013 User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c7d5fbe-d272-46d4-9b33-889ba77dcc52?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c84ffd3-e000-4d67-9789-e439e7c128e8": { "id": "8c84ffd3-e000-4d67-9789-e439e7c128e8", "title": "Auto Affiliate Links <= 6.4.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "* - 6.4.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c84ffd3-e000-4d67-9789-e439e7c128e8?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c99f70b-77a6-4bd7-99b1-ad4ec76d50c6": { "id": "8c99f70b-77a6-4bd7-99b1-ad4ec76d50c6", "title": "Bold Page Builder <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c99f70b-77a6-4bd7-99b1-ad4ec76d50c6?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8c9c3302-47cd-4dbe-b79e-5e6032928074": { "id": "8c9c3302-47cd-4dbe-b79e-5e6032928074", "title": "Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update", "software": [ { "type": "theme", "name": "Mesmerize", "slug": "mesmerize", "affected_versions": { "* - 1.6.89": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.90" ] }, { "type": "theme", "name": "Materialis", "slug": "materialis", "affected_versions": { "* - 1.0.172": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.172", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.173" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=api-scan" ], "published": "2019-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ca19824-f47b-4af5-a3cf-646aa9baeae8": { "id": "8ca19824-f47b-4af5-a3cf-646aa9baeae8", "title": "Zephyr Project Manager <= 3.3.97 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.97": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.97", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ca19824-f47b-4af5-a3cf-646aa9baeae8?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ca2d48b-5fb6-4eb9-85ea-be5a21130039": { "id": "8ca2d48b-5fb6-4eb9-85ea-be5a21130039", "title": "Web Librarian <= 3.5.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WebLibrarian", "slug": "weblibrarian", "affected_versions": { "* - 3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ca2d48b-5fb6-4eb9-85ea-be5a21130039?source=api-scan" ], "published": "2019-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ca7b2ab-bc01-4fd7-9cee-7cdc5a62177d": { "id": "8ca7b2ab-bc01-4fd7-9cee-7cdc5a62177d", "title": "Echelon (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Echelon", "slug": "echelon", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ca7b2ab-bc01-4fd7-9cee-7cdc5a62177d?source=api-scan" ], "published": "2014-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cac4bde-8518-48ec-8cbd-4cdf6094b831": { "id": "8cac4bde-8518-48ec-8cbd-4cdf6094b831", "title": "Restaurant Menu by MotoPress <= 2.4.1 - Admin+ Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Restaurant Menu and Food Ordering", "slug": "mp-restaurant-menu", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cac4bde-8518-48ec-8cbd-4cdf6094b831?source=api-scan" ], "published": "2021-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cb37019-33f6-4f72-adfc-befbfbf69e47": { "id": "8cb37019-33f6-4f72-adfc-befbfbf69e47", "title": "FOX \u2013 Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.4.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cb37019-33f6-4f72-adfc-befbfbf69e47?source=api-scan" ], "published": "2023-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cb4a14a-8bef-4747-ac89-70891f5c44bb": { "id": "8cb4a14a-8bef-4747-ac89-70891f5c44bb", "title": "Backup Migration <= 1.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cb4a14a-8bef-4747-ac89-70891f5c44bb?source=api-scan" ], "published": "2021-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cb5c386-eee3-4e88-a827-766a4901f432": { "id": "8cb5c386-eee3-4e88-a827-766a4901f432", "title": "Store Locator WordPress <= 1.4.14 - Authenticated(Administrator+) Directory Traversal to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Store Locator WordPress", "slug": "agile-store-locator", "affected_versions": { "* - 1.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cb5c386-eee3-4e88-a827-766a4901f432?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cb6639d-06ba-4bad-af73-d387a7e3f6b5": { "id": "8cb6639d-06ba-4bad-af73-d387a7e3f6b5", "title": "Elementor Addon Elements <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cb6639d-06ba-4bad-af73-d387a7e3f6b5?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cc178d7-da99-4fbc-9277-52c6299f0417": { "id": "8cc178d7-da99-4fbc-9277-52c6299f0417", "title": "Church Admin <= 4.1.5 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cc178d7-da99-4fbc-9277-52c6299f0417?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ccdad2e-66a6-4263-a10e-f7b045d71c0d": { "id": "8ccdad2e-66a6-4263-a10e-f7b045d71c0d", "title": "Plum: Spin Wheel & Email Pop-up <= 2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Plum: Spin Wheel & Email Pop-up", "slug": "qodeblock", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ccdad2e-66a6-4263-a10e-f7b045d71c0d?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cd1b975-ac38-4393-9928-109db507828c": { "id": "8cd1b975-ac38-4393-9928-109db507828c", "title": "Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cd1b975-ac38-4393-9928-109db507828c?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cd1d385-001c-4c84-9a80-553315336a63": { "id": "8cd1d385-001c-4c84-9a80-553315336a63", "title": "WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Job Board", "slug": "wpjobboard", "affected_versions": { "* - 5.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cd1d385-001c-4c84-9a80-553315336a63?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cd7dfb3-bc73-4f6a-9827-0003452ebf59": { "id": "8cd7dfb3-bc73-4f6a-9827-0003452ebf59", "title": "Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Private Messages For WordPress", "slug": "private-messages-for-wordpress", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cd7dfb3-bc73-4f6a-9827-0003452ebf59?source=api-scan" ], "published": "2022-05-26 11:59:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cde9f8d-ce66-419e-91a2-63a63a95f032": { "id": "8cde9f8d-ce66-419e-91a2-63a63a95f032", "title": "Depicter Slider <= 3.1.2 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", "slug": "depicter", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cde9f8d-ce66-419e-91a2-63a63a95f032?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cdea5f0-b3a9-492a-be00-cb63fc570464": { "id": "8cdea5f0-b3a9-492a-be00-cb63fc570464", "title": "SKT Skill Bar <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SKT Skill Bar", "slug": "skt-skill-bar", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cdea5f0-b3a9-492a-be00-cb63fc570464?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ce350cb-78ae-4d76-99a7-8a81d342a9c8": { "id": "8ce350cb-78ae-4d76-99a7-8a81d342a9c8", "title": "LinkedIn Company Updates <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LinkedIn Company Updates", "slug": "company-updates-for-linkedin", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ce350cb-78ae-4d76-99a7-8a81d342a9c8?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ce4204f-3ee3-4877-8e9d-123d01ae80f5": { "id": "8ce4204f-3ee3-4877-8e9d-123d01ae80f5", "title": "Squirrly SEO - Advanced Pack <= 2.3.8 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Squirrly SEO - Advanced Pack", "slug": "squirrly-seo-pack", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ce4204f-3ee3-4877-8e9d-123d01ae80f5?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ce4be1b-3807-4ded-80a5-30f2f80db89d": { "id": "8ce4be1b-3807-4ded-80a5-30f2f80db89d", "title": "All In One WP Security & Firewall 5.0.0 - 5.0.7 - Protection Bypass via IP Spoofing", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "5.0.0 - 5.0.7": { "from_version": "5.0.0", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ce4be1b-3807-4ded-80a5-30f2f80db89d?source=api-scan" ], "published": "2022-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ce635f1-3798-4ca2-b4cf-ea183a1e1d79": { "id": "8ce635f1-3798-4ca2-b4cf-ea183a1e1d79", "title": "MDC Private Message <= 1.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MDC Private Message", "slug": "mdc-private-message", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ce635f1-3798-4ca2-b4cf-ea183a1e1d79?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ce7aa01-7e79-4048-a84d-fcb9541d5f8b": { "id": "8ce7aa01-7e79-4048-a84d-fcb9541d5f8b", "title": "PDF.js < 4.2.67 - Arbitrary JavaScript Execution", "software": [ { "type": "plugin", "name": "BSK PDF Manager", "slug": "bsk-pdf-manager", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] }, { "type": "plugin", "name": "PDF.js Viewer", "slug": "pdfjs-viewer-shortcode", "affected_versions": { "* - 2.1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] }, { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.21.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.21.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.21.6" ] }, { "type": "plugin", "name": "PDF Viewer for Elementor", "slug": "pdf-viewer-for-elementor", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "ARI Fancy Lightbox \u2013 Popup for WordPress", "slug": "ari-fancy-lightbox", "affected_versions": { "* - 1.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.15" ] }, { "type": "plugin", "name": "Wonder PDF Embed", "slug": "wonderplugin-pdf-embed", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] }, { "type": "plugin", "name": "PDF Embedder", "slug": "pdf-embedder", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.0" ] }, { "type": "plugin", "name": "PDF Poster \u2013 PDF Embedder Plugin", "slug": "pdf-poster", "affected_versions": { "* - 2.1.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.22" ] }, { "type": "plugin", "name": "PDF viewer for Elementor & Gutenberg", "slug": "pdfjs-viewer-for-elementor", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "Dear Flipbook \u2013 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer", "slug": "3d-flipbook-dflip-lite", "affected_versions": { "* - 1.15.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cea7f17-743a-4dce-bd86-5713ff6d8520": { "id": "8cea7f17-743a-4dce-bd86-5713ff6d8520", "title": "Peter\u2019s Custom Anti-Spam <= 3.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Peter\u2019s Custom Anti-Spam", "slug": "peters-custom-anti-spam-image", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cea7f17-743a-4dce-bd86-5713ff6d8520?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cec5695-1fe5-4349-b78d-2e4f7d3b9908": { "id": "8cec5695-1fe5-4349-b78d-2e4f7d3b9908", "title": "LiteSpeed Cache <= 3.6 - Authenticated Stored Cross-Site Scripting via IP setting", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cec5695-1fe5-4349-b78d-2e4f7d3b9908?source=api-scan" ], "published": "2020-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cf1276b-401d-4166-940e-e5d60f85e762": { "id": "8cf1276b-401d-4166-940e-e5d60f85e762", "title": "Masteriyo - LMS <= 1.7.2 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress", "slug": "learning-management-system", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cf1276b-401d-4166-940e-e5d60f85e762?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cf1ac25-2e55-4e27-af01-9b5b1997f339": { "id": "8cf1ac25-2e55-4e27-af01-9b5b1997f339", "title": "WordPress Core < 5.5.2 - Stored Cross-Site Scripting via post slugs", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cf1ac25-2e55-4e27-af01-9b5b1997f339?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cf1b234-862b-41a0-ab63-a986f8023613": { "id": "8cf1b234-862b-41a0-ab63-a986f8023613", "title": "Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup", "software": [ { "type": "plugin", "name": "Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget", "slug": "post-grid-carousel-ultimate", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cf1b234-862b-41a0-ab63-a986f8023613?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cfbad9f-61ba-4216-9078-c1e7e809899a": { "id": "8cfbad9f-61ba-4216-9078-c1e7e809899a", "title": "Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Gallery", "slug": "video-slider-with-thumbnails", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cfc0162-f80d-4979-9b87-df24c30e99ba": { "id": "8cfc0162-f80d-4979-9b87-df24c30e99ba", "title": "Responsive video embed <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive video embed", "slug": "responsive-video-embed", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cfc0162-f80d-4979-9b87-df24c30e99ba?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8cfcdc33-f5aa-4ca9-a2b6-30fcba174c85": { "id": "8cfcdc33-f5aa-4ca9-a2b6-30fcba174c85", "title": "Post SMTP <= 2.1.6 - Authenticated (Administrator+) Blind Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8cfcdc33-f5aa-4ca9-a2b6-30fcba174c85?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d07dcb9-ec8c-4f38-b5c2-2f4020a1c610": { "id": "8d07dcb9-ec8c-4f38-b5c2-2f4020a1c610", "title": "GoToWP <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GoToWP", "slug": "gotowp", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d07dcb9-ec8c-4f38-b5c2-2f4020a1c610?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d189baf-e0d4-4b23-91b8-0c802941b982": { "id": "8d189baf-e0d4-4b23-91b8-0c802941b982", "title": "Breadcrumbs by menu <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Breadcrumbs by menu", "slug": "breadcrumbs-by-menu", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d189baf-e0d4-4b23-91b8-0c802941b982?source=api-scan" ], "published": "2019-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d18e1c7-65b6-4c1f-88bf-4014418ff920": { "id": "8d18e1c7-65b6-4c1f-88bf-4014418ff920", "title": "YourChannel <= 1.2.2 Authenticated (Contributor+) Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d18e1c7-65b6-4c1f-88bf-4014418ff920?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d19e18d-6f2e-48e7-b8da-1d399dc4d65c": { "id": "8d19e18d-6f2e-48e7-b8da-1d399dc4d65c", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d19e18d-6f2e-48e7-b8da-1d399dc4d65c?source=api-scan" ], "published": "2015-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d2dd5e4-558b-44fe-a47c-fb2b5639f39c": { "id": "8d2dd5e4-558b-44fe-a47c-fb2b5639f39c", "title": "Media Downloader <= 0.1.992 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Downloader", "slug": "media-downloader", "affected_versions": { "* - 0.1.992": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.992", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.993" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d2dd5e4-558b-44fe-a47c-fb2b5639f39c?source=api-scan" ], "published": "2014-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d391629-b0a0-4b85-86d3-e1c7603adc95": { "id": "8d391629-b0a0-4b85-86d3-e1c7603adc95", "title": "Icegram Engage <= 3.1.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 3.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d391629-b0a0-4b85-86d3-e1c7603adc95?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d392d0b-f286-44da-aa32-a08d0279baed": { "id": "8d392d0b-f286-44da-aa32-a08d0279baed", "title": "Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d392d0b-f286-44da-aa32-a08d0279baed?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d413350-f520-4dd9-af7d-e776628aef1d": { "id": "8d413350-f520-4dd9-af7d-e776628aef1d", "title": "Simple Org Chart <= 2.3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Org Chart", "slug": "simple-org-chart", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d413350-f520-4dd9-af7d-e776628aef1d?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d4a546a-1c15-4fc5-a2ae-8640457a0c22": { "id": "8d4a546a-1c15-4fc5-a2ae-8640457a0c22", "title": "Dynamic Widgets <= 1.5.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dynamic Widgets", "slug": "dynamic-widgets", "affected_versions": { "[*, 1.5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d4a546a-1c15-4fc5-a2ae-8640457a0c22?source=api-scan" ], "published": "2015-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d4ea0a8-d2f6-4209-b17f-0a26ba664c63": { "id": "8d4ea0a8-d2f6-4209-b17f-0a26ba664c63", "title": "Zebra_Form PHP library <= 2.9.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Inimat", "slug": "wp-inimat", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Ad Swapper", "slug": "ad-swapper", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Drug Search", "slug": "drug-search", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Teaser Maker", "slug": "teaser-maker-standard", "affected_versions": { "* - 0.1.114": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.114", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Customer Service Software & Support Ticket System", "slug": "wp-ticket", "affected_versions": { "* - 5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d4ea0a8-d2f6-4209-b17f-0a26ba664c63?source=api-scan" ], "published": "2021-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d4ec326-3008-45f9-a3d7-59b3676182fc": { "id": "8d4ec326-3008-45f9-a3d7-59b3676182fc", "title": "Ads.txt Admin <= 1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ads.txt Admin", "slug": "ads-txt-admin", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d4ec326-3008-45f9-a3d7-59b3676182fc?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d4f018c-483b-4435-a8b1-f18e5f843507": { "id": "8d4f018c-483b-4435-a8b1-f18e5f843507", "title": "GS Logo Slider \u2013 Ticker, Grid, List, Table & Filter Views <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation", "slug": "gs-logo-slider", "affected_versions": { "* - 3.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d4f018c-483b-4435-a8b1-f18e5f843507?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d4f0513-ac9c-4eaf-b3ce-3a7c47908ef7": { "id": "8d4f0513-ac9c-4eaf-b3ce-3a7c47908ef7", "title": "ShortPixel Critical CSS <= 1.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "ShortPixel Critical CSS", "slug": "shortpixel-critical-css", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d4f0513-ac9c-4eaf-b3ce-3a7c47908ef7?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d52779e-3c86-4823-af0e-6f8d55d35e90": { "id": "8d52779e-3c86-4823-af0e-6f8d55d35e90", "title": "Get Custom Field Values <= 4.0.0 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Get Custom Field Values", "slug": "get-custom-field-values", "affected_versions": { "[*, 4.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d52779e-3c86-4823-af0e-6f8d55d35e90?source=api-scan" ], "published": "2021-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d54079a-1a7e-4391-b7ee-d06d7f8b2312": { "id": "8d54079a-1a7e-4391-b7ee-d06d7f8b2312", "title": "Greenshift Query and Meta Addon < 3.9.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Greenshift Query and Meta Addon", "slug": "greenshiftquery", "affected_versions": { "[*, 3.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d54079a-1a7e-4391-b7ee-d06d7f8b2312?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d553ff1-9f05-47c2-83be-66dba318e63e": { "id": "8d553ff1-9f05-47c2-83be-66dba318e63e", "title": "Chained Quiz <= 1.1.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "[*, 1.1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d553ff1-9f05-47c2-83be-66dba318e63e?source=api-scan" ], "published": "2020-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d5a1aec-11f5-4516-9454-651ca4cd6600": { "id": "8d5a1aec-11f5-4516-9454-651ca4cd6600", "title": "WP Editor <= 1.2.6.3 - Authenticated (Admin+) SQL injection", "software": [ { "type": "plugin", "name": "WP Editor", "slug": "wp-editor", "affected_versions": { "* - 1.2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d5a1aec-11f5-4516-9454-651ca4cd6600?source=api-scan" ], "published": "2021-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d5d0c82-f5cd-4eaf-9530-0541985cb533": { "id": "8d5d0c82-f5cd-4eaf-9530-0541985cb533", "title": "FS Poster <= 6.5.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FS Poster - WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]", "slug": "fs-poster", "affected_versions": { "* - 6.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d5d0c82-f5cd-4eaf-9530-0541985cb533?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d5d554c-f155-4609-afe0-98f331940b65": { "id": "8d5d554c-f155-4609-afe0-98f331940b65", "title": "Himalayas <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Himalayas", "slug": "himalayas", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d5d554c-f155-4609-afe0-98f331940b65?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d5fad17-3b28-4f99-9508-f807cb06cfe5": { "id": "8d5fad17-3b28-4f99-9508-f807cb06cfe5", "title": "json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution", "software": [ { "type": "plugin", "name": "Simple Podcasting", "slug": "simple-podcasting", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Block for Apple Maps", "slug": "maps-block-apple", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d5fad17-3b28-4f99-9508-f807cb06cfe5?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d65b779-717b-4efc-b13d-acdf83ca1e63": { "id": "8d65b779-717b-4efc-b13d-acdf83ca1e63", "title": "Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d65b779-717b-4efc-b13d-acdf83ca1e63?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d769308-6273-4ed2-b64a-d9f065de4cce": { "id": "8d769308-6273-4ed2-b64a-d9f065de4cce", "title": "Tablesome <= 1.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tablesome \u2013 Form DB & Automation \u2013 WPForms, Contact Form 7, Elementor, Forminator, Fluent, Gravity", "slug": "tablesome", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d769308-6273-4ed2-b64a-d9f065de4cce?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d797238-f8f3-44d7-8c16-bee23ce12ae0": { "id": "8d797238-f8f3-44d7-8c16-bee23ce12ae0", "title": "ADFO \u2013 Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ADFO \u2013 Custom data in admin dashboard", "slug": "admin-form", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d797238-f8f3-44d7-8c16-bee23ce12ae0?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d7de93c-f642-4870-b2f9-5070fdccd26b": { "id": "8d7de93c-f642-4870-b2f9-5070fdccd26b", "title": "Wbcom Designs \u2013 BuddyPress Group Reviews <= 2.8.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wbcom Designs \u2013 BuddyPress Group Reviews", "slug": "review-buddypress-groups", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d7de93c-f642-4870-b2f9-5070fdccd26b?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d874540-dced-420d-81c0-46c185df10f1": { "id": "8d874540-dced-420d-81c0-46c185df10f1", "title": "WordPress Core < 2.0.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d874540-dced-420d-81c0-46c185df10f1?source=api-scan" ], "published": "2006-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d89e3b7-d980-42bb-ab0c-d86ab174a69c": { "id": "8d89e3b7-d980-42bb-ab0c-d86ab174a69c", "title": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.35.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.35.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.36.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d89e3b7-d980-42bb-ab0c-d86ab174a69c?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d8ffb68-cd85-4ea9-a772-3539728c76e1": { "id": "8d8ffb68-cd85-4ea9-a772-3539728c76e1", "title": "Members Import <= 1.3 - Cross-Site Request Forgery to User Import and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Members Import", "slug": "members-import", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d8ffb68-cd85-4ea9-a772-3539728c76e1?source=api-scan" ], "published": "2016-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d9720e0-444a-4611-ab8f-33ad005749d5": { "id": "8d9720e0-444a-4611-ab8f-33ad005749d5", "title": "Uncanny Automator Pro < 5.3.0.1 - Missing Authorization to Unauthenticated License Setting Reset", "software": [ { "type": "plugin", "name": "Uncanny Automator Pro", "slug": "uncanny-automator-pro", "affected_versions": { "[*, 5.3.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d9720e0-444a-4611-ab8f-33ad005749d5?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d98a961-bef3-4bce-b493-410eee688bc6": { "id": "8d98a961-bef3-4bce-b493-410eee688bc6", "title": "Order Your Posts Manually <= 2.2.5 - Reflected Cross-Site Scripting via '_user_request'", "software": [ { "type": "plugin", "name": "Order Your Posts Manually", "slug": "order-your-posts-manually", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d98a961-bef3-4bce-b493-410eee688bc6?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8d9bba8c-0e75-4170-a006-16fa4bd0d0ed": { "id": "8d9bba8c-0e75-4170-a006-16fa4bd0d0ed", "title": "PDF Builder for WPForms <= 1.2.88 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Builder for WPForms", "slug": "pdf-builder-for-wpforms", "affected_versions": { "* - 1.2.88": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.88", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.89" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8d9bba8c-0e75-4170-a006-16fa4bd0d0ed?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8da0b944-aa60-489b-8622-44b325fcd242": { "id": "8da0b944-aa60-489b-8622-44b325fcd242", "title": "FoxyPress <= 0.4.2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FoxyPress", "slug": "foxypress", "affected_versions": { "* - 0.4.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8da0b944-aa60-489b-8622-44b325fcd242?source=api-scan" ], "published": "2012-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8da0fed9-4b88-4b68-b317-124fe678cfa4": { "id": "8da0fed9-4b88-4b68-b317-124fe678cfa4", "title": "Template Debugger <= 3.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Template Debugger", "slug": "quick-edit-template-link", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8da0fed9-4b88-4b68-b317-124fe678cfa4?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8da2619f-bc41-4088-9192-902b3c24ec5d": { "id": "8da2619f-bc41-4088-9192-902b3c24ec5d", "title": "Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Plugin LBstopattack", "slug": "lbstopattack", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8da2619f-bc41-4088-9192-902b3c24ec5d?source=api-scan" ], "published": "2022-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8da2ac6e-4fdc-448f-928d-495f65e0ec1f": { "id": "8da2ac6e-4fdc-448f-928d-495f65e0ec1f", "title": "Uncanny Toolkit Pro for LearnDash <= 4.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Uncanny Toolkit Pro for LearnDash", "slug": "uncanny-toolkit-pro", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8da2ac6e-4fdc-448f-928d-495f65e0ec1f?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8da42003-f2d8-4837-84b2-e0e7171fa3fe": { "id": "8da42003-f2d8-4837-84b2-e0e7171fa3fe", "title": "LeadSquared Suite <= 0.7.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LeadSquared Suite", "slug": "leadsquared-suite", "affected_versions": { "* - 0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8da42003-f2d8-4837-84b2-e0e7171fa3fe?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8da49c2e-576c-490b-b812-96d15b6d2b1b": { "id": "8da49c2e-576c-490b-b812-96d15b6d2b1b", "title": "Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Easy Testimonials", "slug": "easy-testimonials", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8da49c2e-576c-490b-b812-96d15b6d2b1b?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8da49fb2-d12a-4d23-9a8a-1b999046573a": { "id": "8da49fb2-d12a-4d23-9a8a-1b999046573a", "title": "Kento Post View Counter <= 2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kento Post View Counter", "slug": "kento-post-view-counter", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8da49fb2-d12a-4d23-9a8a-1b999046573a?source=api-scan" ], "published": "2016-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8daa04cd-b61e-435f-9e10-3319949fdac7": { "id": "8daa04cd-b61e-435f-9e10-3319949fdac7", "title": "JobSearch <= 2.5.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8daa04cd-b61e-435f-9e10-3319949fdac7?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dad1a7c-a5a5-486b-bf15-6fd455e6612c": { "id": "8dad1a7c-a5a5-486b-bf15-6fd455e6612c", "title": "CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "[*, 2.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dad1a7c-a5a5-486b-bf15-6fd455e6612c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dae13e5-cee7-4392-af71-7d466ba6f6c4": { "id": "8dae13e5-cee7-4392-af71-7d466ba6f6c4", "title": "WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Report Post", "slug": "wp-report-post", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dae13e5-cee7-4392-af71-7d466ba6f6c4?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8db8adba-347f-4bdc-8215-23b6f8eb0327": { "id": "8db8adba-347f-4bdc-8215-23b6f8eb0327", "title": "Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Affiliate Pro", "slug": "postaffiliatepro", "affected_versions": { "* - 1.24.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8db8adba-347f-4bdc-8215-23b6f8eb0327?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8db8bbc3-43ca-4ef5-a44d-2987c8597961": { "id": "8db8bbc3-43ca-4ef5-a44d-2987c8597961", "title": "Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8db8bbc3-43ca-4ef5-a44d-2987c8597961?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dbaed2a-cc35-455c-ad7e-c7826d5b3e7f": { "id": "8dbaed2a-cc35-455c-ad7e-c7826d5b3e7f", "title": "Rock Convert <= 2.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rock Convert", "slug": "rock-convert", "affected_versions": { "* - 2.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dbaed2a-cc35-455c-ad7e-c7826d5b3e7f?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dbe4104-b7d1-484f-a843-a3d1fc02999d": { "id": "8dbe4104-b7d1-484f-a843-a3d1fc02999d", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor Pro", "slug": "essential-addons-elementor", "affected_versions": { "* - 5.8.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dbe4104-b7d1-484f-a843-a3d1fc02999d?source=api-scan" ], "published": "2024-06-06 16:18:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dc3cd92-db38-4aa4-8907-9ba7e99380f6": { "id": "8dc3cd92-db38-4aa4-8907-9ba7e99380f6", "title": "WR ContactForm < 1.1.10 - SQL Injection", "software": [ { "type": "plugin", "name": "WR ContactForm", "slug": "wr-contactform", "affected_versions": { "[*, 1.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dc3cd92-db38-4aa4-8907-9ba7e99380f6?source=api-scan" ], "published": "2015-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dc41ac8-1126-4fcc-942e-89e15b1ebfb7": { "id": "8dc41ac8-1126-4fcc-942e-89e15b1ebfb7", "title": "Exports and Reports <= 0.9.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Exports and Reports", "slug": "exports-and-reports", "affected_versions": { "* - 0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dc41ac8-1126-4fcc-942e-89e15b1ebfb7?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dc548cd-16ea-47ac-b4be-eecaf4799690": { "id": "8dc548cd-16ea-47ac-b4be-eecaf4799690", "title": "Responsive Slider \u2013 Image Slider \u2013 Slideshow for WordPress <= 2.8.6 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Responsive Slider \u2013 Image Slider \u2013 Slideshow for WordPress", "slug": "slider-image", "affected_versions": { "[*, 2.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dc548cd-16ea-47ac-b4be-eecaf4799690?source=api-scan" ], "published": "2015-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dca7f2e-f572-468a-8342-a6e096441561": { "id": "8dca7f2e-f572-468a-8342-a6e096441561", "title": "Restaurant Solutions \u2013 Checklist 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restaurant Solutions \u2013 Checklist", "slug": "restaurant-solutions-checklist", "affected_versions": { "1.0.0": { "from_version": "1.0.0", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dca7f2e-f572-468a-8342-a6e096441561?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dda7b14-c341-434b-85f1-029f384c65d6": { "id": "8dda7b14-c341-434b-85f1-029f384c65d6", "title": "affiliate-toolkit \u2013 WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dda7b14-c341-434b-85f1-029f384c65d6?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ddc4593-bdb4-4b01-be28-4317c76ae6b0": { "id": "8ddc4593-bdb4-4b01-be28-4317c76ae6b0", "title": "WPS Bidouille <= 1.12.2 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPS Bidouille", "slug": "wps-bidouille", "affected_versions": { "* - 1.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ddc4593-bdb4-4b01-be28-4317c76ae6b0?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ddeaf57-df82-48f0-b53d-a35a6cd80aca": { "id": "8ddeaf57-df82-48f0-b53d-a35a6cd80aca", "title": "WordPress Core < 4.7.2 - Authenticated SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.17": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.17", "to_inclusive": true }, "3.8 - 3.8.17": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.17", "to_inclusive": true }, "3.9 - 3.9.15": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.15", "to_inclusive": true }, "4.0 - 4.0.14": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": true }, "4.1 - 4.1.14": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.14", "to_inclusive": true }, "4.2 - 4.2.11": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.11", "to_inclusive": true }, "4.3 - 4.3.7": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true }, "4.4 - 4.4.6": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true }, "4.5 - 4.5.5": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.5", "to_inclusive": true }, "4.6 - 4.6.2": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true }, "4.7 - 4.7.1": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.18", "3.8.18", "3.9.16", "4.0.15", "4.1.15", "4.2.12", "4.3.8", "4.4.7", "4.5.6", "4.6.3", "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ddeaf57-df82-48f0-b53d-a35a6cd80aca?source=api-scan" ], "published": "2017-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ddf6964-e0e7-4093-8aea-ac33f4214122": { "id": "8ddf6964-e0e7-4093-8aea-ac33f4214122", "title": "Blaze Slideshow <= 2.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Blaze Slideshow", "slug": "blaze-slide-show-for-wordpress", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ddf6964-e0e7-4093-8aea-ac33f4214122?source=api-scan" ], "published": "2012-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8de25651-4119-4806-91e4-4ea213086bfb": { "id": "8de25651-4119-4806-91e4-4ea213086bfb", "title": "Hotel Booking Lite <= 4.8.4 - Insufficient Path Validation to Unauthenticated Arbitrary File Deletion and Download", "software": [ { "type": "plugin", "name": "Hotel Booking Lite", "slug": "motopress-hotel-booking-lite", "affected_versions": { "[*, 4.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8de25651-4119-4806-91e4-4ea213086bfb?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8de3580c-7740-41a1-a9e3-4b0abcac2a05": { "id": "8de3580c-7740-41a1-a9e3-4b0abcac2a05", "title": "Product Slider for WooCommerce <= 1.13.50 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Slider for WooCommerce by PickPlugins", "slug": "woocommerce-products-slider", "affected_versions": { "* - 1.13.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8de3580c-7740-41a1-a9e3-4b0abcac2a05?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8de3d3c7-bde2-4455-8d60-20307f0a53ee": { "id": "8de3d3c7-bde2-4455-8d60-20307f0a53ee", "title": "JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "JetWidgets For Elementor", "slug": "jetwidgets-for-elementor", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8de3d3c7-bde2-4455-8d60-20307f0a53ee?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8de52b68-c273-4561-98b0-e51afd6cd47b": { "id": "8de52b68-c273-4561-98b0-e51afd6cd47b", "title": "TablePress <= 2.2.4 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files", "software": [ { "type": "plugin", "name": "TablePress \u2013 Tables in WordPress made easy", "slug": "tablepress", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8de52b68-c273-4561-98b0-e51afd6cd47b?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8de8a412-af19-4a1e-a131-47815b38517f": { "id": "8de8a412-af19-4a1e-a131-47815b38517f", "title": "My Calendar < 2.3.30 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "[*, 2.3.30)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8de8a412-af19-4a1e-a131-47815b38517f?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8def156a-f2f2-4640-a1c9-c21c74e1f308": { "id": "8def156a-f2f2-4640-a1c9-c21c74e1f308", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8def156a-f2f2-4640-a1c9-c21c74e1f308?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8defdd2e-e191-498e-826a-b73c6b4f2f57": { "id": "8defdd2e-e191-498e-826a-b73c6b4f2f57", "title": "Hero Banner Ultimate <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Hero Banner Ultimate", "slug": "hero-banner-ultimate", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8defdd2e-e191-498e-826a-b73c6b4f2f57?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8df2134a-5099-415e-a9e0-3c8e2f2c2720": { "id": "8df2134a-5099-415e-a9e0-3c8e2f2c2720", "title": "DL Yandex Metrika <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DL Yandex Metrika", "slug": "dl-yandex-metrika", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8df2134a-5099-415e-a9e0-3c8e2f2c2720?source=api-scan" ], "published": "2024-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8df4f144-0bf3-457f-8014-f603f7179044": { "id": "8df4f144-0bf3-457f-8014-f603f7179044", "title": "AddToAny Share Buttons <= 1.7.47 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AddToAny Share Buttons", "slug": "add-to-any", "affected_versions": { "[*, 1.7.48)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.48", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8df4f144-0bf3-457f-8014-f603f7179044?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8df5c412-e995-411f-94a9-afd7f9941125": { "id": "8df5c412-e995-411f-94a9-afd7f9941125", "title": "Super Store Finder <= 6.9.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Super Store Finder", "slug": "superstorefinder-wp", "affected_versions": { "* - 6.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8df5c412-e995-411f-94a9-afd7f9941125?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8df77bb7-4453-403d-8d35-66251f6d399c": { "id": "8df77bb7-4453-403d-8d35-66251f6d399c", "title": "Sideblog WordPress Plugin <= 6.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sideblog WordPress Plugin", "slug": "sideblog", "affected_versions": { "* - 6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8df77bb7-4453-403d-8d35-66251f6d399c?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dfa65cb-3d16-471a-8464-b71510d65fd5": { "id": "8dfa65cb-3d16-471a-8464-b71510d65fd5", "title": "Toolbox <= 1.4 - SQL Injection", "software": [ { "type": "theme", "name": "Toolbox", "slug": "toolbox", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dfa65cb-3d16-471a-8464-b71510d65fd5?source=api-scan" ], "published": "2012-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8dfc0d5e-bdc4-4f71-8aa3-0a4fbd7ef37d": { "id": "8dfc0d5e-bdc4-4f71-8aa3-0a4fbd7ef37d", "title": "Outbound Link Manager <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Outbound Link Manager", "slug": "outbound-link-manager", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8dfc0d5e-bdc4-4f71-8aa3-0a4fbd7ef37d?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e00a06c-9623-48e0-b212-20a2f1e7e640": { "id": "8e00a06c-9623-48e0-b212-20a2f1e7e640", "title": "Pre-Publish Checklist <= 1.1.1 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update", "software": [ { "type": "plugin", "name": "Pre-Publish Checklist", "slug": "pre-publish-checklist", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e00a06c-9623-48e0-b212-20a2f1e7e640?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e039295-2ccf-450c-8f2a-d113117b9dce": { "id": "8e039295-2ccf-450c-8f2a-d113117b9dce", "title": "WP Fluent Forms < 3.6.67 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "[*, 3.6.67)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e039295-2ccf-450c-8f2a-d113117b9dce?source=api-scan" ], "published": "2021-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e06032d-2e03-448b-9fe0-282d7723a605": { "id": "8e06032d-2e03-448b-9fe0-282d7723a605", "title": "PDF & Print by BestWebSoft < 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF & Print by BestWebSoft \u2013 WordPress Posts and Pages PDF Generator Plugin", "slug": "pdf-print", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e06032d-2e03-448b-9fe0-282d7723a605?source=api-scan" ], "published": "2017-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e0e6fdd-49d2-404a-83e8-c4884bbe7088": { "id": "8e0e6fdd-49d2-404a-83e8-c4884bbe7088", "title": "Newsletters <= 4.6.4.2 - Directory Traversal", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.6.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e0e6fdd-49d2-404a-83e8-c4884bbe7088?source=api-scan" ], "published": "2017-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e11fcc5-c9af-43e7-8c1d-803124e04e63": { "id": "8e11fcc5-c9af-43e7-8c1d-803124e04e63", "title": "Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Very Simple Google Maps", "slug": "very-simple-google-maps", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e11fcc5-c9af-43e7-8c1d-803124e04e63?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e125188-4aff-4c64-b4ec-a363db2431b7": { "id": "8e125188-4aff-4c64-b4ec-a363db2431b7", "title": "WP Users Media <= 4.2.3 - Missing Authorization via wpusme_save_settings", "software": [ { "type": "plugin", "name": "WP Users Media", "slug": "wp-users-media", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e125188-4aff-4c64-b4ec-a363db2431b7?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e127217-fd2a-4b8b-a6a5-85e246bc1289": { "id": "8e127217-fd2a-4b8b-a6a5-85e246bc1289", "title": "Custom Field Bulk Editor <= 1.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field Bulk Editor", "slug": "custom-field-bulk-editor", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e127217-fd2a-4b8b-a6a5-85e246bc1289?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e12d132-c036-4665-bb8d-e31e2b155fbd": { "id": "8e12d132-c036-4665-bb8d-e31e2b155fbd", "title": "Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search (Pro)", "slug": "relevanssi-premium", "affected_versions": { "[*, 2.16.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.16.4" ] }, { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "[*, 4.14.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.14.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e12d132-c036-4665-bb8d-e31e2b155fbd?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e187b71-860e-4404-bbe2-193c6ecfd485": { "id": "8e187b71-860e-4404-bbe2-193c6ecfd485", "title": "White Label Branding for Elementor Page Builder <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "White Label Branding for Elementor Page Builder", "slug": "white-label-branding-elementor", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e187b71-860e-4404-bbe2-193c6ecfd485?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e227e25-3dd9-47fd-bba8-e076f7f92d56": { "id": "8e227e25-3dd9-47fd-bba8-e076f7f92d56", "title": "Sendle Shipping <= 5.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sendle Shipping Plugin", "slug": "official-sendle-shipping-method", "affected_versions": { "* - 5.17": { "from_version": "*", "from_inclusive": true, "to_version": "5.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e227e25-3dd9-47fd-bba8-e076f7f92d56?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e24306a-b741-4840-b238-e37138425bf8": { "id": "8e24306a-b741-4840-b238-e37138425bf8", "title": "List categories <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "List categories", "slug": "list-categories", "affected_versions": { "* - 0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e24306a-b741-4840-b238-e37138425bf8?source=api-scan" ], "published": "2024-05-29 15:51:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e25914f-f2c6-4224-a2f4-0b691d1e77aa": { "id": "8e25914f-f2c6-4224-a2f4-0b691d1e77aa", "title": "Event Tickets <= 4.10.7.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Event Tickets and Registration", "slug": "event-tickets", "affected_versions": { "* - 4.10.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e25914f-f2c6-4224-a2f4-0b691d1e77aa?source=api-scan" ], "published": "2019-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e25a511-f176-4532-bb9f-a7a3134ee29a": { "id": "8e25a511-f176-4532-bb9f-a7a3134ee29a", "title": "Curtain <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Curtain", "slug": "curtain", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e25a511-f176-4532-bb9f-a7a3134ee29a?source=api-scan" ], "published": "2022-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e2c6030-d117-4c0b-a97a-d0bb89e948ef": { "id": "8e2c6030-d117-4c0b-a97a-d0bb89e948ef", "title": "Kaswara Modern VC Addons <= 3.0.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Kaswara Modern VC Addons", "slug": "kaswara", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e2c6030-d117-4c0b-a97a-d0bb89e948ef?source=api-scan" ], "published": "2021-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e332a52-071c-4725-99db-3cc10ee50230": { "id": "8e332a52-071c-4725-99db-3cc10ee50230", "title": "Extensions for Leaflet Map <= 3.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Extensions for Leaflet Map", "slug": "extensions-leaflet-map", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e332a52-071c-4725-99db-3cc10ee50230?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e33d72d-00d4-45c8-98d2-0a0a73d13b35": { "id": "8e33d72d-00d4-45c8-98d2-0a0a73d13b35", "title": "IgniteUp \u2013 Coming Soon and Maintenance Mode <= 3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IgniteUp \u2013 Coming Soon and Maintenance Mode", "slug": "igniteup", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e33d72d-00d4-45c8-98d2-0a0a73d13b35?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e361473-8ed6-41d0-b409-2436189c1120": { "id": "8e361473-8ed6-41d0-b409-2436189c1120", "title": "Modern Events Calendar Lite <= 5.16.4 - Unauthenticated Events Export", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 5.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e361473-8ed6-41d0-b409-2436189c1120?source=api-scan" ], "published": "2021-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e37331b-0b75-41ee-b390-532efd674cc1": { "id": "8e37331b-0b75-41ee-b390-532efd674cc1", "title": "WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update", "software": [ { "type": "plugin", "name": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging", "slug": "wp-rss-aggregator", "affected_versions": { "* - 4.23.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.23.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e37331b-0b75-41ee-b390-532efd674cc1?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e3a5566-eee5-4f71-9c93-e59abf913d04": { "id": "8e3a5566-eee5-4f71-9c93-e59abf913d04", "title": "SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass", "software": [ { "type": "plugin", "name": "Security Optimizer \u2013 The All-In-One Protection Plugin", "slug": "sg-security", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e3a5566-eee5-4f71-9c93-e59abf913d04?source=api-scan" ], "published": "2022-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e3c45ac-44c0-47e1-81af-65014f064513": { "id": "8e3c45ac-44c0-47e1-81af-65014f064513", "title": "Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload", "software": [ { "type": "theme", "name": "Aidreform", "slug": "aidreform", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Kingclub Theme", "slug": "kingclub-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Spikes Black", "slug": "spikes-black", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Statfort", "slug": "statfort", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Bolster", "slug": "bolster", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Club Theme", "slug": "club-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Spikes", "slug": "spikes", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Soundblast", "slug": "soundblast", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Westand", "slug": "westand", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] }, { "type": "theme", "name": "Footysquare", "slug": "footysquare", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e3e07c8-8fd0-4966-8276-aece794b75b2": { "id": "8e3e07c8-8fd0-4966-8276-aece794b75b2", "title": "Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "[3.1, 3.1.1.4.2)": { "from_version": "3.1", "from_inclusive": true, "to_version": "3.1.1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e3e07c8-8fd0-4966-8276-aece794b75b2?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e40a954-53c4-453b-85f0-d3febaa6ae84": { "id": "8e40a954-53c4-453b-85f0-d3febaa6ae84", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.16 - Unauthenticated Plugin Settings Reset", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "* - 4.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e40a954-53c4-453b-85f0-d3febaa6ae84?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e42831f-844d-40dc-965e-80334aab333c": { "id": "8e42831f-844d-40dc-965e-80334aab333c", "title": "wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 2.1.49": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.49", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e42831f-844d-40dc-965e-80334aab333c?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e4ad8fa-b04c-4821-aadb-3120f824557f": { "id": "8e4ad8fa-b04c-4821-aadb-3120f824557f", "title": "Stripe Gateway <= 7.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Stripe Payment Gateway", "slug": "woocommerce-gateway-stripe", "affected_versions": { "[*, 7.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e4ad8fa-b04c-4821-aadb-3120f824557f?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e4dbf38-e955-4634-9a07-775ea49b0051": { "id": "8e4dbf38-e955-4634-9a07-775ea49b0051", "title": "WP Construction Mode <= 1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Construction Mode", "slug": "wp-construction-mode", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e4dbf38-e955-4634-9a07-775ea49b0051?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e4dc6fd-4bd5-4ed1-ade0-cf2f8831fac3": { "id": "8e4dc6fd-4bd5-4ed1-ade0-cf2f8831fac3", "title": "Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e4dc6fd-4bd5-4ed1-ade0-cf2f8831fac3?source=api-scan" ], "published": "2024-06-19 13:17:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e5417d3-c466-4caf-9fb6-26d6e2c06fe1": { "id": "8e5417d3-c466-4caf-9fb6-26d6e2c06fe1", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e5417d3-c466-4caf-9fb6-26d6e2c06fe1?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e59e02f-d701-476a-9fd8-2098004089ec": { "id": "8e59e02f-d701-476a-9fd8-2098004089ec", "title": "Pondol Carousel <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pondol Carousel", "slug": "pondol-carousel", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e59e02f-d701-476a-9fd8-2098004089ec?source=api-scan" ], "published": "2016-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e5c0282-6d13-4c83-8d1f-c49430f714d6": { "id": "8e5c0282-6d13-4c83-8d1f-c49430f714d6", "title": "All in One Time Clok Lite <= 1.3.320 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One Time Clock Lite \u2013 Tracking Employee Time Has Never Been Easier", "slug": "aio-time-clock-lite", "affected_versions": { "* - 1.3.320": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.320", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.321" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e5c0282-6d13-4c83-8d1f-c49430f714d6?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e5c3d74-1240-4501-856f-18a1c6369d1c": { "id": "8e5c3d74-1240-4501-856f-18a1c6369d1c", "title": "Master Addons for Elementor <= 2.0.5.4.1 - Missing Authorization on Duplicate Post", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.5.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e5c3d74-1240-4501-856f-18a1c6369d1c?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e5e92f2-6fd0-4102-aa8e-2fe8efd9cbaa": { "id": "8e5e92f2-6fd0-4102-aa8e-2fe8efd9cbaa", "title": "Livemesh Addons for Beaver Builder <= 3.6.1 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Livemesh Addons for Beaver Builder", "slug": "addons-for-beaver-builder", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e5e92f2-6fd0-4102-aa8e-2fe8efd9cbaa?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e64d865-5acc-419b-8c61-e8fd8207fa94": { "id": "8e64d865-5acc-419b-8c61-e8fd8207fa94", "title": "Adifier System < 3.1.4 - Unauthenticated SQL Injection", "software": [ { "type": "theme", "name": "Adifier - Classified Ads WordPress Theme", "slug": "adifier-system", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e64d865-5acc-419b-8c61-e8fd8207fa94?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e73b00e-38f7-45dc-8577-5cc47c18b9fd": { "id": "8e73b00e-38f7-45dc-8577-5cc47c18b9fd", "title": "BlossomThemes Email Newsletter <= 2.2.6 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "BlossomThemes Email Newsletter", "slug": "blossomthemes-email-newsletter", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e73b00e-38f7-45dc-8577-5cc47c18b9fd?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e75d72d-d999-4755-8c90-7fb7d630ab00": { "id": "8e75d72d-d999-4755-8c90-7fb7d630ab00", "title": "Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e75d72d-d999-4755-8c90-7fb7d630ab00?source=api-scan" ], "published": "2024-06-18 18:55:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e7b40e4-c80a-4317-acff-77696fd8098f": { "id": "8e7b40e4-c80a-4317-acff-77696fd8098f", "title": "Bamboo Columns <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bamboo Columns", "slug": "bamboo-columns", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e7b40e4-c80a-4317-acff-77696fd8098f?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e7cbe45-5dd5-4b8f-8504-a52358156838": { "id": "8e7cbe45-5dd5-4b8f-8504-a52358156838", "title": "ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update", "software": [ { "type": "plugin", "name": "ACF Front End Editor", "slug": "acf-front-end-editor", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e7cbe45-5dd5-4b8f-8504-a52358156838?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e83475e-03fc-47b8-b23c-a7b16641351b": { "id": "8e83475e-03fc-47b8-b23c-a7b16641351b", "title": "Easy Digital Downloads \u2013 PDF Invoices < 1.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Invoices", "slug": "edd-invoices", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e83475e-03fc-47b8-b23c-a7b16641351b?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e8e967f-f627-4c0c-ac0f-0a66ae25c602": { "id": "8e8e967f-f627-4c0c-ac0f-0a66ae25c602", "title": "WP User Frontend <= 3.6.8 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "* - 3.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e8e967f-f627-4c0c-ac0f-0a66ae25c602?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e8fe6f4-7e41-44d3-9980-b5e7f43aa849": { "id": "8e8fe6f4-7e41-44d3-9980-b5e7f43aa849", "title": "Parcel Pro <= 1.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Parcel Pro", "slug": "woo-parcel-pro", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e8fe6f4-7e41-44d3-9980-b5e7f43aa849?source=api-scan" ], "published": "2024-10-17 15:42:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e93072c-eb0c-46a7-8ed7-7f48916dab50": { "id": "8e93072c-eb0c-46a7-8ed7-7f48916dab50", "title": "WordPress Ping Optimizer <= 2.35.1.3.0 - Cross-Site Request Forgery to Log Clearing", "software": [ { "type": "plugin", "name": "WordPress Ping Optimizer", "slug": "wordpress-ping-optimizer", "affected_versions": { "* - 2.35.1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.35.1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e93072c-eb0c-46a7-8ed7-7f48916dab50?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8e98d92a-fe64-4591-972b-ed11542506b7": { "id": "8e98d92a-fe64-4591-972b-ed11542506b7", "title": "Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin", "slug": "page-builder-sandwich", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8e98d92a-fe64-4591-972b-ed11542506b7?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea002da-bf37-4c6d-a46e-4f0e7f8968ad": { "id": "8ea002da-bf37-4c6d-a46e-4f0e7f8968ad", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea002da-bf37-4c6d-a46e-4f0e7f8968ad?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea087a7-197b-4dbe-b551-8074a0ea23ba": { "id": "8ea087a7-197b-4dbe-b551-8074a0ea23ba", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea087a7-197b-4dbe-b551-8074a0ea23ba?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea0e5ae-c8b8-4782-a130-e5460a81b066": { "id": "8ea0e5ae-c8b8-4782-a130-e5460a81b066", "title": "Hide Admin Bar Based On User Roles < 3.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hide Admin Bar Based on User Roles", "slug": "hide-admin-bar-based-on-user-roles", "affected_versions": { "[*, 3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea0e5ae-c8b8-4782-a130-e5460a81b066?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea25e80-af12-4845-b505-16654a68b009": { "id": "8ea25e80-af12-4845-b505-16654a68b009", "title": "Easy Banners <= 1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Banners", "slug": "easy-banners", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea25e80-af12-4845-b505-16654a68b009?source=api-scan" ], "published": "2014-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea4617a-6211-4f8d-ab51-10ca509aaacf": { "id": "8ea4617a-6211-4f8d-ab51-10ca509aaacf", "title": "Quill Forms <= 3.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress", "slug": "quillforms", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea4617a-6211-4f8d-ab51-10ca509aaacf?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea53b11-37fa-4c45-a158-5a7709b842fc": { "id": "8ea53b11-37fa-4c45-a158-5a7709b842fc", "title": "Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Comments Extra Fields For Post,Pages and CPT", "slug": "wp-comment-fields", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea59532-e1c2-4dad-b2a8-01f401c54181": { "id": "8ea59532-e1c2-4dad-b2a8-01f401c54181", "title": "NextScripts <= 4.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea59532-e1c2-4dad-b2a8-01f401c54181?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea6b79c-2a09-4a6e-9b4b-a81f96e3bc12": { "id": "8ea6b79c-2a09-4a6e-9b4b-a81f96e3bc12", "title": "HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "HTTP Headers", "slug": "http-headers", "affected_versions": { "* - 1.18.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea6b79c-2a09-4a6e-9b4b-a81f96e3bc12?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ea7b7b5-ba3a-4d9c-9a63-ed9f645c6b1b": { "id": "8ea7b7b5-ba3a-4d9c-9a63-ed9f645c6b1b", "title": "JS Help Desk \u2013 Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ea7b7b5-ba3a-4d9c-9a63-ed9f645c6b1b?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8eaf6dfd-bc66-466f-af80-213213fdb839": { "id": "8eaf6dfd-bc66-466f-af80-213213fdb839", "title": "MaxButtons <= 9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 9.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8eaf6dfd-bc66-466f-af80-213213fdb839?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8eb778d0-2aa4-4d0a-9ac1-42af51c335bf": { "id": "8eb778d0-2aa4-4d0a-9ac1-42af51c335bf", "title": "Salon booking system <= 7.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 7.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8eb778d0-2aa4-4d0a-9ac1-42af51c335bf?source=api-scan" ], "published": "2022-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8eb77a53-4aea-46c3-8eea-a16f728dfa23": { "id": "8eb77a53-4aea-46c3-8eea-a16f728dfa23", "title": "Shortcodes Finder <= 1.5.4 - Reflected Cross-Site Scripting via nonce", "software": [ { "type": "plugin", "name": "Shortcodes Finder", "slug": "shortcodes-finder", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8eb77a53-4aea-46c3-8eea-a16f728dfa23?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8eba82b9-20cd-4bf1-85bc-2daea4423ee8": { "id": "8eba82b9-20cd-4bf1-85bc-2daea4423ee8", "title": "WP Map Block \u2013 Gutenberg Map Block for Google Map and OpenStreet Map <= 1.2.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Map Block \u2013 Gutenberg Map Block for Google Map and OpenStreet Map", "slug": "wp-map-block", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8eba82b9-20cd-4bf1-85bc-2daea4423ee8?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ebb1072-ea05-4914-961d-0d8f20248078": { "id": "8ebb1072-ea05-4914-961d-0d8f20248078", "title": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "slug": "wp-staging", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ebb1072-ea05-4914-961d-0d8f20248078?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ebc05b6-89dd-4373-a632-75c783716643": { "id": "8ebc05b6-89dd-4373-a632-75c783716643", "title": "Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "[*, 2.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ebc05b6-89dd-4373-a632-75c783716643?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ec5173b-7b0d-4887-8c13-f48137aa8593": { "id": "8ec5173b-7b0d-4887-8c13-f48137aa8593", "title": "Help Desk WP <= 1.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Help Desk WP", "slug": "helpdeskwp", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ec5173b-7b0d-4887-8c13-f48137aa8593?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ec9b8f4-0531-4d3b-8416-ba6dd41a3bac": { "id": "8ec9b8f4-0531-4d3b-8416-ba6dd41a3bac", "title": "Link To Bible <= 2.5.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link To Bible", "slug": "link-to-bible", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ec9b8f4-0531-4d3b-8416-ba6dd41a3bac?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ecd781f-1bef-4f22-ac1f-88709ea45616": { "id": "8ecd781f-1bef-4f22-ac1f-88709ea45616", "title": "Ntz Antispam <= 2.0e - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Ntz Antispam", "slug": "ntzantispam", "affected_versions": { "* - 2.0e": { "from_version": "*", "from_inclusive": true, "to_version": "2.0e", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ecd781f-1bef-4f22-ac1f-88709ea45616?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ed63de5-ef65-4e90-afc1-b7a075e99316": { "id": "8ed63de5-ef65-4e90-afc1-b7a075e99316", "title": "Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 21.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "21.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ed63de5-ef65-4e90-afc1-b7a075e99316?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ed90a91-e007-42a5-bbef-f186bd3875ea": { "id": "8ed90a91-e007-42a5-bbef-f186bd3875ea", "title": "Pretty Google Calendar <= 1.5.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via pretty_google_calendar shortcode", "software": [ { "type": "plugin", "name": "Pretty Google Calendar", "slug": "pretty-google-calendar", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ed90a91-e007-42a5-bbef-f186bd3875ea?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ed9a5df-90d0-4abe-be1c-49c50a6b48b3": { "id": "8ed9a5df-90d0-4abe-be1c-49c50a6b48b3", "title": "Duplicate Page <= 3.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Duplicate Page", "slug": "duplicate-page", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ed9a5df-90d0-4abe-be1c-49c50a6b48b3?source=api-scan" ], "published": "2019-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8eda641b-eddc-4255-80e4-c77c217f979f": { "id": "8eda641b-eddc-4255-80e4-c77c217f979f", "title": "Car Rental by BestWebSoft <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Car Rental by BestWebSoft", "slug": "car-rental", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8eda641b-eddc-4255-80e4-c77c217f979f?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8edaf5ce-6a26-44cc-b4d8-e3b0ccfa9c11": { "id": "8edaf5ce-6a26-44cc-b4d8-e3b0ccfa9c11", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_edit_item", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8edaf5ce-6a26-44cc-b4d8-e3b0ccfa9c11?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8edb060b-349c-46bb-9440-94f753621111": { "id": "8edb060b-349c-46bb-9440-94f753621111", "title": "Gallery \u2013 Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8edb060b-349c-46bb-9440-94f753621111?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8edb72f5-dda3-4c59-ba7a-7a460cb59c03": { "id": "8edb72f5-dda3-4c59-ba7a-7a460cb59c03", "title": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8edb72f5-dda3-4c59-ba7a-7a460cb59c03?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ee21796-5340-4f84-b1c4-a95137a27223": { "id": "8ee21796-5340-4f84-b1c4-a95137a27223", "title": "WP User <= 7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP User \u2013 Custom Registration Forms, Login and User Profile", "slug": "wp-user", "affected_versions": { "* - 7.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ee21796-5340-4f84-b1c4-a95137a27223?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ef33e3c-187a-45d9-9dac-0895dce34216": { "id": "8ef33e3c-187a-45d9-9dac-0895dce34216", "title": "EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "EWWW Image Optimizer", "slug": "ewww-image-optimizer", "affected_versions": { "* - 5.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ef33e3c-187a-45d9-9dac-0895dce34216?source=api-scan" ], "published": "2020-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ef3a657-28ce-4a27-b4d8-617db8027ffc": { "id": "8ef3a657-28ce-4a27-b4d8-617db8027ffc", "title": "Easy Social Icons <= 3.0.8 \u2013 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ef3a657-28ce-4a27-b4d8-617db8027ffc?source=api-scan" ], "published": "2021-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ef64d17-fc52-4d47-aca3-e136245bc114": { "id": "8ef64d17-fc52-4d47-aca3-e136245bc114", "title": "YourMembership Single Sign On <= 1.1.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "YourMembership Single Sign On \u2013 YM SSO Login", "slug": "login-with-yourmembership", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ef64d17-fc52-4d47-aca3-e136245bc114?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ef75bb4-febf-4009-a6b4-f0b40a4fc903": { "id": "8ef75bb4-febf-4009-a6b4-f0b40a4fc903", "title": "Manager for Icomoon <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Manager for Icomoon", "slug": "manager-for-icomoon", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ef75bb4-febf-4009-a6b4-f0b40a4fc903?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ef7c48b-e8f2-40bd-aa48-191059e15453": { "id": "8ef7c48b-e8f2-40bd-aa48-191059e15453", "title": "Thanh To\u00e1n Qu\u00e9t M\u00e3 QR Code T\u1ef1 \u0110\u1ed9ng \u2013 MoMo, ViettelPay, VNPay v\u00e0 40 ng\u00e2n h\u00e0ng Vi\u1ec7t Nam <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thanh To\u00e1n Qu\u00e9t M\u00e3 QR Code T\u1ef1 \u0110\u1ed9ng \u2013 MoMo, ViettelPay, VNPay v\u00e0 40 ng\u00e2n h\u00e0ng Vi\u1ec7t Nam", "slug": "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ef7c48b-e8f2-40bd-aa48-191059e15453?source=api-scan" ], "published": "2024-09-23 18:36:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8efa8e86-6260-484a-a6da-18574bf41ed9": { "id": "8efa8e86-6260-484a-a6da-18574bf41ed9", "title": "Dynamic Elementor Addons <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Dynamic Elementor Addons", "slug": "dynamic-elementor-addons", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8efa8e86-6260-484a-a6da-18574bf41ed9?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8efe2ccf-33cb-4db3-bc3d-ead826adb7d0": { "id": "8efe2ccf-33cb-4db3-bc3d-ead826adb7d0", "title": "Easy Captcha <= 1.0 - Missing Authorization via easy_captcha_update_settings", "software": [ { "type": "plugin", "name": "Easy Captcha", "slug": "easy-captcha", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8efe2ccf-33cb-4db3-bc3d-ead826adb7d0?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f052dfc-609d-43ed-a8bb-e30294749d03": { "id": "8f052dfc-609d-43ed-a8bb-e30294749d03", "title": "WordPress Email Marketing Plugin \u2013 WP Email Capture <= 3.9.3 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Email Marketing Plugin \u2013 WP Email Capture", "slug": "wp-email-capture", "affected_versions": { "* - 3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f052dfc-609d-43ed-a8bb-e30294749d03?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f0ee03c-8cf6-4372-b740-722fc1283ee3": { "id": "8f0ee03c-8cf6-4372-b740-722fc1283ee3", "title": "MM-email2image <= 0.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MM-email2image", "slug": "mm-email2image", "affected_versions": { "* - 0.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f0ee03c-8cf6-4372-b740-722fc1283ee3?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f105002-a19a-4376-af65-7e9416175174": { "id": "8f105002-a19a-4376-af65-7e9416175174", "title": "PPOM for WooCommerce <= 32.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "PPOM \u2013 Product Addons & Custom Fields for WooCommerce", "slug": "woocommerce-product-addon", "affected_versions": { "[*, 32.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "32.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "32.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f105002-a19a-4376-af65-7e9416175174?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f10a95c-59ff-49a2-8bbf-1b0a802b62c6": { "id": "8f10a95c-59ff-49a2-8bbf-1b0a802b62c6", "title": "Page Layout Builder <= 1.9.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MiniMax \u2013 Page Layout Builder", "slug": "page-layout-builder", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f10a95c-59ff-49a2-8bbf-1b0a802b62c6?source=api-scan" ], "published": "2016-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f1866d6-79ac-444c-ab73-eab081786c93": { "id": "8f1866d6-79ac-444c-ab73-eab081786c93", "title": "Preferred Languages <= 2.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Preferred Languages", "slug": "preferred-languages", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f1866d6-79ac-444c-ab73-eab081786c93?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f1e6f04-04d4-4484-86bd-28df6388a953": { "id": "8f1e6f04-04d4-4484-86bd-28df6388a953", "title": "Simple History <= 3.3.1 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "Simple History \u2013 Track, Log, and Audit WordPress Changes", "slug": "simple-history", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f1e6f04-04d4-4484-86bd-28df6388a953?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f20734d-4105-401b-992a-b47d049f70f4": { "id": "8f20734d-4105-401b-992a-b47d049f70f4", "title": "AJAX Multi Upload <= 1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AJAX Multi Upload", "slug": "ajax_multi_upload", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f20734d-4105-401b-992a-b47d049f70f4?source=api-scan" ], "published": "2012-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f220293-9789-4824-b736-ead014c45366": { "id": "8f220293-9789-4824-b736-ead014c45366", "title": "Multiple Post Passwords <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multiple Post Passwords", "slug": "multiple-post-passwords", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f220293-9789-4824-b736-ead014c45366?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f24743c-3894-40a8-9128-7d04bc2c8345": { "id": "8f24743c-3894-40a8-9128-7d04bc2c8345", "title": "WP Post to PDF <= 2.3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Post to PDF", "slug": "wp-post-to-pdf", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f24743c-3894-40a8-9128-7d04bc2c8345?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f24f7e2-2516-4f4d-955f-f3f6001cbce7": { "id": "8f24f7e2-2516-4f4d-955f-f3f6001cbce7", "title": "PhonePe Payment Solutions <= 1.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "PhonePe Payment Solutions", "slug": "phonepe-payment-solutions", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f24f7e2-2516-4f4d-955f-f3f6001cbce7?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f29da38-177e-4c8d-964f-473b2a3e1b78": { "id": "8f29da38-177e-4c8d-964f-473b2a3e1b78", "title": "Vilva <= 1.2.2 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Vilva", "slug": "vilva", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f29da38-177e-4c8d-964f-473b2a3e1b78?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f342fb7-8f52-43d9-a887-1cf1fffa6ec6": { "id": "8f342fb7-8f52-43d9-a887-1cf1fffa6ec6", "title": "WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize", "software": [ { "type": "plugin", "name": "WP Clean Up", "slug": "wp-clean-up", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f342fb7-8f52-43d9-a887-1cf1fffa6ec6?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f35838f-4a7d-4d25-9e5e-956411e59b62": { "id": "8f35838f-4a7d-4d25-9e5e-956411e59b62", "title": "Backup and Restore WordPress <= 1.50 - Missing Authorization", "software": [ { "type": "plugin", "name": "Backup and Restore WordPress \u2013 Backup Plugin", "slug": "wp-backitup", "affected_versions": { "* - 1.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.50", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f35838f-4a7d-4d25-9e5e-956411e59b62?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f374eea-e6c0-4007-8855-4b1b63335775": { "id": "8f374eea-e6c0-4007-8855-4b1b63335775", "title": "LDD Directory Lite - <= 3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LDD Directory Lite", "slug": "ldd-directory-lite", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f374eea-e6c0-4007-8855-4b1b63335775?source=api-scan" ], "published": "2022-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f3ed0f0-897d-47f4-acdc-b483838af4bc": { "id": "8f3ed0f0-897d-47f4-acdc-b483838af4bc", "title": "SlideDeck 2 <= 2.3.3 - Local\/Remote File Inclusion", "software": [ { "type": "plugin", "name": "SlideDeck 2 Lite Responsive Content Slider", "slug": "slidedeck2", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f3ed0f0-897d-47f4-acdc-b483838af4bc?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f411d17-5b0d-4a4a-afa8-7efebf6965f2": { "id": "8f411d17-5b0d-4a4a-afa8-7efebf6965f2", "title": "Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post\/Pages\/Attachements Deletion and Demo Data Import", "software": [ { "type": "plugin", "name": "Sparkle Demo Importer", "slug": "sparkle-demo-importer", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f411d17-5b0d-4a4a-afa8-7efebf6965f2?source=api-scan" ], "published": "2024-06-21 11:04:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f494ca7-3f2f-4535-92ff-1ed5c469bf45": { "id": "8f494ca7-3f2f-4535-92ff-1ed5c469bf45", "title": "Doneren met Mollie <= 2.10.2 - Unauthenticated Reflected Cross-Site Scripting via search", "software": [ { "type": "plugin", "name": "Doneren met Mollie", "slug": "doneren-met-mollie", "affected_versions": { "* - 2.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f494ca7-3f2f-4535-92ff-1ed5c469bf45?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f4a9f9f-a342-4053-b4e0-cbaa9796e4ba": { "id": "8f4a9f9f-a342-4053-b4e0-cbaa9796e4ba", "title": "GigPress <= 2.3.8 - SQL Injection", "software": [ { "type": "plugin", "name": "GigPress", "slug": "gigpress", "affected_versions": { "[*, 2.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f4a9f9f-a342-4053-b4e0-cbaa9796e4ba?source=api-scan" ], "published": "2015-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f4ae82c-f249-4094-a0ef-568c3a30d16b": { "id": "8f4ae82c-f249-4094-a0ef-568c3a30d16b", "title": "HC Custom WP-Admin URL <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HC Custom WP-Admin URL", "slug": "hc-custom-wp-admin-url", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f4ae82c-f249-4094-a0ef-568c3a30d16b?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f4c086d-8209-4212-9d91-67238c1a9143": { "id": "8f4c086d-8209-4212-9d91-67238c1a9143", "title": "Custom Banners <= 3.2.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Custom Banners", "slug": "custom-banners", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f4c086d-8209-4212-9d91-67238c1a9143?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f4dc917-028c-451a-9b32-26ef2c488850": { "id": "8f4dc917-028c-451a-9b32-26ef2c488850", "title": "Nexter Extension <= 2.0.3 - Reflected Cross-Site Scripting via post and post_id", "software": [ { "type": "plugin", "name": "Nexter Extension", "slug": "nexter-extension", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f4dc917-028c-451a-9b32-26ef2c488850?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f4f2317-945e-4fd8-8a0b-981b88a8412c": { "id": "8f4f2317-945e-4fd8-8a0b-981b88a8412c", "title": "Event Management Tickets Booking <= 1.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event", "slug": "event-monster", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f4f2317-945e-4fd8-8a0b-981b88a8412c?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f4f7cb9-22ef-46fb-bb0a-98fe9af32d38": { "id": "8f4f7cb9-22ef-46fb-bb0a-98fe9af32d38", "title": "Download Media <= 1.4.2 - Missing Authorization via generate_link_for_media", "software": [ { "type": "plugin", "name": "Download Media", "slug": "download-media", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f4f7cb9-22ef-46fb-bb0a-98fe9af32d38?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f50812a-c6a7-4bb3-9833-e10acd0460c0": { "id": "8f50812a-c6a7-4bb3-9833-e10acd0460c0", "title": "MDTF \u2013 Meta Data and Taxonomies Filter <= 1.3.3.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f50812a-c6a7-4bb3-9833-e10acd0460c0?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f52fd57-abfe-48c4-a950-66d72a5a9627": { "id": "8f52fd57-abfe-48c4-a950-66d72a5a9627", "title": "Tracking Code Manager < 1.11.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tracking Code Manager", "slug": "tracking-code-manager", "affected_versions": { "* - 1.11.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f52fd57-abfe-48c4-a950-66d72a5a9627?source=api-scan" ], "published": "2017-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f5357e0-1e1b-4090-a6ae-9587c6a8d290": { "id": "8f5357e0-1e1b-4090-a6ae-9587c6a8d290", "title": "ProfilePress <= 4.13.2 - Information Disclosure via Debug Log", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f5357e0-1e1b-4090-a6ae-9587c6a8d290?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f551441-1f41-4ae2-93a7-6385fa3a70e3": { "id": "8f551441-1f41-4ae2-93a7-6385fa3a70e3", "title": "Kimili Flash Embed <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kimili Flash Embed", "slug": "kimili-flash-embed", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f551441-1f41-4ae2-93a7-6385fa3a70e3?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f562e33-2aef-46f0-8a65-691155ede9e7": { "id": "8f562e33-2aef-46f0-8a65-691155ede9e7", "title": "WP Data Access <= 5.3.7 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "WP Data Access \u2013 WordPress App, Table and Form Builder plugin", "slug": "wp-data-access", "affected_versions": { "* - 5.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f562e33-2aef-46f0-8a65-691155ede9e7?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f5a3ed2-1db2-47e4-9aca-8fb197174342": { "id": "8f5a3ed2-1db2-47e4-9aca-8fb197174342", "title": "Futurio Extra <= 1.6.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Futurio Extra", "slug": "futurio-extra", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f5a3ed2-1db2-47e4-9aca-8fb197174342?source=api-scan" ], "published": "2022-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f5b9aff-0833-4887-ae59-df5bc88c7f91": { "id": "8f5b9aff-0833-4887-ae59-df5bc88c7f91", "title": "Social Sharing Plugin - Social Warfare <= 4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Social Warfare", "slug": "social-warfare", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f5b9aff-0833-4887-ae59-df5bc88c7f91?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f5fa529-4c6e-465e-a281-78ba74e5a718": { "id": "8f5fa529-4c6e-465e-a281-78ba74e5a718", "title": "Accordion (All Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Accordion", "slug": "accordion", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f5fa529-4c6e-465e-a281-78ba74e5a718?source=api-scan" ], "published": "2013-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f617090-f2cf-4ac4-8d09-c1d5c21e120d": { "id": "8f617090-f2cf-4ac4-8d09-c1d5c21e120d", "title": "YITH Maintenance Mode <= 1.3.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH Maintenance Mode", "slug": "yith-maintenance-mode", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f617090-f2cf-4ac4-8d09-c1d5c21e120d?source=api-scan" ], "published": "2021-09-15 11:59:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f687ee4-9760-48dd-9427-853de877dacc": { "id": "8f687ee4-9760-48dd-9427-853de877dacc", "title": "GeoDirectory <= 2.3.70 - Missing Authorization via geodirectory_rated()", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "* - 2.3.70": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.70", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.71" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f687ee4-9760-48dd-9427-853de877dacc?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f68c70b-9fde-43a6-8a7c-00938aa0e109": { "id": "8f68c70b-9fde-43a6-8a7c-00938aa0e109", "title": "WooCommerce Product Categories Selection Widget <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Product Categories Selection Widget", "slug": "woocommerce-product-category-selection-widget", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f68c70b-9fde-43a6-8a7c-00938aa0e109?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae": { "id": "8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae", "title": "WP Maintenance <= 6.1.9.2 - IP Spoofing to Maintenance Mode Bypass", "software": [ { "type": "plugin", "name": "WP Maintenance", "slug": "wp-maintenance", "affected_versions": { "* - 6.1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f6c20cb-b3a9-41d3-bccf-5b834424a59a": { "id": "8f6c20cb-b3a9-41d3-bccf-5b834424a59a", "title": "Amazon JS <= 0.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Amazon JS", "slug": "amazonjs", "affected_versions": { "* - 0.10": { "from_version": "*", "from_inclusive": true, "to_version": "0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f6c20cb-b3a9-41d3-bccf-5b834424a59a?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f6fd0bb-d37b-40b6-b84e-9b21aae891cc": { "id": "8f6fd0bb-d37b-40b6-b84e-9b21aae891cc", "title": "Easy PayPal Buy Now Button <= 1.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy PayPal & Stripe Buy Now Button", "slug": "wp-ecommerce-paypal", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f6fd0bb-d37b-40b6-b84e-9b21aae891cc?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f70c96c-5146-41d8-9d9c-7f2adb336049": { "id": "8f70c96c-5146-41d8-9d9c-7f2adb336049", "title": "News <= 0.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "News", "slug": "news", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f70c96c-5146-41d8-9d9c-7f2adb336049?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f715947-e379-4a05-9ab8-5d9e94ffc136": { "id": "8f715947-e379-4a05-9ab8-5d9e94ffc136", "title": "BBS e-Popup <= 2.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BBS e-Popup", "slug": "bbs-e-popup", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f715947-e379-4a05-9ab8-5d9e94ffc136?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f7b0a1c-16d7-45db-b419-569ed5c4a5e4": { "id": "8f7b0a1c-16d7-45db-b419-569ed5c4a5e4", "title": "Make, formerly Integromat Connector <= 1.5.2 - Authenticated (Subscriber+) Information Disclosure", "software": [ { "type": "plugin", "name": "Make Connector", "slug": "integromat-connector", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f7b0a1c-16d7-45db-b419-569ed5c4a5e4?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f7ce513-45ba-427b-8ee0-1007e404c1a9": { "id": "8f7ce513-45ba-427b-8ee0-1007e404c1a9", "title": "Login Logout Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter", "software": [ { "type": "plugin", "name": "Login Logout Shortcode", "slug": "login-logout-shortcode", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f7ce513-45ba-427b-8ee0-1007e404c1a9?source=api-scan" ], "published": "2024-10-03 13:33:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f7edb22-1441-4cac-9899-cd27dc313870": { "id": "8f7edb22-1441-4cac-9899-cd27dc313870", "title": "Taxonomy Switcher <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Taxonomy Switcher", "slug": "taxonomy-switcher", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f7edb22-1441-4cac-9899-cd27dc313870?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f840a96-8cda-4237-b445-284b88eaf623": { "id": "8f840a96-8cda-4237-b445-284b88eaf623", "title": "All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion", "software": [ { "type": "plugin", "name": "All-in-One Video Gallery", "slug": "all-in-one-video-gallery", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f840a96-8cda-4237-b445-284b88eaf623?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f847a61-4378-4b04-8eb4-99ef36417b6c": { "id": "8f847a61-4378-4b04-8eb4-99ef36417b6c", "title": "GDPR Cookie Compliance <= 4.12.4 - Cross-Site Request Forgery to License Modification", "software": [ { "type": "plugin", "name": "GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD", "slug": "gdpr-cookie-compliance", "affected_versions": { "* - 4.12.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.12.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.12.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f847a61-4378-4b04-8eb4-99ef36417b6c?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f88ff96-5bd7-448d-a030-e75fd268bff6": { "id": "8f88ff96-5bd7-448d-a030-e75fd268bff6", "title": "LadiApp <= 4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f88ff96-5bd7-448d-a030-e75fd268bff6?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f890790-c5ca-4812-9566-6c945d8f39b5": { "id": "8f890790-c5ca-4812-9566-6c945d8f39b5", "title": "Review Ratings <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Review Ratings", "slug": "ratings-shorttags", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f890790-c5ca-4812-9566-6c945d8f39b5?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f896e4a-565a-4545-9683-045cd08ccca0": { "id": "8f896e4a-565a-4545-9683-045cd08ccca0", "title": "WordPress Core <= 2.2.1 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f896e4a-565a-4545-9683-045cd08ccca0?source=api-scan" ], "published": "2007-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f8bd107-5459-4093-8593-deedec6ffcd6": { "id": "8f8bd107-5459-4093-8593-deedec6ffcd6", "title": "Universal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Universal Slider", "slug": "fusion-slider", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f8bd107-5459-4093-8593-deedec6ffcd6?source=api-scan" ], "published": "2024-06-18 14:43:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f8e6ca4-ceeb-4d0c-8b05-86c2abe435a2": { "id": "8f8e6ca4-ceeb-4d0c-8b05-86c2abe435a2", "title": "Giveaways and Contests by RafflePress <= 1.12.16 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers", "slug": "rafflepress", "affected_versions": { "* - 1.12.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f8e6ca4-ceeb-4d0c-8b05-86c2abe435a2?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f9615a9-e001-4a1f-a675-21515b4ba97f": { "id": "8f9615a9-e001-4a1f-a675-21515b4ba97f", "title": "LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "LetsRecover \u2013 WooCommerce Abandoned Cart Notifications", "slug": "letsrecover-woocommerce-abandoned-cart", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f9615a9-e001-4a1f-a675-21515b4ba97f?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f9863b2-177d-4b72-8337-90fbedfd5b54": { "id": "8f9863b2-177d-4b72-8337-90fbedfd5b54", "title": "Currency Switcher <= 2.11.1 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Currency Switcher for WooCommerce", "slug": "currency-switcher-woocommerce", "affected_versions": { "[*, 2.11.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f9863b2-177d-4b72-8337-90fbedfd5b54?source=api-scan" ], "published": "2019-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f9cd0f2-1ca6-47cb-94bd-5c286cf9c67f": { "id": "8f9cd0f2-1ca6-47cb-94bd-5c286cf9c67f", "title": "TinyMCE Color Picker < 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TinyMCE Color Picker", "slug": "tinymce-colorpicker", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f9cd0f2-1ca6-47cb-94bd-5c286cf9c67f?source=api-scan" ], "published": "2014-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f9ce7a1-3e90-4b98-9fc2-4fcd37d332ed": { "id": "8f9ce7a1-3e90-4b98-9fc2-4fcd37d332ed", "title": "WordPress Ping Optimizer <= 2.35.1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Ping Optimizer", "slug": "wordpress-ping-optimizer", "affected_versions": { "* - 2.35.1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.35.1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.35.1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f9ce7a1-3e90-4b98-9fc2-4fcd37d332ed?source=api-scan" ], "published": "2022-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8f9ee168-82b1-4d13-a84e-379f16dcb283": { "id": "8f9ee168-82b1-4d13-a84e-379f16dcb283", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8f9ee168-82b1-4d13-a84e-379f16dcb283?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fa1048e-bdcd-41d1-a7c4-196731a60843": { "id": "8fa1048e-bdcd-41d1-a7c4-196731a60843", "title": "CF7 Invisible reCAPTCHA <= 1.3.3 - Cross-Site Request Forgery via vsz_cf7_invisible_recaptcha_page", "software": [ { "type": "plugin", "name": "CF7 Invisible reCAPTCHA", "slug": "cf7-invisible-recaptcha", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fa1048e-bdcd-41d1-a7c4-196731a60843?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fa382bf-a501-44eb-8a39-7ceb5829378f": { "id": "8fa382bf-a501-44eb-8a39-7ceb5829378f", "title": "Marker.io <= 1.1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Marker.io \u2013 Visual Website Feedback", "slug": "marker-io", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fa382bf-a501-44eb-8a39-7ceb5829378f?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fa4b5df-dc71-49de-880b-895eb1d9cdca": { "id": "8fa4b5df-dc71-49de-880b-895eb1d9cdca", "title": "WP-Recall \u2013 Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update", "software": [ { "type": "plugin", "name": "WP-Recall \u2013 Registration, Profile, Commerce & More", "slug": "wp-recall", "affected_versions": { "* - 16.26.8": { "from_version": "*", "from_inclusive": true, "to_version": "16.26.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.26.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fa4b5df-dc71-49de-880b-895eb1d9cdca?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fa97e67-08c1-4553-bada-e4c59f797207": { "id": "8fa97e67-08c1-4553-bada-e4c59f797207", "title": "Buddyboss Platform <= 1.7.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Buddyboss Platform", "slug": "buddyboss-platform", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fa97e67-08c1-4553-bada-e4c59f797207?source=api-scan" ], "published": "2021-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fab1e59-5123-4ccb-bc0c-b8908643af89": { "id": "8fab1e59-5123-4ccb-bc0c-b8908643af89", "title": "WP Restful <= 0.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-restful", "slug": "wp-restful", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fab1e59-5123-4ccb-bc0c-b8908643af89?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8faecb99-df49-40b5-a5cb-7a8a21cb512c": { "id": "8faecb99-df49-40b5-a5cb-7a8a21cb512c", "title": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin < 3.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "[*, 3.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8faecb99-df49-40b5-a5cb-7a8a21cb512c?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fb6c221-d885-42b5-977c-39e8608e3e31": { "id": "8fb6c221-d885-42b5-977c-39e8608e3e31", "title": "Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Advanced Post Block- Great solution for displaying Posts", "slug": "advanced-post-block", "affected_versions": { "* - 1.13.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fb6c221-d885-42b5-977c-39e8608e3e31?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fbc88da-8944-433c-b94d-9604ffe13d8a": { "id": "8fbc88da-8944-433c-b94d-9604ffe13d8a", "title": "FoxyPress <= 0.4.2.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "FoxyPress", "slug": "foxypress", "affected_versions": { "[*, 0.4.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fbc88da-8944-433c-b94d-9604ffe13d8a?source=api-scan" ], "published": "2012-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fbcd728-d2a2-4787-841d-0ce77356f737": { "id": "8fbcd728-d2a2-4787-841d-0ce77356f737", "title": "Albo Pretorio Online <= 4.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Albo Pretorio On line", "slug": "albo-pretorio-on-line", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fbcd728-d2a2-4787-841d-0ce77356f737?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fc02501-2bb6-4817-8e01-273d3d91ac57": { "id": "8fc02501-2bb6-4817-8e01-273d3d91ac57", "title": "SCORM Cloud For WordPress < 1.0.7 - SQL Injection", "software": [ { "type": "plugin", "name": "SCORM Cloud For WordPress", "slug": "scormcloud", "affected_versions": { "[*, 1.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fc02501-2bb6-4817-8e01-273d3d91ac57?source=api-scan" ], "published": "2011-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fc28132-eae6-4082-988c-2d9e56ff1283": { "id": "8fc28132-eae6-4082-988c-2d9e56ff1283", "title": "Easy Social Share Buttons <= 9.4 - Authenticated (Subscriber+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Easy Social Share Buttons for WordPress", "slug": "easy-social-share-buttons3", "affected_versions": { "* - 9.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fc28132-eae6-4082-988c-2d9e56ff1283?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fc4b815-dc05-4270-bf7a-3b01622739d7": { "id": "8fc4b815-dc05-4270-bf7a-3b01622739d7", "title": "Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fc4b815-dc05-4270-bf7a-3b01622739d7?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fc6c23c-1c5c-4fd8-aeea-8eb431e33b39": { "id": "8fc6c23c-1c5c-4fd8-aeea-8eb431e33b39", "title": "Contact Form to Any API <= 1.1.2 - Authenticated (Administrator+) SQL Injection via 'form_id'", "software": [ { "type": "plugin", "name": "Contact Form to Any API", "slug": "contact-form-to-any-api", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fc6c23c-1c5c-4fd8-aeea-8eb431e33b39?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fc88821-b2be-49a5-a2cf-53e87d0349a2": { "id": "8fc88821-b2be-49a5-a2cf-53e87d0349a2", "title": "WP Shamsi <= 4.3.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion", "software": [ { "type": "plugin", "name": "WP Shamsi \u2013 \u0627\u0641\u0632\u0648\u0646\u0647 \u062a\u0627\u0631\u06cc\u062e \u0634\u0645\u0633\u06cc \u0648 \u0641\u0627\u0631\u0633\u06cc \u0633\u0627\u0632 \u0648\u0631\u062f\u067e\u0631\u0633", "slug": "wp-shamsi", "affected_versions": { "* - 4.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fc88821-b2be-49a5-a2cf-53e87d0349a2?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fcf7283-eb6c-4fee-b606-79026e2227fc": { "id": "8fcf7283-eb6c-4fee-b606-79026e2227fc", "title": "Profile Builder <= 3.1.0 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Profile Builder Pro", "slug": "profile-builder-pro", "affected_versions": { "[*, 3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1" ] }, { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fcf7283-eb6c-4fee-b606-79026e2227fc?source=api-scan" ], "published": "2020-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fcfd8c1-89b3-49f1-90dc-5eac1f9dbae5": { "id": "8fcfd8c1-89b3-49f1-90dc-5eac1f9dbae5", "title": "OxyExtras <= 1.4.4 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OxyExtras", "slug": "oxyextras", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fcfd8c1-89b3-49f1-90dc-5eac1f9dbae5?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fd13b18-63e6-4af2-a224-d87ad3a70dba": { "id": "8fd13b18-63e6-4af2-a224-d87ad3a70dba", "title": "Redirection < 2.2.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirection", "affected_versions": { "[*, 2.2.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fd13b18-63e6-4af2-a224-d87ad3a70dba?source=api-scan" ], "published": "2012-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fd1de2b-bb88-4f7c-b9eb-784eb7af17a6": { "id": "8fd1de2b-bb88-4f7c-b9eb-784eb7af17a6", "title": "qTranslate <= 2.5.39 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "qTranslate", "slug": "qtranslate", "affected_versions": { "* - 2.5.39": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.39", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fd1de2b-bb88-4f7c-b9eb-784eb7af17a6?source=api-scan" ], "published": "2013-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fd2ed33-6977-4480-bdcb-d7afae7bfd06": { "id": "8fd2ed33-6977-4480-bdcb-d7afae7bfd06", "title": "WP Rss Poster <= 1.0.0 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Rss Poster", "slug": "wp-rss-poster", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fd2ed33-6977-4480-bdcb-d7afae7bfd06?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fd93a48-72ab-4475-a25d-d68c98939533": { "id": "8fd93a48-72ab-4475-a25d-d68c98939533", "title": "Essential Real Estate <= 4.3.5 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Real Estate", "slug": "essential-real-estate", "affected_versions": { "* - 4.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fd93a48-72ab-4475-a25d-d68c98939533?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fd93c96-36e9-4e9b-a7ef-b4dc6b7221a8": { "id": "8fd93c96-36e9-4e9b-a7ef-b4dc6b7221a8", "title": "WordPress File Upload <= 4.24.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.24.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fd93c96-36e9-4e9b-a7ef-b4dc6b7221a8?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fe0cb36-7b61-412f-ad2a-d31b18417ce8": { "id": "8fe0cb36-7b61-412f-ad2a-d31b18417ce8", "title": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.73 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure", "software": [ { "type": "plugin", "name": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress", "slug": "radio-player", "affected_versions": { "* - 2.0.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fe0cb36-7b61-412f-ad2a-d31b18417ce8?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fea93d2-c1a5-416d-90d4-92304d8dc41f": { "id": "8fea93d2-c1a5-416d-90d4-92304d8dc41f", "title": "1 Flash Gallery <= 1.9.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "1-flash-gallery", "slug": "1-flash-gallery", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fea93d2-c1a5-416d-90d4-92304d8dc41f?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8febf4ba-ad0f-4f93-8c13-f976d583e689": { "id": "8febf4ba-ad0f-4f93-8c13-f976d583e689", "title": "SMS OVH <= 0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SMS OVH", "slug": "sms-ovh", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8febf4ba-ad0f-4f93-8c13-f976d583e689?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8fefda27-aa3c-4fdf-beea-aaf0cdaaeb77": { "id": "8fefda27-aa3c-4fdf-beea-aaf0cdaaeb77", "title": "Permalink Manager Lite <= 2.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8fefda27-aa3c-4fdf-beea-aaf0cdaaeb77?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ff05617-61b1-4d1f-9230-c771f23d3283": { "id": "8ff05617-61b1-4d1f-9230-c771f23d3283", "title": "Custom Post Type Page Template <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Post Type Page Template", "slug": "custom-post-type-page-template", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ff05617-61b1-4d1f-9230-c771f23d3283?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ff16906-2516-4b3c-8217-e3fb24924e27": { "id": "8ff16906-2516-4b3c-8217-e3fb24924e27", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in optimizeAllOn", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ff16906-2516-4b3c-8217-e3fb24924e27?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ff18222-5796-432e-a810-d01fd5fbec4e": { "id": "8ff18222-5796-432e-a810-d01fd5fbec4e", "title": "PlusCaptcha <= 2.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PlusCaptcha", "slug": "pluscaptcha", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ff18222-5796-432e-a810-d01fd5fbec4e?source=api-scan" ], "published": "2015-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ff1ca68-7c71-4442-b27f-12743fc39b37": { "id": "8ff1ca68-7c71-4442-b27f-12743fc39b37", "title": "Get Custom Field Values < 4.0 - Arbitrary Post Metadata Access", "software": [ { "type": "plugin", "name": "Get Custom Field Values", "slug": "get-custom-field-values", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ff1ca68-7c71-4442-b27f-12743fc39b37?source=api-scan" ], "published": "2021-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ff2a842-2e46-4267-bbf1-e7d9d4a7e277": { "id": "8ff2a842-2e46-4267-bbf1-e7d9d4a7e277", "title": "Sunshine Photo Cart <= 3.2.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ff2a842-2e46-4267-bbf1-e7d9d4a7e277?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ff3b35c-f7e3-4cae-b7f1-1a0930173ac5": { "id": "8ff3b35c-f7e3-4cae-b7f1-1a0930173ac5", "title": "Betheme <= 26.6.2 - Missing Authorization to Post Title Change", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "26.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ff3b35c-f7e3-4cae-b7f1-1a0930173ac5?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ff92ea9-a9d9-4d74-b91e-44ecb19c59f8": { "id": "8ff92ea9-a9d9-4d74-b91e-44ecb19c59f8", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.15.0 - Authenticated (Contributor+) Stored Cross-site Scripting", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ff92ea9-a9d9-4d74-b91e-44ecb19c59f8?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ffb789a-409f-4771-a5e1-2643b6aeadf8": { "id": "8ffb789a-409f-4771-a5e1-2643b6aeadf8", "title": "Primary Addon for Elementor <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Primary Addon for Elementor", "slug": "primary-addon-for-elementor", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ffb789a-409f-4771-a5e1-2643b6aeadf8?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ffc76d8-b841-4c26-bbc6-1f96664efe36": { "id": "8ffc76d8-b841-4c26-bbc6-1f96664efe36", "title": "Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Simple Spoiler", "slug": "simple-spoiler", "affected_versions": { "1.2 - 1.3": { "from_version": "1.2", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ffc76d8-b841-4c26-bbc6-1f96664efe36?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ffdcc0f-8214-4056-abe1-926ed255e9f0": { "id": "8ffdcc0f-8214-4056-abe1-926ed255e9f0", "title": "WP-Invoice \u2013 Web Invoice and Billing <= 4.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP-Invoice \u2013 Web Invoice and Billing", "slug": "wp-invoice", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ffdcc0f-8214-4056-abe1-926ed255e9f0?source=api-scan" ], "published": "2016-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "8ffde2ce-2857-473f-8956-ddce81001070": { "id": "8ffde2ce-2857-473f-8956-ddce81001070", "title": "Safety Exit <= 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Safety Exit", "slug": "safety-exit", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/8ffde2ce-2857-473f-8956-ddce81001070?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9002fe5c-d7c7-4d4a-9e92-db6ff390d78b": { "id": "9002fe5c-d7c7-4d4a-9e92-db6ff390d78b", "title": "Vertical scroll recent post <= 13.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Vertical scroll recent post", "slug": "vertical-scroll-recent-post", "affected_versions": { "[*, 14.0)": { "from_version": "*", "from_inclusive": true, "to_version": "14.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9002fe5c-d7c7-4d4a-9e92-db6ff390d78b?source=api-scan" ], "published": "2022-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "900fcaab-2424-4ae8-af18-95659db0dbe3": { "id": "900fcaab-2424-4ae8-af18-95659db0dbe3", "title": "Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "[*, 2.05.03)": { "from_version": "*", "from_inclusive": true, "to_version": "2.05.03", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.05.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/900fcaab-2424-4ae8-af18-95659db0dbe3?source=api-scan" ], "published": "2017-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "901354c7-a908-4014-aee2-085892f4e4d6": { "id": "901354c7-a908-4014-aee2-085892f4e4d6", "title": "ARI Fancy Lightbox <= 1.3.17 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARI Fancy Lightbox \u2013 Popup for WordPress", "slug": "ari-fancy-lightbox", "affected_versions": { "* - 1.3.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/901354c7-a908-4014-aee2-085892f4e4d6?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9013e816-1f5c-48cc-b79b-37cd9a75c2f6": { "id": "9013e816-1f5c-48cc-b79b-37cd9a75c2f6", "title": "Team Showcase <= 1.22.15 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Showcase", "slug": "team", "affected_versions": { "[*, 1.22.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.22.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9013e816-1f5c-48cc-b79b-37cd9a75c2f6?source=api-scan" ], "published": "2020-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "901baf71-03b5-4493-9318-ba28dcb97dbe": { "id": "901baf71-03b5-4493-9318-ba28dcb97dbe", "title": "Spectra <= 2.6.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/901baf71-03b5-4493-9318-ba28dcb97dbe?source=api-scan" ], "published": "2023-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "901d4e10-06e9-4acd-ba4a-85a537fa10bc": { "id": "901d4e10-06e9-4acd-ba4a-85a537fa10bc", "title": "T1 Theme <= 19.0 - Open Redirect", "software": [ { "type": "theme", "name": "T1 Theme", "slug": "t1", "affected_versions": { "* - 19.0": { "from_version": "*", "from_inclusive": true, "to_version": "19.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/901d4e10-06e9-4acd-ba4a-85a537fa10bc?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "901e85b9-0948-4a00-a29f-a726b53ba51b": { "id": "901e85b9-0948-4a00-a29f-a726b53ba51b", "title": "404 Solution <= 2.35.7 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "404 Solution", "slug": "404-solution", "affected_versions": { "* - 2.35.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.35.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.35.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/901e85b9-0948-4a00-a29f-a726b53ba51b?source=api-scan" ], "published": "2024-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90284576-6570-4e4c-8eb3-743bc402ea1b": { "id": "90284576-6570-4e4c-8eb3-743bc402ea1b", "title": "Menu Icons by ThemeIsle <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Menu Icons by ThemeIsle", "slug": "menu-icons", "affected_versions": { "* - 0.13.13": { "from_version": "*", "from_inclusive": true, "to_version": "0.13.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.13.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90284576-6570-4e4c-8eb3-743bc402ea1b?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "902c017d-c907-4335-9e1e-1d23580d9caf": { "id": "902c017d-c907-4335-9e1e-1d23580d9caf", "title": "WP Secure Maintenance <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Secure Maintenance", "slug": "wp-secure-maintainance", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/902c017d-c907-4335-9e1e-1d23580d9caf?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "902c0c84-fcae-4ce4-9885-89fd135a4ffd": { "id": "902c0c84-fcae-4ce4-9885-89fd135a4ffd", "title": "Cloudflare <= 4.12.2 - Missing Authorization via initProxy", "software": [ { "type": "plugin", "name": "Cloudflare", "slug": "cloudflare", "affected_versions": { "* - 4.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.12.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.12.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/902c0c84-fcae-4ce4-9885-89fd135a4ffd?source=api-scan" ], "published": "2024-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "903161b0-b64c-4986-8c94-b90221bc911b": { "id": "903161b0-b64c-4986-8c94-b90221bc911b", "title": "Redirects <= 1.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Redirects", "slug": "redirects", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/903161b0-b64c-4986-8c94-b90221bc911b?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9032d416-28d1-4fdc-ac95-ba807df165a2": { "id": "9032d416-28d1-4fdc-ac95-ba807df165a2", "title": "Visitors Online by BestWebSoft < 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visitors Online by BestWebSoft", "slug": "visitors-online", "affected_versions": { "[*, 1.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9032d416-28d1-4fdc-ac95-ba807df165a2?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90333dc7-8bdf-4a59-8001-7eb76b4bc61d": { "id": "90333dc7-8bdf-4a59-8001-7eb76b4bc61d", "title": "Archivist \u2013 Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Archivist \u2013 Custom Archive Templates", "slug": "archivist-custom-archive-templates", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90333dc7-8bdf-4a59-8001-7eb76b4bc61d?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "903abd7f-6bee-4d96-96c2-f09abbb2eefe": { "id": "903abd7f-6bee-4d96-96c2-f09abbb2eefe", "title": "Amazon Affiliate <= 3.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Amazon Affiliate", "slug": "aawp", "affected_versions": { "* - 3.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.17.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/903abd7f-6bee-4d96-96c2-f09abbb2eefe?source=api-scan" ], "published": "2022-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9040aa36-2d3b-4470-93ae-19ad16fcd929": { "id": "9040aa36-2d3b-4470-93ae-19ad16fcd929", "title": "All-in-One WP Migration <= 7.62 - Unauthenticated Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "* - 7.62": { "from_version": "*", "from_inclusive": true, "to_version": "7.62", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9040aa36-2d3b-4470-93ae-19ad16fcd929?source=api-scan" ], "published": "2022-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90465354-0174-4f85-a66b-589d9408c3c8": { "id": "90465354-0174-4f85-a66b-589d9408c3c8", "title": "Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Delhivery Logistics Courier", "slug": "delhivery-logistics-courier", "affected_versions": { "* - 1.0.107": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.107", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90465354-0174-4f85-a66b-589d9408c3c8?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9049ac31-b79a-4872-a522-2930fb1dfea6": { "id": "9049ac31-b79a-4872-a522-2930fb1dfea6", "title": "WC Marketplace <= 4.1.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 4.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9049ac31-b79a-4872-a522-2930fb1dfea6?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "904e407c-5ec7-433f-9161-eb4d6d263a97": { "id": "904e407c-5ec7-433f-9161-eb4d6d263a97", "title": "Canto <= 1.9.0 - Blind Server-Side Request Forgery via download.php", "software": [ { "type": "plugin", "name": "Canto", "slug": "canto", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/904e407c-5ec7-433f-9161-eb4d6d263a97?source=api-scan" ], "published": "2020-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "904f8881-1513-43b7-a9cf-1b81d8493b12": { "id": "904f8881-1513-43b7-a9cf-1b81d8493b12", "title": "Contact Form by ContactMe.com <= 2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by ContactMe.com", "slug": "contactme", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/904f8881-1513-43b7-a9cf-1b81d8493b12?source=api-scan" ], "published": "2015-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90503670-702f-4113-9887-61558bf7ea5c": { "id": "90503670-702f-4113-9887-61558bf7ea5c", "title": "Newspack Ads <= 1.47.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newspack Ads", "slug": "newspack-ads", "affected_versions": { "* - 1.47.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.47.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.47.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90503670-702f-4113-9887-61558bf7ea5c?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9053995a-b1de-427f-b16d-31fa8cd026b2": { "id": "9053995a-b1de-427f-b16d-31fa8cd026b2", "title": "Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Title", "software": [ { "type": "plugin", "name": "Wp-Adv-Quiz", "slug": "advanced-quiz", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9053995a-b1de-427f-b16d-31fa8cd026b2?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9053cf91-0af1-44f8-9fdf-7ecbd457545b": { "id": "9053cf91-0af1-44f8-9fdf-7ecbd457545b", "title": "Events Manager <= 6.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 6.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9053cf91-0af1-44f8-9fdf-7ecbd457545b?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "905cb57b-70ec-4324-ae66-9c06d1737939": { "id": "905cb57b-70ec-4324-ae66-9c06d1737939", "title": "CMS Press <= 0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CMS Press", "slug": "cms-press", "affected_versions": { "* - 0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/905cb57b-70ec-4324-ae66-9c06d1737939?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "905ced90-3a24-4dd6-b415-890804bb6f5b": { "id": "905ced90-3a24-4dd6-b415-890804bb6f5b", "title": "Simple URLs <= 114 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple URLs \u2013 Link Cloaking, Product Displays, and Affiliate Link Management", "slug": "simple-urls", "affected_versions": { "* - 114": { "from_version": "*", "from_inclusive": true, "to_version": "114", "to_inclusive": true } }, "patched": true, "patched_versions": [ "115" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/905ced90-3a24-4dd6-b415-890804bb6f5b?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "906049c0-4710-47aa-bf44-cdf29032dc1f": { "id": "906049c0-4710-47aa-bf44-cdf29032dc1f", "title": "Limit Login Attempts Reloaded <= 2.25.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Limit Login Attempts Reloaded", "slug": "limit-login-attempts-reloaded", "affected_versions": { "* - 2.25.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/906049c0-4710-47aa-bf44-cdf29032dc1f?source=api-scan" ], "published": "2023-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9060bb2a-b9d9-466d-bb8d-14173a51d145": { "id": "9060bb2a-b9d9-466d-bb8d-14173a51d145", "title": "Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Daily Prayer Time", "slug": "daily-prayer-time-for-mosques", "affected_versions": { "* - 2023.03.08": { "from_version": "*", "from_inclusive": true, "to_version": "2023.03.08", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2023.03.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9060bb2a-b9d9-466d-bb8d-14173a51d145?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90654fac-b9c7-422f-8472-2a7c7fd0de0d": { "id": "90654fac-b9c7-422f-8472-2a7c7fd0de0d", "title": "Quick Contact Form <= 8.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Contact Form", "slug": "quick-contact-form", "affected_versions": { "* - 8.0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90654fac-b9c7-422f-8472-2a7c7fd0de0d?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90689ba2-4f82-4116-85d7-1266189aa34e": { "id": "90689ba2-4f82-4116-85d7-1266189aa34e", "title": "WP Live Chat Support <= 8.0.32 - Unprotected Functions", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "[*, 8.0.33)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90689ba2-4f82-4116-85d7-1266189aa34e?source=api-scan" ], "published": "2019-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "906dcf2a-6be1-4966-9a70-1ef9a8f1017d": { "id": "906dcf2a-6be1-4966-9a70-1ef9a8f1017d", "title": "Custom Admin Login Page | WPZest <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Admin Login Page | WPZest", "slug": "custom-admin-login-styler-wpzest", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/906dcf2a-6be1-4966-9a70-1ef9a8f1017d?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90706a16-cd71-4040-ab0e-be8649110d3c": { "id": "90706a16-cd71-4040-ab0e-be8649110d3c", "title": "Fancier Author Box by ThematoSoup <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fancier Author Box by ThematoSoup", "slug": "fancier-author-box", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90706a16-cd71-4040-ab0e-be8649110d3c?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9071acdf-8d40-4e8b-8d1f-be2cabf3d66e": { "id": "9071acdf-8d40-4e8b-8d1f-be2cabf3d66e", "title": "WPLMS < 4.900 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "WPLMS Learning Management System for WordPress, WordPress LMS", "slug": "wplms", "affected_versions": { "[*, 4.900)": { "from_version": "*", "from_inclusive": true, "to_version": "4.900", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.900" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9071acdf-8d40-4e8b-8d1f-be2cabf3d66e?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "907329af-2ff0-475e-b4b2-3ac7ae4b9ced": { "id": "907329af-2ff0-475e-b4b2-3ac7ae4b9ced", "title": "WP Post Statistics (Visitors & Visits Counter) <= 2.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Post Statistics (Visitors & Visits Counter)", "slug": "wp-post-real-time-statistics", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/907329af-2ff0-475e-b4b2-3ac7ae4b9ced?source=api-scan" ], "published": "2022-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90752d8a-2e0c-4d46-8a49-778fe06361bd": { "id": "90752d8a-2e0c-4d46-8a49-778fe06361bd", "title": "Emergency Password Reset <= 8.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Emergency Password Reset", "slug": "emergency-password-reset", "affected_versions": { "* - 8.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90752d8a-2e0c-4d46-8a49-778fe06361bd?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9077bdce-31c9-4877-8bb5-db87046125cc": { "id": "9077bdce-31c9-4877-8bb5-db87046125cc", "title": "Discy <= 5.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "theme", "name": "Discy - Social Questions and Answers WordPress Theme", "slug": "discy", "affected_versions": { "[*, 5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9077bdce-31c9-4877-8bb5-db87046125cc?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "907a02b8-6965-4d0b-b4bf-c8fc0201ee12": { "id": "907a02b8-6965-4d0b-b4bf-c8fc0201ee12", "title": "DTracker <= 1.5 - Authorization Bypass", "software": [ { "type": "plugin", "name": "DTracker", "slug": "dtracker", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/907a02b8-6965-4d0b-b4bf-c8fc0201ee12?source=api-scan" ], "published": "2017-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9083d875-ff86-4f18-ad63-368bcb269ad9": { "id": "9083d875-ff86-4f18-ad63-368bcb269ad9", "title": "furikake <= 0.1.0 - Open Redirect", "software": [ { "type": "plugin", "name": "furikake", "slug": "furikake", "affected_versions": { "* - 0.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9083d875-ff86-4f18-ad63-368bcb269ad9?source=api-scan" ], "published": "2018-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90863334-9464-466b-bb32-870c78095ca4": { "id": "90863334-9464-466b-bb32-870c78095ca4", "title": "Royal Elementor Kit <= 1.0.116 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Royal Elementor Kit", "slug": "royal-elementor-kit", "affected_versions": { "* - 1.0.116": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.116", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.117" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90863334-9464-466b-bb32-870c78095ca4?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9087b16e-488b-431d-a7f7-ab0d49520756": { "id": "9087b16e-488b-431d-a7f7-ab0d49520756", "title": "YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YouTube Embed, Playlist and Popup by WpDevArt", "slug": "youtube-video-player", "affected_versions": { "[*, 2.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9087b16e-488b-431d-a7f7-ab0d49520756?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "908dbe64-e214-4880-a85d-38df4c722a43": { "id": "908dbe64-e214-4880-a85d-38df4c722a43", "title": "Dagda Theme <= 5.0 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "dagda", "slug": "dagda", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/908dbe64-e214-4880-a85d-38df4c722a43?source=api-scan" ], "published": "2012-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "908df18e-7178-4d40-becb-86e1a714a7da": { "id": "908df18e-7178-4d40-becb-86e1a714a7da", "title": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler", "software": [ { "type": "plugin", "name": "HTML5 Video Player \u2013 mp4 Video Player Plugin and Block", "slug": "html5-video-player", "affected_versions": { "* - 2.5.32": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/908df18e-7178-4d40-becb-86e1a714a7da?source=api-scan" ], "published": "2024-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "908e4755-e439-4714-b0cb-3fc546c5ac63": { "id": "908e4755-e439-4714-b0cb-3fc546c5ac63", "title": "Structured Content <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Structured Content (JSON-LD) #wpsc", "slug": "structured-content", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/908e4755-e439-4714-b0cb-3fc546c5ac63?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "908ef8e1-d4dc-4348-90b8-d8f38666d9ed": { "id": "908ef8e1-d4dc-4348-90b8-d8f38666d9ed", "title": "Modal Window \u2013 create popup modal window <= 5.3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Modal Window \u2013 create popup modal window", "slug": "modal-window", "affected_versions": { "* - 5.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/908ef8e1-d4dc-4348-90b8-d8f38666d9ed?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9095bf69-e682-48aa-b206-8bd2b6c2b170": { "id": "9095bf69-e682-48aa-b206-8bd2b6c2b170", "title": "Sermon Browser < 0.43.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Sermon Browser", "slug": "sermon-browser", "affected_versions": { "[*, 0.43.6)": { "from_version": "*", "from_inclusive": true, "to_version": "0.43.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.43.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9095bf69-e682-48aa-b206-8bd2b6c2b170?source=api-scan" ], "published": "2011-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "909b5421-210d-427a-94a0-e1ea25880cec": { "id": "909b5421-210d-427a-94a0-e1ea25880cec", "title": "Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 6.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/909b5421-210d-427a-94a0-e1ea25880cec?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90a8230f-7008-48af-a1a9-fbaf38dcb21c": { "id": "90a8230f-7008-48af-a1a9-fbaf38dcb21c", "title": "Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.19.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90a8230f-7008-48af-a1a9-fbaf38dcb21c?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90b97e57-a021-462c-b3d2-49cf959950dd": { "id": "90b97e57-a021-462c-b3d2-49cf959950dd", "title": "WPJobBoard <= 5.5.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Job Board", "slug": "wpjobboard", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90b97e57-a021-462c-b3d2-49cf959950dd?source=api-scan" ], "published": "2020-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90bab2a1-7c19-45d2-909f-05014fb24740": { "id": "90bab2a1-7c19-45d2-909f-05014fb24740", "title": "underConstruction < 1.09 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "underConstruction", "slug": "underconstruction", "affected_versions": { "[*, 1.09)": { "from_version": "*", "from_inclusive": true, "to_version": "1.09", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.09" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90bab2a1-7c19-45d2-909f-05014fb24740?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90c0be4a-1146-4a17-918e-ed5362bde022": { "id": "90c0be4a-1146-4a17-918e-ed5362bde022", "title": "VK Block Patterns <= 1.31.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "VK Block Patterns", "slug": "vk-block-patterns", "affected_versions": { "* - 1.31.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.31.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.31.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90c0be4a-1146-4a17-918e-ed5362bde022?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90c0e937-19fd-484e-a50f-42b00a6eeb30": { "id": "90c0e937-19fd-484e-a50f-42b00a6eeb30", "title": "Moosend Website Connector <= 1.0.189 - Missing Authorization", "software": [ { "type": "plugin", "name": "Moosend Website Connector", "slug": "moosend-email-marketing", "affected_versions": { "* - 1.0.189": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.189", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.190" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90c0e937-19fd-484e-a50f-42b00a6eeb30?source=api-scan" ], "published": "2022-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90c0eb3e-b3f1-483c-9afd-2bbc4ff0cdf3": { "id": "90c0eb3e-b3f1-483c-9afd-2bbc4ff0cdf3", "title": "miniOrange's Google Authenticator <= 5.5.5 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90c0eb3e-b3f1-483c-9afd-2bbc4ff0cdf3?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90c1fd9c-eb5c-45fb-b641-75cb3fdad87a": { "id": "90c1fd9c-eb5c-45fb-b641-75cb3fdad87a", "title": "Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Namaste! LMS", "slug": "namaste-lms", "affected_versions": { "[*, 2.5.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90c1fd9c-eb5c-45fb-b641-75cb3fdad87a?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90c34a01-a0d1-4305-b74b-b5a568a42b13": { "id": "90c34a01-a0d1-4305-b74b-b5a568a42b13", "title": "Jotform Online Forms <= 1.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Jotform Online Forms \u2013 Drag & Drop Form Builder, Securely Embed Contact Forms", "slug": "embed-form", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90c34a01-a0d1-4305-b74b-b5a568a42b13?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90c3f8bc-fc41-4ba7-b9f2-8873203d5794": { "id": "90c3f8bc-fc41-4ba7-b9f2-8873203d5794", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.35 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "[*, 0.9.36)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.36", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90c3f8bc-fc41-4ba7-b9f2-8873203d5794?source=api-scan" ], "published": "2020-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90cd3722-c3cb-4ac3-871d-cacda49be294": { "id": "90cd3722-c3cb-4ac3-871d-cacda49be294", "title": "WPGlobus \u2013 Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[post_type][post]", "software": [ { "type": "plugin", "name": "WPGlobus \u2013 Multilingual WordPress", "slug": "wpglobus", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90cd3722-c3cb-4ac3-871d-cacda49be294?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90ce0f70-d3a2-48cb-b6f8-7dda7ac25866": { "id": "90ce0f70-d3a2-48cb-b6f8-7dda7ac25866", "title": "Web Minimalist 200901 <= 1.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Web Minimalist 200901", "slug": "web-minimalist-200901", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90ce0f70-d3a2-48cb-b6f8-7dda7ac25866?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90d1baf1-2c65-4bdf-958d-001dcfe04d7f": { "id": "90d1baf1-2c65-4bdf-958d-001dcfe04d7f", "title": "All Bootstrap Blocks <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All Bootstrap Blocks", "slug": "all-bootstrap-blocks", "affected_versions": { "* - 1.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90d1baf1-2c65-4bdf-958d-001dcfe04d7f?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90d23f3a-a67d-4f92-9ca8-926569b72a71": { "id": "90d23f3a-a67d-4f92-9ca8-926569b72a71", "title": "Primary Addon for Elementor <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Primary Addon for Elementor", "slug": "primary-addon-for-elementor", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90d23f3a-a67d-4f92-9ca8-926569b72a71?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90d4d8c8-ccc1-46f8-bbf5-6aabaacc9d79": { "id": "90d4d8c8-ccc1-46f8-bbf5-6aabaacc9d79", "title": "CopySafe Web Protection <= 3.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CopySafe Web Protection", "slug": "wp-copysafe-web", "affected_versions": { "* - 3.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90d4d8c8-ccc1-46f8-bbf5-6aabaacc9d79?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90e69e43-597c-4c18-b581-d99dacefb9b8": { "id": "90e69e43-597c-4c18-b581-d99dacefb9b8", "title": "ShortCodes UI <= 1.9.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ShortCodes UI", "slug": "shortcodes-ui", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90e69e43-597c-4c18-b581-d99dacefb9b8?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90e7951b-3834-48a3-8a40-2b6055d1b62c": { "id": "90e7951b-3834-48a3-8a40-2b6055d1b62c", "title": "Jetpack <= 3.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 3.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90e7951b-3834-48a3-8a40-2b6055d1b62c?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90ebe593-6511-4998-a45e-795f3597b191": { "id": "90ebe593-6511-4998-a45e-795f3597b191", "title": "WP SMS <= 5.4.12 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "[*, 5.4.13)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90ebe593-6511-4998-a45e-795f3597b191?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90f62ee2-f2a8-49e6-ba7a-8c408c66c456": { "id": "90f62ee2-f2a8-49e6-ba7a-8c408c66c456", "title": "Masteriyo - LMS <= 1.11.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress", "slug": "learning-management-system", "affected_versions": { "* - 1.11.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90f62ee2-f2a8-49e6-ba7a-8c408c66c456?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "90f96795-8df7-4388-b58e-fc3611bc215c": { "id": "90f96795-8df7-4388-b58e-fc3611bc215c", "title": "Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_size", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "0.1.0 - 3.1.3": { "from_version": "0.1.0", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/90f96795-8df7-4388-b58e-fc3611bc215c?source=api-scan" ], "published": "2021-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91021b7f-06d1-4403-81bd-ba082685e58e": { "id": "91021b7f-06d1-4403-81bd-ba082685e58e", "title": "Age Verification <= 0.4 - Open Redirect", "software": [ { "type": "plugin", "name": "Age Verification", "slug": "age-verification", "affected_versions": { "* - 0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91021b7f-06d1-4403-81bd-ba082685e58e?source=api-scan" ], "published": "2012-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9103c67c-d75f-469d-94f1-ce7877384417": { "id": "9103c67c-d75f-469d-94f1-ce7877384417", "title": "Game Tabs <= 0.4.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Game tabs", "slug": "game-tabs", "affected_versions": { "* - 0.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9103c67c-d75f-469d-94f1-ce7877384417?source=api-scan" ], "published": "2014-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91062d2c-f2a6-4a92-b684-e133391afe60": { "id": "91062d2c-f2a6-4a92-b684-e133391afe60", "title": "WP Education <= 1.2.6 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "WP Education \u2013 Education WordPress Plugin for Elementor", "slug": "wp-education", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91062d2c-f2a6-4a92-b684-e133391afe60?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "910c0a32-b169-4728-888c-0dfea2066c9c": { "id": "910c0a32-b169-4728-888c-0dfea2066c9c", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/910c0a32-b169-4728-888c-0dfea2066c9c?source=api-scan" ], "published": "2024-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "910c3d74-63ed-476d-b014-659d7780260f": { "id": "910c3d74-63ed-476d-b014-659d7780260f", "title": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/910c3d74-63ed-476d-b014-659d7780260f?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "910d98a3-bfdb-4bb9-bd24-c57fa1a1a107": { "id": "910d98a3-bfdb-4bb9-bd24-c57fa1a1a107", "title": "Ultimate Addons for WPBakery <= 3.16.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.16.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/910d98a3-bfdb-4bb9-bd24-c57fa1a1a107?source=api-scan" ], "published": "2017-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "910e7446-2fdd-487e-a096-29c771e33213": { "id": "910e7446-2fdd-487e-a096-29c771e33213", "title": "WP eMember <= 10.6.5 - Reflected Cross-Site Scripting via 'editrecord'", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/910e7446-2fdd-487e-a096-29c771e33213?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9114018f-0678-4973-bb1e-932f0d93f963": { "id": "9114018f-0678-4973-bb1e-932f0d93f963", "title": "JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9114018f-0678-4973-bb1e-932f0d93f963?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9116cfea-eef8-480c-b75a-c6825d14f37a": { "id": "9116cfea-eef8-480c-b75a-c6825d14f37a", "title": "Uploading SVG, WEBP and ICO files <= 1.0.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Uploading SVG, WEBP and ICO files", "slug": "uploading-svgwebp-and-ico-files", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9116cfea-eef8-480c-b75a-c6825d14f37a?source=api-scan" ], "published": "2022-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9116d719-f536-4b8a-9e73-9a8a922f8a35": { "id": "9116d719-f536-4b8a-9e73-9a8a922f8a35", "title": "GDPR Cookie Compliance <= 4.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD", "slug": "gdpr-cookie-compliance", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9116d719-f536-4b8a-9e73-9a8a922f8a35?source=api-scan" ], "published": "2019-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9117c46b-33cc-41f5-98e9-4dac8d6352d4": { "id": "9117c46b-33cc-41f5-98e9-4dac8d6352d4", "title": "Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "[*, 1.0.119.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.119.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.119.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9117c46b-33cc-41f5-98e9-4dac8d6352d4?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "911d083a-57d2-4574-a5b3-b299c368400c": { "id": "911d083a-57d2-4574-a5b3-b299c368400c", "title": "Citadela Listing <= 5.18.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Citadela Directory", "slug": "citadela-directory", "affected_versions": { "* - 5.18.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.18.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/911d083a-57d2-4574-a5b3-b299c368400c?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91221712-8f66-4c6f-94fb-75c34a7f1fa8": { "id": "91221712-8f66-4c6f-94fb-75c34a7f1fa8", "title": "BackupBuddy 8.5.8.0 - 8.7.4.1 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "BackupBuddy", "slug": "backupbuddy", "affected_versions": { "8.5.8.0 - 8.7.4.1": { "from_version": "8.5.8.0", "from_inclusive": true, "to_version": "8.7.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91221712-8f66-4c6f-94fb-75c34a7f1fa8?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9124240d-e540-4a59-a4c5-c4279bb39399": { "id": "9124240d-e540-4a59-a4c5-c4279bb39399", "title": "GigPress <= 2.3.10 - SQL Injection", "software": [ { "type": "plugin", "name": "GigPress", "slug": "gigpress", "affected_versions": { "[*, 2.3.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9124240d-e540-4a59-a4c5-c4279bb39399?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "912523ae-f619-46af-83b9-e9fca81bd5b0": { "id": "912523ae-f619-46af-83b9-e9fca81bd5b0", "title": "Backup and Staging by WP Time Capsule <= 1.22.21 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Backup and Staging by WP Time Capsule", "slug": "wp-time-capsule", "affected_versions": { "* - 1.22.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/912523ae-f619-46af-83b9-e9fca81bd5b0?source=api-scan" ], "published": "2024-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91286dc8-8015-4adc-9a21-d6187997cef4": { "id": "91286dc8-8015-4adc-9a21-d6187997cef4", "title": "Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Pricing Table Plugin", "slug": "arprice-responsive-pricing-table", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91286dc8-8015-4adc-9a21-d6187997cef4?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9132a605-7bed-4741-83f9-dfe8cbaf36cd": { "id": "9132a605-7bed-4741-83f9-dfe8cbaf36cd", "title": "ListingPro Plugin <= 2.9.3 - Authenticated (Author+) Local File Inclusion", "software": [ { "type": "plugin", "name": "ListingPro Plugin", "slug": "listingpro-plugin", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9132a605-7bed-4741-83f9-dfe8cbaf36cd?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9133fa10-036b-4f42-9d0c-8e15d2625f5e": { "id": "9133fa10-036b-4f42-9d0c-8e15d2625f5e", "title": "a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes", "software": [ { "type": "plugin", "name": "a3 Portfolio", "slug": "a3-portfolio", "affected_versions": { "* - 2.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] }, { "type": "plugin", "name": "Dynamic Product Gallery for WooCommerce", "slug": "woocommerce-dynamic-gallery", "affected_versions": { "* - 2.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] }, { "type": "plugin", "name": "Contact Us Page \u2013 Contact People", "slug": "contact-us-page-contact-people", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] }, { "type": "plugin", "name": "a3 Responsive Slider", "slug": "a3-responsive-slider", "affected_versions": { "* - 2.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] }, { "type": "plugin", "name": "Compare Products for WooCommerce", "slug": "woocommerce-compare-products", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] }, { "type": "plugin", "name": "a3 Lazy Load", "slug": "a3-lazy-load", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9133fa10-036b-4f42-9d0c-8e15d2625f5e?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91358e40-e64f-4e8e-b5a3-7d2133db5fe9": { "id": "91358e40-e64f-4e8e-b5a3-7d2133db5fe9", "title": "Advanced Woo Search <= 2.96 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Woo Search", "slug": "advanced-woo-search", "affected_versions": { "* - 2.96": { "from_version": "*", "from_inclusive": true, "to_version": "2.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9145ce0d-311c-4be1-be15-7e1791c17860": { "id": "9145ce0d-311c-4be1-be15-7e1791c17860", "title": "Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9145ce0d-311c-4be1-be15-7e1791c17860?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9148268a-1179-4bc5-b388-309cf08510d7": { "id": "9148268a-1179-4bc5-b388-309cf08510d7", "title": "KB Support <= 1.6.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "KB Support \u2013 WordPress Help Desk and Knowledge Base", "slug": "kb-support", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9148268a-1179-4bc5-b388-309cf08510d7?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "914bcc8f-fecd-450e-b2a7-0989b7a0dd4c": { "id": "914bcc8f-fecd-450e-b2a7-0989b7a0dd4c", "title": "Skype Legacy Buttons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Skype Legacy Buttons", "slug": "skype-online-status", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/914bcc8f-fecd-450e-b2a7-0989b7a0dd4c?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "914d6f7a-053a-4555-9cbc-98bd0789bcd9": { "id": "914d6f7a-053a-4555-9cbc-98bd0789bcd9", "title": "WP Search Analytics <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Search Analytics for WP", "slug": "search-analytics", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/914d6f7a-053a-4555-9cbc-98bd0789bcd9?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "914de8f3-e052-4256-af14-4a08eaa464b8": { "id": "914de8f3-e052-4256-af14-4a08eaa464b8", "title": "Cookie Notice & Compliance for GDPR \/ CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_revoke_shortcode' Shortcode", "software": [ { "type": "plugin", "name": "Cookie Notice & Compliance for GDPR \/ CCPA", "slug": "cookie-notice", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/914de8f3-e052-4256-af14-4a08eaa464b8?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "914e17ce-ab09-4e9f-9466-0ed21712cf66": { "id": "914e17ce-ab09-4e9f-9466-0ed21712cf66", "title": "Events Made Easy < 1.5.50 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Made Easy", "slug": "events-made-easy", "affected_versions": { "[*, 1.5.50)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.50", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/914e17ce-ab09-4e9f-9466-0ed21712cf66?source=api-scan" ], "published": "2015-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9150a7d9-d792-4bb6-9d33-5892f9cdfd1e": { "id": "9150a7d9-d792-4bb6-9d33-5892f9cdfd1e", "title": "menu shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "menu shortcode", "slug": "menu-shortcode", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9150a7d9-d792-4bb6-9d33-5892f9cdfd1e?source=api-scan" ], "published": "2023-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91531e13-5344-442c-99d3-8ccfd61b715d": { "id": "91531e13-5344-442c-99d3-8ccfd61b715d", "title": "WordPress Core < 2.0.5 - User Metadata Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91531e13-5344-442c-99d3-8ccfd61b715d?source=api-scan" ], "published": "2006-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91552a9b-d46b-4a75-b096-8f28bdd9fb56": { "id": "91552a9b-d46b-4a75-b096-8f28bdd9fb56", "title": "Simple Giveaways <= 2.45.0 - Authenticated(Admin+) Stored Cross-Site Scripting via form fields", "software": [ { "type": "plugin", "name": "Simple Giveaways \u2013 Grow your business, email lists and traffic with contests", "slug": "giveasap", "affected_versions": { "* - 2.45.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.45.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.45.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91552a9b-d46b-4a75-b096-8f28bdd9fb56?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "915708c5-c958-4c4d-8d94-b93b1bea6013": { "id": "915708c5-c958-4c4d-8d94-b93b1bea6013", "title": "Gallery Bank \u2013 WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Gallery Description", "software": [ { "type": "plugin", "name": "Gallery Bank \u2013 WordPress Photo Gallery Plugin", "slug": "gallery-bank", "affected_versions": { "* - 4.0.50": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.50", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/915708c5-c958-4c4d-8d94-b93b1bea6013?source=api-scan" ], "published": "2022-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9157fa5e-3af8-48ee-bb73-3df6109aae76": { "id": "9157fa5e-3af8-48ee-bb73-3df6109aae76", "title": "SEOPress 5.0.0 - 5.0.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "5.0.0": { "from_version": "5.0.0", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": true }, "5.0.1": { "from_version": "5.0.1", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true }, "5.0.2": { "from_version": "5.0.2", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true }, "5.0.3": { "from_version": "5.0.3", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9157fa5e-3af8-48ee-bb73-3df6109aae76?source=api-scan" ], "published": "2021-08-16 15:33:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "915d73ed-33ae-4580-9a51-aa4e9a015ff6": { "id": "915d73ed-33ae-4580-9a51-aa4e9a015ff6", "title": "Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "[*, 3.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/915d73ed-33ae-4580-9a51-aa4e9a015ff6?source=api-scan" ], "published": "2015-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "915f464f-449d-4ad2-9f43-6ce5d93ccb05": { "id": "915f464f-449d-4ad2-9f43-6ce5d93ccb05", "title": "Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload", "software": [ { "type": "plugin", "name": "Smart Slider 3", "slug": "smart-slider-3", "affected_versions": { "* - 3.5.1.22": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/915f464f-449d-4ad2-9f43-6ce5d93ccb05?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9163861b-735b-4007-97f7-8f9095d93ec9": { "id": "9163861b-735b-4007-97f7-8f9095d93ec9", "title": "IP Metaboxes <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IP Metaboxes", "slug": "ip-metaboxes", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9163861b-735b-4007-97f7-8f9095d93ec9?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91652abf-2127-40be-bcd8-4a0679707953": { "id": "91652abf-2127-40be-bcd8-4a0679707953", "title": "Jetpack <= 4.0.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 4.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91652abf-2127-40be-bcd8-4a0679707953?source=api-scan" ], "published": "2016-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9167e4bd-74be-46c9-b06e-566c13c02c7d": { "id": "9167e4bd-74be-46c9-b06e-566c13c02c7d", "title": "WP Rocket <= 2.10.3 - Local File Inclusion", "software": [ { "type": "plugin", "name": "wp-rocket", "slug": "wp-rocket", "affected_versions": { "[*, 2.10.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9167e4bd-74be-46c9-b06e-566c13c02c7d?source=api-scan" ], "published": "2017-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9169af40-32da-4b38-95ee-d0c7d4e67779": { "id": "9169af40-32da-4b38-95ee-d0c7d4e67779", "title": "IMPress for IDX Broker <= 3.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IMPress for IDX Broker", "slug": "idx-broker-platinum", "affected_versions": { "[*, 3.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9169af40-32da-4b38-95ee-d0c7d4e67779?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "916a9d2b-0da6-494a-a3aa-5d5f4ccdd4b8": { "id": "916a9d2b-0da6-494a-a3aa-5d5f4ccdd4b8", "title": "All-in-One Addons for Elementor - WidgetKit <= 2.3.9 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-One Addons for Elementor \u2013 WidgetKit", "slug": "widgetkit-for-elementor", "affected_versions": { "[*, 2.3.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/916a9d2b-0da6-494a-a3aa-5d5f4ccdd4b8?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "916ada05-894e-4e61-ba0a-25b9a48461a1": { "id": "916ada05-894e-4e61-ba0a-25b9a48461a1", "title": "LetsRecover <= 1.1.0 - Unauthenticated SQL Injection via AJAX action", "software": [ { "type": "plugin", "name": "LetsRecover \u2013 WooCommerce Abandoned Cart Notifications", "slug": "letsrecover-woocommerce-abandoned-cart", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/916ada05-894e-4e61-ba0a-25b9a48461a1?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "916c73e8-a150-4b35-8773-ea0ec29f7fd1": { "id": "916c73e8-a150-4b35-8773-ea0ec29f7fd1", "title": "Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Profile Extra Fields by BestWebSoft", "slug": "profile-extra-fields", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=api-scan" ], "published": "2023-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "916cf0df-31ab-4f99-82d1-e1e30f5f8c6f": { "id": "916cf0df-31ab-4f99-82d1-e1e30f5f8c6f", "title": "Fluida <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Fluida", "slug": "fluida", "affected_versions": { "* - 1.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/916cf0df-31ab-4f99-82d1-e1e30f5f8c6f?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "916d4f2f-769b-4902-9464-f55d8f64c9d2": { "id": "916d4f2f-769b-4902-9464-f55d8f64c9d2", "title": "Product Specifications for Woocommerce <= 0.6.0 - Reflected Cross-Site Scripting via Arbitrary Query String Parameter", "software": [ { "type": "plugin", "name": "Product Specifications for Woocommerce", "slug": "product-specifications", "affected_versions": { "* - 0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/916d4f2f-769b-4902-9464-f55d8f64c9d2?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "916e6f8b-cb29-4062-9a05-0337cfdb382a": { "id": "916e6f8b-cb29-4062-9a05-0337cfdb382a", "title": "WP Replicate Post <= 4.0.2 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Replicate Post", "slug": "wp-replicate-post", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/916e6f8b-cb29-4062-9a05-0337cfdb382a?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91898465-55fa-417c-8f00-ffe118232516": { "id": "91898465-55fa-417c-8f00-ffe118232516", "title": "Advanced Youtube Channel Pagination <= 1.0 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Youtube Channel Pagination", "slug": "advanced-youtube-channel-pagination", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91898465-55fa-417c-8f00-ffe118232516?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "918c418a-9d86-461d-91cb-33d04010c577": { "id": "918c418a-9d86-461d-91cb-33d04010c577", "title": "AI Infographic Maker <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI Infographic Maker", "slug": "infographic-and-list-builder-ilist", "affected_versions": { "* - 4.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/918c418a-9d86-461d-91cb-33d04010c577?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9195ac7e-2995-44d0-b5c6-8ffb47395f24": { "id": "9195ac7e-2995-44d0-b5c6-8ffb47395f24", "title": "CPO Companion <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CPO Companion", "slug": "cpo-companion", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9195ac7e-2995-44d0-b5c6-8ffb47395f24?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9198ffe4-2f9e-4d80-9f5d-cf967b3feb43": { "id": "9198ffe4-2f9e-4d80-9f5d-cf967b3feb43", "title": "Feed Changer <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feed Changer & Remover", "slug": "feed-changer", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9198ffe4-2f9e-4d80-9f5d-cf967b3feb43?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91998552-bf97-40e0-b5b2-be35a8d58b54": { "id": "91998552-bf97-40e0-b5b2-be35a8d58b54", "title": "Pixabay Images <= 2.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Pixabay Images", "slug": "pixabay-images", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91998552-bf97-40e0-b5b2-be35a8d58b54?source=api-scan" ], "published": "2015-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "919a2a4a-061e-4206-84b2-7b43b1276fa0": { "id": "919a2a4a-061e-4206-84b2-7b43b1276fa0", "title": "Newsletter Manager < 1.0.2 - Cross-Site Scripting via test_mail.php", "software": [ { "type": "plugin", "name": "Newsletter Manager", "slug": "newsletter-manager", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/919a2a4a-061e-4206-84b2-7b43b1276fa0?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "919d31a8-932e-438b-a039-89a24781524c": { "id": "919d31a8-932e-438b-a039-89a24781524c", "title": "IURNY by INDIGITALL \u2013 WhatsApp Chat, Web Push Notifications (FREE) <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IURNY by INDIGITALL \u2013 WhatsApp Chat, Web Push Notifications (FREE)", "slug": "indigitall-web-push-notifications", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/919d31a8-932e-438b-a039-89a24781524c?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "919f02ab-a336-46c9-9ce7-f94acac29145": { "id": "919f02ab-a336-46c9-9ce7-f94acac29145", "title": "WP-Lister Lite for eBay <= 3.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Lister Lite for eBay", "slug": "wp-lister-for-ebay", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/919f02ab-a336-46c9-9ce7-f94acac29145?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91a1604c-c729-4c68-90a8-91862a351ecc": { "id": "91a1604c-c729-4c68-90a8-91862a351ecc", "title": "WP User <= 7.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP User \u2013 Custom Registration Forms, Login and User Profile", "slug": "wp-user", "affected_versions": { "* - 7.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91a1604c-c729-4c68-90a8-91862a351ecc?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91a9dcf2-ba6b-4d03-9cdf-f50ea0d259d8": { "id": "91a9dcf2-ba6b-4d03-9cdf-f50ea0d259d8", "title": "Panda Video <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Panda Video", "slug": "pandavideo", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91a9dcf2-ba6b-4d03-9cdf-f50ea0d259d8?source=api-scan" ], "published": "2024-07-08 20:01:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91aa1f4c-ace7-43a4-a9e6-82c15e00d0eb": { "id": "91aa1f4c-ace7-43a4-a9e6-82c15e00d0eb", "title": "Inline Google Maps <= 5.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Inline Google Maps", "slug": "google-maps-advanced", "affected_versions": { "* - 5.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91aa1f4c-ace7-43a4-a9e6-82c15e00d0eb?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91abd172-e024-4272-96ee-1725af4d5488": { "id": "91abd172-e024-4272-96ee-1725af4d5488", "title": "RSS Feed Widget <= 2.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Feed Widget", "slug": "rss-feed-widget", "affected_versions": { "[*, 2.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91abd172-e024-4272-96ee-1725af4d5488?source=api-scan" ], "published": "2020-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91b06d7d-7e92-49f0-b161-9b25318edfeb": { "id": "91b06d7d-7e92-49f0-b161-9b25318edfeb", "title": "Image vertical reel scroll slideshow <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image vertical reel scroll slideshow", "slug": "image-vertical-reel-scroll-slideshow", "affected_versions": { "* - 9.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91b06d7d-7e92-49f0-b161-9b25318edfeb?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91ba93de-4c5f-4611-8296-adfc85c8dd2b": { "id": "91ba93de-4c5f-4611-8296-adfc85c8dd2b", "title": "EasyAzon \u2013 Amazon Associates Affiliate <= 5.1.0 - Missing Authorization on AJAX actions", "software": [ { "type": "plugin", "name": "EasyAzon \u2013 Amazon Associates Affiliate Plugin", "slug": "easyazon", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91ba93de-4c5f-4611-8296-adfc85c8dd2b?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91c1100b-be67-4610-947a-c6a010a2757e": { "id": "91c1100b-be67-4610-947a-c6a010a2757e", "title": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP", "slug": "yotuwp-easy-youtube-embed", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91c1100b-be67-4610-947a-c6a010a2757e?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91c147f9-8179-4ce0-8d17-87ea47cf08fe": { "id": "91c147f9-8179-4ce0-8d17-87ea47cf08fe", "title": "EasyCart 1.1.30 - 3.0.20 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "1.1.30 - 3.0.20": { "from_version": "1.1.30", "from_inclusive": true, "to_version": "3.0.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91c147f9-8179-4ce0-8d17-87ea47cf08fe?source=api-scan" ], "published": "2015-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91c9fb05-e853-4d59-95ec-a0c2ff06565b": { "id": "91c9fb05-e853-4d59-95ec-a0c2ff06565b", "title": "Envato Sales By Item <= 1.1 - Unauthenticated SQL Injection via AJAX call", "software": [ { "type": "plugin", "name": "Envato Sales By Item", "slug": "nd-stats-for-envato-sales-by-item", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91c9fb05-e853-4d59-95ec-a0c2ff06565b?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91d5d052-d219-4c2f-9341-19f415ff90c4": { "id": "91d5d052-d219-4c2f-9341-19f415ff90c4", "title": "WP Table Builder \u2013 WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Table Builder \u2013 WordPress Table Plugin", "slug": "wp-table-builder", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91d5d052-d219-4c2f-9341-19f415ff90c4?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91d72089-6ad9-401b-ab7b-0996e28d3be9": { "id": "91d72089-6ad9-401b-ab7b-0996e28d3be9", "title": "Walk Score Plugin <= 0.5.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Walk Score Plugin", "slug": "walk-score", "affected_versions": { "* - 0.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91d72089-6ad9-401b-ab7b-0996e28d3be9?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91de6cf4-e5df-4130-bb96-92b89717a678": { "id": "91de6cf4-e5df-4130-bb96-92b89717a678", "title": "WP Frontend Profile <= 1.3.1 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "WP Frontend Profile", "slug": "wp-front-end-profile", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91de6cf4-e5df-4130-bb96-92b89717a678?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91e1a199-f062-4555-ae7b-ed8732686303": { "id": "91e1a199-f062-4555-ae7b-ed8732686303", "title": "WooCommerce Product Stock Alert <= 2.0.1 - Information Disclosure", "software": [ { "type": "plugin", "name": "Product Stock Waitlist Manager for WooCommerce \u2013 Back In Stock Notifier, Sync, bulk edit", "slug": "woocommerce-product-stock-alert", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91e1a199-f062-4555-ae7b-ed8732686303?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91e5c89e-85d3-4dda-8b79-e0b4d64e29f0": { "id": "91e5c89e-85d3-4dda-8b79-e0b4d64e29f0", "title": "All custom fields & groups <= 1.04 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All custom fields & groups", "slug": "all-custom-fields-groups", "affected_versions": { "* - 1.04": { "from_version": "*", "from_inclusive": true, "to_version": "1.04", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91e5c89e-85d3-4dda-8b79-e0b4d64e29f0?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91e61664-3b98-4a97-b35c-1ec88034d05b": { "id": "91e61664-3b98-4a97-b35c-1ec88034d05b", "title": "WordPress Core < 4.7.1 - Cross-Site Request Forgery via Widget Editing", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.16": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.16", "to_inclusive": true }, "3.8 - 3.8.16": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.16", "to_inclusive": true }, "3.9 - 3.9.14": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true }, "4.0 - 4.0.13": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.13", "to_inclusive": true }, "4.1 - 4.1.13": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true }, "4.2 - 4.2.10": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.10", "to_inclusive": true }, "4.3 - 4.3.6": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true }, "4.4 - 4.4.5": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true }, "4.5 - 4.5.4": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true }, "4.6 - 4.6.1": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true }, "4.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.17", "3.8.17", "3.9.15", "4.0.14", "4.1.14", "4.2.11", "4.3.7", "4.4.6", "4.5.5", "4.6.2", "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91e61664-3b98-4a97-b35c-1ec88034d05b?source=api-scan" ], "published": "2017-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91e7e93d-348b-40d7-b803-5dbd7c6a684a": { "id": "91e7e93d-348b-40d7-b803-5dbd7c6a684a", "title": "Google Language Translator <= 6.0.19 - Missing Authorization via admin notifications", "software": [ { "type": "plugin", "name": "Translate WordPress \u2013 Google Language Translator", "slug": "google-language-translator", "affected_versions": { "* - 6.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91e7e93d-348b-40d7-b803-5dbd7c6a684a?source=api-scan" ], "published": "2023-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91ea157f-7a74-427f-b1eb-a9187f2d9096": { "id": "91ea157f-7a74-427f-b1eb-a9187f2d9096", "title": "tencentcloud-cos <= 1.0.7 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "tencentcloud-cos", "slug": "tencentcloud-cos", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91ea157f-7a74-427f-b1eb-a9187f2d9096?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91ebde99-3383-4179-a72b-2709c1db9e53": { "id": "91ebde99-3383-4179-a72b-2709c1db9e53", "title": "Embed Plus Plugin for YouTube <= 11.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "YouTube WordPress Plugin by Embed Plus", "slug": "youtube-embed-plus", "affected_versions": { "* - 11.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "11.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91ebde99-3383-4179-a72b-2709c1db9e53?source=api-scan" ], "published": "2017-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91f13d74-0ad9-4790-a534-e8ff1655f06f": { "id": "91f13d74-0ad9-4790-a534-e8ff1655f06f", "title": "LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 3.2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91f13d74-0ad9-4790-a534-e8ff1655f06f?source=api-scan" ], "published": "2020-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91f50b65-f001-4c73-bfe3-1aed3fc10d26": { "id": "91f50b65-f001-4c73-bfe3-1aed3fc10d26", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles'", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91f50b65-f001-4c73-bfe3-1aed3fc10d26?source=api-scan" ], "published": "2024-05-09 19:28:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91f6c9d3-641d-42f7-bf11-e3c3a44eeb76": { "id": "91f6c9d3-641d-42f7-bf11-e3c3a44eeb76", "title": "Simple Cloudflare Turnstile <= 1.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Cloudflare Turnstile \u2013 CAPTCHA Alternative", "slug": "simple-cloudflare-turnstile", "affected_versions": { "* - 1.23.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91f6c9d3-641d-42f7-bf11-e3c3a44eeb76?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91f86c22-94db-4c43-985a-2f3dd96ece21": { "id": "91f86c22-94db-4c43-985a-2f3dd96ece21", "title": "Welcart e-Commerce <= 2.9.5 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 2.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91f86c22-94db-4c43-985a-2f3dd96ece21?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "91fcb76f-89b5-492e-b595-b0f91bca14a4": { "id": "91fcb76f-89b5-492e-b595-b0f91bca14a4", "title": "WP-Cumulus <= 1.22 - Cross-Site Scripting via xmlpath", "software": [ { "type": "plugin", "name": "WP Cumulus", "slug": "wp-cumulus", "affected_versions": { "* - 1.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/91fcb76f-89b5-492e-b595-b0f91bca14a4?source=api-scan" ], "published": "2011-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9202cb4d-7fd4-444d-ab44-8f6d9e68d869": { "id": "9202cb4d-7fd4-444d-ab44-8f6d9e68d869", "title": "AutomateWoo <= 5.7.1 - Authenticated (Shop manager+) SQL Injection", "software": [ { "type": "plugin", "name": "AutomateWoo", "slug": "automatewoo", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9202cb4d-7fd4-444d-ab44-8f6d9e68d869?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92058a88-7a65-4319-9f12-e38267e36c5c": { "id": "92058a88-7a65-4319-9f12-e38267e36c5c", "title": "WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete'", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "[*, 30.1)": { "from_version": "*", "from_inclusive": true, "to_version": "30.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "30.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92058a88-7a65-4319-9f12-e38267e36c5c?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92084af7-142b-45de-8881-dee5cf1367e2": { "id": "92084af7-142b-45de-8881-dee5cf1367e2", "title": "Video.js \u2013 HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Video.js \u2013 HTML5 Video Player for WordPress", "slug": "videojs-html5-video-player-for-wordpress", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92084af7-142b-45de-8881-dee5cf1367e2?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "920dbe31-ccbd-4ad9-9c5f-f7389c1b4318": { "id": "920dbe31-ccbd-4ad9-9c5f-f7389c1b4318", "title": "CPO Companion <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CPO Companion", "slug": "cpo-companion", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/920dbe31-ccbd-4ad9-9c5f-f7389c1b4318?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "921489e9-a083-47b3-a20d-e2566b51d8d4": { "id": "921489e9-a083-47b3-a20d-e2566b51d8d4", "title": "WP Jobs < 1.5 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Jobs", "slug": "wp-jobs", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/921489e9-a083-47b3-a20d-e2566b51d8d4?source=api-scan" ], "published": "2017-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "921616e4-2b66-4847-869a-90c1c459685f": { "id": "921616e4-2b66-4847-869a-90c1c459685f", "title": "Piotnet Addons For Elementor <= 2.4.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor", "slug": "piotnet-addons-for-elementor", "affected_versions": { "* - 2.4.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/921616e4-2b66-4847-869a-90c1c459685f?source=api-scan" ], "published": "2024-08-22 19:57:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92180939-eae9-4b8f-9fa3-cd8e79b71291": { "id": "92180939-eae9-4b8f-9fa3-cd8e79b71291", "title": "FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 5.3.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor", "slug": "post-block", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92180939-eae9-4b8f-9fa3-cd8e79b71291?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "921c2486-42cb-42f2-a326-e951c20bd7ea": { "id": "921c2486-42cb-42f2-a326-e951c20bd7ea", "title": "multi Scheduler <= 1.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "multi Scheduler", "slug": "multi-scheduler", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/921c2486-42cb-42f2-a326-e951c20bd7ea?source=api-scan" ], "published": "2020-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9225d2ad-9045-4c96-9274-682adab3cd21": { "id": "9225d2ad-9045-4c96-9274-682adab3cd21", "title": "Ali2Woo Lite <= 3.3.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AliExpress Dropshipping Plugin for WooCommerce \u2013 AliNext", "slug": "ali2woo-lite", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9225d2ad-9045-4c96-9274-682adab3cd21?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9225ebc6-bff9-4176-a86e-022ff8ec3b05": { "id": "9225ebc6-bff9-4176-a86e-022ff8ec3b05", "title": "LayerSlider <= 7.7.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LayerSlider", "slug": "LayerSlider", "affected_versions": { "* - 7.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9225ebc6-bff9-4176-a86e-022ff8ec3b05?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92298f2d-aced-4177-b6e8-36e153e9c930": { "id": "92298f2d-aced-4177-b6e8-36e153e9c930", "title": "Contact Form 7 <= 3.5.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Contact Form 7", "slug": "contact-form-7", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92298f2d-aced-4177-b6e8-36e153e9c930?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92313cda-5e93-4c25-93f3-d0c23f30d290": { "id": "92313cda-5e93-4c25-93f3-d0c23f30d290", "title": "Void Contact Form 7 Widget For Elementor Page Builder <= 2.4.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Void Contact Form 7 Widget For Elementor Page Builder", "slug": "cf7-widget-elementor", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92313cda-5e93-4c25-93f3-d0c23f30d290?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92321a3e-947b-4013-9b36-8bd6ea361f20": { "id": "92321a3e-947b-4013-9b36-8bd6ea361f20", "title": "BBS e-Franchise < 1.1.4 - SQL Injection", "software": [ { "type": "plugin", "name": "BBS e-Franchise", "slug": "bbs-e-franchise", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92321a3e-947b-4013-9b36-8bd6ea361f20?source=api-scan" ], "published": "2016-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "923f9e66-2e26-4ec2-a4b3-439881a6ca10": { "id": "923f9e66-2e26-4ec2-a4b3-439881a6ca10", "title": "Lightbox & Modal Popup WordPress Plugin \u2013 FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes", "software": [ { "type": "plugin", "name": "Lightbox & Modal Popup WordPress Plugin \u2013 FooBox", "slug": "foobox-image-lightbox", "affected_versions": { "* - 2.7.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/923f9e66-2e26-4ec2-a4b3-439881a6ca10?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "924145bb-d636-4184-8f3f-578c8b11e3a6": { "id": "924145bb-d636-4184-8f3f-578c8b11e3a6", "title": "iPanorama 360 WordPress Virtual Tour Builder <= 1.8.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "iPanorama 360 \u2013 WordPress Virtual Tour Builder", "slug": "ipanorama-360-virtual-tour-builder-lite", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/924145bb-d636-4184-8f3f-578c8b11e3a6?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9242cebe-3394-4df9-9c60-8d8d6297d791": { "id": "9242cebe-3394-4df9-9c60-8d8d6297d791", "title": "Open Graph and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Open Graph and Twitter Card Tags", "slug": "wonderm00ns-simple-facebook-open-graph-tags", "affected_versions": { "[*, 2.2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9242cebe-3394-4df9-9c60-8d8d6297d791?source=api-scan" ], "published": "2018-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92474491-b9fa-49f8-9256-8400af9eef95": { "id": "92474491-b9fa-49f8-9256-8400af9eef95", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92474491-b9fa-49f8-9256-8400af9eef95?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92484681-e677-4a7b-b2df-40aad49baf44": { "id": "92484681-e677-4a7b-b2df-40aad49baf44", "title": "Save as PDF <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Save as PDF Plugin by Pdfcrowd", "slug": "save-as-pdf-by-pdfcrowd", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92484681-e677-4a7b-b2df-40aad49baf44?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9251afbb-1a6d-40c6-b62e-a8866742f669": { "id": "9251afbb-1a6d-40c6-b62e-a8866742f669", "title": "SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "* - 12.1.20": { "from_version": "*", "from_inclusive": true, "to_version": "12.1.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.1.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9251afbb-1a6d-40c6-b62e-a8866742f669?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "925b0a86-ed23-471c-84e2-ae78a01b1876": { "id": "925b0a86-ed23-471c-84e2-ae78a01b1876", "title": "Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Anything", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/925b0a86-ed23-471c-84e2-ae78a01b1876?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "925ca72b-3761-42e5-aace-b31d42bc9a73": { "id": "925ca72b-3761-42e5-aace-b31d42bc9a73", "title": "Content Egg <= 5.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Content Egg", "slug": "content-egg", "affected_versions": { "* - 5.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/925ca72b-3761-42e5-aace-b31d42bc9a73?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "926246a7-2f0d-4472-ae0a-fa3d95e5810f": { "id": "926246a7-2f0d-4472-ae0a-fa3d95e5810f", "title": "Contact List \u2013 Easy Business Directory, Staff Directory and Address Book Plugin <= 2.9.41 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact List \u2013 Premium Staff Listing, Business Directory Plugin & Address Book", "slug": "contact-list", "affected_versions": { "* - 2.9.41": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/926246a7-2f0d-4472-ae0a-fa3d95e5810f?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "926341b5-345a-4906-b578-b32bfe2ee4ac": { "id": "926341b5-345a-4906-b578-b32bfe2ee4ac", "title": "2kb Amazon Affiliates Store < 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "2kb Amazon Affiliates Store", "slug": "2kb-amazon-affiliates-store", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/926341b5-345a-4906-b578-b32bfe2ee4ac?source=api-scan" ], "published": "2017-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92644676-add4-415c-9a1a-c6616108688d": { "id": "92644676-add4-415c-9a1a-c6616108688d", "title": "Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms", "slug": "kali-forms", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92644676-add4-415c-9a1a-c6616108688d?source=api-scan" ], "published": "2020-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "926550bb-265d-4811-a375-10c47e9fb4d6": { "id": "926550bb-265d-4811-a375-10c47e9fb4d6", "title": "Elementor Addons, Widgets and Enhancements \u2013 Stax <= 1.4.3 - Missing Authorization in toggle_widget", "software": [ { "type": "plugin", "name": "Elementor Addons, Widgets and Enhancements \u2013 Stax", "slug": "stax-addons-for-elementor", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/926550bb-265d-4811-a375-10c47e9fb4d6?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "926827a5-4231-4188-bece-fd37c1829412": { "id": "926827a5-4231-4188-bece-fd37c1829412", "title": "WooCommerce Shipping \u2013 DPD baltic <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DPD Baltic Shipping", "slug": "woo-shipping-dpd-baltic", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/926827a5-4231-4188-bece-fd37c1829412?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9269c3e7-2495-4665-ad08-d6dcf659db21": { "id": "9269c3e7-2495-4665-ad08-d6dcf659db21", "title": "WordPress Comments Import & Export <= 2.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Comments Import & Export", "slug": "comments-import-export-woocommerce", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9269c3e7-2495-4665-ad08-d6dcf659db21?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9269e358-83cb-42e7-a30d-79f1504e576c": { "id": "9269e358-83cb-42e7-a30d-79f1504e576c", "title": "Easy Social Like Box \u2013 Popup \u2013 Sidebar Widget < 2.8.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Like Box \u2013 Popup \u2013 Sidebar Widget", "slug": "cardoza-facebook-like-box", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9269e358-83cb-42e7-a30d-79f1504e576c?source=api-scan" ], "published": "2014-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "926c09d5-3824-4745-99f6-50d9c945d252": { "id": "926c09d5-3824-4745-99f6-50d9c945d252", "title": "Event post <= 5.9.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Event post", "slug": "event-post", "affected_versions": { "* - 5.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/926c09d5-3824-4745-99f6-50d9c945d252?source=api-scan" ], "published": "2024-05-23 18:07:59", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92734acf-2021-4217-8cdd-a9d269198db3": { "id": "92734acf-2021-4217-8cdd-a9d269198db3", "title": "Seriously Simple Stats <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seriously Simple Stats", "slug": "seriously-simple-stats", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92734acf-2021-4217-8cdd-a9d269198db3?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92749a6c-388c-4b4e-b29f-f35aada96367": { "id": "92749a6c-388c-4b4e-b29f-f35aada96367", "title": "Terms descriptions <= 3.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Terms descriptions", "slug": "terms-descriptions", "affected_versions": { "* - 3.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92749a6c-388c-4b4e-b29f-f35aada96367?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "927696bd-bf0c-4f15-9b06-21c3d0a11aed": { "id": "927696bd-bf0c-4f15-9b06-21c3d0a11aed", "title": "File Manager Pro <= 1.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "File Manager Pro \u2013 Filester", "slug": "filester", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/927696bd-bf0c-4f15-9b06-21c3d0a11aed?source=api-scan" ], "published": "2023-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "928584e5-7391-4442-820e-d5d5fc288572": { "id": "928584e5-7391-4442-820e-d5d5fc288572", "title": "Blix <= 0.9.1, Blixed <= 1.0, BlixKrieg <= 2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "blixed", "slug": "blixed", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "BlixKrieg", "slug": "blixkrieg", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Blix", "slug": "blix", "affected_versions": { "* - 0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/928584e5-7391-4442-820e-d5d5fc288572?source=api-scan" ], "published": "2007-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92880588-a733-43df-adf6-74fe6291822d": { "id": "92880588-a733-43df-adf6-74fe6291822d", "title": "Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Click to Call or Chat Buttons", "slug": "click-to-call-or-chat-buttons", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92880588-a733-43df-adf6-74fe6291822d?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92895f8e-59c9-4988-9d7a-2601880d71a2": { "id": "92895f8e-59c9-4988-9d7a-2601880d71a2", "title": "WordPress Core < 5.4.2 - Self-Cross Site Scripting via Theme Folder Name", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.33": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.33", "to_inclusive": true }, "3.8 - 3.8.33": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.33", "to_inclusive": true }, "3.9 - 3.9.31": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.31", "to_inclusive": true }, "4.0 - 4.0.30": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.30", "to_inclusive": true }, "4.1 - 4.1.30": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.30", "to_inclusive": true }, "4.2 - 4.2.27": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.27", "to_inclusive": true }, "4.3 - 4.3.23": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.23", "to_inclusive": true }, "4.4 - 4.4.22": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.22", "to_inclusive": true }, "4.5 - 4.5.21": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.21", "to_inclusive": true }, "4.6 - 4.6.18": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.18", "to_inclusive": true }, "4.7 - 4.7.17": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.17", "to_inclusive": true }, "4.8 - 4.8.13": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.13", "to_inclusive": true }, "4.9 - 4.9.14": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.14", "to_inclusive": true }, "5.0 - 5.0.9": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true }, "5.1 - 5.1.5": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true }, "5.2 - 5.2.6": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true }, "5.3 - 5.3.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.34", "3.8.34", "3.9.32", "4.0.31", "4.1.31", "4.2.28", "4.3.24", "4.4.23", "4.5.22", "4.6.19", "4.7.18", "4.8.14", "4.9.15", "5.0.10", "5.1.6", "5.2.7", "5.3.4", "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92895f8e-59c9-4988-9d7a-2601880d71a2?source=api-scan" ], "published": "2020-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "928b4c4f-0614-410a-857b-90037770cfbf": { "id": "928b4c4f-0614-410a-857b-90037770cfbf", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio <= 2.55 - SQL Injection", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "* - 2.55": { "from_version": "*", "from_inclusive": true, "to_version": "2.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/928b4c4f-0614-410a-857b-90037770cfbf?source=api-scan" ], "published": "2013-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9290532f-58d7-4e7d-9fa0-89c7f82b0466": { "id": "9290532f-58d7-4e7d-9fa0-89c7f82b0466", "title": "Social Share Boost <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via ssboost shortcode", "software": [ { "type": "plugin", "name": "Social Share Boost", "slug": "social-share-boost", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9290532f-58d7-4e7d-9fa0-89c7f82b0466?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "929085b2-3038-41d1-bd61-ce9e7dc79f78": { "id": "929085b2-3038-41d1-bd61-ce9e7dc79f78", "title": "Gallery PhotoBlocks <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery PhotoBlocks", "slug": "photoblocks-grid-gallery", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/929085b2-3038-41d1-bd61-ce9e7dc79f78?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92915943-c6ff-46df-adbd-382eabe44021": { "id": "92915943-c6ff-46df-adbd-382eabe44021", "title": "Manage WP Worker <= 4.9.2 - Authentication Bypass", "software": [ { "type": "plugin", "name": "ManageWP Worker", "slug": "worker", "affected_versions": { "* - 4.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92915943-c6ff-46df-adbd-382eabe44021?source=api-scan" ], "published": "2020-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92928f3b-cf45-4735-87d7-040afa4857f4": { "id": "92928f3b-cf45-4735-87d7-040afa4857f4", "title": "Migration Backup Restore <= 3.4.3 - Authenticated (Administrator+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "slug": "wp-staging", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92928f3b-cf45-4735-87d7-040afa4857f4?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "929ec66c-a4b2-4846-8330-65fd0e595e58": { "id": "929ec66c-a4b2-4846-8330-65fd0e595e58", "title": "3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin <= 3.71 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin", "slug": "real3d-flipbook-lite", "affected_versions": { "* - 3.71": { "from_version": "*", "from_inclusive": true, "to_version": "3.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/929ec66c-a4b2-4846-8330-65fd0e595e58?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "929fd4e6-9040-41cb-98f0-0cfdd80caf42": { "id": "929fd4e6-9040-41cb-98f0-0cfdd80caf42", "title": "Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 9.5": { "from_version": "*", "from_inclusive": true, "to_version": "9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/929fd4e6-9040-41cb-98f0-0cfdd80caf42?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92a00fb4-7b50-43fd-ac04-5d6e29336e9c": { "id": "92a00fb4-7b50-43fd-ac04-5d6e29336e9c", "title": "InstaWP Connect \u2013 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup\/Arbitrary Options Update\/Administrative User Creation", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.38": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92a00fb4-7b50-43fd-ac04-5d6e29336e9c?source=api-scan" ], "published": "2024-06-11 21:44:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92a20a1f-6403-4561-acd8-5b076fe2999f": { "id": "92a20a1f-6403-4561-acd8-5b076fe2999f", "title": "DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "DevBuddy Twitter Feed", "slug": "devbuddy-twitter-feed", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92a20a1f-6403-4561-acd8-5b076fe2999f?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92a3e622-b3b2-450e-82a7-0a942711e8c0": { "id": "92a3e622-b3b2-450e-82a7-0a942711e8c0", "title": "Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 12.7)": { "from_version": "*", "from_inclusive": true, "to_version": "12.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92a3e622-b3b2-450e-82a7-0a942711e8c0?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92a50f24-7011-4fe4-a095-e7e320bfec81": { "id": "92a50f24-7011-4fe4-a095-e7e320bfec81", "title": "Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Admin Trim Interface", "slug": "admin-trim-interface", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92a50f24-7011-4fe4-a095-e7e320bfec81?source=api-scan" ], "published": "2024-07-26 13:08:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92a543e2-1af1-4857-8e2f-c8658eac7fe0": { "id": "92a543e2-1af1-4857-8e2f-c8658eac7fe0", "title": "Vrm 360 3D Model Viewer <= 1.2.1 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Vrm 360 3D Model Viewer", "slug": "vrm360", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92a543e2-1af1-4857-8e2f-c8658eac7fe0?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92a9ca70-2867-433a-932e-191ed7f01945": { "id": "92a9ca70-2867-433a-932e-191ed7f01945", "title": "CSV Import <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CSV Import", "slug": "csv-import", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92a9ca70-2867-433a-932e-191ed7f01945?source=api-scan" ], "published": "2016-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92aae1f6-e624-4619-8195-ee3c443a31fc": { "id": "92aae1f6-e624-4619-8195-ee3c443a31fc", "title": "Donations Made Easy \u2013 Smart Donations <= 4.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donations Made Easy \u2013 Smart Donations", "slug": "smart-donations", "affected_versions": { "* - 4.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92aae1f6-e624-4619-8195-ee3c443a31fc?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92ae6f51-a6cb-46ce-b45b-ca4f12f5a67f": { "id": "92ae6f51-a6cb-46ce-b45b-ca4f12f5a67f", "title": "RokNewsPager <= 1.17 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RokNewsPager", "slug": "wp_roknewspager", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92ae6f51-a6cb-46ce-b45b-ca4f12f5a67f?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92b1a47e-31e2-4cfd-a24c-460ff2f00d09": { "id": "92b1a47e-31e2-4cfd-a24c-460ff2f00d09", "title": "Webcam 2Way Videochat <= 4.41 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "2Way VideoCalls and Random Chat \u2013 HTML5 Webcam Videochat", "slug": "webcam-2way-videochat", "affected_versions": { "* - 4.41": { "from_version": "*", "from_inclusive": true, "to_version": "4.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.41.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92b1a47e-31e2-4cfd-a24c-460ff2f00d09?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92b4d800-2895-4f7b-8b3b-ee6df75a7908": { "id": "92b4d800-2895-4f7b-8b3b-ee6df75a7908", "title": "Subscribe2 <= 10.40 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters", "slug": "subscribe2", "affected_versions": { "* - 10.40": { "from_version": "*", "from_inclusive": true, "to_version": "10.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92b4d800-2895-4f7b-8b3b-ee6df75a7908?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92b8829e-a8eb-4fdb-a772-9efbb5aaeb6c": { "id": "92b8829e-a8eb-4fdb-a772-9efbb5aaeb6c", "title": "BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export", "software": [ { "type": "plugin", "name": "BetterLinks \u2013 An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing", "slug": "betterlinks", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92b8829e-a8eb-4fdb-a772-9efbb5aaeb6c?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92bcdbd9-1f41-4990-9bea-587fb0e7355a": { "id": "92bcdbd9-1f41-4990-9bea-587fb0e7355a", "title": "Owl Carousel <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Owl Carousel", "slug": "owl-carousel", "affected_versions": { "* - 0.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92bcdbd9-1f41-4990-9bea-587fb0e7355a?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92bd8f53-7845-4741-84e7-4930dfa973ea": { "id": "92bd8f53-7845-4741-84e7-4930dfa973ea", "title": "Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection", "software": [ { "type": "plugin", "name": "Advanced Order Export For WooCommerce", "slug": "woo-order-export-lite", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92bd8f53-7845-4741-84e7-4930dfa973ea?source=api-scan" ], "published": "2018-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92bdf5c9-37ef-450a-874c-e21a60b03baa": { "id": "92bdf5c9-37ef-450a-874c-e21a60b03baa", "title": "ARForms Form Builder <= 1.6.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "slug": "arforms-form-builder", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92bdf5c9-37ef-450a-874c-e21a60b03baa?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92c16bb5-b52c-4453-9121-0c9d056a0cdb": { "id": "92c16bb5-b52c-4453-9121-0c9d056a0cdb", "title": "Mortgage Calculators WP < 1.53 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mortgage Calculators WP", "slug": "mortgage-calculators-wp", "affected_versions": { "[*, 1.53)": { "from_version": "*", "from_inclusive": true, "to_version": "1.53", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92c16bb5-b52c-4453-9121-0c9d056a0cdb?source=api-scan" ], "published": "2022-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92c5c282-9193-41b3-9c1e-cd700765f346": { "id": "92c5c282-9193-41b3-9c1e-cd700765f346", "title": "Global Flash Gallery < 0.13.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Global Flash Gallery", "slug": "global-flash-galleries", "affected_versions": { "* - 0.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.13.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92c5c282-9193-41b3-9c1e-cd700765f346?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92c79e51-3b14-4d1c-893b-a683b55f3011": { "id": "92c79e51-3b14-4d1c-893b-a683b55f3011", "title": "Support Plus Responsive Ticket System <= 4.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92c79e51-3b14-4d1c-893b-a683b55f3011?source=api-scan" ], "published": "2014-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92c88e7f-9393-4e44-8a1d-314f6560bf63": { "id": "92c88e7f-9393-4e44-8a1d-314f6560bf63", "title": "GoCodes <= 1.3.5 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "GoCodes", "slug": "gocodes", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92c88e7f-9393-4e44-8a1d-314f6560bf63?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92cdb716-8e45-41ea-8805-527d20a4bcb5": { "id": "92cdb716-8e45-41ea-8805-527d20a4bcb5", "title": "WP LMS \u2013 Best WordPress LMS Plugin <= 1.1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Learn Manager", "slug": "learn-manager", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92cdb716-8e45-41ea-8805-527d20a4bcb5?source=api-scan" ], "published": "2021-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92d59dd4-7338-40ac-9a73-37e9e85351d7": { "id": "92d59dd4-7338-40ac-9a73-37e9e85351d7", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "[*, 3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92d59dd4-7338-40ac-9a73-37e9e85351d7?source=api-scan" ], "published": "2014-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92daf977-1b60-4ecf-b3bc-e8d356b4e0b7": { "id": "92daf977-1b60-4ecf-b3bc-e8d356b4e0b7", "title": "GutSlider \u2013 All in One Block Slider <= 2.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GutSlider \u2013 All in One Block Slider", "slug": "slider-blocks", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92daf977-1b60-4ecf-b3bc-e8d356b4e0b7?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92e37b28-1a17-417a-b40f-cb4bbe6ec759": { "id": "92e37b28-1a17-417a-b40f-cb4bbe6ec759", "title": "PDF Flipbook, 3D Flipbook \u2013 DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dear Flipbook \u2013 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer", "slug": "3d-flipbook-dflip-lite", "affected_versions": { "* - 2.2.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92e444db-72d5-444f-811e-ade0bc097769": { "id": "92e444db-72d5-444f-811e-ade0bc097769", "title": "License Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "License Manager for WooCommerce", "slug": "license-manager-for-woocommerce", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92e444db-72d5-444f-811e-ade0bc097769?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92e9af52-a9a8-4b68-8351-f1091855fedc": { "id": "92e9af52-a9a8-4b68-8351-f1091855fedc", "title": "HTML Forms <= 1.3.24 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "HTML Forms \u2013 Simple WordPress Forms Plugin", "slug": "html-forms", "affected_versions": { "* - 1.3.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92e9af52-a9a8-4b68-8351-f1091855fedc?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92ea7488-f99b-4bae-8972-1e84a0a74071": { "id": "92ea7488-f99b-4bae-8972-1e84a0a74071", "title": "Ultimate Classified Listings <= 1.3 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Ultimate Classified Listings", "slug": "ultimate-classified-listings", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92ea7488-f99b-4bae-8972-1e84a0a74071?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92f6f3f7-c49b-4290-806f-6add333159b9": { "id": "92f6f3f7-c49b-4290-806f-6add333159b9", "title": "Conversios.io - Google Analytics and Google Shopping plugin for WooCommerce <= 4.6.1 Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress", "slug": "enhanced-e-commerce-for-woocommerce-store", "affected_versions": { "[*, 4.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92f6f3f7-c49b-4290-806f-6add333159b9?source=api-scan" ], "published": "2022-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92f8e3b7-a896-494b-96cd-6ecb8918ebd6": { "id": "92f8e3b7-a896-494b-96cd-6ecb8918ebd6", "title": "Albo Pretorio Online <= 4.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Albo Pretorio On line", "slug": "albo-pretorio-on-line", "affected_versions": { "* - 4.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92f8e3b7-a896-494b-96cd-6ecb8918ebd6?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "92ffaa23-08f2-4aa4-84c3-a84c26ed8474": { "id": "92ffaa23-08f2-4aa4-84c3-a84c26ed8474", "title": "Image Hover Effects For WPBakery Page Builder <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Image Hover Effects For WPBakery Page Builder", "slug": "image-hover-effects-visual-composer-extension", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/92ffaa23-08f2-4aa4-84c3-a84c26ed8474?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93029d39-adaa-4cf6-9081-28c9e84ec2e5": { "id": "93029d39-adaa-4cf6-9081-28c9e84ec2e5", "title": "MF Gig Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via event_title and event_time", "software": [ { "type": "plugin", "name": "MF Gig Calendar", "slug": "mf-gig-calendar", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93029d39-adaa-4cf6-9081-28c9e84ec2e5?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "930d8c9e-4af0-49f0-adcc-246800e71284": { "id": "930d8c9e-4af0-49f0-adcc-246800e71284", "title": "WooFramework Branding <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooFramework Branding", "slug": "wooframework-branding", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/930d8c9e-4af0-49f0-adcc-246800e71284?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9311c7b6-2c32-4f30-8286-6d59c267c09d": { "id": "9311c7b6-2c32-4f30-8286-6d59c267c09d", "title": "Auto Login New User After Registration <= 1.9.6 - Cross-Site Request Forgery to Settings Modification", "software": [ { "type": "plugin", "name": "Auto Login New User After Registration", "slug": "auto-login-new-user-after-registration", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9311c7b6-2c32-4f30-8286-6d59c267c09d?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9312c73d-8eb6-4ca0-a03b-566099dc6487": { "id": "9312c73d-8eb6-4ca0-a03b-566099dc6487", "title": "WP GDPR Compliance <= 1.4.2 - Arbitrary Options Update and Action Calling", "software": [ { "type": "plugin", "name": "Cookie Information | Free GDPR Consent Solution", "slug": "wp-gdpr-compliance", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9312c73d-8eb6-4ca0-a03b-566099dc6487?source=api-scan" ], "published": "2018-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93164941-effe-4363-811e-3161cff10c88": { "id": "93164941-effe-4363-811e-3161cff10c88", "title": "WP Simple Booking Calendar <= 2.0.6 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Simple Booking Calendar", "slug": "wp-simple-booking-calendar", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93164941-effe-4363-811e-3161cff10c88?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "931983c3-d704-4c95-8078-7db4d79e1e1c": { "id": "931983c3-d704-4c95-8078-7db4d79e1e1c", "title": "Newsletter by Supsystic <= 1.5.6 - Authenticated (Admin+) Time-Based Blind SQL Injection", "software": [ { "type": "plugin", "name": "Newsletter by Supsystic", "slug": "newsletter-by-supsystic", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/931983c3-d704-4c95-8078-7db4d79e1e1c?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9319dfc7-2b23-4056-8310-41a07535379d": { "id": "9319dfc7-2b23-4056-8310-41a07535379d", "title": "ajax-extend <= 1.0 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "ajax-extend", "slug": "ajax-extend", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9319dfc7-2b23-4056-8310-41a07535379d?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "931e83b6-b05a-4f48-a159-e15cc99e0fe4": { "id": "931e83b6-b05a-4f48-a159-e15cc99e0fe4", "title": "Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Export", "software": [ { "type": "plugin", "name": "Simple 301 Redirects By BetterLinks \u2013 Easy WordPress Redirect Manager for Redirects, 404 Error Log & More", "slug": "simple-301-redirects", "affected_versions": { "2.0.0 - 2.0.3": { "from_version": "2.0.0", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/931e83b6-b05a-4f48-a159-e15cc99e0fe4?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "932ba486-d98d-4c16-afe5-3aaf030a1e48": { "id": "932ba486-d98d-4c16-afe5-3aaf030a1e48", "title": "Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via link", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/932ba486-d98d-4c16-afe5-3aaf030a1e48?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "932d6c6e-3e0f-4834-aa39-8ca9c3b40ef5": { "id": "932d6c6e-3e0f-4834-aa39-8ca9c3b40ef5", "title": "Social Slider Feed <= 2.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Slider Feed", "slug": "instagram-slider-widget", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/932d6c6e-3e0f-4834-aa39-8ca9c3b40ef5?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93385acc-aede-4948-b64e-d1ab23167d17": { "id": "93385acc-aede-4948-b64e-d1ab23167d17", "title": "PrePost SEO <= 3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PrePost SEO", "slug": "prepost-seo", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93385acc-aede-4948-b64e-d1ab23167d17?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "933d8f1a-ae6e-4c49-92bc-a0b6bd3a0598": { "id": "933d8f1a-ae6e-4c49-92bc-a0b6bd3a0598", "title": "Email Subscribers & Newsletters <= 4.1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 4.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/933d8f1a-ae6e-4c49-92bc-a0b6bd3a0598?source=api-scan" ], "published": "2019-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "933ea8a2-3d1d-43a3-bb14-52f37576c9e5": { "id": "933ea8a2-3d1d-43a3-bb14-52f37576c9e5", "title": "AA Cash Calculator <= 1.0 - Reflected Cross-Site Scripting via invoice", "software": [ { "type": "plugin", "name": "AA Cash Calculator", "slug": "aa-calculator", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/933ea8a2-3d1d-43a3-bb14-52f37576c9e5?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93427a3a-8cbe-4aa7-93e2-c6807bc3390c": { "id": "93427a3a-8cbe-4aa7-93e2-c6807bc3390c", "title": "Easy Contact Form Lite <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin", "slug": "contact-form-lite", "affected_versions": { "* - 1.1.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93427a3a-8cbe-4aa7-93e2-c6807bc3390c?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "934545ff-8886-47c7-ad50-0e5ff513a26c": { "id": "934545ff-8886-47c7-ad50-0e5ff513a26c", "title": "PWA for WP & AMP Plugin <= 1.0.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PWA for WP & AMP", "slug": "pwa-for-wp", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/934545ff-8886-47c7-ad50-0e5ff513a26c?source=api-scan" ], "published": "2019-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9347dafb-1789-4855-b09e-2a1ef5f7f2c1": { "id": "9347dafb-1789-4855-b09e-2a1ef5f7f2c1", "title": "Form Maker by 10Web <= 1.13.35 - SQL Injection", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.13.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9347dafb-1789-4855-b09e-2a1ef5f7f2c1?source=api-scan" ], "published": "2020-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9349208c-3e86-4ec6-9e10-5ecaa4923922": { "id": "9349208c-3e86-4ec6-9e10-5ecaa4923922", "title": "Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode'", "software": [ { "type": "plugin", "name": "Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce", "slug": "wp-carousel-free", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9349208c-3e86-4ec6-9e10-5ecaa4923922?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "934b2767-eae4-4c2d-a635-2e6a27fd9f49": { "id": "934b2767-eae4-4c2d-a635-2e6a27fd9f49", "title": "Get URL Cron <= 1.4.7 - Cross-Site Request Forgery via geturlcron_action_handle", "software": [ { "type": "plugin", "name": "Cron Setup and Monitor \u2013 Get URL Cron", "slug": "get-url-cron", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/934b2767-eae4-4c2d-a635-2e6a27fd9f49?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "934bf839-152d-4d10-9ac8-c64cf042dc18": { "id": "934bf839-152d-4d10-9ac8-c64cf042dc18", "title": "Otter Blocks PRO <= 2.6.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via File Field CSS", "software": [ { "type": "plugin", "name": "Otter Blocks PRO \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-pro", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/934bf839-152d-4d10-9ac8-c64cf042dc18?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d": { "id": "934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d", "title": "MStore API <= 2.1.5 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "[*, 2.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d?source=api-scan" ], "published": "2020-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "934db08b-7dde-43bf-848b-48fba38ef195": { "id": "934db08b-7dde-43bf-848b-48fba38ef195", "title": "JetWidgets For Elementor <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JetWidgets For Elementor", "slug": "jetwidgets-for-elementor", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/934db08b-7dde-43bf-848b-48fba38ef195?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "935054c3-8541-4ff3-a035-7ee8afe53f72": { "id": "935054c3-8541-4ff3-a035-7ee8afe53f72", "title": "Memberlite Shortcodes <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Memberlite Shortcodes", "slug": "memberlite-shortcodes", "affected_versions": { "[*, 1.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/935054c3-8541-4ff3-a035-7ee8afe53f72?source=api-scan" ], "published": "2023-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9350fba0-2cb3-43dd-9ea5-214dc631267a": { "id": "9350fba0-2cb3-43dd-9ea5-214dc631267a", "title": "Shipyaari Shipping Management <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shipyaari Shipping Management", "slug": "manage-shipyaari-shipping", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9350fba0-2cb3-43dd-9ea5-214dc631267a?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93554eb7-2f81-4eb1-809e-6dfe1f5b6196": { "id": "93554eb7-2f81-4eb1-809e-6dfe1f5b6196", "title": "WPForms User Registration <= 2.1.0 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "WPForms User Registration", "slug": "wpforms-user-registration", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93554eb7-2f81-4eb1-809e-6dfe1f5b6196?source=api-scan" ], "published": "2024-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "935bf651-888e-4922-81fc-7e2e5a6fe3ba": { "id": "935bf651-888e-4922-81fc-7e2e5a6fe3ba", "title": "Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events\/Schedules Creation\/Deletion", "software": [ { "type": "plugin", "name": "Advanced Cron Manager \u2013 debug & control", "slug": "advanced-cron-manager", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] }, { "type": "plugin", "name": "Advanced Cron Manager Pro", "slug": "advanced-cron-manager-pro", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/935bf651-888e-4922-81fc-7e2e5a6fe3ba?source=api-scan" ], "published": "2022-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "936803ab-93d5-4808-8758-6b8f7c01b3c2": { "id": "936803ab-93d5-4808-8758-6b8f7c01b3c2", "title": "Pickup | Delivery | Dine-in date time <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pickup | Delivery | Dine-in date time", "slug": "restaurant-pickup-delivery-dine-in", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/936803ab-93d5-4808-8758-6b8f7c01b3c2?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "936d2714-4ace-4685-b3ff-6adac76495a3": { "id": "936d2714-4ace-4685-b3ff-6adac76495a3", "title": "WP Job Portal <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/936d2714-4ace-4685-b3ff-6adac76495a3?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "936e753b-b3e9-43c9-8686-c610faa8b20e": { "id": "936e753b-b3e9-43c9-8686-c610faa8b20e", "title": "Shopping Cart & eCommerce Store <= 5.4.2 - Authenticated (Admin+) Local File Inclusion via import_file_url", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/936e753b-b3e9-43c9-8686-c610faa8b20e?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9370c320-b3bc-4965-9cc7-b2bf3a24e251": { "id": "9370c320-b3bc-4965-9cc7-b2bf3a24e251", "title": "Copyscape Premium <= 1.3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Copyscape Premium", "slug": "copyscape-premium", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9370c320-b3bc-4965-9cc7-b2bf3a24e251?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9370f05a-9c69-45f4-9fd8-7017bfcf4d1e": { "id": "9370f05a-9c69-45f4-9fd8-7017bfcf4d1e", "title": "Calculated Fields Form <= 1.1.120 - Missing Authorization to Feedback Submission", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.1.120": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.120", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.121" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9370f05a-9c69-45f4-9fd8-7017bfcf4d1e?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9373c82d-15a8-495a-8290-1b85c096f7e5": { "id": "9373c82d-15a8-495a-8290-1b85c096f7e5", "title": "W3 Total Cache <= 0.9.4.1 - Weak validation of Amazon SNS push messages", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9373c82d-15a8-495a-8290-1b85c096f7e5?source=api-scan" ], "published": "2016-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93784c84-93b3-4f43-84a0-5aeed3ba9cfd": { "id": "93784c84-93b3-4f43-84a0-5aeed3ba9cfd", "title": "Void Contact Form 7 Widget For Elementor Page Builder <= 2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Void Contact Form 7 Widget For Elementor Page Builder", "slug": "cf7-widget-elementor", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93784c84-93b3-4f43-84a0-5aeed3ba9cfd?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9379e1c9-fb83-43e4-af89-898dc0c2216c": { "id": "9379e1c9-fb83-43e4-af89-898dc0c2216c", "title": "Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "* - 3.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9379e1c9-fb83-43e4-af89-898dc0c2216c?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "937e56cc-58dc-483c-8f17-ced3b1f7a481": { "id": "937e56cc-58dc-483c-8f17-ced3b1f7a481", "title": "WordPress Simple Shop <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Simple Shop", "slug": "webful-simple-grocery-shop", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/937e56cc-58dc-483c-8f17-ced3b1f7a481?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9382d94c-3767-4d05-ada7-2857713b9e3a": { "id": "9382d94c-3767-4d05-ada7-2857713b9e3a", "title": "Sahifa <= 2.4.0 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Sahifa", "slug": "sahifa", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9382d94c-3767-4d05-ada7-2857713b9e3a?source=api-scan" ], "published": "2013-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93875f19-d9b9-4e33-bba9-afc75cf26bf2": { "id": "93875f19-d9b9-4e33-bba9-afc75cf26bf2", "title": "Salon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customer", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 8.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93875f19-d9b9-4e33-bba9-afc75cf26bf2?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "938be2d0-1e56-42d5-874e-574e78a44932": { "id": "938be2d0-1e56-42d5-874e-574e78a44932", "title": "Developer Formatter < 2013.0.1.41 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Developer Formatter", "slug": "devformatter", "affected_versions": { "[*, 2013.0.1.41)": { "from_version": "*", "from_inclusive": true, "to_version": "2013.0.1.41", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2013.0.1.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/938be2d0-1e56-42d5-874e-574e78a44932?source=api-scan" ], "published": "2013-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "938d24c2-24f5-42d4-9a8f-f25b65a312f1": { "id": "938d24c2-24f5-42d4-9a8f-f25b65a312f1", "title": "Special Text Boxes <= 5.9.109 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Special Text Boxes", "slug": "wp-special-textboxes", "affected_versions": { "* - 5.9.109": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.109", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.110" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/938d24c2-24f5-42d4-9a8f-f25b65a312f1?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "938e8f54-56f0-4066-bc78-ebfc2abe0743": { "id": "938e8f54-56f0-4066-bc78-ebfc2abe0743", "title": "Flash player widget <= 1.3 - Content Spoofing", "software": [ { "type": "plugin", "name": "flash-player-widget", "slug": "flash-player-widget", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/938e8f54-56f0-4066-bc78-ebfc2abe0743?source=api-scan" ], "published": "2013-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9391474f-8cf8-4e8b-b3e6-39b397b7b6b6": { "id": "9391474f-8cf8-4e8b-b3e6-39b397b7b6b6", "title": "Master Slider - Responsive Touch Slider <= 2.5.1 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9391474f-8cf8-4e8b-b3e6-39b397b7b6b6?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93920201-fd53-45ad-983a-a2b04b96db77": { "id": "93920201-fd53-45ad-983a-a2b04b96db77", "title": "Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Icegram Collect \u2013 Easy Form, Lead Collection and Subscription plugin", "slug": "icegram-rainmaker", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93920201-fd53-45ad-983a-a2b04b96db77?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93928123-c90d-4bbb-b51d-33e809867b79": { "id": "93928123-c90d-4bbb-b51d-33e809867b79", "title": "Smart Custom 404 Error Page <= 11.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Custom 404 Error Page", "slug": "404page", "affected_versions": { "* - 11.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "11.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93928123-c90d-4bbb-b51d-33e809867b79?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9393e103-7009-457b-ba14-fa5ef45b97df": { "id": "9393e103-7009-457b-ba14-fa5ef45b97df", "title": "Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9393e103-7009-457b-ba14-fa5ef45b97df?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9396c350-d72e-472b-8cbc-44edce557256": { "id": "9396c350-d72e-472b-8cbc-44edce557256", "title": "RegistrationMagic <= 5.2.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9396c350-d72e-472b-8cbc-44edce557256?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93a07027-1068-41fa-bd6b-74ccc0441a16": { "id": "93a07027-1068-41fa-bd6b-74ccc0441a16", "title": "Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93a07027-1068-41fa-bd6b-74ccc0441a16?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93a07f4e-8359-4ca2-a1cc-ca0ba2b7c0de": { "id": "93a07f4e-8359-4ca2-a1cc-ca0ba2b7c0de", "title": "Seed Social <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seed Social", "slug": "seed-social", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93a07f4e-8359-4ca2-a1cc-ca0ba2b7c0de?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93a4d653-a852-41c1-8942-8f059420aeb1": { "id": "93a4d653-a852-41c1-8942-8f059420aeb1", "title": "Booking Calendar <= 8.4.3 - SQL injection", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 8.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93a4d653-a852-41c1-8942-8f059420aeb1?source=api-scan" ], "published": "2018-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93ab9f1a-26ce-466a-a5d3-d2046ec8f94d": { "id": "93ab9f1a-26ce-466a-a5d3-d2046ec8f94d", "title": "Simple Share Buttons Adder <= 8.4.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings", "software": [ { "type": "plugin", "name": "Simple Share Buttons Adder", "slug": "simple-share-buttons-adder", "affected_versions": { "* - 8.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93b527a8-30c0-4e47-bb2b-522380b21699": { "id": "93b527a8-30c0-4e47-bb2b-522380b21699", "title": "Big File Uploads <= 2.1.1 - Cross-Site Request Forgery via actions", "software": [ { "type": "plugin", "name": "Big File Uploads \u2013 Increase Maximum File Upload Size", "slug": "tuxedo-big-file-uploads", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93b527a8-30c0-4e47-bb2b-522380b21699?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93b5525c-a298-420d-80cd-84cb35913981": { "id": "93b5525c-a298-420d-80cd-84cb35913981", "title": "Open Close WooCommerce Store <= 4.9.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Open Close WooCommerce Store \u2013 Best Business Schedules Manager", "slug": "woc-open-close", "affected_versions": { "* - 4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93b5525c-a298-420d-80cd-84cb35913981?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93b5552e-bb24-4dfb-a779-8451f619ff50": { "id": "93b5552e-bb24-4dfb-a779-8451f619ff50", "title": "QT KenthaRadio < 2.0.2 & OnAir2 < 3.9.9.2 - Server-Side Request Forgery & Remote File Inclusion", "software": [ { "type": "theme", "name": "Onair2: Radio Station WordPress Theme With Non-Stop Music Player", "slug": "onair2", "affected_versions": { "[*, 3.9.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.9.2" ] }, { "type": "plugin", "name": "KenthaRadio - Addon for Kentha Music WordPress Theme To Add Radio Station and Schedule Functionality", "slug": "qt-kentharadio", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93b5552e-bb24-4dfb-a779-8451f619ff50?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93b5bc57-3bfa-4477-a9d4-f0563008cf94": { "id": "93b5bc57-3bfa-4477-a9d4-f0563008cf94", "title": "Video Gallery <= 1.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP", "slug": "yotuwp-easy-youtube-embed", "affected_versions": { "* - 1.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93b5bc57-3bfa-4477-a9d4-f0563008cf94?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93badb2f-bb47-4ae6-a447-d8237cc9237f": { "id": "93badb2f-bb47-4ae6-a447-d8237cc9237f", "title": "NEX-Forms Lite \u2013 WordPress Contact Form builder < 3.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NEX-Forms Lite \u2013 WordPress Contact Form builder", "slug": "x-forms-express", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93badb2f-bb47-4ae6-a447-d8237cc9237f?source=api-scan" ], "published": "2014-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93c10a58-c5f2-440b-a88e-5314143fdd90": { "id": "93c10a58-c5f2-440b-a88e-5314143fdd90", "title": "WP EXtra <= 6.2 - Missing Authorization to Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "WP EXtra", "slug": "wp-extra", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93c10a58-c5f2-440b-a88e-5314143fdd90?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93c1b6d2-a818-4ce5-96b7-524fac4081b2": { "id": "93c1b6d2-a818-4ce5-96b7-524fac4081b2", "title": "Photo Gallery by 10Web <= 1.6.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93c1b6d2-a818-4ce5-96b7-524fac4081b2?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93c940a5-1145-47ac-b55f-bf346719e584": { "id": "93c940a5-1145-47ac-b55f-bf346719e584", "title": "Donate Extra <= 2.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donate Extra", "slug": "donate-extra", "affected_versions": { "* - 2.02": { "from_version": "*", "from_inclusive": true, "to_version": "2.02", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93c940a5-1145-47ac-b55f-bf346719e584?source=api-scan" ], "published": "2022-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93cb3b29-b1a0-4d40-a057-1b41f3b181f2": { "id": "93cb3b29-b1a0-4d40-a057-1b41f3b181f2", "title": "WP RSS Aggregator <= 4.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source", "software": [ { "type": "plugin", "name": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging", "slug": "wp-rss-aggregator", "affected_versions": { "* - 4.23.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.23.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=api-scan" ], "published": "2024-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93cb6d59-6654-4ce1-b65f-0e162ae58bac": { "id": "93cb6d59-6654-4ce1-b65f-0e162ae58bac", "title": "Download Monitor <= 1.6.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false }, "1.7.0": { "from_version": "1.7.0", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5", "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93cb6d59-6654-4ce1-b65f-0e162ae58bac?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93cf6dce-892e-4106-bb37-b7952e5ea5a1": { "id": "93cf6dce-892e-4106-bb37-b7952e5ea5a1", "title": "Ultimate Member <= 2.3.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93cf6dce-892e-4106-bb37-b7952e5ea5a1?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93d78063-238d-40c0-92c9-6870d85d29f7": { "id": "93d78063-238d-40c0-92c9-6870d85d29f7", "title": "Video Player <= 1.5.22 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpiderVPlayer", "slug": "player", "affected_versions": { "* - 1.5.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93d78063-238d-40c0-92c9-6870d85d29f7?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93d8277f-3c5a-4024-a7c0-27ccb1a23cfc": { "id": "93d8277f-3c5a-4024-a7c0-27ccb1a23cfc", "title": "Aesop Story Engine <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Aesop Story Engine", "slug": "aesop-story-engine", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93d8277f-3c5a-4024-a7c0-27ccb1a23cfc?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93daab72-1243-4a05-91d3-9254a1aac727": { "id": "93daab72-1243-4a05-91d3-9254a1aac727", "title": "Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93daab72-1243-4a05-91d3-9254a1aac727?source=api-scan" ], "published": "2024-05-10 09:18:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93dcbab7-fdf5-4631-8605-77f8f190512d": { "id": "93dcbab7-fdf5-4631-8605-77f8f190512d", "title": "ElementsKit Elementor addons 3.0.7 - 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "3.0.7 - 3.1.2": { "from_version": "3.0.7", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93dcbab7-fdf5-4631-8605-77f8f190512d?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93de1604-2494-4c51-a93d-b01bf7ed4c07": { "id": "93de1604-2494-4c51-a93d-b01bf7ed4c07", "title": "WordPress Backup & Migration <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WebToffee WP Backup and Migration", "slug": "wp-migration-duplicator", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93de1604-2494-4c51-a93d-b01bf7ed4c07?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93e2d007-8157-42c5-92ad-704dc80749a3": { "id": "93e2d007-8157-42c5-92ad-704dc80749a3", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93e2d007-8157-42c5-92ad-704dc80749a3?source=api-scan" ], "published": "2024-08-19 13:55:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93e590f8-5f8d-4ee5-bcff-96bcb8daf4b7": { "id": "93e590f8-5f8d-4ee5-bcff-96bcb8daf4b7", "title": "BulkGate SMS Plugin for WooCommerce <= 3.0.2 - Missing Authorization via Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "BulkGate SMS Plugin for WooCommerce", "slug": "woosms-sms-module-for-woocommerce", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93e590f8-5f8d-4ee5-bcff-96bcb8daf4b7?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93ec134f-246a-4b1c-8850-8d26126fd9a8": { "id": "93ec134f-246a-4b1c-8850-8d26126fd9a8", "title": "Liquido <= 1.0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Liquido", "slug": "liquido", "affected_versions": { "* - 1.0.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93ec134f-246a-4b1c-8850-8d26126fd9a8?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93ef0a2c-2197-4c23-b5c4-5a94bd44130d": { "id": "93ef0a2c-2197-4c23-b5c4-5a94bd44130d", "title": "Side Menu Lite - add sticky fixed buttons < 2.2.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Side Menu Lite \u2013 add sticky fixed buttons", "slug": "side-menu-lite", "affected_versions": { "[*, 2.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93ef0a2c-2197-4c23-b5c4-5a94bd44130d?source=api-scan" ], "published": "2021-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93f377a1-2c33-4dd7-8fd6-190d9148e804": { "id": "93f377a1-2c33-4dd7-8fd6-190d9148e804", "title": "File Manager And File Manager Pro (Multiple Versions) - Directory Traversal", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.2" ] }, { "type": "plugin", "name": "File Manager Pro", "slug": "wp-file-manager-pro", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93f9862f-745f-44d5-ac49-f8d2d19b35ed": { "id": "93f9862f-745f-44d5-ac49-f8d2d19b35ed", "title": "Wordfence Security - Firewall & Malware Scan <= 3.3.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93f9862f-745f-44d5-ac49-f8d2d19b35ed?source=api-scan" ], "published": "2012-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "93ff1634-d520-4895-8822-2dbfa7b5e030": { "id": "93ff1634-d520-4895-8822-2dbfa7b5e030", "title": "Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "[*, 1.13.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/93ff1634-d520-4895-8822-2dbfa7b5e030?source=api-scan" ], "published": "2019-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "940aabdc-e98e-45be-87dd-cafae45f2474": { "id": "940aabdc-e98e-45be-87dd-cafae45f2474", "title": "WordPress Core < 2.3.3 - Improper Authorization Checks", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/940aabdc-e98e-45be-87dd-cafae45f2474?source=api-scan" ], "published": "2007-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9410b5b8-1bb2-42d7-8d4d-721131d392e3": { "id": "9410b5b8-1bb2-42d7-8d4d-721131d392e3", "title": "Change WP Admin Login <= 1.1.3 - Protection Mechanism Failure to Login Page Disclosure", "software": [ { "type": "plugin", "name": "All In One Login \u2014 WordPress Login Security Plugin to Protect and Customize WP Admin", "slug": "change-wp-admin-login", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9410b5b8-1bb2-42d7-8d4d-721131d392e3?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "941233d8-f382-40a0-81b2-18a682ae07ca": { "id": "941233d8-f382-40a0-81b2-18a682ae07ca", "title": "AdRotate \u2013 Ad manager & AdSense Ads 3.9 - 3.9.4 - SQL Injection", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "3.9 - 3.9.4": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/941233d8-f382-40a0-81b2-18a682ae07ca?source=api-scan" ], "published": "2014-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "941cf3f8-20a0-4d41-8fce-1554653d98da": { "id": "941cf3f8-20a0-4d41-8fce-1554653d98da", "title": "REST API TO MiniProgram <= 4.7.1 - Authenticated (Subscriber+) Media Attachment Deletion", "software": [ { "type": "plugin", "name": "REST API TO MiniProgram", "slug": "rest-api-to-miniprogram", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/941cf3f8-20a0-4d41-8fce-1554653d98da?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9428f710-db34-418f-9918-b35609ca5185": { "id": "9428f710-db34-418f-9918-b35609ca5185", "title": "WooCommerce PayU India <= 2.1.1 - Improper Input Validation", "software": [ { "type": "plugin", "name": "WooCommerce PayU India (PayUmoney \u2013 PayUbiz)", "slug": "woocommerce-payu-paisa", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9428f710-db34-418f-9918-b35609ca5185?source=api-scan" ], "published": "2019-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "942aad86-787e-4c25-a98b-9b7fe64aec23": { "id": "942aad86-787e-4c25-a98b-9b7fe64aec23", "title": "WP Latest Posts <= 3.7.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Latest Posts", "slug": "wp-latest-posts", "affected_versions": { "* - 3.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/942aad86-787e-4c25-a98b-9b7fe64aec23?source=api-scan" ], "published": "2015-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "942ae035-91b3-4330-800c-2dbe94a4b4b5": { "id": "942ae035-91b3-4330-800c-2dbe94a4b4b5", "title": "Woody Ad Snippets <= 2.2.4 - Missing Authorization to Settings Import", "software": [ { "type": "plugin", "name": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads", "slug": "insert-php", "affected_versions": { "[*, 2.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/942ae035-91b3-4330-800c-2dbe94a4b4b5?source=api-scan" ], "published": "2019-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "942fffb6-2719-4b70-9759-21b2d50002c5": { "id": "942fffb6-2719-4b70-9759-21b2d50002c5", "title": "Tutor LMS Pro <= 2.7.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tutor LMS Pro", "slug": "tutor-pro", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/942fffb6-2719-4b70-9759-21b2d50002c5?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94332eb8-0961-4c8d-97bb-3d5d08e8119f": { "id": "94332eb8-0961-4c8d-97bb-3d5d08e8119f", "title": "WordPress Core < 2.1 - Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94332eb8-0961-4c8d-97bb-3d5d08e8119f?source=api-scan" ], "published": "2007-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94337b59-6a88-467e-b487-b7b7e4f6f7a0": { "id": "94337b59-6a88-467e-b487-b7b7e4f6f7a0", "title": "Nokia Maps & Places < 1.6.7 - Open Redirect", "software": [ { "type": "plugin", "name": "Nokia Maps & Places", "slug": "nokia-mapsplaces", "affected_versions": { "[*, 1.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94337b59-6a88-467e-b487-b7b7e4f6f7a0?source=api-scan" ], "published": "2014-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "943cd10b-1b58-4803-ba6f-291f73353422": { "id": "943cd10b-1b58-4803-ba6f-291f73353422", "title": "Welcome Email Editor <= 5.0.5 - Missing Authorization via ajax_handler", "software": [ { "type": "plugin", "name": "Swift SMTP (formerly Welcome Email Editor)", "slug": "welcome-email-editor", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/943cd10b-1b58-4803-ba6f-291f73353422?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9445a54c-06b9-400a-a8ae-a58f1b968196": { "id": "9445a54c-06b9-400a-a8ae-a58f1b968196", "title": "Premium Addons PRO <= 2.8.24 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.8.24": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9445a54c-06b9-400a-a8ae-a58f1b968196?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "944cd237-d5cb-44da-8d4a-5cf7edd368a4": { "id": "944cd237-d5cb-44da-8d4a-5cf7edd368a4", "title": "WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for WordPress < 1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for WordPress", "slug": "wp-survey-and-poll", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/944cd237-d5cb-44da-8d4a-5cf7edd368a4?source=api-scan" ], "published": "2015-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9450ad3b-065b-48f1-860a-7efc86dbcd23": { "id": "9450ad3b-065b-48f1-860a-7efc86dbcd23", "title": "WP Docs <= 2.1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Docs", "slug": "wp-docs", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9450ad3b-065b-48f1-860a-7efc86dbcd23?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9462b048-0e01-43b0-894d-43a53f744eb9": { "id": "9462b048-0e01-43b0-894d-43a53f744eb9", "title": "WordPress Security <= 4.2 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Security \u2013 Firewall, Malware Scanner, Secure Login and Backup", "slug": "wp-security-pro", "affected_versions": { "* - 4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9462b048-0e01-43b0-894d-43a53f744eb9?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94696151-9f99-4847-bd67-8fb77f8b6a0e": { "id": "94696151-9f99-4847-bd67-8fb77f8b6a0e", "title": "BCorp Shortcodes <= 0.23 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "BCorp Shortcodes", "slug": "bcorp-shortcodes", "affected_versions": { "* - 0.23": { "from_version": "*", "from_inclusive": true, "to_version": "0.23", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94696151-9f99-4847-bd67-8fb77f8b6a0e?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "946add6f-4cd5-4c55-9399-a782140f217c": { "id": "946add6f-4cd5-4c55-9399-a782140f217c", "title": "TriPay Payment Gateway <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TriPay Payment Gateway", "slug": "tripay-payment-gateway", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/946add6f-4cd5-4c55-9399-a782140f217c?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "946ba166-3309-4e47-8b6b-d3f017bbfcc8": { "id": "946ba166-3309-4e47-8b6b-d3f017bbfcc8", "title": "WP HTML Mail < 2.2.11 - HTML injection", "software": [ { "type": "plugin", "name": "WP Email Template", "slug": "wp-email-template", "affected_versions": { "[*, 2.2.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/946ba166-3309-4e47-8b6b-d3f017bbfcc8?source=api-scan" ], "published": "2019-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "946bff00-32ff-4d9b-93e1-77e6ee4cd987": { "id": "946bff00-32ff-4d9b-93e1-77e6ee4cd987", "title": "BIC Media Widget <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BIC Media Widget", "slug": "bic-media", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/946bff00-32ff-4d9b-93e1-77e6ee4cd987?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "946d5a2c-f20f-483a-8150-0266a631a112": { "id": "946d5a2c-f20f-483a-8150-0266a631a112", "title": "Homepage SlideShow Plugin < 2.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Homepage SlideShow", "slug": "wp-homepage-slideshow", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/946d5a2c-f20f-483a-8150-0266a631a112?source=api-scan" ], "published": "2012-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94712f92-5045-420b-9d6d-59a4c031e998": { "id": "94712f92-5045-420b-9d6d-59a4c031e998", "title": "Google Fonts For WordPress <= 3.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Fonts For WordPress", "slug": "free-google-fonts", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94712f92-5045-420b-9d6d-59a4c031e998?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "947286b0-347f-47ab-885a-7805b50f0be8": { "id": "947286b0-347f-47ab-885a-7805b50f0be8", "title": "WooCommerce - Store Exporter <= 2.7.2 - Reflected Cross-Site Scripting via 'filter'", "software": [ { "type": "plugin", "name": "Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More", "slug": "woocommerce-exporter", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/947286b0-347f-47ab-885a-7805b50f0be8?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94736152-b365-4b3a-a786-ed49f7d0fc7a": { "id": "94736152-b365-4b3a-a786-ed49f7d0fc7a", "title": "MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94750424-bb52-4236-962e-aa8cbdeb1459": { "id": "94750424-bb52-4236-962e-aa8cbdeb1459", "title": "File Manager Pro <= 8.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "File Manager Pro", "slug": "wp-file-manager-pro", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94750424-bb52-4236-962e-aa8cbdeb1459?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "947626b4-c640-4b45-8186-2ed4ff7c2c18": { "id": "947626b4-c640-4b45-8186-2ed4ff7c2c18", "title": "REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "rehub-framework", "slug": "rehub-framework", "affected_versions": { "[*, 19.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "19.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "19.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/947626b4-c640-4b45-8186-2ed4ff7c2c18?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9476b41d-a9a2-46a7-8cf1-62de5d1703b1": { "id": "9476b41d-a9a2-46a7-8cf1-62de5d1703b1", "title": "ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9476b41d-a9a2-46a7-8cf1-62de5d1703b1?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94772de9-6ab8-45ff-8b56-19b50a81b66f": { "id": "94772de9-6ab8-45ff-8b56-19b50a81b66f", "title": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94772de9-6ab8-45ff-8b56-19b50a81b66f?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9479c9ff-6da3-4391-802d-9e3eb14eff77": { "id": "9479c9ff-6da3-4391-802d-9e3eb14eff77", "title": "Anti Hacker <= 4.19 - Missing Authorization to Arbitrary Plugin Install", "software": [ { "type": "plugin", "name": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan", "slug": "antihacker", "affected_versions": { "* - 4.19": { "from_version": "*", "from_inclusive": true, "to_version": "4.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9479c9ff-6da3-4391-802d-9e3eb14eff77?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94868d48-2d36-49f1-9da1-7965ecaeae3c": { "id": "94868d48-2d36-49f1-9da1-7965ecaeae3c", "title": "Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress", "slug": "gallery-plugin", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94868d48-2d36-49f1-9da1-7965ecaeae3c?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9489f066-5898-4908-b3aa-cf856958cb4e": { "id": "9489f066-5898-4908-b3aa-cf856958cb4e", "title": "Pretty Simple Popup Builder <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pretty Simple Popup Builder", "slug": "pretty-simple-popup-builder", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9489f066-5898-4908-b3aa-cf856958cb4e?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "948b9d68-8b31-42a0-bdc5-4a8e4e969ca9": { "id": "948b9d68-8b31-42a0-bdc5-4a8e4e969ca9", "title": "Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change", "software": [ { "type": "plugin", "name": "Intuitive Custom Post Order", "slug": "intuitive-custom-post-order", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/948b9d68-8b31-42a0-bdc5-4a8e4e969ca9?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "948d40f5-2c87-4439-b4ef-3e02c397bf0f": { "id": "948d40f5-2c87-4439-b4ef-3e02c397bf0f", "title": "CP Appointment Calendar <= 1.1.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "CP Appointment Calendar", "slug": "cp-appointment-calendar", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/948d40f5-2c87-4439-b4ef-3e02c397bf0f?source=api-scan" ], "published": "2015-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9495e25d-a5a6-4f25-9363-783626e58a4a": { "id": "9495e25d-a5a6-4f25-9363-783626e58a4a", "title": "Brizy < 1.0.126 - Authorization Bypass to Settings Updates", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "[*, 1.0.126)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.126", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.126" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9495e25d-a5a6-4f25-9363-783626e58a4a?source=api-scan" ], "published": "2020-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "949effee-d99c-4965-9d89-3309d4df66cd": { "id": "949effee-d99c-4965-9d89-3309d4df66cd", "title": "AnyVar <= 0.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordpress plugin AnyVar", "slug": "anyvar", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/949effee-d99c-4965-9d89-3309d4df66cd?source=api-scan" ], "published": "2017-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94a18ddb-fa30-4a0f-9ce7-390dc1cee8a8": { "id": "94a18ddb-fa30-4a0f-9ce7-390dc1cee8a8", "title": "Pray For Me <= 1.0.4 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Pray For Me", "slug": "pray-for-me", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94a18ddb-fa30-4a0f-9ce7-390dc1cee8a8?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94a4123b-c21b-4f3e-b1cc-96c8f07c3fc6": { "id": "94a4123b-c21b-4f3e-b1cc-96c8f07c3fc6", "title": "FormFacade <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "FormFacade \u2013 WordPress plugin for Google Forms", "slug": "formfacade", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94a4123b-c21b-4f3e-b1cc-96c8f07c3fc6?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94a9ef6b-57f9-4e3b-a048-27538bbecf2f": { "id": "94a9ef6b-57f9-4e3b-a048-27538bbecf2f", "title": "MyBookTable Bookstore by Stormhill Media <= 2.1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MyBookTable Bookstore by Stormhill Media", "slug": "mybooktable", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94a9ef6b-57f9-4e3b-a048-27538bbecf2f?source=api-scan" ], "published": "2015-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94ab250a-387c-431e-9b75-16ede94bf0ef": { "id": "94ab250a-387c-431e-9b75-16ede94bf0ef", "title": "Panda Video <= 1.4.0 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Panda Video", "slug": "pandavideo", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94ab250a-387c-431e-9b75-16ede94bf0ef?source=api-scan" ], "published": "2024-07-08 20:01:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94abb34a-4451-4f41-ba23-d2a723e5a2e7": { "id": "94abb34a-4451-4f41-ba23-d2a723e5a2e7", "title": "ShopEngine <= 4.1.1 - Cross-Site Request Forgery via get_product", "software": [ { "type": "plugin", "name": "ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One WooCommerce Solution", "slug": "shopengine", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94abb34a-4451-4f41-ba23-d2a723e5a2e7?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94ad6b51-ff8d-48d5-9a70-1781d13990a5": { "id": "94ad6b51-ff8d-48d5-9a70-1781d13990a5", "title": "WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94ad6b51-ff8d-48d5-9a70-1781d13990a5?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94ae2c4e-7281-4993-967b-6321e6279c47": { "id": "94ae2c4e-7281-4993-967b-6321e6279c47", "title": "Fusion <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fusion Page Builder", "slug": "fusion", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94ae2c4e-7281-4993-967b-6321e6279c47?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94afe3e2-a1f1-470b-afaf-c7926beaec9a": { "id": "94afe3e2-a1f1-470b-afaf-c7926beaec9a", "title": "Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 7.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94afe3e2-a1f1-470b-afaf-c7926beaec9a?source=api-scan" ], "published": "2024-07-31 18:01:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94b89921-96a3-449a-998f-74cde4570468": { "id": "94b89921-96a3-449a-998f-74cde4570468", "title": "Easy Affiliate Links <= 3.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Affiliate Links", "slug": "easy-affiliate-links", "affected_versions": { "* - 3.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94b89921-96a3-449a-998f-74cde4570468?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94b98842-8c75-4623-8cc9-ad3dc0916a18": { "id": "94b98842-8c75-4623-8cc9-ad3dc0916a18", "title": "Modern Footnotes <= 1.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Footnotes", "slug": "modern-footnotes", "affected_versions": { "* - 1.4.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94b98842-8c75-4623-8cc9-ad3dc0916a18?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94bd2229-0dfa-4f8b-9aa8-e2ee1bb7bc27": { "id": "94bd2229-0dfa-4f8b-9aa8-e2ee1bb7bc27", "title": "No Future Posts <= 1.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "No Future Posts", "slug": "no-future-posts", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94bd2229-0dfa-4f8b-9aa8-e2ee1bb7bc27?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94c2dab9-40b3-4863-a5f3-fcaba10d2e20": { "id": "94c2dab9-40b3-4863-a5f3-fcaba10d2e20", "title": "CDI \u2013 Collect and Deliver Interface for Woocommerce <= 5.1.9 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CDI \u2013 Collect and Deliver Interface for Woocommerce", "slug": "collect-and-deliver-interface-for-woocommerce", "affected_versions": { "* - 5.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94c2dab9-40b3-4863-a5f3-fcaba10d2e20?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94c8979a-db2e-490f-b055-cdf19a48cf73": { "id": "94c8979a-db2e-490f-b055-cdf19a48cf73", "title": "Defender Security <= 4.1.0 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Defender Security \u2013 Malware Scanner, Login Security & Firewall", "slug": "defender-security", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94c8979a-db2e-490f-b055-cdf19a48cf73?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94c98edf-6f4a-4c23-afa7-d5caaa22397f": { "id": "94c98edf-6f4a-4c23-afa7-d5caaa22397f", "title": "Youzify <= 1.2.2 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94c98edf-6f4a-4c23-afa7-d5caaa22397f?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94cbd525-de3b-448a-b65b-21c63208b8b8": { "id": "94cbd525-de3b-448a-b65b-21c63208b8b8", "title": "Business Manager <= 1.4.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress ERP, HR, CRM, and Project Management Plugin \u2013 Business Manager", "slug": "business-manager", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94cbd525-de3b-448a-b65b-21c63208b8b8?source=api-scan" ], "published": "2021-10-14 13:46:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94d2eaed-048b-40b6-9880-fa32fbb66f92": { "id": "94d2eaed-048b-40b6-9880-fa32fbb66f92", "title": "Events Manager <= 5.9.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 5.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94d2eaed-048b-40b6-9880-fa32fbb66f92?source=api-scan" ], "published": "2018-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94d522bc-9808-435d-804d-e979a6c8be66": { "id": "94d522bc-9808-435d-804d-e979a6c8be66", "title": "Broken Link Checker <= 1.10.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "[*, 1.10.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94d522bc-9808-435d-804d-e979a6c8be66?source=api-scan" ], "published": "2015-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94d60fcb-a542-41a9-b6ac-6ac2607068aa": { "id": "94d60fcb-a542-41a9-b6ac-6ac2607068aa", "title": "Cost Calculator Builder <= 3.1.42 - Improper Authorization", "software": [ { "type": "plugin", "name": "Cost Calculator Builder", "slug": "cost-calculator-builder", "affected_versions": { "[*, 3.1.43)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.43", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94d60fcb-a542-41a9-b6ac-6ac2607068aa?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94d682bb-ed94-40fc-98b4-2f404d6cd8ea": { "id": "94d682bb-ed94-40fc-98b4-2f404d6cd8ea", "title": "WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 6.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94d682bb-ed94-40fc-98b4-2f404d6cd8ea?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94d8211d-4027-4335-8c06-d8080231e511": { "id": "94d8211d-4027-4335-8c06-d8080231e511", "title": "WPHRM - Human Resource Management System < 1.1 - SQL Injection", "software": [ { "type": "theme", "name": "WPHRM \u2013 Human Resource Management System for Wordpress | WordPress", "slug": "wphrm", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94d8211d-4027-4335-8c06-d8080231e511?source=api-scan" ], "published": "2017-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94dbf144-4a8f-4d9a-ad32-703a91823acb": { "id": "94dbf144-4a8f-4d9a-ad32-703a91823acb", "title": "Limit Login Attempts Plus <= 1.0.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limit Login Attempts Plus \u2013 WordPress Limit Login Attempts By Felix", "slug": "limit-login-attempts-plus", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94dbf144-4a8f-4d9a-ad32-703a91823acb?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94dc8fc6-8212-4f83-a844-f08174531d3b": { "id": "94dc8fc6-8212-4f83-a844-f08174531d3b", "title": "Simple Login Registration <= 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-simple-login-registration-plugin", "slug": "wp-simple-login-registration-plugin", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94dc8fc6-8212-4f83-a844-f08174531d3b?source=api-scan" ], "published": "2013-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94dd90ef-d801-4fd6-ade7-e1e7ad2e5fec": { "id": "94dd90ef-d801-4fd6-ade7-e1e7ad2e5fec", "title": "Elegant Grunge <= 1.0.3 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Elegant Grunge", "slug": "elegant-grunge", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94dd90ef-d801-4fd6-ade7-e1e7ad2e5fec?source=api-scan" ], "published": "2011-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94df820c-cafb-4a43-ace1-ec396b1ae6c5": { "id": "94df820c-cafb-4a43-ace1-ec396b1ae6c5", "title": "Cache Images <= 3.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Cache Images", "slug": "cache-images", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94df820c-cafb-4a43-ace1-ec396b1ae6c5?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94e859ea-3f90-49d1-9e66-fe3ab749c872": { "id": "94e859ea-3f90-49d1-9e66-fe3ab749c872", "title": "Language Switcher for Transposh <= 1.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Language Switcher for Transposh", "slug": "language-switcher-for-transposh", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94e859ea-3f90-49d1-9e66-fe3ab749c872?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94e9a982-a46d-4dda-9145-e7f74cf09820": { "id": "94e9a982-a46d-4dda-9145-e7f74cf09820", "title": "WP-Filebase <= 3.4.23 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Filebase", "slug": "wp-filebase", "affected_versions": { "* - 3.4.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94e9a982-a46d-4dda-9145-e7f74cf09820?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94ed918c-8f6f-4e1f-ab1d-e16632831951": { "id": "94ed918c-8f6f-4e1f-ab1d-e16632831951", "title": "ShortPixel Adaptive Images <= 3.7.1 - Cross-Site Request Forgery via shortpixel_ai_handle_page_action", "software": [ { "type": "plugin", "name": "ShortPixel Adaptive Images \u2013 WebP, AVIF, CDN, Image Optimization", "slug": "shortpixel-adaptive-images", "affected_versions": { "[*, 3.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94ed918c-8f6f-4e1f-ab1d-e16632831951?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94f0041d-eed6-4980-a7b8-f7410ca68e67": { "id": "94f0041d-eed6-4980-a7b8-f7410ca68e67", "title": "Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "Easy WP SMTP \u2013 WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more", "slug": "easy-wp-smtp", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94f0041d-eed6-4980-a7b8-f7410ca68e67?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94f03821-eb33-4eb6-b7ff-b32a74facdd2": { "id": "94f03821-eb33-4eb6-b7ff-b32a74facdd2", "title": "Weekly Schedule <= 3.4.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Weekly Schedule", "slug": "weekly-schedule", "affected_versions": { "[*, 3.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94f03821-eb33-4eb6-b7ff-b32a74facdd2?source=api-scan" ], "published": "2021-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94f118c3-d470-43c4-a61a-1ec998694880": { "id": "94f118c3-d470-43c4-a61a-1ec998694880", "title": "GEO my WordPress <= 4.0.2 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "GEO my WP", "slug": "geo-my-wp", "affected_versions": { "[*, 4.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94f118c3-d470-43c4-a61a-1ec998694880?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94f19f56-0667-443e-8545-a17fbe9c3ddb": { "id": "94f19f56-0667-443e-8545-a17fbe9c3ddb", "title": "Accordion Slider <= 1.9.11 - Authenticted (Contributor+) Stored Cross-Site Scripting via HTML Attribute", "software": [ { "type": "plugin", "name": "Accordion Slider", "slug": "accordion-slider", "affected_versions": { "* - 1.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94f19f56-0667-443e-8545-a17fbe9c3ddb?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94f338c2-95c9-4ce8-8579-0b2b66547aa0": { "id": "94f338c2-95c9-4ce8-8579-0b2b66547aa0", "title": "OneClick Chat to Order <= 1.0.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OneClick Chat to Order", "slug": "oneclick-whatsapp-order", "affected_versions": { "* - 1.0.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94f338c2-95c9-4ce8-8579-0b2b66547aa0?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94f3b21d-1910-46e9-af89-4602099f207c": { "id": "94f3b21d-1910-46e9-af89-4602099f207c", "title": "Academy LMS <= 1.9.25 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution", "slug": "academy", "affected_versions": { "* - 1.9.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94f3b21d-1910-46e9-af89-4602099f207c?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94f7f2d2-e90b-4978-bab8-eee160949567": { "id": "94f7f2d2-e90b-4978-bab8-eee160949567", "title": "MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "MainWP UpdraftPlus Extension", "slug": "mainwp-updraftplus-extension", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94f7f2d2-e90b-4978-bab8-eee160949567?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94f803f4-0a06-4b77-9483-5c63f6dfd2f0": { "id": "94f803f4-0a06-4b77-9483-5c63f6dfd2f0", "title": "WP Google Map Plugin <= 3.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94f803f4-0a06-4b77-9483-5c63f6dfd2f0?source=api-scan" ], "published": "2016-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "94fdc98a-c8be-47b4-a0a2-02d7373ab85e": { "id": "94fdc98a-c8be-47b4-a0a2-02d7373ab85e", "title": "Talkback <= 1.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Talkback", "slug": "talkback-secure-linkback-protocol", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/94fdc98a-c8be-47b4-a0a2-02d7373ab85e?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "950a7cc8-c057-41ba-ae2c-e6393cd5a01b": { "id": "950a7cc8-c057-41ba-ae2c-e6393cd5a01b", "title": "Barcode Scanner with Inventory & Order Manager <= 1.6.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/950a7cc8-c057-41ba-ae2c-e6393cd5a01b?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "950d71ae-29a1-4b71-b74a-b1a5c9f3326e": { "id": "950d71ae-29a1-4b71-b74a-b1a5c9f3326e", "title": "Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real Media Library: Media Library Folder & File Manager", "slug": "real-media-library-lite", "affected_versions": { "* - 4.18.28": { "from_version": "*", "from_inclusive": true, "to_version": "4.18.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.18.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/950d71ae-29a1-4b71-b74a-b1a5c9f3326e?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "950e9042-1364-4200-8f57-171346075764": { "id": "950e9042-1364-4200-8f57-171346075764", "title": "Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/950e9042-1364-4200-8f57-171346075764?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9511d8f1-ab96-4695-aa8c-16a3482a6de4": { "id": "9511d8f1-ab96-4695-aa8c-16a3482a6de4", "title": "Affiliate Links Lite <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Affiliate Links: WordPress Plugin for Link Cloaking and Link Management", "slug": "affiliate-links", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9511d8f1-ab96-4695-aa8c-16a3482a6de4?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9516e64c-1959-4980-9a96-c6f5f1baa6f6": { "id": "9516e64c-1959-4980-9a96-c6f5f1baa6f6", "title": "EventPrime <= 3.3.4 - Missing Authorization to Booking Price Maniputlation", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9516e64c-1959-4980-9a96-c6f5f1baa6f6?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9517db1f-1704-4f25-9b02-795da3c4c067": { "id": "9517db1f-1704-4f25-9b02-795da3c4c067", "title": "Rescue Shortcodes <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Rescue Shortcodes", "slug": "rescue-shortcodes", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9517db1f-1704-4f25-9b02-795da3c4c067?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "951b2a15-04c1-4c5b-9cef-146628079c36": { "id": "951b2a15-04c1-4c5b-9cef-146628079c36", "title": "Post Pay Counter < 2.731 - Arbitrary Settings Change", "software": [ { "type": "plugin", "name": "Post Pay Counter", "slug": "post-pay-counter", "affected_versions": { "[*, 2.731)": { "from_version": "*", "from_inclusive": true, "to_version": "2.731", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.731" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/951b2a15-04c1-4c5b-9cef-146628079c36?source=api-scan" ], "published": "2017-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "951b8cbd-0509-4548-ae69-6cfd67e83b1a": { "id": "951b8cbd-0509-4548-ae69-6cfd67e83b1a", "title": "External Links in New Window \/ New Tab <= 1.42 - Tabnabbing", "software": [ { "type": "plugin", "name": "External Links in New Window \/ New Tab", "slug": "open-external-links-in-a-new-window", "affected_versions": { "* - 1.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/951b8cbd-0509-4548-ae69-6cfd67e83b1a?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "951e3497-8fbc-4cc9-a784-edf7bb679175": { "id": "951e3497-8fbc-4cc9-a784-edf7bb679175", "title": "Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "[*, 6.6.19)": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/951e3497-8fbc-4cc9-a784-edf7bb679175?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "951e4651-56d6-474d-84b3-5a7cfc357b9f": { "id": "951e4651-56d6-474d-84b3-5a7cfc357b9f", "title": "Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox", "software": [ { "type": "plugin", "name": "Gallery Metabox", "slug": "gallery-metabox", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/951e4651-56d6-474d-84b3-5a7cfc357b9f?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95210ed8-4606-44fa-b823-b33e1d4a4ce0": { "id": "95210ed8-4606-44fa-b823-b33e1d4a4ce0", "title": "Leyka <= 3.30.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "[*, 3.30.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.30.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.30.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95210ed8-4606-44fa-b823-b33e1d4a4ce0?source=api-scan" ], "published": "2023-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9521ad5b-83c3-487e-a69e-ca057777bc9e": { "id": "9521ad5b-83c3-487e-a69e-ca057777bc9e", "title": "Order auto complete for WooCommerce <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Order auto complete for WooCommerce", "slug": "order-auto-complete-for-woocommerce", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9521ad5b-83c3-487e-a69e-ca057777bc9e?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95247ff5-0277-4270-a1ea-221ea2ecee0c": { "id": "95247ff5-0277-4270-a1ea-221ea2ecee0c", "title": "Login with phone number <= 1.7.16 - Unauthorized Account Password Change to Privilege Escalation", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.7.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95247ff5-0277-4270-a1ea-221ea2ecee0c?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95265186-ff13-464b-adb9-3cf1753487d5": { "id": "95265186-ff13-464b-adb9-3cf1753487d5", "title": "Alpine PhotoTile for Instagram < 1.2.7.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alpine Photo Tile for Instagram", "slug": "alpine-photo-tile-for-instagram", "affected_versions": { "[*, 1.2.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95265186-ff13-464b-adb9-3cf1753487d5?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95269053-59fa-4396-bd2b-c8c4f9c05595": { "id": "95269053-59fa-4396-bd2b-c8c4f9c05595", "title": "NewStatPress <= 0.9.8 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "* - 0.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95269053-59fa-4396-bd2b-c8c4f9c05595?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9528d0d8-9f56-43e4-9b86-92e54ea38013": { "id": "9528d0d8-9f56-43e4-9b86-92e54ea38013", "title": "Coachify <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Coachify", "slug": "coachify", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9528d0d8-9f56-43e4-9b86-92e54ea38013?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "952a3e52-4e23-4bc4-92d3-e15ae2f3d28b": { "id": "952a3e52-4e23-4bc4-92d3-e15ae2f3d28b", "title": "Ninja Forms <= 3.6.25 - Denial of Service via Large Form Submissions", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/952a3e52-4e23-4bc4-92d3-e15ae2f3d28b?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "952a61e8-4be1-4974-9076-4493708bf51e": { "id": "952a61e8-4be1-4974-9076-4493708bf51e", "title": "Bit Form \u2013 Contact Form Plugin <= 2.13.10 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "* - 2.13.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/952a61e8-4be1-4974-9076-4493708bf51e?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "952aec28-a380-4c6d-8391-b21cddf90a5c": { "id": "952aec28-a380-4c6d-8391-b21cddf90a5c", "title": "Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Real Estate 7 WordPress", "slug": "realestate-7", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/952aec28-a380-4c6d-8391-b21cddf90a5c?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "952e299a-5cec-444b-8359-3e7d8dec3ccb": { "id": "952e299a-5cec-444b-8359-3e7d8dec3ccb", "title": "Event Registration <= 6.02.02 - SQL Injection", "software": [ { "type": "plugin", "name": "Event Registration", "slug": "event-registration", "affected_versions": { "* - 6.02.02": { "from_version": "*", "from_inclusive": true, "to_version": "6.02.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.03.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/952e299a-5cec-444b-8359-3e7d8dec3ccb?source=api-scan" ], "published": "2016-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "953be831-d688-4ae1-b8c1-d863eded945b": { "id": "953be831-d688-4ae1-b8c1-d863eded945b", "title": "Contact Form 7 <= 5.9.4 - Unauthenticated Open Redirect", "software": [ { "type": "plugin", "name": "Contact Form 7", "slug": "contact-form-7", "affected_versions": { "* - 5.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/953be831-d688-4ae1-b8c1-d863eded945b?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "953d64f2-a514-48e9-9ab3-f9a793ad953a": { "id": "953d64f2-a514-48e9-9ab3-f9a793ad953a", "title": "Curator.io: Show all your social media posts in a beautiful feed. <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via feed_id Attribute", "software": [ { "type": "plugin", "name": "Curator.io", "slug": "curatorio", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/953d64f2-a514-48e9-9ab3-f9a793ad953a?source=api-scan" ], "published": "2024-10-09 13:30:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "953e10a1-df11-40d3-869c-2974a344630e": { "id": "953e10a1-df11-40d3-869c-2974a344630e", "title": "Advanced AJAX Page Loader < 2.7.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Advanced AJAX Page Loader", "slug": "advanced-ajax-page-loader", "affected_versions": { "[*, 2.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/953e10a1-df11-40d3-869c-2974a344630e?source=api-scan" ], "published": "2016-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "953f4838-d0d5-4546-ac97-c1b442236c5d": { "id": "953f4838-d0d5-4546-ac97-c1b442236c5d", "title": "Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page", "software": [ { "type": "plugin", "name": "Frontpage Manager", "slug": "frontpage-manager", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/953f4838-d0d5-4546-ac97-c1b442236c5d?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9545cff3-fa65-4f2e-8a9f-98d884e5608f": { "id": "9545cff3-fa65-4f2e-8a9f-98d884e5608f", "title": "ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9545cff3-fa65-4f2e-8a9f-98d884e5608f?source=api-scan" ], "published": "2019-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "954b8064-f317-4af4-a55f-9a61ee945006": { "id": "954b8064-f317-4af4-a55f-9a61ee945006", "title": "WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution via Block Editor", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.37": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.37", "to_inclusive": true }, "3.8 - 3.8.37": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.37", "to_inclusive": true }, "3.9 - 3.9.35": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.35", "to_inclusive": true }, "4.0 - 4.0.34": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.34", "to_inclusive": true }, "4.1 - 4.1.34": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.34", "to_inclusive": true }, "4.2 - 4.2.31": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.31", "to_inclusive": true }, "4.3 - 4.3.27": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.27", "to_inclusive": true }, "4.4 - 4.4.26": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.26", "to_inclusive": true }, "4.5 - 4.5.25": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.25", "to_inclusive": true }, "4.6 - 4.6.22": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.22", "to_inclusive": true }, "4.7 - 4.7.22": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.22", "to_inclusive": true }, "4.8 - 4.8.18": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.18", "to_inclusive": true }, "4.9 - 4.9.19": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.19", "to_inclusive": true }, "5.0 - 5.0.15": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.15", "to_inclusive": true }, "5.1 - 5.1.12": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.12", "to_inclusive": true }, "5.2 - 5.2.14": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.14", "to_inclusive": true }, "5.3 - 5.3.11": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.11", "to_inclusive": true }, "5.4 - 5.4.9": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": true }, "5.5 - 5.5.8": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.8", "to_inclusive": true }, "5.6 - 5.6.7": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.7", "to_inclusive": true }, "5.7 - 5.7.5": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": true }, "5.8 - 5.8.3": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": true }, "5.9 - 5.9.1": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.38", "3.8.38", "3.9.36", "4.0.35", "4.1.35", "4.2.32", "4.3.28", "4.4.27", "4.5.26", "4.6.23", "4.7.23", "4.8.19", "4.9.20", "5.0.16", "5.1.13", "5.2.15", "5.3.12", "5.4.10", "5.5.9", "5.6.8", "5.7.6", "5.8.4", "5.9.2" ] }, { "type": "plugin", "name": "Gutenberg", "slug": "gutenberg", "affected_versions": { "[*, 12.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "12.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "12.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/954b8064-f317-4af4-a55f-9a61ee945006?source=api-scan" ], "published": "2022-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "954e7509-3ebf-429a-8c65-9825ea190d53": { "id": "954e7509-3ebf-429a-8c65-9825ea190d53", "title": "FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 4.3.25": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/954e7509-3ebf-429a-8c65-9825ea190d53?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "954ef157-ecd1-42bd-b288-d5866b9c11f0": { "id": "954ef157-ecd1-42bd-b288-d5866b9c11f0", "title": "Shortcut Macros <= 1.3 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Shortcut Macros", "slug": "shortcut-macros", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/954ef157-ecd1-42bd-b288-d5866b9c11f0?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9555c48f-5ce3-4c0c-88f3-83776b42b808": { "id": "9555c48f-5ce3-4c0c-88f3-83776b42b808", "title": "WP Statistics <= 13.1.5 - Unauthenticated Blind SQL Injection via IP", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9555c48f-5ce3-4c0c-88f3-83776b42b808?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95624a3b-70cc-4815-a604-c6b19fc84e93": { "id": "95624a3b-70cc-4815-a604-c6b19fc84e93", "title": "Avada <= 5.1.4 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "[*, 5.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95624a3b-70cc-4815-a604-c6b19fc84e93?source=api-scan" ], "published": "2017-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95631d97-14c9-45f2-b709-3eca7c38f09d": { "id": "95631d97-14c9-45f2-b709-3eca7c38f09d", "title": "Justified Gallery <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Justified Gallery", "slug": "justified-gallery", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95631d97-14c9-45f2-b709-3eca7c38f09d?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9567f199-7c31-4df3-aa2c-911780b2497a": { "id": "9567f199-7c31-4df3-aa2c-911780b2497a", "title": "Portfolio and Projects <= 1.3.7 - Cross-Site Request Forgery via 'wpos_anylc_admin_init_process'", "software": [ { "type": "plugin", "name": "Portfolio and Projects", "slug": "portfolio-and-projects", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9567f199-7c31-4df3-aa2c-911780b2497a?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95691873-a16a-4e41-9456-41fa07efd6ce": { "id": "95691873-a16a-4e41-9456-41fa07efd6ce", "title": "Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Daily Prayer Time", "slug": "daily-prayer-time-for-mosques", "affected_versions": { "* - 2023.03.20": { "from_version": "*", "from_inclusive": true, "to_version": "2023.03.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2023.05.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95691873-a16a-4e41-9456-41fa07efd6ce?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "956984d4-4f8b-4e20-8002-4e9809b3872c": { "id": "956984d4-4f8b-4e20-8002-4e9809b3872c", "title": "Page Restrict <= 2.5.5 - Cross-Site Request Forgery via pr_admin_page", "software": [ { "type": "plugin", "name": "Page Restrict", "slug": "pagerestrict", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/956984d4-4f8b-4e20-8002-4e9809b3872c?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95723482-a6c5-4e95-a88d-c50a88108715": { "id": "95723482-a6c5-4e95-a88d-c50a88108715", "title": "HT Feed <= 1.2.7 - Cross-Site Request Forgery leading to Limited Plugin Activation", "software": [ { "type": "plugin", "name": "HT Feed", "slug": "ht-instagram", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95723482-a6c5-4e95-a88d-c50a88108715?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9576408b-d048-4e36-bc1a-c01c9f586365": { "id": "9576408b-d048-4e36-bc1a-c01c9f586365", "title": "MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10.1 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar", "slug": "mp3-music-player-by-sonaar", "affected_versions": { "* - 4.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9576408b-d048-4e36-bc1a-c01c9f586365?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "958118ec-437e-45c8-a0f0-6aaf54e60d04": { "id": "958118ec-437e-45c8-a0f0-6aaf54e60d04", "title": "RabbitLoader <= 2.19.13 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "RabbitLoader \u2013 Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more", "slug": "rabbit-loader", "affected_versions": { "* - 2.19.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.19.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.19.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/958118ec-437e-45c8-a0f0-6aaf54e60d04?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9589d44b-55c3-45b4-84bb-c86143de3f95": { "id": "9589d44b-55c3-45b4-84bb-c86143de3f95", "title": "WP Content Copy Protection & No Right Click <= 3.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Content Copy Protection & No Right Click", "slug": "wp-content-copy-protector", "affected_versions": { "* - 3.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9589d44b-55c3-45b4-84bb-c86143de3f95?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9595fa45-6b00-4ee0-89aa-a236dbf82423": { "id": "9595fa45-6b00-4ee0-89aa-a236dbf82423", "title": "WordPress Infinite Scroll - Ajax Load More <= 5.6.0.2 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 5.6.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9595fa45-6b00-4ee0-89aa-a236dbf82423?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9596c243-4099-420a-aa2a-381b6299f927": { "id": "9596c243-4099-420a-aa2a-381b6299f927", "title": "Contact Form Email <= 1.3.31 - Missing Authorization to Feedback Submission", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.3.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9596c243-4099-420a-aa2a-381b6299f927?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "959846a3-0e57-4227-a52b-942b589596f0": { "id": "959846a3-0e57-4227-a52b-942b589596f0", "title": "Broadcast Live Video \u2013 Live Streaming < 4.29.5 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP", "slug": "videowhisper-live-streaming-integration", "affected_versions": { "[*, 4.29.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.29.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.29.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/959846a3-0e57-4227-a52b-942b589596f0?source=api-scan" ], "published": "2014-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95986a4d-94fb-4afe-ba1e-382d6f4c550f": { "id": "95986a4d-94fb-4afe-ba1e-382d6f4c550f", "title": "WP Inventory Manager <= 2.1.0.13 - Cross-Site Request Forgery via delete_item", "software": [ { "type": "plugin", "name": "WP Inventory Manager", "slug": "wp-inventory-manager", "affected_versions": { "* - 2.1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95986a4d-94fb-4afe-ba1e-382d6f4c550f?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "959ce050-bafc-4d17-93bd-a9b09b4b4baa": { "id": "959ce050-bafc-4d17-93bd-a9b09b4b4baa", "title": "Tutor LMS Elementor Addons <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS Elementor Addons", "slug": "tutor-lms-elementor-addons", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/959ce050-bafc-4d17-93bd-a9b09b4b4baa?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "959ece75-b7a6-4729-abe8-1df9398d95f4": { "id": "959ece75-b7a6-4729-abe8-1df9398d95f4", "title": "Social Hashtags <= 3.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Hashtags", "slug": "social-hashtags", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/959ece75-b7a6-4729-abe8-1df9398d95f4?source=api-scan" ], "published": "2012-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "959f7e13-ef58-4b02-a721-7bb10373aaaa": { "id": "959f7e13-ef58-4b02-a721-7bb10373aaaa", "title": "Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Wholesale Market for WooCommerce", "slug": "wholesale-market-for-woocommerce", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/959f7e13-ef58-4b02-a721-7bb10373aaaa?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95a68ae0-36da-499b-a09d-4c91db8aa338": { "id": "95a68ae0-36da-499b-a09d-4c91db8aa338", "title": "Canto <= 3.0.8 - Unauthenticated Remote File Inclusion", "software": [ { "type": "plugin", "name": "Canto", "slug": "canto", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95a68ae0-36da-499b-a09d-4c91db8aa338?source=api-scan" ], "published": "2024-06-13 15:59:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95abec2d-a03a-4b07-8890-18568650c41f": { "id": "95abec2d-a03a-4b07-8890-18568650c41f", "title": "Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post", "software": [ { "type": "plugin", "name": "Gift Up Gift Cards for WordPress and WooCommerce", "slug": "gift-up", "affected_versions": { "* - 2.21.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.21.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95abec2d-a03a-4b07-8890-18568650c41f?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95acec2a-ba1b-4b61-a4d6-3b0250a32835": { "id": "95acec2a-ba1b-4b61-a4d6-3b0250a32835", "title": "Cookie Notice & Compliance for GDPR \/ CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_policy_link' Shortcodes", "software": [ { "type": "plugin", "name": "Cookie Notice & Compliance for GDPR \/ CCPA", "slug": "cookie-notice", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95acec2a-ba1b-4b61-a4d6-3b0250a32835?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95ad0139-eb12-4c02-95fb-cd19b6a6ab02": { "id": "95ad0139-eb12-4c02-95fb-cd19b6a6ab02", "title": "Health Check & Troubleshooting <= 1.2.3 - Path Traversal", "software": [ { "type": "plugin", "name": "Health Check & Troubleshooting", "slug": "health-check", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95ad0139-eb12-4c02-95fb-cd19b6a6ab02?source=api-scan" ], "published": "2019-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95ba48b9-4a9c-47df-b05e-e670ae547810": { "id": "95ba48b9-4a9c-47df-b05e-e670ae547810", "title": "Social Media Share Buttons <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "MashShare \u2013 Social Media Share Buttons, Social Share Icons", "slug": "mashsharer", "affected_versions": { "* - 3.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95ba48b9-4a9c-47df-b05e-e670ae547810?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95bae3f2-313b-4b6c-a81c-8af6f169151b": { "id": "95bae3f2-313b-4b6c-a81c-8af6f169151b", "title": "Woody code snippets <= 2.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads", "slug": "insert-php", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95bae3f2-313b-4b6c-a81c-8af6f169151b?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95c2038f-c4f9-472a-92ab-59ee395bda3d": { "id": "95c2038f-c4f9-472a-92ab-59ee395bda3d", "title": "Simple Membership < 3.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "[*, 3.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95c2038f-c4f9-472a-92ab-59ee395bda3d?source=api-scan" ], "published": "2016-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95c262b6-4f63-4f81-bc73-b2b3fa586a21": { "id": "95c262b6-4f63-4f81-bc73-b2b3fa586a21", "title": "Slideshow SE <= 2.5.20 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow SE", "slug": "slideshow-se", "affected_versions": { "* - 2.5.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95c262b6-4f63-4f81-bc73-b2b3fa586a21?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95c47c7b-df83-43ee-9091-136b6622e88c": { "id": "95c47c7b-df83-43ee-9091-136b6622e88c", "title": "WP Chinese Conversion <= 1.1.16 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Chinese Conversion", "slug": "wp-chinese-conversion", "affected_versions": { "* - 1.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95c47c7b-df83-43ee-9091-136b6622e88c?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95c59e71-b755-4b39-bd5f-b2b2ac99f934": { "id": "95c59e71-b755-4b39-bd5f-b2b2ac99f934", "title": "All In One WP Security & Firewall <= 4.1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 4.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95c59e71-b755-4b39-bd5f-b2b2ac99f934?source=api-scan" ], "published": "2016-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95c5a219-0b04-424c-a3dd-d705b1b41ddc": { "id": "95c5a219-0b04-424c-a3dd-d705b1b41ddc", "title": "Short URL <= 1.6.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Short URL", "slug": "shorten-url", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95c5a219-0b04-424c-a3dd-d705b1b41ddc?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95ca322f-3965-4635-8cbd-8764205d7928": { "id": "95ca322f-3965-4635-8cbd-8764205d7928", "title": "Fota WP <= 1.4.1 - Missing Authorization via fotawp_install_and_activate_plugins()", "software": [ { "type": "theme", "name": "FotaWP", "slug": "fotawp", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95ca322f-3965-4635-8cbd-8764205d7928?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95cd2bae-4ab7-4a0c-bb71-c17b119eaaa9": { "id": "95cd2bae-4ab7-4a0c-bb71-c17b119eaaa9", "title": "All-in-One WP Migration <= 2.0.4 - Missing Authorization to Database Export", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95cd2bae-4ab7-4a0c-bb71-c17b119eaaa9?source=api-scan" ], "published": "2015-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95ce515a-377c-49b4-8d1b-7ac22769c759": { "id": "95ce515a-377c-49b4-8d1b-7ac22769c759", "title": "Interactive Geo Maps <= 1.5.9 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MapGeo \u2013 Interactive Geo Maps", "slug": "interactive-geo-maps", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95ce515a-377c-49b4-8d1b-7ac22769c759?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95d4fbf6-e21a-48db-bfb3-32fc9116afa0": { "id": "95d4fbf6-e21a-48db-bfb3-32fc9116afa0", "title": "Parcel Pro <= 1.6.11 - Open Redirect via 'redirect'", "software": [ { "type": "plugin", "name": "Parcel Pro", "slug": "woo-parcel-pro", "affected_versions": { "* - 1.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95d4fbf6-e21a-48db-bfb3-32fc9116afa0?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95d61096-8e44-4b70-a409-c02cb3d1e32c": { "id": "95d61096-8e44-4b70-a409-c02cb3d1e32c", "title": "Shortcodes and extra features for Phlox theme <= 2.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95d61096-8e44-4b70-a409-c02cb3d1e32c?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95dc0d79-b65a-4bfb-89c0-569bf26232df": { "id": "95dc0d79-b65a-4bfb-89c0-569bf26232df", "title": "Newsletter <= 6.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "[*, 6.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95dc0d79-b65a-4bfb-89c0-569bf26232df?source=api-scan" ], "published": "2020-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95ded4bf-9964-4bb3-b6e5-5ad37360f87d": { "id": "95ded4bf-9964-4bb3-b6e5-5ad37360f87d", "title": "Events Manager <= 6.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 6.4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95ded4bf-9964-4bb3-b6e5-5ad37360f87d?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95f1b5ca-5110-407a-8fbb-375ac445294b": { "id": "95f1b5ca-5110-407a-8fbb-375ac445294b", "title": "Social Media & Share Icons <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95f1b5ca-5110-407a-8fbb-375ac445294b?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95f1e3eb-da87-417e-8e8c-e5035e072950": { "id": "95f1e3eb-da87-417e-8e8c-e5035e072950", "title": "Qwizcards <= 3.61 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Qwizcards | online quizzes and flashcards", "slug": "qwiz-online-quizzes-and-flashcards", "affected_versions": { "* - 3.61": { "from_version": "*", "from_inclusive": true, "to_version": "3.61", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95f1e3eb-da87-417e-8e8c-e5035e072950?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95f5b4df-5214-4f36-8dd5-a1a816fbc3db": { "id": "95f5b4df-5214-4f36-8dd5-a1a816fbc3db", "title": "Perfmatters <= 2.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Perfmatters", "slug": "perfmatters", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95f5b4df-5214-4f36-8dd5-a1a816fbc3db?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95f9066c-e0dd-4909-a57b-c52070b135d1": { "id": "95f9066c-e0dd-4909-a57b-c52070b135d1", "title": "AP Pricing Tables Lite <= 1.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pricing Table Builder \u2013 AP Pricing Tables Lite", "slug": "ap-pricing-tables-lite", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95f9066c-e0dd-4909-a57b-c52070b135d1?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95ff5150-ff45-48f8-bd39-0df79838942e": { "id": "95ff5150-ff45-48f8-bd39-0df79838942e", "title": "BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg <= 3.3.3 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg", "slug": "betterdocs", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95ff5150-ff45-48f8-bd39-0df79838942e?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "95ffefff-80e1-4f5a-8939-47a00f75493d": { "id": "95ffefff-80e1-4f5a-8939-47a00f75493d", "title": "WP Content Filter \u2013 Censor All Offensive Content From Your Site <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Filter \u2013 Censor All Offensive Content From Your Site", "slug": "wp-content-filter", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/95ffefff-80e1-4f5a-8939-47a00f75493d?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9603e394-b358-4599-8610-ef5737a39de0": { "id": "9603e394-b358-4599-8610-ef5737a39de0", "title": "FunnelKit Checkout <= 3.10.3 - Authenticated(Subscriber+) Missing Authorization to Settings Change", "software": [ { "type": "plugin", "name": "FunnelKit Checkout", "slug": "woofunnels-aero-checkout", "affected_versions": { "* - 3.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9603e394-b358-4599-8610-ef5737a39de0?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9604fccc-ed8b-480b-ab56-ffa341631b52": { "id": "9604fccc-ed8b-480b-ab56-ffa341631b52", "title": "WordPress Ad Widget <= 2.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Ad Widget", "slug": "ad-widget", "affected_versions": { "* - 2.20.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9604fccc-ed8b-480b-ab56-ffa341631b52?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96084352-cc53-45fc-a33f-2ebf470f81a7": { "id": "96084352-cc53-45fc-a33f-2ebf470f81a7", "title": "Webcam Video Conference <= 3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Webcam Video Conference", "slug": "videowhisper-video-conference-integration", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96084352-cc53-45fc-a33f-2ebf470f81a7?source=api-scan" ], "published": "2013-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96086886-72f4-4a62-8f31-fc20e5240ba4": { "id": "96086886-72f4-4a62-8f31-fc20e5240ba4", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.7.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96086886-72f4-4a62-8f31-fc20e5240ba4?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96112707-04ca-4647-9008-31954764486f": { "id": "96112707-04ca-4647-9008-31954764486f", "title": "Gallery Portfolio <= 1.4.6 - Missing Authorization via Multiple AJAX actions", "software": [ { "type": "plugin", "name": "Portfolio Gallery \u2013 Responsive Image Gallery", "slug": "gallery-portfolio", "affected_versions": { "[*, 1.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96112707-04ca-4647-9008-31954764486f?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9611b4ba-0946-4180-a51d-18fcba84661e": { "id": "9611b4ba-0946-4180-a51d-18fcba84661e", "title": "Newspack Newsletters <= 2.13.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newspack Newsletters", "slug": "newspack-newsletters", "affected_versions": { "* - 2.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9611b4ba-0946-4180-a51d-18fcba84661e?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9614aaa9-d343-4fd4-8a40-7366cd961bd3": { "id": "9614aaa9-d343-4fd4-8a40-7366cd961bd3", "title": "Simply Schedule Appointments <= 1.5.7.5 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.5.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9614aaa9-d343-4fd4-8a40-7366cd961bd3?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96161594-9513-49f7-91ab-9ad05b900a81": { "id": "96161594-9513-49f7-91ab-9ad05b900a81", "title": "Uber Menu <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes", "software": [ { "type": "plugin", "name": "UberMenu", "slug": "ubermenu", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96161594-9513-49f7-91ab-9ad05b900a81?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "961b2b60-2026-42fc-be55-e7023e8ef3df": { "id": "961b2b60-2026-42fc-be55-e7023e8ef3df", "title": "Event Geek <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Geek", "slug": "event-geek", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/961b2b60-2026-42fc-be55-e7023e8ef3df?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "961cf553-8871-436d-af95-61af963f5e9d": { "id": "961cf553-8871-436d-af95-61af963f5e9d", "title": "SAML Single Sign On \u2013 SAML SSO Login <= 4.9.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SAML Single Sign On \u2013 SSO Login", "slug": "miniorange-saml-20-single-sign-on", "affected_versions": { "* - 4.9.20": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/961cf553-8871-436d-af95-61af963f5e9d?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "961d6d1d-46e8-489f-ac5f-51b55c5a0460": { "id": "961d6d1d-46e8-489f-ac5f-51b55c5a0460", "title": "DX Delete Attached Media <= 2.0.5.1 - Cross-Site Request Forgery via add_to_base", "software": [ { "type": "plugin", "name": "DX Delete Attached Media", "slug": "dx-delete-attached-media", "affected_versions": { "* - 2.0.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/961d6d1d-46e8-489f-ac5f-51b55c5a0460?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9622c839-a1dd-4633-8a9c-cec41d1041ff": { "id": "9622c839-a1dd-4633-8a9c-cec41d1041ff", "title": "NextGen Gallery <= 2.1.10 - Unrestricted File Upload", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9622c839-a1dd-4633-8a9c-cec41d1041ff?source=api-scan" ], "published": "2015-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9623e815-a107-4f9f-90b2-ec8b1cc87ddc": { "id": "9623e815-a107-4f9f-90b2-ec8b1cc87ddc", "title": "WP-Lister Lite for Amazon <= 2.6.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Lister Lite for Amazon", "slug": "wp-lister-for-amazon", "affected_versions": { "* - 2.6.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9623e815-a107-4f9f-90b2-ec8b1cc87ddc?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96265dd0-ed3d-4557-80e9-41f8b943b2a7": { "id": "96265dd0-ed3d-4557-80e9-41f8b943b2a7", "title": "Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in PDF Invoicing Module", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "[*, 5.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96265dd0-ed3d-4557-80e9-41f8b943b2a7?source=api-scan" ], "published": "2021-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96288db4-2758-4562-8b26-0523926c9156": { "id": "96288db4-2758-4562-8b26-0523926c9156", "title": "Rencontre \u2013 Dating Site <= 3.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96288db4-2758-4562-8b26-0523926c9156?source=api-scan" ], "published": "2019-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "962af7eb-b2eb-4190-bf0d-cb05cb28f10b": { "id": "962af7eb-b2eb-4190-bf0d-cb05cb28f10b", "title": "JS Help Desk \u2013 Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/962af7eb-b2eb-4190-bf0d-cb05cb28f10b?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "962c0440-04d7-4201-829c-dad9b8f796d5": { "id": "962c0440-04d7-4201-829c-dad9b8f796d5", "title": "Integration of Moneybird for WooCommerce <= 2.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Integration of Moneybird for WooCommerce", "slug": "woo-moneybird", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/962c0440-04d7-4201-829c-dad9b8f796d5?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "962f31e6-7863-45e1-835e-c679046deeea": { "id": "962f31e6-7863-45e1-835e-c679046deeea", "title": "Material Design for Contact Form 7 <= 2.6.4 - Missing Authorization to Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "Material Design for Contact Form 7", "slug": "material-design-for-contact-form-7", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/962f31e6-7863-45e1-835e-c679046deeea?source=api-scan" ], "published": "2022-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96320410-48e2-42a6-9a1e-1641c1229256": { "id": "96320410-48e2-42a6-9a1e-1641c1229256", "title": "FeedWordPress <= 2021.0713 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FeedWordPress", "slug": "feedwordpress", "affected_versions": { "* - 2021.0713": { "from_version": "*", "from_inclusive": true, "to_version": "2021.0713", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2022.0123" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96320410-48e2-42a6-9a1e-1641c1229256?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96388c82-2392-42b3-b0a0-c3d92910fb5c": { "id": "96388c82-2392-42b3-b0a0-c3d92910fb5c", "title": "The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "* - 4.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.10" ] }, { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96388c82-2392-42b3-b0a0-c3d92910fb5c?source=api-scan" ], "published": "2021-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "963cb544-165e-4378-9844-753c72bf2274": { "id": "963cb544-165e-4378-9844-753c72bf2274", "title": "WPCafe <= 2.2.27 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce", "slug": "wp-cafe", "affected_versions": { "* - 2.2.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/963cb544-165e-4378-9844-753c72bf2274?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "963db13e-14aa-4fc0-8d28-3f8a22361361": { "id": "963db13e-14aa-4fc0-8d28-3f8a22361361", "title": "Testimonial Rotator <= 3.0.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial Rotator", "slug": "testimonial-rotator", "affected_versions": { "[*, 3.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": false } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/963db13e-14aa-4fc0-8d28-3f8a22361361?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "963f2485-3afa-4e17-8278-b75415af3915": { "id": "963f2485-3afa-4e17-8278-b75415af3915", "title": "InstaWP Connect \u2013 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.44": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/963f2485-3afa-4e17-8278-b75415af3915?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9642be85-2817-4a3b-831b-0f1535106897": { "id": "9642be85-2817-4a3b-831b-0f1535106897", "title": "Page Loading Effects <= 2.0.0 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Page Loading Effects", "slug": "page-loading-effects", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9642be85-2817-4a3b-831b-0f1535106897?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "964601d5-8460-41c5-9791-ff9e3af964e3": { "id": "964601d5-8460-41c5-9791-ff9e3af964e3", "title": "Simple Ads Manager < 2.9.4.116 - Denial of Service", "software": [ { "type": "plugin", "name": "Simple Ads Manager", "slug": "simple-ads-manager", "affected_versions": { "[*, 2.9.4.116)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4.116", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.4.116" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/964601d5-8460-41c5-9791-ff9e3af964e3?source=api-scan" ], "published": "2015-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "964950dc-d8e1-4a9b-bef2-ea51abc5a925": { "id": "964950dc-d8e1-4a9b-bef2-ea51abc5a925", "title": "Event post <= 5.9.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Event post", "slug": "event-post", "affected_versions": { "* - 5.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/964950dc-d8e1-4a9b-bef2-ea51abc5a925?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9649b153-3acc-4e5b-9338-448099aba887": { "id": "9649b153-3acc-4e5b-9338-448099aba887", "title": "Medical Addon for Elementor <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Medical Addon for Elementor", "slug": "medical-addon-for-elementor", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9649b153-3acc-4e5b-9338-448099aba887?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "964d6dd2-0e93-4fc2-87ca-0257186d1b37": { "id": "964d6dd2-0e93-4fc2-87ca-0257186d1b37", "title": "Shipment Tracking, Tracking, and Order Tracking for WooCommerce \u2013 ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "ParcelPanel (Free to install) \u2013 Shipment Tracking, Tracking, and Order Tracking for WooCommerce", "slug": "parcelpanel", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/964d6dd2-0e93-4fc2-87ca-0257186d1b37?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "965107bd-e1ee-4a0c-af9e-bdd765d3eab5": { "id": "965107bd-e1ee-4a0c-af9e-bdd765d3eab5", "title": "WP-Invoice \u2013 Web Invoice and Billing <= 4.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP-Invoice \u2013 Web Invoice and Billing", "slug": "wp-invoice", "affected_versions": { "[*, 4.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/965107bd-e1ee-4a0c-af9e-bdd765d3eab5?source=api-scan" ], "published": "2016-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9652575b-389c-42e3-800a-0f133e0c224b": { "id": "9652575b-389c-42e3-800a-0f133e0c224b", "title": "Shortcodes by Angie Makes < 2.07 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcodes by Angie Makes", "slug": "wc-shortcodes", "affected_versions": { "[*, 2.07)": { "from_version": "*", "from_inclusive": true, "to_version": "2.07", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9652575b-389c-42e3-800a-0f133e0c224b?source=api-scan" ], "published": "2016-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "965b5979-9bf6-4124-86c4-e246f8f17270": { "id": "965b5979-9bf6-4124-86c4-e246f8f17270", "title": "Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 3.3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/965b5979-9bf6-4124-86c4-e246f8f17270?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "965cd061-d34e-4749-85a6-efa2456b1446": { "id": "965cd061-d34e-4749-85a6-efa2456b1446", "title": "Adventure Journal <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Adventure Journal", "slug": "adventure-journal", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/965cd061-d34e-4749-85a6-efa2456b1446?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96608c76-6dfd-4ff8-b114-070ff6706214": { "id": "96608c76-6dfd-4ff8-b114-070ff6706214", "title": "Ajax Search Pro <= 4.18.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Ajax Search Pro", "slug": "ajax-search-pro", "affected_versions": { "* - 4.18.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.18.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96608c76-6dfd-4ff8-b114-070ff6706214?source=api-scan" ], "published": "2020-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96649aa6-f3ba-4e9e-9fa5-a5fbd52c3836": { "id": "96649aa6-f3ba-4e9e-9fa5-a5fbd52c3836", "title": "CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Reflected Cross-Site Scripting via cb_p6_tab", "software": [ { "type": "plugin", "name": "CodeBard's Patron Button and Widgets for Patreon", "slug": "patron-button-and-widgets-by-codebard", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96649aa6-f3ba-4e9e-9fa5-a5fbd52c3836?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9666913e-55a3-441c-85ef-8a12756e37ba": { "id": "9666913e-55a3-441c-85ef-8a12756e37ba", "title": "User Activity Log Pro <= 2.3.3 - Tracking Bypass via IP Spoofing", "software": [ { "type": "plugin", "name": "User Activity Log Pro", "slug": "user-activity-log-pro", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9666913e-55a3-441c-85ef-8a12756e37ba?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "966843d1-64c2-4f49-852c-d362714db823": { "id": "966843d1-64c2-4f49-852c-d362714db823", "title": "Mass Pages\/Posts Creator <= 1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Mass Pages\/Posts Creator", "slug": "mass-pagesposts-creator", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/966843d1-64c2-4f49-852c-d362714db823?source=api-scan" ], "published": "2018-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9669fbae-cf7a-4715-a1f3-cdbbb1c1cedd": { "id": "9669fbae-cf7a-4715-a1f3-cdbbb1c1cedd", "title": "WPSection <= 1.3.8 - Authenticated (Contributor+) Local File Inlcusion", "software": [ { "type": "plugin", "name": "wpsection", "slug": "wpsection", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9669fbae-cf7a-4715-a1f3-cdbbb1c1cedd?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "966a3a33-3d22-4671-8893-7a64ff838f39": { "id": "966a3a33-3d22-4671-8893-7a64ff838f39", "title": "Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/966a3a33-3d22-4671-8893-7a64ff838f39?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "966b43ea-dbd3-4f1e-b803-08027fff6f8f": { "id": "966b43ea-dbd3-4f1e-b803-08027fff6f8f", "title": "wordpress vertical image slider plugin < 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wordpress vertical image slider plugin", "slug": "wp-vertical-image-slider", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/966b43ea-dbd3-4f1e-b803-08027fff6f8f?source=api-scan" ], "published": "2015-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9670bd32-34ce-48b1-82d9-62ab8869a89b": { "id": "9670bd32-34ce-48b1-82d9-62ab8869a89b", "title": "Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Timetable and Event Schedule by MotoPress", "slug": "mp-timetable", "affected_versions": { "* - 2.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9670bd32-34ce-48b1-82d9-62ab8869a89b?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96769a0e-d4a9-4196-8ded-b600046c0943": { "id": "96769a0e-d4a9-4196-8ded-b600046c0943", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96769a0e-d4a9-4196-8ded-b600046c0943?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9676c768-496a-4131-93ff-481db158cceb": { "id": "9676c768-496a-4131-93ff-481db158cceb", "title": "Database Cleaner <= 1.0.5 - Authenticated (Admin+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "Database Cleaner", "slug": "database-cleaner", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9676c768-496a-4131-93ff-481db158cceb?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "967ff273-33f3-4580-928a-7764583429aa": { "id": "967ff273-33f3-4580-928a-7764583429aa", "title": "YellowPencil Visual CSS Style Editor <= 7.5.8 - Reflected Cross-Site Scripting liveLink", "software": [ { "type": "plugin", "name": "Visual CSS Style Editor", "slug": "yellow-pencil-visual-theme-customizer", "affected_versions": { "* - 7.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/967ff273-33f3-4580-928a-7764583429aa?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9680fed3-e8fe-4845-9807-f139f9e22e79": { "id": "9680fed3-e8fe-4845-9807-f139f9e22e79", "title": "Check & Log email <= 1.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Check & Log Email \u2013 Easy Email Testing & Mail logging", "slug": "check-email", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9680fed3-e8fe-4845-9807-f139f9e22e79?source=api-scan" ], "published": "2022-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9687e8e5-add1-477d-9cb7-f94b8af10da5": { "id": "9687e8e5-add1-477d-9cb7-f94b8af10da5", "title": "WP Visitor Statistics (Real Time Traffic) <= 4.7 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Visitor Statistics (Real Time Traffic)", "slug": "wp-stats-manager", "affected_versions": { "[*, 4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9687e8e5-add1-477d-9cb7-f94b8af10da5?source=api-scan" ], "published": "2021-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "968920b9-febf-4d76-a16b-f27954cd72e5": { "id": "968920b9-febf-4d76-a16b-f27954cd72e5", "title": "Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/968920b9-febf-4d76-a16b-f27954cd72e5?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96896174-3ad9-4dcf-b06b-cd5ee91a6240": { "id": "96896174-3ad9-4dcf-b06b-cd5ee91a6240", "title": "Bubble Menu <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bubble Menu \u2013 Sticky Navigation with Floating Button Menu Solution", "slug": "bubble-menu", "affected_versions": { "[*, 3.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96896174-3ad9-4dcf-b06b-cd5ee91a6240?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "968d5d31-2592-4bed-9d18-5877f0d6062e": { "id": "968d5d31-2592-4bed-9d18-5877f0d6062e", "title": "Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import", "software": [ { "type": "plugin", "name": "Bridge Core", "slug": "bridge-core", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/968d5d31-2592-4bed-9d18-5877f0d6062e?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "968ead80-eed6-4a42-a3cd-73cf4cbbb1e5": { "id": "968ead80-eed6-4a42-a3cd-73cf4cbbb1e5", "title": "Google Forms <= 0.93 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Google Forms", "slug": "wpgform", "affected_versions": { "[*, 0.94)": { "from_version": "*", "from_inclusive": true, "to_version": "0.94", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/968ead80-eed6-4a42-a3cd-73cf4cbbb1e5?source=api-scan" ], "published": "2018-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9694c8b6-3e2f-499f-bdac-eed78d89e08a": { "id": "9694c8b6-3e2f-499f-bdac-eed78d89e08a", "title": "WP Last Modified Info <= 1.6.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Last Modified Info", "slug": "wp-last-modified-info", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9694c8b6-3e2f-499f-bdac-eed78d89e08a?source=api-scan" ], "published": "2020-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9694f4e0-be99-4122-82d2-b22e7422c877": { "id": "9694f4e0-be99-4122-82d2-b22e7422c877", "title": "Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion", "software": [ { "type": "plugin", "name": "Event Calendar", "slug": "event-calendars", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9694f4e0-be99-4122-82d2-b22e7422c877?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9694fae8-dfe9-4e19-bebc-2f2a607cff82": { "id": "9694fae8-dfe9-4e19-bebc-2f2a607cff82", "title": "Starbox <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Starbox \u2013 the Author Box for Humans", "slug": "starbox", "affected_versions": { "* - 3.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9694fae8-dfe9-4e19-bebc-2f2a607cff82?source=api-scan" ], "published": "2024-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9699118a-e12f-491f-b464-51129888fb1a": { "id": "9699118a-e12f-491f-b464-51129888fb1a", "title": "Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion", "software": [ { "type": "plugin", "name": "TWChat \u2013 Send or receive messages from users", "slug": "twchat", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9699118a-e12f-491f-b464-51129888fb1a?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9699944e-7f1b-4d79-9dca-98472d3db48f": { "id": "9699944e-7f1b-4d79-9dca-98472d3db48f", "title": "Featured Content Gallery <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Featured Content Gallery", "slug": "featured-content-gallery", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9699944e-7f1b-4d79-9dca-98472d3db48f?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "969b54d4-50db-4a2f-afa1-e22b29af661e": { "id": "969b54d4-50db-4a2f-afa1-e22b29af661e", "title": "WordPress Colorbox Lightbox Plugin <= 1.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Colorbox", "slug": "wp-colorbox", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/969b54d4-50db-4a2f-afa1-e22b29af661e?source=api-scan" ], "published": "2020-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96a0ca0c-7cd5-4be4-a833-fc15fff62362": { "id": "96a0ca0c-7cd5-4be4-a833-fc15fff62362", "title": "Advanced Page Visit Counter <= 6.1.5 - Subscriber+ Blind SQL injection", "software": [ { "type": "plugin", "name": "Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress", "slug": "advanced-page-visit-counter", "affected_versions": { "[*, 6.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96a0ca0c-7cd5-4be4-a833-fc15fff62362?source=api-scan" ], "published": "2022-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96a7ebcb-3420-497c-80e6-54e42afe41a3": { "id": "96a7ebcb-3420-497c-80e6-54e42afe41a3", "title": "WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Responsive Tabs horizontal vertical and accordion Tabs", "slug": "responsive-horizontal-vertical-and-accordion-tabs", "affected_versions": { "* - 1.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96a7ebcb-3420-497c-80e6-54e42afe41a3?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96a9f567-6cf8-4988-bf8e-77eade71c5f6": { "id": "96a9f567-6cf8-4988-bf8e-77eade71c5f6", "title": "Ocim MP3 (All Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ocim MP3", "slug": "ocim-mp3", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96a9f567-6cf8-4988-bf8e-77eade71c5f6?source=api-scan" ], "published": "2016-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96ab5bb0-724c-434b-acc4-be8265b4838f": { "id": "96ab5bb0-724c-434b-acc4-be8265b4838f", "title": "WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation", "software": [ { "type": "plugin", "name": "WP Post Rating", "slug": "wp-post-comment-rating", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96ab5bb0-724c-434b-acc4-be8265b4838f?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96b58c2c-f292-4a48-bd1e-c33cf464c1ce": { "id": "96b58c2c-f292-4a48-bd1e-c33cf464c1ce", "title": "Contact Form Email <= 1.3.24 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.3.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96b58c2c-f292-4a48-bd1e-c33cf464c1ce?source=api-scan" ], "published": "2021-11-11 14:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96b68824-3080-4959-a7d7-43d29c5c4119": { "id": "96b68824-3080-4959-a7d7-43d29c5c4119", "title": "Download Monitor <= 4.4.4 - Admin+ SQL Injection via orderby parameter", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "[*, 4.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96b68824-3080-4959-a7d7-43d29c5c4119?source=api-scan" ], "published": "2021-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96bc0d9b-1f03-48d4-aa99-954e92e77c04": { "id": "96bc0d9b-1f03-48d4-aa99-954e92e77c04", "title": "Cyclone Slider <= 3.2.0 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Cyclone Slider", "slug": "cyclone-slider", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96bc0d9b-1f03-48d4-aa99-954e92e77c04?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96bc27f3-6aa4-4119-9978-5e9dee5f1796": { "id": "96bc27f3-6aa4-4119-9978-5e9dee5f1796", "title": "Quiz Maker <= 6.4.9.4 - Missing Authorization to Email Disclosure", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.4.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96bc27f3-6aa4-4119-9978-5e9dee5f1796?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96bdd465-e4ca-4a32-b38a-a2a51598a3a9": { "id": "96bdd465-e4ca-4a32-b38a-a2a51598a3a9", "title": "Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96bdd465-e4ca-4a32-b38a-a2a51598a3a9?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96d264fe-e7e1-4eec-b235-9d288bc5a22f": { "id": "96d264fe-e7e1-4eec-b235-9d288bc5a22f", "title": "Login\/Signup Popup < 1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Login\/Signup Popup ( Inline Form + Woocommerce )", "slug": "easy-login-woocommerce", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96d264fe-e7e1-4eec-b235-9d288bc5a22f?source=api-scan" ], "published": "2020-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96d5bfeb-b082-44cc-8d84-1ef1c3f5b562": { "id": "96d5bfeb-b082-44cc-8d84-1ef1c3f5b562", "title": "MapPress Maps <= 2.73.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "[*, 2.73.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.73.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.73.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96d5bfeb-b082-44cc-8d84-1ef1c3f5b562?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96deac16-cb64-4246-b8d0-05a020142f1d": { "id": "96deac16-cb64-4246-b8d0-05a020142f1d", "title": "Ovic Addon Toolkit <= 2.6.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ovic Addon Toolkit", "slug": "ovic-addon-toolkit", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96deac16-cb64-4246-b8d0-05a020142f1d?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96defcb7-6af1-4fb8-9fa0-231c6776bbc1": { "id": "96defcb7-6af1-4fb8-9fa0-231c6776bbc1", "title": "Anchor Episodes Index (Spotify for Podcasters) <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anchor Episodes Index (Spotify for Podcasters)", "slug": "anchor-episodes-index", "affected_versions": { "[*, 2.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96defcb7-6af1-4fb8-9fa0-231c6776bbc1?source=api-scan" ], "published": "2023-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96e2ba3d-4e6d-42b8-832c-03ef4915cadb": { "id": "96e2ba3d-4e6d-42b8-832c-03ef4915cadb", "title": "fGallery 2.4.1 - SQL injection", "software": [ { "type": "plugin", "name": "fgallery", "slug": "fgallery", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96e2ba3d-4e6d-42b8-832c-03ef4915cadb?source=api-scan" ], "published": "2008-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96eba67c-58e7-4eea-84d4-9b3bb275b42d": { "id": "96eba67c-58e7-4eea-84d4-9b3bb275b42d", "title": "Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.217": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.217", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.218" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96eba67c-58e7-4eea-84d4-9b3bb275b42d?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96f149a9-cf2e-49b7-8a5f-e87d3e5209ca": { "id": "96f149a9-cf2e-49b7-8a5f-e87d3e5209ca", "title": "JetGridBuilder <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "JetGridBuilder \u2014 Grid Builder for Elementor and Gutenberg", "slug": "jetgridbuilder", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96f149a9-cf2e-49b7-8a5f-e87d3e5209ca?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96f1ede7-ec36-4edf-baee-5e41907290af": { "id": "96f1ede7-ec36-4edf-baee-5e41907290af", "title": "Gwolle Guestbook <= 2.1.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gwolle Guestbook", "slug": "gwolle-gb", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96f1ede7-ec36-4edf-baee-5e41907290af?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96f30a22-f218-48e7-9796-b9f1d5becc2c": { "id": "96f30a22-f218-48e7-9796-b9f1d5becc2c", "title": "Site Offline <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Offline Or Coming Soon Or Maintenance Mode", "slug": "site-offline", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96f30a22-f218-48e7-9796-b9f1d5becc2c?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96f9c5b3-43b7-46e0-aa0c-a5179a99096b": { "id": "96f9c5b3-43b7-46e0-aa0c-a5179a99096b", "title": "AdRotate \u2013 Ad manager & AdSense Ads < 3.6.8 - SQL Injection", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "[*, 3.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96f9c5b3-43b7-46e0-aa0c-a5179a99096b?source=api-scan" ], "published": "2011-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96fa9ed7-6c13-4356-8a25-8a309be2b0e9": { "id": "96fa9ed7-6c13-4356-8a25-8a309be2b0e9", "title": "Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.24.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.24.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.24.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96fa9ed7-6c13-4356-8a25-8a309be2b0e9?source=api-scan" ], "published": "2024-10-14 12:07:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96fb8398-d566-439c-8ed0-78e71276b577": { "id": "96fb8398-d566-439c-8ed0-78e71276b577", "title": "iCalendrier <= 1.80 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iCalendrier", "slug": "icalendrier", "affected_versions": { "* - 1.80": { "from_version": "*", "from_inclusive": true, "to_version": "1.80", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96fb8398-d566-439c-8ed0-78e71276b577?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "96fc3ead-7ae4-4d2c-a0b5-13f3e3bf429b": { "id": "96fc3ead-7ae4-4d2c-a0b5-13f3e3bf429b", "title": "Testimonial < 2.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Testimonial", "slug": "indianic-testimonial", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/96fc3ead-7ae4-4d2c-a0b5-13f3e3bf429b?source=api-scan" ], "published": "2013-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9704b633-5779-42a7-90d7-e532448f2e51": { "id": "9704b633-5779-42a7-90d7-e532448f2e51", "title": "Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "[*, 3.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9704b633-5779-42a7-90d7-e532448f2e51?source=api-scan" ], "published": "2017-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "970b3a0f-c1cc-4d85-8271-a523ccdbcc39": { "id": "970b3a0f-c1cc-4d85-8271-a523ccdbcc39", "title": "Analytify Dashboard <= 5.1.0 - Missing Authorization to Opt-In", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "[*, 5.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/970b3a0f-c1cc-4d85-8271-a523ccdbcc39?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "970bc71c-7d0a-4761-874a-379cda71418e": { "id": "970bc71c-7d0a-4761-874a-379cda71418e", "title": "My Private Site <= 3.0.14 - Improper Access Control to Sensitive Information Exposure via REST API", "software": [ { "type": "plugin", "name": "My Private Site", "slug": "jonradio-private-site", "affected_versions": { "* - 3.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/970bc71c-7d0a-4761-874a-379cda71418e?source=api-scan" ], "published": "2024-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97108ad1-c7b8-4050-ba0d-7a1fd4bdedb3": { "id": "97108ad1-c7b8-4050-ba0d-7a1fd4bdedb3", "title": "Elementor Header & Footer Builder <= 1.5.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Header & Footer Builder", "slug": "header-footer-elementor", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97108ad1-c7b8-4050-ba0d-7a1fd4bdedb3?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9715d1b2-1d82-4f48-89c3-9a389ab31360": { "id": "9715d1b2-1d82-4f48-89c3-9a389ab31360", "title": "AI Engine: ChatGPT Chatbot <= 2.2.63 - Authenticated (Editor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "* - 2.2.63": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.63", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9715d1b2-1d82-4f48-89c3-9a389ab31360?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97174ec0-a2b7-455e-9bf8-b6f51546beee": { "id": "97174ec0-a2b7-455e-9bf8-b6f51546beee", "title": "EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 4.0.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97174ec0-a2b7-455e-9bf8-b6f51546beee?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9717e4aa-4294-4194-b2ab-3b0ec845a1ca": { "id": "9717e4aa-4294-4194-b2ab-3b0ec845a1ca", "title": "Option Tree <= 2.5.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OptionTree", "slug": "option-tree", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9717e4aa-4294-4194-b2ab-3b0ec845a1ca?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9719d083-cc7c-4655-a4c4-f5370cfe76e0": { "id": "9719d083-cc7c-4655-a4c4-f5370cfe76e0", "title": "Order Delivery Date for WooCommerce <= 3.20.0 - Reflected Cross-Site Scripting via 'orddd_lite_custom_startdate' and 'orddd_lite_custom_enddate'", "software": [ { "type": "plugin", "name": "Order Delivery Date for WooCommerce", "slug": "order-delivery-date-for-woocommerce", "affected_versions": { "* - 3.20.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.20.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9719d083-cc7c-4655-a4c4-f5370cfe76e0?source=api-scan" ], "published": "2023-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "971d06e2-29dc-424d-b20e-8ec34990014d": { "id": "971d06e2-29dc-424d-b20e-8ec34990014d", "title": "Ambience (Unspecified Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Ambience", "slug": "ambience", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/971d06e2-29dc-424d-b20e-8ec34990014d?source=api-scan" ], "published": "2013-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "971d40d2-428f-49d9-8918-89843980f177": { "id": "971d40d2-428f-49d9-8918-89843980f177", "title": "TrueBooker <= 1.0.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "TrueBooker \u2013 Appointment Booking and Scheduler Plugin.", "slug": "truebooker-appointment-booking", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/971d40d2-428f-49d9-8918-89843980f177?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9726b59e-4826-4253-889c-686763ad3689": { "id": "9726b59e-4826-4253-889c-686763ad3689", "title": "Hestia <= 3.1.2 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Hestia", "slug": "hestia", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9726b59e-4826-4253-889c-686763ad3689?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9729ccc9-e3f1-4096-8430-22998b386cec": { "id": "9729ccc9-e3f1-4096-8430-22998b386cec", "title": "Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9729ccc9-e3f1-4096-8430-22998b386cec?source=api-scan" ], "published": "2024-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9729ebf5-ef78-4ef4-81d4-165f422c3847": { "id": "9729ebf5-ef78-4ef4-81d4-165f422c3847", "title": "FV Flowplayer Video Player <= 7.3.14.727 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "[*, 7.3.15.727)": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.15.727", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.3.15.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9729ebf5-ef78-4ef4-81d4-165f422c3847?source=api-scan" ], "published": "2019-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "972fba75-8230-4991-a697-34ab850ddee5": { "id": "972fba75-8230-4991-a697-34ab850ddee5", "title": "Wholesale Suite <= 2.1.5 - Authenticated (Subscriber+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More", "slug": "woocommerce-wholesale-prices", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/972fba75-8230-4991-a697-34ab850ddee5?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97312cf2-dcff-466f-a27c-25686216ed04": { "id": "97312cf2-dcff-466f-a27c-25686216ed04", "title": "Church Admin <= 4.0.27 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97312cf2-dcff-466f-a27c-25686216ed04?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97344674-15df-45e6-9906-f21a9920a6e1": { "id": "97344674-15df-45e6-9906-f21a9920a6e1", "title": "Foyer <= 1.7.5 - Content Injection via Improper Access Control", "software": [ { "type": "plugin", "name": "Foyer \u2013 Digital Signage for WordPress", "slug": "foyer", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97344674-15df-45e6-9906-f21a9920a6e1?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97396207-4892-4d1a-8740-3000484f1317": { "id": "97396207-4892-4d1a-8740-3000484f1317", "title": "WPFront Notification Bar <= 2.0.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFront Notification Bar", "slug": "wpfront-notification-bar", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97396207-4892-4d1a-8740-3000484f1317?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97416640-c076-4f5e-9119-adbca2fcc495": { "id": "97416640-c076-4f5e-9119-adbca2fcc495", "title": "Google Adsense and Hotel Booking <= 1.05 - Open Proxy", "software": [ { "type": "plugin", "name": "google-adsense-and-hotel-booking", "slug": "google-adsense-and-hotel-booking", "affected_versions": { "* - 1.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.05", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97416640-c076-4f5e-9119-adbca2fcc495?source=api-scan" ], "published": "2015-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9742a4d0-34b0-4f7f-aa2b-a6f7cb6aacd4": { "id": "9742a4d0-34b0-4f7f-aa2b-a6f7cb6aacd4", "title": "Ultimate Member <= 2.0.6 - Multiple Cross-Site Request Forgery Issues", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9742a4d0-34b0-4f7f-aa2b-a6f7cb6aacd4?source=api-scan" ], "published": "2018-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97460a9c-e996-4170-afa3-47db9097f3f4": { "id": "97460a9c-e996-4170-afa3-47db9097f3f4", "title": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97460a9c-e996-4170-afa3-47db9097f3f4?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9746cd9f-afb2-41b2-9e31-7c77222d9cfd": { "id": "9746cd9f-afb2-41b2-9e31-7c77222d9cfd", "title": "Brizy \u2013 Page Builder <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.43": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9746cd9f-afb2-41b2-9e31-7c77222d9cfd?source=api-scan" ], "published": "2024-06-04 17:42:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "974a3228-5eab-41be-b3c1-82e71cde8de7": { "id": "974a3228-5eab-41be-b3c1-82e71cde8de7", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/974a3228-5eab-41be-b3c1-82e71cde8de7?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "974b3894-f4e2-49c7-ba92-eaa5be0b4298": { "id": "974b3894-f4e2-49c7-ba92-eaa5be0b4298", "title": "Adsense Click Fraud Monitoring <= 1.8.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google AdSense Click-Fraud Monitoring Plugin", "slug": "adsense-click-fraud-monitoring", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/974b3894-f4e2-49c7-ba92-eaa5be0b4298?source=api-scan" ], "published": "2015-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "974b9211-04e4-4309-8a7b-aeccc5b55ce7": { "id": "974b9211-04e4-4309-8a7b-aeccc5b55ce7", "title": "WordPress Meta Robots <= 2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Meta Robots", "slug": "wordpress-meta-robots", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/974b9211-04e4-4309-8a7b-aeccc5b55ce7?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "974c0e94-8d09-488a-9a09-49f0b9ce112c": { "id": "974c0e94-8d09-488a-9a09-49f0b9ce112c", "title": "The Events Calendar Free & Pro <= 6.4.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0.1" ] }, { "type": "plugin", "name": "The Events Calendar Pro", "slug": "events-calendar-pro", "affected_versions": { "* - 6.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/974c0e94-8d09-488a-9a09-49f0b9ce112c?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "974f14e8-1a59-4ba5-8806-b4d8b135315e": { "id": "974f14e8-1a59-4ba5-8806-b4d8b135315e", "title": "Sloth Logo Customizer <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sloth Logo Customizer", "slug": "sloth-logo-customizer", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/974f14e8-1a59-4ba5-8806-b4d8b135315e?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "975293a1-7b69-4e10-93a3-74c00562c758": { "id": "975293a1-7b69-4e10-93a3-74c00562c758", "title": "Shared Counts \u2013 Social Media Share Buttons <= 1.4.1 - Missing Authorization to Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "Shared Counts \u2013 Social Media Share Buttons", "slug": "shared-counts", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/975293a1-7b69-4e10-93a3-74c00562c758?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "975487bf-5e62-47e7-8112-5cd91f9c9483": { "id": "975487bf-5e62-47e7-8112-5cd91f9c9483", "title": "Perfect Portfolio <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Perfect Portfolio", "slug": "perfect-portfolio", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/975487bf-5e62-47e7-8112-5cd91f9c9483?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97548879-f015-4adc-8a84-535d210ae0de": { "id": "97548879-f015-4adc-8a84-535d210ae0de", "title": "Preloader Matrix <= 2.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Preloader Matrix", "slug": "matrix-pre-loader", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97548879-f015-4adc-8a84-535d210ae0de?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9755323f-42bd-491d-8d82-b1905eed0d9b": { "id": "9755323f-42bd-491d-8d82-b1905eed0d9b", "title": "WEN Responsive Columns <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WEN Responsive Columns", "slug": "wen-responsive-columns", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9755323f-42bd-491d-8d82-b1905eed0d9b?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9758a59c-4370-4b26-b32a-004565f28d76": { "id": "9758a59c-4370-4b26-b32a-004565f28d76", "title": "AccessPress Anonymous Post Pro <= 3.1.9 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "accesspress-anonymous-post-pro", "slug": "accesspress-anonymous-post-pro", "affected_versions": { "[*, 3.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9758a59c-4370-4b26-b32a-004565f28d76?source=api-scan" ], "published": "2017-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9759e1f0-e134-4c7f-88aa-63dbae7067f1": { "id": "9759e1f0-e134-4c7f-88aa-63dbae7067f1", "title": "Colibri Page Builder <= 1.0.248 - Missing Authorization", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.248": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.248", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.249" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9759e1f0-e134-4c7f-88aa-63dbae7067f1?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "975e760f-c099-414b-9179-6f2a1f1358b5": { "id": "975e760f-c099-414b-9179-6f2a1f1358b5", "title": "Recurring PayPal Donations <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Recurring PayPal Donations", "slug": "recurring-donation", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/975e760f-c099-414b-9179-6f2a1f1358b5?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9764d402-b8a2-43d5-882a-bc3886078b7f": { "id": "9764d402-b8a2-43d5-882a-bc3886078b7f", "title": "Media from FTP <= 11.16 - Authenticated (Author+) Improper Privilege Management", "software": [ { "type": "plugin", "name": "Media from FTP", "slug": "media-from-ftp", "affected_versions": { "* - 11.16": { "from_version": "*", "from_inclusive": true, "to_version": "11.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9764d402-b8a2-43d5-882a-bc3886078b7f?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97666e54-8e86-4f18-ae32-ad8ca607aeff": { "id": "97666e54-8e86-4f18-ae32-ad8ca607aeff", "title": "Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.19.20": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97666e54-8e86-4f18-ae32-ad8ca607aeff?source=api-scan" ], "published": "2024-07-16 18:29:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9766a657-1cf2-448a-bd66-a27c0ebd8261": { "id": "9766a657-1cf2-448a-bd66-a27c0ebd8261", "title": "Payment Gateways Caller for WP e-Commerce < 0.1.1 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Payment Gateways Caller for WP e-Commerce", "slug": "payment-gateways-caller-for-wp-e-commerce", "affected_versions": { "[*, 0.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9766a657-1cf2-448a-bd66-a27c0ebd8261?source=api-scan" ], "published": "2013-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97677968-9231-4a6b-ad81-ddb9eb9791dd": { "id": "97677968-9231-4a6b-ad81-ddb9eb9791dd", "title": "Activity Log Plugin < 2.0.4 - Fulle Path Disclosure", "software": [ { "type": "plugin", "name": "Activity Log \u2013 Monitor & Record User Changes", "slug": "aryo-activity-log", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97677968-9231-4a6b-ad81-ddb9eb9791dd?source=api-scan" ], "published": "2014-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97690bde-f2c6-429b-8d5a-51bee4a981ca": { "id": "97690bde-f2c6-429b-8d5a-51bee4a981ca", "title": "WordPress Download Manager < 2.9.51 - Open Redirect", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.9.51)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.51", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97690bde-f2c6-429b-8d5a-51bee4a981ca?source=api-scan" ], "published": "2017-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "976f9d0e-8ad8-4ce8-8917-b5c7f5a24cbb": { "id": "976f9d0e-8ad8-4ce8-8917-b5c7f5a24cbb", "title": "Parallax Scroll <= 2.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Parallax Scroll by adamrob.co.uk", "slug": "adamrob-parallax-scroll", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/976f9d0e-8ad8-4ce8-8917-b5c7f5a24cbb?source=api-scan" ], "published": "2019-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9771d688-9c96-4ffb-823e-dcdf8b1cbc51": { "id": "9771d688-9c96-4ffb-823e-dcdf8b1cbc51", "title": "Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9771d688-9c96-4ffb-823e-dcdf8b1cbc51?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9774c999-acb6-4c5f-ad6c-10979660b164": { "id": "9774c999-acb6-4c5f-ad6c-10979660b164", "title": "Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.86": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.87" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9774c999-acb6-4c5f-ad6c-10979660b164?source=api-scan" ], "published": "2024-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97759a47-c52a-4113-86c0-453a53fb44a6": { "id": "97759a47-c52a-4113-86c0-453a53fb44a6", "title": "Portfolio Gallery \u2013 Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Portfolio Gallery \u2013 Image Gallery Plugin", "slug": "portfolio-filter-gallery", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97759a47-c52a-4113-86c0-453a53fb44a6?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "977ab23a-06b2-4f54-a2c2-3be2316eaceb": { "id": "977ab23a-06b2-4f54-a2c2-3be2316eaceb", "title": "Woostify Sites Library <= 1.4.7 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update", "software": [ { "type": "plugin", "name": "Woostify Sites Library", "slug": "woostify-sites-library", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/977ab23a-06b2-4f54-a2c2-3be2316eaceb?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "977bab12-969d-4b15-9942-2b17c8541f61": { "id": "977bab12-969d-4b15-9942-2b17c8541f61", "title": "Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/977bab12-969d-4b15-9942-2b17c8541f61?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "977d1ec4-327b-4563-a3b1-ac4fad195eb7": { "id": "977d1ec4-327b-4563-a3b1-ac4fad195eb7", "title": "Mail Masta Plugin <= 1.0 - SQL Injection via filter_list", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/977d1ec4-327b-4563-a3b1-ac4fad195eb7?source=api-scan" ], "published": "2017-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "978159d3-39b2-49b7-a59a-2da72f1792fd": { "id": "978159d3-39b2-49b7-a59a-2da72f1792fd", "title": "CPO Shortcodes <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CPO Shortcodes", "slug": "cpo-shortcodes", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/978159d3-39b2-49b7-a59a-2da72f1792fd?source=api-scan" ], "published": "2022-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "978d1747-fbcf-4c08-9563-49041f225120": { "id": "978d1747-fbcf-4c08-9563-49041f225120", "title": "MoneyMasters (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "MoneyMasters", "slug": "moneymasters", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/978d1747-fbcf-4c08-9563-49041f225120?source=api-scan" ], "published": "2012-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "978d5715-7993-4f89-8d69-895467633bfb": { "id": "978d5715-7993-4f89-8d69-895467633bfb", "title": "WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/978d5715-7993-4f89-8d69-895467633bfb?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9790c592-1445-4f9d-987e-ae5ab49c4dcd": { "id": "9790c592-1445-4f9d-987e-ae5ab49c4dcd", "title": "WP-CFM <= 1.7.8 - Cross-Site Request Forgery via multiple AJAX functions", "software": [ { "type": "plugin", "name": "WP-CFM", "slug": "wp-cfm", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9790c592-1445-4f9d-987e-ae5ab49c4dcd?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97964532-c9bd-4bc1-8f57-b2cd2c47a0e0": { "id": "97964532-c9bd-4bc1-8f57-b2cd2c47a0e0", "title": "Pixgraphy <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Pixgraphy", "slug": "pixgraphy", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97964532-c9bd-4bc1-8f57-b2cd2c47a0e0?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97964ebd-be0b-4187-b393-17edf4ba5caf": { "id": "97964ebd-be0b-4187-b393-17edf4ba5caf", "title": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.12.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97964ebd-be0b-4187-b393-17edf4ba5caf?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "979699fd-ff31-4cba-bbf2-03fa51554031": { "id": "979699fd-ff31-4cba-bbf2-03fa51554031", "title": "Multi Rating <= 5.0.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multi Rating", "slug": "multi-rating", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/979699fd-ff31-4cba-bbf2-03fa51554031?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97984c7d-d6ff-480c-acfe-20ab0eb04141": { "id": "97984c7d-d6ff-480c-acfe-20ab0eb04141", "title": "Quick Restaurant Menu <= 2.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Quick Restaurant Menu", "slug": "quick-restaurant-menu", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97984c7d-d6ff-480c-acfe-20ab0eb04141?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9799df3f-e34e-42a7-8a72-fa57682f7014": { "id": "9799df3f-e34e-42a7-8a72-fa57682f7014", "title": "FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "FULL \u2013 Cliente", "slug": "full-customer", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9799df3f-e34e-42a7-8a72-fa57682f7014?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "979bb48d-6dbf-4bb2-90f3-573797ff23f7": { "id": "979bb48d-6dbf-4bb2-90f3-573797ff23f7", "title": "mb.mb.miniAudioPlayer < 1.4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mb.miniAudioPlayer \u2013 an HTML5 audio player for your mp3 files", "slug": "wp-miniaudioplayer", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/979bb48d-6dbf-4bb2-90f3-573797ff23f7?source=api-scan" ], "published": "2013-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "979c1107-788a-4130-b1d1-5cad3717962b": { "id": "979c1107-788a-4130-b1d1-5cad3717962b", "title": "OnionBuzz Plugin < 1.2.7 - SQL Injection", "software": [ { "type": "plugin", "name": "OnionBuzz", "slug": "onionbuzz-viral-quiz", "affected_versions": { "[*, 1.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/979c1107-788a-4130-b1d1-5cad3717962b?source=api-scan" ], "published": "2019-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97a1ab2f-b531-46a7-ad51-a652fc078212": { "id": "97a1ab2f-b531-46a7-ad51-a652fc078212", "title": "Elespare \u2013 Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header\/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget", "software": [ { "type": "plugin", "name": "EleSpare: SEO-Optimized Elementor Addons for Blogs, News, & Magazine Websites \u2013 35+ Responsive Post Grids, Sliders, Carousels Widgets, 350+ Customizable Templates, Header\/Footer Builder, and Fast-Loading Starter Site Imports. No Coding Needed!", "slug": "elespare", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97a1ab2f-b531-46a7-ad51-a652fc078212?source=api-scan" ], "published": "2024-06-12 19:14:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97a3fc27-4b58-400a-b831-6423e3de5cb7": { "id": "97a3fc27-4b58-400a-b831-6423e3de5cb7", "title": "WordPress Core < 4.9 - Insecure Deserialization", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97a3fc27-4b58-400a-b831-6423e3de5cb7?source=api-scan" ], "published": "2018-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97ab2585-4178-4a5b-923f-2ce9ca44a8d7": { "id": "97ab2585-4178-4a5b-923f-2ce9ca44a8d7", "title": "WordPress Core < 4.2.4 - Timing Side-Channel Attack", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.9": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true }, "3.8 - 3.8.9": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true }, "3.9 - 3.9.7": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": true }, "4.0 - 4.0.6": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true }, "4.1 - 4.1.6": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true }, "4.2 - 4.2.3": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.10", "3.8.10", "3.9.8", "4.0.7", "4.1.7", "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97ab2585-4178-4a5b-923f-2ce9ca44a8d7?source=api-scan" ], "published": "2015-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97ad1b6e-2f2b-49f6-9970-fd413bfc544a": { "id": "97ad1b6e-2f2b-49f6-9970-fd413bfc544a", "title": "My Calendar < 1.10.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "[*, 1.10.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97ad1b6e-2f2b-49f6-9970-fd413bfc544a?source=api-scan" ], "published": "2012-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97b10f88-1911-4416-a5cd-83b4c991e6c9": { "id": "97b10f88-1911-4416-a5cd-83b4c991e6c9", "title": "Loading Page with Loading Screen <= 1.0.82 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Loading Page with Loading Screen", "slug": "loading-page", "affected_versions": { "* - 1.0.82": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.82", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.83" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97b10f88-1911-4416-a5cd-83b4c991e6c9?source=api-scan" ], "published": "2022-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97bff7aa-d304-4ccd-bfca-d3f18568df6c": { "id": "97bff7aa-d304-4ccd-bfca-d3f18568df6c", "title": "dhtmlxSpreadsheet <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "dhtmlxspreadsheet", "slug": "dhtmlxspreadsheet", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97bff7aa-d304-4ccd-bfca-d3f18568df6c?source=api-scan" ], "published": "2013-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97c07a3e-4538-4e0f-a597-6b843ff7feb5": { "id": "97c07a3e-4538-4e0f-a597-6b843ff7feb5", "title": "Easy2Map <= 1.2.4 - Directory Traversal", "software": [ { "type": "plugin", "name": "Easy2Map", "slug": "easy2map", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97c07a3e-4538-4e0f-a597-6b843ff7feb5?source=api-scan" ], "published": "2015-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97c1aeee-a82e-4d09-bffb-a91a89d0ea1e": { "id": "97c1aeee-a82e-4d09-bffb-a91a89d0ea1e", "title": "real.Kit <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "real.Kit", "slug": "real-kit", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97c1aeee-a82e-4d09-bffb-a91a89d0ea1e?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97c24208-46b2-48a0-a87b-78e642c044cd": { "id": "97c24208-46b2-48a0-a87b-78e642c044cd", "title": "WP Pro Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Pro Real Estate 7", "slug": "realestate-7", "affected_versions": { "[*, 3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97c24208-46b2-48a0-a87b-78e642c044cd?source=api-scan" ], "published": "2021-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97c441c3-ae8b-4b7a-8480-da81c0f339ab": { "id": "97c441c3-ae8b-4b7a-8480-da81c0f339ab", "title": "Donate With QRCode <= 1.4.5 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "\u535a\u5ba2\u793e\u4ea4\u5206\u4eab\u7ec4\u4ef6", "slug": "donate-with-qrcode", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97c441c3-ae8b-4b7a-8480-da81c0f339ab?source=api-scan" ], "published": "2021-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97c68df7-69fd-4817-9473-3d3e1fd6d348": { "id": "97c68df7-69fd-4817-9473-3d3e1fd6d348", "title": "WooCommerce Product Enquiry <= 2.6.0 - Unauthenticated Self-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Product Enquiry", "slug": "woo-product-enquiry", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97c68df7-69fd-4817-9473-3d3e1fd6d348?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97c7b0bc-4c73-4330-851a-2d6d6d0b62c9": { "id": "97c7b0bc-4c73-4330-851a-2d6d6d0b62c9", "title": "Easy Social Icons <= 3.1.3 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97c7b0bc-4c73-4330-851a-2d6d6d0b62c9?source=api-scan" ], "published": "2022-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97c8858a-f05d-4159-b914-4e6ae9bf0d79": { "id": "97c8858a-f05d-4159-b914-4e6ae9bf0d79", "title": "Custom Options Plus <= 1.8.1 - Cross-Site Request Forgery via custom_options_plus_adm", "software": [ { "type": "plugin", "name": "Custom Options Plus", "slug": "custom-options-plus", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97c8858a-f05d-4159-b914-4e6ae9bf0d79?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97c921e4-a05d-43db-9fe7-3dac8ea4d249": { "id": "97c921e4-a05d-43db-9fe7-3dac8ea4d249", "title": "The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "[*, 4.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97c921e4-a05d-43db-9fe7-3dac8ea4d249?source=api-scan" ], "published": "2021-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97cb7216-fe65-46db-9ab2-62d409f056cd": { "id": "97cb7216-fe65-46db-9ab2-62d409f056cd", "title": "Smartarget Message Bar <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smartarget Message Bar", "slug": "smartarget-message-bar", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97cb7216-fe65-46db-9ab2-62d409f056cd?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97cbf2d7-2fdc-4c10-872d-add54687dd9b": { "id": "97cbf2d7-2fdc-4c10-872d-add54687dd9b", "title": "Forminator <= 1.15.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.15.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97cbf2d7-2fdc-4c10-872d-add54687dd9b?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97cdcc23-4f63-4976-bc47-805d5dbbee09": { "id": "97cdcc23-4f63-4976-bc47-805d5dbbee09", "title": "Fixedly Media Gallery <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fixedly Media Gallery", "slug": "fixedly", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97cdcc23-4f63-4976-bc47-805d5dbbee09?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97ced4ed-915b-4234-b59d-75db983f90e8": { "id": "97ced4ed-915b-4234-b59d-75db983f90e8", "title": "Ultimate Member <= 2.6.0 - Cross-Site Request Forgery to Form Duplication", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97ced4ed-915b-4234-b59d-75db983f90e8?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97d78b4b-568e-43e7-bebf-091179c321f6": { "id": "97d78b4b-568e-43e7-bebf-091179c321f6", "title": "Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin <= 3.6.3 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "PrettyLinks \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "pretty-link", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97d78b4b-568e-43e7-bebf-091179c321f6?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97d83816-5a27-4172-a7fe-724870f2ca77": { "id": "97d83816-5a27-4172-a7fe-724870f2ca77", "title": "WP ULike <= 4.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "* - 4.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97d83816-5a27-4172-a7fe-724870f2ca77?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97dd7e1a-9189-4a35-9cd0-e80b5d9a0e9f": { "id": "97dd7e1a-9189-4a35-9cd0-e80b5d9a0e9f", "title": "Passster <= 3.5.5.5.1 - Insecure Password Storage to Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Passster \u2013 Password Protect Pages and Content", "slug": "content-protector", "affected_versions": { "* - 3.5.5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97dd7e1a-9189-4a35-9cd0-e80b5d9a0e9f?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97e9037e-7d7a-4dad-bce1-0211822c04c1": { "id": "97e9037e-7d7a-4dad-bce1-0211822c04c1", "title": "Shared Files \u2013 Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.60 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "slug": "shared-files", "affected_versions": { "[*, 1.6.61)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.61", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97e9037e-7d7a-4dad-bce1-0211822c04c1?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97e97825-8144-423c-ac4c-3c5ae0dbbb10": { "id": "97e97825-8144-423c-ac4c-3c5ae0dbbb10", "title": "RentPress <= 6.6.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RentPress", "slug": "rentpress", "affected_versions": { "* - 6.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97e97825-8144-423c-ac4c-3c5ae0dbbb10?source=api-scan" ], "published": "2021-09-08 20:09:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97ed0ef5-2a01-4531-a844-81766bdfc7c8": { "id": "97ed0ef5-2a01-4531-a844-81766bdfc7c8", "title": "WP-Recall \u2013 Registration, Profile, Commerce & More <= 16.26.5 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP-Recall \u2013 Registration, Profile, Commerce & More", "slug": "wp-recall", "affected_versions": { "* - 16.26.5": { "from_version": "*", "from_inclusive": true, "to_version": "16.26.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97ed0ef5-2a01-4531-a844-81766bdfc7c8?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97f16bad-f0ad-44cc-bb07-04ce33d0cdf9": { "id": "97f16bad-f0ad-44cc-bb07-04ce33d0cdf9", "title": "SEO Backlink Monitor <= 1.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Backlink Monitor", "slug": "seo-backlink-monitor", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97f16bad-f0ad-44cc-bb07-04ce33d0cdf9?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97f2b71f-ef3e-4826-8e78-62820672ec0c": { "id": "97f2b71f-ef3e-4826-8e78-62820672ec0c", "title": "Spotlight <= 4.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spotlight", "slug": "spotlightyour", "affected_versions": { "* - 4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97f2b71f-ef3e-4826-8e78-62820672ec0c?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97f6e03b-19ac-450b-9895-45f7d5328907": { "id": "97f6e03b-19ac-450b-9895-45f7d5328907", "title": "WP Photo Album Plus < 6.1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "[*, 6.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97f6e03b-19ac-450b-9895-45f7d5328907?source=api-scan" ], "published": "2015-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97f8549a-292d-4a6d-8ec0-550467e5cf0f": { "id": "97f8549a-292d-4a6d-8ec0-550467e5cf0f", "title": "Custom Permalinks <= 2.6.0 - Authenticated(Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Permalinks", "slug": "custom-permalinks", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97f8549a-292d-4a6d-8ec0-550467e5cf0f?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97fbbf5b-d3c7-47ce-b251-ce1fe38af152": { "id": "97fbbf5b-d3c7-47ce-b251-ce1fe38af152", "title": "WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness", "software": [ { "type": "plugin", "name": "WooCommerce - Social Login", "slug": "woo-social-login", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=api-scan" ], "published": "2024-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97fc00d0-ca3d-462a-ac9f-bfac4c882cc1": { "id": "97fc00d0-ca3d-462a-ac9f-bfac4c882cc1", "title": "White Label CMS < 1.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "White Label CMS", "slug": "white-label-cms", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97fc00d0-ca3d-462a-ac9f-bfac4c882cc1?source=api-scan" ], "published": "2012-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "97fd7952-a7f0-4797-82cd-840c0a3e5fbe": { "id": "97fd7952-a7f0-4797-82cd-840c0a3e5fbe", "title": "Ultimate Member <= 1.3.28 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 1.3.29)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.29", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/97fd7952-a7f0-4797-82cd-840c0a3e5fbe?source=api-scan" ], "published": "2015-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98053141-fe97-4bd4-b820-b6cca3426109": { "id": "98053141-fe97-4bd4-b820-b6cca3426109", "title": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98053141-fe97-4bd4-b820-b6cca3426109?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98085a23-0cb6-442a-a28a-cb5c2890b60d": { "id": "98085a23-0cb6-442a-a28a-cb5c2890b60d", "title": "BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal", "software": [ { "type": "plugin", "name": "BackWPup \u2013 WordPress Backup & Restore Plugin", "slug": "backwpup", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98085a23-0cb6-442a-a28a-cb5c2890b60d?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "980a9237-7dea-4058-a850-b849457b4fef": { "id": "980a9237-7dea-4058-a850-b849457b4fef", "title": "JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 3.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/980a9237-7dea-4058-a850-b849457b4fef?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "980c1f30-0877-4437-aff8-6d5235b6a4d6": { "id": "980c1f30-0877-4437-aff8-6d5235b6a4d6", "title": "i-amaze <= 1.3.7 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "i-amaze", "slug": "i-amaze", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/980c1f30-0877-4437-aff8-6d5235b6a4d6?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "980d1726-375f-41b2-a67c-1b934e20312c": { "id": "980d1726-375f-41b2-a67c-1b934e20312c", "title": "Easy Digital Downloads \u2013 Attach Accounts to Orders <= 2.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Attach Accounts to Orders", "slug": "edd-attach-accounts-to-orders", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/980d1726-375f-41b2-a67c-1b934e20312c?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "980ed456-b6a9-4ca0-99ce-513b20af6d8f": { "id": "980ed456-b6a9-4ca0-99ce-513b20af6d8f", "title": "WP Print Friendly <= 0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Print Friendly", "slug": "wp-print-friendly", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/980ed456-b6a9-4ca0-99ce-513b20af6d8f?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9814c782-2a78-4501-be05-b759db99b485": { "id": "9814c782-2a78-4501-be05-b759db99b485", "title": "Analyse Uploads <= 0.5 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Analyse Uploads", "slug": "analyse-uploads", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9814c782-2a78-4501-be05-b759db99b485?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "981639a3-63c4-4b3f-827f-4d770bd44806": { "id": "981639a3-63c4-4b3f-827f-4d770bd44806", "title": "Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/981639a3-63c4-4b3f-827f-4d770bd44806?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "981908d3-e1e7-4093-a2ee-69aa50127731": { "id": "981908d3-e1e7-4093-a2ee-69aa50127731", "title": "Custom Order Numbers for WooCommerce <= 1.6.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Custom Order Numbers for WooCommerce", "slug": "custom-order-numbers-for-woocommerce", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/981908d3-e1e7-4093-a2ee-69aa50127731?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9820b52b-540a-47e8-9e5f-274ef1720ffa": { "id": "9820b52b-540a-47e8-9e5f-274ef1720ffa", "title": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.14.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9820b52b-540a-47e8-9e5f-274ef1720ffa?source=api-scan" ], "published": "2024-06-06 15:35:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9821e51c-1042-47b8-b104-32f5651c31c9": { "id": "9821e51c-1042-47b8-b104-32f5651c31c9", "title": "TextMe SMS <= 1.8.8 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TextMe SMS", "slug": "textme-sms-integration", "affected_versions": { "[*, 1.8.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9821e51c-1042-47b8-b104-32f5651c31c9?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "982680a5-c534-4038-ae80-e59aa9761174": { "id": "982680a5-c534-4038-ae80-e59aa9761174", "title": "Pinpoint Booking System <= 2.9.9.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "* - 2.9.9.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/982680a5-c534-4038-ae80-e59aa9761174?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9826c91c-0f6e-4d3b-bc14-4af6b60ef246": { "id": "9826c91c-0f6e-4d3b-bc14-4af6b60ef246", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.112": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.112", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.113" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9826c91c-0f6e-4d3b-bc14-4af6b60ef246?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "982817f8-c85c-4e25-a33a-6fbf3ab06808": { "id": "982817f8-c85c-4e25-a33a-6fbf3ab06808", "title": "Google Doc Embedder < 2.5.4 - Directory Traversal", "software": [ { "type": "plugin", "name": "Google Doc Embedder", "slug": "google-document-embedder", "affected_versions": { "[*, 2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/982817f8-c85c-4e25-a33a-6fbf3ab06808?source=api-scan" ], "published": "2013-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98286172-99b0-43d6-9876-972e270aa19f": { "id": "98286172-99b0-43d6-9876-972e270aa19f", "title": "Theme Editor <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Theme Editor", "slug": "theme-editor", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98286172-99b0-43d6-9876-972e270aa19f?source=api-scan" ], "published": "2019-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9829ec10-ad37-4345-b4d6-cd0429b2d8f7": { "id": "9829ec10-ad37-4345-b4d6-cd0429b2d8f7", "title": "Booking Manager <= 2.1.5 - Authenticated(Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Booking Manager \u2013 Sync WP Booking Calendar \u2013 Import Events, Export Bookings to ICS Calendar", "slug": "booking-manager", "affected_versions": { "[*, 2.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9829ec10-ad37-4345-b4d6-cd0429b2d8f7?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "982bc924-1dcd-47b5-b15a-4ff0ad123ad1": { "id": "982bc924-1dcd-47b5-b15a-4ff0ad123ad1", "title": "PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes", "slug": "revisionary", "affected_versions": { "* - 3.5.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/982bc924-1dcd-47b5-b15a-4ff0ad123ad1?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "982be9d7-fe9f-40c6-a474-fcc2d6455839": { "id": "982be9d7-fe9f-40c6-a474-fcc2d6455839", "title": "Booking Calendar <= 9.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 9.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/982be9d7-fe9f-40c6-a474-fcc2d6455839?source=api-scan" ], "published": "2022-09-06 14:36:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "982fb304-08d6-4195-97a3-f18e94295492": { "id": "982fb304-08d6-4195-97a3-f18e94295492", "title": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 6.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/982fb304-08d6-4195-97a3-f18e94295492?source=api-scan" ], "published": "2024-05-21 16:56:59", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9831ebf6-a6a6-4495-8cda-969c7d7d3a6c": { "id": "9831ebf6-a6a6-4495-8cda-969c7d7d3a6c", "title": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 3.4.7 -Authentication Bypass via Password Reset Weakness", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 3.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9831ebf6-a6a6-4495-8cda-969c7d7d3a6c?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9832c598-aa12-4a98-8e0f-643ecbe75839": { "id": "9832c598-aa12-4a98-8e0f-643ecbe75839", "title": "Strong Testimonials <= 2.40.0 - Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 2.40.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.40.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.40.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9832c598-aa12-4a98-8e0f-643ecbe75839?source=api-scan" ], "published": "2020-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98358366-7cb0-40ae-a931-10985c916af1": { "id": "98358366-7cb0-40ae-a931-10985c916af1", "title": "Potent Donations for WooCommerce <= 1.1.9 - Cross-Site Request Forgery in hm_wcdon_admin_page", "software": [ { "type": "plugin", "name": "Potent Donations for WooCommerce", "slug": "donations-for-woocommerce", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98358366-7cb0-40ae-a931-10985c916af1?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98361cfd-1277-43fd-b0da-db2549628383": { "id": "98361cfd-1277-43fd-b0da-db2549628383", "title": "Envira Gallery Lite <= 1.8.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery", "slug": "envira-gallery-lite", "affected_versions": { "[*, 1.8.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98361cfd-1277-43fd-b0da-db2549628383?source=api-scan" ], "published": "2020-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "983a5b15-adf7-4f34-bf2a-30857ada2753": { "id": "983a5b15-adf7-4f34-bf2a-30857ada2753", "title": "Page-list <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page-list", "slug": "page-list", "affected_versions": { "* - 5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/983a5b15-adf7-4f34-bf2a-30857ada2753?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "983a9501-cb09-436a-8b0d-392cfef8643b": { "id": "983a9501-cb09-436a-8b0d-392cfef8643b", "title": "Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/983a9501-cb09-436a-8b0d-392cfef8643b?source=api-scan" ], "published": "2023-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "983b4fac-cf27-4156-85a0-e4db90aee327": { "id": "983b4fac-cf27-4156-85a0-e4db90aee327", "title": "Felici Premium Magazine Theme <= 1.7 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Felici - WordPress Magazine Theme | Blog \/ Magazine", "slug": "felici", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/983b4fac-cf27-4156-85a0-e4db90aee327?source=api-scan" ], "published": "2013-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "983c603b-b9bb-4942-b554-345535886aea": { "id": "983c603b-b9bb-4942-b554-345535886aea", "title": "World of Warcraft \u2013 Armory Table < 0.2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "World of Warcraft \u2013 Armory Table", "slug": "world-of-warcraft-armory-table", "affected_versions": { "[*, 0.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/983c603b-b9bb-4942-b554-345535886aea?source=api-scan" ], "published": "2014-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "983e8ec0-fec4-4420-8ef6-6bf43881f5f1": { "id": "983e8ec0-fec4-4420-8ef6-6bf43881f5f1", "title": "Accelerated Mobile Pages <= 1.0.88.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 1.0.88.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.88.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.89" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/983e8ec0-fec4-4420-8ef6-6bf43881f5f1?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9841b57b-b869-4282-8781-60538f6f269f": { "id": "9841b57b-b869-4282-8781-60538f6f269f", "title": "Add Custom Body Class <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Custom Body Class", "slug": "add-custom-body-class", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9841b57b-b869-4282-8781-60538f6f269f?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "984bfc69-e203-4a06-9d4b-2185ecf771bd": { "id": "984bfc69-e203-4a06-9d4b-2185ecf771bd", "title": "Time Sheets < 1.5.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Time Sheets", "slug": "time-sheets", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/984bfc69-e203-4a06-9d4b-2185ecf771bd?source=api-scan" ], "published": "2017-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2": { "id": "984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2", "title": "Cost of Goods for WooCommerce <= 2.8.6 - Missing Authorization in save_costs", "software": [ { "type": "plugin", "name": "Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce", "slug": "cost-of-goods-for-woocommerce", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98527ebf-26a3-4900-84b5-3d2245783e8e": { "id": "98527ebf-26a3-4900-84b5-3d2245783e8e", "title": "BuddyPress BP Gallery Plus <= 1.2.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress BP Gallery Plus", "slug": "bp-gallery", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98527ebf-26a3-4900-84b5-3d2245783e8e?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9852e499-f413-4218-9bac-6c2be62ecc32": { "id": "9852e499-f413-4218-9bac-6c2be62ecc32", "title": "DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "DW Question & Answer", "slug": "dw-question-answer", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9852e499-f413-4218-9bac-6c2be62ecc32?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98536242-64c7-4e02-aa00-a3efbf5c90d8": { "id": "98536242-64c7-4e02-aa00-a3efbf5c90d8", "title": "Custom Fonts \u2013 Host Your Fonts Locally <= 2.1.4 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Fonts \u2013 Host Your Fonts Locally", "slug": "custom-fonts", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98536242-64c7-4e02-aa00-a3efbf5c90d8?source=api-scan" ], "published": "2024-05-23 17:52:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9854d09a-2fab-46e6-9fc1-ff6d68df2662": { "id": "9854d09a-2fab-46e6-9fc1-ff6d68df2662", "title": "Request a Quote <= 2.3.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Request a Quote", "slug": "request-a-quote", "affected_versions": { "[*, 2.3.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9854d09a-2fab-46e6-9fc1-ff6d68df2662?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98553e47-f121-4300-b6d9-ab309516cf1d": { "id": "98553e47-f121-4300-b6d9-ab309516cf1d", "title": "WP MAPS <= 4.3.9 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "* - 4.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98553e47-f121-4300-b6d9-ab309516cf1d?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "985fd6a4-282a-48e9-9149-69e6ee794667": { "id": "985fd6a4-282a-48e9-9149-69e6ee794667", "title": "Booster for WooCommerce <= 5.5.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/985fd6a4-282a-48e9-9149-69e6ee794667?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "986957ab-7394-457e-9a6f-f6b96b56cd15": { "id": "986957ab-7394-457e-9a6f-f6b96b56cd15", "title": "Breadcrumbs Shortcode <= 1.44 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Breadcrumbs Shortcode", "slug": "breadcrumbs-shortcode", "affected_versions": { "* - 1.44": { "from_version": "*", "from_inclusive": true, "to_version": "1.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/986957ab-7394-457e-9a6f-f6b96b56cd15?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "986d16d5-f1f4-4ed9-9978-0f12ee22a543": { "id": "986d16d5-f1f4-4ed9-9978-0f12ee22a543", "title": "Simple Custom Author Profiles <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Custom Author Profiles", "slug": "simple-custom-author-profiles", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/986d16d5-f1f4-4ed9-9978-0f12ee22a543?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9870db7f-0c8e-44a4-aa0f-13709d773756": { "id": "9870db7f-0c8e-44a4-aa0f-13709d773756", "title": "SimpleShop <= 2.10.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SimpleShop", "slug": "simpleshop-cz", "affected_versions": { "* - 2.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9870db7f-0c8e-44a4-aa0f-13709d773756?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9871f683-136e-45b5-90fb-a373a771014b": { "id": "9871f683-136e-45b5-90fb-a373a771014b", "title": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.7.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9871f683-136e-45b5-90fb-a373a771014b?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98730677-200b-4b1a-8568-7af8b2b0e94b": { "id": "98730677-200b-4b1a-8568-7af8b2b0e94b", "title": "Welcome Bar <= 2.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Welcome Bar", "slug": "intelly-welcome-bar", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98730677-200b-4b1a-8568-7af8b2b0e94b?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98780ecc-fb45-4392-955d-ddecf9f7fca1": { "id": "98780ecc-fb45-4392-955d-ddecf9f7fca1", "title": "Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Light Weight Social Share (Tweet, Like, Share and Linkedin)", "slug": "only-tweet-like-share-and-google-1", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98780ecc-fb45-4392-955d-ddecf9f7fca1?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9879150f-ea35-4b05-af67-06f82714c430": { "id": "9879150f-ea35-4b05-af67-06f82714c430", "title": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9879150f-ea35-4b05-af67-06f82714c430?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "987dcb6e-0f58-484f-9e9d-5ac721c145ca": { "id": "987dcb6e-0f58-484f-9e9d-5ac721c145ca", "title": "Gold Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gold Addons for Elementor", "slug": "gold-addons-for-elementor", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/987dcb6e-0f58-484f-9e9d-5ac721c145ca?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "988c1968-ef92-4d3d-bbd5-88e73512ebb4": { "id": "988c1968-ef92-4d3d-bbd5-88e73512ebb4", "title": "Require & Limit Categories, Tags, Featured Image and taxonomies <= 1.26 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Require & Limit Categories, Tags, Featured Image and taxonomies", "slug": "require-taxonomy-image-category-tag", "affected_versions": { "* - 1.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/988c1968-ef92-4d3d-bbd5-88e73512ebb4?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "988d7b33-f985-4d22-a2db-3922002fcecb": { "id": "988d7b33-f985-4d22-a2db-3922002fcecb", "title": "Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Timetable and Event Schedule by MotoPress", "slug": "mp-timetable", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/988d7b33-f985-4d22-a2db-3922002fcecb?source=api-scan" ], "published": "2020-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "988f102e-08b6-4436-be03-fc37a4084ca1": { "id": "988f102e-08b6-4436-be03-fc37a4084ca1", "title": "All-in-One Addons for Elementor - WidgetKit <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-One Addons for Elementor \u2013 WidgetKit", "slug": "widgetkit-for-elementor", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/988f102e-08b6-4436-be03-fc37a4084ca1?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9890c852-a38d-4429-bd75-751bd0f986fc": { "id": "9890c852-a38d-4429-bd75-751bd0f986fc", "title": "LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.7.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9890c852-a38d-4429-bd75-751bd0f986fc?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9891587b-2a63-41be-b79d-afe407dd57fa": { "id": "9891587b-2a63-41be-b79d-afe407dd57fa", "title": "Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode", "software": [ { "type": "plugin", "name": "Custom Field For WP Job Manager", "slug": "custom-field-for-wp-job-manager", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9891587b-2a63-41be-b79d-afe407dd57fa?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "989836fc-a15d-4424-be0e-348e1acc7466": { "id": "989836fc-a15d-4424-be0e-348e1acc7466", "title": "WP Like Button <= 1.6.11 - Cross-Site Request Forgery via 'saveData'", "software": [ { "type": "plugin", "name": "WP Like Button", "slug": "wp-like-button", "affected_versions": { "* - 1.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/989836fc-a15d-4424-be0e-348e1acc7466?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "989bd778-c7b2-41c5-ac4a-2f1a4e594f0d": { "id": "989bd778-c7b2-41c5-ac4a-2f1a4e594f0d", "title": "Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=api-scan" ], "published": "2024-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "989f4c4b-e0d6-4755-89ef-6cf4624f5473": { "id": "989f4c4b-e0d6-4755-89ef-6cf4624f5473", "title": "Sensei LMS <= 4.4.3 - Information Disclosure", "software": [ { "type": "plugin", "name": "Sensei LMS \u2013 Online Courses, Quizzes, & Learning", "slug": "sensei-lms", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/989f4c4b-e0d6-4755-89ef-6cf4624f5473?source=api-scan" ], "published": "2022-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98a2570c-c757-44ad-9981-af0bf2d3c341": { "id": "98a2570c-c757-44ad-9981-af0bf2d3c341", "title": "WP Job Portal <= 2.0.1 - Cross-Site Request Forgery to Settings Modification", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98a2570c-c757-44ad-9981-af0bf2d3c341?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98a274eb-036f-44f1-861d-1cfea0b34d7f": { "id": "98a274eb-036f-44f1-861d-1cfea0b34d7f", "title": "LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "LearnPress Export Import \u2013 WordPress extension for LearnPress", "slug": "learnpress-import-export", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98a274eb-036f-44f1-861d-1cfea0b34d7f?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98a734d2-ea6f-4053-94b5-d20d6418b3ae": { "id": "98a734d2-ea6f-4053-94b5-d20d6418b3ae", "title": "Groundhogg <= 3.4.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 3.4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98a734d2-ea6f-4053-94b5-d20d6418b3ae?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98a73a02-33fa-4dd4-9606-3d35d58c2398": { "id": "98a73a02-33fa-4dd4-9606-3d35d58c2398", "title": "Zephyr Project Manager <= 3.3.100 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.100": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.100", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.101" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98a73a02-33fa-4dd4-9606-3d35d58c2398?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98ab264f-b210-41d0-bb6f-b4f31d933f80": { "id": "98ab264f-b210-41d0-bb6f-b4f31d933f80", "title": "Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization", "software": [ { "type": "plugin", "name": "Jetpack CRM \u2013 Clients, Leads, Invoices, Billing, Email Marketing, & Automation", "slug": "zero-bs-crm", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98ab264f-b210-41d0-bb6f-b4f31d933f80?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98acac5c-65d7-4aaf-adcc-a58515c28fc3": { "id": "98acac5c-65d7-4aaf-adcc-a58515c28fc3", "title": "WordPress Core < 4.7.3 - Cross-Site Scripting via Taxonomy names", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.18": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.18", "to_inclusive": true }, "3.8 - 3.8.18": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.18", "to_inclusive": true }, "3.9 - 3.9.16": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.16", "to_inclusive": true }, "4.0 - 4.0.15": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.15", "to_inclusive": true }, "4.1 - 4.1.15": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.15", "to_inclusive": true }, "4.2 - 4.2.12": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.12", "to_inclusive": true }, "4.3 - 4.3.8": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.8", "to_inclusive": true }, "4.4 - 4.4.7": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true }, "4.5 - 4.5.6": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": true }, "4.6 - 4.6.3": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true }, "4.7 - 4.7.2": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.19", "3.8.19", "3.9.17", "4.0.16", "4.1.16", "4.2.13", "4.3.9", "4.4.8", "4.5.7", "4.6.4", "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98acac5c-65d7-4aaf-adcc-a58515c28fc3?source=api-scan" ], "published": "2017-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98adce63-69e6-4a3b-97fe-ecd0480659f4": { "id": "98adce63-69e6-4a3b-97fe-ecd0480659f4", "title": "Affiliate Manager <= 2.8.6 - Admin+ SQL injection", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98adce63-69e6-4a3b-97fe-ecd0480659f4?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98ae3315-8361-43bb-be2c-1564f4df8d5b": { "id": "98ae3315-8361-43bb-be2c-1564f4df8d5b", "title": "Store Locator <= 3.98.7 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Store Locator for WordPress with Google Maps \u2013 LotsOfLocales", "slug": "store-locator", "affected_versions": { "* - 3.98.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.98.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.98.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98ae3315-8361-43bb-be2c-1564f4df8d5b?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98be1eb8-ee7d-4a39-b70f-5037b651ba96": { "id": "98be1eb8-ee7d-4a39-b70f-5037b651ba96", "title": "Pixel Cat \u2013 Conversion Pixel Manager <= 2.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pixel Cat \u2013 Conversion Pixel Manager", "slug": "facebook-conversion-pixel", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98be1eb8-ee7d-4a39-b70f-5037b651ba96?source=api-scan" ], "published": "2021-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98bff131-dee2-4549-9167-69dc3f8d6b9d": { "id": "98bff131-dee2-4549-9167-69dc3f8d6b9d", "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98bff131-dee2-4549-9167-69dc3f8d6b9d?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98c2d04d-c401-411f-8bf0-4aebb1779e8d": { "id": "98c2d04d-c401-411f-8bf0-4aebb1779e8d", "title": "Analytics Cat \u2013 Google Analytics Made Easy <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Analytics Cat \u2013 Google Analytics Made Easy", "slug": "analytics-cat", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98c2d04d-c401-411f-8bf0-4aebb1779e8d?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98c9c9cb-ca35-461e-9ca6-733012332fd6": { "id": "98c9c9cb-ca35-461e-9ca6-733012332fd6", "title": "MakeStories (for Web Stories) <= 2.6.4 - Cross-Ste Scripting", "software": [ { "type": "plugin", "name": "MakeStories (for Google Web Stories)", "slug": "makestories-helper", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98c9c9cb-ca35-461e-9ca6-733012332fd6?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98cb9fdd-d01d-4ad2-a617-6c0da702e8fd": { "id": "98cb9fdd-d01d-4ad2-a617-6c0da702e8fd", "title": "Advanced Classifieds & Directory Pro <= 3.1.3 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Advanced Classifieds & Directory Pro", "slug": "advanced-classifieds-and-directory-pro", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98cb9fdd-d01d-4ad2-a617-6c0da702e8fd?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98ccc604-79c6-4be9-acb0-23fc82a31dfa": { "id": "98ccc604-79c6-4be9-acb0-23fc82a31dfa", "title": "Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts", "software": [ { "type": "theme", "name": "Porto", "slug": "porto", "affected_versions": { "* - 7.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98ccc604-79c6-4be9-acb0-23fc82a31dfa?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98cf2a10-cc53-4479-87d1-71489f6a8c51": { "id": "98cf2a10-cc53-4479-87d1-71489f6a8c51", "title": "Social Warfare <= 3.5.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Social Warfare", "slug": "social-warfare", "affected_versions": { "[*, 3.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=api-scan" ], "published": "2021-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98d008a4-5dbf-410f-8753-d5aeb28b4447": { "id": "98d008a4-5dbf-410f-8753-d5aeb28b4447", "title": "Swim Team < 1.45.1085 - Directory Traversal", "software": [ { "type": "plugin", "name": "Swim Team", "slug": "wp-swimteam", "affected_versions": { "* - 1.44.1077": { "from_version": "*", "from_inclusive": true, "to_version": "1.44.1077", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.45.1085" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98d008a4-5dbf-410f-8753-d5aeb28b4447?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98df8fbb-51c3-4b6c-8f99-56abfe11447e": { "id": "98df8fbb-51c3-4b6c-8f99-56abfe11447e", "title": "Image Optimizer, Resizer and CDN \u2013 Sirv < 1.3.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98df8fbb-51c3-4b6c-8f99-56abfe11447e?source=api-scan" ], "published": "2016-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98dffc17-ac45-4ccd-ae57-96b36bd02be3": { "id": "98dffc17-ac45-4ccd-ae57-96b36bd02be3", "title": "WOLF <= 1.0.7 - Cross-Site Request Forgery via create_profile", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98dffc17-ac45-4ccd-ae57-96b36bd02be3?source=api-scan" ], "published": "2023-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98e0d103-2369-4c6a-93ae-6be2a1770bae": { "id": "98e0d103-2369-4c6a-93ae-6be2a1770bae", "title": "Dynamics 365 Integration <= 1.3.12 - Cross-Site Request Forgery via wp_ajax_wpcrm_log_verbosity", "software": [ { "type": "plugin", "name": "Dynamics 365 Integration", "slug": "integration-dynamics", "affected_versions": { "* - 1.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98e0d103-2369-4c6a-93ae-6be2a1770bae?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98e1468e-b36a-426c-aa9e-f086c052d645": { "id": "98e1468e-b36a-426c-aa9e-f086c052d645", "title": "Meks Smart Author Widget <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meks Smart Author Widget", "slug": "meks-smart-author-widget", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98e1468e-b36a-426c-aa9e-f086c052d645?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98e22884-f7d6-47df-9b1b-9232c48e3685": { "id": "98e22884-f7d6-47df-9b1b-9232c48e3685", "title": "URL Params <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "URL Params", "slug": "url-params", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98e22884-f7d6-47df-9b1b-9232c48e3685?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98e47920-fb99-478d-9d6c-1612e8b4aca1": { "id": "98e47920-fb99-478d-9d6c-1612e8b4aca1", "title": "Contact Form to DB <= 1.5.6 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress", "slug": "contact-form-to-db", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98e47920-fb99-478d-9d6c-1612e8b4aca1?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98e74a23-b586-4d6a-b1ab-78838b0eed61": { "id": "98e74a23-b586-4d6a-b1ab-78838b0eed61", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98e74a23-b586-4d6a-b1ab-78838b0eed61?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98e8e09c-f2fe-40ab-b1ce-62a1627b6b65": { "id": "98e8e09c-f2fe-40ab-b1ce-62a1627b6b65", "title": "CoCart \u2013 Headless ecommerce <= 3.11.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "CoCart \u2013 Decoupling Made Easy for WooCommerce", "slug": "cart-rest-api-for-woocommerce", "affected_versions": { "* - 3.11.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98e8e09c-f2fe-40ab-b1ce-62a1627b6b65?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98ebcc70-58c3-4c9d-a1cd-776c159647ed": { "id": "98ebcc70-58c3-4c9d-a1cd-776c159647ed", "title": "WP Tabs Slides <= 2.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Tabs Slides", "slug": "wordpress-tabs-slides", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98ebcc70-58c3-4c9d-a1cd-776c159647ed?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98ef80a3-4d57-45ae-87cf-d5768b26c27e": { "id": "98ef80a3-4d57-45ae-87cf-d5768b26c27e", "title": "EventPrime <= 3.3.2 - Improper Server-Side Checks to Booking Payment Bypass", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98ef80a3-4d57-45ae-87cf-d5768b26c27e?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98f80608-f24f-4019-a757-de71cba9902f": { "id": "98f80608-f24f-4019-a757-de71cba9902f", "title": "Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Payment Forms for Paystack", "slug": "payment-forms-for-paystack", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98f80608-f24f-4019-a757-de71cba9902f?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "98f87769-d4e4-4e27-9acf-a4e52bdbf734": { "id": "98f87769-d4e4-4e27-9acf-a4e52bdbf734", "title": "WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "[*, 5.10.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/98f87769-d4e4-4e27-9acf-a4e52bdbf734?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9905517f-236c-4e98-8026-8d54bf64c7c9": { "id": "9905517f-236c-4e98-8026-8d54bf64c7c9", "title": "Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Button", "slug": "button", "affected_versions": { "* - 1.1.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9905517f-236c-4e98-8026-8d54bf64c7c9?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "990b3318-e3e1-4a19-875c-80d5d639ca4a": { "id": "990b3318-e3e1-4a19-875c-80d5d639ca4a", "title": "Meks Easy Social Share <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meks Easy Social Share", "slug": "meks-easy-social-share", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/990b3318-e3e1-4a19-875c-80d5d639ca4a?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "990d62fd-dc55-446e-b3ff-52c7c121aeb8": { "id": "990d62fd-dc55-446e-b3ff-52c7c121aeb8", "title": "Icegram <= 3.1.24 - Missing Authorization", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 3.1.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/990d62fd-dc55-446e-b3ff-52c7c121aeb8?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9911e99e-0b3b-4be1-b8cd-28593b6d12ad": { "id": "9911e99e-0b3b-4be1-b8cd-28593b6d12ad", "title": "LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LH Copy Media File", "slug": "lh-copy-media-file", "affected_versions": { "* - 1.08": { "from_version": "*", "from_inclusive": true, "to_version": "1.08", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.09" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9911e99e-0b3b-4be1-b8cd-28593b6d12ad?source=api-scan" ], "published": "2024-09-30 19:31:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99140d47-88bb-48a1-863a-93a558541800": { "id": "99140d47-88bb-48a1-863a-93a558541800", "title": "Modal Dialog <= 3.5.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modal Dialog", "slug": "modal-dialog", "affected_versions": { "[*, 3.5.15)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99140d47-88bb-48a1-863a-93a558541800?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9918ffe1-5911-48d7-84ba-8e6568d6f50c": { "id": "9918ffe1-5911-48d7-84ba-8e6568d6f50c", "title": "Newsmag < 5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Newsmag - Newspaper & Magazine WordPress Theme", "slug": "newsmag", "affected_versions": { "[*, 5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9918ffe1-5911-48d7-84ba-8e6568d6f50c?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "991ab188-869c-4875-80f3-940000a1717b": { "id": "991ab188-869c-4875-80f3-940000a1717b", "title": "Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Orders Tracking for WooCommerce", "slug": "woo-orders-tracking", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/991ab188-869c-4875-80f3-940000a1717b?source=api-scan" ], "published": "2024-05-09 20:59:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "991aefb4-2e6b-48e6-bd19-98b21a57f6db": { "id": "991aefb4-2e6b-48e6-bd19-98b21a57f6db", "title": "Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option", "software": [ { "type": "plugin", "name": "Qubely \u2013 Advanced Gutenberg Blocks", "slug": "qubely", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/991aefb4-2e6b-48e6-bd19-98b21a57f6db?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "992a91da-724f-40cc-b552-113d62fe20c1": { "id": "992a91da-724f-40cc-b552-113d62fe20c1", "title": "Vitamin < 1.1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "Vitamin", "slug": "vitamin", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/992a91da-724f-40cc-b552-113d62fe20c1?source=api-scan" ], "published": "2012-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "992abd72-2a8e-4bda-94c2-4a7f88487906": { "id": "992abd72-2a8e-4bda-94c2-4a7f88487906", "title": "Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/992abd72-2a8e-4bda-94c2-4a7f88487906?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "992b362b-b01f-4c91-83ac-dd612b93ee03": { "id": "992b362b-b01f-4c91-83ac-dd612b93ee03", "title": "Woocommerce Customers Manager <= 26.5 - Cross-Site Request Forgery to Account Creation", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "[*, 26.6)": { "from_version": "*", "from_inclusive": true, "to_version": "26.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/992b362b-b01f-4c91-83ac-dd612b93ee03?source=api-scan" ], "published": "2021-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "992f9f08-82c1-4bbd-bbd2-543ad8affe53": { "id": "992f9f08-82c1-4bbd-bbd2-543ad8affe53", "title": "WP Dynamic Keywords Injector <= 2.3.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Dynamic Keywords Injector", "slug": "wp-dynamic-keywords-injector", "affected_versions": { "* - 2.3.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/992f9f08-82c1-4bbd-bbd2-543ad8affe53?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "992fc98f-4b23-4596-81fb-5543d82fd615": { "id": "992fc98f-4b23-4596-81fb-5543d82fd615", "title": "Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/992fc98f-4b23-4596-81fb-5543d82fd615?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9933ca13-32fd-4481-a18f-21e9a11c423c": { "id": "9933ca13-32fd-4481-a18f-21e9a11c423c", "title": "Slimstat Analytics <= 4.9.2 - Reflected Cross-Site Scripting via REQUEST_URI", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 4.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9933ca13-32fd-4481-a18f-21e9a11c423c?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9939f297-e3ca-4d7d-9acd-c416ee2014c9": { "id": "9939f297-e3ca-4d7d-9acd-c416ee2014c9", "title": "WooODT Lite <= 2.4.6 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WooODT Lite \u2013 Delivery & pickup date time location for WooCommerce", "slug": "byconsole-woo-order-delivery-time", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9939f297-e3ca-4d7d-9acd-c416ee2014c9?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "993f6505-918c-45fd-8afa-4d567cc79e9e": { "id": "993f6505-918c-45fd-8afa-4d567cc79e9e", "title": "ImageBoss \u2013 Images Up To 60% Smaller & CDN < 3.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ImageBoss \u2013 Images Up To 60% Smaller & CDN", "slug": "imageboss", "affected_versions": { "[*, 3.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/993f6505-918c-45fd-8afa-4d567cc79e9e?source=api-scan" ], "published": "2020-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99418bd5-041a-4210-9571-fee6842fb692": { "id": "99418bd5-041a-4210-9571-fee6842fb692", "title": "Tracking Code Manager < 1.11.5 - Denial of Service", "software": [ { "type": "plugin", "name": "Tracking Code Manager", "slug": "tracking-code-manager", "affected_versions": { "* - 1.11.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99418bd5-041a-4210-9571-fee6842fb692?source=api-scan" ], "published": "2017-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99433521-721b-41c3-8736-fd2943901b4f": { "id": "99433521-721b-41c3-8736-fd2943901b4f", "title": "WP Support Plus Responsive Ticket System <= 4.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99433521-721b-41c3-8736-fd2943901b4f?source=api-scan" ], "published": "2014-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9945c85b-a97a-4ad0-9d0a-69faf157563a": { "id": "9945c85b-a97a-4ad0-9d0a-69faf157563a", "title": "Simple 301 Redirects <= 2.0.7 - Cross-Site Request Forgery via 'clicked'", "software": [ { "type": "plugin", "name": "Simple 301 Redirects By BetterLinks \u2013 Easy WordPress Redirect Manager for Redirects, 404 Error Log & More", "slug": "simple-301-redirects", "affected_versions": { "[*, 2.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9945c85b-a97a-4ad0-9d0a-69faf157563a?source=api-scan" ], "published": "2023-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99489cc0-2e73-4d55-b95f-46d574897fac": { "id": "99489cc0-2e73-4d55-b95f-46d574897fac", "title": "WooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WooCommerce Etsy Integration", "slug": "exportfeed-for-woocommerce-product-to-etsy", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99489cc0-2e73-4d55-b95f-46d574897fac?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "994a044d-db69-4f2d-9027-cf3665446ed3": { "id": "994a044d-db69-4f2d-9027-cf3665446ed3", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/994a044d-db69-4f2d-9027-cf3665446ed3?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9954c283-4dd5-4b78-8c86-97b93a1880b4": { "id": "9954c283-4dd5-4b78-8c86-97b93a1880b4", "title": "Xorbin Digital Flash Clock < 1.0 - DOM Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Xorbin Digital Flash Clock", "slug": "xorbin-digital-flash-clock", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9954c283-4dd5-4b78-8c86-97b93a1880b4?source=api-scan" ], "published": "2013-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99555021-68f4-4395-978d-ff1bbae9ebd4": { "id": "99555021-68f4-4395-978d-ff1bbae9ebd4", "title": "Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99555021-68f4-4395-978d-ff1bbae9ebd4?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9956e04c-ff59-40c0-a8ab-3e2ed2c52d7f": { "id": "9956e04c-ff59-40c0-a8ab-3e2ed2c52d7f", "title": "teachPress <= 9.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "teachPress", "slug": "teachpress", "affected_versions": { "* - 9.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9956e04c-ff59-40c0-a8ab-3e2ed2c52d7f?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9958d7d7-ddeb-42f4-a5bd-6dd55ec9b6e0": { "id": "9958d7d7-ddeb-42f4-a5bd-6dd55ec9b6e0", "title": "GTmetrix for WordPress <= 0.4.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GTmetrix for WordPress", "slug": "gtmetrix-for-wordpress", "affected_versions": { "* - 0.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9958d7d7-ddeb-42f4-a5bd-6dd55ec9b6e0?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "995a086a-4795-4092-823c-b941445dc361": { "id": "995a086a-4795-4092-823c-b941445dc361", "title": "Booster Elite for WooCommerce <= 7.1.2 - Authenticated(Subscriber+) Content Injection", "software": [ { "type": "plugin", "name": "Booster Elite for WooCommerce", "slug": "booster-elite-for-woocommerce", "affected_versions": { "[*, 7.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/995a086a-4795-4092-823c-b941445dc361?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "995a6c1d-fb49-4953-9828-f6594ac45fa7": { "id": "995a6c1d-fb49-4953-9828-f6594ac45fa7", "title": "Contact Form 7 Database Addon \u2013 CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Contact Form 7 Database Addon \u2013 CFDB7", "slug": "contact-form-cfdb7", "affected_versions": { "* - 1.2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/995a6c1d-fb49-4953-9828-f6594ac45fa7?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9960bae9-6f19-49eb-8f24-fdde4933671e": { "id": "9960bae9-6f19-49eb-8f24-fdde4933671e", "title": "Relevanssi \u2013 A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search (Pro)", "slug": "relevanssi-premium", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] }, { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "* - 4.22.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.22.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.22.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9960bae9-6f19-49eb-8f24-fdde4933671e?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99650c4d-d8ef-4970-af65-b22b7fdf3543": { "id": "99650c4d-d8ef-4970-af65-b22b7fdf3543", "title": "wpForo Forum <= 2.3.4 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99650c4d-d8ef-4970-af65-b22b7fdf3543?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9965ea42-56c4-4ec9-9159-d971e913469e": { "id": "9965ea42-56c4-4ec9-9159-d971e913469e", "title": "Cashtomer <= 1.0.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Cashtomer", "slug": "cashtomer", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9965ea42-56c4-4ec9-9159-d971e913469e?source=api-scan" ], "published": "2021-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "996b44bb-d1e0-4f82-b8ee-a98b0ae994f9": { "id": "996b44bb-d1e0-4f82-b8ee-a98b0ae994f9", "title": "Category Discount Woocommerce <= 4.12 - Missing Authorization via wpcd_save_discount()", "software": [ { "type": "plugin", "name": "Category Discount Woocommerce", "slug": "woo-product-category-discount", "affected_versions": { "* - 4.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "996b5e29-beea-4678-8596-04e96a343584": { "id": "996b5e29-beea-4678-8596-04e96a343584", "title": "Easy Video Player <= 1.2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Video Player", "slug": "easy-video-player", "affected_versions": { "* - 1.2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/996b5e29-beea-4678-8596-04e96a343584?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "996c7433-dd82-4216-86b9-005f43c06c3a": { "id": "996c7433-dd82-4216-86b9-005f43c06c3a", "title": "Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request", "software": [ { "type": "plugin", "name": "Envo's Elementor Templates & Widgets for WooCommerce", "slug": "envo-elementor-for-woocommerce", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/996c7433-dd82-4216-86b9-005f43c06c3a?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "996d1514-2c1f-4888-ac2f-bc58e926d3ef": { "id": "996d1514-2c1f-4888-ac2f-bc58e926d3ef", "title": "Metform Elementor Contact Form Builder <= 3.8.3 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/996d1514-2c1f-4888-ac2f-bc58e926d3ef?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "996dc1d7-12f8-467d-bf48-a7a82f1c0a41": { "id": "996dc1d7-12f8-467d-bf48-a7a82f1c0a41", "title": "Brands for WooCommerce <= 3.8.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Brands for WooCommerce", "slug": "brands-for-woocommerce", "affected_versions": { "[*, 3.8.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/996dc1d7-12f8-467d-bf48-a7a82f1c0a41?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "996e0bca-70cb-45ab-bb94-b41250e252fc": { "id": "996e0bca-70cb-45ab-bb94-b41250e252fc", "title": "My Sticky Bar <= 2.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme \u2013 My Sticky Bar (formerly myStickymenu)", "slug": "mystickymenu", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/996e0bca-70cb-45ab-bb94-b41250e252fc?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9970f9e5-ca20-4424-a501-9c8186ede497": { "id": "9970f9e5-ca20-4424-a501-9c8186ede497", "title": "Related Sites <= 2.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Related Sites", "slug": "related-sites", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9970f9e5-ca20-4424-a501-9c8186ede497?source=api-scan" ], "published": "2009-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99711f41-d21b-4725-acc8-9542283daf12": { "id": "99711f41-d21b-4725-acc8-9542283daf12", "title": "Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thumbnail carousel slider", "slug": "wp-responsive-thumbnail-slider", "affected_versions": { "[*, 1.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99711f41-d21b-4725-acc8-9542283daf12?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99721c3e-cddf-4709-aef9-92bb42e43f83": { "id": "99721c3e-cddf-4709-aef9-92bb42e43f83", "title": "WonderPlugin Audio Player < 2.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WonderPlugin Audio Player", "slug": "wonderplugin-audio", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99721c3e-cddf-4709-aef9-92bb42e43f83?source=api-scan" ], "published": "2015-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99736b2d-c8f3-4da8-bd11-cfaf32bd53ef": { "id": "99736b2d-c8f3-4da8-bd11-cfaf32bd53ef", "title": "IdeaPush <= 8.66 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IdeaPush", "slug": "ideapush", "affected_versions": { "* - 8.66": { "from_version": "*", "from_inclusive": true, "to_version": "8.66", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99736b2d-c8f3-4da8-bd11-cfaf32bd53ef?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99746867-597b-49df-aa9e-548456a58542": { "id": "99746867-597b-49df-aa9e-548456a58542", "title": "Photocrati (Unknown Versions) - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Photocrati", "slug": "photocrati-theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99746867-597b-49df-aa9e-548456a58542?source=api-scan" ], "published": "2013-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9979381e-711d-42c8-bfdf-4ee99e2e556f": { "id": "9979381e-711d-42c8-bfdf-4ee99e2e556f", "title": "Material Design Icons <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode", "software": [ { "type": "plugin", "name": "Material Design Icons", "slug": "material-design-icons", "affected_versions": { "* - 0.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9979381e-711d-42c8-bfdf-4ee99e2e556f?source=api-scan" ], "published": "2024-09-24 12:16:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9979bce7-4c9f-473d-b751-621b68300c28": { "id": "9979bce7-4c9f-473d-b751-621b68300c28", "title": "CM Tooltip Glossary <= 4.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Tooltip Glossary", "slug": "enhanced-tooltipglossary", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9979bce7-4c9f-473d-b751-621b68300c28?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "997b028c-8131-4579-8157-caecf099d7ec": { "id": "997b028c-8131-4579-8157-caecf099d7ec", "title": "Knowledge Base <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block", "software": [ { "type": "plugin", "name": "Knowledge Base", "slug": "knowledgebase", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/997b028c-8131-4579-8157-caecf099d7ec?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9985cac5-30bf-4e8b-91d5-0b3da36ed851": { "id": "9985cac5-30bf-4e8b-91d5-0b3da36ed851", "title": "WP Review Slider <= 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Review Slider", "slug": "wp-facebook-reviews", "affected_versions": { "* - 12.8": { "from_version": "*", "from_inclusive": true, "to_version": "12.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9985cac5-30bf-4e8b-91d5-0b3da36ed851?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9992c6ac-8e29-4c99-8439-663cc7c190b9": { "id": "9992c6ac-8e29-4c99-8439-663cc7c190b9", "title": "Brave Popup Builder <= 0.7.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content", "slug": "brave-popup-builder", "affected_versions": { "* - 0.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9992c6ac-8e29-4c99-8439-663cc7c190b9?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9993bdab-3fd9-42f3-b16a-d92512c6573d": { "id": "9993bdab-3fd9-42f3-b16a-d92512c6573d", "title": "NiceJob <= 3.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NiceJob", "slug": "nicejob", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9993bdab-3fd9-42f3-b16a-d92512c6573d?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9993d84e-7337-4eda-af3c-039b6d8c8fe6": { "id": "9993d84e-7337-4eda-af3c-039b6d8c8fe6", "title": "Broken Link Checker for YouTube <= 1.3 - Cross-Site Request Forgery via plugin_settings_page()", "software": [ { "type": "plugin", "name": "Broken Link Checker for YouTube", "slug": "broken-link-checker-for-youtube", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9993d84e-7337-4eda-af3c-039b6d8c8fe6?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "999475c5-5f17-47fa-a0d0-47cb5a8a0eb4": { "id": "999475c5-5f17-47fa-a0d0-47cb5a8a0eb4", "title": "Divi <= 4.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "theme", "name": "Divi", "slug": "Divi", "affected_versions": { "* - 4.23.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.23.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.23.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/999475c5-5f17-47fa-a0d0-47cb5a8a0eb4?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9995df77-5ccf-4734-ad96-234c82d50a02": { "id": "9995df77-5ccf-4734-ad96-234c82d50a02", "title": "DL Robots.txt <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DL Robots.txt", "slug": "dl-robotstxt", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9995df77-5ccf-4734-ad96-234c82d50a02?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99960ff7-62e1-4c44-ae8e-ebda3e075781": { "id": "99960ff7-62e1-4c44-ae8e-ebda3e075781", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.8.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99960ff7-62e1-4c44-ae8e-ebda3e075781?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99984fff-94e3-46fb-8241-88fcda556054": { "id": "99984fff-94e3-46fb-8241-88fcda556054", "title": "Stock Manager for WooCommerce <= 2.10.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Stock Manager for WooCommerce", "slug": "woocommerce-stock-manager", "affected_versions": { "[*, 2.11.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99984fff-94e3-46fb-8241-88fcda556054?source=api-scan" ], "published": "2023-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9999301a-002d-441b-bd66-6b7f4c46a8bf": { "id": "9999301a-002d-441b-bd66-6b7f4c46a8bf", "title": "Sign-up Sheets <= 2.2.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sign-up Sheets", "slug": "sign-up-sheets", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9999301a-002d-441b-bd66-6b7f4c46a8bf?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "999cf54e-2ea8-474d-984c-1c4f729198aa": { "id": "999cf54e-2ea8-474d-984c-1c4f729198aa", "title": "Read and Understood < 2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Read and Understood", "slug": "read-and-understood", "affected_versions": { "[*, 2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/999cf54e-2ea8-474d-984c-1c4f729198aa?source=api-scan" ], "published": "2018-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99a21d91-e17a-400e-9013-c074e76bbf6e": { "id": "99a21d91-e17a-400e-9013-c074e76bbf6e", "title": "WP-Recall \u2013 Registration, Profile, Commerce & More <= 16.26.5 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WP-Recall \u2013 Registration, Profile, Commerce & More", "slug": "wp-recall", "affected_versions": { "* - 16.26.5": { "from_version": "*", "from_inclusive": true, "to_version": "16.26.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99a21d91-e17a-400e-9013-c074e76bbf6e?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99afde73-3f2b-4ba4-a82b-a6df42462384": { "id": "99afde73-3f2b-4ba4-a82b-a6df42462384", "title": "Uploader <= 1.0.4 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Uploader", "slug": "uploader", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99afde73-3f2b-4ba4-a82b-a6df42462384?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99b2e3c3-b5e5-4648-81c8-da2f42ceec66": { "id": "99b2e3c3-b5e5-4648-81c8-da2f42ceec66", "title": "File Manager Pro \u2013 Filester <= 1.8 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "File Manager Pro \u2013 Filester", "slug": "filester", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99b2e3c3-b5e5-4648-81c8-da2f42ceec66?source=api-scan" ], "published": "2023-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99be8703-b462-4589-9918-76c0ebbb3bcf": { "id": "99be8703-b462-4589-9918-76c0ebbb3bcf", "title": "Contact Form 7 \u2013 PayPal & Stripe Add-on <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 \u2013 PayPal & Stripe Add-on", "slug": "contact-form-7-paypal-add-on", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99be8703-b462-4589-9918-76c0ebbb3bcf?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99c13de3-e040-4c11-b9c0-bd6a337c4769": { "id": "99c13de3-e040-4c11-b9c0-bd6a337c4769", "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder < 1.3.5 - Reflected Cross-Site Scripting via Color Settings", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "[*, 1.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99c13de3-e040-4c11-b9c0-bd6a337c4769?source=api-scan" ], "published": "2020-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99c89e29-a21d-4c32-9459-18c7b08b9ff0": { "id": "99c89e29-a21d-4c32-9459-18c7b08b9ff0", "title": "Photo Gallery by 10Web <= 1.5.68 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.5.68": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99c89e29-a21d-4c32-9459-18c7b08b9ff0?source=api-scan" ], "published": "2021-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99d3d5aa-dd82-415a-bc40-9d2c677d9248": { "id": "99d3d5aa-dd82-415a-bc40-9d2c677d9248", "title": "Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Custom fields shortcode", "slug": "custom-fields-shortcode", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99d3d5aa-dd82-415a-bc40-9d2c677d9248?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99d73781-d0e8-4730-9ec1-ff2151982006": { "id": "99d73781-d0e8-4730-9ec1-ff2151982006", "title": "WP eMember <= 10.6.5 - Reflected Cross-Site Scripting via 'login_pwd'", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99d73781-d0e8-4730-9ec1-ff2151982006?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99d90610-490f-44a5-8e87-63927410c804": { "id": "99d90610-490f-44a5-8e87-63927410c804", "title": "Site Editor <= 1.1.1 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Site Editor", "slug": "site-editor", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99d90610-490f-44a5-8e87-63927410c804?source=api-scan" ], "published": "2018-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99df8839-caad-4568-9b05-cb2aea38a051": { "id": "99df8839-caad-4568-9b05-cb2aea38a051", "title": "TownHub <= 1.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "TownHub - Directory & Listing WordPress Theme", "slug": "townhub", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99df8839-caad-4568-9b05-cb2aea38a051?source=api-scan" ], "published": "2020-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99dfacb4-f784-4e8d-b411-7cab7683c7c8": { "id": "99dfacb4-f784-4e8d-b411-7cab7683c7c8", "title": "Crazy Bone < 0.6.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crazy Bone", "slug": "crazy-bone", "affected_versions": { "[*, 0.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99dfacb4-f784-4e8d-b411-7cab7683c7c8?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99e0a243-3e0e-4e2b-82fd-95c3cfde8a1b": { "id": "99e0a243-3e0e-4e2b-82fd-95c3cfde8a1b", "title": "WordPress Core < 3.9.2 - Deserialization via Widgets", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.3": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true }, "3.8 - 3.8.3": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true }, "3.9 - 3.9.1": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4", "3.8.4", "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99e0a243-3e0e-4e2b-82fd-95c3cfde8a1b?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99e24496-0e3b-4bff-ba14-dc535be10633": { "id": "99e24496-0e3b-4bff-ba14-dc535be10633", "title": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-blocks", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99e24496-0e3b-4bff-ba14-dc535be10633?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99e332d8-92a4-4643-a63c-3642bab0b007": { "id": "99e332d8-92a4-4643-a63c-3642bab0b007", "title": "Flexible Checkout Fields for WooCommerce <= 4.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Flexible Checkout Fields for WooCommerce \u2013 WooCommerce Checkout Manager", "slug": "flexible-checkout-fields", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99e332d8-92a4-4643-a63c-3642bab0b007?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99e61ed1-df56-4e95-b4f9-3027ee7b7793": { "id": "99e61ed1-df56-4e95-b4f9-3027ee7b7793", "title": "Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Paypal Payments", "slug": "quick-paypal-payments", "affected_versions": { "* - 5.7.25": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99e61ed1-df56-4e95-b4f9-3027ee7b7793?source=api-scan" ], "published": "2023-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99e64e62-d09e-4b94-a982-12630fd2e946": { "id": "99e64e62-d09e-4b94-a982-12630fd2e946", "title": "KONTXT Improves WordPress Search <= 1.4.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "KONTXT Improves WordPress Search", "slug": "kontxt-semantic-engine", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99e64e62-d09e-4b94-a982-12630fd2e946?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99e8017a-346e-42d8-b9c1-29ed15da1156": { "id": "99e8017a-346e-42d8-b9c1-29ed15da1156", "title": "Ultimate Addons for Elementor < 1.30.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for Elementor", "slug": "ultimate-elementor", "affected_versions": { "[*, 1.30.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.30.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.30.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99e8017a-346e-42d8-b9c1-29ed15da1156?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99f4f1dc-13a9-4fa0-bdb1-77a0d416c80f": { "id": "99f4f1dc-13a9-4fa0-bdb1-77a0d416c80f", "title": "Local Delivery Drivers for WooCommerce <= 1.9.0 - Missing Authorization to Driver Account Takeover", "software": [ { "type": "plugin", "name": "Local Delivery Drivers for WooCommerce", "slug": "local-delivery-drivers-for-woocommerce", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99f4f1dc-13a9-4fa0-bdb1-77a0d416c80f?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99f831f2-fb96-4dc8-ba3d-6015fbc7e2e1": { "id": "99f831f2-fb96-4dc8-ba3d-6015fbc7e2e1", "title": "Contact Form 7 Redirect & Thank You Page <= 1.0.3 - Cross-Site Request Forgery via cf7rl_admin_table", "software": [ { "type": "plugin", "name": "Contact Form 7 Redirect & Thank You Page", "slug": "cf7-redirect-thank-you-page", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99f831f2-fb96-4dc8-ba3d-6015fbc7e2e1?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "99fa7f41-f3ac-435c-af1b-4a965291de37": { "id": "99fa7f41-f3ac-435c-af1b-4a965291de37", "title": "RokIntroScroller <= 1.8 - Denial of Service", "software": [ { "type": "plugin", "name": "RokIntroScroller", "slug": "wp_rokintroscroller", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/99fa7f41-f3ac-435c-af1b-4a965291de37?source=api-scan" ], "published": "2013-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a03f2dc-21c4-44e9-b7bf-8d4420430466": { "id": "9a03f2dc-21c4-44e9-b7bf-8d4420430466", "title": "WP Symposium < 11.12.24 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "[*, 11.12.24)": { "from_version": "*", "from_inclusive": true, "to_version": "11.12.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.12.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a03f2dc-21c4-44e9-b7bf-8d4420430466?source=api-scan" ], "published": "2011-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a047577-d5eb-425b-9318-4473d052a223": { "id": "9a047577-d5eb-425b-9318-4473d052a223", "title": "YITH WooCommerce Ajax Search <= 2.8.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "YITH WooCommerce Ajax Search", "slug": "yith-woocommerce-ajax-search", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a047577-d5eb-425b-9318-4473d052a223?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a09102c-391e-4057-b883-3d2eef1671ce": { "id": "9a09102c-391e-4057-b883-3d2eef1671ce", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.60": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.60", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a09102c-391e-4057-b883-3d2eef1671ce?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a09af8e-8da6-46e4-90e5-6ce1f8bfd36b": { "id": "9a09af8e-8da6-46e4-90e5-6ce1f8bfd36b", "title": "Xtreme Locator Dealer Locator Plugin <= 3.0.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Xtreme Locator", "slug": "xtremelocator", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a09af8e-8da6-46e4-90e5-6ce1f8bfd36b?source=api-scan" ], "published": "2016-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a0bc461-d4fa-46d5-8725-9ab4c540b80e": { "id": "9a0bc461-d4fa-46d5-8725-9ab4c540b80e", "title": "WordPress Simple HTML Sitemap <= 2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Simple HTML Sitemap", "slug": "wp-simple-html-sitemap", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a0bc461-d4fa-46d5-8725-9ab4c540b80e?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a0f1006-8015-4e67-9b03-16d3ad3c0e77": { "id": "9a0f1006-8015-4e67-9b03-16d3ad3c0e77", "title": "Keap Official Opt-in Forms <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keap Official Opt-in Forms", "slug": "infusionsoft-official-opt-in-forms", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a0f1006-8015-4e67-9b03-16d3ad3c0e77?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a13cbc7-fd51-43e6-bf22-4d0510c5a1c7": { "id": "9a13cbc7-fd51-43e6-bf22-4d0510c5a1c7", "title": "Easy Digital Downloads - Quota < 1.2.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Easy Digital Downloads - Quota", "slug": "quota", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a13cbc7-fd51-43e6-bf22-4d0510c5a1c7?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a15946b-c4df-43e8-9e1d-7a8367cfda6b": { "id": "9a15946b-c4df-43e8-9e1d-7a8367cfda6b", "title": "Custom Field Suite <= 2.6.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.6.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a15946b-c4df-43e8-9e1d-7a8367cfda6b?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a184384-9162-4509-957b-d97dd4089856": { "id": "9a184384-9162-4509-957b-d97dd4089856", "title": "InstaWP Connect <= 0.1.0.9 - Missing Authorization to Sensitive Information Dislcosure", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a184384-9162-4509-957b-d97dd4089856?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a190909-4b0f-4a44-8371-d79f64d323c2": { "id": "9a190909-4b0f-4a44-8371-d79f64d323c2", "title": "a3 Portfolio <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "a3 Portfolio", "slug": "a3-portfolio", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a190909-4b0f-4a44-8371-d79f64d323c2?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a268550-af65-405a-a16a-9083533e4acc": { "id": "9a268550-af65-405a-a16a-9083533e4acc", "title": "Church Admin <= 4.1.18 - Missing Authorization", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a268550-af65-405a-a16a-9083533e4acc?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a2782de-3ce2-4626-84c4-58c1ff454753": { "id": "9a2782de-3ce2-4626-84c4-58c1ff454753", "title": "GetResponse for WordPress <= 5.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GetResponse for WordPress", "slug": "getresponse-integration", "affected_versions": { "* - 5.5.31": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a2782de-3ce2-4626-84c4-58c1ff454753?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a279832-64d8-4e0b-8eba-b7b89c80069d": { "id": "9a279832-64d8-4e0b-8eba-b7b89c80069d", "title": "Survey And Quiz Tool <= 2.9.2 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Survey And Quiz Tool", "slug": "wp-survey-and-quiz-tool", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a279832-64d8-4e0b-8eba-b7b89c80069d?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a29aea7-9e22-4edb-80d9-266843a416a5": { "id": "9a29aea7-9e22-4edb-80d9-266843a416a5", "title": "WP Database Reset <= 3.1 - Unauthenticated Database Reset", "software": [ { "type": "plugin", "name": "Database Reset", "slug": "wordpress-database-reset", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a29aea7-9e22-4edb-80d9-266843a416a5?source=api-scan" ], "published": "2020-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a2ee9bb-ae20-47ae-b792-438bf7be6cc4": { "id": "9a2ee9bb-ae20-47ae-b792-438bf7be6cc4", "title": "BSK PDF Manager <= 3.1.1 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "BSK PDF Manager", "slug": "bsk-pdf-manager", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a2ee9bb-ae20-47ae-b792-438bf7be6cc4?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a353364-73a9-428c-b702-0183b29c7e3d": { "id": "9a353364-73a9-428c-b702-0183b29c7e3d", "title": "NewStatPress < 1.2.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a353364-73a9-428c-b702-0183b29c7e3d?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a371489-031e-483e-9fde-3901b55710c6": { "id": "9a371489-031e-483e-9fde-3901b55710c6", "title": "Coming Soon Page <= 1.5.9 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a371489-031e-483e-9fde-3901b55710c6?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a3c3b3b-7fc9-4586-9a51-33642654dc9f": { "id": "9a3c3b3b-7fc9-4586-9a51-33642654dc9f", "title": "WordPress Spreadsheet <= 0.62 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Spreadsheet", "slug": "wpSS", "affected_versions": { "* - 0.62": { "from_version": "*", "from_inclusive": true, "to_version": "0.62", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a3c3b3b-7fc9-4586-9a51-33642654dc9f?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a423266-89e1-422d-b1e3-6368051eb2fe": { "id": "9a423266-89e1-422d-b1e3-6368051eb2fe", "title": "Currency Converter Calculator <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Currency Converter Calculator", "slug": "currency-converter-calculator", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a423266-89e1-422d-b1e3-6368051eb2fe?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a446fe7-c97a-436e-b494-b924e6518297": { "id": "9a446fe7-c97a-436e-b494-b924e6518297", "title": "Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a446fe7-c97a-436e-b494-b924e6518297?source=api-scan" ], "published": "2024-08-12 16:35:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a4488c8-7138-4046-88ea-84f9462eec93": { "id": "9a4488c8-7138-4046-88ea-84f9462eec93", "title": "Events Made Easy <= 2.2.23 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Made Easy", "slug": "events-made-easy", "affected_versions": { "[*, 2.2.24)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a4488c8-7138-4046-88ea-84f9462eec93?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a475017-ef45-4614-bdc6-ddd619b8caf3": { "id": "9a475017-ef45-4614-bdc6-ddd619b8caf3", "title": "WP-Stateless \u2013 Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WP-Stateless \u2013 Google Cloud Storage", "slug": "wp-stateless", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a475017-ef45-4614-bdc6-ddd619b8caf3?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a485314-cd68-400c-b398-2f8529c6a3ab": { "id": "9a485314-cd68-400c-b398-2f8529c6a3ab", "title": "Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php", "software": [ { "type": "plugin", "name": "Product Enquiry for WooCommerce, WooCommerce product catalog", "slug": "enquiry-quotation-for-woocommerce", "affected_versions": { "* - 2.2.33.33": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.33.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.33.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a485314-cd68-400c-b398-2f8529c6a3ab?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a49b72f-9ad9-4338-aeeb-d81be58e1c15": { "id": "9a49b72f-9ad9-4338-aeeb-d81be58e1c15", "title": "Meta Box \u2013 WordPress Custom Fields Framework <= 5.9.10 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "Meta Box \u2013 WordPress Custom Fields Framework", "slug": "meta-box", "affected_versions": { "* - 5.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a49b72f-9ad9-4338-aeeb-d81be58e1c15?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a4a2b01-450d-46fb-9de5-0de40b590201": { "id": "9a4a2b01-450d-46fb-9de5-0de40b590201", "title": "Zynith SEO <= 7.4.9 - Missing Authorization to Unauthenticated Settings Update", "software": [ { "type": "plugin", "name": "Zynith SEO", "slug": "zynith-seo", "affected_versions": { "* - 7.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a4a2b01-450d-46fb-9de5-0de40b590201?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a4c327c-f756-4f50-8121-363791c6bd8c": { "id": "9a4c327c-f756-4f50-8121-363791c6bd8c", "title": "Donate With QRCode <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\u535a\u5ba2\u793e\u4ea4\u5206\u4eab\u7ec4\u4ef6", "slug": "donate-with-qrcode", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a4c327c-f756-4f50-8121-363791c6bd8c?source=api-scan" ], "published": "2021-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a573740-cdfe-4b58-b33b-5e50bcbc4779": { "id": "9a573740-cdfe-4b58-b33b-5e50bcbc4779", "title": "MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a5ce873-e90b-4bdc-b428-426818ff9a86": { "id": "9a5ce873-e90b-4bdc-b428-426818ff9a86", "title": "WP All Import <= 3.6.7 - Authenticated (Administrator+) Arbitrary Code Execution", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a5ce873-e90b-4bdc-b428-426818ff9a86?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a6b05b1-c649-4b72-b884-11fb83ec77f2": { "id": "9a6b05b1-c649-4b72-b884-11fb83ec77f2", "title": "Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a6b05b1-c649-4b72-b884-11fb83ec77f2?source=api-scan" ], "published": "2024-08-20 17:25:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a70e291-1bc9-44ad-91a2-cf0624bb8d88": { "id": "9a70e291-1bc9-44ad-91a2-cf0624bb8d88", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirect' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a70e291-1bc9-44ad-91a2-cf0624bb8d88?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a7709fd-bb53-47a6-9fae-d5a6be513b39": { "id": "9a7709fd-bb53-47a6-9fae-d5a6be513b39", "title": "Broken Link Checker <= 1.11.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "[*, 1.11.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a7709fd-bb53-47a6-9fae-d5a6be513b39?source=api-scan" ], "published": "2019-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a7737b3-d85b-471f-8252-3ee6b598786d": { "id": "9a7737b3-d85b-471f-8252-3ee6b598786d", "title": "WP-Cumulus <= 1.22 - Cross-Site Scripting via tagcloud", "software": [ { "type": "plugin", "name": "WP Cumulus", "slug": "wp-cumulus", "affected_versions": { "* - 1.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a7737b3-d85b-471f-8252-3ee6b598786d?source=api-scan" ], "published": "2009-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a77672b-340e-4f10-abe7-461c2db537b8": { "id": "9a77672b-340e-4f10-abe7-461c2db537b8", "title": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer", "slug": "smartcrawl-seo", "affected_versions": { "* - 3.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a77672b-340e-4f10-abe7-461c2db537b8?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a7cbd2e-79c9-4be7-b458-e4e5f0376a22": { "id": "9a7cbd2e-79c9-4be7-b458-e4e5f0376a22", "title": "Landing Page Builder <= 1.4.9.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Landing Page Builder \u2013 Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages", "slug": "page-builder-add", "affected_versions": { "* - 1.4.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a7cbd2e-79c9-4be7-b458-e4e5f0376a22?source=api-scan" ], "published": "2021-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a7f738e-21f3-42f3-bf33-1d93ff0d1364": { "id": "9a7f738e-21f3-42f3-bf33-1d93ff0d1364", "title": "Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive WordPress Plugin <= 3.27.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider, Gallery, and Carousel by MetaSlider \u2013 Image Sliders, Video Sliders", "slug": "ml-slider", "affected_versions": { "3.27.8": { "from_version": "3.27.8", "from_inclusive": true, "to_version": "3.27.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.27.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a7f738e-21f3-42f3-bf33-1d93ff0d1364?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a83f381-a8ce-472d-a202-f7d7f22fd650": { "id": "9a83f381-a8ce-472d-a202-f7d7f22fd650", "title": "Simple SEO <= 1.7.91 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple SEO", "slug": "cds-simple-seo", "affected_versions": { "* - 1.7.91": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.92" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a83f381-a8ce-472d-a202-f7d7f22fd650?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a85b549-f6a4-4dc3-9f2a-35d783099f96": { "id": "9a85b549-f6a4-4dc3-9f2a-35d783099f96", "title": "Inline Tweet Sharer <= 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Inline Tweet Sharer \u2013 Twitter Sharing Plugin", "slug": "inline-tweet-sharer", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a85b549-f6a4-4dc3-9f2a-35d783099f96?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a87f0a2-42b0-4536-b4d1-83a9f6ed4262": { "id": "9a87f0a2-42b0-4536-b4d1-83a9f6ed4262", "title": "Quiz and Survey Master (QSM) <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a87f0a2-42b0-4536-b4d1-83a9f6ed4262?source=api-scan" ], "published": "2024-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a88330e-fbeb-4ac7-a143-a59766accbeb": { "id": "9a88330e-fbeb-4ac7-a143-a59766accbeb", "title": "Custom Field Template <= 2.6.1 - Authenticated (Admin+) Stored Cross-Site Scritping", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a92f44b-6f2b-439c-8245-ace189740425": { "id": "9a92f44b-6f2b-439c-8245-ace189740425", "title": "Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom WooCommerce Checkout Fields Editor", "slug": "add-fields-to-checkout-page-woocommerce", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a92f44b-6f2b-439c-8245-ace189740425?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a932e25-f7ff-4765-b827-c9e7dd9e30bd": { "id": "9a932e25-f7ff-4765-b827-c9e7dd9e30bd", "title": "FS Product Inquiry <= 1.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FS Product Inquiry", "slug": "fs-product-inquiry", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a932e25-f7ff-4765-b827-c9e7dd9e30bd?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a93ecaf-582d-4689-ba1f-52731c4b1ab7": { "id": "9a93ecaf-582d-4689-ba1f-52731c4b1ab7", "title": "Edit Comments <= 0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Edit Comments", "slug": "edit-comments", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a93ecaf-582d-4689-ba1f-52731c4b1ab7?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a999044-5d4a-4415-a3b9-28c564e63a25": { "id": "9a999044-5d4a-4415-a3b9-28c564e63a25", "title": "Responsive Vertical Icon Menu <= 1.5.8 - Reflected Cross-Site Scripting via 'id'", "software": [ { "type": "plugin", "name": "Responsive Vertical Icon Menu", "slug": "wpdevart-vertical-menu", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a999044-5d4a-4415-a3b9-28c564e63a25?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a9c8c4f-ce07-4fe5-a573-ece675d51441": { "id": "9a9c8c4f-ce07-4fe5-a573-ece675d51441", "title": "Pricing Table by Supsystic <= 1.8.8 - Boolean-Based Blind SQL Injections", "software": [ { "type": "plugin", "name": "Pricing Table by Supsystic", "slug": "pricing-table-by-supsystic", "affected_versions": { "* - 1.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a9c8c4f-ce07-4fe5-a573-ece675d51441?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9a9f4fb7-92f5-4136-9ca3-cf7bf5c0b717": { "id": "9a9f4fb7-92f5-4136-9ca3-cf7bf5c0b717", "title": "ReviewX <= 1.6.17 - Missing Authorization in rx_coupon_from_submit", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "* - 1.6.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9a9f4fb7-92f5-4136-9ca3-cf7bf5c0b717?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9aa5247a-b85b-4a0d-ac3e-4b4ef8ccd8ed": { "id": "9aa5247a-b85b-4a0d-ac3e-4b4ef8ccd8ed", "title": "Themify Event Post <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Event Post", "slug": "themify-event-post", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9aa5247a-b85b-4a0d-ac3e-4b4ef8ccd8ed?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ab22aa8-399f-449b-83cf-25583c057cff": { "id": "9ab22aa8-399f-449b-83cf-25583c057cff", "title": "SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.59": { "from_version": "*", "from_inclusive": true, "to_version": "4.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ab22aa8-399f-449b-83cf-25583c057cff?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ab28410-76c5-43cb-b87a-c99f8867167c": { "id": "9ab28410-76c5-43cb-b87a-c99f8867167c", "title": "Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload", "software": [ { "type": "plugin", "name": "Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager", "slug": "folders", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ab28410-76c5-43cb-b87a-c99f8867167c?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ab55dea-84d5-4ed6-a693-8c8de9b7c7dd": { "id": "9ab55dea-84d5-4ed6-a693-8c8de9b7c7dd", "title": "WordPress Core < 2.8.3 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ab55dea-84d5-4ed6-a693-8c8de9b7c7dd?source=api-scan" ], "published": "2009-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ab883bf-d6b4-4b0e-b8f4-69e6c0f90c70": { "id": "9ab883bf-d6b4-4b0e-b8f4-69e6c0f90c70", "title": "Contact Form Submissions <= 1.7 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form Submissions", "slug": "contact-form-submissions", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ab883bf-d6b4-4b0e-b8f4-69e6c0f90c70?source=api-scan" ], "published": "2021-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9abae49f-b396-4684-8dd5-0b5593069861": { "id": "9abae49f-b396-4684-8dd5-0b5593069861", "title": "Lana Downloads Manager <= 1.7.1 - Authenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Lana Downloads Manager", "slug": "lana-downloads-manager", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9abae49f-b396-4684-8dd5-0b5593069861?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ac2559a-c622-417c-a655-e92e8ac96770": { "id": "9ac2559a-c622-417c-a655-e92e8ac96770", "title": "Passster <= 3.5.5.8 - Missing Authentication leading to Sensitive Information Disclosure (Private Post Leakage)", "software": [ { "type": "plugin", "name": "Passster \u2013 Password Protect Pages and Content", "slug": "content-protector", "affected_versions": { "* - 3.5.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ac2559a-c622-417c-a655-e92e8ac96770?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ac2c929-2188-4818-880d-8793984e8df1": { "id": "9ac2c929-2188-4818-880d-8793984e8df1", "title": "Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Posts Ticker \u2013 Easy, Lightweight & Flexible", "slug": "simple-posts-ticker", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ac2c929-2188-4818-880d-8793984e8df1?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ac9c146-5065-46fc-b2ae-20b820a8016b": { "id": "9ac9c146-5065-46fc-b2ae-20b820a8016b", "title": "Category Specific RSS feed Subscription <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Category Specific RSS feed Subscription", "slug": "category-specific-rss-feed-menu", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ac9c146-5065-46fc-b2ae-20b820a8016b?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9acb6e7d-990d-4ed7-93ab-79ba94aa9016": { "id": "9acb6e7d-990d-4ed7-93ab-79ba94aa9016", "title": "Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Login Logout Menu", "slug": "baw-login-logout-menu", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9acb6e7d-990d-4ed7-93ab-79ba94aa9016?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9acdbd48-8d38-4d75-b2b1-c993e25cf92a": { "id": "9acdbd48-8d38-4d75-b2b1-c993e25cf92a", "title": "Levo Slideshow <= 2.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Levo Slideshow", "slug": "wp-levoslideshow", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9acdbd48-8d38-4d75-b2b1-c993e25cf92a?source=api-scan" ], "published": "2013-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ad00419-e9fa-4f78-b0d9-02cfb412a04d": { "id": "9ad00419-e9fa-4f78-b0d9-02cfb412a04d", "title": "Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Usersnap", "slug": "usersnap", "affected_versions": { "* - 4.16": { "from_version": "*", "from_inclusive": true, "to_version": "4.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ad00419-e9fa-4f78-b0d9-02cfb412a04d?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9adc6f3e-2360-480c-9f91-f47474e66c78": { "id": "9adc6f3e-2360-480c-9f91-f47474e66c78", "title": "Weblizar Pin Feeds < 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Weblizar Pin Feeds", "slug": "weblizar-pinterest-feeds", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9adc6f3e-2360-480c-9f91-f47474e66c78?source=api-scan" ], "published": "2018-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9addaa26-46b3-4fbf-8986-0b8c8f2dd286": { "id": "9addaa26-46b3-4fbf-8986-0b8c8f2dd286", "title": "Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension", "slug": "shortcode-addons", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9addaa26-46b3-4fbf-8986-0b8c8f2dd286?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9adfc632-2e47-4fea-ad87-41840cdab225": { "id": "9adfc632-2e47-4fea-ad87-41840cdab225", "title": "Download Plugins and Themes from Dashboard <= 1.8.5 - Authenticated (Admin+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Download Plugins and Themes in ZIP from Dashboard", "slug": "download-plugins-dashboard", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9adfc632-2e47-4fea-ad87-41840cdab225?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ae135c3-2b2b-4cd2-a17b-3b1e9de9dbac": { "id": "9ae135c3-2b2b-4cd2-a17b-3b1e9de9dbac", "title": "FeedList <= 2.61.03 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FeedList", "slug": "feedlist", "affected_versions": { "* - 2.61.03": { "from_version": "*", "from_inclusive": true, "to_version": "2.61.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.70.00" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ae135c3-2b2b-4cd2-a17b-3b1e9de9dbac?source=api-scan" ], "published": "2010-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ae5b5f1-77a7-4626-a9b5-6f146c32a6db": { "id": "9ae5b5f1-77a7-4626-a9b5-6f146c32a6db", "title": "WordPress File Uploader <= 1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "File Uploader", "slug": "wp-file-uploader", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ae5b5f1-77a7-4626-a9b5-6f146c32a6db?source=api-scan" ], "published": "2013-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ae63e7d-c5a2-4e8d-96e8-5d3c9c9ea1bf": { "id": "9ae63e7d-c5a2-4e8d-96e8-5d3c9c9ea1bf", "title": "Gallery Images Ape <= 2.2.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Gallery Images Ape", "slug": "gallery-images-ape", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ae63e7d-c5a2-4e8d-96e8-5d3c9c9ea1bf?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ae771d1-9c4e-4123-9221-146e7ba2c2ac": { "id": "9ae771d1-9c4e-4123-9221-146e7ba2c2ac", "title": "WordPress Firewall 2 <= 1.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Firewall 2", "slug": "wordpress-firewall-2", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ae771d1-9c4e-4123-9221-146e7ba2c2ac?source=api-scan" ], "published": "2017-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ae8de00-ba4c-48d2-a566-13dac0bc4312": { "id": "9ae8de00-ba4c-48d2-a566-13dac0bc4312", "title": "JetBackup \u2013 WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ae8de00-ba4c-48d2-a566-13dac0bc4312?source=api-scan" ], "published": "2020-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ae9307c-680c-43c7-8246-a3e6149c1fb6": { "id": "9ae9307c-680c-43c7-8246-a3e6149c1fb6", "title": "Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection", "software": [ { "type": "plugin", "name": "Check & Log Email \u2013 Easy Email Testing & Mail logging", "slug": "check-email", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ae9b5c7-0d76-4772-973b-be48e520c837": { "id": "9ae9b5c7-0d76-4772-973b-be48e520c837", "title": "Testimonial < 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial \u2013 WordPress Testimonial Showcase Plugin Grid Plus Testimonial Slider", "slug": "testimonial-builder", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ae9b5c7-0d76-4772-973b-be48e520c837?source=api-scan" ], "published": "2021-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9aeb996c-723a-402a-a0f8-4212391c64eb": { "id": "9aeb996c-723a-402a-a0f8-4212391c64eb", "title": "WooCommerce PDF Invoices & Packing Slips <= 2.15.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "* - 2.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9aeb996c-723a-402a-a0f8-4212391c64eb?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9aeeb92f-26f8-44b5-a523-abc33043efff": { "id": "9aeeb92f-26f8-44b5-a523-abc33043efff", "title": "Multisite Post Duplicator <= 1.7.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multisite Post Duplicator", "slug": "multisite-post-duplicator", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9aeeb92f-26f8-44b5-a523-abc33043efff?source=api-scan" ], "published": "2016-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9af36edd-4520-4afc-8d3a-c9a96659ddf8": { "id": "9af36edd-4520-4afc-8d3a-c9a96659ddf8", "title": "Quiz And Survey Master <= 8.0.10 - Cross-Site Request Forgery to Quiz Restoration", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9af36edd-4520-4afc-8d3a-c9a96659ddf8?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9af6c319-7660-4368-b2f8-1ed1d01ee73a": { "id": "9af6c319-7660-4368-b2f8-1ed1d01ee73a", "title": "VK Block Patterns <= 1.31.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "VK Block Patterns", "slug": "vk-block-patterns", "affected_versions": { "* - 1.31.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.31.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.31.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9af6d311-a72e-4c86-8ecb-70fa83e5a240": { "id": "9af6d311-a72e-4c86-8ecb-70fa83e5a240", "title": "OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OTA Sync Booking Engine Widget", "slug": "ota-sync-booking-engine-widget", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9af6d311-a72e-4c86-8ecb-70fa83e5a240?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9af929a3-6e17-40c7-9fce-1ce0eb72bc7b": { "id": "9af929a3-6e17-40c7-9fce-1ce0eb72bc7b", "title": "Zephyr Project Manager <= 3.3.9 - Open Redirect", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9af929a3-6e17-40c7-9fce-1ce0eb72bc7b?source=api-scan" ], "published": "2023-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9af963ed-8bc5-4b5e-bacd-30a2ef429ce8": { "id": "9af963ed-8bc5-4b5e-bacd-30a2ef429ce8", "title": "ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ANAC XML Viewer", "slug": "anac-xml-viewer", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9af963ed-8bc5-4b5e-bacd-30a2ef429ce8?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9affd2b9-9576-435e-931d-f60816af0b91": { "id": "9affd2b9-9576-435e-931d-f60816af0b91", "title": "CBX Bookmark & Favorite <= 1.7.20 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "CBX Bookmark & Favorite", "slug": "cbxwpbookmark", "affected_versions": { "* - 1.7.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9affd2b9-9576-435e-931d-f60816af0b91?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b004132-b2a6-422d-882e-5122708d9709": { "id": "9b004132-b2a6-422d-882e-5122708d9709", "title": "Cartpauj Register Captcha <= 1.0.02 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "Cartpauj Register Captcha", "slug": "cartpauj-register-captcha", "affected_versions": { "* - 1.0.02": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b004132-b2a6-422d-882e-5122708d9709?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b09338c-a28f-4950-b0c1-98ab85e58c0a": { "id": "9b09338c-a28f-4950-b0c1-98ab85e58c0a", "title": "Optimize images ALT Text <= 2.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Image SEO \u2013 AI-Driven Image SEO Optimizer", "slug": "imageseo", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b09338c-a28f-4950-b0c1-98ab85e58c0a?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b09bf42-a85d-4a5b-9acc-609e0a5d7748": { "id": "9b09bf42-a85d-4a5b-9acc-609e0a5d7748", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 2.2.46 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.2.46": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b09bf42-a85d-4a5b-9acc-609e0a5d7748?source=api-scan" ], "published": "2018-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b0cc3a0-5a80-4a56-abeb-13046d9eaf3f": { "id": "9b0cc3a0-5a80-4a56-abeb-13046d9eaf3f", "title": "Slideshow CK <= 1.4.9 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow CK", "slug": "slideshow-ck", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b0cc3a0-5a80-4a56-abeb-13046d9eaf3f?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b1329b6-ae1f-4a46-8435-5023c5c130f5": { "id": "9b1329b6-ae1f-4a46-8435-5023c5c130f5", "title": "Contentboxes <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contentboxes", "slug": "contentboxes", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b1329b6-ae1f-4a46-8435-5023c5c130f5?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b1dc818-75c6-45b7-9f0f-88275cc6e946": { "id": "9b1dc818-75c6-45b7-9f0f-88275cc6e946", "title": "iThemes Security <= 6.9.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 6.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b1dc818-75c6-45b7-9f0f-88275cc6e946?source=api-scan" ], "published": "2018-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b203694-e18a-4262-bf58-f1dcd0358890": { "id": "9b203694-e18a-4262-bf58-f1dcd0358890", "title": "WP Blogs' Planetarium <= 1.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP Blogs' Planetarium", "slug": "wp-blogs-planetarium", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b203694-e18a-4262-bf58-f1dcd0358890?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b2083f9-79d0-43f6-b7ae-a5817dc561b0": { "id": "9b2083f9-79d0-43f6-b7ae-a5817dc561b0", "title": "DethemeKit For Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Parameter of the De Gallery Widget", "software": [ { "type": "plugin", "name": "DethemeKit For Elementor", "slug": "dethemekit-for-elementor", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b2083f9-79d0-43f6-b7ae-a5817dc561b0?source=api-scan" ], "published": "2024-06-26 16:37:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b26604b-2423-4130-b0ef-8f63a392c760": { "id": "9b26604b-2423-4130-b0ef-8f63a392c760", "title": "Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b26604b-2423-4130-b0ef-8f63a392c760?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b3201e0-df2a-471e-875b-4ca2c3a659f3": { "id": "9b3201e0-df2a-471e-875b-4ca2c3a659f3", "title": "Memphis Documents Library <= 2.6.16 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Memphis Documents Library", "slug": "memphis-documents-library", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b3201e0-df2a-471e-875b-4ca2c3a659f3?source=api-scan" ], "published": "2015-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b320755-1255-4331-8176-ee67d8d4873e": { "id": "9b320755-1255-4331-8176-ee67d8d4873e", "title": "Top 10 \u2013 Popular posts plugin for WordPress <= 2.4.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "[*, 2.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b320755-1255-4331-8176-ee67d8d4873e?source=api-scan" ], "published": "2017-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b343533-8690-4167-8de8-7be2d2b2e44a": { "id": "9b343533-8690-4167-8de8-7be2d2b2e44a", "title": "Get Better Reviews for WooCommerce <= 4.0.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Get Better Reviews for WooCommerce", "slug": "more-better-reviews-for-woocommerce", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b343533-8690-4167-8de8-7be2d2b2e44a?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b378df7-b182-4a56-a7fa-3228c06f960f": { "id": "9b378df7-b182-4a56-a7fa-3228c06f960f", "title": "RegistrationMagic Plugin <= 5.2.4.5 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "[*, 5.2.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b378df7-b182-4a56-a7fa-3228c06f960f?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b38d892-6797-43ae-9f17-f8f90222911e": { "id": "9b38d892-6797-43ae-9f17-f8f90222911e", "title": "Business Hours Indicator <= 2.3.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Business Hours Indicator", "slug": "business-hours-indicator", "affected_versions": { "[*, 2.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b38d892-6797-43ae-9f17-f8f90222911e?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b39c360-f267-4f9a-8d9d-fa0d7e300129": { "id": "9b39c360-f267-4f9a-8d9d-fa0d7e300129", "title": "MJM Clinic <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MJM Clinic", "slug": "mjm-clinic", "affected_versions": { "* - 1.1.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b39c360-f267-4f9a-8d9d-fa0d7e300129?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b3c7359-4de3-485f-b1b4-9e83b95c7f7c": { "id": "9b3c7359-4de3-485f-b1b4-9e83b95c7f7c", "title": "Shortcodes and extra features for Phlox theme <= 2.15.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.15.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b3c7359-4de3-485f-b1b4-9e83b95c7f7c?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b409e3f-51e0-4d66-a04c-a0d54259bd2e": { "id": "9b409e3f-51e0-4d66-a04c-a0d54259bd2e", "title": "Landing Page Builder <= 1.5.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Landing Page Builder \u2013 Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages", "slug": "page-builder-add", "affected_versions": { "* - 1.5.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b409e3f-51e0-4d66-a04c-a0d54259bd2e?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b41efbd-bd47-415f-8de7-f30b3a7cf326": { "id": "9b41efbd-bd47-415f-8de7-f30b3a7cf326", "title": "Imperial Fairytale Theme (All Versions) - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Imperial Themes Fairytale", "slug": "imperial-fairytale", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b41efbd-bd47-415f-8de7-f30b3a7cf326?source=api-scan" ], "published": "2013-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b458323-5fca-4fed-8c98-dfe69fd7a997": { "id": "9b458323-5fca-4fed-8c98-dfe69fd7a997", "title": "Downloads Manager <= 0.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Downloads Manager", "slug": "downloads-manager", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b458323-5fca-4fed-8c98-dfe69fd7a997?source=api-scan" ], "published": "2008-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b487949-c52d-43ec-b660-2d4057bf3c08": { "id": "9b487949-c52d-43ec-b660-2d4057bf3c08", "title": "Page scroll to id <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page scroll to id", "slug": "page-scroll-to-id", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b487949-c52d-43ec-b660-2d4057bf3c08?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b4b517c-d605-4370-ae12-7c198c82b1d9": { "id": "9b4b517c-d605-4370-ae12-7c198c82b1d9", "title": "Mini Cart Drawer For WooCommerce <= 4.0.0 - Missing Authorization via AJAX", "software": [ { "type": "plugin", "name": "Mini Cart Drawer For WooCommerce", "slug": "woo-mini-cart-drawer", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b4b517c-d605-4370-ae12-7c198c82b1d9?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b4bb70a-ee8e-4e1a-9989-7658307bedc1": { "id": "9b4bb70a-ee8e-4e1a-9989-7658307bedc1", "title": "WP RSS Aggregator <= 4.19.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging", "slug": "wp-rss-aggregator", "affected_versions": { "* - 4.19.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.19.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b4bb70a-ee8e-4e1a-9989-7658307bedc1?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b57fbe8-0c8d-4ddb-8768-03ed354b2d21": { "id": "9b57fbe8-0c8d-4ddb-8768-03ed354b2d21", "title": "Flash Photo Gallery <= 0.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "flash-photo-gallery", "slug": "flash-photo-gallery", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b57fbe8-0c8d-4ddb-8768-03ed354b2d21?source=api-scan" ], "published": "2014-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b5bc030-7739-4eb4-b85d-99e5d0f2643a": { "id": "9b5bc030-7739-4eb4-b85d-99e5d0f2643a", "title": "Enhanced Plugin Admin <= 1.16 - Cross-Site Request Forgery via epa_options_page", "software": [ { "type": "plugin", "name": "Enhanced Plugin Admin", "slug": "enhanced-plugin-admin", "affected_versions": { "* - 1.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b5bc030-7739-4eb4-b85d-99e5d0f2643a?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b5bdeb8-d5ee-4e30-8aaf-88893abf4145": { "id": "9b5bdeb8-d5ee-4e30-8aaf-88893abf4145", "title": "Woocommerce Wordpress Auctions <= 2.0.1.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Woocommerce Wordpress Auctions", "slug": "auctionPlugin", "affected_versions": { "* - 2.0.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b5bdeb8-d5ee-4e30-8aaf-88893abf4145?source=api-scan" ], "published": "2012-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b5e37b4-4a7e-41a1-b1ef-0c69c8658c58": { "id": "9b5e37b4-4a7e-41a1-b1ef-0c69c8658c58", "title": "Slideshow SE <= 2.5.5 - Authenticated (Subscriber+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow SE", "slug": "slideshow-se", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b5e37b4-4a7e-41a1-b1ef-0c69c8658c58?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b63dc2f-0d2b-43c8-9dc1-9d202cc92767": { "id": "9b63dc2f-0d2b-43c8-9dc1-9d202cc92767", "title": "WP Table Builder \u2013 WordPress Table Plugin <= 1.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Table Builder \u2013 WordPress Table Plugin", "slug": "wp-table-builder", "affected_versions": { "* - 1.4.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b63dc2f-0d2b-43c8-9dc1-9d202cc92767?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b6be9c5-0142-458e-bf7e-2d4ae169e555": { "id": "9b6be9c5-0142-458e-bf7e-2d4ae169e555", "title": "Sailthru Triggermail <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sailthru Triggermail", "slug": "sailthru-triggermail", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b6be9c5-0142-458e-bf7e-2d4ae169e555?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810": { "id": "9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810", "title": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby", "software": [ { "type": "plugin", "name": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more", "slug": "joomsport-sports-league-results-management", "affected_versions": { "* - 5.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b726e21-ff76-43ea-beb1-f68e94d3b7a4": { "id": "9b726e21-ff76-43ea-beb1-f68e94d3b7a4", "title": "Smart Cookie Kit <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Cookie Kit", "slug": "smart-cookie-kit", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b726e21-ff76-43ea-beb1-f68e94d3b7a4?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b780e28-3254-49d8-9b62-ade1c0a42d8a": { "id": "9b780e28-3254-49d8-9b62-ade1c0a42d8a", "title": "Rating Widget Plugin < 2.9.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Rating-Widget: Star Review System", "slug": "rating-widget", "affected_versions": { "[*, 2.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b780e28-3254-49d8-9b62-ade1c0a42d8a?source=api-scan" ], "published": "2017-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b78834c-cb13-4698-aa19-65f8c6874c8f": { "id": "9b78834c-cb13-4698-aa19-65f8c6874c8f", "title": "FV Flowplayer Video Player <= 7.5.32.7212 - Reflected Cross-Site Scripting via id", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.32.7212": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.32.7212", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.35.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b78834c-cb13-4698-aa19-65f8c6874c8f?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b7a7780-0f61-4541-bcde-dbf64fd23320": { "id": "9b7a7780-0f61-4541-bcde-dbf64fd23320", "title": "myCred <= 2.7.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b7a7780-0f61-4541-bcde-dbf64fd23320?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b8042b0-83d3-417f-a5e0-43ff4f7648fb": { "id": "9b8042b0-83d3-417f-a5e0-43ff4f7648fb", "title": "reSmush.it Image Optimizer <= 0.4.5 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "reSmush.it : The original free image compressor and optimizer plugin", "slug": "resmushit-image-optimizer", "affected_versions": { "* - 0.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b8042b0-83d3-417f-a5e0-43ff4f7648fb?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b821fb6-abc5-411f-ad6b-00b20954142c": { "id": "9b821fb6-abc5-411f-ad6b-00b20954142c", "title": "Side Menu \u2013 add fixed side buttons <= 3.1.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Side Menu \u2013 add fixed side buttons", "slug": "side-menu", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b821fb6-abc5-411f-ad6b-00b20954142c?source=api-scan" ], "published": "2021-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b85c78c-da02-4871-a397-1d00a321a3c0": { "id": "9b85c78c-da02-4871-a397-1d00a321a3c0", "title": "Hero Maps Pro <= 2.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hero Maps Pro", "slug": "hero-maps-pro", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b85c78c-da02-4871-a397-1d00a321a3c0?source=api-scan" ], "published": "2016-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b86a259-b102-411a-8d4c-c131737b90d8": { "id": "9b86a259-b102-411a-8d4c-c131737b90d8", "title": "Jetpack \u2013 WP Security, Backup, Speed, & Growth <= 3.9.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b86a259-b102-411a-8d4c-c131737b90d8?source=api-scan" ], "published": "2016-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b888f0c-5547-4ff7-9721-50166e3f0117": { "id": "9b888f0c-5547-4ff7-9721-50166e3f0117", "title": "MultiParcels Shipping For WooCommerce <= 1.14.12 - Authenticated(Subscriber+) SQL Injection via id", "software": [ { "type": "plugin", "name": "MultiParcels Shipping For WooCommerce", "slug": "multiparcels-shipping-for-woocommerce", "affected_versions": { "* - 1.14.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b888f0c-5547-4ff7-9721-50166e3f0117?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b8aef59-8d7a-4ffd-9619-9684a6e51e5a": { "id": "9b8aef59-8d7a-4ffd-9619-9684a6e51e5a", "title": "Rencontre \u2013 Dating Site <= 3.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b8aef59-8d7a-4ffd-9619-9684a6e51e5a?source=api-scan" ], "published": "2019-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b8b5363-2450-42b5-8295-78ced3682b14": { "id": "9b8b5363-2450-42b5-8295-78ced3682b14", "title": "RokStories <= 1.25 - Abuse of Functionality", "software": [ { "type": "plugin", "name": "RokStories", "slug": "wp_rokstories", "affected_versions": { "* - 1.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b8b5363-2450-42b5-8295-78ced3682b14?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b8dc6f3-0ffc-4317-a32f-14dd7c301d30": { "id": "9b8dc6f3-0ffc-4317-a32f-14dd7c301d30", "title": "Legal Pages <= 1.4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Legal Pages \u2013 Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator", "slug": "legal-pages", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b8dc6f3-0ffc-4317-a32f-14dd7c301d30?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b90bf09-639c-497c-a58e-3972250db1e4": { "id": "9b90bf09-639c-497c-a58e-3972250db1e4", "title": "Manage Upload Limit <= 1.0.4 - Reflected Cross-Site Scripting via upload_limit", "software": [ { "type": "plugin", "name": "Manage Upload Limit", "slug": "wpsimpletools-upload-limit", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b90bf09-639c-497c-a58e-3972250db1e4?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b95fe0e-4677-4667-9a84-96801b547088": { "id": "9b95fe0e-4677-4667-9a84-96801b547088", "title": "AutomatorWP <= 1.7.5 - Privilege Escalation", "software": [ { "type": "plugin", "name": "AutomatorWP \u2013 The #1 automator plugin for no-code automation in WordPress", "slug": "automatorwp", "affected_versions": { "[*, 1.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b95fe0e-4677-4667-9a84-96801b547088?source=api-scan" ], "published": "2021-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b97404f-c34d-483d-b11c-03a706306270": { "id": "9b97404f-c34d-483d-b11c-03a706306270", "title": "Cream Blog, Fascinate, Glaze Blog Lite, & Everest News (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Everest News", "slug": "everest-news", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Glaze Blog Lite", "slug": "glaze-blog-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Cream Blog", "slug": "cream-blog", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] }, { "type": "theme", "name": "Fascinate", "slug": "fascinate", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b97404f-c34d-483d-b11c-03a706306270?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9b9bd42f-cb24-483a-ae91-add4378067d9": { "id": "9b9bd42f-cb24-483a-ae91-add4378067d9", "title": "ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion", "software": [ { "type": "plugin", "name": "ND Shortcodes", "slug": "nd-shortcodes", "affected_versions": { "* - 6.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9b9bd42f-cb24-483a-ae91-add4378067d9?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ba07137-f834-4f56-bcd5-0f6fde756681": { "id": "9ba07137-f834-4f56-bcd5-0f6fde756681", "title": "Hash Elements <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter in Multiple Widgets", "software": [ { "type": "plugin", "name": "Hash Elements", "slug": "hash-elements", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ba07137-f834-4f56-bcd5-0f6fde756681?source=api-scan" ], "published": "2024-05-22 16:54:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ba4e993-bf75-4570-bd9d-003339f4e214": { "id": "9ba4e993-bf75-4570-bd9d-003339f4e214", "title": "duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "duoFAQ - Responsive, Flat, Simple FAQ ", "slug": "duofaq-responsive-flat-simple-faq", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ba4e993-bf75-4570-bd9d-003339f4e214?source=api-scan" ], "published": "2021-12-13 12:43:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ba74e58-0647-4283-9fa3-428976c54474": { "id": "9ba74e58-0647-4283-9fa3-428976c54474", "title": "rtMedia for WordPress, BuddyPress and bbPress < 3.7.40 - SQL Injection", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "[*, 3.7.40)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.40", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ba74e58-0647-4283-9fa3-428976c54474?source=api-scan" ], "published": "2015-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9baa8bbf-a318-4bc5-8bfd-2bd64536965e": { "id": "9baa8bbf-a318-4bc5-8bfd-2bd64536965e", "title": "Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Shariff Wrapper", "slug": "shariff", "affected_versions": { "* - 4.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9baa8bbf-a318-4bc5-8bfd-2bd64536965e?source=api-scan" ], "published": "2024-06-14 19:57:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bb026a4-02b1-4422-8c78-9983c49df43e": { "id": "9bb026a4-02b1-4422-8c78-9983c49df43e", "title": "The Events Calendar < 4.1.1.1 - Open Redirect", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bb026a4-02b1-4422-8c78-9983c49df43e?source=api-scan" ], "published": "2016-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bb2ae16-7886-4e66-83e0-59806dd67450": { "id": "9bb2ae16-7886-4e66-83e0-59806dd67450", "title": "ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "3.0.0 - 3.1.3": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bb2ae16-7886-4e66-83e0-59806dd67450?source=api-scan" ], "published": "2021-06-28 19:45:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bb430e6-0c30-4c23-874a-f91e25622857": { "id": "9bb430e6-0c30-4c23-874a-f91e25622857", "title": "MailCWP <= 1.100 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MailCWP", "slug": "mailcwp", "affected_versions": { "* - 1.100": { "from_version": "*", "from_inclusive": true, "to_version": "1.100", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.110" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bb430e6-0c30-4c23-874a-f91e25622857?source=api-scan" ], "published": "2015-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bb6683a-b8e6-4776-880f-5b48966fc5c6": { "id": "9bb6683a-b8e6-4776-880f-5b48966fc5c6", "title": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor", "slug": "post-and-page-builder", "affected_versions": { "* - 1.26.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bb6683a-b8e6-4776-880f-5b48966fc5c6?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bb9bab2-4f47-41ed-b42e-5272981927a8": { "id": "9bb9bab2-4f47-41ed-b42e-5272981927a8", "title": "Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber \u2013 MailOptin <= 1.2.35.1 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber \u2013 MailOptin", "slug": "mailoptin", "affected_versions": { "* - 1.2.35.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.35.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.35.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bb9bab2-4f47-41ed-b42e-5272981927a8?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bbabf5e-dbfc-4b01-94ae-0e8fd6b3cc26": { "id": "9bbabf5e-dbfc-4b01-94ae-0e8fd6b3cc26", "title": "Bold Timeline Lite <= 1.1.9 - Missing Authorization to Admin Notice Dismissal", "software": [ { "type": "plugin", "name": "Bold Timeline Lite", "slug": "bold-timeline-lite", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bbabf5e-dbfc-4b01-94ae-0e8fd6b3cc26?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b": { "id": "9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b", "title": "Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bbcd280-25c3-4bc3-88bf-d109cfd1e855": { "id": "9bbcd280-25c3-4bc3-88bf-d109cfd1e855", "title": "Hotjar Connecticator <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hotjar Connecticator", "slug": "hotjar-connecticator", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bbcd280-25c3-4bc3-88bf-d109cfd1e855?source=api-scan" ], "published": "2021-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bbd528a-94fe-4979-b30f-02c6872db086": { "id": "9bbd528a-94fe-4979-b30f-02c6872db086", "title": "Simple Job Board <= 2.10.3 - Cross-Site Request Forgery via sjb_save_settings_section", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bbd528a-94fe-4979-b30f-02c6872db086?source=api-scan" ], "published": "2023-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bc2a04c-7b7c-483f-b81b-97a7caac179c": { "id": "9bc2a04c-7b7c-483f-b81b-97a7caac179c", "title": "WP Captcha <= 2.0.0 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "WP Captcha", "slug": "wp-captcha", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bc2a04c-7b7c-483f-b81b-97a7caac179c?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bc3039c-8e96-42e9-a28d-d3204f3e84f7": { "id": "9bc3039c-8e96-42e9-a28d-d3204f3e84f7", "title": "Facebook for WordPress <= 3.0.3 - Cross-site Request Forgery to Stored Cross-site Scripting and Settings Deletion via wp_ajax_(save|delete)_fbe_settings", "software": [ { "type": "plugin", "name": "Meta pixel for WordPress", "slug": "official-facebook-pixel", "affected_versions": { "[3.0.0, 3.0.4)": { "from_version": "3.0.0", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bc3039c-8e96-42e9-a28d-d3204f3e84f7?source=api-scan" ], "published": "2021-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bc66669-ee38-408a-9dea-e6421cc6f75c": { "id": "9bc66669-ee38-408a-9dea-e6421cc6f75c", "title": "WP Subtitle <= 3.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Subtitle", "slug": "wp-subtitle", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bc66669-ee38-408a-9dea-e6421cc6f75c?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bc832fa-9845-4157-b7a6-54d8c3794085": { "id": "9bc832fa-9845-4157-b7a6-54d8c3794085", "title": "Spryng Payments for WooCommerce <= 1.6.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spryng Payments for WooCommerce", "slug": "spryng-payments-woocommerce", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bc832fa-9845-4157-b7a6-54d8c3794085?source=api-scan" ], "published": "2019-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bc9e382-9902-4b2d-ac50-ecb2b94a2803": { "id": "9bc9e382-9902-4b2d-ac50-ecb2b94a2803", "title": "Greenshift \u2013 animation and page builder blocks <= 8.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Greenshift \u2013 animation and page builder blocks", "slug": "greenshift-animation-and-page-builder-blocks", "affected_versions": { "* - 8.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bc9e382-9902-4b2d-ac50-ecb2b94a2803?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bcc1965-c409-40ba-a942-175646ad8fda": { "id": "9bcc1965-c409-40ba-a942-175646ad8fda", "title": "No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Authenticated(Admin+) Stored Cross-Site Scripting via Plugin Settings", "software": [ { "type": "plugin", "name": "No CAPTCHA reCAPTCHA for WooCommerce", "slug": "no-captcha-recaptcha-for-woocommerce", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bcc1965-c409-40ba-a942-175646ad8fda?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bce7b25-fb64-44ac-b48f-00ef871610c6": { "id": "9bce7b25-fb64-44ac-b48f-00ef871610c6", "title": "mTouch Quiz <= 3.1.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mTouch Quiz", "slug": "mtouch-quiz", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bce7b25-fb64-44ac-b48f-00ef871610c6?source=api-scan" ], "published": "2015-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bd04f78-0b9c-4985-b450-007bb5cc9e26": { "id": "9bd04f78-0b9c-4985-b450-007bb5cc9e26", "title": "ElementInvader Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Information Exposure", "software": [ { "type": "plugin", "name": "ElementInvader Addons for Elementor", "slug": "elementinvader-addons-for-elementor", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bd04f78-0b9c-4985-b450-007bb5cc9e26?source=api-scan" ], "published": "2024-10-18 18:21:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bd1fe45-8518-429b-94d3-cc0ea06ca1b4": { "id": "9bd1fe45-8518-429b-94d3-cc0ea06ca1b4", "title": "Tracking Code Manager <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tracking Code Manager", "slug": "tracking-code-manager", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bd1fe45-8518-429b-94d3-cc0ea06ca1b4?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bd63003-d1d6-480a-8df7-878bcc89f1ee": { "id": "9bd63003-d1d6-480a-8df7-878bcc89f1ee", "title": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim <= 3.30 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "* - 3.30": { "from_version": "*", "from_inclusive": true, "to_version": "3.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bd63003-d1d6-480a-8df7-878bcc89f1ee?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bd6c6f7-a535-4e3a-8d72-01007d00d6be": { "id": "9bd6c6f7-a535-4e3a-8d72-01007d00d6be", "title": "Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 9.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bd6c6f7-a535-4e3a-8d72-01007d00d6be?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bd8c4e5-ef53-47e8-8658-291509e9b987": { "id": "9bd8c4e5-ef53-47e8-8658-291509e9b987", "title": "Easy Call Now by ThikShare <= 1.1.0 - Cross-Site Request Forgery via settings_page", "software": [ { "type": "plugin", "name": "Easy Call Now by ThikShare", "slug": "easy-call-now", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bd8c4e5-ef53-47e8-8658-291509e9b987?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bdf7b10-6a3e-47aa-86ae-479b4cd29c49": { "id": "9bdf7b10-6a3e-47aa-86ae-479b4cd29c49", "title": "Duplicator <= 1.2.28 \u2013 Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 1.2.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bdf7b10-6a3e-47aa-86ae-479b4cd29c49?source=api-scan" ], "published": "2017-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9be4ad83-14da-499e-b216-e5f26016fa35": { "id": "9be4ad83-14da-499e-b216-e5f26016fa35", "title": "Instinct WP e-Commerce <= 3.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP e-Commerce", "slug": "wp-shopping-cart", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8 RC1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9be4ad83-14da-499e-b216-e5f26016fa35?source=api-scan" ], "published": "2008-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9be5e54c-286a-4fec-95fb-27e3517f3eb8": { "id": "9be5e54c-286a-4fec-95fb-27e3517f3eb8", "title": "Testimonial Slider <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial Slider", "slug": "testimonial", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9be5e54c-286a-4fec-95fb-27e3517f3eb8?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9be6089f-a4ca-447c-b3fa-6917b1383512": { "id": "9be6089f-a4ca-447c-b3fa-6917b1383512", "title": "Maan Addons For Elementor <= 1.0.1 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Maan Addons For Elementor", "slug": "maan-elementor-addons", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9be6089f-a4ca-447c-b3fa-6917b1383512?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9be8c202-56f0-449f-84fa-375d239b5654": { "id": "9be8c202-56f0-449f-84fa-375d239b5654", "title": "Markdown on Save Improved <= 2.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Markdown on Save Improved", "slug": "markdown-on-save-improved", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9be8c202-56f0-449f-84fa-375d239b5654?source=api-scan" ], "published": "2016-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9be94d63-f027-4988-ab41-673658c1fa5f": { "id": "9be94d63-f027-4988-ab41-673658c1fa5f", "title": "WooCommerce Checkout Field Manager <= 17.3 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WooCommerce Checkout Field Manager", "slug": "n-media-woocommerce-checkout-fields", "affected_versions": { "* - 17.3": { "from_version": "*", "from_inclusive": true, "to_version": "17.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "18.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9be94d63-f027-4988-ab41-673658c1fa5f?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bed2e86-1cc0-4fed-a44f-0c495c423e22": { "id": "9bed2e86-1cc0-4fed-a44f-0c495c423e22", "title": "BuddyPress <= 2.3.4 - Privilege Escalation", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bed2e86-1cc0-4fed-a44f-0c495c423e22?source=api-scan" ], "published": "2015-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bf472f1-5980-48ee-aa10-aad19b6f2456": { "id": "9bf472f1-5980-48ee-aa10-aad19b6f2456", "title": "Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bf6b196-6dd8-41b7-9838-287be16559fd": { "id": "9bf6b196-6dd8-41b7-9838-287be16559fd", "title": "WP Stripe Checkout <= 1.2.2.20 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Stripe Checkout", "slug": "wp-stripe-checkout", "affected_versions": { "* - 1.2.2.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bf6b196-6dd8-41b7-9838-287be16559fd?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9bf8485b-a363-44a3-93c7-a6fba034b48f": { "id": "9bf8485b-a363-44a3-93c7-a6fba034b48f", "title": "SrbTransLatin \u2013 SrbTransLatin <= 1.46 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SrbTransLatin \u2013 Serbian Latinisation", "slug": "srbtranslatin", "affected_versions": { "* - 1.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9bf8485b-a363-44a3-93c7-a6fba034b48f?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c101fca-037c-4bed-9dc7-baa021a8b59c": { "id": "9c101fca-037c-4bed-9dc7-baa021a8b59c", "title": "Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Hunk Companion", "slug": "hunk-companion", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c17d18a-090f-4b35-a257-cfc0a16d5459": { "id": "9c17d18a-090f-4b35-a257-cfc0a16d5459", "title": "Social Media Share Buttons <= 2.1.0 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Social Media Share Buttons", "slug": "social-media-builder", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c17d18a-090f-4b35-a257-cfc0a16d5459?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c226d83-2886-4b7c-978c-ad723709145f": { "id": "9c226d83-2886-4b7c-978c-ad723709145f", "title": "DukaPress < 2.5.4 - Directory Traversal", "software": [ { "type": "plugin", "name": "DukaPress", "slug": "dukapress", "affected_versions": { "[*, 2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c226d83-2886-4b7c-978c-ad723709145f?source=api-scan" ], "published": "2014-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c2465b8-09d2-4895-bc97-6f6f2e349d50": { "id": "9c2465b8-09d2-4895-bc97-6f6f2e349d50", "title": "WP-ContactForm <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-ContactForm", "slug": "wp-contactform", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c2465b8-09d2-4895-bc97-6f6f2e349d50?source=api-scan" ], "published": "2008-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c269233-f2dc-42ef-98be-78600f90e87d": { "id": "9c269233-f2dc-42ef-98be-78600f90e87d", "title": "MainWP Links Manager Extension <= 2.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "MainWP Links Manager Extension", "slug": "mainwp-links-manager-extension", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c269233-f2dc-42ef-98be-78600f90e87d?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c2883e6-2a90-46c7-ba42-cc078e4d1670": { "id": "9c2883e6-2a90-46c7-ba42-cc078e4d1670", "title": "Quiz and Survey Master <= 7.1.13 - SQL Injection", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c2883e6-2a90-46c7-ba42-cc078e4d1670?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c29c110-87ed-47e3-919f-f6e98f703805": { "id": "9c29c110-87ed-47e3-919f-f6e98f703805", "title": "Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple File Downloader", "slug": "simple-file-downloader", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c29c110-87ed-47e3-919f-f6e98f703805?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c3a047f-be12-4308-a4a5-fbbbc37f674d": { "id": "9c3a047f-be12-4308-a4a5-fbbbc37f674d", "title": "WP Reroute Email <= 1.4.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Reroute Email", "slug": "wp-reroute-email", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c3a047f-be12-4308-a4a5-fbbbc37f674d?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c3dc5fe-b1c8-4581-8100-68d313c3ac20": { "id": "9c3dc5fe-b1c8-4581-8100-68d313c3ac20", "title": "MC4WP: Mailchimp for WordPress <= 4.8.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "* - 4.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c3dc5fe-b1c8-4581-8100-68d313c3ac20?source=api-scan" ], "published": "2022-03-02 07:15:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c3df12d-e526-4a23-89d3-bfdcea9f7b2d": { "id": "9c3df12d-e526-4a23-89d3-bfdcea9f7b2d", "title": "Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change", "software": [ { "type": "plugin", "name": "Miniorange OTP Verification with Firebase", "slug": "miniorange-firebase-sms-otp-verification", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c3df12d-e526-4a23-89d3-bfdcea9f7b2d?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c40773d-3a2f-46b6-861e-608d662250da": { "id": "9c40773d-3a2f-46b6-861e-608d662250da", "title": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.3.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 5.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c40773d-3a2f-46b6-861e-608d662250da?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c42095d-c5b5-448a-8c6e-9a6c0e15a660": { "id": "9c42095d-c5b5-448a-8c6e-9a6c0e15a660", "title": "Usernoise modal feedback \/ contact form < 3.7.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Usernoise modal feedback \/ contact form", "slug": "usernoise", "affected_versions": { "[*, 3.7.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c42095d-c5b5-448a-8c6e-9a6c0e15a660?source=api-scan" ], "published": "2013-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c44b6e5-7fb2-402e-8c8c-79d811ff0e9a": { "id": "9c44b6e5-7fb2-402e-8c8c-79d811ff0e9a", "title": "Booking calendar, Appointment Booking System <= 3.2.6 - Authenticated (Administrator+) SQL Injection via *_selected", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c44b6e5-7fb2-402e-8c8c-79d811ff0e9a?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c4e5c12-6f12-40cb-ac0a-389ad3715503": { "id": "9c4e5c12-6f12-40cb-ac0a-389ad3715503", "title": "reSmush.it <= 0.4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "reSmush.it : The original free image compressor and optimizer plugin", "slug": "resmushit-image-optimizer", "affected_versions": { "* - 0.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c4e5c12-6f12-40cb-ac0a-389ad3715503?source=api-scan" ], "published": "2022-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c538318-4c6f-4610-b4d4-a20005148d23": { "id": "9c538318-4c6f-4610-b4d4-a20005148d23", "title": "Gallery Categories by BestWebSoft < 1.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Categories by BestWebSoft", "slug": "gallery-categories", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c538318-4c6f-4610-b4d4-a20005148d23?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c5a4705-1bad-4ea9-9102-dc2780a61ac7": { "id": "9c5a4705-1bad-4ea9-9102-dc2780a61ac7", "title": "Essential Real Estate <= 1.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Real Estate", "slug": "essential-real-estate", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c5a4705-1bad-4ea9-9102-dc2780a61ac7?source=api-scan" ], "published": "2019-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c640bcb-b6bf-4865-b713-32ca846e4ed9": { "id": "9c640bcb-b6bf-4865-b713-32ca846e4ed9", "title": "Hotjar <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hotjar", "slug": "hotjar", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=api-scan" ], "published": "2023-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c6577a2-6722-4d3b-958d-1143dca414cd": { "id": "9c6577a2-6722-4d3b-958d-1143dca414cd", "title": "WCFM Membership <= 2.10.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace", "slug": "wc-multivendor-membership", "affected_versions": { "* - 2.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c6577a2-6722-4d3b-958d-1143dca414cd?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c657ea2-ff7b-4ef2-a7dd-a330484dd821": { "id": "9c657ea2-ff7b-4ef2-a7dd-a330484dd821", "title": "Sailthru Triggermail <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sailthru Triggermail", "slug": "sailthru-triggermail", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c657ea2-ff7b-4ef2-a7dd-a330484dd821?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c6cbe4e-ee14-4361-9db3-d6e820ee7171": { "id": "9c6cbe4e-ee14-4361-9db3-d6e820ee7171", "title": "WP Meta SEO <= 4.5.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c6cbe4e-ee14-4361-9db3-d6e820ee7171?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c78e0b6-bf24-4a23-8501-b26e681a7a4a": { "id": "9c78e0b6-bf24-4a23-8501-b26e681a7a4a", "title": "Author Chat <= 1.9.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Author Chat", "slug": "author-chat", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c78e0b6-bf24-4a23-8501-b26e681a7a4a?source=api-scan" ], "published": "2019-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c7cf6f9-6fd0-487f-93cf-516b52736512": { "id": "9c7cf6f9-6fd0-487f-93cf-516b52736512", "title": "WPS Hide Login <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c7cf6f9-6fd0-487f-93cf-516b52736512?source=api-scan" ], "published": "2015-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c7d2321-735a-4b5f-a36d-16375c994d2d": { "id": "9c7d2321-735a-4b5f-a36d-16375c994d2d", "title": "Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c7d2321-735a-4b5f-a36d-16375c994d2d?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c7edcbd-83b8-405b-892a-c404947990b3": { "id": "9c7edcbd-83b8-405b-892a-c404947990b3", "title": "\u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS <= 4.4.0 - Cross-Site Scripting and SQL Injection", "software": [ { "type": "plugin", "name": "\u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS", "slug": "persian-woocommerce-sms", "affected_versions": { "* - 4.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c7edcbd-83b8-405b-892a-c404947990b3?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c839d07-c496-46cc-8024-742f44cd3638": { "id": "9c839d07-c496-46cc-8024-742f44cd3638", "title": "Quotes Collection < 2.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quotes Collection", "slug": "quotes-collection", "affected_versions": { "[*, 2.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c839d07-c496-46cc-8024-742f44cd3638?source=api-scan" ], "published": "2016-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c865d60-9e9f-450a-a3c4-43d991bf2478": { "id": "9c865d60-9e9f-450a-a3c4-43d991bf2478", "title": "WordPress Exit Box Lite <= 1.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Exit Box Lite", "slug": "wordpress-exit-box-lite", "affected_versions": { "* - 1.06": { "from_version": "*", "from_inclusive": true, "to_version": "1.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c865d60-9e9f-450a-a3c4-43d991bf2478?source=api-scan" ], "published": "2013-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c8ab916-240d-43c3-92d4-7efd75862a5e": { "id": "9c8ab916-240d-43c3-92d4-7efd75862a5e", "title": "ShiftController Employee Shift Scheduling <= 4.9.57 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "ShiftController Employee Shift Scheduling", "slug": "shiftcontroller", "affected_versions": { "* - 4.9.57": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c8ab916-240d-43c3-92d4-7efd75862a5e?source=api-scan" ], "published": "2024-05-16 07:20:34", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c8b0de4-e3ee-4711-8f27-097dee843dd8": { "id": "9c8b0de4-e3ee-4711-8f27-097dee843dd8", "title": "10Web Booster \u2013 Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 - Missing Authorization in Settings Import to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "10Web Booster \u2013 Website speed optimization, Cache & Page Speed optimizer", "slug": "tenweb-speed-optimizer", "affected_versions": { "* - 2.13.44": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c8b0de4-e3ee-4711-8f27-097dee843dd8?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c8ff308-712b-4cf6-98ea-200d2fed9c43": { "id": "9c8ff308-712b-4cf6-98ea-200d2fed9c43", "title": "Comments - wpDiscuz <= 3.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c8ff308-712b-4cf6-98ea-200d2fed9c43?source=api-scan" ], "published": "2016-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c935ec2-c51e-4760-bccc-3a6988bd4262": { "id": "9c935ec2-c51e-4760-bccc-3a6988bd4262", "title": "Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Change default login logo,url and title", "slug": "change-default-login-logo-url-and-title", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c935ec2-c51e-4760-bccc-3a6988bd4262?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9c9feabc-6a8d-4367-8ea2-cc5284dbc041": { "id": "9c9feabc-6a8d-4367-8ea2-cc5284dbc041", "title": "All-in-One WP Migration <= 6.45 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "[*, 6.46)": { "from_version": "*", "from_inclusive": true, "to_version": "6.46", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9c9feabc-6a8d-4367-8ea2-cc5284dbc041?source=api-scan" ], "published": "2017-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cac5c66-d366-4a67-b29b-4efed67ab55b": { "id": "9cac5c66-d366-4a67-b29b-4efed67ab55b", "title": "wpForo Forum <= 2.3.4 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cac5c66-d366-4a67-b29b-4efed67ab55b?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cae7702-e531-45b9-9131-42edbc073a07": { "id": "9cae7702-e531-45b9-9131-42edbc073a07", "title": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress", "slug": "file-manager", "affected_versions": { "* - 6.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cae7702-e531-45b9-9131-42edbc073a07?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cb6384a-f9dc-454c-be39-c2c681e57d36": { "id": "9cb6384a-f9dc-454c-be39-c2c681e57d36", "title": "Contact Form Builder by Bit Form <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cb6384a-f9dc-454c-be39-c2c681e57d36?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cb7bc91-b2e9-4ede-80cf-6b961ac6dcb9": { "id": "9cb7bc91-b2e9-4ede-80cf-6b961ac6dcb9", "title": "WPGraphQL <= 0.2.3 - Information Exposure", "software": [ { "type": "plugin", "name": "WPGraphQL", "slug": "wp-graphql", "affected_versions": { "* - 0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cb7bc91-b2e9-4ede-80cf-6b961ac6dcb9?source=api-scan" ], "published": "2019-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cb96b56-82cb-4429-b645-dfe8a14931e5": { "id": "9cb96b56-82cb-4429-b645-dfe8a14931e5", "title": "The Plus Addons for Elementor Pro <= 5.0.6 - Sensitive Data Disclosure", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "[*, 5.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cb96b56-82cb-4429-b645-dfe8a14931e5?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cbbbb51-d770-429a-8256-c83ad71560ba": { "id": "9cbbbb51-d770-429a-8256-c83ad71560ba", "title": "WP MultiTasking <= 0.1.12 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP MultiTasking \u2013 WP Utilities", "slug": "wp-multitasking", "affected_versions": { "* - 0.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cbbbb51-d770-429a-8256-c83ad71560ba?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cceca0e-5411-4b8c-a261-91098a8bc7fa": { "id": "9cceca0e-5411-4b8c-a261-91098a8bc7fa", "title": "WP Reactions Lite <= 1.3.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Reactions Lite", "slug": "wp-reactions-lite", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cceca0e-5411-4b8c-a261-91098a8bc7fa?source=api-scan" ], "published": "2021-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cd2ca03-e644-4bcd-b4b1-a547494fed7d": { "id": "9cd2ca03-e644-4bcd-b4b1-a547494fed7d", "title": "Booked <= 2.2.5 - Missing Authorization on AJAX Actions", "software": [ { "type": "plugin", "name": "Booked - Appointment Booking for WordPress", "slug": "booked", "affected_versions": { "[*, 2.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cd2ca03-e644-4bcd-b4b1-a547494fed7d?source=api-scan" ], "published": "2020-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513": { "id": "9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513", "title": "Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.24.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cd92993-1cda-46dc-8318-f2e938bff262": { "id": "9cd92993-1cda-46dc-8318-f2e938bff262", "title": "Incoming Links < 0.9.10b - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Incoming Links", "slug": "incoming-links", "affected_versions": { "[*, 0.9.10b)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.10b", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.10b" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cd92993-1cda-46dc-8318-f2e938bff262?source=api-scan" ], "published": "2015-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ce8ad5f-05e8-4279-915a-1c94559d4e56": { "id": "9ce8ad5f-05e8-4279-915a-1c94559d4e56", "title": "Advanced Flamingo <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Flamingo", "slug": "advanced-flamingo", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ce8ad5f-05e8-4279-915a-1c94559d4e56?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cec4d7a-81e0-489a-b549-5848ed9a8449": { "id": "9cec4d7a-81e0-489a-b549-5848ed9a8449", "title": "WP Source Control < 3.1.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "WP Source Control", "slug": "wp-source-control", "affected_versions": { "[*, 3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cec4d7a-81e0-489a-b549-5848ed9a8449?source=api-scan" ], "published": "2014-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cec5880-214b-4a35-9b36-e3a9e54e8f3b": { "id": "9cec5880-214b-4a35-9b36-e3a9e54e8f3b", "title": "Leyka <= 3.31.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "* - 3.31.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.31.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.31.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cec5880-214b-4a35-9b36-e3a9e54e8f3b?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cf10ed7-7248-4dfd-b7ee-13cea3ee2154": { "id": "9cf10ed7-7248-4dfd-b7ee-13cea3ee2154", "title": "Quick Post Widget <= 1.9.1 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "quick-post-widget", "slug": "quick-post-widget", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cf10ed7-7248-4dfd-b7ee-13cea3ee2154?source=api-scan" ], "published": "2012-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cf12dc1-7b66-4c6e-8c3e-5915e1032303": { "id": "9cf12dc1-7b66-4c6e-8c3e-5915e1032303", "title": "Jock on air now <= 5.6.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jock On Air Now", "slug": "joan", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cf12dc1-7b66-4c6e-8c3e-5915e1032303?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cf17c08-25b7-450d-acd9-963a1f79e495": { "id": "9cf17c08-25b7-450d-acd9-963a1f79e495", "title": "Redirection for Contact Form 7 <= 2.9.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cf17c08-25b7-450d-acd9-963a1f79e495?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cf4a11e-ad28-4a93-9278-1d2d113a4859": { "id": "9cf4a11e-ad28-4a93-9278-1d2d113a4859", "title": "Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Custom Post Limits", "slug": "custom-post-limits", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cf4a11e-ad28-4a93-9278-1d2d113a4859?source=api-scan" ], "published": "2024-09-12 21:26:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cfa4cb3-0f16-40be-9e78-ea378c3f535f": { "id": "9cfa4cb3-0f16-40be-9e78-ea378c3f535f", "title": "Media Library Assistant <= 2.73 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "[*, 2.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.74" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cfa4cb3-0f16-40be-9e78-ea378c3f535f?source=api-scan" ], "published": "2018-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cfa753b-dbf5-4fe7-be69-fd8972a45e44": { "id": "9cfa753b-dbf5-4fe7-be69-fd8972a45e44", "title": "Workreap < 2.2.2 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Workreap - Freelance Marketplace and Directory WordPress Theme", "slug": "workreap", "affected_versions": { "[*, 2.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cfa753b-dbf5-4fe7-be69-fd8972a45e44?source=api-scan" ], "published": "2021-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cfbafce-ba3b-477f-ad8d-ca4e57332f0b": { "id": "9cfbafce-ba3b-477f-ad8d-ca4e57332f0b", "title": "WangGuard < 1.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WangGuard", "slug": "wangguard", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cfbafce-ba3b-477f-ad8d-ca4e57332f0b?source=api-scan" ], "published": "2016-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9cfe91e6-238b-4652-892c-0016c1330088": { "id": "9cfe91e6-238b-4652-892c-0016c1330088", "title": "B Slider - Slider for your block editor <= 1.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "B Slider- Gutenberg Slider Block for WP", "slug": "b-slider", "affected_versions": { "* - 1.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9cfe91e6-238b-4652-892c-0016c1330088?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d04d8c1-75c0-447c-a26a-c2724c0a6618": { "id": "9d04d8c1-75c0-447c-a26a-c2724c0a6618", "title": "Create by Mediavine <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Schema Meta Shortcode", "software": [ { "type": "plugin", "name": "Create by Mediavine", "slug": "mediavine-create", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d04d8c1-75c0-447c-a26a-c2724c0a6618?source=api-scan" ], "published": "2024-06-26 19:03:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d0782ef-b74e-4540-a11d-280e432fc127": { "id": "9d0782ef-b74e-4540-a11d-280e432fc127", "title": "Mail Subscribe List <= 2.0.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mail Subscribe List", "slug": "mail-subscribe-list", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d0782ef-b74e-4540-a11d-280e432fc127?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d09bdab-ffab-44cc-bba2-821b21a8e343": { "id": "9d09bdab-ffab-44cc-bba2-821b21a8e343", "title": "wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase\/Decrease", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d09bdab-ffab-44cc-bba2-821b21a8e343?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3": { "id": "9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3", "title": "WP Activity Log <= 4.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "[*, 4.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3?source=api-scan" ], "published": "2020-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d0b1e05-0e28-4cf5-a278-ea91b6c9d253": { "id": "9d0b1e05-0e28-4cf5-a278-ea91b6c9d253", "title": "CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CPO Content Types", "slug": "cpo-content-types", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d0b1e05-0e28-4cf5-a278-ea91b6c9d253?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d0c144b-609b-4b4a-bfb2-de38b5969a9e": { "id": "9d0c144b-609b-4b4a-bfb2-de38b5969a9e", "title": "BP Profile Search <= 4.5.3 - PHP Object Injection", "software": [ { "type": "plugin", "name": "BP Profile Search", "slug": "bp-profile-search", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d0c144b-609b-4b4a-bfb2-de38b5969a9e?source=api-scan" ], "published": "2016-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d0eb69a-3c94-40c2-acdf-6310190197a6": { "id": "9d0eb69a-3c94-40c2-acdf-6310190197a6", "title": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", "slug": "leaflet-maps-marker", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d0eb69a-3c94-40c2-acdf-6310190197a6?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d0f1227-cb60-4973-95a6-6272f5173bf4": { "id": "9d0f1227-cb60-4973-95a6-6272f5173bf4", "title": "Yoga Schedule Momoyoga <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoga Schedule Momoyoga", "slug": "momoyoga-integration", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d0f1227-cb60-4973-95a6-6272f5173bf4?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d11c022-9938-4a9e-be16-db986fdfa1c8": { "id": "9d11c022-9938-4a9e-be16-db986fdfa1c8", "title": "Youtube SpeedLoad <= 0.6.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Youtube SpeedLoad", "slug": "youtube-speedload", "affected_versions": { "* - 0.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d11c022-9938-4a9e-be16-db986fdfa1c8?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d15e418-36bb-4f53-ac67-8f6122591dd2": { "id": "9d15e418-36bb-4f53-ac67-8f6122591dd2", "title": "Stream <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Stream", "slug": "stream", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d15e418-36bb-4f53-ac67-8f6122591dd2?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d17f26b-e8b7-480d-bf03-2cfdb261fa28": { "id": "9d17f26b-e8b7-480d-bf03-2cfdb261fa28", "title": "NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality", "software": [ { "type": "plugin", "name": "NS WooCommerce Watermark", "slug": "ns-woocommerce-watermark", "affected_versions": { "* - 2.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d17f26b-e8b7-480d-bf03-2cfdb261fa28?source=api-scan" ], "published": "2022-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d19be8b-3e0b-4d74-97e0-f17132d2d34c": { "id": "9d19be8b-3e0b-4d74-97e0-f17132d2d34c", "title": "NEX-Forms <= 8.3.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d19be8b-3e0b-4d74-97e0-f17132d2d34c?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d": { "id": "9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d", "title": "WP Meta SEO <= 4.5.3 - Missing Authorization in 'saveSitemapSettings'", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d1e8703-4ad3-42c5-a20d-f1bd31522a8b": { "id": "9d1e8703-4ad3-42c5-a20d-f1bd31522a8b", "title": "Change WordPress Login Logo <= 1.1.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Change WordPress Login Logo", "slug": "change-login-logo", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d1e8703-4ad3-42c5-a20d-f1bd31522a8b?source=api-scan" ], "published": "2020-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d1fcdb9-215c-415b-bd47-4cbf9258685b": { "id": "9d1fcdb9-215c-415b-bd47-4cbf9258685b", "title": "Advanced Ads \u2013 Ad Manager & AdSense <= 1.31.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Ads \u2013\u00a0Ad Manager & AdSense", "slug": "advanced-ads", "affected_versions": { "* - 1.31.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.31.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.32.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d1fcdb9-215c-415b-bd47-4cbf9258685b?source=api-scan" ], "published": "2022-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d21191c-32ef-4de6-8e95-ad66779e42f9": { "id": "9d21191c-32ef-4de6-8e95-ad66779e42f9", "title": "Serious Slider <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Serious Slider", "slug": "cryout-serious-slider", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d21191c-32ef-4de6-8e95-ad66779e42f9?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d2345d2-0bcf-46fc-a857-0ec10a1b1c26": { "id": "9d2345d2-0bcf-46fc-a857-0ec10a1b1c26", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.4 - Path Traversal to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d2345d2-0bcf-46fc-a857-0ec10a1b1c26?source=api-scan" ], "published": "2016-12-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d272148-0c05-49c7-ab86-22a3bc622bcf": { "id": "9d272148-0c05-49c7-ab86-22a3bc622bcf", "title": "Download PDF & Print by BestWebSoft \u2013 WordPress Posts and Pages PDF Generator Plugin <= 1.9.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF & Print by BestWebSoft \u2013 WordPress Posts and Pages PDF Generator Plugin", "slug": "pdf-print", "affected_versions": { "[*, 1.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d272148-0c05-49c7-ab86-22a3bc622bcf?source=api-scan" ], "published": "2017-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d2a238f-7192-49f0-be2e-3a35fca651d9": { "id": "9d2a238f-7192-49f0-be2e-3a35fca651d9", "title": "\u5fae\u4fe1\u673a\u5668\u4eba\u9ad8\u7ea7\u7248 <= 6.2.1 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "\u5fae\u4fe1\u673a\u5668\u4eba\u9ad8\u7ea7\u7248", "slug": "weixin-robot-advanced", "affected_versions": { "* - 6.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d2a238f-7192-49f0-be2e-3a35fca651d9?source=api-scan" ], "published": "2023-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d2dde9f-c3c3-4e6e-a7e2-a0e511bff010": { "id": "9d2dde9f-c3c3-4e6e-a7e2-a0e511bff010", "title": "School Management System for Wordpress <= 56.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "School Management System for Wordpress", "slug": "school-management", "affected_versions": { "[*, 57.0)": { "from_version": "*", "from_inclusive": true, "to_version": "57.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "57.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d2dde9f-c3c3-4e6e-a7e2-a0e511bff010?source=api-scan" ], "published": "2019-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d2df49d-0276-403d-9fe8-00fdf7262818": { "id": "9d2df49d-0276-403d-9fe8-00fdf7262818", "title": "NextScripts: Social Networks Auto-Poster <= 3.4.17 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "[*, 3.4.18)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d2df49d-0276-403d-9fe8-00fdf7262818?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d32bda7-2d2d-4364-8ac9-e32950f889ed": { "id": "9d32bda7-2d2d-4364-8ac9-e32950f889ed", "title": "MStore API <= 4.10.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 4.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d32bda7-2d2d-4364-8ac9-e32950f889ed?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d387a5c-717c-4383-af7d-5a5f48628cb7": { "id": "9d387a5c-717c-4383-af7d-5a5f48628cb7", "title": "Captchinoo Captcha <= 2.3 - Missing Authorization to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Captchinoo, admin login page protection with Google recaptcha", "slug": "captchinoo-captcha-for-login-form-protection", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d387a5c-717c-4383-af7d-5a5f48628cb7?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d389098-d428-48f2-b012-207b55497b0b": { "id": "9d389098-d428-48f2-b012-207b55497b0b", "title": "Paytium <= 4.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d389098-d428-48f2-b012-207b55497b0b?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d3b4315-05cd-4349-8dd9-ea6792048a9d": { "id": "9d3b4315-05cd-4349-8dd9-ea6792048a9d", "title": "Google Fonts Typography <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via blockType arguments", "software": [ { "type": "plugin", "name": "Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts", "slug": "olympus-google-fonts", "affected_versions": { "[*, 3.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d3b4315-05cd-4349-8dd9-ea6792048a9d?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d3b6448-14cc-4146-9a93-98150031fcb6": { "id": "9d3b6448-14cc-4146-9a93-98150031fcb6", "title": "Wibar | Wine and Vineyard WooCommerce WordPress Theme < 1.2.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Wibar | Wine and Vineyard WooCommerce WordPress Theme", "slug": "wibar", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d3b6448-14cc-4146-9a93-98150031fcb6?source=api-scan" ], "published": "2020-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d47df99-cff5-4be7-ab8e-ef333cf3755b": { "id": "9d47df99-cff5-4be7-ab8e-ef333cf3755b", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d47df99-cff5-4be7-ab8e-ef333cf3755b?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d49e28b-8b5e-4c67-a36d-c78ee33ffc6e": { "id": "9d49e28b-8b5e-4c67-a36d-c78ee33ffc6e", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.65": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d49e28b-8b5e-4c67-a36d-c78ee33ffc6e?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d4bbf48-6525-4569-98a6-412f2bfe7628": { "id": "9d4bbf48-6525-4569-98a6-412f2bfe7628", "title": "Mail Masta <= 1.0 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d4bbf48-6525-4569-98a6-412f2bfe7628?source=api-scan" ], "published": "2016-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d4df759-1d5a-478a-aab1-f728fe909b5e": { "id": "9d4df759-1d5a-478a-aab1-f728fe909b5e", "title": "Backup and Staging by WP Time Capsule <= 1.22.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Backup and Staging by WP Time Capsule", "slug": "wp-time-capsule", "affected_versions": { "* - 1.22.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d4df759-1d5a-478a-aab1-f728fe909b5e?source=api-scan" ], "published": "2021-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d4f47af-294a-4c3a-accd-9ae674916a38": { "id": "9d4f47af-294a-4c3a-accd-9ae674916a38", "title": "LearnDash LMS <= 2.5.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "LearnDash LMS", "slug": "sfwd-lms", "affected_versions": { "[*, 2.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d4f47af-294a-4c3a-accd-9ae674916a38?source=api-scan" ], "published": "2018-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d4ff5ed-8857-46b8-942b-ac0f47880a95": { "id": "9d4ff5ed-8857-46b8-942b-ac0f47880a95", "title": "Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing", "software": [ { "type": "plugin", "name": "Advanced File Manager", "slug": "file-manager-advanced", "affected_versions": { "* - 5.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d4ff5ed-8857-46b8-942b-ac0f47880a95?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d534a1e-280d-418d-b497-1f3e6f3a20fb": { "id": "9d534a1e-280d-418d-b497-1f3e6f3a20fb", "title": "GSEOR \u2013 WordPress SEO Plugin <= 1.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "GSEOR \u2013 WordPress SEO Plugin", "slug": "gseor", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d534a1e-280d-418d-b497-1f3e6f3a20fb?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d56c960-004d-4dde-b0f5-ba32e397e9c3": { "id": "9d56c960-004d-4dde-b0f5-ba32e397e9c3", "title": "LA-Studio Element Kit for Elementor <= 1.3.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d56c960-004d-4dde-b0f5-ba32e397e9c3?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d5ed6cf-ae12-4da5-809f-6a8c61eeb4f6": { "id": "9d5ed6cf-ae12-4da5-809f-6a8c61eeb4f6", "title": "Assistant <= 1.4.3 - Authenticated (Editor+) Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Assistant \u2013 Every Day Productivity Apps", "slug": "assistant", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d5ed6cf-ae12-4da5-809f-6a8c61eeb4f6?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d5f9d2e-6719-4ce7-bbdd-afaf437bd080": { "id": "9d5f9d2e-6719-4ce7-bbdd-afaf437bd080", "title": "Link Library <= 7.5.13 - Reflected Cross-Site Scripting via 'link_price' and 'link_tags'", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d5f9d2e-6719-4ce7-bbdd-afaf437bd080?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d604200-91b0-4885-8fe2-1323b9d6fed5": { "id": "9d604200-91b0-4885-8fe2-1323b9d6fed5", "title": "WooCommerce Payments <= 4.5.0 - Payment Bypass", "software": [ { "type": "plugin", "name": "WooPayments: Integrated WooCommerce Payments", "slug": "woocommerce-payments", "affected_versions": { "[3.9.0, 3.9.4)": { "from_version": "3.9.0", "from_inclusive": true, "to_version": "3.9.4", "to_inclusive": false }, "[4.0.0, 4.0.3)": { "from_version": "4.0.0", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": false }, "[4.1.0, 4.1.1)": { "from_version": "4.1.0", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false }, "[4.2.0, 4.2.2)": { "from_version": "4.2.0", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": false }, "[4.3.0, 4.3.1)": { "from_version": "4.3.0", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": false }, "[4.4.0, 4.4.1)": { "from_version": "4.4.0", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": false }, "4.5.0": { "from_version": "4.5.0", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.4", "4.0.3", "4.1.1", "4.2.2", "4.3.1", "4.4.1", "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d604200-91b0-4885-8fe2-1323b9d6fed5?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d619314-88c2-4c42-863d-46f99a4aaa73": { "id": "9d619314-88c2-4c42-863d-46f99a4aaa73", "title": "WP MultiTasking <= 0.1.12 - Cross-Site Request Forgery to Exit Popup Update", "software": [ { "type": "plugin", "name": "WP MultiTasking \u2013 WP Utilities", "slug": "wp-multitasking", "affected_versions": { "* - 0.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d619314-88c2-4c42-863d-46f99a4aaa73?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d64d711-f2d9-4447-9ac1-80c5ea51c23e": { "id": "9d64d711-f2d9-4447-9ac1-80c5ea51c23e", "title": "Plugin Name: Device Theme Switcher <= 3.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Plugin Name: Device Theme Switcher", "slug": "device-theme-switcher", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d64d711-f2d9-4447-9ac1-80c5ea51c23e?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d682596-c32d-4abd-ba39-b57fc45c9ce0": { "id": "9d682596-c32d-4abd-ba39-b57fc45c9ce0", "title": "Qtranslate Slug <= 1.1.18 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Qtranslate Slug", "slug": "qtranslate-slug", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d682596-c32d-4abd-ba39-b57fc45c9ce0?source=api-scan" ], "published": "2021-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e": { "id": "9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e", "title": "Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "[*, 1.15.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e?source=api-scan" ], "published": "2021-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d6a7230-07c7-43f3-a844-77d2bb19545d": { "id": "9d6a7230-07c7-43f3-a844-77d2bb19545d", "title": "W4 Post List <= 2.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "W4 Post List", "slug": "w4-post-list", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d6a7230-07c7-43f3-a844-77d2bb19545d?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d6dd532-008b-4ce9-beca-baf5b3678a0b": { "id": "9d6dd532-008b-4ce9-beca-baf5b3678a0b", "title": "Seraphinite Accelerator <= 2.20.28 - Arbitrary Redirect via 'redir'", "software": [ { "type": "plugin", "name": "Seraphinite Accelerator", "slug": "seraphinite-accelerator", "affected_versions": { "* - 2.20.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d6dd532-008b-4ce9-beca-baf5b3678a0b?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d72604e-23ef-4a69-8839-cf8ff4aef3bc": { "id": "9d72604e-23ef-4a69-8839-cf8ff4aef3bc", "title": "Download Manager <= 3.2.43 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.43": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d72604e-23ef-4a69-8839-cf8ff4aef3bc?source=api-scan" ], "published": "2022-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d72a965-5d81-4619-ad8b-46960a89bf1b": { "id": "9d72a965-5d81-4619-ad8b-46960a89bf1b", "title": "Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d72a965-5d81-4619-ad8b-46960a89bf1b?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d79ce22-33ef-4dfb-a842-591cd7cedc94": { "id": "9d79ce22-33ef-4dfb-a842-591cd7cedc94", "title": "Web Accessibility By accessiBe <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Web Accessibility By accessiBe", "slug": "accessibe", "affected_versions": { "* - 1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d79ce22-33ef-4dfb-a842-591cd7cedc94?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d7cd3eb-3ab7-44b3-8568-ce145977dfab": { "id": "9d7cd3eb-3ab7-44b3-8568-ce145977dfab", "title": "WordPress Appointment Schedule Booking System <=1.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-appointment-schedule-booking-system", "slug": "wp-appointment-schedule-booking-system", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d7cd3eb-3ab7-44b3-8568-ce145977dfab?source=api-scan" ], "published": "2016-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d7f48a9-07f9-4add-bfa2-7ddbcf2f866f": { "id": "9d7f48a9-07f9-4add-bfa2-7ddbcf2f866f", "title": "WP Whois Domain <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Whois Domain", "slug": "wp-whois-domain", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d7f48a9-07f9-4add-bfa2-7ddbcf2f866f?source=api-scan" ], "published": "2017-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d8551b8-67b9-45a8-9357-9e42fb451606": { "id": "9d8551b8-67b9-45a8-9357-9e42fb451606", "title": "Ya'aburnee <= 1.0.7 and Dignitas <= 1.1.9 - Privilege Escalation", "software": [ { "type": "theme", "name": "Ya'aburnee - Magazine & E-Commerce Theme | News \/ Editorial", "slug": "yaaburnee-themes", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Dignitas - Hotel & Apartment Responsive Theme | Travel", "slug": "dignitas-themes", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d8551b8-67b9-45a8-9357-9e42fb451606?source=api-scan" ], "published": "2015-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d87fd94-8a64-4b9b-9e51-025a689fa87b": { "id": "9d87fd94-8a64-4b9b-9e51-025a689fa87b", "title": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation <= 2.3.5 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation", "slug": "menu-ordering-reservations", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d87fd94-8a64-4b9b-9e51-025a689fa87b?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d8e0ad2-3cfb-443f-9958-9639d0745dd7": { "id": "9d8e0ad2-3cfb-443f-9958-9639d0745dd7", "title": "Peadig's Like & Share Button <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FireCask Like & Share Button", "slug": "facebook-like-send-button", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d8e0ad2-3cfb-443f-9958-9639d0745dd7?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d8eae69-722a-45ea-a3ca-d4a39a63c4b3": { "id": "9d8eae69-722a-45ea-a3ca-d4a39a63c4b3", "title": "NewStatPress <= 1.0.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d8eae69-722a-45ea-a3ca-d4a39a63c4b3?source=api-scan" ], "published": "2015-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d979950-d365-4750-a4f1-df9335d3452d": { "id": "9d979950-d365-4750-a4f1-df9335d3452d", "title": "Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Qi Addons For Elementor", "slug": "qi-addons-for-elementor", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d979950-d365-4750-a4f1-df9335d3452d?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d986739-d6a5-491d-948f-4c58af75369a": { "id": "9d986739-d6a5-491d-948f-4c58af75369a", "title": "Restaurant & Cafe Addon for Elementor <= 1.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Restaurant & Cafe Addon for Elementor", "slug": "restaurant-cafe-addon-for-elementor", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d986739-d6a5-491d-948f-4c58af75369a?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d98946e-864f-434e-8f45-85d663bbefee": { "id": "9d98946e-864f-434e-8f45-85d663bbefee", "title": "Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery via AJAX actions", "software": [ { "type": "plugin", "name": "Just Custom Fields", "slug": "just-custom-fields", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d98946e-864f-434e-8f45-85d663bbefee?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d990802-a964-493a-8f34-4b5784f52e60": { "id": "9d990802-a964-493a-8f34-4b5784f52e60", "title": "Product Feed PRO for WooCommerce <= 11.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Feed PRO for WooCommerce by AdTribes \u2013 WooCommerce Product Feeds", "slug": "woo-product-feed-pro", "affected_versions": { "[*, 11.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "11.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d990802-a964-493a-8f34-4b5784f52e60?source=api-scan" ], "published": "2022-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9d9cf724-9ae7-4414-88d1-10640491df34": { "id": "9d9cf724-9ae7-4414-88d1-10640491df34", "title": "W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "[*, 2.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9d9cf724-9ae7-4414-88d1-10640491df34?source=api-scan" ], "published": "2021-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9da7c252-b0d4-4d91-bfc4-fd3c7f667108": { "id": "9da7c252-b0d4-4d91-bfc4-fd3c7f667108", "title": "Event Management Tickets Booking <= 1.4.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event", "slug": "event-monster", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9da7c252-b0d4-4d91-bfc4-fd3c7f667108?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dac1d91-b9a9-47e0-86cb-2000659196c5": { "id": "9dac1d91-b9a9-47e0-86cb-2000659196c5", "title": "WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via rules[0][content] parameter", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dac1d91-b9a9-47e0-86cb-2000659196c5?source=api-scan" ], "published": "2018-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dad1be5-ea6c-40fa-bb21-862e7fd8804a": { "id": "9dad1be5-ea6c-40fa-bb21-862e7fd8804a", "title": "2D Tag Cloud <= 6.0.2 - Reflected Cross-Site Scripting via add_query_arg Parameter", "software": [ { "type": "plugin", "name": "2D Tag Cloud", "slug": "2d-tag-cloud-widget-by-sujin", "affected_versions": { "* - 6.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dad1be5-ea6c-40fa-bb21-862e7fd8804a?source=api-scan" ], "published": "2024-10-11 16:36:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dbc1f95-0f21-4a37-b1f7-eba03f29f021": { "id": "9dbc1f95-0f21-4a37-b1f7-eba03f29f021", "title": "Stratum <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stratum \u2013 Elementor Widgets", "slug": "stratum", "affected_versions": { "* - 1.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dbc1f95-0f21-4a37-b1f7-eba03f29f021?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dbd26f5-b75e-41a3-aefb-d6c8cc2cec7b": { "id": "9dbd26f5-b75e-41a3-aefb-d6c8cc2cec7b", "title": "Breakdance <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Breakdance", "slug": "breakdance", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dbd26f5-b75e-41a3-aefb-d6c8cc2cec7b?source=api-scan" ], "published": "2024-07-31 17:54:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dc3c8e7-464e-4742-bc96-5a1dc8b27ae3": { "id": "9dc3c8e7-464e-4742-bc96-5a1dc8b27ae3", "title": "WP Meta SEO <= 4.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dc3c8e7-464e-4742-bc96-5a1dc8b27ae3?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dc49d44-d4ba-49d8-96eb-547832fe4b5e": { "id": "9dc49d44-d4ba-49d8-96eb-547832fe4b5e", "title": "WordPress File Upload <= 4.24.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.24.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dc49d44-d4ba-49d8-96eb-547832fe4b5e?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dc640c8-3740-4770-b729-fb45ecec2b45": { "id": "9dc640c8-3740-4770-b729-fb45ecec2b45", "title": "Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Column-Matic", "slug": "column-matic", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dc640c8-3740-4770-b729-fb45ecec2b45?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dc90b13-2f36-45bc-991c-f1927ae9253d": { "id": "9dc90b13-2f36-45bc-991c-f1927ae9253d", "title": "Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via 'rt'", "software": [ { "type": "plugin", "name": "Seraphinite Accelerator", "slug": "seraphinite-accelerator", "affected_versions": { "* - 2.20.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dc90b13-2f36-45bc-991c-f1927ae9253d?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dcd480e-71c5-4933-8627-914881776e13": { "id": "9dcd480e-71c5-4933-8627-914881776e13", "title": "Gum Elementor Addon <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gum Elementor Addon", "slug": "gum-elementor-addon", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dcd480e-71c5-4933-8627-914881776e13?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dcd48b8-ec9e-44b4-b531-95940adbd100": { "id": "9dcd48b8-ec9e-44b4-b531-95940adbd100", "title": "GeneratePress Premium <= 2.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta", "software": [ { "type": "plugin", "name": "GeneratePress Premium", "slug": "generatepress-premium", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dcd48b8-ec9e-44b4-b531-95940adbd100?source=api-scan" ], "published": "2024-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dd1e52c-83b7-4b3e-a791-a2c0ccd856bc": { "id": "9dd1e52c-83b7-4b3e-a791-a2c0ccd856bc", "title": "wpDiscuz <= 7.6.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "[*, 7.6.6)": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dd1e52c-83b7-4b3e-a791-a2c0ccd856bc?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dd48d0f-00c2-4f76-923b-eb5c7a2b4468": { "id": "9dd48d0f-00c2-4f76-923b-eb5c7a2b4468", "title": "Your Text Manager <= 0.3.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "your-text-manager", "slug": "your-text-manager", "affected_versions": { "* - 0.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dd48d0f-00c2-4f76-923b-eb5c7a2b4468?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dd6828b-6235-4284-bce6-be23b79ac70e": { "id": "9dd6828b-6235-4284-bce6-be23b79ac70e", "title": "Post Meta Data Manager <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Meta Data Manager", "slug": "post-meta-data-manager", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dd6828b-6235-4284-bce6-be23b79ac70e?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dd71a06-b3b5-431a-b6da-3b7db3a3907c": { "id": "9dd71a06-b3b5-431a-b6da-3b7db3a3907c", "title": "Plugin Central < 2.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plugin Central", "slug": "plugin-central", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dd71a06-b3b5-431a-b6da-3b7db3a3907c?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ddc2f44-e53f-45c2-b293-ad4abc8cff8f": { "id": "9ddc2f44-e53f-45c2-b293-ad4abc8cff8f", "title": "Geo Magazine Theme <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Geo Magazine Theme", "slug": "geomagazine", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ddc2f44-e53f-45c2-b293-ad4abc8cff8f?source=api-scan" ], "published": "2020-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9de09daa-a3e0-4563-bdc9-79cb5e4b039b": { "id": "9de09daa-a3e0-4563-bdc9-79cb5e4b039b", "title": "SEO Redirection Plugin \u2013 301 Redirect Manager <= 7.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "* - 7.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9de09daa-a3e0-4563-bdc9-79cb5e4b039b?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9df24b5e-109e-43ae-b55b-8514281a631f": { "id": "9df24b5e-109e-43ae-b55b-8514281a631f", "title": "Favicon Generator <= 1.5 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Favicon Generator (CLOSED)", "slug": "favicon-generator", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9df24b5e-109e-43ae-b55b-8514281a631f?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9df45c8e-c040-4031-9c51-4c43d12f08b0": { "id": "9df45c8e-c040-4031-9c51-4c43d12f08b0", "title": "WordPress Core < 5.7.1 - XXE Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[4.7, 4.7.20)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.20", "to_inclusive": false }, "[4.8, 4.8.16)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.16", "to_inclusive": false }, "[4.9, 4.9.17)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.17", "to_inclusive": false }, "[5.0, 5.0.12)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.12", "to_inclusive": false }, "[5.1, 5.1.9)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.9", "to_inclusive": false }, "[5.2, 5.2.10)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.10", "to_inclusive": false }, "[5.3, 5.3.7)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.7", "to_inclusive": false }, "[5.4, 5.4.5)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.5", "to_inclusive": false }, "[5.5, 5.5.4)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": false }, "[5.6, 5.6.3)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": false }, "[5.7, 5.7.1)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.20", "4.8.16", "4.9.17", "5.0.12", "5.1.9", "5.2.10", "5.3.7", "5.4.5", "5.5.4", "5.6.3", "5.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9df45c8e-c040-4031-9c51-4c43d12f08b0?source=api-scan" ], "published": "2021-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9df6d75b-a141-41a8-b965-6be7acee582d": { "id": "9df6d75b-a141-41a8-b965-6be7acee582d", "title": "illi Link Party! <= 1.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "illi Link Party!", "slug": "link-party", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9df6d75b-a141-41a8-b965-6be7acee582d?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9df75a5c-b70b-452e-a280-29a5005fe60b": { "id": "9df75a5c-b70b-452e-a280-29a5005fe60b", "title": "Zippy <= 1.6.5 - Authenticated(Author+) PHP Object Injection via unzipPosts", "software": [ { "type": "plugin", "name": "Zippy", "slug": "zippy", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9df75a5c-b70b-452e-a280-29a5005fe60b?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9df97805-b425-49b1-86c1-e66213dacd2b": { "id": "9df97805-b425-49b1-86c1-e66213dacd2b", "title": "AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9df97805-b425-49b1-86c1-e66213dacd2b?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dfc5868-1215-465f-8a4e-3703c18d7dca": { "id": "9dfc5868-1215-465f-8a4e-3703c18d7dca", "title": "IMPress for IDX Broker <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IMPress for IDX Broker", "slug": "idx-broker-platinum", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dfc5868-1215-465f-8a4e-3703c18d7dca?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dfca4cb-71dc-4b2d-bcf3-0ca9f88f88df": { "id": "9dfca4cb-71dc-4b2d-bcf3-0ca9f88f88df", "title": "Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "10.0": { "from_version": "10.0", "from_inclusive": true, "to_version": "10.0", "to_inclusive": true }, "10.1": { "from_version": "10.1", "from_inclusive": true, "to_version": "10.1", "to_inclusive": true }, "10.2 - 10.2.1": { "from_version": "10.2", "from_inclusive": true, "to_version": "10.2.1", "to_inclusive": true }, "10.3": { "from_version": "10.3", "from_inclusive": true, "to_version": "10.3", "to_inclusive": true }, "10.4": { "from_version": "10.4", "from_inclusive": true, "to_version": "10.4", "to_inclusive": true }, "10.5 - 10.5.1": { "from_version": "10.5", "from_inclusive": true, "to_version": "10.5.1", "to_inclusive": true }, "10.6 - 10.6.1": { "from_version": "10.6", "from_inclusive": true, "to_version": "10.6.1", "to_inclusive": true }, "10.7": { "from_version": "10.7", "from_inclusive": true, "to_version": "10.7", "to_inclusive": true }, "10.8": { "from_version": "10.8", "from_inclusive": true, "to_version": "10.8", "to_inclusive": true }, "10.9 - 10.9.1": { "from_version": "10.9", "from_inclusive": true, "to_version": "10.9.1", "to_inclusive": true }, "11.0": { "from_version": "11.0", "from_inclusive": true, "to_version": "11.0", "to_inclusive": true }, "11.1 - 11.1.2": { "from_version": "11.1", "from_inclusive": true, "to_version": "11.1.2", "to_inclusive": true }, "11.2": { "from_version": "11.2", "from_inclusive": true, "to_version": "11.2", "to_inclusive": true }, "11.3 - 11.3.2": { "from_version": "11.3", "from_inclusive": true, "to_version": "11.3.2", "to_inclusive": true }, "11.4": { "from_version": "11.4", "from_inclusive": true, "to_version": "11.4", "to_inclusive": true }, "11.5 - 11.5.1": { "from_version": "11.5", "from_inclusive": true, "to_version": "11.5.1", "to_inclusive": true }, "11.6": { "from_version": "11.6", "from_inclusive": true, "to_version": "11.6", "to_inclusive": true }, "11.7 - 11.7.1": { "from_version": "11.7", "from_inclusive": true, "to_version": "11.7.1", "to_inclusive": true }, "11.8 - 11.8.4": { "from_version": "11.8", "from_inclusive": true, "to_version": "11.8.4", "to_inclusive": true }, "11.9 - 11.9.1": { "from_version": "11.9", "from_inclusive": true, "to_version": "11.9.1", "to_inclusive": true }, "12.0": { "from_version": "12.0", "from_inclusive": true, "to_version": "12.0", "to_inclusive": true }, "12.1": { "from_version": "12.1", "from_inclusive": true, "to_version": "12.1", "to_inclusive": true }, "2.0 - 2.0.8": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true }, "2.1 - 2.1.6": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true }, "2.2 - 2.2.9": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true }, "2.3 - 2.3.9": { "from_version": "2.3", "from_inclusive": true, "to_version": "2.3.9", "to_inclusive": true }, "2.4 - 2.4.6": { "from_version": "2.4", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true }, "2.5 - 2.5.4": { "from_version": "2.5", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true }, "2.6 - 2.6.5": { "from_version": "2.6", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true }, "2.7 - 2.7.4": { "from_version": "2.7", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true }, "2.8 - 2.8.4": { "from_version": "2.8", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true }, "2.9 - 2.9.5": { "from_version": "2.9", "from_inclusive": true, "to_version": "2.9.5", "to_inclusive": true }, "3.0 - 3.0.5": { "from_version": "3.0", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true }, "3.1 - 3.1.4": { "from_version": "3.1", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true }, "3.2 - 3.2.4": { "from_version": "3.2", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true }, "3.3 - 3.3.5": { "from_version": "3.3", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true }, "3.4 - 3.4.5": { "from_version": "3.4", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": true }, "3.5 - 3.5.5": { "from_version": "3.5", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": true }, "3.6 - 3.6.3": { "from_version": "3.6", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.8": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true }, "4.0 - 4.0.5": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true }, "4.1 - 4.1.2": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true }, "4.2 - 4.2.3": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true }, "4.3 - 4.3.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.1": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true }, "4.6 - 4.6.1": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true }, "4.7 - 4.7.2": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true }, "4.8 - 4.8.3": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": true }, "4.9 - 4.9.1": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true }, "5.0 - 5.0.1": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true }, "5.1 - 5.1.2": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true }, "5.2 - 5.2.3": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true }, "5.3 - 5.3.2": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.3": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.3", "to_inclusive": true }, "5.6 - 5.6.3": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": true }, "5.7 - 5.7.3": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.3", "to_inclusive": true }, "5.8 - 5.8.2": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": true }, "5.9 - 5.9.2": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.2", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true }, "6.1 - 6.1.3": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true }, "6.2 - 6.2.3": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.3", "to_inclusive": true }, "6.3 - 6.3.5": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.5", "to_inclusive": true }, "6.4 - 6.4.4": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true }, "6.5 - 6.5.2": { "from_version": "6.5", "from_inclusive": true, "to_version": "6.5.2", "to_inclusive": true }, "6.6 - 6.6.3": { "from_version": "6.6", "from_inclusive": true, "to_version": "6.6.3", "to_inclusive": true }, "6.7 - 6.7.2": { "from_version": "6.7", "from_inclusive": true, "to_version": "6.7.2", "to_inclusive": true }, "6.8 - 6.8.3": { "from_version": "6.8", "from_inclusive": true, "to_version": "6.8.3", "to_inclusive": true }, "6.9 - 6.9.2": { "from_version": "6.9", "from_inclusive": true, "to_version": "6.9.2", "to_inclusive": true }, "7.0 - 7.0.3": { "from_version": "7.0", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": true }, "7.1 - 7.1.3": { "from_version": "7.1", "from_inclusive": true, "to_version": "7.1.3", "to_inclusive": true }, "7.2 - 7.2.3": { "from_version": "7.2", "from_inclusive": true, "to_version": "7.2.3", "to_inclusive": true }, "7.3 - 7.3.3": { "from_version": "7.3", "from_inclusive": true, "to_version": "7.3.3", "to_inclusive": true }, "7.4 - 7.4.3": { "from_version": "7.4", "from_inclusive": true, "to_version": "7.4.3", "to_inclusive": true }, "7.5 - 7.5.5": { "from_version": "7.5", "from_inclusive": true, "to_version": "7.5.5", "to_inclusive": true }, "7.6 - 7.6.2": { "from_version": "7.6", "from_inclusive": true, "to_version": "7.6.2", "to_inclusive": true }, "7.7 - 7.7.4": { "from_version": "7.7", "from_inclusive": true, "to_version": "7.7.4", "to_inclusive": true }, "7.8 - 7.8.2": { "from_version": "7.8", "from_inclusive": true, "to_version": "7.8.2", "to_inclusive": true }, "7.9 - 7.9.2": { "from_version": "7.9", "from_inclusive": true, "to_version": "7.9.2", "to_inclusive": true }, "8.0 - 8.0.1": { "from_version": "8.0", "from_inclusive": true, "to_version": "8.0.1", "to_inclusive": true }, "8.1 - 8.1.2": { "from_version": "8.1", "from_inclusive": true, "to_version": "8.1.2", "to_inclusive": true }, "8.2 - 8.2.4": { "from_version": "8.2", "from_inclusive": true, "to_version": "8.2.4", "to_inclusive": true }, "8.3 - 8.3.1": { "from_version": "8.3", "from_inclusive": true, "to_version": "8.3.1", "to_inclusive": true }, "8.4 - 8.4.3": { "from_version": "8.4", "from_inclusive": true, "to_version": "8.4.3", "to_inclusive": true }, "8.5 - 8.5.1": { "from_version": "8.5", "from_inclusive": true, "to_version": "8.5.1", "to_inclusive": true }, "8.6 - 8.6.2": { "from_version": "8.6", "from_inclusive": true, "to_version": "8.6.2", "to_inclusive": true }, "8.7 - 8.7.2": { "from_version": "8.7", "from_inclusive": true, "to_version": "8.7.2", "to_inclusive": true }, "8.8 - 8.8.3": { "from_version": "8.8", "from_inclusive": true, "to_version": "8.8.3", "to_inclusive": true }, "8.9 - 8.9.2": { "from_version": "8.9", "from_inclusive": true, "to_version": "8.9.2", "to_inclusive": true }, "9.0 - 9.0.3": { "from_version": "9.0", "from_inclusive": true, "to_version": "9.0.3", "to_inclusive": true }, "9.1 - 9.1.1": { "from_version": "9.1", "from_inclusive": true, "to_version": "9.1.1", "to_inclusive": true }, "9.2 - 9.2.2": { "from_version": "9.2", "from_inclusive": true, "to_version": "9.2.2", "to_inclusive": true }, "9.3 - 9.3.3": { "from_version": "9.3", "from_inclusive": true, "to_version": "9.3.3", "to_inclusive": true }, "9.4 - 9.4.2": { "from_version": "9.4", "from_inclusive": true, "to_version": "9.4.2", "to_inclusive": true }, "9.5 - 9.5.3": { "from_version": "9.5", "from_inclusive": true, "to_version": "9.5.3", "to_inclusive": true }, "9.6 - 9.6.2": { "from_version": "9.6", "from_inclusive": true, "to_version": "9.6.2", "to_inclusive": true }, "9.7 - 9.7.1": { "from_version": "9.7", "from_inclusive": true, "to_version": "9.7.1", "to_inclusive": true }, "9.8 - 9.8.1": { "from_version": "9.8", "from_inclusive": true, "to_version": "9.8.1", "to_inclusive": true }, "9.9 - 9.9.1": { "from_version": "9.9", "from_inclusive": true, "to_version": "9.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.0.1", "10.1.1", "10.2.2", "10.3.1", "10.4.1", "10.5.2", "10.6.2", "10.7.1", "10.8.1", "10.9.2", "11.0.1", "11.1.3", "11.2.1", "11.3.3", "11.4.1", "11.5.2", "11.6.1", "11.7.2", "11.8.5", "11.9.2", "12.0.1", "12.1.1", "2.0.9", "2.1.7", "2.2.10", "2.3.10", "2.4.7", "2.5.5", "2.6.6", "2.7.5", "2.8.5", "2.9.6", "3.0.6", "3.1.5", "3.2.5", "3.3.6", "3.4.6", "3.5.6", "3.6.4", "3.7.5", "3.8.5", "3.9.9", "4.0.6", "4.1.3", "4.2.4", "4.3.4", "4.4.4", "4.5.2", "4.6.2", "4.7.3", "4.8.4", "4.9.2", "5.0.2", "5.1.3", "5.2.4", "5.3.3", "5.4.3", "5.5.4", "5.6.4", "5.7.4", "5.8.3", "5.9.3", "6.0.3", "6.1.4", "6.2.4", "6.3.6", "6.4.5", "6.5.3", "6.6.4", "6.7.3", "6.8.4", "6.9.3", "7.0.4", "7.1.4", "7.2.4", "7.3.4", "7.4.4", "7.5.6", "7.6.3", "7.7.5", "7.8.3", "7.9.3", "8.0.2", "8.1.3", "8.2.5", "8.3.2", "8.4.4", "8.5.2", "8.6.3", "8.7.3", "8.8.4", "8.9.3", "9.0.4", "9.1.2", "9.2.3", "9.3.4", "9.4.3", "9.5.4", "9.6.3", "9.7.2", "9.8.2", "9.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dfca4cb-71dc-4b2d-bcf3-0ca9f88f88df?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9dfee325-9001-4483-b3eb-846da0314529": { "id": "9dfee325-9001-4483-b3eb-846da0314529", "title": "Tutor LMS <= 2.1.10 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9dfee325-9001-4483-b3eb-846da0314529?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e013542-8a8c-440d-9130-61057d97990d": { "id": "9e013542-8a8c-440d-9130-61057d97990d", "title": "Custom Body Class <= 0.6.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Body Class", "slug": "wp-custom-body-class", "affected_versions": { "* - 0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e013542-8a8c-440d-9130-61057d97990d?source=api-scan" ], "published": "2019-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e04a2f8-5071-4c85-b4f8-cb914ee509b5": { "id": "9e04a2f8-5071-4c85-b4f8-cb914ee509b5", "title": "Easing Slider <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset", "software": [ { "type": "plugin", "name": "Easing Slider", "slug": "easing-slider", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e04a2f8-5071-4c85-b4f8-cb914ee509b5?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e10e625-c444-487a-b0c3-1730fa727c89": { "id": "9e10e625-c444-487a-b0c3-1730fa727c89", "title": "Business Card <= 1.0.0 - Authenticated (Admin+) Arbitrary File Uplaod", "software": [ { "type": "plugin", "name": "Business Card", "slug": "business-card-by-esterox-100", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e10e625-c444-487a-b0c3-1730fa727c89?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e11e1b5-dbba-4920-a65c-210600878861": { "id": "9e11e1b5-dbba-4920-a65c-210600878861", "title": "Video XML Sitemap Generator <= 1.0.0 - Cross-Site Request Forgery via video_sitemap_generate", "software": [ { "type": "plugin", "name": "Video XML Sitemap Generator", "slug": "video-xml-sitemap-generator", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e11e1b5-dbba-4920-a65c-210600878861?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e1514c8-3752-4d0a-87a3-3f245a7cb914": { "id": "9e1514c8-3752-4d0a-87a3-3f245a7cb914", "title": "Easy Appointments <= 3.11.18 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Appointments", "slug": "easy-appointments", "affected_versions": { "* - 3.11.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e1514c8-3752-4d0a-87a3-3f245a7cb914?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e15727a-35c4-42c0-9997-cdcd40ac8e5f": { "id": "9e15727a-35c4-42c0-9997-cdcd40ac8e5f", "title": "AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation\/Activation", "software": [ { "type": "theme", "name": "The Monday", "slug": "the-monday", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Doko", "slug": "doko", "affected_versions": { "* - 1.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "theme", "name": "Eight Sec", "slug": "eight-sec", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Revolve", "slug": "revolve", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Bingle", "slug": "bingle", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "theme", "name": "ParallaxSome", "slug": "parallaxsome", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] }, { "type": "theme", "name": "Uncode Lite", "slug": "uncode-lite", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "EightLaw Lite", "slug": "eightlaw-lite", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] }, { "type": "theme", "name": "AccessPress Lite", "slug": "accesspress-lite", "affected_versions": { "* - 2.92": { "from_version": "*", "from_inclusive": true, "to_version": "2.92", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.93" ] }, { "type": "theme", "name": "FotoGraphy", "slug": "fotography", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "theme", "name": "Arrival", "slug": "arrival", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] }, { "type": "theme", "name": "VMag", "slug": "vmag", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] }, { "type": "theme", "name": "AccessPress Mag", "slug": "accesspress-mag", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] }, { "type": "theme", "name": "Sakala", "slug": "sakala", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "theme", "name": "VMagazine Lite", "slug": "vmagazine-lite", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "theme", "name": "Digital Agency Lite", "slug": "digital-agency-lite", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] }, { "type": "theme", "name": "The Launcher", "slug": "the-launcher", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] }, { "type": "theme", "name": "Zigcy Lite", "slug": "zigcy-lite", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] }, { "type": "theme", "name": "Brovy", "slug": "brovy", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Eightmedi Lite", "slug": "eightmedi-lite", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] }, { "type": "theme", "name": "WPparallax", "slug": "wpparallax", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Enlighten", "slug": "enlighten", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] }, { "type": "theme", "name": "EightStore Lite", "slug": "eightstore-lite", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "theme", "name": "AccessPress Store", "slug": "accesspress-store", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] }, { "type": "theme", "name": "Swing Lite", "slug": "swing-lite", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "theme", "name": "Ripple", "slug": "ripple", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Access Demo Importer", "slug": "access-demo-importer", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "theme", "name": "Punte", "slug": "punte", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] }, { "type": "theme", "name": "Accesspress Basic", "slug": "accesspress-basic", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] }, { "type": "theme", "name": "Zigcy Baby", "slug": "zigcy-baby", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "theme", "name": "ScrollMe", "slug": "scrollme", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Zigcy Cosmetics", "slug": "zigcy-cosmetics", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "Construction Lite", "slug": "construction-lite", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "theme", "name": "Vmagazine News", "slug": "vmagazine-news", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "AccessPress Parallax", "slug": "accesspress-parallax-new", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] }, { "type": "theme", "name": "AccessPress Root", "slug": "accesspress-root", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] }, { "type": "theme", "name": "StoreVilla", "slug": "storevilla", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "theme", "name": "Ultra Seven", "slug": "ultra-seven", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "The100", "slug": "the100", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Edict Lite", "slug": "edict-lite", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "WP Store", "slug": "wp-store", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "theme", "name": "Opstore", "slug": "opstore", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "theme", "name": "Bloger", "slug": "bloger", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan" ], "published": "2022-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e1f94d9-8be6-4174-90a5-820c0207a2fa": { "id": "9e1f94d9-8be6-4174-90a5-820c0207a2fa", "title": "Clever Fox \u2013 One Click Website Importer by Nayra Themes <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme", "software": [ { "type": "plugin", "name": "Clever Fox", "slug": "clever-fox", "affected_versions": { "* - 25.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "25.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "25.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e1fa691-3934-4e15-b339-e679976d6d5c": { "id": "9e1fa691-3934-4e15-b339-e679976d6d5c", "title": "SupportCandy <= 2.2.6 - Cross-Site Request Forgery to Arbitrary Ticket Deletion", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "[*, 2.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e1fa691-3934-4e15-b339-e679976d6d5c?source=api-scan" ], "published": "2022-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e20afee-9336-458e-ab5c-b320c6887b83": { "id": "9e20afee-9336-458e-ab5c-b320c6887b83", "title": "10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "10Web Map Builder for Google Maps", "slug": "wd-google-maps", "affected_versions": { "* - 1.0.74": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.74", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e20afee-9336-458e-ab5c-b320c6887b83?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e21d279-aa83-42ff-9906-bc61dc4aba52": { "id": "9e21d279-aa83-42ff-9906-bc61dc4aba52", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio <= 2.00 - Arbitrary File Modification", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "* - 2.00": { "from_version": "*", "from_inclusive": true, "to_version": "2.00", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e21d279-aa83-42ff-9906-bc61dc4aba52?source=api-scan" ], "published": "2012-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e2214d8-b22d-4e51-a0cf-cca1af8e761c": { "id": "9e2214d8-b22d-4e51-a0cf-cca1af8e761c", "title": "Responsive Starter Templates \u2013 Elementor & WordPress Templates <= 2.6.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.", "slug": "responsive-add-ons", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e2214d8-b22d-4e51-a0cf-cca1af8e761c?source=api-scan" ], "published": "2022-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e283a5a-98b7-464e-9426-cb414f3e3abf": { "id": "9e283a5a-98b7-464e-9426-cb414f3e3abf", "title": "Contact Form by BestWebSoft <= 3.95 - ReflectedCross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "[*, 3.96)": { "from_version": "*", "from_inclusive": true, "to_version": "3.96", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.96" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e283a5a-98b7-464e-9426-cb414f3e3abf?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e345e3a-a3d4-4533-b8bb-90795f991cbc": { "id": "9e345e3a-a3d4-4533-b8bb-90795f991cbc", "title": "Contact Form Entries <= 1.2.9 - CSV Injection", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e345e3a-a3d4-4533-b8bb-90795f991cbc?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd": { "id": "9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd", "title": "Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection", "software": [ { "type": "plugin", "name": "Contact Form & SMTP Plugin for WordPress by PirateForms", "slug": "pirate-forms", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd?source=api-scan" ], "published": "2019-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e3899d8-170e-481f-8c80-90addc66eb41": { "id": "9e3899d8-170e-481f-8c80-90addc66eb41", "title": "Woocommerce Custom Checkout Fields Editor With Drag & Drop <= 0.1 - Reflected Cross-Site Scripting via 'tab'", "software": [ { "type": "plugin", "name": "Woocommerce Custom Checkout Fields Editor With Drag & Drop", "slug": "woo-custom-checkout-fields", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e3899d8-170e-481f-8c80-90addc66eb41?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e394bb2-d505-4bf1-b672-fea3504bf936": { "id": "9e394bb2-d505-4bf1-b672-fea3504bf936", "title": "Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e394bb2-d505-4bf1-b672-fea3504bf936?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e3e996b-6988-42ab-9766-ddc070243c1f": { "id": "9e3e996b-6988-42ab-9766-ddc070243c1f", "title": "Easy Username Updater <= 1.0.3 - Cross-Site Request Forgery to Username Change", "software": [ { "type": "plugin", "name": "Easy Username Updater", "slug": "username-updater", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e3e996b-6988-42ab-9766-ddc070243c1f?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e3f199b-b75d-43a2-a20c-957fb1b512e1": { "id": "9e3f199b-b75d-43a2-a20c-957fb1b512e1", "title": "Hot Linked Image Cacher <= 1.16 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hot Linked Image Cacher", "slug": "hot-linked-image-cacher", "affected_versions": { "* - 1.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e3f199b-b75d-43a2-a20c-957fb1b512e1?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e43cf06-8356-40cd-a0d8-b9f7ab95d793": { "id": "9e43cf06-8356-40cd-a0d8-b9f7ab95d793", "title": "Post Indexer <= 3.0.6.1 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Post Indexer", "slug": "post-indexer", "affected_versions": { "[*, 3.0.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e43cf06-8356-40cd-a0d8-b9f7ab95d793?source=api-scan" ], "published": "2016-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e44d85d-6bde-4194-8f33-5db6dacf544c": { "id": "9e44d85d-6bde-4194-8f33-5db6dacf544c", "title": "TinyPNG <= 3.4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TinyPNG \u2013 JPEG, PNG & WebP image compression", "slug": "tiny-compress-images", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e44d85d-6bde-4194-8f33-5db6dacf544c?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e47a2d3-ab79-417d-b36b-2f8a8c515bc3": { "id": "9e47a2d3-ab79-417d-b36b-2f8a8c515bc3", "title": "Simple Sort&Search <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "simple sort&search", "slug": "simple-sortsearch", "affected_versions": { "* - 0.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e47a2d3-ab79-417d-b36b-2f8a8c515bc3?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e4d84ad-ab02-45b1-aecb-dc2c08c097fe": { "id": "9e4d84ad-ab02-45b1-aecb-dc2c08c097fe", "title": "Dokan <= 3.7.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Dokan \u2013 Powerful WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy", "slug": "dokan-lite", "affected_versions": { "* - 3.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e4d84ad-ab02-45b1-aecb-dc2c08c097fe?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e56e1fe-bb53-422c-9219-b79e24f0f915": { "id": "9e56e1fe-bb53-422c-9219-b79e24f0f915", "title": "ZM Gallery <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "ZM Gallery", "slug": "zm-gallery", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e56e1fe-bb53-422c-9219-b79e24f0f915?source=api-scan" ], "published": "2016-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e60428e-1641-470f-a6f1-7c2b4140a6bf": { "id": "9e60428e-1641-470f-a6f1-7c2b4140a6bf", "title": "Use Any Font <= 6.1.7 - Cross-Site Request Forgery to API Key Deactivation", "software": [ { "type": "plugin", "name": "Use Any Font | Custom Font Uploader", "slug": "use-any-font", "affected_versions": { "* - 6.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e60428e-1641-470f-a6f1-7c2b4140a6bf?source=api-scan" ], "published": "2022-03-30 11:53:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e6365ab-30c5-4bec-a5f3-b0812ae8a609": { "id": "9e6365ab-30c5-4bec-a5f3-b0812ae8a609", "title": "New User Approve <= 2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "New User Approve", "slug": "new-user-approve", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e6365ab-30c5-4bec-a5f3-b0812ae8a609?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e63fb84-a16b-447f-be73-e01f30881445": { "id": "9e63fb84-a16b-447f-be73-e01f30881445", "title": "Media Library Assistant <= 3.13 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e63fb84-a16b-447f-be73-e01f30881445?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e661d3c-8acf-48c2-9e54-6913c65a46aa": { "id": "9e661d3c-8acf-48c2-9e54-6913c65a46aa", "title": "Page Builder: Live Composer <= 1.5.47 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Live Composer \u2013 Free WordPress Website Builder", "slug": "live-composer-page-builder", "affected_versions": { "* - 1.5.47": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.47", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e661d3c-8acf-48c2-9e54-6913c65a46aa?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e6a1af3-d53c-4e23-95d2-3b799bc10827": { "id": "9e6a1af3-d53c-4e23-95d2-3b799bc10827", "title": "Contact Form Plugin by FluentForm <= 4.3.12 - CSV Injection", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 4.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e6a1af3-d53c-4e23-95d2-3b799bc10827?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e6eec31-0603-40ab-9ed1-eedb163de1d6": { "id": "9e6eec31-0603-40ab-9ed1-eedb163de1d6", "title": "Misiek Photo Album <= 1.4.3 - Cross-Site Request Forgery to Album Deletion", "software": [ { "type": "plugin", "name": "Misiek Photo Album", "slug": "misiek-photo-album", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e6eec31-0603-40ab-9ed1-eedb163de1d6?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e7a1116-2bf1-4d36-a091-e0d4a9d6e1c9": { "id": "9e7a1116-2bf1-4d36-a091-e0d4a9d6e1c9", "title": "InfiniteWP Client <= 1.3.7 - Privilege Escalation", "software": [ { "type": "plugin", "name": "InfiniteWP Client", "slug": "iwp-client", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e7a1116-2bf1-4d36-a091-e0d4a9d6e1c9?source=api-scan" ], "published": "2014-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e8aa5c4-7e80-42c9-9f89-e9957e613cd3": { "id": "9e8aa5c4-7e80-42c9-9f89-e9957e613cd3", "title": "Export Users With Meta <= 0.6.8 - CSV Injection", "software": [ { "type": "plugin", "name": "Export Users With Meta", "slug": "user-export-with-their-meta-data", "affected_versions": { "* - 0.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e8aa5c4-7e80-42c9-9f89-e9957e613cd3?source=api-scan" ], "published": "2022-11-17 11:50:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e9823e6-bcd4-4c1e-bf86-caf472748b12": { "id": "9e9823e6-bcd4-4c1e-bf86-caf472748b12", "title": "Redirection for Contact Form 7 <= 2.3.3 - Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e9823e6-bcd4-4c1e-bf86-caf472748b12?source=api-scan" ], "published": "2021-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e9a8383-7044-484d-8e4a-e9e4171da385": { "id": "9e9a8383-7044-484d-8e4a-e9e4171da385", "title": "Prolisting - Directory Listing <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Prolisting - Directory Listing WordPress Theme", "slug": "prolist", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e9a8383-7044-484d-8e4a-e9e4171da385?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e9e0214-b88e-4125-8c10-850ca736e920": { "id": "9e9e0214-b88e-4125-8c10-850ca736e920", "title": "Simple Ajax Chat <= 20231101 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box", "slug": "simple-ajax-chat", "affected_versions": { "* - 20231101": { "from_version": "*", "from_inclusive": true, "to_version": "20231101", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240216" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e9e0214-b88e-4125-8c10-850ca736e920?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e9ef3dd-9055-4f9f-b3af-6bf34c06292a": { "id": "9e9ef3dd-9055-4f9f-b3af-6bf34c06292a", "title": "Anti-Malware Security and Brute-Force Firewall <= 4.20.95 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Malware Security and Brute-Force Firewall", "slug": "gotmls", "affected_versions": { "[*, 4.20.96)": { "from_version": "*", "from_inclusive": true, "to_version": "4.20.96", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.20.96" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e9ef3dd-9055-4f9f-b3af-6bf34c06292a?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9e9fcaf5-d531-4b14-b8b1-d8090243cf0c": { "id": "9e9fcaf5-d531-4b14-b8b1-d8090243cf0c", "title": "SVG Support <= 2.3.19 Admin+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SVG Support", "slug": "svg-support", "affected_versions": { "* - 2.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9e9fcaf5-d531-4b14-b8b1-d8090243cf0c?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ea21bf9-9e2a-45d1-8cb7-db821ca13e70": { "id": "9ea21bf9-9e2a-45d1-8cb7-db821ca13e70", "title": "DN Footer Contacts <= 1.6.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Footer Contacts D", "slug": "dn-footer-contacts", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ea21bf9-9e2a-45d1-8cb7-db821ca13e70?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ea2964f-9e3a-450b-9724-5a520c73d306": { "id": "9ea2964f-9e3a-450b-9724-5a520c73d306", "title": "AMP for WP <= 0.9.97.19 - Missing Authorization", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 0.9.97.19": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.97.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.97.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ea2964f-9e3a-450b-9724-5a520c73d306?source=api-scan" ], "published": "2018-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ea32791-edd3-4495-893e-668f42dcf5e9": { "id": "9ea32791-edd3-4495-893e-668f42dcf5e9", "title": "SwipeHQ Payment Gateway WooCommerce <= 2.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "swipehq-payment-gateway-woocommerce", "slug": "swipehq-payment-gateway-woocommerce", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ea32791-edd3-4495-893e-668f42dcf5e9?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ea42fbc-ec08-4f67-90d0-506fc474a4a6": { "id": "9ea42fbc-ec08-4f67-90d0-506fc474a4a6", "title": "Kadence WooCommerce Email Designer <= 1.5.6 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Kadence WooCommerce Email Designer", "slug": "kadence-woocommerce-email-designer", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ea42fbc-ec08-4f67-90d0-506fc474a4a6?source=api-scan" ], "published": "2022-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ea49a07-022e-4c9a-b1d3-ff900b337067": { "id": "9ea49a07-022e-4c9a-b1d3-ff900b337067", "title": "AffiEasy <= 1.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AffiEasy", "slug": "affieasy", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ea49a07-022e-4c9a-b1d3-ff900b337067?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ea7ccb0-c0fb-4ef3-8041-9bf5abe36e3f": { "id": "9ea7ccb0-c0fb-4ef3-8041-9bf5abe36e3f", "title": "MailerLite \u2013 WooCommerce integration <= 2.0.8 - Cross-Site Request Forgery via Multiple AJAX Functions", "software": [ { "type": "plugin", "name": "MailerLite \u2013 WooCommerce integration", "slug": "woo-mailerlite", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ea7ccb0-c0fb-4ef3-8041-9bf5abe36e3f?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9eb14563-7aa6-4703-96ef-95708f08beff": { "id": "9eb14563-7aa6-4703-96ef-95708f08beff", "title": "Analytics Tracker <= 1.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Analytics Tracker", "slug": "analytics-tracker", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9eb14563-7aa6-4703-96ef-95708f08beff?source=api-scan" ], "published": "2017-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9eb34cb2-ebf8-4913-b8e0-152a436963ee": { "id": "9eb34cb2-ebf8-4913-b8e0-152a436963ee", "title": "Booking calendar, Appointment Booking System <= 3.2.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9eb34cb2-ebf8-4913-b8e0-152a436963ee?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9eb829f2-c05f-4f81-85d0-2429fb515d33": { "id": "9eb829f2-c05f-4f81-85d0-2429fb515d33", "title": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via counter_title parameter", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9eb829f2-c05f-4f81-85d0-2429fb515d33?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9eb835fd-6ebf-4162-856c-0366b663a07e": { "id": "9eb835fd-6ebf-4162-856c-0366b663a07e", "title": "Simple File List < 4.2.3 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "[*, 4.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9eb835fd-6ebf-4162-856c-0366b663a07e?source=api-scan" ], "published": "2020-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ec1aed2-d299-4fa9-add6-10b63ed6aa30": { "id": "9ec1aed2-d299-4fa9-add6-10b63ed6aa30", "title": "Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Meta Tag Manager", "slug": "meta-tag-manager", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ec1aed2-d299-4fa9-add6-10b63ed6aa30?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ec4bd64-f13f-4e13-9829-8ccf2b8fd196": { "id": "9ec4bd64-f13f-4e13-9829-8ccf2b8fd196", "title": "Bold Timeline Lite <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Bold Timeline Lite", "slug": "bold-timeline-lite", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ec4bd64-f13f-4e13-9829-8ccf2b8fd196?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ec83425-c756-450e-ac46-c897ad72714c": { "id": "9ec83425-c756-450e-ac46-c897ad72714c", "title": "Woocommerce Tip\/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Woocommerce Tip\/Donation", "slug": "woo-tipdonation", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ec83425-c756-450e-ac46-c897ad72714c?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ecaaa86-9de1-4b90-b6cf-885621cffb19": { "id": "9ecaaa86-9de1-4b90-b6cf-885621cffb19", "title": "Ultimate Membership Pro <= 8.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "[*, 8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ecaaa86-9de1-4b90-b6cf-885621cffb19?source=api-scan" ], "published": "2020-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ecd4231-d1b7-420e-a8af-1508fed11d1f": { "id": "9ecd4231-d1b7-420e-a8af-1508fed11d1f", "title": "WP VR <= 8.5.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ecd4231-d1b7-420e-a8af-1508fed11d1f?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ed25de7-f002-4108-b2c6-f790acbbe27b": { "id": "9ed25de7-f002-4108-b2c6-f790acbbe27b", "title": "s2Member\u00ae Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "s2Member \u2013 Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions", "slug": "s2member", "affected_versions": { "[*, 111220)": { "from_version": "*", "from_inclusive": true, "to_version": "111220", "to_inclusive": false } }, "patched": true, "patched_versions": [ "111220" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ed25de7-f002-4108-b2c6-f790acbbe27b?source=api-scan" ], "published": "2012-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ed80507-f3e5-45a8-9498-8cebf97155ff": { "id": "9ed80507-f3e5-45a8-9498-8cebf97155ff", "title": "Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.36": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ed80507-f3e5-45a8-9498-8cebf97155ff?source=api-scan" ], "published": "2024-07-02 18:52:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ed8e24d-6bd0-4638-9031-997ce2228fad": { "id": "9ed8e24d-6bd0-4638-9031-997ce2228fad", "title": "Kali Forms <= 2.1.1 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms", "slug": "kali-forms", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=api-scan" ], "published": "2020-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ed9c59c-191f-4219-8701-ce2f088b3b6d": { "id": "9ed9c59c-191f-4219-8701-ce2f088b3b6d", "title": "Smart Forms <= 2.6.93 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Smart Forms \u2013 when you need more than just a contact form", "slug": "smart-forms", "affected_versions": { "* - 2.6.93": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ed9c59c-191f-4219-8701-ce2f088b3b6d?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ee4e021-946f-42e2-bae1-d73fdd34749d": { "id": "9ee4e021-946f-42e2-bae1-d73fdd34749d", "title": "Link Library <= 7.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ee4e021-946f-42e2-bae1-d73fdd34749d?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9eee9bec-609a-468b-8b44-ac4af409df93": { "id": "9eee9bec-609a-468b-8b44-ac4af409df93", "title": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby", "software": [ { "type": "plugin", "name": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more", "slug": "joomsport-sports-league-results-management", "affected_versions": { "* - 5.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9eee9bec-609a-468b-8b44-ac4af409df93?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9eeec949-e440-4df3-8c26-db92498cada3": { "id": "9eeec949-e440-4df3-8c26-db92498cada3", "title": "Contests by Rewards Fuel <= 2.0.64 - Authenticated (Contributor+) Stored Cross-Site Scripting via update_rewards_fuel_api_key", "software": [ { "type": "plugin", "name": "Contests by Rewards Fuel", "slug": "contests-from-rewards-fuel", "affected_versions": { "* - 2.0.64": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.64", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9eeec949-e440-4df3-8c26-db92498cada3?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9eeee18d-a035-4de6-a2fc-19479387c4df": { "id": "9eeee18d-a035-4de6-a2fc-19479387c4df", "title": "AJAX Login and Registration modal popup + inline form <= 2.23 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AJAX Login and Registration modal popup + inline form", "slug": "ajax-login-and-registration-modal-popup", "affected_versions": { "* - 2.23": { "from_version": "*", "from_inclusive": true, "to_version": "2.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9eeee18d-a035-4de6-a2fc-19479387c4df?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9eef053c-16a1-4624-8393-08e78b221d4f": { "id": "9eef053c-16a1-4624-8393-08e78b221d4f", "title": "WP Spell Check <= 9.17 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Spell Check", "slug": "wp-spell-check", "affected_versions": { "* - 9.17": { "from_version": "*", "from_inclusive": true, "to_version": "9.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9eef053c-16a1-4624-8393-08e78b221d4f?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ef3297d-8686-44aa-ac73-793b644be3f2": { "id": "9ef3297d-8686-44aa-ac73-793b644be3f2", "title": "WP Links Page <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Links Page", "slug": "wp-links-page", "affected_versions": { "* - 4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ef3297d-8686-44aa-ac73-793b644be3f2?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ef3f7a2-4ed2-4235-8a6b-f2a5cf288029": { "id": "9ef3f7a2-4ed2-4235-8a6b-f2a5cf288029", "title": "Elementor Pro <= 3.0.5 - Authenticated Remote Code Execution in Dynamic OOO Widget", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ef3f7a2-4ed2-4235-8a6b-f2a5cf288029?source=api-scan" ], "published": "2020-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ef8906b-be0a-45d2-b1ec-6f480306d9f0": { "id": "9ef8906b-be0a-45d2-b1ec-6f480306d9f0", "title": "Easy2map-photos <= 1.0.9 - Path Traversal", "software": [ { "type": "plugin", "name": "Easy2Map Photos", "slug": "easy2map-photos", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ef8906b-be0a-45d2-b1ec-6f480306d9f0?source=api-scan" ], "published": "2015-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ef8f39e-6e5d-4ef6-a81d-0b2be3506ec1": { "id": "9ef8f39e-6e5d-4ef6-a81d-0b2be3506ec1", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ef8f39e-6e5d-4ef6-a81d-0b2be3506ec1?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ef9b22f-a0dc-43e5-9597-5dcc6ca3fc23": { "id": "9ef9b22f-a0dc-43e5-9597-5dcc6ca3fc23", "title": "Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exifography", "slug": "thesography", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ef9b22f-a0dc-43e5-9597-5dcc6ca3fc23?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9efac984-21ef-4e02-8ead-bf4205ddb38d": { "id": "9efac984-21ef-4e02-8ead-bf4205ddb38d", "title": "Insert Pages < 3.2.4 - Authenticated Directory Traversal", "software": [ { "type": "plugin", "name": "Insert Pages", "slug": "insert-pages", "affected_versions": { "[*, 3.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9efac984-21ef-4e02-8ead-bf4205ddb38d?source=api-scan" ], "published": "2017-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9efb7dc8-d0a1-4707-a465-6a55b2d4a426": { "id": "9efb7dc8-d0a1-4707-a465-6a55b2d4a426", "title": "Elements Plus! <= 2.16.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links", "software": [ { "type": "plugin", "name": "Elements Plus!", "slug": "elements-plus", "affected_versions": { "* - 2.16.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9efb7dc8-d0a1-4707-a465-6a55b2d4a426?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9efb88e2-381f-4e26-80bb-1b034ffc1c91": { "id": "9efb88e2-381f-4e26-80bb-1b034ffc1c91", "title": "Table & Contact Form 7 Database \u2013 Tablesome <= 1.0.25 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Tablesome \u2013 Form DB & Automation \u2013 WPForms, Contact Form 7, Elementor, Forminator, Fluent, Gravity", "slug": "tablesome", "affected_versions": { "* - 1.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9efb88e2-381f-4e26-80bb-1b034ffc1c91?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9efbbb82-8127-4f11-84d4-2ce27f2cbefe": { "id": "9efbbb82-8127-4f11-84d4-2ce27f2cbefe", "title": "Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Word Search Puzzles game", "slug": "wha-wordsearch", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9efbbb82-8127-4f11-84d4-2ce27f2cbefe?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9efc782a-ec61-4741-81fd-a263a2739e16": { "id": "9efc782a-ec61-4741-81fd-a263a2739e16", "title": "Essential Blocks <= 4.0.6 - Missing Authorization via template_count", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9efc782a-ec61-4741-81fd-a263a2739e16?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f00b763-1b8a-4a20-96c6-7a93adf806e4": { "id": "9f00b763-1b8a-4a20-96c6-7a93adf806e4", "title": "Contact Form 7 Summary and Print <= 1.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form 7 Summary and Print", "slug": "cf7-summary-and-print", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f00b763-1b8a-4a20-96c6-7a93adf806e4?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f0294c2-40ac-48aa-8377-e724e9cfc6c9": { "id": "9f0294c2-40ac-48aa-8377-e724e9cfc6c9", "title": "DethemeKit For Elementor <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DethemeKit For Elementor", "slug": "dethemekit-for-elementor", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f0294c2-40ac-48aa-8377-e724e9cfc6c9?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f07d76e-1973-4ea7-b448-666466cd688f": { "id": "9f07d76e-1973-4ea7-b448-666466cd688f", "title": "WP Meta SEO <= 4.5.4 - Authenticated (Author+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f07d76e-1973-4ea7-b448-666466cd688f?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f1078b8-f458-46a6-9982-e8d2d1d1b73b": { "id": "9f1078b8-f458-46a6-9982-e8d2d1d1b73b", "title": "Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f1078b8-f458-46a6-9982-e8d2d1d1b73b?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f1902e7-66e9-417f-97ba-4db766cf29f1": { "id": "9f1902e7-66e9-417f-97ba-4db766cf29f1", "title": "Sunny Search <= 1.0.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Sunny Search", "slug": "fast-search-powered-by-solr", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f1902e7-66e9-417f-97ba-4db766cf29f1?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f23bf62-6008-4a9c-a7ae-a2e513699684": { "id": "9f23bf62-6008-4a9c-a7ae-a2e513699684", "title": "ShortPixel Image Optimizer <= 5.4.1 - Authenticated(Editor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "ShortPixel Image Optimizer \u2013 Optimize Images, Convert WebP & AVIF", "slug": "shortpixel-image-optimiser", "affected_versions": { "[*, 5.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f23bf62-6008-4a9c-a7ae-a2e513699684?source=api-scan" ], "published": "2023-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f2ae1ff-c76e-4997-b860-f1e0b94a437d": { "id": "9f2ae1ff-c76e-4997-b860-f1e0b94a437d", "title": "SoundCloud Shortcode <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "SoundCloud Shortcode", "slug": "soundcloud-shortcode", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f2ae1ff-c76e-4997-b860-f1e0b94a437d?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f301908-d491-492f-9347-432c462de286": { "id": "9f301908-d491-492f-9347-432c462de286", "title": "FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "[*, 7.3.15.727)": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.15.727", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.3.15.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f301908-d491-492f-9347-432c462de286?source=api-scan" ], "published": "2019-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f35a407-a7dd-4b6b-8c77-9a20ba797429": { "id": "9f35a407-a7dd-4b6b-8c77-9a20ba797429", "title": "ARMember <= 4.0.10 - Authenticated (Subscriber+) Membership Plan Bypass", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f35a407-a7dd-4b6b-8c77-9a20ba797429?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f395100-cf1f-4a3e-a353-1aec6b4e7448": { "id": "9f395100-cf1f-4a3e-a353-1aec6b4e7448", "title": "PropertyHive <= 1.5.46 - Reflected Cross-Site Scripting via 'merge_ids'", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 1.5.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f395100-cf1f-4a3e-a353-1aec6b4e7448?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f397671-0b59-4049-95af-3087e07685f0": { "id": "9f397671-0b59-4049-95af-3087e07685f0", "title": "Pet Manager <= 1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pet Manager", "slug": "pet-manager", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f397671-0b59-4049-95af-3087e07685f0?source=api-scan" ], "published": "2024-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f4052ab-ff9e-48a6-8406-72e9b6237668": { "id": "9f4052ab-ff9e-48a6-8406-72e9b6237668", "title": "CMS Tree Page View < 0.8.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CMS Tree Page View", "slug": "cms-tree-page-view", "affected_versions": { "[*, 0.8.9)": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f4052ab-ff9e-48a6-8406-72e9b6237668?source=api-scan" ], "published": "2012-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f47c6c4-2d74-4f37-8232-d54d5f0c24cf": { "id": "9f47c6c4-2d74-4f37-8232-d54d5f0c24cf", "title": "Enable SVG, WebP & ICO Upload <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enable SVG, WebP & ICO Upload \u00a0", "slug": "enable-svg-webp-ico-upload", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f47c6c4-2d74-4f37-8232-d54d5f0c24cf?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f48e35e-12fd-4f75-bcb1-6820846298a2": { "id": "9f48e35e-12fd-4f75-bcb1-6820846298a2", "title": "Tabs \u2013 Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Tabs \u2013 Responsive Tabs with WooCommerce Product Tab Extension", "slug": "vc-tabs", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f48e35e-12fd-4f75-bcb1-6820846298a2?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f49e727-cac4-4a46-b649-5ca48d5e2402": { "id": "9f49e727-cac4-4a46-b649-5ca48d5e2402", "title": "Add Any Extension to Pages <= 1.4 - Cross-Site Request Forgery via aaetp_options_page", "software": [ { "type": "plugin", "name": "Add Any Extension to Pages", "slug": "add-any-extension-to-pages", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f49e727-cac4-4a46-b649-5ca48d5e2402?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f4a3d17-d9fd-4ff4-a4b2-43030cdc7739": { "id": "9f4a3d17-d9fd-4ff4-a4b2-43030cdc7739", "title": "Booking Calendar Contact Form <= 1.2.40 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Calendar Contact Form", "slug": "booking-calendar-contact-form", "affected_versions": { "* - 1.2.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f4a3d17-d9fd-4ff4-a4b2-43030cdc7739?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f4a939c-ba6c-4401-8139-a57e727ceb0f": { "id": "9f4a939c-ba6c-4401-8139-a57e727ceb0f", "title": "Send PDF for Contact Form 7 <= 0.9.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Send PDF for Contact Form 7", "slug": "send-pdf-for-contact-form-7", "affected_versions": { "* - 0.9.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f4a939c-ba6c-4401-8139-a57e727ceb0f?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f51258a-e228-412f-9d97-28ab679136d7": { "id": "9f51258a-e228-412f-9d97-28ab679136d7", "title": "Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.90": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.90", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f51258a-e228-412f-9d97-28ab679136d7?source=api-scan" ], "published": "2024-05-30 20:30:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f51ea60-7bda-4627-9b65-d1ff402dfc88": { "id": "9f51ea60-7bda-4627-9b65-d1ff402dfc88", "title": "Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin\/options.php", "software": [ { "type": "plugin", "name": "Better Anchor Links", "slug": "better-anchor-links", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f51ea60-7bda-4627-9b65-d1ff402dfc88?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f521875-6b4a-44a6-b810-c13b73891e20": { "id": "9f521875-6b4a-44a6-b810-c13b73891e20", "title": "GDPR\/CCPA Cookie Consent Banner <= 3.2 - Missing Authorization via handle_consent_toggle()", "software": [ { "type": "plugin", "name": "Termly \u2013 GDPR\/CCPA Cookie Consent Banner", "slug": "uk-cookie-consent", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f521875-6b4a-44a6-b810-c13b73891e20?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f52ec39-18d8-41eb-8712-7369680b8a58": { "id": "9f52ec39-18d8-41eb-8712-7369680b8a58", "title": "Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f52ec39-18d8-41eb-8712-7369680b8a58?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f58a5eb-53cb-4a25-b693-bcd2b7a1cd00": { "id": "9f58a5eb-53cb-4a25-b693-bcd2b7a1cd00", "title": "Image Optimizer by 10web <= 1.0.26 - Authenticated(Administator+) Directory Traversal", "software": [ { "type": "plugin", "name": "Image Optimizer by 10web \u2013 Image Optimizer and Compression plugin", "slug": "image-optimizer-wd", "affected_versions": { "* - 1.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f58a5eb-53cb-4a25-b693-bcd2b7a1cd00?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f5cc779-c7de-42e6-a812-5c0539067b8c": { "id": "9f5cc779-c7de-42e6-a812-5c0539067b8c", "title": "Quiz and Survey Master <= 8.0.4 - Improper Input Validation", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f5cc779-c7de-42e6-a812-5c0539067b8c?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f65baee-11fa-4592-9170-5057faee544e": { "id": "9f65baee-11fa-4592-9170-5057faee544e", "title": "Wp EMember <= 10.6.5 - Cross-Site Request Forgery to Bulk Delete", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f65baee-11fa-4592-9170-5057faee544e?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f665099-d1c3-43a9-b37b-c9f42c9172ad": { "id": "9f665099-d1c3-43a9-b37b-c9f42c9172ad", "title": "WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.24.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f665099-d1c3-43a9-b37b-c9f42c9172ad?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f678700-f266-4740-a98d-19f8e9734563": { "id": "9f678700-f266-4740-a98d-19f8e9734563", "title": "ImageLinks <= 1.5.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "ImageLinks Interactive Image Builder for WordPress", "slug": "imagelinks-interactive-image-builder-lite", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f678700-f266-4740-a98d-19f8e9734563?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f699d49-738f-49f0-ab1a-f43645a32c90": { "id": "9f699d49-738f-49f0-ab1a-f43645a32c90", "title": "Social Slider Feed <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Slider Feed", "slug": "instagram-slider-widget", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f699d49-738f-49f0-ab1a-f43645a32c90?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f6a358a-333c-4eb7-9149-348bf3713943": { "id": "9f6a358a-333c-4eb7-9149-348bf3713943", "title": "Theme and plugin translation for Polylang <= 3.2.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "Theme and plugin translation for Polylang (TTfP)", "slug": "theme-translation-for-polylang", "affected_versions": { "* - 3.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f6a358a-333c-4eb7-9149-348bf3713943?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f6b9a90-4fa8-4cd0-bec8-6fa69a1b4681": { "id": "9f6b9a90-4fa8-4cd0-bec8-6fa69a1b4681", "title": "WordPress Core < 3.5.2 - Server Side Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f6b9a90-4fa8-4cd0-bec8-6fa69a1b4681?source=api-scan" ], "published": "2013-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f6df8cf-6f64-46b9-ab83-3898484c2679": { "id": "9f6df8cf-6f64-46b9-ab83-3898484c2679", "title": "Relevanssi <= 4.21.2 (Free) and < 2.25.0 (Premium) - Missing Authorization to Unauthorized Post Access", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search (Pro)", "slug": "relevanssi-premium", "affected_versions": { "[*, 2.25.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.25.0" ] }, { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "* - 4.21.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.22.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f6df8cf-6f64-46b9-ab83-3898484c2679?source=api-scan" ], "published": "2024-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f6fd068-3f72-4015-b2d8-a47cd86df073": { "id": "9f6fd068-3f72-4015-b2d8-a47cd86df073", "title": "MJM Clinic <= 1.1.22 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MJM Clinic", "slug": "mjm-clinic", "affected_versions": { "* - 1.1.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f6fd068-3f72-4015-b2d8-a47cd86df073?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f70f3d2-c267-4802-9a54-4f64c4507dba": { "id": "9f70f3d2-c267-4802-9a54-4f64c4507dba", "title": "Urban City (All Versions) - Arbitrary File Download", "software": [ { "type": "theme", "name": "Urban City", "slug": "urbancity", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f70f3d2-c267-4802-9a54-4f64c4507dba?source=api-scan" ], "published": "2014-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f73d5b3-8d7c-43d1-84e4-f8a3976eab8f": { "id": "9f73d5b3-8d7c-43d1-84e4-f8a3976eab8f", "title": "Popup | Custom Popup Builder <= 1.3 - Denial of Service", "software": [ { "type": "plugin", "name": "Popup | Custom Popup Builder", "slug": "m-wp-popup", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f73d5b3-8d7c-43d1-84e4-f8a3976eab8f?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f740cfa-7163-4634-9705-0e01ee571a11": { "id": "9f740cfa-7163-4634-9705-0e01ee571a11", "title": "Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update", "software": [ { "type": "plugin", "name": "Payflex Payment Gateway", "slug": "payflex-payment-gateway", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f740cfa-7163-4634-9705-0e01ee571a11?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f7469ec-cbd5-4f13-8455-b907f2542836": { "id": "9f7469ec-cbd5-4f13-8455-b907f2542836", "title": "WordPress Core < 2.0.10 - Open Redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f7469ec-cbd5-4f13-8455-b907f2542836?source=api-scan" ], "published": "2007-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f76e294-1b17-4125-b85c-af7957de1c13": { "id": "9f76e294-1b17-4125-b85c-af7957de1c13", "title": "Login with phone number <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f76e294-1b17-4125-b85c-af7957de1c13?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f770bc3-8ccc-4160-9e79-e1c0dee42b73": { "id": "9f770bc3-8ccc-4160-9e79-e1c0dee42b73", "title": "WooCommerce Shipping Label <= 2.3.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Shipping Label", "slug": "shipping-labels-for-woo", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f770bc3-8ccc-4160-9e79-e1c0dee42b73?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f77755a-9b28-4e31-8a01-42e96b5698bf": { "id": "9f77755a-9b28-4e31-8a01-42e96b5698bf", "title": "Master Slider Pro <= 3.6.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "masterslider", "slug": "masterslider", "affected_versions": { "* - 3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f77755a-9b28-4e31-8a01-42e96b5698bf?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f79fe15-65a1-44ab-a43e-1410ce1f1d77": { "id": "9f79fe15-65a1-44ab-a43e-1410ce1f1d77", "title": "WordPress Affiliates Plugin \u2014 SliceWP Affiliates <= 1.1.10 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliate Program Suite \u2014 SliceWP Affiliates", "slug": "slicewp", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f79fe15-65a1-44ab-a43e-1410ce1f1d77?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f82ec7c-72a0-4c3b-8041-c6ad080a48f1": { "id": "9f82ec7c-72a0-4c3b-8041-c6ad080a48f1", "title": "AcyMailing SMTP Newsletter <= 8.6.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress", "slug": "acymailing", "affected_versions": { "* - 8.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f82ec7c-72a0-4c3b-8041-c6ad080a48f1?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f850644-4923-46c1-90f6-d29088c9cb1a": { "id": "9f850644-4923-46c1-90f6-d29088c9cb1a", "title": "Star CloudPRNT for WooCommerce <= 2.0.3 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Star CloudPRNT for WooCommerce", "slug": "star-cloudprnt-for-woocommerce", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f850644-4923-46c1-90f6-d29088c9cb1a?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f86ec30-7a9d-4c36-8559-bde331c8b958": { "id": "9f86ec30-7a9d-4c36-8559-bde331c8b958", "title": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=api-scan" ], "published": "2024-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f8b1103-71b2-421e-bcbe-f2716b59e367": { "id": "9f8b1103-71b2-421e-bcbe-f2716b59e367", "title": "Gallery Metabox <= 1.5 - Cross-Site Request Forgery via gallery_remove", "software": [ { "type": "plugin", "name": "Gallery Metabox", "slug": "gallery-metabox", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f8b1103-71b2-421e-bcbe-f2716b59e367?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f8c5853-6e21-4a70-a547-e3f0f4b1d7d0": { "id": "9f8c5853-6e21-4a70-a547-e3f0f4b1d7d0", "title": "Caret Country Access Limit <= 1.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Caret Country Access Limit", "slug": "caret-country-access-limit", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f8c5853-6e21-4a70-a547-e3f0f4b1d7d0?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f8e32a0-c67c-41cc-97ba-920f3ea5ea93": { "id": "9f8e32a0-c67c-41cc-97ba-920f3ea5ea93", "title": "Zynith SEO <= 7.4.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zynith SEO", "slug": "zynith-seo", "affected_versions": { "* - 7.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f8e32a0-c67c-41cc-97ba-920f3ea5ea93?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f92219a-e07e-422d-a9f2-dbe4fbcd5f55": { "id": "9f92219a-e07e-422d-a9f2-dbe4fbcd5f55", "title": "AdRotate \u2013 Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "* - 5.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f959e61-16cf-4260-b21b-8edb95a3cd65": { "id": "9f959e61-16cf-4260-b21b-8edb95a3cd65", "title": "Simple Membership After Login Redirection <= 1.6 - Open Redirect", "software": [ { "type": "plugin", "name": "Simple Membership After Login Redirection", "slug": "simple-membership-after-login-redirection", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f959e61-16cf-4260-b21b-8edb95a3cd65?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f97bad7-6044-4727-a229-2890e02e36b0": { "id": "9f97bad7-6044-4727-a229-2890e02e36b0", "title": "Mobile Domain <= 1.5.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mobile Domain", "slug": "mobile-domain", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f97bad7-6044-4727-a229-2890e02e36b0?source=api-scan" ], "published": "2015-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f97bc19-c600-4819-ae75-d80b119a7575": { "id": "9f97bc19-c600-4819-ae75-d80b119a7575", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f97bc19-c600-4819-ae75-d80b119a7575?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f999f89-29eb-4871-a304-0ba6954e7e5b": { "id": "9f999f89-29eb-4871-a304-0ba6954e7e5b", "title": "Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP All Import Pro", "slug": "wp-all-import-pro", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] }, { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f999f89-29eb-4871-a304-0ba6954e7e5b?source=api-scan" ], "published": "2015-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f9bbe9a-faac-4f41-b2be-ddf6ff80d9c7": { "id": "9f9bbe9a-faac-4f41-b2be-ddf6ff80d9c7", "title": "WordPress Core <= 2.8.5 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f9bbe9a-faac-4f41-b2be-ddf6ff80d9c7?source=api-scan" ], "published": "2009-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f9e5212-caed-46db-bbf2-81c4df88439f": { "id": "9f9e5212-caed-46db-bbf2-81c4df88439f", "title": "LearnPress \u2013 WordPress LMS Plugin <= 3.2.7.2 - SQL Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 3.2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f9e5212-caed-46db-bbf2-81c4df88439f?source=api-scan" ], "published": "2020-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9f9fd9e1-c4b8-420e-a4d3-30c934853a98": { "id": "9f9fd9e1-c4b8-420e-a4d3-30c934853a98", "title": "WP Statistics <= 12.6.6.1 - Unauthenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 12.6.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "12.6.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9f9fd9e1-c4b8-420e-a4d3-30c934853a98?source=api-scan" ], "published": "2019-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fa1a551-36d4-488c-898a-3c13b509b8c9": { "id": "9fa1a551-36d4-488c-898a-3c13b509b8c9", "title": "WPJobBoard <= 4.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Job Board", "slug": "wpjobboard", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fa1a551-36d4-488c-898a-3c13b509b8c9?source=api-scan" ], "published": "2017-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fa3f24e-3e28-4e50-8801-e4f0a089e3a1": { "id": "9fa3f24e-3e28-4e50-8801-e4f0a089e3a1", "title": "ALO EasyMail Newsletter <= 2.6.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ALO EasyMail Newsletter", "slug": "alo-easymail", "affected_versions": { "[*, 2.6.01)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.01", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fa3f24e-3e28-4e50-8801-e4f0a089e3a1?source=api-scan" ], "published": "2015-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03": { "id": "9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03", "title": "Forget About Shortcode Buttons <= 1.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forget About Shortcode Buttons", "slug": "forget-about-shortcode-buttons", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03?source=api-scan" ], "published": "2016-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fae8288-898a-4acd-bbdf-c2fd4f1be1c6": { "id": "9fae8288-898a-4acd-bbdf-c2fd4f1be1c6", "title": "Absolutely Glamorous Custom Admin <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "AGCA \u2013 Custom Dashboard & Login Page", "slug": "ag-custom-admin", "affected_versions": { "* - 7.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fae8288-898a-4acd-bbdf-c2fd4f1be1c6?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fb09a77-aba1-422c-961b-dc2c7ce82320": { "id": "9fb09a77-aba1-422c-961b-dc2c7ce82320", "title": "Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Cooked Pro", "slug": "cooked-pro", "affected_versions": { "[*, 1.7.5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fb09a77-aba1-422c-961b-dc2c7ce82320?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fb4ad52-a0b2-4645-bf0d-132b4ce8a0a1": { "id": "9fb4ad52-a0b2-4645-bf0d-132b4ce8a0a1", "title": "TextMe SMS <= 1.9.0 - Missing Authorization via tetxme_update_option_page()", "software": [ { "type": "plugin", "name": "TextMe SMS", "slug": "textme-sms-integration", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fb4ad52-a0b2-4645-bf0d-132b4ce8a0a1?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fb4c58d-321d-453f-92b9-ae409541911b": { "id": "9fb4c58d-321d-453f-92b9-ae409541911b", "title": "XStore <= 9.3.8 - Unauthenticated Local File Inclusion", "software": [ { "type": "theme", "name": "XStore", "slug": "xstore", "affected_versions": { "* - 9.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fb4c58d-321d-453f-92b9-ae409541911b?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fbb31a5-9ed2-445a-b309-a9835128eb44": { "id": "9fbb31a5-9ed2-445a-b309-a9835128eb44", "title": "SellKit \u2013 Funnel builder and checkout optimizer for WooCommerce to sell more, faster <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter", "software": [ { "type": "plugin", "name": "SellKit \u2013 Funnel builder and checkout optimizer for WooCommerce to sell more, faster", "slug": "sellkit", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fbb31a5-9ed2-445a-b309-a9835128eb44?source=api-scan" ], "published": "2024-06-05 15:30:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fbb5ed0-ed76-44fe-88c4-eb05ad87e510": { "id": "9fbb5ed0-ed76-44fe-88c4-eb05ad87e510", "title": "10to8 Online Appointment Booking System <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Sign In Scheduling Online Appointment Booking System", "slug": "10to8-online-booking", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fbb5ed0-ed76-44fe-88c4-eb05ad87e510?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fc18fee-5813-4134-8c4d-44710665857a": { "id": "9fc18fee-5813-4134-8c4d-44710665857a", "title": "My Content Management <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Content Management", "slug": "my-content-management", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fc18fee-5813-4134-8c4d-44710665857a?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fc1e720-46ba-4f57-8694-551936371e2c": { "id": "9fc1e720-46ba-4f57-8694-551936371e2c", "title": "Browser Screenshots < 1.7.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Browser Screenshots", "slug": "browser-shots", "affected_versions": { "[*, 1.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fc1e720-46ba-4f57-8694-551936371e2c?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fc3355f-a3e3-4f30-885a-90d4982f699e": { "id": "9fc3355f-a3e3-4f30-885a-90d4982f699e", "title": "bbPress Notify <= 2.18.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bbPress Notify (No-Spam)", "slug": "bbpress-notify-nospam", "affected_versions": { "* - 2.18.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fc3355f-a3e3-4f30-885a-90d4982f699e?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fc46de4-af1c-4e38-9caa-55b7b18a69ae": { "id": "9fc46de4-af1c-4e38-9caa-55b7b18a69ae", "title": "WP Not Login Hide <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Not Login Hide (WPNLH)", "slug": "wp-not-login-hide-wpnlh", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fc46de4-af1c-4e38-9caa-55b7b18a69ae?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fc6d947-4b6e-4dcb-9f20-02e39b4e730e": { "id": "9fc6d947-4b6e-4dcb-9f20-02e39b4e730e", "title": "SupportCandy <= 2.2.6 - Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "[*, 2.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fc6d947-4b6e-4dcb-9f20-02e39b4e730e?source=api-scan" ], "published": "2022-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fcb65a0-4218-4728-9c29-0d1a03f438a6": { "id": "9fcb65a0-4218-4728-9c29-0d1a03f438a6", "title": "Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Footer Credit Remover", "slug": "visual-footer-credit-remover", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fcb65a0-4218-4728-9c29-0d1a03f438a6?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fd15c0b-cd3b-45e7-8379-b0e64e64d6b1": { "id": "9fd15c0b-cd3b-45e7-8379-b0e64e64d6b1", "title": "Herd Effects <= 5.2.3 - Cross-Site Request Forgery to Effect Deletion", "software": [ { "type": "plugin", "name": "Social Proof Popups & Real-Time Notifications \u2013 Herd Effects", "slug": "mwp-herd-effect", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fd15c0b-cd3b-45e7-8379-b0e64e64d6b1?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fd38e86-6448-47fd-a8a7-f571158e3599": { "id": "9fd38e86-6448-47fd-a8a7-f571158e3599", "title": "Sunshine Photo Cart <= 2.9.13 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 2.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fd38e86-6448-47fd-a8a7-f571158e3599?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fd58c6b-2ed5-4f6c-bb49-bc0151f72f73": { "id": "9fd58c6b-2ed5-4f6c-bb49-bc0151f72f73", "title": "Awesome Contact Form7 for Elementor <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Awesome Contact Form7 for Elementor", "slug": "awesome-contact-form7-for-elementor", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fd58c6b-2ed5-4f6c-bb49-bc0151f72f73?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fd9c076-d36c-4cda-b636-aa65195956d2": { "id": "9fd9c076-d36c-4cda-b636-aa65195956d2", "title": "Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip", "software": [ { "type": "plugin", "name": "Coming soon and Maintenance mode", "slug": "coming-soon-page", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fd9c076-d36c-4cda-b636-aa65195956d2?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fda5e15-fdf9-4b67-93d3-2dbfa94aefe9": { "id": "9fda5e15-fdf9-4b67-93d3-2dbfa94aefe9", "title": "WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fda5e15-fdf9-4b67-93d3-2dbfa94aefe9?source=api-scan" ], "published": "2017-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fdb6e4d-a94d-448c-aaea-0f38eeafd033": { "id": "9fdb6e4d-a94d-448c-aaea-0f38eeafd033", "title": "WooLentor <= 2.5.3 - PHP Object Injection", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fdb6e4d-a94d-448c-aaea-0f38eeafd033?source=api-scan" ], "published": "2023-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fdc9d20-a1cf-4a58-b250-4f3f56b77b69": { "id": "9fdc9d20-a1cf-4a58-b250-4f3f56b77b69", "title": "WP OAuth Server (OAuth Authentication) <= 4.2.5 -Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP OAuth Server (OAuth Authentication)", "slug": "oauth2-provider", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fdc9d20-a1cf-4a58-b250-4f3f56b77b69?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fdf6c97-6fc4-4840-b96d-e194149861e4": { "id": "9fdf6c97-6fc4-4840-b96d-e194149861e4", "title": "Rolo Slider <= 1.0.9 - Missing Authorization to Authenticated(Subscriber+) Settings Change", "software": [ { "type": "plugin", "name": "Rolo Slider", "slug": "rolo-slider", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fdf6c97-6fc4-4840-b96d-e194149861e4?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fe1178e-aca3-4f52-85e1-7d04b866a073": { "id": "9fe1178e-aca3-4f52-85e1-7d04b866a073", "title": "WordPress Core < 3.0.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fe1178e-aca3-4f52-85e1-7d04b866a073?source=api-scan" ], "published": "2010-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fe78766-0beb-4d6d-a2e6-92f79f117f50": { "id": "9fe78766-0beb-4d6d-a2e6-92f79f117f50", "title": "Pont <= 1.5 - Arbitrary Options Update", "software": [ { "type": "theme", "name": "Pont - Multipurpose Wordpress Theme | Business", "slug": "pont", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fe78766-0beb-4d6d-a2e6-92f79f117f50?source=api-scan" ], "published": "2015-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fe7f4e4-3774-408b-8a2a-0db67bc34fcf": { "id": "9fe7f4e4-3774-408b-8a2a-0db67bc34fcf", "title": "Pocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Pocket News Generator", "slug": "pocket-news-generator", "affected_versions": { "* - 0.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fe7f4e4-3774-408b-8a2a-0db67bc34fcf?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9fe9fe85-bcb5-4e12-b879-31bc73074eed": { "id": "9fe9fe85-bcb5-4e12-b879-31bc73074eed", "title": "JetSearch <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JetSearch", "slug": "jet-search", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9fe9fe85-bcb5-4e12-b879-31bc73074eed?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9feb44e1-eb19-40eb-85d6-fae56afe90ee": { "id": "9feb44e1-eb19-40eb-85d6-fae56afe90ee", "title": "Meet My Team <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meet My Team", "slug": "meet-my-team", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9feb44e1-eb19-40eb-85d6-fae56afe90ee?source=api-scan" ], "published": "2022-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "9ff5a900-9e4d-4bd0-bd19-cad96e62f973": { "id": "9ff5a900-9e4d-4bd0-bd19-cad96e62f973", "title": "My Tickets <= 1.8.30 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Tickets \u2013 Accessible Event Ticketing", "slug": "my-tickets", "affected_versions": { "[*, 1.8.31)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.31", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/9ff5a900-9e4d-4bd0-bd19-cad96e62f973?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a00147db-2ca5-4290-ae13-27be6119b751": { "id": "a00147db-2ca5-4290-ae13-27be6119b751", "title": "Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "[*, 7.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a00147db-2ca5-4290-ae13-27be6119b751?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a003129b-4a31-40f8-a9b2-9d3a3286cabe": { "id": "a003129b-4a31-40f8-a9b2-9d3a3286cabe", "title": "XT Ajax Add To Cart for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XT Ajax Add To Cart for WooCommerce", "slug": "xt-woo-ajax-add-to-cart", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a003129b-4a31-40f8-a9b2-9d3a3286cabe?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0099f55-651c-4997-bf6d-97125c4260e1": { "id": "a0099f55-651c-4997-bf6d-97125c4260e1", "title": "Accio | Responsive Onepage Parallax Site Template < 1.1.1 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Accio | Responsive Onepage Parallax Site Template", "slug": "accio-one-page", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0099f55-651c-4997-bf6d-97125c4260e1?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a00a5c41-b211-45e4-acf8-01fd8e64b1c0": { "id": "a00a5c41-b211-45e4-acf8-01fd8e64b1c0", "title": "One Page Express Companion <= 1.6.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via one_page_express_contact_form Shortcode", "software": [ { "type": "plugin", "name": "One Page Express Companion", "slug": "one-page-express-companion", "affected_versions": { "* - 1.6.37": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a00a5c41-b211-45e4-acf8-01fd8e64b1c0?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0101dd1-a9cb-4b9c-8299-9b808d7e1912": { "id": "a0101dd1-a9cb-4b9c-8299-9b808d7e1912", "title": "Attributes for Blocks <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributesForBlocks Parameter", "software": [ { "type": "plugin", "name": "Attributes for Blocks", "slug": "attributes-for-blocks", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0101dd1-a9cb-4b9c-8299-9b808d7e1912?source=api-scan" ], "published": "2024-09-03 19:27:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a01141ed-9b9c-426f-96b3-c6ceade4d35c": { "id": "a01141ed-9b9c-426f-96b3-c6ceade4d35c", "title": "Webflow Pages <= 1.0.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Webflow Pages", "slug": "webflow-pages", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a01141ed-9b9c-426f-96b3-c6ceade4d35c?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a013106b-4e2a-4dd9-a0ab-7e6c91e715dd": { "id": "a013106b-4e2a-4dd9-a0ab-7e6c91e715dd", "title": "Structured Content <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Classic Editor Shortcode", "software": [ { "type": "plugin", "name": "Structured Content (JSON-LD) #wpsc", "slug": "structured-content", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a013106b-4e2a-4dd9-a0ab-7e6c91e715dd?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0164123-11b0-4b3b-bc76-c6aee8ca9d34": { "id": "a0164123-11b0-4b3b-bc76-c6aee8ca9d34", "title": "Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'", "software": [ { "type": "theme", "name": "Nexter", "slug": "nexter", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0164123-11b0-4b3b-bc76-c6aee8ca9d34?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a016b6b3-3a3f-4f25-9207-2460798044f0": { "id": "a016b6b3-3a3f-4f25-9207-2460798044f0", "title": "Perfect Brands for WooCommerce <= 2.0.4 - Server Information Disclosure", "software": [ { "type": "plugin", "name": "Perfect Brands for WooCommerce", "slug": "perfect-woocommerce-brands", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a016b6b3-3a3f-4f25-9207-2460798044f0?source=api-scan" ], "published": "2022-01-28 09:33:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a018ba2b-8188-41f9-bdab-64cae3362e0e": { "id": "a018ba2b-8188-41f9-bdab-64cae3362e0e", "title": "Easy Form Builder <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Form Builder \u2013 WordPress plugin form builder: contact form, survey form, payment form, and custom form builder", "slug": "easy-form-builder", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a018ba2b-8188-41f9-bdab-64cae3362e0e?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a01cdc31-3cab-43b0-a5ef-75fb11eeb621": { "id": "a01cdc31-3cab-43b0-a5ef-75fb11eeb621", "title": "XPinner Lite <= 2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "xPinner Lite", "slug": "xpinner-lite", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a01cdc31-3cab-43b0-a5ef-75fb11eeb621?source=api-scan" ], "published": "2015-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0214cf8-59f7-4928-bf27-547f3b7790ae": { "id": "a0214cf8-59f7-4928-bf27-547f3b7790ae", "title": "Excellent <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Excellent", "slug": "excellent", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0214cf8-59f7-4928-bf27-547f3b7790ae?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a023cdc5-3814-4120-86b2-6a60d385f898": { "id": "a023cdc5-3814-4120-86b2-6a60d385f898", "title": "RegistrationMagic \u2013 Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Email Injection", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 4.6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a023cdc5-3814-4120-86b2-6a60d385f898?source=api-scan" ], "published": "2020-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0247ba6-d193-4b7d-969d-0cd239c57faa": { "id": "a0247ba6-d193-4b7d-969d-0cd239c57faa", "title": "Biteship <= 2.2.24 - Reflected Cross-Site Scripting via biteship_error and biteship_message", "software": [ { "type": "plugin", "name": "Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo \u2013 Biteship", "slug": "biteship", "affected_versions": { "* - 2.2.24": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0247ba6-d193-4b7d-969d-0cd239c57faa?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0297cab-8b6f-4e09-b552-4772c6f72c04": { "id": "a0297cab-8b6f-4e09-b552-4772c6f72c04", "title": "Elementor Addon Elements <= 1.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "[*, 1.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0297cab-8b6f-4e09-b552-4772c6f72c04?source=api-scan" ], "published": "2020-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0299b95-abbf-43c4-81d0-7c383d92cffe": { "id": "a0299b95-abbf-43c4-81d0-7c383d92cffe", "title": "ActiveCampaign for WooCommerce <= 1.9.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ActiveCampaign for WooCommerce", "slug": "activecampaign-for-woocommerce", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0299b95-abbf-43c4-81d0-7c383d92cffe?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a02ec9a2-6449-4975-9a68-2c8df5e28b31": { "id": "a02ec9a2-6449-4975-9a68-2c8df5e28b31", "title": "Stellissimo Text Box <= 1.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stellissimo Text Box", "slug": "stellissimo-text-box", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a02ec9a2-6449-4975-9a68-2c8df5e28b31?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a02f0a23-0b2b-4e16-9f6d-ec6302a0d23b": { "id": "a02f0a23-0b2b-4e16-9f6d-ec6302a0d23b", "title": "JetWidgets For Elementor <= 1.0.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Button URL", "software": [ { "type": "plugin", "name": "JetWidgets For Elementor", "slug": "jetwidgets-for-elementor", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a02f0a23-0b2b-4e16-9f6d-ec6302a0d23b?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a02f4fc4-42ca-4f8e-9c28-bfa69644e7b6": { "id": "a02f4fc4-42ca-4f8e-9c28-bfa69644e7b6", "title": "Booking calendar, Appointment Booking System <= 3.2.8 - Multiple Authenticated(Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "[*, 3.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a02f4fc4-42ca-4f8e-9c28-bfa69644e7b6?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0320c16-de32-484f-b17c-5acf0144a373": { "id": "a0320c16-de32-484f-b17c-5acf0144a373", "title": "Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Custom WooCommerce Checkout Fields Editor", "slug": "add-fields-to-checkout-page-woocommerce", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0320c16-de32-484f-b17c-5acf0144a373?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0336e35-eb3c-4613-b8a2-fac7b837eb6f": { "id": "a0336e35-eb3c-4613-b8a2-fac7b837eb6f", "title": "Insert Pages <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Insert Pages", "slug": "insert-pages", "affected_versions": { "* - 3.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0336e35-eb3c-4613-b8a2-fac7b837eb6f?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0365d52-8817-4b69-9df3-ac4c5bb6f4f3": { "id": "a0365d52-8817-4b69-9df3-ac4c5bb6f4f3", "title": "HTML5 jQuery Audio Player <= 2.6.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML5 jQuery Audio Player", "slug": "html5-jquery-audio-player", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0365d52-8817-4b69-9df3-ac4c5bb6f4f3?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a03b4c19-85fa-47ad-b9ae-b466f8e5ca96": { "id": "a03b4c19-85fa-47ad-b9ae-b466f8e5ca96", "title": "MailerLite \u2013 Signup forms (official) <= 1.7.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "MailerLite \u2013 Signup forms (official)", "slug": "official-mailerlite-sign-up-forms", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a03b4c19-85fa-47ad-b9ae-b466f8e5ca96?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a03f0780-796c-41a3-8f06-04f76e0da2da": { "id": "a03f0780-796c-41a3-8f06-04f76e0da2da", "title": "Download Monitor <= 4.8.1 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a03f0780-796c-41a3-8f06-04f76e0da2da?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0413f69-7251-4c01-b2e0-c8638d797652": { "id": "a0413f69-7251-4c01-b2e0-c8638d797652", "title": "AMP ToolBox <= 2.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AMP Toolbox", "slug": "amp-toolbox", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0413f69-7251-4c01-b2e0-c8638d797652?source=api-scan" ], "published": "2017-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a042b1be-d39f-4d28-8566-d9974becdd40": { "id": "a042b1be-d39f-4d28-8566-d9974becdd40", "title": "Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download", "software": [ { "type": "plugin", "name": "WordPress project source code download", "slug": "project-source-code-download", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a042b1be-d39f-4d28-8566-d9974becdd40?source=api-scan" ], "published": "2022-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a04652bc-f815-4840-b791-3fb12d3b4f7c": { "id": "a04652bc-f815-4840-b791-3fb12d3b4f7c", "title": "CF7 File Download \u2013 File Download for CF7 <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CF7 File Download \u2013 File Download for CF7", "slug": "cf7-file-download", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a04652bc-f815-4840-b791-3fb12d3b4f7c?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a04870e0-41c8-464b-b30e-0bf7900e1433": { "id": "a04870e0-41c8-464b-b30e-0bf7900e1433", "title": "Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization to Test Email", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a04870e0-41c8-464b-b30e-0bf7900e1433?source=api-scan" ], "published": "2019-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a057ad05-0ed7-48c4-9dc1-0e7b1d3cb270": { "id": "a057ad05-0ed7-48c4-9dc1-0e7b1d3cb270", "title": "Headline Analyzer <= 1.3.1 - Missing Authorization via REST APIs", "software": [ { "type": "plugin", "name": "Headline Analyzer", "slug": "headline-analyzer", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a057ad05-0ed7-48c4-9dc1-0e7b1d3cb270?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a05b1d00-386f-4914-80e6-92d3e9721dc5": { "id": "a05b1d00-386f-4914-80e6-92d3e9721dc5", "title": "Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Loginizer", "slug": "loginizer", "affected_versions": { "1.3.8 - 1.3.9": { "from_version": "1.3.8", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a05b1d00-386f-4914-80e6-92d3e9721dc5?source=api-scan" ], "published": "2018-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a06147c7-a96e-4f12-9a67-23ca82b09942": { "id": "a06147c7-a96e-4f12-9a67-23ca82b09942", "title": "Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ovic Responsive WPBakery", "slug": "ovic-vc-addon", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a06147c7-a96e-4f12-9a67-23ca82b09942?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a06812c5-43db-4c32-a9fb-f7b86900a741": { "id": "a06812c5-43db-4c32-a9fb-f7b86900a741", "title": "Contact Form DB <= 2.8.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form DB", "slug": "contact-form-7-to-database-extension", "affected_versions": { "[*, 2.8.18)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a06812c5-43db-4c32-a9fb-f7b86900a741?source=api-scan" ], "published": "2014-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a068e411-d81f-4162-84e9-f1e9868963f9": { "id": "a068e411-d81f-4162-84e9-f1e9868963f9", "title": "Supreme Directory < 1.1.9 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Supreme Directory", "slug": "supreme-directory", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a068e411-d81f-4162-84e9-f1e9868963f9?source=api-scan" ], "published": "2018-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0695f66-5932-4ca4-86d3-ef53f1a669b5": { "id": "a0695f66-5932-4ca4-86d3-ef53f1a669b5", "title": "Oberliga Theme (All Versions) - SQL Injection", "software": [ { "type": "theme", "name": "Oberliga Theme", "slug": "oberliga_theme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0695f66-5932-4ca4-86d3-ef53f1a669b5?source=api-scan" ], "published": "2012-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a06bba7f-0259-4b87-b3fe-6ad8318fda7d": { "id": "a06bba7f-0259-4b87-b3fe-6ad8318fda7d", "title": "ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a06bba7f-0259-4b87-b3fe-6ad8318fda7d?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0707c92-96e9-444a-8a13-52d49c9e3f5c": { "id": "a0707c92-96e9-444a-8a13-52d49c9e3f5c", "title": "Pods \u2013 Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0707c92-96e9-444a-8a13-52d49c9e3f5c?source=api-scan" ], "published": "2024-05-09 20:29:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a073c2f1-88d3-4410-b9f5-45b04becbfcb": { "id": "a073c2f1-88d3-4410-b9f5-45b04becbfcb", "title": "WP ERP <= 1.12.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "[*, 1.12.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a073c2f1-88d3-4410-b9f5-45b04becbfcb?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a077e95f-7912-4b94-89f3-54f37adfcd8e": { "id": "a077e95f-7912-4b94-89f3-54f37adfcd8e", "title": "WebwinkelKeur <= 3.24 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WebwinkelKeur: Webshop keurmerk & reviews for WordPress", "slug": "webwinkelkeur", "affected_versions": { "[*, 3.25)": { "from_version": "*", "from_inclusive": true, "to_version": "3.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a077e95f-7912-4b94-89f3-54f37adfcd8e?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a07a643e-1a4b-47fe-9e4a-b4cc070bce74": { "id": "a07a643e-1a4b-47fe-9e4a-b4cc070bce74", "title": "Tag Miner (Automatic Tag Extraction) < 1.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Tag Miner (Automatic Tag Extraction)", "slug": "fossura-tag-miner", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a07a643e-1a4b-47fe-9e4a-b4cc070bce74?source=api-scan" ], "published": "2015-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a07bc541-2113-43db-acdf-9ecb00dd50e9": { "id": "a07bc541-2113-43db-acdf-9ecb00dd50e9", "title": "W3 Total Cache <= 0.9.4.1 - Security Token Bypass via Type Juggling", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a07bc541-2113-43db-acdf-9ecb00dd50e9?source=api-scan" ], "published": "2016-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a07bd233-902c-402c-9055-f3085246da78": { "id": "a07bd233-902c-402c-9055-f3085246da78", "title": "WP OAuth Server (OAuth Authentication) <= 4.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP OAuth Server (OAuth Authentication)", "slug": "oauth2-provider", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a07bd233-902c-402c-9055-f3085246da78?source=api-scan" ], "published": "2022-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a07ca145-9349-4961-9e66-4c59ea9b5069": { "id": "a07ca145-9349-4961-9e66-4c59ea9b5069", "title": "Ad Injection <= 1.2.0.19 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ad Injection", "slug": "ad-injection", "affected_versions": { "* - 1.2.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0.19", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a07ca145-9349-4961-9e66-4c59ea9b5069?source=api-scan" ], "published": "2022-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0829035-7782-456d-acd5-639051d7ebc3": { "id": "a0829035-7782-456d-acd5-639051d7ebc3", "title": "Backend Designer <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Backend Designer", "slug": "backend-designer", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0829035-7782-456d-acd5-639051d7ebc3?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0831971-3862-4774-8375-fe5870ef82d9": { "id": "a0831971-3862-4774-8375-fe5870ef82d9", "title": "WP User \u2013 Custom Registration Forms, Login and User Profile < 7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP User \u2013 Custom Registration Forms, Login and User Profile", "slug": "wp-user", "affected_versions": { "[*, 7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0831971-3862-4774-8375-fe5870ef82d9?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0850b88-09f0-4da8-a9be-1b4aacf610e0": { "id": "a0850b88-09f0-4da8-a9be-1b4aacf610e0", "title": "Contact Form Email < 1.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0850b88-09f0-4da8-a9be-1b4aacf610e0?source=api-scan" ], "published": "2014-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a08ea797-a836-4a21-bfca-2c05810d25cd": { "id": "a08ea797-a836-4a21-bfca-2c05810d25cd", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio <= 2.00 - SQL Injection", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "[*, 2.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a08ea797-a836-4a21-bfca-2c05810d25cd?source=api-scan" ], "published": "2012-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a08fa649-3092-4c26-a009-2dd576b9b1ac": { "id": "a08fa649-3092-4c26-a009-2dd576b9b1ac", "title": "ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "[*, 2.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=api-scan" ], "published": "2020-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a09113d3-8be0-45fa-b1d7-4eb6ebb1780e": { "id": "a09113d3-8be0-45fa-b1d7-4eb6ebb1780e", "title": "AVIF & SVG Uploader <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "AVIF Uploader", "slug": "avif-support", "affected_versions": { "1.1.0": { "from_version": "1.1.0", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a09113d3-8be0-45fa-b1d7-4eb6ebb1780e?source=api-scan" ], "published": "2024-09-30 21:14:05", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a092266b-bd7f-424d-b8c4-d79e4811e6c9": { "id": "a092266b-bd7f-424d-b8c4-d79e4811e6c9", "title": "Responsive Column Widgets <= 1.2.7 - Open Redirect via responsive_column_widgets_link", "software": [ { "type": "plugin", "name": "Responsive Column Widgets", "slug": "responsive-column-widgets", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a092266b-bd7f-424d-b8c4-d79e4811e6c9?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a09771da-a423-42ba-8f59-5c3bd189d9d3": { "id": "a09771da-a423-42ba-8f59-5c3bd189d9d3", "title": "Advanced Custom Fields Pro <= 5.9.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "[*, 5.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a09771da-a423-42ba-8f59-5c3bd189d9d3?source=api-scan" ], "published": "2021-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0aa2a10-da05-41e4-bbfa-938341919b5d": { "id": "a0aa2a10-da05-41e4-bbfa-938341919b5d", "title": "Easy Digital Downloads <= 2.10.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 2.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0aa2a10-da05-41e4-bbfa-938341919b5d?source=api-scan" ], "published": "2021-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0b14d91-f8f9-41df-b2eb-12792fb3a197": { "id": "a0b14d91-f8f9-41df-b2eb-12792fb3a197", "title": "Tutor LMS <= 1.9.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0b14d91-f8f9-41df-b2eb-12792fb3a197?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0b1e907-0c31-4b40-b3f9-0ac665f3394a": { "id": "a0b1e907-0c31-4b40-b3f9-0ac665f3394a", "title": "Smartkit <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smartkit", "slug": "smartkit", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0b1e907-0c31-4b40-b3f9-0ac665f3394a?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0bb1036-3e45-4ac9-b920-3b9629a3a724": { "id": "a0bb1036-3e45-4ac9-b920-3b9629a3a724", "title": "MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode", "software": [ { "type": "plugin", "name": "MaxGalleria", "slug": "maxgalleria", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0bb1036-3e45-4ac9-b920-3b9629a3a724?source=api-scan" ], "published": "2024-06-18 08:45:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0bc1909-5002-44ab-9a5e-694c4ef946e2": { "id": "a0bc1909-5002-44ab-9a5e-694c4ef946e2", "title": "WordPress Membership SwiftCloud.io <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Membership SwiftCloud.io", "slug": "club-management-software", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0bc1909-5002-44ab-9a5e-694c4ef946e2?source=api-scan" ], "published": "2021-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0c04f12-7602-4d57-aa0c-54ecbf7f8875": { "id": "a0c04f12-7602-4d57-aa0c-54ecbf7f8875", "title": "WP Custom Cursors | WordPress Cursor <= 3.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Custom Cursors | WordPress Cursor Plugin", "slug": "wp-custom-cursors", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0c04f12-7602-4d57-aa0c-54ecbf7f8875?source=api-scan" ], "published": "2023-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0c14e4e-9437-4e98-b720-72d6aab9e05f": { "id": "a0c14e4e-9437-4e98-b720-72d6aab9e05f", "title": "Business Card <= 1.0.0 - Cross-Site Request Forgery to Category Edit", "software": [ { "type": "plugin", "name": "Business Card", "slug": "business-card-by-esterox-100", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0c14e4e-9437-4e98-b720-72d6aab9e05f?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0c4ef62-1274-4cf3-88fc-ccabedbbe26c": { "id": "a0c4ef62-1274-4cf3-88fc-ccabedbbe26c", "title": "Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yellow Yard Searchbar", "slug": "yellow-yard", "affected_versions": { "* - 2.7.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0c4ef62-1274-4cf3-88fc-ccabedbbe26c?source=api-scan" ], "published": "2022-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0c74807-b85c-478e-bebf-1f0b46a21c11": { "id": "a0c74807-b85c-478e-bebf-1f0b46a21c11", "title": "Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! \u2013 TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update", "software": [ { "type": "plugin", "name": "TemplateSpare: Fast WordPress Site Builder \u2013 1000+ Starter Sites & Templates for Blogs, News, eCommerce & More. Customizer, Gutenberg & Elementor Ready. Import, Personalize, Go Live \u2013 No Coding Required", "slug": "templatespare", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0c74807-b85c-478e-bebf-1f0b46a21c11?source=api-scan" ], "published": "2024-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0c962ba-43ef-4713-acd9-1e499f857df8": { "id": "a0c962ba-43ef-4713-acd9-1e499f857df8", "title": "Tracking Code Manager <= 2.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tracking Code Manager", "slug": "tracking-code-manager", "affected_versions": { "* - 2.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0c962ba-43ef-4713-acd9-1e499f857df8?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0cb0970-7e21-44ff-bbca-4b3e18f4466e": { "id": "a0cb0970-7e21-44ff-bbca-4b3e18f4466e", "title": "IDB Ecommerce (wpStoreCart 5) < 2.5.30 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "IDB Ecommerce (wpStoreCart 5)", "slug": "wpstorecart", "affected_versions": { "* - 2.5.29": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0cb0970-7e21-44ff-bbca-4b3e18f4466e?source=api-scan" ], "published": "2012-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0ccb39b-faf1-428b-bfa7-c30d402bd34d": { "id": "a0ccb39b-faf1-428b-bfa7-c30d402bd34d", "title": "Events Manager <= 5.9.7.3 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 5.9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0ccb39b-faf1-428b-bfa7-c30d402bd34d?source=api-scan" ], "published": "2020-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0d93ee4-63e1-4fa7-9346-f56354124b9a": { "id": "a0d93ee4-63e1-4fa7-9346-f56354124b9a", "title": "Coupon Affiliates <= 5.4.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce", "slug": "woo-coupon-usage", "affected_versions": { "* - 5.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0d93ee4-63e1-4fa7-9346-f56354124b9a?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0da1ed2-3ffc-4da8-a8b4-8f5544ed157b": { "id": "a0da1ed2-3ffc-4da8-a8b4-8f5544ed157b", "title": "USPS Shipping for WooCommerce \u2013 Live Rates <= 1.9.4 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "USPS Shipping for WooCommerce \u2013 Live Rates", "slug": "flexible-shipping-usps", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0da1ed2-3ffc-4da8-a8b4-8f5544ed157b?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0de486b-1ad9-440f-b2f8-b0a2a9af4d0f": { "id": "a0de486b-1ad9-440f-b2f8-b0a2a9af4d0f", "title": "WPTouch < 3.7 - Open Redirect", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0de486b-1ad9-440f-b2f8-b0a2a9af4d0f?source=api-scan" ], "published": "2015-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0e28aca-b95f-4041-a1ea-4be84dc55923": { "id": "a0e28aca-b95f-4041-a1ea-4be84dc55923", "title": "FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.4.37.727": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.37.727", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.38.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0e28aca-b95f-4041-a1ea-4be84dc55923?source=api-scan" ], "published": "2021-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0e54185-a917-49cd-b99d-5b773a7ed06a": { "id": "a0e54185-a917-49cd-b99d-5b773a7ed06a", "title": "miniOrange's Google Authenticator <= 5.6.1 - Sensitive Data Exposure of Multifactor Backup Codes", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0e54185-a917-49cd-b99d-5b773a7ed06a?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0e80e63-f4f7-44cc-ae29-72e7847d7448": { "id": "a0e80e63-f4f7-44cc-ae29-72e7847d7448", "title": "Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.46.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.46.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.47.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0ea0d46-a6aa-4704-8e4e-051bedd4994e": { "id": "a0ea0d46-a6aa-4704-8e4e-051bedd4994e", "title": "WordPress Social Sharing, Related Posts & Analytics \u2013 Shareaholic < 7.6.1.0 - Authenticated (Subscriber+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Professional Social Sharing Buttons, Icons & Related Posts \u2013 Shareaholic", "slug": "shareaholic", "affected_versions": { "[*, 7.6.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.6.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0ea0d46-a6aa-4704-8e4e-051bedd4994e?source=api-scan" ], "published": "2015-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0ee9b26-4e7f-475f-b42b-5af40b78cbca": { "id": "a0ee9b26-4e7f-475f-b42b-5af40b78cbca", "title": "I Recommend This <= 3.9.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "I Recommend This", "slug": "i-recommend-this", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0ee9b26-4e7f-475f-b42b-5af40b78cbca?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0eed0fd-8841-41d1-80fb-dd02f2a1edf3": { "id": "a0eed0fd-8841-41d1-80fb-dd02f2a1edf3", "title": "Orders Tracking for WooCommerce <= 1.0.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Orders Tracking for WooCommerce", "slug": "woo-orders-tracking", "affected_versions": { "* - 1.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0eed0fd-8841-41d1-80fb-dd02f2a1edf3?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0f0bc3e-24d6-48da-8398-42b9abb10f56": { "id": "a0f0bc3e-24d6-48da-8398-42b9abb10f56", "title": "Truepush <= 1.0.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Truepush \u2013 Most Affordable Web Push Notifications", "slug": "truepush-free-web-push-notifications", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0f0bc3e-24d6-48da-8398-42b9abb10f56?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0f2e2f4-6575-4f00-9417-3b5a19c3de40": { "id": "a0f2e2f4-6575-4f00-9417-3b5a19c3de40", "title": "Highcompress Image Compressor <= 5.0.0 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Highcompress Image Compressor", "slug": "high-compress", "affected_versions": { "* - 5.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0f2e2f4-6575-4f00-9417-3b5a19c3de40?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0f38af7-7753-4dbe-a4fd-e9a01785dd13": { "id": "a0f38af7-7753-4dbe-a4fd-e9a01785dd13", "title": "Secure Admin IP <= 2.0 - Missing Authorization via 'saveSettings'", "software": [ { "type": "plugin", "name": "Secure Admin IP", "slug": "secure-admin-ip", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0f38af7-7753-4dbe-a4fd-e9a01785dd13?source=api-scan" ], "published": "2023-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0f55f3e-9a9a-42a7-91b5-0d515519d545": { "id": "a0f55f3e-9a9a-42a7-91b5-0d515519d545", "title": "Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0f55f3e-9a9a-42a7-91b5-0d515519d545?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a0f701d4-8cae-4771-8233-bb94a87a770e": { "id": "a0f701d4-8cae-4771-8233-bb94a87a770e", "title": "Photo Gallery by Ays <= 5.7.0 - Authenticated (Administrator+) HTML Injection", "software": [ { "type": "plugin", "name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", "slug": "gallery-photo-gallery", "affected_versions": { "[*, 5.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a0f701d4-8cae-4771-8233-bb94a87a770e?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a102478c-c704-47d4-8b2b-492f75ec38b9": { "id": "a102478c-c704-47d4-8b2b-492f75ec38b9", "title": "S3 Bubble Amazon S3 HTML5 Video with Adverts <= 0.7 - Directory Traversal to Arbitrary File Access", "software": [ { "type": "plugin", "name": "S3 Bubble Amazon S3 HTML5 Video with Adverts", "slug": "s3bubble-amazon-s3-html-5-video-with-adverts", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a102478c-c704-47d4-8b2b-492f75ec38b9?source=api-scan" ], "published": "2015-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a104f88b-deae-465d-b4c1-9a1fc78e5ee9": { "id": "a104f88b-deae-465d-b4c1-9a1fc78e5ee9", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a104f88b-deae-465d-b4c1-9a1fc78e5ee9?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a107839e-b79b-4868-9232-eca050eb1551": { "id": "a107839e-b79b-4868-9232-eca050eb1551", "title": "WP Travel Engine <= 5.3.0 - Editor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator Software", "slug": "wp-travel-engine", "affected_versions": { "* - 5.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a107839e-b79b-4868-9232-eca050eb1551?source=api-scan" ], "published": "2021-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a108f8bf-a77c-4f29-a63b-c535a054dcaf": { "id": "a108f8bf-a77c-4f29-a63b-c535a054dcaf", "title": "Coupon & Discount Code Reveal Button <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coupon & Discount Code Reveal Button", "slug": "coupon-reveal-button", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a108f8bf-a77c-4f29-a63b-c535a054dcaf?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a10a3f01-082d-4a94-89c6-b5b46891aa4d": { "id": "a10a3f01-082d-4a94-89c6-b5b46891aa4d", "title": "Gift Cards (Gift Vouchers and Packages) <= 4.3.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)", "slug": "gift-voucher", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a10a3f01-082d-4a94-89c6-b5b46891aa4d?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a10ba041-ded4-41d4-93ba-7fa7389acd54": { "id": "a10ba041-ded4-41d4-93ba-7fa7389acd54", "title": "WordPress OpenID Connect Client <= 2.1.7 - Authentication Bypass", "software": [ { "type": "plugin", "name": "WordPress OpenID Connect Client", "slug": "miniorange-openid-connect-client", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a10ba041-ded4-41d4-93ba-7fa7389acd54?source=api-scan" ], "published": "2022-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a10cf70e-bc66-4888-b88d-c1c4847389c9": { "id": "a10cf70e-bc66-4888-b88d-c1c4847389c9", "title": "DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit", "software": [ { "type": "plugin", "name": "Dear Flipbook \u2013 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer", "slug": "3d-flipbook-dflip-lite", "affected_versions": { "* - 2.2.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a10cf70e-bc66-4888-b88d-c1c4847389c9?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a10da173-9b88-4599-928d-71fc42b35c50": { "id": "a10da173-9b88-4599-928d-71fc42b35c50", "title": "WPify Woo Czech <= 3.5.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPify Woo Czech", "slug": "wpify-woo", "affected_versions": { "* - 3.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a10da173-9b88-4599-928d-71fc42b35c50?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a10ee67a-7f5f-43dd-8f5c-c0e92706c453": { "id": "a10ee67a-7f5f-43dd-8f5c-c0e92706c453", "title": "LocateAndFilter <= 1.6.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "LocateAndFilter", "slug": "locateandfilter", "affected_versions": { "* - 1.6.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a10ee67a-7f5f-43dd-8f5c-c0e92706c453?source=api-scan" ], "published": "2024-09-30 19:27:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a10ee756-1b71-4232-817c-1ba6ead7f0f0": { "id": "a10ee756-1b71-4232-817c-1ba6ead7f0f0", "title": "Mobile Call Now & Map Buttons <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mobile Call Now & Map Buttons", "slug": "mobile-call-now-map-buttons", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a10ee756-1b71-4232-817c-1ba6ead7f0f0?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a11083dd-7a5f-483b-a854-2697ddc54262": { "id": "a11083dd-7a5f-483b-a854-2697ddc54262", "title": "Optimize Images ALT Text (alt tag) & names for SEO using AI <= 3.1.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Image SEO \u2013 AI-Driven Image SEO Optimizer", "slug": "imageseo", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a11083dd-7a5f-483b-a854-2697ddc54262?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a110bc69-ecf6-424d-9e2b-898a452d2dd1": { "id": "a110bc69-ecf6-424d-9e2b-898a452d2dd1", "title": "Transition Slider \u2013 Responsive Image Slider and Gallery <= 2.20.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Transition Slider \u2013 Responsive Image Slider and Gallery", "slug": "transition-slider-lite", "affected_versions": { "* - 2.20.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a110bc69-ecf6-424d-9e2b-898a452d2dd1?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a11f264a-24fe-44da-b325-3fbdc4cd81d0": { "id": "a11f264a-24fe-44da-b325-3fbdc4cd81d0", "title": "Mediamatic \u2013 Media Library Folders <= 2.8.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Mediamatic \u2013 Media Library Folders", "slug": "mediamatic", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a11f264a-24fe-44da-b325-3fbdc4cd81d0?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a": { "id": "a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a", "title": "Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Startklar Elementor Addons", "slug": "startklar-elmentor-forms-extwidgets", "affected_versions": { "* - 1.7.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a128018b-f19b-4b18-a53c-cf1310d3d0e7": { "id": "a128018b-f19b-4b18-a53c-cf1310d3d0e7", "title": "ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Plugin Settings Change via ajax", "software": [ { "type": "plugin", "name": "ImageMapper", "slug": "imagemapper", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a128018b-f19b-4b18-a53c-cf1310d3d0e7?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a12ccd08-ee29-4fb9-9075-cf71dc488ffc": { "id": "a12ccd08-ee29-4fb9-9075-cf71dc488ffc", "title": "Footer Text <= 2.0.3 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Footer Text", "slug": "footer-text", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a12ccd08-ee29-4fb9-9075-cf71dc488ffc?source=api-scan" ], "published": "2022-04-28 09:52:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1426809-b245-4868-be87-c96b3c5c05f9": { "id": "a1426809-b245-4868-be87-c96b3c5c05f9", "title": "Booster for WooCommerce <= 7.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1426809-b245-4868-be87-c96b3c5c05f9?source=api-scan" ], "published": "2023-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a145f3ca-2c38-4058-9aa9-e2dcc43c029a": { "id": "a145f3ca-2c38-4058-9aa9-e2dcc43c029a", "title": "WP Bulk Delete <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Bulk Delete", "slug": "wp-bulk-delete", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a145f3ca-2c38-4058-9aa9-e2dcc43c029a?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a14c04e8-72cc-4415-a95c-e26f6335b485": { "id": "a14c04e8-72cc-4415-a95c-e26f6335b485", "title": "WP Symposium < 14.11 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "[*, 14.11)": { "from_version": "*", "from_inclusive": true, "to_version": "14.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "14.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a14c04e8-72cc-4415-a95c-e26f6335b485?source=api-scan" ], "published": "2014-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a14cce74-6432-4b92-85c8-8b899e4248fd": { "id": "a14cce74-6432-4b92-85c8-8b899e4248fd", "title": "Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Content Control \u2013 The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More", "slug": "content-control", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a14cce74-6432-4b92-85c8-8b899e4248fd?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a14cf955-e354-49c3-a685-d5bd51c79ba9": { "id": "a14cf955-e354-49c3-a685-d5bd51c79ba9", "title": "WooCommerce Customers Manager <= 29.6 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "* - 29.6": { "from_version": "*", "from_inclusive": true, "to_version": "29.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "29.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a14cf955-e354-49c3-a685-d5bd51c79ba9?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1513296-f7f6-468c-ac96-5f55812d943e": { "id": "a1513296-f7f6-468c-ac96-5f55812d943e", "title": "Ivory Search <= 5.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "* - 5.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1513296-f7f6-468c-ac96-5f55812d943e?source=api-scan" ], "published": "2022-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a153d6b2-e3fd-42db-90ba-d899a07d60c1": { "id": "a153d6b2-e3fd-42db-90ba-d899a07d60c1", "title": "Simple Shortcodes <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Shortcodes", "slug": "smpl-shortcodes", "affected_versions": { "* - 1.0.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a153d6b2-e3fd-42db-90ba-d899a07d60c1?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a155c289-558c-4209-8d9a-bf085fecaf8a": { "id": "a155c289-558c-4209-8d9a-bf085fecaf8a", "title": "Premium Addons for Elementor <= 4.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.34": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a155c289-558c-4209-8d9a-bf085fecaf8a?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a15cc96b-2af2-4a7d-af61-633d13b71b49": { "id": "a15cc96b-2af2-4a7d-af61-633d13b71b49", "title": "WP Backpack <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Backpack", "slug": "wp-backpack", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a15cc96b-2af2-4a7d-af61-633d13b71b49?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a15e917f-f46a-4006-a4cb-3d55331ccb5b": { "id": "a15e917f-f46a-4006-a4cb-3d55331ccb5b", "title": "NextGEN Gallery <= 3.37 - Authenticated (Admininistrator+) Arbitrary File Read and Deletion in gallery_edit", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.37": { "from_version": "*", "from_inclusive": true, "to_version": "3.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a15e917f-f46a-4006-a4cb-3d55331ccb5b?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a15ee50d-ee64-49b4-bbd2-2d0f3683a4c5": { "id": "a15ee50d-ee64-49b4-bbd2-2d0f3683a4c5", "title": "Shapeless <= 1.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Shapeless", "slug": "shapeless", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a15ee50d-ee64-49b4-bbd2-2d0f3683a4c5?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a15f8a5a-dccf-476e-9a40-e9ea11dc46f6": { "id": "a15f8a5a-dccf-476e-9a40-e9ea11dc46f6", "title": "MyBookTable Bookstore <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MyBookTable Bookstore by Stormhill Media", "slug": "mybooktable", "affected_versions": { "* - 3.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a15f8a5a-dccf-476e-9a40-e9ea11dc46f6?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a15fd2da-5897-4eb8-81c3-79e800e94122": { "id": "a15fd2da-5897-4eb8-81c3-79e800e94122", "title": "Flat PM <= 2.661 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FlatPM \u2013 Ad Manager, AdSense and Custom Code", "slug": "flatpm-wp", "affected_versions": { "* - 2.661": { "from_version": "*", "from_inclusive": true, "to_version": "2.661", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.662" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a15fd2da-5897-4eb8-81c3-79e800e94122?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1603dc9-7f5e-47e1-8a81-27bb4df1aa4f": { "id": "a1603dc9-7f5e-47e1-8a81-27bb4df1aa4f", "title": "Media Library Assistant <= 3.11 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1603dc9-7f5e-47e1-8a81-27bb4df1aa4f?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a161bd23-0b82-49ef-b3cc-a117823ec8a7": { "id": "a161bd23-0b82-49ef-b3cc-a117823ec8a7", "title": "Gmedia Photo Gallery <= 1.6.4 - Denial of Service", "software": [ { "type": "plugin", "name": "Gmedia Photo Gallery", "slug": "grand-media", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a161bd23-0b82-49ef-b3cc-a117823ec8a7?source=api-scan" ], "published": "2015-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a162132a-f893-42fa-85f1-b42f738891a4": { "id": "a162132a-f893-42fa-85f1-b42f738891a4", "title": "Awesome Support <= 6.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a162132a-f893-42fa-85f1-b42f738891a4?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1640612-1516-42d7-9fdc-ed4eaa2f0eeb": { "id": "a1640612-1516-42d7-9fdc-ed4eaa2f0eeb", "title": "Mega Elements <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mega Elements \u2013 Addons for Elementor", "slug": "mega-elements-addons-for-elementor", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1640612-1516-42d7-9fdc-ed4eaa2f0eeb?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a169934d-17ce-4d34-be00-c5ac0b488066": { "id": "a169934d-17ce-4d34-be00-c5ac0b488066", "title": "WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing", "software": [ { "type": "plugin", "name": "Woocommerce Follow-ups", "slug": "woocommerce-follow-up-emails", "affected_versions": { "* - 4.9.40": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a169934d-17ce-4d34-be00-c5ac0b488066?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1743b26-861e-4a61-80de-b8cc82308228": { "id": "a1743b26-861e-4a61-80de-b8cc82308228", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_pause_cdn_integration_ajax_request_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1743b26-861e-4a61-80de-b8cc82308228?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a175d2b2-0a35-4c5a-b05b-4d334e444e85": { "id": "a175d2b2-0a35-4c5a-b05b-4d334e444e85", "title": "Conditional Fields for Contact Form 7 <= 2.4.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Conditional Fields for Contact Form 7", "slug": "cf7-conditional-fields", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a175d2b2-0a35-4c5a-b05b-4d334e444e85?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a175e103-ab89-404b-8736-94d0d93d6cf3": { "id": "a175e103-ab89-404b-8736-94d0d93d6cf3", "title": "Flo Forms \u2013 Easy Drag & Drop Form Builder <= 1.0.35 - Options Change to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flo Forms \u2013 Easy Drag & Drop Form Builder", "slug": "flo-forms", "affected_versions": { "* - 1.0.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a175e103-ab89-404b-8736-94d0d93d6cf3?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a176f206-eb96-4902-8355-eec3c9ff6809": { "id": "a176f206-eb96-4902-8355-eec3c9ff6809", "title": "Checkout Field Editor <= 1.7.2 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Checkout Field Editor (Checkout Manager) for WooCommerce", "slug": "woo-checkout-field-editor-pro", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a176f206-eb96-4902-8355-eec3c9ff6809?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1800241-802b-4c6a-a9d8-a7cf78450346": { "id": "a1800241-802b-4c6a-a9d8-a7cf78450346", "title": "WTI Like Post < 1.4.3 - SQL Injection", "software": [ { "type": "plugin", "name": "WTI Like Post", "slug": "wti-like-post", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1800241-802b-4c6a-a9d8-a7cf78450346?source=api-scan" ], "published": "2015-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a18089d8-32f1-4827-af14-c45055892fb2": { "id": "a18089d8-32f1-4827-af14-c45055892fb2", "title": "jQuery Reply to Comment <= 1.31 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "jQuery Reply to Comment", "slug": "jquery-reply-to-comment", "affected_versions": { "* - 1.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.31", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a18089d8-32f1-4827-af14-c45055892fb2?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1818e80-e580-45d4-88ab-018cb1723947": { "id": "a1818e80-e580-45d4-88ab-018cb1723947", "title": "Ultimate Faqs <= 1.8.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate FAQ Accordion Plugin", "slug": "ultimate-faqs", "affected_versions": { "[*, 1.8.22)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1818e80-e580-45d4-88ab-018cb1723947?source=api-scan" ], "published": "2019-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a184090c-0281-4d8d-bd4d-256b4ed826dc": { "id": "a184090c-0281-4d8d-bd4d-256b4ed826dc", "title": "Smart YouTube PRO <= 4.3 - Cross-Site Request Forgery via handle_colorbox_options", "software": [ { "type": "plugin", "name": "Smart YouTube PRO", "slug": "smart-youtube", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a184090c-0281-4d8d-bd4d-256b4ed826dc?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1859dca-d771-470c-ae4a-48246977212c": { "id": "a1859dca-d771-470c-ae4a-48246977212c", "title": "Big Store <= 1.9.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Big Store", "slug": "big-store", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1859dca-d771-470c-ae4a-48246977212c?source=api-scan" ], "published": "2023-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a186ca14-5cfd-4ce8-b73e-3881445069d7": { "id": "a186ca14-5cfd-4ce8-b73e-3881445069d7", "title": "Spice Starter Sites <= 1.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spice Starter Sites", "slug": "spice-starter-sites", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a186ca14-5cfd-4ce8-b73e-3881445069d7?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a187fa8b-daf1-4955-92b3-2937d0f6a159": { "id": "a187fa8b-daf1-4955-92b3-2937d0f6a159", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a187fa8b-daf1-4955-92b3-2937d0f6a159?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a18963cb-24c7-45b4-987d-5a8789b1ab0a": { "id": "a18963cb-24c7-45b4-987d-5a8789b1ab0a", "title": "Workreap Theme < 2.2.2 - Authorization Bypass", "software": [ { "type": "theme", "name": "Workreap - Freelance Marketplace and Directory WordPress Theme", "slug": "workreap", "affected_versions": { "[*, 2.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a18963cb-24c7-45b4-987d-5a8789b1ab0a?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a189e436-e8af-4379-aa6e-2d1a4a2d4bfa": { "id": "a189e436-e8af-4379-aa6e-2d1a4a2d4bfa", "title": "Bulk images optimizer: Resize, optimize, convert to webp, rename ... <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update", "software": [ { "type": "plugin", "name": "Bulk images optimizer: Resize, optimize, convert to webp, rename \u2026", "slug": "bulk-image-resizer", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a189e436-e8af-4379-aa6e-2d1a4a2d4bfa?source=api-scan" ], "published": "2024-10-17 15:44:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a18baa1d-2400-496d-8e8b-1c3983484706": { "id": "a18baa1d-2400-496d-8e8b-1c3983484706", "title": "Floating Chat Widget <= 3.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button \u2013 Chaty", "slug": "chaty", "affected_versions": { "* - 3.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a18baa1d-2400-496d-8e8b-1c3983484706?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a193392a-ef6d-4232-a8c9-c980bd369d5e": { "id": "a193392a-ef6d-4232-a8c9-c980bd369d5e", "title": "Brightbox <= (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Brightbox", "slug": "brightbox", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a193392a-ef6d-4232-a8c9-c980bd369d5e?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a195892b-75d3-4a5d-86e1-4eb4b9f62624": { "id": "a195892b-75d3-4a5d-86e1-4eb4b9f62624", "title": "Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Akismet Privacy Policies", "slug": "akismet-privacy-policies", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a195892b-75d3-4a5d-86e1-4eb4b9f62624?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a19bff99-b680-40a6-8a5c-7a0233b293ac": { "id": "a19bff99-b680-40a6-8a5c-7a0233b293ac", "title": "Fattura24 <= 6.2.7 - Reflected Cross-Site Scripting via 'id'", "software": [ { "type": "plugin", "name": "Fattura24", "slug": "fattura24", "affected_versions": { "* - 6.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a19bff99-b680-40a6-8a5c-7a0233b293ac?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a19e1713-1a64-46dc-8b30-b53045b2e01d": { "id": "a19e1713-1a64-46dc-8b30-b53045b2e01d", "title": "Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Mapplic Lite", "slug": "mapplic-lite", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a19e1713-1a64-46dc-8b30-b53045b2e01d?source=api-scan" ], "published": "2024-09-25 21:22:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a19ef0d7-fd44-45ea-8fb1-b99c270072c4": { "id": "a19ef0d7-fd44-45ea-8fb1-b99c270072c4", "title": "WordPress Core < 3.0.2 - Missing Authorization", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a19ef0d7-fd44-45ea-8fb1-b99c270072c4?source=api-scan" ], "published": "2010-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1ab02c0-e083-4f0e-b6d4-1a10ade2c688": { "id": "a1ab02c0-e083-4f0e-b6d4-1a10ade2c688", "title": "Leyka <= 3.29.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "* - 3.29.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.29.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1ab02c0-e083-4f0e-b6d4-1a10ade2c688?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1ae2060-5eca-47c9-a196-0ff75c3f523e": { "id": "a1ae2060-5eca-47c9-a196-0ff75c3f523e", "title": "SexyBookmarks <= 6.1.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "sexybookmarks", "slug": "sexybookmarks", "affected_versions": { "* - 6.1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1ae2060-5eca-47c9-a196-0ff75c3f523e?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1af63f6-329e-40b6-b786-302c608ac577": { "id": "a1af63f6-329e-40b6-b786-302c608ac577", "title": "Social Media Share Buttons | MashShare < 2.3.1 - Information Disclosure", "software": [ { "type": "plugin", "name": "MashShare \u2013 Social Media Share Buttons, Social Share Icons", "slug": "mashsharer", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1af63f6-329e-40b6-b786-302c608ac577?source=api-scan" ], "published": "2015-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1b3bcad-4bee-4848-8d68-0aacaf199910": { "id": "a1b3bcad-4bee-4848-8d68-0aacaf199910", "title": "HT Mega <= 2.5.7 - Authenticated (Contributor+) JSON File Directory Traversal", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1b3bcad-4bee-4848-8d68-0aacaf199910?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1b8ac82-4c2d-44bf-ac9e-1c1abead0613": { "id": "a1b8ac82-4c2d-44bf-ac9e-1c1abead0613", "title": "WP Floating Menu <= 1.4.0 - Cross-Site Scripting via id Parameter", "software": [ { "type": "plugin", "name": "WP Floating Menu \u2013 One page navigator, sticky menu for WordPress", "slug": "wp-floating-menu", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1b8ac82-4c2d-44bf-ac9e-1c1abead0613?source=api-scan" ], "published": "2020-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1c2e4e5-472f-4517-90f0-8f7057d24ef8": { "id": "a1c2e4e5-472f-4517-90f0-8f7057d24ef8", "title": "Admin Font Editor <= 1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Font Editor", "slug": "admin-font-editor", "affected_versions": { "[*, 1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1c2e4e5-472f-4517-90f0-8f7057d24ef8?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1c4c632-66f2-4987-b7da-048dbe4a3044": { "id": "a1c4c632-66f2-4987-b7da-048dbe4a3044", "title": "WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "* - 4.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1c4c632-66f2-4987-b7da-048dbe4a3044?source=api-scan" ], "published": "2024-09-30 19:33:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1c6ad5a-bc76-4012-acc6-35f742e0869e": { "id": "a1c6ad5a-bc76-4012-acc6-35f742e0869e", "title": "ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Content Exposure", "software": [ { "type": "plugin", "name": "ActivityPub", "slug": "activitypub", "affected_versions": { "* - 0.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1c6ad5a-bc76-4012-acc6-35f742e0869e?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1c731b9-8862-4140-b5e8-58132113e22c": { "id": "a1c731b9-8862-4140-b5e8-58132113e22c", "title": "Jetpack <= 3.7.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1c731b9-8862-4140-b5e8-58132113e22c?source=api-scan" ], "published": "2015-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1cb99dc-31a7-4d0f-afee-ca8c04cee5fe": { "id": "a1cb99dc-31a7-4d0f-afee-ca8c04cee5fe", "title": "WooCommerce PDF Invoices & Packing Slips 2.14.0 - 3.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "2.14.0 - 3.0.0": { "from_version": "2.14.0", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1cb99dc-31a7-4d0f-afee-ca8c04cee5fe?source=api-scan" ], "published": "2022-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1cec715-d19b-48b4-a924-5fb3f9a269ee": { "id": "a1cec715-d19b-48b4-a924-5fb3f9a269ee", "title": "Enter Addons <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enter Addons \u2013 Ultimate Template Builder for Elementor", "slug": "enteraddons", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1cec715-d19b-48b4-a924-5fb3f9a269ee?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1cf8b8f-bf74-444c-88cc-cc836ee45f26": { "id": "a1cf8b8f-bf74-444c-88cc-cc836ee45f26", "title": "Elements kit Elementor addons <= 3.1.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1cf8b8f-bf74-444c-88cc-cc836ee45f26?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1d4df4b-ec7a-43f6-8617-161b1600d6d2": { "id": "a1d4df4b-ec7a-43f6-8617-161b1600d6d2", "title": "Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection", "software": [ { "type": "plugin", "name": "Houzez CRM", "slug": "houzez-crm", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1d4df4b-ec7a-43f6-8617-161b1600d6d2?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1d72530-cfbb-4dfa-9acb-501f0c3a9651": { "id": "a1d72530-cfbb-4dfa-9acb-501f0c3a9651", "title": "Clever Addons for Elementor <= 2.2.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clever Addons for Elementor", "slug": "cafe-lite", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1d72530-cfbb-4dfa-9acb-501f0c3a9651?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1d8adf9-a529-45eb-9c59-8f43049de460": { "id": "a1d8adf9-a529-45eb-9c59-8f43049de460", "title": "DN Popup <= 1.2.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "DN Popup", "slug": "dn-popup", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1d8adf9-a529-45eb-9c59-8f43049de460?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1db940b-6cfc-4109-aa02-37ddadcc1f8b": { "id": "a1db940b-6cfc-4109-aa02-37ddadcc1f8b", "title": "Onepage Builder \u2013 Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Onepage Builder \u2013 Easiest Landing Page Builder For WordPress", "slug": "tx-onepager", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1db940b-6cfc-4109-aa02-37ddadcc1f8b?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1e2d370-a716-4d6b-8e23-74db2fbd0760": { "id": "a1e2d370-a716-4d6b-8e23-74db2fbd0760", "title": "WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation", "software": [ { "type": "plugin", "name": "WooCommerce Photo Reviews Premium", "slug": "woocommerce-photo-reviews", "affected_versions": { "* - 1.3.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1e2d370-a716-4d6b-8e23-74db2fbd0760?source=api-scan" ], "published": "2024-09-10 20:00:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1e51a99-f5d4-47d4-bead-00ca1f5f72c2": { "id": "a1e51a99-f5d4-47d4-bead-00ca1f5f72c2", "title": "Abandoned Cart Lite for WooCommerce <= 5.14.1 - Cross-Site Request Forgery via delete_expired_used_coupon_code", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "[*, 5.14.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.14.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.14.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1e51a99-f5d4-47d4-bead-00ca1f5f72c2?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1eda885-7e10-4294-9748-5359efd51754": { "id": "a1eda885-7e10-4294-9748-5359efd51754", "title": "Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Mega Addons For WPBakery Page Builder", "slug": "mega-addons-for-visual-composer", "affected_versions": { "* - 4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1eda885-7e10-4294-9748-5359efd51754?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1eec01c-7f54-4e90-a943-c50b8ab79b22": { "id": "a1eec01c-7f54-4e90-a943-c50b8ab79b22", "title": "Slideshow Gallery < 1.7.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "[*, 1.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1eec01c-7f54-4e90-a943-c50b8ab79b22?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1fadba1-674f-4f3d-997f-d29d3a887414": { "id": "a1fadba1-674f-4f3d-997f-d29d3a887414", "title": "MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files", "software": [ { "type": "plugin", "name": "MainWP Child \u2013 Securely Connects to the MainWP Dashboard to Manage Multiple Sites", "slug": "mainwp-child", "affected_versions": { "* - 4.4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1fadba1-674f-4f3d-997f-d29d3a887414?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1fbb3a6-fcc2-47c5-a086-331e69292add": { "id": "a1fbb3a6-fcc2-47c5-a086-331e69292add", "title": "WP EasyPay \u2013 Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP EasyPay \u2013 Square for WordPress", "slug": "wp-easy-pay", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1fbb3a6-fcc2-47c5-a086-331e69292add?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1fc4ce9-ae96-4d8e-bf1c-941ed15d7d1a": { "id": "a1fc4ce9-ae96-4d8e-bf1c-941ed15d7d1a", "title": "Droip <= 1.1.1 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Droip", "slug": "droip", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1fc4ce9-ae96-4d8e-bf1c-941ed15d7d1a?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a1ffb318-41b4-4b31-b170-387c368ae686": { "id": "a1ffb318-41b4-4b31-b170-387c368ae686", "title": "Cities Shipping Zones for WooCommerce <= 1.2.7 - Authenticated (Shop Manager+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Cities Shipping Zones for WooCommerce", "slug": "cities-shipping-zones-for-woocommerce", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a1ffb318-41b4-4b31-b170-387c368ae686?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a200bb51-09bd-4eaa-8a57-93c3515f720c": { "id": "a200bb51-09bd-4eaa-8a57-93c3515f720c", "title": "WP Taxonomy Import <= 1.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Taxonomy Import", "slug": "wp-taxonomy-import", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a200bb51-09bd-4eaa-8a57-93c3515f720c?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2072bac-4ca1-4342-beb7-abd145aeef48": { "id": "a2072bac-4ca1-4342-beb7-abd145aeef48", "title": "Themify Builder <= 7.5.7 - Open Redirect via 'tb_redirect_fail'", "software": [ { "type": "plugin", "name": "Themify Builder", "slug": "themify-builder", "affected_versions": { "* - 7.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2072bac-4ca1-4342-beb7-abd145aeef48?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2110d13-d6d3-43f8-b1bf-8958d4f39ef5": { "id": "a2110d13-d6d3-43f8-b1bf-8958d4f39ef5", "title": "Debrandify \u00b7 Remove or Replace WordPress Branding <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Debrandify \u00b7 Remove or Replace WordPress Branding", "slug": "debrandify", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2110d13-d6d3-43f8-b1bf-8958d4f39ef5?source=api-scan" ], "published": "2024-10-17 21:32:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2121e1a-88f4-41b9-9a72-fe263b4739ef": { "id": "a2121e1a-88f4-41b9-9a72-fe263b4739ef", "title": "Gianism <= 5.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gianism", "slug": "gianism", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2121e1a-88f4-41b9-9a72-fe263b4739ef?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a219a232-5ff4-4855-8f29-437ed26b4f34": { "id": "a219a232-5ff4-4855-8f29-437ed26b4f34", "title": "Article Directory <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'publish_terms_text'", "software": [ { "type": "plugin", "name": "Article Directory", "slug": "article-directory", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a219a232-5ff4-4855-8f29-437ed26b4f34?source=api-scan" ], "published": "2022-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a21df06c-4e56-4625-ae8b-89c9fc046939": { "id": "a21df06c-4e56-4625-ae8b-89c9fc046939", "title": "Htaccess <= 1.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Htaccess by BestWebSoft \u2013 WordPress Website Access Control Plugin", "slug": "htaccess", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a21df06c-4e56-4625-ae8b-89c9fc046939?source=api-scan" ], "published": "2020-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a222c714-7c54-4c86-b6af-abdfeb966250": { "id": "a222c714-7c54-4c86-b6af-abdfeb966250", "title": "Pz-LinkCard <= 2.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pz-LinkCard", "slug": "pz-linkcard", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a222c714-7c54-4c86-b6af-abdfeb966250?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a223c8b4-6657-40f0-a040-9867595dbf64": { "id": "a223c8b4-6657-40f0-a040-9867595dbf64", "title": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a223c8b4-6657-40f0-a040-9867595dbf64?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2248ba8-b7d7-4691-bf7c-8b23c24417f7": { "id": "a2248ba8-b7d7-4691-bf7c-8b23c24417f7", "title": "WP Custom Cursors <= 3.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Custom Cursors | WordPress Cursor Plugin", "slug": "wp-custom-cursors", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2248ba8-b7d7-4691-bf7c-8b23c24417f7?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a224e745-f9c7-4ca6-b656-e94862b1dc57": { "id": "a224e745-f9c7-4ca6-b656-e94862b1dc57", "title": "Product Vendors <= 2.0.35 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "[*, 2.0.36)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.36", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a224e745-f9c7-4ca6-b656-e94862b1dc57?source=api-scan" ], "published": "2017-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a228e60c-c91b-4a82-8b05-a0ffaed82524": { "id": "a228e60c-c91b-4a82-8b05-a0ffaed82524", "title": "Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices", "software": [ { "type": "plugin", "name": "Simple Sitemap \u2013 Create a Responsive HTML Sitemap", "slug": "simple-sitemap", "affected_versions": { "* - 3.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a228e60c-c91b-4a82-8b05-a0ffaed82524?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a22932d8-14d4-43a1-86ba-7afadc0bec1a": { "id": "a22932d8-14d4-43a1-86ba-7afadc0bec1a", "title": "Woopra Analytics Plugin < 1.4.3.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Woopra Analytics Plugin", "slug": "woopra", "affected_versions": { "[*, 1.4.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a22932d8-14d4-43a1-86ba-7afadc0bec1a?source=api-scan" ], "published": "2013-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a22c7b45-752c-482d-8812-888d5bc3d630": { "id": "a22c7b45-752c-482d-8812-888d5bc3d630", "title": "PowerPack Lite for Beaver Builder <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via element link", "software": [ { "type": "plugin", "name": "PowerPack Lite for Beaver Builder", "slug": "powerpack-addon-for-beaver-builder", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a22c7b45-752c-482d-8812-888d5bc3d630?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2362dea-8c4a-426f-9482-b7e19b8f5f4e": { "id": "a2362dea-8c4a-426f-9482-b7e19b8f5f4e", "title": "Extra User Details <= 0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Extra User Details", "slug": "extra-user-details", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2362dea-8c4a-426f-9482-b7e19b8f5f4e?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2363a40-b627-44da-af8e-98821685c3ea": { "id": "a2363a40-b627-44da-af8e-98821685c3ea", "title": "Eshop Magic < 0.2 - Arbitrary File Read", "software": [ { "type": "plugin", "name": "Eshop Magic", "slug": "eshop-magic", "affected_versions": { "[*, 0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2363a40-b627-44da-af8e-98821685c3ea?source=api-scan" ], "published": "2012-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2432a0a-d262-4460-bd2d-2cb200d51f6f": { "id": "a2432a0a-d262-4460-bd2d-2cb200d51f6f", "title": "coreActivity <= 1.8 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "coreActivity: Activity Logging plugin for WordPress", "slug": "coreactivity", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2432a0a-d262-4460-bd2d-2cb200d51f6f?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a243fbde-951b-43e0-a432-c92ae4b04c26": { "id": "a243fbde-951b-43e0-a432-c92ae4b04c26", "title": "TheGem <= 5.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "TheGem", "slug": "thegem", "affected_versions": { "* - 5.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a243fbde-951b-43e0-a432-c92ae4b04c26?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a246227c-89c1-46c3-a74c-b5de260d8a19": { "id": "a246227c-89c1-46c3-a74c-b5de260d8a19", "title": "Rss for Yandex Turbo <= 1.30 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS for Yandex Turbo", "slug": "rss-for-yandex-turbo", "affected_versions": { "* - 1.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a246227c-89c1-46c3-a74c-b5de260d8a19?source=api-scan" ], "published": "2021-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5": { "id": "a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5", "title": "Blog, Posts and Category Filter for Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget", "software": [ { "type": "plugin", "name": "Blog, Posts and Category Filter for Elementor", "slug": "blog-posts-and-category-for-elementor", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5?source=api-scan" ], "published": "2024-07-08 15:42:29", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a24ed885-557b-4f3e-b3d0-345d2ebc8cc5": { "id": "a24ed885-557b-4f3e-b3d0-345d2ebc8cc5", "title": "Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box <= 20240318 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box", "slug": "simple-ajax-chat", "affected_versions": { "* - 20240318": { "from_version": "*", "from_inclusive": true, "to_version": "20240318", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240412" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a24ed885-557b-4f3e-b3d0-345d2ebc8cc5?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a250f678-1ec7-48ea-8b81-e5ef89992155": { "id": "a250f678-1ec7-48ea-8b81-e5ef89992155", "title": "OAuth Single Sign On \u2013 SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page", "software": [ { "type": "plugin", "name": "OAuth Single Sign On \u2013 SSO (OAuth Client)", "slug": "miniorange-login-with-eve-online-google-facebook", "affected_versions": { "* - 6.24.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.24.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.24.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a250f678-1ec7-48ea-8b81-e5ef89992155?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a251bcbf-68ec-4833-b21c-7a823ce65279": { "id": "a251bcbf-68ec-4833-b21c-7a823ce65279", "title": "LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "LetsRecover \u2013 WooCommerce Abandoned Cart Notifications", "slug": "letsrecover-woocommerce-abandoned-cart", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a251bcbf-68ec-4833-b21c-7a823ce65279?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a25528b1-28e0-4ac7-a7ab-2568b8349990": { "id": "a25528b1-28e0-4ac7-a7ab-2568b8349990", "title": "Famous (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Famous", "slug": "famous", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a25528b1-28e0-4ac7-a7ab-2568b8349990?source=api-scan" ], "published": "2012-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a256e11e-b59d-4ce1-ac52-da89789e97a9": { "id": "a256e11e-b59d-4ce1-ac52-da89789e97a9", "title": "Simple Post Notes <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Post Notes", "slug": "simple-post-notes", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a256e11e-b59d-4ce1-ac52-da89789e97a9?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a25a00b5-baf3-4175-b242-857c1f79b9a2": { "id": "a25a00b5-baf3-4175-b242-857c1f79b9a2", "title": "Misiek Photo Album <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Misiek Photo Album", "slug": "misiek-photo-album", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a25a00b5-baf3-4175-b242-857c1f79b9a2?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a25ad405-a97e-4821-b57a-0f39d5ce5e70": { "id": "a25ad405-a97e-4821-b57a-0f39d5ce5e70", "title": "Simple Alert Boxes <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Shortcode", "software": [ { "type": "plugin", "name": "Simple Alert Boxes", "slug": "simple-alert-boxes", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a25ad405-a97e-4821-b57a-0f39d5ce5e70?source=api-scan" ], "published": "2024-07-08 20:02:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a260c173-9d3f-4b2d-b443-86488bd26292": { "id": "a260c173-9d3f-4b2d-b443-86488bd26292", "title": "CommonsBooking < 2.6.8 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "CommonsBooking", "slug": "commonsbooking", "affected_versions": { "[*, 2.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a260c173-9d3f-4b2d-b443-86488bd26292?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a26473b9-8cc1-47e6-a3d3-4ebf1f9e902a": { "id": "a26473b9-8cc1-47e6-a3d3-4ebf1f9e902a", "title": "Visual Form Builder <= 3.0.7 - Cross-Site Request Forgery to Data Modification", "software": [ { "type": "plugin", "name": "Visual Form Builder", "slug": "visual-form-builder", "affected_versions": { "[*, 3.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a26473b9-8cc1-47e6-a3d3-4ebf1f9e902a?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a264eb8a-bf56-4b05-b360-0dd450c70c6b": { "id": "a264eb8a-bf56-4b05-b360-0dd450c70c6b", "title": "Contact Forms, Live Support, CRM, Video Messages <= 1.10.2 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Contact Forms, Live Support, CRM, Video Messages", "slug": "live-support-tickets", "affected_versions": { "* - 1.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a264eb8a-bf56-4b05-b360-0dd450c70c6b?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a26a6f28-4a7f-421d-a69e-2afbe1367106": { "id": "a26a6f28-4a7f-421d-a69e-2afbe1367106", "title": "WooCommerce Brands <= 1.6.49 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Brands", "slug": "woocommerce-brands", "affected_versions": { "* - 1.6.49": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.49", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a26a6f28-4a7f-421d-a69e-2afbe1367106?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a26f4bb7-fe61-4343-82ee-19639c16d978": { "id": "a26f4bb7-fe61-4343-82ee-19639c16d978", "title": "Images to WebP < 1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Images to WebP", "slug": "images-to-webp", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a26f4bb7-fe61-4343-82ee-19639c16d978?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a272e12b-97a2-421a-a703-3acce2ed8313": { "id": "a272e12b-97a2-421a-a703-3acce2ed8313", "title": "WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Sticky Social", "slug": "wp-sticky-social", "affected_versions": { "1.0.1": { "from_version": "1.0.1", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a272e12b-97a2-421a-a703-3acce2ed8313?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a276d70d-3ad7-49e0-a25c-8089cdd581da": { "id": "a276d70d-3ad7-49e0-a25c-8089cdd581da", "title": "AddThis <= 5.0.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Share Buttons Plugin \u2013 AddThis", "slug": "addthis", "affected_versions": { "[*, 5.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a276d70d-3ad7-49e0-a25c-8089cdd581da?source=api-scan" ], "published": "2015-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2791f48-895f-4099-87ec-41aaac2494a2": { "id": "a2791f48-895f-4099-87ec-41aaac2494a2", "title": "Font Awesome Integration <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Font Awesome Integration", "slug": "font-awesome-integration", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2791f48-895f-4099-87ec-41aaac2494a2?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a27cfa5a-e02a-4c92-8503-2c7cd32fb1f1": { "id": "a27cfa5a-e02a-4c92-8503-2c7cd32fb1f1", "title": "Newsletter <= 7.4.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "[*, 7.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a27cfa5a-e02a-4c92-8503-2c7cd32fb1f1?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a27da737-d925-471f-b0e0-25bc27a95714": { "id": "a27da737-d925-471f-b0e0-25bc27a95714", "title": "WP-DownloadManager plugin <= 1.68.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-DownloadManager", "slug": "wp-downloadmanager", "affected_versions": { "* - 1.68.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.68.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.68.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a27da737-d925-471f-b0e0-25bc27a95714?source=api-scan" ], "published": "2021-12-28 08:23:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2871261-3231-4a52-9a38-bb3caf461e7d": { "id": "a2871261-3231-4a52-9a38-bb3caf461e7d", "title": "GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection", "software": [ { "type": "plugin", "name": "GDPR CCPA Compliance & Cookie Consent Banner", "slug": "ninja-gdpr-compliance", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2871261-3231-4a52-9a38-bb3caf461e7d?source=api-scan" ], "published": "2020-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a292579c-9755-4bd4-996c-23d19ca1c197": { "id": "a292579c-9755-4bd4-996c-23d19ca1c197", "title": "Ocean Extra <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a292579c-9755-4bd4-996c-23d19ca1c197?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a29832db-f85f-475b-8671-3d2115f33f19": { "id": "a29832db-f85f-475b-8671-3d2115f33f19", "title": "BetterDocs <= 3.5.8 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg", "slug": "betterdocs", "affected_versions": { "* - 3.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a29832db-f85f-475b-8671-3d2115f33f19?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a29b18d4-7b9b-48c9-aea8-88f6a6fc4b29": { "id": "a29b18d4-7b9b-48c9-aea8-88f6a6fc4b29", "title": "amtyThumb posts <= 8.2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "amtyThumb posts", "slug": "amty-thumb-recent-post", "affected_versions": { "* - 8.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a29b18d4-7b9b-48c9-aea8-88f6a6fc4b29?source=api-scan" ], "published": "2017-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2a4b5bb-d3c9-42e0-8714-ae75069c7c3a": { "id": "a2a4b5bb-d3c9-42e0-8714-ae75069c7c3a", "title": "Guzzle <= 6.5.7 and 7.0-7.4.4 - Information Exposure", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2a4b5bb-d3c9-42e0-8714-ae75069c7c3a?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2a58fab-d4a3-4333-8495-e094ed85bb61": { "id": "a2a58fab-d4a3-4333-8495-e094ed85bb61", "title": "Survey Maker \u2013 Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2a58fab-d4a3-4333-8495-e094ed85bb61?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2ac27b5-88d5-43d5-a4bb-c2948ffc50f0": { "id": "a2ac27b5-88d5-43d5-a4bb-c2948ffc50f0", "title": "Clipta Video Informer <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clipta Video Informer", "slug": "clipta-video-informer", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2ac27b5-88d5-43d5-a4bb-c2948ffc50f0?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2ad2c0d-542e-4b40-91a8-19b27297545e": { "id": "a2ad2c0d-542e-4b40-91a8-19b27297545e", "title": "Contact Form by WPForms <= 1.7.5.3 - Authenticated (Administrator+) Arbitrary File Access via Path Traversal", "software": [ { "type": "plugin", "name": "WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More", "slug": "wpforms-lite", "affected_versions": { "* - 1.7.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2ad2c0d-542e-4b40-91a8-19b27297545e?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2b173e8-5bdd-4048-8201-2d66ce2f2eca": { "id": "a2b173e8-5bdd-4048-8201-2d66ce2f2eca", "title": "WPB Advanced FAQ <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WPB Advanced FAQ", "slug": "wpb-advanced-faq", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2b173e8-5bdd-4048-8201-2d66ce2f2eca?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2b317f7-b7b6-45d0-b8bf-29f70669db51": { "id": "a2b317f7-b7b6-45d0-b8bf-29f70669db51", "title": "Chartify <= 2.7.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chartify \u2013 WordPress Chart Plugin", "slug": "chart-builder", "affected_versions": { "* - 2.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2b317f7-b7b6-45d0-b8bf-29f70669db51?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2b809f5-0384-43f5-8839-67bf059360eb": { "id": "a2b809f5-0384-43f5-8839-67bf059360eb", "title": "Donation Button <= 4.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Donation Button", "slug": "donation-button", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2b809f5-0384-43f5-8839-67bf059360eb?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2b8e295-4183-4f84-801f-da9ffa6efce2": { "id": "a2b8e295-4183-4f84-801f-da9ffa6efce2", "title": "Gallery Factory Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Gallery Factory Lite", "slug": "gallery-factory-lite", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2b8e295-4183-4f84-801f-da9ffa6efce2?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2b9d080-489d-40e4-bb6f-c4209e5f4fad": { "id": "a2b9d080-489d-40e4-bb6f-c4209e5f4fad", "title": "Piotnet Addons For Elementor <= 2.4.25 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor", "slug": "piotnet-addons-for-elementor", "affected_versions": { "* - 2.4.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2b9d080-489d-40e4-bb6f-c4209e5f4fad?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2ba21cd-d8f3-402a-b067-1758937d9eb4": { "id": "a2ba21cd-d8f3-402a-b067-1758937d9eb4", "title": "WP-Advanced-Search <= 3.3.8 - Cross-Site Request Forgery leading to Plugin Settings Updates", "software": [ { "type": "plugin", "name": "WordPress WP-Advanced-Search", "slug": "wp-advanced-search", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2ba21cd-d8f3-402a-b067-1758937d9eb4?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2bda5d0-9589-4925-baa6-6e207e6fc978": { "id": "a2bda5d0-9589-4925-baa6-6e207e6fc978", "title": "WP Dummy Content Generator <= 3.2.1 - Unauthenticated Code Injection", "software": [ { "type": "plugin", "name": "WP Dummy Content Generator", "slug": "wp-dummy-content-generator", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2bda5d0-9589-4925-baa6-6e207e6fc978?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2bf6102-458f-4930-8880-baa96afb1c15": { "id": "a2bf6102-458f-4930-8880-baa96afb1c15", "title": "Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Featured Image from Title", "slug": "auto-featured-image-from-title", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2bf6102-458f-4930-8880-baa96afb1c15?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2c5e232-3561-43a1-bdfa-4a68f20b5889": { "id": "a2c5e232-3561-43a1-bdfa-4a68f20b5889", "title": "Frontend File Manager & Sharing \u2013 User Private Files <= 1.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "User Private Files \u2013 File Upload & Download Manager with Secure File Sharing", "slug": "user-private-files", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2c5e232-3561-43a1-bdfa-4a68f20b5889?source=api-scan" ], "published": "2022-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2c9b82a-b63c-4647-a561-d567b6e9ff0a": { "id": "a2c9b82a-b63c-4647-a561-d567b6e9ff0a", "title": "Discounts Manager for Products <= 3.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Discounts Manager for Products", "slug": "woocommerce-discounts-plus", "affected_versions": { "[*, 3.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2c9b82a-b63c-4647-a561-d567b6e9ff0a?source=api-scan" ], "published": "2021-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2cd027b-fbaa-41ce-8822-2fa16aa93eb5": { "id": "a2cd027b-fbaa-41ce-8822-2fa16aa93eb5", "title": "PHP Everywhere <= 2.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PHP Everywhere", "slug": "php-everywhere", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2cd027b-fbaa-41ce-8822-2fa16aa93eb5?source=api-scan" ], "published": "2022-01-13 10:26:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2d22c5d-5ef5-4920-a1b5-e8284394c7e8": { "id": "a2d22c5d-5ef5-4920-a1b5-e8284394c7e8", "title": "Frontend Admin by DynamiApps <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation", "software": [ { "type": "plugin", "name": "Frontend Admin by DynamiApps", "slug": "acf-frontend-form-element", "affected_versions": { "* - 3.19.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2d22c5d-5ef5-4920-a1b5-e8284394c7e8?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2d87a05-81a7-40d9-a60f-94a4d88bf87a": { "id": "a2d87a05-81a7-40d9-a60f-94a4d88bf87a", "title": "MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) PHP Code Injection", "software": [ { "type": "plugin", "name": "MainWP Code Snippets Extension", "slug": "mainwp-code-snippets-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2d87a05-81a7-40d9-a60f-94a4d88bf87a?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2dc1a04-5503-412b-92e7-ed86910abd92": { "id": "a2dc1a04-5503-412b-92e7-ed86910abd92", "title": "GiveWP <= 2.25.2 - Cross-Site Request Forgery via give_ajax_delete_payment_note", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2dc1a04-5503-412b-92e7-ed86910abd92?source=api-scan" ], "published": "2023-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2e05094-8344-4388-a703-518daf3d2948": { "id": "a2e05094-8344-4388-a703-518daf3d2948", "title": "Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update", "software": [ { "type": "theme", "name": "Materialis", "slug": "materialis", "affected_versions": { "* - 1.1.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2e05094-8344-4388-a703-518daf3d2948?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2e1948a-9513-43e4-aadd-369a7f4dc137": { "id": "a2e1948a-9513-43e4-aadd-369a7f4dc137", "title": "Ultimate Member <= 2.0.32 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.32": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2e1948a-9513-43e4-aadd-369a7f4dc137?source=api-scan" ], "published": "2018-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2e35679-278e-4e7d-b366-fe7d8cba7930": { "id": "a2e35679-278e-4e7d-b366-fe7d8cba7930", "title": "Profile Builder \u2013 User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 2.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2e35679-278e-4e7d-b366-fe7d8cba7930?source=api-scan" ], "published": "2015-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2e493cf-d022-404d-a501-a6671e6116f4": { "id": "a2e493cf-d022-404d-a501-a6671e6116f4", "title": "Database Reset <= 3.22 - Cross-Site Request Forgery to WP Reset Plugin Installation", "software": [ { "type": "plugin", "name": "Database Reset", "slug": "wordpress-database-reset", "affected_versions": { "* - 3.22": { "from_version": "*", "from_inclusive": true, "to_version": "3.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2e493cf-d022-404d-a501-a6671e6116f4?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2ed28cd-44e6-416a-a252-8341104f5ef3": { "id": "a2ed28cd-44e6-416a-a252-8341104f5ef3", "title": "Chamber Dashboard Business Directory < 3.3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chamber Dashboard Business Directory", "slug": "chamber-dashboard-business-directory", "affected_versions": { "[*, 3.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2ed28cd-44e6-416a-a252-8341104f5ef3?source=api-scan" ], "published": "2020-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2f3fcd1-6dff-409b-b8c1-46c5485980ee": { "id": "a2f3fcd1-6dff-409b-b8c1-46c5485980ee", "title": "WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation()", "software": [ { "type": "plugin", "name": "WishSuite \u2013 Wishlist for WooCommerce", "slug": "wishsuite", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2f3fcd1-6dff-409b-b8c1-46c5485980ee?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2f508f1-45a0-4cb4-9d67-51edd3d74abe": { "id": "a2f508f1-45a0-4cb4-9d67-51edd3d74abe", "title": "Traffic Manager <= 1.4.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Traffic Manager", "slug": "traffic-manager", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2f508f1-45a0-4cb4-9d67-51edd3d74abe?source=api-scan" ], "published": "2024-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2f646fb-b089-492d-9d90-0f43b18e1a90": { "id": "a2f646fb-b089-492d-9d90-0f43b18e1a90", "title": "Noo JobMonster < 4.5.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Noo JobMonster", "slug": "noo-jobmonster", "affected_versions": { "[*, 4.5.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2f646fb-b089-492d-9d90-0f43b18e1a90?source=api-scan" ], "published": "2019-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2f8c71d-ad19-4265-8d33-3b0e7dbbf4c2": { "id": "a2f8c71d-ad19-4265-8d33-3b0e7dbbf4c2", "title": "Monsters Editor for WP Super Edit <= 1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Monsters Editor for WP Super Edit", "slug": "monsters-editor-10-for-wp-super-edit", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2f8c71d-ad19-4265-8d33-3b0e7dbbf4c2?source=api-scan" ], "published": "2012-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2f9eed8-9656-48a2-9414-2cfdd3ebb059": { "id": "a2f9eed8-9656-48a2-9414-2cfdd3ebb059", "title": "Filterable Portfolio <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Filterable Portfolio", "slug": "jungbillig-portfolio-gallery", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2f9eed8-9656-48a2-9414-2cfdd3ebb059?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a2fe6b69-7a89-4cd4-8a8c-f7e1e587fbbe": { "id": "a2fe6b69-7a89-4cd4-8a8c-f7e1e587fbbe", "title": "Ravpage <= 2.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ravpage", "slug": "ravpage", "affected_versions": { "* - 2.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a2fe6b69-7a89-4cd4-8a8c-f7e1e587fbbe?source=api-scan" ], "published": "2022-04-28 11:09:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a303c798-c206-426a-9a96-263c8c069bdb": { "id": "a303c798-c206-426a-9a96-263c8c069bdb", "title": "Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export", "software": [ { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a303c798-c206-426a-9a96-263c8c069bdb?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a30863c5-2e94-4952-b360-856394262023": { "id": "a30863c5-2e94-4952-b360-856394262023", "title": "Ultimate Product Catalog < 4.2.22 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "[*, 4.2.22)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a30863c5-2e94-4952-b360-856394262023?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a309d8d3-bc1c-4301-8da9-ce7df7c2f76f": { "id": "a309d8d3-bc1c-4301-8da9-ce7df7c2f76f", "title": "Encrypted Blog <= 0.0.6.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Encrypted Blog", "slug": "encrypted-blog", "affected_versions": { "* - 0.0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.0.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a309d8d3-bc1c-4301-8da9-ce7df7c2f76f?source=api-scan" ], "published": "2013-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a30b3774-df88-49a6-89ec-2e771abed11c": { "id": "a30b3774-df88-49a6-89ec-2e771abed11c", "title": "Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow <= 1.4.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow", "slug": "slider-responsive-slideshow", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a30b3774-df88-49a6-89ec-2e771abed11c?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a313f4d0-fd9e-47f1-99eb-351a2aff9bea": { "id": "a313f4d0-fd9e-47f1-99eb-351a2aff9bea", "title": "wpForo Forum <= 2.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a313f4d0-fd9e-47f1-99eb-351a2aff9bea?source=api-scan" ], "published": "2022-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3160602-6522-478d-8a99-d097472d10ac": { "id": "a3160602-6522-478d-8a99-d097472d10ac", "title": "Sandbox <= 1.6.1 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Sandbox", "slug": "sandbox", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3160602-6522-478d-8a99-d097472d10ac?source=api-scan" ], "published": "2013-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3171015-227d-420a-ba3a-e6e2dc17ba8c": { "id": "a3171015-227d-420a-ba3a-e6e2dc17ba8c", "title": "WS Form LITE <= 1.9.170 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress", "slug": "ws-form", "affected_versions": { "[*, 1.9.171)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.171", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.171" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3171015-227d-420a-ba3a-e6e2dc17ba8c?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a317395b-32ab-4a00-9568-b87d7c4f69a6": { "id": "a317395b-32ab-4a00-9568-b87d7c4f69a6", "title": "POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a317395b-32ab-4a00-9568-b87d7c4f69a6?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a31ab564-48b7-44f7-a1da-226222c3fd7b": { "id": "a31ab564-48b7-44f7-a1da-226222c3fd7b", "title": "Cookie Params <= 0.2 - Reflected Cross-Site Scripting and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Cookie Params", "slug": "cookie-params", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a31ab564-48b7-44f7-a1da-226222c3fd7b?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a321b112-ce37-4a0e-800f-f3feef6ac799": { "id": "a321b112-ce37-4a0e-800f-f3feef6ac799", "title": "Post Grid <= 2.1.12 - Contributor+ SQL Injection", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "[*, 2.1.13)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a321b112-ce37-4a0e-800f-f3feef6ac799?source=api-scan" ], "published": "2021-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3232aaa-189d-42cd-8eec-c167c6aa65f4": { "id": "a3232aaa-189d-42cd-8eec-c167c6aa65f4", "title": "ActiveCampaign <= 8.1.14 - Authenticated (Administrator+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "ActiveCampaign \u2013 Forms, Site Tracking, Live Chat", "slug": "activecampaign-subscription-forms", "affected_versions": { "* - 8.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3232aaa-189d-42cd-8eec-c167c6aa65f4?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3233f6f-7488-43ed-a626-b2150c5516fc": { "id": "a3233f6f-7488-43ed-a626-b2150c5516fc", "title": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists <= 3.1.31 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "* - 3.1.31": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3233f6f-7488-43ed-a626-b2150c5516fc?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a328643a-ab12-427e-9bcd-2d40738afb61": { "id": "a328643a-ab12-427e-9bcd-2d40738afb61", "title": "Welcart e-Commerce <= 2.9.3 - Authenticated(Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 2.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a328643a-ab12-427e-9bcd-2d40738afb61?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a32c6c0c-4a4a-44c7-9724-153467699b3a": { "id": "a32c6c0c-4a4a-44c7-9724-153467699b3a", "title": "CformsII <=11.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "* - 11.5": { "from_version": "*", "from_inclusive": true, "to_version": "11.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a32c6c0c-4a4a-44c7-9724-153467699b3a?source=api-scan" ], "published": "2010-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a32f50f7-d271-45f6-9a73-838a8dcb901f": { "id": "a32f50f7-d271-45f6-9a73-838a8dcb901f", "title": "Themify Ultra <= 7.3.5 - Missing Authorization", "software": [ { "type": "theme", "name": "Themify Ultra", "slug": "themify-ultra", "affected_versions": { "* - 7.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a32f50f7-d271-45f6-9a73-838a8dcb901f?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3302110-60ae-4ad1-8a8c-3511027da3a8": { "id": "a3302110-60ae-4ad1-8a8c-3511027da3a8", "title": "Echo Sign < 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Echo Sign", "slug": "echosign", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3302110-60ae-4ad1-8a8c-3511027da3a8?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a330f907-37d5-484c-94c5-b8d191796cd5": { "id": "a330f907-37d5-484c-94c5-b8d191796cd5", "title": "Fast Image Adder < 1.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Fast Image Adder", "slug": "fast-image-adder", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a330f907-37d5-484c-94c5-b8d191796cd5?source=api-scan" ], "published": "2017-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3311097-d477-441e-9bf3-3f991a9b6af9": { "id": "a3311097-d477-441e-9bf3-3f991a9b6af9", "title": "Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data", "software": [ { "type": "plugin", "name": "Form Vibes \u2013 Database Manager for Forms", "slug": "form-vibes", "affected_versions": { "* - 1.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3311097-d477-441e-9bf3-3f991a9b6af9?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3335613-1206-4555-8e48-748a336548d4": { "id": "a3335613-1206-4555-8e48-748a336548d4", "title": "Animate It! < 2.4.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Animate It!", "slug": "animate-it", "affected_versions": { "[*, 2.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3335613-1206-4555-8e48-748a336548d4?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a333d5b4-cedf-40ac-8da9-f4965d2a397a": { "id": "a333d5b4-cedf-40ac-8da9-f4965d2a397a", "title": "NEX-Forms - Ultimate Form Builder <= 8.4.3 - Authenticated Stored Cross-Site Scripting via Form Name", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a333d5b4-cedf-40ac-8da9-f4965d2a397a?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a33c4524-6584-43a1-a523-6ea26eadda3d": { "id": "a33c4524-6584-43a1-a523-6ea26eadda3d", "title": "Sky Addons for Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)", "slug": "sky-elementor-addons", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a33c4524-6584-43a1-a523-6ea26eadda3d?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a33c8a80-e11e-403d-9eb0-e1c5b59204b0": { "id": "a33c8a80-e11e-403d-9eb0-e1c5b59204b0", "title": "AutomateWoo <= 5.7.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AutomateWoo", "slug": "automatewoo", "affected_versions": { "* - 5.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a33c8a80-e11e-403d-9eb0-e1c5b59204b0?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a33cc275-aa0d-4b8b-863a-6a32fac37512": { "id": "a33cc275-aa0d-4b8b-863a-6a32fac37512", "title": "teachPress <= 9.0.2 - Reflected Cross-Site Scripting via meta_field_id and cite_id", "software": [ { "type": "plugin", "name": "teachPress", "slug": "teachpress", "affected_versions": { "[*, 9.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a33cc275-aa0d-4b8b-863a-6a32fac37512?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec": { "id": "a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec", "title": "Duitku Payment Gateway <= 2.11.6 - Missing Authorization via check_duitku_response", "software": [ { "type": "plugin", "name": "Duitku Payment Gateway", "slug": "duitku-social-payment-gateway", "affected_versions": { "* - 2.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a341a264-0b1a-47a2-8c7e-9a6e10c5ad0a": { "id": "a341a264-0b1a-47a2-8c7e-9a6e10c5ad0a", "title": "Superio - Job Board <= 1.2.32 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Superio - Job Board", "slug": "superio", "affected_versions": { "* - 1.2.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a341a264-0b1a-47a2-8c7e-9a6e10c5ad0a?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a341bcc4-fe5b-452d-aa93-4e3dd8d42403": { "id": "a341bcc4-fe5b-452d-aa93-4e3dd8d42403", "title": "AndyBlue Theme < 1.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "andyblue", "slug": "andyblue", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a341bcc4-fe5b-452d-aa93-4e3dd8d42403?source=api-scan" ], "published": "2007-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3473b5e-2f50-4845-9cfa-d19129f2a430": { "id": "a3473b5e-2f50-4845-9cfa-d19129f2a430", "title": "ApplyOnline \u2013 Application Form Builder and Manager <= 2.5.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "ApplyOnline \u2013 Application Form Builder and Manager", "slug": "apply-online", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3473b5e-2f50-4845-9cfa-d19129f2a430?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3494e39-b4dc-46c1-9e8f-2c04fa3df940": { "id": "a3494e39-b4dc-46c1-9e8f-2c04fa3df940", "title": "Vimeo Video Autoplay Automute <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Vimeo Video Autoplay Automute", "slug": "vimeo-video-autoplay-automute", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3494e39-b4dc-46c1-9e8f-2c04fa3df940?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a353133d-0b36-40cc-a4f8-d5083e6e67df": { "id": "a353133d-0b36-40cc-a4f8-d5083e6e67df", "title": "GREYD.SUITE <= 1.2.6 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "GREYD.SUITE", "slug": "greyd_suite", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a353133d-0b36-40cc-a4f8-d5083e6e67df?source=api-scan" ], "published": "2022-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a362e60d-e4ab-4f19-9e18-5473d8e13d80": { "id": "a362e60d-e4ab-4f19-9e18-5473d8e13d80", "title": "Master Addons for Elementor <= 2.0.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.5.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a362e60d-e4ab-4f19-9e18-5473d8e13d80?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a36d1bb1-9446-4042-a1ec-08a3ffdcb744": { "id": "a36d1bb1-9446-4042-a1ec-08a3ffdcb744", "title": "Social Warfare <= 4.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Social Warfare", "slug": "social-warfare", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a36d1bb1-9446-4042-a1ec-08a3ffdcb744?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a37478a1-3e3e-4be0-aa96-ddafac0ff6c1": { "id": "a37478a1-3e3e-4be0-aa96-ddafac0ff6c1", "title": "DejaVu <= 2.4 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "DejaVu", "slug": "dejavu", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a37478a1-3e3e-4be0-aa96-ddafac0ff6c1?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3779501-4ac7-4b76-8b2b-9852c6467f16": { "id": "a3779501-4ac7-4b76-8b2b-9852c6467f16", "title": "WordPress Core < 4.7.3 - Arbitrary File Deletion", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.18": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.18", "to_inclusive": true }, "3.8 - 3.8.18": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.18", "to_inclusive": true }, "3.9 - 3.9.16": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.16", "to_inclusive": true }, "4.0 - 4.0.15": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.15", "to_inclusive": true }, "4.1 - 4.1.15": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.15", "to_inclusive": true }, "4.2 - 4.2.12": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.12", "to_inclusive": true }, "4.3 - 4.3.8": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.8", "to_inclusive": true }, "4.4 - 4.4.7": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true }, "4.5 - 4.5.6": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": true }, "4.6 - 4.6.3": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true }, "4.7 - 4.7.2": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.19", "3.8.19", "3.9.17", "4.0.16", "4.1.16", "4.2.13", "4.3.9", "4.4.8", "4.5.7", "4.6.4", "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3779501-4ac7-4b76-8b2b-9852c6467f16?source=api-scan" ], "published": "2017-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a38004fe-828f-40bb-9ae7-583642e41dfd": { "id": "a38004fe-828f-40bb-9ae7-583642e41dfd", "title": "AWSOM News Announcement <= 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AWSOM News Announcement", "slug": "awsom-news-announcement", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a38004fe-828f-40bb-9ae7-583642e41dfd?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3839c47-5fd0-48e7-9637-d40bd237e122": { "id": "a3839c47-5fd0-48e7-9637-d40bd237e122", "title": "JSON Content Importer <= 1.3.15 - Authenticated (Admin+) Cross Site Scripting", "software": [ { "type": "plugin", "name": "Get Use APIs \u2013 JSON Content Importer", "slug": "json-content-importer", "affected_versions": { "* - 1.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3839c47-5fd0-48e7-9637-d40bd237e122?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a385d286-c15c-4e95-b360-fec1ec455b47": { "id": "a385d286-c15c-4e95-b360-fec1ec455b47", "title": "Traffic Analyzer < 3.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Traffic Analyzer", "slug": "trafficanalyzer", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a385d286-c15c-4e95-b360-fec1ec455b47?source=api-scan" ], "published": "2013-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a388b406-1640-443d-9656-6a87588ce201": { "id": "a388b406-1640-443d-9656-6a87588ce201", "title": "Profile Builder Pro <= 3.10.0 - Authenticated (Subscriber+) Time-Based One-Time Password Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Profile Builder Pro", "slug": "profile-builder-pro", "affected_versions": { "* - 3.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a388b406-1640-443d-9656-6a87588ce201?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a38a58de-5f7d-4033-9a65-41b590b7d510": { "id": "a38a58de-5f7d-4033-9a65-41b590b7d510", "title": "Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add", "software": [ { "type": "plugin", "name": "Uncanny Groups for LearnDash", "slug": "uncanny-learndash-groups", "affected_versions": { "* - 6.1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a38a58de-5f7d-4033-9a65-41b590b7d510?source=api-scan" ], "published": "2024-09-24 14:24:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a38e649d-00ad-4198-a96a-e280bc810cff": { "id": "a38e649d-00ad-4198-a96a-e280bc810cff", "title": "Sign-up Sheets <= 2.2.11.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sign-up Sheets", "slug": "sign-up-sheets", "affected_versions": { "* - 2.2.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a38e649d-00ad-4198-a96a-e280bc810cff?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3936c4b-2326-41dc-b7d6-a8cf43752ddb": { "id": "a3936c4b-2326-41dc-b7d6-a8cf43752ddb", "title": "myCred <= 2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3936c4b-2326-41dc-b7d6-a8cf43752ddb?source=api-scan" ], "published": "2023-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a39679a6-21f1-41e2-aaf8-23f03b79ef33": { "id": "a39679a6-21f1-41e2-aaf8-23f03b79ef33", "title": "Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler <= 1.6.4 - Missing Authorization via Several AJAX Action", "software": [ { "type": "plugin", "name": "Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler", "slug": "cf7-styler", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a39679a6-21f1-41e2-aaf8-23f03b79ef33?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a39ca182-981b-4636-acd5-4c8a269858dd": { "id": "a39ca182-981b-4636-acd5-4c8a269858dd", "title": "WOLF <= 1.0.6 - Cross-Site Request Forgery via wpbe_update_page_field", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a39ca182-981b-4636-acd5-4c8a269858dd?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a39e9b54-6beb-4dbd-a4cf-ba05e73a58a0": { "id": "a39e9b54-6beb-4dbd-a4cf-ba05e73a58a0", "title": "WP Sticky Button <= 1.4 - Missing Authorization to Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "WP Sticky Button \u2013 Click to Chat", "slug": "wa-sticky-button", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a39e9b54-6beb-4dbd-a4cf-ba05e73a58a0?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3a37e6a-659b-4a40-9051-9e8b3ca1ad42": { "id": "a3a37e6a-659b-4a40-9051-9e8b3ca1ad42", "title": "SupportEzzy Ticket System Plugin <= 1.2.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "supportezzy", "slug": "supportezzy", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3a37e6a-659b-4a40-9051-9e8b3ca1ad42?source=api-scan" ], "published": "2014-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3a402f4-3b4d-4397-807b-c5f1c33d52aa": { "id": "a3a402f4-3b4d-4397-807b-c5f1c33d52aa", "title": "RokIntroScroller <= 1.8 - Abuse of Functionality", "software": [ { "type": "plugin", "name": "RokIntroScroller", "slug": "wp_rokintroscroller", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3a402f4-3b4d-4397-807b-c5f1c33d52aa?source=api-scan" ], "published": "2013-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3a715b9-85df-46dd-9207-2066b6da9c43": { "id": "a3a715b9-85df-46dd-9207-2066b6da9c43", "title": "Popup Builder <= 3.63 - Authenticated Settings Modification, Configuration Disclosure, and User Data Export", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 3.63": { "from_version": "*", "from_inclusive": true, "to_version": "3.63", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.64.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3a715b9-85df-46dd-9207-2066b6da9c43?source=api-scan" ], "published": "2020-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3ae55ad-b192-4dde-8a7c-3a4fd71d3475": { "id": "a3ae55ad-b192-4dde-8a7c-3a4fd71d3475", "title": "All-In-One Security (AIOS) <= 5.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3ae55ad-b192-4dde-8a7c-3a4fd71d3475?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3b07f91-c96a-49a5-8ffc-90f34d93aa91": { "id": "a3b07f91-c96a-49a5-8ffc-90f34d93aa91", "title": "Netgsm <= 2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Netgsm", "slug": "netgsm", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3b07f91-c96a-49a5-8ffc-90f34d93aa91?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3b164e0-de2e-40d5-935e-31f5bebd87cf": { "id": "a3b164e0-de2e-40d5-935e-31f5bebd87cf", "title": "WP-FormAssembly <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP-FormAssembly", "slug": "formassembly-web-forms", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3b164e0-de2e-40d5-935e-31f5bebd87cf?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3bdccfd-6b82-4a76-81f1-eb0f6d62d413": { "id": "a3bdccfd-6b82-4a76-81f1-eb0f6d62d413", "title": "Slideoptinprox (Unspecified Version) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideoptinprox", "slug": "slideoptinprox", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3bdccfd-6b82-4a76-81f1-eb0f6d62d413?source=api-scan" ], "published": "2015-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3c323d5-59bc-4ecc-8211-2104fd22639f": { "id": "a3c323d5-59bc-4ecc-8211-2104fd22639f", "title": "iframe Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "iframe Shortcode", "slug": "iframe-shortcode", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3c323d5-59bc-4ecc-8211-2104fd22639f?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3c36821-f780-4944-95c9-bcf3bbb73da5": { "id": "a3c36821-f780-4944-95c9-bcf3bbb73da5", "title": "Awesome Filterable Portfolio < 1.9 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "Awesome Filterable Portfolio", "slug": "awesome-filterable-portfolio", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3c36821-f780-4944-95c9-bcf3bbb73da5?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3c3c740-8ebe-44b2-a0ba-6beffe970cf1": { "id": "a3c3c740-8ebe-44b2-a0ba-6beffe970cf1", "title": "Tom M8te <= 1.5.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "Tom M8te", "slug": "tom-m8te", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3c3c740-8ebe-44b2-a0ba-6beffe970cf1?source=api-scan" ], "published": "2014-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3c515e2-dc69-4686-b60f-413542bf2118": { "id": "a3c515e2-dc69-4686-b60f-413542bf2118", "title": "JobCareer | Job Board Responsive WordPress Theme < 2.4 - User Enumeration", "software": [ { "type": "plugin", "name": "JobCareer | Job Board Responsive WordPress Theme", "slug": "jobcareer", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "plugin", "name": "wp-jobhunt", "slug": "wp-jobhunt", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3c515e2-dc69-4686-b60f-413542bf2118?source=api-scan" ], "published": "2018-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3c5d4ed-7a17-4158-b039-322f729dbdde": { "id": "a3c5d4ed-7a17-4158-b039-322f729dbdde", "title": "Captcha <= 3.8.1 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Captcha", "slug": "captcha", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3c5d4ed-7a17-4158-b039-322f729dbdde?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3d14d8f-61f4-4942-9eff-42264bb036bb": { "id": "a3d14d8f-61f4-4942-9eff-42264bb036bb", "title": "WP Mail Log <= 1.1.2 - Authenticated (Contributor+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "WP Mail Log", "slug": "wp-mail-log", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3d14d8f-61f4-4942-9eff-42264bb036bb?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1": { "id": "a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1", "title": "Page Restriction WordPress (WP) \u2013 Protect WP Pages\/Post <= 1.3.4 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Page Restriction WordPress (WP) \u2013 Protect WP Pages\/Post", "slug": "page-and-post-restriction", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3e34ec7-eeb2-4966-bac3-c7d4723355d7": { "id": "a3e34ec7-eeb2-4966-bac3-c7d4723355d7", "title": "Better Messages <= 1.9.9.148 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "* - 1.9.9.148": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9.148", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9.149" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3e34ec7-eeb2-4966-bac3-c7d4723355d7?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3e54f9b-db12-42ef-a0fa-2d40c0f7908c": { "id": "a3e54f9b-db12-42ef-a0fa-2d40c0f7908c", "title": "JVM rich text icons <= 1.2.6 - Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "JVM Gutenberg Rich Text Icons", "slug": "jvm-rich-text-icons", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3e54f9b-db12-42ef-a0fa-2d40c0f7908c?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3e61538-0bd9-4319-ba71-a72c9039f4d8": { "id": "a3e61538-0bd9-4319-ba71-a72c9039f4d8", "title": "Five Star Restaurant Reservations <= 2.4.7 - Subscriber+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Five Star Restaurant Reservations \u2013 WordPress Booking Plugin", "slug": "restaurant-reservations", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3e61538-0bd9-4319-ba71-a72c9039f4d8?source=api-scan" ], "published": "2021-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3e7460b-1ed4-4ff7-89c7-0bd2658a800d": { "id": "a3e7460b-1ed4-4ff7-89c7-0bd2658a800d", "title": "Giveaways and Contests by RafflePress <= 1.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers", "slug": "rafflepress", "affected_versions": { "* - 1.11.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3e7460b-1ed4-4ff7-89c7-0bd2658a800d?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3e8e42f-8ee5-40ff-934f-b7d580bc5548": { "id": "a3e8e42f-8ee5-40ff-934f-b7d580bc5548", "title": "Careerfy < 3.9.0 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "[*, 3.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3e8e42f-8ee5-40ff-934f-b7d580bc5548?source=api-scan" ], "published": "2020-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3ecc238-1f84-47fd-96b9-753d4b528c47": { "id": "a3ecc238-1f84-47fd-96b9-753d4b528c47", "title": "WooCommerce - Store Exporter <= 2.3.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More", "slug": "woocommerce-exporter", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3ecc238-1f84-47fd-96b9-753d4b528c47?source=api-scan" ], "published": "2020-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3f0e97c-f41f-47ed-93c7-cff5915e9d01": { "id": "a3f0e97c-f41f-47ed-93c7-cff5915e9d01", "title": "SULly <= 4.3.0 - Cross-Site Request Forgery to Plugin Reset", "software": [ { "type": "plugin", "name": "SULly", "slug": "sully", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3f0e97c-f41f-47ed-93c7-cff5915e9d01?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3f173b6-f039-4865-8882-8ef7d1f88413": { "id": "a3f173b6-f039-4865-8882-8ef7d1f88413", "title": "Cryptocurrency Widgets Pack <= 2.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Cryptocurrency Widgets Pack", "slug": "cryptocurrency-widgets-pack", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3f173b6-f039-4865-8882-8ef7d1f88413?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3f1d836-da32-414f-9f2b-d485c44b2486": { "id": "a3f1d836-da32-414f-9f2b-d485c44b2486", "title": "Contact Form 7 \u2013 Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Contact Form 7 \u2013 Dynamic Text Extension", "slug": "contact-form-7-dynamic-text-extension", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3f1d836-da32-414f-9f2b-d485c44b2486?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3f7e1a4-88b2-4069-adb8-d51278b48234": { "id": "a3f7e1a4-88b2-4069-adb8-d51278b48234", "title": "WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking <= 3.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Enhanced Ecommerce Google Analytics for WooCommerce", "slug": "woo-ecommerce-tracking-for-google-and-facebook", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3f7e1a4-88b2-4069-adb8-d51278b48234?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a3fc4bac-9be0-4a1c-b4bb-4384d80e22f7": { "id": "a3fc4bac-9be0-4a1c-b4bb-4384d80e22f7", "title": "AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "* - 1.9.98": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a3fc4bac-9be0-4a1c-b4bb-4384d80e22f7?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a401a2dd-9b31-47d9-b841-f2e7042b8333": { "id": "a401a2dd-9b31-47d9-b841-f2e7042b8333", "title": "JetTabs <= 2.2.3 - Authenticated (Contributor+) Arbitrary Local File Inclusion", "software": [ { "type": "plugin", "name": "JetTabs for Elementor", "slug": "jet-tabs", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a401a2dd-9b31-47d9-b841-f2e7042b8333?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a401db3e-2cf2-4283-bfbe-d4a9587966e1": { "id": "a401db3e-2cf2-4283-bfbe-d4a9587966e1", "title": "Jock on air now <= 5.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jock On Air Now", "slug": "joan", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a401db3e-2cf2-4283-bfbe-d4a9587966e1?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4059a0b-1446-4711-a47d-eb0107d58900": { "id": "a4059a0b-1446-4711-a47d-eb0107d58900", "title": "Best Restaurant Menu by PriceListo <= 1.4.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Great Restaurant Menu WP", "slug": "best-restaurant-menu-by-pricelisto", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4059a0b-1446-4711-a47d-eb0107d58900?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a40944fa-9729-4d34-adc0-857bf00d6666": { "id": "a40944fa-9729-4d34-adc0-857bf00d6666", "title": "VDZ CallBack Plugin < 1.14.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VDZ CallBack Plugin", "slug": "vdz-call-back", "affected_versions": { "[*, 1.14.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.14.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a40944fa-9729-4d34-adc0-857bf00d6666?source=api-scan" ], "published": "2021-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a40cb2da-dc13-4e20-9602-a4e6c2eade43": { "id": "a40cb2da-dc13-4e20-9602-a4e6c2eade43", "title": "Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.23.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a40cb2da-dc13-4e20-9602-a4e6c2eade43?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a412e682-869a-46ba-a2d0-d84ed542adc9": { "id": "a412e682-869a-46ba-a2d0-d84ed542adc9", "title": "The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a412e682-869a-46ba-a2d0-d84ed542adc9?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a414de0a-ae44-4955-bd25-ec6ad7860835": { "id": "a414de0a-ae44-4955-bd25-ec6ad7860835", "title": "Brizy \u2013 Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.44": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a414de0a-ae44-4955-bd25-ec6ad7860835?source=api-scan" ], "published": "2024-07-17 19:38:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4178271-c09e-4094-a616-5a00d28f39a3": { "id": "a4178271-c09e-4094-a616-5a00d28f39a3", "title": "Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_compare", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.87": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4178271-c09e-4094-a616-5a00d28f39a3?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a41d78b9-9bdb-48dd-b3ec-2559e79fa251": { "id": "a41d78b9-9bdb-48dd-b3ec-2559e79fa251", "title": "WordPress Email Marketing Plugin \u2013 WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download", "software": [ { "type": "plugin", "name": "WordPress Email Marketing Plugin \u2013 WP Email Capture", "slug": "wp-email-capture", "affected_versions": { "* - 3.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a41d78b9-9bdb-48dd-b3ec-2559e79fa251?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4219c10-9d2a-429d-9ac7-61efc02bd4cf": { "id": "a4219c10-9d2a-429d-9ac7-61efc02bd4cf", "title": "Management App for WooCommerce \u2013 Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Management App for WooCommerce \u2013 Order notifications, Order management, Lead management, Uptime Monitoring", "slug": "wemanage-app-worker", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4219c10-9d2a-429d-9ac7-61efc02bd4cf?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a427c798-f546-4ca1-98ab-32b433ee5b59": { "id": "a427c798-f546-4ca1-98ab-32b433ee5b59", "title": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a427c798-f546-4ca1-98ab-32b433ee5b59?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a42dce68-0e64-46a6-926e-b676071744b9": { "id": "a42dce68-0e64-46a6-926e-b676071744b9", "title": "My Calendar <= 2.5.16 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "[*, 2.5.17)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a42dce68-0e64-46a6-926e-b676071744b9?source=api-scan" ], "published": "2018-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a437e3ac-5428-4820-8037-8592b86e0dd5": { "id": "a437e3ac-5428-4820-8037-8592b86e0dd5", "title": "WP-reCAPTCHA <= 2.9.8.2 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-reCAPTCHA", "slug": "wp-recaptcha", "affected_versions": { "* - 2.9.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a437e3ac-5428-4820-8037-8592b86e0dd5?source=api-scan" ], "published": "2011-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a438ec56-8ddc-4cea-8d93-c8f79b46f47e": { "id": "a438ec56-8ddc-4cea-8d93-c8f79b46f47e", "title": "Publish to Schedule <= 4.4.2 - Cross-Site Request Forgery leading to Plugin Option Changes", "software": [ { "type": "plugin", "name": "Publish to Schedule", "slug": "publish-to-schedule", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a438ec56-8ddc-4cea-8d93-c8f79b46f47e?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a43adbf2-0e85-4e70-a18f-8001a86b224e": { "id": "a43adbf2-0e85-4e70-a18f-8001a86b224e", "title": "Support Board <= 3.3.4 - Agent+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Support Board", "slug": "supportboard", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a43adbf2-0e85-4e70-a18f-8001a86b224e?source=api-scan" ], "published": "2021-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a43dd1a8-4710-4cbc-920b-582e29d7ce98": { "id": "a43dd1a8-4710-4cbc-920b-582e29d7ce98", "title": "SC filechecker <= 0.6 - Authenticated (Admin+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "SC filechecker", "slug": "wp-file-checker", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a43dd1a8-4710-4cbc-920b-582e29d7ce98?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a43ffb6e-8044-4496-9496-11fa8e52a044": { "id": "a43ffb6e-8044-4496-9496-11fa8e52a044", "title": "Events Manager < 5.5.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a43ffb6e-8044-4496-9496-11fa8e52a044?source=api-scan" ], "published": "2015-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a443b20e-1686-4519-890d-e6f1838fb05c": { "id": "a443b20e-1686-4519-890d-e6f1838fb05c", "title": "Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Mega Addons For WPBakery Page Builder", "slug": "mega-addons-for-visual-composer", "affected_versions": { "* - 4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a443b20e-1686-4519-890d-e6f1838fb05c?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a44cde91-2f4d-40f1-98a1-ee6ed94c0155": { "id": "a44cde91-2f4d-40f1-98a1-ee6ed94c0155", "title": "MainWP Google Analytics Extension <= 4.0.4 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "MainWP Google Analytics Extension", "slug": "mainwp-google-analytics-extension", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a44cde91-2f4d-40f1-98a1-ee6ed94c0155?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a44ce6a3-0a9d-4bce-9251-f3a38b000645": { "id": "a44ce6a3-0a9d-4bce-9251-f3a38b000645", "title": "Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mega Main Menu", "slug": "mega_main_menu", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a44ce6a3-0a9d-4bce-9251-f3a38b000645?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4522102-5997-449e-81fe-446a5dac6e71": { "id": "a4522102-5997-449e-81fe-446a5dac6e71", "title": "Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ketchup Restaurant Reservations", "slug": "ketchup-restaurant-reservations", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4522102-5997-449e-81fe-446a5dac6e71?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a452cb6f-8381-4f23-b808-3473db159894": { "id": "a452cb6f-8381-4f23-b808-3473db159894", "title": "EmbedStories <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EmbedStories \u2013 Display social media stories", "slug": "embedstories", "affected_versions": { "* - 0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a452cb6f-8381-4f23-b808-3473db159894?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4531261-d76e-4419-b915-749c72830608": { "id": "a4531261-d76e-4419-b915-749c72830608", "title": "Amr Ical Events Lists <= 6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "amr ical events lists", "slug": "amr-ical-events-list", "affected_versions": { "* - 6.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4531261-d76e-4419-b915-749c72830608?source=api-scan" ], "published": "2023-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a453a38f-0ef5-446b-886f-c208c1baa648": { "id": "a453a38f-0ef5-446b-886f-c208c1baa648", "title": "Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paymattic \u2013 Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management", "slug": "wp-payment-form", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a453a38f-0ef5-446b-886f-c208c1baa648?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4541890-4c0d-4348-91df-42cf4b575514": { "id": "a4541890-4c0d-4348-91df-42cf4b575514", "title": "Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.15.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4541890-4c0d-4348-91df-42cf4b575514?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4562535-ef69-4337-b03e-0b7c869cb042": { "id": "a4562535-ef69-4337-b03e-0b7c869cb042", "title": "Kadence Blocks <= 3.1.10 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "[*, 3.1.11)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4562535-ef69-4337-b03e-0b7c869cb042?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4572874-afd4-4e46-8a28-76a0a6cc8acb": { "id": "a4572874-afd4-4e46-8a28-76a0a6cc8acb", "title": "Pagination by BestWebSoft < 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pagination by BestWebSoft \u2013 Customizable WordPress Content Splitter and Navigation Plugin", "slug": "pagination", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4572874-afd4-4e46-8a28-76a0a6cc8acb?source=api-scan" ], "published": "2023-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a45a6b3d-49e1-4e25-aa66-15b396da8986": { "id": "a45a6b3d-49e1-4e25-aa66-15b396da8986", "title": "WooCommerce Subscriptions <= 5.1.2 - Missing Authorization to Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WooCommerce Subscription", "slug": "woocommerce-subscriptions", "affected_versions": { "* - 5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a45a6b3d-49e1-4e25-aa66-15b396da8986?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a462789a-d311-47d7-9f54-190eaf5da03f": { "id": "a462789a-d311-47d7-9f54-190eaf5da03f", "title": "Analytify <= 4.2.3 - Missing Authorization & Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a462789a-d311-47d7-9f54-190eaf5da03f?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a46364f4-9258-4f5e-9d53-dcbaf726f2f0": { "id": "a46364f4-9258-4f5e-9d53-dcbaf726f2f0", "title": "WP RSS Aggregator \u2013 News Feeds, Autoblogging, Youtube Video Feeds and More <= 4.6.3 - Authorization Bypass", "software": [ { "type": "plugin", "name": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging", "slug": "wp-rss-aggregator", "affected_versions": { "* - 4.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a46364f4-9258-4f5e-9d53-dcbaf726f2f0?source=api-scan" ], "published": "2014-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a463c5be-13d9-45d8-b43e-54ab188c151a": { "id": "a463c5be-13d9-45d8-b43e-54ab188c151a", "title": "YML for Yandex Market <= 4.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YML for Yandex Market", "slug": "yml-for-yandex-market", "affected_versions": { "* - 4.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a463c5be-13d9-45d8-b43e-54ab188c151a?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4647210-ba7e-4233-83d6-12572213f5fb": { "id": "a4647210-ba7e-4233-83d6-12572213f5fb", "title": "Checkout Field Editor (Premium) < 1.7.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "woocommerce-checkout-field-editor", "slug": "woocommerce-checkout-field-editor", "affected_versions": { "[*, 1.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4647210-ba7e-4233-83d6-12572213f5fb?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a467ad30-8271-421c-8af4-8165fd60c03e": { "id": "a467ad30-8271-421c-8af4-8165fd60c03e", "title": "Lazy Load for Videos <= 2.18.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Lazy Load for Videos", "slug": "lazy-load-for-videos", "affected_versions": { "* - 2.18.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a467ad30-8271-421c-8af4-8165fd60c03e?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a469a2cb-1011-4d47-95d2-0b895f24ae8f": { "id": "a469a2cb-1011-4d47-95d2-0b895f24ae8f", "title": "ReCaptcha Integration for WordPress <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ReCaptcha Integration for WordPress", "slug": "wp-recaptcha-integration", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a469a2cb-1011-4d47-95d2-0b895f24ae8f?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a46c09a5-5127-4970-a009-b5fdc9414e81": { "id": "a46c09a5-5127-4970-a009-b5fdc9414e81", "title": "Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Supra CSV", "slug": "supra-csv-parser", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a46c09a5-5127-4970-a009-b5fdc9414e81?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a472e78c-ebd7-4ab8-9b47-96c526754387": { "id": "a472e78c-ebd7-4ab8-9b47-96c526754387", "title": "Tapfiliate <= 3.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tapfiliate", "slug": "tapfiliate", "affected_versions": { "* - 3.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a472e78c-ebd7-4ab8-9b47-96c526754387?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4766651-92a6-42c9-81bc-7ea25350f561": { "id": "a4766651-92a6-42c9-81bc-7ea25350f561", "title": "ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4766651-92a6-42c9-81bc-7ea25350f561?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a47c5496-2647-47f0-a772-b4e406a51c09": { "id": "a47c5496-2647-47f0-a772-b4e406a51c09", "title": "Pretty Google Calendar <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pretty Google Calendar", "slug": "pretty-google-calendar", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a47c5496-2647-47f0-a772-b4e406a51c09?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a47d79c1-ff14-4185-a088-25a65990a993": { "id": "a47d79c1-ff14-4185-a088-25a65990a993", "title": "Power BI Embedded for WordPress <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Power BI Embedded for WordPress", "slug": "embed-power-bi", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a47d79c1-ff14-4185-a088-25a65990a993?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4953b95-e013-482c-bcc7-1a95f8941624": { "id": "a4953b95-e013-482c-bcc7-1a95f8941624", "title": "Multisite Content Copier\/Updater <= 1.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Multisite Content Copier\/Updater", "slug": "wp-multisite-content-copier", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4953b95-e013-482c-bcc7-1a95f8941624?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a496d065-5821-4128-9363-79f388fdd246": { "id": "a496d065-5821-4128-9363-79f388fdd246", "title": "Database for Contact Form 7 <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Database for Contact Form 7", "slug": "cf7-database", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a496d065-5821-4128-9363-79f388fdd246?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4999de1-07b7-49ef-8897-267b836bc469": { "id": "a4999de1-07b7-49ef-8897-267b836bc469", "title": "Widget Logic < 5.10.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Widget Logic", "slug": "widget-logic", "affected_versions": { "[*, 5.10.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4999de1-07b7-49ef-8897-267b836bc469?source=api-scan" ], "published": "2019-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a49e4f5a-ac9d-4f9b-8de2-c7871da8de35": { "id": "a49e4f5a-ac9d-4f9b-8de2-c7871da8de35", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.7.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4a0bf16-1a13-4955-8198-fa195fb65905": { "id": "a4a0bf16-1a13-4955-8198-fa195fb65905", "title": "Appointment and Event Booking Calendar for WordPress \u2013 Amelia <= 1.0.47 - Information Disclosure and SMS Spam", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "[*, 1.0.48)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.48", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4a0bf16-1a13-4955-8198-fa195fb65905?source=api-scan" ], "published": "2022-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4a26f60-5912-4d4a-8ef8-e4357c1fb1ff": { "id": "a4a26f60-5912-4d4a-8ef8-e4357c1fb1ff", "title": "JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "JSON API User", "slug": "json-api-user", "affected_versions": { "* - 3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4a26f60-5912-4d4a-8ef8-e4357c1fb1ff?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4a273e7-eb8a-4cfa-80c2-f87d04a6a33e": { "id": "a4a273e7-eb8a-4cfa-80c2-f87d04a6a33e", "title": "WP Report Post <= 2.1.2 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Report Post", "slug": "wp-report-post", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4a273e7-eb8a-4cfa-80c2-f87d04a6a33e?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4a67ec6-ee13-4532-8213-d17dbf5f2c55": { "id": "a4a67ec6-ee13-4532-8213-d17dbf5f2c55", "title": "Sirv <= 7.1.2 - Missing Authorization via sirv_disconnect", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 7.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4a67ec6-ee13-4532-8213-d17dbf5f2c55?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4a79c36-8371-4035-8c21-4bc0296fa12a": { "id": "a4a79c36-8371-4035-8c21-4bc0296fa12a", "title": "Easy Drag And drop All Import : WP Ultimate CSV Importer < 3.8.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "[*, 3.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4a79c36-8371-4035-8c21-4bc0296fa12a?source=api-scan" ], "published": "2015-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4a885e0-84fb-4f5a-8ef5-6a0a8108d26f": { "id": "a4a885e0-84fb-4f5a-8ef5-6a0a8108d26f", "title": "Blocksy Companion <= 2.0.42 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Blocksy Companion", "slug": "blocksy-companion", "affected_versions": { "* - 2.0.42": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4a885e0-84fb-4f5a-8ef5-6a0a8108d26f?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4ac5738-0ebe-480a-b2b7-f0568d668fa6": { "id": "a4ac5738-0ebe-480a-b2b7-f0568d668fa6", "title": "Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.7.8 - Log Deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Redirect 404 Error Page to Homepage or Custom Page with Logs", "slug": "redirect-404-error-page-to-homepage-or-custom-page", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4ac5738-0ebe-480a-b2b7-f0568d668fa6?source=api-scan" ], "published": "2021-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4aea6ac-0b36-481c-aa22-db96665404f6": { "id": "a4aea6ac-0b36-481c-aa22-db96665404f6", "title": "Donorbox \u2013 Free Recurring Donation Form <= 7.1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donorbox \u2013 Free Recurring Donation Plugin and Fundraising Platform", "slug": "donorbox-donation-form", "affected_versions": { "* - 7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4aea6ac-0b36-481c-aa22-db96665404f6?source=api-scan" ], "published": "2022-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4aed6ba-23a2-46b6-b7e1-7b7e462b1f5b": { "id": "a4aed6ba-23a2-46b6-b7e1-7b7e462b1f5b", "title": "Google Maps CP <= 1.0.43 - Cross-Site Request Forgery via feedback_action", "software": [ { "type": "plugin", "name": "Google Maps CP", "slug": "codepeople-post-map", "affected_versions": { "* - 1.0.43": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4aed6ba-23a2-46b6-b7e1-7b7e462b1f5b?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4b44d89-6f1e-4a23-91ea-e79fc3221183": { "id": "a4b44d89-6f1e-4a23-91ea-e79fc3221183", "title": "ColorMag <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name", "software": [ { "type": "theme", "name": "ColorMag", "slug": "colormag", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4b44d89-6f1e-4a23-91ea-e79fc3221183?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4b71893-b0fd-476e-aa93-5f0b239e8301": { "id": "a4b71893-b0fd-476e-aa93-5f0b239e8301", "title": "ColdFusion Responsive Fullscreen Video Image Audio Theme < 1.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "coldfusion", "slug": "coldfusion", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4b71893-b0fd-476e-aa93-5f0b239e8301?source=api-scan" ], "published": "2013-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4b89902-5616-443f-b67d-bf3330308ef9": { "id": "a4b89902-5616-443f-b67d-bf3330308ef9", "title": "Travel Management <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Travel Management", "slug": "nd-travel", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4b89902-5616-443f-b67d-bf3330308ef9?source=api-scan" ], "published": "2022-06-14 09:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4c1f966-aa10-45cc-9fb0-2e703dd3098e": { "id": "a4c1f966-aa10-45cc-9fb0-2e703dd3098e", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio <= 2.00 - SQL Injection", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "* - 2.00": { "from_version": "*", "from_inclusive": true, "to_version": "2.00", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4c1f966-aa10-45cc-9fb0-2e703dd3098e?source=api-scan" ], "published": "2012-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4c21c56-c424-4667-a281-fa9e7241d8ad": { "id": "a4c21c56-c424-4667-a281-fa9e7241d8ad", "title": "Better Click To Tweet <= 5.10.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Click To Tweet", "slug": "better-click-to-tweet", "affected_versions": { "* - 5.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4c21c56-c424-4667-a281-fa9e7241d8ad?source=api-scan" ], "published": "2022-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4c7c932-5955-4fce-a64d-3b5c5de95356": { "id": "a4c7c932-5955-4fce-a64d-3b5c5de95356", "title": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Authenticated (Contributor+) Arbitrary File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP", "slug": "yotuwp-easy-youtube-embed", "affected_versions": { "* - 1.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4c7c932-5955-4fce-a64d-3b5c5de95356?source=api-scan" ], "published": "2024-06-14 20:13:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4c8d390-145a-4926-99e9-b386dfe5e6ac": { "id": "a4c8d390-145a-4926-99e9-b386dfe5e6ac", "title": "Integrate Google Drive <= 1.3.3 - Missing Authorization via save_settings", "software": [ { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4c8d390-145a-4926-99e9-b386dfe5e6ac?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4ccc7f8-c8e0-457a-b437-2a23530a9df4": { "id": "a4ccc7f8-c8e0-457a-b437-2a23530a9df4", "title": "BP Better Messages <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4ccc7f8-c8e0-457a-b437-2a23530a9df4?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4cd49b2-ff93-4582-906b-b690d8472c38": { "id": "a4cd49b2-ff93-4582-906b-b690d8472c38", "title": "Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4cd49b2-ff93-4582-906b-b690d8472c38?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4d7cab5-1641-4ed3-92c7-ad7594dcb74b": { "id": "a4d7cab5-1641-4ed3-92c7-ad7594dcb74b", "title": "Campaign Monitor for WordPress <= 2.8.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Campaign Monitor for WordPress", "slug": "forms-for-campaign-monitor", "affected_versions": { "* - 2.8.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4d7cab5-1641-4ed3-92c7-ad7594dcb74b?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4e1315b-31e5-428c-9a48-6185b4eeb2fc": { "id": "a4e1315b-31e5-428c-9a48-6185b4eeb2fc", "title": "Bitcoin \/ AltCoin Payment Gateway for WooCommerce <= 1.7.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Bitcoin \/ AltCoin Payment Gateway for WooCommerce & Multivendor store \/ shop", "slug": "woo-altcoin-payment-gateway", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4e1315b-31e5-428c-9a48-6185b4eeb2fc?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4e26035-ce4e-4b4b-aa3c-cd86b29b199a": { "id": "a4e26035-ce4e-4b4b-aa3c-cd86b29b199a", "title": "Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery to Post Creation\/Modification\/Deletion", "software": [ { "type": "plugin", "name": "Page Builder with Image Map by AZEXO", "slug": "page-builder-by-azexo", "affected_versions": { "* - 1.27.133": { "from_version": "*", "from_inclusive": true, "to_version": "1.27.133", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4e26035-ce4e-4b4b-aa3c-cd86b29b199a?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4e343eb-b83d-43bf-a26d-db10dac18099": { "id": "a4e343eb-b83d-43bf-a26d-db10dac18099", "title": "Video Posts Webcam Recorder < 3.2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Webcam Microphone Screen Recorder HTML5", "slug": "video-posts-webcam-recorder", "affected_versions": { "[*, 3.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4e343eb-b83d-43bf-a26d-db10dac18099?source=api-scan" ], "published": "2021-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4e7f51c-5f44-4d01-8865-9d86067374ec": { "id": "a4e7f51c-5f44-4d01-8865-9d86067374ec", "title": "SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "* - 12.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "12.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4e7f51c-5f44-4d01-8865-9d86067374ec?source=api-scan" ], "published": "2022-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4e982d1-7ad9-490e-b606-695cafbc7f0b": { "id": "a4e982d1-7ad9-490e-b606-695cafbc7f0b", "title": "Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Steam Group Viewer", "slug": "steam-group-viewer", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4e982d1-7ad9-490e-b606-695cafbc7f0b?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4e9eabe-21da-4a1a-8896-74020ecb0369": { "id": "a4e9eabe-21da-4a1a-8896-74020ecb0369", "title": "How to Create an App for Android iPhone Easytouch <= 3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "How to Create an App for Android iPhone Easytouch", "slug": "mobile-friendly-app-builder-by-easytouch", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4e9eabe-21da-4a1a-8896-74020ecb0369?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4ea53bd-2ce7-4dce-8c57-51ba81838f1a": { "id": "a4ea53bd-2ce7-4dce-8c57-51ba81838f1a", "title": "CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CodeBard's Patron Button and Widgets for Patreon", "slug": "patron-button-and-widgets-by-codebard", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4ea53bd-2ce7-4dce-8c57-51ba81838f1a?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4f2112f-d5dc-4045-ac58-3895d6ac7179": { "id": "a4f2112f-d5dc-4045-ac58-3895d6ac7179", "title": "PHP Execution <= 1.0.0 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "PHP Execution", "slug": "php-execution-plugin", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4f2112f-d5dc-4045-ac58-3895d6ac7179?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4f7211b-0ff0-406e-9a0a-2dd7b1314d6d": { "id": "a4f7211b-0ff0-406e-9a0a-2dd7b1314d6d", "title": "WP Full Stripe Free <= 7.0.17 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Accept Payments with Stripe \u2013 WP Full Pay for WordPress", "slug": "wp-full-stripe-free", "affected_versions": { "* - 7.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4f7211b-0ff0-406e-9a0a-2dd7b1314d6d?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4f8df3a-f247-4365-a9f6-6124065b4883": { "id": "a4f8df3a-f247-4365-a9f6-6124065b4883", "title": "Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Penci Soledad Data Migrator", "slug": "penci-data-migrator", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4f8df3a-f247-4365-a9f6-6124065b4883?source=api-scan" ], "published": "2024-05-16 13:59:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4fa8aa9-0af8-4202-b219-863bbef8d02c": { "id": "a4fa8aa9-0af8-4202-b219-863bbef8d02c", "title": "Restaurant Reservations <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restaurant Reservations", "slug": "nd-restaurant-reservations", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4fa8aa9-0af8-4202-b219-863bbef8d02c?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4fdfc83-cce9-4c87-88f2-331be081b32c": { "id": "a4fdfc83-cce9-4c87-88f2-331be081b32c", "title": "The Plus Addons for Elementor Page Builder Lite <= 5.6.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4fdfc83-cce9-4c87-88f2-331be081b32c?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4ffb3ef-9d77-463f-92c4-4bc799ac16aa": { "id": "a4ffb3ef-9d77-463f-92c4-4bc799ac16aa", "title": "Easy Social Feed <= 6.5.1 - Missing Authorization via hide_free_sidebar()", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4ffb3ef-9d77-463f-92c4-4bc799ac16aa?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a4ffc179-f3ab-4ae1-b7e9-13535d104593": { "id": "a4ffc179-f3ab-4ae1-b7e9-13535d104593", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.0.31)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.31", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a4ffc179-f3ab-4ae1-b7e9-13535d104593?source=api-scan" ], "published": "2017-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a50531df-e876-463c-a06b-16b2f30aeefe": { "id": "a50531df-e876-463c-a06b-16b2f30aeefe", "title": "WordPress Core < 5.1.1 - Cross-Site Request Forgery to Cross-Site Scripting via Comments", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.28": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.28", "to_inclusive": true }, "3.8 - 3.8.28": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.28", "to_inclusive": true }, "3.9 - 3.9.26": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.26", "to_inclusive": true }, "4.0 - 4.0.25": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.25", "to_inclusive": true }, "4.1 - 4.1.25": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.25", "to_inclusive": true }, "4.2 - 4.2.22": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.22", "to_inclusive": true }, "4.3 - 4.3.18": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.18", "to_inclusive": true }, "4.4 - 4.4.17": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.17", "to_inclusive": true }, "4.5 - 4.5.16": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.16", "to_inclusive": true }, "4.6 - 4.6.13": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true }, "4.7 - 4.7.12": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.12", "to_inclusive": true }, "4.8 - 4.8.8": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true }, "4.9 - 4.9.9": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.9", "to_inclusive": true }, "5.0 - 5.0.3": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": true }, "5.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.29", "3.8.29", "3.9.27", "4.0.26", "4.1.26", "4.2.23", "4.3.19", "4.4.18", "4.5.17", "4.6.14", "4.7.13", "4.8.9", "4.9.10", "5.0.4", "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a50531df-e876-463c-a06b-16b2f30aeefe?source=api-scan" ], "published": "2019-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a506ad5b-e88d-4264-84d7-fa6c41026c36": { "id": "a506ad5b-e88d-4264-84d7-fa6c41026c36", "title": "Qtranslate Slug <= 1.1.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Qtranslate Slug", "slug": "qtranslate-slug", "affected_versions": { "* - 1.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a506ad5b-e88d-4264-84d7-fa6c41026c36?source=api-scan" ], "published": "2015-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a514558c-4ccc-42cf-920e-7c73c80df28e": { "id": "a514558c-4ccc-42cf-920e-7c73c80df28e", "title": "CarePlus - Health & Medical Responsive WordPress Theme <= 1.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "CarePlus \u2013 Health & Medical Responsive WordPress Theme", "slug": "careplus", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a514558c-4ccc-42cf-920e-7c73c80df28e?source=api-scan" ], "published": "2020-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5155cee-df51-4da3-be86-38df2ab9908f": { "id": "a5155cee-df51-4da3-be86-38df2ab9908f", "title": "WP Mail Log <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Mail Log", "slug": "wp-mail-log", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5155cee-df51-4da3-be86-38df2ab9908f?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a52015fe-c4df-46a6-8f23-b33730797f4c": { "id": "a52015fe-c4df-46a6-8f23-b33730797f4c", "title": "Participants Database <= 2.4.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "[*, 2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a52015fe-c4df-46a6-8f23-b33730797f4c?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5205717-af90-4d55-b812-38ded2b0f700": { "id": "a5205717-af90-4d55-b812-38ded2b0f700", "title": "Kindeditor For WordPress < 1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kindeditor For WordPress", "slug": "kindeditor-for-wordpress", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5205717-af90-4d55-b812-38ded2b0f700?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a522fb0b-ce75-4593-90dd-f7c04d2ba9e0": { "id": "a522fb0b-ce75-4593-90dd-f7c04d2ba9e0", "title": "Image Slider by Ays- Responsive Slider and Carousel < 2.5.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Image Slider by Ays- Responsive Slider and Carousel", "slug": "ays-slider", "affected_versions": { "[*, 2.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a522fb0b-ce75-4593-90dd-f7c04d2ba9e0?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a52325f9-51b5-469c-865e-73a22002d46f": { "id": "a52325f9-51b5-469c-865e-73a22002d46f", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a52325f9-51b5-469c-865e-73a22002d46f?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5276227-9bd4-4ad8-a6b7-ac7d05e8b056": { "id": "a5276227-9bd4-4ad8-a6b7-ac7d05e8b056", "title": "Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 \u2013 PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Contact Form 7 \u2013 PayPal & Stripe Add-on", "slug": "contact-form-7-paypal-add-on", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] }, { "type": "plugin", "name": "Easy PayPal & Stripe Buy Now Button", "slug": "wp-ecommerce-paypal", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5276227-9bd4-4ad8-a6b7-ac7d05e8b056?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a528a2b5-55e5-46e4-8f04-0d2b49f2f683": { "id": "a528a2b5-55e5-46e4-8f04-0d2b49f2f683", "title": "Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure", "software": [ { "type": "plugin", "name": "Video Conferencing with Zoom", "slug": "video-conferencing-with-zoom-api", "affected_versions": { "[*, 3.8.17)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a528a2b5-55e5-46e4-8f04-0d2b49f2f683?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a52dc13f-50b3-4aa3-9924-beb75351673e": { "id": "a52dc13f-50b3-4aa3-9924-beb75351673e", "title": "Design Approval System <= 3.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Design Approval System", "slug": "design-approval-system", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a52dc13f-50b3-4aa3-9924-beb75351673e?source=api-scan" ], "published": "2013-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a52ed75b-07ce-46dc-8321-d10074ce0f61": { "id": "a52ed75b-07ce-46dc-8321-d10074ce0f61", "title": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds <= 3.3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds", "slug": "another-wordpress-classifieds-plugin", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a52ed75b-07ce-46dc-8321-d10074ce0f61?source=api-scan" ], "published": "2014-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a52fb5f4-60ba-4077-95cd-e160a6d9a419": { "id": "a52fb5f4-60ba-4077-95cd-e160a6d9a419", "title": "Post Grid <= 2.2.50 - Missing Authorization to Sensitive Information Exposure via REST API", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.50": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a52fb5f4-60ba-4077-95cd-e160a6d9a419?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a53291f9-632c-4b0b-b5f9-d247134f2a5c": { "id": "a53291f9-632c-4b0b-b5f9-d247134f2a5c", "title": "Shortlinks by Pretty Links <= 3.6.2 - Reflected Cross-Site Scripting via post_status", "software": [ { "type": "plugin", "name": "PrettyLinks \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "pretty-link", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a53291f9-632c-4b0b-b5f9-d247134f2a5c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a533ddd4-cf89-4bf9-981e-2fdd4ff4d414": { "id": "a533ddd4-cf89-4bf9-981e-2fdd4ff4d414", "title": "EmpowerWP <= 1.0.21 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "EmpowerWP", "slug": "empowerwp", "affected_versions": { "* - 1.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.22" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a533ddd4-cf89-4bf9-981e-2fdd4ff4d414?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5341bbd-55bd-41ad-b5d1-d6b56c141277": { "id": "a5341bbd-55bd-41ad-b5d1-d6b56c141277", "title": "Indeed Membership Pro 7.3 - 8.6 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "[7.3, 8.6.1)": { "from_version": "7.3", "from_inclusive": true, "to_version": "8.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5341bbd-55bd-41ad-b5d1-d6b56c141277?source=api-scan" ], "published": "2020-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a53430c1-7a2d-4c05-94ee-691e06759797": { "id": "a53430c1-7a2d-4c05-94ee-691e06759797", "title": "Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "Export Users Data CSV", "slug": "export-users-data-csv", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a53430c1-7a2d-4c05-94ee-691e06759797?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a534d51d-2bf8-40ab-a043-88c5f14542b9": { "id": "a534d51d-2bf8-40ab-a043-88c5f14542b9", "title": "IntoTheDark <= 1.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "IntoTheDark", "slug": "intothedark", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a534d51d-2bf8-40ab-a043-88c5f14542b9?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5368894-3277-47d0-8fad-adfb8df4fa93": { "id": "a5368894-3277-47d0-8fad-adfb8df4fa93", "title": "WordPress Core 5.6 - 6.3.1 - Reflected Cross-Site Scripting via Application Password Requests", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "5.6 - 5.6.11": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true }, "5.7 - 5.7.9": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true }, "5.8 - 5.8.7": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": true }, "5.9 - 5.9.7": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.7", "to_inclusive": true }, "6.0 - 6.0.5": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true }, "6.1 - 6.1.3": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true }, "6.2 - 6.2.2": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": true }, "6.3 - 6.3.1": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.12", "5.7.10", "5.8.8", "5.9.8", "6.0.6", "6.1.4", "6.2.3", "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5368894-3277-47d0-8fad-adfb8df4fa93?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a537f82c-5139-439e-817f-7fd0ece958bd": { "id": "a537f82c-5139-439e-817f-7fd0ece958bd", "title": "Chocolate WP \u2013 Responsive Photography Theme (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Chocolate WP \u2013 Responsive Photography Theme | Photography", "slug": "dt-chocolate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a537f82c-5139-439e-817f-7fd0ece958bd?source=api-scan" ], "published": "2013-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5381944-f12c-41e6-be47-bd258da5600b": { "id": "a5381944-f12c-41e6-be47-bd258da5600b", "title": "Search and Share <= 0.9.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Search and Share", "slug": "search-and-share", "affected_versions": { "* - 0.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5381944-f12c-41e6-be47-bd258da5600b?source=api-scan" ], "published": "2013-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a53a1178-7267-4d7f-ad9e-2906c05b8fe0": { "id": "a53a1178-7267-4d7f-ad9e-2906c05b8fe0", "title": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress <= 5.3.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 5.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a53a1178-7267-4d7f-ad9e-2906c05b8fe0?source=api-scan" ], "published": "2015-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a54038e1-e9e4-48aa-b368-e8d9ec687e85": { "id": "a54038e1-e9e4-48aa-b368-e8d9ec687e85", "title": "Contact Form Advanced Database <= 1.0.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Contact Form Advanced Database", "slug": "contact-form-advanced-database", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a54038e1-e9e4-48aa-b368-e8d9ec687e85?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a541f0db-d41f-4827-b311-815cab9f9bf8": { "id": "a541f0db-d41f-4827-b311-815cab9f9bf8", "title": "Community Events <= 1.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Community Events", "slug": "community-events", "affected_versions": { "[*, 1.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a541f0db-d41f-4827-b311-815cab9f9bf8?source=api-scan" ], "published": "2021-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5436d14-cbb5-420f-9f3a-698ce59c1e1e": { "id": "a5436d14-cbb5-420f-9f3a-698ce59c1e1e", "title": "Formilla Chat and Marketing Automation <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaToolsID'", "software": [ { "type": "plugin", "name": "Customer Support Software, Live Chat, & Marketing Automation", "slug": "formilla-chat-and-marketing", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5436d14-cbb5-420f-9f3a-698ce59c1e1e?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5454bc2-0581-45bd-8dbc-5a2819202690": { "id": "a5454bc2-0581-45bd-8dbc-5a2819202690", "title": "Custom Contact Forms Plugin <= 5.1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Contact Forms", "slug": "custom-contact-forms", "affected_versions": { "[*, 5.1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5454bc2-0581-45bd-8dbc-5a2819202690?source=api-scan" ], "published": "2012-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a54841af-65ce-4434-a67e-79ea673ec8f9": { "id": "a54841af-65ce-4434-a67e-79ea673ec8f9", "title": "WooCommerce Bookings <= 2.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Bookings", "slug": "woocommerce-bookings", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a54841af-65ce-4434-a67e-79ea673ec8f9?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a548e71f-4f36-4a29-8293-474e119f09cc": { "id": "a548e71f-4f36-4a29-8293-474e119f09cc", "title": "Subscribers Text Counter <= 1.7 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscribers Text Counter", "slug": "subscribers-text-counter", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a548e71f-4f36-4a29-8293-474e119f09cc?source=api-scan" ], "published": "2023-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a54ad0b4-b6e7-4eac-843e-261ec6c83d84": { "id": "a54ad0b4-b6e7-4eac-843e-261ec6c83d84", "title": "Shortcoder <= 6.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Shortcoder \u2014 Create Shortcodes for Anything", "slug": "shortcoder", "affected_versions": { "* - 6.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a54ad0b4-b6e7-4eac-843e-261ec6c83d84?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a54c2a89-4297-48f5-bbff-e5c20c26a632": { "id": "a54c2a89-4297-48f5-bbff-e5c20c26a632", "title": "Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a54c2a89-4297-48f5-bbff-e5c20c26a632?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a550e489-904b-4785-b6f3-992b7dfe5bd2": { "id": "a550e489-904b-4785-b6f3-992b7dfe5bd2", "title": "Xllentech English Islamic Calendar <= 2.6.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Xllentech English Islamic Calendar", "slug": "xllentech-english-islamic-calendar", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a550e489-904b-4785-b6f3-992b7dfe5bd2?source=api-scan" ], "published": "2021-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a554b365-b54b-4696-87f6-df5099e15708": { "id": "a554b365-b54b-4696-87f6-df5099e15708", "title": "WPsoonOnlinePage <= 1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPsoonOnlinePage", "slug": "wp-soononline-page", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a554b365-b54b-4696-87f6-df5099e15708?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a555da8f-586a-4fb8-9230-9238df73cba4": { "id": "a555da8f-586a-4fb8-9230-9238df73cba4", "title": "Music Store - WordPress eCommerce <= 1.1.13 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Music Store \u2013 WordPress eCommerce", "slug": "music-store", "affected_versions": { "* - 1.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a555da8f-586a-4fb8-9230-9238df73cba4?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a55cfeb3-7632-4a88-ac71-8e119b060721": { "id": "a55cfeb3-7632-4a88-ac71-8e119b060721", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a55cfeb3-7632-4a88-ac71-8e119b060721?source=api-scan" ], "published": "2024-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a562a213-9c63-4236-8c2c-c7fadffb5ac4": { "id": "a562a213-9c63-4236-8c2c-c7fadffb5ac4", "title": "Viral Quiz Maker - OnionBuzz < 1.2.2 - SQL Injection", "software": [ { "type": "plugin", "name": "OnionBuzz", "slug": "onionbuzz-viral-quiz", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a562a213-9c63-4236-8c2c-c7fadffb5ac4?source=api-scan" ], "published": "2019-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a56772fd-f77f-4ba5-b5c4-79ac8204b599": { "id": "a56772fd-f77f-4ba5-b5c4-79ac8204b599", "title": "Chat Bubble <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back", "slug": "chat-bubble", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a56874fe-cb2b-4024-a8db-9cf6c4d0012a": { "id": "a56874fe-cb2b-4024-a8db-9cf6c4d0012a", "title": "Accio | Responsive Onepage Parallax Agency WordPress Theme <= 1.1.0 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Accio | Responsive Onepage Parallax Agency WordPress Theme", "slug": "accio", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a56874fe-cb2b-4024-a8db-9cf6c4d0012a?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0": { "id": "a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0", "title": "File Manager <= 3.0 - Unauthenticated Arbitrary File Upload\/Download", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0?source=api-scan" ], "published": "2018-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a56df440-a1ed-4c5a-ac9c-5ddeffb28e60": { "id": "a56df440-a1ed-4c5a-ac9c-5ddeffb28e60", "title": "Responsive Menu <= 4.1.7 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Responsive Menu \u2013 Create Mobile-Friendly Menu", "slug": "responsive-menu", "affected_versions": { "[*, 4.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a56df440-a1ed-4c5a-ac9c-5ddeffb28e60?source=api-scan" ], "published": "2022-03-16 11:48:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5706025-962f-47e2-8d1d-16bafd937c92": { "id": "a5706025-962f-47e2-8d1d-16bafd937c92", "title": "Amoveo Multipurpose Wordpress Theme <= 2.0 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Amoveo Multipurpose Wordpress Theme", "slug": "amoveo", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5706025-962f-47e2-8d1d-16bafd937c92?source=api-scan" ], "published": "2013-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a57426d2-0ca4-405b-bfbf-0685e2c744a0": { "id": "a57426d2-0ca4-405b-bfbf-0685e2c744a0", "title": "WordPress Core < 5.7.1 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[4.7, 4.7.20)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.20", "to_inclusive": false }, "[4.8, 4.8.16)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.16", "to_inclusive": false }, "[4.9, 4.9.17)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.17", "to_inclusive": false }, "[5.0, 5.0.12)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.12", "to_inclusive": false }, "[5.1, 5.1.9)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.9", "to_inclusive": false }, "[5.2, 5.2.10)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.10", "to_inclusive": false }, "[5.3, 5.3.7)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.7", "to_inclusive": false }, "[5.4, 5.4.5)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.5", "to_inclusive": false }, "[5.5, 5.5.4)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": false }, "[5.6, 5.6.3)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": false }, "[5.7, 5.7.1)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.20", "4.8.16", "4.9.17", "5.0.12", "5.1.9", "5.2.10", "5.3.7", "5.4.5", "5.5.4", "5.6.3", "5.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a57426d2-0ca4-405b-bfbf-0685e2c744a0?source=api-scan" ], "published": "2021-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5763e3b-01b3-4541-8fef-80fcb7e7e88e": { "id": "a5763e3b-01b3-4541-8fef-80fcb7e7e88e", "title": "MailPoet Newsletters <= 2.6.6 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5763e3b-01b3-4541-8fef-80fcb7e7e88e?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a57675f0-d840-4954-b86e-a9fbc1483bc7": { "id": "a57675f0-d840-4954-b86e-a9fbc1483bc7", "title": "Name Directory <= 1.25.4 - Unauthorized Settings Update", "software": [ { "type": "plugin", "name": "Name Directory", "slug": "name-directory", "affected_versions": { "* - 1.25.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a57675f0-d840-4954-b86e-a9fbc1483bc7?source=api-scan" ], "published": "2022-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a58685a5-d57a-42c9-86c7-344015952885": { "id": "a58685a5-d57a-42c9-86c7-344015952885", "title": "Contact Form By BestWebSoft<= 3.34 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "* - 3.34": { "from_version": "*", "from_inclusive": true, "to_version": "3.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a58685a5-d57a-42c9-86c7-344015952885?source=api-scan" ], "published": "2013-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a58cba26-a57e-4170-95bb-54ea7cfdb10c": { "id": "a58cba26-a57e-4170-95bb-54ea7cfdb10c", "title": "List category posts <= 0.89.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "List category posts", "slug": "list-category-posts", "affected_versions": { "* - 0.89.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.89.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.89.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a58cba26-a57e-4170-95bb-54ea7cfdb10c?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a590ed63-ccec-4f20-961d-62c1f08781b0": { "id": "a590ed63-ccec-4f20-961d-62c1f08781b0", "title": "Fast Custom Social Share by CodeBard <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fast Custom Social Share by CodeBard", "slug": "fast-custom-social-share-by-codebard", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a590ed63-ccec-4f20-961d-62c1f08781b0?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a595f862-64af-4055-aa13-5e8f4eb3f721": { "id": "a595f862-64af-4055-aa13-5e8f4eb3f721", "title": "All In One WP Security & Firewall <= 4.4.10 - Open Redirect and Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 4.4.11)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a595f862-64af-4055-aa13-5e8f4eb3f721?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a596c9c4-ceb4-470c-8ad5-986cd62da91e": { "id": "a596c9c4-ceb4-470c-8ad5-986cd62da91e", "title": "Ad Inserter < 2.7.11 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "[*, 2.7.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a596c9c4-ceb4-470c-8ad5-986cd62da91e?source=api-scan" ], "published": "2022-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a597d36c-72ce-44f0-af7b-2b9aad46957c": { "id": "a597d36c-72ce-44f0-af7b-2b9aad46957c", "title": "HTML2WP <= 1.0.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "HTML2WP", "slug": "html2wp", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a597d36c-72ce-44f0-af7b-2b9aad46957c?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5985318-2ce6-4ecb-a92f-362bc5909bd5": { "id": "a5985318-2ce6-4ecb-a92f-362bc5909bd5", "title": "WP Google Review Slider <= 11.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Google Review Slider", "slug": "wp-google-places-review-slider", "affected_versions": { "* - 11.5": { "from_version": "*", "from_inclusive": true, "to_version": "11.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5985318-2ce6-4ecb-a92f-362bc5909bd5?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5991df2-1aab-4d07-9e30-1257aa9ec884": { "id": "a5991df2-1aab-4d07-9e30-1257aa9ec884", "title": "Seraphinite Accelerator <= 2.20.47 - Unauthenticated Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Seraphinite Accelerator", "slug": "seraphinite-accelerator", "affected_versions": { "* - 2.20.47": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.47", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5991df2-1aab-4d07-9e30-1257aa9ec884?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a59f7a1b-ae58-4015-bb77-814707579847": { "id": "a59f7a1b-ae58-4015-bb77-814707579847", "title": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a59f7a1b-ae58-4015-bb77-814707579847?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5a03e67-f36f-441a-a2fd-a545efa06c00": { "id": "a5a03e67-f36f-441a-a2fd-a545efa06c00", "title": "WordPress Download Manager <= 3.2.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.2.22)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5a03e67-f36f-441a-a2fd-a545efa06c00?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5a34838-fdc5-4954-9576-abf81cbaac2e": { "id": "a5a34838-fdc5-4954-9576-abf81cbaac2e", "title": "MainWP Child <= 2.0.27 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MainWP Child \u2013 Securely Connects to the MainWP Dashboard to Manage Multiple Sites", "slug": "mainwp-child", "affected_versions": { "* - 2.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5a34838-fdc5-4954-9576-abf81cbaac2e?source=api-scan" ], "published": "2015-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5a5f8c2-3fd6-4d31-a3b5-60bdb8c18491": { "id": "a5a5f8c2-3fd6-4d31-a3b5-60bdb8c18491", "title": "Custom Twitter Feeds (Tweets Widget) <= 1.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget", "slug": "custom-twitter-feeds", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5a5f8c2-3fd6-4d31-a3b5-60bdb8c18491?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5a739d5-648f-4d79-ac37-335e89127d90": { "id": "a5a739d5-648f-4d79-ac37-335e89127d90", "title": "Share This Image < 1.04 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Share This Image", "slug": "share-this-image", "affected_versions": { "[*, 1.04)": { "from_version": "*", "from_inclusive": true, "to_version": "1.04", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5a739d5-648f-4d79-ac37-335e89127d90?source=api-scan" ], "published": "2017-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5a9fb50-8ab1-43e3-b618-d92fa50b3e07": { "id": "a5a9fb50-8ab1-43e3-b618-d92fa50b3e07", "title": "Gallery Lightbox <= 1.0.0.39 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Lightbox", "slug": "gallery-lightbox-slider", "affected_versions": { "* - 1.0.0.39": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5a9fb50-8ab1-43e3-b618-d92fa50b3e07?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5b7538f-891a-423f-97d1-b0212efcdb98": { "id": "a5b7538f-891a-423f-97d1-b0212efcdb98", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.152 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "[*, 4.2.153)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.153", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.153" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5b7538f-891a-423f-97d1-b0212efcdb98?source=api-scan" ], "published": "2020-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5ba9285-9f41-44dd-83c7-e9c377d9de51": { "id": "a5ba9285-9f41-44dd-83c7-e9c377d9de51", "title": "WP Google Map Plugin <= 4.0.9 - Cross-Site Request Forgery to PHP Object Injection", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 4.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5ba9285-9f41-44dd-83c7-e9c377d9de51?source=api-scan" ], "published": "2019-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5bb8804-0b90-44c3-bf74-bbc6b4baf229": { "id": "a5bb8804-0b90-44c3-bf74-bbc6b4baf229", "title": "WP-FaceThumb < 0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-FaceThumb", "slug": "wp-facethumb", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5bb8804-0b90-44c3-bf74-bbc6b4baf229?source=api-scan" ], "published": "2012-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5bc6097-d6ed-4598-b3c8-9159d5ce04ee": { "id": "a5bc6097-d6ed-4598-b3c8-9159d5ce04ee", "title": "WP Custom Admin Interface <= 7.32 - Cross-Site Request Forgery to Transients Deletion", "software": [ { "type": "plugin", "name": "WP Custom Admin Interface", "slug": "wp-custom-admin-interface", "affected_versions": { "[*, 7.33)": { "from_version": "*", "from_inclusive": true, "to_version": "7.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5bc6097-d6ed-4598-b3c8-9159d5ce04ee?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5bcf040-cc43-4b3d-a6fc-d41973725af6": { "id": "a5bcf040-cc43-4b3d-a6fc-d41973725af6", "title": "WordPress Bitcoin Payments \u2013 Blockonomics <= 3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Bitcoin Payments \u2013 Blockonomics", "slug": "blockonomics-bitcoin-payments", "affected_versions": { "[*, 3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5bcf040-cc43-4b3d-a6fc-d41973725af6?source=api-scan" ], "published": "2021-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5bcf456-f991-4775-8c3e-a3c0212a5765": { "id": "a5bcf456-f991-4775-8c3e-a3c0212a5765", "title": "Kali Forms <= 2.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms", "slug": "kali-forms", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5bcf456-f991-4775-8c3e-a3c0212a5765?source=api-scan" ], "published": "2020-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5be103f-e174-47f9-8a1b-bb0d073c54e4": { "id": "a5be103f-e174-47f9-8a1b-bb0d073c54e4", "title": "ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5be103f-e174-47f9-8a1b-bb0d073c54e4?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5c0ae44-18e5-4fd1-a1a8-b70fc15a8c26": { "id": "a5c0ae44-18e5-4fd1-a1a8-b70fc15a8c26", "title": "\u6709\u8d4f You Shang <= 1.0.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\u6709\u8d4f You Shang", "slug": "you-shang", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5c0ae44-18e5-4fd1-a1a8-b70fc15a8c26?source=api-scan" ], "published": "2021-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5c290a1-b58a-4b5c-8112-076d5b17d940": { "id": "a5c290a1-b58a-4b5c-8112-076d5b17d940", "title": "WordPress Core < 2.2.3 & WordPress MU < 1.2.5a - SQL Injection", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5c290a1-b58a-4b5c-8112-076d5b17d940?source=api-scan" ], "published": "2007-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5c8d361-698b-4abd-bcdd-0361d3fd10c5": { "id": "a5c8d361-698b-4abd-bcdd-0361d3fd10c5", "title": "BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5c8d361-698b-4abd-bcdd-0361d3fd10c5?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5da021c-3835-4251-a3e5-3b5aaa11ea14": { "id": "a5da021c-3835-4251-a3e5-3b5aaa11ea14", "title": "Simple Tweet <= 1.4.0.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Tweet", "slug": "simple-tweet", "affected_versions": { "* - 1.4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5dbcc22-ab2e-4114-a7d7-bac01a5c5b3f": { "id": "a5dbcc22-ab2e-4114-a7d7-bac01a5c5b3f", "title": "ApplyOnline \u2013 Application Form Builder and Manager <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ApplyOnline \u2013 Application Form Builder and Manager", "slug": "apply-online", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5dbcc22-ab2e-4114-a7d7-bac01a5c5b3f?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5deac61-031f-452a-a478-d5d0c7953817": { "id": "a5deac61-031f-452a-a478-d5d0c7953817", "title": "Stop Referrer Spam <= 1.3.0 - Cross-Site Request Forgery via processParameters", "software": [ { "type": "plugin", "name": "Stop Referrer Spam", "slug": "stop-referrer-spam", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5deac61-031f-452a-a478-d5d0c7953817?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5e14205-d31d-414b-aff2-22f589dbf04c": { "id": "a5e14205-d31d-414b-aff2-22f589dbf04c", "title": "3D Cover Carousel <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3D Cover Carousel", "slug": "3d-cover-carousel", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5e14205-d31d-414b-aff2-22f589dbf04c?source=api-scan" ], "published": "2021-09-08 20:09:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5e45e96-3cfb-42a9-b8b7-519489bc03ad": { "id": "a5e45e96-3cfb-42a9-b8b7-519489bc03ad", "title": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read\/Deletion", "software": [ { "type": "plugin", "name": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP", "slug": "videowhisper-live-streaming-integration", "affected_versions": { "[*, 4.29.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.29.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.29.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5e45e96-3cfb-42a9-b8b7-519489bc03ad?source=api-scan" ], "published": "2014-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5e6817c-02e7-4d28-9446-c316a9ff8cbe": { "id": "a5e6817c-02e7-4d28-9446-c316a9ff8cbe", "title": "GNUCommerce < 0.5.7-BETA - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GNUCommerce", "slug": "gnucommerce", "affected_versions": { "[*, 0.5.7-beta)": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.7-beta", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.5.7-beta" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5e6817c-02e7-4d28-9446-c316a9ff8cbe?source=api-scan" ], "published": "2016-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5e6b508-35ef-45da-bf17-c038d3b7ce52": { "id": "a5e6b508-35ef-45da-bf17-c038d3b7ce52", "title": "Multi Step Form <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multi Step Form", "slug": "multi-step-form", "affected_versions": { "* - 1.7.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5e6b508-35ef-45da-bf17-c038d3b7ce52?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5e7a994-c489-4aea-a9bb-898bc92cae4e": { "id": "a5e7a994-c489-4aea-a9bb-898bc92cae4e", "title": "Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via cp_shortcode_refresh", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.253": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.253", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.260" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5e7a994-c489-4aea-a9bb-898bc92cae4e?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5ef4d74-aa5d-4d6d-af2c-bda506fb394d": { "id": "a5ef4d74-aa5d-4d6d-af2c-bda506fb394d", "title": "WordPress Core < 2.2.3 - Restriction Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5ef4d74-aa5d-4d6d-af2c-bda506fb394d?source=api-scan" ], "published": "2007-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5f24902-1336-4fcd-b42d-e29526e61b71": { "id": "a5f24902-1336-4fcd-b42d-e29526e61b71", "title": "Answer My Question <= 1.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Answer My Question", "slug": "answer-my-question", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5f24902-1336-4fcd-b42d-e29526e61b71?source=api-scan" ], "published": "2016-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5f29f35-da79-4389-a0a5-a1be0b0b8996": { "id": "a5f29f35-da79-4389-a0a5-a1be0b0b8996", "title": "Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Short URL", "slug": "shorten-url", "affected_versions": { "1.6.4": { "from_version": "1.6.4", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5f29f35-da79-4389-a0a5-a1be0b0b8996?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5f4ed55-4e6c-48a3-acea-909e5a9d1a06": { "id": "a5f4ed55-4e6c-48a3-acea-909e5a9d1a06", "title": "Mystique <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Mystique", "slug": "mystique", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5f4ed55-4e6c-48a3-acea-909e5a9d1a06?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5f847d8-323f-47f9-ba10-df8173ff3018": { "id": "a5f847d8-323f-47f9-ba10-df8173ff3018", "title": "The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5f847d8-323f-47f9-ba10-df8173ff3018?source=api-scan" ], "published": "2024-07-23 19:02:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a5fb289e-bd38-42ea-86a4-7816b59bd0b2": { "id": "a5fb289e-bd38-42ea-86a4-7816b59bd0b2", "title": "RT Easy Builder \u2013 Advanced addons for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-site Scripting", "software": [ { "type": "plugin", "name": "RT Easy Builder \u2013 Advanced addons for Elementor", "slug": "rt-easy-builder-advanced-addons-for-elementor", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a5fb289e-bd38-42ea-86a4-7816b59bd0b2?source=api-scan" ], "published": "2024-08-23 14:07:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a600f164-7255-4590-8239-2d3e0b445e79": { "id": "a600f164-7255-4590-8239-2d3e0b445e79", "title": "WP Adminify <= 3.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Adminify \u2013 Custom WordPress Dashboard, Login and Admin Customizer", "slug": "adminify", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a600f164-7255-4590-8239-2d3e0b445e79?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a604df5d-92b3-4df8-a7ef-00f0ee95cf0f": { "id": "a604df5d-92b3-4df8-a7ef-00f0ee95cf0f", "title": "MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a604df5d-92b3-4df8-a7ef-00f0ee95cf0f?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6072f47-91b3-4c5d-b16e-61bcd7760604": { "id": "a6072f47-91b3-4c5d-b16e-61bcd7760604", "title": "Tutor LMS \u2013 eLearning and online course solution <=1.7.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6072f47-91b3-4c5d-b16e-61bcd7760604?source=api-scan" ], "published": "2021-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6074c97-619d-4f47-97c7-781c7a38019d": { "id": "a6074c97-619d-4f47-97c7-781c7a38019d", "title": "WordPress Core <= 2.1.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true }, "2.1 - 2.1.1": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.10", "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6074c97-619d-4f47-97c7-781c7a38019d?source=api-scan" ], "published": "2007-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6090c3d-e4ee-4c9d-9605-e18000f283c5": { "id": "a6090c3d-e4ee-4c9d-9605-e18000f283c5", "title": "Zephyr Project Manager <= 3.3.97 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.97": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.97", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6090c3d-e4ee-4c9d-9605-e18000f283c5?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6096b9a-f7bb-454a-8203-50ac99d37100": { "id": "a6096b9a-f7bb-454a-8203-50ac99d37100", "title": "WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "* - 6.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6096b9a-f7bb-454a-8203-50ac99d37100?source=api-scan" ], "published": "2022-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a60a9981-c945-4438-a844-f7942b86c4c0": { "id": "a60a9981-c945-4438-a844-f7942b86c4c0", "title": "Integration for Contact Form 7 HubSpot <= 1.2.8 - Open Redirect via state parameter", "software": [ { "type": "plugin", "name": "Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "cf7-hubspot", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a60a9981-c945-4438-a844-f7942b86c4c0?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a60bb585-3c71-4381-8ba7-28ee63abdb14": { "id": "a60bb585-3c71-4381-8ba7-28ee63abdb14", "title": "Knews Multilingual Newsletters <= 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Knews Multilingual Newsletters", "slug": "knews", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a60bb585-3c71-4381-8ba7-28ee63abdb14?source=api-scan" ], "published": "2018-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a60d8102-1f15-4e61-b715-81e2111651a4": { "id": "a60d8102-1f15-4e61-b715-81e2111651a4", "title": "Add Link to Facebook <= 1.215 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Link to Facebook", "slug": "add-link-to-facebook", "affected_versions": { "[*, 1.216)": { "from_version": "*", "from_inclusive": true, "to_version": "1.216", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.216" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a60d8102-1f15-4e61-b715-81e2111651a4?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6196b07-a2fc-45ac-8700-a1ce2713a960": { "id": "a6196b07-a2fc-45ac-8700-a1ce2713a960", "title": "WP Super Cache < 1.3.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6196b07-a2fc-45ac-8700-a1ce2713a960?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a61a8d8b-f22f-4a16-95f6-6cf52cf545ad": { "id": "a61a8d8b-f22f-4a16-95f6-6cf52cf545ad", "title": "SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "* - 12.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "12.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=api-scan" ], "published": "2024-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6202c51-c976-4e32-8846-43ac1aae9331": { "id": "a6202c51-c976-4e32-8846-43ac1aae9331", "title": "Sassy Social Share <= 3.3.62 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Sassy Social Share", "slug": "sassy-social-share", "affected_versions": { "* - 3.3.62": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.62", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6202c51-c976-4e32-8846-43ac1aae9331?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a620810d-1b2a-4f2e-943c-aacc493f0c5b": { "id": "a620810d-1b2a-4f2e-943c-aacc493f0c5b", "title": "Event Easy Calendar <= 1.0.0 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Event Easy Calendar", "slug": "event-easy-calendar", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a620810d-1b2a-4f2e-943c-aacc493f0c5b?source=api-scan" ], "published": "2013-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6213e09-8a97-44cf-85ef-83179d79206c": { "id": "a6213e09-8a97-44cf-85ef-83179d79206c", "title": "LeagueManager < 4.0.5 - SQL Injection", "software": [ { "type": "plugin", "name": "LeagueManager", "slug": "leaguemanager", "affected_versions": { "[*, 4.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6213e09-8a97-44cf-85ef-83179d79206c?source=api-scan" ], "published": "2015-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a621cd24-d012-40f0-bfac-29268751f772": { "id": "a621cd24-d012-40f0-bfac-29268751f772", "title": "Secure Copy Content Protection and Content Locking <= 4.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure Copy Content Protection and Content Locking", "slug": "secure-copy-content-protection", "affected_versions": { "* - 4.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a621cd24-d012-40f0-bfac-29268751f772?source=api-scan" ], "published": "2024-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6240290-4b6c-46ba-9f78-e6bba3504f17": { "id": "a6240290-4b6c-46ba-9f78-e6bba3504f17", "title": "WP Categories Widget <= 2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Categories Widget", "slug": "wp-categories-widget", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6240290-4b6c-46ba-9f78-e6bba3504f17?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a626dfd4-d8c3-4cd1-a624-bae719bea93a": { "id": "a626dfd4-d8c3-4cd1-a624-bae719bea93a", "title": "Music Player for WooCommerce <= 1.0.172 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Music Player for WooCommerce", "slug": "music-player-for-woocommerce", "affected_versions": { "* - 1.0.172": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.172", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.173" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a626dfd4-d8c3-4cd1-a624-bae719bea93a?source=api-scan" ], "published": "2022-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a627f10a-1463-4e4b-98a9-2008fa76e25a": { "id": "a627f10a-1463-4e4b-98a9-2008fa76e25a", "title": "Meris <= 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Meris", "slug": "meris", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a627f10a-1463-4e4b-98a9-2008fa76e25a?source=api-scan" ], "published": "2024-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6298192-2afa-4468-86d5-8487321a0ff6": { "id": "a6298192-2afa-4468-86d5-8487321a0ff6", "title": "Sucuri Security <= 1.8.33 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sucuri Security \u2013 Auditing, Malware Scanner and Security Hardening", "slug": "sucuri-scanner", "affected_versions": { "* - 1.8.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6298192-2afa-4468-86d5-8487321a0ff6?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a62a3a71-0dbb-48d6-ba1a-f218fefac871": { "id": "a62a3a71-0dbb-48d6-ba1a-f218fefac871", "title": "WPeMatico RSS Feed Fetcher <= 2.6.11 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPeMatico RSS Feed Fetcher", "slug": "wpematico", "affected_versions": { "[*, 2.6.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a62a3a71-0dbb-48d6-ba1a-f218fefac871?source=api-scan" ], "published": "2021-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a63b2091-1502-4d9f-98c4-ce9d2f923dc4": { "id": "a63b2091-1502-4d9f-98c4-ce9d2f923dc4", "title": "Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Grid", "slug": "logo-showcase-ultimate", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a63b2091-1502-4d9f-98c4-ce9d2f923dc4?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a63d6a64-aaba-4744-a372-89e1c0ce00df": { "id": "a63d6a64-aaba-4744-a372-89e1c0ce00df", "title": "Happy Addons for Elementor <= 3.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a63d6a64-aaba-4744-a372-89e1c0ce00df?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a63f0b4b-ad8f-4daf-9450-133bf08c2de1": { "id": "a63f0b4b-ad8f-4daf-9450-133bf08c2de1", "title": "WordPress RokBox <= 2.13 - Sensitive Data Disclosure", "software": [ { "type": "plugin", "name": "WordPress RokBox", "slug": "wp_rokbox", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a63f0b4b-ad8f-4daf-9450-133bf08c2de1?source=api-scan" ], "published": "2012-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6407792-2c76-4149-a9f9-d53002135bec": { "id": "a6407792-2c76-4149-a9f9-d53002135bec", "title": "Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Grid Plus \u2013 Unlimited grid layout", "slug": "grid-plus", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6407792-2c76-4149-a9f9-d53002135bec?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a641fdd8-27d9-41e1-bc41-372dda4b2cf5": { "id": "a641fdd8-27d9-41e1-bc41-372dda4b2cf5", "title": "The Post Grid <= 7.4.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a641fdd8-27d9-41e1-bc41-372dda4b2cf5?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6425d39-cc8b-4130-8f67-2d6de7954934": { "id": "a6425d39-cc8b-4130-8f67-2d6de7954934", "title": "Metform Elementor Contact Form Builder <= 3.4.0 - Missing Authorization via submit", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6425d39-cc8b-4130-8f67-2d6de7954934?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a644ac90-6cc4-495c-b880-4ebbc237bb57": { "id": "a644ac90-6cc4-495c-b880-4ebbc237bb57", "title": "Chocolate WP \u2013 Responsive Photography Theme (All Versions) - Denial of Service and Abuse of Functionality", "software": [ { "type": "theme", "name": "Chocolate WP \u2013 Responsive Photography Theme | Photography", "slug": "dt-chocolate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a644ac90-6cc4-495c-b880-4ebbc237bb57?source=api-scan" ], "published": "2013-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a646a582-7174-4172-a193-c1606c43e6a5": { "id": "a646a582-7174-4172-a193-c1606c43e6a5", "title": "Responsive Poll < 1.7.6 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Poll", "slug": "responsive-poll", "affected_versions": { "[*, 1.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a646a582-7174-4172-a193-c1606c43e6a5?source=api-scan" ], "published": "2017-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a646ebe5-3445-4e9b-99a9-23761d4fba9c": { "id": "a646ebe5-3445-4e9b-99a9-23761d4fba9c", "title": "Comment Fields <= 1.03 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comment Fields [Modify\/Disable\/Remove]", "slug": "modify-comment-fields", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a646ebe5-3445-4e9b-99a9-23761d4fba9c?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a647f60b-233d-46f2-8837-b7c9bacd9958": { "id": "a647f60b-233d-46f2-8837-b7c9bacd9958", "title": "Play.ht <= 3.6.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio", "slug": "play-ht", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a647f60b-233d-46f2-8837-b7c9bacd9958?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6484a7c-449d-40ea-a5aa-ca033ee0ba95": { "id": "a6484a7c-449d-40ea-a5aa-ca033ee0ba95", "title": "Church Admin <= 4.4.6 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6484a7c-449d-40ea-a5aa-ca033ee0ba95?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a649fbea-65cf-45c9-b853-2733f27518af": { "id": "a649fbea-65cf-45c9-b853-2733f27518af", "title": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds", "slug": "userfeedback-lite", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a649fbea-65cf-45c9-b853-2733f27518af?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a64c67de-1c16-4dcb-a3e4-81341b37c3e3": { "id": "a64c67de-1c16-4dcb-a3e4-81341b37c3e3", "title": "Mega Addons For Elementor <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mega Addons For Elementor", "slug": "ultimate-addons-for-elementor", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a64c67de-1c16-4dcb-a3e4-81341b37c3e3?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a658d150-bcd5-4334-b07a-e09b3995169d": { "id": "a658d150-bcd5-4334-b07a-e09b3995169d", "title": "Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Semalt Blocker", "slug": "semalt", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a658d150-bcd5-4334-b07a-e09b3995169d?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a65a1f25-04e5-4ca3-9b2d-1b78254a8871": { "id": "a65a1f25-04e5-4ca3-9b2d-1b78254a8871", "title": "WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "WP CTA \u2013 Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin", "slug": "easy-sticky-sidebar", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a65a1f25-04e5-4ca3-9b2d-1b78254a8871?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a65ce746-c356-4879-b348-688b2256fc67": { "id": "a65ce746-c356-4879-b348-688b2256fc67", "title": "Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Subscriber Deletion", "software": [ { "type": "plugin", "name": "Newsletter Popup", "slug": "newsletter-popup", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a65ce746-c356-4879-b348-688b2256fc67?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a65e820d-afb7-4e1c-b690-5948447af59a": { "id": "a65e820d-afb7-4e1c-b690-5948447af59a", "title": "Nelio AB Testing < 4.5.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "Nelio AB Testing", "slug": "nelio-ab-testing", "affected_versions": { "* - 4.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a65e820d-afb7-4e1c-b690-5948447af59a?source=api-scan" ], "published": "2016-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a660b7b8-550e-42d7-b15a-0ab2aa501623": { "id": "a660b7b8-550e-42d7-b15a-0ab2aa501623", "title": "Donorbox <= 7.1.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donorbox \u2013 Free Recurring Donation Plugin and Fundraising Platform", "slug": "donorbox-donation-form", "affected_versions": { "[*, 7.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a660b7b8-550e-42d7-b15a-0ab2aa501623?source=api-scan" ], "published": "2019-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6627f96-63d6-4f22-9eb7-fb42e748ae38": { "id": "a6627f96-63d6-4f22-9eb7-fb42e748ae38", "title": "WPDBSpringClean <= 1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPDBSpringClean", "slug": "wpdbspringclean", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6627f96-63d6-4f22-9eb7-fb42e748ae38?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a662c904-ba2e-494c-a603-b22eeeddf43d": { "id": "a662c904-ba2e-494c-a603-b22eeeddf43d", "title": "Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass", "software": [ { "type": "plugin", "name": "Bot for Telegram on WooCommerce", "slug": "bot-for-telegram-on-woocommerce", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a662c904-ba2e-494c-a603-b22eeeddf43d?source=api-scan" ], "published": "2024-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a66388d6-cf78-48b2-9363-53d1f72d1ff0": { "id": "a66388d6-cf78-48b2-9363-53d1f72d1ff0", "title": "URL Shortify <= 1.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "URL Shortify \u2013 Simple, Powerful and Easy URL Shortener Plugin For WordPress", "slug": "url-shortify", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a66388d6-cf78-48b2-9363-53d1f72d1ff0?source=api-scan" ], "published": "2021-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6664039-554b-43bf-8925-00c1e62e28f5": { "id": "a6664039-554b-43bf-8925-00c1e62e28f5", "title": "WordPress Manuten\u00e7\u00e3o <= 1.0.6 - IP Spoofing to Maintenance Mode Bypass", "software": [ { "type": "plugin", "name": "WordPress Manuten\u00e7\u00e3o", "slug": "wp-manutencao", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6664039-554b-43bf-8925-00c1e62e28f5?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a669f6ef-0cf1-4fdb-855a-1d6aaa7d8f6c": { "id": "a669f6ef-0cf1-4fdb-855a-1d6aaa7d8f6c", "title": "Simply Static <= 3.1.3 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Simply Static \u2013 The WordPress Static Site Generator", "slug": "simply-static", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a669f6ef-0cf1-4fdb-855a-1d6aaa7d8f6c?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a66bc196-e5f8-46b4-a81c-c888eb64021c": { "id": "a66bc196-e5f8-46b4-a81c-c888eb64021c", "title": "Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.70": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.70", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a66c2e1e-fd59-424b-bd11-0991a5c32dce": { "id": "a66c2e1e-fd59-424b-bd11-0991a5c32dce", "title": "Storefront Footer Text <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Storefront Footer Text", "slug": "storefront-footer-text", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a66c2e1e-fd59-424b-bd11-0991a5c32dce?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a671128a-74e6-4f92-94af-9e5e37ed7b7a": { "id": "a671128a-74e6-4f92-94af-9e5e37ed7b7a", "title": "User Registration <= 2.3.2.1 - Missing Authorization via send_test_email", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 2.3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a671128a-74e6-4f92-94af-9e5e37ed7b7a?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a672c18b-1426-49fd-9590-eab8204afd5f": { "id": "a672c18b-1426-49fd-9590-eab8204afd5f", "title": "WP Go Maps (formerly WP Google Maps) <= 7.11.17 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 7.11.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a672c18b-1426-49fd-9590-eab8204afd5f?source=api-scan" ], "published": "2020-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a67972d7-abfd-4ce3-9e47-30736ab32af5": { "id": "a67972d7-abfd-4ce3-9e47-30736ab32af5", "title": "Maileon <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Maileon for WordPress", "slug": "xqueue-maileon", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a67972d7-abfd-4ce3-9e47-30736ab32af5?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a67df40b-7179-47a7-9cde-1c512ecc2253": { "id": "a67df40b-7179-47a7-9cde-1c512ecc2253", "title": "Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Themify Portfolio Post", "slug": "themify-portfolio-post", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a67df40b-7179-47a7-9cde-1c512ecc2253?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a67eb1fc-4762-4bdc-b0a0-c043c36659d0": { "id": "a67eb1fc-4762-4bdc-b0a0-c043c36659d0", "title": "NextGen Gallery <= 3.1.5 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a67eb1fc-4762-4bdc-b0a0-c043c36659d0?source=api-scan" ], "published": "2019-02-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a68b8df9-9b50-4617-9308-76a2a9036d7a": { "id": "a68b8df9-9b50-4617-9308-76a2a9036d7a", "title": "WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a68b8df9-9b50-4617-9308-76a2a9036d7a?source=api-scan" ], "published": "2023-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a68dac5d-b07b-40c1-aad1-73e2c8d0f927": { "id": "a68dac5d-b07b-40c1-aad1-73e2c8d0f927", "title": "Hummingbird <= 3.9.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Hummingbird Performance \u2013 Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN", "slug": "hummingbird-performance", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a68dac5d-b07b-40c1-aad1-73e2c8d0f927?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a68f024d-b80d-4e6c-8420-5e0dde87d8f0": { "id": "a68f024d-b80d-4e6c-8420-5e0dde87d8f0", "title": "ALO EasyMail Newsletter <= 2.6.01 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ALO EasyMail Newsletter", "slug": "alo-easymail", "affected_versions": { "[*, 2.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a68f024d-b80d-4e6c-8420-5e0dde87d8f0?source=api-scan" ], "published": "2016-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a691a44d-0a33-4f13-9afe-255c557ee10f": { "id": "a691a44d-0a33-4f13-9afe-255c557ee10f", "title": "WordPress Sentinel <= 1.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Sentinel", "slug": "wordpress-sentinel", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a691a44d-0a33-4f13-9afe-255c557ee10f?source=api-scan" ], "published": "2011-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a69236d1-2164-4702-96e3-abd80fb5ffbb": { "id": "a69236d1-2164-4702-96e3-abd80fb5ffbb", "title": "Api2Cart Bridge Connector <= 1.1.0 - Arbitrary Code Execution", "software": [ { "type": "plugin", "name": "Api2Cart Bridge Connector", "slug": "api2cart-bridge-connector", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a69236d1-2164-4702-96e3-abd80fb5ffbb?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a69a5249-f9ab-4489-a032-33dd482fdc96": { "id": "a69a5249-f9ab-4489-a032-33dd482fdc96", "title": "Master Slider Pro <= 3.6.5 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "masterslider", "slug": "masterslider", "affected_versions": { "* - 3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a69a5249-f9ab-4489-a032-33dd482fdc96?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a69e6ca8-efd6-4b89-ae63-b320f9936842": { "id": "a69e6ca8-efd6-4b89-ae63-b320f9936842", "title": "Portugal CTT Tracking for WooCommerce <= 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Portugal CTT Tracking for WooCommerce", "slug": "portugal-ctt-tracking-woocommerce", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a69e6ca8-efd6-4b89-ae63-b320f9936842?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a69e9802-9087-4cd9-86eb-b64a82bc7c0b": { "id": "a69e9802-9087-4cd9-86eb-b64a82bc7c0b", "title": "FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "* - 2.4.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a69e9802-9087-4cd9-86eb-b64a82bc7c0b?source=api-scan" ], "published": "2024-06-13 17:03:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6a1e7c1-0ff1-4d59-ac60-35790bf0318e": { "id": "a6a1e7c1-0ff1-4d59-ac60-35790bf0318e", "title": "WP eBay Product Feeds < 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP eBay Product Feeds", "slug": "ebay-feeds-for-wordpress", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6a1e7c1-0ff1-4d59-ac60-35790bf0318e?source=api-scan" ], "published": "2014-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6b0b516-af5c-474a-a674-b52cf80207ec": { "id": "a6b0b516-af5c-474a-a674-b52cf80207ec", "title": "Re:amaze Helpdesk & Live Chat <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Re:amaze Helpdesk & Live Chat", "slug": "reamaze", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6b0b516-af5c-474a-a674-b52cf80207ec?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6b16ffe-1c65-49d3-9e30-407bc75d7d49": { "id": "a6b16ffe-1c65-49d3-9e30-407bc75d7d49", "title": "Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term", "software": [ { "type": "plugin", "name": "Easy Testimonial Slider and Form", "slug": "easy-testimonial-rotator", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6b16ffe-1c65-49d3-9e30-407bc75d7d49?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6be4565-d5e6-43f8-bdd2-e6dce66bdad2": { "id": "a6be4565-d5e6-43f8-bdd2-e6dce66bdad2", "title": "EazyDocs <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EazyDocs \u2013 Most Powerful Knowledge base, wiki, Documentation Builder Plugin", "slug": "eazydocs", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6be4565-d5e6-43f8-bdd2-e6dce66bdad2?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6bef410-8706-4440-b50f-08824ef754f6": { "id": "a6bef410-8706-4440-b50f-08824ef754f6", "title": "PopupAlly <= 2.1.0 - Cross-Site Request Forgery via optin_submit_callback", "software": [ { "type": "plugin", "name": "PopupAlly", "slug": "popupally", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6bef410-8706-4440-b50f-08824ef754f6?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6bf60cc-4a07-4d5d-bff3-20d0115a5bd3": { "id": "a6bf60cc-4a07-4d5d-bff3-20d0115a5bd3", "title": "Gravityforms <= 1.8.19 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Gravity Forms", "slug": "gravityforms", "affected_versions": { "[*, 1.8.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6bf60cc-4a07-4d5d-bff3-20d0115a5bd3?source=api-scan" ], "published": "2015-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6cee2c1-cdfb-419a-8900-bc9d921d610e": { "id": "a6cee2c1-cdfb-419a-8900-bc9d921d610e", "title": "Keap Official Opt-in Forms <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keap Official Opt-in Forms", "slug": "infusionsoft-official-opt-in-forms", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6cee2c1-cdfb-419a-8900-bc9d921d610e?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6d474cb-36ca-4a99-82de-2e154b3ae6ac": { "id": "a6d474cb-36ca-4a99-82de-2e154b3ae6ac", "title": "Grow by Tradedoubler <= 2.0.21 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Grow by Tradedoubler \u2013 Advertiser Plugin for WooCommerce", "slug": "tradedoubler-affiliate-tracker", "affected_versions": { "* - 2.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6d474cb-36ca-4a99-82de-2e154b3ae6ac?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6d4e207-9751-4c97-b004-e97c69af81dd": { "id": "a6d4e207-9751-4c97-b004-e97c69af81dd", "title": "Asgaros Forum < 2.0.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Asgaros Forum", "slug": "asgaros-forum", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6d4e207-9751-4c97-b004-e97c69af81dd?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6d5dcdc-f9db-4eb9-aac5-8ec79eb46bcf": { "id": "a6d5dcdc-f9db-4eb9-aac5-8ec79eb46bcf", "title": "Event Tickets <= 5.11.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Event Tickets and Registration", "slug": "event-tickets", "affected_versions": { "* - 5.11.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.11.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.11.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6d5dcdc-f9db-4eb9-aac5-8ec79eb46bcf?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6d663a9-3185-4c36-b9d1-878297965379": { "id": "a6d663a9-3185-4c36-b9d1-878297965379", "title": "Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers", "slug": "rafflepress", "affected_versions": { "* - 1.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6d663a9-3185-4c36-b9d1-878297965379?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6d9d093-1e31-4d36-ac55-79cf82b231bb": { "id": "a6d9d093-1e31-4d36-ac55-79cf82b231bb", "title": "WooCommerce Blocks < 5.5 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Blocks", "slug": "woo-gutenberg-products-block", "affected_versions": { "* - 2.5.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.15", "to_inclusive": true }, "2.6 - 2.6.1": { "from_version": "2.6", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true }, "2.7 - 2.7.1": { "from_version": "2.7", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true }, "2.8": { "from_version": "2.8", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true }, "2.9": { "from_version": "2.9", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true }, "3.0": { "from_version": "3.0", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true }, "3.1": { "from_version": "3.1", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true }, "3.2": { "from_version": "3.2", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true }, "3.3": { "from_version": "3.3", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true }, "3.4": { "from_version": "3.4", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true }, "3.5": { "from_version": "3.5", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true }, "3.6": { "from_version": "3.6", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true }, "3.7 - 3.7.1": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true }, "3.8": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true }, "3.9": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true }, "4.1": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true }, "4.2": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true }, "4.3": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true }, "4.4 - 4.4.2": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true }, "4.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true }, "4.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true }, "4.8": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true }, "4.9 - 4.9.1": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true }, "5.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true }, "5.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true }, "5.3 - 5.3.1": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true }, "5.4": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true }, "5.5": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.16", "2.6.2", "2.7.2", "2.8.1", "2.9.1", "3.0.1", "3.1.1", "3.2.1", "3.3.1", "3.4.1", "3.5.1", "3.6.1", "3.7.2", "3.8.1", "3.9.1", "4.0.1", "4.1.1", "4.2.1", "4.3.1", "4.4.3", "4.5.3", "4.6.1", "4.7.1", "4.8.1", "4.9.2", "5.0.1", "5.1.1", "5.2.1", "5.3.2", "5.4.1", "5.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6d9d093-1e31-4d36-ac55-79cf82b231bb?source=api-scan" ], "published": "2021-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6da4cf6-4b3b-4015-9106-b2a4467f34f7": { "id": "a6da4cf6-4b3b-4015-9106-b2a4467f34f7", "title": "Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Datepicker", "slug": "contact-form-7-datepicker", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6da4cf6-4b3b-4015-9106-b2a4467f34f7?source=api-scan" ], "published": "2020-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6dadbb0-1ebe-43ff-b220-0c93d0f51d87": { "id": "a6dadbb0-1ebe-43ff-b220-0c93d0f51d87", "title": "Custom Order Statuses for WooCommerce <= 1.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Order Statuses for WooCommerce", "slug": "custom-order-statuses-for-woocommerce", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6dadbb0-1ebe-43ff-b220-0c93d0f51d87?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6e687e9-6ffe-4457-8d57-3c03f657eb74": { "id": "a6e687e9-6ffe-4457-8d57-3c03f657eb74", "title": "ImageMapper <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "ImageMapper", "slug": "imagemapper", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6e687e9-6ffe-4457-8d57-3c03f657eb74?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6e70e5f-6b4b-40c1-b43c-957ca97e162a": { "id": "a6e70e5f-6b4b-40c1-b43c-957ca97e162a", "title": "WP Armour \u2013 Honeypot Anti Spam <= 2.1.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Armour \u2013 Honeypot Anti Spam", "slug": "honeypot", "affected_versions": { "* - 2.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6e70e5f-6b4b-40c1-b43c-957ca97e162a?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6ede290-a6c4-4c13-872b-60c9601d39db": { "id": "a6ede290-a6c4-4c13-872b-60c9601d39db", "title": "Theme Editor <= 2.7.1 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Theme Editor", "slug": "theme-editor", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6ede290-a6c4-4c13-872b-60c9601d39db?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6f1233b-55d6-488a-8667-b5454f71020c": { "id": "a6f1233b-55d6-488a-8667-b5454f71020c", "title": "WP Dashboard Notes <= 1.0.10 - Insecure Direct Object References to Authenticated Private Note Deletion", "software": [ { "type": "plugin", "name": "WP Dashboard Notes", "slug": "wp-dashboard-notes", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6f1233b-55d6-488a-8667-b5454f71020c?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6f9a9c2-4ef6-4004-afc3-e08cb7f03255": { "id": "a6f9a9c2-4ef6-4004-afc3-e08cb7f03255", "title": "If-So Dynamic Content Personalization <= 1.7.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "If-So Dynamic Content Personalization", "slug": "if-so", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6f9a9c2-4ef6-4004-afc3-e08cb7f03255?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6fda35d-8b82-4a7a-8db6-21dc38a841f4": { "id": "a6fda35d-8b82-4a7a-8db6-21dc38a841f4", "title": "WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Githuber MD \u2013 WordPress Markdown Editor", "slug": "wp-githuber-md", "affected_versions": { "* - 1.16.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6fda35d-8b82-4a7a-8db6-21dc38a841f4?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a6ff3028-07bb-49c2-b1e4-0f5910a53bd6": { "id": "a6ff3028-07bb-49c2-b1e4-0f5910a53bd6", "title": "FileBird Document Library <= 2.0.6 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "FileBird Document Library", "slug": "filebird-document-library", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a6ff3028-07bb-49c2-b1e4-0f5910a53bd6?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7021586-16e8-41d2-8337-b700ce0b2d1d": { "id": "a7021586-16e8-41d2-8337-b700ce0b2d1d", "title": "CM Popup Plugin for WordPress \u2013 Popup Maker <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Pop-Up Banners for WordPress", "slug": "cm-pop-up-banners", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7021586-16e8-41d2-8337-b700ce0b2d1d?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a706e4eb-cd27-44b1-a023-5e4e075c768d": { "id": "a706e4eb-cd27-44b1-a023-5e4e075c768d", "title": "Htaccess File Editor <= 1.0.18 - Missing Authorization", "software": [ { "type": "plugin", "name": "Htaccess File Editor \u2013 Easily Edit, Backup, Restore .htaccess file", "slug": "htaccess-file-editor", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a706e4eb-cd27-44b1-a023-5e4e075c768d?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a70a91f3-ec87-472a-9cb0-98c874b7825f": { "id": "a70a91f3-ec87-472a-9cb0-98c874b7825f", "title": "DMSGuestbook <= 1.8.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "DMSGuestbook", "slug": "dmsguestbook", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a70a91f3-ec87-472a-9cb0-98c874b7825f?source=api-scan" ], "published": "2008-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a713c7d3-06ce-4d65-9766-2b0331656ae6": { "id": "a713c7d3-06ce-4d65-9766-2b0331656ae6", "title": "Popup Like box \u2013 Page Plugin <= 3.5.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Like box \u2013 Page Plugin", "slug": "ays-facebook-popup-likebox", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a713c7d3-06ce-4d65-9766-2b0331656ae6?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a713d897-c549-4e0d-9cb3-7002ef2b127f": { "id": "a713d897-c549-4e0d-9cb3-7002ef2b127f", "title": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a713d897-c549-4e0d-9cb3-7002ef2b127f?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a713e54b-524a-451f-b17a-a2c47e087bdc": { "id": "a713e54b-524a-451f-b17a-a2c47e087bdc", "title": "Opor Ayam <= 1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Opor Ayam", "slug": "opor-ayam", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a713e54b-524a-451f-b17a-a2c47e087bdc?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a714b35e-776d-42f4-bb7c-7865bf2b7637": { "id": "a714b35e-776d-42f4-bb7c-7865bf2b7637", "title": "Ninja Forms \u2013 The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a714b35e-776d-42f4-bb7c-7865bf2b7637?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7181056-d2ee-4c0f-b9a8-fdb7ad042a6b": { "id": "a7181056-d2ee-4c0f-b9a8-fdb7ad042a6b", "title": "FooGallery <= 2.2.35 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "* - 2.2.35": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7181056-d2ee-4c0f-b9a8-fdb7ad042a6b?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a71a1a7b-6299-44c5-b686-65f214986c27": { "id": "a71a1a7b-6299-44c5-b686-65f214986c27", "title": "InfiniteWP Client <= 1.3.7 - PHP Object Injection", "software": [ { "type": "plugin", "name": "InfiniteWP Client", "slug": "iwp-client", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a71a1a7b-6299-44c5-b686-65f214986c27?source=api-scan" ], "published": "2014-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a71cbe66-4187-4260-bb87-8579bc6e75f5": { "id": "a71cbe66-4187-4260-bb87-8579bc6e75f5", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a71cbe66-4187-4260-bb87-8579bc6e75f5?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a71d13b2-5c0b-4e19-b1b3-b97a996d4019": { "id": "a71d13b2-5c0b-4e19-b1b3-b97a996d4019", "title": "Tiny Contact Form <= 0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Tiny Contact Form", "slug": "tiny-contact-form", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a71d13b2-5c0b-4e19-b1b3-b97a996d4019?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a720ad0e-6194-4df4-951e-e818518e79b5": { "id": "a720ad0e-6194-4df4-951e-e818518e79b5", "title": "BookingPress <= 1.0.64 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.64": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.64", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a720ad0e-6194-4df4-951e-e818518e79b5?source=api-scan" ], "published": "2023-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a72ce900-7999-45ee-a46a-6dd0a8f5931d": { "id": "a72ce900-7999-45ee-a46a-6dd0a8f5931d", "title": "WP Live Chat Support <= 8.1.9 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 8.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a72ce900-7999-45ee-a46a-6dd0a8f5931d?source=api-scan" ], "published": "2020-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a72e60d7-6019-4d88-88f4-22ec4dedbdd8": { "id": "a72e60d7-6019-4d88-88f4-22ec4dedbdd8", "title": "WooCommerce SagePay Direct Payment Gateway < 0.1.6.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce SagePay Direct Payment Gateway", "slug": "sagepay-direct-for-woocommerce-payment-gateway", "affected_versions": { "[*, 0.1.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.1.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a72e60d7-6019-4d88-88f4-22ec4dedbdd8?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7372314-fff1-42c4-99b6-10d7541d1a29": { "id": "a7372314-fff1-42c4-99b6-10d7541d1a29", "title": "Wholesale Suite <= 2.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More", "slug": "woocommerce-wholesale-prices", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7372314-fff1-42c4-99b6-10d7541d1a29?source=api-scan" ], "published": "2022-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a739b805-e631-461e-802f-196e4117d403": { "id": "a739b805-e631-461e-802f-196e4117d403", "title": "WP Google Maps <= 6.3.14 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 6.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a739b805-e631-461e-802f-196e4117d403?source=api-scan" ], "published": "2016-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a73f3d93-198c-484c-bed5-59e477f3833e": { "id": "a73f3d93-198c-484c-bed5-59e477f3833e", "title": "Leaflet Maps Marker < 3.12.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", "slug": "leaflet-maps-marker", "affected_versions": { "* - 3.12.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a73f3d93-198c-484c-bed5-59e477f3833e?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a73f7812-771d-4d9f-9a7c-e4e01ec05023": { "id": "a73f7812-771d-4d9f-9a7c-e4e01ec05023", "title": "Avada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options'", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a73f7812-771d-4d9f-9a7c-e4e01ec05023?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a741446e-8600-4e02-af76-0d34a491bcfd": { "id": "a741446e-8600-4e02-af76-0d34a491bcfd", "title": "Slider by 10Web <= 1.2.51 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider by 10Web \u2013 Responsive Image Slider", "slug": "slider-wd", "affected_versions": { "* - 1.2.51": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a741446e-8600-4e02-af76-0d34a491bcfd?source=api-scan" ], "published": "2022-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a748da73-9489-46f7-baf0-8c4ccc847dcf": { "id": "a748da73-9489-46f7-baf0-8c4ccc847dcf", "title": "Swift Framework < 2024.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Swift Framework", "slug": "socialdriver-framework", "affected_versions": { "[*, 2024.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2024.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2024.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a748da73-9489-46f7-baf0-8c4ccc847dcf?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a74d6b36-e0f1-4cfb-b1e9-0573081ed975": { "id": "a74d6b36-e0f1-4cfb-b1e9-0573081ed975", "title": "Spider Facebook <= 1.0.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WDSocialWidgets", "slug": "spider-facebook", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a74d6b36-e0f1-4cfb-b1e9-0573081ed975?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a75020c0-8286-449a-9c51-0b1488350f09": { "id": "a75020c0-8286-449a-9c51-0b1488350f09", "title": "Private Messages For WordPress <= 2.1.10 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Private Messages For WordPress", "slug": "private-messages-for-wordpress", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a75020c0-8286-449a-9c51-0b1488350f09?source=api-scan" ], "published": "2022-05-26 12:13:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7519c43-d8d1-4412-b2f3-77f59736924c": { "id": "a7519c43-d8d1-4412-b2f3-77f59736924c", "title": "Visual Portfolio, Photo Gallery & Post Grid <= 2.18.0 - Contributor+ CSS Injection", "software": [ { "type": "plugin", "name": "Visual Portfolio, Photo Gallery & Post Grid", "slug": "visual-portfolio", "affected_versions": { "* - 2.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.19.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7519c43-d8d1-4412-b2f3-77f59736924c?source=api-scan" ], "published": "2022-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a752e211-5ae2-4b85-ac01-872dc829d84c": { "id": "a752e211-5ae2-4b85-ac01-872dc829d84c", "title": "Advanced Access Manager <= 6.9.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "* - 6.9.20": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a752e211-5ae2-4b85-ac01-872dc829d84c?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a753823a-1f95-430b-8b74-cc33f2ab018e": { "id": "a753823a-1f95-430b-8b74-cc33f2ab018e", "title": "Themify \u2013 WooCommerce Product Filter <= 1.4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Themify \u2013 WooCommerce Product Filter", "slug": "themify-wc-product-filter", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a753823a-1f95-430b-8b74-cc33f2ab018e?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a753b4ba-9223-4eff-95e3-da7a1b2830a6": { "id": "a753b4ba-9223-4eff-95e3-da7a1b2830a6", "title": "YOP Poll <= 6.0.2 - Reflected Cross-Site Scripting via poll_id Parameter", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "[*, 6.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a753b4ba-9223-4eff-95e3-da7a1b2830a6?source=api-scan" ], "published": "2019-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a758fcbe-1be0-4845-9ce9-795f3e5c4bd8": { "id": "a758fcbe-1be0-4845-9ce9-795f3e5c4bd8", "title": "SendPress Newsletters < 1.2 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "SendPress Newsletters", "slug": "sendpress", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a758fcbe-1be0-4845-9ce9-795f3e5c4bd8?source=api-scan" ], "published": "2015-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a759f4f4-6e0b-4754-b5b5-d110a050d0ba": { "id": "a759f4f4-6e0b-4754-b5b5-d110a050d0ba", "title": "Gallery PhotoBlocks <= 1.1.42 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery PhotoBlocks", "slug": "photoblocks-grid-gallery", "affected_versions": { "[*, 1.1.43)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.43", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a759f4f4-6e0b-4754-b5b5-d110a050d0ba?source=api-scan" ], "published": "2019-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a75c179f-236b-4a1b-8566-b74e0c5fda27": { "id": "a75c179f-236b-4a1b-8566-b74e0c5fda27", "title": "AGIL(Automatic Grid Image Listing) <= 1.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AGIL(Automatic Grid Image Listing)", "slug": "automatic-grid-image-listing", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a75c179f-236b-4a1b-8566-b74e0c5fda27?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a76077c6-700a-4d21-a930-b0d6455d959c": { "id": "a76077c6-700a-4d21-a930-b0d6455d959c", "title": "Canto <= 3.0.4 - Unauthenticated Remote File Inclusion", "software": [ { "type": "plugin", "name": "Canto", "slug": "canto", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a76077c6-700a-4d21-a930-b0d6455d959c?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a767f65e-bc7d-4576-af78-b77bd23dc089": { "id": "a767f65e-bc7d-4576-af78-b77bd23dc089", "title": "Events Manager \u2013 Calendar, Bookings, Tickets, and more! <= 6.4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 6.4.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a767f65e-bc7d-4576-af78-b77bd23dc089?source=api-scan" ], "published": "2024-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a76dcb33-4c6b-44dc-9b27-6daf4f0a1376": { "id": "a76dcb33-4c6b-44dc-9b27-6daf4f0a1376", "title": "The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "theme", "name": "The Next", "slug": "the-next", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a76dcb33-4c6b-44dc-9b27-6daf4f0a1376?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a76ded81-4c78-4054-9a26-7e215285a2b6": { "id": "a76ded81-4c78-4054-9a26-7e215285a2b6", "title": "WP-Lister Lite for eBay <= 3.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Lister Lite for eBay", "slug": "wp-lister-for-ebay", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a76ded81-4c78-4054-9a26-7e215285a2b6?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7701dd2-8452-4529-a931-db2553ca1ae5": { "id": "a7701dd2-8452-4529-a931-db2553ca1ae5", "title": "Yoast SEO <= 3.2.4 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7701dd2-8452-4529-a931-db2553ca1ae5?source=api-scan" ], "published": "2016-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a777c79e-a3ff-4f9d-90da-3a67a0176584": { "id": "a777c79e-a3ff-4f9d-90da-3a67a0176584", "title": "Black Widgets For Elementor <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Black Widgets For Elementor", "slug": "black-widgets", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a777c79e-a3ff-4f9d-90da-3a67a0176584?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a77d0fb5-8829-407d-a40a-169cf0c5f837": { "id": "a77d0fb5-8829-407d-a40a-169cf0c5f837", "title": "FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check", "software": [ { "type": "plugin", "name": "FULL \u2013 Cliente", "slug": "full-customer", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a77f8a2b-c61b-4942-93b5-202ebce4cf96": { "id": "a77f8a2b-c61b-4942-93b5-202ebce4cf96", "title": "WP Survey And Quiz Tool < 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Survey And Quiz Tool", "slug": "wp-survey-and-quiz-tool", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a77f8a2b-c61b-4942-93b5-202ebce4cf96?source=api-scan" ], "published": "2010-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a780ce1b-0758-42ef-88e7-ff8d921eca6e": { "id": "a780ce1b-0758-42ef-88e7-ff8d921eca6e", "title": "Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Header & Footer Builder", "slug": "header-footer-elementor", "affected_versions": { "* - 1.6.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.26.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a780ce1b-0758-42ef-88e7-ff8d921eca6e?source=api-scan" ], "published": "2024-05-23 15:59:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7826d47-8799-446f-af3c-df2724fb26ef": { "id": "a7826d47-8799-446f-af3c-df2724fb26ef", "title": "Image Slider <= 1.1.125 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Slider", "slug": "image-slider-widget", "affected_versions": { "* - 1.1.125": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.125", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.127" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7826d47-8799-446f-af3c-df2724fb26ef?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a78321b7-b62b-40ab-a15d-037ebd905d8b": { "id": "a78321b7-b62b-40ab-a15d-037ebd905d8b", "title": "CPT Bootstrap Carousel <= 1.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CPT Bootstrap Carousel", "slug": "cpt-bootstrap-carousel", "affected_versions": { "* - 1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a78321b7-b62b-40ab-a15d-037ebd905d8b?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7839847-2637-4a0d-bfc1-5f80b8433e24": { "id": "a7839847-2637-4a0d-bfc1-5f80b8433e24", "title": "Event Tickets and Registration <= 5.8.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Event Tickets and Registration", "slug": "event-tickets", "affected_versions": { "* - 5.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a78b76d6-4068-4141-9726-7db439aa6a9f": { "id": "a78b76d6-4068-4141-9726-7db439aa6a9f", "title": "Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Unlimited Addons for WPBakery Page Builder", "slug": "unlimited-addons-for-wpbakery-page-builder", "affected_versions": { "* - 1.0.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.42", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a78b76d6-4068-4141-9726-7db439aa6a9f?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a78c46ac-22dd-48f2-a10b-016205f7e7fa": { "id": "a78c46ac-22dd-48f2-a10b-016205f7e7fa", "title": "Biteship <= 2.2.27 - Authenticated (Shop manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo \u2013 Biteship", "slug": "biteship", "affected_versions": { "* - 2.2.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a78c46ac-22dd-48f2-a10b-016205f7e7fa?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a78da5c5-fb12-4fc9-8c51-6d9f6f7a4043": { "id": "a78da5c5-fb12-4fc9-8c51-6d9f6f7a4043", "title": "Crowdsignal Dashboard \u2013 Polls, Surveys & more <= 3.0.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "* - 3.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a78da5c5-fb12-4fc9-8c51-6d9f6f7a4043?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a78fced7-8c8c-4e98-8f06-2eea845cfb26": { "id": "a78fced7-8c8c-4e98-8f06-2eea845cfb26", "title": "Premium Addons for Elementor <= 4.10.22 - Authenticated (Contributor+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.22": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a78fced7-8c8c-4e98-8f06-2eea845cfb26?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7967b44-a3a1-48e5-a873-527348e2a88a": { "id": "a7967b44-a3a1-48e5-a873-527348e2a88a", "title": "LA-Studio Element Kit for Elementor <= 1.3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7967b44-a3a1-48e5-a873-527348e2a88a?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7982828-bc67-48ee-be80-3203b081e29b": { "id": "a7982828-bc67-48ee-be80-3203b081e29b", "title": "Broken Link Manager < 0.6.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Manager", "slug": "broken-link-manager", "affected_versions": { "[*, 0.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7982828-bc67-48ee-be80-3203b081e29b?source=api-scan" ], "published": "2015-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a798ffe0-b81d-4c5f-a864-ed72a5312a16": { "id": "a798ffe0-b81d-4c5f-a864-ed72a5312a16", "title": "Advanced Floating Content Lite <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Floating Content Lite", "slug": "advanced-floating-content-lite", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a798ffe0-b81d-4c5f-a864-ed72a5312a16?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7a61446-a5ef-44e4-bd64-9c2e844953fb": { "id": "a7a61446-a5ef-44e4-bd64-9c2e844953fb", "title": "Change Uploaded File Permissions <= 4.0.0 - Cross-Site Request Forgery to Options Update", "software": [ { "type": "plugin", "name": "Change Uploaded File Permissions", "slug": "change-uploaded-file-permissions", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7a61446-a5ef-44e4-bd64-9c2e844953fb?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7a877d3-69b2-427b-9b5c-fb3ca93b4c09": { "id": "a7a877d3-69b2-427b-9b5c-fb3ca93b4c09", "title": "Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Audio Player with Playlist Ultimate", "slug": "audio-player-with-playlist-ultimate", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7a877d3-69b2-427b-9b5c-fb3ca93b4c09?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7ac96db-2d9a-4eaf-8916-a02e3e64ca4a": { "id": "a7ac96db-2d9a-4eaf-8916-a02e3e64ca4a", "title": "Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Easy Property Listings", "slug": "easy-property-listings", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7ac96db-2d9a-4eaf-8916-a02e3e64ca4a?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7adba0a-2f3b-43d8-b00a-8521dd0c6a2d": { "id": "a7adba0a-2f3b-43d8-b00a-8521dd0c6a2d", "title": "SEO Booster <= 3.7 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "SEO Booster", "slug": "seo-booster", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7adba0a-2f3b-43d8-b00a-8521dd0c6a2d?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7ae4294-3f20-4f97-ae74-858121280c01": { "id": "a7ae4294-3f20-4f97-ae74-858121280c01", "title": "Source (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Source", "slug": "source", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7ae4294-3f20-4f97-ae74-858121280c01?source=api-scan" ], "published": "2013-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7af1a03-8382-4593-a41f-8cdb1bb9e53b": { "id": "a7af1a03-8382-4593-a41f-8cdb1bb9e53b", "title": "Media Library Assistant <= 3.15 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7af1a03-8382-4593-a41f-8cdb1bb9e53b?source=api-scan" ], "published": "2024-05-21 11:12:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7af6721-4886-4bec-8931-992881310f26": { "id": "a7af6721-4886-4bec-8931-992881310f26", "title": "WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Maps Plugin using Google Maps for WordPress \u2013 WP Google Map", "slug": "gmap-embed", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7af6721-4886-4bec-8931-992881310f26?source=api-scan" ], "published": "2022-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7b1871d-9d26-4bdc-bd20-0535143902d4": { "id": "a7b1871d-9d26-4bdc-bd20-0535143902d4", "title": "LWS Affiliation <= 2.2.6 - Unauthenticated Remote\/Local File Inclusion", "software": [ { "type": "plugin", "name": "LWS Affiliation", "slug": "lws-affiliation", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7b1871d-9d26-4bdc-bd20-0535143902d4?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7b25b66-e9d1-448d-8367-cce4c0dec635": { "id": "a7b25b66-e9d1-448d-8367-cce4c0dec635", "title": "Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7b25b66-e9d1-448d-8367-cce4c0dec635?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7bd173c-dc61-4cc6-b42f-311acf728080": { "id": "a7bd173c-dc61-4cc6-b42f-311acf728080", "title": "Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "[*, 3.12.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7bd173c-dc61-4cc6-b42f-311acf728080?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7beb9b3-3e4e-4aa2-b174-ecd9307cb3d0": { "id": "a7beb9b3-3e4e-4aa2-b174-ecd9307cb3d0", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadRedirectSettings' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7beb9b3-3e4e-4aa2-b174-ecd9307cb3d0?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7beba4f-7704-4b98-9391-de85f86219aa": { "id": "a7beba4f-7704-4b98-9391-de85f86219aa", "title": "The Post Grid <= 7.7.4 - Missing Authorization via save_block_css", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7beba4f-7704-4b98-9391-de85f86219aa?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7c19095-3c21-440f-aa28-0117aea29d97": { "id": "a7c19095-3c21-440f-aa28-0117aea29d97", "title": "Newsletter & Bulk Email Sender <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter & Bulk Email Sender \u2013 Email Newsletter Plugin for WordPress", "slug": "newsletter-bulk-email", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7c19095-3c21-440f-aa28-0117aea29d97?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7c31409-c84a-4197-b08c-b70df5e66a80": { "id": "a7c31409-c84a-4197-b08c-b70df5e66a80", "title": "Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 27.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "27.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7c31409-c84a-4197-b08c-b70df5e66a80?source=api-scan" ], "published": "2024-08-29 16:01:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7c32efa-1872-4302-a947-dc0005080e55": { "id": "a7c32efa-1872-4302-a947-dc0005080e55", "title": "Citizen Space <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Citizen Space", "slug": "citizen-space", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7c32efa-1872-4302-a947-dc0005080e55?source=api-scan" ], "published": "2015-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7c7267e-81b2-4a03-b1fc-254b8233d6d0": { "id": "a7c7267e-81b2-4a03-b1fc-254b8233d6d0", "title": "Widget4Call <= 1.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widget4Call", "slug": "widget4call", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7c7267e-81b2-4a03-b1fc-254b8233d6d0?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7c949f0-fcd1-4984-95a2-b19fb72f04bb": { "id": "a7c949f0-fcd1-4984-95a2-b19fb72f04bb", "title": "WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag'", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7ce9573-eda5-45c0-8775-966f2fbe9496": { "id": "a7ce9573-eda5-45c0-8775-966f2fbe9496", "title": "Participants Database <= 2.4.9 - Cross-Site Request Forgery via _process_general", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7ce9573-eda5-45c0-8775-966f2fbe9496?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7cf1c70-9778-4b50-b494-d0b1d0277b35": { "id": "a7cf1c70-9778-4b50-b494-d0b1d0277b35", "title": "EmbedPress <= 3.9.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "[*, 3.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7cf1c70-9778-4b50-b494-d0b1d0277b35?source=api-scan" ], "published": "2023-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7d0deb3-3d04-4f85-b769-0894d7c6ee7c": { "id": "a7d0deb3-3d04-4f85-b769-0894d7c6ee7c", "title": "Easy Forms for Mailchimp <= 6.6.2 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "[*, 6.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7d0deb3-3d04-4f85-b769-0894d7c6ee7c?source=api-scan" ], "published": "2020-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7d13d78-4d3f-476a-ba67-b47d0195a1ed": { "id": "a7d13d78-4d3f-476a-ba67-b47d0195a1ed", "title": "WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WishSuite \u2013 Wishlist for WooCommerce", "slug": "wishsuite", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7d13d78-4d3f-476a-ba67-b47d0195a1ed?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7d340b9-6a77-481c-983c-f4774ecff285": { "id": "a7d340b9-6a77-481c-983c-f4774ecff285", "title": "Re:WP <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Re:WP", "slug": "rewp", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7d340b9-6a77-481c-983c-f4774ecff285?source=api-scan" ], "published": "2024-10-03 21:12:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7d5edee-04fb-41e0-be5e-ca3681956d2d": { "id": "a7d5edee-04fb-41e0-be5e-ca3681956d2d", "title": "Forms for Mailchimp by Optin Cat <= 2.5.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List", "slug": "mailchimp-wp", "affected_versions": { "* - 2.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7d5edee-04fb-41e0-be5e-ca3681956d2d?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7da2b5d-8e0c-492a-a6a6-7302cd277d0b": { "id": "a7da2b5d-8e0c-492a-a6a6-7302cd277d0b", "title": "Quick Restaurant Reservations <= 1.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Restaurant Reservations", "slug": "quick-restaurant-reservations", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7da2b5d-8e0c-492a-a6a6-7302cd277d0b?source=api-scan" ], "published": "2022-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7e24341-b085-4412-aa7b-42712cd94f35": { "id": "a7e24341-b085-4412-aa7b-42712cd94f35", "title": "Simple Slider < 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Slider", "slug": "simple-slider", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7e24341-b085-4412-aa7b-42712cd94f35?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7e3818c-883f-4633-a460-a8c0446edffc": { "id": "a7e3818c-883f-4633-a460-a8c0446edffc", "title": "BEAR <= 1.1.3.1 - Cross-Site Request Forgery via Multiple Functions", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7e3818c-883f-4633-a460-a8c0446edffc?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7e58c6d-5b95-4b22-a7fc-e5e8324ed52a": { "id": "a7e58c6d-5b95-4b22-a7fc-e5e8324ed52a", "title": "Easily Generate Rest API Url <= 1.0.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easily Generate Rest API Url", "slug": "easily-generate-rest-api-url", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7e58c6d-5b95-4b22-a7fc-e5e8324ed52a?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7e8eb75-ba48-4385-9ddd-800d9bb907f1": { "id": "a7e8eb75-ba48-4385-9ddd-800d9bb907f1", "title": "WordPress Core < 4.5.3 - Bypass sanitize_file_name Protection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.14": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.14", "to_inclusive": true }, "3.8 - 3.8.14": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true }, "3.9 - 3.9.12": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true }, "4.0 - 4.0.11": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true }, "4.1 - 4.1.11": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true }, "4.2 - 4.2.8": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.15", "3.8.15", "3.9.13", "4.0.12", "4.1.12", "4.2.9", "4.3.5", "4.4.4", "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7e8eb75-ba48-4385-9ddd-800d9bb907f1?source=api-scan" ], "published": "2016-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7ea99e7-2502-42a2-b037-2040114a8055": { "id": "a7ea99e7-2502-42a2-b037-2040114a8055", "title": "Our Team Showcase < 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Our Team Showcase", "slug": "our-team-enhanced", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7ea99e7-2502-42a2-b037-2040114a8055?source=api-scan" ], "published": "2014-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7ec331c-51ea-466a-ab7b-4234df47114a": { "id": "a7ec331c-51ea-466a-ab7b-4234df47114a", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'liveSearch' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7ec331c-51ea-466a-ab7b-4234df47114a?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7ed1cbd-1dd0-4996-8255-91a9131934c0": { "id": "a7ed1cbd-1dd0-4996-8255-91a9131934c0", "title": "Chained Quiz <= 1.3.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7ed1cbd-1dd0-4996-8255-91a9131934c0?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7efbdb1-989f-4171-ab55-aff66014337a": { "id": "a7efbdb1-989f-4171-ab55-aff66014337a", "title": "WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP Prayer", "slug": "wp-prayer", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7efbdb1-989f-4171-ab55-aff66014337a?source=api-scan" ], "published": "2021-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7f0afe8-234a-4c3f-87c8-f3f23ac94fe3": { "id": "a7f0afe8-234a-4c3f-87c8-f3f23ac94fe3", "title": "Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update", "software": [ { "type": "plugin", "name": "Cliengo \u2013 Chatbot", "slug": "cliengo", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7f0afe8-234a-4c3f-87c8-f3f23ac94fe3?source=api-scan" ], "published": "2024-07-08 19:56:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7f82847-433d-49b1-815d-b0d9e70068c2": { "id": "a7f82847-433d-49b1-815d-b0d9e70068c2", "title": "Instantio \u2013 WooCommerce Quick Checkout | Instant Checkout, Side Cart & Popup Cart <= 1.2.5 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Instantio \u2013 WooCommerce Quick Checkout | Direct Checkout, Floating Cart, Side Cart & Popup Cart", "slug": "instantio", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7f82847-433d-49b1-815d-b0d9e70068c2?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7f947ee-6bb0-455f-9824-effa1164c7b8": { "id": "a7f947ee-6bb0-455f-9824-effa1164c7b8", "title": "Online Hotel Booking System Pro <= 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Hotel Booking System Pro", "slug": "bsi-hotel-pro", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7f947ee-6bb0-455f-9824-effa1164c7b8?source=api-scan" ], "published": "2020-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a7ffc02d-190b-4494-a43f-1825914145ff": { "id": "a7ffc02d-190b-4494-a43f-1825914145ff", "title": "CURCY <= 2.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CURCY \u2013 Multi Currency for WooCommerce \u2013 The best free currency exchange plugin \u2013 Run smoothly on WooCommerce 8.x", "slug": "woo-multi-currency", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a7ffc02d-190b-4494-a43f-1825914145ff?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a807658d-cdfc-48cc-8dfe-1dd2773fcbcf": { "id": "a807658d-cdfc-48cc-8dfe-1dd2773fcbcf", "title": "CoziPress <= 1.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "CoziPress", "slug": "cozipress", "affected_versions": { "* - 1.0.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.31", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a807658d-cdfc-48cc-8dfe-1dd2773fcbcf?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8077d07-acaf-40f2-bc0f-e28a44ead94c": { "id": "a8077d07-acaf-40f2-bc0f-e28a44ead94c", "title": "Icegram Express <= 5.5.2 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8077d07-acaf-40f2-bc0f-e28a44ead94c?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8082c60-436d-42e3-8aa5-cd2cb8ce6355": { "id": "a8082c60-436d-42e3-8aa5-cd2cb8ce6355", "title": "OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Unauthenticated Settings Update", "software": [ { "type": "theme", "name": "OneTone", "slug": "onetone", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "OneTone Companion", "slug": "onetone-companion", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8082c60-436d-42e3-8aa5-cd2cb8ce6355?source=api-scan" ], "published": "2020-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a80a3108-c685-4e26-9ecd-a0fe6ad4860c": { "id": "a80a3108-c685-4e26-9ecd-a0fe6ad4860c", "title": "Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.33": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a80a3108-c685-4e26-9ecd-a0fe6ad4860c?source=api-scan" ], "published": "2024-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a80c306e-323b-4ab4-955b-4e264625731c": { "id": "a80c306e-323b-4ab4-955b-4e264625731c", "title": "Fancy Product Designer <= 4.5.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a80c306e-323b-4ab4-955b-4e264625731c?source=api-scan" ], "published": "2020-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a80d13c7-21e4-4cb5-b28d-340668732c0a": { "id": "a80d13c7-21e4-4cb5-b28d-340668732c0a", "title": "TubePress < 1.6.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TubePress", "slug": "tubepress", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a80d13c7-21e4-4cb5-b28d-340668732c0a?source=api-scan" ], "published": "2008-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a813251b-a4c1-4b23-ad03-dcc1f4f19eb9": { "id": "a813251b-a4c1-4b23-ad03-dcc1f4f19eb9", "title": "WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page", "software": [ { "type": "plugin", "name": "WP Mail SMTP Pro", "slug": "wp-mail-smtp-pro", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8163dc0-e380-4a0b-bd18-34a3e80ca3dd": { "id": "a8163dc0-e380-4a0b-bd18-34a3e80ca3dd", "title": "VR Calendar <= 2.4.4 - Authenticated (Administrator+) Local File Inclusion", "software": [ { "type": "plugin", "name": "VR Calendar", "slug": "vr-calendar-sync", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8163dc0-e380-4a0b-bd18-34a3e80ca3dd?source=api-scan" ], "published": "2022-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a817c960-37e9-4f72-a2ef-845d9b898d48": { "id": "a817c960-37e9-4f72-a2ef-845d9b898d48", "title": "Survey Maker <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a817c960-37e9-4f72-a2ef-845d9b898d48?source=api-scan" ], "published": "2021-12-03 10:28:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a81d3b09-b8dd-4697-ab43-c863e8d1e1d5": { "id": "a81d3b09-b8dd-4697-ab43-c863e8d1e1d5", "title": "Maintenance Switch <= 1.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Maintenance Switch", "slug": "maintenance-switch", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a81d3b09-b8dd-4697-ab43-c863e8d1e1d5?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a81d5615-0b96-4d89-a525-7e80a10a9317": { "id": "a81d5615-0b96-4d89-a525-7e80a10a9317", "title": "YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a81d5615-0b96-4d89-a525-7e80a10a9317?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a823a21e-78b5-4186-bb67-88799509970d": { "id": "a823a21e-78b5-4186-bb67-88799509970d", "title": "Yml for Yandex Market <= 3.10.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YML for Yandex Market", "slug": "yml-for-yandex-market", "affected_versions": { "[*, 3.10.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a823a21e-78b5-4186-bb67-88799509970d?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a826dff8-60ae-4e25-9d3e-be93f192aaca": { "id": "a826dff8-60ae-4e25-9d3e-be93f192aaca", "title": "Standout Color Boxes and Buttons <= 0.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Standout Color Boxes and Buttons", "slug": "standout-color-boxes-and-buttons", "affected_versions": { "* - 0.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a826dff8-60ae-4e25-9d3e-be93f192aaca?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8290783-9eb5-4fae-8b00-e3b5a5a0ed35": { "id": "a8290783-9eb5-4fae-8b00-e3b5a5a0ed35", "title": "Media Usage <= 0.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Usage", "slug": "media-usage", "affected_versions": { "* - 0.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8290783-9eb5-4fae-8b00-e3b5a5a0ed35?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8292a1f-1d26-4efa-9ead-5309965bdb8c": { "id": "a8292a1f-1d26-4efa-9ead-5309965bdb8c", "title": "NewStatPress <= 0.9.8 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NewStatPress", "slug": "newstatpress", "affected_versions": { "* - 0.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8292a1f-1d26-4efa-9ead-5309965bdb8c?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a82ac1c9-e037-4afa-b433-2efef2e61403": { "id": "a82ac1c9-e037-4afa-b433-2efef2e61403", "title": "Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Data Disclosure", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 7.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a82ac1c9-e037-4afa-b433-2efef2e61403?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a82bffab-77c3-48e8-af84-39709bf0353b": { "id": "a82bffab-77c3-48e8-af84-39709bf0353b", "title": "LiteSpeed Cache <= 4.4.3 - Authorization Bypass", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "1.0.15 - 4.4.3": { "from_version": "1.0.15", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a82bffab-77c3-48e8-af84-39709bf0353b?source=api-scan" ], "published": "2021-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a82c5ca7-5fe5-4817-bf5c-ee7779eb4427": { "id": "a82c5ca7-5fe5-4817-bf5c-ee7779eb4427", "title": "XML Sitemaps <= 4.0.9 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XML Sitemap Generator for Google", "slug": "google-sitemap-generator", "affected_versions": { "* - 4.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a82c5ca7-5fe5-4817-bf5c-ee7779eb4427?source=api-scan" ], "published": "2018-12-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a82debfe-e346-491f-a6dc-1bbf1a363999": { "id": "a82debfe-e346-491f-a6dc-1bbf1a363999", "title": "Shortcodes Ultimate Pro <= 7.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Shortcodes Ultimate Pro", "slug": "shortcodes-ultimate-pro", "affected_versions": { "* - 7.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a82debfe-e346-491f-a6dc-1bbf1a363999?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a82fd49e-6e95-4743-900a-fa53b870ec0b": { "id": "a82fd49e-6e95-4743-900a-fa53b870ec0b", "title": "SVGator \u2013 Add Animated SVG Easily <= 1.2.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "SVGator \u2013 Add Animated SVG Easily", "slug": "svgator", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a82fd49e-6e95-4743-900a-fa53b870ec0b?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a83061c0-d8d3-4dbe-bf2a-65350d17094b": { "id": "a83061c0-d8d3-4dbe-bf2a-65350d17094b", "title": "Short URL <= 1.6.8 - Missing Authorization via multiple AJAX functions", "software": [ { "type": "plugin", "name": "Short URL", "slug": "shorten-url", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a83061c0-d8d3-4dbe-bf2a-65350d17094b?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a832cd41-c7be-43b5-bee3-4489170cad79": { "id": "a832cd41-c7be-43b5-bee3-4489170cad79", "title": "tarteaucitron.js \u2013 Cookies legislation & GDPR (WordPress plugin) <= 1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "tarteaucitron.js \u2013 Cookies legislation & GDPR", "slug": "tarteaucitronjs", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a832cd41-c7be-43b5-bee3-4489170cad79?source=api-scan" ], "published": "2021-12-17 14:06:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a833fe01-caf5-434a-82f9-8d3ac755a66f": { "id": "a833fe01-caf5-434a-82f9-8d3ac755a66f", "title": "Easy Bet <= 1.0.7 - Authenticated(Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Easy Bet", "slug": "easy-bet", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a833fe01-caf5-434a-82f9-8d3ac755a66f?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8382051-ae17-4719-94b5-3cfb0b5e82b1": { "id": "a8382051-ae17-4719-94b5-3cfb0b5e82b1", "title": "Video Gallery \u2013 YouTube Gallery <= 2.1.4 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 Best WordPress YouTube Gallery Plugin", "slug": "gallery-videos", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8382051-ae17-4719-94b5-3cfb0b5e82b1?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a83c438b-ce08-42d8-b3b2-8ab12dedcf3e": { "id": "a83c438b-ce08-42d8-b3b2-8ab12dedcf3e", "title": "Pagerank Tools <= 1.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pagerank tools", "slug": "pagerank-tools", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a83c438b-ce08-42d8-b3b2-8ab12dedcf3e?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a83def40-27fa-4141-bebf-f86944e4c618": { "id": "a83def40-27fa-4141-bebf-f86944e4c618", "title": "Static Page eXtended <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Static Page eXtended", "slug": "jp-staticpagex", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a83def40-27fa-4141-bebf-f86944e4c618?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a83e68e0-1b5b-4fd5-be00-37b8f11144c4": { "id": "a83e68e0-1b5b-4fd5-be00-37b8f11144c4", "title": "Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Builder", "slug": "themify-builder", "affected_versions": { "* - 7.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a83e68e0-1b5b-4fd5-be00-37b8f11144c4?source=api-scan" ], "published": "2024-10-04 12:23:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a841456c-2a01-4caf-bebe-e018b92697d8": { "id": "a841456c-2a01-4caf-bebe-e018b92697d8", "title": "NextGEN Gallery <= 3.28 - Cross-Site Request Forgery leading to Post Thumbnail Change", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.28": { "from_version": "*", "from_inclusive": true, "to_version": "3.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a841456c-2a01-4caf-bebe-e018b92697d8?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8447fa0-f994-4de3-b6e7-2fe61e06bed1": { "id": "a8447fa0-f994-4de3-b6e7-2fe61e06bed1", "title": "Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing", "software": [ { "type": "plugin", "name": "Blackhole for Bad Bots", "slug": "blackhole-bad-bots", "affected_versions": { "[*, 3.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8447fa0-f994-4de3-b6e7-2fe61e06bed1?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a84bd9c8-97bd-4572-8bfa-5191d98c9523": { "id": "a84bd9c8-97bd-4572-8bfa-5191d98c9523", "title": "Constant Contact Forms by MailMunch <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Constant Contact Forms by MailMunch", "slug": "constant-contact-forms-by-mailmunch", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a84bd9c8-97bd-4572-8bfa-5191d98c9523?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a84d6f64-9ebb-4773-a9c1-8f23fb2801a9": { "id": "a84d6f64-9ebb-4773-a9c1-8f23fb2801a9", "title": "Email Subscribers & Newsletters <= 5.7.11 - Reflected Cross-Site Scripting via campaign_id", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a84d6f64-9ebb-4773-a9c1-8f23fb2801a9?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8526106-847a-420f-9275-f759a8dd4dfb": { "id": "a8526106-847a-420f-9275-f759a8dd4dfb", "title": "Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass", "software": [ { "type": "plugin", "name": "Swiss Toolkit For WP", "slug": "swiss-toolkit-for-wp", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8526106-847a-420f-9275-f759a8dd4dfb?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a853bbb4-9866-4bc4-94da-d7826863d23b": { "id": "a853bbb4-9866-4bc4-94da-d7826863d23b", "title": "Super Page Cache for Cloudflare <= 4.7.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Super Page Cache", "slug": "wp-cloudflare-page-cache", "affected_versions": { "* - 4.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a853bbb4-9866-4bc4-94da-d7826863d23b?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8540a39-87e4-4a78-abf2-c7e09dbfa4f9": { "id": "a8540a39-87e4-4a78-abf2-c7e09dbfa4f9", "title": "3D Tag Cloud <= 3.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "3D Tag Cloud", "slug": "cardoza-3d-tag-cloud", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8540a39-87e4-4a78-abf2-c7e09dbfa4f9?source=api-scan" ], "published": "2022-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8546d5d-3ac0-4eb6-9502-07f2590a943b": { "id": "a8546d5d-3ac0-4eb6-9502-07f2590a943b", "title": "Good & Bad Comments <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Good & Bad comments", "slug": "good-bad-comments", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8546d5d-3ac0-4eb6-9502-07f2590a943b?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a859505e-87ba-49f0-910b-de6141976f86": { "id": "a859505e-87ba-49f0-910b-de6141976f86", "title": "CMS Commander \u2013 Manage Multiple Sites Plugin <= 2.21 - PHP Object Injection", "software": [ { "type": "plugin", "name": "CMS Commander \u2013 Manage Multiple Sites", "slug": "cms-commander-client", "affected_versions": { "[*, 2.22)": { "from_version": "*", "from_inclusive": true, "to_version": "2.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a859505e-87ba-49f0-910b-de6141976f86?source=api-scan" ], "published": "2016-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a85eec18-49cc-44c0-ac86-ccc192a621a0": { "id": "a85eec18-49cc-44c0-ac86-ccc192a621a0", "title": "WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a85eec18-49cc-44c0-ac86-ccc192a621a0?source=api-scan" ], "published": "2014-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a85fbaff-d566-4ed2-8943-c174e0c4d2d8": { "id": "a85fbaff-d566-4ed2-8943-c174e0c4d2d8", "title": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation\/Account Takeover", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a85fbaff-d566-4ed2-8943-c174e0c4d2d8?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a86301cd-1268-4168-a8e7-6946711dc256": { "id": "a86301cd-1268-4168-a8e7-6946711dc256", "title": "WPQA < 5.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "[*, 5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a86301cd-1268-4168-a8e7-6946711dc256?source=api-scan" ], "published": "2022-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a868226f-4ca1-4ec1-b55e-3029e3ed2d5b": { "id": "a868226f-4ca1-4ec1-b55e-3029e3ed2d5b", "title": "VR Calendar <= 2.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "VR Calendar", "slug": "vr-calendar-sync", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a868226f-4ca1-4ec1-b55e-3029e3ed2d5b?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a86a694b-5e45-4e94-a22c-2c5faa7172a2": { "id": "a86a694b-5e45-4e94-a22c-2c5faa7172a2", "title": "WP Power Stats <= 2.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Power Stats", "slug": "wp-power-stats", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a86a694b-5e45-4e94-a22c-2c5faa7172a2?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a86d196f-9613-4352-8a96-87ea147eb1c8": { "id": "a86d196f-9613-4352-8a96-87ea147eb1c8", "title": "Scroll Baner <= 1.0 - Cross-Site Request Forgery to Remote Code Execution and\/or Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scroll Baner", "slug": "scroll-baner", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a86d196f-9613-4352-8a96-87ea147eb1c8?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a86d8f97-54dc-4c6b-92c0-05a8625cc073": { "id": "a86d8f97-54dc-4c6b-92c0-05a8625cc073", "title": "Scripts n Styles <= 3.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scripts n Styles", "slug": "scripts-n-styles", "affected_versions": { "* - 3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a86d8f97-54dc-4c6b-92c0-05a8625cc073?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a86fc949-6caf-48b7-beda-ca0c653c9b29": { "id": "a86fc949-6caf-48b7-beda-ca0c653c9b29", "title": "BookingPress <= 1.0.81 - Authenticated (Customer+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.81": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.81", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.82" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a86fc949-6caf-48b7-beda-ca0c653c9b29?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8742e30-e49c-46c9-92d5-216d32d00d51": { "id": "a8742e30-e49c-46c9-92d5-216d32d00d51", "title": "YDS Support Ticket System <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "YDS Support Ticket System", "slug": "yds-support-ticket-system", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8742e30-e49c-46c9-92d5-216d32d00d51?source=api-scan" ], "published": "2022-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a87f610a-c1ef-4365-bd74-569989587d41": { "id": "a87f610a-c1ef-4365-bd74-569989587d41", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_toolbar_save_settings_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a87f610a-c1ef-4365-bd74-569989587d41?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a885e5db-dc84-46db-960e-63f62709e1b1": { "id": "a885e5db-dc84-46db-960e-63f62709e1b1", "title": "Crelly Slider <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crelly Slider", "slug": "crelly-slider", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a885e5db-dc84-46db-960e-63f62709e1b1?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a886bec4-acd6-4a15-aa42-7c31270ae1e0": { "id": "a886bec4-acd6-4a15-aa42-7c31270ae1e0", "title": "Table Maker <= 1.9.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Table Maker", "slug": "table-maker", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a886bec4-acd6-4a15-aa42-7c31270ae1e0?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a88e8853-3a52-462b-bde8-658a794545dc": { "id": "a88e8853-3a52-462b-bde8-658a794545dc", "title": "Comment License <= 1.3.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Comment License", "slug": "comment-license", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a88e8853-3a52-462b-bde8-658a794545dc?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8971d54-b54e-4e62-9db2-fa87d2564599": { "id": "a8971d54-b54e-4e62-9db2-fa87d2564599", "title": "Plugin for Google Reviews <= 3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Plugin for Google Reviews", "slug": "widget-google-reviews", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8971d54-b54e-4e62-9db2-fa87d2564599?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a89f795d-246d-4a3c-a7a7-5c9867d7a01e": { "id": "a89f795d-246d-4a3c-a7a7-5c9867d7a01e", "title": "Custom Post Carousels with Owl <= 1.4.6 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Post Carousels with Owl", "slug": "dd-post-carousel", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a89f795d-246d-4a3c-a7a7-5c9867d7a01e?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8a3ba35-3cc0-4a6b-bb96-6ae5a83e5ad6": { "id": "a8a3ba35-3cc0-4a6b-bb96-6ae5a83e5ad6", "title": "MainWP Dashboard <= 4.2.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MainWP Dashboard: WordPress Management without the SaaS", "slug": "mainwp", "affected_versions": { "* - 4.2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8a3ba35-3cc0-4a6b-bb96-6ae5a83e5ad6?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8a67cad-b52d-4294-9c27-13b1dc1f2e59": { "id": "a8a67cad-b52d-4294-9c27-13b1dc1f2e59", "title": "Creative Mail <= 1.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Creative Mail \u2013 Easier WordPress & WooCommerce Email Marketing", "slug": "creative-mail-by-constant-contact", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8a67cad-b52d-4294-9c27-13b1dc1f2e59?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8ada876-4a8b-494f-9132-d88a71b42c44": { "id": "a8ada876-4a8b-494f-9132-d88a71b42c44", "title": "Accordion <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Accordion", "slug": "accordions-wp", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8ada876-4a8b-494f-9132-d88a71b42c44?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8ae5712-09a8-45a4-9f79-3e5b7786e652": { "id": "a8ae5712-09a8-45a4-9f79-3e5b7786e652", "title": "Anti Hacker <= 4.34 - Cross-Site Request Forgery via antihacker_ajax_scan", "software": [ { "type": "plugin", "name": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan", "slug": "antihacker", "affected_versions": { "[*, 4.35)": { "from_version": "*", "from_inclusive": true, "to_version": "4.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8ae5712-09a8-45a4-9f79-3e5b7786e652?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8af7c85-977f-41aa-acbe-293dfa913577": { "id": "a8af7c85-977f-41aa-acbe-293dfa913577", "title": "Easy Property Listings <= 3.3.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Property Listings", "slug": "easy-property-listings", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8af7c85-977f-41aa-acbe-293dfa913577?source=api-scan" ], "published": "2019-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8b0bad8-7ee6-4c7c-95da-7adf37c9cb1f": { "id": "a8b0bad8-7ee6-4c7c-95da-7adf37c9cb1f", "title": "WooCommerce Products Vendor <= 2.1.68 - Insecure Direct Object Reference to Vendor Commission Percentage Update", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "* - 2.1.68": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8b0bad8-7ee6-4c7c-95da-7adf37c9cb1f?source=api-scan" ], "published": "2022-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8b0d708-4f74-4e6d-9581-f65caf976d45": { "id": "a8b0d708-4f74-4e6d-9581-f65caf976d45", "title": "WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Login Redirect", "slug": "woo-login-redirect", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8b0d708-4f74-4e6d-9581-f65caf976d45?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8b10d0c-e2fc-47a3-9df9-8df58eee964c": { "id": "a8b10d0c-e2fc-47a3-9df9-8df58eee964c", "title": "MStore API <= 4.0.6 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8b10d0c-e2fc-47a3-9df9-8df58eee964c?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8b1feee-431f-4406-b7c0-a7e71cb5f179": { "id": "a8b1feee-431f-4406-b7c0-a7e71cb5f179", "title": "VK All in One Expansion Unit <= 9.99.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VK All in One Expansion Unit", "slug": "vk-all-in-one-expansion-unit", "affected_versions": { "* - 9.99.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.99.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.99.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8b1feee-431f-4406-b7c0-a7e71cb5f179?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8b319be-f312-4d02-840f-e2a91c16b67a": { "id": "a8b319be-f312-4d02-840f-e2a91c16b67a", "title": "Automatic <= 3.92.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Automatic Plugin", "slug": "wp-automatic", "affected_versions": { "* - 3.92.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.92.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.92.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8b319be-f312-4d02-840f-e2a91c16b67a?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8b6dafb-7b2f-4459-95bd-eb7e147a4466": { "id": "a8b6dafb-7b2f-4459-95bd-eb7e147a4466", "title": "SiteOrigin Widgets Bundle <= 1.58.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SiteOrigin Widgets Bundle", "slug": "so-widgets-bundle", "affected_versions": { "* - 1.58.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.58.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.58.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8b6dafb-7b2f-4459-95bd-eb7e147a4466?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8be9c76-08aa-4d41-8599-cc3494be7e58": { "id": "a8be9c76-08aa-4d41-8599-cc3494be7e58", "title": "WooCommerce Product Attachment <= 2.1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Product Attachment for WooCommerce", "slug": "woo-product-attachment", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8be9c76-08aa-4d41-8599-cc3494be7e58?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8c08878-0f9f-4203-8110-a3772eb8de63": { "id": "a8c08878-0f9f-4203-8110-a3772eb8de63", "title": "Support Ticket System < 1.2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Support Ticket System", "slug": "simple-support-ticket-system", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8c08878-0f9f-4203-8110-a3772eb8de63?source=api-scan" ], "published": "2015-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8c547cc-2820-4138-b042-a0ec2e7f2fca": { "id": "a8c547cc-2820-4138-b042-a0ec2e7f2fca", "title": "Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8c547cc-2820-4138-b042-a0ec2e7f2fca?source=api-scan" ], "published": "2024-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8c8d839-d2a4-4b2a-ad61-a3cda7826636": { "id": "a8c8d839-d2a4-4b2a-ad61-a3cda7826636", "title": "Duplicate Post <= 1.4.1 - Cross-Site Request Forgery via 'cdp_action_handling' AJAX action", "software": [ { "type": "plugin", "name": "Duplicate Post", "slug": "copy-delete-posts", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8c8d839-d2a4-4b2a-ad61-a3cda7826636?source=api-scan" ], "published": "2023-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8ca195d-312b-41d2-a9d7-4d306fc800ce": { "id": "a8ca195d-312b-41d2-a9d7-4d306fc800ce", "title": "WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via wpFastestCachePage options, wpFastestCachePreload_number or wpFastestCacheLanguage parameter", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8ca195d-312b-41d2-a9d7-4d306fc800ce?source=api-scan" ], "published": "2018-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8d4dc12-ae17-477f-a8d2-da9747672a26": { "id": "a8d4dc12-ae17-477f-a8d2-da9747672a26", "title": "Ultimate Member <= 1.3.39 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 1.3.40)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.40", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8d4dc12-ae17-477f-a8d2-da9747672a26?source=api-scan" ], "published": "2016-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8d67bc0-8c21-43e8-bdcc-1235eca94fa7": { "id": "a8d67bc0-8c21-43e8-bdcc-1235eca94fa7", "title": "dsIDXpress < 2.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress IDX Real Estate Listings & MLS Search", "slug": "dsidxpress", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8d67bc0-8c21-43e8-bdcc-1235eca94fa7?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8e40f0a-9296-4113-8fff-0aea3c365c1a": { "id": "a8e40f0a-9296-4113-8fff-0aea3c365c1a", "title": "Popup Builder <= 4.2.5 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8e40f0a-9296-4113-8fff-0aea3c365c1a?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8e8d724-60fe-4333-8c55-cb7df0d4345d": { "id": "a8e8d724-60fe-4333-8c55-cb7df0d4345d", "title": "iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "iubenda | All-in-one Compliance for GDPR \/ CCPA Cookie Consent + more", "slug": "iubenda-cookie-law-solution", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8e8d724-60fe-4333-8c55-cb7df0d4345d?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8ea0559-dec7-4c20-956d-dbfe7bc67634": { "id": "a8ea0559-dec7-4c20-956d-dbfe7bc67634", "title": "Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8ea0559-dec7-4c20-956d-dbfe7bc67634?source=api-scan" ], "published": "2024-06-20 20:02:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8f31b4b-c8d8-4028-b419-f8396a5cb2a9": { "id": "a8f31b4b-c8d8-4028-b419-f8396a5cb2a9", "title": "External Media <= 1.0.33 - Authenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "External Media", "slug": "external-media", "affected_versions": { "[*, 1.0.34)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8f31b4b-c8d8-4028-b419-f8396a5cb2a9?source=api-scan" ], "published": "2021-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8f45c31-6e35-4f28-8f49-74cb08ff65bd": { "id": "a8f45c31-6e35-4f28-8f49-74cb08ff65bd", "title": "Typebot | Build beautiful conversational forms < 1.4.3 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Typebot | Create advanced chat experiences without coding", "slug": "typebot", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8f45c31-6e35-4f28-8f49-74cb08ff65bd?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a8f91e58-942c-417f-ad82-5bd99ab5e81a": { "id": "a8f91e58-942c-417f-ad82-5bd99ab5e81a", "title": "flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_set", "software": [ { "type": "plugin", "name": "flickrRSS", "slug": "flickr-rss", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a8f91e58-942c-417f-ad82-5bd99ab5e81a?source=api-scan" ], "published": "2018-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9000c52-fdd7-43e2-ae6a-9f127c4a9fcd": { "id": "a9000c52-fdd7-43e2-ae6a-9f127c4a9fcd", "title": "Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.7.51": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9000c52-fdd7-43e2-ae6a-9f127c4a9fcd?source=api-scan" ], "published": "2022-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a902e759-c55a-4c24-a0db-d1a49f3dee5a": { "id": "a902e759-c55a-4c24-a0db-d1a49f3dee5a", "title": "Noptin <= 3.4.2 - Missing Authorization to Unauthenticated Form Submission", "software": [ { "type": "plugin", "name": "Simple Newsletter Plugin \u2013 Noptin", "slug": "newsletter-optin-box", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a902e759-c55a-4c24-a0db-d1a49f3dee5a?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9057fc2-f346-47e5-964a-f3c5b1653c03": { "id": "a9057fc2-f346-47e5-964a-f3c5b1653c03", "title": "LMS by LifterLMS \u2013 Online Course, Membership & Learning Management System Plugin for WordPress < 4.21.2 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "[*, 4.21.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.21.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9057fc2-f346-47e5-964a-f3c5b1653c03?source=api-scan" ], "published": "2021-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a908ac17-666f-4725-86f4-c9af4589fb69": { "id": "a908ac17-666f-4725-86f4-c9af4589fb69", "title": "Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 2.8.22)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a908ac17-666f-4725-86f4-c9af4589fb69?source=api-scan" ], "published": "2023-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a90c51d9-c89a-4164-a732-89434a6e0b8e": { "id": "a90c51d9-c89a-4164-a732-89434a6e0b8e", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting in post_oxi_settings function", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a90c51d9-c89a-4164-a732-89434a6e0b8e?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a90e1628-3490-4aac-9e82-b3b9692813f0": { "id": "a90e1628-3490-4aac-9e82-b3b9692813f0", "title": "Shortcode Factory <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcode Factory", "slug": "shortcode-factory", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a90e1628-3490-4aac-9e82-b3b9692813f0?source=api-scan" ], "published": "2015-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a90ea845-9f7f-4a89-887d-cf4337f8471f": { "id": "a90ea845-9f7f-4a89-887d-cf4337f8471f", "title": "Google Analytics Opt-Out <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Analytics Opt-Out", "slug": "google-analytics-opt-out", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a90ea845-9f7f-4a89-887d-cf4337f8471f?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a910fd44-4de1-41e8-8da2-d72a2f835797": { "id": "a910fd44-4de1-41e8-8da2-d72a2f835797", "title": "W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a910fd44-4de1-41e8-8da2-d72a2f835797?source=api-scan" ], "published": "2014-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a913ca7e-8f61-4615-b7fb-863b111fe22e": { "id": "a913ca7e-8f61-4615-b7fb-863b111fe22e", "title": "OneSignal Web Push Notifications <=1.17.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OneSignal \u2013 Web Push Notifications", "slug": "onesignal-free-web-push-notifications", "affected_versions": { "* - 1.17.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.17.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a913ca7e-8f61-4615-b7fb-863b111fe22e?source=api-scan" ], "published": "2019-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9162c2e-e765-4bda-b09f-982603b5797a": { "id": "a9162c2e-e765-4bda-b09f-982603b5797a", "title": "WordPress Core <= 2.1.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9162c2e-e765-4bda-b09f-982603b5797a?source=api-scan" ], "published": "2007-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a91e8713-a760-4acd-9987-2a6b11dbdd56": { "id": "a91e8713-a760-4acd-9987-2a6b11dbdd56", "title": "WordPress Popular Posts <= 6.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Popular Posts", "slug": "wordpress-popular-posts", "affected_versions": { "[*, 6.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a91e8713-a760-4acd-9987-2a6b11dbdd56?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a922bf72-192e-457f-9c33-59835e9aff2a": { "id": "a922bf72-192e-457f-9c33-59835e9aff2a", "title": "Mautic Integration for WooCommerce < 1.0.3 - Cross-Site Request Forgery leading to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Mautic Integration for WooCommerce", "slug": "mautic-integration-for-woocommerce", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a922bf72-192e-457f-9c33-59835e9aff2a?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a923c84e-3641-45ec-970e-faea803897bf": { "id": "a923c84e-3641-45ec-970e-faea803897bf", "title": "Imediapixel Themes (Various Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Avanix - Responsive Business WordPress Theme", "slug": "avanix", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "ECOBIZ - Business WordPress Theme", "slug": "ecobiz", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "EBIZ - Corporate and Business Wordpress Theme", "slug": "ebiz", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "ovum - Clean and Minimalist Business Theme", "slug": "ovum", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a923c84e-3641-45ec-970e-faea803897bf?source=api-scan" ], "published": "2012-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a928247a-3eb5-4889-bd42-b0263f4cd140": { "id": "a928247a-3eb5-4889-bd42-b0263f4cd140", "title": "Modal Window \u2013 create popup modal window <= 5.2.1 - Cross-Site Request Forgery to Remote Code Execution", "software": [ { "type": "plugin", "name": "Modal Window \u2013 create popup modal window", "slug": "modal-window", "affected_versions": { "[*, 5.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a928247a-3eb5-4889-bd42-b0263f4cd140?source=api-scan" ], "published": "2021-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a92beff1-3bc6-459e-aeca-5cbdf2152388": { "id": "a92beff1-3bc6-459e-aeca-5cbdf2152388", "title": "Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys'", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a92beff1-3bc6-459e-aeca-5cbdf2152388?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a92d5176-4cf0-4a31-9dcc-a2dc3259d29b": { "id": "a92d5176-4cf0-4a31-9dcc-a2dc3259d29b", "title": "Complianz | GDPR\/CCPA Cookie Consent <= 6.4.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "[*, 6.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a92d5176-4cf0-4a31-9dcc-a2dc3259d29b?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a92e307d-b3c0-441a-abac-580a60dd44cf": { "id": "a92e307d-b3c0-441a-abac-580a60dd44cf", "title": "PDF Invoices & Packing Slips for WooCommerce <= 3.7.6 - Authenticated (Shop Manager+) SQL Injection", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "* - 3.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a92e307d-b3c0-441a-abac-580a60dd44cf?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a93c0dd4-8341-438d-8730-470e9a230d97": { "id": "a93c0dd4-8341-438d-8730-470e9a230d97", "title": "WooCommerce Product Vendors <= 2.1.76 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "* - 2.1.76": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a93c0dd4-8341-438d-8730-470e9a230d97?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a93f6dce-56e0-4131-ba26-65a0c6b2e9c5": { "id": "a93f6dce-56e0-4131-ba26-65a0c6b2e9c5", "title": "Yampi Checkout < = 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yampi Checkout", "slug": "yampi-checkout", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a93f6dce-56e0-4131-ba26-65a0c6b2e9c5?source=api-scan" ], "published": "2022-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9461354-0e69-47d9-a11c-838cfa94be67": { "id": "a9461354-0e69-47d9-a11c-838cfa94be67", "title": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin < 1.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9461354-0e69-47d9-a11c-838cfa94be67?source=api-scan" ], "published": "2014-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a946cca6-670b-4baf-a941-43d0a0261c0d": { "id": "a946cca6-670b-4baf-a941-43d0a0261c0d", "title": "Zingiri Web Shop Plugin <= 2.4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "zingiri-web-shop", "slug": "zingiri-web-shop", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a946cca6-670b-4baf-a941-43d0a0261c0d?source=api-scan" ], "published": "2012-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a94708ec-ab09-4604-80ec-5bd85799c6e4": { "id": "a94708ec-ab09-4604-80ec-5bd85799c6e4", "title": "Booking calendar, Appointment Booking System < 2.2.3 - Unauthenticated Parameter Manipulation", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a94708ec-ab09-4604-80ec-5bd85799c6e4?source=api-scan" ], "published": "2018-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9498085-87c7-47e7-aac8-c0397264a7eb": { "id": "a9498085-87c7-47e7-aac8-c0397264a7eb", "title": "WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.14": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.14", "to_inclusive": true }, "3.8 - 3.8.14": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true }, "3.9 - 3.9.12": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true }, "4.0 - 4.0.11": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true }, "4.1 - 4.1.11": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true }, "4.2 - 4.2.8": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.15", "3.8.15", "3.9.13", "4.0.12", "4.1.12", "4.2.9", "4.3.5", "4.4.4", "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9498085-87c7-47e7-aac8-c0397264a7eb?source=api-scan" ], "published": "2016-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a94accad-27c7-462b-b26f-0dde2036a7ba": { "id": "a94accad-27c7-462b-b26f-0dde2036a7ba", "title": "Spider Facebook <= 1.0.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WDSocialWidgets", "slug": "spider-facebook", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a94accad-27c7-462b-b26f-0dde2036a7ba?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9511f60-b07d-4601-aa2f-25083b24d9aa": { "id": "a9511f60-b07d-4601-aa2f-25083b24d9aa", "title": "Brave Popup Builder <= 0.6.5 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content", "slug": "brave-popup-builder", "affected_versions": { "* - 0.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9511f60-b07d-4601-aa2f-25083b24d9aa?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9565693-fd0b-4412-944c-81b3cd79492e": { "id": "a9565693-fd0b-4412-944c-81b3cd79492e", "title": "Views for WPForms <= 3.2.2 - Missing Authorization via create_view", "software": [ { "type": "plugin", "name": "Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend", "slug": "views-for-wpforms-lite", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9565693-fd0b-4412-944c-81b3cd79492e?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a95cbc9e-146a-4b6d-bfb7-9f7ea5ec394e": { "id": "a95cbc9e-146a-4b6d-bfb7-9f7ea5ec394e", "title": "Wr Age Verification <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wr Age Verification", "slug": "wr-age-verification", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a95cbc9e-146a-4b6d-bfb7-9f7ea5ec394e?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a95d7ff6-55ce-4d63-8433-60cece306628": { "id": "a95d7ff6-55ce-4d63-8433-60cece306628", "title": "Anywhere Flash Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anywhere Flash Embed", "slug": "anywhere-flash-embed", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a95d7ff6-55ce-4d63-8433-60cece306628?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a961d30e-f2cb-458d-8f1a-18f6e769efbc": { "id": "a961d30e-f2cb-458d-8f1a-18f6e769efbc", "title": "WP Discord Invite <= 2.4.1 - Reflected Cross-Site Scripting via webhook", "software": [ { "type": "plugin", "name": "WP Discord Invite", "slug": "wp-discord-invite", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a961d30e-f2cb-458d-8f1a-18f6e769efbc?source=api-scan" ], "published": "2023-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9636b15-1259-4c6e-8691-b1d573ef0417": { "id": "a9636b15-1259-4c6e-8691-b1d573ef0417", "title": "Theme Demo Import <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Theme Demo Import", "slug": "theme-demo-import", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9636b15-1259-4c6e-8691-b1d573ef0417?source=api-scan" ], "published": "2022-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a96ac71f-3dae-40eb-9268-d56688a5aa64": { "id": "a96ac71f-3dae-40eb-9268-d56688a5aa64", "title": "GEO my WordPress <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GEO my WP", "slug": "geo-my-wp", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a96ac71f-3dae-40eb-9268-d56688a5aa64?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a96c9047-9dea-4bc7-8982-8983930f7cfa": { "id": "a96c9047-9dea-4bc7-8982-8983930f7cfa", "title": "Augmented reality plugin <= 1.2.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Augmented reality plugin", "slug": "augmented-reality", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a96c9047-9dea-4bc7-8982-8983930f7cfa?source=api-scan" ], "published": "2020-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a96da08b-f43d-4432-8c47-c86a1a1299ae": { "id": "a96da08b-f43d-4432-8c47-c86a1a1299ae", "title": "Broadcast Live Video \u2013 Live Streaming < 4.27.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP", "slug": "videowhisper-live-streaming-integration", "affected_versions": { "[*, 4.27.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.27.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.27.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a96da08b-f43d-4432-8c47-c86a1a1299ae?source=api-scan" ], "published": "2014-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a971c80b-c71a-4c58-8291-c8918af034d9": { "id": "a971c80b-c71a-4c58-8291-c8918af034d9", "title": "Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "Simple 301 Redirects By BetterLinks \u2013 Easy WordPress Redirect Manager for Redirects, 404 Error Log & More", "slug": "simple-301-redirects", "affected_versions": { "2.0.0 - 2.0.3": { "from_version": "2.0.0", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a971c80b-c71a-4c58-8291-c8918af034d9?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a973dd0a-1a36-4ea2-a300-0f8bb277dfaa": { "id": "a973dd0a-1a36-4ea2-a300-0f8bb277dfaa", "title": "WordPress Core < 3.8.2 - Authentication Cookie Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.1": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true }, "3.8 - 3.8.1": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2", "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a973dd0a-1a36-4ea2-a300-0f8bb277dfaa?source=api-scan" ], "published": "2014-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9743351-9f28-49bf-8b08-85ffbdcfa5f0": { "id": "a9743351-9f28-49bf-8b08-85ffbdcfa5f0", "title": "Co-Authors Plus 3.5 - 3.5.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Co-Authors Plus", "slug": "co-authors-plus", "affected_versions": { "3.5 - 3.5.1": { "from_version": "3.5", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9743351-9f28-49bf-8b08-85ffbdcfa5f0?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9747cda-735c-4087-8c4d-9c445c6d1596": { "id": "a9747cda-735c-4087-8c4d-9c445c6d1596", "title": "WP Popups \u2013 WordPress Popup builder <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Popups \u2013 WordPress Popup builder", "slug": "wp-popups-lite", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9747cda-735c-4087-8c4d-9c445c6d1596?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a979e885-f7dd-4616-a881-64f3d97c309d": { "id": "a979e885-f7dd-4616-a881-64f3d97c309d", "title": "User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a979e885-f7dd-4616-a881-64f3d97c309d?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a97b3cf1-e7b7-41c6-8b7a-e06bda77f7f7": { "id": "a97b3cf1-e7b7-41c6-8b7a-e06bda77f7f7", "title": "Astra <= 4.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Theme Header\/Footer", "software": [ { "type": "theme", "name": "Astra", "slug": "astra", "affected_versions": { "* - 4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a97b3cf1-e7b7-41c6-8b7a-e06bda77f7f7?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a97f72f6-86f7-45dc-908a-292ba735071d": { "id": "a97f72f6-86f7-45dc-908a-292ba735071d", "title": "Page Builder by SiteOrigin <= 2.29.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode", "software": [ { "type": "plugin", "name": "Page Builder by SiteOrigin", "slug": "siteorigin-panels", "affected_versions": { "* - 2.29.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.29.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.29.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a97f72f6-86f7-45dc-908a-292ba735071d?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a97f74bf-c3a5-4bb3-a7fd-d3f43af6ec42": { "id": "a97f74bf-c3a5-4bb3-a7fd-d3f43af6ec42", "title": "Visualizer <= 3.10.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.10.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a97f74bf-c3a5-4bb3-a7fd-d3f43af6ec42?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a981e454-32ba-494d-b47f-769a1e544e16": { "id": "a981e454-32ba-494d-b47f-769a1e544e16", "title": "KiviCare <= 3.6.2 - Authenticated (Patient+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "KiviCare \u2013 Clinic & Patient Management System (EHR)", "slug": "kivicare-clinic-management-system", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a981e454-32ba-494d-b47f-769a1e544e16?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a98498b8-9397-42e9-9c99-a576975c9ac9": { "id": "a98498b8-9397-42e9-9c99-a576975c9ac9", "title": "Related Products for WooCommerce <= 3.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Related Products for WooCommerce", "slug": "woo-related-products-refresh-on-reload", "affected_versions": { "* - 3.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a98498b8-9397-42e9-9c99-a576975c9ac9?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9892dd1-3939-41a9-a828-fa1bf7d96eb8": { "id": "a9892dd1-3939-41a9-a828-fa1bf7d96eb8", "title": "PWA for WP & AMP < = 1.7.32 - Missing Authorization", "software": [ { "type": "plugin", "name": "PWA for WP & AMP", "slug": "pwa-for-wp", "affected_versions": { "* - 1.7.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9892dd1-3939-41a9-a828-fa1bf7d96eb8?source=api-scan" ], "published": "2021-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a98f6a68-5863-4147-86c4-8c19af469be3": { "id": "a98f6a68-5863-4147-86c4-8c19af469be3", "title": "Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Process Steps Template Designer", "slug": "process-steps-template-designer", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a98f6a68-5863-4147-86c4-8c19af469be3?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a992dd59-ac56-4da0-9be7-fe32df440e5b": { "id": "a992dd59-ac56-4da0-9be7-fe32df440e5b", "title": "Twenty20 Image Before-After <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Twenty20 Image Before-After", "slug": "twenty20", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a992dd59-ac56-4da0-9be7-fe32df440e5b?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9939ffe-a5d5-45cb-b673-665acf1ff09d": { "id": "a9939ffe-a5d5-45cb-b673-665acf1ff09d", "title": "GiveWP <= 2.25.1 - Cross-Site Request Forgery via process_bulk_action", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9939ffe-a5d5-45cb-b673-665acf1ff09d?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9992d0d-7c6e-4184-8f48-1515d50cc028": { "id": "a9992d0d-7c6e-4184-8f48-1515d50cc028", "title": "Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile", "software": [ { "type": "plugin", "name": "Quttera Web Malware Scanner", "slug": "quttera-web-malware-scanner", "affected_versions": { "* - 3.4.1.48": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9992d0d-7c6e-4184-8f48-1515d50cc028?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a99a64f7-1ea8-4de6-b24f-1f69bf25c1f5": { "id": "a99a64f7-1ea8-4de6-b24f-1f69bf25c1f5", "title": "Elementor Website Builder \u2013 More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.23.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.23.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a99a64f7-1ea8-4de6-b24f-1f69bf25c1f5?source=api-scan" ], "published": "2024-09-10 23:03:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a99b8eb9-1511-4ec0-98f4-c0e0c989fa28": { "id": "a99b8eb9-1511-4ec0-98f4-c0e0c989fa28", "title": "Slider Revolution <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.7.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a99b8eb9-1511-4ec0-98f4-c0e0c989fa28?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9a48769-94d9-459f-b34b-fdfe4c10b36c": { "id": "a9a48769-94d9-459f-b34b-fdfe4c10b36c", "title": "Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.5.9 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9a48769-94d9-459f-b34b-fdfe4c10b36c?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9af1429-32c5-4907-acf4-83efc6727bb8": { "id": "a9af1429-32c5-4907-acf4-83efc6727bb8", "title": "GiveWP <= 2.25.1 - Authenticated (Contributor+) Arbitrary Content Deletion", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9af1429-32c5-4907-acf4-83efc6727bb8?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9b074ed-2edd-4774-b0b2-dc08c9647094": { "id": "a9b074ed-2edd-4774-b0b2-dc08c9647094", "title": "Popular Brand Icons - Simple Icons <= 2.7.7 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popular Brand Icons \u2013 Simple Icons", "slug": "simple-icons", "affected_versions": { "[*, 2.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9b074ed-2edd-4774-b0b2-dc08c9647094?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9b1445f-3b6b-40fa-9a12-f55d63668dda": { "id": "a9b1445f-3b6b-40fa-9a12-f55d63668dda", "title": "MainWP Dashboard \u2013 The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MainWP Dashboard: WordPress Management without the SaaS", "slug": "mainwp", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9b1445f-3b6b-40fa-9a12-f55d63668dda?source=api-scan" ], "published": "2016-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9b2b094-9a2d-4c73-be5f-b2a6f3da9233": { "id": "a9b2b094-9a2d-4c73-be5f-b2a6f3da9233", "title": "Don8 <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Don8", "slug": "don8", "affected_versions": { "* - 0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9b2b094-9a2d-4c73-be5f-b2a6f3da9233?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9b45e9b-57a6-4bfd-b9e4-d07780370f02": { "id": "a9b45e9b-57a6-4bfd-b9e4-d07780370f02", "title": "NEX-Forms \u2013 Ultimate Form Builder <= 8.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9b45e9b-57a6-4bfd-b9e4-d07780370f02?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9b7a73c-6fba-4b5d-9f82-c3710cc8555d": { "id": "a9b7a73c-6fba-4b5d-9f82-c3710cc8555d", "title": "Popup Builder <= 4.1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "[*, 4.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9b7a73c-6fba-4b5d-9f82-c3710cc8555d?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9bbcb41-d604-45ec-a36a-4b41e8f7a508": { "id": "a9bbcb41-d604-45ec-a36a-4b41e8f7a508", "title": "Ajax Load More <= 7.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 7.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9bbcb41-d604-45ec-a36a-4b41e8f7a508?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9bd9617-254a-40b3-a1ec-00d30b75e1b8": { "id": "a9bd9617-254a-40b3-a1ec-00d30b75e1b8", "title": "Testimonials (Free <= 2.6, Pro < 1.0.7) - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Super Testimonials", "slug": "super-testimonial", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] }, { "type": "plugin", "name": "Testimonials Pro", "slug": "super-testimonial-pro", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9bd9617-254a-40b3-a1ec-00d30b75e1b8?source=api-scan" ], "published": "2022-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9bffba4-5bcd-4ef7-a8d8-84ba452827ab": { "id": "a9bffba4-5bcd-4ef7-a8d8-84ba452827ab", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9bffba4-5bcd-4ef7-a8d8-84ba452827ab?source=api-scan" ], "published": "2014-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9c41797-b256-47de-a783-18df36dd2234": { "id": "a9c41797-b256-47de-a783-18df36dd2234", "title": "Injection Guard <= 1.2.1 - Missing Authorization to Whitelist Update", "software": [ { "type": "plugin", "name": "Injection Guard", "slug": "injection-guard", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9c41797-b256-47de-a783-18df36dd2234?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9c4d444-0f55-44b2-b12e-5abc2a30c3fe": { "id": "a9c4d444-0f55-44b2-b12e-5abc2a30c3fe", "title": "Serial Numbers for WooCommerce \u2013 License Manager <= 2.0.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "WC Serial Numbers \u2013 Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce", "slug": "wc-serial-numbers", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9c4d444-0f55-44b2-b12e-5abc2a30c3fe?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9c4e296-f98a-4018-980d-173d5e7ade7b": { "id": "a9c4e296-f98a-4018-980d-173d5e7ade7b", "title": "Donations Made Easy \u2013 Smart Donations <= 4.0.12 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Donations Made Easy \u2013 Smart Donations", "slug": "smart-donations", "affected_versions": { "* - 4.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9c4e296-f98a-4018-980d-173d5e7ade7b?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9c500fc-0d85-41b1-a2b8-9c8ba372a6e3": { "id": "a9c500fc-0d85-41b1-a2b8-9c8ba372a6e3", "title": "Original texts Yandex WebMaster <= 1.18 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Original texts Yandex WebMaster", "slug": "original-texts-yandex-webmaster", "affected_versions": { "* - 1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9c500fc-0d85-41b1-a2b8-9c8ba372a6e3?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9c6c35f-1095-4897-b4a6-e7b295c187de": { "id": "a9c6c35f-1095-4897-b4a6-e7b295c187de", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9c6c35f-1095-4897-b4a6-e7b295c187de?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9c7d539-2ea7-4f72-b0d2-6082e26918ce": { "id": "a9c7d539-2ea7-4f72-b0d2-6082e26918ce", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.3.58 - SQL Injection", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "* - 1.3.58": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.58", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9c7d539-2ea7-4f72-b0d2-6082e26918ce?source=api-scan" ], "published": "2014-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9c82154-d390-44ba-a54a-89f4bb69cdce": { "id": "a9c82154-d390-44ba-a54a-89f4bb69cdce", "title": "Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9ca2479-10ce-42ec-a9f3-0f91119d9525": { "id": "a9ca2479-10ce-42ec-a9f3-0f91119d9525", "title": "Frontend Dashboard <= 2.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Frontend Dashboard", "slug": "frontend-dashboard", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9ca2479-10ce-42ec-a9f3-0f91119d9525?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc": { "id": "a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc", "title": "Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Abandoned Cart Pro for WooCommerce", "slug": "woocommerce-abandoned-cart-pro", "affected_versions": { "* - 7.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.0" ] }, { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "[*, 5.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=api-scan" ], "published": "2019-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9d11f3a-eb28-4a80-8970-8ad05284a5b4": { "id": "a9d11f3a-eb28-4a80-8970-8ad05284a5b4", "title": "Easy PayPal Buy Now Button <= 1.9 - Unauthenticated Open Redirect", "software": [ { "type": "plugin", "name": "Easy PayPal & Stripe Buy Now Button", "slug": "wp-ecommerce-paypal", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9d11f3a-eb28-4a80-8970-8ad05284a5b4?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9d95af5-96da-4259-98c6-e2c4c574a896": { "id": "a9d95af5-96da-4259-98c6-e2c4c574a896", "title": "Royal Elementor Addons and Templates <= 1.3.78 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.78": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.78", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.79" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9d95af5-96da-4259-98c6-e2c4c574a896?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9db002f-ff41-493a-87b1-5f0b4b07cfc2": { "id": "a9db002f-ff41-493a-87b1-5f0b4b07cfc2", "title": "AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9.2": { "from_version": "4.9.2", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.1", "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9ddbb9c-c2c9-4e34-ac22-2afe8050e15b": { "id": "a9ddbb9c-c2c9-4e34-ac22-2afe8050e15b", "title": "WP-RecentComments <= 2.0.7 - SQL Injection", "software": [ { "type": "plugin", "name": "WP-RecentComments", "slug": "wp-recentcomments", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9ddbb9c-c2c9-4e34-ac22-2afe8050e15b?source=api-scan" ], "published": "2011-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9e18f26-ddc2-4ed4-89e7-20c7c086f446": { "id": "a9e18f26-ddc2-4ed4-89e7-20c7c086f446", "title": "BuddyBoss Theme <= 2.4.61 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "BuddyBoss Theme", "slug": "buddyboss-theme", "affected_versions": { "* - 2.4.61": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.61", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9e18f26-ddc2-4ed4-89e7-20c7c086f446?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9e4b14f-0f55-47bc-8e40-19b262e50561": { "id": "a9e4b14f-0f55-47bc-8e40-19b262e50561", "title": "ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'", "software": [ { "type": "plugin", "name": "ElementsKit Pro", "slug": "elementskit", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9e4b14f-0f55-47bc-8e40-19b262e50561?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9e4e989-8e55-4ea7-8f42-9f67cfab1168": { "id": "a9e4e989-8e55-4ea7-8f42-9f67cfab1168", "title": "Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation\/Deactivation", "software": [ { "type": "theme", "name": "Newspaper X", "slug": "newspaper-x", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] }, { "type": "theme", "name": "Brilliance", "slug": "brilliance", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "theme", "name": "Activello", "slug": "activello", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=api-scan" ], "published": "2020-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9e67057-7086-4108-a629-87610a12ec19": { "id": "a9e67057-7086-4108-a629-87610a12ec19", "title": "weForms <= 1.6.13 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress", "slug": "weforms", "affected_versions": { "* - 1.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9e67057-7086-4108-a629-87610a12ec19?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9ed9a77-5a51-4664-a8a5-579824f8eae7": { "id": "a9ed9a77-5a51-4664-a8a5-579824f8eae7", "title": "Shop Page WP <= 1.2.7 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shop Page WP", "slug": "shop-page-wp", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9ed9a77-5a51-4664-a8a5-579824f8eae7?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9ee709d-6590-4c07-9788-6150733c1691": { "id": "a9ee709d-6590-4c07-9788-6150733c1691", "title": "Booking Manager <= 2.0.28 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Booking Manager \u2013 Sync WP Booking Calendar \u2013 Import Events, Export Bookings to ICS Calendar", "slug": "booking-manager", "affected_versions": { "* - 2.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9ee709d-6590-4c07-9788-6150733c1691?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9ee90c4-e9ab-426e-8b92-217de43bd2e4": { "id": "a9ee90c4-e9ab-426e-8b92-217de43bd2e4", "title": "Workreap <= 2.6.3 - Insecure Direct Object Reference", "software": [ { "type": "theme", "name": "Workreap - Freelance Marketplace and Directory WordPress Theme", "slug": "workreap", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9ee90c4-e9ab-426e-8b92-217de43bd2e4?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "a9ef7742-e6f8-4350-90e9-242d9d1b12a0": { "id": "a9ef7742-e6f8-4350-90e9-242d9d1b12a0", "title": "Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/a9ef7742-e6f8-4350-90e9-242d9d1b12a0?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa080b36-01ce-496a-9938-9715f0131e29": { "id": "aa080b36-01ce-496a-9938-9715f0131e29", "title": "Canto <= 3.0.6 - Remote File Inclusion to Code Execution", "software": [ { "type": "plugin", "name": "Canto", "slug": "canto", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa080b36-01ce-496a-9938-9715f0131e29?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa105250-7d19-49c9-af20-6d5e033314e6": { "id": "aa105250-7d19-49c9-af20-6d5e033314e6", "title": "WP-Polls <= 2.73 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Polls", "slug": "wp-polls", "affected_versions": { "* - 2.73": { "from_version": "*", "from_inclusive": true, "to_version": "2.73", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.73.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa105250-7d19-49c9-af20-6d5e033314e6?source=api-scan" ], "published": "2016-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa13426a-2d4e-4268-bc0d-e496bc9e6f33": { "id": "aa13426a-2d4e-4268-bc0d-e496bc9e6f33", "title": "Ko-fi Button <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ko-fi Button", "slug": "ko-fi-button", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa13426a-2d4e-4268-bc0d-e496bc9e6f33?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa13c293-0530-478c-acfc-f7d69edae318": { "id": "aa13c293-0530-478c-acfc-f7d69edae318", "title": "ansi-regex >=2.1.1 <3.0.1 >=4.0.0 <4.1.1 >=5.0.0 <5.0.1 >=6.0.0 <6.0.1 - Regular Expression Denial of Service (ReDoS)", "software": [ { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa13c293-0530-478c-acfc-f7d69edae318?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa14909c-58f6-40f1-af50-eb1a0d2333de": { "id": "aa14909c-58f6-40f1-af50-eb1a0d2333de", "title": "Event Espresso Free\/Lite <= 3.1.37.12.L - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Event Expresso Free", "slug": "event-espresso-free", "affected_versions": { "* - 3.1.37.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.37.12", "to_inclusive": true }, "* - 3.1.37.12.L": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.37.12.L", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.37.14", "3.1.37.14L" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa14909c-58f6-40f1-af50-eb1a0d2333de?source=api-scan" ], "published": "2019-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa154536-9f9f-48c3-96c7-4091991e4f6c": { "id": "aa154536-9f9f-48c3-96c7-4091991e4f6c", "title": "LiquidPoll \u2013 Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon", "software": [ { "type": "plugin", "name": "LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews", "slug": "wp-poll", "affected_versions": { "* - 3.3.68": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa154536-9f9f-48c3-96c7-4091991e4f6c?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa157c80-447f-4406-9e49-9cc6208b7b19": { "id": "aa157c80-447f-4406-9e49-9cc6208b7b19", "title": "InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "InfiniteWP Client", "slug": "iwp-client", "affected_versions": { "* - 1.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa157c80-447f-4406-9e49-9cc6208b7b19?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa15df6a-3411-4d69-8337-a3944ceae9ee": { "id": "aa15df6a-3411-4d69-8337-a3944ceae9ee", "title": "Multiple Page Generator Plugin \u2013 MPG <= 3.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa15df6a-3411-4d69-8337-a3944ceae9ee?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa16ab9f-4fb1-43de-bfbb-bd6caf6a68dc": { "id": "aa16ab9f-4fb1-43de-bfbb-bd6caf6a68dc", "title": "Kopa Framework <= 1.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Kopa Framework", "slug": "kopatheme", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa16ab9f-4fb1-43de-bfbb-bd6caf6a68dc?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa16cbeb-b3ba-4ef4-83ef-69d8ebd3738f": { "id": "aa16cbeb-b3ba-4ef4-83ef-69d8ebd3738f", "title": "Simple Flash Video <= 1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "simple-flash-video", "slug": "simple-flash-video", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa16cbeb-b3ba-4ef4-83ef-69d8ebd3738f?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa174135-d7aa-44f1-8924-44313fc70a75": { "id": "aa174135-d7aa-44f1-8924-44313fc70a75", "title": "WooCommerce GoCardless Gateway <= 2.5.6 - Unauthenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WooCommerce GoCardless Gateway", "slug": "woocommerce-gateway-gocardless", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa174135-d7aa-44f1-8924-44313fc70a75?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa178e13-b4a5-4847-ac0e-9f14f8c9b446": { "id": "aa178e13-b4a5-4847-ac0e-9f14f8c9b446", "title": "WP Plugin Manager (wppm) <= 1.6.4.b - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wppm", "slug": "wppm", "affected_versions": { "* - 1.6.4.b": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4.b", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa178e13-b4a5-4847-ac0e-9f14f8c9b446?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa18de7f-e645-4d1b-90d5-d47ee7e1d52d": { "id": "aa18de7f-e645-4d1b-90d5-d47ee7e1d52d", "title": "Tagembed <= 5.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds", "slug": "tagembed-widget", "affected_versions": { "* - 5.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa18de7f-e645-4d1b-90d5-d47ee7e1d52d?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa197b6b-be18-48c2-a7e3-d921b4ef1c54": { "id": "aa197b6b-be18-48c2-a7e3-d921b4ef1c54", "title": "XStore <= 9.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "XStore", "slug": "xstore", "affected_versions": { "* - 9.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa197b6b-be18-48c2-a7e3-d921b4ef1c54?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa26e595-947c-4327-bbe1-c347688f1209": { "id": "aa26e595-947c-4327-bbe1-c347688f1209", "title": "MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MIMO Woocommerce Order Tracking", "slug": "mimo-woocommerce-order-tracking", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa26e595-947c-4327-bbe1-c347688f1209?source=api-scan" ], "published": "2024-06-18 14:42:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa26e958-4850-451b-88eb-d48fc0c7feb7": { "id": "aa26e958-4850-451b-88eb-d48fc0c7feb7", "title": "Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa290a4b-06b6-4057-ae56-1c0b74b2ee5a": { "id": "aa290a4b-06b6-4057-ae56-1c0b74b2ee5a", "title": "Finale Lite <= 2.18.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce", "slug": "finale-woocommerce-sales-countdown-timer-discount", "affected_versions": { "* - 2.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa290a4b-06b6-4057-ae56-1c0b74b2ee5a?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa2bd74a-563a-4a2d-b1d7-b3678db82b00": { "id": "aa2bd74a-563a-4a2d-b1d7-b3678db82b00", "title": "Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translate WordPress \u2013 Google Language Translator", "slug": "google-language-translator", "affected_versions": { "[*, 6.0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa2bd74a-563a-4a2d-b1d7-b3678db82b00?source=api-scan" ], "published": "2021-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa309da6-6552-43e4-aeea-f822493dd029": { "id": "aa309da6-6552-43e4-aeea-f822493dd029", "title": "Export Users to CSV < 1.4 - CSV Injection", "software": [ { "type": "plugin", "name": "Export Users to CSV", "slug": "export-users", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa309da6-6552-43e4-aeea-f822493dd029?source=api-scan" ], "published": "2019-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa32a790-242f-4142-9f4d-e1b2a07045bb": { "id": "aa32a790-242f-4142-9f4d-e1b2a07045bb", "title": "Live Chat with Facebook Messenger <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Live Chat with Facebook Messenger", "slug": "wp-facebook-messenger", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa32a790-242f-4142-9f4d-e1b2a07045bb?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa34fdd1-5a04-43c6-a005-17be1256b09e": { "id": "aa34fdd1-5a04-43c6-a005-17be1256b09e", "title": "Related Posts <= 1.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Related Posts", "slug": "related-posts", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa34fdd1-5a04-43c6-a005-17be1256b09e?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa355718-c08f-4a22-bf6e-697af267ad12": { "id": "aa355718-c08f-4a22-bf6e-697af267ad12", "title": "Snazzy Maps <= 1.1.4 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Snazzy Maps", "slug": "snazzy-maps", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa355718-c08f-4a22-bf6e-697af267ad12?source=api-scan" ], "published": "2018-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa3e27ca-8837-4cd8-a233-ad1eed365f7c": { "id": "aa3e27ca-8837-4cd8-a233-ad1eed365f7c", "title": "ReFlex Gallery < 1.4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ReFlex Gallery \u00bb WordPress Photo Gallery", "slug": "reflex-gallery", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa3e27ca-8837-4cd8-a233-ad1eed365f7c?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa3ff74a-a38e-4cb3-b0b8-99fb16185f42": { "id": "aa3ff74a-a38e-4cb3-b0b8-99fb16185f42", "title": "Zedity \u2013 The Layout-Free Content Editor < 2.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zedity \u2013 The Layout-Free Content Editor", "slug": "zedity", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa3ff74a-a38e-4cb3-b0b8-99fb16185f42?source=api-scan" ], "published": "2014-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa4244d3-a611-416d-8159-2f6a8cf61b30": { "id": "aa4244d3-a611-416d-8159-2f6a8cf61b30", "title": "WebinarIgnition <= 3.05.0 - Authenticated(Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Webinar Solution: Create live\/evergreen\/automated\/instant webinars, stream & Zoom Meetings | WebinarIgnition", "slug": "webinar-ignition", "affected_versions": { "* - 3.05.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.05.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.05.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa4244d3-a611-416d-8159-2f6a8cf61b30?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa4377a8-bcf4-45ba-824b-3505bd8e8c61": { "id": "aa4377a8-bcf4-45ba-824b-3505bd8e8c61", "title": "Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Content Views \u2013 Post Grid & Filter, Recent Posts, Category Posts \u2026 (Shortcode, Blocks, and Elementor Widgets)", "slug": "content-views-query-and-display-post-page", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=api-scan" ], "published": "2024-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa441e45-9c33-483e-8332-49ac4dc7eaa3": { "id": "aa441e45-9c33-483e-8332-49ac4dc7eaa3", "title": "WP Popups <= 2.1.4.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Popups \u2013 WordPress Popup builder", "slug": "wp-popups-lite", "affected_versions": { "* - 2.1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa441e45-9c33-483e-8332-49ac4dc7eaa3?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa464547-0380-4b91-a5ea-0cd9a66da7a7": { "id": "aa464547-0380-4b91-a5ea-0cd9a66da7a7", "title": "MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "* - 4.9.16": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa464547-0380-4b91-a5ea-0cd9a66da7a7?source=api-scan" ], "published": "2024-09-20 20:24:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa46842f-ed07-4f72-aedb-aa27baecd79c": { "id": "aa46842f-ed07-4f72-aedb-aa27baecd79c", "title": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "* - 2.15.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa46842f-ed07-4f72-aedb-aa27baecd79c?source=api-scan" ], "published": "2024-10-10 19:11:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa5075a8-1da1-4738-ad4b-b6c323d772ee": { "id": "aa5075a8-1da1-4738-ad4b-b6c323d772ee", "title": "RD Station <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RD Station", "slug": "integracao-rd-station", "affected_versions": { "* - 5.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa5075a8-1da1-4738-ad4b-b6c323d772ee?source=api-scan" ], "published": "2024-09-04 21:25:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa5505b7-2d9e-4a03-9655-75d004f53259": { "id": "aa5505b7-2d9e-4a03-9655-75d004f53259", "title": "CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "CBX Map for Google Map & OpenStreetMap", "slug": "cbxgooglemap", "affected_versions": { "* - 1.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa5505b7-2d9e-4a03-9655-75d004f53259?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa55dfe1-7ee8-4d25-a9f6-cbefeebb1376": { "id": "aa55dfe1-7ee8-4d25-a9f6-cbefeebb1376", "title": "Shopping Cart & eCommerce Store <= 5.7.2 - Authenticated (Contributor+) SQL Injection via model_number Parameter", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa55dfe1-7ee8-4d25-a9f6-cbefeebb1376?source=api-scan" ], "published": "2024-08-19 11:55:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa5bdaf9-fbde-40d4-a72a-fd24489818b3": { "id": "aa5bdaf9-fbde-40d4-a72a-fd24489818b3", "title": "Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa5bdaf9-fbde-40d4-a72a-fd24489818b3?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa5c23ed-7239-40e1-a795-1ae8d4c2d6c8": { "id": "aa5c23ed-7239-40e1-a795-1ae8d4c2d6c8", "title": "Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Tutor LMS Pro", "slug": "tutor-pro", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa5c23ed-7239-40e1-a795-1ae8d4c2d6c8?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa5ee133-e38a-4dfe-975c-f194aa6e90b8": { "id": "aa5ee133-e38a-4dfe-975c-f194aa6e90b8", "title": "WP Knowledgebase <= 1.3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Knowledge base & Documentation Plugin \u2013 WP Knowledgebase", "slug": "wp-knowledgebase", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa5ee133-e38a-4dfe-975c-f194aa6e90b8?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa5f7f2a-c7b7-4339-a608-51fd684c18bf": { "id": "aa5f7f2a-c7b7-4339-a608-51fd684c18bf", "title": "Simple Download Counter <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Download Counter", "slug": "simple-download-counter", "affected_versions": { "1.6": { "from_version": "1.6", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa5f7f2a-c7b7-4339-a608-51fd684c18bf?source=api-scan" ], "published": "2023-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa60ed7c-baf3-4308-b4bf-1baa928d8e37": { "id": "aa60ed7c-baf3-4308-b4bf-1baa928d8e37", "title": "Disqus Comment System < 2.79 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Disqus Comment System", "slug": "disqus-comment-system", "affected_versions": { "[*, 2.79)": { "from_version": "*", "from_inclusive": true, "to_version": "2.79", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.79" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa60ed7c-baf3-4308-b4bf-1baa928d8e37?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa64d6b4-5673-4d88-b5c7-d3441eaa0706": { "id": "aa64d6b4-5673-4d88-b5c7-d3441eaa0706", "title": "WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection via 'value'", "software": [ { "type": "plugin", "name": "WP Popup Banners", "slug": "wp-popup-banners", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa64d6b4-5673-4d88-b5c7-d3441eaa0706?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa657530-7c85-4399-94bb-feaa7d21a47a": { "id": "aa657530-7c85-4399-94bb-feaa7d21a47a", "title": "Betheme <= 26.6.2 - Missing Authorization to Post Status Change", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "26.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa657530-7c85-4399-94bb-feaa7d21a47a?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa66da82-8733-41cb-a276-620577d79e44": { "id": "aa66da82-8733-41cb-a276-620577d79e44", "title": "BWL Advanced FAQ Manager <= 2.0.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "BWL Advanced FAQ Manager", "slug": "bwl-advanced-faq-manager", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa66da82-8733-41cb-a276-620577d79e44?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa698e7e-b1c7-4ead-aa2e-7fbfc9dfac80": { "id": "aa698e7e-b1c7-4ead-aa2e-7fbfc9dfac80", "title": "The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true }, "4.0 - 4.1.9": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7", "4.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa698e7e-b1c7-4ead-aa2e-7fbfc9dfac80?source=api-scan" ], "published": "2021-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa6adda7-5eba-483c-a759-6f8a92da75e3": { "id": "aa6adda7-5eba-483c-a759-6f8a92da75e3", "title": "MainWP iThemes Security Extension <= 4.1.1 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP iThemes Security Extension", "slug": "mainwp-ithemes-security-extension", "affected_versions": { "4.1.1.": { "from_version": "4.1.1.", "from_inclusive": true, "to_version": "4.1.1.", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa6adda7-5eba-483c-a759-6f8a92da75e3?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa6b63bc-6e5f-498e-83e1-45e8e6c72df4": { "id": "aa6b63bc-6e5f-498e-83e1-45e8e6c72df4", "title": "Task Manager Pro <= 1.3.1 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "Task Manager Pro - Task Management Plugin For Wordpress", "slug": "task-manager-pro", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa6b63bc-6e5f-498e-83e1-45e8e6c72df4?source=api-scan" ], "published": "2017-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa70238b-530e-4c90-82f4-c3113887d0e1": { "id": "aa70238b-530e-4c90-82f4-c3113887d0e1", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.23": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa70238b-530e-4c90-82f4-c3113887d0e1?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa7276bb-6a9b-4cbd-8333-14c4dfac4108": { "id": "aa7276bb-6a9b-4cbd-8333-14c4dfac4108", "title": "Debug <= 1.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Debug", "slug": "debug", "affected_versions": { "* - 1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa7276bb-6a9b-4cbd-8333-14c4dfac4108?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa735320-f7fe-4e51-9f9a-f4c8f3ddc2e7": { "id": "aa735320-f7fe-4e51-9f9a-f4c8f3ddc2e7", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.3.14)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa735320-f7fe-4e51-9f9a-f4c8f3ddc2e7?source=api-scan" ], "published": "2018-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa769d51-8718-42e9-9070-0b878442dbc7": { "id": "aa769d51-8718-42e9-9070-0b878442dbc7", "title": "Pricing Table <= 2.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Pricing Table", "slug": "elfsight-pricing-table", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa769d51-8718-42e9-9070-0b878442dbc7?source=api-scan" ], "published": "2024-07-08 20:06:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa7aad43-54b4-4b9f-9584-292e40be71bc": { "id": "aa7aad43-54b4-4b9f-9584-292e40be71bc", "title": "WP\u8d44\u6e90\u4e0b\u8f7d\u7ba1\u7406 <= 1.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP\u8d44\u6e90\u4e0b\u8f7d\u7ba1\u7406", "slug": "download-info-page", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa7aad43-54b4-4b9f-9584-292e40be71bc?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa7fe608-55cf-4299-993e-cb262dd74880": { "id": "aa7fe608-55cf-4299-993e-cb262dd74880", "title": "Rife Free <= 2.4.18 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Rife Free", "slug": "rife-free", "affected_versions": { "* - 2.4.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.19" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa7fe608-55cf-4299-993e-cb262dd74880?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa85abba-e13f-42cd-8f13-432ed375fb37": { "id": "aa85abba-e13f-42cd-8f13-432ed375fb37", "title": "Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Collapse-O-Matic", "slug": "jquery-collapse-o-matic", "affected_versions": { "* - 1.8.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa85abba-e13f-42cd-8f13-432ed375fb37?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa8a095b-abda-4a12-a4b9-246cda41fb4e": { "id": "aa8a095b-abda-4a12-a4b9-246cda41fb4e", "title": "WordPress Core < 4.9.1- Stored Cross-Site Scripting via Language", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.23": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.23", "to_inclusive": true }, "3.8 - 3.8.23": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.23", "to_inclusive": true }, "3.9 - 3.9.21": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.21", "to_inclusive": true }, "4.0 - 4.0.20": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.20", "to_inclusive": true }, "4.1 - 4.1.20": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.20", "to_inclusive": true }, "4.2 - 4.2.17": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.17", "to_inclusive": true }, "4.3 - 4.3.13": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.13", "to_inclusive": true }, "4.4 - 4.4.12": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.12", "to_inclusive": true }, "4.5 - 4.5.11": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.11", "to_inclusive": true }, "4.6 - 4.6.8": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.8", "to_inclusive": true }, "4.7 - 4.7.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true }, "4.8 - 4.8.3": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": true }, "4.9": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.24", "3.8.24", "3.9.22", "4.0.21", "4.1.21", "4.2.18", "4.3.14", "4.4.13", "4.5.12", "4.6.9", "4.7.8", "4.8.4", "4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa8a095b-abda-4a12-a4b9-246cda41fb4e?source=api-scan" ], "published": "2017-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa8c5c44-235a-4839-9dc4-064ef25abfac": { "id": "aa8c5c44-235a-4839-9dc4-064ef25abfac", "title": "CubeWP Forms \u2013 All-in-One Form Builder <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CubeWP Forms \u2013 All-in-One Form Builder", "slug": "cubewp-forms", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa8c5c44-235a-4839-9dc4-064ef25abfac?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa8df7ee-5308-4993-ac49-e2e58f3eaf60": { "id": "aa8df7ee-5308-4993-ac49-e2e58f3eaf60", "title": "Caldera Forms <= 1.5.9.1 - Cross Site Scripting", "software": [ { "type": "plugin", "name": "Caldera Forms \u2013 More Than Contact Forms", "slug": "caldera-forms", "affected_versions": { "* - 1.5.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa8df7ee-5308-4993-ac49-e2e58f3eaf60?source=api-scan" ], "published": "2018-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa8f75dc-7ecd-498d-b41a-e788b4d4bcdd": { "id": "aa8f75dc-7ecd-498d-b41a-e788b4d4bcdd", "title": "eShop <= 6.3.14 - Multiple SQL Injections", "software": [ { "type": "plugin", "name": "eShop", "slug": "eshop", "affected_versions": { "* - 6.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa8f75dc-7ecd-498d-b41a-e788b4d4bcdd?source=api-scan" ], "published": "2016-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa916029-b526-4ff3-ba70-2875b62d33a6": { "id": "aa916029-b526-4ff3-ba70-2875b62d33a6", "title": "Quick Subscribe <= 1.7.1 - Cross-Site Request Forgery to Arbitrary Settings Update and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Subscribe", "slug": "quick-subscribe", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa916029-b526-4ff3-ba70-2875b62d33a6?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aa9c2a67-e254-4dde-9f58-81281e98cdb2": { "id": "aa9c2a67-e254-4dde-9f58-81281e98cdb2", "title": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aa9c2a67-e254-4dde-9f58-81281e98cdb2?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aaa041a3-d8e5-4637-b8da-5f07c498685a": { "id": "aaa041a3-d8e5-4637-b8da-5f07c498685a", "title": "Alt Manager <= 1.6.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Alt Manager", "slug": "alt-manager", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aaa041a3-d8e5-4637-b8da-5f07c498685a?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aaa2f738-4764-467c-9544-889ca8ba73d1": { "id": "aaa2f738-4764-467c-9544-889ca8ba73d1", "title": "DELUCKS SEO < 2.1.8 - Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "DELUCKS SEO", "slug": "delucks-seo", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aaa2f738-4764-467c-9544-889ca8ba73d1?source=api-scan" ], "published": "2019-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aab0bb92-5474-429d-b6ff-2a7662183a27": { "id": "aab0bb92-5474-429d-b6ff-2a7662183a27", "title": "Stockholm <= 9.6 - Unauthenticated Local File Inclusion", "software": [ { "type": "theme", "name": "Stockholm", "slug": "stockholm", "affected_versions": { "* - 9.6": { "from_version": "*", "from_inclusive": true, "to_version": "9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aab0bb92-5474-429d-b6ff-2a7662183a27?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aab16b6f-4daf-4eb1-9526-dd05b2b41dee": { "id": "aab16b6f-4daf-4eb1-9526-dd05b2b41dee", "title": "MapPress Maps for WordPress <= 2.85.4 - Authenticated (Contributor+) SQL Injection via get_maps", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "* - 2.85.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.85.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.85.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aab16b6f-4daf-4eb1-9526-dd05b2b41dee?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aab3016d-5834-4b4a-a206-0b626884b335": { "id": "aab3016d-5834-4b4a-a206-0b626884b335", "title": "All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "All in One B2B for WooCommerce", "slug": "all-in-one-b2b-for-woocommerce", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aab3016d-5834-4b4a-a206-0b626884b335?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aab42989-b928-492f-a610-d2a5546751e0": { "id": "aab42989-b928-492f-a610-d2a5546751e0", "title": "Persuasion <= 2.4 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Persuasion", "slug": "persuasion", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aab42989-b928-492f-a610-d2a5546751e0?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aab54795-31e7-4ef4-8a80-7443abaa3f21": { "id": "aab54795-31e7-4ef4-8a80-7443abaa3f21", "title": "Passwordless Login <= 1.1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Passwordless Login", "slug": "passwordless-login", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aab54795-31e7-4ef4-8a80-7443abaa3f21?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aac382a7-0548-4c5a-b82b-f173ff449d23": { "id": "aac382a7-0548-4c5a-b82b-f173ff449d23", "title": "JS Multi Hotel <= 2.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JS Multi Hotel", "slug": "js-multihotel", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aac382a7-0548-4c5a-b82b-f173ff449d23?source=api-scan" ], "published": "2014-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aac3fb8e-9b92-4ed1-ac9f-50870d4c5c9f": { "id": "aac3fb8e-9b92-4ed1-ac9f-50870d4c5c9f", "title": "Flexmls\u00ae IDX Plugin <= 3.14.22 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flexmls\u00ae IDX Plugin", "slug": "flexmls-idx", "affected_versions": { "* - 3.14.22": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aac3fb8e-9b92-4ed1-ac9f-50870d4c5c9f?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aac6fcee-cb8b-4862-a1f1-9af692ae741f": { "id": "aac6fcee-cb8b-4862-a1f1-9af692ae741f", "title": "Bulk change of posts terms and post types <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bulk change of posts terms and post types", "slug": "bulk-change", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aac6fcee-cb8b-4862-a1f1-9af692ae741f?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aac9569e-d33d-45b3-bd03-2e7f48536ae5": { "id": "aac9569e-d33d-45b3-bd03-2e7f48536ae5", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aac9569e-d33d-45b3-bd03-2e7f48536ae5?source=api-scan" ], "published": "2024-06-25 13:45:59", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aac9be6c-7498-482e-8c38-da17a2c7f00a": { "id": "aac9be6c-7498-482e-8c38-da17a2c7f00a", "title": "RSVP Events <= 2.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSVP Events", "slug": "eventon-rsvp", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aac9be6c-7498-482e-8c38-da17a2c7f00a?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aac9e0cb-cc1e-4041-bb92-21f94c8d35fd": { "id": "aac9e0cb-cc1e-4041-bb92-21f94c8d35fd", "title": "Project Status <= 1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Project Status", "slug": "project-status", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aac9e0cb-cc1e-4041-bb92-21f94c8d35fd?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aacd4a33-499d-4630-a0fb-8a1acfcfb7dd": { "id": "aacd4a33-499d-4630-a0fb-8a1acfcfb7dd", "title": "WP Code Highlight.js <= 0.6.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Code Highlight.js", "slug": "wp-code-highlightjs", "affected_versions": { "* - 0.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aacd4a33-499d-4630-a0fb-8a1acfcfb7dd?source=api-scan" ], "published": "2019-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aade1230-bc25-4391-a85b-7bcf661f8213": { "id": "aade1230-bc25-4391-a85b-7bcf661f8213", "title": "Mail Masta <= 1.0 - SQL Injection via camp_id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aade1230-bc25-4391-a85b-7bcf661f8213?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aadf1d59-60ba-4da2-adbb-4e84d587a34d": { "id": "aadf1d59-60ba-4da2-adbb-4e84d587a34d", "title": "Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aadf1d59-60ba-4da2-adbb-4e84d587a34d?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aae57fed-1003-4b3a-8489-cfc85c250a04": { "id": "aae57fed-1003-4b3a-8489-cfc85c250a04", "title": "Videos on Admin Dashboard < 1.1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Videos on Admin Dashboard", "slug": "videos-on-admin-dashboard", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aae57fed-1003-4b3a-8489-cfc85c250a04?source=api-scan" ], "published": "2020-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aae6058c-1a0c-48dd-9aca-9a44f06d27e5": { "id": "aae6058c-1a0c-48dd-9aca-9a44f06d27e5", "title": "JobSearch <= 2.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aae6058c-1a0c-48dd-9aca-9a44f06d27e5?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aae70da2-fcd8-4e33-8f38-5e19e0c14733": { "id": "aae70da2-fcd8-4e33-8f38-5e19e0c14733", "title": "All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress", "slug": "enhanced-e-commerce-for-woocommerce-store", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aae70da2-fcd8-4e33-8f38-5e19e0c14733?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aaf0e58c-0430-44fe-980f-8ea469802c86": { "id": "aaf0e58c-0430-44fe-980f-8ea469802c86", "title": "RSVPMaker <= 10.6.5 - Unauthenticated Stored Cross-Site Scripting via 'email'", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 10.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aaf0e58c-0430-44fe-980f-8ea469802c86?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aaf38354-f95a-4bc5-a63e-3774eadf4fcb": { "id": "aaf38354-f95a-4bc5-a63e-3774eadf4fcb", "title": "Invento | Architecture Building Agency Template <= 2015-05-15 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Invento | Architecture Building Agency Template", "slug": "invento", "affected_versions": { "[*, 2015-05-15]": { "from_version": "*", "from_inclusive": true, "to_version": "2015-05-15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aaf38354-f95a-4bc5-a63e-3774eadf4fcb?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aaf62045-b9ce-40d7-92b3-7ab683e5a08c": { "id": "aaf62045-b9ce-40d7-92b3-7ab683e5a08c", "title": "Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aaf7107c-1e9f-4020-aed3-a6a687a0cf6c": { "id": "aaf7107c-1e9f-4020-aed3-a6a687a0cf6c", "title": "Variation Images Gallery for WooCommerce <= 2.3.3 - Reflected Cross-Site Scripting via style", "software": [ { "type": "plugin", "name": "Variation Images Gallery for WooCommerce", "slug": "woo-product-variation-gallery", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aaf7107c-1e9f-4020-aed3-a6a687a0cf6c?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aafa8eb8-73e6-48b5-a94e-85730d6250f3": { "id": "aafa8eb8-73e6-48b5-a94e-85730d6250f3", "title": "UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "[*, 1.22.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.22.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aafa8eb8-73e6-48b5-a94e-85730d6250f3?source=api-scan" ], "published": "2022-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aafb5402-3553-4c89-86e0-4dd556d86074": { "id": "aafb5402-3553-4c89-86e0-4dd556d86074", "title": "Booking for Appointments and Events Calendar \u2013 Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aafb5402-3553-4c89-86e0-4dd556d86074?source=api-scan" ], "published": "2024-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aafbdd50-c78b-4aad-a3e2-f1339d698e77": { "id": "aafbdd50-c78b-4aad-a3e2-f1339d698e77", "title": "Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings", "software": [ { "type": "plugin", "name": "fitness calculators", "slug": "fitness-calculators", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aafbdd50-c78b-4aad-a3e2-f1339d698e77?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab015cb4-0b1e-40ff-ab9b-6c03eed3142f": { "id": "ab015cb4-0b1e-40ff-ab9b-6c03eed3142f", "title": "Taboola <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Taboola", "slug": "taboola", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab015cb4-0b1e-40ff-ab9b-6c03eed3142f?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab0a61e7-6814-4773-af44-e42cffb1f480": { "id": "ab0a61e7-6814-4773-af44-e42cffb1f480", "title": "Google Adsense & Banner Ads by AdsforWP <= 1.9.28 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Google Adsense and Banner Ads Manager \u2013 AdsforWP", "slug": "ads-for-wp", "affected_versions": { "* - 1.9.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab0a61e7-6814-4773-af44-e42cffb1f480?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab0cc008-be18-4703-8156-acb00c1ac9a7": { "id": "ab0cc008-be18-4703-8156-acb00c1ac9a7", "title": "Dean's Permalinks Migration <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dean's Permalinks Migration", "slug": "permalinks-migration-plugin-for-wordpress", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab0cc008-be18-4703-8156-acb00c1ac9a7?source=api-scan" ], "published": "2008-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab15fe2b-974c-41b0-ab6b-68322d2d3396": { "id": "ab15fe2b-974c-41b0-ab6b-68322d2d3396", "title": "The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab15fe2b-974c-41b0-ab6b-68322d2d3396?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab19f79b-0cf6-4a5d-9e7e-a248728b4566": { "id": "ab19f79b-0cf6-4a5d-9e7e-a248728b4566", "title": "Consulting Elementor Widgets <= 1.3.0 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Consulting Elementor Widgets", "slug": "consulting-elementor-widgets", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab19f79b-0cf6-4a5d-9e7e-a248728b4566?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab19f7b1-2b1e-43bc-9843-ddee0fc74f50": { "id": "ab19f7b1-2b1e-43bc-9843-ddee0fc74f50", "title": "SureTriggers \u2013 Connect All Your Plugins, Apps, Tools & Automate Everything! <= 1.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trigger Link Shortcode", "software": [ { "type": "plugin", "name": "SureTriggers: All-in-One WordPress Automation", "slug": "suretriggers", "affected_versions": { "* - 1.0.47": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.47", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab19f7b1-2b1e-43bc-9843-ddee0fc74f50?source=api-scan" ], "published": "2024-06-03 18:02:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab1bd64b-8575-4ab4-bca5-8d5ce6f476d1": { "id": "ab1bd64b-8575-4ab4-bca5-8d5ce6f476d1", "title": "Category Slider for WooCommerce <= 1.4.15 - Missing Authorization via notice dismissal functionality", "software": [ { "type": "plugin", "name": "Product Category Slider and Product Category Showcase for WooCommerce \u2013 WooCategory", "slug": "woo-category-slider-grid", "affected_versions": { "* - 1.4.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.16" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab1bd64b-8575-4ab4-bca5-8d5ce6f476d1?source=api-scan" ], "published": "2023-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab1cc1ef-d0e0-491d-91a8-eaa0605fc1da": { "id": "ab1cc1ef-d0e0-491d-91a8-eaa0605fc1da", "title": "Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "7.3 - 8.6": { "from_version": "7.3", "from_inclusive": true, "to_version": "8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab1cc1ef-d0e0-491d-91a8-eaa0605fc1da?source=api-scan" ], "published": "2020-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab233ceb-270c-4694-9cf9-2de8ddfcbbfd": { "id": "ab233ceb-270c-4694-9cf9-2de8ddfcbbfd", "title": "Directorist <= 7.7.1 - CSV Injection", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab233ceb-270c-4694-9cf9-2de8ddfcbbfd?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab248283-e331-4159-9fe4-249243772c9b": { "id": "ab248283-e331-4159-9fe4-249243772c9b", "title": "Orange Form <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Orange Form", "slug": "orange-form", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab248283-e331-4159-9fe4-249243772c9b?source=api-scan" ], "published": "2021-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab2a4903-2c69-48da-bd4a-79b39b78806c": { "id": "ab2a4903-2c69-48da-bd4a-79b39b78806c", "title": "Custom Order Status for WooCommerce <= 2.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Order Status for WooCommerce", "slug": "custom-order-statuses-woocommerce", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab2a4903-2c69-48da-bd4a-79b39b78806c?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab3033c5-95c3-44eb-8602-410288fc423f": { "id": "ab3033c5-95c3-44eb-8602-410288fc423f", "title": "WPGlobus \u2013 Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[enabled_languages]", "software": [ { "type": "plugin", "name": "WPGlobus \u2013 Multilingual WordPress", "slug": "wpglobus", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab3033c5-95c3-44eb-8602-410288fc423f?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab340c65-35eb-4a85-8150-3119b46c7f35": { "id": "ab340c65-35eb-4a85-8150-3119b46c7f35", "title": "Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.5.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab340c65-35eb-4a85-8150-3119b46c7f35?source=api-scan" ], "published": "2024-06-24 20:09:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab346cea-2d33-4ec5-b985-86a65fbe12e2": { "id": "ab346cea-2d33-4ec5-b985-86a65fbe12e2", "title": "MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP Rocket Extension", "slug": "mainwp-rocket-extension", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab346cea-2d33-4ec5-b985-86a65fbe12e2?source=api-scan" ], "published": "2023-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab382c09-667b-42b9-b373-834a5f5ae9e2": { "id": "ab382c09-667b-42b9-b373-834a5f5ae9e2", "title": "Lawyer Landing Page <= 1.2.4 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Lawyer Landing Page", "slug": "lawyer-landing-page", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab382c09-667b-42b9-b373-834a5f5ae9e2?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab3ea93a-521a-45af-ac67-9f4417f3db59": { "id": "ab3ea93a-521a-45af-ac67-9f4417f3db59", "title": "cformsII <= 14.13.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "* - 14.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "14.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab3ea93a-521a-45af-ac67-9f4417f3db59?source=api-scan" ], "published": "2017-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab4149e1-8378-4007-bbf2-1ac3c479e7ea": { "id": "ab4149e1-8378-4007-bbf2-1ac3c479e7ea", "title": "Code Embed <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Code Embed", "slug": "simple-embed-code", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab4149e1-8378-4007-bbf2-1ac3c479e7ea?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab46b494-e7c5-42fd-9906-2a7a529e2794": { "id": "ab46b494-e7c5-42fd-9906-2a7a529e2794", "title": "Daily Prayer Time < 2022.03.01 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Daily Prayer Time", "slug": "daily-prayer-time-for-mosques", "affected_versions": { "[*, 2022.03.01)": { "from_version": "*", "from_inclusive": true, "to_version": "2022.03.01", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2022.03.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab46b494-e7c5-42fd-9906-2a7a529e2794?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab520bcb-5739-4b99-ad93-73416ab39084": { "id": "ab520bcb-5739-4b99-ad93-73416ab39084", "title": "WP Frontend Profile <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Frontend Profile", "slug": "wp-front-end-profile", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab520bcb-5739-4b99-ad93-73416ab39084?source=api-scan" ], "published": "2020-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab57f010-4fd2-40c2-950f-c03888521c8f": { "id": "ab57f010-4fd2-40c2-950f-c03888521c8f", "title": "Coupon Creator <= 3.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Coupon Creator", "slug": "coupon-creator", "affected_versions": { "[*, 3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab57f010-4fd2-40c2-950f-c03888521c8f?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab58a6e8-624b-4268-a95a-0e004f8e8c86": { "id": "ab58a6e8-624b-4268-a95a-0e004f8e8c86", "title": "WP Live Chat Support <= 8.0.05 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 8.0.05": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab58a6e8-624b-4268-a95a-0e004f8e8c86?source=api-scan" ], "published": "2018-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab5a88a9-55ff-428d-9ce2-3247f5d48266": { "id": "ab5a88a9-55ff-428d-9ce2-3247f5d48266", "title": "UsersWP <= 1.2.15 - Missing Authorization", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "* - 1.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab5a88a9-55ff-428d-9ce2-3247f5d48266?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab5b7dc4-113d-4f58-956e-2a9284e1e25e": { "id": "ab5b7dc4-113d-4f58-956e-2a9284e1e25e", "title": "Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Address Encoder", "slug": "email-address-encoder", "affected_versions": { "1.0.22": { "from_version": "1.0.22", "from_inclusive": true, "to_version": "1.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab5b7dc4-113d-4f58-956e-2a9284e1e25e?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab5d87d2-f3cb-4926-9cbf-acdbe9169f64": { "id": "ab5d87d2-f3cb-4926-9cbf-acdbe9169f64", "title": "Abandoned Cart Lite for WooCommerce <= 5.8.5 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "* - 5.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab5e09d8-6fa3-4a5b-bee1-6648df4f4b3b": { "id": "ab5e09d8-6fa3-4a5b-bee1-6648df4f4b3b", "title": "Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter", "software": [ { "type": "plugin", "name": "Visual Portfolio, Photo Gallery & Post Grid", "slug": "visual-portfolio", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab5e09d8-6fa3-4a5b-bee1-6648df4f4b3b?source=api-scan" ], "published": "2024-05-14 11:31:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab5f43c0-83d3-4d09-becd-a3552bebd609": { "id": "ab5f43c0-83d3-4d09-becd-a3552bebd609", "title": "Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab5f43c0-83d3-4d09-becd-a3552bebd609?source=api-scan" ], "published": "2024-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab633506-63a1-4be1-b402-c7f0bcc4ea7a": { "id": "ab633506-63a1-4be1-b402-c7f0bcc4ea7a", "title": "BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab633506-63a1-4be1-b402-c7f0bcc4ea7a?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab63f507-6288-48e2-81c8-52b8a8c0c28c": { "id": "ab63f507-6288-48e2-81c8-52b8a8c0c28c", "title": "Spin 360 deg and 3D Model Viewer <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spin 360 deg and 3D Model Viewer", "slug": "spin360", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab63f507-6288-48e2-81c8-52b8a8c0c28c?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab650b99-ab15-4ddc-a622-cb43ab554ba7": { "id": "ab650b99-ab15-4ddc-a622-cb43ab554ba7", "title": "Schema & Structured Data for WP & AMP <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute", "software": [ { "type": "plugin", "name": "Schema & Structured Data for WP & AMP", "slug": "schema-and-structured-data-for-wp", "affected_versions": { "* - 1.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.34.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab650b99-ab15-4ddc-a622-cb43ab554ba7?source=api-scan" ], "published": "2024-07-16 18:46:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab66ac69-0617-4f9f-8ad3-4ab1502892bd": { "id": "ab66ac69-0617-4f9f-8ad3-4ab1502892bd", "title": "WordPress Core < 3.5.1 - Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab66ac69-0617-4f9f-8ad3-4ab1502892bd?source=api-scan" ], "published": "2013-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab68a08d-a6d4-4424-a7bf-219951f752fa": { "id": "ab68a08d-a6d4-4424-a7bf-219951f752fa", "title": "Comparison Slider <= 1.0.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Comparison Slider", "slug": "comparison-slider", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab68a08d-a6d4-4424-a7bf-219951f752fa?source=api-scan" ], "published": "2024-05-29 19:51:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab693b1f-2842-4101-99f3-eaf5b7bf5d83": { "id": "ab693b1f-2842-4101-99f3-eaf5b7bf5d83", "title": "Social Share Buttons by Supsystic <= 2.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Share Buttons by Supsystic", "slug": "social-share-buttons-by-supsystic", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab693b1f-2842-4101-99f3-eaf5b7bf5d83?source=api-scan" ], "published": "2022-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab710963-64e2-476e-9a60-0a18b64b7550": { "id": "ab710963-64e2-476e-9a60-0a18b64b7550", "title": "WordPress Core < 4.7.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.17": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.17", "to_inclusive": true }, "3.8 - 3.8.17": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.17", "to_inclusive": true }, "3.9 - 3.9.15": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.15", "to_inclusive": true }, "4.0 - 4.0.14": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": true }, "4.1 - 4.1.14": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.14", "to_inclusive": true }, "4.2 - 4.2.11": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.11", "to_inclusive": true }, "4.3 - 4.3.7": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true }, "4.4 - 4.4.6": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true }, "4.5 - 4.5.5": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.5", "to_inclusive": true }, "4.6 - 4.6.2": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true }, "4.7 - 4.7.1": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.18", "3.8.18", "3.9.16", "4.0.15", "4.1.15", "4.2.12", "4.3.8", "4.4.7", "4.5.6", "4.6.3", "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab710963-64e2-476e-9a60-0a18b64b7550?source=api-scan" ], "published": "2017-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab770acd-9420-4201-9e67-dfea86dba168": { "id": "ab770acd-9420-4201-9e67-dfea86dba168", "title": "WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Review Slider", "slug": "wp-facebook-reviews", "affected_versions": { "* - 12.1": { "from_version": "*", "from_inclusive": true, "to_version": "12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab770acd-9420-4201-9e67-dfea86dba168?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab777672-6eef-4078-932d-24bb784107fa": { "id": "ab777672-6eef-4078-932d-24bb784107fa", "title": "Post Grid Combo \u2013 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.64": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.64", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab777672-6eef-4078-932d-24bb784107fa?source=api-scan" ], "published": "2023-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab779713-7004-47f6-af16-2db2c7c1013b": { "id": "ab779713-7004-47f6-af16-2db2c7c1013b", "title": "WordPress Amazon S3 Plugin <= 1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Amazon S3 Plugin", "slug": "wp-s3", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab779713-7004-47f6-af16-2db2c7c1013b?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab78f245-ab2d-4e9a-bd43-caa3afd1366b": { "id": "ab78f245-ab2d-4e9a-bd43-caa3afd1366b", "title": "Church Admin <= 3.4.134 - Cross-Site Request Forgery leading to Plugin Backup Disclosure", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "[*, 3.4.135)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.135", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.135" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab78f245-ab2d-4e9a-bd43-caa3afd1366b?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab795923-2ec0-49eb-a911-56a74d90ca3f": { "id": "ab795923-2ec0-49eb-a911-56a74d90ca3f", "title": "Contact Forms by Cimatti <= 1.6.0 - Cross-Site Request Forgery via accua_forms_list_page_table", "software": [ { "type": "plugin", "name": "WordPress Contact Forms by Cimatti", "slug": "contact-forms", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab795923-2ec0-49eb-a911-56a74d90ca3f?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab7c8926-c762-49b1-bc97-4b7a2f4f97fc": { "id": "ab7c8926-c762-49b1-bc97-4b7a2f4f97fc", "title": "Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function", "software": [ { "type": "plugin", "name": "SSL Mixed Content Fix", "slug": "http-https-remover", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] }, { "type": "plugin", "name": "Duplicate Post", "slug": "copy-delete-posts", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Social Share Icons & Social Share Buttons", "slug": "ultimate-social-media-plus", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] }, { "type": "plugin", "name": "Ultimate Posts Widget", "slug": "ultimate-posts-widget", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] }, { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] }, { "type": "plugin", "name": "Pop-up", "slug": "pop-up-pop-up", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "plugin", "name": "Clone", "slug": "wp-clone-by-wp-academy", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] }, { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] }, { "type": "plugin", "name": "RSS Redirect & Feedburner Alternative", "slug": "feedburner-alternative-and-rss-redirect", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] }, { "type": "plugin", "name": "Enhanced Text Widget", "slug": "enhanced-text-widget", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab81622e-430f-415d-b3ab-41edd5436131": { "id": "ab81622e-430f-415d-b3ab-41edd5436131", "title": "Viet Affiliate Link <=1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Viet Affiliate Link", "slug": "viet-affiliate-link", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab81622e-430f-415d-b3ab-41edd5436131?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab82c0ca-7728-4fae-a180-046f76d670f7": { "id": "ab82c0ca-7728-4fae-a180-046f76d670f7", "title": "Filmix <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Filmix", "slug": "filmix", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab82c0ca-7728-4fae-a180-046f76d670f7?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab856722-e954-49de-a93f-46664da6e3e8": { "id": "ab856722-e954-49de-a93f-46664da6e3e8", "title": "Live updates from Excel <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Live updates from Excel", "slug": "ipushpull", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab856722-e954-49de-a93f-46664da6e3e8?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab8659e1-5880-4738-99ed-e671449c6878": { "id": "ab8659e1-5880-4738-99ed-e671449c6878", "title": "Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab8659e1-5880-4738-99ed-e671449c6878?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab86ddc9-9b43-4949-b150-7b944bc40558": { "id": "ab86ddc9-9b43-4949-b150-7b944bc40558", "title": "SparkPost <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "SparkPost", "slug": "sparkpost", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab86ddc9-9b43-4949-b150-7b944bc40558?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab870fc4-1651-414e-8702-cbe9829a4e75": { "id": "ab870fc4-1651-414e-8702-cbe9829a4e75", "title": "Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion", "software": [ { "type": "theme", "name": "Jupiter", "slug": "jupiter", "affected_versions": { "* - 6.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab870fc4-1651-414e-8702-cbe9829a4e75?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab87210f-1f21-4208-ab50-4f62ec8e02fb": { "id": "ab87210f-1f21-4208-ab50-4f62ec8e02fb", "title": "Simple Social Media Share Buttons <= 5.1.0 - Unauthenticated Password Protected Post Disclosure", "software": [ { "type": "plugin", "name": "Simple Social Media Share Buttons \u2013 Social Sharing for Everyone", "slug": "simple-social-buttons", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab87210f-1f21-4208-ab50-4f62ec8e02fb?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab87321b-d326-498d-9a75-44692258cae6": { "id": "ab87321b-d326-498d-9a75-44692258cae6", "title": "FG Joomla to WordPress <= 4.20.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "FG Joomla to WordPress", "slug": "fg-joomla-to-wordpress", "affected_versions": { "* - 4.20.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.21.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab87321b-d326-498d-9a75-44692258cae6?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab888ee1-bdc2-4b8b-9b16-a7d146f123df": { "id": "ab888ee1-bdc2-4b8b-9b16-a7d146f123df", "title": "Easy Social Icons <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab888ee1-bdc2-4b8b-9b16-a7d146f123df?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab8a13d5-911a-4c25-8d5a-391146971c0c": { "id": "ab8a13d5-911a-4c25-8d5a-391146971c0c", "title": "Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Plugins and Themes in ZIP from Dashboard", "slug": "download-plugins-dashboard", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab8a13d5-911a-4c25-8d5a-391146971c0c?source=api-scan" ], "published": "2019-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab8bb8b3-59a6-424a-bc7b-b8740c936637": { "id": "ab8bb8b3-59a6-424a-bc7b-b8740c936637", "title": "Hubbub Lite <= 1.31.0 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons", "slug": "social-pug", "affected_versions": { "* - 1.33.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.33.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.33.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab8bb8b3-59a6-424a-bc7b-b8740c936637?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab8bf2d1-1af4-4ea0-bba9-e65ea1ed5978": { "id": "ab8bf2d1-1af4-4ea0-bba9-e65ea1ed5978", "title": "Opti Marketing <= 2.0.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Opti Marketing", "slug": "opti-marketing", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab8bf2d1-1af4-4ea0-bba9-e65ea1ed5978?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab8cc5d1-8ea2-4590-90c4-6541f336b057": { "id": "ab8cc5d1-8ea2-4590-90c4-6541f336b057", "title": "WCP OpenWeather <= 2.5.0 - Reflected Cross-Site Scripting via 'tab'", "software": [ { "type": "plugin", "name": "WCP OpenWeather", "slug": "wcp-openweather", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab8cc5d1-8ea2-4590-90c4-6541f336b057?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab8ce4cf-9085-49d2-a889-9d53272032c1": { "id": "ab8ce4cf-9085-49d2-a889-9d53272032c1", "title": "Timetable and Event Schedule by MotoPress <= 2.4.1 - Unauthorised Event TimeSlot Update", "software": [ { "type": "plugin", "name": "Timetable and Event Schedule by MotoPress", "slug": "mp-timetable", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab8ce4cf-9085-49d2-a889-9d53272032c1?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab8f8370-50bd-48c8-89e1-8b19b51f78b5": { "id": "ab8f8370-50bd-48c8-89e1-8b19b51f78b5", "title": "Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Redirection for Contact Form 7", "slug": "wpcf7-redirect", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab8f8370-50bd-48c8-89e1-8b19b51f78b5?source=api-scan" ], "published": "2021-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab922406-4af8-4ef2-bcc8-c326212546b1": { "id": "ab922406-4af8-4ef2-bcc8-c326212546b1", "title": "SpeedyCache <= 1.1.2 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "SpeedyCache \u2013 Cache, Optimization, Performance", "slug": "speedycache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab922406-4af8-4ef2-bcc8-c326212546b1?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab96123e-17aa-461f-b460-e8eba82c78e1": { "id": "ab96123e-17aa-461f-b460-e8eba82c78e1", "title": "Localize Remote Images <= 1.0.9 - Cross-Site Request Forgery via admin menu", "software": [ { "type": "plugin", "name": "Localize Remote Images", "slug": "localize-remote-images", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab96123e-17aa-461f-b460-e8eba82c78e1?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab9a5d89-16be-4dc7-9361-2b1be2324239": { "id": "ab9a5d89-16be-4dc7-9361-2b1be2324239", "title": "SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "SpeakOut! Email Petitions", "slug": "speakout", "affected_versions": { "[*, 2.14.15.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.15.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.14.15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab9a5d89-16be-4dc7-9361-2b1be2324239?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ab9d3fa4-f2b1-4f38-b928-a1220cfeca75": { "id": "ab9d3fa4-f2b1-4f38-b928-a1220cfeca75", "title": "LabTools <= 1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "LabTools", "slug": "labtools", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ab9d3fa4-f2b1-4f38-b928-a1220cfeca75?source=api-scan" ], "published": "2021-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aba1ca3a-a937-400b-b175-2ca4e67a107d": { "id": "aba1ca3a-a937-400b-b175-2ca4e67a107d", "title": "MailChimp Subscribe Forms <= 4.0.9.3 - Open Redirect", "software": [ { "type": "plugin", "name": "MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder", "slug": "mailchimp-subscribe-sm", "affected_versions": { "* - 4.0.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aba1ca3a-a937-400b-b175-2ca4e67a107d?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aba33487-f6c5-41e9-9500-73bef37381e6": { "id": "aba33487-f6c5-41e9-9500-73bef37381e6", "title": "WordPress Core < 4.2.4 - Cross-Site Scripting via Widget Title", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.9": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true }, "3.8 - 3.8.9": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true }, "3.9 - 3.9.7": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": true }, "4.0 - 4.0.6": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true }, "4.1 - 4.1.6": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true }, "4.2 - 4.2.3": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.10", "3.8.10", "3.9.8", "4.0.7", "4.1.7", "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aba33487-f6c5-41e9-9500-73bef37381e6?source=api-scan" ], "published": "2015-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aba36c3b-beae-4c47-8aa8-5012a7a838ce": { "id": "aba36c3b-beae-4c47-8aa8-5012a7a838ce", "title": "Password Protected <= 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Password Protected \u2013 Password Protect your WordPress Site, Pages, & WooCommerce Products \u2013 Restrict Content, Protect WooCommerce Category, and more", "slug": "password-protected", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aba54af1-732a-49e6-a8c4-76f276a5581a": { "id": "aba54af1-732a-49e6-a8c4-76f276a5581a", "title": "Pods 2.4.4.1 - 2.7.26 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "[2.4.4.1, 2.7.27)": { "from_version": "2.4.4.1", "from_inclusive": true, "to_version": "2.7.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aba54af1-732a-49e6-a8c4-76f276a5581a?source=api-scan" ], "published": "2021-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aba88c4c-93a4-4c1c-b239-68b5fec87146": { "id": "aba88c4c-93a4-4c1c-b239-68b5fec87146", "title": "Form Vibes \u2013 Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions", "software": [ { "type": "plugin", "name": "Form Vibes \u2013 Database Manager for Forms", "slug": "form-vibes", "affected_versions": { "* - 1.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aba88c4c-93a4-4c1c-b239-68b5fec87146?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abaebd3b-69ab-4e9b-a528-c9d846e62238": { "id": "abaebd3b-69ab-4e9b-a528-c9d846e62238", "title": "Notification for Telegram <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Send Telegram Test Message", "software": [ { "type": "plugin", "name": "Notification for Telegram", "slug": "notification-for-telegram", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abaebd3b-69ab-4e9b-a528-c9d846e62238?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abb10680-6208-44c8-8cf0-8d2531465a04": { "id": "abb10680-6208-44c8-8cf0-8d2531465a04", "title": "WP-Matomo Integration (WP-Piwik) <= 1.0.26 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Connect Matomo (WP-Matomo, WP-Piwik)", "slug": "wp-piwik", "affected_versions": { "[*, 1.0.27)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abb10680-6208-44c8-8cf0-8d2531465a04?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abb1a758-5c16-4841-b1c7-0705ab16b328": { "id": "abb1a758-5c16-4841-b1c7-0705ab16b328", "title": "WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change\/Delete, Demo Import, Directory Kit Deletion via wdk_public_action", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abb1a758-5c16-4841-b1c7-0705ab16b328?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abb41236-d711-41d3-a1cd-2c23467e269a": { "id": "abb41236-d711-41d3-a1cd-2c23467e269a", "title": "Aspose Cloud eBook Generator <= 1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "Aspose Cloud eBook Generator (Discontinued)", "slug": "aspose-cloud-ebook-generator", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abb41236-d711-41d3-a1cd-2c23467e269a?source=api-scan" ], "published": "2015-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abb4af63-37fe-49b7-8f70-ac9c7e47e939": { "id": "abb4af63-37fe-49b7-8f70-ac9c7e47e939", "title": "Easy Media Replace <= 0.1.3 - Authenticated (Author+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Easy Media Replace", "slug": "easy-media-replace", "affected_versions": { "* - 0.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abb4af63-37fe-49b7-8f70-ac9c7e47e939?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abb4b617-884b-4e72-812f-5f23a0976ab6": { "id": "abb4b617-884b-4e72-812f-5f23a0976ab6", "title": "LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abb4b617-884b-4e72-812f-5f23a0976ab6?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abb7def7-df32-4901-b8ea-068ff1af664b": { "id": "abb7def7-df32-4901-b8ea-068ff1af664b", "title": "Master Addons for Elementor <= 2.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abb7def7-df32-4901-b8ea-068ff1af664b?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abbdf198-b6f3-41dd-ada1-b14fc9946142": { "id": "abbdf198-b6f3-41dd-ada1-b14fc9946142", "title": "Greenshift \u2013 animation and page builder blocks <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Greenshift \u2013 animation and page builder blocks", "slug": "greenshift-animation-and-page-builder-blocks", "affected_versions": { "* - 4.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abbdf198-b6f3-41dd-ada1-b14fc9946142?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abbf1bb8-16db-48b6-b2ff-d828fcb7f7c7": { "id": "abbf1bb8-16db-48b6-b2ff-d828fcb7f7c7", "title": "W3 Total Cache <= 2.1.3 - Reflected Cross-Site Scripting via extension", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "[*, 2.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abbf1bb8-16db-48b6-b2ff-d828fcb7f7c7?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abc056b0-55a2-439c-b7f6-4a2fc48c9823": { "id": "abc056b0-55a2-439c-b7f6-4a2fc48c9823", "title": "User Feedback <= 1.0.9 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds", "slug": "userfeedback-lite", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abc056b0-55a2-439c-b7f6-4a2fc48c9823?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abc14a00-5560-440b-a5ba-4ff41a6c54c3": { "id": "abc14a00-5560-440b-a5ba-4ff41a6c54c3", "title": "Visualizer <= 3.7.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abc14a00-5560-440b-a5ba-4ff41a6c54c3?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abc3f352-8568-4649-bf3c-dd0ce0295589": { "id": "abc3f352-8568-4649-bf3c-dd0ce0295589", "title": "Affiliates Manager <= 2.9.30 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.9.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abc3f352-8568-4649-bf3c-dd0ce0295589?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abc8ee11-c149-4a2b-a388-7bd234c2cc64": { "id": "abc8ee11-c149-4a2b-a388-7bd234c2cc64", "title": "Drag and Drop Multiple File Upload for WooCommerce <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload for WooCommerce", "slug": "drag-and-drop-multiple-file-upload-for-woocommerce", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abc8ee11-c149-4a2b-a388-7bd234c2cc64?source=api-scan" ], "published": "2023-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abc983c6-aa30-4d1b-b6af-99b5ba1c8481": { "id": "abc983c6-aa30-4d1b-b6af-99b5ba1c8481", "title": "iQ Block Country <= 1.2.18 - Country Blocking Bypass", "software": [ { "type": "plugin", "name": "iQ Block Country", "slug": "iq-block-country", "affected_versions": { "* - 1.2.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abc983c6-aa30-4d1b-b6af-99b5ba1c8481?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abcb2e9f-a6f1-40c3-b419-e2f65ec5dd41": { "id": "abcb2e9f-a6f1-40c3-b419-e2f65ec5dd41", "title": "AGP Font Awesome Collection <= 3.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AGP Font Awesome Collection", "slug": "agp-font-awesome-collection", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abcb2e9f-a6f1-40c3-b419-e2f65ec5dd41?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abcc1ed6-1871-4e8c-9469-c44dbfca5a17": { "id": "abcc1ed6-1871-4e8c-9469-c44dbfca5a17", "title": "WP MLM Unilevel <= 4.0 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "WP MLM SOFTWARE PLUGIN", "slug": "wp-mlm", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abcc1ed6-1871-4e8c-9469-c44dbfca5a17?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abd6eeac-0a7e-4762-809f-593cd85f303d": { "id": "abd6eeac-0a7e-4762-809f-593cd85f303d", "title": "WordPress File Upload \/ WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.19.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.19.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.19.2" ] }, { "type": "plugin", "name": "WordPress File Upload Pro", "slug": "wordpress-file-upload-pro", "affected_versions": { "* - 4.19.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.19.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.19.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abd6eeac-0a7e-4762-809f-593cd85f303d?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abdbee50-b8c3-4254-a828-37629a798c92": { "id": "abdbee50-b8c3-4254-a828-37629a798c92", "title": "Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Email Report", "slug": "wooemailreport", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abdbee50-b8c3-4254-a828-37629a798c92?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abdd2653-d50c-4eee-9cab-36519fd2b209": { "id": "abdd2653-d50c-4eee-9cab-36519fd2b209", "title": "The Conference <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "The Conference", "slug": "the-conference", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abdd2653-d50c-4eee-9cab-36519fd2b209?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abdd6aaa-830e-4a79-acfb-93dc4a26f599": { "id": "abdd6aaa-830e-4a79-acfb-93dc4a26f599", "title": "Photo Gallery, Images, Slider in Rbs Image Gallery <= 2.0.14 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "[*, 2.0.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abdd6aaa-830e-4a79-acfb-93dc4a26f599?source=api-scan" ], "published": "2016-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abe2de9c-4044-4b52-9ec8-c66691313cf0": { "id": "abe2de9c-4044-4b52-9ec8-c66691313cf0", "title": "mTouch Quiz < 3.0.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mTouch Quiz", "slug": "mtouch-quiz", "affected_versions": { "[*, 3.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abe2de9c-4044-4b52-9ec8-c66691313cf0?source=api-scan" ], "published": "2014-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abe2f596-b2c3-49d3-b646-0f4b64f15674": { "id": "abe2f596-b2c3-49d3-b646-0f4b64f15674", "title": "Contact form Form For All <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Contact form Form For All \u2013 Easy to use, fast, 37 languages.", "slug": "formforall", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abe2f596-b2c3-49d3-b646-0f4b64f15674?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abe3cedb-53f3-48ff-a731-df6a83f0da1a": { "id": "abe3cedb-53f3-48ff-a731-df6a83f0da1a", "title": "Elementor Addon Elements <= 1.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abe3cedb-53f3-48ff-a731-df6a83f0da1a?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abe50539-f6a9-476a-a408-4f94f7f31fcc": { "id": "abe50539-f6a9-476a-a408-4f94f7f31fcc", "title": "GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'", "software": [ { "type": "plugin", "name": "GTmetrix for WordPress", "slug": "gtmetrix-for-wordpress", "affected_versions": { "* - 0.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abe50539-f6a9-476a-a408-4f94f7f31fcc?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abe8efec-8f00-40bc-bc28-98435d11ebd3": { "id": "abe8efec-8f00-40bc-bc28-98435d11ebd3", "title": "User Meta <= 2.4.2 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Meta \u2013 User Profile Builder and User management plugin", "slug": "user-meta", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abe8efec-8f00-40bc-bc28-98435d11ebd3?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abee822e-b929-435a-86c2-57901424f1a0": { "id": "abee822e-b929-435a-86c2-57901424f1a0", "title": "Wow Skype Buttons <= 4.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wow Skype Buttons", "slug": "mwp-skype", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abee822e-b929-435a-86c2-57901424f1a0?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abf1ace3-e066-4f28-9f37-3e9fa79aef7d": { "id": "abf1ace3-e066-4f28-9f37-3e9fa79aef7d", "title": "Salon booking system <= 9.6.5 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 9.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abf1ace3-e066-4f28-9f37-3e9fa79aef7d?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "abf4cfb9-745a-4b4f-8862-54ef561904d6": { "id": "abf4cfb9-745a-4b4f-8862-54ef561904d6", "title": "Mass Delete Unused Tags <= 2.0.0 - Cross-Site Request Forgery via plugin_mass_delete_unused_tags_init", "software": [ { "type": "plugin", "name": "Mass Delete Unused Tags", "slug": "mass-delete-unused-tags", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/abf4cfb9-745a-4b4f-8862-54ef561904d6?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac004fb0-e178-4e9b-9aa3-b14eab43f22d": { "id": "ac004fb0-e178-4e9b-9aa3-b14eab43f22d", "title": "HubSpot \u2013 CRM, Email Marketing, Live Chat, Forms & Analytics <= 11.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget", "software": [ { "type": "plugin", "name": "HubSpot \u2013 CRM, Email Marketing, Live Chat, Forms & Analytics", "slug": "leadin", "affected_versions": { "* - 11.1.22": { "from_version": "*", "from_inclusive": true, "to_version": "11.1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.1.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac004fb0-e178-4e9b-9aa3-b14eab43f22d?source=api-scan" ], "published": "2024-08-29 15:39:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac005402-0bac-453e-918d-b8a44abeff06": { "id": "ac005402-0bac-453e-918d-b8a44abeff06", "title": "List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "List Pages Shortcode", "slug": "list-pages-shortcode", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac005402-0bac-453e-918d-b8a44abeff06?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac06b9d9-51de-4f7a-87b8-c7b46a8475ee": { "id": "ac06b9d9-51de-4f7a-87b8-c7b46a8475ee", "title": "Site Offline <= 1.4.9 - Maintenance Mode Bypass", "software": [ { "type": "plugin", "name": "Site Offline Or Coming Soon Or Maintenance Mode", "slug": "site-offline", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac06b9d9-51de-4f7a-87b8-c7b46a8475ee?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac0dfaac-cce6-45f7-ad5b-d7dcb66453bd": { "id": "ac0dfaac-cce6-45f7-ad5b-d7dcb66453bd", "title": "Cards for Beaver Builder <= 1.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via bootstrapcard link", "software": [ { "type": "plugin", "name": "Cards for Beaver Builder", "slug": "bb-bootstrap-cards", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac0dfaac-cce6-45f7-ad5b-d7dcb66453bd?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac10b30d-1fe3-46f4-a4fc-fa2acd7f9db4": { "id": "ac10b30d-1fe3-46f4-a4fc-fa2acd7f9db4", "title": "Falang multilanguage <= 1.3.39 - Cross-Site Request Forgery via add_language", "software": [ { "type": "plugin", "name": "Falang multilanguage for WordPress", "slug": "falang", "affected_versions": { "* - 1.3.39": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac10b30d-1fe3-46f4-a4fc-fa2acd7f9db4?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac111175-2059-41dc-afa2-a659da3adaca": { "id": "ac111175-2059-41dc-afa2-a659da3adaca", "title": "Ocean Extra <= 2.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac111175-2059-41dc-afa2-a659da3adaca?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac1239c9-72a6-44d8-911f-70a528c66c62": { "id": "ac1239c9-72a6-44d8-911f-70a528c66c62", "title": "EZP Maintenance Mode <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "EZP Maintenance Mode", "slug": "easy-pie-maintenance-mode", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac1239c9-72a6-44d8-911f-70a528c66c62?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac13f402-8a36-448f-87d4-48179a9699c6": { "id": "ac13f402-8a36-448f-87d4-48179a9699c6", "title": "Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification", "software": [ { "type": "plugin", "name": "Schema & Structured Data for WP & AMP", "slug": "schema-and-structured-data-for-wp", "affected_versions": { "* - 1.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac13f402-8a36-448f-87d4-48179a9699c6?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac167257-c34e-45a2-8647-ed5cdb8dd64d": { "id": "ac167257-c34e-45a2-8647-ed5cdb8dd64d", "title": "WBW Product Table Pro <= 1.9.4 - Unauthenticated Arbitrary SQL Execution", "software": [ { "type": "plugin", "name": "WBW Product Table Pro", "slug": "woo-producttables-pro", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac167257-c34e-45a2-8647-ed5cdb8dd64d?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac1c4818-6384-48cf-a1e3-a8ced6884749": { "id": "ac1c4818-6384-48cf-a1e3-a8ced6884749", "title": "Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Social Share Buttons by Supsystic", "slug": "social-share-buttons-by-supsystic", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac1c4818-6384-48cf-a1e3-a8ced6884749?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac1f9d9c-4d4e-4036-95b1-50d09b5cac7c": { "id": "ac1f9d9c-4d4e-4036-95b1-50d09b5cac7c", "title": "ThisWay <= 1.7.0 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "ThisWay", "slug": "thisway", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac1f9d9c-4d4e-4036-95b1-50d09b5cac7c?source=api-scan" ], "published": "2013-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac1fb279-df40-467e-a336-fa67468c2b78": { "id": "ac1fb279-df40-467e-a336-fa67468c2b78", "title": "StreamCast <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StreamCast \u2013 Radio Player for WordPress", "slug": "streamcast", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac1fb279-df40-467e-a336-fa67468c2b78?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac20b454-a5e5-4ff6-a5bf-9c3c339321d8": { "id": "ac20b454-a5e5-4ff6-a5bf-9c3c339321d8", "title": "Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page", "software": [ { "type": "plugin", "name": "Mediavine Control Panel", "slug": "mediavine-control-panel", "affected_versions": { "* - 2.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac20b454-a5e5-4ff6-a5bf-9c3c339321d8?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac247d3a-9e60-431e-ac98-2601e9907758": { "id": "ac247d3a-9e60-431e-ac98-2601e9907758", "title": "Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Christmasify!", "slug": "christmasify", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac247d3a-9e60-431e-ac98-2601e9907758?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac27f20a-2048-46f3-b84f-43e2d4a345d2": { "id": "ac27f20a-2048-46f3-b84f-43e2d4a345d2", "title": "WordPress RokBox <= 2.13 - Denial of Service", "software": [ { "type": "plugin", "name": "WordPress RokBox", "slug": "wp_rokbox", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac27f20a-2048-46f3-b84f-43e2d4a345d2?source=api-scan" ], "published": "2012-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac352bb2-f624-4c31-951a-988a0b420635": { "id": "ac352bb2-f624-4c31-951a-988a0b420635", "title": "Simple Social Media Share Buttons <= 3.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Social Media Share Buttons \u2013 Social Sharing for Everyone", "slug": "simple-social-buttons", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac352bb2-f624-4c31-951a-988a0b420635?source=api-scan" ], "published": "2020-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac37afa3-c841-44b5-9722-952c4258841d": { "id": "ac37afa3-c841-44b5-9722-952c4258841d", "title": "KKProgressbar2 Free <= 1.1.4.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "KKProgressbar2 Free \u2013 advanced progress bars", "slug": "kkprogressbar", "affected_versions": { "* - 1.1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac37afa3-c841-44b5-9722-952c4258841d?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac381ed7-ff6a-4fbc-965b-80f3804b3c5f": { "id": "ac381ed7-ff6a-4fbc-965b-80f3804b3c5f", "title": "Afterpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Afterpay Gateway for WooCommerce", "slug": "afterpay-gateway-for-woocommerce", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac381ed7-ff6a-4fbc-965b-80f3804b3c5f?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac3a359c-bdcf-42c5-9e54-c704a358b561": { "id": "ac3a359c-bdcf-42c5-9e54-c704a358b561", "title": "Encrypted Contact Form < 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Encrypted Contact Form", "slug": "encrypted-contact-form", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac3a359c-bdcf-42c5-9e54-c704a358b561?source=api-scan" ], "published": "2015-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac3a7732-c076-4418-b44a-748cc5668107": { "id": "ac3a7732-c076-4418-b44a-748cc5668107", "title": "Discount Rules for WooCommerce <= 2.2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Discount Rules for WooCommerce \u2013 Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons", "slug": "woo-discount-rules", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac3a7732-c076-4418-b44a-748cc5668107?source=api-scan" ], "published": "2020-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac402867-baa3-412c-b5de-c01e6a790ded": { "id": "ac402867-baa3-412c-b5de-c01e6a790ded", "title": "WP PHP Widget <= 1.0.2 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "WP PHP widget", "slug": "wp-php-widget", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac402867-baa3-412c-b5de-c01e6a790ded?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac41a122-9a17-45a0-9ba7-2790a07ac466": { "id": "ac41a122-9a17-45a0-9ba7-2790a07ac466", "title": "Bold Page Builder <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac41a122-9a17-45a0-9ba7-2790a07ac466?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac45d8fe-4b79-4b2c-998e-e51da7a37e40": { "id": "ac45d8fe-4b79-4b2c-998e-e51da7a37e40", "title": "Custom Community 2.0 - 2.0.24 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Custom Community", "slug": "custom-community", "affected_versions": { "[2.0, 2.0.25)": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.0.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac45d8fe-4b79-4b2c-998e-e51da7a37e40?source=api-scan" ], "published": "2015-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac4c6bd8-179f-4553-b1b4-549300bae374": { "id": "ac4c6bd8-179f-4553-b1b4-549300bae374", "title": "WordPress Core <= 2.2 - Arbitrary File Upload", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac4c6bd8-179f-4553-b1b4-549300bae374?source=api-scan" ], "published": "2007-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac4de440-a446-4b96-ba9b-115e3186ce1c": { "id": "ac4de440-a446-4b96-ba9b-115e3186ce1c", "title": "Quick Chat <= 4.14 - SQL Injection", "software": [ { "type": "plugin", "name": "Quick Chat", "slug": "quick-chat", "affected_versions": { "* - 4.14": { "from_version": "*", "from_inclusive": true, "to_version": "4.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac4de440-a446-4b96-ba9b-115e3186ce1c?source=api-scan" ], "published": "2018-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac4f9453-f3d9-4ef5-8c4e-1d51ad194342": { "id": "ac4f9453-f3d9-4ef5-8c4e-1d51ad194342", "title": "Plum: Spin Wheel & Email Pop-up <= 2.0 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plum: Spin Wheel & Email Pop-up", "slug": "qodeblock", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac4f9453-f3d9-4ef5-8c4e-1d51ad194342?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac5549ec-f931-4b13-b5f9-0d6f3e53aae4": { "id": "ac5549ec-f931-4b13-b5f9-0d6f3e53aae4", "title": "demon image annotation <= 5.0 - Improper Input Restriction Validation", "software": [ { "type": "plugin", "name": "demon image annotation", "slug": "demon-image-annotation", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4?source=api-scan" ], "published": "2022-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac6201a1-7ca9-461b-b9ad-16407120dfae": { "id": "ac6201a1-7ca9-461b-b9ad-16407120dfae", "title": "WordPress Simple Shopping Cart <= 4.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Simple Shopping Cart", "slug": "wordpress-simple-paypal-shopping-cart", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac6201a1-7ca9-461b-b9ad-16407120dfae?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac63e451-2ab3-4ca9-bb69-a0ef04fef3a9": { "id": "ac63e451-2ab3-4ca9-bb69-a0ef04fef3a9", "title": "Simplelife Plugin <= 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simplelife", "slug": "simplelife", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac63e451-2ab3-4ca9-bb69-a0ef04fef3a9?source=api-scan" ], "published": "2014-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac646ea3-f5e5-4fe9-8e43-ceabbf3f3cc5": { "id": "ac646ea3-f5e5-4fe9-8e43-ceabbf3f3cc5", "title": "Advance Search <= 1.1.6 - Cross-Site Request Forgery to Shortcode Deletion", "software": [ { "type": "plugin", "name": "Advanced Search", "slug": "advance-search", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac646ea3-f5e5-4fe9-8e43-ceabbf3f3cc5?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac6c6ce4-9944-4c8e-89aa-6a2e870ef205": { "id": "ac6c6ce4-9944-4c8e-89aa-6a2e870ef205", "title": "Royal Elementor Addons <= 1.3.59 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac6c6ce4-9944-4c8e-89aa-6a2e870ef205?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac6e587c-59b2-4f93-ab88-5e548b52db45": { "id": "ac6e587c-59b2-4f93-ab88-5e548b52db45", "title": "Master Slider \u2013 Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac6f7b03-6527-4d10-9320-4f94ed386f54": { "id": "ac6f7b03-6527-4d10-9320-4f94ed386f54", "title": "Responsive Slider \u2013 Image Slider \u2013 Slideshow for WordPress < 2.7.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Responsive Slider \u2013 Image Slider \u2013 Slideshow for WordPress", "slug": "slider-image", "affected_versions": { "[*, 2.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac6f7b03-6527-4d10-9320-4f94ed386f54?source=api-scan" ], "published": "2015-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac709779-36f1-4f66-8db3-95a514a5ea59": { "id": "ac709779-36f1-4f66-8db3-95a514a5ea59", "title": "Import and export users and customers <= 1.24.2 - Authenticated(Administrator+) Directory Traversal via Recurring Import Functionality", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.24.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac709779-36f1-4f66-8db3-95a514a5ea59?source=api-scan" ], "published": "2023-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac763936-7147-4100-8a46-4c6d2f2224b4": { "id": "ac763936-7147-4100-8a46-4c6d2f2224b4", "title": "idbbee <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "idbbee", "slug": "idbbee", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac763936-7147-4100-8a46-4c6d2f2224b4?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac799e11-2f7b-43c2-88da-e77c075a958f": { "id": "ac799e11-2f7b-43c2-88da-e77c075a958f", "title": "Filter & Grids <= 2.8.33 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Filter & Grids", "slug": "ymc-smart-filter", "affected_versions": { "* - 2.8.33": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac799e11-2f7b-43c2-88da-e77c075a958f?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac7a9adb-4ba1-4194-8218-e81a0fc9b93b": { "id": "ac7a9adb-4ba1-4194-8218-e81a0fc9b93b", "title": "WP Upload Restriction <= 2.2.4 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "WP Upload Restriction", "slug": "wp-upload-restriction", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac7a9adb-4ba1-4194-8218-e81a0fc9b93b?source=api-scan" ], "published": "2021-07-02 15:05:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac7aca5f-657d-45a9-bb10-f3e75dc3eeba": { "id": "ac7aca5f-657d-45a9-bb10-f3e75dc3eeba", "title": "DSGVO All in one for WP <= 3.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DSGVO All in one for WP", "slug": "dsgvo-all-in-one-for-wp", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac7aca5f-657d-45a9-bb10-f3e75dc3eeba?source=api-scan" ], "published": "2021-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac7c0dde-5299-4938-beed-eb2fe227a812": { "id": "ac7c0dde-5299-4938-beed-eb2fe227a812", "title": "SpeedyCache <= 1.1.2 - Missing Authorization via speedycache_create_test_cache", "software": [ { "type": "plugin", "name": "SpeedyCache \u2013 Cache, Optimization, Performance", "slug": "speedycache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac7c0dde-5299-4938-beed-eb2fe227a812?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac7f95c7-2159-4327-ba09-da7721f1312e": { "id": "ac7f95c7-2159-4327-ba09-da7721f1312e", "title": "WP AdCenter \u2013 Ad Manager & Adsense Ads <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_alignment Attribute", "software": [ { "type": "plugin", "name": "WP AdCenter \u2013 Ad Manager & Adsense Ads", "slug": "wpadcenter", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac7f95c7-2159-4327-ba09-da7721f1312e?source=api-scan" ], "published": "2024-09-05 18:12:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac8214af-00d0-4dde-a3e7-f657decc4b93": { "id": "ac8214af-00d0-4dde-a3e7-f657decc4b93", "title": "Pods <= 2.7.26 - Authenticated Stored Cross-Site Scripting via Menu Label field", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "2.4.4.2 - 2.7.26": { "from_version": "2.4.4.2", "from_inclusive": true, "to_version": "2.7.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac8214af-00d0-4dde-a3e7-f657decc4b93?source=api-scan" ], "published": "2021-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac86043d-caf9-4c25-86b2-0e063c21b2d7": { "id": "ac86043d-caf9-4c25-86b2-0e063c21b2d7", "title": "Email Tracker <= 5.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Email Tracker \u2013 Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)", "slug": "email-tracker", "affected_versions": { "* - 5.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac86043d-caf9-4c25-86b2-0e063c21b2d7?source=api-scan" ], "published": "2021-11-01 20:42:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac877f4f-d99c-4cd0-b438-916255a11b8a": { "id": "ac877f4f-d99c-4cd0-b438-916255a11b8a", "title": "ActiveDEMAND <= 0.2.43 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ActiveDEMAND", "slug": "activedemand", "affected_versions": { "* - 0.2.43": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac877f4f-d99c-4cd0-b438-916255a11b8a?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac87819d-0ba3-4c30-ae35-e933f7e250a4": { "id": "ac87819d-0ba3-4c30-ae35-e933f7e250a4", "title": "MailChimp Forms by MailMunch <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "MailChimp Forms by MailMunch", "slug": "mailchimp-forms-by-mailmunch", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac87819d-0ba3-4c30-ae35-e933f7e250a4?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac8a06f5-4560-401c-b762-5422b624ba84": { "id": "ac8a06f5-4560-401c-b762-5422b624ba84", "title": "BuddyForms <= 2.8.12 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.8.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac8a06f5-4560-401c-b762-5422b624ba84?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac8a8698-0f8d-4204-8539-ce129d98b2b4": { "id": "ac8a8698-0f8d-4204-8539-ce129d98b2b4", "title": "Youzify <= 1.0.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac8a8698-0f8d-4204-8539-ce129d98b2b4?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ac96d3c5-1409-47f7-9e8e-0c35aa8199ce": { "id": "ac96d3c5-1409-47f7-9e8e-0c35aa8199ce", "title": "Everest News <= 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Everest News", "slug": "everest-news", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ac96d3c5-1409-47f7-9e8e-0c35aa8199ce?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acaad554-4094-4b52-a695-cb1e775495a5": { "id": "acaad554-4094-4b52-a695-cb1e775495a5", "title": "Picture Gallery <= 1.5.11 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo List", "slug": "picture-gallery", "affected_versions": { "* - 1.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acaad554-4094-4b52-a695-cb1e775495a5?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acb239c2-a105-4430-8451-a6ae852a690f": { "id": "acb239c2-a105-4430-8451-a6ae852a690f", "title": "Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acb239c2-a105-4430-8451-a6ae852a690f?source=api-scan" ], "published": "2018-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acb8c11f-e175-4361-b016-e1ebc1713be0": { "id": "acb8c11f-e175-4361-b016-e1ebc1713be0", "title": "ShortPixel Adaptive Images <= 3.6.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShortPixel Adaptive Images \u2013 WebP, AVIF, CDN, Image Optimization", "slug": "shortpixel-adaptive-images", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acb8c11f-e175-4361-b016-e1ebc1713be0?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acbe0ccd-f814-4cdd-ab70-6b8d29166e25": { "id": "acbe0ccd-f814-4cdd-ab70-6b8d29166e25", "title": "VikRentCar Car Rental Management System < 1.1.10 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VikRentCar Car Rental Management System", "slug": "vikrentcar", "affected_versions": { "[*, 1.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acbe0ccd-f814-4cdd-ab70-6b8d29166e25?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acbe1c36-04e7-49af-90fa-d8acbe351b57": { "id": "acbe1c36-04e7-49af-90fa-d8acbe351b57", "title": "Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.51": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acbe1c36-04e7-49af-90fa-d8acbe351b57?source=api-scan" ], "published": "2019-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acbea2eb-fa87-4117-b347-049c819599c7": { "id": "acbea2eb-fa87-4117-b347-049c819599c7", "title": "JobCareer | Job Board Responsive WordPress Theme < 2.4 - Unauthenticated Arbitrary Password Reset", "software": [ { "type": "plugin", "name": "JobCareer | Job Board Responsive WordPress Theme", "slug": "jobcareer", "affected_versions": { "[*, 2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "plugin", "name": "wp-jobhunt", "slug": "wp-jobhunt", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acbea2eb-fa87-4117-b347-049c819599c7?source=api-scan" ], "published": "2018-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acc0cb26-1199-4e71-91a5-340d80fafc24": { "id": "acc0cb26-1199-4e71-91a5-340d80fafc24", "title": "WPML <= 4.5.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 4.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acc0cb26-1199-4e71-91a5-340d80fafc24?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acc261eb-fafa-4e9d-b7ab-a449f14a7638": { "id": "acc261eb-fafa-4e9d-b7ab-a449f14a7638", "title": "Watu Quiz <= 3.4.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acc261eb-fafa-4e9d-b7ab-a449f14a7638?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acccc6ae-553d-4ed5-8ba9-06a9061d725c": { "id": "acccc6ae-553d-4ed5-8ba9-06a9061d725c", "title": "Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acccc6ae-553d-4ed5-8ba9-06a9061d725c?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "accdcff0-f361-4632-b0b7-e55975adeebb": { "id": "accdcff0-f361-4632-b0b7-e55975adeebb", "title": "WooCommerce Brands <= 1.6.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WooCommerce Brands", "slug": "woocommerce-brands", "affected_versions": { "* - 1.6.45": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/accdcff0-f361-4632-b0b7-e55975adeebb?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acd0349b-7864-4e4e-84ba-6f0ec5b585f3": { "id": "acd0349b-7864-4e4e-84ba-6f0ec5b585f3", "title": "UserPlus <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User registration & user profile \u2013 UserPlus", "slug": "userplus", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acd0349b-7864-4e4e-84ba-6f0ec5b585f3?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acd1d5c9-70fb-43e8-94de-6ddcf4612cea": { "id": "acd1d5c9-70fb-43e8-94de-6ddcf4612cea", "title": "Search Everything <= 8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Search Everything", "slug": "search-everything", "affected_versions": { "[*, 8.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acd1d5c9-70fb-43e8-94de-6ddcf4612cea?source=api-scan" ], "published": "2014-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acd61330-eba8-4311-8b60-30c3124067f0": { "id": "acd61330-eba8-4311-8b60-30c3124067f0", "title": "WP Hardening \u2013 Fix Your WordPress Security <= 1.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Hardening (discontinued)", "slug": "wp-security-hardening", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acd61330-eba8-4311-8b60-30c3124067f0?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acd6b604-45dd-4688-a9b9-fabb12c418e2": { "id": "acd6b604-45dd-4688-a9b9-fabb12c418e2", "title": "illi Link Party! <= 1.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "illi Link Party!", "slug": "link-party", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acd6b604-45dd-4688-a9b9-fabb12c418e2?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acdac8a7-6ac5-481d-a636-dd791fda89a3": { "id": "acdac8a7-6ac5-481d-a636-dd791fda89a3", "title": "Contact Form Generator <= 2.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Generator : Creative form builder for WordPress", "slug": "contact-form-generator", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acdac8a7-6ac5-481d-a636-dd791fda89a3?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acde42e4-7445-427a-b4fa-9ef225049bb8": { "id": "acde42e4-7445-427a-b4fa-9ef225049bb8", "title": "WHIZZ < 1.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WHIZZ", "slug": "whizz", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acde42e4-7445-427a-b4fa-9ef225049bb8?source=api-scan" ], "published": "2016-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acde5693-53fe-47b8-ad0b-6799ab63d0c1": { "id": "acde5693-53fe-47b8-ad0b-6799ab63d0c1", "title": "Ghost <= 0.5.5 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Ghost", "slug": "ghost", "affected_versions": { "* - 0.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acde5693-53fe-47b8-ad0b-6799ab63d0c1?source=api-scan" ], "published": "2016-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ace46bae-5dfb-4cdf-bd9e-d68282be16d0": { "id": "ace46bae-5dfb-4cdf-bd9e-d68282be16d0", "title": "Footer Putter <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Footer Putter", "slug": "footer-putter", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ace46bae-5dfb-4cdf-bd9e-d68282be16d0?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ace85b25-251b-4549-8f6e-1a1494cbabb6": { "id": "ace85b25-251b-4549-8f6e-1a1494cbabb6", "title": "CSS & JavaScript Toolbox <= 11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "CSS & JavaScript Toolbox", "slug": "css-javascript-toolbox", "affected_versions": { "* - 11.8": { "from_version": "*", "from_inclusive": true, "to_version": "11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ace85b25-251b-4549-8f6e-1a1494cbabb6?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acf1e98a-9e9d-453d-afce-6e47fce3a2d2": { "id": "acf1e98a-9e9d-453d-afce-6e47fce3a2d2", "title": "WP Database Backup <= 4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acf1e98a-9e9d-453d-afce-6e47fce3a2d2?source=api-scan" ], "published": "2016-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acf9dfaf-4a4e-4ff1-8276-94b1ffb76ab1": { "id": "acf9dfaf-4a4e-4ff1-8276-94b1ffb76ab1", "title": "WpStickyBar \u2013 Sticky Bar, Sticky Header <= 2.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WpStickyBar \u2013 Sticky Bar, Sticky Header", "slug": "wpstickybar-sticky-bar-sticky-header", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acf9dfaf-4a4e-4ff1-8276-94b1ffb76ab1?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "acff00f2-586d-474c-8dec-f27c488e9045": { "id": "acff00f2-586d-474c-8dec-f27c488e9045", "title": "CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "cformsII", "slug": "cforms2", "affected_versions": { "[*, 15.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "15.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "15.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/acff00f2-586d-474c-8dec-f27c488e9045?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad003d57-a573-473e-80a9-5bf60d42a707": { "id": "ad003d57-a573-473e-80a9-5bf60d42a707", "title": "Restaurant & Cafe Addon for Elementor <= 1.5.3 - Missing Authorization via multiple AJAX functions", "software": [ { "type": "plugin", "name": "Restaurant & Cafe Addon for Elementor", "slug": "restaurant-cafe-addon-for-elementor", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad003d57-a573-473e-80a9-5bf60d42a707?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad05b088-977e-4f24-b843-dc65f1aa60e9": { "id": "ad05b088-977e-4f24-b843-dc65f1aa60e9", "title": "Soumettre.fr <= 2.1.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Soumettre.fr", "slug": "soumettre-fr", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad05b088-977e-4f24-b843-dc65f1aa60e9?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad09e91d-8ef8-49b2-84e8-fdbf28d65a8a": { "id": "ad09e91d-8ef8-49b2-84e8-fdbf28d65a8a", "title": "Import CSV or XML Datafeed With Ease <= 3.7.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 3.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad09e91d-8ef8-49b2-84e8-fdbf28d65a8a?source=api-scan" ], "published": "2015-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad0bd82d-db0e-440e-9cea-d3843525b0f0": { "id": "ad0bd82d-db0e-440e-9cea-d3843525b0f0", "title": "Backend Localization <= 2.1.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Backend Localization", "slug": "kau-boys-backend-localization", "affected_versions": { "* - 2.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad0bd82d-db0e-440e-9cea-d3843525b0f0?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad0e4292-d890-499b-b70a-ed638d5b8ee9": { "id": "ad0e4292-d890-499b-b70a-ed638d5b8ee9", "title": "Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.36": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad0e4292-d890-499b-b70a-ed638d5b8ee9?source=api-scan" ], "published": "2024-05-09 18:38:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad0ed141-3d17-4fff-b788-7ff43f79d04c": { "id": "ad0ed141-3d17-4fff-b788-7ff43f79d04c", "title": "Welcart e-Commerce <= 2.8.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad0ed141-3d17-4fff-b788-7ff43f79d04c?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad12941f-8cbf-41c6-a261-b47075198d26": { "id": "ad12941f-8cbf-41c6-a261-b47075198d26", "title": "Sandbox <= 1.6.1 - Full Path Disclosure", "software": [ { "type": "theme", "name": "Sandbox", "slug": "sandbox", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad12941f-8cbf-41c6-a261-b47075198d26?source=api-scan" ], "published": "2013-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad177f89-2cc0-4ab3-a787-3b0bd3bf3e47": { "id": "ad177f89-2cc0-4ab3-a787-3b0bd3bf3e47", "title": "Booking Calendar <= 8.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 8.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad177f89-2cc0-4ab3-a787-3b0bd3bf3e47?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad1a79f3-274f-4a33-a752-669c09c2d47d": { "id": "ad1a79f3-274f-4a33-a752-669c09c2d47d", "title": "Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Redirect After Login", "slug": "redirect-after-login", "affected_versions": { "* - 0.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad1a79f3-274f-4a33-a752-669c09c2d47d?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad20ddd2-33d0-4d49-bca0-ea2a829da6c8": { "id": "ad20ddd2-33d0-4d49-bca0-ea2a829da6c8", "title": "Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Radio Forge Muses Player with Skins", "slug": "radio-forge", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad20ddd2-33d0-4d49-bca0-ea2a829da6c8?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad254899-983b-42bc-a248-7dbf9003d06c": { "id": "ad254899-983b-42bc-a248-7dbf9003d06c", "title": "S3 Video <= 0.982 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "S3 Video Plugin", "slug": "s3-video", "affected_versions": { "* - 0.982": { "from_version": "*", "from_inclusive": true, "to_version": "0.982", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.983" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad254899-983b-42bc-a248-7dbf9003d06c?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f": { "id": "ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f", "title": "Essential Blocks <= 4.0.6 - Missing Authorization via templates", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad2d5070-ddc6-4478-abe5-776e197a4507": { "id": "ad2d5070-ddc6-4478-abe5-776e197a4507", "title": "Restrict Content <= 3.2.7 - Information Exposure via legacy log file", "software": [ { "type": "plugin", "name": "Membership Plugin \u2013 Restrict Content", "slug": "restrict-content", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad2d5070-ddc6-4478-abe5-776e197a4507?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad34d657-da59-46ff-a54a-64e6c8974b69": { "id": "ad34d657-da59-46ff-a54a-64e6c8974b69", "title": "DoLogin Security <= 3.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DoLogin Security", "slug": "dologin", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad34d657-da59-46ff-a54a-64e6c8974b69?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad359327-9d53-4c8e-bd09-7a337711cfbd": { "id": "ad359327-9d53-4c8e-bd09-7a337711cfbd", "title": "Timetable and Event Schedule by MotoPress <= 2.3.18 - Author+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timetable and Event Schedule by MotoPress", "slug": "mp-timetable", "affected_versions": { "* - 2.3.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad359327-9d53-4c8e-bd09-7a337711cfbd?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad374338-2bf4-4322-be5e-b4fe07acf80d": { "id": "ad374338-2bf4-4322-be5e-b4fe07acf80d", "title": "BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BA Book Everything", "slug": "ba-book-everything", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad374338-2bf4-4322-be5e-b4fe07acf80d?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad3de7e6-a080-4ce8-aa27-21e7f8fdb2c7": { "id": "ad3de7e6-a080-4ce8-aa27-21e7f8fdb2c7", "title": "Fusion Builder <= 3.6.1 & Avada <= 7.6.1 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Fusion Builder", "slug": "fusion-builder", "affected_versions": { "[*, 3.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.2" ] }, { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "[*, 7.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad3de7e6-a080-4ce8-aa27-21e7f8fdb2c7?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad427bea-1b0e-46bb-85fc-53c51fb40a17": { "id": "ad427bea-1b0e-46bb-85fc-53c51fb40a17", "title": "WP Translitera <= p1.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Translitera", "slug": "wp-translitera", "affected_versions": { "* - p1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "p1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad427bea-1b0e-46bb-85fc-53c51fb40a17?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad430706-749f-4582-af07-6c543b8d5aad": { "id": "ad430706-749f-4582-af07-6c543b8d5aad", "title": "Checkout Field Editor <= 1.7.4 - Cross-Site Request Forgery to Checkout Fields Update", "software": [ { "type": "plugin", "name": "Checkout Field Editor", "slug": "woocommerce-checkout-field-editor", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad430706-749f-4582-af07-6c543b8d5aad?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad4784ce-38f2-49b7-8323-ce08a16a311b": { "id": "ad4784ce-38f2-49b7-8323-ce08a16a311b", "title": "Download ZIP Attachments <= 1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "download-zip-attachments", "slug": "download-zip-attachments", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad4784ce-38f2-49b7-8323-ce08a16a311b?source=api-scan" ], "published": "2015-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad4878fb-dd0f-473b-9887-d993a89fedd2": { "id": "ad4878fb-dd0f-473b-9887-d993a89fedd2", "title": "Infographic Maker \u2013 iList <= 4.3.7 - SQL Injection", "software": [ { "type": "plugin", "name": "AI Infographic Maker", "slug": "infographic-and-list-builder-ilist", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad4878fb-dd0f-473b-9887-d993a89fedd2?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad50e216-f522-4294-a4dc-7f3bd52820b3": { "id": "ad50e216-f522-4294-a4dc-7f3bd52820b3", "title": "Doofinder for WooCommerce <= 2.0.33 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "DOOFINDER Search and Discovery for WP & WooCommerce", "slug": "doofinder-for-woocommerce", "affected_versions": { "* - 2.0.33": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad50e216-f522-4294-a4dc-7f3bd52820b3?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad5782d6-f36b-4b7d-b6c0-b9329fb8725c": { "id": "ad5782d6-f36b-4b7d-b6c0-b9329fb8725c", "title": "Icegram <= 3.1.24 - Missing Authorization to Unauthenticated Message Duplication", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 3.1.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad5782d6-f36b-4b7d-b6c0-b9329fb8725c?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad5a13d9-5ba4-4e66-8374-f45bcd6c716f": { "id": "ad5a13d9-5ba4-4e66-8374-f45bcd6c716f", "title": "Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicate Page and Post", "slug": "duplicate-wp-page-post", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad5a13d9-5ba4-4e66-8374-f45bcd6c716f?source=api-scan" ], "published": "2022-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad5aeea0-ba5a-488a-9087-9b7567f31c70": { "id": "ad5aeea0-ba5a-488a-9087-9b7567f31c70", "title": "WP Customer Area <= 8.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Customer Area", "slug": "customer-area", "affected_versions": { "* - 8.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad5aeea0-ba5a-488a-9087-9b7567f31c70?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad5c8eb8-8e58-4bed-a39c-b54e2cfd9cd3": { "id": "ad5c8eb8-8e58-4bed-a39c-b54e2cfd9cd3", "title": "15Zine | Magazine Newspaper Blog News WordPress Theme < 3.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "15Zine | Magazine Newspaper Blog News WordPress Theme", "slug": "15zine", "affected_versions": { "[*, 3.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad5c8eb8-8e58-4bed-a39c-b54e2cfd9cd3?source=api-scan" ], "published": "2020-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad5ca2a1-06ac-4f26-9ecb-bb861c035f57": { "id": "ad5ca2a1-06ac-4f26-9ecb-bb861c035f57", "title": "Social Stickers <= 2.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Stickers", "slug": "social-stickers", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad5ca2a1-06ac-4f26-9ecb-bb861c035f57?source=api-scan" ], "published": "2022-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad62fd9b-fbd5-4e3d-b910-29143c6813b7": { "id": "ad62fd9b-fbd5-4e3d-b910-29143c6813b7", "title": "DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DD Rating", "slug": "dd-rating", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad62fd9b-fbd5-4e3d-b910-29143c6813b7?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad66015d-7831-4590-9583-3abf7ca43c3b": { "id": "ad66015d-7831-4590-9583-3abf7ca43c3b", "title": "JetEngine <= 3.2.4 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "JetEngine", "slug": "jet-engine", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad66015d-7831-4590-9583-3abf7ca43c3b?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad6747da-394a-4f63-864d-bd52813fad69": { "id": "ad6747da-394a-4f63-864d-bd52813fad69", "title": "M-vSlider <= 2.1.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "M-vSlider", "slug": "m-vslider", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad6747da-394a-4f63-864d-bd52813fad69?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad7e3fe0-561e-40d8-b22c-bf8e7675b87f": { "id": "ad7e3fe0-561e-40d8-b22c-bf8e7675b87f", "title": "GiveWP <= 2.17.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.17.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.17.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad7e3fe0-561e-40d8-b22c-bf8e7675b87f?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad7eee97-332a-4f3c-bba1-d108a769599d": { "id": "ad7eee97-332a-4f3c-bba1-d108a769599d", "title": "Tutor LMS <= 1.9.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad7eee97-332a-4f3c-bba1-d108a769599d?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad81c6b6-dbf5-40a3-894d-e2fbab69d38a": { "id": "ad81c6b6-dbf5-40a3-894d-e2fbab69d38a", "title": "Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Domain Replace", "slug": "domain-replace", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad81c6b6-dbf5-40a3-894d-e2fbab69d38a?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad8311d4-b07d-4e74-ab14-69faa3e409c8": { "id": "ad8311d4-b07d-4e74-ab14-69faa3e409c8", "title": "Form Maker by 10Web <= 1.15.26 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad8311d4-b07d-4e74-ab14-69faa3e409c8?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad85b322-204a-4d74-8dde-38571fb68dd0": { "id": "ad85b322-204a-4d74-8dde-38571fb68dd0", "title": "Hotscot Contact Form < 1.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Hotscot Contact Form", "slug": "hotscot-contact-form", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad85b322-204a-4d74-8dde-38571fb68dd0?source=api-scan" ], "published": "2021-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad88c661-601c-411f-9495-2c3b8a568c6b": { "id": "ad88c661-601c-411f-9495-2c3b8a568c6b", "title": "Team Members Showcase <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Members Showcase", "slug": "dazzlersoft-teams", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad88c661-601c-411f-9495-2c3b8a568c6b?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad896d7d-2c75-466c-9a79-b6a9cfb0bc15": { "id": "ad896d7d-2c75-466c-9a79-b6a9cfb0bc15", "title": "Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup contact form", "slug": "popup-contact-form", "affected_versions": { "* - 7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad896d7d-2c75-466c-9a79-b6a9cfb0bc15?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad8b5fd2-ba92-4afa-9b4a-a95936b9a18d": { "id": "ad8b5fd2-ba92-4afa-9b4a-a95936b9a18d", "title": "Kaya QR Code Generator <= 1.5.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via url parameter", "software": [ { "type": "plugin", "name": "Kaya QR Code Generator", "slug": "kaya-qr-code-generator", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad8b5fd2-ba92-4afa-9b4a-a95936b9a18d?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad8dff1e-b9f8-4383-8efb-8bceaa8c86c6": { "id": "ad8dff1e-b9f8-4383-8efb-8bceaa8c86c6", "title": "Mediamatic \u2013 Media Library Folders <= 2.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mediamatic \u2013 Media Library Folders", "slug": "mediamatic", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad8dff1e-b9f8-4383-8efb-8bceaa8c86c6?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad8f8c41-a3b9-4287-b6b2-489fb77b7553": { "id": "ad8f8c41-a3b9-4287-b6b2-489fb77b7553", "title": "Albo Pretorio Online <= 4.6 - Reflected Cross-Site Scripting via 'Errore'", "software": [ { "type": "plugin", "name": "Albo Pretorio On line", "slug": "albo-pretorio-on-line", "affected_versions": { "* - 4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad8f8c41-a3b9-4287-b6b2-489fb77b7553?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad8fc5c1-78f1-4ab4-8fe4-707f4c46a388": { "id": "ad8fc5c1-78f1-4ab4-8fe4-707f4c46a388", "title": "Insert Post Ads <= 1.3.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Insert Post Ads", "slug": "insert-post-ads", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad8fc5c1-78f1-4ab4-8fe4-707f4c46a388?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad9272e3-fa81-440e-8d77-207145123ad2": { "id": "ad9272e3-fa81-440e-8d77-207145123ad2", "title": "Easy Twitter Feed < 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Twitter Feed \u2013 Twitter feeds plugin for WP", "slug": "easy-twitter-feeds", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad9272e3-fa81-440e-8d77-207145123ad2?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad943111-24c1-4ff9-b34a-aa4e1ee8ee75": { "id": "ad943111-24c1-4ff9-b34a-aa4e1ee8ee75", "title": "WordPress Core < 3.9.2 - Brute Force of Cross-Site Request Forgery Tokens", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.3": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true }, "3.8 - 3.8.3": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true }, "3.9 - 3.9.1": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4", "3.8.4", "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad943111-24c1-4ff9-b34a-aa4e1ee8ee75?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad953bc7-5747-4936-b702-37386299369e": { "id": "ad953bc7-5747-4936-b702-37386299369e", "title": "Pop-up <= 1.1.1 - Missing authorization to Settings Change", "software": [ { "type": "plugin", "name": "Pop-up", "slug": "pop-up-pop-up", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad953bc7-5747-4936-b702-37386299369e?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad95f0b2-4d96-4f62-b495-050a89539177": { "id": "ad95f0b2-4d96-4f62-b495-050a89539177", "title": "SVG Uploads Support <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "SVG Uploads Support", "slug": "svg-uploads-support", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad95f0b2-4d96-4f62-b495-050a89539177?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad979f36-319f-48ce-a620-5ea9ae5401eb": { "id": "ad979f36-319f-48ce-a620-5ea9ae5401eb", "title": "Enable SVG <= 1.3.1 - Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Enable SVG", "slug": "enable-svg", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad979f36-319f-48ce-a620-5ea9ae5401eb?source=api-scan" ], "published": "2022-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ad98db62-4253-4fd5-90b3-c28a563c7697": { "id": "ad98db62-4253-4fd5-90b3-c28a563c7697", "title": "My Calendar <= 3.4.23 - Authenticated (Admin+) Stored Cross-Site Scripting via Events", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.4.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ad98db62-4253-4fd5-90b3-c28a563c7697?source=api-scan" ], "published": "2024-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ada3a69c-d113-4f92-b716-641bd5d20940": { "id": "ada3a69c-d113-4f92-b716-641bd5d20940", "title": "Spiffy Calendar <= 4.9.0 - Event deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ada3a69c-d113-4f92-b716-641bd5d20940?source=api-scan" ], "published": "2022-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adab6dd8-3054-42ca-99ae-1fc65108f823": { "id": "adab6dd8-3054-42ca-99ae-1fc65108f823", "title": "Photo Gallery by 10Web <= 1.3.50 - Authenticated SQL Injection via tag_id Parameter", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.3.51)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.51", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adab6dd8-3054-42ca-99ae-1fc65108f823?source=api-scan" ], "published": "2017-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adadac1e-3d92-41a5-90d4-b2028c8c40c0": { "id": "adadac1e-3d92-41a5-90d4-b2028c8c40c0", "title": "Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure", "software": [ { "type": "plugin", "name": "Essential Grid Gallery WordPress Plugin", "slug": "essential-grid", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adadac1e-3d92-41a5-90d4-b2028c8c40c0?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adb1d8b0-b1d6-40df-b591-f1062ee744fb": { "id": "adb1d8b0-b1d6-40df-b591-f1062ee744fb", "title": "Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adb4644c-6ef6-4899-b0f1-2629ffacd19c": { "id": "adb4644c-6ef6-4899-b0f1-2629ffacd19c", "title": "Gmedia Photo Gallery <= 1.6.4 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Gmedia Photo Gallery", "slug": "grand-media", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adb4644c-6ef6-4899-b0f1-2629ffacd19c?source=api-scan" ], "published": "2015-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adb70798-2ef9-4384-bcca-8862afa044ed": { "id": "adb70798-2ef9-4384-bcca-8862afa044ed", "title": "WP RSS Images <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP RSS Images", "slug": "wp-rss-images", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adb70798-2ef9-4384-bcca-8862afa044ed?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adb84461-6675-497f-ac53-cf72bd4c17bc": { "id": "adb84461-6675-497f-ac53-cf72bd4c17bc", "title": "WPFront Scroll Top <= 2.0.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFront Scroll Top", "slug": "wpfront-scroll-top", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adb84461-6675-497f-ac53-cf72bd4c17bc?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adb87ef2-8741-4144-b414-56e82dd35c89": { "id": "adb87ef2-8741-4144-b414-56e82dd35c89", "title": "Event Registration <= 6.02.02 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Registration", "slug": "event-registration", "affected_versions": { "* - 6.02.02": { "from_version": "*", "from_inclusive": true, "to_version": "6.02.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.03.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adb87ef2-8741-4144-b414-56e82dd35c89?source=api-scan" ], "published": "2016-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adbc23b3-fa9d-4303-8283-1cabb2a6bb71": { "id": "adbc23b3-fa9d-4303-8283-1cabb2a6bb71", "title": "Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adbc23b3-fa9d-4303-8283-1cabb2a6bb71?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adbf25c2-b572-4a83-811e-3a5dda1ad8cd": { "id": "adbf25c2-b572-4a83-811e-3a5dda1ad8cd", "title": "Pinfinity <= 1.9.2 - Reflected Cross-site Scripting", "software": [ { "type": "theme", "name": "Pinfinity", "slug": "pinfinity", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adbf25c2-b572-4a83-811e-3a5dda1ad8cd?source=api-scan" ], "published": "2017-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adc7e02f-aa95-417f-8778-d9a75beeaf13": { "id": "adc7e02f-aa95-417f-8778-d9a75beeaf13", "title": "JSmol2WP <= 1.07 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JSmol2WP", "slug": "jsmol2wp", "affected_versions": { "* - 1.07": { "from_version": "*", "from_inclusive": true, "to_version": "1.07", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adc7e02f-aa95-417f-8778-d9a75beeaf13?source=api-scan" ], "published": "2019-01-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adcaf2db-2026-46bb-8fbc-0400d7c1e296": { "id": "adcaf2db-2026-46bb-8fbc-0400d7c1e296", "title": "Stock Sync for WooCommerce <= 2.4.0 - Reflected Cross-Site Scripting via page parameter", "software": [ { "type": "plugin", "name": "Stock Sync for WooCommerce", "slug": "stock-sync-for-woocommerce", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adcaf2db-2026-46bb-8fbc-0400d7c1e296?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adcbb70e-c99f-4f05-8869-50cf16f6de79": { "id": "adcbb70e-c99f-4f05-8869-50cf16f6de79", "title": "Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Wholesale Market", "slug": "wholesale-market", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adcbb70e-c99f-4f05-8869-50cf16f6de79?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "add12281-7c2b-4b79-a744-36e9fd923611": { "id": "add12281-7c2b-4b79-a744-36e9fd923611", "title": "SSV MailChimp <= 3.1.5 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "SSV MailChimp", "slug": "ssv-mailchimp", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/add12281-7c2b-4b79-a744-36e9fd923611?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "add568d4-d615-40ff-9320-89869f825f81": { "id": "add568d4-d615-40ff-9320-89869f825f81", "title": "Advanced Woo Search <= 2.00 - Information Disclosure", "software": [ { "type": "plugin", "name": "Advanced Woo Search", "slug": "advanced-woo-search", "affected_versions": { "* - 1.99": { "from_version": "*", "from_inclusive": true, "to_version": "1.99", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.00" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/add568d4-d615-40ff-9320-89869f825f81?source=api-scan" ], "published": "2020-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "addae413-1fc5-427f-a5ef-3da705cbeb5b": { "id": "addae413-1fc5-427f-a5ef-3da705cbeb5b", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.20.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ade06c00-43b7-48b3-9c9d-4921fb52cc66": { "id": "ade06c00-43b7-48b3-9c9d-4921fb52cc66", "title": "Mail Masta <= 1.0 - SQL Injection via id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ade06c00-43b7-48b3-9c9d-4921fb52cc66?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ade1eddf-cfcc-4956-8015-8d9a592cc252": { "id": "ade1eddf-cfcc-4956-8015-8d9a592cc252", "title": "Gum Elementor Addon <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Widget", "software": [ { "type": "plugin", "name": "Gum Elementor Addon", "slug": "gum-elementor-addon", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ade1eddf-cfcc-4956-8015-8d9a592cc252?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ade346fc-d158-4485-85a8-d14d5e059554": { "id": "ade346fc-d158-4485-85a8-d14d5e059554", "title": "Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget <= 2.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget", "slug": "custom-twitter-feeds", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ade346fc-d158-4485-85a8-d14d5e059554?source=api-scan" ], "published": "2024-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ade377c4-c7aa-428d-b763-6e6fb6caee0c": { "id": "ade377c4-c7aa-428d-b763-6e6fb6caee0c", "title": "Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure", "software": [ { "type": "plugin", "name": "Responsive Lightbox & Gallery", "slug": "responsive-lightbox", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ade377c4-c7aa-428d-b763-6e6fb6caee0c?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ade6f9f2-2a35-4bb0-ab13-33b84394d965": { "id": "ade6f9f2-2a35-4bb0-ab13-33b84394d965", "title": "Bookly <= 22.3.1 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly", "slug": "bookly-responsive-appointment-booking-tool", "affected_versions": { "* - 22.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "22.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "22.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ade6f9f2-2a35-4bb0-ab13-33b84394d965?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ade7da50-49f3-4026-a2c0-5c23c9b0f0cb": { "id": "ade7da50-49f3-4026-a2c0-5c23c9b0f0cb", "title": "Admin Menu Plugin <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Menu", "slug": "admin-menu", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ade7da50-49f3-4026-a2c0-5c23c9b0f0cb?source=api-scan" ], "published": "2020-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ade7f391-3824-4d0b-8718-f7995170a43d": { "id": "ade7f391-3824-4d0b-8718-f7995170a43d", "title": "Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ade7f391-3824-4d0b-8718-f7995170a43d?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adebcf1c-bb22-4a25-b79b-b76eb3b3023f": { "id": "adebcf1c-bb22-4a25-b79b-b76eb3b3023f", "title": "Gutenberg Template Library & Redux Framework <= 4.1.23 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Redux Framework", "slug": "redux-framework", "affected_versions": { "[*, 4.1.24)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adebcf1c-bb22-4a25-b79b-b76eb3b3023f?source=api-scan" ], "published": "2020-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adee74ec-7a3c-4519-bea8-23c92e89d484": { "id": "adee74ec-7a3c-4519-bea8-23c92e89d484", "title": "Pay Per Media Player <= 1.24 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pay Per Media Player", "slug": "pay-per-media-player", "affected_versions": { "* - 1.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.24", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adee74ec-7a3c-4519-bea8-23c92e89d484?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adf10ad4-38b2-44be-bdc6-ba6b62e9fbe6": { "id": "adf10ad4-38b2-44be-bdc6-ba6b62e9fbe6", "title": "Squelch Tabs and Accordions Shortcodes <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode", "software": [ { "type": "plugin", "name": "Squelch Tabs and Accordions Shortcodes", "slug": "squelch-tabs-and-accordions-shortcodes", "affected_versions": { "* - 0.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adf10ad4-38b2-44be-bdc6-ba6b62e9fbe6?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adf3fb57-b080-4cda-b78b-14d94bad21a9": { "id": "adf3fb57-b080-4cda-b78b-14d94bad21a9", "title": "WordPress Core < 5.4.1 - Authenticated Cross-Site Scripting via Customizer", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.32": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.32", "to_inclusive": true }, "3.8 - 3.8.32": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.32", "to_inclusive": true }, "3.9 - 3.9.30": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.30", "to_inclusive": true }, "4.0 - 4.0.29": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.29", "to_inclusive": true }, "4.1 - 4.1.29": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.29", "to_inclusive": true }, "4.2 - 4.2.26": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.26", "to_inclusive": true }, "4.3 - 4.3.22": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.22", "to_inclusive": true }, "4.4 - 4.4.21": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.21", "to_inclusive": true }, "4.5 - 4.5.20": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.20", "to_inclusive": true }, "4.6 - 4.6.17": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.17", "to_inclusive": true }, "4.7 - 4.7.16": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.16", "to_inclusive": true }, "4.8 - 4.8.12": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.12", "to_inclusive": true }, "4.9 - 4.9.13": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true }, "5.0 - 5.0.8": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true }, "5.1 - 5.1.4": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true }, "5.2 - 5.2.5": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true }, "5.3 - 5.3.2": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true }, "5.4": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.33", "3.8.33", "3.9.31", "4.0.30", "4.1.30", "4.2.27", "4.3.23", "4.4.22", "4.5.21", "4.6.18", "4.7.17", "4.8.13", "4.9.14", "5.0.9", "5.1.5", "5.2.6", "5.3.3", "5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adf3fb57-b080-4cda-b78b-14d94bad21a9?source=api-scan" ], "published": "2020-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adf6b34b-a362-4cfe-b062-8bbe11584581": { "id": "adf6b34b-a362-4cfe-b062-8bbe11584581", "title": "Portfolio Gallery \u2013 Image Gallery Plugin <= 1.6.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Portfolio Gallery \u2013 Image Gallery Plugin", "slug": "portfolio-filter-gallery", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adf6b34b-a362-4cfe-b062-8bbe11584581?source=api-scan" ], "published": "2024-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "adfc5084-ed33-4600-bd34-d3516f1a1b96": { "id": "adfc5084-ed33-4600-bd34-d3516f1a1b96", "title": "WordPress Backup & Migration <= 1.4.1 - Missing Authorization to Settings and Schedule Modification", "software": [ { "type": "plugin", "name": "WebToffee WP Backup and Migration", "slug": "wp-migration-duplicator", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/adfc5084-ed33-4600-bd34-d3516f1a1b96?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae007dc0-9ac7-459d-bfe6-bcde87028b14": { "id": "ae007dc0-9ac7-459d-bfe6-bcde87028b14", "title": "Conversios.io <= 6.5.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress", "slug": "enhanced-e-commerce-for-woocommerce-store", "affected_versions": { "* - 6.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae007dc0-9ac7-459d-bfe6-bcde87028b14?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae048156-f6a0-41c3-8853-ea439eac10a4": { "id": "ae048156-f6a0-41c3-8853-ea439eac10a4", "title": "Power BI Embedded for WordPress <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Power BI Embedded for WordPress", "slug": "embed-power-bi", "affected_versions": { "1.1.3": { "from_version": "1.1.3", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae048156-f6a0-41c3-8853-ea439eac10a4?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae058c5b-b90b-4a1e-9f56-d56dbd2d3607": { "id": "ae058c5b-b90b-4a1e-9f56-d56dbd2d3607", "title": "Pretty Links <= 2.1.9 - Unauthenticated Stored Cross-Site Scripting via track_link", "software": [ { "type": "plugin", "name": "PrettyLinks \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "pretty-link", "affected_versions": { "[*, 2.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae058c5b-b90b-4a1e-9f56-d56dbd2d3607?source=api-scan" ], "published": "2019-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae12f71d-0f53-4942-83a7-856633e665ca": { "id": "ae12f71d-0f53-4942-83a7-856633e665ca", "title": "Plg Novana Plugin (All Versions) - SQL Injection", "software": [ { "type": "plugin", "name": "Plg Novana", "slug": "plg_novana", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae12f71d-0f53-4942-83a7-856633e665ca?source=api-scan" ], "published": "2012-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae1820ab-6a24-45b3-801c-34c5515c8868": { "id": "ae1820ab-6a24-45b3-801c-34c5515c8868", "title": "Modern <= 1.4.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Modern", "slug": "modern", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae1820ab-6a24-45b3-801c-34c5515c8868?source=api-scan" ], "published": "2015-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae31fb73-de38-4c30-9348-80373ed6e5cd": { "id": "ae31fb73-de38-4c30-9348-80373ed6e5cd", "title": "Altos Connect <= 1.3.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Altos Connect", "slug": "altos-connect", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae31fb73-de38-4c30-9348-80373ed6e5cd?source=api-scan" ], "published": "2015-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae342dd9-2f5f-4356-8fb4-9a3e5f4f8316": { "id": "ae342dd9-2f5f-4356-8fb4-9a3e5f4f8316", "title": "Brizy Page Builder <= 2.4.18 - IP Address Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae342dd9-2f5f-4356-8fb4-9a3e5f4f8316?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae35a02c-ba33-478d-a054-98b486e2192a": { "id": "ae35a02c-ba33-478d-a054-98b486e2192a", "title": "WP Booking System \u2013 Booking Calendar < 1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking System \u2013 Booking Calendar", "slug": "wp-booking-system", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] }, { "type": "plugin", "name": "WP Booking System \u2013 Booking Calendar Premium", "slug": "wp-booking-system-premium", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae35a02c-ba33-478d-a054-98b486e2192a?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae3974e6-cba1-4976-a6af-9e60557cfde8": { "id": "ae3974e6-cba1-4976-a6af-9e60557cfde8", "title": "Parallax Slider Block <= 1.2.5 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Parallax Slider Block", "slug": "parallax-slider-block", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae3974e6-cba1-4976-a6af-9e60557cfde8?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae397949-12d2-4323-871e-4fd4f14f35c6": { "id": "ae397949-12d2-4323-871e-4fd4f14f35c6", "title": "WP Extra File Types <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Extra File Types", "slug": "wp-extra-file-types", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae397949-12d2-4323-871e-4fd4f14f35c6?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae39fac4-6b65-42a6-bd34-c364922ef675": { "id": "ae39fac4-6b65-42a6-bd34-c364922ef675", "title": "Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking", "slug": "tourfic", "affected_versions": { "* - 2.11.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae39fac4-6b65-42a6-bd34-c364922ef675?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae3d33dd-2591-4c4e-9769-77575e57ac49": { "id": "ae3d33dd-2591-4c4e-9769-77575e57ac49", "title": "Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 Vimeo and YouTube Gallery", "slug": "smart-grid-gallery", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae3d33dd-2591-4c4e-9769-77575e57ac49?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae40fd4a-8448-48ea-9b31-067643972b44": { "id": "ae40fd4a-8448-48ea-9b31-067643972b44", "title": "Connections Business Directory <= 10.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Connections Business Directory", "slug": "connections", "affected_versions": { "* - 10.4.36": { "from_version": "*", "from_inclusive": true, "to_version": "10.4.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.4.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae40fd4a-8448-48ea-9b31-067643972b44?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae46eea5-4b7a-4cf5-97ff-c65b7e8e3261": { "id": "ae46eea5-4b7a-4cf5-97ff-c65b7e8e3261", "title": "Testimonials Widget <= 3.5.1 - Multiple Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonials Widget", "slug": "testimonials-widget", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae46eea5-4b7a-4cf5-97ff-c65b7e8e3261?source=api-scan" ], "published": "2020-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae4a8e70-6b94-428f-8672-407dc4cd2f3f": { "id": "ae4a8e70-6b94-428f-8672-407dc4cd2f3f", "title": "Peter\u2019s Collaboration E-mails <= 2.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Peter\u2019s Collaboration E-mails", "slug": "peters-collaboration-e-mails", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae4a8e70-6b94-428f-8672-407dc4cd2f3f?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae4d47b3-59c3-46d1-80c2-d11c98fb9b1e": { "id": "ae4d47b3-59c3-46d1-80c2-d11c98fb9b1e", "title": "Digital Lottery <= 3.0.5 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Digital Lottery", "slug": "digital-lottery", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae4d47b3-59c3-46d1-80c2-d11c98fb9b1e?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae50aa5d-95e3-4650-9dbf-118b4ba3abda": { "id": "ae50aa5d-95e3-4650-9dbf-118b4ba3abda", "title": "WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload\/Delete", "software": [ { "type": "plugin", "name": "WP Cost Estimation", "slug": "WP_Estimation_Form", "affected_versions": { "[*, 9.644)": { "from_version": "*", "from_inclusive": true, "to_version": "9.644", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.644" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae50aa5d-95e3-4650-9dbf-118b4ba3abda?source=api-scan" ], "published": "2019-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae5121bd-2f3f-4d87-a2fd-d11bb9f8dc2c": { "id": "ae5121bd-2f3f-4d87-a2fd-d11bb9f8dc2c", "title": "WP Film Studio <= 1.3.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "WP Film Studio \u2013 WordPress Movie Maker\/Production Plugin", "slug": "wp-film-studio", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae5121bd-2f3f-4d87-a2fd-d11bb9f8dc2c?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae53b67a-1df9-499a-a232-cf7560a3cf02": { "id": "ae53b67a-1df9-499a-a232-cf7560a3cf02", "title": "Indexisto <= 1.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "indexisto", "slug": "indexisto", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae53b67a-1df9-499a-a232-cf7560a3cf02?source=api-scan" ], "published": "2016-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae5779cc-b55b-4b8f-ae66-8607a689ef72": { "id": "ae5779cc-b55b-4b8f-ae66-8607a689ef72", "title": "Robo Gallery <= 3.2.18 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae5779cc-b55b-4b8f-ae66-8607a689ef72?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae603d27-aea5-49d9-beab-db18746ffe87": { "id": "ae603d27-aea5-49d9-beab-db18746ffe87", "title": "EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via config_virtual_event", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae603d27-aea5-49d9-beab-db18746ffe87?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae643666-70cb-4eb4-a183-e1649264ded4": { "id": "ae643666-70cb-4eb4-a183-e1649264ded4", "title": "WP Fastest Cache <= 1.1.2 - Missing Authorization to Cache Deletion", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae643666-70cb-4eb4-a183-e1649264ded4?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae67f620-81d8-4f5f-93cb-153cd5c2bd90": { "id": "ae67f620-81d8-4f5f-93cb-153cd5c2bd90", "title": "Pretty Links \u2013 Link Management, Branding, Tracking & Sharing Plugin < 1.5.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PrettyLinks \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "pretty-link", "affected_versions": { "[*, 1.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae67f620-81d8-4f5f-93cb-153cd5c2bd90?source=api-scan" ], "published": "2011-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae68d083-b6e2-409b-8c91-d4eb7e62dba9": { "id": "ae68d083-b6e2-409b-8c91-d4eb7e62dba9", "title": "Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae6a00ef-1a3f-47cd-9e55-f28b74999198": { "id": "ae6a00ef-1a3f-47cd-9e55-f28b74999198", "title": "Estatik Real Estate Plugin <= 4.1.0 - Missing Authorization to Limited Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Estatik Real Estate Plugin", "slug": "estatik", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae6a00ef-1a3f-47cd-9e55-f28b74999198?source=api-scan" ], "published": "2023-12-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae735117-e68b-448e-ad41-258d1be3aebc": { "id": "ae735117-e68b-448e-ad41-258d1be3aebc", "title": "LearnDash LMS <= 4.10.2 - Sensitive Information Exposure via API", "software": [ { "type": "plugin", "name": "LearnDash LMS", "slug": "sfwd-lms", "affected_versions": { "* - 4.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae735117-e68b-448e-ad41-258d1be3aebc?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae74048a-ea29-46cc-913b-86094640e88d": { "id": "ae74048a-ea29-46cc-913b-86094640e88d", "title": "Axioma Premium Responsive < 1.1.2 - Information Disclosure", "software": [ { "type": "theme", "name": "Axioma Premium Responsive", "slug": "axioma", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae74048a-ea29-46cc-913b-86094640e88d?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae741363-b0aa-4263-bb49-d3baa213167a": { "id": "ae741363-b0aa-4263-bb49-d3baa213167a", "title": "Visitor Traffic Real Time Statistics <= 1.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Visitor Traffic Real Time Statistics", "slug": "visitors-traffic-real-time-statistics", "affected_versions": { "* - 1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae741363-b0aa-4263-bb49-d3baa213167a?source=api-scan" ], "published": "2019-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae7549db-9a4b-4dee-8023-d7863dc3b4c8": { "id": "ae7549db-9a4b-4dee-8023-d7863dc3b4c8", "title": "Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae7549db-9a4b-4dee-8023-d7863dc3b4c8?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae77b00e-bbcf-4fe2-ab7f-d2e21ef54d3e": { "id": "ae77b00e-bbcf-4fe2-ab7f-d2e21ef54d3e", "title": "Splashing Images < 2.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Splashing Images", "slug": "wp-splashing-images", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae77b00e-bbcf-4fe2-ab7f-d2e21ef54d3e?source=api-scan" ], "published": "2018-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae7c41fd-6ad6-49da-a213-686157e029d4": { "id": "ae7c41fd-6ad6-49da-a213-686157e029d4", "title": "CPT \u2013 Speakers <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CPT \u2013 Speakers", "slug": "cpt-speakers", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae7c41fd-6ad6-49da-a213-686157e029d4?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae7d54a5-3952-4206-a5f4-be60aac27767": { "id": "ae7d54a5-3952-4206-a5f4-be60aac27767", "title": "External Links <= 2.57 - Cross-Site Request Forgery via action_admin_action_wpel_dismiss_notice", "software": [ { "type": "plugin", "name": "External Links \u2013 nofollow, noopener & new window", "slug": "wp-external-links", "affected_versions": { "* - 2.57": { "from_version": "*", "from_inclusive": true, "to_version": "2.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.58" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae7d54a5-3952-4206-a5f4-be60aac27767?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae7fa018-c87f-463b-84a3-bbe71b73d3dd": { "id": "ae7fa018-c87f-463b-84a3-bbe71b73d3dd", "title": "VdoCipher <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VdoCipher: Secure Video Player and Hosting", "slug": "vdocipher", "affected_versions": { "* - 1.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.29", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae7fa018-c87f-463b-84a3-bbe71b73d3dd?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae81917e-0367-4c64-9254-fd74751ada48": { "id": "ae81917e-0367-4c64-9254-fd74751ada48", "title": "Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Smart Slider 3", "slug": "smart-slider-3", "affected_versions": { "* - 3.5.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae81917e-0367-4c64-9254-fd74751ada48?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae865f91-4c2a-4a6b-84a8-bd45c1febdb1": { "id": "ae865f91-4c2a-4a6b-84a8-bd45c1febdb1", "title": "ARMember <= 4.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae865f91-4c2a-4a6b-84a8-bd45c1febdb1?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae88e065-4601-4f0e-80a4-0f011bb0d347": { "id": "ae88e065-4601-4f0e-80a4-0f011bb0d347", "title": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via logo_width parameter", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae88e065-4601-4f0e-80a4-0f011bb0d347?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae8a316f-a9ad-451a-9892-cf5068072a78": { "id": "ae8a316f-a9ad-451a-9892-cf5068072a78", "title": "Master Slider <= 2.7.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "[*, 2.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae8a316f-a9ad-451a-9892-cf5068072a78?source=api-scan" ], "published": "2016-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae8c888e-46ed-468f-a5d5-74a7f9d01a36": { "id": "ae8c888e-46ed-468f-a5d5-74a7f9d01a36", "title": "PowerPress <= 11.0.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Media URL", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "[*, 11.0.12)": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae8c888e-46ed-468f-a5d5-74a7f9d01a36?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae8dbf54-ea62-4901-b34f-079b708ca0b5": { "id": "ae8dbf54-ea62-4901-b34f-079b708ca0b5", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae8dbf54-ea62-4901-b34f-079b708ca0b5?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae8e245f-2458-4ffe-8e73-bed61331f39d": { "id": "ae8e245f-2458-4ffe-8e73-bed61331f39d", "title": "Google Pagespeed Insights <= 4.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Insights from Google PageSpeed", "slug": "google-pagespeed-insights", "affected_versions": { "[*, 4.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae8e245f-2458-4ffe-8e73-bed61331f39d?source=api-scan" ], "published": "2022-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae920b3b-6c6f-46c5-b64f-c075a53b4c39": { "id": "ae920b3b-6c6f-46c5-b64f-c075a53b4c39", "title": "Image Photo Gallery Final Tiles Grid <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Photo Gallery Final Tiles Grid", "slug": "final-tiles-grid-gallery-lite", "affected_versions": { "* - 2.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae920b3b-6c6f-46c5-b64f-c075a53b4c39?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae92bd0c-936c-4fae-8c0c-c94706568527": { "id": "ae92bd0c-936c-4fae-8c0c-c94706568527", "title": "WordPress Core < 3.6.1 - .swf and .exe File Upload", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae92bd0c-936c-4fae-8c0c-c94706568527?source=api-scan" ], "published": "2013-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae98e3bd-f663-4609-92ed-ed0431047d85": { "id": "ae98e3bd-f663-4609-92ed-ed0431047d85", "title": "Data Tables Generator by Supsystic <= 1.10.25 - Missing Authorization", "software": [ { "type": "plugin", "name": "Data Tables Generator by Supsystic", "slug": "data-tables-generator-by-supsystic", "affected_versions": { "* - 1.10.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae98e3bd-f663-4609-92ed-ed0431047d85?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae9b5d77-32e8-4205-8f0a-5e53788674f0": { "id": "ae9b5d77-32e8-4205-8f0a-5e53788674f0", "title": "Social Pixel <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Pixel", "slug": "social-pixel", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae9b5d77-32e8-4205-8f0a-5e53788674f0?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae9cd51f-e6c8-4aec-a044-376075e9540a": { "id": "ae9cd51f-e6c8-4aec-a044-376075e9540a", "title": "Advanced Custom Fields: Extended <= 0.8.8.6 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Custom Fields: Extended", "slug": "acf-extended", "affected_versions": { "* - 0.8.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae9cd51f-e6c8-4aec-a044-376075e9540a?source=api-scan" ], "published": "2021-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ae9df4e5-b1d2-400b-89c7-eac5fbf2a8d5": { "id": "ae9df4e5-b1d2-400b-89c7-eac5fbf2a8d5", "title": "Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visitors", "slug": "visitors-app", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ae9df4e5-b1d2-400b-89c7-eac5fbf2a8d5?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aeac9c4a-0754-4fb1-bf11-0cd8483451b6": { "id": "aeac9c4a-0754-4fb1-bf11-0cd8483451b6", "title": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset", "software": [ { "type": "plugin", "name": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels", "slug": "print-invoices-packing-slip-labels-for-woocommerce", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aeac9c4a-0754-4fb1-bf11-0cd8483451b6?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aeacc3e5-020f-44b9-b412-c5a9114e0178": { "id": "aeacc3e5-020f-44b9-b412-c5a9114e0178", "title": "Weblizar Pin Feeds < 1.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Weblizar Pin Feeds", "slug": "weblizar-pinterest-feeds", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aeacc3e5-020f-44b9-b412-c5a9114e0178?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aec4d370-58c0-466f-b3bb-9676fc744d96": { "id": "aec4d370-58c0-466f-b3bb-9676fc744d96", "title": "Contact Form builder with drag & drop - Kali Forms <= 2.3.28 - Missing Authorization via get_log", "software": [ { "type": "plugin", "name": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms", "slug": "kali-forms", "affected_versions": { "* - 2.3.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aec4d370-58c0-466f-b3bb-9676fc744d96?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aec57fbd-83c5-4080-9372-66500c299afc": { "id": "aec57fbd-83c5-4080-9372-66500c299afc", "title": "Social Like Box and Page by WpDevArt <= 0.8.39 - Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Social Like Box and Page by WpDevArt", "slug": "like-box", "affected_versions": { "* - 0.8.39": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aec57fbd-83c5-4080-9372-66500c299afc?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aec7b59f-1c8a-4403-b33b-c119bd96ad9d": { "id": "aec7b59f-1c8a-4403-b33b-c119bd96ad9d", "title": "Limit Login Attempts Plus <= 1.1.0 - IP Address Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Limit Login Attempts Plus \u2013 WordPress Limit Login Attempts By Felix", "slug": "limit-login-attempts-plus", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aec7b59f-1c8a-4403-b33b-c119bd96ad9d?source=api-scan" ], "published": "2024-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aecf61bc-4d89-41ba-b99f-669193be64d1": { "id": "aecf61bc-4d89-41ba-b99f-669193be64d1", "title": "Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Auto Featured Image (Auto Post Thumbnail)", "slug": "auto-post-thumbnail", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aecf61bc-4d89-41ba-b99f-669193be64d1?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aed2ec57-2475-4e77-8219-399cf769ba5a": { "id": "aed2ec57-2475-4e77-8219-399cf769ba5a", "title": "Watu Quiz 3.1.2.1 - 3.1.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "3.1.2.1 - 3.1.2.5": { "from_version": "3.1.2.1", "from_inclusive": true, "to_version": "3.1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aed2ec57-2475-4e77-8219-399cf769ba5a?source=api-scan" ], "published": "2019-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aed90a59-9b66-4332-bb71-d738b1469156": { "id": "aed90a59-9b66-4332-bb71-d738b1469156", "title": "Post Grid, Post Carousel, & List Category Posts <= 2.4.27 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Post Show \u2013 Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More", "slug": "post-carousel", "affected_versions": { "* - 2.4.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aed90a59-9b66-4332-bb71-d738b1469156?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aee4fb6f-8ee6-4d6e-8167-876c9453f78f": { "id": "aee4fb6f-8ee6-4d6e-8167-876c9453f78f", "title": "WP Editor < 1.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Editor", "slug": "wp-editor", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aee4fb6f-8ee6-4d6e-8167-876c9453f78f?source=api-scan" ], "published": "2016-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aee59a8f-7f21-4572-b146-ab1b6350ddb1": { "id": "aee59a8f-7f21-4572-b146-ab1b6350ddb1", "title": "WP Hide & Security Enhancer <= 1.3.9.2 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "WP Hide & Security Enhancer", "slug": "wp-hide-security-enhancer", "affected_versions": { "* - 1.3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aee59a8f-7f21-4572-b146-ab1b6350ddb1?source=api-scan" ], "published": "2017-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aee6fea2-dbf6-4155-ba3f-f85ea3520504": { "id": "aee6fea2-dbf6-4155-ba3f-f85ea3520504", "title": "Beautiful Cookie Consent Banner <= 2.10.0 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Beautiful Cookie Consent Banner", "slug": "beautiful-and-responsive-cookie-consent", "affected_versions": { "* - 2.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aee6fea2-dbf6-4155-ba3f-f85ea3520504?source=api-scan" ], "published": "2023-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aef312be-85d6-45e7-a34f-7f7cc415df3b": { "id": "aef312be-85d6-45e7-a34f-7f7cc415df3b", "title": "WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP User Merger", "slug": "wp-user-merger", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aef312be-85d6-45e7-a34f-7f7cc415df3b?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aef584bd-60a5-4bf2-b8d3-58e3b45e785e": { "id": "aef584bd-60a5-4bf2-b8d3-58e3b45e785e", "title": "File Manager Pro \u2013 Filester <= 1.8.2 - Authenticated Plugin Settings Update", "software": [ { "type": "plugin", "name": "File Manager Pro \u2013 Filester", "slug": "filester", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aef584bd-60a5-4bf2-b8d3-58e3b45e785e?source=api-scan" ], "published": "2024-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aefb7e34-ec48-4e29-b3aa-85901e12d21c": { "id": "aefb7e34-ec48-4e29-b3aa-85901e12d21c", "title": "Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mantenimiento web", "slug": "mantenimiento-web", "affected_versions": { "* - 0.13": { "from_version": "*", "from_inclusive": true, "to_version": "0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aefb7e34-ec48-4e29-b3aa-85901e12d21c?source=api-scan" ], "published": "2022-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aefbebce-9433-455d-b27c-93088b0c8494": { "id": "aefbebce-9433-455d-b27c-93088b0c8494", "title": "LeadSnap <= 1.23 - Unauthenticated PHP Object Injection via AJAX", "software": [ { "type": "plugin", "name": "LeadSnap", "slug": "leadsnap", "affected_versions": { "* - 1.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aefbebce-9433-455d-b27c-93088b0c8494?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af053fdc-e40c-4dfa-8d16-09c72d839031": { "id": "af053fdc-e40c-4dfa-8d16-09c72d839031", "title": "WP User Profile Avatar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP User Profile Avatar", "slug": "wp-user-profile-avatar", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af053fdc-e40c-4dfa-8d16-09c72d839031?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af0579f3-09f8-46cc-9ba8-647a8ec83076": { "id": "af0579f3-09f8-46cc-9ba8-647a8ec83076", "title": "Stripe Payments For WooCommerce by Checkout Plugins <= 1.4.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Stripe Payments For WooCommerce by Checkout Plugins", "slug": "checkout-plugins-stripe-woo", "affected_versions": { "* - 1.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af0579f3-09f8-46cc-9ba8-647a8ec83076?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af075ffe-553a-4351-a696-5c678788f3b9": { "id": "af075ffe-553a-4351-a696-5c678788f3b9", "title": "Slimstat Analytics <= 4.9.3.3 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 4.9.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af075ffe-553a-4351-a696-5c678788f3b9?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af0eae51-fb94-4e2e-a9a6-8ba323bb3314": { "id": "af0eae51-fb94-4e2e-a9a6-8ba323bb3314", "title": "Travel Management <= 1.6.1 - Open Redirect", "software": [ { "type": "plugin", "name": "Travel Management", "slug": "nd-travel", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af0eae51-fb94-4e2e-a9a6-8ba323bb3314?source=api-scan" ], "published": "2019-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af1075a5-9efa-4b86-9798-6dbafcba4db5": { "id": "af1075a5-9efa-4b86-9798-6dbafcba4db5", "title": "Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af1075a5-9efa-4b86-9798-6dbafcba4db5?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af1796b7-64b4-4198-9ba4-8a77a0f1cf02": { "id": "af1796b7-64b4-4198-9ba4-8a77a0f1cf02", "title": "Oleggo LiveStream <= 0.2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Oleggo LiveStream", "slug": "oleggo-livestream", "affected_versions": { "* - 0.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af1796b7-64b4-4198-9ba4-8a77a0f1cf02?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af22365c-7d4b-48f3-b33d-d627169fda6f": { "id": "af22365c-7d4b-48f3-b33d-d627169fda6f", "title": "GetYourGuide Ticketing <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GetYourGuide Ticketing", "slug": "getyourguide-ticketing", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af22365c-7d4b-48f3-b33d-d627169fda6f?source=api-scan" ], "published": "2022-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af2b7eac-a3f5-408f-b139-643e70b3f27a": { "id": "af2b7eac-a3f5-408f-b139-643e70b3f27a", "title": "Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Piotnet Forms", "slug": "piotnetforms", "affected_versions": { "* - 1.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af2b7eac-a3f5-408f-b139-643e70b3f27a?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af2d004f-fa9e-4e26-a1e3-03fb31cb95c4": { "id": "af2d004f-fa9e-4e26-a1e3-03fb31cb95c4", "title": "Ultimate Membership Pro <= 8.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "[*, 8.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "8.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af2d004f-fa9e-4e26-a1e3-03fb31cb95c4?source=api-scan" ], "published": "2020-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af3105ed-d383-4ce6-9317-5762f97b14e3": { "id": "af3105ed-d383-4ce6-9317-5762f97b14e3", "title": "Client Dash <= 2.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Client Dash", "slug": "client-dash", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af3105ed-d383-4ce6-9317-5762f97b14e3?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af37b5ab-e7ff-4a2a-98c3-decdf238a13f": { "id": "af37b5ab-e7ff-4a2a-98c3-decdf238a13f", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Information Exposure", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.109": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.109", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.110" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af37b5ab-e7ff-4a2a-98c3-decdf238a13f?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af37f301-d97f-47d3-b6a8-88cb41344541": { "id": "af37f301-d97f-47d3-b6a8-88cb41344541", "title": "Booster for WooCommerce <= 5.4.3 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af37f301-d97f-47d3-b6a8-88cb41344541?source=api-scan" ], "published": "2021-08-24 15:09:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af39e563-5d88-460d-b02d-1aaa111c89dd": { "id": "af39e563-5d88-460d-b02d-1aaa111c89dd", "title": "GamiPress \u2013 Button <= 1.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GamiPress \u2013 Button", "slug": "gamipress-button", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af39e563-5d88-460d-b02d-1aaa111c89dd?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af3c8ea5-0af8-492b-920d-858bf23ca6f0": { "id": "af3c8ea5-0af8-492b-920d-858bf23ca6f0", "title": "Community by PeepSo <= 6.2.7.0 - Unauthenticated Sensitive Information Disclosure via Log file", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af3c8ea5-0af8-492b-920d-858bf23ca6f0?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af4058cd-79bc-433c-96e1-fb0aad12969c": { "id": "af4058cd-79bc-433c-96e1-fb0aad12969c", "title": "WP OER <= 0.9.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP OER", "slug": "wp-oer", "affected_versions": { "* - 0.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af4058cd-79bc-433c-96e1-fb0aad12969c?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af420213-039b-41a4-b177-4035fc727867": { "id": "af420213-039b-41a4-b177-4035fc727867", "title": "WordPress Core < 3.6.1 - Spoof Post Authorship", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af420213-039b-41a4-b177-4035fc727867?source=api-scan" ], "published": "2013-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af455697-59da-488e-82fe-bb0fad65a810": { "id": "af455697-59da-488e-82fe-bb0fad65a810", "title": "WPGraphQL <= 0.3.4 - Information Exposure", "software": [ { "type": "plugin", "name": "WPGraphQL", "slug": "wp-graphql", "affected_versions": { "* - 0.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af455697-59da-488e-82fe-bb0fad65a810?source=api-scan" ], "published": "2019-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af468f83-d6ad-474c-bf7f-c4eeb6df1b54": { "id": "af468f83-d6ad-474c-bf7f-c4eeb6df1b54", "title": "Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries", "software": [ { "type": "plugin", "name": "Essential Blocks Pro", "slug": "essential-blocks-pro", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af478e73-a2b8-468a-9075-9c1db1a97d7c": { "id": "af478e73-a2b8-468a-9075-9c1db1a97d7c", "title": "MaxButtons <= 9.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 9.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af478e73-a2b8-468a-9075-9c1db1a97d7c?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af48906b-f7b2-45ec-b0c1-1ac521106759": { "id": "af48906b-f7b2-45ec-b0c1-1ac521106759", "title": "WP Matterport Shortcode <= 2.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Matterport Shortcode", "slug": "shortcode-gallery-for-matterport-showcase", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af48906b-f7b2-45ec-b0c1-1ac521106759?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af4b659b-6a14-46bc-9ffe-6f118c6b1e8d": { "id": "af4b659b-6a14-46bc-9ffe-6f118c6b1e8d", "title": "Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Insert or Embed Articulate Content into WordPress", "slug": "insert-or-embed-articulate-content-into-wordpress", "affected_versions": { "* - 4.3000000023": { "from_version": "*", "from_inclusive": true, "to_version": "4.3000000023", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3000000024" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af4b659b-6a14-46bc-9ffe-6f118c6b1e8d?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af55c470-b94d-49ee-8b72-44652dcccd73": { "id": "af55c470-b94d-49ee-8b72-44652dcccd73", "title": "Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles'", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af55c470-b94d-49ee-8b72-44652dcccd73?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af59102e-f029-4c7d-95ee-16b9dcef4827": { "id": "af59102e-f029-4c7d-95ee-16b9dcef4827", "title": "Broadscope (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Broadscope", "slug": "broadscope", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af59102e-f029-4c7d-95ee-16b9dcef4827?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af59eb6d-1ffa-4593-9bfc-f910d907f6e0": { "id": "af59eb6d-1ffa-4593-9bfc-f910d907f6e0", "title": "Event Manager for WooCommerce <= 3.7.7 - Cross-Site Request Forgery leading to Uninstall Form Submission", "software": [ { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "* - 3.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af59eb6d-1ffa-4593-9bfc-f910d907f6e0?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af59fcf6-4435-45f0-8904-ff520ea86157": { "id": "af59fcf6-4435-45f0-8904-ff520ea86157", "title": "WP Super Minify <= 1.5.1 - Cross-Site Request Forgery via 'wpsmy_admin_options'", "software": [ { "type": "plugin", "name": "WP Super Minify", "slug": "wp-super-minify", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af59fcf6-4435-45f0-8904-ff520ea86157?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af5a58d1-946a-451b-bc8b-a397345ae89a": { "id": "af5a58d1-946a-451b-bc8b-a397345ae89a", "title": "Ecwid Ecommerce Shopping Cart <= 4.4.3 - Unauthenticated PHP Object injection", "software": [ { "type": "plugin", "name": "Ecwid by Lightspeed Ecommerce Shopping Cart", "slug": "ecwid-shopping-cart", "affected_versions": { "* - 4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af5a58d1-946a-451b-bc8b-a397345ae89a?source=api-scan" ], "published": "2016-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af5ed47e-f183-4e72-a916-15020e2bc91e": { "id": "af5ed47e-f183-4e72-a916-15020e2bc91e", "title": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.228": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.228", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.229" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af5ed47e-f183-4e72-a916-15020e2bc91e?source=api-scan" ], "published": "2024-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af650c7a-c413-4f4a-9e4b-8ddcd8da5397": { "id": "af650c7a-c413-4f4a-9e4b-8ddcd8da5397", "title": "The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af650c7a-c413-4f4a-9e4b-8ddcd8da5397?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af695224-24e7-4d5b-b472-dee53eb6073f": { "id": "af695224-24e7-4d5b-b472-dee53eb6073f", "title": "Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function", "software": [ { "type": "plugin", "name": "Podlove Subscribe button", "slug": "podlove-subscribe-button", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af695224-24e7-4d5b-b472-dee53eb6073f?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af6b7cba-56cc-4e78-a3c1-228eecb98120": { "id": "af6b7cba-56cc-4e78-a3c1-228eecb98120", "title": "Custom Thank You Page Customize For WooCommerce by Binary Carpenter <= 1.4.13 - Missing Authorization", "software": [ { "type": "plugin", "name": "Custom Thank You Page Customize For WooCommerce by Binary Carpenter", "slug": "bc-woo-custom-thank-you-pages", "affected_versions": { "* - 1.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af6b7cba-56cc-4e78-a3c1-228eecb98120?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af6bd2db-47a4-4381-a881-d5f97a159f8d": { "id": "af6bd2db-47a4-4381-a881-d5f97a159f8d", "title": "BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation", "software": [ { "type": "plugin", "name": "BAN Users", "slug": "ban-users", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af6bd2db-47a4-4381-a881-d5f97a159f8d?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af7163da-79b3-45df-a33c-01367205bb6f": { "id": "af7163da-79b3-45df-a33c-01367205bb6f", "title": "Easy2Map Photos <= 1.0.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Easy2Map Photos", "slug": "easy2map-photos", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af7163da-79b3-45df-a33c-01367205bb6f?source=api-scan" ], "published": "2015-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af718d65-9f8f-4ed8-80ed-e7ed34169016": { "id": "af718d65-9f8f-4ed8-80ed-e7ed34169016", "title": "Easy Sign Up <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Sign Up", "slug": "easy-sign-up", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af718d65-9f8f-4ed8-80ed-e7ed34169016?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af71ca13-781d-49ca-948c-03d52d91d11b": { "id": "af71ca13-781d-49ca-948c-03d52d91d11b", "title": "Debug Bar <= 0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Debug Bar", "slug": "debug-bar", "affected_versions": { "* - 0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af71ca13-781d-49ca-948c-03d52d91d11b?source=api-scan" ], "published": "2013-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af73240c-b711-4e91-9998-5f7e6a9a4fb9": { "id": "af73240c-b711-4e91-9998-5f7e6a9a4fb9", "title": "Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=api-scan" ], "published": "2023-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af7345f9-6f62-424b-b02d-c145a90508ae": { "id": "af7345f9-6f62-424b-b02d-c145a90508ae", "title": "WordPress Zero Spam <= 2.1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Zero Spam for WordPress", "slug": "zero-spam", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af7345f9-6f62-424b-b02d-c145a90508ae?source=api-scan" ], "published": "2016-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af742451-b2d6-445a-9a10-e950490f6c7c": { "id": "af742451-b2d6-445a-9a10-e950490f6c7c", "title": "Import and export users and customers <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.26.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af742451-b2d6-445a-9a10-e950490f6c7c?source=api-scan" ], "published": "2024-05-14 12:07:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af76e32b-ba7d-4eaa-97c8-ed6a25e8f387": { "id": "af76e32b-ba7d-4eaa-97c8-ed6a25e8f387", "title": "Before After Image Slider WP <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Before After Image Slider WP", "slug": "before-after-image-slider", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af76e32b-ba7d-4eaa-97c8-ed6a25e8f387?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af77d642-d383-48f2-a59a-3a9c738cd47f": { "id": "af77d642-d383-48f2-a59a-3a9c738cd47f", "title": "WordPress Core 6.3 - 6.3.1 - Authenticated(Contributor+) Cross-Site Scripting via Footnotes Block", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "6.3 - 6.3.1": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af77d642-d383-48f2-a59a-3a9c738cd47f?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af7adacf-7189-401f-b7c9-845eb328ca76": { "id": "af7adacf-7189-401f-b7c9-845eb328ca76", "title": "WPvivid Backup 0.9.76 - Authenticated (Administrator+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "0.9.76": { "from_version": "0.9.76", "from_inclusive": true, "to_version": "0.9.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af7adacf-7189-401f-b7c9-845eb328ca76?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af7d935b-05a2-4eaa-af98-4e6a88abab46": { "id": "af7d935b-05a2-4eaa-af98-4e6a88abab46", "title": "Social Media Widget by Acurax <= 3.2.5 - Cross-Site Request Forgery leading to Cross-Site Scripting via the recordsArray Parameter", "software": [ { "type": "plugin", "name": "Social Media Widget by Acurax", "slug": "acurax-social-media-widget", "affected_versions": { "[*, 3.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af7d935b-05a2-4eaa-af98-4e6a88abab46?source=api-scan" ], "published": "2018-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af803612-96ae-41ee-8ad3-8f9319b147e8": { "id": "af803612-96ae-41ee-8ad3-8f9319b147e8", "title": "Button Generator \u2013 easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php", "software": [ { "type": "plugin", "name": "Button Generator \u2013 easily Button Builder", "slug": "button-generation", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af803612-96ae-41ee-8ad3-8f9319b147e8?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af838653-d575-48fc-bded-f0068a6c6ebf": { "id": "af838653-d575-48fc-bded-f0068a6c6ebf", "title": "Tweet Blender <= 4.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tweet Blender", "slug": "tweet-blender", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af838653-d575-48fc-bded-f0068a6c6ebf?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af870e80-ad9e-4f45-952f-9ffb07ceca9c": { "id": "af870e80-ad9e-4f45-952f-9ffb07ceca9c", "title": "Backup Migration <= 1.4.3 - Information Exposure via Log Files", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af870e80-ad9e-4f45-952f-9ffb07ceca9c?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af8bee01-15bc-485e-8b01-8b68b199b34d": { "id": "af8bee01-15bc-485e-8b01-8b68b199b34d", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af8bee01-15bc-485e-8b01-8b68b199b34d?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af90aef0-fd96-43ff-8400-09bd5cebed28": { "id": "af90aef0-fd96-43ff-8400-09bd5cebed28", "title": "WP-EMail < 2.67.2 - SQL Injection", "software": [ { "type": "plugin", "name": "WP-EMail", "slug": "wp-email", "affected_versions": { "[*, 2.67.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.67.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.67.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af90aef0-fd96-43ff-8400-09bd5cebed28?source=api-scan" ], "published": "2016-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af93f4f5-4c6d-4178-b7f7-c66c341bde87": { "id": "af93f4f5-4c6d-4178-b7f7-c66c341bde87", "title": "DoLogin Security <= 3.7.1 - Missing Authorization via REST Endpoints", "software": [ { "type": "plugin", "name": "DoLogin Security", "slug": "dologin", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af93f4f5-4c6d-4178-b7f7-c66c341bde87?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af955f69-b18c-446e-b05e-6a57a5f16dfa": { "id": "af955f69-b18c-446e-b05e-6a57a5f16dfa", "title": "CMP \u2013 Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass", "software": [ { "type": "plugin", "name": "CMP \u2013 Coming Soon & Maintenance Plugin by NiteoThemes", "slug": "cmp-coming-soon-maintenance", "affected_versions": { "* - 4.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af955f69-b18c-446e-b05e-6a57a5f16dfa?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af9adb6b-f726-4b74-be5c-82fdab0ae1f2": { "id": "af9adb6b-f726-4b74-be5c-82fdab0ae1f2", "title": "Master Slider \u2013 Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "af9e9e8e-2a07-477e-b840-8f7dd8883caa": { "id": "af9e9e8e-2a07-477e-b840-8f7dd8883caa", "title": "WP Travel <= 9.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Travel \u2013 Ultimate Travel Booking System, Tour Management Engine", "slug": "wp-travel", "affected_versions": { "* - 9.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/af9e9e8e-2a07-477e-b840-8f7dd8883caa?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afb032da-11cc-4272-be68-60b6ca6e6ca3": { "id": "afb032da-11cc-4272-be68-60b6ca6e6ca3", "title": "Image Slider by Ays- Responsive Slider and Carousel <= 2.4.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Slider by Ays- Responsive Slider and Carousel", "slug": "ays-slider", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afb032da-11cc-4272-be68-60b6ca6e6ca3?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afb3e2f8-ba44-48fc-9882-d9bcd39676ee": { "id": "afb3e2f8-ba44-48fc-9882-d9bcd39676ee", "title": "Upscale (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Upscale", "slug": "upscale", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afb3e2f8-ba44-48fc-9882-d9bcd39676ee?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afb3e68e-6f79-4c46-b41e-8fd6eb43c755": { "id": "afb3e68e-6f79-4c46-b41e-8fd6eb43c755", "title": "Knight Lab Timeline <= 3.9.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Knight Lab Timeline", "slug": "knight-lab-timelinejs", "affected_versions": { "* - 3.9.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afb3e68e-6f79-4c46-b41e-8fd6eb43c755?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afb53b31-c179-4d11-845f-8acd18638038": { "id": "afb53b31-c179-4d11-845f-8acd18638038", "title": "Random Banner <= 4.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Random Banner", "slug": "random-banner", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afb53b31-c179-4d11-845f-8acd18638038?source=api-scan" ], "published": "2022-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afbf1813-9023-4e3d-989a-19ddd6f6d358": { "id": "afbf1813-9023-4e3d-989a-19ddd6f6d358", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption'", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.5.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afbf1813-9023-4e3d-989a-19ddd6f6d358?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afbf555a-1b70-4966-9b05-46e9de04e660": { "id": "afbf555a-1b70-4966-9b05-46e9de04e660", "title": "Comments - wpDiscuz <= 7.3.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afbf555a-1b70-4966-9b05-46e9de04e660?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afc00118-e87e-475a-8ad6-b68d09ee2e44": { "id": "afc00118-e87e-475a-8ad6-b68d09ee2e44", "title": "Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) SQL Injection via Term Custom Field", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afc00118-e87e-475a-8ad6-b68d09ee2e44?source=api-scan" ], "published": "2024-06-19 13:02:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afc6aec8-e486-4c35-9e58-da6e04d88c25": { "id": "afc6aec8-e486-4c35-9e58-da6e04d88c25", "title": "Login by Auth0 <= 3.11.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login by Auth0", "slug": "auth0", "affected_versions": { "* - 3.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afc6aec8-e486-4c35-9e58-da6e04d88c25?source=api-scan" ], "published": "2020-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afc9114b-80b7-4caf-ab6b-35747ff5057b": { "id": "afc9114b-80b7-4caf-ab6b-35747ff5057b", "title": "Frontend File Manager & Sharing \u2013 User Private Files <= 1.1.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "User Private Files \u2013 File Upload & Download Manager with Secure File Sharing", "slug": "user-private-files", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afc9114b-80b7-4caf-ab6b-35747ff5057b?source=api-scan" ], "published": "2022-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afcbad6d-90ca-42cb-a69c-4e0bcc4606e0": { "id": "afcbad6d-90ca-42cb-a69c-4e0bcc4606e0", "title": "Advanced Custom Fields <= 6.3.8 - Authenticated (Admin+) Limited Arbitrary Function Call", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 6.3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.6.3" ] }, { "type": "plugin", "name": "Advanced Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 6.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.6", "to_inclusive": true }, "6.3.7": { "from_version": "6.3.7", "from_inclusive": true, "to_version": "6.3.7", "to_inclusive": true }, "6.3.8": { "from_version": "6.3.8", "from_inclusive": true, "to_version": "6.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.9" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "* - 6.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afcbad6d-90ca-42cb-a69c-4e0bcc4606e0?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afd05b33-a347-49f6-81f0-879606819ca6": { "id": "afd05b33-a347-49f6-81f0-879606819ca6", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "[*, 3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afd05b33-a347-49f6-81f0-879606819ca6?source=api-scan" ], "published": "2014-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afd58164-8d33-4f93-a904-443b1df8b66b": { "id": "afd58164-8d33-4f93-a904-443b1df8b66b", "title": "Rimons Twitter Widget <= 1.2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rimons Twitter Widget", "slug": "rimons-twitter-widget", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afd58164-8d33-4f93-a904-443b1df8b66b?source=api-scan" ], "published": "2017-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afd67c36-31ec-4e44-bad5-a018834ccfbc": { "id": "afd67c36-31ec-4e44-bad5-a018834ccfbc", "title": "qTranslate X <= 3.4.6.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "qTranslate X", "slug": "qtranslate-x", "affected_versions": { "* - 3.4.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afd67c36-31ec-4e44-bad5-a018834ccfbc?source=api-scan" ], "published": "2021-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afd9046c-5b6a-411e-8e66-ff1ba60d7f9d": { "id": "afd9046c-5b6a-411e-8e66-ff1ba60d7f9d", "title": "MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission'", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "[*, 4.0.26)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afd9046c-5b6a-411e-8e66-ff1ba60d7f9d?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afe2b2e5-601f-4b6b-940a-b82f723b8776": { "id": "afe2b2e5-601f-4b6b-940a-b82f723b8776", "title": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) <= 2.9.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afe2b2e5-601f-4b6b-940a-b82f723b8776?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aff013d9-9e0d-42e8-a351-f1278060e649": { "id": "aff013d9-9e0d-42e8-a351-f1278060e649", "title": "Sarada Lite <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Sarada Lite", "slug": "sarada-lite", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aff013d9-9e0d-42e8-a351-f1278060e649?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aff10d5a-a2d0-461a-b52b-a25b647eaab4": { "id": "aff10d5a-a2d0-461a-b52b-a25b647eaab4", "title": "Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aff10d5a-a2d0-461a-b52b-a25b647eaab4?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aff4d42c-133e-4ca8-9664-6878a22f7058": { "id": "aff4d42c-133e-4ca8-9664-6878a22f7058", "title": "Custom Sidebars <= 3.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Sidebars \u2013 Dynamic Sidebar Widget Area Manager", "slug": "custom-sidebars", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aff4d42c-133e-4ca8-9664-6878a22f7058?source=api-scan" ], "published": "2017-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aff4f695-3c3b-48ee-8de1-674b588f332f": { "id": "aff4f695-3c3b-48ee-8de1-674b588f332f", "title": "Evarisk <= 5.1.5.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Evarisk", "slug": "evarisk", "affected_versions": { "* - 5.1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aff4f695-3c3b-48ee-8de1-674b588f332f?source=api-scan" ], "published": "2012-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aff636ac-5bb5-4804-adf4-358ef3158d2d": { "id": "aff636ac-5bb5-4804-adf4-358ef3158d2d", "title": "MailPoet Newsletters <= 2.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aff636ac-5bb5-4804-adf4-358ef3158d2d?source=api-scan" ], "published": "2016-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "aff754d6-8624-4068-8e31-738f6041d3a6": { "id": "aff754d6-8624-4068-8e31-738f6041d3a6", "title": "Duplicator <= 1.2.41 - Sensitive Information Disclosure leading to Remote Code Execution", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 1.2.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/aff754d6-8624-4068-8e31-738f6041d3a6?source=api-scan" ], "published": "2018-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "affa8b39-94b8-474d-9310-a93ebdb7c1b8": { "id": "affa8b39-94b8-474d-9310-a93ebdb7c1b8", "title": "Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML tags", "software": [ { "type": "plugin", "name": "Elegant Addons for elementor", "slug": "elegant-addons-for-elementor", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/affa8b39-94b8-474d-9310-a93ebdb7c1b8?source=api-scan" ], "published": "2024-05-21 16:54:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "affc9dff-75a1-4cb3-8465-55254db6441b": { "id": "affc9dff-75a1-4cb3-8465-55254db6441b", "title": "Q2W3 Post Order <= 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Q2W3 Post Order", "slug": "q2w3-post-order", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/affc9dff-75a1-4cb3-8465-55254db6441b?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "affdaf63-2098-4ad6-b15b-990d1941fecb": { "id": "affdaf63-2098-4ad6-b15b-990d1941fecb", "title": "Minimal Coming Soon \u2013 Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change", "software": [ { "type": "plugin", "name": "Minimal Coming Soon \u2013 Coming Soon Page", "slug": "minimal-coming-soon-maintenance-mode", "affected_versions": { "* - 2.38": { "from_version": "*", "from_inclusive": true, "to_version": "2.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/affdaf63-2098-4ad6-b15b-990d1941fecb?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afff64c5-ed38-4aef-9ed6-4a44589b025c": { "id": "afff64c5-ed38-4aef-9ed6-4a44589b025c", "title": "PressForward <= 5.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PressForward", "slug": "pressforward", "affected_versions": { "[*, 5.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afff64c5-ed38-4aef-9ed6-4a44589b025c?source=api-scan" ], "published": "2017-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "afff886c-92e6-41fc-9a88-befc158ad403": { "id": "afff886c-92e6-41fc-9a88-befc158ad403", "title": "CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CodeBard's Patron Button and Widgets for Patreon", "slug": "patron-button-and-widgets-by-codebard", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/afff886c-92e6-41fc-9a88-befc158ad403?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b00290ee-ad63-4544-818a-c0d7471e60fa": { "id": "b00290ee-ad63-4544-818a-c0d7471e60fa", "title": "Elementor <= 3.5.4 - DOM-Based iFrame Injection", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b00290ee-ad63-4544-818a-c0d7471e60fa?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b002d1a1-a536-4865-b263-594390941ed4": { "id": "b002d1a1-a536-4865-b263-594390941ed4", "title": "W3 Total Cache <= 0.9.7.3 - Improper Input Validation via openssl_verify", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b002d1a1-a536-4865-b263-594390941ed4?source=api-scan" ], "published": "2019-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b004955a-7580-4dc8-beee-e55785026fed": { "id": "b004955a-7580-4dc8-beee-e55785026fed", "title": "Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.35)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b004955a-7580-4dc8-beee-e55785026fed?source=api-scan" ], "published": "2019-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0086de8-448f-452f-89d1-84b77b2e25a8": { "id": "b0086de8-448f-452f-89d1-84b77b2e25a8", "title": "Simple Membership <= 4.4.1 - Open Redirect", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0086de8-448f-452f-89d1-84b77b2e25a8?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0121ef5-4b0b-47c5-8d3d-7d32c8e67c27": { "id": "b0121ef5-4b0b-47c5-8d3d-7d32c8e67c27", "title": "Logo Showcase with Slick Slider <= 2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Logo Showcase \u2013 Responsive Logo Carousel, Logo Slider & Logo Grid", "slug": "logo-showcase-with-slick-slider", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0121ef5-4b0b-47c5-8d3d-7d32c8e67c27?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b01ad77f-2349-48bb-b4e9-f7cbce435de9": { "id": "b01ad77f-2349-48bb-b4e9-f7cbce435de9", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF)", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.1.26": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b01ce539-08f4-48f7-9ddc-56e87a2c91cc": { "id": "b01ce539-08f4-48f7-9ddc-56e87a2c91cc", "title": "WordPress iQ Block Country <= 1.2.11 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iQ Block Country", "slug": "iq-block-country", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b01ce539-08f4-48f7-9ddc-56e87a2c91cc?source=api-scan" ], "published": "2021-09-22 23:26:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b01ee276-baed-4678-894d-1407e538a0a3": { "id": "b01ee276-baed-4678-894d-1407e538a0a3", "title": "Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Zoho SalesIQ \u2013 Live chat, chatbots, and visitor tracking", "slug": "zoho-salesiq", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b01ee276-baed-4678-894d-1407e538a0a3?source=api-scan" ], "published": "2019-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b024f6ce-c3ec-4ed9-a8ea-54f926e38443": { "id": "b024f6ce-c3ec-4ed9-a8ea-54f926e38443", "title": "WooCommerce Email Test <= 1.5 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "WooCommerce Email Test", "slug": "woocommerce-email-test", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b024f6ce-c3ec-4ed9-a8ea-54f926e38443?source=api-scan" ], "published": "2016-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b02613dc-8c31-4c86-b800-eb1039381e1f": { "id": "b02613dc-8c31-4c86-b800-eb1039381e1f", "title": "Invite Anyone <= 1.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Invite Anyone", "slug": "invite-anyone", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b02613dc-8c31-4c86-b800-eb1039381e1f?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b028a70d-f103-4232-b854-17b88d4dc7d9": { "id": "b028a70d-f103-4232-b854-17b88d4dc7d9", "title": "OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )", "slug": "oauth-client-for-user-authentication", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b028a70d-f103-4232-b854-17b88d4dc7d9?source=api-scan" ], "published": "2022-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0297b3a-a180-428a-9716-6ecfa5a4de94": { "id": "b0297b3a-a180-428a-9716-6ecfa5a4de94", "title": "Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via custom-write-panel-id Parameter", "software": [ { "type": "plugin", "name": "Magic Fields", "slug": "magic-fields", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0297b3a-a180-428a-9716-6ecfa5a4de94?source=api-scan" ], "published": "2019-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b02ab0cf-8bdf-4415-bae3-2193c3d75741": { "id": "b02ab0cf-8bdf-4415-bae3-2193c3d75741", "title": "Giveaway <= 1.2.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Giveaway", "slug": "giveaway", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b02ab0cf-8bdf-4415-bae3-2193c3d75741?source=api-scan" ], "published": "2021-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b02ca3a1-4e85-4bc3-a5f6-a02bec6bddef": { "id": "b02ca3a1-4e85-4bc3-a5f6-a02bec6bddef", "title": "Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "Simple 301 Redirects By BetterLinks \u2013 Easy WordPress Redirect Manager for Redirects, 404 Error Log & More", "slug": "simple-301-redirects", "affected_versions": { "2.0.0 - 2.0.3": { "from_version": "2.0.0", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b02ca3a1-4e85-4bc3-a5f6-a02bec6bddef?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0302a75-217f-4be9-876e-10ede3e3c20d": { "id": "b0302a75-217f-4be9-876e-10ede3e3c20d", "title": "Adblocker Blocker <= 0.0.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Adblock Blocker", "slug": "addblockblocker", "affected_versions": { "0.0.1": { "from_version": "0.0.1", "from_inclusive": true, "to_version": "0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0302a75-217f-4be9-876e-10ede3e3c20d?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0315b53-46a1-46b4-a53e-0d914866ca50": { "id": "b0315b53-46a1-46b4-a53e-0d914866ca50", "title": "Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Gutenberg Forms \u2013 WordPress Form Builder Plugin", "slug": "forms-gutenberg", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0315b53-46a1-46b4-a53e-0d914866ca50?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0382227-48eb-4a97-8f3c-5c8fc4bcc0b6": { "id": "b0382227-48eb-4a97-8f3c-5c8fc4bcc0b6", "title": "WordPress Core < 3.9.2 - Denial of Service via XML #2", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.3": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true }, "3.8 - 3.8.3": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true }, "3.9 - 3.9.1": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4", "3.8.4", "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0382227-48eb-4a97-8f3c-5c8fc4bcc0b6?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0399b60-6e40-4f35-985f-845a32f69d64": { "id": "b0399b60-6e40-4f35-985f-845a32f69d64", "title": "TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "TerraClassifieds \u2013 Simple Classifieds Plugin", "slug": "terraclassifieds", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0399b60-6e40-4f35-985f-845a32f69d64?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b03a9aaa-ce9a-47bf-8574-0eba92fcf0c5": { "id": "b03a9aaa-ce9a-47bf-8574-0eba92fcf0c5", "title": "XML Sitemap Generator for Google <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Changes", "software": [ { "type": "plugin", "name": "Dynamic XML Sitemaps Generator for Google", "slug": "xml-sitemap-generator-for-google", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b03a9aaa-ce9a-47bf-8574-0eba92fcf0c5?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0403adb-08c4-4697-a7d9-50e39d46cd43": { "id": "b0403adb-08c4-4697-a7d9-50e39d46cd43", "title": "BigContact <= 1.5.8 - Cross-Site Request Forgery leading to Plugin Settings Updates", "software": [ { "type": "plugin", "name": "BigContact Contact Page", "slug": "bigcontact", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0403adb-08c4-4697-a7d9-50e39d46cd43?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b043197c-4477-4663-abb8-5840173c574d": { "id": "b043197c-4477-4663-abb8-5840173c574d", "title": "Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI", "software": [ { "type": "plugin", "name": "Easy WP SMTP \u2013 WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more", "slug": "easy-wp-smtp", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b043197c-4477-4663-abb8-5840173c574d?source=api-scan" ], "published": "2024-06-12 20:02:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0485897-4d1d-442d-9c81-4b4bb40e3983": { "id": "b0485897-4d1d-442d-9c81-4b4bb40e3983", "title": "Easy Digital Downloads \u2013 Content Restriction <= 2.0.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Content Restriction", "slug": "edd-content-restriction", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0485897-4d1d-442d-9c81-4b4bb40e3983?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b050fa45-05b7-49ff-bb24-179150f3f959": { "id": "b050fa45-05b7-49ff-bb24-179150f3f959", "title": "Binge Site Verification using Meta Tag <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings", "software": [ { "type": "plugin", "name": "Bing Site Verification plugin using Meta Tag", "slug": "bing-site-verification-using-meta-tag", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b050fa45-05b7-49ff-bb24-179150f3f959?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0520601-7e5c-412d-a8da-df1bf8ce28df": { "id": "b0520601-7e5c-412d-a8da-df1bf8ce28df", "title": "WooCommerce Multivendor Marketplace \u2013 REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order\/Order Note Disclosure, Order Note Addition via REST API", "software": [ { "type": "plugin", "name": "WooCommerce Multivendor Marketplace \u2013 REST API", "slug": "wcfm-marketplace-rest-api", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0520601-7e5c-412d-a8da-df1bf8ce28df?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b05ece19-ba0d-456e-bdab-86abe9a13e70": { "id": "b05ece19-ba0d-456e-bdab-86abe9a13e70", "title": "Newsletter Meenews <= 5.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter Meenews", "slug": "meenews", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b05ece19-ba0d-456e-bdab-86abe9a13e70?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0603621-4521-4eb0-b4dd-e2257c133cee": { "id": "b0603621-4521-4eb0-b4dd-e2257c133cee", "title": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List", "slug": "cryptocurrency-price-ticker-widget", "affected_versions": { "2.0 - 2.6.5": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0603621-4521-4eb0-b4dd-e2257c133cee?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b066da10-f842-4ff2-a4da-2d469169f423": { "id": "b066da10-f842-4ff2-a4da-2d469169f423", "title": "Slider by 10Web <= 1.2.58 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider by 10Web \u2013 Responsive Image Slider", "slug": "slider-wd", "affected_versions": { "* - 1.2.58": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.58", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b066da10-f842-4ff2-a4da-2d469169f423?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b066f1fe-b416-4fe8-891d-b9c33664df89": { "id": "b066f1fe-b416-4fe8-891d-b9c33664df89", "title": "Simple Social Share <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Social Share", "slug": "simple-social-share", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b066f1fe-b416-4fe8-891d-b9c33664df89?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b06a1b66-9057-4f16-878c-4fa66489f0ff": { "id": "b06a1b66-9057-4f16-878c-4fa66489f0ff", "title": "AWP Classifieds <= 4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds", "slug": "another-wordpress-classifieds-plugin", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b06a1b66-9057-4f16-878c-4fa66489f0ff?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0781264-ed26-4e4b-a7ab-40e65bc71571": { "id": "b0781264-ed26-4e4b-a7ab-40e65bc71571", "title": "Yet Another Stars Rating <= 3.1.2 - Authenticated (Subscriber+) Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "YASR \u2013 Yet Another Star Rating Plugin for WordPress", "slug": "yet-another-stars-rating", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0781264-ed26-4e4b-a7ab-40e65bc71571?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b078e446-61e7-4ce1-b9a9-480ccc388c72": { "id": "b078e446-61e7-4ce1-b9a9-480ccc388c72", "title": "Perfmatters <= 2.1.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Perfmatters", "slug": "perfmatters", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b078e446-61e7-4ce1-b9a9-480ccc388c72?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b07b46a6-8a5d-40cb-8af9-baf0f1722736": { "id": "b07b46a6-8a5d-40cb-8af9-baf0f1722736", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b07b46a6-8a5d-40cb-8af9-baf0f1722736?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b08194e9-6e6e-484c-bc5b-87235379d3b1": { "id": "b08194e9-6e6e-484c-bc5b-87235379d3b1", "title": "JCH Optimize <= 4.2.0 - Authenticated (Subscriber+) Directory Traversal", "software": [ { "type": "plugin", "name": "JCH Optimize", "slug": "jch-optimize", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b08194e9-6e6e-484c-bc5b-87235379d3b1?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b084ba1c-0910-44f0-ad77-41552ec25589": { "id": "b084ba1c-0910-44f0-ad77-41552ec25589", "title": "Social Like Box and Page by WpDevArt <= 0.8.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Like Box and Page by WpDevArt", "slug": "like-box", "affected_versions": { "* - 0.8.40": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b084ba1c-0910-44f0-ad77-41552ec25589?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b08531b2-968e-4a00-ad7a-7abfe8cf0bd3": { "id": "b08531b2-968e-4a00-ad7a-7abfe8cf0bd3", "title": "VikBooking Hotel Booking Engine & PMS <= 1.6.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b08531b2-968e-4a00-ad7a-7abfe8cf0bd3?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0907cb0-b101-4c88-9a8b-b35133e1d0a2": { "id": "b0907cb0-b101-4c88-9a8b-b35133e1d0a2", "title": "MiwoFTP < 1.0.6 - Cross-Site Request Forgery leading to Remote Code Execution", "software": [ { "type": "plugin", "name": "miwoftp", "slug": "miwoftp", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0907cb0-b101-4c88-9a8b-b35133e1d0a2?source=api-scan" ], "published": "2015-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0925ceb-581c-4748-abfb-9962e53b7db9": { "id": "b0925ceb-581c-4748-abfb-9962e53b7db9", "title": "Blogmentor \u2013 Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter", "software": [ { "type": "plugin", "name": "Blogmentor \u2013 Blog Layouts for Elementor", "slug": "blogmentor", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0925ceb-581c-4748-abfb-9962e53b7db9?source=api-scan" ], "published": "2024-06-18 14:31:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0955689-43a0-442c-974b-5db5e4171f6a": { "id": "b0955689-43a0-442c-974b-5db5e4171f6a", "title": "Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_compare", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.87": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0955689-43a0-442c-974b-5db5e4171f6a?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b09a3b74-a359-456a-b945-f6173f579e9b": { "id": "b09a3b74-a359-456a-b945-f6173f579e9b", "title": "Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Envo's Elementor Templates & Widgets for WooCommerce", "slug": "envo-elementor-for-woocommerce", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b09a3b74-a359-456a-b945-f6173f579e9b?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b09c6da0-14d8-4e44-95bd-b5b6b0df97e9": { "id": "b09c6da0-14d8-4e44-95bd-b5b6b0df97e9", "title": "W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b09c6da0-14d8-4e44-95bd-b5b6b0df97e9?source=api-scan" ], "published": "2016-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b09c98f2-6492-41e1-8d87-e10ed2ef5f9f": { "id": "b09c98f2-6492-41e1-8d87-e10ed2ef5f9f", "title": "Social Media Share Buttons & Social Sharing Icons <= 2.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b09c98f2-6492-41e1-8d87-e10ed2ef5f9f?source=api-scan" ], "published": "2019-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0a5fdb9-4e36-43ce-88ce-cd75bb1d1e25": { "id": "b0a5fdb9-4e36-43ce-88ce-cd75bb1d1e25", "title": "AMP for WP \u2013 Accelerated Mobile Pages <= 1.0.96.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 1.0.96.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.96.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0a5fdb9-4e36-43ce-88ce-cd75bb1d1e25?source=api-scan" ], "published": "2024-07-23 21:41:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160": { "id": "b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160", "title": "WP eCommerce <= 3.15.1 - Missing Authorization to Unauthenticated Arbitrary Post Creation", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "* - 3.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.15.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ab311f-26c1-4165-80bc-512348fcc0c0": { "id": "b0ab311f-26c1-4165-80bc-512348fcc0c0", "title": "FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FL3R FeelBox", "slug": "fl3r-feelbox", "affected_versions": { "* - 8.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ab311f-26c1-4165-80bc-512348fcc0c0?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ac43ba-cc49-4688-9efa-585551f3c40c": { "id": "b0ac43ba-cc49-4688-9efa-585551f3c40c", "title": "WooCommerce Ship to Multiple Addresses <= 3.8.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Ship to Multiple Addresses", "slug": "woocommerce-shipping-multiple-addresses", "affected_versions": { "* - 3.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ac43ba-cc49-4688-9efa-585551f3c40c?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ace1a3-81e2-4887-be27-606b49f77357": { "id": "b0ace1a3-81e2-4887-be27-606b49f77357", "title": "10WebMapBuilder <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "10Web Map Builder for Google Maps", "slug": "wd-google-maps", "affected_versions": { "* - 1.0.71": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ace1a3-81e2-4887-be27-606b49f77357?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ad4949-b7e8-4c50-af64-c59e053cfd0e": { "id": "b0ad4949-b7e8-4c50-af64-c59e053cfd0e", "title": "Ebook Store <= 5.8001 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ebook Store", "slug": "ebook-store", "affected_versions": { "* - 5.8001": { "from_version": "*", "from_inclusive": true, "to_version": "5.8001", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8002" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ad4949-b7e8-4c50-af64-c59e053cfd0e?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ae27c4-0381-4622-90e8-f4fee29767a3": { "id": "b0ae27c4-0381-4622-90e8-f4fee29767a3", "title": "Bit File Manager <= 5.0.0 - Information Disclosure", "software": [ { "type": "plugin", "name": "Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress", "slug": "file-manager", "affected_versions": { "* - 5.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ae27c4-0381-4622-90e8-f4fee29767a3?source=api-scan" ], "published": "2018-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0b223e8-7659-4220-acb6-70dfd4c101f4": { "id": "b0b223e8-7659-4220-acb6-70dfd4c101f4", "title": "WooCommerce Menu Cart <= 2.11.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Menu Cart for WooCommerce", "slug": "woocommerce-menu-bar-cart", "affected_versions": { "* - 2.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0b223e8-7659-4220-acb6-70dfd4c101f4?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0b2bdb3-713c-47c6-8907-ac0f86038dc2": { "id": "b0b2bdb3-713c-47c6-8907-ac0f86038dc2", "title": "Profile Builder <= 3.10.3 - Cross-Site Request Forgery via pms-cross-promotion.php", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0b2bdb3-713c-47c6-8907-ac0f86038dc2?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0b71f57-a641-4320-bec1-670bbbfbc708": { "id": "b0b71f57-a641-4320-bec1-670bbbfbc708", "title": "Profile Builder \u2013 User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0b71f57-a641-4320-bec1-670bbbfbc708?source=api-scan" ], "published": "2016-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0b8c4c3-eba2-4c20-b790-48eceeba898e": { "id": "b0b8c4c3-eba2-4c20-b790-48eceeba898e", "title": "Enable Accessibility <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Enable Accessibility", "slug": "enable-accessibility", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0b8c4c3-eba2-4c20-b790-48eceeba898e?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0bce89d-6b1d-4e7f-bd7f-6143a3b622de": { "id": "b0bce89d-6b1d-4e7f-bd7f-6143a3b622de", "title": "WP Courses <= 2.0.28 - Improper Access Controls", "software": [ { "type": "plugin", "name": "WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, Courses Solution, Education Courses", "slug": "wp-courses", "affected_versions": { "* - 2.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0bce89d-6b1d-4e7f-bd7f-6143a3b622de?source=api-scan" ], "published": "2020-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0bfe80d-f9d5-4fc0-a8dd-717c31020b8d": { "id": "b0bfe80d-f9d5-4fc0-a8dd-717c31020b8d", "title": "Logo Showcase with Slick Slider \u2013 Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Showcase \u2013 Responsive Logo Carousel, Logo Slider & Logo Grid", "slug": "logo-showcase-with-slick-slider", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0bfe80d-f9d5-4fc0-a8dd-717c31020b8d?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0c01e62-7a31-49de-851c-f52ce578bd95": { "id": "b0c01e62-7a31-49de-851c-f52ce578bd95", "title": "WP Photo Album Plus <= 8.0.10 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "[*, 8.0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1.00" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0c01e62-7a31-49de-851c-f52ce578bd95?source=api-scan" ], "published": "2022-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0c646b7-8f4d-4966-b866-8764ca98af35": { "id": "b0c646b7-8f4d-4966-b866-8764ca98af35", "title": "Simple SEO <= 1.8.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple SEO", "slug": "cds-simple-seo", "affected_versions": { "* - 1.8.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0c646b7-8f4d-4966-b866-8764ca98af35?source=api-scan" ], "published": "2022-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ce06d3-491e-4565-8b26-f33937aee3e8": { "id": "b0ce06d3-491e-4565-8b26-f33937aee3e8", "title": "BA Book Everything <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "BA Book Everything", "slug": "ba-book-everything", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ce06d3-491e-4565-8b26-f33937aee3e8?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ceff94-e312-41da-acec-15d550aba792": { "id": "b0ceff94-e312-41da-acec-15d550aba792", "title": "SW Product Bundles <= 2.0.15 - Missing Authorization", "software": [ { "type": "plugin", "name": "SW Product Bundles", "slug": "sw-product-bundles", "affected_versions": { "* - 2.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ceff94-e312-41da-acec-15d550aba792?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22": { "id": "b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22", "title": "JQuery Accordion Menu Widget <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "JQuery Accordion Menu Widget", "slug": "jquery-vertical-accordion-menu", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0d1cf3b-5631-49bd-a7aa-86de2ee4b5b9": { "id": "b0d1cf3b-5631-49bd-a7aa-86de2ee4b5b9", "title": "Announce from the Dashboard <= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Announce from the Dashboard", "slug": "announce-from-the-dashboard", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0d1cf3b-5631-49bd-a7aa-86de2ee4b5b9?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0d7e56d-453f-4df0-8cf5-32d8bafc60d5": { "id": "b0d7e56d-453f-4df0-8cf5-32d8bafc60d5", "title": "Leaflet Map < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaflet Map", "slug": "leaflet-map", "affected_versions": { "* - 2.23.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0d7e56d-453f-4df0-8cf5-32d8bafc60d5?source=api-scan" ], "published": "2021-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0d8499a-a630-4c2b-9381-78ac83da119d": { "id": "b0d8499a-a630-4c2b-9381-78ac83da119d", "title": "WordPress Download Manager <= 3.2.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.2.13)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0d8499a-a630-4c2b-9381-78ac83da119d?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0d8a530-53fd-4e2f-aa57-d75c89dc2a51": { "id": "b0d8a530-53fd-4e2f-aa57-d75c89dc2a51", "title": "WP RSS Aggregator <= 4.19.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging", "slug": "wp-rss-aggregator", "affected_versions": { "* - 4.19.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.19.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.19.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0d8a530-53fd-4e2f-aa57-d75c89dc2a51?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0d9362f-3f34-4602-b19f-2d283e4fe22d": { "id": "b0d9362f-3f34-4602-b19f-2d283e4fe22d", "title": "My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0d9362f-3f34-4602-b19f-2d283e4fe22d?source=api-scan" ], "published": "2019-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0e340d7-72ad-4a48-8c7c-e5ca61108007": { "id": "b0e340d7-72ad-4a48-8c7c-e5ca61108007", "title": "MBE eShip <= 2.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MBE eShip", "slug": "mail-boxes-etc", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0e340d7-72ad-4a48-8c7c-e5ca61108007?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0e35280-0c2a-4fe1-bfbe-3321338ff1a5": { "id": "b0e35280-0c2a-4fe1-bfbe-3321338ff1a5", "title": "Ultimate Carousel For Elementor <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Carousel For Elementor", "slug": "ultimate-carousel-for-elementor", "affected_versions": { "* - 2.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0e35280-0c2a-4fe1-bfbe-3321338ff1a5?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0e582e3-9ca3-4601-81f2-cb6ef827a468": { "id": "b0e582e3-9ca3-4601-81f2-cb6ef827a468", "title": "Contact Form to DB by BestWebSoft <= 1.7.1 - Authenticated (Administrator+) SQL Injection via 's'", "software": [ { "type": "plugin", "name": "Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress", "slug": "contact-form-to-db", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0e582e3-9ca3-4601-81f2-cb6ef827a468?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ea041b-f09d-4c62-aada-26afbc60b6f2": { "id": "b0ea041b-f09d-4c62-aada-26afbc60b6f2", "title": "Premium Portfolio Features for Phlox theme <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios'", "software": [ { "type": "plugin", "name": "Premium Portfolio Features for Phlox theme", "slug": "auxin-portfolio", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ea041b-f09d-4c62-aada-26afbc60b6f2?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0eb165f-c979-4318-8362-ca47500ed845": { "id": "b0eb165f-c979-4318-8362-ca47500ed845", "title": "Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization on multiple AJAX actions", "software": [ { "type": "plugin", "name": "Image Regenerate & Select Crop", "slug": "image-regenerate-select-crop", "affected_versions": { "[*, 7.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0eb165f-c979-4318-8362-ca47500ed845?source=api-scan" ], "published": "2023-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0eba1e2-d34e-4164-a7cb-55148d308439": { "id": "b0eba1e2-d34e-4164-a7cb-55148d308439", "title": "Listing, Classified Ads & Business Directory \u2013 uListing <= 2.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0eba1e2-d34e-4164-a7cb-55148d308439?source=api-scan" ], "published": "2021-07-27 04:34:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0eedeba-cdff-4e84-8182-1bebf48c76e0": { "id": "b0eedeba-cdff-4e84-8182-1bebf48c76e0", "title": "Cloak Front End Email <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Cloak Front End Email", "slug": "cloak-front-end-email", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0eedeba-cdff-4e84-8182-1bebf48c76e0?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0ef885f-fd62-4513-83cb-65381b99a172": { "id": "b0ef885f-fd62-4513-83cb-65381b99a172", "title": "WordPress Core < 5.8.3 - SQL Injection via WP_Query", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[3.7, 3.7.37)": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.37", "to_inclusive": false }, "[3.8, 3.8.37)": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.37", "to_inclusive": false }, "[3.9, 3.9.35)": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.35", "to_inclusive": false }, "[4.0, 4.0.34)": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.34", "to_inclusive": false }, "[4.1, 4.1.34)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.34", "to_inclusive": false }, "[4.2, 4.2.31)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.31", "to_inclusive": false }, "[4.3, 4.3.27)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.27", "to_inclusive": false }, "[4.4, 4.4.26)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.26", "to_inclusive": false }, "[4.5, 4.5.25)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.25", "to_inclusive": false }, "[4.6, 4.6.22)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.22", "to_inclusive": false }, "[4.7, 4.7.22)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.22", "to_inclusive": false }, "[4.8, 4.8.18)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.18", "to_inclusive": false }, "[4.9, 4.9.19)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.19", "to_inclusive": false }, "[5.0, 5.0.15)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.15", "to_inclusive": false }, "[5.1, 5.1.12)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.12", "to_inclusive": false }, "[5.2, 5.2.14)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.14", "to_inclusive": false }, "[5.3, 5.3.11)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.11", "to_inclusive": false }, "[5.4, 5.4.9)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": false }, "[5.5, 5.5.8)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.8", "to_inclusive": false }, "[5.6, 5.6.7)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.7", "to_inclusive": false }, "[5.7, 5.7.5)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": false }, "[5.8, 5.8.3)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.37", "3.8.37", "3.9.35", "4.0.34", "4.1.34", "4.2.31", "4.3.27", "4.4.26", "4.5.25", "4.6.22", "4.7.22", "4.8.18", "4.9.19", "5.0.15", "5.1.12", "5.2.14", "5.3.11", "5.4.9", "5.5.8", "5.6.7", "5.7.5", "5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0ef885f-fd62-4513-83cb-65381b99a172?source=api-scan" ], "published": "2021-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b0fdad22-5aee-468f-885c-f65c068cf413": { "id": "b0fdad22-5aee-468f-885c-f65c068cf413", "title": "Theater for WordPress <= 0.18.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Theater for WordPress", "slug": "theatre", "affected_versions": { "* - 0.18.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.18.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.18.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b0fdad22-5aee-468f-885c-f65c068cf413?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b100ba5a-8aad-4aa1-98bf-a09c5bde7bc1": { "id": "b100ba5a-8aad-4aa1-98bf-a09c5bde7bc1", "title": "Resume Submissions & Job Postings Plugin <= 2.5.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Resume Submissions & Job Postings", "slug": "resume-submissions-job-postings", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b100ba5a-8aad-4aa1-98bf-a09c5bde7bc1?source=api-scan" ], "published": "2016-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b102af8f-2bc3-4548-9a90-d1280b058173": { "id": "b102af8f-2bc3-4548-9a90-d1280b058173", "title": "Post Thumbnail Editor <= 2.4.8 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Post Thumbnail Editor", "slug": "post-thumbnail-editor", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b102af8f-2bc3-4548-9a90-d1280b058173?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b10303e0-c864-4088-91d1-d38c24094812": { "id": "b10303e0-c864-4088-91d1-d38c24094812", "title": "Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More", "slug": "wpforms-lite", "affected_versions": { "* - 1.8.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1.3" ] }, { "type": "plugin", "name": "WPForms Pro", "slug": "wpforms", "affected_versions": { "* - 1.8.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b10303e0-c864-4088-91d1-d38c24094812?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b105fe2a-b1fd-42d4-ab16-b80115e22531": { "id": "b105fe2a-b1fd-42d4-ab16-b80115e22531", "title": "Site Offline Or Coming Soon Or Maintenance Mode <= 1.4.2 - Cross-Site Request Forgery and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Offline Or Coming Soon Or Maintenance Mode", "slug": "site-offline", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b105fe2a-b1fd-42d4-ab16-b80115e22531?source=api-scan" ], "published": "2020-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b108ba89-56c4-44a8-af61-ccd6f7f73562": { "id": "b108ba89-56c4-44a8-af61-ccd6f7f73562", "title": "AA-Team Premium SEO Pack <= 1.8.0 - Local File Disclosure and Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Premium Seo Pack \u2013 Light Version", "slug": "premium-seo-pack-light-version", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b108ba89-56c4-44a8-af61-ccd6f7f73562?source=api-scan" ], "published": "2015-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b108e2e9-e5af-464a-98d9-bb40a2b65c14": { "id": "b108e2e9-e5af-464a-98d9-bb40a2b65c14", "title": "Rank Math SEO <= 1.0.218 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "* - 1.0.218": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.218", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.219" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b108e2e9-e5af-464a-98d9-bb40a2b65c14?source=api-scan" ], "published": "2024-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b10941c7-40f1-4157-a9d9-40844d25b22b": { "id": "b10941c7-40f1-4157-a9d9-40844d25b22b", "title": "No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "No API Amazon Affiliate", "slug": "no-api-amazon-affiliate", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b10941c7-40f1-4157-a9d9-40844d25b22b?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b10a4561-1724-4e98-bff2-ca5416b217dc": { "id": "b10a4561-1724-4e98-bff2-ca5416b217dc", "title": "Finalist (All Versions) - SQL Injection", "software": [ { "type": "plugin", "name": "Finalist", "slug": "finalist", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b10a4561-1724-4e98-bff2-ca5416b217dc?source=api-scan" ], "published": "2013-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b10d01ec-54ef-456b-9410-ed013343a962": { "id": "b10d01ec-54ef-456b-9410-ed013343a962", "title": "ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass", "software": [ { "type": "plugin", "name": "ZM Ajax Login & Register", "slug": "zm-ajax-login-register", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b10d01ec-54ef-456b-9410-ed013343a962?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b10d8f8a-517f-4286-b501-0ca040529362": { "id": "b10d8f8a-517f-4286-b501-0ca040529362", "title": "WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b10d8f8a-517f-4286-b501-0ca040529362?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b11ccbbd-c909-4160-af36-8f0b50fb1285": { "id": "b11ccbbd-c909-4160-af36-8f0b50fb1285", "title": "WP Testimonial Widget <= 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Testimonial Widget", "slug": "wp-testimonial-widget", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b11ccbbd-c909-4160-af36-8f0b50fb1285?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b11f2ad4-5a89-4387-a307-350cead20491": { "id": "b11f2ad4-5a89-4387-a307-350cead20491", "title": "Evaluate <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Evaluate", "slug": "evaluate", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b11f2ad4-5a89-4387-a307-350cead20491?source=api-scan" ], "published": "2022-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1278291-9fef-40f5-a432-d96f4bed31fe": { "id": "b1278291-9fef-40f5-a432-d96f4bed31fe", "title": "Rencontre \u2013 Dating Site <= 3.10.1 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "* - 3.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1278291-9fef-40f5-a432-d96f4bed31fe?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1280aec-f253-404e-b03c-d1b8416a6e7d": { "id": "b1280aec-f253-404e-b03c-d1b8416a6e7d", "title": "Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 7.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1280aec-f253-404e-b03c-d1b8416a6e7d?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b128fa23-090e-4449-9202-a1db572e242d": { "id": "b128fa23-090e-4449-9202-a1db572e242d", "title": "ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 3.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b128fa23-090e-4449-9202-a1db572e242d?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b12a7e57-a45f-407a-9dd9-843a628d73ac": { "id": "b12a7e57-a45f-407a-9dd9-843a628d73ac", "title": "Library Viewer <= 2.0.6 - Open Redirect via 'redirect_to'", "software": [ { "type": "plugin", "name": "Library Viewer", "slug": "library-viewer", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b12a7e57-a45f-407a-9dd9-843a628d73ac?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b12b0a2a-3c3c-4d9c-a404-c8f170638e31": { "id": "b12b0a2a-3c3c-4d9c-a404-c8f170638e31", "title": "Log HTTP Requests <= 1.3.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Log HTTP Requests", "slug": "log-http-requests", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b12b0a2a-3c3c-4d9c-a404-c8f170638e31?source=api-scan" ], "published": "2022-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b12c0524-d991-4f96-8646-f4203880558c": { "id": "b12c0524-d991-4f96-8646-f4203880558c", "title": "LuckyWP Table of Contents <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LuckyWP Table of Contents", "slug": "luckywp-table-of-contents", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b12c0524-d991-4f96-8646-f4203880558c?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b12deaa4-246e-4502-8091-fcbe5a2eae15": { "id": "b12deaa4-246e-4502-8091-fcbe5a2eae15", "title": "Virim <= 0.4 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Virim", "slug": "virim", "affected_versions": { "* - 0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b12deaa4-246e-4502-8091-fcbe5a2eae15?source=api-scan" ], "published": "2019-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b12efe6c-63e9-4d5c-9437-7c0b6abe2ee5": { "id": "b12efe6c-63e9-4d5c-9437-7c0b6abe2ee5", "title": "Spnbabble <= 1.4.1 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "spnbabble", "slug": "spnbabble", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b12efe6c-63e9-4d5c-9437-7c0b6abe2ee5?source=api-scan" ], "published": "2014-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b133888c-7673-4796-917c-486bff1b6b12": { "id": "b133888c-7673-4796-917c-486bff1b6b12", "title": "Async JavaScript <= 2.19.07.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Async JavaScript", "slug": "async-javascript", "affected_versions": { "[*, 2.20.02.27)": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.02.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.20.02.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b133888c-7673-4796-917c-486bff1b6b12?source=api-scan" ], "published": "2020-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1355e9f-fa3a-439a-a13f-49b10dd4473a": { "id": "b1355e9f-fa3a-439a-a13f-49b10dd4473a", "title": "Staff \/ Employee Business Directory for Active Directory <= 1.2.1 - Insufficient Escaping of Stored LDAP Values", "software": [ { "type": "plugin", "name": "Staff \/ Employee Business Directory for Active Directory", "slug": "ldap-ad-staff-employee-directory-search", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1355e9f-fa3a-439a-a13f-49b10dd4473a?source=api-scan" ], "published": "2023-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b139260b-7741-4e35-b23f-896f23719739": { "id": "b139260b-7741-4e35-b23f-896f23719739", "title": "Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in template_importer", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b139260b-7741-4e35-b23f-896f23719739?source=api-scan" ], "published": "2023-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b13e1916-2a02-4a91-acf1-6e5d7c55bd57": { "id": "b13e1916-2a02-4a91-acf1-6e5d7c55bd57", "title": "Advanced Custom Fields <= 6.0.7 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 5.12.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.4", "to_inclusive": true }, "6.0.0 - 6.0.7": { "from_version": "6.0.0", "from_inclusive": true, "to_version": "6.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.5", "6.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b13e1916-2a02-4a91-acf1-6e5d7c55bd57?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b13ee51b-9f23-428f-9cef-4a9b9b06b0c4": { "id": "b13ee51b-9f23-428f-9cef-4a9b9b06b0c4", "title": "Solidres <= 0.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solidres \u2013 Hotel booking plugin for WordPress", "slug": "solidres", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b13f1fb2-5dbc-4d7d-b4cc-b6dc6804531a": { "id": "b13f1fb2-5dbc-4d7d-b4cc-b6dc6804531a", "title": "SEO Redirection Plugin \u2013 301 Redirect Manager <= 7.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Redirection Plugin \u2013 301 Redirect Manager", "slug": "seo-redirection", "affected_versions": { "* - 7.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b13f1fb2-5dbc-4d7d-b4cc-b6dc6804531a?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b13f6a3f-cab6-4aff-a96e-58250fcf655a": { "id": "b13f6a3f-cab6-4aff-a96e-58250fcf655a", "title": "WordPress Core < 5.5.2 - Misconfiguration That Allows Trigger of New Installation", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b13f6a3f-cab6-4aff-a96e-58250fcf655a?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b140d228-cd74-4d78-8b9d-9a69e5a89bfb": { "id": "b140d228-cd74-4d78-8b9d-9a69e5a89bfb", "title": "New Adman <= 1.6.8 - Cross-Site Request Forgery via plugin_menu", "software": [ { "type": "plugin", "name": "New Adman", "slug": "new-adman", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b140d228-cd74-4d78-8b9d-9a69e5a89bfb?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1446daf-662d-479c-8fc5-80b27b04d6c4": { "id": "b1446daf-662d-479c-8fc5-80b27b04d6c4", "title": "WordPress Core < 2.0.7 - Full Path Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1446daf-662d-479c-8fc5-80b27b04d6c4?source=api-scan" ], "published": "2007-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b14af68e-960f-4817-bab4-881f2720cb82": { "id": "b14af68e-960f-4817-bab4-881f2720cb82", "title": "Timetable and Event Schedule by MotoPress <= 2.3.19 - Arbitrary User's Hashed Password\/Email\/Username Disclosure", "software": [ { "type": "plugin", "name": "Timetable and Event Schedule by MotoPress", "slug": "mp-timetable", "affected_versions": { "* - 2.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b14af68e-960f-4817-bab4-881f2720cb82?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b14bc75a-0bfb-4d46-89db-c31fb6bfa7cf": { "id": "b14bc75a-0bfb-4d46-89db-c31fb6bfa7cf", "title": "Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "* - 2.9.9.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b14bc75a-0bfb-4d46-89db-c31fb6bfa7cf?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b14cada2-5d04-47a1-b648-048fcbabd2b5": { "id": "b14cada2-5d04-47a1-b648-048fcbabd2b5", "title": "Favicon by RealFaviconGenerator <= 1.3.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Favicon by RealFaviconGenerator", "slug": "favicon-by-realfavicongenerator", "affected_versions": { "[*, 1.3.21)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b14cada2-5d04-47a1-b648-048fcbabd2b5?source=api-scan" ], "published": "2021-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b14dec28-41f9-460f-aa6c-3e6baf2498d8": { "id": "b14dec28-41f9-460f-aa6c-3e6baf2498d8", "title": "Pie Register \u2013 User Registration Forms <= 3.7.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 3.7.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b14dec28-41f9-460f-aa6c-3e6baf2498d8?source=api-scan" ], "published": "2021-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8": { "id": "b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8", "title": "Academy LMS \u2013 eLearning and online course solution for WordPress <= 1.9.19 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution", "slug": "academy", "affected_versions": { "* - 1.9.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b155f8ca-9d09-47d7-a7c2-7744df029c19": { "id": "b155f8ca-9d09-47d7-a7c2-7744df029c19", "title": "Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.107": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.107", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.108" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b155f8ca-9d09-47d7-a7c2-7744df029c19?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b156379a-fbb8-4fc0-9cc0-534b131bf785": { "id": "b156379a-fbb8-4fc0-9cc0-534b131bf785", "title": "Futurio Extra <= 1.9.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Futurio Extra", "slug": "futurio-extra", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b156379a-fbb8-4fc0-9cc0-534b131bf785?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b157356c-a4be-48d6-8c58-ad1a9c96cda3": { "id": "b157356c-a4be-48d6-8c58-ad1a9c96cda3", "title": "SRS Simple Hits Counter Plugin for WordPress 1.03 - 1.04 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "SRS Simple Hits Counter", "slug": "srs-simple-hits-counter", "affected_versions": { "1.0.3 - 1.0.4": { "from_version": "1.0.3", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b157356c-a4be-48d6-8c58-ad1a9c96cda3?source=api-scan" ], "published": "2020-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b15a2ddb-ed74-4ac3-8cfb-e8553dad90d6": { "id": "b15a2ddb-ed74-4ac3-8cfb-e8553dad90d6", "title": "Float Menu <= 4.3 - Arbitrary Menu Deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Float menu \u2013 awesome floating side menu", "slug": "float-menu", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b15a2ddb-ed74-4ac3-8cfb-e8553dad90d6?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b15b10a4-04fd-4860-9cc9-cefcdbbbf507": { "id": "b15b10a4-04fd-4860-9cc9-cefcdbbbf507", "title": "User Rights Access Manager <= 1.0.7 - Access Restriction Bypass", "software": [ { "type": "plugin", "name": "User Rights Access Manager", "slug": "user-rights-access-manager", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b15b10a4-04fd-4860-9cc9-cefcdbbbf507?source=api-scan" ], "published": "2021-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1623bef-09c8-43e0-a6a1-f5b9aa3ba7eb": { "id": "b1623bef-09c8-43e0-a6a1-f5b9aa3ba7eb", "title": "Football Pool <= 2.11.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Football Pool", "slug": "football-pool", "affected_versions": { "* - 2.11.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1623bef-09c8-43e0-a6a1-f5b9aa3ba7eb?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1695816-0f54-4095-8884-bc9856b4dac1": { "id": "b1695816-0f54-4095-8884-bc9856b4dac1", "title": "Almera Responsive Portfolio Site Template < 1.1.8 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Almera Responsive Portfolio Site Template", "slug": "almera", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1695816-0f54-4095-8884-bc9856b4dac1?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b16a9a96-9be2-40cd-95d4-e3ce118ce2e1": { "id": "b16a9a96-9be2-40cd-95d4-e3ce118ce2e1", "title": "reCAPTCHA Jetpack <= 0.2.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "reCAPTCHA Jetpack", "slug": "recaptcha-jetpack", "affected_versions": { "* - 0.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b16a9a96-9be2-40cd-95d4-e3ce118ce2e1?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b16d675f-1b62-4e3e-b91b-7bdb1e70a221": { "id": "b16d675f-1b62-4e3e-b91b-7bdb1e70a221", "title": "WordPress Core < 2.09 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": false }, "2.1": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9", "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b16d675f-1b62-4e3e-b91b-7bdb1e70a221?source=api-scan" ], "published": "2007-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1703f90-17ad-4988-a60c-e56f88f3a317": { "id": "b1703f90-17ad-4988-a60c-e56f88f3a317", "title": "Maspik \u2013 Spam blacklist <= 0.10.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Maspik \u2013 Advanced Spam Protection", "slug": "contact-forms-anti-spam", "affected_versions": { "* - 0.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.10.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1703f90-17ad-4988-a60c-e56f88f3a317?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b170ac00-5d5c-46ef-95f3-e98ef4528999": { "id": "b170ac00-5d5c-46ef-95f3-e98ef4528999", "title": "WordPress Core 6.4.0 - 6.4.1 - Remote Code Execution POP Chain", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "6.4.0": { "from_version": "6.4.0", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": true }, "6.4.1": { "from_version": "6.4.1", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b170ac00-5d5c-46ef-95f3-e98ef4528999?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b173523a-e79d-4d2d-af67-5372576df220": { "id": "b173523a-e79d-4d2d-af67-5372576df220", "title": "Fusion Builder <= 3.11.1 - Reflected Cross-Site Scripting via User Register Element", "software": [ { "type": "plugin", "name": "Fusion Builder", "slug": "fusion-builder", "affected_versions": { "* - 3.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b173523a-e79d-4d2d-af67-5372576df220?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b174204a-30d3-406c-a405-1670bcdab39d": { "id": "b174204a-30d3-406c-a405-1670bcdab39d", "title": "Mighty Builder <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mighty Builder \u2013 Drag & Drop WordPress Page Builder", "slug": "mighty-builder", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b174204a-30d3-406c-a405-1670bcdab39d?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1782c82-bfdb-4104-a3f5-b1a07aede555": { "id": "b1782c82-bfdb-4104-a3f5-b1a07aede555", "title": "DTracker <= 1.5 - SQL Injection", "software": [ { "type": "plugin", "name": "DTracker", "slug": "dtracker", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1782c82-bfdb-4104-a3f5-b1a07aede555?source=api-scan" ], "published": "2017-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1791d41-cdfe-4918-8351-2108302241c1": { "id": "b1791d41-cdfe-4918-8351-2108302241c1", "title": "Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 2.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1791d41-cdfe-4918-8351-2108302241c1?source=api-scan" ], "published": "2020-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b17b522d-997f-443e-a39f-2da0ebf14aaa": { "id": "b17b522d-997f-443e-a39f-2da0ebf14aaa", "title": "Apollo13 Framework Extensions <= 1.9.3 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Apollo13 Framework Extensions", "slug": "apollo13-framework-extensions", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b17b522d-997f-443e-a39f-2da0ebf14aaa?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b17c5b5e-26d9-485d-881e-bd4414f29f1a": { "id": "b17c5b5e-26d9-485d-881e-bd4414f29f1a", "title": "Easy Digital Downloads \u2013 Pushover notifications <= 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Pushover notifications", "slug": "edd-pushover-notifications", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b17c5b5e-26d9-485d-881e-bd4414f29f1a?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b17d1280-2bae-4c45-b2e1-fbfcb2c7c15b": { "id": "b17d1280-2bae-4c45-b2e1-fbfcb2c7c15b", "title": "Live Chat \u2013 Live support <= 3.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Live Chat & AI Bot Support", "slug": "onwebchat", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b17d1280-2bae-4c45-b2e1-fbfcb2c7c15b?source=api-scan" ], "published": "2020-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b183587b-95bd-4e82-bfc7-db5a8fbd58f9": { "id": "b183587b-95bd-4e82-bfc7-db5a8fbd58f9", "title": "PDF Thumbnail Generator <= 1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Thumbnail Generator", "slug": "pdf-thumbnail-generator", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b183587b-95bd-4e82-bfc7-db5a8fbd58f9?source=api-scan" ], "published": "2024-09-12 20:29:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b186c98e-6a8d-4675-aaaa-c6748319dec1": { "id": "b186c98e-6a8d-4675-aaaa-c6748319dec1", "title": "Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Albo Pretorio On line", "slug": "albo-pretorio-on-line", "affected_versions": { "* - 4.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b186c98e-6a8d-4675-aaaa-c6748319dec1?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b191a337-ec45-4357-9b37-6ca0af9cb2f9": { "id": "b191a337-ec45-4357-9b37-6ca0af9cb2f9", "title": "Ask Me <= 6.8.1 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Ask Me - Responsive Questions & Answers WordPress", "slug": "ask-me", "affected_versions": { "[*, 6.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b191a337-ec45-4357-9b37-6ca0af9cb2f9?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b192d5d5-3bb9-4600-849e-2bb3c06009af": { "id": "b192d5d5-3bb9-4600-849e-2bb3c06009af", "title": "News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "News Announcement Scroll", "slug": "news-announcement-scroll", "affected_versions": { "* - 8.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "8.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b192d5d5-3bb9-4600-849e-2bb3c06009af?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1954340-397c-4cc0-ba9d-d698d94ea608": { "id": "b1954340-397c-4cc0-ba9d-d698d94ea608", "title": "Mediabay <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting Vulnerability", "software": [ { "type": "plugin", "name": "Mediabay \u2013 Media Library Folders", "slug": "mediabay-lite", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1954340-397c-4cc0-ba9d-d698d94ea608?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b19aa8ca-0ce8-4a9a-8f71-7d7e67e8f99b": { "id": "b19aa8ca-0ce8-4a9a-8f71-7d7e67e8f99b", "title": "WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Social Share Buttons", "slug": "share-button", "affected_versions": { "* - 1.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b19aa8ca-0ce8-4a9a-8f71-7d7e67e8f99b?source=api-scan" ], "published": "2024-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b19af06d-7262-4d21-ac39-7d4ce8e75d71": { "id": "b19af06d-7262-4d21-ac39-7d4ce8e75d71", "title": "Podlove Podcast Publisher <= 4.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b19af06d-7262-4d21-ac39-7d4ce8e75d71?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b19ce745-2cc4-48eb-b5f3-5011be7cceec": { "id": "b19ce745-2cc4-48eb-b5f3-5011be7cceec", "title": "W3 Total Cache <= 0.9.7.3 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b19ce745-2cc4-48eb-b5f3-5011be7cceec?source=api-scan" ], "published": "2019-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b19d0156-1fd9-4c18-be47-bce633b2f704": { "id": "b19d0156-1fd9-4c18-be47-bce633b2f704", "title": "Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change", "software": [ { "type": "plugin", "name": "Intuitive Custom Post Order", "slug": "intuitive-custom-post-order", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b19d0156-1fd9-4c18-be47-bce633b2f704?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1a193b7-21e5-4f57-aaa6-e55c79f8e957": { "id": "b1a193b7-21e5-4f57-aaa6-e55c79f8e957", "title": "Essential Addons for Elementor Pro <= 5.4.8 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor Pro", "slug": "essential-addons-elementor", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1a193b7-21e5-4f57-aaa6-e55c79f8e957?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1a29180-901d-447e-8f82-63161b9e11e0": { "id": "b1a29180-901d-447e-8f82-63161b9e11e0", "title": "Sayfa Saya\u00e7 <= 2.6 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Sayfa Sayac", "slug": "sayfa-sayac", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1a29180-901d-447e-8f82-63161b9e11e0?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1a3666b-2329-49c3-b017-9b495d90415e": { "id": "b1a3666b-2329-49c3-b017-9b495d90415e", "title": "Platform 4 <= 1.1.4 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Platform", "slug": "platform", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1a3666b-2329-49c3-b017-9b495d90415e?source=api-scan" ], "published": "2016-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1a85bc2-0b00-4635-86f6-26e96cc0616e": { "id": "b1a85bc2-0b00-4635-86f6-26e96cc0616e", "title": "Feather Login Page <= 1.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha", "slug": "feather-login-page", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1a85bc2-0b00-4635-86f6-26e96cc0616e?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1a97776-03c7-403d-b803-023647b9d0f2": { "id": "b1a97776-03c7-403d-b803-023647b9d0f2", "title": "Auto Listings <= 2.6.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Auto Listings \u2013 Car Listings & Car Dealership Plugin for WordPress", "slug": "auto-listings", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1a97776-03c7-403d-b803-023647b9d0f2?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1ae1b28-ea9e-4446-8b03-b5a8eaac1042": { "id": "b1ae1b28-ea9e-4446-8b03-b5a8eaac1042", "title": "Salient Core <= 2.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "salient-core", "slug": "salient-core", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1ae1b28-ea9e-4446-8b03-b5a8eaac1042?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1af4be1-a9d6-4f44-91b3-22cf3130cc34": { "id": "b1af4be1-a9d6-4f44-91b3-22cf3130cc34", "title": "POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Arbitrary Log Deletion", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1af4be1-a9d6-4f44-91b3-22cf3130cc34?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1b3edcf-c089-4bb8-b1e8-05e00abca1a5": { "id": "b1b3edcf-c089-4bb8-b1e8-05e00abca1a5", "title": "Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1b3edcf-c089-4bb8-b1e8-05e00abca1a5?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1b7b653-496f-467a-9513-4be1891f38ae": { "id": "b1b7b653-496f-467a-9513-4be1891f38ae", "title": "OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation", "software": [ { "type": "plugin", "name": "OTP Login Woocommerce (Login with OTP)", "slug": "mobile-login-woocommerce", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1b7b653-496f-467a-9513-4be1891f38ae?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1be1928-a278-48d5-beb2-00e3c8df3fa9": { "id": "b1be1928-a278-48d5-beb2-00e3c8df3fa9", "title": "Ultimate Member <= 2.0.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.22)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.22", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1be1928-a278-48d5-beb2-00e3c8df3fa9?source=api-scan" ], "published": "2018-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1c0f8f3-22fe-4139-93bb-0e9bacf9dafb": { "id": "b1c0f8f3-22fe-4139-93bb-0e9bacf9dafb", "title": "Booking Ultra Pro <= 1.1.6 - Missing Authorization via save_fields_settings", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1c0f8f3-22fe-4139-93bb-0e9bacf9dafb?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1c2712d-0865-4759-98da-1e11a26f2466": { "id": "b1c2712d-0865-4759-98da-1e11a26f2466", "title": "Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1c2712d-0865-4759-98da-1e11a26f2466?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1c27c27-f597-4867-a8d8-a83a3a1bf5f6": { "id": "b1c27c27-f597-4867-a8d8-a83a3a1bf5f6", "title": "PPC Tracker WordPress <= 2.0 - Stored Cross-Site Scripting via IP", "software": [ { "type": "plugin", "name": "PPC Tracker WordPress Plugin", "slug": "ppc-fraud-detctor", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1c27c27-f597-4867-a8d8-a83a3a1bf5f6?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1c44ad9-e61e-4f29-9c0b-7c0a89b0c8da": { "id": "b1c44ad9-e61e-4f29-9c0b-7c0a89b0c8da", "title": "ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1c44ad9-e61e-4f29-9c0b-7c0a89b0c8da?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1c6261f-4657-4e6e-ae23-5fa44790aa12": { "id": "b1c6261f-4657-4e6e-ae23-5fa44790aa12", "title": "Admin Management Xtended <= 2.4.0 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Admin Management Xtended", "slug": "admin-management-xtended", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1c6261f-4657-4e6e-ae23-5fa44790aa12?source=api-scan" ], "published": "2015-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1c8aa41-0362-47b8-afb0-80b6194b9bc3": { "id": "b1c8aa41-0362-47b8-afb0-80b6194b9bc3", "title": "Image Gallery \u2013 Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery <= 1.4.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Image Gallery \u2013 Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery", "slug": "new-image-gallery", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1c8aa41-0362-47b8-afb0-80b6194b9bc3?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1cdd6c6-f354-48d6-9493-08c67aaef9bd": { "id": "b1cdd6c6-f354-48d6-9493-08c67aaef9bd", "title": "myLinksDump <= 1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "myLinksDump", "slug": "mylinksdump", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1cdd6c6-f354-48d6-9493-08c67aaef9bd?source=api-scan" ], "published": "2010-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1d7f2f5-0685-4be0-bd3b-93c39d9bb7ee": { "id": "b1d7f2f5-0685-4be0-bd3b-93c39d9bb7ee", "title": "Animated Number Counters <= 1.9 - Authenticated (Editor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Animated Number Counters", "slug": "animated-number-counters", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1d7f2f5-0685-4be0-bd3b-93c39d9bb7ee?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1d8a9b5-e833-4810-a13a-fd360752e711": { "id": "b1d8a9b5-e833-4810-a13a-fd360752e711", "title": "CataBlog < 1.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CataBlog", "slug": "catablog", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1d8a9b5-e833-4810-a13a-fd360752e711?source=api-scan" ], "published": "2012-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1db421d-d935-4441-ae5e-cc01123e80e8": { "id": "b1db421d-d935-4441-ae5e-cc01123e80e8", "title": "Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1db421d-d935-4441-ae5e-cc01123e80e8?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1dd3845-a88d-41aa-acf4-66fd1a6819ff": { "id": "b1dd3845-a88d-41aa-acf4-66fd1a6819ff", "title": "Captcha Code <= 2.9 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Captcha Code", "slug": "captcha-code-authentication", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1dd3845-a88d-41aa-acf4-66fd1a6819ff?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1e1db3f-1ebc-4f16-b2d8-8bce9c51b3db": { "id": "b1e1db3f-1ebc-4f16-b2d8-8bce9c51b3db", "title": "Weather Station <= 3.8.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Weather Station", "slug": "live-weather-station", "affected_versions": { "* - 3.8.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1e1db3f-1ebc-4f16-b2d8-8bce9c51b3db?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1e421fb-4839-4e2d-911f-e2fa8c756744": { "id": "b1e421fb-4839-4e2d-911f-e2fa8c756744", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.8 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1e421fb-4839-4e2d-911f-e2fa8c756744?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1e51951-0e4c-44f3-a11b-13c0be984a7f": { "id": "b1e51951-0e4c-44f3-a11b-13c0be984a7f", "title": "WooCommerce Social Login <= 2.6.3 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "WooCommerce - Social Login", "slug": "woo-social-login", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1e51951-0e4c-44f3-a11b-13c0be984a7f?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1e7bb04-28b4-407c-910b-e37a7e26682e": { "id": "b1e7bb04-28b4-407c-910b-e37a7e26682e", "title": "Simple Googlebot Visit <= 1.2.4 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Simple Googlebot Visit", "slug": "simple-googlebot-visit", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1e7bb04-28b4-407c-910b-e37a7e26682e?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1e98d2d-20b1-4fff-96d4-0fb8e0d2615a": { "id": "b1e98d2d-20b1-4fff-96d4-0fb8e0d2615a", "title": "Delete All Comments <= 2.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Delete All Comments", "slug": "delete-all-comments", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1e98d2d-20b1-4fff-96d4-0fb8e0d2615a?source=api-scan" ], "published": "2016-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1ea7e04-d3b3-43fa-be9a-a2d5ac3e34c3": { "id": "b1ea7e04-d3b3-43fa-be9a-a2d5ac3e34c3", "title": "Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Site Verify", "slug": "simple-site-verify", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1ea7e04-d3b3-43fa-be9a-a2d5ac3e34c3?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1eae4fc-85d1-49ff-9f3b-bf0a3f424ee1": { "id": "b1eae4fc-85d1-49ff-9f3b-bf0a3f424ee1", "title": "Mail Masta <= 1.0 - SQL Injection via subscriber_email parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1eae4fc-85d1-49ff-9f3b-bf0a3f424ee1?source=api-scan" ], "published": "2017-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1eb6896-2de3-4d4d-9b5f-253aaffd193b": { "id": "b1eb6896-2de3-4d4d-9b5f-253aaffd193b", "title": "Ninja Tables \u2013 Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Ninja Tables \u2013 Easiest Data Table Builder", "slug": "ninja-tables", "affected_versions": { "* - 5.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1eb6896-2de3-4d4d-9b5f-253aaffd193b?source=api-scan" ], "published": "2024-08-26 18:30:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1ecfa60-9b43-4b70-bd60-278dfb0e7dbb": { "id": "b1ecfa60-9b43-4b70-bd60-278dfb0e7dbb", "title": "Contact Form Manager <= 1.4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form Manager", "slug": "contact-form-manager", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1ecfa60-9b43-4b70-bd60-278dfb0e7dbb?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1f17a83-1df0-44fe-bd86-243cff6ec91b": { "id": "b1f17a83-1df0-44fe-bd86-243cff6ec91b", "title": "ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution", "software": [ { "type": "plugin", "name": "ImageMagick Engine", "slug": "imagemagick-engine", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1f17a83-1df0-44fe-bd86-243cff6ec91b?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1f482d3-d2f6-4161-8bcf-3d43d5ac10ee": { "id": "b1f482d3-d2f6-4161-8bcf-3d43d5ac10ee", "title": "WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1f482d3-d2f6-4161-8bcf-3d43d5ac10ee?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1faa178-e4b1-4d2e-85f1-b852fbf3ab17": { "id": "b1faa178-e4b1-4d2e-85f1-b852fbf3ab17", "title": "Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX", "software": [ { "type": "plugin", "name": "Linkz.ai \u2013 Automatic link previews on hover", "slug": "linkz-ai", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1faa178-e4b1-4d2e-85f1-b852fbf3ab17?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b1faf343-1859-4bee-a2d5-f494f44c70ad": { "id": "b1faf343-1859-4bee-a2d5-f494f44c70ad", "title": "Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.4.34)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b1faf343-1859-4bee-a2d5-f494f44c70ad?source=api-scan" ], "published": "2021-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b20b4eba-54df-4e08-ba4c-96f8bb463125": { "id": "b20b4eba-54df-4e08-ba4c-96f8bb463125", "title": "Mercado Pago payments for WooCommerce <= 6.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mercado Pago payments for WooCommerce", "slug": "woocommerce-mercadopago", "affected_versions": { "* - 6.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b20b4eba-54df-4e08-ba4c-96f8bb463125?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b20e5257-1fb7-40b4-8ad8-798372b60972": { "id": "b20e5257-1fb7-40b4-8ad8-798372b60972", "title": "Easy FAQ with Expanding Text <= 3.2.8.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy FAQ with Expanding Text", "slug": "easy-faq-with-expanding-text", "affected_versions": { "* - 3.2.8.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b20e5257-1fb7-40b4-8ad8-798372b60972?source=api-scan" ], "published": "2022-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b20ec769-822a-4d9b-9824-6e29d3677ac3": { "id": "b20ec769-822a-4d9b-9824-6e29d3677ac3", "title": "Filr \u2013 Secure document library <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Filr \u2013 Secure document library", "slug": "filr-protection", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b20ec769-822a-4d9b-9824-6e29d3677ac3?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b20fa367-a12f-402a-a74a-2bb5fe090036": { "id": "b20fa367-a12f-402a-a74a-2bb5fe090036", "title": "Directorist <= 7.3.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b20fa367-a12f-402a-a74a-2bb5fe090036?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b211f05e-fc6a-4aaf-b75e-b044243f9176": { "id": "b211f05e-fc6a-4aaf-b75e-b044243f9176", "title": "GD Rating System <= 3.6 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b211f05e-fc6a-4aaf-b75e-b044243f9176?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2181c89-4f40-45b9-8c12-448ca263a2f2": { "id": "b2181c89-4f40-45b9-8c12-448ca263a2f2", "title": "BuddyPress Docs <= 2.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress Docs", "slug": "buddypress-docs", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2181c89-4f40-45b9-8c12-448ca263a2f2?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2286e96-59e1-465a-b600-8a88e9e97418": { "id": "b2286e96-59e1-465a-b600-8a88e9e97418", "title": "ARforms <= 6.4 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2286e96-59e1-465a-b600-8a88e9e97418?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b228f8b1-dd68-41ee-bc49-6a62e5267233": { "id": "b228f8b1-dd68-41ee-bc49-6a62e5267233", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_page_cache'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b228f8b1-dd68-41ee-bc49-6a62e5267233?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2296800-93d6-48fa-aa09-3d28fa6371d7": { "id": "b2296800-93d6-48fa-aa09-3d28fa6371d7", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ajax_deactivate'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2296800-93d6-48fa-aa09-3d28fa6371d7?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b22aaac4-39f1-482b-9fc7-79825cf2e818": { "id": "b22aaac4-39f1-482b-9fc7-79825cf2e818", "title": "WP Support Plus Responsive Ticket System <= 4.0 - JavaScript Injection", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b22aaac4-39f1-482b-9fc7-79825cf2e818?source=api-scan" ], "published": "2014-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2340ae3-3b22-4b14-9fce-4b845f2866b1": { "id": "b2340ae3-3b22-4b14-9fce-4b845f2866b1", "title": "Livemesh Addons for Elementor <= 6.7.1- Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 6.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2340ae3-3b22-4b14-9fce-4b845f2866b1?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b239185f-c368-4768-8f6a-ef9bc593929d": { "id": "b239185f-c368-4768-8f6a-ef9bc593929d", "title": "Yoast SEO: Local <= 14.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO: Local", "slug": "wpseo-local", "affected_versions": { "* - 14.8": { "from_version": "*", "from_inclusive": true, "to_version": "14.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b239185f-c368-4768-8f6a-ef9bc593929d?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b23989c2-6cd7-4e55-b019-324644e7521a": { "id": "b23989c2-6cd7-4e55-b019-324644e7521a", "title": "ARForms - Premium WordPress Form Builder <= 6.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 6.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b23989c2-6cd7-4e55-b019-324644e7521a?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b23ab054-11c9-4229-9adc-6eef6f81c3f9": { "id": "b23ab054-11c9-4229-9adc-6eef6f81c3f9", "title": "Rehub <= 19.6.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "theme", "name": "rehub-theme", "slug": "rehub-theme", "affected_versions": { "* - 19.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b23ab054-11c9-4229-9adc-6eef6f81c3f9?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b23afc11-c31d-4569-8f4b-8141eef7b3d9": { "id": "b23afc11-c31d-4569-8f4b-8141eef7b3d9", "title": "Custom Login <= 4.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Custom Login", "slug": "custom-login", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b23afc11-c31d-4569-8f4b-8141eef7b3d9?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b23d276c-69c5-47e0-99bd-f20ff1d45904": { "id": "b23d276c-69c5-47e0-99bd-f20ff1d45904", "title": "CM Answers <= 3.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Answers \u2013 Powerful WordPress Forum Plugin", "slug": "cm-answers", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b23d276c-69c5-47e0-99bd-f20ff1d45904?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b23d4868-068a-4ee9-8253-8f7063cdb03e": { "id": "b23d4868-068a-4ee9-8253-8f7063cdb03e", "title": "WP Google Maps < 7.10.43 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 7.10.41": { "from_version": "*", "from_inclusive": true, "to_version": "7.10.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.10.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b23d4868-068a-4ee9-8253-8f7063cdb03e?source=api-scan" ], "published": "2019-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b23e36f7-ee44-42c6-94b7-e943c6c4a3ad": { "id": "b23e36f7-ee44-42c6-94b7-e943c6c4a3ad", "title": "Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Search Logger \u2013 Know What Your Visitors Search", "slug": "search-logger", "affected_versions": { "* - 0.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b23e36f7-ee44-42c6-94b7-e943c6c4a3ad?source=api-scan" ], "published": "2022-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2401dd1-d132-4899-80fc-9281280806a2": { "id": "b2401dd1-d132-4899-80fc-9281280806a2", "title": "Easy Embed for HubSpot Forms, CTAs, Links, Files & add HubSpot to WP Search Results <= 1.1.0 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Easy Embed for HubSpot Forms, CTAs, Links, Files & add HubSpot to WP Search Results", "slug": "hub2word", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2401dd1-d132-4899-80fc-9281280806a2?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2413083-262c-4646-91fa-f9b51010f3e3": { "id": "b2413083-262c-4646-91fa-f9b51010f3e3", "title": "WP App Maker <= 1.0.16.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP App Maker", "slug": "wp-app-maker", "affected_versions": { "* - 1.0.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2413083-262c-4646-91fa-f9b51010f3e3?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2436028-9ac2-4232-bccf-26019a26e186": { "id": "b2436028-9ac2-4232-bccf-26019a26e186", "title": "ProfileGrid <= 5.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2436028-9ac2-4232-bccf-26019a26e186?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b243722e-6510-48bd-be26-95ccbe79fa57": { "id": "b243722e-6510-48bd-be26-95ccbe79fa57", "title": "Customer Reviews for WooCommerce <= 5.38.1 - Cross-Site Request Forgery via manual review reminders", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "[*, 5.38.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.38.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.38.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b243722e-6510-48bd-be26-95ccbe79fa57?source=api-scan" ], "published": "2023-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b24625d7-2a38-451b-ab79-a1d9c5b8822a": { "id": "b24625d7-2a38-451b-ab79-a1d9c5b8822a", "title": "Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5.1" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b24625d7-2a38-451b-ab79-a1d9c5b8822a?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b258fa40-4e76-4c84-b32f-e6c46fee770a": { "id": "b258fa40-4e76-4c84-b32f-e6c46fee770a", "title": "Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking", "slug": "tourfic", "affected_versions": { "* - 2.11.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b258fa40-4e76-4c84-b32f-e6c46fee770a?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2594fcc-ae07-4f3f-a4fe-0c19524b0193": { "id": "b2594fcc-ae07-4f3f-a4fe-0c19524b0193", "title": "Survey Maker \u2013 Best WordPress Survey Plugin <= 1.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2594fcc-ae07-4f3f-a4fe-0c19524b0193?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2642726-a878-46d1-9c17-a4c8f4d5e315": { "id": "b2642726-a878-46d1-9c17-a4c8f4d5e315", "title": "WordPress Sentinel <= 1.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Sentinel", "slug": "wordpress-sentinel", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2642726-a878-46d1-9c17-a4c8f4d5e315?source=api-scan" ], "published": "2011-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b266bd10-dbc6-4058-a5b2-1578c0814cb4": { "id": "b266bd10-dbc6-4058-a5b2-1578c0814cb4", "title": "Prevent files \/ folders access <= 2.5.1 - Authenticated (Administrator+) Arbitrary File Upload in mo_media_restrict_page", "software": [ { "type": "plugin", "name": "Prevent files \/ folders access", "slug": "prevent-file-access", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b266bd10-dbc6-4058-a5b2-1578c0814cb4?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2670e15-a71a-4800-882d-5d04faeaeee1": { "id": "b2670e15-a71a-4800-882d-5d04faeaeee1", "title": "Simple Download Monitor <= 3.8.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "* - 3.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2670e15-a71a-4800-882d-5d04faeaeee1?source=api-scan" ], "published": "2020-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2694fd0-0ad6-4b64-b332-aa7bc2f74cd5": { "id": "b2694fd0-0ad6-4b64-b332-aa7bc2f74cd5", "title": "Custom Map <= 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Map", "slug": "custom-map", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2694fd0-0ad6-4b64-b332-aa7bc2f74cd5?source=api-scan" ], "published": "2017-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b26996cf-acea-41fb-ad2f-167f41d31cea": { "id": "b26996cf-acea-41fb-ad2f-167f41d31cea", "title": "Malware Scanner <= 4.7.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Malware Scanner", "slug": "miniorange-malware-protection", "affected_versions": { "* - 4.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b26996cf-acea-41fb-ad2f-167f41d31cea?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b269a5c9-9f0e-4dba-a06e-2d8dd94643b4": { "id": "b269a5c9-9f0e-4dba-a06e-2d8dd94643b4", "title": "WP Ultimate Exporter < 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Export All Posts, Products, Orders, Refunds & Users", "slug": "wp-ultimate-exporter", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b269a5c9-9f0e-4dba-a06e-2d8dd94643b4?source=api-scan" ], "published": "2016-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b26d61de-651c-43de-ba90-33ef170755e0": { "id": "b26d61de-651c-43de-ba90-33ef170755e0", "title": "eventr <= 1.02.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Eventr", "slug": "eventr", "affected_versions": { "* - 1.02.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.02.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b26d61de-651c-43de-ba90-33ef170755e0?source=api-scan" ], "published": "2017-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b27201c7-453b-4953-b364-42ca7bf012f0": { "id": "b27201c7-453b-4953-b364-42ca7bf012f0", "title": "MailMunch \u2013 Grow your Email List <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailMunch \u2013 Grow your Email List", "slug": "mailmunch", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b27201c7-453b-4953-b364-42ca7bf012f0?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b27338c7-2fbc-4985-a25e-8e2a9fdef8c3": { "id": "b27338c7-2fbc-4985-a25e-8e2a9fdef8c3", "title": "Customer Service Software & Support Ticket System <= 5.12.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Customer Service Software & Support Ticket System", "slug": "wp-ticket", "affected_versions": { "[*, 5.13)": { "from_version": "*", "from_inclusive": true, "to_version": "5.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b27338c7-2fbc-4985-a25e-8e2a9fdef8c3?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b274af9b-071c-4f8d-a2e0-7f02b631c19a": { "id": "b274af9b-071c-4f8d-a2e0-7f02b631c19a", "title": "Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Securimage-WP-Fixed", "slug": "securimage-wp-fixed", "affected_versions": { "* - 3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b274af9b-071c-4f8d-a2e0-7f02b631c19a?source=api-scan" ], "published": "2021-08-11 14:40:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b27995b1-3321-4997-8a25-80c9488b8405": { "id": "b27995b1-3321-4997-8a25-80c9488b8405", "title": "WP Block and Stop Bad Bots <= 6.92 - SQL Injection", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "[*, 6.930)": { "from_version": "*", "from_inclusive": true, "to_version": "6.930", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.930" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b27995b1-3321-4997-8a25-80c9488b8405?source=api-scan" ], "published": "2022-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b27b2e40-c703-4fa0-bff0-788e7a0351c6": { "id": "b27b2e40-c703-4fa0-bff0-788e7a0351c6", "title": "Welcart e-Commerce <= 2.8.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b27b2e40-c703-4fa0-bff0-788e7a0351c6?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b280155e-6d07-448d-922c-4a0ea21f4992": { "id": "b280155e-6d07-448d-922c-4a0ea21f4992", "title": "Biometric Login for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Biometric Login For WooCommerce", "slug": "biometric-login-for-woocommerce", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b280155e-6d07-448d-922c-4a0ea21f4992?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2839fdc-5904-4c3b-894f-7bf7e8b2986a": { "id": "b2839fdc-5904-4c3b-894f-7bf7e8b2986a", "title": "Campaign URL Builder <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Campaign URL Builder", "slug": "campaign-url-builder", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2839fdc-5904-4c3b-894f-7bf7e8b2986a?source=api-scan" ], "published": "2023-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2840b9e-1baf-460c-ba11-43e4279ece27": { "id": "b2840b9e-1baf-460c-ba11-43e4279ece27", "title": "Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.38": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2840b9e-1baf-460c-ba11-43e4279ece27?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2849cb5-9277-460d-a429-6253c98c1554": { "id": "b2849cb5-9277-460d-a429-6253c98c1554", "title": "College publisher Import <= 0.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "College publisher Import", "slug": "college-publisher-import", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2849cb5-9277-460d-a429-6253c98c1554?source=api-scan" ], "published": "2021-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b28ba929-d057-43f9-b839-62347c06c1bd": { "id": "b28ba929-d057-43f9-b839-62347c06c1bd", "title": "WP Spell Check <= 9.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Spell Check", "slug": "wp-spell-check", "affected_versions": { "[*, 9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b28ba929-d057-43f9-b839-62347c06c1bd?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b290e792-2473-4ba5-b66c-b6ca65445c0e": { "id": "b290e792-2473-4ba5-b66c-b6ca65445c0e", "title": "Responsive Starter Templates \u2013 Elementor & WordPress Templates <= 2.6.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.", "slug": "responsive-add-ons", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b290e792-2473-4ba5-b66c-b6ca65445c0e?source=api-scan" ], "published": "2022-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b29113d6-7a9a-4e10-a446-147ec146ac93": { "id": "b29113d6-7a9a-4e10-a446-147ec146ac93", "title": "News Announcement Scroll <= 9.0.0 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "News Announcement Scroll", "slug": "news-announcement-scroll", "affected_versions": { "* - 9.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b29113d6-7a9a-4e10-a446-147ec146ac93?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b29144f7-08cb-4703-a977-4fece763abbd": { "id": "b29144f7-08cb-4703-a977-4fece763abbd", "title": "Democracy Poll <= 6.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Democracy Poll", "slug": "democracy-poll", "affected_versions": { "* - 6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b29144f7-08cb-4703-a977-4fece763abbd?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b291ed6f-0998-40fc-a628-4df6416c9fc4": { "id": "b291ed6f-0998-40fc-a628-4df6416c9fc4", "title": "A Page Flip Book < 3.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "A Page Flip Book", "slug": "wppageflip", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b291ed6f-0998-40fc-a628-4df6416c9fc4?source=api-scan" ], "published": "2012-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b297a6f3-7743-4b86-bd72-93ea0cd85bfa": { "id": "b297a6f3-7743-4b86-bd72-93ea0cd85bfa", "title": "SEOPress <= 7.7.2 - Authenticated (Contributor+) Open Redirect", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 7.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b297a6f3-7743-4b86-bd72-93ea0cd85bfa?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b29dcd7a-a0bc-4983-85ba-6ebf2c405ceb": { "id": "b29dcd7a-a0bc-4983-85ba-6ebf2c405ceb", "title": "Quiz and Survey Master <= 8.1.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b29dcd7a-a0bc-4983-85ba-6ebf2c405ceb?source=api-scan" ], "published": "2023-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2a537a9-a1db-465e-8e04-2306e0d6998c": { "id": "b2a537a9-a1db-465e-8e04-2306e0d6998c", "title": "WP JobSearch <= 1.7.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Careerfy", "slug": "careerfy", "affected_versions": { "[*, 1.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2a537a9-a1db-465e-8e04-2306e0d6998c?source=api-scan" ], "published": "2021-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2a825e4-3ffc-4412-81f4-6992dbbe756b": { "id": "b2a825e4-3ffc-4412-81f4-6992dbbe756b", "title": "Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access \/ Local File Inclusion", "software": [ { "type": "plugin", "name": "Custom Content Shortcode", "slug": "custom-content-shortcode", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2a825e4-3ffc-4412-81f4-6992dbbe756b?source=api-scan" ], "published": "2022-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2a98c69-5f76-41f4-8a12-0523285647fb": { "id": "b2a98c69-5f76-41f4-8a12-0523285647fb", "title": "All in One SEO <= 4.1.0.1 - Authenticated Code Injection", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "[*, 4.1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2a98c69-5f76-41f4-8a12-0523285647fb?source=api-scan" ], "published": "2021-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2ab2178-7438-43ef-961e-b54d0d230f4a": { "id": "b2ab2178-7438-43ef-961e-b54d0d230f4a", "title": "Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Authentication Bypass and Privilege Escalation", "software": [ { "type": "plugin", "name": "Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha", "slug": "feather-login-page", "affected_versions": { "1.0.7 - 1.1.1": { "from_version": "1.0.7", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2ab2178-7438-43ef-961e-b54d0d230f4a?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2ac2e50-1eef-46e6-8d57-c9d2dc04f933": { "id": "b2ac2e50-1eef-46e6-8d57-c9d2dc04f933", "title": "WordPress Calls to Action < 2.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Calls to Action", "slug": "cta", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2ac2e50-1eef-46e6-8d57-c9d2dc04f933?source=api-scan" ], "published": "2015-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2acd36d-013b-4833-95ea-27d6b6db64a0": { "id": "b2acd36d-013b-4833-95ea-27d6b6db64a0", "title": "ElementInvader Addons for Elementor <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementInvader Addons for Elementor", "slug": "elementinvader-addons-for-elementor", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2acd36d-013b-4833-95ea-27d6b6db64a0?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2ae4226-0089-47fb-87b9-94e9faf764e4": { "id": "b2ae4226-0089-47fb-87b9-94e9faf764e4", "title": "Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.272": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.272", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.274" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2ae4226-0089-47fb-87b9-94e9faf764e4?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2af416b-4510-468f-81ef-aa09f2fd51ac": { "id": "b2af416b-4510-468f-81ef-aa09f2fd51ac", "title": "Post to CSV by BestWebSoft < 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post to CSV by BestWebSoft", "slug": "post-to-csv", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2af416b-4510-468f-81ef-aa09f2fd51ac?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2b0c5f9-b734-41e6-8ecb-4cf3d891ddb7": { "id": "b2b0c5f9-b734-41e6-8ecb-4cf3d891ddb7", "title": "Google XML Sitemap for Mobile <= 1.6.1 - Cross-Site Request Forgery via mobile_sitemap_generate", "software": [ { "type": "plugin", "name": "Google XML Sitemap for Mobile", "slug": "google-mobile-sitemap", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2b0c5f9-b734-41e6-8ecb-4cf3d891ddb7?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2b1db53-227c-4887-b24d-37c0d2bedf69": { "id": "b2b1db53-227c-4887-b24d-37c0d2bedf69", "title": "YaySMTP \u2013 Simple WP SMTP Mail <= 2.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YaySMTP \u2013 WP SMTP Plugin with Full Email Log & 15+ SMTP Services", "slug": "yaysmtp", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2b1db53-227c-4887-b24d-37c0d2bedf69?source=api-scan" ], "published": "2022-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2b62226-cf9b-4713-9734-67bf1c48895b": { "id": "b2b62226-cf9b-4713-9734-67bf1c48895b", "title": "Conversador <= 2.61 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Conversador", "slug": "conversador", "affected_versions": { "* - 2.61": { "from_version": "*", "from_inclusive": true, "to_version": "2.61", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2b62226-cf9b-4713-9734-67bf1c48895b?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2bdb698-3a07-4e8b-a498-b156accadc0a": { "id": "b2bdb698-3a07-4e8b-a498-b156accadc0a", "title": "Read More Without Refresh <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Read More Without Refresh", "slug": "read-more-without-refresh", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2bdb698-3a07-4e8b-a498-b156accadc0a?source=api-scan" ], "published": "2020-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2c03142-be30-4173-a140-14d73a16dd2b": { "id": "b2c03142-be30-4173-a140-14d73a16dd2b", "title": "MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MW WP Form", "slug": "mw-wp-form", "affected_versions": { "* - 5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2c03142-be30-4173-a140-14d73a16dd2b?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2c702a5-8677-49f3-8824-1e8345ff54ed": { "id": "b2c702a5-8677-49f3-8824-1e8345ff54ed", "title": "Blogger Importer <= 0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Blogger Importer", "slug": "blogger-importer", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2c702a5-8677-49f3-8824-1e8345ff54ed?source=api-scan" ], "published": "2013-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2c83287-13ca-4fdc-95b6-97da150b0c09": { "id": "b2c83287-13ca-4fdc-95b6-97da150b0c09", "title": "WP Meta SEO <= 4.5.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2c83287-13ca-4fdc-95b6-97da150b0c09?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2ce9854-06df-44a8-b998-de21bf52a5d8": { "id": "b2ce9854-06df-44a8-b998-de21bf52a5d8", "title": "Post Category Image With Grid and Slider <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Post Category Image With Grid and Slider", "slug": "post-category-image-with-grid-and-slider", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2ce9854-06df-44a8-b998-de21bf52a5d8?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2cea890-b131-47cd-9050-a484fb1895f6": { "id": "b2cea890-b131-47cd-9050-a484fb1895f6", "title": "5 Star (Unspecified Version) - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "theme", "name": "5 Star Hotel", "slug": "5star", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2cea890-b131-47cd-9050-a484fb1895f6?source=api-scan" ], "published": "2014-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2d20052-184e-473d-8e5b-46b7dd270c52": { "id": "b2d20052-184e-473d-8e5b-46b7dd270c52", "title": "Sangar Slider <= 1.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Responsive Slider \u2013 Sangar Slider", "slug": "sangar-slider-lite", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2d20052-184e-473d-8e5b-46b7dd270c52?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2d26156-b88c-4cae-a830-be765e1f1473": { "id": "b2d26156-b88c-4cae-a830-be765e1f1473", "title": "Simple File List <= 4.2.7 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2d26156-b88c-4cae-a830-be765e1f1473?source=api-scan" ], "published": "2020-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2d31521-5fe1-48ce-881c-4cacdbe08f21": { "id": "b2d31521-5fe1-48ce-881c-4cacdbe08f21", "title": "HMS Testimonials < 2.0.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HMS Testimonials", "slug": "hms-testimonials", "affected_versions": { "[*, 2.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2d31521-5fe1-48ce-881c-4cacdbe08f21?source=api-scan" ], "published": "2013-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2dee8d2-e1ab-455c-b922-92881f62fc5c": { "id": "b2dee8d2-e1ab-455c-b922-92881f62fc5c", "title": "Paid Memberships Pro - Courses for Membership Add On <= 1.2.3 - Missing Authorization to Authenticated (Subscriber+) Course Modifications", "software": [ { "type": "plugin", "name": "Premium Courses & eLearning with Paid Memberships Pro for LearnDash, LifterLMS, Sensei LMS & TutorLMS", "slug": "pmpro-courses", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2dee8d2-e1ab-455c-b922-92881f62fc5c?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2e336d3-edd9-4664-bfa5-deec4064ee0b": { "id": "b2e336d3-edd9-4664-bfa5-deec4064ee0b", "title": "Lightbox & Modal Popup WordPress Plugin \u2013 FooBox (Free and Premium) <= 2.7.27 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lightbox & Modal Popup WordPress Plugin \u2013 FooBox Premium", "slug": "foobox-image-lightbox-premium", "affected_versions": { "* - 2.7.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.28" ] }, { "type": "plugin", "name": "Lightbox & Modal Popup WordPress Plugin \u2013 FooBox", "slug": "foobox-image-lightbox", "affected_versions": { "* - 2.7.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2e336d3-edd9-4664-bfa5-deec4064ee0b?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2e76535-b97e-4104-8e90-ac21348b34ef": { "id": "b2e76535-b97e-4104-8e90-ac21348b34ef", "title": "User meta shortcodes <= 0.5 - Improper Access Control", "software": [ { "type": "plugin", "name": "User meta shortcodes", "slug": "user-meta-shortcodes", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2e76535-b97e-4104-8e90-ac21348b34ef?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2e8f9b7-1fce-46be-8198-eeff58a563c6": { "id": "b2e8f9b7-1fce-46be-8198-eeff58a563c6", "title": "Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premmerce Redirect Manager", "slug": "premmerce-redirect-manager", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2e8f9b7-1fce-46be-8198-eeff58a563c6?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2ec7d77-fe50-4bb2-a57b-6ee4246805f9": { "id": "b2ec7d77-fe50-4bb2-a57b-6ee4246805f9", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadSettings' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2ec7d77-fe50-4bb2-a57b-6ee4246805f9?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2ef036e-14a5-40df-93c3-ab1a1d9accc0": { "id": "b2ef036e-14a5-40df-93c3-ab1a1d9accc0", "title": "WordPress RokBox <= 2.13 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress RokBox", "slug": "wp_rokbox", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2ef036e-14a5-40df-93c3-ab1a1d9accc0?source=api-scan" ], "published": "2012-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2ef0410-3f8d-40e1-9188-43ec4e7077cd": { "id": "b2ef0410-3f8d-40e1-9188-43ec4e7077cd", "title": "Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Disable Comments | WPZest", "slug": "disable-comments-wpz", "affected_versions": { "* - 1.51": { "from_version": "*", "from_inclusive": true, "to_version": "1.51", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2ef0410-3f8d-40e1-9188-43ec4e7077cd?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2f16704-6c96-4ff1-b1b1-75c4f16df039": { "id": "b2f16704-6c96-4ff1-b1b1-75c4f16df039", "title": "WP Mobile Detector <= 3.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Mobile Detector", "slug": "wp-mobile-detector", "affected_versions": { "[*, 3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2f16704-6c96-4ff1-b1b1-75c4f16df039?source=api-scan" ], "published": "2015-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2f3c007-6ecc-4003-87ed-352984b9a83c": { "id": "b2f3c007-6ecc-4003-87ed-352984b9a83c", "title": "GDPR Cookie Consent & Compliance Notice <= 1.8.2 - Authenticated Stored Cross-Site Scripting and Authorization Bypass", "software": [ { "type": "plugin", "name": "CookieYes \u2013 Cookie Banner for Cookie Consent (Easy to setup GDPR\/CCPA Compliant Cookie Notice)", "slug": "cookie-law-info", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2f3c007-6ecc-4003-87ed-352984b9a83c?source=api-scan" ], "published": "2020-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2f4efa2-ddf6-46a7-9bde-aa1bcbbd2999": { "id": "b2f4efa2-ddf6-46a7-9bde-aa1bcbbd2999", "title": "Launcher: Coming Soon & Maintenance Mode <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Launcher: Coming Soon & Maintenance Mode", "slug": "launcher", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2f4efa2-ddf6-46a7-9bde-aa1bcbbd2999?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b2ff2954-f494-4cd7-9f29-ee0e8551e339": { "id": "b2ff2954-f494-4cd7-9f29-ee0e8551e339", "title": "Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_wishlist", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.87": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b30261e0-1fa1-4794-98f6-851532b7615c": { "id": "b30261e0-1fa1-4794-98f6-851532b7615c", "title": "GiveWP <= 2.25.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b30261e0-1fa1-4794-98f6-851532b7615c?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3083afd-ca84-4088-8e72-95254d56a0c0": { "id": "b3083afd-ca84-4088-8e72-95254d56a0c0", "title": "WordPress File Upload < 2.4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3083afd-ca84-4088-8e72-95254d56a0c0?source=api-scan" ], "published": "2014-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b30ac1b0-eae2-4194-bf8e-ae73b4236965": { "id": "b30ac1b0-eae2-4194-bf8e-ae73b4236965", "title": "wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase\/Decrease", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b30ac1b0-eae2-4194-bf8e-ae73b4236965?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b316094a-0d69-4712-a395-037ce6f2e59b": { "id": "b316094a-0d69-4712-a395-037ce6f2e59b", "title": "HelloAsso <= 1.1.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "HelloAsso", "slug": "helloasso", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b316094a-0d69-4712-a395-037ce6f2e59b?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b31a54f1-de87-49ac-bce1-e0ea295af325": { "id": "b31a54f1-de87-49ac-bce1-e0ea295af325", "title": "Slide Anything \u2013 Responsive Content \/ HTML Slider and Carousel <= 2.3.46 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slide Anything \u2013 Responsive Content \/ HTML Slider and Carousel", "slug": "slide-anything", "affected_versions": { "* - 2.3.46": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b31a54f1-de87-49ac-bce1-e0ea295af325?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b31d1d82-d0ee-465c-b56b-381df3b6fcfc": { "id": "b31d1d82-d0ee-465c-b56b-381df3b6fcfc", "title": "Kahuna <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Kahuna", "slug": "kahuna", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b31d1d82-d0ee-465c-b56b-381df3b6fcfc?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b323d910-23f6-41e2-9d64-d60398994996": { "id": "b323d910-23f6-41e2-9d64-d60398994996", "title": "PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Unauthorized Access Controls", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "[*, 2.4.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b323d910-23f6-41e2-9d64-d60398994996?source=api-scan" ], "published": "2021-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3247bb3-3d9a-49b5-99ec-f4b305d37ae5": { "id": "b3247bb3-3d9a-49b5-99ec-f4b305d37ae5", "title": "WordPress Download Manager <= 2.7.94 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 2.7.94": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.94", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.95" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3247bb3-3d9a-49b5-99ec-f4b305d37ae5?source=api-scan" ], "published": "2015-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3267339-2f28-40b9-b6ff-fdfe0d67bdc8": { "id": "b3267339-2f28-40b9-b6ff-fdfe0d67bdc8", "title": "Social Metrics <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Metrics", "slug": "social-metrics", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3267339-2f28-40b9-b6ff-fdfe0d67bdc8?source=api-scan" ], "published": "2023-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b331c32e-7341-458b-80be-574cfa915159": { "id": "b331c32e-7341-458b-80be-574cfa915159", "title": "Caddy <= 1.9.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Caddy \u2013 Smart Side Cart for WooCommerce", "slug": "caddy", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b331c32e-7341-458b-80be-574cfa915159?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3325317-4ce7-468d-aee7-9b40fdf61d3c": { "id": "b3325317-4ce7-468d-aee7-9b40fdf61d3c", "title": "FV Flowplayer Video Player <= 6.0.3.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 6.0.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3325317-4ce7-468d-aee7-9b40fdf61d3c?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b335fc19-2998-4711-8813-6cb68d7447bd": { "id": "b335fc19-2998-4711-8813-6cb68d7447bd", "title": "ProfileGrid <= 5.5.1 - Missing Authorization to User Import", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b335fc19-2998-4711-8813-6cb68d7447bd?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b33760d8-323a-4d0b-9a54-b84152bd4367": { "id": "b33760d8-323a-4d0b-9a54-b84152bd4367", "title": "YOP Poll <= 5.7.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "* - 5.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b33760d8-323a-4d0b-9a54-b84152bd4367?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b33bf55c-0397-44a2-8c18-ea5f8f1e2ec9": { "id": "b33bf55c-0397-44a2-8c18-ea5f8f1e2ec9", "title": "AI ChatBot <= 4.4.7 - Missing Authorization on openai_settings_option_callback", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b33bf55c-0397-44a2-8c18-ea5f8f1e2ec9?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b33fd509-1cc3-48de-bd4a-7c9749da1cf8": { "id": "b33fd509-1cc3-48de-bd4a-7c9749da1cf8", "title": "SliceWP <= 1.1.18 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliate Program Suite \u2014 SliceWP Affiliates", "slug": "slicewp", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b33fd509-1cc3-48de-bd4a-7c9749da1cf8?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b340eda1-e9d2-40b6-89f9-41d995ce3555": { "id": "b340eda1-e9d2-40b6-89f9-41d995ce3555", "title": "EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b340eda1-e9d2-40b6-89f9-41d995ce3555?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3439710-1159-4677-93c9-14bacfbf0b55": { "id": "b3439710-1159-4677-93c9-14bacfbf0b55", "title": "WP jQuery Lightbox <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute", "software": [ { "type": "plugin", "name": "LightPress Lightbox", "slug": "wp-jquery-lightbox", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3439710-1159-4677-93c9-14bacfbf0b55?source=api-scan" ], "published": "2024-06-06 15:00:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3451ed9-9a9a-443f-b1ce-dcd07bd3e6ce": { "id": "b3451ed9-9a9a-443f-b1ce-dcd07bd3e6ce", "title": "WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP MLM SOFTWARE PLUGIN", "slug": "wp-mlm", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3451ed9-9a9a-443f-b1ce-dcd07bd3e6ce?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3461327-9195-48ed-b9c3-7b33198e9438": { "id": "b3461327-9195-48ed-b9c3-7b33198e9438", "title": "LH Add Media From Url <= 1.23 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LH Add Media From Url", "slug": "lh-add-media-from-url", "affected_versions": { "* - 1.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3461327-9195-48ed-b9c3-7b33198e9438?source=api-scan" ], "published": "2024-08-20 17:25:05", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3498ebe-5e13-4ced-b92d-4908b8775996": { "id": "b3498ebe-5e13-4ced-b92d-4908b8775996", "title": "Greenshift \u2013 animation and page builder blocks <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Greenshift \u2013 animation and page builder blocks", "slug": "greenshift-animation-and-page-builder-blocks", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3498ebe-5e13-4ced-b92d-4908b8775996?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b34a82c5-4d70-47d3-9a02-7eeaa13ff677": { "id": "b34a82c5-4d70-47d3-9a02-7eeaa13ff677", "title": "Ajax Search Pro <= 4.18.7 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ajax Search Pro", "slug": "ajax-search-pro", "affected_versions": { "* - 4.18.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.18.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b34a82c5-4d70-47d3-9a02-7eeaa13ff677?source=api-scan" ], "published": "2020-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b350a20e-6f86-4760-9092-27a4b365b590": { "id": "b350a20e-6f86-4760-9092-27a4b365b590", "title": "All-in-One Video Gallery <= 3.5.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "All-in-One Video Gallery", "slug": "all-in-one-video-gallery", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b350a20e-6f86-4760-9092-27a4b365b590?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3523535-6938-4922-8126-8386861ca512": { "id": "b3523535-6938-4922-8126-8386861ca512", "title": "GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "GMAce", "slug": "gmace", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3523535-6938-4922-8126-8386861ca512?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b352b2e4-8d72-4ebd-8dcd-8e2740759f3e": { "id": "b352b2e4-8d72-4ebd-8dcd-8e2740759f3e", "title": "WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Contacts Manager", "slug": "wp-contacts-manager", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b352b2e4-8d72-4ebd-8dcd-8e2740759f3e?source=api-scan" ], "published": "2022-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b352be87-ea61-4666-a4d0-cf93fef40e33": { "id": "b352be87-ea61-4666-a4d0-cf93fef40e33", "title": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 5.0.4 - Cross-Site Request Forgery in rttpg_spare_me", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b352be87-ea61-4666-a4d0-cf93fef40e33?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3533123-a141-4a15-b8cd-46a2870ecbd6": { "id": "b3533123-a141-4a15-b8cd-46a2870ecbd6", "title": "Clone <= 2.4.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Clone", "slug": "wp-clone-by-wp-academy", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3533123-a141-4a15-b8cd-46a2870ecbd6?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3552de0-3e0b-4529-a757-a31c69a06122": { "id": "b3552de0-3e0b-4529-a757-a31c69a06122", "title": "Advanced Custom Fields <= 6.3.8 & Secure Custom Fields <= 6.3.6.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 6.3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.6.3" ] }, { "type": "plugin", "name": "Advanced Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 6.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.6", "to_inclusive": true }, "6.3.7": { "from_version": "6.3.7", "from_inclusive": true, "to_version": "6.3.7", "to_inclusive": true }, "6.3.8": { "from_version": "6.3.8", "from_inclusive": true, "to_version": "6.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.9" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "* - 6.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3552de0-3e0b-4529-a757-a31c69a06122?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b35e5228-7f1a-43e1-b65d-d13bdd6bcfaf": { "id": "b35e5228-7f1a-43e1-b65d-d13bdd6bcfaf", "title": "Donation Button <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donation Button", "slug": "donation-button", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b35e5228-7f1a-43e1-b65d-d13bdd6bcfaf?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b35ee801-f04d-4b22-8238-053b02a6ee0c": { "id": "b35ee801-f04d-4b22-8238-053b02a6ee0c", "title": "WP Express Checkout <= 2.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting via pec_coupon[code]", "software": [ { "type": "plugin", "name": "WP Express Checkout (Accept PayPal Payments Easily)", "slug": "wp-express-checkout", "affected_versions": { "2.2.8": { "from_version": "2.2.8", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b35ee801-f04d-4b22-8238-053b02a6ee0c?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3603994-b12e-4360-a3aa-b93e80ac927b": { "id": "b3603994-b12e-4360-a3aa-b93e80ac927b", "title": "PowerPack Lite for Beaver Builder <= 1.3.0.3 - Authenticated (Editor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "PowerPack Lite for Beaver Builder", "slug": "powerpack-addon-for-beaver-builder", "affected_versions": { "* - 1.3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3603994-b12e-4360-a3aa-b93e80ac927b?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b36303d6-ad28-4354-9f60-acc7df15f468": { "id": "b36303d6-ad28-4354-9f60-acc7df15f468", "title": "Quick Paypal Payments <= 5.7.25 - Authenticated (Contributor+) Cross Site Scripting", "software": [ { "type": "plugin", "name": "Quick Paypal Payments", "slug": "quick-paypal-payments", "affected_versions": { "* - 5.7.25": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b36303d6-ad28-4354-9f60-acc7df15f468?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3669af4-06b4-4088-ae23-c167ba65f79c": { "id": "b3669af4-06b4-4088-ae23-c167ba65f79c", "title": "WP Safe Search <= 0.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Safe Search", "slug": "wp-safe-search", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3669af4-06b4-4088-ae23-c167ba65f79c?source=api-scan" ], "published": "2010-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b36b9b8a-41b0-4b57-92c7-5acebe2b0bae": { "id": "b36b9b8a-41b0-4b57-92c7-5acebe2b0bae", "title": "WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments", "software": [ { "type": "plugin", "name": "WP To Do", "slug": "wp-todo", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b36b9b8a-41b0-4b57-92c7-5acebe2b0bae?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b36e94e4-b1e8-4803-9377-c4d710b029de": { "id": "b36e94e4-b1e8-4803-9377-c4d710b029de", "title": "WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b36e94e4-b1e8-4803-9377-c4d710b029de?source=api-scan" ], "published": "2023-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b37087a4-83b2-4355-89f0-6ff0aa8d0013": { "id": "b37087a4-83b2-4355-89f0-6ff0aa8d0013", "title": "KBucket: Your Curated Content in WordPress <= 4.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "KBucket: Your Curated Content in WordPress", "slug": "kbucket", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b37087a4-83b2-4355-89f0-6ff0aa8d0013?source=api-scan" ], "published": "2024-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3758f06-2b69-458f-a7c8-f604f0fbda31": { "id": "b3758f06-2b69-458f-a7c8-f604f0fbda31", "title": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.60 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "[*, 6.60)": { "from_version": "*", "from_inclusive": true, "to_version": "6.60", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3758f06-2b69-458f-a7c8-f604f0fbda31?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b37766e2-95d2-4a95-9381-ed65ce09b3d6": { "id": "b37766e2-95d2-4a95-9381-ed65ce09b3d6", "title": "Workreap < 2.6.3 - Insecure Direct Objection Reference to Private Message Disclosure", "software": [ { "type": "theme", "name": "Workreap - Freelance Marketplace and Directory WordPress Theme", "slug": "workreap", "affected_versions": { "[*, 2.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b37766e2-95d2-4a95-9381-ed65ce09b3d6?source=api-scan" ], "published": "2022-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b37a2260-0791-435d-8413-2bf68c388906": { "id": "b37a2260-0791-435d-8413-2bf68c388906", "title": "Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Awesome Filterable Portfolio", "slug": "awesome-filterable-portfolio", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b37a2260-0791-435d-8413-2bf68c388906?source=api-scan" ], "published": "2022-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b37e6b44-810a-49c8-8903-30a9e228027d": { "id": "b37e6b44-810a-49c8-8903-30a9e228027d", "title": "Simple Share Buttons Adder <= 4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Share Buttons Adder", "slug": "simple-share-buttons-adder", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b37e6b44-810a-49c8-8903-30a9e228027d?source=api-scan" ], "published": "2014-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b37fc473-d71e-47d6-b0fe-e323868244f1": { "id": "b37fc473-d71e-47d6-b0fe-e323868244f1", "title": "iFrame <= 3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iframe", "slug": "iframe", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b37fc473-d71e-47d6-b0fe-e323868244f1?source=api-scan" ], "published": "2015-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b380283c-0dbb-4d67-9f66-cb7c400c0427": { "id": "b380283c-0dbb-4d67-9f66-cb7c400c0427", "title": "Backup Migration 1.0.8 - 1.3.9 - Remote File Inclusion via content-dir", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "1.0.8 - 1.3.9": { "from_version": "1.0.8", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b380283c-0dbb-4d67-9f66-cb7c400c0427?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b38a69c7-91d4-43be-8650-eb1f0029bd44": { "id": "b38a69c7-91d4-43be-8650-eb1f0029bd44", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.31": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b38a69c7-91d4-43be-8650-eb1f0029bd44?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3900e4f-4ae4-4026-89df-b63bd869a763": { "id": "b3900e4f-4ae4-4026-89df-b63bd869a763", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in disableOptimization", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3900e4f-4ae4-4026-89df-b63bd869a763?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b399929a-db33-419f-9218-b86ee88a9f1a": { "id": "b399929a-db33-419f-9218-b86ee88a9f1a", "title": "Download Manager <= 3.2.46 - Contributor+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.46": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b399929a-db33-419f-9218-b86ee88a9f1a?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b39d66de-6d83-4fb5-a78c-c46e4540c48c": { "id": "b39d66de-6d83-4fb5-a78c-c46e4540c48c", "title": "Woocommerce Customers Order History <= 5.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Woocommerce Customers Order History", "slug": "woo-customers-order-history", "affected_versions": { "* - 5.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b39d66de-6d83-4fb5-a78c-c46e4540c48c?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b39e17c5-711f-4229-90f4-213ea65a190d": { "id": "b39e17c5-711f-4229-90f4-213ea65a190d", "title": "Ocean Extra <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b39e17c5-711f-4229-90f4-213ea65a190d?source=api-scan" ], "published": "2024-06-10 20:23:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b39f4467-4764-4850-bdcc-b359a6544b42": { "id": "b39f4467-4764-4850-bdcc-b359a6544b42", "title": "LifterLMS Wordpress Plugin <= 3.37.14 - Arbitrary File Write", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "[*, 3.37.15)": { "from_version": "*", "from_inclusive": true, "to_version": "3.37.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.37.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b39f4467-4764-4850-bdcc-b359a6544b42?source=api-scan" ], "published": "2020-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3a670f7-7eca-4e66-9bc9-3c1e92b0c8d7": { "id": "b3a670f7-7eca-4e66-9bc9-3c1e92b0c8d7", "title": "Quick Paypal Payments <= 5.7.25 - Unauthenticated Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Quick Paypal Payments", "slug": "quick-paypal-payments", "affected_versions": { "[*, 5.7.26)": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.26", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.7.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3a670f7-7eca-4e66-9bc9-3c1e92b0c8d7?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3a77b7a-65ad-4334-99c9-92cc79e60bee": { "id": "b3a77b7a-65ad-4334-99c9-92cc79e60bee", "title": "Appointment Hour Booking <= 1.3.72 - CSV Injection", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "* - 1.3.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3a77b7a-65ad-4334-99c9-92cc79e60bee?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3a83683-c159-4af1-b3ba-881a107d9ad6": { "id": "b3a83683-c159-4af1-b3ba-881a107d9ad6", "title": "Joli Table of Contents <= 1.3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Joli Table Of Contents", "slug": "joli-table-of-contents", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3a83683-c159-4af1-b3ba-881a107d9ad6?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3aa7b27-a335-4f82-a50a-45becdd5ef4e": { "id": "b3aa7b27-a335-4f82-a50a-45becdd5ef4e", "title": "Modern Events Calendar Lite <= 5.16.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 5.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3aa7b27-a335-4f82-a50a-45becdd5ef4e?source=api-scan" ], "published": "2021-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3abd265-f1b0-49e5-ba50-5af91e855f5f": { "id": "b3abd265-f1b0-49e5-ba50-5af91e855f5f", "title": "Wu-Rating <= 1.0 12319 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wu-Rating", "slug": "wu-rating", "affected_versions": { "* - 1.0 12319": { "from_version": "*", "from_inclusive": true, "to_version": "1.0 12319", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3abd265-f1b0-49e5-ba50-5af91e855f5f?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3af900c-4048-4f4f-93e9-c60ca34d015b": { "id": "b3af900c-4048-4f4f-93e9-c60ca34d015b", "title": "WP HTML Mail < 2.9.1 - HTML Injection", "software": [ { "type": "plugin", "name": "Email Template Designer \u2013 WP HTML Mail", "slug": "wp-html-mail", "affected_versions": { "[*, 2.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3af900c-4048-4f4f-93e9-c60ca34d015b?source=api-scan" ], "published": "2019-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3b23544-71de-4da8-9fd5-6d9ef995ad7b": { "id": "b3b23544-71de-4da8-9fd5-6d9ef995ad7b", "title": "Himer <= 2.1.0 - Cross-Site Request Forgery to Poll Voting", "software": [ { "type": "theme", "name": "Himer - Social Questions and Answers WordPress Theme", "slug": "himer", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3b23544-71de-4da8-9fd5-6d9ef995ad7b?source=api-scan" ], "published": "2024-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3b39055-aa2a-4db8-838b-e4baaea105b4": { "id": "b3b39055-aa2a-4db8-838b-e4baaea105b4", "title": "Real WYSIWYG <= 0.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real WYSIWYG", "slug": "real-wysiwyg", "affected_versions": { "* - 0.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3b39055-aa2a-4db8-838b-e4baaea105b4?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3b9ccb1-3854-4aa6-9f03-ff7f861ecc14": { "id": "b3b9ccb1-3854-4aa6-9f03-ff7f861ecc14", "title": "Theme Tuner < 0.8 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Theme Tuner", "slug": "theme-tuner", "affected_versions": { "[*, 0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3b9ccb1-3854-4aa6-9f03-ff7f861ecc14?source=api-scan" ], "published": "2012-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3bae191-9395-481c-93bf-b17cf5f87271": { "id": "b3bae191-9395-481c-93bf-b17cf5f87271", "title": "Chained Quiz <= 1.1.9 -Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3bae191-9395-481c-93bf-b17cf5f87271?source=api-scan" ], "published": "2020-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3c070be-e955-4076-9878-0b1044766397": { "id": "b3c070be-e955-4076-9878-0b1044766397", "title": "Sticky Buttons <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sticky Buttons \u2013 floating buttons builder", "slug": "sticky-buttons", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3c070be-e955-4076-9878-0b1044766397?source=api-scan" ], "published": "2024-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474": { "id": "b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474", "title": "coreActivity <= 2.0.1 - IP Spoofing", "software": [ { "type": "plugin", "name": "coreActivity: Activity Logging plugin for WordPress", "slug": "coreactivity", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3c3115b-8921-429d-b517-b946edab1cd5": { "id": "b3c3115b-8921-429d-b517-b946edab1cd5", "title": "WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3c3115b-8921-429d-b517-b946edab1cd5?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3c511a5-3c2b-40c0-b3d1-bb7c83c67513": { "id": "b3c511a5-3c2b-40c0-b3d1-bb7c83c67513", "title": "PopCash Code Integration Tool < 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PopCash Code Integration Tool", "slug": "popcashnet-code-integration-tool", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3c511a5-3c2b-40c0-b3d1-bb7c83c67513?source=api-scan" ], "published": "2017-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3c65619-e96c-47e1-b42a-a85d0b5237d9": { "id": "b3c65619-e96c-47e1-b42a-a85d0b5237d9", "title": "wpForo Forum <= 1.6.5 - Cross-Site Scripting via s parameter", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3c65619-e96c-47e1-b42a-a85d0b5237d9?source=api-scan" ], "published": "2020-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3c6ba21-7631-4bbd-b08e-926d2f129cc3": { "id": "b3c6ba21-7631-4bbd-b08e-926d2f129cc3", "title": "SEOPress <= 7.6.1 - Information Exposure", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 7.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3c6ba21-7631-4bbd-b08e-926d2f129cc3?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925": { "id": "b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925", "title": "UserPro <= 5.1.1 - Authentication Bypass to Administrator", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3d48aca-3db5-4585-bd71-5548f3b36ea1": { "id": "b3d48aca-3db5-4585-bd71-5548f3b36ea1", "title": "GeoDirectory <= 2.3.28 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "[*, 2.3.29)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.29", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3d48aca-3db5-4585-bd71-5548f3b36ea1?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3d4f658-e9ce-490b-bcaa-1061a463dbb2": { "id": "b3d4f658-e9ce-490b-bcaa-1061a463dbb2", "title": "Premmerce Redirect Manager <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premmerce Redirect Manager", "slug": "premmerce-redirect-manager", "affected_versions": { "[*, 1.0.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3d4f658-e9ce-490b-bcaa-1061a463dbb2?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3d71289-e5a3-4145-817f-c2cac8405202": { "id": "b3d71289-e5a3-4145-817f-c2cac8405202", "title": "EventPrime <= 3.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3d71289-e5a3-4145-817f-c2cac8405202?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3d9549d-4d75-4b6a-90e2-4d403731d78f": { "id": "b3d9549d-4d75-4b6a-90e2-4d403731d78f", "title": "Zotpress < 6.1.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Zotpress", "slug": "zotpress", "affected_versions": { "[*, 6.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3d9549d-4d75-4b6a-90e2-4d403731d78f?source=api-scan" ], "published": "2016-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3da58a5-3b07-4c53-ae20-35b3d7750023": { "id": "b3da58a5-3b07-4c53-ae20-35b3d7750023", "title": "WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.2 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3da58a5-3b07-4c53-ae20-35b3d7750023?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3e03668-c9ee-4c4b-8240-998ef45a5326": { "id": "b3e03668-c9ee-4c4b-8240-998ef45a5326", "title": "WP STAGING WordPress Backup Plugin Free <= 3.1.2 and Pro <= 5.1.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "slug": "wp-staging", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] }, { "type": "plugin", "name": "WP STAGING Pro WordPress Backup Plugin", "slug": "wp-staging-pro", "affected_versions": { "[*, 5.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3e03668-c9ee-4c4b-8240-998ef45a5326?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3e12653-ddfe-4e02-9d9e-0263b9f71def": { "id": "b3e12653-ddfe-4e02-9d9e-0263b9f71def", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3e12653-ddfe-4e02-9d9e-0263b9f71def?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3e149dd-636e-47ce-9ade-e1ae337612da": { "id": "b3e149dd-636e-47ce-9ade-e1ae337612da", "title": "Event Calendar <= 1.4.6 - Missing Authorization to Event Modification", "software": [ { "type": "plugin", "name": "Event Calendar \u2013 Calendar", "slug": "calendar-event", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3e149dd-636e-47ce-9ade-e1ae337612da?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3ea5e75-9b6a-4710-bb2c-458c2a924bb0": { "id": "b3ea5e75-9b6a-4710-bb2c-458c2a924bb0", "title": "ThinkIT WP Contact Form < 0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ThinkIT WP Contact Form", "slug": "thinkit-wp-contact-form", "affected_versions": { "[*, 0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3ea5e75-9b6a-4710-bb2c-458c2a924bb0?source=api-scan" ], "published": "2013-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3eee437-e65e-461e-9350-c89f21171e3c": { "id": "b3eee437-e65e-461e-9350-c89f21171e3c", "title": "WP Symposium <= 14.11 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "* - 14.11": { "from_version": "*", "from_inclusive": true, "to_version": "14.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3eee437-e65e-461e-9350-c89f21171e3c?source=api-scan" ], "published": "2014-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183": { "id": "b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183", "title": "B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Price Modification", "software": [ { "type": "plugin", "name": "B2BKing \u2014 Ultimate WooCommerce Wholesale and B2B Solution \u2014 Wholesale Order Form, Catalog Mode, Dynamic Pricing & More", "slug": "b2bking-wholesale-for-woocommerce", "affected_versions": { "* - 4.6.00": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.00", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3f75424-b9f3-42ee-a96c-ff0ed30cbd2f": { "id": "b3f75424-b9f3-42ee-a96c-ff0ed30cbd2f", "title": "WPS Limit Login < 1.4.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPS Limit Login", "slug": "wps-limit-login", "affected_versions": { "[*, 1.4.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3f75424-b9f3-42ee-a96c-ff0ed30cbd2f?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3f7a88c-a09b-46ac-b345-139c2d20a3d2": { "id": "b3f7a88c-a09b-46ac-b345-139c2d20a3d2", "title": "Duplicator <= 1.5.7 AND Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Duplicator Pro", "slug": "duplicator-pro", "affected_versions": { "[*, 4.5.14.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.14.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.14.2" ] }, { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3f7a88c-a09b-46ac-b345-139c2d20a3d2?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b3f87bd6-b432-4bf8-9046-8d66b45f6a85": { "id": "b3f87bd6-b432-4bf8-9046-8d66b45f6a85", "title": "Legal Pages <= 1.3.7 - Missing Authorization on 'deleteLegalTemplate'", "software": [ { "type": "plugin", "name": "Legal Pages \u2013 Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator", "slug": "legal-pages", "affected_versions": { "[*, 1.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b3f87bd6-b432-4bf8-9046-8d66b45f6a85?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b40070af-3f2c-4bd1-bd33-1a0aa37c6e62": { "id": "b40070af-3f2c-4bd1-bd33-1a0aa37c6e62", "title": "WP Directory Kit <= 1.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Directory Kit", "slug": "wpdirectorykit", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b40070af-3f2c-4bd1-bd33-1a0aa37c6e62?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b403b1f3-cc04-48fb-b2ae-c6c234fad29f": { "id": "b403b1f3-cc04-48fb-b2ae-c6c234fad29f", "title": "Subscribe Sidebar plugin by Blubrry <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscribe Sidebar plugin by Blubrry", "slug": "subscribe-sidebar", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b403b1f3-cc04-48fb-b2ae-c6c234fad29f?source=api-scan" ], "published": "2020-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b404c6c4-cc05-4040-b96a-7be750020acc": { "id": "b404c6c4-cc05-4040-b96a-7be750020acc", "title": "SW Ajax WooCommerce Search <= 1.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SW Ajax WooCommerce Search", "slug": "sw_ajax_woocommerce_search", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b404c6c4-cc05-4040-b96a-7be750020acc?source=api-scan" ], "published": "2020-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b406f0b8-16b5-49ca-88d8-7717bef1ae61": { "id": "b406f0b8-16b5-49ca-88d8-7717bef1ae61", "title": "Stars Testimonials <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode", "software": [ { "type": "plugin", "name": "Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews \u2013 Stars Testimonials", "slug": "stars-testimonials-with-slider-and-masonry-grid", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b406f0b8-16b5-49ca-88d8-7717bef1ae61?source=api-scan" ], "published": "2024-09-30 19:04:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4080bb7-9197-4c93-bcb1-cf7b5833771a": { "id": "b4080bb7-9197-4c93-bcb1-cf7b5833771a", "title": "Dean's FCKEditor <= 1.0.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Dean's FCKEditor", "slug": "deans-fckeditor-with-pwwangs-code-plugin-for-wordpress", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4080bb7-9197-4c93-bcb1-cf7b5833771a?source=api-scan" ], "published": "2012-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b409d2a5-3c4c-4a1e-b222-e2df7257b81f": { "id": "b409d2a5-3c4c-4a1e-b222-e2df7257b81f", "title": "Newsletter Lite <= 4.9.2 - Authenticated (Admin+) Command Injection", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b409d2a5-3c4c-4a1e-b222-e2df7257b81f?source=api-scan" ], "published": "2023-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b40a40d1-d12f-4fe6-b155-83a1f1a5a494": { "id": "b40a40d1-d12f-4fe6-b155-83a1f1a5a494", "title": "Seriously Simple Podcasting <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Seriously Simple Podcasting", "slug": "seriously-simple-podcasting", "affected_versions": { "* - 2.19.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.19.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.19.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b40a40d1-d12f-4fe6-b155-83a1f1a5a494?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b40c89e5-d291-45b7-b84a-6fee75e5b7eb": { "id": "b40c89e5-d291-45b7-b84a-6fee75e5b7eb", "title": "Ajax Store Locator <= 1.2 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "AJAX Store Locator", "slug": "ajax-store-locator", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b40c89e5-d291-45b7-b84a-6fee75e5b7eb?source=api-scan" ], "published": "2014-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b40e70ed-cdcb-4999-92a9-45bbd2515a3d": { "id": "b40e70ed-cdcb-4999-92a9-45bbd2515a3d", "title": "Podlove Podcast Publisher <= 4.0.14 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b40e70ed-cdcb-4999-92a9-45bbd2515a3d?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33": { "id": "b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33", "title": "Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Admin side data storage for Contact Form 7", "slug": "admin-side-data-storage-for-contact-form-7", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b41a91fc-86ee-4795-acb6-2ffd22c4f7af": { "id": "b41a91fc-86ee-4795-acb6-2ffd22c4f7af", "title": "PDF Generator for Wordpress <= 1.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Generator for WordPress \u2013 Create & Customize PDF for Posts, Pages and WooCommerce Products", "slug": "pdf-generator-for-wp", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b41a91fc-86ee-4795-acb6-2ffd22c4f7af?source=api-scan" ], "published": "2023-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b42882f6-ccea-4d8f-940b-1ad95b1ab760": { "id": "b42882f6-ccea-4d8f-940b-1ad95b1ab760", "title": "Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate WooCommerce CSV Importer", "slug": "simple-woocommerce-csv-loader", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b42882f6-ccea-4d8f-940b-1ad95b1ab760?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b42be363-30b4-487b-9ffc-bfa3efbd1250": { "id": "b42be363-30b4-487b-9ffc-bfa3efbd1250", "title": "Header Footer Code Manager <= 1.1.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Header Footer Code Manager", "slug": "header-footer-code-manager", "affected_versions": { "* - 1.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b42be363-30b4-487b-9ffc-bfa3efbd1250?source=api-scan" ], "published": "2022-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b42c0e51-676f-4f06-9e5c-b6b74bea89b5": { "id": "b42c0e51-676f-4f06-9e5c-b6b74bea89b5", "title": "WP-TopBar <= 3.04 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-TopBar", "slug": "wp-topbar", "affected_versions": { "[*, 3.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b42c0e51-676f-4f06-9e5c-b6b74bea89b5?source=api-scan" ], "published": "2013-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4309271-f93a-46ac-8b0b-d6193487ac98": { "id": "b4309271-f93a-46ac-8b0b-d6193487ac98", "title": "WooCommerce <= 2.2.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 2.2.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4309271-f93a-46ac-8b0b-d6193487ac98?source=api-scan" ], "published": "2015-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b43371a6-bcb5-4418-b5a5-85879775010c": { "id": "b43371a6-bcb5-4418-b5a5-85879775010c", "title": "App Builder \u2013 Create Native Android & iOS Apps On The Flight <= 4.3.3 - Unauthenticated Limited SQL Injection via app-builder-search", "software": [ { "type": "plugin", "name": "App Builder \u2013 Create Native Android & iOS Apps On The Flight", "slug": "app-builder", "affected_versions": { "* - 4.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b43371a6-bcb5-4418-b5a5-85879775010c?source=api-scan" ], "published": "2024-08-20 17:24:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4363600-666a-4a75-a817-4af679ab400c": { "id": "b4363600-666a-4a75-a817-4af679ab400c", "title": "ARMember Premium <= 5.9.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "ARMember Premium \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember", "affected_versions": { "* - 5.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4363600-666a-4a75-a817-4af679ab400c?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b437020c-31a3-413e-a1da-b4781da34f10": { "id": "b437020c-31a3-413e-a1da-b4781da34f10", "title": "Contact Form 7 Connector <= 1.2.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Connector", "slug": "ari-cf7-connector", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b437020c-31a3-413e-a1da-b4781da34f10?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b43a61f4-2d1c-47ce-ae0d-a5969bdb43f1": { "id": "b43a61f4-2d1c-47ce-ae0d-a5969bdb43f1", "title": "WordPress Portfolio Builder \u2013 Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Portfolio Builder \u2013 Portfolio Gallery", "slug": "uber-grid", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b43a61f4-2d1c-47ce-ae0d-a5969bdb43f1?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b44a4d74-5c2b-454a-992a-74a3a71fa5dd": { "id": "b44a4d74-5c2b-454a-992a-74a3a71fa5dd", "title": "Classic <= 1.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Classic", "slug": "classic", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b44a4d74-5c2b-454a-992a-74a3a71fa5dd?source=api-scan" ], "published": "2007-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b44ef21f-464e-487a-ba5a-fe889e4c488c": { "id": "b44ef21f-464e-487a-ba5a-fe889e4c488c", "title": "Elementor Website Builder <= 3.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_inline_svg()", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b44ef21f-464e-487a-ba5a-fe889e4c488c?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4533554-52e4-44b4-9230-b6e3feb2e4a1": { "id": "b4533554-52e4-44b4-9230-b6e3feb2e4a1", "title": "Seo By 10Web <= 1.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO by 10Web", "slug": "seo-by-10web", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4533554-52e4-44b4-9230-b6e3feb2e4a1?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4570948-1625-44b3-8af6-73765d9710ee": { "id": "b4570948-1625-44b3-8af6-73765d9710ee", "title": "WordPress Email Marketing Plugin \u2013 WP Email Capture <= 3.10 - Information Exposure via wp_email_capture_options_process", "software": [ { "type": "plugin", "name": "WordPress Email Marketing Plugin \u2013 WP Email Capture", "slug": "wp-email-capture", "affected_versions": { "* - 3.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4570948-1625-44b3-8af6-73765d9710ee?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b45ba98f-4cd1-406a-8661-e19d5b4c3ba8": { "id": "b45ba98f-4cd1-406a-8661-e19d5b4c3ba8", "title": "MC4WP: Mailchimp Top Bar <= 1.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp Top Bar", "slug": "mailchimp-top-bar", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b45ba98f-4cd1-406a-8661-e19d5b4c3ba8?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4603b58-0972-4e04-91ac-ffc846964722": { "id": "b4603b58-0972-4e04-91ac-ffc846964722", "title": "Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4603b58-0972-4e04-91ac-ffc846964722?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b467fc26-242f-47c4-bcfd-38980489a0c3": { "id": "b467fc26-242f-47c4-bcfd-38980489a0c3", "title": "Snapshot Backup <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Snapshot Backup", "slug": "snapshot-backup", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b467fc26-242f-47c4-bcfd-38980489a0c3?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b46b5299-2c14-4eb7-872c-f43518e1d31d": { "id": "b46b5299-2c14-4eb7-872c-f43518e1d31d", "title": "Malware Finder <= 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Malware Finder", "slug": "malware-finder", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b46b5299-2c14-4eb7-872c-f43518e1d31d?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b46cd71f-046a-45b8-be8d-4a71e97586b4": { "id": "b46cd71f-046a-45b8-be8d-4a71e97586b4", "title": "Checkout Field Editor for WooCommerce (Pro) <= 3.6.2 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Checkout Field Editor for WooCommerce (Pro)", "slug": "woocommerce-checkout-field-editor-pro", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b46cd71f-046a-45b8-be8d-4a71e97586b4?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b46e9771-37ff-4825-9af9-02ecde424653": { "id": "b46e9771-37ff-4825-9af9-02ecde424653", "title": "WP Radio \u2013 Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "WP Radio \u2013 Worldwide Online Radio Stations Directory for WordPress", "slug": "wp-radio", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b46e9771-37ff-4825-9af9-02ecde424653?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4737bb2-1bb4-4986-9df5-5978fc46f2ec": { "id": "b4737bb2-1bb4-4986-9df5-5978fc46f2ec", "title": "Theron Lite <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Theron Lite", "slug": "theron-lite", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4737bb2-1bb4-4986-9df5-5978fc46f2ec?source=api-scan" ], "published": "2024-06-27 20:13:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b478d88d-1423-4a33-b8ef-08b9e66a5d98": { "id": "b478d88d-1423-4a33-b8ef-08b9e66a5d98", "title": "Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.93": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b47edd57-cac7-463f-88cc-8922f1b34612": { "id": "b47edd57-cac7-463f-88cc-8922f1b34612", "title": "Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b47edd57-cac7-463f-88cc-8922f1b34612?source=api-scan" ], "published": "2023-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b47f9624-1829-42b7-8afb-fe25b234df72": { "id": "b47f9624-1829-42b7-8afb-fe25b234df72", "title": "Easy Testimonials <= 3.5.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Testimonials", "slug": "easy-testimonials", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b47f9624-1829-42b7-8afb-fe25b234df72?source=api-scan" ], "published": "2020-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4827732-41ff-4a14-bb5e-4f7888ffd733": { "id": "b4827732-41ff-4a14-bb5e-4f7888ffd733", "title": "GHActivity <= 2.0.0-alpha - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GHActivity", "slug": "ghactivity", "affected_versions": { "[*, 2.0.0-alpha]": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0-alpha", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4827732-41ff-4a14-bb5e-4f7888ffd733?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4865576-9929-4ce2-a220-935f1f3e0485": { "id": "b4865576-9929-4ce2-a220-935f1f3e0485", "title": "Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Manage Bookings", "software": [ { "type": "plugin", "name": "Hostel", "slug": "hostel", "affected_versions": { "* - 1.1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4865576-9929-4ce2-a220-935f1f3e0485?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b489427e-f925-4058-8924-7a9557fc4ebf": { "id": "b489427e-f925-4058-8924-7a9557fc4ebf", "title": "Gravity PDF <= 6.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gravity PDF", "slug": "gravity-forms-pdf-extended", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b489427e-f925-4058-8924-7a9557fc4ebf?source=api-scan" ], "published": "2022-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b48b9170-4dd9-4004-a081-488cafbc7597": { "id": "b48b9170-4dd9-4004-a081-488cafbc7597", "title": "eCommerce Product Catalog <= 3.3.26 - Sensitive Information Exposure via CSV Files", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "[*, 3.3.27)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b48b9170-4dd9-4004-a081-488cafbc7597?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b48bc632-c825-48e0-8766-3ac59e5b87c6": { "id": "b48bc632-c825-48e0-8766-3ac59e5b87c6", "title": "Download Manager <= 3.2.70 - Insufficient Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.70": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.70", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b48bc632-c825-48e0-8766-3ac59e5b87c6?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b48e5973-6923-47cc-a660-ecc989f540f8": { "id": "b48e5973-6923-47cc-a660-ecc989f540f8", "title": "JM Twitter Cards <= 14 - Information Exposure via Meta Description", "software": [ { "type": "plugin", "name": "JM Twitter Cards", "slug": "jm-twitter-cards", "affected_versions": { "* - 14": { "from_version": "*", "from_inclusive": true, "to_version": "14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b48e5973-6923-47cc-a660-ecc989f540f8?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4939efc-889a-4d1d-b916-dcf3b064dc81": { "id": "b4939efc-889a-4d1d-b916-dcf3b064dc81", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4939efc-889a-4d1d-b916-dcf3b064dc81?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4956173-b306-401c-b966-df884e8979e0": { "id": "b4956173-b306-401c-b966-df884e8979e0", "title": "CMP - Coming Soon & Maintenance Plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update", "software": [ { "type": "plugin", "name": "CMP \u2013 Coming Soon & Maintenance Plugin by NiteoThemes", "slug": "cmp-coming-soon-maintenance", "affected_versions": { "[*, 4.0.19)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4956173-b306-401c-b966-df884e8979e0?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4967c95-8eb6-4c9b-ae6e-082dbc6af7f5": { "id": "b4967c95-8eb6-4c9b-ae6e-082dbc6af7f5", "title": "Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection", "software": [ { "type": "plugin", "name": "Dokan \u2013 Powerful WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy", "slug": "dokan-lite", "affected_versions": { "* - 3.7.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4967c95-8eb6-4c9b-ae6e-082dbc6af7f5?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4983c2f-f9f6-4bd9-9c38-0ad3756f92b6": { "id": "b4983c2f-f9f6-4bd9-9c38-0ad3756f92b6", "title": "Catch Breadcrumb <= 1.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Catch Breadcrumb", "slug": "catch-breadcrumb", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4983c2f-f9f6-4bd9-9c38-0ad3756f92b6?source=api-scan" ], "published": "2020-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b498e274-db8c-438f-8e19-43f3018d1663": { "id": "b498e274-db8c-438f-8e19-43f3018d1663", "title": "WP AutoComplete Search <= 1.0.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP AutoComplete Search", "slug": "wp-autosearch", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b498e274-db8c-438f-8e19-43f3018d1663?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b49ae7fc-e860-4387-b596-12640ec7277f": { "id": "b49ae7fc-e860-4387-b596-12640ec7277f", "title": "WPCafe \u2013 Food Menu, WooCommerce Food Ordering, Food Delivery, Pickup and Restaurant Reservation <= 2.1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce", "slug": "wp-cafe", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b49ae7fc-e860-4387-b596-12640ec7277f?source=api-scan" ], "published": "2022-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b49c1e95-7ef4-45d7-9fdf-dd5adffd2eb0": { "id": "b49c1e95-7ef4-45d7-9fdf-dd5adffd2eb0", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.121": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.121", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.122" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b49c1e95-7ef4-45d7-9fdf-dd5adffd2eb0?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b49d166f-4df0-4997-a078-0be8fcd92576": { "id": "b49d166f-4df0-4997-a078-0be8fcd92576", "title": "Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.31": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b49d166f-4df0-4997-a078-0be8fcd92576?source=api-scan" ], "published": "2024-05-30 17:20:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4a44a8a-740b-45dd-962c-945238f6ddee": { "id": "b4a44a8a-740b-45dd-962c-945238f6ddee", "title": "PayPal Brasil para WooCommerce <= 1.4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PayPal Brasil para WooCommerce", "slug": "paypal-brasil-para-woocommerce", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4a44a8a-740b-45dd-962c-945238f6ddee?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4a63360-01eb-491e-b25d-501adb83f57f": { "id": "b4a63360-01eb-491e-b25d-501adb83f57f", "title": "WP Social Bookmarking Light < 1.7.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Social Bookmarking Light", "slug": "wp-social-bookmarking-light", "affected_versions": { "[*, 1.7.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4a63360-01eb-491e-b25d-501adb83f57f?source=api-scan" ], "published": "2015-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4a82562-1368-4071-bedf-8a84d82e88ef": { "id": "b4a82562-1368-4071-bedf-8a84d82e88ef", "title": "Qyrr \u2013 simply and modern QR-Code creation <= 0.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Qyrr \u2013 simply and modern QR-Code creation", "slug": "qyrr-code", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4a82562-1368-4071-bedf-8a84d82e88ef?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4accf10-710e-4cba-8d61-04e422324f9d": { "id": "b4accf10-710e-4cba-8d61-04e422324f9d", "title": "WP fade in text news <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "WP fade in text news", "slug": "wp-fade-in-text-news", "affected_versions": { "* - 12.0": { "from_version": "*", "from_inclusive": true, "to_version": "12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4accf10-710e-4cba-8d61-04e422324f9d?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4b2587a-e84e-4149-b9ac-ecf36451f815": { "id": "b4b2587a-e84e-4149-b9ac-ecf36451f815", "title": "WordPress Contact Forms by Cimatti <= 1.5.4 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Contact Forms by Cimatti", "slug": "contact-forms", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4b2587a-e84e-4149-b9ac-ecf36451f815?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4b3b4a4-9a56-49b8-b3d3-7e50954b4487": { "id": "b4b3b4a4-9a56-49b8-b3d3-7e50954b4487", "title": "Visual CSS Style Editor <= 7.2.0 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Visual CSS Style Editor", "slug": "yellow-pencil-visual-theme-customizer", "affected_versions": { "[*, 7.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4b3b4a4-9a56-49b8-b3d3-7e50954b4487?source=api-scan" ], "published": "2019-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4b4ca5b-c806-4b68-acb8-6b63d6ca5728": { "id": "b4b4ca5b-c806-4b68-acb8-6b63d6ca5728", "title": "Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update", "software": [ { "type": "plugin", "name": "Linkz.ai \u2013 Automatic link previews on hover", "slug": "linkz-ai", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4b4ca5b-c806-4b68-acb8-6b63d6ca5728?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4b61b5b-e5e8-41d4-bf37-d9427a204ea6": { "id": "b4b61b5b-e5e8-41d4-bf37-d9427a204ea6", "title": "FLOWFACT WP Connector <= 2.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FLOWFACT WP Connector", "slug": "flowfact-wp-connector", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4b61b5b-e5e8-41d4-bf37-d9427a204ea6?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4bb2d72-ff31-4220-acb3-ed17bb9229b5": { "id": "b4bb2d72-ff31-4220-acb3-ed17bb9229b5", "title": "WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4c13600-0791-4ade-9c28-f43f164aedae": { "id": "b4c13600-0791-4ade-9c28-f43f164aedae", "title": "Click to Chat \u2013 WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode", "software": [ { "type": "plugin", "name": "Click to Chat \u2013 WP Support All-in-One Floating Widget", "slug": "support-chat", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4c13600-0791-4ade-9c28-f43f164aedae?source=api-scan" ], "published": "2024-10-17 19:22:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4c6930a-b413-4acc-a0a4-9940bb8474cc": { "id": "b4c6930a-b413-4acc-a0a4-9940bb8474cc", "title": "Newsletter <= 3.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4c6930a-b413-4acc-a0a4-9940bb8474cc?source=api-scan" ], "published": "2013-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4ca985e-cae1-4e26-ad2d-413724cfd45d": { "id": "b4ca985e-cae1-4e26-ad2d-413724cfd45d", "title": "User Activity Log <= 1.6.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4ca985e-cae1-4e26-ad2d-413724cfd45d?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4cc839c-de7a-43eb-a7fa-b1049419bfa3": { "id": "b4cc839c-de7a-43eb-a7fa-b1049419bfa3", "title": "Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload", "software": [ { "type": "plugin", "name": "Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager", "slug": "folders", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] }, { "type": "plugin", "name": "Folders Pro", "slug": "folders-pro", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4cc839c-de7a-43eb-a7fa-b1049419bfa3?source=api-scan" ], "published": "2024-06-13 15:33:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4cd5c42-bba2-4900-b450-a575c0007402": { "id": "b4cd5c42-bba2-4900-b450-a575c0007402", "title": "Easy Digital Downloads <= 2.5.7 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4cd5c42-bba2-4900-b450-a575c0007402?source=api-scan" ], "published": "2016-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4ce2353-e4ec-4f55-a341-c1b11be86642": { "id": "b4ce2353-e4ec-4f55-a341-c1b11be86642", "title": "Hot Files: File Sharing and Download Manager Plugin <= 1.0.0 - Cross-Site scripting", "software": [ { "type": "plugin", "name": "Hot Files: File Sharing and Download Manager Plugin", "slug": "wphotfiles", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4ce2353-e4ec-4f55-a341-c1b11be86642?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4ce6cb2-a02a-4b4c-8887-22ee6115509f": { "id": "b4ce6cb2-a02a-4b4c-8887-22ee6115509f", "title": "AccessAlly <= 3.5.6 - Information Exposure", "software": [ { "type": "plugin", "name": "AccessAlly", "slug": "accessally", "affected_versions": { "* - 3.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4ce6cb2-a02a-4b4c-8887-22ee6115509f?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4cf2331-ec19-488a-9d72-ec54fb9a82c9": { "id": "b4cf2331-ec19-488a-9d72-ec54fb9a82c9", "title": "CopySafe Web Protection <= 3.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CopySafe Web Protection", "slug": "wp-copysafe-web", "affected_versions": { "* - 3.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4cf2331-ec19-488a-9d72-ec54fb9a82c9?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4d33e69-3620-42d9-adb3-267a5ed02a58": { "id": "b4d33e69-3620-42d9-adb3-267a5ed02a58", "title": "WP Maintenance Mode & Site Under Construction <= 1.8.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "WP Maintenance Mode & Site Under Construction", "slug": "wp-maintenance-mode-site-under-construction", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4d33e69-3620-42d9-adb3-267a5ed02a58?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4da6327-9ad1-4a53-b2c4-a4c31f56d0e5": { "id": "b4da6327-9ad1-4a53-b2c4-a4c31f56d0e5", "title": "Pliska <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name", "software": [ { "type": "theme", "name": "Pliska", "slug": "pliska", "affected_versions": { "* - 0.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4da6327-9ad1-4a53-b2c4-a4c31f56d0e5?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4df1fc3-ea7e-4f41-a5f0-d3928f8add70": { "id": "b4df1fc3-ea7e-4f41-a5f0-d3928f8add70", "title": "AGP Font Awesome Collection <= 3.2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AGP Font Awesome Collection", "slug": "agp-font-awesome-collection", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4df1fc3-ea7e-4f41-a5f0-d3928f8add70?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4dfeb49-38d3-495d-af96-d67a29b339fa": { "id": "b4dfeb49-38d3-495d-af96-d67a29b339fa", "title": "Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation", "slug": "optinmonster", "affected_versions": { "* - 2.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4dfeb49-38d3-495d-af96-d67a29b339fa?source=api-scan" ], "published": "2024-05-24 16:30:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4e0ee4f-fc45-4682-9ed4-aa1301205bb4": { "id": "b4e0ee4f-fc45-4682-9ed4-aa1301205bb4", "title": "Rate my Post \u2013 WP Rating System <= 3.3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Rate My Post \u2013 Star Rating Plugin by FeedbackWP", "slug": "rate-my-post", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4e0ee4f-fc45-4682-9ed4-aa1301205bb4?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4e1638a-ddfb-44e5-951e-3e779971a3a7": { "id": "b4e1638a-ddfb-44e5-951e-3e779971a3a7", "title": "Better Search <= 3.3.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Search \u2013 Relevant search results for WordPress", "slug": "better-search", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4e1638a-ddfb-44e5-951e-3e779971a3a7?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4e1fe83-678f-4368-9810-16d9cd50b15c": { "id": "b4e1fe83-678f-4368-9810-16d9cd50b15c", "title": "Store Locator WordPress <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Store Locator WordPress", "slug": "agile-store-locator", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4e1fe83-678f-4368-9810-16d9cd50b15c?source=api-scan" ], "published": "2022-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4e812f2-78f2-4dde-96ec-2ee114ebaa60": { "id": "b4e812f2-78f2-4dde-96ec-2ee114ebaa60", "title": "Geo Mashup - < 1.10.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Geo Mashup", "slug": "geo-mashup", "affected_versions": { "[*, 1.10.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4e812f2-78f2-4dde-96ec-2ee114ebaa60?source=api-scan" ], "published": "2018-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4eb5833-25cd-4a6c-9240-37a9f8c1b120": { "id": "b4eb5833-25cd-4a6c-9240-37a9f8c1b120", "title": "WP Brutal AI < 2.0.0 - Cross-Site Request Forgery to SQL Injection", "software": [ { "type": "plugin", "name": "WP Brutal AI", "slug": "wpbrutalai", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4eb5833-25cd-4a6c-9240-37a9f8c1b120?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4ec9001-c4aa-4db3-b7d7-29afa243f78a": { "id": "b4ec9001-c4aa-4db3-b7d7-29afa243f78a", "title": "Rank Math SEO PRO <= 3.0.35 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rank Math SEO PRO", "slug": "seo-by-rank-math-pro", "affected_versions": { "* - 3.0.35": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4ec9001-c4aa-4db3-b7d7-29afa243f78a?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4ecf437-b9f5-47d3-85b2-c8159c937473": { "id": "b4ecf437-b9f5-47d3-85b2-c8159c937473", "title": "Image Hover Effects <= 5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Hover Effects \u2013 WordPress Plugin", "slug": "image-hover-effects", "affected_versions": { "* - 5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4ecf437-b9f5-47d3-85b2-c8159c937473?source=api-scan" ], "published": "2022-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4f2554d-c047-4be2-a4e6-2ae51f077376": { "id": "b4f2554d-c047-4be2-a4e6-2ae51f077376", "title": "Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4f2554d-c047-4be2-a4e6-2ae51f077376?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4f4fcaa-4c66-49f6-b13f-da112ae26e21": { "id": "b4f4fcaa-4c66-49f6-b13f-da112ae26e21", "title": "Safe SVG <= 1.9.4 - Denial of Service", "software": [ { "type": "plugin", "name": "Safe SVG", "slug": "safe-svg", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4f4fcaa-4c66-49f6-b13f-da112ae26e21?source=api-scan" ], "published": "2019-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4f77508-b1e6-4a13-b384-f086ec64fe85": { "id": "b4f77508-b1e6-4a13-b384-f086ec64fe85", "title": "Easy Table <= 1.5.2 - Authenticated Stored Cross-Site Scripting via easy-table-test-area parameter", "software": [ { "type": "plugin", "name": "Easy Table", "slug": "easy-table", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4f77508-b1e6-4a13-b384-f086ec64fe85?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4fc9628-b254-405b-a7cc-bb955618bc35": { "id": "b4fc9628-b254-405b-a7cc-bb955618bc35", "title": "Machic Core <= 1.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Machic - Electronics Store WooCommerce Theme", "slug": "machic-core", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4fc9628-b254-405b-a7cc-bb955618bc35?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4fe8b1f-da1c-4f94-9ab4-272766b488c3": { "id": "b4fe8b1f-da1c-4f94-9ab4-272766b488c3", "title": "WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4fe8b1f-da1c-4f94-9ab4-272766b488c3?source=api-scan" ], "published": "2023-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b4ff715e-056e-48d8-bb82-d4f89047384f": { "id": "b4ff715e-056e-48d8-bb82-d4f89047384f", "title": "Modern Events Calendar Lite <= 5.16.5 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 5.16.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b4ff715e-056e-48d8-bb82-d4f89047384f?source=api-scan" ], "published": "2021-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5018aac-59fb-4d95-bbdd-8ceaa4f8fad1": { "id": "b5018aac-59fb-4d95-bbdd-8ceaa4f8fad1", "title": "WP YouTube Live <= 1.8.2 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP YouTube Live", "slug": "wp-youtube-live", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5018aac-59fb-4d95-bbdd-8ceaa4f8fad1?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5023e07-9976-44f3-81de-2eb4ba86b0ca": { "id": "b5023e07-9976-44f3-81de-2eb4ba86b0ca", "title": "Ninja Forms Contact Form <= 3.3.21.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.3.21.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.21.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.21.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5023e07-9976-44f3-81de-2eb4ba86b0ca?source=api-scan" ], "published": "2019-01-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5031140-9a48-43da-b946-00ce9c70258b": { "id": "b5031140-9a48-43da-b946-00ce9c70258b", "title": "Click To Tweet <= 2.0.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Click To Tweet", "slug": "click-to-tweet", "affected_versions": { "* - 2.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5031140-9a48-43da-b946-00ce9c70258b?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b50772e5-5142-4f50-b5c0-6116a8821cba": { "id": "b50772e5-5142-4f50-b5c0-6116a8821cba", "title": "All-In-One Security (AIOS) \u2013 Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 5.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b50772e5-5142-4f50-b5c0-6116a8821cba?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5086b8d-6c74-4970-9937-5ddc5b528495": { "id": "b5086b8d-6c74-4970-9937-5ddc5b528495", "title": "WooCommerce Weight Based Shipping <= 5.4.1 - Cross-Site Request Forgery leading to Plugin Settings Changes", "software": [ { "type": "plugin", "name": "WooCommerce Weight Based Shipping", "slug": "weight-based-shipping-for-woocommerce", "affected_versions": { "* - 5.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5086b8d-6c74-4970-9937-5ddc5b528495?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b50bdf83-d6e1-46bd-be6c-4fcb77ef94db": { "id": "b50bdf83-d6e1-46bd-be6c-4fcb77ef94db", "title": "Option Tree <= 2.7.2 - Object Injection Bypass", "software": [ { "type": "plugin", "name": "OptionTree", "slug": "option-tree", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b50bdf83-d6e1-46bd-be6c-4fcb77ef94db?source=api-scan" ], "published": "2019-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b50d6fd0-3698-4e16-aa76-0344306bc705": { "id": "b50d6fd0-3698-4e16-aa76-0344306bc705", "title": "WP Sessions Time Monitoring Full Automatic <= 1.0.8 - Unauthenticated SQL injection", "software": [ { "type": "plugin", "name": "WP Sessions Time Monitoring Full Automatic", "slug": "activitytime", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b50d6fd0-3698-4e16-aa76-0344306bc705?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b50f98ca-6a51-4de8-9e89-004532ba8f96": { "id": "b50f98ca-6a51-4de8-9e89-004532ba8f96", "title": "Colormix (All Versions) - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Colormix", "slug": "colormix", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b50f98ca-6a51-4de8-9e89-004532ba8f96?source=api-scan" ], "published": "2013-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5111eb6-b4b3-4b18-9de3-577c323eaab8": { "id": "b5111eb6-b4b3-4b18-9de3-577c323eaab8", "title": "Advanced Menu Manager <= 3.0.6 - Authenticated (Subscriber+) Menu Creation\/Deletion", "software": [ { "type": "plugin", "name": "Advance Menu Manager", "slug": "advance-menu-manager", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5111eb6-b4b3-4b18-9de3-577c323eaab8?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b512f9a9-6c83-416c-bacc-ee3bba8dfe29": { "id": "b512f9a9-6c83-416c-bacc-ee3bba8dfe29", "title": "Contact Forms by Cimatti <= 1.5.4 - Reflected Cross-Site Scripting via 'form-field-id', 'edit-fid', 'id', 'name', 'type', 'description' Parameters", "software": [ { "type": "plugin", "name": "WordPress Contact Forms by Cimatti", "slug": "contact-forms", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b512f9a9-6c83-416c-bacc-ee3bba8dfe29?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5136409-d843-4774-afe7-211a23f65da9": { "id": "b5136409-d843-4774-afe7-211a23f65da9", "title": "Duplicator \u2013 WordPress Migration Plugin <= 1.4.7 - Unauthenticated Backup Download", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5136409-d843-4774-afe7-211a23f65da9?source=api-scan" ], "published": "2022-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b515782a-d7ec-41a6-92f8-91823f2c0dcf": { "id": "b515782a-d7ec-41a6-92f8-91823f2c0dcf", "title": "WishSuite <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WishSuite \u2013 Wishlist for WooCommerce", "slug": "wishsuite", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b515782a-d7ec-41a6-92f8-91823f2c0dcf?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b51a7670-9fa6-4df9-bef6-c7ebe6b09c5c": { "id": "b51a7670-9fa6-4df9-bef6-c7ebe6b09c5c", "title": "CTHthemes CityBook Theme < 2.3.4, TownHub Theme < 1.0.6, EasyBook Theme < 1.2.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "EasyBook \u2013 Hotel & Tour Booking WordPress Theme", "slug": "easybook", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "theme", "name": "TownHub - Directory & Listing WordPress Theme", "slug": "townhub", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "CityBook - Directory & Listing WordPress Theme", "slug": "citybook", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b51a7670-9fa6-4df9-bef6-c7ebe6b09c5c?source=api-scan" ], "published": "2019-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b51ea91f-247c-4ea6-b60c-7ad49b676cb1": { "id": "b51ea91f-247c-4ea6-b60c-7ad49b676cb1", "title": "Raygun4WP <= 1.8.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Raygun", "slug": "raygun4wp", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b51ea91f-247c-4ea6-b60c-7ad49b676cb1?source=api-scan" ], "published": "2017-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5226241-dbf4-42e5-b9f4-77da125fa810": { "id": "b5226241-dbf4-42e5-b9f4-77da125fa810", "title": "Easy Digital Downloads <= 2.10.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "[*, 2.10.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5226241-dbf4-42e5-b9f4-77da125fa810?source=api-scan" ], "published": "2021-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b524e239-0a7c-4515-8126-4fd298e43bdd": { "id": "b524e239-0a7c-4515-8126-4fd298e43bdd", "title": "OneLogin SAML SSO <= 2.4.2 - Use of Vulnerable Component", "software": [ { "type": "plugin", "name": "OneLogin SAML SSO", "slug": "onelogin-saml-sso", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b524e239-0a7c-4515-8126-4fd298e43bdd?source=api-scan" ], "published": "2016-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b526b331-8c02-44b1-9555-156afe7ad45a": { "id": "b526b331-8c02-44b1-9555-156afe7ad45a", "title": "Advanced Access Manager <= 2.8.2 - Arbitrary File Overwrite", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "[*, 2.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b526b331-8c02-44b1-9555-156afe7ad45a?source=api-scan" ], "published": "2014-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc": { "id": "b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc", "title": "EventPrime \u2013 Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b52ae51d-7b9a-4047-82bf-723ea87d2375": { "id": "b52ae51d-7b9a-4047-82bf-723ea87d2375", "title": "Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Flickr Gallery", "slug": "flickr-gallery", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b52ae51d-7b9a-4047-82bf-723ea87d2375?source=api-scan" ], "published": "2017-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b53066d3-2ff3-4460-896a-facd77455914": { "id": "b53066d3-2ff3-4460-896a-facd77455914", "title": "REST API TO MiniProgram <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover", "software": [ { "type": "plugin", "name": "REST API TO MiniProgram", "slug": "rest-api-to-miniprogram", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b53066d3-2ff3-4460-896a-facd77455914?source=api-scan" ], "published": "2024-09-24 12:22:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b530d1a3-dd3c-4efb-9cff-39b6908f11c9": { "id": "b530d1a3-dd3c-4efb-9cff-39b6908f11c9", "title": "Disable Comments \u2013 Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Disable Comments \u2013 Remove Comments & Stop Spam [Multi-Site Support]", "slug": "disable-comments", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b530d1a3-dd3c-4efb-9cff-39b6908f11c9?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5318c2d-7b58-4830-bbc0-6d160968290f": { "id": "b5318c2d-7b58-4830-bbc0-6d160968290f", "title": "WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored Cross-Site Scripting via IP", "software": [ { "type": "plugin", "name": "WassUp Real Time Analytics", "slug": "wassup", "affected_versions": { "* - 1.9.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5318c2d-7b58-4830-bbc0-6d160968290f?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b536028d-4e11-4bda-8097-b37857a28309": { "id": "b536028d-4e11-4bda-8097-b37857a28309", "title": "Thumbnail For Excerpts <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Thumbnail For Excerpts", "slug": "thumbnail-for-excerpts", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b536028d-4e11-4bda-8097-b37857a28309?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b536563f-b978-4ba6-8a28-d8ee6b87964a": { "id": "b536563f-b978-4ba6-8a28-d8ee6b87964a", "title": "ACF Better Search <= 3.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ACF: Better Search", "slug": "acf-better-search", "affected_versions": { "[*, 3.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b536563f-b978-4ba6-8a28-d8ee6b87964a?source=api-scan" ], "published": "2019-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b537637b-32c0-405e-94fa-c7c2d0c80658": { "id": "b537637b-32c0-405e-94fa-c7c2d0c80658", "title": "Marketing Optimizer <= 20200925 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Marketing Optimizer", "slug": "marketing-optimizer", "affected_versions": { "* - 20200925": { "from_version": "*", "from_inclusive": true, "to_version": "20200925", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b537637b-32c0-405e-94fa-c7c2d0c80658?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b53bccdd-ed92-4831-bc63-3b96c9aee6e2": { "id": "b53bccdd-ed92-4831-bc63-3b96c9aee6e2", "title": "Simple Image Manipulator <= 1.0 - Remote File Download", "software": [ { "type": "plugin", "name": "Simple Image Manipulator", "slug": "simple-image-manipulator", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b53bccdd-ed92-4831-bc63-3b96c9aee6e2?source=api-scan" ], "published": "2015-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b53e6c9e-f78f-44e8-ad0f-8cfaaac8b53f": { "id": "b53e6c9e-f78f-44e8-ad0f-8cfaaac8b53f", "title": "Appointment Hour Booking <= 1.3.15 Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "[*, 1.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b53e6c9e-f78f-44e8-ad0f-8cfaaac8b53f?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b54307fb-ecbc-4742-9deb-59dbb85b4a7c": { "id": "b54307fb-ecbc-4742-9deb-59dbb85b4a7c", "title": "WordPress.com Editing Toolkit <= 3.78784 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress.com Editing Toolkit", "slug": "full-site-editing", "affected_versions": { "* - 3.78784": { "from_version": "*", "from_inclusive": true, "to_version": "3.78784", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.79150" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b54307fb-ecbc-4742-9deb-59dbb85b4a7c?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5451529-2e3f-414e-884e-cc6761431262": { "id": "b5451529-2e3f-414e-884e-cc6761431262", "title": "Eventin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin", "slug": "wp-event-solution", "affected_versions": { "* - 4.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5451529-2e3f-414e-884e-cc6761431262?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5490dd9-20d5-4cd6-bc09-5da94d3e702f": { "id": "b5490dd9-20d5-4cd6-bc09-5da94d3e702f", "title": "All in One SEO 4.1.3.1 - 4.1.5.2 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "4.1.3.1 - 4.1.5.2": { "from_version": "4.1.3.1", "from_inclusive": true, "to_version": "4.1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5490dd9-20d5-4cd6-bc09-5da94d3e702f?source=api-scan" ], "published": "2021-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b54f38b6-5f98-469c-802a-a4c1e1f2ab0e": { "id": "b54f38b6-5f98-469c-802a-a4c1e1f2ab0e", "title": "Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] }, { "type": "theme", "name": "Jupiter", "slug": "jupiter", "affected_versions": { "* - 6.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b54f38b6-5f98-469c-802a-a4c1e1f2ab0e?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b54fa719-0ac2-4017-b312-4b4a9bced16d": { "id": "b54fa719-0ac2-4017-b312-4b4a9bced16d", "title": "Blockspare <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites \u2013 Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed", "slug": "blockspare", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b54fa719-0ac2-4017-b312-4b4a9bced16d?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b550a140-0bdc-4840-806a-3eaceee7e42f": { "id": "b550a140-0bdc-4840-806a-3eaceee7e42f", "title": "JobSearch <= 2.5.9 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b550a140-0bdc-4840-806a-3eaceee7e42f?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b55128e9-f79f-4872-931f-c6f4d1d12032": { "id": "b55128e9-f79f-4872-931f-c6f4d1d12032", "title": "Icegram <= 1.9.18 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "[*, 1.9.19)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b55128e9-f79f-4872-931f-c6f4d1d12032?source=api-scan" ], "published": "2016-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b556bb3b-0fea-48a9-a893-3ad015559f3d": { "id": "b556bb3b-0fea-48a9-a893-3ad015559f3d", "title": "GD Security Headers <= 1.7 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "GD Security Headers", "slug": "gd-security-headers", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b556bb3b-0fea-48a9-a893-3ad015559f3d?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5582e89-83e6-4898-b9fe-09eddeb5f7ae": { "id": "b5582e89-83e6-4898-b9fe-09eddeb5f7ae", "title": "WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.38": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.38", "to_inclusive": true }, "3.8 - 3.8.38": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.38", "to_inclusive": true }, "3.9 - 3.9.36": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.36", "to_inclusive": true }, "4.0 - 4.0.35": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.35", "to_inclusive": true }, "4.1 - 4.1.35": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.35", "to_inclusive": true }, "4.2 - 4.2.32": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.32", "to_inclusive": true }, "4.3 - 4.3.28": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.28", "to_inclusive": true }, "4.4 - 4.4.27": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.27", "to_inclusive": true }, "4.5 - 4.5.26": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.26", "to_inclusive": true }, "4.6 - 4.6.23": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.23", "to_inclusive": true }, "4.7 - 4.7.23": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.23", "to_inclusive": true }, "4.8 - 4.8.19": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.19", "to_inclusive": true }, "4.9 - 4.9.20": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.20", "to_inclusive": true }, "5.0 - 5.0.16": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.16", "to_inclusive": true }, "5.1 - 5.1.13": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.13", "to_inclusive": true }, "5.2 - 5.2.15": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.15", "to_inclusive": true }, "5.3 - 5.3.12": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.12", "to_inclusive": true }, "5.4 - 5.4.10": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.10", "to_inclusive": true }, "5.5 - 5.5.9": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.9", "to_inclusive": true }, "5.6 - 5.6.8": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.8", "to_inclusive": true }, "5.7 - 5.7.6": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.6", "to_inclusive": true }, "5.8 - 5.8.4": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.4", "to_inclusive": true }, "5.9 - 5.9.3": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.3", "to_inclusive": true }, "6.0 - 6.0.1": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.39", "3.8.39", "3.9.37", "4.0.36", "4.1.36", "4.2.33", "4.3.29", "4.4.28", "4.5.27", "4.6.24", "4.7.24", "4.8.20", "4.9.21", "5.0.17", "5.1.14", "5.2.16", "5.3.13", "5.4.11", "5.5.10", "5.6.9", "5.7.7", "5.8.5", "5.9.4", "6.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5582e89-83e6-4898-b9fe-09eddeb5f7ae?source=api-scan" ], "published": "2022-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b55853e1-2f20-417f-b07e-eda758eaed32": { "id": "b55853e1-2f20-417f-b07e-eda758eaed32", "title": "Custom Field Template <= 2.5.8 - Cross-Site Request Forgery via Plugin Options Update", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b55853e1-2f20-417f-b07e-eda758eaed32?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b55a80ed-5e27-4087-a792-e78066a41399": { "id": "b55a80ed-5e27-4087-a792-e78066a41399", "title": "Advanced Shipment Tracking for WooCommerce <= 3.5.2 - Cross-Site Request Forgery via paginate_shipping_provider_list and filter_shipping_provider_list", "software": [ { "type": "plugin", "name": "Advanced Shipment Tracking for WooCommerce", "slug": "woo-advanced-shipment-tracking", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b55a80ed-5e27-4087-a792-e78066a41399?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b56076bd-4a15-4857-9443-b36eed66d5c2": { "id": "b56076bd-4a15-4857-9443-b36eed66d5c2", "title": "GDPR Compliance <= 1.2.5 - Authenticated (Subscriber+) Information Exposure", "software": [ { "type": "plugin", "name": "GDPR Compliance", "slug": "gdpr-compliance", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b56076bd-4a15-4857-9443-b36eed66d5c2?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5635423-d17a-4f04-a164-64bf141b6bb4": { "id": "b5635423-d17a-4f04-a164-64bf141b6bb4", "title": "IP Blacklist Cloud < 3.43 - Directory Traversal", "software": [ { "type": "plugin", "name": "IP Blacklist Cloud", "slug": "ip-blacklist-cloud", "affected_versions": { "[*, 3.43)": { "from_version": "*", "from_inclusive": true, "to_version": "3.43", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5635423-d17a-4f04-a164-64bf141b6bb4?source=api-scan" ], "published": "2015-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5639c00-f34c-45e3-8ff1-dfde7856a80e": { "id": "b5639c00-f34c-45e3-8ff1-dfde7856a80e", "title": "WPML <= 4.6.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpml", "slug": "wpml", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5639c00-f34c-45e3-8ff1-dfde7856a80e?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b563f0a0-4d9e-4b6c-baeb-437f9c48b557": { "id": "b563f0a0-4d9e-4b6c-baeb-437f9c48b557", "title": "Allegiant <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Allegiant", "slug": "allegiant", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b563f0a0-4d9e-4b6c-baeb-437f9c48b557?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5675962-7d7f-46f4-b588-e46af212e9c8": { "id": "b5675962-7d7f-46f4-b588-e46af212e9c8", "title": "Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better WordPress Google XML Sitemaps (support Sitemap Index, Multi-site and Google News)", "slug": "bwp-google-xml-sitemaps", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5675962-7d7f-46f4-b588-e46af212e9c8?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b56a5ff2-10cb-4eee-9409-7f8a22d00358": { "id": "b56a5ff2-10cb-4eee-9409-7f8a22d00358", "title": "WP Hotel Booking <= 2.0.0 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b56a5ff2-10cb-4eee-9409-7f8a22d00358?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b57d3d1d-dcdb-4f11-82d8-183778baa075": { "id": "b57d3d1d-dcdb-4f11-82d8-183778baa075", "title": "LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder", "slug": "wp-maintenance-mode", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b57d3d1d-dcdb-4f11-82d8-183778baa075?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b57dd8e3-e3e1-4d6b-b9dd-b5a24c4886b4": { "id": "b57dd8e3-e3e1-4d6b-b9dd-b5a24c4886b4", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirectRule' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b57dd8e3-e3e1-4d6b-b9dd-b5a24c4886b4?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5818587-0a52-4734-8f75-263b4ab5020e": { "id": "b5818587-0a52-4734-8f75-263b4ab5020e", "title": "ForumWP \u2013 Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover", "software": [ { "type": "plugin", "name": "ForumWP \u2013 Forum & Discussion Board", "slug": "forumwp", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5818587-0a52-4734-8f75-263b4ab5020e?source=api-scan" ], "published": "2024-09-06 01:21:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b581e866-2b3b-4d6f-8bd3-d370c6482d12": { "id": "b581e866-2b3b-4d6f-8bd3-d370c6482d12", "title": "User Registration < 2.0.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP User Manager \u2013 User Profile Builder & Membership", "slug": "wp-user-manager", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b581e866-2b3b-4d6f-8bd3-d370c6482d12?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b58403df-af09-4d74-88e6-140e3f2f291b": { "id": "b58403df-af09-4d74-88e6-140e3f2f291b", "title": "Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images \u2013 Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images \u2013 Lite", "slug": "image-map-pro-lite", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b58403df-af09-4d74-88e6-140e3f2f291b?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b58d905b-302e-47c3-8abb-354e7ff28a8f": { "id": "b58d905b-302e-47c3-8abb-354e7ff28a8f", "title": "JobSearch <= 2.5.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b58d905b-302e-47c3-8abb-354e7ff28a8f?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b594b771-4d0b-46e1-b4c6-751c994992af": { "id": "b594b771-4d0b-46e1-b4c6-751c994992af", "title": "QuickSwish <= 1.0.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "QuickSwish \u2013 WooCommerce Product Quick View", "slug": "quickswish", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b594b771-4d0b-46e1-b4c6-751c994992af?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b597e8a5-043e-440e-aaa2-38fb3eeb0731": { "id": "b597e8a5-043e-440e-aaa2-38fb3eeb0731", "title": "WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc <= 5.4.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 5.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b597e8a5-043e-440e-aaa2-38fb3eeb0731?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b59ac36c-41b7-46eb-9677-639e45187992": { "id": "b59ac36c-41b7-46eb-9677-639e45187992", "title": "Coming soon and Maintenance mode <= 3.5.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coming soon and Maintenance mode", "slug": "coming-soon-page", "affected_versions": { "[*, 3.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b59ac36c-41b7-46eb-9677-639e45187992?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b59b5c41-6173-485e-869d-4165dc18e2bd": { "id": "b59b5c41-6173-485e-869d-4165dc18e2bd", "title": "Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "* - 22.5": { "from_version": "*", "from_inclusive": true, "to_version": "22.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "22.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b59b5c41-6173-485e-869d-4165dc18e2bd?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b59decf5-938c-4a5f-a839-47e19e978c84": { "id": "b59decf5-938c-4a5f-a839-47e19e978c84", "title": "Recipe Card Blocks for Gutenberg & Elementor <= 3.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Recipe Card Blocks for Gutenberg & Elementor \u2013 Best WordPress Recipe Plugin", "slug": "recipe-card-blocks-by-wpzoom", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b59decf5-938c-4a5f-a839-47e19e978c84?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b59f13b9-8ad3-44a7-90a0-1f959ba55700": { "id": "b59f13b9-8ad3-44a7-90a0-1f959ba55700", "title": "WooCommerce Store Exporter <= 1.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More", "slug": "woocommerce-exporter", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b59f13b9-8ad3-44a7-90a0-1f959ba55700?source=api-scan" ], "published": "2014-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5a07a44-98f9-4795-8615-c73a9b161c74": { "id": "b5a07a44-98f9-4795-8615-c73a9b161c74", "title": "All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All In One Redirection", "slug": "all-in-one-redirection", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5a07a44-98f9-4795-8615-c73a9b161c74?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5a1baaa-d593-4559-953c-9393bde8d711": { "id": "b5a1baaa-d593-4559-953c-9393bde8d711", "title": "Ajax Search Lite < 3.11 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Ajax Search Lite", "slug": "ajax-search-lite", "affected_versions": { "[*, 3.11)": { "from_version": "*", "from_inclusive": true, "to_version": "3.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5a1baaa-d593-4559-953c-9393bde8d711?source=api-scan" ], "published": "2014-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5a45b0d-aa47-45ac-80a9-0a30af3f91ce": { "id": "b5a45b0d-aa47-45ac-80a9-0a30af3f91ce", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5a45b0d-aa47-45ac-80a9-0a30af3f91ce?source=api-scan" ], "published": "2014-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5a7ddea-76db-4009-83a0-92d9ccfe1da4": { "id": "b5a7ddea-76db-4009-83a0-92d9ccfe1da4", "title": "CZ Loan Management <= 1.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "CZ Loan Management", "slug": "cz-loan-management", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5a7ddea-76db-4009-83a0-92d9ccfe1da4?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5a99c97-19a4-41ab-a24f-3cc8f4be7073": { "id": "b5a99c97-19a4-41ab-a24f-3cc8f4be7073", "title": "WooCommerce Green Wallet Gateway <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Green Wallet Gateway", "slug": "greenwallet-gateway", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5a99c97-19a4-41ab-a24f-3cc8f4be7073?source=api-scan" ], "published": "2022-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5aa0222-1e70-4c06-860f-77643da4356c": { "id": "b5aa0222-1e70-4c06-860f-77643da4356c", "title": "Intelligence <= 1.4.0 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Intelligence", "slug": "intelligence", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5aa0222-1e70-4c06-860f-77643da4356c?source=api-scan" ], "published": "2024-07-26 13:05:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5ab022c-c16c-488b-b004-a7351f8fa3d3": { "id": "b5ab022c-c16c-488b-b004-a7351f8fa3d3", "title": "Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget", "software": [ { "type": "plugin", "name": "Elementor Header & Footer Builder", "slug": "header-footer-elementor", "affected_versions": { "* - 1.6.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5ab022c-c16c-488b-b004-a7351f8fa3d3?source=api-scan" ], "published": "2024-06-12 17:22:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5abfc19-dc34-4458-a0af-5587b7d5a6b9": { "id": "b5abfc19-dc34-4458-a0af-5587b7d5a6b9", "title": "Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slideshow, Image Slider by 2J", "slug": "2j-slideshow", "affected_versions": { "* - 1.3.54": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.54", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5abfc19-dc34-4458-a0af-5587b7d5a6b9?source=api-scan" ], "published": "2022-05-04 07:18:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5b24f80-d3a4-452b-bc83-3576bdc62829": { "id": "b5b24f80-d3a4-452b-bc83-3576bdc62829", "title": "EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EWWW Image Optimizer", "slug": "ewww-image-optimizer", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5b24f80-d3a4-452b-bc83-3576bdc62829?source=api-scan" ], "published": "2014-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5b5d36d-02de-4569-b2cf-addc122ebe34": { "id": "b5b5d36d-02de-4569-b2cf-addc122ebe34", "title": "Zip Attachments <= 1.5 - Directory Traversal", "software": [ { "type": "plugin", "name": "Zip Attachments", "slug": "zip-attachments", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5b5d36d-02de-4569-b2cf-addc122ebe34?source=api-scan" ], "published": "2015-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5ba2813-56ff-45d0-966a-f83da862ec13": { "id": "b5ba2813-56ff-45d0-966a-f83da862ec13", "title": "Slideshow Gallery <= 1.6.5 - Cross-Site Scripting via method", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5ba2813-56ff-45d0-966a-f83da862ec13?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5bd3852-c1a5-4d7d-b4fb-59911fba4873": { "id": "b5bd3852-c1a5-4d7d-b4fb-59911fba4873", "title": "WooCommerce Product Add-ons <= 6.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Product Add-ons", "slug": "woocommerce-product-addons", "affected_versions": { "* - 6.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5bd3852-c1a5-4d7d-b4fb-59911fba4873?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5bdf526-8378-413f-b51e-24351dd0774b": { "id": "b5bdf526-8378-413f-b51e-24351dd0774b", "title": "Ninja Forms <= 3.5.7 - Unprotected REST-API to Email Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5bdf526-8378-413f-b51e-24351dd0774b?source=api-scan" ], "published": "2021-09-22 15:21:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5c171fb-5053-455d-8aa0-db51b80f7a65": { "id": "b5c171fb-5053-455d-8aa0-db51b80f7a65", "title": "FiboSearch <= 1.17.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FiboSearch \u2013 Ajax Search for WooCommerce", "slug": "ajax-search-for-woocommerce", "affected_versions": { "[*, 1.17.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.17.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5c171fb-5053-455d-8aa0-db51b80f7a65?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5c4064b-6cfa-455c-9193-3d863be34f27": { "id": "b5c4064b-6cfa-455c-9193-3d863be34f27", "title": "Amen <= 3.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Amen", "slug": "amen", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5c4064b-6cfa-455c-9193-3d863be34f27?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5c600b4-10d6-4b0b-9ca0-7c629d383d33": { "id": "b5c600b4-10d6-4b0b-9ca0-7c629d383d33", "title": "Events Addon for Elementor <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Addon for Elementor", "slug": "events-addon-for-elementor", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5c600b4-10d6-4b0b-9ca0-7c629d383d33?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5c61212-e68e-4198-b078-18121576b767": { "id": "b5c61212-e68e-4198-b078-18121576b767", "title": "ShiftController Employee Shift Scheduling <= 4.9.25 - Reflected Cross-Site Scripting via Query String", "software": [ { "type": "plugin", "name": "ShiftController Employee Shift Scheduling", "slug": "shiftcontroller", "affected_versions": { "* - 4.9.25": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5c61212-e68e-4198-b078-18121576b767?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5c6f351-477b-4384-9863-fe3b45ddf21d": { "id": "b5c6f351-477b-4384-9863-fe3b45ddf21d", "title": "Oliver POS \u2013 A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Oliver POS \u2013 A WooCommerce Point of Sale (POS)", "slug": "oliver-pos", "affected_versions": { "* - 2.4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5c715f9-8655-448e-a8d2-71f24c9d48ba": { "id": "b5c715f9-8655-448e-a8d2-71f24c9d48ba", "title": "WP Attachments <= 5.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Attachments", "slug": "wp-attachments", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5c715f9-8655-448e-a8d2-71f24c9d48ba?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5c88472-0bb1-4bd9-9a72-154f0e95d104": { "id": "b5c88472-0bb1-4bd9-9a72-154f0e95d104", "title": "Use Any Font <= 6.3.08 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Use Any Font | Custom Font Uploader", "slug": "use-any-font", "affected_versions": { "* - 6.3.08": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.08", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.09" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5c88472-0bb1-4bd9-9a72-154f0e95d104?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5d69895-2fe6-40cf-8d4d-aa274067495a": { "id": "b5d69895-2fe6-40cf-8d4d-aa274067495a", "title": "Feed Them Social <= 1.6.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5d69895-2fe6-40cf-8d4d-aa274067495a?source=api-scan" ], "published": "2015-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5dfe2a5-612f-4e6c-a639-4afcff2ffa4c": { "id": "b5dfe2a5-612f-4e6c-a639-4afcff2ffa4c", "title": "WooCommerce <= 9.0.2 - Unauthenticated HTML Injection", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 9.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5dfe2a5-612f-4e6c-a639-4afcff2ffa4c?source=api-scan" ], "published": "2024-10-14 17:07:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5e0b875-ba8c-438f-b2b1-6c713ef604e5": { "id": "b5e0b875-ba8c-438f-b2b1-6c713ef604e5", "title": "WordPress Core < 4.4 - Brute Force Password Recovery Tokens", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5e0b875-ba8c-438f-b2b1-6c713ef604e5?source=api-scan" ], "published": "2015-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5e6d73c-0fa7-4ae2-be3b-5ab8f1721aa6": { "id": "b5e6d73c-0fa7-4ae2-be3b-5ab8f1721aa6", "title": "Redirection <= 2.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirection", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5e6d73c-0fa7-4ae2-be3b-5ab8f1721aa6?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5ebc99d-b82a-452b-8f53-bd96135aeecb": { "id": "b5ebc99d-b82a-452b-8f53-bd96135aeecb", "title": "WordPress Core < 5.8.3 - Super Admin Multi-Site Installation Object Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[3.7, 3.7.37)": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.37", "to_inclusive": false }, "[3.8, 3.8.37)": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.37", "to_inclusive": false }, "[3.9, 3.9.35)": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.35", "to_inclusive": false }, "[4.0, 4.0.34)": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.34", "to_inclusive": false }, "[4.1, 4.1.34)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.34", "to_inclusive": false }, "[4.2, 4.2.31)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.31", "to_inclusive": false }, "[4.3, 4.3.27)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.27", "to_inclusive": false }, "[4.4, 4.4.26)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.26", "to_inclusive": false }, "[4.5, 4.5.25)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.25", "to_inclusive": false }, "[4.6, 4.6.22)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.22", "to_inclusive": false }, "[4.7, 4.7.22)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.22", "to_inclusive": false }, "[4.8, 4.8.18)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.18", "to_inclusive": false }, "[4.9, 4.9.19)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.19", "to_inclusive": false }, "[5.0, 5.0.15)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.15", "to_inclusive": false }, "[5.1, 5.1.12)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.12", "to_inclusive": false }, "[5.2, 5.2.14)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.14", "to_inclusive": false }, "[5.3, 5.3.11)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.11", "to_inclusive": false }, "[5.4, 5.4.9)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": false }, "[5.5, 5.5.8)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.8", "to_inclusive": false }, "[5.6, 5.6.7)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.7", "to_inclusive": false }, "[5.7, 5.7.5)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": false }, "[5.8, 5.8.3)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.37", "3.8.37", "3.9.35", "4.0.34", "4.1.34", "4.2.31", "4.3.27", "4.4.26", "4.5.25", "4.6.22", "4.7.22", "4.8.18", "4.9.19", "5.0.15", "5.1.12", "5.2.14", "5.3.11", "5.4.9", "5.5.8", "5.6.7", "5.7.5", "5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5ebc99d-b82a-452b-8f53-bd96135aeecb?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5ec03e9-06bb-4677-b480-4ebdb33acd08": { "id": "b5ec03e9-06bb-4677-b480-4ebdb33acd08", "title": "Caldera Forms Google Sheets Connector <= 1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Caldera Forms Google Sheets Connector", "slug": "gsheetconnector-caldera-forms", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5ec03e9-06bb-4677-b480-4ebdb33acd08?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5ef15c4-c96b-4e88-a941-e34d23a0e06a": { "id": "b5ef15c4-c96b-4e88-a941-e34d23a0e06a", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_admin_widget function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5ef15c4-c96b-4e88-a941-e34d23a0e06a?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5f07017-e2b6-4051-8df8-3d0cfa59c7d9": { "id": "b5f07017-e2b6-4051-8df8-3d0cfa59c7d9", "title": "Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "* - 6.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5f07017-e2b6-4051-8df8-3d0cfa59c7d9?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5f4e9bf-b452-4425-8bf2-73be7857b3ef": { "id": "b5f4e9bf-b452-4425-8bf2-73be7857b3ef", "title": "Sumo <= 1.34 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation", "slug": "sumome", "affected_versions": { "* - 1.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5f4e9bf-b452-4425-8bf2-73be7857b3ef?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b5fd4dbe-6f44-45ef-9d49-4bc624fdcc57": { "id": "b5fd4dbe-6f44-45ef-9d49-4bc624fdcc57", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b5fd4dbe-6f44-45ef-9d49-4bc624fdcc57?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6008237-e4a8-4757-ae14-ac20c6f1b0af": { "id": "b6008237-e4a8-4757-ae14-ac20c6f1b0af", "title": "Simple Testimonials Showcase <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Testimonials Showcase", "slug": "simple-testimonials-showcase", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6008237-e4a8-4757-ae14-ac20c6f1b0af?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6048088-c11c-4741-8dde-da707f8f84f2": { "id": "b6048088-c11c-4741-8dde-da707f8f84f2", "title": "Wordpress File Upload 4.24.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.24.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6048088-c11c-4741-8dde-da707f8f84f2?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b605027a-4d65-4bfe-9daa-5b2f88811bc7": { "id": "b605027a-4d65-4bfe-9daa-5b2f88811bc7", "title": "Aspose Importer & Exporter (Discontinued) < 3.0 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "Aspose Importer & Exporter (Discontinued)", "slug": "aspose-importer-exporter", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b605027a-4d65-4bfe-9daa-5b2f88811bc7?source=api-scan" ], "published": "2015-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6066883-20e0-440d-9a96-7f4b06c670d2": { "id": "b6066883-20e0-440d-9a96-7f4b06c670d2", "title": "WordPress Core < 4.8.2 - Cross-Site Scripting via Shortcodes", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6066883-20e0-440d-9a96-7f4b06c670d2?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b606c7eb-39ce-40a0-b642-6f240f7c8c42": { "id": "b606c7eb-39ce-40a0-b642-6f240f7c8c42", "title": "Almera Responsive Portfolio Site Template < 2015-05-15 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Almera Responsive Portfolio Site Template", "slug": "almera", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b606c7eb-39ce-40a0-b642-6f240f7c8c42?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b60cb1af-c9f3-4cea-9699-d66a52eb87eb": { "id": "b60cb1af-c9f3-4cea-9699-d66a52eb87eb", "title": "DeepL Pro API translation <= 2.4.1.1 - Cross-Site Request Forgery via wpdeepl_prune_logs", "software": [ { "type": "plugin", "name": "DeepL API translation plugin", "slug": "wpdeepl", "affected_versions": { "* - 2.4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b60cb1af-c9f3-4cea-9699-d66a52eb87eb?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6119481-f399-4bba-a824-1d7346e7e155": { "id": "b6119481-f399-4bba-a824-1d7346e7e155", "title": "Hummingbird <= 3.3.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hummingbird Performance \u2013 Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN", "slug": "hummingbird-performance", "affected_versions": { "[*, 3.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6119481-f399-4bba-a824-1d7346e7e155?source=api-scan" ], "published": "2022-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b611f3ba-ac36-49fc-a75f-10003c5ca955": { "id": "b611f3ba-ac36-49fc-a75f-10003c5ca955", "title": "Credit Tracker <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Credit Tracker", "slug": "credit-tracker", "affected_versions": { "* - 1.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b611f3ba-ac36-49fc-a75f-10003c5ca955?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b614aab2-a3e3-410a-917b-cc33634503ce": { "id": "b614aab2-a3e3-410a-917b-cc33634503ce", "title": "MyBookTable Bookstore <= 3.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MyBookTable Bookstore by Stormhill Media", "slug": "mybooktable", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b614aab2-a3e3-410a-917b-cc33634503ce?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b616bb6c-0861-4920-a589-f2c5bb819164": { "id": "b616bb6c-0861-4920-a589-f2c5bb819164", "title": "Easy Social Share Buttons <= 1.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Share Buttons", "slug": "easy-social-share-buttons", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b616bb6c-0861-4920-a589-f2c5bb819164?source=api-scan" ], "published": "2024-10-09 13:32:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b616e275-855d-461e-8fcb-c96098e41dfd": { "id": "b616e275-855d-461e-8fcb-c96098e41dfd", "title": "Embed PDF Viewer <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via height and width Parameters", "software": [ { "type": "plugin", "name": "Embed PDF Viewer", "slug": "embed-pdf-viewer", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b616e275-855d-461e-8fcb-c96098e41dfd?source=api-scan" ], "published": "2024-10-08 18:54:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b61eb8b7-0d89-47ef-831c-1772d01e2c85": { "id": "b61eb8b7-0d89-47ef-831c-1772d01e2c85", "title": "Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b61eb8b7-0d89-47ef-831c-1772d01e2c85?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b62949fd-d73f-4c42-82c7-c29986bca1da": { "id": "b62949fd-d73f-4c42-82c7-c29986bca1da", "title": "Falang multilanguage for WordPress <= 1.3.49 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Falang multilanguage for WordPress", "slug": "falang", "affected_versions": { "* - 1.3.49": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.49", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b62949fd-d73f-4c42-82c7-c29986bca1da?source=api-scan" ], "published": "2024-05-10 08:52:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b62fb1a8-d62d-4d1f-bcce-a081432b9e61": { "id": "b62fb1a8-d62d-4d1f-bcce-a081432b9e61", "title": "Avirato hotels online booking engine <= 5.0.5 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Avirato hotels online booking engine", "slug": "avirato-calendar", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b62fb1a8-d62d-4d1f-bcce-a081432b9e61?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b631ba7f-105d-4fe4-9173-4f7eade92d54": { "id": "b631ba7f-105d-4fe4-9173-4f7eade92d54", "title": "BestWebSoft's Pinterest <= 1.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BestWebSoft\u2019s Pinterest", "slug": "bws-pinterest", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b631ba7f-105d-4fe4-9173-4f7eade92d54?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6369b41-d93f-4959-8fad-be69ef724b24": { "id": "b6369b41-d93f-4959-8fad-be69ef724b24", "title": "Extended Post Status <= 1.0.19 - Missing Authorization via wp_insert_post_data", "software": [ { "type": "plugin", "name": "Extended Post Status", "slug": "extended-post-status", "affected_versions": { "* - 1.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6369b41-d93f-4959-8fad-be69ef724b24?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b637ebfd-c273-428b-985c-6f5b6a03f263": { "id": "b637ebfd-c273-428b-985c-6f5b6a03f263", "title": "Contact Form Email <= 1.3.41 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.3.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b637ebfd-c273-428b-985c-6f5b6a03f263?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b63a8253-b6cc-4cca-baec-4d0e32e1b8d5": { "id": "b63a8253-b6cc-4cca-baec-4d0e32e1b8d5", "title": "WP TradingView <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP TradingView", "slug": "wp-tradingview", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b63a8253-b6cc-4cca-baec-4d0e32e1b8d5?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b63ccc9a-222d-4119-909b-d04bab78d663": { "id": "b63ccc9a-222d-4119-909b-d04bab78d663", "title": "EG-Attachments <= 2.1.3 - Reflected Cross-Site Scripting via 'paged'", "software": [ { "type": "plugin", "name": "EG-Attachments", "slug": "eg-attachments", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b63ccc9a-222d-4119-909b-d04bab78d663?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b63d8238-267f-4a40-9af0-37ae8b9ba26b": { "id": "b63d8238-267f-4a40-9af0-37ae8b9ba26b", "title": "Plainview Protect Passwords <= 1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plainview Protect Passwords", "slug": "plainview-protect-passwords", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b63d8238-267f-4a40-9af0-37ae8b9ba26b?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b63f0862-d817-49c6-8ac2-6143d21abc32": { "id": "b63f0862-d817-49c6-8ac2-6143d21abc32", "title": "PDF Embedder <= 4.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Embedder", "slug": "pdf-embedder", "affected_versions": { "* - 4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b63f0862-d817-49c6-8ac2-6143d21abc32?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b63f4de2-32e1-4c5e-a64d-fb66d2e2b3a8": { "id": "b63f4de2-32e1-4c5e-a64d-fb66d2e2b3a8", "title": "Use Memcached <= 1.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Use Memcached", "slug": "use-memcached", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b63f4de2-32e1-4c5e-a64d-fb66d2e2b3a8?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6422375-a819-4e92-92af-a0a4591dea26": { "id": "b6422375-a819-4e92-92af-a0a4591dea26", "title": "Portfolio Gallery <= 2.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Portfolio Gallery \u2013 Photo Gallery", "slug": "portfolio-gallery", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6422375-a819-4e92-92af-a0a4591dea26?source=api-scan" ], "published": "2016-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b644e61a-5842-43a6-9525-97e1339dcc94": { "id": "b644e61a-5842-43a6-9525-97e1339dcc94", "title": "Wordlift <= 3.37.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordLift \u2013 AI powered SEO \u2013 Schema", "slug": "wordlift", "affected_versions": { "* - 3.37.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.37.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.37.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b644e61a-5842-43a6-9525-97e1339dcc94?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b647a6c5-3710-43ec-bf31-87b5a26d54b3": { "id": "b647a6c5-3710-43ec-bf31-87b5a26d54b3", "title": "Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 5.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b647a6c5-3710-43ec-bf31-87b5a26d54b3?source=api-scan" ], "published": "2023-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b64921fe-1b09-49e7-b2ec-f708fba99c2a": { "id": "b64921fe-1b09-49e7-b2ec-f708fba99c2a", "title": "404 SEO Redirection <= 1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "404 SEO Redirection", "slug": "404-redirection-manager", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b64921fe-1b09-49e7-b2ec-f708fba99c2a?source=api-scan" ], "published": "2021-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b64bd2b9-56d5-47d4-9532-3718bf2381a7": { "id": "b64bd2b9-56d5-47d4-9532-3718bf2381a7", "title": "MainWP Broken Link Checker <= 4.0 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP Broken Link Checker", "slug": "mainwp-broken-links-checker-extension", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b64bd2b9-56d5-47d4-9532-3718bf2381a7?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b65184e6-8072-4dd7-8291-c92817e55beb": { "id": "b65184e6-8072-4dd7-8291-c92817e55beb", "title": "Stock Exporter for WooCommerce <= 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stock Exporter for WooCommerce", "slug": "stock-exporter-for-woocommerce", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b65184e6-8072-4dd7-8291-c92817e55beb?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6572733-3b3a-49c5-9ee3-52a7ab61c98d": { "id": "b6572733-3b3a-49c5-9ee3-52a7ab61c98d", "title": "Booking Ultra Pro <= 1.1.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6572733-3b3a-49c5-9ee3-52a7ab61c98d?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b65cdbe0-e258-4bb5-9a36-cbf57b75ce77": { "id": "b65cdbe0-e258-4bb5-9a36-cbf57b75ce77", "title": "Custom Background <= 3.2.2.67929 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Custom Background", "slug": "custom-background", "affected_versions": { "* - 3.2.2.67929": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2.67929", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b65cdbe0-e258-4bb5-9a36-cbf57b75ce77?source=api-scan" ], "published": "2014-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6616c4b-6021-42c8-afe1-bfd789b895ca": { "id": "b6616c4b-6021-42c8-afe1-bfd789b895ca", "title": "WP Sitemap Page <= 1.6.6 - Admin+ Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Sitemap Page", "slug": "wp-sitemap-page", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6616c4b-6021-42c8-afe1-bfd789b895ca?source=api-scan" ], "published": "2021-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b66540ec-7a01-431c-a8bf-dbced505bf1e": { "id": "b66540ec-7a01-431c-a8bf-dbced505bf1e", "title": "Podcast Subscribe Buttons < 1.4.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Podcast Subscribe Buttons", "slug": "podcast-subscribe-buttons", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b66540ec-7a01-431c-a8bf-dbced505bf1e?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6675c48-43d4-4394-a4a3-f753bdaa5c4e": { "id": "b6675c48-43d4-4394-a4a3-f753bdaa5c4e", "title": "PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Generator For Fluent Forms \u2013 The Contact Form Plugin", "slug": "fluentforms-pdf", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6675c48-43d4-4394-a4a3-f753bdaa5c4e?source=api-scan" ], "published": "2024-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b66e2537-f187-4237-b248-f8a361f9cb00": { "id": "b66e2537-f187-4237-b248-f8a361f9cb00", "title": "Elementor <= 3.13.1 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b66e2537-f187-4237-b248-f8a361f9cb00?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b66ef488-0efe-43dd-8938-a1881ed2560a": { "id": "b66ef488-0efe-43dd-8938-a1881ed2560a", "title": "Fan Page Widget by ThemeNcode <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fan Page Widget by ThemeNcode", "slug": "facebook-fan-page-widget", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b66ef488-0efe-43dd-8938-a1881ed2560a?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b67a677a-0425-40cd-b7c7-3c1d2a6a4b8e": { "id": "b67a677a-0425-40cd-b7c7-3c1d2a6a4b8e", "title": "140+ Widgets | Best Addons For Elementor \u2013 FREE <= 1.4.3 - Authenticated (Admin+) Cross Site Scripting", "software": [ { "type": "plugin", "name": "140+ Widgets | Xpro Addons For Elementor \u2013 FREE", "slug": "xpro-elementor-addons", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b67a677a-0425-40cd-b7c7-3c1d2a6a4b8e?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6840637-9b0f-4f3d-bb73-9e4527a5f326": { "id": "b6840637-9b0f-4f3d-bb73-9e4527a5f326", "title": "Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg", "slug": "borderless", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6840637-9b0f-4f3d-bb73-9e4527a5f326?source=api-scan" ], "published": "2024-05-14 10:06:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6846688-5716-4b22-8a1d-b96b230b0742": { "id": "b6846688-5716-4b22-8a1d-b96b230b0742", "title": "Quill Forms <= 3.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress", "slug": "quillforms", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6846688-5716-4b22-8a1d-b96b230b0742?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b68b6736-6552-4115-9702-bd178846544c": { "id": "b68b6736-6552-4115-9702-bd178846544c", "title": "GamiPress <= 6.8.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", "slug": "gamipress", "affected_versions": { "* - 6.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b68b6736-6552-4115-9702-bd178846544c?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b69122e2-1af6-4425-9c25-48d7682417f3": { "id": "b69122e2-1af6-4425-9c25-48d7682417f3", "title": "Social Snap <= 1.3.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Share Buttons, Social Sharing Icons, Click to Tweet \u2014 Social Media Plugin by Social Snap", "slug": "socialsnap", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b69122e2-1af6-4425-9c25-48d7682417f3?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b691560e-e285-467c-9d52-1620c63de1f0": { "id": "b691560e-e285-467c-9d52-1620c63de1f0", "title": "BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update\/Account Takeover", "software": [ { "type": "plugin", "name": "BA Book Everything", "slug": "ba-book-everything", "affected_versions": { "* - 1.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b691560e-e285-467c-9d52-1620c63de1f0?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6986569-a273-4aea-bc74-ef7277781661": { "id": "b6986569-a273-4aea-bc74-ef7277781661", "title": "XStore Core <= 5.3.8 - Authenticated (Subscriber+) Limited Arbitrary File Download", "software": [ { "type": "plugin", "name": "XStore Core", "slug": "et-core-plugin", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6986569-a273-4aea-bc74-ef7277781661?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6a54470-fc66-43c5-a523-ddbefd47ee1f": { "id": "b6a54470-fc66-43c5-a523-ddbefd47ee1f", "title": "Team Circle Image Slider With Lightbox 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Team Circle Image Slider With Lightbox", "slug": "circle-image-slider-with-lightbox", "affected_versions": { "1.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6a54470-fc66-43c5-a523-ddbefd47ee1f?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6a99d7f-f5b1-4bdc-ad67-353fea94d649": { "id": "b6a99d7f-f5b1-4bdc-ad67-353fea94d649", "title": "Transposh WordPress Translation <= 1.0.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6a99d7f-f5b1-4bdc-ad67-353fea94d649?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6ad08fb-d029-4f84-818c-911ae2d97f33": { "id": "b6ad08fb-d029-4f84-818c-911ae2d97f33", "title": "Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.60 - Reflected Cross-Site Scripting via 'lang'", "software": [ { "type": "plugin", "name": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", "slug": "mailin", "affected_versions": { "* - 3.1.60": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.60", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6ad08fb-d029-4f84-818c-911ae2d97f33?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6b0bb48-eb61-4236-a03f-19d5d2084a75": { "id": "b6b0bb48-eb61-4236-a03f-19d5d2084a75", "title": "Honeypot for WP Comment <= 2.2.3 - Directory Traversal to Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Honeypot for WP Comment", "slug": "honeypot-for-wp-comment", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6b0bb48-eb61-4236-a03f-19d5d2084a75?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6b43503-e6f0-4097-9e41-eaae7011b17b": { "id": "b6b43503-e6f0-4097-9e41-eaae7011b17b", "title": "Nexos - Real Estate WordPress Theme <= 1.7 - SQL Injection", "software": [ { "type": "theme", "name": "Nexos - Real Estate WordPress Theme", "slug": "nexos", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6b43503-e6f0-4097-9e41-eaae7011b17b?source=api-scan" ], "published": "2020-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6b68e35-ecfb-4876-8fee-c389077b2b4a": { "id": "b6b68e35-ecfb-4876-8fee-c389077b2b4a", "title": "Zlick Paywall < 2.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Zlick Paywall", "slug": "zlick-paywall", "affected_versions": { "[*, 2.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6b68e35-ecfb-4876-8fee-c389077b2b4a?source=api-scan" ], "published": "2021-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6b6fb24-f70b-44b0-a1e8-12ebc0e0c105": { "id": "b6b6fb24-f70b-44b0-a1e8-12ebc0e0c105", "title": "WordPress Core < 5.4.1 - Private Post Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.32": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.32", "to_inclusive": true }, "3.8 - 3.8.32": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.32", "to_inclusive": true }, "3.9 - 3.9.30": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.30", "to_inclusive": true }, "4.0 - 4.0.29": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.29", "to_inclusive": true }, "4.1 - 4.1.29": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.29", "to_inclusive": true }, "4.2 - 4.2.26": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.26", "to_inclusive": true }, "4.3 - 4.3.22": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.22", "to_inclusive": true }, "4.4 - 4.4.21": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.21", "to_inclusive": true }, "4.5 - 4.5.20": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.20", "to_inclusive": true }, "4.6 - 4.6.17": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.17", "to_inclusive": true }, "4.7 - 4.7.16": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.16", "to_inclusive": true }, "4.8 - 4.8.12": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.12", "to_inclusive": true }, "4.9 - 4.9.13": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true }, "5.0 - 5.0.8": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true }, "5.1 - 5.1.4": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true }, "5.2 - 5.2.5": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true }, "5.3 - 5.3.2": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true }, "5.4": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.33", "3.8.33", "3.9.31", "4.0.30", "4.1.30", "4.2.27", "4.3.23", "4.4.22", "4.5.21", "4.6.18", "4.7.17", "4.8.13", "4.9.14", "5.0.9", "5.1.5", "5.2.6", "5.3.3", "5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6b6fb24-f70b-44b0-a1e8-12ebc0e0c105?source=api-scan" ], "published": "2020-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe": { "id": "b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe", "title": "Exclusive Addons Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6bb8fea-8b2c-42da-a224-0719a584d92b": { "id": "b6bb8fea-8b2c-42da-a224-0719a584d92b", "title": "Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6bb8fea-8b2c-42da-a224-0719a584d92b?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6bbd7bd-e787-41aa-a4b2-004eaba07f50": { "id": "b6bbd7bd-e787-41aa-a4b2-004eaba07f50", "title": "WP Booking <= 2.4.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking", "slug": "wp-easy-booking", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6bbd7bd-e787-41aa-a4b2-004eaba07f50?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6bfe229-88a9-45bf-8321-0afe52797c46": { "id": "b6bfe229-88a9-45bf-8321-0afe52797c46", "title": "TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "TrustMate.io \u2013 WooCommerce integration", "slug": "trustmate-io-integration-for-woocommerce", "affected_versions": { "* - 1.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6bfe229-88a9-45bf-8321-0afe52797c46?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6bff35f-f881-4c60-9611-4a04727bac36": { "id": "b6bff35f-f881-4c60-9611-4a04727bac36", "title": "WooCommerce Eway Gateway <= 3.5.0 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WooCommerce Eway Gateway", "slug": "woocommerce-gateway-eway", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6bff35f-f881-4c60-9611-4a04727bac36?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6c3daf6-2225-4929-8e76-169d680118ba": { "id": "b6c3daf6-2225-4929-8e76-169d680118ba", "title": "Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Affiliate For WooCommerce", "slug": "affiliate-for-woocommerce", "affected_versions": { "* - 4.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6c3daf6-2225-4929-8e76-169d680118ba?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6c5cc05-b147-46f6-aaa9-4c82aae1b544": { "id": "b6c5cc05-b147-46f6-aaa9-4c82aae1b544", "title": "Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Last Viewed Posts by WPBeginner", "slug": "last-viewed-posts", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6c5cc05-b147-46f6-aaa9-4c82aae1b544?source=api-scan" ], "published": "2024-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6c5f933-b71b-4475-abdf-4cffff2a1a6c": { "id": "b6c5f933-b71b-4475-abdf-4cffff2a1a6c", "title": "ARI Stream Quiz <= 1.2.32 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ARI Stream Quiz \u2013 WordPress Quizzes Builder", "slug": "ari-stream-quiz", "affected_versions": { "* - 1.2.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6c5f933-b71b-4475-abdf-4cffff2a1a6c?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6c69a25-8986-4976-8753-ce8e5be311e2": { "id": "b6c69a25-8986-4976-8753-ce8e5be311e2", "title": "Absolute Privacy <= 2.0.5 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Absolute Privacy", "slug": "absolute-privacy", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6c69a25-8986-4976-8753-ce8e5be311e2?source=api-scan" ], "published": "2011-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6c9814e-e854-4420-9ec1-d843187bd9e7": { "id": "b6c9814e-e854-4420-9ec1-d843187bd9e7", "title": "Splash Header < 1.20.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Splash Header", "slug": "splash-header", "affected_versions": { "[*, 1.20.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6c9814e-e854-4420-9ec1-d843187bd9e7?source=api-scan" ], "published": "2021-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6cab377-0a8a-45d2-a966-4c7f100b9409": { "id": "b6cab377-0a8a-45d2-a966-4c7f100b9409", "title": "Portfolio Slideshow Pro <= 3.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Portfolio Slideshow Pro", "slug": "portfolio-slideshow-pro", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6cab377-0a8a-45d2-a966-4c7f100b9409?source=api-scan" ], "published": "2013-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6cf27d9-c0be-4cff-8867-19297f6d79d7": { "id": "b6cf27d9-c0be-4cff-8867-19297f6d79d7", "title": "WooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor", "software": [ { "type": "plugin", "name": "WooCommerce - PDF Vouchers", "slug": "woocommerce-pdf-vouchers", "affected_versions": { "* - 4.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6d054e4-0ef7-401d-9d81-24cc0f875432": { "id": "b6d054e4-0ef7-401d-9d81-24cc0f875432", "title": "WP Like Button <= 1.6.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Like Button", "slug": "wp-like-button", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6d054e4-0ef7-401d-9d81-24cc0f875432?source=api-scan" ], "published": "2019-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6d8212d-7e72-487d-a4e8-0582fa72f602": { "id": "b6d8212d-7e72-487d-a4e8-0582fa72f602", "title": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +10 Modules \u2013 All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6d8212d-7e72-487d-a4e8-0582fa72f602?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6d874a2-f0cd-49d2-b531-5d780db7d25d": { "id": "b6d874a2-f0cd-49d2-b531-5d780db7d25d", "title": "WP SMS <= 6.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6d874a2-f0cd-49d2-b531-5d780db7d25d?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6da046f-a16f-4a93-b3c6-04270538b7a9": { "id": "b6da046f-a16f-4a93-b3c6-04270538b7a9", "title": "RegistrationMagic <= 5.3.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6da046f-a16f-4a93-b3c6-04270538b7a9?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6de66ee-08f6-47f6-b6d1-edbf7bea70d8": { "id": "b6de66ee-08f6-47f6-b6d1-edbf7bea70d8", "title": "Custom Banners < 2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Banners", "slug": "custom-banners", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6de66ee-08f6-47f6-b6d1-edbf7bea70d8?source=api-scan" ], "published": "2014-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6de97ac-127d-47ec-8b74-03e7fa4932f6": { "id": "b6de97ac-127d-47ec-8b74-03e7fa4932f6", "title": "Pz-LinkCard <= 2.5.2 - Cross-Site Request Forgery via page_cacheman", "software": [ { "type": "plugin", "name": "Pz-LinkCard", "slug": "pz-linkcard", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6de97ac-127d-47ec-8b74-03e7fa4932f6?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6e26846-9fcf-4078-9b45-660463ec5b04": { "id": "b6e26846-9fcf-4078-9b45-660463ec5b04", "title": "GdeSlon Affiliate Shop <= 1.5.5 - Open Redirect", "software": [ { "type": "plugin", "name": "GdeSlon Affiliate Shop", "slug": "gdeslon-affiliate-shop", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6e26846-9fcf-4078-9b45-660463ec5b04?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6e3fb4d-985f-4fb7-bcf1-523792d8dac6": { "id": "b6e3fb4d-985f-4fb7-bcf1-523792d8dac6", "title": "Quiz And Survey Master <= 7.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6e3fb4d-985f-4fb7-bcf1-523792d8dac6?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6e4d8c3-f3ab-40f9-a8d2-77b53a8dba72": { "id": "b6e4d8c3-f3ab-40f9-a8d2-77b53a8dba72", "title": "WP Statistics <= 13.2.8 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "13.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6e4d8c3-f3ab-40f9-a8d2-77b53a8dba72?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6e587fb-118b-44b6-a2bb-1d621f02845c": { "id": "b6e587fb-118b-44b6-a2bb-1d621f02845c", "title": "Popup Manager <= 1.6.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Manager", "slug": "popup-manager", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6e587fb-118b-44b6-a2bb-1d621f02845c?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6ead872-76a7-49c3-af07-d87a4c68183f": { "id": "b6ead872-76a7-49c3-af07-d87a4c68183f", "title": "RegLevel <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RegLevel", "slug": "reglevel", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6ead872-76a7-49c3-af07-d87a4c68183f?source=api-scan" ], "published": "2024-07-17 14:02:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6ee571d-8db6-4e21-9a62-44e562b9a5fc": { "id": "b6ee571d-8db6-4e21-9a62-44e562b9a5fc", "title": "Pie Register 2.0.14-2.0.15 - SQL Injection", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "2.0.14 - 2.0.15": { "from_version": "2.0.14", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6ee571d-8db6-4e21-9a62-44e562b9a5fc?source=api-scan" ], "published": "2015-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6f7c956-16ce-4739-845b-15f426968808": { "id": "b6f7c956-16ce-4739-845b-15f426968808", "title": "WP Affiliate Platform <= 6.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "* - 6.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6f7c956-16ce-4739-845b-15f426968808?source=api-scan" ], "published": "2014-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6fe2905-c667-4e10-89d6-387eb233f33b": { "id": "b6fe2905-c667-4e10-89d6-387eb233f33b", "title": "Download Button for Elementor <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Button for Elementor", "slug": "download-button-for-elementor", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6fe2905-c667-4e10-89d6-387eb233f33b?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b6fe5f1a-787e-4662-915f-c6f04961e194": { "id": "b6fe5f1a-787e-4662-915f-c6f04961e194", "title": "WH Testimonials <= 3.0.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WH Testimonials", "slug": "wh-testimonials", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b6fe5f1a-787e-4662-915f-c6f04961e194?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b702f507-475a-4d45-8bb1-635f5f377c88": { "id": "b702f507-475a-4d45-8bb1-635f5f377c88", "title": "Custom Post Type List Shortcode <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Post Type List Shortcode", "slug": "custom-post-type-list-shortcode", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b702f507-475a-4d45-8bb1-635f5f377c88?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7039206-a25a-4aa0-87e2-be11dd1f12eb": { "id": "b7039206-a25a-4aa0-87e2-be11dd1f12eb", "title": "WordPress Review & Structure Data Schema Plugin \u2013 Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update", "software": [ { "type": "plugin", "name": "Review Schema \u2013 Review & Structure Data Schema Plugin", "slug": "review-schema", "affected_versions": { "* - 2.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b708b72f-d906-47c9-9bf7-a9397956db3d": { "id": "b708b72f-d906-47c9-9bf7-a9397956db3d", "title": "Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b708b72f-d906-47c9-9bf7-a9397956db3d?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b709f1f5-e89f-4d67-9460-2c65c138dc8f": { "id": "b709f1f5-e89f-4d67-9460-2c65c138dc8f", "title": "Logo Manager For Enamad <= 0.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Manager For Enamad", "slug": "logo-manager-for-enamad", "affected_versions": { "* - 0.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b709f1f5-e89f-4d67-9460-2c65c138dc8f?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b70e8bce-1793-40f0-bdb1-100cf5f431e9": { "id": "b70e8bce-1793-40f0-bdb1-100cf5f431e9", "title": "Export any WordPress data to XML\/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to Remote Code Execution", "software": [ { "type": "plugin", "name": "WP All Export Pro", "slug": "wp-all-export-pro", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] }, { "type": "plugin", "name": "Export any WordPress data to XML\/CSV", "slug": "wp-all-export", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b70e8bce-1793-40f0-bdb1-100cf5f431e9?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b70f5416-06e0-4b6f-b61d-b7c23575a171": { "id": "b70f5416-06e0-4b6f-b61d-b7c23575a171", "title": "All In One WP Security & Firewall <= 3.9.0 - SQL Injection", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "[*, 3.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b70f5416-06e0-4b6f-b61d-b7c23575a171?source=api-scan" ], "published": "2015-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b71348c8-9e86-432e-b05e-96884344cef6": { "id": "b71348c8-9e86-432e-b05e-96884344cef6", "title": "LogDash Activity Log <= 1.1.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "LogDash Activity Log", "slug": "logdash-activity-log", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b71348c8-9e86-432e-b05e-96884344cef6?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7162b78-65b7-4f80-83f0-47d9afc2ed65": { "id": "b7162b78-65b7-4f80-83f0-47d9afc2ed65", "title": "Ultimate Member <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7162b78-65b7-4f80-83f0-47d9afc2ed65?source=api-scan" ], "published": "2018-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b71bc259-d800-4f32-96a9-21da71472a6d": { "id": "b71bc259-d800-4f32-96a9-21da71472a6d", "title": "Event Tickets with Ticket Scanner <= 2.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Tickets with Ticket Scanner", "slug": "event-tickets-with-ticket-scanner", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b71bc259-d800-4f32-96a9-21da71472a6d?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b71e6219-09cc-484e-8c48-536797d974ce": { "id": "b71e6219-09cc-484e-8c48-536797d974ce", "title": "WordPress WP-Advanced-Search <= 3.3.3 - Unauthenticated Database Export", "software": [ { "type": "plugin", "name": "WordPress WP-Advanced-Search", "slug": "wp-advanced-search", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b71e6219-09cc-484e-8c48-536797d974ce?source=api-scan" ], "published": "2020-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b722bf4e-1e04-4d80-b359-7d43596751a8": { "id": "b722bf4e-1e04-4d80-b359-7d43596751a8", "title": "Flashlight <= 2.8.4 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Flashlight", "slug": "flashlight", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b722bf4e-1e04-4d80-b359-7d43596751a8?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7240711-e575-41ff-ba39-0255ca2aa9f5": { "id": "b7240711-e575-41ff-ba39-0255ca2aa9f5", "title": "Comment Extra Fields <= 1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comment Extra Fields", "slug": "comment-extra-field", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7240711-e575-41ff-ba39-0255ca2aa9f5?source=api-scan" ], "published": "2013-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b72a26dd-0d20-462e-bb71-ed83eae6766e": { "id": "b72a26dd-0d20-462e-bb71-ed83eae6766e", "title": "WP SVG Images <= 3.3 - Authenticated (author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "WP SVG Images", "slug": "wp-svg-images", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b72a26dd-0d20-462e-bb71-ed83eae6766e?source=api-scan" ], "published": "2021-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b72cfc20-b133-4682-91e1-497236aba035": { "id": "b72cfc20-b133-4682-91e1-497236aba035", "title": "WP-TopBar <= 5.36 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WP-TopBar", "slug": "wp-topbar", "affected_versions": { "* - 5.36": { "from_version": "*", "from_inclusive": true, "to_version": "5.36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b72cfc20-b133-4682-91e1-497236aba035?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b72dcc68-df81-47ac-bd73-6aee87611b90": { "id": "b72dcc68-df81-47ac-bd73-6aee87611b90", "title": "Advanced iFrame <= 2021.9 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced iFrame", "slug": "advanced-iframe", "affected_versions": { "* - 2021.9": { "from_version": "*", "from_inclusive": true, "to_version": "2021.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2022" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b72dcc68-df81-47ac-bd73-6aee87611b90?source=api-scan" ], "published": "2022-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b73467de-fb0c-45e3-b3ae-5158b261907b": { "id": "b73467de-fb0c-45e3-b3ae-5158b261907b", "title": "Button Generator \u2013 easily Button Builder <= 2.3.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Button Generator \u2013 easily Button Builder", "slug": "button-generation", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b73467de-fb0c-45e3-b3ae-5158b261907b?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7417e25-be35-4134-9d38-f8ee91f0d1cf": { "id": "b7417e25-be35-4134-9d38-f8ee91f0d1cf", "title": "Tabellen von faustball.com <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tabellen von faustball.com", "slug": "docollipics-faustball-de", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7417e25-be35-4134-9d38-f8ee91f0d1cf?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b74a5a4c-250a-46bc-bf08-2dd720de41ae": { "id": "b74a5a4c-250a-46bc-bf08-2dd720de41ae", "title": "Contact Form 7 Connector <= 1.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form 7 Connector", "slug": "ari-cf7-connector", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b74a5a4c-250a-46bc-bf08-2dd720de41ae?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b751191b-35a8-4331-ac3f-f6090221c65f": { "id": "b751191b-35a8-4331-ac3f-f6090221c65f", "title": "PT Sign Ups <= 1.0.4 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy", "slug": "ptoffice-sign-ups", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b751191b-35a8-4331-ac3f-f6090221c65f?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b758c8a7-6220-4b54-af88-7933a530b5ba": { "id": "b758c8a7-6220-4b54-af88-7933a530b5ba", "title": "ARI Stream Quiz <= 1.2.32 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ARI Stream Quiz \u2013 WordPress Quizzes Builder", "slug": "ari-stream-quiz", "affected_versions": { "* - 1.2.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b758c8a7-6220-4b54-af88-7933a530b5ba?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b761292e-375c-4657-a7a8-e11af28f45fa": { "id": "b761292e-375c-4657-a7a8-e11af28f45fa", "title": "iThemes Builder Style Manager < 0.7.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iThemes Builder Style Manager", "slug": "builder-style-manager", "affected_versions": { "[*, 0.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b761292e-375c-4657-a7a8-e11af28f45fa?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b766971c-c966-4ce1-814d-95efc988cfd9": { "id": "b766971c-c966-4ce1-814d-95efc988cfd9", "title": "Shortcodes Ultimate Pro <= 7.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcodes Ultimate Pro", "slug": "shortcodes-ultimate-pro", "affected_versions": { "* - 7.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b766971c-c966-4ce1-814d-95efc988cfd9?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b76b12ed-1bb4-4aa9-ab9f-06084c667f40": { "id": "b76b12ed-1bb4-4aa9-ab9f-06084c667f40", "title": "BizCalendar Web <= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab'", "software": [ { "type": "plugin", "name": "BizCalendar Web", "slug": "bizcalendar-web", "affected_versions": { "* - 1.1.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b76b12ed-1bb4-4aa9-ab9f-06084c667f40?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b76b3dd2-bf6b-4b18-9666-2ecbf628437c": { "id": "b76b3dd2-bf6b-4b18-9666-2ecbf628437c", "title": "S3Bubble Cloud Video with Adverts and Analytics < 4.8 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "S3Bubble Cloud Video with Adverts and Analytics", "slug": "s3bubble-amazon-s3-audio-streaming", "affected_versions": { "[*, 4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b76b3dd2-bf6b-4b18-9666-2ecbf628437c?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b76bddf3-96ad-4bb0-a37b-33b451da6713": { "id": "b76bddf3-96ad-4bb0-a37b-33b451da6713", "title": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b76bddf3-96ad-4bb0-a37b-33b451da6713?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b778048c-22e8-42ea-9d60-6e58b31a3035": { "id": "b778048c-22e8-42ea-9d60-6e58b31a3035", "title": "Carousel CK <= 1.1.0 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Carousel CK", "slug": "carousel-ck", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b778048c-22e8-42ea-9d60-6e58b31a3035?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b77c3d65-23c0-4bda-afea-9cad00fc04d6": { "id": "b77c3d65-23c0-4bda-afea-9cad00fc04d6", "title": "Invite Anyone <= 1.3.18 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Invite Anyone", "slug": "invite-anyone", "affected_versions": { "* - 1.3.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b77c3d65-23c0-4bda-afea-9cad00fc04d6?source=api-scan" ], "published": "2017-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b77ea258-dced-4c36-bd0d-8977a347d1c9": { "id": "b77ea258-dced-4c36-bd0d-8977a347d1c9", "title": "RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode", "software": [ { "type": "plugin", "name": "RSS Feed Widget", "slug": "rss-feed-widget", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=api-scan" ], "published": "2024-10-17 21:09:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b78985ad-37e5-4eb3-b3aa-716972423848": { "id": "b78985ad-37e5-4eb3-b3aa-716972423848", "title": "Fluent Support <= 1.8.0 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Fluent Support \u2013 Helpdesk & Customer Support Ticket System", "slug": "fluent-support", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b78985ad-37e5-4eb3-b3aa-716972423848?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b78eb275-bede-44f0-bf72-6931c37d78bf": { "id": "b78eb275-bede-44f0-bf72-6931c37d78bf", "title": "TS Poll \u2013 Best Poll Plugin for WordPress <1.3.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll", "slug": "poll-wp", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b78eb275-bede-44f0-bf72-6931c37d78bf?source=api-scan" ], "published": "2020-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b790db69-cccd-4adf-a7fa-f7db4dd96be6": { "id": "b790db69-cccd-4adf-a7fa-f7db4dd96be6", "title": "JS Help Desk \u2013 Best Help Desk & Support Plugin <= 2.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b790db69-cccd-4adf-a7fa-f7db4dd96be6?source=api-scan" ], "published": "2018-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7926ec6-3441-4062-93b2-6c2120c9f406": { "id": "b7926ec6-3441-4062-93b2-6c2120c9f406", "title": "SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode", "software": [ { "type": "plugin", "name": "SiteOrigin Widgets Bundle", "slug": "so-widgets-bundle", "affected_versions": { "* - 1.60.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.60.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.61.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7926ec6-3441-4062-93b2-6c2120c9f406?source=api-scan" ], "published": "2024-05-21 19:57:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b793a4cb-3130-428e-9b61-8ce29fcdaf70": { "id": "b793a4cb-3130-428e-9b61-8ce29fcdaf70", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b793a4cb-3130-428e-9b61-8ce29fcdaf70?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b796b514-b6ca-4a22-9340-df02fec97075": { "id": "b796b514-b6ca-4a22-9340-df02fec97075", "title": "WP Custom Post Template <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Custom Post Template", "slug": "wp-custom-post-template", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b796b514-b6ca-4a22-9340-df02fec97075?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7a07827-74bd-45ef-8035-277c35565d54": { "id": "b7a07827-74bd-45ef-8035-277c35565d54", "title": "Bravada <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Bravada", "slug": "bravada", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7a07827-74bd-45ef-8035-277c35565d54?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7a57c3b-0d1b-40ad-9e55-6a1eab4e0380": { "id": "b7a57c3b-0d1b-40ad-9e55-6a1eab4e0380", "title": "User Role Editor <= 4.24 - Authenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "User Role Editor", "slug": "user-role-editor", "affected_versions": { "[*, 4.25)": { "from_version": "*", "from_inclusive": true, "to_version": "4.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7a57c3b-0d1b-40ad-9e55-6a1eab4e0380?source=api-scan" ], "published": "2016-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7ac9097-b02b-4f0a-8bc3-6c6af0bdab89": { "id": "b7ac9097-b02b-4f0a-8bc3-6c6af0bdab89", "title": "Logo Slider and Showcase <= 1.3.36 - Settings Update", "software": [ { "type": "plugin", "name": "Logo Slider and Showcase", "slug": "wp-logo-showcase", "affected_versions": { "[*, 1.3.37)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.37", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7ac9097-b02b-4f0a-8bc3-6c6af0bdab89?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7b29589-804b-4d37-a3f4-919f0c1126c2": { "id": "b7b29589-804b-4d37-a3f4-919f0c1126c2", "title": "Neon - Bootstrap Admin Theme <= 2.0 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Neon - Bootstrap Admin Theme", "slug": "neon", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7b29589-804b-4d37-a3f4-919f0c1126c2?source=api-scan" ], "published": "2019-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7b86b0b-84df-4b58-b50a-d61af6e3c1d3": { "id": "b7b86b0b-84df-4b58-b50a-d61af6e3c1d3", "title": "Classic Addons \u2013 WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Classic Addons \u2013 WPBakery Page Builder", "slug": "classic-addons-wpbakery-page-builder-addons", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7b86b0b-84df-4b58-b50a-d61af6e3c1d3?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7beaa9e-517b-4717-b896-3e37424e27a3": { "id": "b7beaa9e-517b-4717-b896-3e37424e27a3", "title": "YOP Poll <= 6.3.4 - Author+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "* - 6.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7beaa9e-517b-4717-b896-3e37424e27a3?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7c0efd8-08c0-4283-a0bf-2f6ca3998668": { "id": "b7c0efd8-08c0-4283-a0bf-2f6ca3998668", "title": "Plezi < 1.0.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plezi", "slug": "plezi", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7c0efd8-08c0-4283-a0bf-2f6ca3998668?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7c37c4e-7a01-447c-a1d5-595c2012eb8c": { "id": "b7c37c4e-7a01-447c-a1d5-595c2012eb8c", "title": "Tooltipy < 5.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Tooltipy (tooltips for WP)", "slug": "bluet-keywords-tooltip-generator", "affected_versions": { "[*, 5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7c37c4e-7a01-447c-a1d5-595c2012eb8c?source=api-scan" ], "published": "2018-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7c39952-d179-4b40-9762-7815e881a560": { "id": "b7c39952-d179-4b40-9762-7815e881a560", "title": "Dynamic Word Spinner: CSS3 Animated Rotation <= 5.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Dynamic Word Spinner: CSS3 Animated Rotation", "slug": "css3-rotating-words", "affected_versions": { "* - 5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7c39952-d179-4b40-9762-7815e881a560?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7c630c0-b37f-48d5-a87c-8e7c60103a30": { "id": "b7c630c0-b37f-48d5-a87c-8e7c60103a30", "title": "WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accept Payments with Stripe \u2013 WP Full Pay for WordPress", "slug": "wp-full-stripe-free", "affected_versions": { "* - 7.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7c630c0-b37f-48d5-a87c-8e7c60103a30?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7c70db1-5058-45e5-bd12-3e2cab0338ad": { "id": "b7c70db1-5058-45e5-bd12-3e2cab0338ad", "title": "WordPress Core < 3.3.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7c70db1-5058-45e5-bd12-3e2cab0338ad?source=api-scan" ], "published": "2012-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7c808ff-546b-445e-af38-0b45cab3f307": { "id": "b7c808ff-546b-445e-af38-0b45cab3f307", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.5.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder-lite", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7c808ff-546b-445e-af38-0b45cab3f307?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7cc5b51-5fb4-470b-8d2d-581eceadde7b": { "id": "b7cc5b51-5fb4-470b-8d2d-581eceadde7b", "title": "WordPress Core < 4.0.1 - Cross-Site Request Forgery to Authentication Takeover", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.3": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true }, "3.8 - 3.8.3": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true }, "3.9 - 3.9.1": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4", "3.8.4", "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7cc5b51-5fb4-470b-8d2d-581eceadde7b?source=api-scan" ], "published": "2014-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7d1c57c-7aa2-4317-94ac-3fc48f87b98c": { "id": "b7d1c57c-7aa2-4317-94ac-3fc48f87b98c", "title": "Conversios.io <= 6.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress", "slug": "enhanced-e-commerce-for-woocommerce-store", "affected_versions": { "* - 6.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7d1c57c-7aa2-4317-94ac-3fc48f87b98c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7d475d5-9c00-409c-ac07-276242540123": { "id": "b7d475d5-9c00-409c-ac07-276242540123", "title": "BulletProof Security < .51.1 - SQL Injection", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "[*, .51.1)": { "from_version": "*", "from_inclusive": true, "to_version": ".51.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ ".51.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7d475d5-9c00-409c-ac07-276242540123?source=api-scan" ], "published": "2014-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7d84cb9-175f-433c-ab5c-d89621847b4d": { "id": "b7d84cb9-175f-433c-ab5c-d89621847b4d", "title": "Photo Gallery by 10Web <= 1.5.78 - Stored Cross-Site Scripting via Uploaded SVG", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.5.78": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.78", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.79" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7d84cb9-175f-433c-ab5c-d89621847b4d?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7d85921-9d70-4812-9c5f-11ee1d0821be": { "id": "b7d85921-9d70-4812-9c5f-11ee1d0821be", "title": "WP ERP <= 1.12.8 - Authenticated (Accounting manager+) SQL Injection", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.12.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7d85921-9d70-4812-9c5f-11ee1d0821be?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7d9200b-af1c-4cd2-9d34-eaff97d56967": { "id": "b7d9200b-af1c-4cd2-9d34-eaff97d56967", "title": "Meks Flexible Shortcodes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Meks Flexible Shortcodes", "slug": "meks-flexible-shortcodes", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7d9200b-af1c-4cd2-9d34-eaff97d56967?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7dac90c-d84a-4e93-a4c0-baaa5fee11c9": { "id": "b7dac90c-d84a-4e93-a4c0-baaa5fee11c9", "title": "Image Gallery with Slideshow Plugin <= 1.5.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Gallery with Slideshow Plugin", "slug": "image-gallery-with-slideshow", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7dac90c-d84a-4e93-a4c0-baaa5fee11c9?source=api-scan" ], "published": "2017-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7db3d45-2b96-4ba4-b258-08ee5e0b947b": { "id": "b7db3d45-2b96-4ba4-b258-08ee5e0b947b", "title": "Pro Mime Types <= 1.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Pro Mime Types \u2013 Manage file media types", "slug": "pro-mime-types", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7db3d45-2b96-4ba4-b258-08ee5e0b947b?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7dce0db-792f-4be2-a55d-b4fb7442b548": { "id": "b7dce0db-792f-4be2-a55d-b4fb7442b548", "title": "Indeed Membership Pro <= 12.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Indeed Membership Pro", "slug": "indeed-membership-pro", "affected_versions": { "* - 12.6": { "from_version": "*", "from_inclusive": true, "to_version": "12.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7dce0db-792f-4be2-a55d-b4fb7442b548?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7df753a-5399-45ff-894f-8f35868fe072": { "id": "b7df753a-5399-45ff-894f-8f35868fe072", "title": "Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CF7 Skins for Contact Form 7", "slug": "contact-form-7-skins", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7df753a-5399-45ff-894f-8f35868fe072?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7e2ca2e-c495-47f8-9c18-da5ba73d9e70": { "id": "b7e2ca2e-c495-47f8-9c18-da5ba73d9e70", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.74": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.74", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.75" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7e2ca2e-c495-47f8-9c18-da5ba73d9e70?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7e417c2-bf9c-4c88-be2b-9c2324897b07": { "id": "b7e417c2-bf9c-4c88-be2b-9c2324897b07", "title": "Laposta Signup Basic <= 1.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Laposta Signup Basic", "slug": "laposta-signup-basic", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7e417c2-bf9c-4c88-be2b-9c2324897b07?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7e504ef-9989-468f-9bd0-dd8416f16d85": { "id": "b7e504ef-9989-468f-9bd0-dd8416f16d85", "title": "BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bootstrap Shortcodes", "slug": "bootstrap-shortcodes", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7e504ef-9989-468f-9bd0-dd8416f16d85?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7e599b1-20fb-4260-bdc3-ef0653719b26": { "id": "b7e599b1-20fb-4260-bdc3-ef0653719b26", "title": "BizPrint <= 4.5.4 - Cross-Site Request Forgery to Cross-Site Scripting via process.php", "software": [ { "type": "plugin", "name": "Print Anywhere & Create PDFs of Order Receipts, Invoices, Labels & More.", "slug": "print-google-cloud-print-gcp-woocommerce", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7e599b1-20fb-4260-bdc3-ef0653719b26?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7ea6312-2703-47d1-909e-8c5fd05d9929": { "id": "b7ea6312-2703-47d1-909e-8c5fd05d9929", "title": "Web Directory Free <= 1.7.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Web Directory Free", "slug": "web-directory-free", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7ea6312-2703-47d1-909e-8c5fd05d9929?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7f52e71-da35-4b46-b658-d293f81b5dc9": { "id": "b7f52e71-da35-4b46-b658-d293f81b5dc9", "title": "Events Addon for Elementor <= 2.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Events Addon for Elementor", "slug": "events-addon-for-elementor", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7f52e71-da35-4b46-b658-d293f81b5dc9?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7fca965-86f8-4ee4-a9d6-cb18fe5f098e": { "id": "b7fca965-86f8-4ee4-a9d6-cb18fe5f098e", "title": "User Submitted Posts <= 20230901 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "slug": "user-submitted-posts", "affected_versions": { "* - 20230901": { "from_version": "*", "from_inclusive": true, "to_version": "20230901", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20230902" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7fca965-86f8-4ee4-a9d6-cb18fe5f098e?source=api-scan" ], "published": "2023-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b7fe772a-542e-4c3e-b1cb-05cce3b2ec3f": { "id": "b7fe772a-542e-4c3e-b1cb-05cce3b2ec3f", "title": "wordpress vertical image slider plugin < 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "wordpress vertical image slider plugin", "slug": "wp-vertical-image-slider", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b7fe772a-542e-4c3e-b1cb-05cce3b2ec3f?source=api-scan" ], "published": "2015-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b801e7d9-0ca0-471e-a524-af19ea0d85be": { "id": "b801e7d9-0ca0-471e-a524-af19ea0d85be", "title": "WordPress Core 5.4 - 5.8 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[5.4, 5.4.7)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.7", "to_inclusive": false }, "[5.5, 5.5.6)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.6", "to_inclusive": false }, "[5.6, 5.6.5)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.5", "to_inclusive": false }, "[5.7, 5.7.3)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.3", "to_inclusive": false }, "[5.8, 5.8.1)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.7", "5.5.6", "5.6.5", "5.7.3", "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b801e7d9-0ca0-471e-a524-af19ea0d85be?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b802b6bf-e70f-47ab-a72d-35f6341920eb": { "id": "b802b6bf-e70f-47ab-a72d-35f6341920eb", "title": "Widget Control Powered By Everyblock <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widget Control Powered By Everyblock", "slug": "widget-control-powered-by-everyblock", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b802b6bf-e70f-47ab-a72d-35f6341920eb?source=api-scan" ], "published": "2014-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b803ee40-733a-49bf-a134-406747541eb6": { "id": "b803ee40-733a-49bf-a134-406747541eb6", "title": "Broken Link Manager < 0.5.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Broken Link Manager", "slug": "broken-link-manager", "affected_versions": { "[*, 0.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b803ee40-733a-49bf-a134-406747541eb6?source=api-scan" ], "published": "2015-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b805b1d1-7f3f-4bd8-9f88-eced0b2556f8": { "id": "b805b1d1-7f3f-4bd8-9f88-eced0b2556f8", "title": "Accessibility Widget <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accessibility Widget", "slug": "accessibility-widget", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b805b1d1-7f3f-4bd8-9f88-eced0b2556f8?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b808450f-0ebf-4c49-a9e3-f1c1f2b1f632": { "id": "b808450f-0ebf-4c49-a9e3-f1c1f2b1f632", "title": "Announcement & Notification Banner \u2013 Bulletin <= 3.7.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Announcement & Notification Banner \u2013 Bulletin", "slug": "bulletin-announcements", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b808450f-0ebf-4c49-a9e3-f1c1f2b1f632?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b809ca97-ea82-4d56-a90a-e1ea9e7235ff": { "id": "b809ca97-ea82-4d56-a90a-e1ea9e7235ff", "title": "MM-Breaking News <= 0.7.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MM-Breaking News", "slug": "mm-breaking-news", "affected_versions": { "* - 0.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b809ca97-ea82-4d56-a90a-e1ea9e7235ff?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b80c2a5a-49f2-4b93-a1eb-a0be53aa921d": { "id": "b80c2a5a-49f2-4b93-a1eb-a0be53aa921d", "title": "Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Car Seller \u2013 Auto Classifieds Script", "slug": "cars-seller-auto-classifieds-script", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b80c2a5a-49f2-4b93-a1eb-a0be53aa921d?source=api-scan" ], "published": "2021-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b80c8888-e8d6-4458-ae93-8e4182060590": { "id": "b80c8888-e8d6-4458-ae93-8e4182060590", "title": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation", "software": [ { "type": "plugin", "name": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan", "slug": "antihacker", "affected_versions": { "* - 4.52": { "from_version": "*", "from_inclusive": true, "to_version": "4.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b80c8888-e8d6-4458-ae93-8e4182060590?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b80eb9fd-81f6-4bbf-ada1-125977a2ac01": { "id": "b80eb9fd-81f6-4bbf-ada1-125977a2ac01", "title": "JobSearch WP Job Board <= 1.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b80eb9fd-81f6-4bbf-ada1-125977a2ac01?source=api-scan" ], "published": "2020-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b811f085-9374-41e7-a9ab-fecff0b9e19d": { "id": "b811f085-9374-41e7-a9ab-fecff0b9e19d", "title": "Motor \u2013 Cars, Parts, Service, Equipments and Accessories WooCommerce Store < 3.1.0 - Local File Inclusion", "software": [ { "type": "theme", "name": "Motor \u2013 Cars, Parts, Service, Equipments and Accessories WooCommerce Store", "slug": "motor", "affected_versions": { "[*, 3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b811f085-9374-41e7-a9ab-fecff0b9e19d?source=api-scan" ], "published": "2021-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8133d84-e28c-4132-9eb5-941800320f84": { "id": "b8133d84-e28c-4132-9eb5-941800320f84", "title": "Quick Paypal Payments <= 5.7.25 - Missing Authorization", "software": [ { "type": "plugin", "name": "Quick Paypal Payments", "slug": "quick-paypal-payments", "affected_versions": { "* - 5.7.25": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8133d84-e28c-4132-9eb5-941800320f84?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b813f3d8-b765-4cf5-aec0-786140e2a0ce": { "id": "b813f3d8-b765-4cf5-aec0-786140e2a0ce", "title": "Wp Ultimate Review <= 2.2.5 - Unauthenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "WP Ultimate Review", "slug": "wp-ultimate-review", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b813f3d8-b765-4cf5-aec0-786140e2a0ce?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b81b06b4-559f-4b69-9fdd-e09e66525867": { "id": "b81b06b4-559f-4b69-9fdd-e09e66525867", "title": "Wallet System for WooCommerce <= 2.5.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wallet System for WooCommerce \u2013 Wallet, Secure Online Payments, Cashback, Refunds, Partial Payment, Wallet Restriction, WooCommerce Payment", "slug": "wallet-system-for-woocommerce", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b81b06b4-559f-4b69-9fdd-e09e66525867?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8205bfe-4586-42e9-b4f7-e46947396b6b": { "id": "b8205bfe-4586-42e9-b4f7-e46947396b6b", "title": "I LOVE IT! < 2.4 - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "I LOVE IT!", "slug": "iloveit", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8205bfe-4586-42e9-b4f7-e46947396b6b?source=api-scan" ], "published": "2013-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b824cab6-d340-487d-90ba-5b554db1da14": { "id": "b824cab6-d340-487d-90ba-5b554db1da14", "title": "BuddyPress <= 11.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 11.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "11.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b824cab6-d340-487d-90ba-5b554db1da14?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b825f4c2-8373-4aba-ab01-880cf0553b54": { "id": "b825f4c2-8373-4aba-ab01-880cf0553b54", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 2.4.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b825f4c2-8373-4aba-ab01-880cf0553b54?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8261317-462b-49c5-9526-20b695895e49": { "id": "b8261317-462b-49c5-9526-20b695895e49", "title": "FastDup <= 2.1.7 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "FastDup \u2013 Fastest WordPress Migration & Duplicator", "slug": "fastdup", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8261317-462b-49c5-9526-20b695895e49?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b829b7a1-2891-402b-a48f-a7fb1202448e": { "id": "b829b7a1-2891-402b-a48f-a7fb1202448e", "title": "Shortcode Factory <= 2.7 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Shortcode Factory", "slug": "shortcode-factory", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b829b7a1-2891-402b-a48f-a7fb1202448e?source=api-scan" ], "published": "2019-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b82a9ae8-ff82-40bf-a5d4-5175daab9146": { "id": "b82a9ae8-ff82-40bf-a5d4-5175daab9146", "title": "Instant CSS <= 1.1.4 - Missing Authorization via AJAX Actions", "software": [ { "type": "plugin", "name": "Instant CSS", "slug": "instant-css", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b82a9ae8-ff82-40bf-a5d4-5175daab9146?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8347b4e-a5ba-49c5-9ae6-690a1a5c9aac": { "id": "b8347b4e-a5ba-49c5-9ae6-690a1a5c9aac", "title": "tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "* - 12": { "from_version": "*", "from_inclusive": true, "to_version": "12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.1" ] }, { "type": "theme", "name": "Newsmag - Newspaper & Magazine WordPress Theme", "slug": "newsmag", "affected_versions": { "* - 5.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.2" ] }, { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "[*, 3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8347b4e-a5ba-49c5-9ae6-690a1a5c9aac?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b83abce2-077e-4892-908b-8de88cd0a298": { "id": "b83abce2-077e-4892-908b-8de88cd0a298", "title": "HL Twitter <= 2014.1.18 - Cross-Site Request Forgery to Twitter Account Unlink", "software": [ { "type": "plugin", "name": "HL Twitter", "slug": "hl-twitter", "affected_versions": { "* - 2014.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "2014.1.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b83abce2-077e-4892-908b-8de88cd0a298?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8428a92-8b0a-4a9a-8f7e-571c252973c2": { "id": "b8428a92-8b0a-4a9a-8f7e-571c252973c2", "title": "Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Beaver Themer", "slug": "beaver-themer", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8428a92-8b0a-4a9a-8f7e-571c252973c2?source=api-scan" ], "published": "2024-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8464cd2-eef0-419b-b368-6f86af4e8dd5": { "id": "b8464cd2-eef0-419b-b368-6f86af4e8dd5", "title": "myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "[*, 2.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8464cd2-eef0-419b-b368-6f86af4e8dd5?source=api-scan" ], "published": "2022-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b847d10d-254b-40e5-b5f9-1391834d63b4": { "id": "b847d10d-254b-40e5-b5f9-1391834d63b4", "title": "dTabs <= 1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "dTabs", "slug": "dtabs", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b847d10d-254b-40e5-b5f9-1391834d63b4?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b847f463-2837-4f91-bae6-a8058f36a7db": { "id": "b847f463-2837-4f91-bae6-a8058f36a7db", "title": "UltraAddons Elementor Lite <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)", "slug": "ultraaddons-elementor-lite", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b847f463-2837-4f91-bae6-a8058f36a7db?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b84c0f8c-25a7-47c7-93cf-9b5060c07c72": { "id": "b84c0f8c-25a7-47c7-93cf-9b5060c07c72", "title": "PPOM for WooCommerce <= 18.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PPOM \u2013 Product Addons & Custom Fields for WooCommerce", "slug": "woocommerce-product-addon", "affected_versions": { "[*, 18.4)": { "from_version": "*", "from_inclusive": true, "to_version": "18.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b84c0f8c-25a7-47c7-93cf-9b5060c07c72?source=api-scan" ], "published": "2019-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8520d91-9c31-413e-a7ac-f03cb48cb992": { "id": "b8520d91-9c31-413e-a7ac-f03cb48cb992", "title": "Kodex Posts likes <= 2.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kodex Posts likes", "slug": "kodex-posts-likes", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8520d91-9c31-413e-a7ac-f03cb48cb992?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8564dbb-6be8-4999-be65-d28609e05451": { "id": "b8564dbb-6be8-4999-be65-d28609e05451", "title": "Website Article Monetization By MageNet <= 1.0.11 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Website Article Monetization By MageNet", "slug": "website-article-monetization-by-magenet", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8564dbb-6be8-4999-be65-d28609e05451?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8580107-bbc1-4d6e-bb72-f1efc404d7b3": { "id": "b8580107-bbc1-4d6e-bb72-f1efc404d7b3", "title": "Latest Posts by BestWebSoft < 0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Latest Posts by BestWebSoft", "slug": "bws-latest-posts", "affected_versions": { "[*, 0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8580107-bbc1-4d6e-bb72-f1efc404d7b3?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b85b44ed-94cd-4d85-bcc5-60b50cdb94f1": { "id": "b85b44ed-94cd-4d85-bcc5-60b50cdb94f1", "title": "Duplicator < 0.5.10 - Arbitrary Backup Creation and Download", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "[*, 0.5.10)": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b85b44ed-94cd-4d85-bcc5-60b50cdb94f1?source=api-scan" ], "published": "2015-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b85d8451-5283-4a76-8565-c667a3d2d917": { "id": "b85d8451-5283-4a76-8565-c667a3d2d917", "title": "WooCommerce Currency Switcher <= 1.3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b85d8451-5283-4a76-8565-c667a3d2d917?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b85e9bf4-0006-402a-ae46-a02fa854d995": { "id": "b85e9bf4-0006-402a-ae46-a02fa854d995", "title": "Corner Ad <= 1.0.53 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Corner Ad", "slug": "corner-ad", "affected_versions": { "* - 1.0.53": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b85e9bf4-0006-402a-ae46-a02fa854d995?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8613acf-d6e8-434f-820b-d854ed1f6299": { "id": "b8613acf-d6e8-434f-820b-d854ed1f6299", "title": "Export any WordPress data to XML\/CSV <= 1.3.4 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Export any WordPress data to XML\/CSV", "slug": "wp-all-export", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8613acf-d6e8-434f-820b-d854ed1f6299?source=api-scan" ], "published": "2022-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8652b40-480c-4d53-b1c8-e1dcfbd8a4a4": { "id": "b8652b40-480c-4d53-b1c8-e1dcfbd8a4a4", "title": "AREA53 <= 1.0.5 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "AREA53", "slug": "area53", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8652b40-480c-4d53-b1c8-e1dcfbd8a4a4?source=api-scan" ], "published": "2013-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8672fd2-dc7a-4717-9d25-84180ad9b134": { "id": "b8672fd2-dc7a-4717-9d25-84180ad9b134", "title": "Backup and Staging by WP Time Capsule <= 1.21.15 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Backup and Staging by WP Time Capsule", "slug": "wp-time-capsule", "affected_versions": { "[*, 1.21.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.21.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8672fd2-dc7a-4717-9d25-84180ad9b134?source=api-scan" ], "published": "2020-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b86ff40d-45dd-4cb6-9a4e-16aaf1d35196": { "id": "b86ff40d-45dd-4cb6-9a4e-16aaf1d35196", "title": "Crony Cronjob Manager < 0.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crony Cronjob Manager", "slug": "crony", "affected_versions": { "[*, 0.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b86ff40d-45dd-4cb6-9a4e-16aaf1d35196?source=api-scan" ], "published": "2015-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b871883c-509b-4776-b550-349b3f5aa365": { "id": "b871883c-509b-4776-b550-349b3f5aa365", "title": "WordPress Gallery Exporter <= 1.3 - Authenticated (Administrator+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "WordPress Gallery Exporter \u2013 Export your NextGen, Envira and FooGallery galleries to your computer", "slug": "wp-gallery-exporter", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b871883c-509b-4776-b550-349b3f5aa365?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8721c4d-d89b-4e97-af01-20327013cfb6": { "id": "b8721c4d-d89b-4e97-af01-20327013cfb6", "title": "Launchpad \u2013 Coming Soon & Maintenance Mode Plugin <= 1.0.13 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Launchpad \u2013 Coming Soon & Maintenance Mode Plugin", "slug": "launchpad-by-obox", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8721c4d-d89b-4e97-af01-20327013cfb6?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b876ed30-66f5-4cad-a60c-104a0a793033": { "id": "b876ed30-66f5-4cad-a60c-104a0a793033", "title": "Multiplayer Games <= 3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multiplayer Games", "slug": "multiplayer-plugin", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b876ed30-66f5-4cad-a60c-104a0a793033?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b87f8bd6-d00d-4062-bf27-b698a1d7e757": { "id": "b87f8bd6-d00d-4062-bf27-b698a1d7e757", "title": "Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save", "software": [ { "type": "plugin", "name": "Protected Posts Logout Button", "slug": "protected-posts-logout-button", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b87f8bd6-d00d-4062-bf27-b698a1d7e757?source=api-scan" ], "published": "2023-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b883681e-5e14-4100-989b-4776456246bf": { "id": "b883681e-5e14-4100-989b-4776456246bf", "title": "SSV Events <= 3.2.7 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "SSV Events", "slug": "ssv-events", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b883681e-5e14-4100-989b-4776456246bf?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b884d3c9-7d84-44eb-9e94-b415625b479d": { "id": "b884d3c9-7d84-44eb-9e94-b415625b479d", "title": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio <= 0.59 - SQL Injection", "software": [ { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "* - 0.59": { "from_version": "*", "from_inclusive": true, "to_version": "0.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b884d3c9-7d84-44eb-9e94-b415625b479d?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8877261-c60c-4433-9a4d-f1a99cac66c0": { "id": "b8877261-c60c-4433-9a4d-f1a99cac66c0", "title": "Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "3.0 - 5.0.6": { "from_version": "3.0", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8877261-c60c-4433-9a4d-f1a99cac66c0?source=api-scan" ], "published": "2014-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b88efc1b-dc2d-4fe2-ba2b-e29898ed1bc4": { "id": "b88efc1b-dc2d-4fe2-ba2b-e29898ed1bc4", "title": "Paytm \u2013 Donation Plugin <= 1.3.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Paytm \u2013 Donation Plugin", "slug": "wp-paytm-pay", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b88efc1b-dc2d-4fe2-ba2b-e29898ed1bc4?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b890d168-9ea7-49c0-b628-71c76c0c2c9c": { "id": "b890d168-9ea7-49c0-b628-71c76c0c2c9c", "title": "Simple Banner <= 2.10.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Banner \u2013 Easily add multiple Banners\/Bars\/Notifications\/Announcements to the top or bottom of your website", "slug": "simple-banner", "affected_versions": { "* - 2.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b890d168-9ea7-49c0-b628-71c76c0c2c9c?source=api-scan" ], "published": "2021-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b89185c1-f7f9-47fb-ae8b-ba4c9f4e1d3e": { "id": "b89185c1-f7f9-47fb-ae8b-ba4c9f4e1d3e", "title": "Client Portal \u2013 Private user pages and login <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users function", "software": [ { "type": "plugin", "name": "Client Portal \u2013 Private user pages and login", "slug": "client-portal", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b89185c1-f7f9-47fb-ae8b-ba4c9f4e1d3e?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b894473b-b2ed-475b-892e-603db609f88a": { "id": "b894473b-b2ed-475b-892e-603db609f88a", "title": "JupiterX Core <= 3.3.8 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b894473b-b2ed-475b-892e-603db609f88a?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b897b16a-7580-47e2-a5cc-b4a08bc05ad2": { "id": "b897b16a-7580-47e2-a5cc-b4a08bc05ad2", "title": "Septera <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Septera", "slug": "septera", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b897b16a-7580-47e2-a5cc-b4a08bc05ad2?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b899296a-01df-45af-b966-2b80685c6853": { "id": "b899296a-01df-45af-b966-2b80685c6853", "title": "Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Active Products Tables for WooCommerce. Use constructor to create tables\u00a0", "slug": "profit-products-tables-for-woocommerce", "affected_versions": { "* - 1.0.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b899296a-01df-45af-b966-2b80685c6853?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b899ca76-d6f4-4369-8f66-738b144433b7": { "id": "b899ca76-d6f4-4369-8f66-738b144433b7", "title": "Analytify \u2013 Google Analytics Dashboard For WordPress <= 4.2.2 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b899ca76-d6f4-4369-8f66-738b144433b7?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b899d06f-a4e3-4cc5-a610-43372511b7da": { "id": "b899d06f-a4e3-4cc5-a610-43372511b7da", "title": "Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Blocks (Custom Post Widget)", "slug": "custom-post-widget", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b899d06f-a4e3-4cc5-a610-43372511b7da?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b89a1265-6e26-498c-a2b4-da12d38463c9": { "id": "b89a1265-6e26-498c-a2b4-da12d38463c9", "title": "Login Configurator <= 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login Configurator", "slug": "login-configurator", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b89a1265-6e26-498c-a2b4-da12d38463c9?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b89c51fe-c056-4d85-a6e3-6678ed93b9d8": { "id": "b89c51fe-c056-4d85-a6e3-6678ed93b9d8", "title": "LWS Cleaner <= 2.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LWS Cleaner", "slug": "lws-cleaner", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b89c51fe-c056-4d85-a6e3-6678ed93b9d8?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b89cf8ef-9fa0-4ede-8ec9-c166d0db74fe": { "id": "b89cf8ef-9fa0-4ede-8ec9-c166d0db74fe", "title": "wpMandrill <= 1.33 - Missing Authorization via getAjaxStats", "software": [ { "type": "plugin", "name": "wpMandrill", "slug": "wpmandrill", "affected_versions": { "* - 1.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.33", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b89cf8ef-9fa0-4ede-8ec9-c166d0db74fe?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8a26695-4793-418b-9a23-6709fe79ea4f": { "id": "b8a26695-4793-418b-9a23-6709fe79ea4f", "title": "Constant Contact Forms <= 2.0.2 - Missing Authorization via constant_contact_privacy_ajax_handler", "software": [ { "type": "plugin", "name": "Constant Contact Forms", "slug": "constant-contact-forms", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8a26695-4793-418b-9a23-6709fe79ea4f?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8a41eb6-8fb2-4274-a50b-571e85ac87f8": { "id": "b8a41eb6-8fb2-4274-a50b-571e85ac87f8", "title": "Import and export users and customers <= 1.14.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "[*, 1.14.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.14.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8a41eb6-8fb2-4274-a50b-571e85ac87f8?source=api-scan" ], "published": "2019-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8a598cf-bdd6-4249-a367-e3e8c6e3ef15": { "id": "b8a598cf-bdd6-4249-a367-e3e8c6e3ef15", "title": "flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_tags", "software": [ { "type": "plugin", "name": "flickrRSS", "slug": "flickr-rss", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8a598cf-bdd6-4249-a367-e3e8c6e3ef15?source=api-scan" ], "published": "2018-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8add6b9-8d53-4239-bbbc-d32a562fd9b9": { "id": "b8add6b9-8d53-4239-bbbc-d32a562fd9b9", "title": "NextMove Lite <= 2.18.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "NextMove Lite \u2013 Thank You Page for WooCommerce", "slug": "woo-thank-you-page-nextmove-lite", "affected_versions": { "* - 2.18.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8add6b9-8d53-4239-bbbc-d32a562fd9b9?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8b1a124-ad3a-4f17-9913-88bfda26dca9": { "id": "b8b1a124-ad3a-4f17-9913-88bfda26dca9", "title": "Gift Certificate Creator <= 1.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gift Certificate Creator", "slug": "gift-certificate-creator", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8b1a124-ad3a-4f17-9913-88bfda26dca9?source=api-scan" ], "published": "2017-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8b3419e-23c7-48de-898f-133a52ae286a": { "id": "b8b3419e-23c7-48de-898f-133a52ae286a", "title": "Ninja Forms Contact Form <= 3.6.33 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.33": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8b3419e-23c7-48de-898f-133a52ae286a?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8bbb54d-7607-4d19-bf2d-2d52a6de1287": { "id": "b8bbb54d-7607-4d19-bf2d-2d52a6de1287", "title": "Lead Octopus Power < 1.1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Lead-Octopus-Power", "slug": "Lead-Octopus-Power", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8bbb54d-7607-4d19-bf2d-2d52a6de1287?source=api-scan" ], "published": "2014-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8bd08d0-5c78-40a8-abc1-de387908df9d": { "id": "b8bd08d0-5c78-40a8-abc1-de387908df9d", "title": "Pagelayer <= 1.7.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via Header\/Footer code", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "[*, 1.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8bd08d0-5c78-40a8-abc1-de387908df9d?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8c18081-1ee3-4072-89f1-b6eb1518916e": { "id": "b8c18081-1ee3-4072-89f1-b6eb1518916e", "title": "Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Registrations for the Events Calendar \u2013 Event Registration Plugin", "slug": "registrations-for-the-events-calendar", "affected_versions": { "[*, 2.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8c18081-1ee3-4072-89f1-b6eb1518916e?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8c66ddd-8a01-40e0-8893-668551b527d1": { "id": "b8c66ddd-8a01-40e0-8893-668551b527d1", "title": "Recommend to a friend <= 2.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recommend to a friend", "slug": "recommend-a-friend", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8c66ddd-8a01-40e0-8893-668551b527d1?source=api-scan" ], "published": "2013-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8cbd521-f2d4-4cf6-a50f-ed42f4d21989": { "id": "b8cbd521-f2d4-4cf6-a50f-ed42f4d21989", "title": "PHP Shell (All Versions) - Backdoor", "software": [ { "type": "plugin", "name": "php-shell", "slug": "php-shell", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8cbd521-f2d4-4cf6-a50f-ed42f4d21989?source=api-scan" ], "published": "2008-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8cdd8b4-52e6-431b-b2f0-bfe1d0c1dd91": { "id": "b8cdd8b4-52e6-431b-b2f0-bfe1d0c1dd91", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8cdd8b4-52e6-431b-b2f0-bfe1d0c1dd91?source=api-scan" ], "published": "2014-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8ce34dc-b509-476a-8960-a0c9369a6d72": { "id": "b8ce34dc-b509-476a-8960-a0c9369a6d72", "title": "Sticky banner <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sticky banner", "slug": "sticky-banner", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8ce34dc-b509-476a-8960-a0c9369a6d72?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8cf9350-d207-49ae-865a-b2e016b41b55": { "id": "b8cf9350-d207-49ae-865a-b2e016b41b55", "title": "Dropdown and scrollable Text <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dropdown and scrollable Text", "slug": "dropdown-and-scrollable-text", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8cf9350-d207-49ae-865a-b2e016b41b55?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8d63789-16b3-443b-8dcb-67b1e5e25d20": { "id": "b8d63789-16b3-443b-8dcb-67b1e5e25d20", "title": "Cloudflare < 1.3.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cloudflare", "slug": "cloudflare", "affected_versions": { "[*, 1.3.21)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8d63789-16b3-443b-8dcb-67b1e5e25d20?source=api-scan" ], "published": "2016-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8daa685-d366-4b08-9f30-b14700fdee03": { "id": "b8daa685-d366-4b08-9f30-b14700fdee03", "title": "WD Instagram Feed <= 1.3.0 - Cross-site scripting", "software": [ { "type": "plugin", "name": "10WebSocial", "slug": "wd-instagram-feed", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8daa685-d366-4b08-9f30-b14700fdee03?source=api-scan" ], "published": "2018-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8e3a111-6327-47a0-becd-d7e2d9166118": { "id": "b8e3a111-6327-47a0-becd-d7e2d9166118", "title": "WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping", "software": [ { "type": "plugin", "name": "WP No External Links", "slug": "no-external-links", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8e3a111-6327-47a0-becd-d7e2d9166118?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8e3f779-9d25-4525-a827-8ce743bd889e": { "id": "b8e3f779-9d25-4525-a827-8ce743bd889e", "title": "New User Approve <= 2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "New User Approve", "slug": "new-user-approve", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8e3f779-9d25-4525-a827-8ce743bd889e?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8e64950-4f01-4391-8c65-2f25ff5bcc06": { "id": "b8e64950-4f01-4391-8c65-2f25ff5bcc06", "title": "Salon booking system <= 10.8.1 - Unauthenticated Open Redirect", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 10.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "10.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8e64950-4f01-4391-8c65-2f25ff5bcc06?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8e921f4-d889-490f-a817-53d132a56f83": { "id": "b8e921f4-d889-490f-a817-53d132a56f83", "title": "Stock Ticker <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scritping", "software": [ { "type": "plugin", "name": "Stock Ticker", "slug": "stock-ticker", "affected_versions": { "* - 3.23.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.23.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8e921f4-d889-490f-a817-53d132a56f83?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8eb3aa9-fe60-48b6-aa24-7873dd68b47e": { "id": "b8eb3aa9-fe60-48b6-aa24-7873dd68b47e", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.16.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8eec2f0-1b6f-45cf-8291-019bc1d08f9b": { "id": "b8eec2f0-1b6f-45cf-8291-019bc1d08f9b", "title": "Betheme <= 26.6.2 - Missing Authorization Check on Core Functionality", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "26.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8eec2f0-1b6f-45cf-8291-019bc1d08f9b?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8eeeed6-bb8c-47d3-afa5-84eb7ed2c971": { "id": "b8eeeed6-bb8c-47d3-afa5-84eb7ed2c971", "title": "OptimizePress < 1.6 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "OptimizePress", "slug": "optimizepress", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8eeeed6-bb8c-47d3-afa5-84eb7ed2c971?source=api-scan" ], "published": "2013-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8f24fae-6a8b-4c67-a204-c085ae43552f": { "id": "b8f24fae-6a8b-4c67-a204-c085ae43552f", "title": "Download Manager <= 3.2.34 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.2.35)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.35", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8f24fae-6a8b-4c67-a204-c085ae43552f?source=api-scan" ], "published": "2022-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8f30220-4f6e-458b-a053-8d8277150237": { "id": "b8f30220-4f6e-458b-a053-8d8277150237", "title": "MZ Mindbody API <= 2.8.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MZ Mindbody API", "slug": "mz-mindbody-api", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8f30220-4f6e-458b-a053-8d8277150237?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8f53053-5150-4fba-b8d6-3d6c9df32c69": { "id": "b8f53053-5150-4fba-b8d6-3d6c9df32c69", "title": "WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8f53053-5150-4fba-b8d6-3d6c9df32c69?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8f870a6-26a5-4f98-9bd6-12736c561265": { "id": "b8f870a6-26a5-4f98-9bd6-12736c561265", "title": "GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GDPR CCPA Compliance & Cookie Consent Banner", "slug": "ninja-gdpr-compliance", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8f870a6-26a5-4f98-9bd6-12736c561265?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8faa34a-17fd-4a2e-b8bf-ed40fc7a88d9": { "id": "b8faa34a-17fd-4a2e-b8bf-ed40fc7a88d9", "title": "Stock Sync for WooCommerce <= 2.3.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Stock Sync for WooCommerce", "slug": "stock-sync-for-woocommerce", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8faa34a-17fd-4a2e-b8bf-ed40fc7a88d9?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8fc89c0-292d-47b4-90b3-79edf3a9e76d": { "id": "b8fc89c0-292d-47b4-90b3-79edf3a9e76d", "title": "BeRocket Plugins <= (Various Versions) - Missing Authorization", "software": [ { "type": "plugin", "name": "Sales Report for WooCommerce", "slug": "sales-report-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Load More Products for WooCommerce", "slug": "load-more-products-for-woocommerce", "affected_versions": { "* - 1.1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9.8" ] }, { "type": "plugin", "name": "Pagination Styler for WooCommerce", "slug": "pagination-styler-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Product of the Day for WooCommerce", "slug": "product-of-the-day-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Splash Popup for WooCommerce", "slug": "splash-popup-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Terms and Conditions Popup for WooCommerce", "slug": "terms-and-conditions-popup-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Force Sell for WooCommerce", "slug": "force-sell-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Products Suggestions for WooCommerce", "slug": "cart-products-suggestions-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Cart Notices for WooCommerce", "slug": "cart-notices-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Sequential Order Numbers for WooCommerce", "slug": "sequential-order-numbers-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Grid\/List View for WooCommerce", "slug": "gridlist-view-for-woocommerce", "affected_versions": { "* - 1.1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3.7" ] }, { "type": "plugin", "name": "Currency Exchange for WooCommerce", "slug": "currency-exchange-for-woocommerce", "affected_versions": { "* - 3.5.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.8" ] }, { "type": "plugin", "name": "Product Tabs Manager for WooCommerce", "slug": "product-tabs-manager-for-woocommerce", "affected_versions": { "* - 1.1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5.8" ] }, { "type": "plugin", "name": "Wishlist and Waitlist for WooCommerce", "slug": "wish-wait-list-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] }, { "type": "plugin", "name": "Advanced Product Labels for WooCommerce", "slug": "advanced-product-labels-for-woocommerce", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4.1" ] }, { "type": "plugin", "name": "Min and Max Quantity for WooCommerce", "slug": "minmax-quantity-for-woocommerce", "affected_versions": { "* - 1.3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.7" ] }, { "type": "plugin", "name": "Products Compare for WooCommerce", "slug": "products-compare-for-woocommerce", "affected_versions": { "* - 3.5.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.8" ] }, { "type": "plugin", "name": "Product Watermark for WooCommerce", "slug": "product-watermark-for-woocommerce", "affected_versions": { "* - 1.3.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5.7" ] }, { "type": "plugin", "name": "Brands for WooCommerce", "slug": "brands-for-woocommerce", "affected_versions": { "* - 3.7.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0.6" ] }, { "type": "plugin", "name": "Product Preview for WooCommerce", "slug": "product-preview-for-woocommerce", "affected_versions": { "* - 3.5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan" ], "published": "2022-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8fcf1fb-c7ed-4a02-bb03-7f0a89f4c4e1": { "id": "b8fcf1fb-c7ed-4a02-bb03-7f0a89f4c4e1", "title": "Simple Testimonials Showcase <= 1.1.6 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Testimonials Showcase", "slug": "simple-testimonials-showcase", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8fcf1fb-c7ed-4a02-bb03-7f0a89f4c4e1?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b8fe4fe5-2b13-4001-a177-0d182aa2af30": { "id": "b8fe4fe5-2b13-4001-a177-0d182aa2af30", "title": "PropertyHive <= 2.0.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b8fe4fe5-2b13-4001-a177-0d182aa2af30?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9002f6e-4345-4908-9cb8-9841a2458eb7": { "id": "b9002f6e-4345-4908-9cb8-9841a2458eb7", "title": "CartFlows <= 1.11.11 - Insecure Direct Object Reference to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce", "slug": "cartflows", "affected_versions": { "[*, 1.11.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9002f6e-4345-4908-9cb8-9841a2458eb7?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b901b3f8-8bbd-42ef-8e0c-de6d09c4950f": { "id": "b901b3f8-8bbd-42ef-8e0c-de6d09c4950f", "title": "Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b901b3f8-8bbd-42ef-8e0c-de6d09c4950f?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b90267c6-e6b4-4ca0-8779-c20f62016eeb": { "id": "b90267c6-e6b4-4ca0-8779-c20f62016eeb", "title": "VDZ Google Analytics or Google Tag Manager \/ GTM <= 1.5.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VDZ Google Analytics or Google Tag Manager \/ GTM", "slug": "vdz-google-analytics", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b90267c6-e6b4-4ca0-8779-c20f62016eeb?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9047775-2d72-4eb5-9339-419f95aa19b2": { "id": "b9047775-2d72-4eb5-9339-419f95aa19b2", "title": "Acme Fix Images <= 1.0.0 - Missing Authorization via acme_fix_images_ajax_callback", "software": [ { "type": "plugin", "name": "Acme Fix Images \u2013 Regenerate Thumbnails", "slug": "acme-fix-images", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9047775-2d72-4eb5-9339-419f95aa19b2?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b905b8ec-d13d-4455-9c5f-61aaa09d75ba": { "id": "b905b8ec-d13d-4455-9c5f-61aaa09d75ba", "title": "HUSKY \u2013 Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b905b8ec-d13d-4455-9c5f-61aaa09d75ba?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b90640d2-d6f4-4c3b-8e9b-038d57f5fd6f": { "id": "b90640d2-d6f4-4c3b-8e9b-038d57f5fd6f", "title": "OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API", "software": [ { "type": "plugin", "name": "OMGF | GDPR\/DSGVO Compliant, Faster Google Fonts. Easy.", "slug": "host-webfonts-local", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b90640d2-d6f4-4c3b-8e9b-038d57f5fd6f?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b90b7f6c-df7f-48a5-b283-cf5facbd71e5": { "id": "b90b7f6c-df7f-48a5-b283-cf5facbd71e5", "title": "VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update", "software": [ { "type": "plugin", "name": "VK Blocks", "slug": "vk-blocks", "affected_versions": { "* - 1.57.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.57.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.58.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b90b7f6c-df7f-48a5-b283-cf5facbd71e5?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b910b678-5869-43e6-8993-fcf53fe4c66f": { "id": "b910b678-5869-43e6-8993-fcf53fe4c66f", "title": "BuddyPress Customer.io Analytics Integration <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "BuddyPress Customer.io Analytics Integration", "slug": "bpcustomerio", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b910b678-5869-43e6-8993-fcf53fe4c66f?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b919f11b-c57f-4511-8fd6-9e83d2855266": { "id": "b919f11b-c57f-4511-8fd6-9e83d2855266", "title": "WPCS <= 1.2.0.3 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "WPCS \u2013 WordPress Currency Switcher Professional", "slug": "currency-switcher", "affected_versions": { "* - 1.2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b919f11b-c57f-4511-8fd6-9e83d2855266?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b91cd230-7e84-4dbf-8aad-18b54bfdc4e7": { "id": "b91cd230-7e84-4dbf-8aad-18b54bfdc4e7", "title": "sitetweet <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "sitetweet", "slug": "sitetweet-tweets-user-behaviors-on-your-site-on-twitter", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b91cd230-7e84-4dbf-8aad-18b54bfdc4e7?source=api-scan" ], "published": "2024-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b91ec428-8444-4304-8901-4bc3ef146e3e": { "id": "b91ec428-8444-4304-8901-4bc3ef146e3e", "title": "Easy WordPress Subscribe \u2013 Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter", "software": [ { "type": "plugin", "name": "Easy WordPress Subscribe \u2013 Optin Hound", "slug": "opt-in-hound", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b91ec428-8444-4304-8901-4bc3ef146e3e?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b91f3db6-5331-48d4-9c79-9ecba0870be2": { "id": "b91f3db6-5331-48d4-9c79-9ecba0870be2", "title": "Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photo Gallery by Supsystic", "slug": "gallery-by-supsystic", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b91f3db6-5331-48d4-9c79-9ecba0870be2?source=api-scan" ], "published": "2016-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b924261f-1e1a-4565-a22e-ba592912d270": { "id": "b924261f-1e1a-4565-a22e-ba592912d270", "title": "YITH WooCommerce Multi Vendor <= 3.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Multi Vendor", "slug": "yith-woocommerce-product-vendors", "affected_versions": { "[*, 3.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b924261f-1e1a-4565-a22e-ba592912d270?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b926243c-ed12-4afe-ac72-932d4d871019": { "id": "b926243c-ed12-4afe-ac72-932d4d871019", "title": "Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page", "software": [ { "type": "plugin", "name": "Short URL", "slug": "shorten-url", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b926243c-ed12-4afe-ac72-932d4d871019?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b92c3d68-2e3e-4500-8da9-f89373126445": { "id": "b92c3d68-2e3e-4500-8da9-f89373126445", "title": "Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scroll Triggered Box", "slug": "dreamgrow-scroll-triggered-box", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b92c3d68-2e3e-4500-8da9-f89373126445?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b92deadd-a50c-406d-afdf-301453967880": { "id": "b92deadd-a50c-406d-afdf-301453967880", "title": "NewsMash <= 1.0.34 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "NewsMash", "slug": "newsmash", "affected_versions": { "* - 1.0.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.35" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b92deadd-a50c-406d-afdf-301453967880?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3": { "id": "b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3", "title": "Quick Contact Form <= 8.0.3.1 - Cross-Site Request Forgery to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Quick Contact Form", "slug": "quick-contact-form", "affected_versions": { "* - 8.0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b937940c-a3e0-49d3-b066-550b78351b54": { "id": "b937940c-a3e0-49d3-b066-550b78351b54", "title": "WP Fastest Cache <= 1.1.4 - Authenticated(Administrator+) Blind Server Side Request Forgery via check_url", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b937940c-a3e0-49d3-b066-550b78351b54?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b937cbfb-d43c-4cda-b247-921661cbc0ad": { "id": "b937cbfb-d43c-4cda-b247-921661cbc0ad", "title": "Blocksy Companion <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blocksy Companion", "slug": "blocksy-companion", "affected_versions": { "* - 2.0.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b937cbfb-d43c-4cda-b247-921661cbc0ad?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9394801-4a74-4327-9afd-35f4166c2abb": { "id": "b9394801-4a74-4327-9afd-35f4166c2abb", "title": "WP Home Page Menu < 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Home Page Menu", "slug": "wp-home-page-menu", "affected_versions": { "[*, 3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9394801-4a74-4327-9afd-35f4166c2abb?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b93af9cc-cd9a-4bbb-8cb1-bf45c59e469c": { "id": "b93af9cc-cd9a-4bbb-8cb1-bf45c59e469c", "title": "Link Library <= 7.6.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b93af9cc-cd9a-4bbb-8cb1-bf45c59e469c?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b93e9e84-1675-4128-a018-03833ff75943": { "id": "b93e9e84-1675-4128-a018-03833ff75943", "title": "Advanced Custom Fields <= 6.2.10 - Authenticated (Contributor+) Arbitrary Custom Field Access", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 6.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.0" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "* - 6.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b93e9e84-1675-4128-a018-03833ff75943?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b93f66ac-5c9b-483a-a7ad-0a404d3935e0": { "id": "b93f66ac-5c9b-483a-a7ad-0a404d3935e0", "title": "WooCommerce Pre-Orders <= 1.9.0 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Pre-Orders", "slug": "woocommerce-pre-orders", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b93f66ac-5c9b-483a-a7ad-0a404d3935e0?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b93f8036-4a89-45e6-b86f-9d57e1662a35": { "id": "b93f8036-4a89-45e6-b86f-9d57e1662a35", "title": "Fantastic Content Protector Free <= 2.6 - Missing Authorization via update_setting_fantastic_content_protector", "software": [ { "type": "plugin", "name": "Fantastic Content Protector Free", "slug": "fantastic-content-protector-free", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b93f8036-4a89-45e6-b86f-9d57e1662a35?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9412cb1-54b5-4544-8571-0a1185e7f456": { "id": "b9412cb1-54b5-4544-8571-0a1185e7f456", "title": "Neuvoo Jobroll <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "neuvoo-jobroll", "slug": "neuvoo-jobroll", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9412cb1-54b5-4544-8571-0a1185e7f456?source=api-scan" ], "published": "2015-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b94202ef-75d6-4b6f-96b5-f9760cc0a628": { "id": "b94202ef-75d6-4b6f-96b5-f9760cc0a628", "title": "Squaretype - Modern Blog WordPress Theme < 3.0.4 - Authorization Bypass", "software": [ { "type": "theme", "name": "Squaretype - Modern Blog WordPress Theme", "slug": "squaretype", "affected_versions": { "[*, 3.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b94202ef-75d6-4b6f-96b5-f9760cc0a628?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b946ee73-4cf9-48c8-b456-285b118c6b05": { "id": "b946ee73-4cf9-48c8-b456-285b118c6b05", "title": "Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "* - 3.8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b946ee73-4cf9-48c8-b456-285b118c6b05?source=api-scan" ], "published": "2024-07-08 19:39:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b947bd68-2dfa-4637-8f10-39c283fdac70": { "id": "b947bd68-2dfa-4637-8f10-39c283fdac70", "title": "Popup Box \u2013 Best WordPress Popup Plugin <= 3.7.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "* - 3.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b947bd68-2dfa-4637-8f10-39c283fdac70?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b948574a-0aab-4596-83e6-04be21f78bc1": { "id": "b948574a-0aab-4596-83e6-04be21f78bc1", "title": "YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization", "software": [ { "type": "plugin", "name": "YITH WooCommerce Bulk Product Editing", "slug": "yith-woocommerce-bulk-product-editing", "affected_versions": { "* - 1.2.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.27", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Product Gallery & Image Zoom", "slug": "yith-woocommerce-zoom-magnifier", "affected_versions": { "* - 2.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Popup", "slug": "yith-woocommerce-popup", "affected_versions": { "* - 1.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.21.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Badge Management", "slug": "yith-woocommerce-badges-management", "affected_versions": { "* - 2.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Product Add-Ons", "slug": "yith-woocommerce-product-add-ons", "affected_versions": { "* - 2.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Tab Manager", "slug": "yith-woocommerce-tab-manager", "affected_versions": { "* - 1.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.17.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Questions and Answers", "slug": "yith-woocommerce-questions-and-answers", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Authorize.net Payment Gateway", "slug": "yith-woocommerce-authorizenet-payment-gateway", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Name Your Price", "slug": "yith-woocommerce-name-your-price", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Order & Shipment Tracking", "slug": "yith-woocommerce-order-tracking", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Cart Messages", "slug": "yith-woocommerce-cart-messages", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Subscription", "slug": "yith-woocommerce-subscription", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.1" ] }, { "type": "plugin", "name": "YITH PayPal Express Checkout for WooCommerce", "slug": "yith-paypal-express-checkout-for-woocommerce", "affected_versions": { "* - 1.20.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.20.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Ajax Product Filter", "slug": "yith-woocommerce-ajax-navigation", "affected_versions": { "* - 4.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Wishlist", "slug": "yith-woocommerce-wishlist", "affected_versions": { "* - 3.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.15.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Stripe", "slug": "yith-woocommerce-stripe", "affected_versions": { "* - 2.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Custom Thank You Page for WooCommerce", "slug": "yith-custom-thank-you-page-for-woocommerce", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Donations for WooCommerce", "slug": "yith-donations-for-woocommerce", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Compare", "slug": "yith-woocommerce-compare", "affected_versions": { "* - 2.20.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.1" ] }, { "type": "plugin", "name": "YITH Color and Label Variations for WooCommerce", "slug": "yith-color-and-label-variations-for-woocommerce", "affected_versions": { "* - 1.25.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Ajax Search", "slug": "yith-woocommerce-ajax-search", "affected_versions": { "* - 1.25.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.1" ] }, { "type": "plugin", "name": "YITH Essential Kit for WooCommerce #1", "slug": "yith-essential-kit-for-woocommerce-1", "affected_versions": { "* - 2.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.14.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Mailchimp", "slug": "yith-woocommerce-mailchimp", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Infinite Scrolling", "slug": "yith-infinite-scrolling", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Multi Vendor", "slug": "yith-woocommerce-product-vendors", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Pre-Order for WooCommerce", "slug": "yith-pre-order-for-woocommerce", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Product Bundles", "slug": "yith-woocommerce-product-bundles", "affected_versions": { "* - 1.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.17.0" ] }, { "type": "plugin", "name": "YITH Request a Quote for WooCommerce", "slug": "yith-woocommerce-request-a-quote", "affected_versions": { "* - 2.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Waitlist", "slug": "yith-woocommerce-waiting-list", "affected_versions": { "* - 1.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.21.1" ] }, { "type": "plugin", "name": "YITH WooCommerce PDF Invoice and Shipping List", "slug": "yith-woocommerce-pdf-invoice", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Category Accordion", "slug": "yith-woocommerce-category-accordion", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Brands Add-On", "slug": "yith-woocommerce-brands-add-on", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Gift Cards", "slug": "yith-woocommerce-gift-cards", "affected_versions": { "* - 2.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.0" ] }, { "type": "plugin", "name": "YITH PayPal Payments for WooCommerce", "slug": "yith-paypal-payments-for-woocommerce", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Points and Rewards", "slug": "yith-woocommerce-points-and-rewards", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Multi-step Checkout", "slug": "yith-woocommerce-multi-step-checkout", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Added to Cart Popup", "slug": "yith-woocommerce-added-to-cart-popup", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Product Slider Carousel", "slug": "yith-woocommerce-product-slider-carousel", "affected_versions": { "* - 1.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Catalog Mode", "slug": "yith-woocommerce-catalog-mode", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Affiliates", "slug": "yith-woocommerce-affiliates", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Quick View", "slug": "yith-woocommerce-quick-view", "affected_versions": { "* - 1.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.21.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Advanced Reviews", "slug": "yith-woocommerce-advanced-reviews", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Frequently Bought Together for WooCommerce", "slug": "yith-woocommerce-frequently-bought-together", "affected_versions": { "* - 1.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Featured Video", "slug": "yith-woocommerce-featured-video", "affected_versions": { "* - 1.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Social Login", "slug": "yith-woocommerce-social-login", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b948574a-0aab-4596-83e6-04be21f78bc1?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b94facce-975f-4080-ad67-95d282b28d0d": { "id": "b94facce-975f-4080-ad67-95d282b28d0d", "title": "WPBakery Page Builder for WordPress (formerly Visual Composer) <= 4.7.3 - Multiple Cross-Site Scripting Issues", "software": [ { "type": "plugin", "name": "WPBakery Page Builder for WordPress", "slug": "js_composer", "affected_versions": { "[*, 4.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b94facce-975f-4080-ad67-95d282b28d0d?source=api-scan" ], "published": "2015-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9502669-ddbb-40c3-9d98-95c862f47a9a": { "id": "b9502669-ddbb-40c3-9d98-95c862f47a9a", "title": "Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Multiple Shipping Address Woocommerce", "slug": "multiple-shipping-address-woocommerce", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9502669-ddbb-40c3-9d98-95c862f47a9a?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9567f63-9161-49a3-9b94-dd6dee5a5628": { "id": "b9567f63-9161-49a3-9b94-dd6dee5a5628", "title": "Democracy Poll <= 5.3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Democracy Poll", "slug": "democracy-poll", "affected_versions": { "* - 5.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9567f63-9161-49a3-9b94-dd6dee5a5628?source=api-scan" ], "published": "2017-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b95baf58-bd99-4682-b2eb-46a402c62c03": { "id": "b95baf58-bd99-4682-b2eb-46a402c62c03", "title": "Full frame <= 2.7.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Full Frame", "slug": "full-frame", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b95baf58-bd99-4682-b2eb-46a402c62c03?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b95c1bf7-bb05-44d3-a185-7e38e62b7201": { "id": "b95c1bf7-bb05-44d3-a185-7e38e62b7201", "title": "Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Blog Filter \u2013 Advanced Post Filtering with Categories Or Tags, Post Portfolio Gallery, Blog Design Template, Blog Post Layout", "slug": "blog-filter", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b95c1bf7-bb05-44d3-a185-7e38e62b7201?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b96273e8-29a8-4802-8c83-1ce5ab9600b6": { "id": "b96273e8-29a8-4802-8c83-1ce5ab9600b6", "title": "JoomSport <= 5.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more", "slug": "joomsport-sports-league-results-management", "affected_versions": { "* - 5.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b96273e8-29a8-4802-8c83-1ce5ab9600b6?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b96349da-e2b4-4b29-94b4-1039427bce8e": { "id": "b96349da-e2b4-4b29-94b4-1039427bce8e", "title": "WooCommerce PDF Invoices & Packing Slips <= 2.14.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Invoices & Packing Slips for WooCommerce", "slug": "woocommerce-pdf-invoices-packing-slips", "affected_versions": { "2.14.5": { "from_version": "2.14.5", "from_inclusive": true, "to_version": "2.14.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b96349da-e2b4-4b29-94b4-1039427bce8e?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b964df21-5648-4fe1-b2a7-99f8a0f02026": { "id": "b964df21-5648-4fe1-b2a7-99f8a0f02026", "title": "Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "[*, 2.10.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b964df21-5648-4fe1-b2a7-99f8a0f02026?source=api-scan" ], "published": "2021-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b96c5ba8-e0a6-42b9-8ba1-637d52476d64": { "id": "b96c5ba8-e0a6-42b9-8ba1-637d52476d64", "title": "Gallery Bank \u2013 WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Bank \u2013 WordPress Photo Gallery Plugin", "slug": "gallery-bank", "affected_versions": { "[*, 3.0.70)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.70", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b96c5ba8-e0a6-42b9-8ba1-637d52476d64?source=api-scan" ], "published": "2014-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b96d71cb-3af4-4d67-a4af-41bab79a7f61": { "id": "b96d71cb-3af4-4d67-a4af-41bab79a7f61", "title": "WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Better Emails", "slug": "wp-better-emails", "affected_versions": { "* - 0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b96d71cb-3af4-4d67-a4af-41bab79a7f61?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b96f40fe-3ffa-4fc5-b51a-ff3771224bd5": { "id": "b96f40fe-3ffa-4fc5-b51a-ff3771224bd5", "title": "WP Job Manager <= 1.31.2 - PHP Object Injection via PHAR Deserialization", "software": [ { "type": "plugin", "name": "WP Job Manager", "slug": "wp-job-manager", "affected_versions": { "[*, 1.31.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.31.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.31.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b96f40fe-3ffa-4fc5-b51a-ff3771224bd5?source=api-scan" ], "published": "2019-01-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9738054-058f-47be-9973-f119fbfd4396": { "id": "b9738054-058f-47be-9973-f119fbfd4396", "title": "WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Prayer", "slug": "wp-prayer", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9738054-058f-47be-9973-f119fbfd4396?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9769bc3-236f-4c9d-a4ce-544e49eee2ec": { "id": "b9769bc3-236f-4c9d-a4ce-544e49eee2ec", "title": "Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox", "software": [ { "type": "plugin", "name": "Astra Pro Addon", "slug": "astra-addon", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9769bc3-236f-4c9d-a4ce-544e49eee2ec?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b977e3f8-46e7-4294-ab5c-e42e81c900e0": { "id": "b977e3f8-46e7-4294-ab5c-e42e81c900e0", "title": "Sunny Search <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Sunny Search", "slug": "fast-search-powered-by-solr", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b977e3f8-46e7-4294-ab5c-e42e81c900e0?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9793793-44d5-4628-a57b-c1254645e648": { "id": "b9793793-44d5-4628-a57b-c1254645e648", "title": "WP User Frontend <= 3.5.25 - SQL Injection & Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "* - 3.5.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9793793-44d5-4628-a57b-c1254645e648?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b97b1c86-22a4-462b-9140-55139cf02c7a": { "id": "b97b1c86-22a4-462b-9140-55139cf02c7a", "title": "Bricks <= 1.9.6 - Unauthenticated Remote Code Execution", "software": [ { "type": "theme", "name": "Bricks", "slug": "bricks", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b97b1c86-22a4-462b-9140-55139cf02c7a?source=api-scan" ], "published": "2024-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b97b84a8-cf4e-4648-8d58-b81a71b7988c": { "id": "b97b84a8-cf4e-4648-8d58-b81a71b7988c", "title": "WP Accessibility Helper (WAH) <= 0.6.2.4 - Missing Authorization via AJAX action", "software": [ { "type": "plugin", "name": "WP Accessibility Helper (WAH)", "slug": "wp-accessibility-helper", "affected_versions": { "* - 0.6.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b97b84a8-cf4e-4648-8d58-b81a71b7988c?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b97c6171-3842-4f2b-adf5-28fc4c0b24bf": { "id": "b97c6171-3842-4f2b-adf5-28fc4c0b24bf", "title": "Mail Masta <= 1.0 - SQL Injection via id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b97c6171-3842-4f2b-adf5-28fc4c0b24bf?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b97e41a7-dd0a-41cf-ba74-84b117192088": { "id": "b97e41a7-dd0a-41cf-ba74-84b117192088", "title": "Prime Slider \u2013 Addons For Elementor <= 3.13.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b97e41a7-dd0a-41cf-ba74-84b117192088?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b980b8e2-73e6-4afc-a24c-c7c98283e85b": { "id": "b980b8e2-73e6-4afc-a24c-c7c98283e85b", "title": "Translate WordPress with GTranslate <= 2.8.10 - Open Redirect", "software": [ { "type": "plugin", "name": "Translate WordPress with GTranslate", "slug": "gtranslate", "affected_versions": { "[*, 2.8.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b980b8e2-73e6-4afc-a24c-c7c98283e85b?source=api-scan" ], "published": "2017-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b980bcd6-5ae3-4fa8-843b-652bd94d1dc6": { "id": "b980bcd6-5ae3-4fa8-843b-652bd94d1dc6", "title": "Newsletter Popup <= 1.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter Popup", "slug": "newsletter-popup", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b980bcd6-5ae3-4fa8-843b-652bd94d1dc6?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b98179c3-8b32-4d75-9f3f-2367215a740b": { "id": "b98179c3-8b32-4d75-9f3f-2367215a740b", "title": "Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Pie Register - Social Sites Login (Add on)", "slug": "pie-register-social-site", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b98179c3-8b32-4d75-9f3f-2367215a740b?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b983d22b-6cd2-4450-99e2-88bb149091fe": { "id": "b983d22b-6cd2-4450-99e2-88bb149091fe", "title": "Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 6.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b983d22b-6cd2-4450-99e2-88bb149091fe?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b987822d-2b1b-4f79-988b-4bd731864b63": { "id": "b987822d-2b1b-4f79-988b-4bd731864b63", "title": "WordPress Social Login <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Social Login", "slug": "wordpress-social-login", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b987822d-2b1b-4f79-988b-4bd731864b63?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b988f424-f649-4bf0-9f7f-88faa41c0029": { "id": "b988f424-f649-4bf0-9f7f-88faa41c0029", "title": "Quotes Collection <= 2.5.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Quotes Collection", "slug": "quotes-collection", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b988f424-f649-4bf0-9f7f-88faa41c0029?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b98c5623-15fe-4937-9a0e-770aa0ab06f3": { "id": "b98c5623-15fe-4937-9a0e-770aa0ab06f3", "title": "Hide admin notices \u2013 Admin Notification Center <= 2.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hide admin notices \u2013 Admin Notification Center", "slug": "wp-admin-notification-center", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b98c5623-15fe-4937-9a0e-770aa0ab06f3?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b990915d-219b-4329-b7a8-e0c13cad7530": { "id": "b990915d-219b-4329-b7a8-e0c13cad7530", "title": "SmartMag <= 9.3.0 - Unauthenticated Sensitive Information Exposure via Log Files", "software": [ { "type": "theme", "name": "SmartMag", "slug": "smartmag-responsive-retina-wordpress-magazine", "affected_versions": { "* - 9.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b990915d-219b-4329-b7a8-e0c13cad7530?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b99248e9-b34f-4f99-9db1-a4dc2dd45b9c": { "id": "b99248e9-b34f-4f99-9db1-a4dc2dd45b9c", "title": "FluentSMTP <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FluentSMTP \u2013 WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider", "slug": "fluent-smtp", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b99248e9-b34f-4f99-9db1-a4dc2dd45b9c?source=api-scan" ], "published": "2021-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b994bb62-436f-4edc-8891-281483428ac0": { "id": "b994bb62-436f-4edc-8891-281483428ac0", "title": "IWS - Geo Form Fields <= 1.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "IWS \u2013 Geo Form Fields", "slug": "iws-geo-form-fields", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b994bb62-436f-4edc-8891-281483428ac0?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9985992-e64c-4292-9738-cd38fb44a6f0": { "id": "b9985992-e64c-4292-9738-cd38fb44a6f0", "title": "Dexs PM System <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dexs PM System", "slug": "dexs-pm-system", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9985992-e64c-4292-9738-cd38fb44a6f0?source=api-scan" ], "published": "2013-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9a603ee-183d-4130-8e03-12deb86466ce": { "id": "b9a603ee-183d-4130-8e03-12deb86466ce", "title": "eShop Swipe plugin <= 3.7.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "swipe-hq-checkout-for-eshop", "slug": "swipe-hq-checkout-for-eshop", "affected_versions": { "* - 3.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9a603ee-183d-4130-8e03-12deb86466ce?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9aacc69-aa46-4cdb-a301-c0bf2836d441": { "id": "b9aacc69-aa46-4cdb-a301-c0bf2836d441", "title": "hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "hiWeb Migration Simple", "slug": "hiweb-migration-simple", "affected_versions": { "* - 2.0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9aacc69-aa46-4cdb-a301-c0bf2836d441?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9b21f8e-8d66-4d3e-a383-bea20a3c4498": { "id": "b9b21f8e-8d66-4d3e-a383-bea20a3c4498", "title": "ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "[*, 2.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=api-scan" ], "published": "2020-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9c273a3-c8b5-4f00-8daa-76fa486df0f2": { "id": "b9c273a3-c8b5-4f00-8daa-76fa486df0f2", "title": "affiliate-toolkit <= 3.4.2 - Unauthenticated Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9c273a3-c8b5-4f00-8daa-76fa486df0f2?source=api-scan" ], "published": "2023-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9c501a3-e092-453a-900f-60967b12c928": { "id": "b9c501a3-e092-453a-900f-60967b12c928", "title": "Cooked \u2013 Recipe Management <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.7.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9c501a3-e092-453a-900f-60967b12c928?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9cc0348-396e-4be1-92f5-851d20804ef5": { "id": "b9cc0348-396e-4be1-92f5-851d20804ef5", "title": "WordPress File Upload \/ WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.16.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.3" ] }, { "type": "plugin", "name": "WordPress File Upload Pro", "slug": "wordpress-file-upload-pro", "affected_versions": { "* - 4.16.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9cc0348-396e-4be1-92f5-851d20804ef5?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9d161a3-eb9f-447f-b2d2-b8b193678d20": { "id": "b9d161a3-eb9f-447f-b2d2-b8b193678d20", "title": "First Order Discount Woocommerce <= 1.21 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "First Order Discount Woocommerce", "slug": "first-order-discount-woocommerce", "affected_versions": { "* - 1.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9d161a3-eb9f-447f-b2d2-b8b193678d20?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9d39796-ad51-4b52-af8a-f3334e6ca68d": { "id": "b9d39796-ad51-4b52-af8a-f3334e6ca68d", "title": "Page-list <= 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page-list", "slug": "page-list", "affected_versions": { "* - 5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9d39796-ad51-4b52-af8a-f3334e6ca68d?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9d63462-04ec-4b46-91cf-25b7dd098fc7": { "id": "b9d63462-04ec-4b46-91cf-25b7dd098fc7", "title": "Comment Link Remove and Other Comment Tools <= 2.1.4 - Arbitrary Comment Deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Comment Link Remove and Other Comment Tools", "slug": "comment-link-remove", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9d63462-04ec-4b46-91cf-25b7dd098fc7?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9d96ebe-fc20-4b0e-bba2-4853459cf74e": { "id": "b9d96ebe-fc20-4b0e-bba2-4853459cf74e", "title": "Ali2Woo Lite <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AliExpress Dropshipping Plugin for WooCommerce \u2013 AliNext", "slug": "ali2woo-lite", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9d96ebe-fc20-4b0e-bba2-4853459cf74e?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9d9d05f-0de7-473f-ae33-a97967c6fcf7": { "id": "b9d9d05f-0de7-473f-ae33-a97967c6fcf7", "title": "PDF-Rechnungsverwaltung <= 0.0.1 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "PDF-Rechnungsverwaltung", "slug": "pdf-rechnungsverwaltung", "affected_versions": { "* - 0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9d9d05f-0de7-473f-ae33-a97967c6fcf7?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9da31ff-4173-4aee-a3a6-8eebaa0d71ab": { "id": "b9da31ff-4173-4aee-a3a6-8eebaa0d71ab", "title": "WP Multi Store Locator <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Multi Store Locator", "slug": "wp-multi-store-locator", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9da31ff-4173-4aee-a3a6-8eebaa0d71ab?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9de8d95-4e07-4c52-912b-1a4e2d7e5ed0": { "id": "b9de8d95-4e07-4c52-912b-1a4e2d7e5ed0", "title": "Kangu para WooCommerce <= 2.2.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kangu para WooCommerce", "slug": "kangu", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9de8d95-4e07-4c52-912b-1a4e2d7e5ed0?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9e3e417-d8a8-4e32-99aa-650e0a25a415": { "id": "b9e3e417-d8a8-4e32-99aa-650e0a25a415", "title": "Download Top 25 Social Icons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Top 25 Social Icons", "slug": "top-25-social-icons", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9e3e417-d8a8-4e32-99aa-650e0a25a415?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9e67e3e-188c-4ca9-b846-d318859aeaf8": { "id": "b9e67e3e-188c-4ca9-b846-d318859aeaf8", "title": "Modern Events Calendar Lite <= 5.16.4 - Authenticated Arbitrary File Upload leading to Remote Code Execution", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 5.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9e67e3e-188c-4ca9-b846-d318859aeaf8?source=api-scan" ], "published": "2021-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9e844c1-38c1-4b3c-98a4-71d87ca6293b": { "id": "b9e844c1-38c1-4b3c-98a4-71d87ca6293b", "title": "Portable phpMyAdmin <= 1.4.1 - Information Disclosure", "software": [ { "type": "plugin", "name": "Portable phpMyAdmin", "slug": "portable-phpmyadmin", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9e844c1-38c1-4b3c-98a4-71d87ca6293b?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9e998fd-aae7-4e1e-8134-a28670a4704b": { "id": "b9e998fd-aae7-4e1e-8134-a28670a4704b", "title": "Checkout for PayPal <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Checkout for PayPal \u2013 Accept PayPal, Pay Later, Credit\/Debit Cards, & More", "slug": "checkout-for-paypal", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9e998fd-aae7-4e1e-8134-a28670a4704b?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9ea24b5-ef7d-4bd5-bddb-46082a4a0763": { "id": "b9ea24b5-ef7d-4bd5-bddb-46082a4a0763", "title": "miniOrange's Google Authenticator <= 5.6.1 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9ea24b5-ef7d-4bd5-bddb-46082a4a0763?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9ead8f1-f2d7-4087-bb6c-de15bf8318a3": { "id": "b9ead8f1-f2d7-4087-bb6c-de15bf8318a3", "title": "Metronet Tag Manager < 1.2.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Metronet Tag Manager", "slug": "metronet-tag-manager", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9ead8f1-f2d7-4087-bb6c-de15bf8318a3?source=api-scan" ], "published": "2018-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9ed7e26-34f0-4e5d-b560-03b1de9c5c95": { "id": "b9ed7e26-34f0-4e5d-b560-03b1de9c5c95", "title": "PS PHPCaptcha <= 1.1.0 - Authenticated Denial of Service", "software": [ { "type": "plugin", "name": "PS PHPCaptcha WP", "slug": "ps-phpcaptcha", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9ed7e26-34f0-4e5d-b560-03b1de9c5c95?source=api-scan" ], "published": "2019-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9ef344d-cd56-43f9-b185-de83a92800de": { "id": "b9ef344d-cd56-43f9-b185-de83a92800de", "title": "Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.101": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.101", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.102" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9ef344d-cd56-43f9-b185-de83a92800de?source=api-scan" ], "published": "2024-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9ef419c-3546-489b-b841-b12b8918abdd": { "id": "b9ef419c-3546-489b-b841-b12b8918abdd", "title": "WP Contact Slider <= 2.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Contact Slider \u2013 Slide Out Contact Form for WordPress to display Contact Form 7, Gravity Forms, WP Forms, Ninja Forms, plain text\/HTML & other shortcodes", "slug": "wp-contact-slider", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9ef419c-3546-489b-b841-b12b8918abdd?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9f34195-fc03-4c3d-b25e-c9b9cf8ded3c": { "id": "b9f34195-fc03-4c3d-b25e-c9b9cf8ded3c", "title": "Shopkeeper Extender <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shopkeeper Extender", "slug": "shopkeeper-extender", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9f34195-fc03-4c3d-b25e-c9b9cf8ded3c?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9f5b68f-bf81-4157-920a-f14eb29390a6": { "id": "b9f5b68f-bf81-4157-920a-f14eb29390a6", "title": "Multiple Domain <= 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multiple Domain", "slug": "multiple-domain", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9f5b68f-bf81-4157-920a-f14eb29390a6?source=api-scan" ], "published": "2020-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9f627f0-779c-4d57-a471-ce742e3a5dd5": { "id": "b9f627f0-779c-4d57-a471-ce742e3a5dd5", "title": "Leaky Paywall <= 4.20.8 - Missing Authorization to Price Manipulation", "software": [ { "type": "plugin", "name": "Leaky Paywall", "slug": "leaky-paywall", "affected_versions": { "* - 4.20.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.20.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.20.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9f627f0-779c-4d57-a471-ce742e3a5dd5?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9f99b51-e1b1-4cd3-a9f7-24e4b59811a7": { "id": "b9f99b51-e1b1-4cd3-a9f7-24e4b59811a7", "title": "Clean Login <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Clean Login", "slug": "clean-login", "affected_versions": { "* - 1.14.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9f99b51-e1b1-4cd3-a9f7-24e4b59811a7?source=api-scan" ], "published": "2024-08-29 21:08:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "b9ffb0ac-84cf-4a82-b89b-05e43608db52": { "id": "b9ffb0ac-84cf-4a82-b89b-05e43608db52", "title": "WP Human Resource Management Plugin < 2.2.6 - Authorization Bypass", "software": [ { "type": "plugin", "name": "WP Human Resource Management", "slug": "hrm", "affected_versions": { "[*, 2.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/b9ffb0ac-84cf-4a82-b89b-05e43608db52?source=api-scan" ], "published": "2019-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba027271-b7f9-4bdb-a62b-801fd07f28fd": { "id": "ba027271-b7f9-4bdb-a62b-801fd07f28fd", "title": "OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "OSMapper", "slug": "osmapper", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba027271-b7f9-4bdb-a62b-801fd07f28fd?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba035b43-7459-47a9-bbc4-981cc847bd7a": { "id": "ba035b43-7459-47a9-bbc4-981cc847bd7a", "title": "Inline Related Posts <= 3.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Inline Related Posts", "slug": "intelly-related-posts", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba035b43-7459-47a9-bbc4-981cc847bd7a?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba03ee30-6da7-42fc-9cc9-2408bfbb09ce": { "id": "ba03ee30-6da7-42fc-9cc9-2408bfbb09ce", "title": "WP Abstracts <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Abstracts", "slug": "wp-abstracts-manuscripts-manager", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba03ee30-6da7-42fc-9cc9-2408bfbb09ce?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba06e298-308d-4378-96b8-5ac4e7cc63c0": { "id": "ba06e298-308d-4378-96b8-5ac4e7cc63c0", "title": "Sign-up Sheets <= 2.2.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sign-up Sheets", "slug": "sign-up-sheets", "affected_versions": { "* - 2.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba06e298-308d-4378-96b8-5ac4e7cc63c0?source=api-scan" ], "published": "2024-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba08695e-009e-434a-9db0-06aa1dd6d57a": { "id": "ba08695e-009e-434a-9db0-06aa1dd6d57a", "title": "Add Customer for WooCommerce <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Customer for WooCommerce", "slug": "add-customer-for-woocommerce", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba08695e-009e-434a-9db0-06aa1dd6d57a?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba08dbad-15f9-43cf-b0d7-a2a4604cb4af": { "id": "ba08dbad-15f9-43cf-b0d7-a2a4604cb4af", "title": "WP Bannerize Pro <= 1.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Bannerize Pro", "slug": "wp-bannerize-pro", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba08dbad-15f9-43cf-b0d7-a2a4604cb4af?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba0de040-5906-4a67-9306-7e6e65cca78f": { "id": "ba0de040-5906-4a67-9306-7e6e65cca78f", "title": "Font <= 7.5 - Path Traversal", "software": [ { "type": "plugin", "name": "Font \u2013 official webfonts plugin of Fonts For Web. NO CODING! Just click & change font size, color and font face visually!", "slug": "font", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba0de040-5906-4a67-9306-7e6e65cca78f?source=api-scan" ], "published": "2015-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba0fdd81-767a-4858-acdb-e60fd5e15aab": { "id": "ba0fdd81-767a-4858-acdb-e60fd5e15aab", "title": "Active Directory Integration <= 1.1.8 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Active Directory Integration", "slug": "active-directory-integration", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba0fdd81-767a-4858-acdb-e60fd5e15aab?source=api-scan" ], "published": "2017-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba1004c7-52f4-4fea-b820-dd11b2264e15": { "id": "ba1004c7-52f4-4fea-b820-dd11b2264e15", "title": "MoneyTheme (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "MoneyTheme", "slug": "moneytheme", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba1004c7-52f4-4fea-b820-dd11b2264e15?source=api-scan" ], "published": "2013-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba16b100-6ee7-46ec-8868-4467a29048ad": { "id": "ba16b100-6ee7-46ec-8868-4467a29048ad", "title": "LearnPress <= 3.0.12 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 3.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba16b100-6ee7-46ec-8868-4467a29048ad?source=api-scan" ], "published": "2018-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba18bd0c-ba6c-4f98-ac29-660a79affa6c": { "id": "ba18bd0c-ba6c-4f98-ac29-660a79affa6c", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba18bd0c-ba6c-4f98-ac29-660a79affa6c?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba1a25e9-bac3-4f76-8324-3035be94da4c": { "id": "ba1a25e9-bac3-4f76-8324-3035be94da4c", "title": "Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint", "software": [ { "type": "plugin", "name": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings", "slug": "seo-by-rank-math", "affected_versions": { "[*, 1.0.41)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.41", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba1a25e9-bac3-4f76-8324-3035be94da4c?source=api-scan" ], "published": "2020-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba20a30c-7dd2-4cb7-b055-9a105461f7d1": { "id": "ba20a30c-7dd2-4cb7-b055-9a105461f7d1", "title": "User Meta \u2013 User Profile Builder and User management plugin <= 2.4.3 - Path Traversal", "software": [ { "type": "plugin", "name": "User Meta \u2013 User Profile Builder and User management plugin", "slug": "user-meta", "affected_versions": { "[*, 2.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba20a30c-7dd2-4cb7-b055-9a105461f7d1?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba2515d9-ced0-4b49-87c4-04c8391c2608": { "id": "ba2515d9-ced0-4b49-87c4-04c8391c2608", "title": "Video Conferencing with Zoom <= 4.2.1 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Video Conferencing with Zoom", "slug": "video-conferencing-with-zoom-api", "affected_versions": { "* - 4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba2515d9-ced0-4b49-87c4-04c8391c2608?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba27d52e-e43a-4f03-ad99-632c18279413": { "id": "ba27d52e-e43a-4f03-ad99-632c18279413", "title": "WP-PostRatings <= 1.89 - Race Condition", "software": [ { "type": "plugin", "name": "WP-PostRatings", "slug": "wp-postratings", "affected_versions": { "* - 1.89": { "from_version": "*", "from_inclusive": true, "to_version": "1.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba27d52e-e43a-4f03-ad99-632c18279413?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba2ff1ab-f981-417d-b400-13750c9320ad": { "id": "ba2ff1ab-f981-417d-b400-13750c9320ad", "title": "WP Social Comments <= 1.7.3 - Missing Authorization via wpfc_allow_comments()", "software": [ { "type": "plugin", "name": "WP Social Comments", "slug": "gs-facebook-comments", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba2ff1ab-f981-417d-b400-13750c9320ad?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba317acb-d45c-42c0-b5fb-b163bcd59340": { "id": "ba317acb-d45c-42c0-b5fb-b163bcd59340", "title": "Contact Form to DB by BestWebSoft <= 1.7.0 - Authenticated (Contributor+) SQL Injection via cntctfrmtdb_department", "software": [ { "type": "plugin", "name": "Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress", "slug": "contact-form-to-db", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba317acb-d45c-42c0-b5fb-b163bcd59340?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba385261-bee2-491d-9b31-a1624d740dff": { "id": "ba385261-bee2-491d-9b31-a1624d740dff", "title": "Show All Comments <= 7.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Show All Comments", "slug": "show-all-comments-in-one-page", "affected_versions": { "* - 7.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba385261-bee2-491d-9b31-a1624d740dff?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba426d2f-aa05-4316-86ca-228f21785f63": { "id": "ba426d2f-aa05-4316-86ca-228f21785f63", "title": "Testimonials by BestWebSoft <= 0.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonials by BestWebSoft", "slug": "bws-testimonials", "affected_versions": { "* - 0.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba426d2f-aa05-4316-86ca-228f21785f63?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba435b26-a6f1-41cf-acb8-fffd8a18fea7": { "id": "ba435b26-a6f1-41cf-acb8-fffd8a18fea7", "title": "RabbitLoader \u2013 Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RabbitLoader \u2013 Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more", "slug": "rabbit-loader", "affected_versions": { "* - 2.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba435b26-a6f1-41cf-acb8-fffd8a18fea7?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba44ec7c-7c71-4c19-8b1e-5d78bb3a3a03": { "id": "ba44ec7c-7c71-4c19-8b1e-5d78bb3a3a03", "title": "Image Photo Gallery Final Tiles Grid <= 3.5.2 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Photo Gallery Final Tiles Grid", "slug": "final-tiles-grid-gallery-lite", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba44ec7c-7c71-4c19-8b1e-5d78bb3a3a03?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba4638be-29d3-4638-84d3-6a9d540bfa33": { "id": "ba4638be-29d3-4638-84d3-6a9d540bfa33", "title": "WP Affiliate Links <= 0.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Affiliate Links", "slug": "wp-affiliate-links", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba4638be-29d3-4638-84d3-6a9d540bfa33?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba465ba0-70c2-4b34-9b55-96725e3ce5a4": { "id": "ba465ba0-70c2-4b34-9b55-96725e3ce5a4", "title": "WP SendFox <= 1.3.1 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "WP SendFox", "slug": "wp-sendfox", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba465ba0-70c2-4b34-9b55-96725e3ce5a4?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba4aabcc-9db8-4385-90c2-58ed93df8f9d": { "id": "ba4aabcc-9db8-4385-90c2-58ed93df8f9d", "title": "WordPress Core 5.8 beta - Stored Cross-Site Scripting in Custom HTML Block", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "5.8 beta 1 - 5.8 beta 2": { "from_version": "5.8 beta 1", "from_inclusive": true, "to_version": "5.8 beta 2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba4aabcc-9db8-4385-90c2-58ed93df8f9d?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba4ab6fc-340c-442b-9b8e-b5534fd9c3be": { "id": "ba4ab6fc-340c-442b-9b8e-b5534fd9c3be", "title": "Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Product GTIN (EAN, UPC, ISBN) for WooCommerce", "slug": "product-gtin-ean-upc-isbn-for-woocommerce", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba4ab6fc-340c-442b-9b8e-b5534fd9c3be?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba4da955-7651-42e5-aefa-72c70a7b1035": { "id": "ba4da955-7651-42e5-aefa-72c70a7b1035", "title": "Strong Testimonials <= 2.51.2 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 2.51.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.51.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.51.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba4da955-7651-42e5-aefa-72c70a7b1035?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba4e982d-b8ac-4407-97b0-c725b8f43bbd": { "id": "ba4e982d-b8ac-4407-97b0-c725b8f43bbd", "title": "CaPa Protect <= 0.5.8.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "CaPa Protect", "slug": "capa", "affected_versions": { "* - 0.5.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba4e982d-b8ac-4407-97b0-c725b8f43bbd?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba502aac-13f7-40e2-9672-bf26a0fefef7": { "id": "ba502aac-13f7-40e2-9672-bf26a0fefef7", "title": "XStore Core <= 5.3.8 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "XStore Core", "slug": "et-core-plugin", "affected_versions": { "* - 5.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba502aac-13f7-40e2-9672-bf26a0fefef7?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba52c97e-9f2a-4e48-a133-79ed31cfbf3a": { "id": "ba52c97e-9f2a-4e48-a133-79ed31cfbf3a", "title": "HC Custom WP-Admin URL <= 1.4 - Missing Authorization to Login URL Change", "software": [ { "type": "plugin", "name": "HC Custom WP-Admin URL", "slug": "hc-custom-wp-admin-url", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba52c97e-9f2a-4e48-a133-79ed31cfbf3a?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba5485be-7612-406d-870d-6827f6c7ea71": { "id": "ba5485be-7612-406d-870d-6827f6c7ea71", "title": "Sticky Anything <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sticky Anything", "slug": "toast-stick-anything", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba5485be-7612-406d-870d-6827f6c7ea71?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba551103-f373-40b0-831f-a1c59bb874ca": { "id": "ba551103-f373-40b0-831f-a1c59bb874ca", "title": "YaySMTP \u2013 Simple WP SMTP Mail <= 2.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YaySMTP \u2013 WP SMTP Plugin with Full Email Log & 15+ SMTP Services", "slug": "yaysmtp", "affected_versions": { "[*, 2.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba551103-f373-40b0-831f-a1c59bb874ca?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba5656b9-615d-4764-974a-301d3dd748e8": { "id": "ba5656b9-615d-4764-974a-301d3dd748e8", "title": "CatchThemes Plugins (Various Versions) - Missing Authorization", "software": [ { "type": "plugin", "name": "Header Enhancement", "slug": "header-enhancement", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] }, { "type": "plugin", "name": "Generate Child Theme", "slug": "generate-child-theme", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] }, { "type": "plugin", "name": "Social Gallery and Widget", "slug": "catch-instagram-feed-gallery-widget", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "Catch Import Export", "slug": "catch-import-export", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] }, { "type": "plugin", "name": "Catch Under Construction", "slug": "catch-under-construction", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] }, { "type": "plugin", "name": "Catch Duplicate Switcher", "slug": "catch-duplicate-switcher", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] }, { "type": "plugin", "name": "Catch IDs", "slug": "catch-ids", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] }, { "type": "plugin", "name": "Catch Sticky Menu", "slug": "catch-sticky-menu", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] }, { "type": "plugin", "name": "Essential Widgets", "slug": "essential-widgets", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] }, { "type": "plugin", "name": "Catch Infinite Scroll", "slug": "catch-infinite-scroll", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] }, { "type": "plugin", "name": "To Top", "slug": "to-top", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "Catch Themes Demo Import", "slug": "catch-themes-demo-import", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] }, { "type": "plugin", "name": "Catch Breadcrumb", "slug": "catch-breadcrumb", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] }, { "type": "plugin", "name": "Essential Content Types", "slug": "essential-content-types", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] }, { "type": "plugin", "name": "Catch Gallery", "slug": "catch-gallery", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] }, { "type": "plugin", "name": "Catch Web Tools", "slug": "catch-web-tools", "affected_versions": { "[*, 2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7" ] }, { "type": "plugin", "name": "Catch Scroll Progress Bar", "slug": "catch-scroll-progress-bar", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba584e02-5242-4869-a452-21e6b8995bd8": { "id": "ba584e02-5242-4869-a452-21e6b8995bd8", "title": "MDTF \u2013 Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba584e02-5242-4869-a452-21e6b8995bd8?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba5b7e1f-7479-47bd-99ed-3d57eb209464": { "id": "ba5b7e1f-7479-47bd-99ed-3d57eb209464", "title": "Nofollow Links <= 1.0.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nofollow Links", "slug": "nofollow-links", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba5b7e1f-7479-47bd-99ed-3d57eb209464?source=api-scan" ], "published": "2016-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba5cca24-514b-4f8b-911f-8d138287fce2": { "id": "ba5cca24-514b-4f8b-911f-8d138287fce2", "title": "Robo Gallery Plugin <= 3.2.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photo Gallery, Images, Slider in Rbs Image Gallery", "slug": "robo-gallery", "affected_versions": { "* - 3.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba5cca24-514b-4f8b-911f-8d138287fce2?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba5d1bd4-da0d-43f4-b28f-4a4a2702b3b0": { "id": "ba5d1bd4-da0d-43f4-b28f-4a4a2702b3b0", "title": "Post, Registration and Profile Form Builder \u2013 FrontEnd Editor BuddyForms \u2013 Easy WordPress Forms <= 2.6.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", "slug": "buddyforms", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba5d1bd4-da0d-43f4-b28f-4a4a2702b3b0?source=api-scan" ], "published": "2022-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba5e93a2-8f42-4747-86fa-297ba709be8f": { "id": "ba5e93a2-8f42-4747-86fa-297ba709be8f", "title": "Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Bricks", "slug": "bricks", "affected_versions": { "* - 1.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba5e93a2-8f42-4747-86fa-297ba709be8f?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba60fb73-9056-4163-9874-f0f4af35f5b3": { "id": "ba60fb73-9056-4163-9874-f0f4af35f5b3", "title": "Photo Gallery by 10Web <= 1.5.24 - Authenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.5.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba60fb73-9056-4163-9874-f0f4af35f5b3?source=api-scan" ], "published": "2019-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba6312b9-1b66-4b4f-a78d-515fa4aab63b": { "id": "ba6312b9-1b66-4b4f-a78d-515fa4aab63b", "title": "Simple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba6312b9-1b66-4b4f-a78d-515fa4aab63b?source=api-scan" ], "published": "2024-08-23 18:53:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba670636-4b83-4915-969e-f02b9786b7d5": { "id": "ba670636-4b83-4915-969e-f02b9786b7d5", "title": "Builder for WooCommerce reviews shortcodes \u2013 ReviewShort <= 1.01.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Builder for WooCommerce product reviews shortcodes \u2013 ReviewShort", "slug": "woo-product-reviews-shortcode", "affected_versions": { "* - 1.01.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.01.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.01.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba670636-4b83-4915-969e-f02b9786b7d5?source=api-scan" ], "published": "2024-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba677822-a588-484e-a0aa-a9eda2954d01": { "id": "ba677822-a588-484e-a0aa-a9eda2954d01", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba677822-a588-484e-a0aa-a9eda2954d01?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba70f811-543f-4da4-ba45-715dbd6be6be": { "id": "ba70f811-543f-4da4-ba45-715dbd6be6be", "title": "eCommerce Product Catalog for WordPress <= 3.3.25 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "[*, 3.3.26)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.26", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba70f811-543f-4da4-ba45-715dbd6be6be?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba796adc-db76-4b9d-a6f9-f0f51f070240": { "id": "ba796adc-db76-4b9d-a6f9-f0f51f070240", "title": "WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Captcha Plugin by Captcha Bank", "slug": "captcha-bank", "affected_versions": { "* - 4.0.36": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba796adc-db76-4b9d-a6f9-f0f51f070240?source=api-scan" ], "published": "2024-10-03 13:32:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba79bf95-08f8-4aa6-968b-f76a09ce52b8": { "id": "ba79bf95-08f8-4aa6-968b-f76a09ce52b8", "title": "LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba79bf95-08f8-4aa6-968b-f76a09ce52b8?source=api-scan" ], "published": "2024-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba7d0ab4-55a5-47f4-b66e-27e963ab2268": { "id": "ba7d0ab4-55a5-47f4-b66e-27e963ab2268", "title": "Comment Reply Email <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comment Reply Email", "slug": "comment-reply-email", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba7d0ab4-55a5-47f4-b66e-27e963ab2268?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a": { "id": "ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a", "title": "Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Product Table by WBW", "slug": "woo-product-tables", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba8625eb-b710-4dd5-b08f-d212e2fd9013": { "id": "ba8625eb-b710-4dd5-b08f-d212e2fd9013", "title": "Gallery - Video Gallery and YouTube Gallery <= 1.7.01 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery - Video Gallery and YouTube Gallery", "slug": "gallery-video", "affected_versions": { "[*, 1.7.01)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.01", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba8625eb-b710-4dd5-b08f-d212e2fd9013?source=api-scan" ], "published": "2016-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba88964e-7487-4cd5-ab3e-bd33d14a61df": { "id": "ba88964e-7487-4cd5-ab3e-bd33d14a61df", "title": "Simple Social Media Share Buttons <= 3.8.2 - Unauthenticated Password Protected Post Disclosure", "software": [ { "type": "plugin", "name": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer", "slug": "smartcrawl-seo", "affected_versions": { "[*, 3.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba88964e-7487-4cd5-ab3e-bd33d14a61df?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba88a1f5-9ebf-4899-81b3-e65587ae2fe2": { "id": "ba88a1f5-9ebf-4899-81b3-e65587ae2fe2", "title": "WP Statistics <= 13.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "13.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba88a1f5-9ebf-4899-81b3-e65587ae2fe2?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba8c5db5-48d4-4ce1-84b9-5743c7444a3a": { "id": "ba8c5db5-48d4-4ce1-84b9-5743c7444a3a", "title": "Jazz Popups <= 1.8.7 - Reflected Cross-Site Scripting via 'wpjazzpopup_switchonoff'", "software": [ { "type": "plugin", "name": "Jazz Popups", "slug": "jazz-popups", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba8c5db5-48d4-4ce1-84b9-5743c7444a3a?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba8c88e9-e84c-4fe7-a3b1-ee77c49d5590": { "id": "ba8c88e9-e84c-4fe7-a3b1-ee77c49d5590", "title": "Smooth Gallery Replacement <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smooth Gallery Replacement", "slug": "smooth-gallery-replacement", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba8c88e9-e84c-4fe7-a3b1-ee77c49d5590?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba8d377f-d216-40e4-97f2-ed3eac0ec33e": { "id": "ba8d377f-d216-40e4-97f2-ed3eac0ec33e", "title": "Student Result or Employee Database <= 1.6.3 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Student Result or Employee Database", "slug": "simple-student-result", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba8d377f-d216-40e4-97f2-ed3eac0ec33e?source=api-scan" ], "published": "2017-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba98a282-39ee-4a84-b988-ecfc0c4cd297": { "id": "ba98a282-39ee-4a84-b988-ecfc0c4cd297", "title": "Brizy - Page Builder < 1.0.114 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "[*, 1.0.114)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.114", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.114" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba98a282-39ee-4a84-b988-ecfc0c4cd297?source=api-scan" ], "published": "2020-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ba9d12c5-fe3a-4958-8d35-c63bb05b6d5a": { "id": "ba9d12c5-fe3a-4958-8d35-c63bb05b6d5a", "title": "ElementInvader Addons for Elementor <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementInvader Addons for Elementor", "slug": "elementinvader-addons-for-elementor", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ba9d12c5-fe3a-4958-8d35-c63bb05b6d5a?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baa063b7-8b79-4de3-84b1-6dec024fa395": { "id": "baa063b7-8b79-4de3-84b1-6dec024fa395", "title": "Event Management Tickets Booking By Event Monster Plugin < 1.0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event", "slug": "event-monster", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baa063b7-8b79-4de3-84b1-6dec024fa395?source=api-scan" ], "published": "2019-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baa20290-9c01-4f8d-adeb-fbfb15b9d6a9": { "id": "baa20290-9c01-4f8d-adeb-fbfb15b9d6a9", "title": "Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion", "software": [ { "type": "plugin", "name": "Startklar Elementor Addons", "slug": "startklar-elmentor-forms-extwidgets", "affected_versions": { "* - 1.7.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baa20290-9c01-4f8d-adeb-fbfb15b9d6a9?source=api-scan" ], "published": "2024-06-05 15:40:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baa720d6-1891-4557-a744-830be56862e9": { "id": "baa720d6-1891-4557-a744-830be56862e9", "title": "WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate <= 4.9.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 4.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baa720d6-1891-4557-a744-830be56862e9?source=api-scan" ], "published": "2015-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baa8b5ce-7ef8-4ca8-9957-2c3469f55dda": { "id": "baa8b5ce-7ef8-4ca8-9957-2c3469f55dda", "title": "Additional Order Filters for WooCommerce <= 1.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Additional Order Filters for WooCommerce", "slug": "additional-order-filters-for-woocommerce", "affected_versions": { "* - 1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baa8b5ce-7ef8-4ca8-9957-2c3469f55dda?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baa8e48f-769a-4f48-bc47-d55c179d1ca1": { "id": "baa8e48f-769a-4f48-bc47-d55c179d1ca1", "title": "Post to Google My Business <= 3.1.14 - Cross-Site Request Forgery to Dismiss Notification", "software": [ { "type": "plugin", "name": "Post to Google My Business (Google Business Profile)", "slug": "post-to-google-my-business", "affected_versions": { "[*, 3.1.15)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.15" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baa8e48f-769a-4f48-bc47-d55c179d1ca1?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baa92aee-a0a0-45d4-aa12-1449a829930c": { "id": "baa92aee-a0a0-45d4-aa12-1449a829930c", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baa92aee-a0a0-45d4-aa12-1449a829930c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baab325d-58c2-446b-af70-6951eeef3bb1": { "id": "baab325d-58c2-446b-af70-6951eeef3bb1", "title": "Ultimate Member <= 2.0.27 - Multiple Cross-Site Scripting vulnerabilities", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baab325d-58c2-446b-af70-6951eeef3bb1?source=api-scan" ], "published": "2018-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baab579f-2d77-4dbe-979a-54956dfdcb77": { "id": "baab579f-2d77-4dbe-979a-54956dfdcb77", "title": "Zephyr Project Manager <= 3.2.42 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true }, "3.2.41": { "from_version": "3.2.41", "from_inclusive": true, "to_version": "3.2.41", "to_inclusive": true }, "3.2.42": { "from_version": "3.2.42", "from_inclusive": true, "to_version": "3.2.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baab579f-2d77-4dbe-979a-54956dfdcb77?source=api-scan" ], "published": "2022-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bab67a5c-3390-4423-8fa9-b5ffbc98324d": { "id": "bab67a5c-3390-4423-8fa9-b5ffbc98324d", "title": "Ultimate Member <= 1.3.83 - Shortcode Injection", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 1.3.83": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.83", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.84" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bab67a5c-3390-4423-8fa9-b5ffbc98324d?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bab68830-5ac5-4aa3-929a-ba2bca03b1ca": { "id": "bab68830-5ac5-4aa3-929a-ba2bca03b1ca", "title": "WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Email Settings Update", "software": [ { "type": "plugin", "name": "WP Prayer", "slug": "wp-prayer", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bab68830-5ac5-4aa3-929a-ba2bca03b1ca?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "babbe506-3abd-462a-b5b8-5979696eb6e6": { "id": "babbe506-3abd-462a-b5b8-5979696eb6e6", "title": "User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "slug": "user-submitted-posts", "affected_versions": { "* - 20230902": { "from_version": "*", "from_inclusive": true, "to_version": "20230902", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20230914" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/babbe506-3abd-462a-b5b8-5979696eb6e6?source=api-scan" ], "published": "2023-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "babf88c4-6328-4ba2-97e4-e1eaaa549dbb": { "id": "babf88c4-6328-4ba2-97e4-e1eaaa549dbb", "title": "Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Campaign Monitor for WordPress", "slug": "forms-for-campaign-monitor", "affected_versions": { "* - 2.8.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/babf88c4-6328-4ba2-97e4-e1eaaa549dbb?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bac57319-3b0c-4b83-af9e-7b5539ef087a": { "id": "bac57319-3b0c-4b83-af9e-7b5539ef087a", "title": "wSecure Lite < 2.4 - Remote Code Execution", "software": [ { "type": "plugin", "name": "wSecure Lite", "slug": "wsecure", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bac57319-3b0c-4b83-af9e-7b5539ef087a?source=api-scan" ], "published": "2016-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bac8245c-292a-4b16-950f-fa3d06e41a09": { "id": "bac8245c-292a-4b16-950f-fa3d06e41a09", "title": "Support Plus Responsive Ticket System <= 4.1 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bac8245c-292a-4b16-950f-fa3d06e41a09?source=api-scan" ], "published": "2014-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bac8c35b-2afa-4347-b86e-2f16db19a4d3": { "id": "bac8c35b-2afa-4347-b86e-2f16db19a4d3", "title": "LatePoint <= 5.0.12 - Authentication Bypass", "software": [ { "type": "plugin", "name": "LatePoint Plugin", "slug": "latepoint", "affected_versions": { "* - 5.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bac8c35b-2afa-4347-b86e-2f16db19a4d3?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bacc29c3-a1fc-4e75-a3e2-cd3d6aac9554": { "id": "bacc29c3-a1fc-4e75-a3e2-cd3d6aac9554", "title": "Select All Categories and Taxonomies, Change Checkbox to Radio Buttons < 1.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Select All Categories and Taxonomies, Change Checkbox to Radio Buttons", "slug": "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bacc29c3-a1fc-4e75-a3e2-cd3d6aac9554?source=api-scan" ], "published": "2021-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bacd7942-99f6-46e0-85ef-863ab1bdfa6a": { "id": "bacd7942-99f6-46e0-85ef-863ab1bdfa6a", "title": "CP Contact Form with PayPal < 1.1.6 - SQL Injection", "software": [ { "type": "plugin", "name": "CP Contact Form with PayPal", "slug": "cp-contact-form-with-paypal", "affected_versions": { "[*, 1.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bacd7942-99f6-46e0-85ef-863ab1bdfa6a?source=api-scan" ], "published": "2015-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bacfa993-2fc1-43bc-b4f0-f463ba28b4ed": { "id": "bacfa993-2fc1-43bc-b4f0-f463ba28b4ed", "title": "Landing Page Builder <= 1.5.2.0 - Authenticated (Editor+) Local File Inlcusion", "software": [ { "type": "plugin", "name": "Landing Page Builder \u2013 Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages", "slug": "page-builder-add", "affected_versions": { "* - 1.5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bacfa993-2fc1-43bc-b4f0-f463ba28b4ed?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bad00612-d98e-4b5e-88e8-664064588bdd": { "id": "bad00612-d98e-4b5e-88e8-664064588bdd", "title": "Extensions For CF7 <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)", "slug": "extensions-for-cf7", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bad00612-d98e-4b5e-88e8-664064588bdd?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af": { "id": "bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af", "title": "WPvivid <= 0.9.94 - Missing Authorization", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.94": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.94", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.95" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bad7e5c9-f413-43ce-9ab8-e700002f2f3a": { "id": "bad7e5c9-f413-43ce-9ab8-e700002f2f3a", "title": "Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Anything \u2013 Popup for opt-ins and Lead Generation Conversions", "slug": "popup-anything-on-click", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bad7e5c9-f413-43ce-9ab8-e700002f2f3a?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bada73df-8dfb-4f88-a623-cf98173b25c8": { "id": "bada73df-8dfb-4f88-a623-cf98173b25c8", "title": "Post Layouts for Gutenberg <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Layouts for Gutenberg", "slug": "post-layouts", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bada73df-8dfb-4f88-a623-cf98173b25c8?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bae06fa8-546c-4daf-8335-a5e24f6704d4": { "id": "bae06fa8-546c-4daf-8335-a5e24f6704d4", "title": "Stream Video Player <= 1.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Stream Video Player", "slug": "stream-video-player", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bae06fa8-546c-4daf-8335-a5e24f6704d4?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bae67a68-4bd1-4b52-b3dd-af0eef014028": { "id": "bae67a68-4bd1-4b52-b3dd-af0eef014028", "title": "WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baebd08b-1f40-4cb2-8158-c4421af68c06": { "id": "baebd08b-1f40-4cb2-8158-c4421af68c06", "title": "Appointment Calendar <= 2.9.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Calendar", "slug": "appointment-calendar", "affected_versions": { "* - 2.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baebd08b-1f40-4cb2-8158-c4421af68c06?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baecb227-08c4-4de7-a725-db6639587f13": { "id": "baecb227-08c4-4de7-a725-db6639587f13", "title": "JS Help Desk <= 2.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baecb227-08c4-4de7-a725-db6639587f13?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baee7e34-0ed0-4702-9ccc-94177b6284c3": { "id": "baee7e34-0ed0-4702-9ccc-94177b6284c3", "title": "Sidebar Widgets by CodeLights <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Sidebar Widgets by CodeLights", "slug": "codelights-shortcodes-and-widgets", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baee7e34-0ed0-4702-9ccc-94177b6284c3?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "baf54eb2-0b29-4718-a994-f722cefd7317": { "id": "baf54eb2-0b29-4718-a994-f722cefd7317", "title": "Leyka <= 3.30.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "* - 3.30.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.30.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.30.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/baf54eb2-0b29-4718-a994-f722cefd7317?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bafadafe-4aa5-4349-8a9c-89b21ada47ba": { "id": "bafadafe-4aa5-4349-8a9c-89b21ada47ba", "title": "WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection via id Parameter", "software": [ { "type": "plugin", "name": "WP Bannerize", "slug": "wp-bannerize", "affected_versions": { "2.0.0 - 4.0.2": { "from_version": "2.0.0", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bafadafe-4aa5-4349-8a9c-89b21ada47ba?source=api-scan" ], "published": "2021-10-05 20:14:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb00eae9-645d-4827-b691-2408fd24aa75": { "id": "bb00eae9-645d-4827-b691-2408fd24aa75", "title": "Backup and Staging by WP Time Capsule <= 1.22.20 - Authentication Bypass to Account Takeover", "software": [ { "type": "plugin", "name": "Backup and Staging by WP Time Capsule", "slug": "wp-time-capsule", "affected_versions": { "* - 1.22.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb00eae9-645d-4827-b691-2408fd24aa75?source=api-scan" ], "published": "2024-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb0888d6-30e6-4957-b270-1968eace462e": { "id": "bb0888d6-30e6-4957-b270-1968eace462e", "title": "Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb0888d6-30e6-4957-b270-1968eace462e?source=api-scan" ], "published": "2024-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb0dca75-af56-404f-856c-41edd76b72a1": { "id": "bb0dca75-af56-404f-856c-41edd76b72a1", "title": "Charity Addon for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Charity Addon for Elementor", "slug": "charity-addon-for-elementor", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb0dca75-af56-404f-856c-41edd76b72a1?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb0e99c7-003a-4795-8acb-e6dafca34b8c": { "id": "bb0e99c7-003a-4795-8acb-e6dafca34b8c", "title": "CO2ok: carbon offsetting for e-commerce <= 1.0.9.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ClimateClick: Climate Action for all", "slug": "co2ok-for-woocommerce", "affected_versions": { "* - 1.0.9.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb0e99c7-003a-4795-8acb-e6dafca34b8c?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb0f8a0c-d02f-46e2-8808-3ffada105d13": { "id": "bb0f8a0c-d02f-46e2-8808-3ffada105d13", "title": "Tickera <= 3.5.1.0 - Cross-Site Request Forgery to Ticket Post Status Change", "software": [ { "type": "plugin", "name": "Tickera \u2013 WordPress Event Ticketing", "slug": "tickera-event-ticketing-system", "affected_versions": { "* - 3.5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb0f8a0c-d02f-46e2-8808-3ffada105d13?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb14a79a-32ba-4d7a-b706-4e602a25e9cf": { "id": "bb14a79a-32ba-4d7a-b706-4e602a25e9cf", "title": "Enable SVG, WebP & ICO Upload <= 1.0.6 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Enable SVG, WebP & ICO Upload \u00a0", "slug": "enable-svg-webp-ico-upload", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb14a79a-32ba-4d7a-b706-4e602a25e9cf?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb1742fd-7f0c-4a14-aa9c-f2863fcccd17": { "id": "bb1742fd-7f0c-4a14-aa9c-f2863fcccd17", "title": "Revive Old Posts \u2013 Social Media Auto Post and Scheduling Plugin < 8.0.0 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Revive Social \u2013 Social Media Auto Post and Scheduling Automation Plugin", "slug": "tweet-old-post", "affected_versions": { "[*, 8.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb1742fd-7f0c-4a14-aa9c-f2863fcccd17?source=api-scan" ], "published": "2015-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb1def67-ad83-4ad5-bb11-fbd1c02ece47": { "id": "bb1def67-ad83-4ad5-bb11-fbd1c02ece47", "title": "Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Propovoice: All-in-One Client Management System", "slug": "propovoice", "affected_versions": { "* - 1.7.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb1def67-ad83-4ad5-bb11-fbd1c02ece47?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb228bda-5094-4e54-a197-3b66376e2216": { "id": "bb228bda-5094-4e54-a197-3b66376e2216", "title": "Qi Addons For Elementor <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Qi Addons For Elementor", "slug": "qi-addons-for-elementor", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb228bda-5094-4e54-a197-3b66376e2216?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb267bbd-cd62-49f7-9abc-c6734b23be22": { "id": "bb267bbd-cd62-49f7-9abc-c6734b23be22", "title": "Tumult Hype Animations <= 1.9.12 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Tumult Hype Animations", "slug": "tumult-hype-animations", "affected_versions": { "* - 1.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb267bbd-cd62-49f7-9abc-c6734b23be22?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb2897fc-c38b-419f-8651-0620a31b50ec": { "id": "bb2897fc-c38b-419f-8651-0620a31b50ec", "title": "Realtyna Organic IDX plugin <= 4.14.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Realtyna Organic IDX plugin + WPL Real Estate", "slug": "real-estate-listing-realtyna-wpl", "affected_versions": { "* - 4.14.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.14.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb2897fc-c38b-419f-8651-0620a31b50ec?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb2a67ff-a452-4ecb-9fd7-bf05fe43a2f7": { "id": "bb2a67ff-a452-4ecb-9fd7-bf05fe43a2f7", "title": "OAuth Single Sign On \u2013 SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OAuth Single Sign On \u2013 SSO (OAuth Client)", "slug": "miniorange-login-with-eve-online-google-facebook", "affected_versions": { "* - 6.22.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.22.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.23.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb2a67ff-a452-4ecb-9fd7-bf05fe43a2f7?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb2df482-30bf-49e5-b1e2-06e102d2dd1b": { "id": "bb2df482-30bf-49e5-b1e2-06e102d2dd1b", "title": "searchterms-tagging-2 <= 1.535 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO SearchTerms Tagging 2", "slug": "searchterms-tagging-2", "affected_versions": { "* - 1.535": { "from_version": "*", "from_inclusive": true, "to_version": "1.535", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb2df482-30bf-49e5-b1e2-06e102d2dd1b?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb3859eb-5a1f-408c-84aa-acfc68bd0bb5": { "id": "bb3859eb-5a1f-408c-84aa-acfc68bd0bb5", "title": "String Locator <= 2.4.2 - Authenticated Arbitrary File Read", "software": [ { "type": "plugin", "name": "String locator", "slug": "string-locator", "affected_versions": { "[*, 2.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb3859eb-5a1f-408c-84aa-acfc68bd0bb5?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb3aa613-8f34-4d96-8ddf-41fcdcf65c59": { "id": "bb3aa613-8f34-4d96-8ddf-41fcdcf65c59", "title": "SEO Plugin by Squirrly SEO <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "* - 12.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "12.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.3.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb3aa613-8f34-4d96-8ddf-41fcdcf65c59?source=api-scan" ], "published": "2024-07-19 20:19:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb3b0a0e-9f2a-47b1-b2ba-7bb96e581e26": { "id": "bb3b0a0e-9f2a-47b1-b2ba-7bb96e581e26", "title": "Popup Builder <= 1.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder", "slug": "easy-notify-lite", "affected_versions": { "* - 1.1.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb3b0a0e-9f2a-47b1-b2ba-7bb96e581e26?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb3b8d0b-4e58-408c-9527-dc17f62d3167": { "id": "bb3b8d0b-4e58-408c-9527-dc17f62d3167", "title": "Post Grid Master <= 3.4.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Post Grid Master \u2013 Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder", "slug": "ajax-filter-posts", "affected_versions": { "* - 3.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb3b8d0b-4e58-408c-9527-dc17f62d3167?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb4abe41-fb18-46f4-9fd8-90bb1996b241": { "id": "bb4abe41-fb18-46f4-9fd8-90bb1996b241", "title": "Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "[*, 4.6.19)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb4abe41-fb18-46f4-9fd8-90bb1996b241?source=api-scan" ], "published": "2019-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb4d6d2c-a69d-492e-a2d5-fabfaef82f68": { "id": "bb4d6d2c-a69d-492e-a2d5-fabfaef82f68", "title": "OAuth Client by DigitialPixies <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OAuth Client by DigitialPixies", "slug": "dpt-oauth-client", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb4d6d2c-a69d-492e-a2d5-fabfaef82f68?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb5178f4-356b-4352-96ca-500e49006f8a": { "id": "bb5178f4-356b-4352-96ca-500e49006f8a", "title": "ThemeBlvd Themes\/Plugins (Various Versions) - Missing Authorization Checks", "software": [ { "type": "theme", "name": "Swagger", "slug": "swagger", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] }, { "type": "theme", "name": "Alyeska", "slug": "alyeska", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] }, { "type": "plugin", "name": "Theme Blvd Shortcodes", "slug": "theme-blvd-shortcodes", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] }, { "type": "theme", "name": "WP Jump Start", "slug": "jumpstart", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] }, { "type": "theme", "name": "Commodore", "slug": "commodore", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] }, { "type": "theme", "name": "Barely Corporate", "slug": "barelycorporate", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] }, { "type": "plugin", "name": "Theme Blvd Sliders", "slug": "theme-blvd-sliders", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "theme", "name": "Arcadian Responsive", "slug": "arcadian", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] }, { "type": "plugin", "name": "Theme Blvd Widget Areas", "slug": "theme-blvd-widget-areas", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "theme", "name": "Akita", "slug": "akita", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] }, { "type": "plugin", "name": "Theme Blvd Layout Builder", "slug": "theme-blvd-layout-builder", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb5178f4-356b-4352-96ca-500e49006f8a?source=api-scan" ], "published": "2014-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb545a42-6c66-412b-a686-e486b0a58dc5": { "id": "bb545a42-6c66-412b-a686-e486b0a58dc5", "title": "Stripe Payment Plugin for WooCommerce <= 3.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stripe Payment Plugin for WooCommerce", "slug": "payment-gateway-stripe-and-woocommerce-integration", "affected_versions": { "* - 3.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb545a42-6c66-412b-a686-e486b0a58dc5?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb581a8a-8e68-4f5a-8f05-d5b91b0f70d4": { "id": "bb581a8a-8e68-4f5a-8f05-d5b91b0f70d4", "title": "Media Library Assistant <= 2.81 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "[*, 2.82)": { "from_version": "*", "from_inclusive": true, "to_version": "2.82", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.82" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb581a8a-8e68-4f5a-8f05-d5b91b0f70d4?source=api-scan" ], "published": "2019-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb5e6767-d0a9-4ac4-816f-6fb57b1e5f9b": { "id": "bb5e6767-d0a9-4ac4-816f-6fb57b1e5f9b", "title": "Uncode Core <= 2.8.8 - Privilege Escalation", "software": [ { "type": "plugin", "name": "uncode-core", "slug": "uncode-core", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb5e6767-d0a9-4ac4-816f-6fb57b1e5f9b?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb5e6ff6-e70c-4b46-80fc-498becca6158": { "id": "bb5e6ff6-e70c-4b46-80fc-498becca6158", "title": "GWP-Histats <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GWP-Histats", "slug": "gwp-histats", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb5e6ff6-e70c-4b46-80fc-498becca6158?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb5f73c3-f40b-45d5-9947-c1a514d230f7": { "id": "bb5f73c3-f40b-45d5-9947-c1a514d230f7", "title": "Brizy \u2013 Page Builder <= 2.4.44 - Missing Authorization to Authenticated (Contributor+) Post Modification", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.44": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb5f73c3-f40b-45d5-9947-c1a514d230f7?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8": { "id": "bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8", "title": "Japanized For WooCommerce <= 2.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Japanized For WooCommerce", "slug": "woocommerce-for-japan", "affected_versions": { "* - 2.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb6182e8-ba5c-4873-aa18-45a79191c8c5": { "id": "bb6182e8-ba5c-4873-aa18-45a79191c8c5", "title": "WordPress Core < 4.8.3 - SQL Injection due to Double Prepare approach", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.22": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.22", "to_inclusive": true }, "3.8 - 3.8.22": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.22", "to_inclusive": true }, "3.9 - 3.9.20": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.20", "to_inclusive": true }, "4.0 - 4.0.19": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.19", "to_inclusive": true }, "4.1 - 4.1.19": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.19", "to_inclusive": true }, "4.2 - 4.2.16": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.16", "to_inclusive": true }, "4.3 - 4.3.12": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.12", "to_inclusive": true }, "4.4 - 4.4.11": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.11", "to_inclusive": true }, "4.5 - 4.5.10": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.10", "to_inclusive": true }, "4.6 - 4.6.7": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.7", "to_inclusive": true }, "4.7 - 4.7.6": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.6", "to_inclusive": true }, "4.8 - 4.8.2": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.23", "3.8.23", "3.9.21", "4.0.20", "4.1.20", "4.2.17", "4.3.13", "4.4.12", "4.5.11", "4.6.8", "4.7.7", "4.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb6182e8-ba5c-4873-aa18-45a79191c8c5?source=api-scan" ], "published": "2017-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb6c977f-6ab3-4c94-83b1-968dafca4a8e": { "id": "bb6c977f-6ab3-4c94-83b1-968dafca4a8e", "title": "Charitable <= 1.8.1.7 - Missing Authorization to Unauthorized Donation", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "* - 1.8.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb6c977f-6ab3-4c94-83b1-968dafca4a8e?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb6cd3a6-565e-4acf-82f0-25e85f0678bb": { "id": "bb6cd3a6-565e-4acf-82f0-25e85f0678bb", "title": "User Control <= 2.1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "User Control", "slug": "user-control", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb6cd3a6-565e-4acf-82f0-25e85f0678bb?source=api-scan" ], "published": "2018-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb6ecb74-b337-4930-a737-f70799607d89": { "id": "bb6ecb74-b337-4930-a737-f70799607d89", "title": "Anti Plagiarism <= 3.60 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "anti-plagiarism", "slug": "anti-plagiarism", "affected_versions": { "* - 3.60": { "from_version": "*", "from_inclusive": true, "to_version": "3.60", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb6ecb74-b337-4930-a737-f70799607d89?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb6f3607-d44f-452a-b3ad-55f036033480": { "id": "bb6f3607-d44f-452a-b3ad-55f036033480", "title": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin <= 1.6.7.42 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.6.7.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb6f3607-d44f-452a-b3ad-55f036033480?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb74a917-2dfb-4229-a72a-9c3d1f9a6324": { "id": "bb74a917-2dfb-4229-a72a-9c3d1f9a6324", "title": "GamiPress \u2013 Youtube integration <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GamiPress \u2013 Youtube integration", "slug": "gamipress-youtube-integration", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb74a917-2dfb-4229-a72a-9c3d1f9a6324?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb762cd0-1925-4161-bd12-9e781de60c9c": { "id": "bb762cd0-1925-4161-bd12-9e781de60c9c", "title": "Simple Single Sign On <= 4.1.1 - Insecure OAuth Implementation to Authentication Bypass", "software": [ { "type": "plugin", "name": "Simple Single Sign On", "slug": "single-sign-on-client", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb762cd0-1925-4161-bd12-9e781de60c9c?source=api-scan" ], "published": "2022-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb7d99a7-1e7d-43e1-839c-286b454c8276": { "id": "bb7d99a7-1e7d-43e1-839c-286b454c8276", "title": "SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion", "software": [ { "type": "plugin", "name": "SendGrid for WordPress", "slug": "wp-sendgrid-mailer", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb7d99a7-1e7d-43e1-839c-286b454c8276?source=api-scan" ], "published": "2024-10-17 15:43:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb7e9ea4-c450-491f-b924-47ed4abec64a": { "id": "bb7e9ea4-c450-491f-b924-47ed4abec64a", "title": "User Activity Log <= 1.6.5 - Unauthenticated Data Export to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb7e9ea4-c450-491f-b924-47ed4abec64a?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb81e90f-8da4-483c-9bc1-18b6c016df5e": { "id": "bb81e90f-8da4-483c-9bc1-18b6c016df5e", "title": "WPS Hide Login <= 1.9.11 - Hidden Login Page Location Disclosure", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "* - 1.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb81e90f-8da4-483c-9bc1-18b6c016df5e?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb8232cd-4fd5-4e0f-90d0-91e5eb7e70c8": { "id": "bb8232cd-4fd5-4e0f-90d0-91e5eb7e70c8", "title": "WP-Download <= 1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "WP-Download", "slug": "wp-download", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb8232cd-4fd5-4e0f-90d0-91e5eb7e70c8?source=api-scan" ], "published": "2008-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb85341a-0253-41b2-992e-9202cb3e0f2d": { "id": "bb85341a-0253-41b2-992e-9202cb3e0f2d", "title": "GB Gallery Slideshow <= 1.5 - SQL Injection", "software": [ { "type": "plugin", "name": "GB Gallery Slideshow", "slug": "gb-gallery-slideshow", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb85341a-0253-41b2-992e-9202cb3e0f2d?source=api-scan" ], "published": "2014-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb8640f2-d3cc-4a4a-8dfb-adaa8b77264c": { "id": "bb8640f2-d3cc-4a4a-8dfb-adaa8b77264c", "title": "Soundy Audio Playlist <= 4.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Soundy Audio Playlist", "slug": "soundy-audio-playlist", "affected_versions": { "* - 4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb8640f2-d3cc-4a4a-8dfb-adaa8b77264c?source=api-scan" ], "published": "2018-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb8aca3a-e4f7-41d6-9ea9-d189817c2c04": { "id": "bb8aca3a-e4f7-41d6-9ea9-d189817c2c04", "title": "Visibility Logic for Elementor <= 2.3.4 - Cross-Site Request Forgery via toggle_option", "software": [ { "type": "plugin", "name": "Visibility Logic for Elementor", "slug": "visibility-logic-elementor", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb8aca3a-e4f7-41d6-9ea9-d189817c2c04?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb8d81c3-4a5b-491f-9868-3bb7b431f8e4": { "id": "bb8d81c3-4a5b-491f-9868-3bb7b431f8e4", "title": "Alpine PhotoTile for Pinterest <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Alpine PhotoTile for Pinterest", "slug": "alpine-photo-tile-for-pinterest", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb8d81c3-4a5b-491f-9868-3bb7b431f8e4?source=api-scan" ], "published": "2022-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb929679-85bb-4d5b-9a99-e6081d55019f": { "id": "bb929679-85bb-4d5b-9a99-e6081d55019f", "title": "miniOrange's Google Authenticator <= 5.5.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.75" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb929679-85bb-4d5b-9a99-e6081d55019f?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb93853b-a6e0-42d1-8b10-b391984603f2": { "id": "bb93853b-a6e0-42d1-8b10-b391984603f2", "title": "Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb93853b-a6e0-42d1-8b10-b391984603f2?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb967453-59d6-4b03-8c75-1906b99bff80": { "id": "bb967453-59d6-4b03-8c75-1906b99bff80", "title": "Everest News Pro <= 1.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Everest News Pro", "slug": "everest-news-pro", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb967453-59d6-4b03-8c75-1906b99bff80?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb979c91-6795-4365-a61b-2cf67a9c8223": { "id": "bb979c91-6795-4365-a61b-2cf67a9c8223", "title": "thecotton <= 1.14 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "thecotton", "slug": "thecotton_v114", "affected_versions": { "* - 1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb979c91-6795-4365-a61b-2cf67a9c8223?source=api-scan" ], "published": "2014-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb98b2ee-5c51-453f-9e55-52027237e732": { "id": "bb98b2ee-5c51-453f-9e55-52027237e732", "title": "Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hostel", "slug": "hostel", "affected_versions": { "* - 1.1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb98b2ee-5c51-453f-9e55-52027237e732?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb9bce29-9842-4d8a-ac9b-24432a28851c": { "id": "bb9bce29-9842-4d8a-ac9b-24432a28851c", "title": "Opening Hours <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Opening Hours", "slug": "wp-opening-hours", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb9bce29-9842-4d8a-ac9b-24432a28851c?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bb9fc87e-b376-49ce-ba69-5acef9deda4d": { "id": "bb9fc87e-b376-49ce-ba69-5acef9deda4d", "title": "ReDi Restaurant Reservation <= 24.0902 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ReDi Restaurant Reservation", "slug": "redi-restaurant-reservation", "affected_versions": { "* - 24.0902": { "from_version": "*", "from_inclusive": true, "to_version": "24.0902", "to_inclusive": true } }, "patched": true, "patched_versions": [ "24.1015" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bb9fc87e-b376-49ce-ba69-5acef9deda4d?source=api-scan" ], "published": "2024-10-16 13:30:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bba2eb67-70a9-438b-8d18-774fcf557469": { "id": "bba2eb67-70a9-438b-8d18-774fcf557469", "title": "azurecurve Toggle Show\/Hide <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "azurecurve Toggle Show\/Hide", "slug": "azurecurve-toggle-showhide", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bba2eb67-70a9-438b-8d18-774fcf557469?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bba3eeeb-5e7e-4ec3-9db0-02c44585647a": { "id": "bba3eeeb-5e7e-4ec3-9db0-02c44585647a", "title": "WordPress Core < 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Embed Discovery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.1.38)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.38", "to_inclusive": false }, "[4.2, 4.2.35)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.35", "to_inclusive": false }, "[4.3, 4.3.31)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.31", "to_inclusive": false }, "[4.4, 4.4.30)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.30", "to_inclusive": false }, "[4.5, 4.5.29)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.29", "to_inclusive": false }, "[4.6, 4.6.26)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.26", "to_inclusive": false }, "[4.7, 4.7.26)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.26", "to_inclusive": false }, "[4.8, 4.8.22)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.22", "to_inclusive": false }, "[4.9, 4.9.23)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": false }, "[5.0, 5.0.19)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.19", "to_inclusive": false }, "[5.1, 5.1.16)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": false }, "[5.2, 5.2.18)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.18", "to_inclusive": false }, "[5.3, 5.3.15)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": false }, "[5.4, 5.4.13)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": false }, "[5.5, 5.5.12)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.12", "to_inclusive": false }, "[5.6, 5.6.11)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": false }, "[5.7, 5.7.9)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": false }, "[5.8, 5.8.7)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": false }, "[5.9, 5.9.6)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.6", "to_inclusive": false }, "[6.0, 6.0.4)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": false }, "[6.1, 6.1.2)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": false }, "[6.2, 6.2.1)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.38", "4.2.35", "4.3.31", "4.4.30", "4.5.29", "4.6.26", "4.7.26", "4.8.22", "4.9.23", "5.0.19", "5.1.16", "5.2.18", "5.3.15", "5.4.13", "5.5.12", "5.6.11", "5.7.9", "5.8.7", "5.9.6", "6.0.4", "6.1.2", "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bba3eeeb-5e7e-4ec3-9db0-02c44585647a?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bba4286b-acce-4dff-b809-dbd04d59702b": { "id": "bba4286b-acce-4dff-b809-dbd04d59702b", "title": "Search Exclude <= 1.2.3 - Arbitrary Settings Change", "software": [ { "type": "plugin", "name": "Search Exclude", "slug": "search-exclude", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bba4286b-acce-4dff-b809-dbd04d59702b?source=api-scan" ], "published": "2019-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bba4f30f-fc21-4387-a29e-4e4a115d7c3c": { "id": "bba4f30f-fc21-4387-a29e-4e4a115d7c3c", "title": "Apocalypse Meow 21.1.3 - 21.2.7 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Apocalypse Meow", "slug": "apocalypse-meow", "affected_versions": { "21.1.3 - 21.2.7": { "from_version": "21.1.3", "from_inclusive": true, "to_version": "21.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bba4f30f-fc21-4387-a29e-4e4a115d7c3c?source=api-scan" ], "published": "2017-12-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bba6567f-457b-44fd-993a-3f5380a2c3fb": { "id": "bba6567f-457b-44fd-993a-3f5380a2c3fb", "title": "EventON <= 2.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bba6567f-457b-44fd-993a-3f5380a2c3fb?source=api-scan" ], "published": "2023-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bba7fde9-0718-4681-9a1b-7c77bc0affbd": { "id": "bba7fde9-0718-4681-9a1b-7c77bc0affbd", "title": "Amelia <= 1.0.46 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bba7fde9-0718-4681-9a1b-7c77bc0affbd?source=api-scan" ], "published": "2022-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbaae72c-b5a6-4fa3-9268-94c0e6a59d1c": { "id": "bbaae72c-b5a6-4fa3-9268-94c0e6a59d1c", "title": "Popup Maker < 1.6.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbaae72c-b5a6-4fa3-9268-94c0e6a59d1c?source=api-scan" ], "published": "2017-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbaba6cb-a829-4c07-b068-bdcb6a646450": { "id": "bbaba6cb-a829-4c07-b068-bdcb6a646450", "title": "Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.6.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload \u2013 Contact Form 7", "slug": "drag-and-drop-multiple-file-upload-contact-form-7", "affected_versions": { "* - 1.3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbaba6cb-a829-4c07-b068-bdcb6a646450?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbacdde1-87e0-4b3a-8580-f1d37c130a1c": { "id": "bbacdde1-87e0-4b3a-8580-f1d37c130a1c", "title": "Simplified Content < 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simplified Content", "slug": "simplified-content", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbacdde1-87e0-4b3a-8580-f1d37c130a1c?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbade634-cd81-41c0-8976-f5cb251da3f2": { "id": "bbade634-cd81-41c0-8976-f5cb251da3f2", "title": "Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "* - 22.7": { "from_version": "*", "from_inclusive": true, "to_version": "22.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "22.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbade634-cd81-41c0-8976-f5cb251da3f2?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbb19be3-8783-4474-a258-285e3b90f1e0": { "id": "bbb19be3-8783-4474-a258-285e3b90f1e0", "title": "Meks Video Importer <= 1.0.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "Meks Video Importer", "slug": "meks-video-importer", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbb19be3-8783-4474-a258-285e3b90f1e0?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbb3ee94-e631-47ee-9f16-6bf7c23abab1": { "id": "bbb3ee94-e631-47ee-9f16-6bf7c23abab1", "title": "Prime Slider \u2013 Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbb3ee94-e631-47ee-9f16-6bf7c23abab1?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbb57de9-210e-4983-965b-9a74ca10c494": { "id": "bbb57de9-210e-4983-965b-9a74ca10c494", "title": "Contact Form Generator : Creative form builder for WordPress <= 2.1.86 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form Generator : Creative form builder for WordPress", "slug": "contact-form-generator", "affected_versions": { "* - 2.1.86": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbb57de9-210e-4983-965b-9a74ca10c494?source=api-scan" ], "published": "2015-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbb65d61-c7e1-4884-8b10-a26df504724c": { "id": "bbb65d61-c7e1-4884-8b10-a26df504724c", "title": "Easy Login Styler \u2013 White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Login Styler \u2013 White Label Admin Login Page for WordPress", "slug": "easy-login-styler", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbb65d61-c7e1-4884-8b10-a26df504724c?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbb67f02-87e8-4ca3-8a9d-6663a700ab5b": { "id": "bbb67f02-87e8-4ca3-8a9d-6663a700ab5b", "title": "ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting via imgmap_save_area_title", "software": [ { "type": "plugin", "name": "ImageMapper", "slug": "imagemapper", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbb67f02-87e8-4ca3-8a9d-6663a700ab5b?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbba83c2-4dc3-4850-8bbf-f9c700247b49": { "id": "bbba83c2-4dc3-4850-8bbf-f9c700247b49", "title": "WP Symposium < 15.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "[*, 15.4)": { "from_version": "*", "from_inclusive": true, "to_version": "15.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbba83c2-4dc3-4850-8bbf-f9c700247b49?source=api-scan" ], "published": "2015-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbc1b46e-139a-4e1a-a0c7-e45e10adada5": { "id": "bbc1b46e-139a-4e1a-a0c7-e45e10adada5", "title": "Secure Copy Content Protection and Content Locking <= 2.6.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Secure Copy Content Protection and Content Locking", "slug": "secure-copy-content-protection", "affected_versions": { "[*, 2.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbc1b46e-139a-4e1a-a0c7-e45e10adada5?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbc2a1f7-4c3c-4f37-a187-572f40e9b792": { "id": "bbc2a1f7-4c3c-4f37-a187-572f40e9b792", "title": "WP Statistics <= 13.1.4 - Unauthenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbc2a1f7-4c3c-4f37-a187-572f40e9b792?source=api-scan" ], "published": "2022-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbc8ccc1-7b72-44fb-8bf5-e7cb46081ed5": { "id": "bbc8ccc1-7b72-44fb-8bf5-e7cb46081ed5", "title": "StageShow < 5.0.9 - Open Redirect", "software": [ { "type": "plugin", "name": "StageShow", "slug": "stageshow", "affected_versions": { "[*, 5.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbc8ccc1-7b72-44fb-8bf5-e7cb46081ed5?source=api-scan" ], "published": "2015-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbc8e925-878a-42e2-ae78-35ec95e07526": { "id": "bbc8e925-878a-42e2-ae78-35ec95e07526", "title": "WP Content Copy Protection <= 3.4.4 - Cross-Site Request Forgery to Setting Update", "software": [ { "type": "plugin", "name": "WP Content Copy Protection", "slug": "wp-content-copy-protection", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbc8e925-878a-42e2-ae78-35ec95e07526?source=api-scan" ], "published": "2022-02-16 08:04:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbc91abd-d865-45a2-bc37-f34cb10f1863": { "id": "bbc91abd-d865-45a2-bc37-f34cb10f1863", "title": "mTouch Quiz <= 3.1.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mTouch Quiz", "slug": "mtouch-quiz", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbc91abd-d865-45a2-bc37-f34cb10f1863?source=api-scan" ], "published": "2015-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbcb648a-4a3e-4645-bd62-4415b1cf6516": { "id": "bbcb648a-4a3e-4645-bd62-4415b1cf6516", "title": "Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection", "software": [ { "type": "plugin", "name": "Relevanssi Live Ajax Search", "slug": "relevanssi-live-ajax-search", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbcb648a-4a3e-4645-bd62-4415b1cf6516?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbd0fb22-a39c-43f5-a93c-976b7e49967b": { "id": "bbd0fb22-a39c-43f5-a93c-976b7e49967b", "title": "YITH WooCommerce Account Funds Premium <= 1.33.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "YITH WooCommerce Account Funds Premium", "slug": "yith-woocommerce-account-funds-premium", "affected_versions": { "* - 1.33.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.33.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.34.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbd0fb22-a39c-43f5-a93c-976b7e49967b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbd1e68f-1f84-40d6-9ecd-34280c3c5099": { "id": "bbd1e68f-1f84-40d6-9ecd-34280c3c5099", "title": "Yet Another Stars Rating <= 1.8.6 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "YASR \u2013 Yet Another Star Rating Plugin for WordPress", "slug": "yet-another-stars-rating", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbd1e68f-1f84-40d6-9ecd-34280c3c5099?source=api-scan" ], "published": "2019-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbd641a4-a8cf-4e51-8675-53d867740ded": { "id": "bbd641a4-a8cf-4e51-8675-53d867740ded", "title": "Out-of-the-Box <= 1.20.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Out-of-the-Box", "slug": "out-of-the-box", "affected_versions": { "[*, 1.20.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbd641a4-a8cf-4e51-8675-53d867740ded?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbd8dc5f-7a62-4258-a13e-e5cec911fdc4": { "id": "bbd8dc5f-7a62-4258-a13e-e5cec911fdc4", "title": "Events Calendar for Google <= 2.1.0 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Events Calendar for Google", "slug": "events-calendar-for-google", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbd8dc5f-7a62-4258-a13e-e5cec911fdc4?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbdca292-89b6-4e62-bc68-4fdcd57fd504": { "id": "bbdca292-89b6-4e62-bc68-4fdcd57fd504", "title": "WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbdca292-89b6-4e62-bc68-4fdcd57fd504?source=api-scan" ], "published": "2018-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbdeaa77-72c9-4afc-8913-7a1e44cdeb82": { "id": "bbdeaa77-72c9-4afc-8913-7a1e44cdeb82", "title": "Bulk Edit Post Titles <= 5.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Bulk Edit Post Titles", "slug": "bulk-edit-post-titles", "affected_versions": { "* - 5.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbdeaa77-72c9-4afc-8913-7a1e44cdeb82?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbe973a3-a8bf-4037-9067-7cc0987291fe": { "id": "bbe973a3-a8bf-4037-9067-7cc0987291fe", "title": "qTranslate X Cleanup and WPML Import <= 3.0.1 - Missing Authorization via clean_ajx", "software": [ { "type": "plugin", "name": "qTranslate X Cleanup and WPML Import", "slug": "qtranslate-to-wpml-export", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbe973a3-a8bf-4037-9067-7cc0987291fe?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbe9eed9-9a96-47da-95fa-b942817a9d4f": { "id": "bbe9eed9-9a96-47da-95fa-b942817a9d4f", "title": "WordPress Core < 4.8.2 - Directory Traversal via Customizer", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbe9eed9-9a96-47da-95fa-b942817a9d4f?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbeb32a8-5acf-4a68-859d-98652e8ff5d1": { "id": "bbeb32a8-5acf-4a68-859d-98652e8ff5d1", "title": "Email Before Download <= 3.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Email Before Download", "slug": "email-before-download", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbeb32a8-5acf-4a68-859d-98652e8ff5d1?source=api-scan" ], "published": "2017-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a": { "id": "bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a", "title": "Profile Builder \u2013 User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bbf9a765-3718-4957-aa18-562654824fbf": { "id": "bbf9a765-3718-4957-aa18-562654824fbf", "title": "Countdown and CountUp, WooCommerce Sales Timers <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Countdown and CountUp, WooCommerce Sales Timer", "slug": "countdown-wpdevart-extended", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bbf9a765-3718-4957-aa18-562654824fbf?source=api-scan" ], "published": "2021-09-27 13:41:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc045440-a8ca-40d3-b198-421b197e6928": { "id": "bc045440-a8ca-40d3-b198-421b197e6928", "title": "Breeze \u2013 WordPress Cache Plugin <= 2.0.2 - Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "Breeze \u2013 WordPress Cache Plugin", "slug": "breeze", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc045440-a8ca-40d3-b198-421b197e6928?source=api-scan" ], "published": "2022-05-02 13:12:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc0d36f8-6569-49a1-b722-5cf57c4bb32a": { "id": "bc0d36f8-6569-49a1-b722-5cf57c4bb32a", "title": "WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "5.9 - 5.9.9": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.9", "to_inclusive": true }, "6.0 - 6.0.8": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.8", "to_inclusive": true }, "6.1 - 6.1.6": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.6", "to_inclusive": true }, "6.2 - 6.2.5": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.5", "to_inclusive": true }, "6.3 - 6.3.4": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.4", "to_inclusive": true }, "6.4 - 6.4.4": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true }, "6.5 - 6.5.4": { "from_version": "6.5", "from_inclusive": true, "to_version": "6.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.10", "6.0.9", "6.1.7", "6.2.6", "6.3.5", "6.4.5", "6.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc121ed0-4cb3-4ba4-b693-413b1c25e4ca": { "id": "bc121ed0-4cb3-4ba4-b693-413b1c25e4ca", "title": "Weaver Xtreme Theme Support <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via div Shortcode", "software": [ { "type": "plugin", "name": "Weaver Xtreme Theme Support", "slug": "weaverx-theme-support", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc121ed0-4cb3-4ba4-b693-413b1c25e4ca?source=api-scan" ], "published": "2024-06-04 19:18:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc176920-04c4-42c7-ab9c-683788e998dd": { "id": "bc176920-04c4-42c7-ab9c-683788e998dd", "title": "Zoho Flow for WordPress <= 2.8.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Zoho Flow for WordPress", "slug": "zoho-flow", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc176920-04c4-42c7-ab9c-683788e998dd?source=api-scan" ], "published": "2024-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc1abdd7-d563-44af-86d3-58005706d624": { "id": "bc1abdd7-d563-44af-86d3-58005706d624", "title": "WPC Grouped Product for WooCommerce <= 4.4.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WPC Grouped Product for WooCommerce", "slug": "wpc-grouped-product", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc1abdd7-d563-44af-86d3-58005706d624?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc20f303-cac3-4517-9c45-153c410a13af": { "id": "bc20f303-cac3-4517-9c45-153c410a13af", "title": "BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc20f303-cac3-4517-9c45-153c410a13af?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc22a8df-44be-477e-a3b6-67960bf442d3": { "id": "bc22a8df-44be-477e-a3b6-67960bf442d3", "title": "Easy Social Like Box \u2013 Popup \u2013 Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Social Like Box \u2013 Popup \u2013 Sidebar Widget", "slug": "cardoza-facebook-like-box", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc22a8df-44be-477e-a3b6-67960bf442d3?source=api-scan" ], "published": "2024-06-05 12:59:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc22ffe3-bd2a-4af8-84e7-5a53b68de141": { "id": "bc22ffe3-bd2a-4af8-84e7-5a53b68de141", "title": "WordPress Exit Strategy <= 1.55 - Information Exposure", "software": [ { "type": "plugin", "name": "WordPress Exit Strategy", "slug": "exit-strategy", "affected_versions": { "* - 1.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc22ffe3-bd2a-4af8-84e7-5a53b68de141?source=api-scan" ], "published": "2013-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc26ce1b-2427-4320-8363-f635ea02aece": { "id": "bc26ce1b-2427-4320-8363-f635ea02aece", "title": "Atarim <= 3.9.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "* - 3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc26ce1b-2427-4320-8363-f635ea02aece?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc2af96c-09c5-4ddf-a910-04291aeeef49": { "id": "bc2af96c-09c5-4ddf-a910-04291aeeef49", "title": "Ultimate Member < 2.0.4 - Authenticated Unrestricted File Upload", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc2af96c-09c5-4ddf-a910-04291aeeef49?source=api-scan" ], "published": "2018-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc2c3bdb-65b9-4e0b-899f-bd08077bc8ba": { "id": "bc2c3bdb-65b9-4e0b-899f-bd08077bc8ba", "title": "WordPress Social Login <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Social Login", "slug": "wordpress-social-login", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc2c3bdb-65b9-4e0b-899f-bd08077bc8ba?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc2cbf43-3e8a-4364-9355-6d6587204c1c": { "id": "bc2cbf43-3e8a-4364-9355-6d6587204c1c", "title": "MSHOP MY SITE <= 1.1.7 - Missing Authorization via update_settings", "software": [ { "type": "plugin", "name": "\ucf54\ub4dc\uc5e0\uc0f5 \ub9c8\uc774\uc0ac\uc774\ud2b8 \u2013 MSHOP MY SITE", "slug": "mshop-mysite", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc2cbf43-3e8a-4364-9355-6d6587204c1c?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc2e883b-fb91-425c-a779-89a34eed2ba8": { "id": "bc2e883b-fb91-425c-a779-89a34eed2ba8", "title": "Royal Elementor Addons <=1.3.55 - Missing Authorization to Subscriber+ Arbitrary Post Creation", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc2e883b-fb91-425c-a779-89a34eed2ba8?source=api-scan" ], "published": "2022-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc2ee795-39e5-48c2-ac2a-cfc520bdd857": { "id": "bc2ee795-39e5-48c2-ac2a-cfc520bdd857", "title": "QR Redirector < 1.6.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "QR Redirector", "slug": "qr-redirector", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc2ee795-39e5-48c2-ac2a-cfc520bdd857?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc38990f-0079-46de-8197-0187189d90d9": { "id": "bc38990f-0079-46de-8197-0187189d90d9", "title": "ShiftController Employee Shift Scheduling <= 4.9.23 - Unauthenticated Stored Cross-Site Scripting via 'hc-title'", "software": [ { "type": "plugin", "name": "ShiftController Employee Shift Scheduling", "slug": "shiftcontroller", "affected_versions": { "* - 4.9.23": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc38990f-0079-46de-8197-0187189d90d9?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc3910e4-649f-45ab-876a-a4b04afac8d2": { "id": "bc3910e4-649f-45ab-876a-a4b04afac8d2", "title": "SEOPress \u2013 On-site SEO <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 7.5.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc3910e4-649f-45ab-876a-a4b04afac8d2?source=api-scan" ], "published": "2024-05-23 17:02:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc3bc6e8-aae7-451e-b26a-cc5e8fcd0a33": { "id": "bc3bc6e8-aae7-451e-b26a-cc5e8fcd0a33", "title": "WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 2.3.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc3bc6e8-aae7-451e-b26a-cc5e8fcd0a33?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc3efc42-7cf5-4dcd-9653-891deaae19c3": { "id": "bc3efc42-7cf5-4dcd-9653-891deaae19c3", "title": "Comments - wpDiscuz 7.0 - 7.0.4 - Unauthenticated Arbitrary File Upload leading to Remote Code Execution", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "7.0 - 7.0.4": { "from_version": "7.0", "from_inclusive": true, "to_version": "7.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc3efc42-7cf5-4dcd-9653-891deaae19c3?source=api-scan" ], "published": "2021-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc3f1d4e-84f7-4878-8b06-10444caa7dcf": { "id": "bc3f1d4e-84f7-4878-8b06-10444caa7dcf", "title": "WP iCal Availability <= 1.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP iCal Availability", "slug": "wp-ical-availability", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc3f1d4e-84f7-4878-8b06-10444caa7dcf?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc44c95e-9ca0-46d0-8315-72612ef3f855": { "id": "bc44c95e-9ca0-46d0-8315-72612ef3f855", "title": "WPCS \u2013 WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion", "software": [ { "type": "plugin", "name": "WPCS \u2013 WordPress Currency Switcher Professional", "slug": "currency-switcher", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc44c95e-9ca0-46d0-8315-72612ef3f855?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc491c2b-0ae2-4002-a745-435a183d8e01": { "id": "bc491c2b-0ae2-4002-a745-435a183d8e01", "title": "Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Classified Listing Pro - Classified ads & Business Directory Plugin", "slug": "classified-listing-pro", "affected_versions": { "[*, 2.0.20)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc491c2b-0ae2-4002-a745-435a183d8e01?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc4bfa81-c781-42df-91c7-3daed1e6a6f4": { "id": "bc4bfa81-c781-42df-91c7-3daed1e6a6f4", "title": "Zeenshare <= 1.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "zeenshare", "slug": "zeenshare", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc4bfa81-c781-42df-91c7-3daed1e6a6f4?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc53ad70-d630-4d4a-bcca-79732134e6a6": { "id": "bc53ad70-d630-4d4a-bcca-79732134e6a6", "title": "WP-Polls <= 2.75.6 - IP Validation Bypass", "software": [ { "type": "plugin", "name": "WP-Polls", "slug": "wp-polls", "affected_versions": { "* - 2.75.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.75.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.76.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc53ad70-d630-4d4a-bcca-79732134e6a6?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc56fe18-f0f4-4f7b-96c2-40d376e0fd74": { "id": "bc56fe18-f0f4-4f7b-96c2-40d376e0fd74", "title": "Daily Inspiration Generator <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Daily Inspiration Generator", "slug": "daily-inspiration-generator", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc56fe18-f0f4-4f7b-96c2-40d376e0fd74?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc590a99-0c9d-4c38-b7ec-b8a0dc7f6f0a": { "id": "bc590a99-0c9d-4c38-b7ec-b8a0dc7f6f0a", "title": "Rezgo Online Booking < 1.4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rezgo Online Booking", "slug": "rezgo", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc590a99-0c9d-4c38-b7ec-b8a0dc7f6f0a?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc59b997-a8e2-4c75-aa5f-36cc5a66326e": { "id": "bc59b997-a8e2-4c75-aa5f-36cc5a66326e", "title": "Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Plainview Protect Passwords", "slug": "plainview-protect-passwords", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc59b997-a8e2-4c75-aa5f-36cc5a66326e?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc5da189-838d-4c0b-a734-283c4da36473": { "id": "bc5da189-838d-4c0b-a734-283c4da36473", "title": "Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion", "software": [ { "type": "plugin", "name": "Advanced Classifieds & Directory Pro", "slug": "advanced-classifieds-and-directory-pro", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc5da189-838d-4c0b-a734-283c4da36473?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc5e3932-809c-46d7-bb8d-1dffac9877a4": { "id": "bc5e3932-809c-46d7-bb8d-1dffac9877a4", "title": "MapPress Maps for WordPress <=2.53.8 - Authenticated Map Creation\/Deletion to Stored Cross-Site Scripting & Remote Code Execution", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "[*, 2.53.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.53.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.53.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc5e3932-809c-46d7-bb8d-1dffac9877a4?source=api-scan" ], "published": "2020-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc5ef2cf-8b97-4aca-8e90-bb0a19788e4e": { "id": "bc5ef2cf-8b97-4aca-8e90-bb0a19788e4e", "title": "Stripe Payments For WooCommerce by Checkout <= 1.9.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Stripe Payments For WooCommerce by Checkout Plugins", "slug": "checkout-plugins-stripe-woo", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc5ef2cf-8b97-4aca-8e90-bb0a19788e4e?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc5f1b00-acee-4dc8-acd7-2d3f3493f253": { "id": "bc5f1b00-acee-4dc8-acd7-2d3f3493f253", "title": "MpOperationLogs <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mpOperationLogs", "slug": "mpoperationlogs", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc5f1b00-acee-4dc8-acd7-2d3f3493f253?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc67ff08-b660-477a-9457-b681cf0381f5": { "id": "bc67ff08-b660-477a-9457-b681cf0381f5", "title": "Donation Thermometer <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donation Thermometer", "slug": "donation-thermometer", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc67ff08-b660-477a-9457-b681cf0381f5?source=api-scan" ], "published": "2022-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc684cd2-f01a-4c2d-b979-a47b83d01bd2": { "id": "bc684cd2-f01a-4c2d-b979-a47b83d01bd2", "title": "WP Statistics <= 12.6.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 12.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "12.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.6.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc684cd2-f01a-4c2d-b979-a47b83d01bd2?source=api-scan" ], "published": "2019-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc698c40-4a2b-4dab-93f0-647e4db79d2c": { "id": "bc698c40-4a2b-4dab-93f0-647e4db79d2c", "title": "Bridge Core <= 3.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bridge Core", "slug": "bridge-core", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc698c40-4a2b-4dab-93f0-647e4db79d2c?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc69ec54-b30f-402e-ad3b-24fd680ea72b": { "id": "bc69ec54-b30f-402e-ad3b-24fd680ea72b", "title": "Groundhogg <= 1.3.11.13 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 1.3.11.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.11.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc69ec54-b30f-402e-ad3b-24fd680ea72b?source=api-scan" ], "published": "2019-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc6a8c0e-1136-41ff-bfc2-450434aa6326": { "id": "bc6a8c0e-1136-41ff-bfc2-450434aa6326", "title": "WordPress Core < 5.4.2 - Open Redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.33": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.33", "to_inclusive": true }, "3.8 - 3.8.33": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.33", "to_inclusive": true }, "3.9 - 3.9.31": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.31", "to_inclusive": true }, "4.0 - 4.0.30": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.30", "to_inclusive": true }, "4.1 - 4.1.30": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.30", "to_inclusive": true }, "4.2 - 4.2.27": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.27", "to_inclusive": true }, "4.3 - 4.3.23": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.23", "to_inclusive": true }, "4.4 - 4.4.22": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.22", "to_inclusive": true }, "4.5 - 4.5.21": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.21", "to_inclusive": true }, "4.6 - 4.6.18": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.18", "to_inclusive": true }, "4.7 - 4.7.17": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.17", "to_inclusive": true }, "4.8 - 4.8.13": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.13", "to_inclusive": true }, "4.9 - 4.9.14": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.14", "to_inclusive": true }, "5.0 - 5.0.9": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true }, "5.1 - 5.1.5": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true }, "5.2 - 5.2.6": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true }, "5.3 - 5.3.3": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.34", "3.8.34", "3.9.32", "4.0.31", "4.1.31", "4.2.28", "4.3.24", "4.4.23", "4.5.22", "4.6.19", "4.7.18", "4.8.14", "4.9.15", "5.0.10", "5.1.6", "5.2.7", "5.3.4", "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc6a8c0e-1136-41ff-bfc2-450434aa6326?source=api-scan" ], "published": "2020-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc6cfad1-d23a-4a96-9d6c-841b6d795a01": { "id": "bc6cfad1-d23a-4a96-9d6c-841b6d795a01", "title": "Super Socializer <= 7.13.54 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "* - 7.13.54": { "from_version": "*", "from_inclusive": true, "to_version": "7.13.54", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.13.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc6cfad1-d23a-4a96-9d6c-841b6d795a01?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc6fce33-af42-466e-8e76-1e027d5d52ec": { "id": "bc6fce33-af42-466e-8e76-1e027d5d52ec", "title": "Featured Posts with Multiple Custom Groups (FPMCG) <= 4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Featured Posts with Multiple Custom Groups (FPMCG)", "slug": "featured-posts-with-multiple-custom-groups-fpmcg", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc6fce33-af42-466e-8e76-1e027d5d52ec?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc7384d7-c2fd-4d63-9b80-bb5bde9a23d5": { "id": "bc7384d7-c2fd-4d63-9b80-bb5bde9a23d5", "title": "Weaver Xtreme <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Weaver Xtreme", "slug": "weaver-xtreme", "affected_versions": { "* - 6.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc7384d7-c2fd-4d63-9b80-bb5bde9a23d5?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc79e104-47c0-4f4a-9a7b-dc0d6337ea05": { "id": "bc79e104-47c0-4f4a-9a7b-dc0d6337ea05", "title": "Chameleon <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chameleon", "slug": "chameleon", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc79e104-47c0-4f4a-9a7b-dc0d6337ea05?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc7e6844-23e2-4523-8261-21d4cba87db3": { "id": "bc7e6844-23e2-4523-8261-21d4cba87db3", "title": "Theme per user <= 1.0.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Theme per user", "slug": "theme-per-user", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc7e6844-23e2-4523-8261-21d4cba87db3?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc82745a-f1d3-48fc-ba7b-3ff726edae34": { "id": "bc82745a-f1d3-48fc-ba7b-3ff726edae34", "title": "Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Deletion", "software": [ { "type": "plugin", "name": "Bricksforge", "slug": "bricksforge", "affected_versions": { "* - 2.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc82745a-f1d3-48fc-ba7b-3ff726edae34?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc860f44-c8ee-4b32-9702-7214e213790b": { "id": "bc860f44-c8ee-4b32-9702-7214e213790b", "title": "Narnoo Distributor <= 2.5.1 - Path Traversal", "software": [ { "type": "plugin", "name": "Narnoo Distributor", "slug": "narnoo-distributor", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc860f44-c8ee-4b32-9702-7214e213790b?source=api-scan" ], "published": "2022-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc91449a-7013-430d-bf7c-70175ea45114": { "id": "bc91449a-7013-430d-bf7c-70175ea45114", "title": "LearnPress <= 3.2.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "[*, 3.2.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc91449a-7013-430d-bf7c-70175ea45114?source=api-scan" ], "published": "2020-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc972855-6bd5-43cd-96e6-3b1aa1c6255b": { "id": "bc972855-6bd5-43cd-96e6-3b1aa1c6255b", "title": "Easy WP SMTP <= 1.4.9 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Easy WP SMTP \u2013 WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more", "slug": "easy-wp-smtp", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc972855-6bd5-43cd-96e6-3b1aa1c6255b?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc9a2639-cec8-408e-9ba2-ffb6c8c7da21": { "id": "bc9a2639-cec8-408e-9ba2-ffb6c8c7da21", "title": "Google Maps CP <= 1.0.43 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission", "software": [ { "type": "plugin", "name": "Google Maps CP", "slug": "codepeople-post-map", "affected_versions": { "* - 1.0.43": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc9a2639-cec8-408e-9ba2-ffb6c8c7da21?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bc9efc98-7815-4b9b-a180-71f1095c9b0a": { "id": "bc9efc98-7815-4b9b-a180-71f1095c9b0a", "title": "jQuery Tagline Rotator <= 0.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "jQuery Tagline Rotator", "slug": "jquery-tagline-rotator", "affected_versions": { "* - 0.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bc9efc98-7815-4b9b-a180-71f1095c9b0a?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bca0e8a0-d837-42d8-a9d3-35e0c820eb43": { "id": "bca0e8a0-d837-42d8-a9d3-35e0c820eb43", "title": "WordPress Button Plugin MaxButtons <= 9.7.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 9.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bca0e8a0-d837-42d8-a9d3-35e0c820eb43?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bca8b173-8e7c-41ad-9316-b38cc2ce0e66": { "id": "bca8b173-8e7c-41ad-9316-b38cc2ce0e66", "title": "WP Pipes <= 1.33 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Pipes", "slug": "wp-pipes", "affected_versions": { "1.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true }, "1.1": { "from_version": "1.1", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true }, "1.10": { "from_version": "1.10", "from_inclusive": true, "to_version": "1.10", "to_inclusive": true }, "1.11": { "from_version": "1.11", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true }, "1.12": { "from_version": "1.12", "from_inclusive": true, "to_version": "1.12", "to_inclusive": true }, "1.13": { "from_version": "1.13", "from_inclusive": true, "to_version": "1.13", "to_inclusive": true }, "1.14": { "from_version": "1.14", "from_inclusive": true, "to_version": "1.14", "to_inclusive": true }, "1.15": { "from_version": "1.15", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true }, "1.16": { "from_version": "1.16", "from_inclusive": true, "to_version": "1.16", "to_inclusive": true }, "1.17": { "from_version": "1.17", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true }, "1.18": { "from_version": "1.18", "from_inclusive": true, "to_version": "1.18", "to_inclusive": true }, "1.19": { "from_version": "1.19", "from_inclusive": true, "to_version": "1.19", "to_inclusive": true }, "1.2": { "from_version": "1.2", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true }, "1.20": { "from_version": "1.20", "from_inclusive": true, "to_version": "1.20", "to_inclusive": true }, "1.21": { "from_version": "1.21", "from_inclusive": true, "to_version": "1.21", "to_inclusive": true }, "1.22": { "from_version": "1.22", "from_inclusive": true, "to_version": "1.22", "to_inclusive": true }, "1.23": { "from_version": "1.23", "from_inclusive": true, "to_version": "1.23", "to_inclusive": true }, "1.24": { "from_version": "1.24", "from_inclusive": true, "to_version": "1.24", "to_inclusive": true }, "1.25": { "from_version": "1.25", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true }, "1.26": { "from_version": "1.26", "from_inclusive": true, "to_version": "1.26", "to_inclusive": true }, "1.27": { "from_version": "1.27", "from_inclusive": true, "to_version": "1.27", "to_inclusive": true }, "1.28": { "from_version": "1.28", "from_inclusive": true, "to_version": "1.28", "to_inclusive": true }, "1.29": { "from_version": "1.29", "from_inclusive": true, "to_version": "1.29", "to_inclusive": true }, "1.3": { "from_version": "1.3", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true }, "1.30": { "from_version": "1.30", "from_inclusive": true, "to_version": "1.30", "to_inclusive": true }, "1.31": { "from_version": "1.31", "from_inclusive": true, "to_version": "1.31", "to_inclusive": true }, "1.32": { "from_version": "1.32", "from_inclusive": true, "to_version": "1.32", "to_inclusive": true }, "1.33": { "from_version": "1.33", "from_inclusive": true, "to_version": "1.33", "to_inclusive": true }, "1.4": { "from_version": "1.4", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true }, "1.5": { "from_version": "1.5", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true }, "1.6": { "from_version": "1.6", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true }, "1.7": { "from_version": "1.7", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true }, "1.8": { "from_version": "1.8", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true }, "1.9": { "from_version": "1.9", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bca8b173-8e7c-41ad-9316-b38cc2ce0e66?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcaa19b0-2d55-4a0c-98e7-9a38488dd922": { "id": "bcaa19b0-2d55-4a0c-98e7-9a38488dd922", "title": "Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Social Feed Plugin", "slug": "add-instagram", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcaa19b0-2d55-4a0c-98e7-9a38488dd922?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcaa5d0e-b764-4566-bd46-2d41dc391c36": { "id": "bcaa5d0e-b764-4566-bd46-2d41dc391c36", "title": "WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Dynamic Pricing and Discounts", "slug": "wc-dynamic-pricing-and-discounts", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcaa5d0e-b764-4566-bd46-2d41dc391c36?source=api-scan" ], "published": "2021-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcac3b4e-b80f-4201-9e56-8990013c4ab9": { "id": "bcac3b4e-b80f-4201-9e56-8990013c4ab9", "title": "Ajax BootModal Login <= 1.4.3 - CAPTCHA Reuse", "software": [ { "type": "plugin", "name": "Ajax BootModal Login", "slug": "ajax-bootmodal-login", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcac3b4e-b80f-4201-9e56-8990013c4ab9?source=api-scan" ], "published": "2018-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcad7322-a5d9-4d72-9983-276f9c05c27d": { "id": "bcad7322-a5d9-4d72-9983-276f9c05c27d", "title": "FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.3.13.727": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.13.727", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.14.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcad7322-a5d9-4d72-9983-276f9c05c27d?source=api-scan" ], "published": "2019-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcaf9b92-5e59-47c5-a04e-3ef5c53a2640": { "id": "bcaf9b92-5e59-47c5-a04e-3ef5c53a2640", "title": "Tutor LMS \u2013 eLearning and online course solution 2.0.0-2.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "2.0.0 - 2.0.8": { "from_version": "2.0.0", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcaf9b92-5e59-47c5-a04e-3ef5c53a2640?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcb68038-96a6-40b6-a37c-757fc19cbe0c": { "id": "bcb68038-96a6-40b6-a37c-757fc19cbe0c", "title": "WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via browser", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcb68038-96a6-40b6-a37c-757fc19cbe0c?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcb756d0-425e-48ae-bd7f-ec9404679aea": { "id": "bcb756d0-425e-48ae-bd7f-ec9404679aea", "title": "Feedweb <= 3.0.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Feedweb", "slug": "feedweb", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcb756d0-425e-48ae-bd7f-ec9404679aea?source=api-scan" ], "published": "2014-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcb82472-e18c-447e-acad-796724188515": { "id": "bcb82472-e18c-447e-acad-796724188515", "title": "WP Private Content Plus <= 3.4 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Private Content Plus", "slug": "wp-private-content-plus", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcb82472-e18c-447e-acad-796724188515?source=api-scan" ], "published": "2023-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcbb6614-09fc-4f41-81f7-d70aa92101bf": { "id": "bcbb6614-09fc-4f41-81f7-d70aa92101bf", "title": "BulletProof Security <= 5.7 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "[*, 5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcbb6614-09fc-4f41-81f7-d70aa92101bf?source=api-scan" ], "published": "2022-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcc10e91-4810-4a0d-919c-de3e87137f76": { "id": "bcc10e91-4810-4a0d-919c-de3e87137f76", "title": "Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post\/Page Duplication", "software": [ { "type": "plugin", "name": "Page Duplicator", "slug": "wp-page-duplicator", "affected_versions": { "* - 0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcc10e91-4810-4a0d-919c-de3e87137f76?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcc59efb-5ecd-4822-998c-6c79fbeb4c3a": { "id": "bcc59efb-5ecd-4822-998c-6c79fbeb4c3a", "title": "FireStats <1.6.2 - SQL Injection", "software": [ { "type": "plugin", "name": "firestats", "slug": "firestats", "affected_versions": { "[*, 1.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcc59efb-5ecd-4822-998c-6c79fbeb4c3a?source=api-scan" ], "published": "2009-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcc6a4a5-b133-4ee1-a345-a7c812624b03": { "id": "bcc6a4a5-b133-4ee1-a345-a7c812624b03", "title": "2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins", "software": [ { "type": "plugin", "name": "2Checkout Payment Gateway for WooCommerce", "slug": "woocommerce-2checkout-payment", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcca7ade-8b35-4ba1-a8b4-b1e815b025e3": { "id": "bcca7ade-8b35-4ba1-a8b4-b1e815b025e3", "title": "WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcca7ade-8b35-4ba1-a8b4-b1e815b025e3?source=api-scan" ], "published": "2023-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bccceb2d-2087-4ee6-8118-eb3fb53654dc": { "id": "bccceb2d-2087-4ee6-8118-eb3fb53654dc", "title": "Integrate Google Drive <= 1.3.2 - Open Redirect via state", "software": [ { "type": "plugin", "name": "Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site", "slug": "integrate-google-drive", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bccceb2d-2087-4ee6-8118-eb3fb53654dc?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcd12bf2-0fbe-4c9e-b6f7-43c10798eadc": { "id": "bcd12bf2-0fbe-4c9e-b6f7-43c10798eadc", "title": "job-portal <= 0.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "job-portal", "slug": "job-portal", "affected_versions": { "* - 0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcd12bf2-0fbe-4c9e-b6f7-43c10798eadc?source=api-scan" ], "published": "2021-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcd28bc3-f893-4eb7-946f-34a2e9c7ff27": { "id": "bcd28bc3-f893-4eb7-946f-34a2e9c7ff27", "title": "Back Button Widget <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Back Button Widget", "slug": "back-button-widget", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcd28bc3-f893-4eb7-946f-34a2e9c7ff27?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcd50211-447c-4097-9281-551a3caad1a6": { "id": "bcd50211-447c-4097-9281-551a3caad1a6", "title": "WangGuard < 1.8.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WangGuard", "slug": "wangguard", "affected_versions": { "[*, 1.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcd50211-447c-4097-9281-551a3caad1a6?source=api-scan" ], "published": "2017-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcd6a860-3f60-474c-a5bf-e0ed4ca574be": { "id": "bcd6a860-3f60-474c-a5bf-e0ed4ca574be", "title": "Base64 Encoder\/Decoder <= 0.9.2 - Cross-Site Request Forgery to Setting Reset", "software": [ { "type": "plugin", "name": "Base64 Encoder\/Decoder", "slug": "base64-encoderdecoder", "affected_versions": { "* - 0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcd6a860-3f60-474c-a5bf-e0ed4ca574be?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcd9384c-5af3-4544-8179-c2f5550dd152": { "id": "bcd9384c-5af3-4544-8179-c2f5550dd152", "title": "DethemeKit For Elementor <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "DethemeKit For Elementor", "slug": "dethemekit-for-elementor", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcd9384c-5af3-4544-8179-c2f5550dd152?source=api-scan" ], "published": "2024-05-17 16:25:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcd981fb-ef75-4ed3-a18f-4ad9eaa148f4": { "id": "bcd981fb-ef75-4ed3-a18f-4ad9eaa148f4", "title": "WP Statistics <= 12.0.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 12.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "12.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcd981fb-ef75-4ed3-a18f-4ad9eaa148f4?source=api-scan" ], "published": "2017-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcd9df9c-e1f8-467a-8f1c-ab5c402004da": { "id": "bcd9df9c-e1f8-467a-8f1c-ab5c402004da", "title": "Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "[*, 2.9.9.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.9.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcd9df9c-e1f8-467a-8f1c-ab5c402004da?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcdbd108-5e17-4e67-a2a2-0f1464c1ba6c": { "id": "bcdbd108-5e17-4e67-a2a2-0f1464c1ba6c", "title": "MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar", "slug": "mp3-music-player-by-sonaar", "affected_versions": { "* - 5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcdbd108-5e17-4e67-a2a2-0f1464c1ba6c?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bce8b43a-a69e-44d1-adab-98253e86cb33": { "id": "bce8b43a-a69e-44d1-adab-98253e86cb33", "title": "WP Meta SEO <= 4.4.6 - Admin+ Stored Cross-Site Scripting via breadcrumbs", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bce8b43a-a69e-44d1-adab-98253e86cb33?source=api-scan" ], "published": "2022-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bce9ba42-f574-47c1-9ea5-1e56f9da8e71": { "id": "bce9ba42-f574-47c1-9ea5-1e56f9da8e71", "title": "UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter", "software": [ { "type": "plugin", "name": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds", "slug": "userfeedback-lite", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bce9ba42-f574-47c1-9ea5-1e56f9da8e71?source=api-scan" ], "published": "2024-07-12 08:32:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcf205a3-be7b-49e7-ba02-3f69632ed65f": { "id": "bcf205a3-be7b-49e7-ba02-3f69632ed65f", "title": "User Activity Log Pro <= 2.3.3 - Unauthenticated Stored Cross-Site Scripting via User-Agent header", "software": [ { "type": "plugin", "name": "User Activity Log Pro", "slug": "user-activity-log-pro", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcf205a3-be7b-49e7-ba02-3f69632ed65f?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bcf6a12e-969b-4627-80c8-b51bb9b710cf": { "id": "bcf6a12e-969b-4627-80c8-b51bb9b710cf", "title": "Survey Maker <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 4.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bcf6a12e-969b-4627-80c8-b51bb9b710cf?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd0d8661-4725-41dd-88ce-8e94e285d5b8": { "id": "bd0d8661-4725-41dd-88ce-8e94e285d5b8", "title": "Uncanny Automator <= 4.14 - Cross-Site Request Forgery via update_automator_connect", "software": [ { "type": "plugin", "name": "Uncanny Automator \u2013 Easy Automation, Integration, Webhooks & Workflow Builder Plugin", "slug": "uncanny-automator", "affected_versions": { "[*, 4.15)": { "from_version": "*", "from_inclusive": true, "to_version": "4.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd0d8661-4725-41dd-88ce-8e94e285d5b8?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd1838c4-00df-4177-84be-1f8c19ceae4e": { "id": "bd1838c4-00df-4177-84be-1f8c19ceae4e", "title": "wp-championship <= 9.2 - Multiple Cross-Site Request Forgery Vulnerabilities", "software": [ { "type": "plugin", "name": "wp-championship", "slug": "wp-championship", "affected_versions": { "* - 9.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd1838c4-00df-4177-84be-1f8c19ceae4e?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd1a98d4-bf67-4678-b30b-ca13e63c665a": { "id": "bd1a98d4-bf67-4678-b30b-ca13e63c665a", "title": "Floating Social Bar < 1.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Social Bar", "slug": "floating-social-bar", "affected_versions": { "[*, 1.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd1a98d4-bf67-4678-b30b-ca13e63c665a?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd1f12ac-86ac-4be9-9575-98381c3b4291": { "id": "bd1f12ac-86ac-4be9-9575-98381c3b4291", "title": "Transposh WordPress Translation <= 1.0.8.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd1f12ac-86ac-4be9-9575-98381c3b4291?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd20e40c-cfec-4de6-a8a6-02850185003b": { "id": "bd20e40c-cfec-4de6-a8a6-02850185003b", "title": "Wow Countdowns <= 3.1.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Wow Countdowns \u2013 easily create any countdowns, counters and timers", "slug": "mwp-countdown", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd20e40c-cfec-4de6-a8a6-02850185003b?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd22eaa1-e76d-4192-8d08-9bb984b08439": { "id": "bd22eaa1-e76d-4192-8d08-9bb984b08439", "title": "Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Listeo - Directory & Listings With Booking - WordPress Theme", "slug": "listeo", "affected_versions": { "[*, 1.6.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd22eaa1-e76d-4192-8d08-9bb984b08439?source=api-scan" ], "published": "2021-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd240932-ad50-40b3-94c7-6e885f96c5df": { "id": "bd240932-ad50-40b3-94c7-6e885f96c5df", "title": "LatePoint <= 4.9.91 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LatePoint Plugin", "slug": "latepoint", "affected_versions": { "* - 4.9.91": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.91", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd240932-ad50-40b3-94c7-6e885f96c5df?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd248252-4329-4b3c-acf1-3b3d8cc9887c": { "id": "bd248252-4329-4b3c-acf1-3b3d8cc9887c", "title": "Easy Smooth Scroll Links <= 2.23.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Smooth Scroll Links", "slug": "scrolling-anchors", "affected_versions": { "* - 2.23.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.23.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd248252-4329-4b3c-acf1-3b3d8cc9887c?source=api-scan" ], "published": "2022-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd28f7f0-ed52-45d0-8d97-5ff95d17eb26": { "id": "bd28f7f0-ed52-45d0-8d97-5ff95d17eb26", "title": "Easy Video Player <= 1.2.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Video Player", "slug": "easy-video-player", "affected_versions": { "* - 1.2.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd28f7f0-ed52-45d0-8d97-5ff95d17eb26?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd2bc2e7-960e-40db-9dcc-a6a60117bd83": { "id": "bd2bc2e7-960e-40db-9dcc-a6a60117bd83", "title": "Elementor Addon Elements <= 1.12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd2bc2e7-960e-40db-9dcc-a6a60117bd83?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd2ea430-48ce-43c3-ba3d-8ef5f91460ce": { "id": "bd2ea430-48ce-43c3-ba3d-8ef5f91460ce", "title": "Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content", "software": [ { "type": "theme", "name": "Newsmatic", "slug": "newsmatic", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd2ea430-48ce-43c3-ba3d-8ef5f91460ce?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd2f495e-63fd-49e4-9d6b-320ed007dacb": { "id": "bd2f495e-63fd-49e4-9d6b-320ed007dacb", "title": "Better Search Replace <= 1.4 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Better Search Replace", "slug": "better-search-replace", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd2f495e-63fd-49e4-9d6b-320ed007dacb?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd2f7567-a438-417b-bf0f-dec7a9f098b2": { "id": "bd2f7567-a438-417b-bf0f-dec7a9f098b2", "title": "Mapa Politico Espa\u00f1a < 3.7.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Mapa Politico Espa\u00f1a", "slug": "wp-mapa-politico-spain", "affected_versions": { "[*, 3.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd2f7567-a438-417b-bf0f-dec7a9f098b2?source=api-scan" ], "published": "2021-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd302d8e-bba1-4fa1-bcbc-591d894ca1d6": { "id": "bd302d8e-bba1-4fa1-bcbc-591d894ca1d6", "title": "Simple Link Directory <= 5.6.0 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Simple Link Directory", "slug": "simple-link-directory", "affected_versions": { "* - 5.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd302d8e-bba1-4fa1-bcbc-591d894ca1d6?source=api-scan" ], "published": "2018-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd31e8b0-6089-4521-a80f-e65e61ad062f": { "id": "bd31e8b0-6089-4521-a80f-e65e61ad062f", "title": "Word Replacer Pro <= 1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Word Replacer Pro", "slug": "word-replacer-ultra", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd31e8b0-6089-4521-a80f-e65e61ad062f?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd38d97d-db93-42ed-9d52-f70641fba442": { "id": "bd38d97d-db93-42ed-9d52-f70641fba442", "title": "Strong Testimonials <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 3.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd38d97d-db93-42ed-9d52-f70641fba442?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd3a2aaa-f911-43ec-9d49-2c04f74e5e8d": { "id": "bd3a2aaa-f911-43ec-9d49-2c04f74e5e8d", "title": "Add Link to Facebook < 2.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Link to Facebook", "slug": "add-link-to-facebook", "affected_versions": { "[*, 2.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd3a2aaa-f911-43ec-9d49-2c04f74e5e8d?source=api-scan" ], "published": "2015-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd3c1e65-fcb2-4e31-973b-8271a833c6ba": { "id": "bd3c1e65-fcb2-4e31-973b-8271a833c6ba", "title": "WP Visitor Statistics (Real Time Traffic) <= 5.5 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Visitor Statistics (Real Time Traffic)", "slug": "wp-stats-manager", "affected_versions": { "[*, 5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd3c1e65-fcb2-4e31-973b-8271a833c6ba?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd3d3fe1-8fdd-404c-a8f7-2b9893ff6c0d": { "id": "bd3d3fe1-8fdd-404c-a8f7-2b9893ff6c0d", "title": "WP Video Lightbox <= 1.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Video Lightbox", "slug": "wp-video-lightbox", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd3d3fe1-8fdd-404c-a8f7-2b9893ff6c0d?source=api-scan" ], "published": "2022-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd46a2c3-f24d-4dff-b899-a95acb6310f7": { "id": "bd46a2c3-f24d-4dff-b899-a95acb6310f7", "title": "Ultimate Member <= 2.1.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.1.13)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd46a2c3-f24d-4dff-b899-a95acb6310f7?source=api-scan" ], "published": "2020-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd49d77c-d552-47ae-b680-4ab0e4a8a906": { "id": "bd49d77c-d552-47ae-b680-4ab0e4a8a906", "title": "Print Barcode Labels for your WooCommerce products\/orders <= 3.4.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce", "slug": "a4-barcode-generator", "affected_versions": { "* - 3.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd49d77c-d552-47ae-b680-4ab0e4a8a906?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd4a1fd2-8831-482d-8ae3-fb78c2657b86": { "id": "bd4a1fd2-8831-482d-8ae3-fb78c2657b86", "title": "WP DoNotTrack <= 0.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP DoNotTrack", "slug": "wp-donottrack", "affected_versions": { "* - 0.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd4a1fd2-8831-482d-8ae3-fb78c2657b86?source=api-scan" ], "published": "2021-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd53bc57-b10e-47a7-8c10-96bf1f1e82a5": { "id": "bd53bc57-b10e-47a7-8c10-96bf1f1e82a5", "title": "All in One B2B for WooCommerce <= 1.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "All in One B2B for WooCommerce", "slug": "all-in-one-b2b-for-woocommerce", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd53bc57-b10e-47a7-8c10-96bf1f1e82a5?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd563af4-b97f-4746-a5e9-8dc5dfda272e": { "id": "bd563af4-b97f-4746-a5e9-8dc5dfda272e", "title": "Authentic <= 2.0.4 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Authentic", "slug": "authentic", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd563af4-b97f-4746-a5e9-8dc5dfda272e?source=api-scan" ], "published": "2014-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd57edf5-a75e-4677-a51e-9dd262eeba4a": { "id": "bd57edf5-a75e-4677-a51e-9dd262eeba4a", "title": "MC4WP: Mailchimp for WordPress < 4.8.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "[*, 4.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd57edf5-a75e-4677-a51e-9dd262eeba4a?source=api-scan" ], "published": "2022-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd5a1ab9-8d59-464a-a227-9f6ee768e35c": { "id": "bd5a1ab9-8d59-464a-a227-9f6ee768e35c", "title": "Chartjs <= 2023.2 - Authenticated(Editor+) Stored Cross-Site Scripting via chart", "software": [ { "type": "plugin", "name": "enigma-chartjs", "slug": "enigma-chartjs", "affected_versions": { "* - 2023.2": { "from_version": "*", "from_inclusive": true, "to_version": "2023.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd5a1ab9-8d59-464a-a227-9f6ee768e35c?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd5d212e-c672-4fa8-afe7-baeac06e2e7d": { "id": "bd5d212e-c672-4fa8-afe7-baeac06e2e7d", "title": "Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) Information Disclosure via Shortcode", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd5d212e-c672-4fa8-afe7-baeac06e2e7d?source=api-scan" ], "published": "2024-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd625d24-c1e9-465d-896a-bff75d8c534f": { "id": "bd625d24-c1e9-465d-896a-bff75d8c534f", "title": "WP Project Manager <= 2.6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts", "slug": "wedevs-project-manager", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd625d24-c1e9-465d-896a-bff75d8c534f?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd650510-2d1c-48a1-a5fa-d4c26f3d030c": { "id": "bd650510-2d1c-48a1-a5fa-d4c26f3d030c", "title": "WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress", "slug": "ws-form", "affected_versions": { "[*, 1.8.176)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.176", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.176" ] }, { "type": "plugin", "name": "WS Form Pro", "slug": "ws-form-pro", "affected_versions": { "[*, 1.8.176)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.176", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.176" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd650510-2d1c-48a1-a5fa-d4c26f3d030c?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd6cc95c-451b-4ad7-bb5b-bbb9bc3c89c2": { "id": "bd6cc95c-451b-4ad7-bb5b-bbb9bc3c89c2", "title": "Creative Image Slider \u2013 Responsive Slider Plugin <= 2.1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Creative Image Slider \u2013 Responsive Slider Plugin", "slug": "creative-image-slider", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd6cc95c-451b-4ad7-bb5b-bbb9bc3c89c2?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd6cddeb-c812-4496-9377-cc8832842c51": { "id": "bd6cddeb-c812-4496-9377-cc8832842c51", "title": "Bookly <= 20.3 - Staff Member Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly", "slug": "bookly-responsive-appointment-booking-tool", "affected_versions": { "* - 20.3": { "from_version": "*", "from_inclusive": true, "to_version": "20.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd6cddeb-c812-4496-9377-cc8832842c51?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd715375-6bf8-4602-9554-b1f81aa5afa2": { "id": "bd715375-6bf8-4602-9554-b1f81aa5afa2", "title": "WordPress Core <= 2.2 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd715375-6bf8-4602-9554-b1f81aa5afa2?source=api-scan" ], "published": "2007-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd72ce7e-027c-49bd-8bcf-3ccda2c9b184": { "id": "bd72ce7e-027c-49bd-8bcf-3ccda2c9b184", "title": "All Video Gallery <= 1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "All Video Gallery Plugin for WordPress", "slug": "all-video-gallery", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd72ce7e-027c-49bd-8bcf-3ccda2c9b184?source=api-scan" ], "published": "2012-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd7c442f-5c91-4c52-933a-8a6fb7adca8c": { "id": "bd7c442f-5c91-4c52-933a-8a6fb7adca8c", "title": "Download Manager <= 2.5.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 2.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd7c442f-5c91-4c52-933a-8a6fb7adca8c?source=api-scan" ], "published": "2013-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd7ee2d7-4588-4cb9-86ca-0daef421dd86": { "id": "bd7ee2d7-4588-4cb9-86ca-0daef421dd86", "title": "Hungred Post Thumbnail <= 2.1.9 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Hungred Post Thumbnail", "slug": "hungred-post-thumbnail", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd7ee2d7-4588-4cb9-86ca-0daef421dd86?source=api-scan" ], "published": "2012-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd861a13-4215-4a69-adb5-cd28dce4509b": { "id": "bd861a13-4215-4a69-adb5-cd28dce4509b", "title": "Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in General Module", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "[*, 5.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd861a13-4215-4a69-adb5-cd28dce4509b?source=api-scan" ], "published": "2021-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd879bd9-d195-4146-b9dc-3ba7252645de": { "id": "bd879bd9-d195-4146-b9dc-3ba7252645de", "title": "10WebFAQ <= 1.0.14 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "10WebFAQ", "slug": "faq-wd", "affected_versions": { "* - 1.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd879bd9-d195-4146-b9dc-3ba7252645de?source=api-scan" ], "published": "2016-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd8a61d1-904d-4027-8f27-6e3018862d9b": { "id": "bd8a61d1-904d-4027-8f27-6e3018862d9b", "title": "GeoDirectory <= 2.1.1.2 - Authenticated (admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "* - 2.1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd8a61d1-904d-4027-8f27-6e3018862d9b?source=api-scan" ], "published": "2021-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bd9e5654-387e-4fc3-a6eb-2eface298a9c": { "id": "bd9e5654-387e-4fc3-a6eb-2eface298a9c", "title": "Amazon Product in a Post Plugin < 3.5.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Amazon Product in a Post Plugin", "slug": "amazon-product-in-a-post-plugin", "affected_versions": { "[*, 3.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bd9e5654-387e-4fc3-a6eb-2eface298a9c?source=api-scan" ], "published": "2015-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bda0d24c-b1c9-4ae4-93b3-46568982d718": { "id": "bda0d24c-b1c9-4ae4-93b3-46568982d718", "title": "Simple Event Planner plugin <= 1.5.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Event Planner", "slug": "simple-event-planner", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bda0d24c-b1c9-4ae4-93b3-46568982d718?source=api-scan" ], "published": "2022-03-23 10:38:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bda2f3f6-b036-4feb-bb38-1d4eaf965c24": { "id": "bda2f3f6-b036-4feb-bb38-1d4eaf965c24", "title": "YARPP - Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "YARPP \u2013 Yet Another Related Posts Plugin", "slug": "yet-another-related-posts-plugin", "affected_versions": { "[*, 5.30.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.30.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.30.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bda2f3f6-b036-4feb-bb38-1d4eaf965c24?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bda3c8f8-fd0f-432d-a382-e8ac55d34bb9": { "id": "bda3c8f8-fd0f-432d-a382-e8ac55d34bb9", "title": "Markdown on Save Improved <= 2.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Markdown on Save Improved", "slug": "markdown-on-save-improved", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bda3c8f8-fd0f-432d-a382-e8ac55d34bb9?source=api-scan" ], "published": "2016-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bda44801-6599-459d-a70c-164f563bf158": { "id": "bda44801-6599-459d-a70c-164f563bf158", "title": "WooCommerce Ship to Multiple Addresses <= 3.8.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Ship to Multiple Addresses", "slug": "woocommerce-shipping-multiple-addresses", "affected_versions": { "* - 3.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bda44801-6599-459d-a70c-164f563bf158?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdaf7575-0f72-4436-8a37-b3001890b710": { "id": "bdaf7575-0f72-4436-8a37-b3001890b710", "title": "Compact WP Audio Player <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Compact WP Audio Player", "slug": "compact-wp-audio-player", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdaf7575-0f72-4436-8a37-b3001890b710?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdb35f31-60a6-40b5-aed3-102a1c8c4fd1": { "id": "bdb35f31-60a6-40b5-aed3-102a1c8c4fd1", "title": "WordPress REST API Authentication <= 2.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress REST API Authentication", "slug": "wp-rest-api-authentication", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdb35f31-60a6-40b5-aed3-102a1c8c4fd1?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdb5ae36-6ce2-4c26-8047-6bbbdce530c6": { "id": "bdb5ae36-6ce2-4c26-8047-6bbbdce530c6", "title": "Icegram <= 2.0.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdb5ae36-6ce2-4c26-8047-6bbbdce530c6?source=api-scan" ], "published": "2021-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdb7e239-75c4-480e-a283-dc2354fe3375": { "id": "bdb7e239-75c4-480e-a283-dc2354fe3375", "title": "All In One Slider <= 1.2.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All In One Slider", "slug": "all_in_one_carousel", "affected_versions": { "* - 1.2.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdb7e239-75c4-480e-a283-dc2354fe3375?source=api-scan" ], "published": "2014-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdb8cb7f-38fc-41d7-aa78-abe11c6402b6": { "id": "bdb8cb7f-38fc-41d7-aa78-abe11c6402b6", "title": "Mihdan: Public Post Preview <= 1.9.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Mihdan: Public Post Preview", "slug": "mihdan-public-post-preview", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdb8cb7f-38fc-41d7-aa78-abe11c6402b6?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdbd3a1a-a206-4e50-893d-1b2d6c8d153a": { "id": "bdbd3a1a-a206-4e50-893d-1b2d6c8d153a", "title": "Visual Form Builder <= 3.0.5 - CSV Injection", "software": [ { "type": "plugin", "name": "Visual Form Builder", "slug": "visual-form-builder", "affected_versions": { "[*, 3.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdbd3a1a-a206-4e50-893d-1b2d6c8d153a?source=api-scan" ], "published": "2021-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdc39e21-f39c-4581-895a-04e352e9b383": { "id": "bdc39e21-f39c-4581-895a-04e352e9b383", "title": "Wordfence < 3.3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "[*, 3.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdc39e21-f39c-4581-895a-04e352e9b383?source=api-scan" ], "published": "2012-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdc46d3e-dfb7-4586-86d2-8e4b3805ec22": { "id": "bdc46d3e-dfb7-4586-86d2-8e4b3805ec22", "title": "WP Editor.md \u2013 The Perfect WordPress Markdown Editor < 10.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Editor.md \u2013 The Perfect WordPress Markdown Editor", "slug": "wp-editormd", "affected_versions": { "[*, 10.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "10.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "10.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdc46d3e-dfb7-4586-86d2-8e4b3805ec22?source=api-scan" ], "published": "2018-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdc84664-2a04-4cc6-ac3f-48bfd432691f": { "id": "bdc84664-2a04-4cc6-ac3f-48bfd432691f", "title": "WordPress Core 4.7.0-6.3.1 - Denial of Service via Cache Poisoning", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "4.7 - 4.7.26": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.26", "to_inclusive": true }, "4.8 - 4.8.22": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.22", "to_inclusive": true }, "4.9 - 4.9.23": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": true }, "5.0 - 5.0.19": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.19", "to_inclusive": true }, "5.1 - 5.1.16": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": true }, "5.2 - 5.2.18": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.18", "to_inclusive": true }, "5.3 - 5.3.15": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": true }, "5.4 - 5.4.13": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": true }, "5.5 - 5.5.12": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.12", "to_inclusive": true }, "5.6 - 5.6.11": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": true }, "5.7 - 5.7.9": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true }, "5.8 - 5.8.7": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": true }, "5.9 - 5.9.7": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.7", "to_inclusive": true }, "6.0 - 6.0.5": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true }, "6.1 - 6.1.3": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true }, "6.2 - 6.2.2": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": true }, "6.3 - 6.3.1": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.27", "4.8.23", "4.9.24", "5.0.20", "5.1.17", "5.2.19", "5.3.16", "5.4.14", "5.5.13", "5.6.12", "5.7.10", "5.8.8", "5.9.8", "6.0.6", "6.1.4", "6.2.3", "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdc84664-2a04-4cc6-ac3f-48bfd432691f?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdc946ed-8891-4f97-af7e-2034760eef5b": { "id": "bdc946ed-8891-4f97-af7e-2034760eef5b", "title": "Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal", "slug": "simple-e-commerce-shopping-cart", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdc946ed-8891-4f97-af7e-2034760eef5b?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdce01f2-7c79-4b1d-8da2-f6ce118856a1": { "id": "bdce01f2-7c79-4b1d-8da2-f6ce118856a1", "title": "ARI Stream Quiz \u2013 WordPress Quizzes Builder <= 1.2.26 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARI Stream Quiz \u2013 WordPress Quizzes Builder", "slug": "ari-stream-quiz", "affected_versions": { "* - 1.2.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdce01f2-7c79-4b1d-8da2-f6ce118856a1?source=api-scan" ], "published": "2022-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdceb07a-87d2-4708-b76b-5a8fcfff0818": { "id": "bdceb07a-87d2-4708-b76b-5a8fcfff0818", "title": "Social Sharing Plugin \u2013 Sassy Social Share <= 3.3.58 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Sassy Social Share", "slug": "sassy-social-share", "affected_versions": { "* - 3.3.58": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.58", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdceb07a-87d2-4708-b76b-5a8fcfff0818?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdd0bdf3-6952-4b87-a3e8-156757d22e74": { "id": "bdd0bdf3-6952-4b87-a3e8-156757d22e74", "title": "WooCommerce Affiliate Plugin \u2013 Coupon Affiliates <= 4.11.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce", "slug": "woo-coupon-usage", "affected_versions": { "* - 4.11.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.11.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.11.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdd0bdf3-6952-4b87-a3e8-156757d22e74?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdd35d61-0777-4e64-8a51-55fe928e75ba": { "id": "bdd35d61-0777-4e64-8a51-55fe928e75ba", "title": "Flo Forms <= 1.0.40 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flo Forms \u2013 Easy Drag & Drop Form Builder", "slug": "flo-forms", "affected_versions": { "* - 1.0.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdd35d61-0777-4e64-8a51-55fe928e75ba?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdd3868a-d741-42b4-bc7f-6fb5d33bb71b": { "id": "bdd3868a-d741-42b4-bc7f-6fb5d33bb71b", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=api-scan" ], "published": "2024-05-20 19:51:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdd70819-57dd-4a60-9398-68d6b87da3ca": { "id": "bdd70819-57dd-4a60-9398-68d6b87da3ca", "title": "Appointment and Event Booking Calendar - Amelia < 1.0.47 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "[*, 1.0.47)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.47", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdd70819-57dd-4a60-9398-68d6b87da3ca?source=api-scan" ], "published": "2022-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bddba0a8-03cf-441f-9411-f770766b4f63": { "id": "bddba0a8-03cf-441f-9411-f770766b4f63", "title": "Comment Engine Pro <= 1.0 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comment Engine Pro", "slug": "comment-engine-pro", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bddba0a8-03cf-441f-9411-f770766b4f63?source=api-scan" ], "published": "2021-10-07 10:22:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bddbbcdf-dfcb-47dd-97e7-8563eaf70cbd": { "id": "bddbbcdf-dfcb-47dd-97e7-8563eaf70cbd", "title": "Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tax Rate Upload", "slug": "tax-rate-upload", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bddbbcdf-dfcb-47dd-97e7-8563eaf70cbd?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bde2a8a5-2d18-4659-bb35-dff4f521dbb4": { "id": "bde2a8a5-2d18-4659-bb35-dff4f521dbb4", "title": "Xserver Migrator <= 1.6.2 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "XServer Migrator", "slug": "xserver-migrator", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bde2a8a5-2d18-4659-bb35-dff4f521dbb4?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bde75c5a-b0b7-4f26-91e9-dd4816e276c9": { "id": "bde75c5a-b0b7-4f26-91e9-dd4816e276c9", "title": "Thumbnail carousel slider <= 1.0 - Cross-Site Request Forgery to Mass Slider Deletion", "software": [ { "type": "plugin", "name": "Thumbnail carousel slider", "slug": "wp-responsive-thumbnail-slider", "affected_versions": { "1.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bde75c5a-b0b7-4f26-91e9-dd4816e276c9?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bde90d33-b36f-4ca9-87c2-f0dab723ed06": { "id": "bde90d33-b36f-4ca9-87c2-f0dab723ed06", "title": "About Rentals <= 1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "About Rentals", "slug": "about-rentals", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bde90d33-b36f-4ca9-87c2-f0dab723ed06?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdf00861-e31e-485c-a562-12dba56af1c7": { "id": "bdf00861-e31e-485c-a562-12dba56af1c7", "title": "Qi Blocks <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Qi Blocks", "slug": "qi-blocks", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdf00861-e31e-485c-a562-12dba56af1c7?source=api-scan" ], "published": "2024-06-05 20:11:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdf534bc-43a9-4f1b-9705-b367fbf870ac": { "id": "bdf534bc-43a9-4f1b-9705-b367fbf870ac", "title": "Seraphinite Accelerator Premium <= 2.21.13 - Cross-Site Request Forgery to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Seraphinite Accelerator Pro", "slug": "seraphinite-accelerator-ext", "affected_versions": { "* - 2.21.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.21.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdf534bc-43a9-4f1b-9705-b367fbf870ac?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bdfabd43-0ffa-4c25-aa72-0572e7007a01": { "id": "bdfabd43-0ffa-4c25-aa72-0572e7007a01", "title": "Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "2.6.10 - 2.8.4": { "from_version": "2.6.10", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bdfabd43-0ffa-4c25-aa72-0572e7007a01?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be004002-a3ac-46e9-b0c1-258f05f97b2a": { "id": "be004002-a3ac-46e9-b0c1-258f05f97b2a", "title": "QR Code Tag <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "QR Code Tag", "slug": "qr-code-tag", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be004002-a3ac-46e9-b0c1-258f05f97b2a?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be054481-89b4-47d8-ad06-8622edea367f": { "id": "be054481-89b4-47d8-ad06-8622edea367f", "title": "WPCS \u2013 WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WPCS \u2013 WordPress Currency Switcher Professional", "slug": "currency-switcher", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be054481-89b4-47d8-ad06-8622edea367f?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be071489-8de4-4a27-8d90-f41a86e02683": { "id": "be071489-8de4-4a27-8d90-f41a86e02683", "title": "WP Fast Total Search <= 1.68.232 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Fast Total Search \u2013 The Power of Indexed Search", "slug": "fulltext-search", "affected_versions": { "* - 1.68.232": { "from_version": "*", "from_inclusive": true, "to_version": "1.68.232", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.69.234" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be071489-8de4-4a27-8d90-f41a86e02683?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be091637-0fcb-4d30-8eaa-2fe18d8eb42c": { "id": "be091637-0fcb-4d30-8eaa-2fe18d8eb42c", "title": "CampTix Event Ticketing < 1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CampTix Event Ticketing", "slug": "camptix", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be091637-0fcb-4d30-8eaa-2fe18d8eb42c?source=api-scan" ], "published": "2016-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be098ee9-b749-4908-85e8-e717d019609a": { "id": "be098ee9-b749-4908-85e8-e717d019609a", "title": "Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 4.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be098ee9-b749-4908-85e8-e717d019609a?source=api-scan" ], "published": "2021-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be0a6471-a78e-4fab-8ef5-93d16859bff4": { "id": "be0a6471-a78e-4fab-8ef5-93d16859bff4", "title": "WooCommerce Dropshipping Premium <= 4.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Dropshipping Premium", "slug": "woocommerce-dropshipping", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be0a6471-a78e-4fab-8ef5-93d16859bff4?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be0ab40f-cff7-48bd-8dae-cc50af047151": { "id": "be0ab40f-cff7-48bd-8dae-cc50af047151", "title": "My Sticky Bar <= 2.6.6 - Cross-Site Request Forgery to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme \u2013 My Sticky Bar (formerly myStickymenu)", "slug": "mystickymenu", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be0ab40f-cff7-48bd-8dae-cc50af047151?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be0dc9be-f597-46d8-badd-452e442a6d1a": { "id": "be0dc9be-f597-46d8-badd-452e442a6d1a", "title": "WP Open Social <= 5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Open Social", "slug": "open-social", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be0dc9be-f597-46d8-badd-452e442a6d1a?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be0e0e79-00c3-4237-ac65-9c5df625dd89": { "id": "be0e0e79-00c3-4237-ac65-9c5df625dd89", "title": "gSlideShow <= 0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "gSlideShow", "slug": "gslideshow", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be0e0e79-00c3-4237-ac65-9c5df625dd89?source=api-scan" ], "published": "2014-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be0ef9d4-abb0-4801-b847-b84912bc6677": { "id": "be0ef9d4-abb0-4801-b847-b84912bc6677", "title": "BCS BatchLine Book Importer <= 1.5.7 - Arbitrary Product Import\/Update", "software": [ { "type": "plugin", "name": "BCS BatchLine Book Importer", "slug": "bcs-bertline-book-importer", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be0ef9d4-abb0-4801-b847-b84912bc6677?source=api-scan" ], "published": "2021-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be10894d-2a86-4f07-8119-e6eac8c9c950": { "id": "be10894d-2a86-4f07-8119-e6eac8c9c950", "title": "Menubar <= 5.8.2 - Cross-Site Request Forgery in wpm-admin.php", "software": [ { "type": "plugin", "name": "Menubar", "slug": "menubar", "affected_versions": { "* - 5.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be10894d-2a86-4f07-8119-e6eac8c9c950?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be16c229-1092-4090-83bc-38e42f6377b6": { "id": "be16c229-1092-4090-83bc-38e42f6377b6", "title": "Flog <= 0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "flog", "slug": "flog", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be16c229-1092-4090-83bc-38e42f6377b6?source=api-scan" ], "published": "2014-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be1ab218-37bd-407a-8cb9-66f761849c21": { "id": "be1ab218-37bd-407a-8cb9-66f761849c21", "title": "Wordable <= 3.1.1 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Wordable \u2013 Export Google Docs to WordPress", "slug": "wordable", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be1ab218-37bd-407a-8cb9-66f761849c21?source=api-scan" ], "published": "2020-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be1e0216-d9de-45e9-837c-0cccb78729a6": { "id": "be1e0216-d9de-45e9-837c-0cccb78729a6", "title": "Display Medium Posts <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_medium_posts Shortcode", "software": [ { "type": "plugin", "name": "Display Medium Posts", "slug": "display-medium-posts", "affected_versions": { "* - 5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be1e0216-d9de-45e9-837c-0cccb78729a6?source=api-scan" ], "published": "2024-10-03 13:32:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be23388e-9371-4ea0-974b-80f76de90012": { "id": "be23388e-9371-4ea0-974b-80f76de90012", "title": "Split Test For Elementor <= 1.6.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Split Test For Elementor", "slug": "split-test-for-elementor", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be23388e-9371-4ea0-974b-80f76de90012?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be24d47e-4880-4d7f-9be2-cf8eb1afe888": { "id": "be24d47e-4880-4d7f-9be2-cf8eb1afe888", "title": "Autoptimize <= 2.8.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "[*, 2.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be24d47e-4880-4d7f-9be2-cf8eb1afe888?source=api-scan" ], "published": "2021-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be2c1555-4616-4759-bd9b-12f8b3c3a3d4": { "id": "be2c1555-4616-4759-bd9b-12f8b3c3a3d4", "title": "Swape - App Showcase & App Store WordPress Theme < 1.2.1 - Missing Authorization to Arbitrary Options Update", "software": [ { "type": "theme", "name": "Swape - App Showcase & App Store WordPress Theme", "slug": "swape", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be2c1555-4616-4759-bd9b-12f8b3c3a3d4?source=api-scan" ], "published": "2018-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be31866c-7490-4be2-9a4d-2a3771c6fea1": { "id": "be31866c-7490-4be2-9a4d-2a3771c6fea1", "title": "Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 2.8.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be31866c-7490-4be2-9a4d-2a3771c6fea1?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be3208c8-aceb-4ac9-91e1-d5de5a85f74d": { "id": "be3208c8-aceb-4ac9-91e1-d5de5a85f74d", "title": "which template file <= 5.0.0 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "which template file", "slug": "which-template-file", "affected_versions": { "* - 5.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be3208c8-aceb-4ac9-91e1-d5de5a85f74d?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be33065e-dae8-44cf-9f8a-f9971f2743ff": { "id": "be33065e-dae8-44cf-9f8a-f9971f2743ff", "title": "EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be33065e-dae8-44cf-9f8a-f9971f2743ff?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be374684-bb02-4d2c-b8a0-ed435c7c8569": { "id": "be374684-bb02-4d2c-b8a0-ed435c7c8569", "title": "Microsoft Advertising Universal Event Tracking (UET) <= 1.0.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Microsoft Advertising Universal Event Tracking (UET)", "slug": "microsoft-advertising-universal-event-tracking-uet", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be374684-bb02-4d2c-b8a0-ed435c7c8569?source=api-scan" ], "published": "2022-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be3869a9-f72d-4bbb-ba51-d2761ca761f2": { "id": "be3869a9-f72d-4bbb-ba51-d2761ca761f2", "title": "Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates", "software": [ { "type": "plugin", "name": "Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk", "slug": "themehunk-megamenu-plus", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be3869a9-f72d-4bbb-ba51-d2761ca761f2?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be398def-e887-4188-9a21-419f11b1a5b0": { "id": "be398def-e887-4188-9a21-419f11b1a5b0", "title": "RestroPress \u2013 Online Food Ordering System <= 3.1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RestroPress \u2013 Online Food Ordering System", "slug": "restropress", "affected_versions": { "* - 3.1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be398def-e887-4188-9a21-419f11b1a5b0?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be3bd1f2-092c-47c4-a4e4-3365e107c57f": { "id": "be3bd1f2-092c-47c4-a4e4-3365e107c57f", "title": "Backuply \u2013 Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "Backuply \u2013 Backup, Restore, Migrate and Clone", "slug": "backuply", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be3bd1f2-092c-47c4-a4e4-3365e107c57f?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be4061ef-849a-4797-aeee-07da2afc1a40": { "id": "be4061ef-849a-4797-aeee-07da2afc1a40", "title": "Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Rara One Click Demo Import", "slug": "rara-one-click-demo-import", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be4061ef-849a-4797-aeee-07da2afc1a40?source=api-scan" ], "published": "2022-04-21 13:36:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be44a7e0-f0e0-4e2e-ac1e-0550d8e5d994": { "id": "be44a7e0-f0e0-4e2e-ac1e-0550d8e5d994", "title": "SpeakOut! Email Petitions <= 2.13.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpeakOut! Email Petitions", "slug": "speakout", "affected_versions": { "* - 2.13.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be44a7e0-f0e0-4e2e-ac1e-0550d8e5d994?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be4515d8-0d5d-4925-a9a4-64ba9d51fe02": { "id": "be4515d8-0d5d-4925-a9a4-64ba9d51fe02", "title": "WordPress Core <= 2.0.4 - Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be4515d8-0d5d-4925-a9a4-64ba9d51fe02?source=api-scan" ], "published": "2006-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be4ce3e6-8baa-419f-a48e-4256c306fbc1": { "id": "be4ce3e6-8baa-419f-a48e-4256c306fbc1", "title": "ElementsKit Elementor addons <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be4ce3e6-8baa-419f-a48e-4256c306fbc1?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be4f5da0-77ec-41eb-85bd-c019e71d4c9d": { "id": "be4f5da0-77ec-41eb-85bd-c019e71d4c9d", "title": "GigPress <= 2.3.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GigPress", "slug": "gigpress", "affected_versions": { "* - 2.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be4f5da0-77ec-41eb-85bd-c019e71d4c9d?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be51c54d-b0f7-42b2-b9b3-1b5832e10a6b": { "id": "be51c54d-b0f7-42b2-b9b3-1b5832e10a6b", "title": "XO Slider <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XO Slider", "slug": "xo-liteslider", "affected_versions": { "* - 3.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be51c54d-b0f7-42b2-b9b3-1b5832e10a6b?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be53bdbd-e797-4198-8ef9-bc01b5da68f4": { "id": "be53bdbd-e797-4198-8ef9-bc01b5da68f4", "title": "bib2html <= 0.9.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bib2html", "slug": "bib2html", "affected_versions": { "* - 0.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be53bdbd-e797-4198-8ef9-bc01b5da68f4?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be5be40f-89da-4b97-9a85-527602d84c4d": { "id": "be5be40f-89da-4b97-9a85-527602d84c4d", "title": "AIomatic - Automatic AI Content Writer <= 2.0.5 - Unauthenticated Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit", "slug": "aiomatic-automatic-ai-content-writer", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be5be40f-89da-4b97-9a85-527602d84c4d?source=api-scan" ], "published": "2024-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be60027e-9d6a-4740-b20c-6be3e115d9fe": { "id": "be60027e-9d6a-4740-b20c-6be3e115d9fe", "title": "Easy Digital Downloads \u2013 Simple eCommerce for Selling Digital Files <= 2.3.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "[*, 1.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": false }, "[1.9, 1.9.10)": { "from_version": "1.9", "from_inclusive": true, "to_version": "1.9.10", "to_inclusive": false }, "[2.0, 2.0.5)": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false }, "[2.1, 2.1.11)": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1.11", "to_inclusive": false }, "[2.2, 2.2.9)": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false }, "[2.3, 2.3.7)": { "from_version": "2.3", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.7", "1.9.10", "2.0.5", "2.1.11", "2.2.9", "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be60027e-9d6a-4740-b20c-6be3e115d9fe?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be60b765-3bd6-43dd-8cdc-d9c493a503e5": { "id": "be60b765-3bd6-43dd-8cdc-d9c493a503e5", "title": "WP Accurate Form Data <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Accurate Form Data", "slug": "accurate-form-data-real-time-form-validation", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be60b765-3bd6-43dd-8cdc-d9c493a503e5?source=api-scan" ], "published": "2015-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be6c08b9-bba7-4780-99b9-4b80e6b4872a": { "id": "be6c08b9-bba7-4780-99b9-4b80e6b4872a", "title": "Welcart e-Commerce < 1.5.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be6c08b9-bba7-4780-99b9-4b80e6b4872a?source=api-scan" ], "published": "2015-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be6f660f-041a-42f2-ab5b-72aedf75727d": { "id": "be6f660f-041a-42f2-ab5b-72aedf75727d", "title": "About Me 3000 widget <= 2.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "About Me 3000 widget", "slug": "about-me-3000", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be6f660f-041a-42f2-ab5b-72aedf75727d?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be700f83-248f-4d22-b53d-7cc61e1f7d7d": { "id": "be700f83-248f-4d22-b53d-7cc61e1f7d7d", "title": "Wordfence <= 5.2.3 - Multiple Protection Mechanism Bypasses", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "[*, 5.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be700f83-248f-4d22-b53d-7cc61e1f7d7d?source=api-scan" ], "published": "2014-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be70f816-14b1-4c7b-8529-146bcd5d4cf3": { "id": "be70f816-14b1-4c7b-8529-146bcd5d4cf3", "title": "Terillion Reviews < 1.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Terillion Reviews", "slug": "terillion-reviews", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be70f816-14b1-4c7b-8529-146bcd5d4cf3?source=api-scan" ], "published": "2013-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be73e45a-ce00-4a1f-b722-32a94c5beadc": { "id": "be73e45a-ce00-4a1f-b722-32a94c5beadc", "title": "FormCraft <= 1.2.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "* - 1.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be73e45a-ce00-4a1f-b722-32a94c5beadc?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be759c83-a9df-4858-a724-28006a595404": { "id": "be759c83-a9df-4858-a724-28006a595404", "title": "Bulgarisation for WooCommerce <= 3.0.14 - Missing Authorization", "software": [ { "type": "plugin", "name": "Bulgarisation for WooCommerce", "slug": "bulgarisation-for-woocommerce", "affected_versions": { "* - 3.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be759c83-a9df-4858-a724-28006a595404?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7": { "id": "be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7", "title": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7?source=api-scan" ], "published": "2024-07-26 23:10:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be7ec812-ee9e-4b19-bb99-27e8016b8013": { "id": "be7ec812-ee9e-4b19-bb99-27e8016b8013", "title": "SpiderContacts <= 1.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpiderContacts", "slug": "spider-contacts", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be7ec812-ee9e-4b19-bb99-27e8016b8013?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be7f8b73-801d-46e8-81c1-8bb0bb576700": { "id": "be7f8b73-801d-46e8-81c1-8bb0bb576700", "title": "Buzzsprout Podcasting <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Buzzsprout Podcasting", "slug": "buzzsprout-podcasting", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be7f8b73-801d-46e8-81c1-8bb0bb576700?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be837a77-9b25-43af-aaba-94a8aa59e7e3": { "id": "be837a77-9b25-43af-aaba-94a8aa59e7e3", "title": "rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "[*, 4.6.15)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be837a77-9b25-43af-aaba-94a8aa59e7e3?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be83c6be-fb6c-462f-b54a-ca12d6d2581f": { "id": "be83c6be-fb6c-462f-b54a-ca12d6d2581f", "title": "Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.36": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be83c6be-fb6c-462f-b54a-ca12d6d2581f?source=api-scan" ], "published": "2024-08-21 20:32:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be841d6b-e3b6-46d2-aba8-fee20c21e933": { "id": "be841d6b-e3b6-46d2-aba8-fee20c21e933", "title": "Quick Page\/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Quick Page\/Post Redirect Plugin", "slug": "quick-pagepost-redirect-plugin", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be841d6b-e3b6-46d2-aba8-fee20c21e933?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be88566d-fc84-442d-bb34-834ad9f4465b": { "id": "be88566d-fc84-442d-bb34-834ad9f4465b", "title": "Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP & AVIF", "slug": "optimole-wp", "affected_versions": { "* - 3.12.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be88566d-fc84-442d-bb34-834ad9f4465b?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be8dcff9-1626-4919-b297-c423891f3d02": { "id": "be8dcff9-1626-4919-b297-c423891f3d02", "title": "Simple Mobile URL Redirect <= 1.7.2 - Cross-Site Request Forgery leading to Mobile Redirect Updates", "software": [ { "type": "plugin", "name": "Simple Mobile URL Redirect", "slug": "simple-mobile-url-redirect", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be8dcff9-1626-4919-b297-c423891f3d02?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be8ec147-1469-449b-b51b-f1c328b1922f": { "id": "be8ec147-1469-449b-b51b-f1c328b1922f", "title": "User Activity Log Pro <= 2.3.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "User Activity Log Pro", "slug": "user-activity-log-pro", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be8ec147-1469-449b-b51b-f1c328b1922f?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be9522c8-3561-48fe-89ef-62e0fcb085b0": { "id": "be9522c8-3561-48fe-89ef-62e0fcb085b0", "title": "ChatBot <= 4.7.8 - Cross-Site Request Forgery via qc_wp_latest_update_check", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be9522c8-3561-48fe-89ef-62e0fcb085b0?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be97e1ca-6c9c-4641-ba7c-bbb14a58d99e": { "id": "be97e1ca-6c9c-4641-ba7c-bbb14a58d99e", "title": "rtMedia for WordPress, BuddyPress and bbPress <= 4.2 - Arbitary File Upload", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "[*, 4.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be97e1ca-6c9c-4641-ba7c-bbb14a58d99e?source=api-scan" ], "published": "2016-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "be9d977d-d7b2-4946-b107-35df176fbdf3": { "id": "be9d977d-d7b2-4946-b107-35df176fbdf3", "title": "Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget", "software": [ { "type": "plugin", "name": "Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)", "slug": "ultimate-post-kit", "affected_versions": { "* - 3.11.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/be9d977d-d7b2-4946-b107-35df176fbdf3?source=api-scan" ], "published": "2024-06-27 19:59:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bea1f918-d966-4214-8331-e389e4080ca5": { "id": "bea1f918-d966-4214-8331-e389e4080ca5", "title": "Awesome Filterable Portfolio < 1.9 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "Awesome Filterable Portfolio", "slug": "awesome-filterable-portfolio", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bea1f918-d966-4214-8331-e389e4080ca5?source=api-scan" ], "published": "2015-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bea7a4d0-d589-420b-a4ff-eaccf12e623b": { "id": "bea7a4d0-d589-420b-a4ff-eaccf12e623b", "title": "ElementsReady Addons for Elementor <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "ElementsReady Addons for Elementor", "slug": "element-ready-lite", "affected_versions": { "* - 6.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bea7a4d0-d589-420b-a4ff-eaccf12e623b?source=api-scan" ], "published": "2024-10-15 21:26:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bead5edb-402a-44bc-9e2b-89201fa4603c": { "id": "bead5edb-402a-44bc-9e2b-89201fa4603c", "title": "HT Mega - Absolute Addons for Elementor Page Builder <= 1.5.5 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bead5edb-402a-44bc-9e2b-89201fa4603c?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "beadd35b-2bce-431e-8347-2d1a87d02f01": { "id": "beadd35b-2bce-431e-8347-2d1a87d02f01", "title": "Users To CSV <= 1.4.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Users To CSV", "slug": "users-to-csv", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/beadd35b-2bce-431e-8347-2d1a87d02f01?source=api-scan" ], "published": "2015-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "beaea592-5eb5-4400-a4a8-b73f9b94198b": { "id": "beaea592-5eb5-4400-a4a8-b73f9b94198b", "title": "Simple Headline Rotator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Headline Rotator", "slug": "simple-headline-rotator", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/beaea592-5eb5-4400-a4a8-b73f9b94198b?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "beb0eade-405b-429b-b7a5-0f9c09f8374e": { "id": "beb0eade-405b-429b-b7a5-0f9c09f8374e", "title": "Kattene <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kattene", "slug": "kattene", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/beb0eade-405b-429b-b7a5-0f9c09f8374e?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "beb28e9e-bf6a-4eed-afbc-ca85ec489df7": { "id": "beb28e9e-bf6a-4eed-afbc-ca85ec489df7", "title": "Cowidgets \u2013 Elementor Addons <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter", "software": [ { "type": "plugin", "name": "Cowidgets \u2013 Elementor Addons", "slug": "cowidgets-elementor-addons", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/beb28e9e-bf6a-4eed-afbc-ca85ec489df7?source=api-scan" ], "published": "2024-06-03 17:08:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "beb47081-ad9c-4ecb-bbcd-2ae916e55baf": { "id": "beb47081-ad9c-4ecb-bbcd-2ae916e55baf", "title": "Media File Renamer \u2013 Auto & Manual Rename <= 5.2.5 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Media File Renamer: Rename for better SEO (AI-Powered)", "slug": "media-file-renamer", "affected_versions": { "* - 5.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/beb47081-ad9c-4ecb-bbcd-2ae916e55baf?source=api-scan" ], "published": "2012-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "beb70eb8-9a9c-4116-832c-337fc2a03329": { "id": "beb70eb8-9a9c-4116-832c-337fc2a03329", "title": "WordPress Core < 5.5.2 - Arbitrary File Deletion", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/beb70eb8-9a9c-4116-832c-337fc2a03329?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bebedaa9-6689-4863-91c6-2ab52a9353db": { "id": "bebedaa9-6689-4863-91c6-2ab52a9353db", "title": "WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Social Widget", "slug": "wp-social-widget", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bebedaa9-6689-4863-91c6-2ab52a9353db?source=api-scan" ], "published": "2023-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bec50640-a550-49a8-baf6-2dd53995f90b": { "id": "bec50640-a550-49a8-baf6-2dd53995f90b", "title": "IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "IQ Testimonials", "slug": "iq-testimonials", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bec50640-a550-49a8-baf6-2dd53995f90b?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bec7d613-b1cd-4a4e-bbd9-62bca3a864a2": { "id": "bec7d613-b1cd-4a4e-bbd9-62bca3a864a2", "title": "WPJobBoard <= 5.6.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Job Board", "slug": "wpjobboard", "affected_versions": { "* - 5.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bec7d613-b1cd-4a4e-bbd9-62bca3a864a2?source=api-scan" ], "published": "2020-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "beceb191-654b-48ea-9b8f-3f4ca974160e": { "id": "beceb191-654b-48ea-9b8f-3f4ca974160e", "title": "WP MAPS \u2013 Easiest & Most Advanced WordPress Plugin for Google Maps <= 4.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 4.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/beceb191-654b-48ea-9b8f-3f4ca974160e?source=api-scan" ], "published": "2022-02-22 14:59:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "becee157-8519-4f1f-b369-5f932773f282": { "id": "becee157-8519-4f1f-b369-5f932773f282", "title": "Auto ThickBox Plus <= 1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Thickbox Plus", "slug": "auto-thickbox-plus", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/becee157-8519-4f1f-b369-5f932773f282?source=api-scan" ], "published": "2015-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bed25977-040e-4427-b1e3-e9be9733b31f": { "id": "bed25977-040e-4427-b1e3-e9be9733b31f", "title": "Contact Form 7 Extension For Mailchimp <= 0.5.70 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form 7 Extension For Mailchimp", "slug": "contact-form-7-mailchimp-extension", "affected_versions": { "* - 0.5.70": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.70", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bed25977-040e-4427-b1e3-e9be9733b31f?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bed6b603-c811-4624-9053-1e12029ba73b": { "id": "bed6b603-c811-4624-9053-1e12029ba73b", "title": "SP Project & Document Manager <= 4.25 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.25": { "from_version": "*", "from_inclusive": true, "to_version": "4.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bed6b603-c811-4624-9053-1e12029ba73b?source=api-scan" ], "published": "2021-08-16 16:45:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bedad627-0ccb-41c1-be8d-753f57be618f": { "id": "bedad627-0ccb-41c1-be8d-753f57be618f", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.20": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bedad627-0ccb-41c1-be8d-753f57be618f?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bede3241-6383-4bdb-ac28-cd9781b608d1": { "id": "bede3241-6383-4bdb-ac28-cd9781b608d1", "title": "WP-DownloadManager plugin <= 1.68.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-DownloadManager", "slug": "wp-downloadmanager", "affected_versions": { "[*, 1.68.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.68.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.68.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bede3241-6383-4bdb-ac28-cd9781b608d1?source=api-scan" ], "published": "2022-01-12 13:42:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bee43fe3-d39a-475e-90c5-24fa569c646a": { "id": "bee43fe3-d39a-475e-90c5-24fa569c646a", "title": "WP TripAdvisor Review Slider <= 11.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP TripAdvisor Review Slider", "slug": "wp-tripadvisor-review-slider", "affected_versions": { "* - 11.8": { "from_version": "*", "from_inclusive": true, "to_version": "11.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bee43fe3-d39a-475e-90c5-24fa569c646a?source=api-scan" ], "published": "2023-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bef1d842-5e04-47ea-b318-55f94c941be0": { "id": "bef1d842-5e04-47ea-b318-55f94c941be0", "title": "Intagrate Lite <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Intagrate Lite", "slug": "instagrate-to-wordpress", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bef1d842-5e04-47ea-b318-55f94c941be0?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "befc6373-1833-4e5b-9500-19fbc3aa110e": { "id": "befc6373-1833-4e5b-9500-19fbc3aa110e", "title": "Coming Soon <= 1.6.3 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/befc6373-1833-4e5b-9500-19fbc3aa110e?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "befd6971-29e1-477e-95b8-e7385fbd247d": { "id": "befd6971-29e1-477e-95b8-e7385fbd247d", "title": "Booster for WooCommerce <= 3.7.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "[*, 3.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/befd6971-29e1-477e-95b8-e7385fbd247d?source=api-scan" ], "published": "2018-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "befe5e99-204e-470e-bbbb-285b5ba0b1fb": { "id": "befe5e99-204e-470e-bbbb-285b5ba0b1fb", "title": "Floating Social Buttons <= 1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Floating Social Buttons", "slug": "floating-social-buttons", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/befe5e99-204e-470e-bbbb-285b5ba0b1fb?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf03a656-7a3b-4227-9493-88f522d7bc13": { "id": "bf03a656-7a3b-4227-9493-88f522d7bc13", "title": "EU\/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EU\/UK VAT Manager for WooCommerce", "slug": "eu-vat-for-woocommerce", "affected_versions": { "* - 2.12.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf03a656-7a3b-4227-9493-88f522d7bc13?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf05a79a-0375-4c9d-bbf0-a87484327b87": { "id": "bf05a79a-0375-4c9d-bbf0-a87484327b87", "title": "WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "* - 3.4.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf0a1568-e97c-41ea-b2c3-ba335f0b4360": { "id": "bf0a1568-e97c-41ea-b2c3-ba335f0b4360", "title": "WPGlobus Translate Options <= 2.1.0 - Reflected Cross-Site Scripting via page", "software": [ { "type": "plugin", "name": "WPGlobus Translate Options", "slug": "wpglobus-translate-options", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf0a1568-e97c-41ea-b2c3-ba335f0b4360?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf0bbd5e-0fec-445e-9baa-e383524da648": { "id": "bf0bbd5e-0fec-445e-9baa-e383524da648", "title": "Link Library <= 7.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf0bbd5e-0fec-445e-9baa-e383524da648?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf0f549d-1d88-415a-81f3-b50f977e2c17": { "id": "bf0f549d-1d88-415a-81f3-b50f977e2c17", "title": "WP Webmaster < 8.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Webmaster", "slug": "all-in-one-webmaster", "affected_versions": { "[*, 8.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf0f549d-1d88-415a-81f3-b50f977e2c17?source=api-scan" ], "published": "2013-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf0f87fe-d318-4f49-993c-3255f4e77ef1": { "id": "bf0f87fe-d318-4f49-993c-3255f4e77ef1", "title": "WP Database Backup <= 5.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf0f87fe-d318-4f49-993c-3255f4e77ef1?source=api-scan" ], "published": "2019-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf16617d-cec2-4943-bd20-7ade31878714": { "id": "bf16617d-cec2-4943-bd20-7ade31878714", "title": "Tutor LMS <= 2.1.8 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf16617d-cec2-4943-bd20-7ade31878714?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf169c9c-26f6-4af7-926e-1be34e638fd6": { "id": "bf169c9c-26f6-4af7-926e-1be34e638fd6", "title": "WP Mail Log <= 1.1.2 - Incorrect Authorization to Authenticated (Contributor+) Data Viewing and Deletion", "software": [ { "type": "plugin", "name": "WP Mail Log", "slug": "wp-mail-log", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf169c9c-26f6-4af7-926e-1be34e638fd6?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf172a41-31dc-4864-9385-53decdc70aeb": { "id": "bf172a41-31dc-4864-9385-53decdc70aeb", "title": "Funnel Builder for WordPress by FunnelKit <= 2.14.3 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells", "slug": "funnel-builder", "affected_versions": { "[*, 2.14.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.14.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf172a41-31dc-4864-9385-53decdc70aeb?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf1f402d-98d7-42d7-8d8d-ff74a65e5293": { "id": "bf1f402d-98d7-42d7-8d8d-ff74a65e5293", "title": "Permalinks Customizer <= 2.8.2 - Cross-Site Request Forgery via post_settings", "software": [ { "type": "plugin", "name": "Permalinks Customizer", "slug": "permalinks-customizer", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf1f402d-98d7-42d7-8d8d-ff74a65e5293?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf214d08-0079-40f2-8beb-6f5e4953bb95": { "id": "bf214d08-0079-40f2-8beb-6f5e4953bb95", "title": "Black Widgets For Elementor <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Black Widgets For Elementor", "slug": "black-widgets", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf214d08-0079-40f2-8beb-6f5e4953bb95?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf238e9d-be91-4c9a-8506-ee01927f5173": { "id": "bf238e9d-be91-4c9a-8506-ee01927f5173", "title": "Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.51": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf238e9d-be91-4c9a-8506-ee01927f5173?source=api-scan" ], "published": "2019-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf26fc68-9fd4-4e4e-b34f-c947d95891f9": { "id": "bf26fc68-9fd4-4e4e-b34f-c947d95891f9", "title": "WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.99": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.99", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.100" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf26fc68-9fd4-4e4e-b34f-c947d95891f9?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf2a57fa-28f8-4fd0-814b-a4c9ae77817a": { "id": "bf2a57fa-28f8-4fd0-814b-a4c9ae77817a", "title": "VR Calendar <= 2.3.1 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "VR Calendar", "slug": "vr-calendar-sync", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf2a57fa-28f8-4fd0-814b-a4c9ae77817a?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf2ddc42-9910-40e5-9546-89f229b852da": { "id": "bf2ddc42-9910-40e5-9546-89f229b852da", "title": "Category Meta <= 1.2.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Category Meta plugin", "slug": "wp-category-meta", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf2ddc42-9910-40e5-9546-89f229b852da?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf356066-fb25-4f6a-8600-91c7f1d098bf": { "id": "bf356066-fb25-4f6a-8600-91c7f1d098bf", "title": "Easy Digital Downloads \u2013 Commissions <= 3.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Commissions", "slug": "edd-commissions", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf356066-fb25-4f6a-8600-91c7f1d098bf?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf36c00f-e6a2-4630-b5ef-9015365be436": { "id": "bf36c00f-e6a2-4630-b5ef-9015365be436", "title": "WooCommerce Google Feed Manager <= 2.2.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Google Feed Manager", "slug": "wp-product-feed-manager", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf36c00f-e6a2-4630-b5ef-9015365be436?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf391432-d569-4458-947f-fe4a2ebcf8f1": { "id": "bf391432-d569-4458-947f-fe4a2ebcf8f1", "title": "Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action", "software": [ { "type": "theme", "name": "Formula", "slug": "formula", "affected_versions": { "* - 0.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf391432-d569-4458-947f-fe4a2ebcf8f1?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf464e16-f5cf-4b3e-a9ee-b3df9aa38c9e": { "id": "bf464e16-f5cf-4b3e-a9ee-b3df9aa38c9e", "title": "Product Slider and Carousel with Category for WooCommerce <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Product Slider and Carousel with Category for WooCommerce", "slug": "woo-product-slider-and-carousel-with-category", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf464e16-f5cf-4b3e-a9ee-b3df9aa38c9e?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf48087a-f729-488a-8e40-f4e010ccd5a7": { "id": "bf48087a-f729-488a-8e40-f4e010ccd5a7", "title": "WordPress Core < 1.5.1.3 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 1.5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf48087a-f729-488a-8e40-f4e010ccd5a7?source=api-scan" ], "published": "2005-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf4cb79e-e62b-4991-8ee5-493dafe38b80": { "id": "bf4cb79e-e62b-4991-8ee5-493dafe38b80", "title": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.77 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", "slug": "mailin", "affected_versions": { "* - 3.1.77": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.77", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.78" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf4cb79e-e62b-4991-8ee5-493dafe38b80?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf4dcdab-6c74-4c0e-bdda-67e60025a873": { "id": "bf4dcdab-6c74-4c0e-bdda-67e60025a873", "title": "WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Tabs \u2013 Responsive Tabs and Custom Product Tabs", "slug": "wp-expand-tabs-free", "affected_versions": { "* - 2.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf4dcdab-6c74-4c0e-bdda-67e60025a873?source=api-scan" ], "published": "2023-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf4e3fc3-b9f4-4ae5-ad48-2f764879360a": { "id": "bf4e3fc3-b9f4-4ae5-ad48-2f764879360a", "title": "TimelineJS3 < 3.7.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Knight Lab Timeline", "slug": "knight-lab-timelinejs", "affected_versions": { "[*, 3.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf4e3fc3-b9f4-4ae5-ad48-2f764879360a?source=api-scan" ], "published": "2020-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf50922a-58a6-4ca4-80b7-cafb37b87216": { "id": "bf50922a-58a6-4ca4-80b7-cafb37b87216", "title": "Horizontal scrolling announcement <= 9.2 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Horizontal scrolling announcement", "slug": "horizontal-scrolling-announcement", "affected_versions": { "* - 9.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf50922a-58a6-4ca4-80b7-cafb37b87216?source=api-scan" ], "published": "2023-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf5e5eaf-b42d-49b9-8f55-6025e64748c9": { "id": "bf5e5eaf-b42d-49b9-8f55-6025e64748c9", "title": "Cyberus Key <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'uid' in 'cyberkey_settings' Plugin Setting", "software": [ { "type": "plugin", "name": "Cyberus Key", "slug": "cyberus-key", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf5e5eaf-b42d-49b9-8f55-6025e64748c9?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf5fe4c5-0a18-4efb-b492-fad2ae3ca3da": { "id": "bf5fe4c5-0a18-4efb-b492-fad2ae3ca3da", "title": "Google Adsense & Banner Ads by AdsforWP < 1.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Google Adsense and Banner Ads Manager \u2013 AdsforWP", "slug": "ads-for-wp", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf5fe4c5-0a18-4efb-b492-fad2ae3ca3da?source=api-scan" ], "published": "2019-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf658b2c-9c98-47af-abfc-9689cdbfcda3": { "id": "bf658b2c-9c98-47af-abfc-9689cdbfcda3", "title": "Goodnex Responsive HTML5\/CSS3 Site Template < 1.1.3 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Goodnex Responsive HTML5\/CSS3 Site Template", "slug": "goodnex", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf658b2c-9c98-47af-abfc-9689cdbfcda3?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf70f652-5244-421c-8ee6-75719315ed64": { "id": "bf70f652-5244-421c-8ee6-75719315ed64", "title": "Advanced Contact form 7 DB <= 1.6.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Contact form 7 DB", "slug": "advanced-cf7-db", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf70f652-5244-421c-8ee6-75719315ed64?source=api-scan" ], "published": "2019-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf798142-4daf-41f5-8416-701d03476520": { "id": "bf798142-4daf-41f5-8416-701d03476520", "title": "WooCommerce Conversion Tracking <= 2.0.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Conversion Tracking", "slug": "woocommerce-conversion-tracking", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf798142-4daf-41f5-8416-701d03476520?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf79cc31-5dd4-4b4f-9c5d-5adaea7689a5": { "id": "bf79cc31-5dd4-4b4f-9c5d-5adaea7689a5", "title": "Import and export users and customers <= 1.26.8 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.26.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf79cc31-5dd4-4b4f-9c5d-5adaea7689a5?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf7b0f1b-a6d3-4a96-adaa-0adeb6ea2efd": { "id": "bf7b0f1b-a6d3-4a96-adaa-0adeb6ea2efd", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf7b0f1b-a6d3-4a96-adaa-0adeb6ea2efd?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf801042-5cd5-424f-a25a-858302285170": { "id": "bf801042-5cd5-424f-a25a-858302285170", "title": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor", "software": [ { "type": "plugin", "name": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor", "slug": "post-and-page-builder", "affected_versions": { "* - 1.24.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.24.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf801042-5cd5-424f-a25a-858302285170?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf808fec-8d84-43ab-85bc-b3b60ab4df31": { "id": "bf808fec-8d84-43ab-85bc-b3b60ab4df31", "title": "Validated <= 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Validated", "slug": "validated", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf808fec-8d84-43ab-85bc-b3b60ab4df31?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf852d93-6d56-46a2-aebc-b222b1b73fb1": { "id": "bf852d93-6d56-46a2-aebc-b222b1b73fb1", "title": "GD Star Rating < 1.9.17 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD Star Rating", "slug": "gd-star-rating", "affected_versions": { "[*, 1.9.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf852d93-6d56-46a2-aebc-b222b1b73fb1?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf88e79b-262e-4fee-9cef-85d96d300972": { "id": "bf88e79b-262e-4fee-9cef-85d96d300972", "title": "BePro Listings <= 2.2.0020 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "BePro Listings", "slug": "bepro-listings", "affected_versions": { "* - 2.2.0020": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0020", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0021" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf88e79b-262e-4fee-9cef-85d96d300972?source=api-scan" ], "published": "2016-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf893b1e-9fcf-4a3a-862e-4f050617acc6": { "id": "bf893b1e-9fcf-4a3a-862e-4f050617acc6", "title": "Tree Sitemap (Pages, Posts & Categories list) <= 2.9 - Missing Authorization to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Tree Sitemap (Pages, Posts & Categories list)", "slug": "tree-website-map", "affected_versions": { "[*, 2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf893b1e-9fcf-4a3a-862e-4f050617acc6?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf8d34ea-cf05-4b20-9d1c-8cf0c608dfc3": { "id": "bf8d34ea-cf05-4b20-9d1c-8cf0c608dfc3", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Authenticated (Editor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.121": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.121", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.122" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf8d34ea-cf05-4b20-9d1c-8cf0c608dfc3?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf90d284-9db8-464b-ae01-f1979408b351": { "id": "bf90d284-9db8-464b-ae01-f1979408b351", "title": "WordPress Download Manager <= 2.9.49 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.9.50)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.50", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf90d284-9db8-464b-ae01-f1979408b351?source=api-scan" ], "published": "2017-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bf9d2008-a397-413d-868d-23afb55a8947": { "id": "bf9d2008-a397-413d-868d-23afb55a8947", "title": "Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Post View Generator", "slug": "custom-post-view-generator", "affected_versions": { "* - 0.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bf9d2008-a397-413d-868d-23afb55a8947?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfa12bf7-5056-4d65-885c-36fcb37c017c": { "id": "bfa12bf7-5056-4d65-885c-36fcb37c017c", "title": "LA-Studio Element Kit for Elementor <= 1.3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfa12bf7-5056-4d65-885c-36fcb37c017c?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfa62776-0502-49b4-8beb-74bbf7f20633": { "id": "bfa62776-0502-49b4-8beb-74bbf7f20633", "title": "Smart Online Order for Clover <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfa62776-0502-49b4-8beb-74bbf7f20633?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfa8328b-5932-4396-b0ef-e16a7ec3b365": { "id": "bfa8328b-5932-4396-b0ef-e16a7ec3b365", "title": "Exit Popups & Onsite Retargeting by OptiMonk <= 2.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Popups supercharged: Stunning templates for email, SMS, discount popups, product recommendation etc.", "slug": "exit-intent-popups-by-optimonk", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfa8328b-5932-4396-b0ef-e16a7ec3b365?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfa9a9f6-dfbb-442c-af2c-af3d44e7b0f1": { "id": "bfa9a9f6-dfbb-442c-af2c-af3d44e7b0f1", "title": "TrustedLogin Vendor < 1.1.1 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "TrustedLogin Vendor", "slug": "vendor", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfa9a9f6-dfbb-442c-af2c-af3d44e7b0f1?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfb329da-00df-4178-ad40-9b0b718dc30e": { "id": "bfb329da-00df-4178-ad40-9b0b718dc30e", "title": "Add Custom Post Type into Post Query <= 1.03 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Custom Post Type into Post Query", "slug": "post-type-modifier-simple", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfb329da-00df-4178-ad40-9b0b718dc30e?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfb473a6-08ba-4b23-877d-4aa661c0053f": { "id": "bfb473a6-08ba-4b23-877d-4aa661c0053f", "title": "Contact Form builder with drag & drop - Kali Forms <= 2.3.27 - Missing Authorization via Contact Form", "software": [ { "type": "plugin", "name": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms", "slug": "kali-forms", "affected_versions": { "* - 2.3.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfb473a6-08ba-4b23-877d-4aa661c0053f?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfb53b61-f476-4b92-b87a-de10e18428a3": { "id": "bfb53b61-f476-4b92-b87a-de10e18428a3", "title": "GoDaddy Email Marketing < 1.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "GoDaddy Email Marketing", "slug": "godaddy-email-marketing-sign-up-forms", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfb53b61-f476-4b92-b87a-de10e18428a3?source=api-scan" ], "published": "2016-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfb77432-e58d-466e-a366-8b8d7f1b6982": { "id": "bfb77432-e58d-466e-a366-8b8d7f1b6982", "title": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via wpas_get_users()", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfba9979-44a2-4ad4-bb6a-f54f73b628d4": { "id": "bfba9979-44a2-4ad4-bb6a-f54f73b628d4", "title": "TP Education <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes", "software": [ { "type": "plugin", "name": "TP Education", "slug": "tp-education", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfba9979-44a2-4ad4-bb6a-f54f73b628d4?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfbc406b-49af-419e-adeb-0510794b7e3f": { "id": "bfbc406b-49af-419e-adeb-0510794b7e3f", "title": "RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfbc406b-49af-419e-adeb-0510794b7e3f?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfc04273-0d72-4b18-bcb5-eb1530aefcc0": { "id": "bfc04273-0d72-4b18-bcb5-eb1530aefcc0", "title": "Formidable Registration <= 2.11 - Authenticated (Contributor+) Arbitrary User Password Reset To Account Takeover", "software": [ { "type": "plugin", "name": "WordPress User Registration Forms by Formidable Forms", "slug": "formidable-registration", "affected_versions": { "* - 2.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfc04273-0d72-4b18-bcb5-eb1530aefcc0?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfc4863a-1b8c-4b13-9df1-18f221b40b26": { "id": "bfc4863a-1b8c-4b13-9df1-18f221b40b26", "title": "Flatsome <= 3.17.5 - Unauthenticated PHP Object Injection", "software": [ { "type": "theme", "name": "Flatsome", "slug": "flatsome", "affected_versions": { "* - 3.17.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.17.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.17.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfc4863a-1b8c-4b13-9df1-18f221b40b26?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfc4ab58-2117-42e7-b367-ee47e28c69ca": { "id": "bfc4ab58-2117-42e7-b367-ee47e28c69ca", "title": "The Pack Elementor addons <= 2.0.8.8 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)", "slug": "the-pack-addon", "affected_versions": { "* - 2.0.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfc4ab58-2117-42e7-b367-ee47e28c69ca?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfc7c214-8d76-453c-a05d-682aa425b06e": { "id": "bfc7c214-8d76-453c-a05d-682aa425b06e", "title": "Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quick Restaurant Menu", "slug": "quick-restaurant-menu", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfc7c214-8d76-453c-a05d-682aa425b06e?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfcbf652-6cb4-4f3e-9032-ad262e8c8480": { "id": "bfcbf652-6cb4-4f3e-9032-ad262e8c8480", "title": "WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.29": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.29", "to_inclusive": true }, "3.8 - 3.8.29": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.29", "to_inclusive": true }, "3.9 - 3.9.27": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.27", "to_inclusive": true }, "4.0 - 4.0.26": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true }, "4.1 - 4.1.26": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.26", "to_inclusive": true }, "4.2 - 4.2.23": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.23", "to_inclusive": true }, "4.3 - 4.3.19": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.19", "to_inclusive": true }, "4.4 - 4.4.18": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.18", "to_inclusive": true }, "4.5 - 4.5.17": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.17", "to_inclusive": true }, "4.6 - 4.6.13": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true }, "4.7 - 4.7.12": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.12", "to_inclusive": true }, "4.8 - 4.8.9": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9 - 4.9.10": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true }, "5.0 - 5.0.5": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true }, "5.1 - 5.1.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true }, "5.2 - 5.2.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.30", "3.8.30", "3.9.28", "4.0.27", "4.1.27", "4.2.24", "4.3.20", "4.4.19", "4.5.18", "4.6.15", "4.7.13", "4.8.10", "4.9.11", "5.0.6", "5.1.2", "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfcbf652-6cb4-4f3e-9032-ad262e8c8480?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfd158b2-c6a4-441a-b611-bf06e197d13d": { "id": "bfd158b2-c6a4-441a-b611-bf06e197d13d", "title": "PopupAlly <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PopupAlly", "slug": "popupally", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfd158b2-c6a4-441a-b611-bf06e197d13d?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfd16372-9173-4168-8604-5c117d05c349": { "id": "bfd16372-9173-4168-8604-5c117d05c349", "title": "Health Check & Troubleshooting <= 1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Health Check & Troubleshooting", "slug": "health-check", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfd16372-9173-4168-8604-5c117d05c349?source=api-scan" ], "published": "2019-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfd1e244-27c2-4c3e-9d82-a7ffefd4eab6": { "id": "bfd1e244-27c2-4c3e-9d82-a7ffefd4eab6", "title": "Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Perfect Survey", "slug": "perfect-survey", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfd1e244-27c2-4c3e-9d82-a7ffefd4eab6?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfd3926e-cdb6-44a6-bada-cb83458ca172": { "id": "bfd3926e-cdb6-44a6-bada-cb83458ca172", "title": "WP Live Chat Support Pro <= 8.0.06 - Remote Code Execution via unrestricted file upload", "software": [ { "type": "plugin", "name": "wp-live-chat-support-pro", "slug": "wp-live-chat-support-pro", "affected_versions": { "* - 8.0.06": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfd3926e-cdb6-44a6-bada-cb83458ca172?source=api-scan" ], "published": "2019-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfd93c33-4672-4914-b052-7bea283ef60c": { "id": "bfd93c33-4672-4914-b052-7bea283ef60c", "title": "Quiz and Survey Master <= 7.0.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "[*, 7.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfd93c33-4672-4914-b052-7bea283ef60c?source=api-scan" ], "published": "2020-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfe10de1-1c1f-437b-8851-7024fce753be": { "id": "bfe10de1-1c1f-437b-8851-7024fce753be", "title": "WP-Mon <= 0.5.1 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "wp-mon", "slug": "wp-mon", "affected_versions": { "* - 0.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfe10de1-1c1f-437b-8851-7024fce753be?source=api-scan" ], "published": "2015-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfe1d122-610a-47c1-944d-bf7352e9ff38": { "id": "bfe1d122-610a-47c1-944d-bf7352e9ff38", "title": "WC Catalog Enquiry <= 3.0.5 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "CatalogX \u2013 Product Catalog Mode For WooCommerce", "slug": "woocommerce-catalog-enquiry", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfe1d122-610a-47c1-944d-bf7352e9ff38?source=api-scan" ], "published": "2017-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfe48948-7fc9-4806-b1b5-9fac5a6c7d96": { "id": "bfe48948-7fc9-4806-b1b5-9fac5a6c7d96", "title": "WP-DownloadManager <= 1.68.4 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "WP-DownloadManager", "slug": "wp-downloadmanager", "affected_versions": { "[*, 1.68.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.68.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.68.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfe48948-7fc9-4806-b1b5-9fac5a6c7d96?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfe8d13b-f387-4c82-ba9f-efadda18c882": { "id": "bfe8d13b-f387-4c82-ba9f-efadda18c882", "title": "Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Appointments", "slug": "easy-appointments", "affected_versions": { "* - 3.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfe8d13b-f387-4c82-ba9f-efadda18c882?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfeee1b9-2490-40ad-a49c-f18ed7b11070": { "id": "bfeee1b9-2490-40ad-a49c-f18ed7b11070", "title": "Custom Login Redirect <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Login Redirect", "slug": "custom-login-redirect", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfeee1b9-2490-40ad-a49c-f18ed7b11070?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bff16371-51a9-44c9-ba6f-3680f84b880a": { "id": "bff16371-51a9-44c9-ba6f-3680f84b880a", "title": "WP Social Chat \u2013 Click To Chat App <= 6.0.4 - Administrator+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Chat \u2013 Click To Chat App Button", "slug": "wp-whatsapp-chat", "affected_versions": { "* - 6.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bff16371-51a9-44c9-ba6f-3680f84b880a?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bff3a160-5238-4478-ab11-3300cac51cf2": { "id": "bff3a160-5238-4478-ab11-3300cac51cf2", "title": "ArtPlacer Widget <= 2.20.6 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "ArtPlacer Widget", "slug": "artplacer-widget", "affected_versions": { "* - 2.20.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bff3a160-5238-4478-ab11-3300cac51cf2?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "bfffed4d-dacb-4591-840c-45105a58362a": { "id": "bfffed4d-dacb-4591-840c-45105a58362a", "title": "Avada <= 7.11.1 - Missing Authorization", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/bfffed4d-dacb-4591-840c-45105a58362a?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c000a424-4060-4dcc-bae3-fa8cfc00ddda": { "id": "c000a424-4060-4dcc-bae3-fa8cfc00ddda", "title": "Per Page Add To Head <= 1.4.3 Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Per page add to head", "slug": "per-page-add-to", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c000a424-4060-4dcc-bae3-fa8cfc00ddda?source=api-scan" ], "published": "2021-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c006b85d-fc05-41e7-93b2-5a09a21bec1a": { "id": "c006b85d-fc05-41e7-93b2-5a09a21bec1a", "title": "Row Seats Core < 2.68 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Row Seats Core", "slug": "row-seats", "affected_versions": { "[*, 2.68)": { "from_version": "*", "from_inclusive": true, "to_version": "2.68", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c006b85d-fc05-41e7-93b2-5a09a21bec1a?source=api-scan" ], "published": "2017-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c00ff4bd-d846-4e3f-95ed-2a6430c47ebf": { "id": "c00ff4bd-d846-4e3f-95ed-2a6430c47ebf", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scritping", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0179947-9346-4411-a946-09d58b556b9c": { "id": "c0179947-9346-4411-a946-09d58b556b9c", "title": "WordPress Gallery Plugin \u2013 Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "Limb Gallery | Create Beautiful Image & Video Galleries", "slug": "limb-gallery", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0179947-9346-4411-a946-09d58b556b9c?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c01a8fbc-c16a-40e2-b628-f874cd3b21e4": { "id": "c01a8fbc-c16a-40e2-b628-f874cd3b21e4", "title": "VikRentCar Car Rental Management System <= 1.3.2 - Information Exposure", "software": [ { "type": "plugin", "name": "VikRentCar Car Rental Management System", "slug": "vikrentcar", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c01a8fbc-c16a-40e2-b628-f874cd3b21e4?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c01bce24-3563-40bd-83c5-8d54bd622151": { "id": "c01bce24-3563-40bd-83c5-8d54bd622151", "title": "Ultimate WordPress Auction Plugin < 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate WordPress Auction Plugin", "slug": "ultimate-auction", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c01bce24-3563-40bd-83c5-8d54bd622151?source=api-scan" ], "published": "2013-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c01cbc25-bdf7-4525-8c7b-194bd0aeb32b": { "id": "c01cbc25-bdf7-4525-8c7b-194bd0aeb32b", "title": "Divi <= 4.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Divi", "slug": "Divi", "affected_versions": { "* - 4.20.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.20.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c01cbc25-bdf7-4525-8c7b-194bd0aeb32b?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c01e3a86-8a2a-4200-b328-fb71afb2b196": { "id": "c01e3a86-8a2a-4200-b328-fb71afb2b196", "title": "WooCommerce Subscriptions < 5.8.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Subscription", "slug": "woocommerce-subscriptions", "affected_versions": { "[*, 5.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c01e3a86-8a2a-4200-b328-fb71afb2b196?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c02a9639-525c-4e63-8ca0-2452667bbfd5": { "id": "c02a9639-525c-4e63-8ca0-2452667bbfd5", "title": "Master Addons for Elementor <= 2.0.6.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c02a9639-525c-4e63-8ca0-2452667bbfd5?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c031d2a4-d009-4422-a751-b8476e15a808": { "id": "c031d2a4-d009-4422-a751-b8476e15a808", "title": "Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c031d2a4-d009-4422-a751-b8476e15a808?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c033171a-d81f-4cae-830b-8bdc4017b85e": { "id": "c033171a-d81f-4cae-830b-8bdc4017b85e", "title": "Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c033171a-d81f-4cae-830b-8bdc4017b85e?source=api-scan" ], "published": "2024-06-21 12:35:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c034d2a2-20c4-4c32-8cfe-b80a62bdfdeb": { "id": "c034d2a2-20c4-4c32-8cfe-b80a62bdfdeb", "title": "ShareYourCart < 1.7.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "ShareYourCart", "slug": "shareyourcart", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c034d2a2-20c4-4c32-8cfe-b80a62bdfdeb?source=api-scan" ], "published": "2012-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c035ac71-54f9-471b-93f3-6bd6a5b86ab2": { "id": "c035ac71-54f9-471b-93f3-6bd6a5b86ab2", "title": "Wordpress Video Gallery <= 2.7 - SQL Injection", "software": [ { "type": "plugin", "name": "WORDPRESS VIDEO GALLERY", "slug": "contus-video-gallery", "affected_versions": { "[*, 2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c035ac71-54f9-471b-93f3-6bd6a5b86ab2?source=api-scan" ], "published": "2015-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0363732-0a67-4a58-9b54-6315328c70ec": { "id": "c0363732-0a67-4a58-9b54-6315328c70ec", "title": "Chameleon CSS <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Chameleon CSS", "slug": "chameleon-css", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0363732-0a67-4a58-9b54-6315328c70ec?source=api-scan" ], "published": "2021-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0377d27-0439-46d3-a02c-a693b1ed0bfd": { "id": "c0377d27-0439-46d3-a02c-a693b1ed0bfd", "title": "Persuasion <= 2.4 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Persuasion", "slug": "persuasion", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0377d27-0439-46d3-a02c-a693b1ed0bfd?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0383bc6-919d-4858-a5b7-abe8a4a6c684": { "id": "c0383bc6-919d-4858-a5b7-abe8a4a6c684", "title": "WP Page Builder <= 1.2.3 - Multiple Stored Cross-Site scripting", "software": [ { "type": "plugin", "name": "WP Page Builder", "slug": "wp-pagebuilder", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0383bc6-919d-4858-a5b7-abe8a4a6c684?source=api-scan" ], "published": "2021-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c039d2fe-7518-4724-a025-6380a53fb58c": { "id": "c039d2fe-7518-4724-a025-6380a53fb58c", "title": "ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c039d2fe-7518-4724-a025-6380a53fb58c?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c03b5670-9f7e-4001-ba90-197559b794a1": { "id": "c03b5670-9f7e-4001-ba90-197559b794a1", "title": "UserHeat Plugin <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "UserHeat Plugin", "slug": "userheat", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c03b5670-9f7e-4001-ba90-197559b794a1?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c03cf3a2-3be9-44da-a050-a5978eb3eadc": { "id": "c03cf3a2-3be9-44da-a050-a5978eb3eadc", "title": "Canto <= 1.9.0 - Blind Server-Side Request Forgery via tree.php", "software": [ { "type": "plugin", "name": "Canto", "slug": "canto", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c03cf3a2-3be9-44da-a050-a5978eb3eadc?source=api-scan" ], "published": "2020-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c043510b-6aeb-4e91-80f0-a62970c01b1d": { "id": "c043510b-6aeb-4e91-80f0-a62970c01b1d", "title": "Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 2.8.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c043510b-6aeb-4e91-80f0-a62970c01b1d?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c045b31f-b4d6-470e-8f93-36eb70bb75f8": { "id": "c045b31f-b4d6-470e-8f93-36eb70bb75f8", "title": "BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Deletion", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c045b31f-b4d6-470e-8f93-36eb70bb75f8?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c04a0f82-97f6-44ff-999d-08a8c106f889": { "id": "c04a0f82-97f6-44ff-999d-08a8c106f889", "title": "Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Pricing Tables For WPBakery Page Builder (formerly Visual Composer)", "slug": "pricing-tables-for-wpbakery-page-builder", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c04a0f82-97f6-44ff-999d-08a8c106f889?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c04d19fb-57b3-4361-bad3-eed98f693939": { "id": "c04d19fb-57b3-4361-bad3-eed98f693939", "title": "Google Calendar Events <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Simple Calendar \u2013 Google Calendar Plugin", "slug": "google-calendar-events", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c04d19fb-57b3-4361-bad3-eed98f693939?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0538999-0a09-4d24-a530-a32fb5b4e5e6": { "id": "c0538999-0a09-4d24-a530-a32fb5b4e5e6", "title": "Events Manager <= 6.4.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 6.4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0538999-0a09-4d24-a530-a32fb5b4e5e6?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c05687f4-5ea2-4226-982f-c3499f204685": { "id": "c05687f4-5ea2-4226-982f-c3499f204685", "title": "Blocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blocksy", "slug": "blocksy", "affected_versions": { "* - 2.0.50": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c05687f4-5ea2-4226-982f-c3499f204685?source=api-scan" ], "published": "2024-06-04 19:06:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c062d60b-eda8-4039-8655-64f32e70839a": { "id": "c062d60b-eda8-4039-8655-64f32e70839a", "title": "WP Copy Protection & No Right Click <= 3.1.4 - Missing Authorization to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "WP Content Copy Protection & No Right Click", "slug": "wp-content-copy-protector", "affected_versions": { "[*, 3.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c062d60b-eda8-4039-8655-64f32e70839a?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c064227f-6332-40c8-9e96-337c608da832": { "id": "c064227f-6332-40c8-9e96-337c608da832", "title": "Mmm Simple File List <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Mmm Simple File List", "slug": "mmm-file-list", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c064227f-6332-40c8-9e96-337c608da832?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0693caa-2c7e-4e9f-8829-1883876d6966": { "id": "c0693caa-2c7e-4e9f-8829-1883876d6966", "title": "Flipping Cards <= 1.30 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flipping Cards", "slug": "flipping-cards", "affected_versions": { "* - 1.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0693caa-2c7e-4e9f-8829-1883876d6966?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c06f9f6d-3cd0-4700-834b-435a99983453": { "id": "c06f9f6d-3cd0-4700-834b-435a99983453", "title": "Surfer <= 1.3.2.357 - Missing Authorization", "software": [ { "type": "plugin", "name": "Surfer \u2013 WordPress Plugin", "slug": "surferseo", "affected_versions": { "* - 1.3.2.357": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.357", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3.379" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c06f9f6d-3cd0-4700-834b-435a99983453?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0793db6-5a9b-4726-935e-c8d614443611": { "id": "c0793db6-5a9b-4726-935e-c8d614443611", "title": "Enfold - Responsive Multi-Purpose Theme < 4.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Enfold - Responsive Multi-Purpose Theme", "slug": "enfold", "affected_versions": { "[*, 4.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0793db6-5a9b-4726-935e-c8d614443611?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c07ea205-5a05-43f5-993e-c6e30f660ac8": { "id": "c07ea205-5a05-43f5-993e-c6e30f660ac8", "title": "User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c07ea205-5a05-43f5-993e-c6e30f660ac8?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0856920-5463-4dd3-a4fd-e56901a89b83": { "id": "c0856920-5463-4dd3-a4fd-e56901a89b83", "title": "Import XML and RSS Feeds <= 2.1.4 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Import XML and RSS Feeds", "slug": "import-xml-feed", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0856920-5463-4dd3-a4fd-e56901a89b83?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c092629f-177c-4201-9fdd-defe47f85811": { "id": "c092629f-177c-4201-9fdd-defe47f85811", "title": "Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Post From Frontend", "slug": "post-from-frontend", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c092629f-177c-4201-9fdd-defe47f85811?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c09536b3-9f8d-4b11-b69a-684b65078870": { "id": "c09536b3-9f8d-4b11-b69a-684b65078870", "title": "WPGlobus \u2013 Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[browser_redirect][redirect_by_language]", "software": [ { "type": "plugin", "name": "WPGlobus \u2013 Multilingual WordPress", "slug": "wpglobus", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c09536b3-9f8d-4b11-b69a-684b65078870?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0979a15-5fa9-4024-81a8-3555d6f73e61": { "id": "c0979a15-5fa9-4024-81a8-3555d6f73e61", "title": "MainWP Comments Extension <= 4.0.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "MainWP Comments Extension", "slug": "mainwp-comments-extension", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0979a15-5fa9-4024-81a8-3555d6f73e61?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c099f401-4b05-4532-8e31-af1b1dea7eca": { "id": "c099f401-4b05-4532-8e31-af1b1dea7eca", "title": "Echo RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Echo RSS Feed Post Generator", "slug": "rss-feed-post-generator-echo", "affected_versions": { "* - 5.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c099f401-4b05-4532-8e31-af1b1dea7eca?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c09b634f-1d36-4454-8e2a-f12d7711d64f": { "id": "c09b634f-1d36-4454-8e2a-f12d7711d64f", "title": "WP Job Manager - Resume Manager <= 2.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Job Manager - Resume Manager", "slug": "wp-job-manager-resumes", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c09b634f-1d36-4454-8e2a-f12d7711d64f?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0a2a379-bd33-4c7d-8b79-e48a2df7e281": { "id": "c0a2a379-bd33-4c7d-8b79-e48a2df7e281", "title": "FAQ Builder AYS <= 1.3.5 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "FAQ Builder AYS", "slug": "faq-builder-ays", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0a2a379-bd33-4c7d-8b79-e48a2df7e281?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0b3662d-e369-4978-aa7a-debbb3ee37e4": { "id": "c0b3662d-e369-4978-aa7a-debbb3ee37e4", "title": "GD Rating System <= 3.5.0 - Unauthenticated Stored Cross-Site Scripting via IP", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0b3662d-e369-4978-aa7a-debbb3ee37e4?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0b3911c-a960-4f28-b289-389b26282741": { "id": "c0b3911c-a960-4f28-b289-389b26282741", "title": "Drop Shadow Boxes <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Drop Shadow Boxes", "slug": "drop-shadow-boxes", "affected_versions": { "* - 1.7.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0b3911c-a960-4f28-b289-389b26282741?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0b86c45-c346-4df7-844e-01de027bbc1e": { "id": "c0b86c45-c346-4df7-844e-01de027bbc1e", "title": "Booster for WooCommerce <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0b86c45-c346-4df7-844e-01de027bbc1e?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0ba19a2-0a30-4346-88a2-d1166ab13388": { "id": "c0ba19a2-0a30-4346-88a2-d1166ab13388", "title": "Flower Delivery by Florist One <= 3.5.8 - (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flower Delivery by Florist One", "slug": "flower-delivery-by-florist-one", "affected_versions": { "* - 3.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0ba19a2-0a30-4346-88a2-d1166ab13388?source=api-scan" ], "published": "2022-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0bba475-b498-4c2d-a3f2-f4766a2b8616": { "id": "c0bba475-b498-4c2d-a3f2-f4766a2b8616", "title": "WordPress Core <= 3.5.1 - Denial of Service via wp-postpass cookie", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0bba475-b498-4c2d-a3f2-f4766a2b8616?source=api-scan" ], "published": "2013-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0c13b83-6885-46db-bf33-0b2b63ff06db": { "id": "c0c13b83-6885-46db-bf33-0b2b63ff06db", "title": "Contact Form 7 \u2013 PayPal & Stripe Add-on <= 1.9.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form 7 \u2013 PayPal & Stripe Add-on", "slug": "contact-form-7-paypal-add-on", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0c13b83-6885-46db-bf33-0b2b63ff06db?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0c293db-5526-4600-838a-6e88586926c4": { "id": "c0c293db-5526-4600-838a-6e88586926c4", "title": "Tutor LMS <= 2.7.1 - Authenticated (Admin+) Path Traversal", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0c293db-5526-4600-838a-6e88586926c4?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0c44335-5d05-48cb-a3a2-574d65f02866": { "id": "c0c44335-5d05-48cb-a3a2-574d65f02866", "title": "Newspack Blocks <= 3.0.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Newspack Blocks", "slug": "newspack-blocks", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0c44335-5d05-48cb-a3a2-574d65f02866?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0c57743-9fdd-4fc0-9a27-787834b64846": { "id": "c0c57743-9fdd-4fc0-9a27-787834b64846", "title": "KiviCare <= 3.2.0 - Reflected Cross-Site Scripting via 'filterType'", "software": [ { "type": "plugin", "name": "KiviCare \u2013 Clinic & Patient Management System (EHR)", "slug": "kivicare-clinic-management-system", "affected_versions": { "[*, 3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0c57743-9fdd-4fc0-9a27-787834b64846?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0ca284d-1d03-46d6-94a4-7cc72e4bbf87": { "id": "c0ca284d-1d03-46d6-94a4-7cc72e4bbf87", "title": "Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup4Phone", "slug": "popup4phone", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0ca284d-1d03-46d6-94a4-7cc72e4bbf87?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0ce3a76-5e16-4772-a802-9e5ce1345f95": { "id": "c0ce3a76-5e16-4772-a802-9e5ce1345f95", "title": "Kento Post View Counter <= 2.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Kento Post View Counter", "slug": "kento-post-view-counter", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0ce3a76-5e16-4772-a802-9e5ce1345f95?source=api-scan" ], "published": "2016-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0d06c02-fad7-4d2f-a230-03723ba828b3": { "id": "c0d06c02-fad7-4d2f-a230-03723ba828b3", "title": "aThemes Starter Sites <= 1.0.53 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "aThemes Starter Sites", "slug": "athemes-starter-sites", "affected_versions": { "* - 1.0.53": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0d06c02-fad7-4d2f-a230-03723ba828b3?source=api-scan" ], "published": "2024-07-26 21:43:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0d5f034-fd8b-456a-b44a-7d82db3a16a0": { "id": "c0d5f034-fd8b-456a-b44a-7d82db3a16a0", "title": "Page scroll to id <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Page scroll to id", "slug": "page-scroll-to-id", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0d5f034-fd8b-456a-b44a-7d82db3a16a0?source=api-scan" ], "published": "2024-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0d68506-ee5c-4b01-a0d2-caf2482106e0": { "id": "c0d68506-ee5c-4b01-a0d2-caf2482106e0", "title": "Rollback < 1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Rollback \u2013 Rollback Plugins and Themes", "slug": "wp-rollback", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0d68506-ee5c-4b01-a0d2-caf2482106e0?source=api-scan" ], "published": "2015-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0d79ae1-e9e4-4798-aa29-519b80759be6": { "id": "c0d79ae1-e9e4-4798-aa29-519b80759be6", "title": "Social Media Share Buttons & Social Sharing Icons < 1.1.1.12 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 1.1.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0d79ae1-e9e4-4798-aa29-519b80759be6?source=api-scan" ], "published": "2015-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0d8ac01-ac73-47ea-839b-edc820436f27": { "id": "c0d8ac01-ac73-47ea-839b-edc820436f27", "title": "Easy Appointments <= 3.11.18 - Insufficient Authorization", "software": [ { "type": "plugin", "name": "Easy Appointments", "slug": "easy-appointments", "affected_versions": { "* - 3.11.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0d8ac01-ac73-47ea-839b-edc820436f27?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0da4d55-5025-47cf-9f45-377d8943fc94": { "id": "c0da4d55-5025-47cf-9f45-377d8943fc94", "title": "CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update", "software": [ { "type": "plugin", "name": "CF7 Google Sheets Connector", "slug": "cf7-google-sheets-connector", "affected_versions": { "* - 5.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0da4d55-5025-47cf-9f45-377d8943fc94?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0daeb94-1028-4163-af9d-0a6d7a00269f": { "id": "c0daeb94-1028-4163-af9d-0a6d7a00269f", "title": "Five Star Business Profile and Schema <= 2.1.6 - Subscriber+ Page Creation & Settings Update to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Five Star Business Profile and Schema", "slug": "business-profile", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0daeb94-1028-4163-af9d-0a6d7a00269f?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8": { "id": "c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8", "title": "Carousel, Recent Post Slider and Banner Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Carousel, Recent Post Slider and Banner Slider", "slug": "spice-post-slider", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0dfa035-78fe-426f-a018-7bb2f22f0dd7": { "id": "c0dfa035-78fe-426f-a018-7bb2f22f0dd7", "title": "Maintenance <= 4.02 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Maintenance", "slug": "maintenance", "affected_versions": { "[*, 4.03)": { "from_version": "*", "from_inclusive": true, "to_version": "4.03", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0dfa035-78fe-426f-a018-7bb2f22f0dd7?source=api-scan" ], "published": "2021-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0e53aa4-9acf-4501-9b5e-b7694851fc63": { "id": "c0e53aa4-9acf-4501-9b5e-b7694851fc63", "title": "Popup Box <= 2.1.2 - Authenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Popup Box: Create Custom WordPress Popups Easily", "slug": "popup-box", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0e53aa4-9acf-4501-9b5e-b7694851fc63?source=api-scan" ], "published": "2022-05-17 11:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0e58807-bccc-469f-82c3-a4bbf088a626": { "id": "c0e58807-bccc-469f-82c3-a4bbf088a626", "title": "Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 20.2": { "from_version": "*", "from_inclusive": true, "to_version": "20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0e58807-bccc-469f-82c3-a4bbf088a626?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0e6f20a-3a5c-4782-9852-9891b93d765f": { "id": "c0e6f20a-3a5c-4782-9852-9891b93d765f", "title": "Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "[*, 2.05.03)": { "from_version": "*", "from_inclusive": true, "to_version": "2.05.03", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.05.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0e6f20a-3a5c-4782-9852-9891b93d765f?source=api-scan" ], "published": "2017-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0eae97c-d7e5-4dde-a323-d90a20826341": { "id": "c0eae97c-d7e5-4dde-a323-d90a20826341", "title": "Easy Drag And drop All Import : WP Ultimate CSV Importer <= 5.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0eae97c-d7e5-4dde-a323-d90a20826341?source=api-scan" ], "published": "2019-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c0f899c6-cce2-4534-9b97-3783648cba09": { "id": "c0f899c6-cce2-4534-9b97-3783648cba09", "title": "PPWP \u2013 WordPress Password Protect Page <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "PPWP \u2013 Password Protect Pages", "slug": "password-protect-page", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c0f899c6-cce2-4534-9b97-3783648cba09?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1005616-f3b5-45fa-97f8-784429a4a168": { "id": "c1005616-f3b5-45fa-97f8-784429a4a168", "title": "WordPress Plugin Tournamatch < 4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tournamatch", "slug": "tournamatch", "affected_versions": { "* - 4.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1005616-f3b5-45fa-97f8-784429a4a168?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c101b579-de72-4f33-8fd2-7fcd7c25044c": { "id": "c101b579-de72-4f33-8fd2-7fcd7c25044c", "title": "DW Promobar <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DW Promobar", "slug": "dw-promobar", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c101b579-de72-4f33-8fd2-7fcd7c25044c?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c101b69d-02c2-4075-8de7-0988ba3c74cc": { "id": "c101b69d-02c2-4075-8de7-0988ba3c74cc", "title": "WooLentor <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c101b69d-02c2-4075-8de7-0988ba3c74cc?source=api-scan" ], "published": "2023-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1022ac4-869e-415a-a7c8-3650421608ea": { "id": "c1022ac4-869e-415a-a7c8-3650421608ea", "title": "ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1022ac4-869e-415a-a7c8-3650421608ea?source=api-scan" ], "published": "2023-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1033b4d-82a0-4484-aebf-f35d6a2a9a13": { "id": "c1033b4d-82a0-4484-aebf-f35d6a2a9a13", "title": "EmbedPress <= 3.7.3 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1033b4d-82a0-4484-aebf-f35d6a2a9a13?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1089958-a481-47b1-9dc6-799a1a7930c8": { "id": "c1089958-a481-47b1-9dc6-799a1a7930c8", "title": "Beauty <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via tpl_featured_cat_id Parameter", "software": [ { "type": "theme", "name": "Beauty", "slug": "beauty", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1089958-a481-47b1-9dc6-799a1a7930c8?source=api-scan" ], "published": "2024-09-12 21:28:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c10c2256-4ffd-489a-afae-b455bf45c3ca": { "id": "c10c2256-4ffd-489a-afae-b455bf45c3ca", "title": "WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wordpress-backup-to-dropbox", "slug": "wordpress-backup-to-dropbox", "affected_versions": { "[*, 4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c10c2256-4ffd-489a-afae-b455bf45c3ca?source=api-scan" ], "published": "2014-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c115da4f-02f1-40b6-ba47-337b279de3e0": { "id": "c115da4f-02f1-40b6-ba47-337b279de3e0", "title": "Mortgage Calculator \/ Loan Calculator < 1.5.17 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mortgage Calculator \/ Loan Calculator", "slug": "mortgage-loan-calculator", "affected_versions": { "[*, 1.5.17)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c115da4f-02f1-40b6-ba47-337b279de3e0?source=api-scan" ], "published": "2021-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1197d19-e49f-4d44-8efe-ef8d7e91bce0": { "id": "c1197d19-e49f-4d44-8efe-ef8d7e91bce0", "title": "Autolinks <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Autolinks", "slug": "autolinks", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1197d19-e49f-4d44-8efe-ef8d7e91bce0?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c11be4ba-1bed-4234-b475-468394b7be90": { "id": "c11be4ba-1bed-4234-b475-468394b7be90", "title": "File Gallery <= 1.8.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_gallery_shortcode", "software": [ { "type": "plugin", "name": "File Gallery", "slug": "file-gallery", "affected_versions": { "* - 1.8.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c11be4ba-1bed-4234-b475-468394b7be90?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c12094bd-aa23-4f9b-92e1-d1d4284fb2a0": { "id": "c12094bd-aa23-4f9b-92e1-d1d4284fb2a0", "title": "Elementor Addons, Widgets and Enhancements \u2013 Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget", "software": [ { "type": "plugin", "name": "Elementor Addons, Widgets and Enhancements \u2013 Stax", "slug": "stax-addons-for-elementor", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c12094bd-aa23-4f9b-92e1-d1d4284fb2a0?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c12538bc-6e7d-4d47-8e5b-65574ed26ec4": { "id": "c12538bc-6e7d-4d47-8e5b-65574ed26ec4", "title": "Easy Coming Soon < 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Coming Soon", "slug": "easy-coming-soon", "affected_versions": { "[*, 1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c12538bc-6e7d-4d47-8e5b-65574ed26ec4?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1280ceb-9ce8-47fc-8fd3-6af80015dea9": { "id": "c1280ceb-9ce8-47fc-8fd3-6af80015dea9", "title": "Webo-facto <= 1.40 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Webo-facto", "slug": "webo-facto-connector", "affected_versions": { "* - 1.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1280ceb-9ce8-47fc-8fd3-6af80015dea9?source=api-scan" ], "published": "2024-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c12ba39f-03bc-4a45-b2f4-368f48c0a57b": { "id": "c12ba39f-03bc-4a45-b2f4-368f48c0a57b", "title": "Pressference Exporter <= 1.0.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Pressference Exporter", "slug": "pressference-exporter", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c12ba39f-03bc-4a45-b2f4-368f48c0a57b?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c12e6063-2db7-4f8b-a7c3-3e40bc9ff2a4": { "id": "c12e6063-2db7-4f8b-a7c3-3e40bc9ff2a4", "title": "WP Smiley <= 1.4.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-smiley", "slug": "wp-smiley", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c12e6063-2db7-4f8b-a7c3-3e40bc9ff2a4?source=api-scan" ], "published": "2015-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c131c746-3029-4791-b564-f6e530e63ea9": { "id": "c131c746-3029-4791-b564-f6e530e63ea9", "title": "mTouch Quiz <= 3.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mTouch Quiz", "slug": "mtouch-quiz", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c131c746-3029-4791-b564-f6e530e63ea9?source=api-scan" ], "published": "2015-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c132cfc1-03b3-4616-9a66-871e88c857cb": { "id": "c132cfc1-03b3-4616-9a66-871e88c857cb", "title": "WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings", "software": [ { "type": "plugin", "name": "WP To Do", "slug": "wp-todo", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c132cfc1-03b3-4616-9a66-871e88c857cb?source=api-scan" ], "published": "2024-05-29 15:53:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c133c31e-e80a-4293-b19d-22e8bc8f677b": { "id": "c133c31e-e80a-4293-b19d-22e8bc8f677b", "title": "WordPress to Buffer <= 3.8.1 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Post, Auto Publish and Schedule to Twitter, LinkedIn and Social Media \u2013 WP to Buffer", "slug": "wp-to-buffer", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c133c31e-e80a-4293-b19d-22e8bc8f677b?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c13ba1df-25fa-4cc8-9745-2d6f6168788a": { "id": "c13ba1df-25fa-4cc8-9745-2d6f6168788a", "title": "Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion", "software": [ { "type": "plugin", "name": "Delete Custom Fields", "slug": "delete-custom-fields", "affected_versions": { "* - 0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c13ba1df-25fa-4cc8-9745-2d6f6168788a?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1441e68-5c41-4c90-ba99-1656af87a29d": { "id": "c1441e68-5c41-4c90-ba99-1656af87a29d", "title": "Honeypot for WP Comment <= 2.2.3 - Reflected Cross-Site Scripting via page", "software": [ { "type": "plugin", "name": "Honeypot for WP Comment", "slug": "honeypot-for-wp-comment", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1441e68-5c41-4c90-ba99-1656af87a29d?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c146f89c-5df3-4aaf-b880-0ce6016dfb6d": { "id": "c146f89c-5df3-4aaf-b880-0ce6016dfb6d", "title": "GS Team Members <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Members \u2013 A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More", "slug": "gs-team-members", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c146f89c-5df3-4aaf-b880-0ce6016dfb6d?source=api-scan" ], "published": "2023-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c14783d3-68de-49c6-9c54-eb7fc4a7bf94": { "id": "c14783d3-68de-49c6-9c54-eb7fc4a7bf94", "title": "MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode", "software": [ { "type": "plugin", "name": "MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar", "slug": "mp3-music-player-by-sonaar", "affected_versions": { "* - 5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c14783d3-68de-49c6-9c54-eb7fc4a7bf94?source=api-scan" ], "published": "2024-07-09 19:09:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c148372b-e0d2-4164-b7e7-91921720adcf": { "id": "c148372b-e0d2-4164-b7e7-91921720adcf", "title": "Olimometer < 2.57 - SQL Injection", "software": [ { "type": "plugin", "name": "Olimometer", "slug": "olimometer", "affected_versions": { "[*, 2.57)": { "from_version": "*", "from_inclusive": true, "to_version": "2.57", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c148372b-e0d2-4164-b7e7-91921720adcf?source=api-scan" ], "published": "2016-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c14b1d49-efea-4c09-9448-533223c6d2e8": { "id": "c14b1d49-efea-4c09-9448-533223c6d2e8", "title": "Export All URLs <= 4.1 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Export All URLs", "slug": "export-all-urls", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c14b1d49-efea-4c09-9448-533223c6d2e8?source=api-scan" ], "published": "2022-05-27 12:58:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c14b948f-129d-4223-b3ee-0bef1f9fc703": { "id": "c14b948f-129d-4223-b3ee-0bef1f9fc703", "title": "Betheme <= 26.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "26.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c14b948f-129d-4223-b3ee-0bef1f9fc703?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c14e6411-20de-4cfe-96b5-20e71718610e": { "id": "c14e6411-20de-4cfe-96b5-20e71718610e", "title": "RomethemeKit For Elementor <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RomethemeKit For Elementor", "slug": "rometheme-for-elementor", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c14e6411-20de-4cfe-96b5-20e71718610e?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c14f473f-ca49-4610-b5df-9eb0e064ece5": { "id": "c14f473f-ca49-4610-b5df-9eb0e064ece5", "title": "GD Rating System <= 2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c14f473f-ca49-4610-b5df-9eb0e064ece5?source=api-scan" ], "published": "2018-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1520cce-4ed7-4815-9023-4a994200601a": { "id": "c1520cce-4ed7-4815-9023-4a994200601a", "title": "Sensei LMS <= 4.5.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sensei LMS \u2013 Online Courses, Quizzes, & Learning", "slug": "sensei-lms", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1520cce-4ed7-4815-9023-4a994200601a?source=api-scan" ], "published": "2022-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1528125-9d26-40a2-9591-4220c18cef37": { "id": "c1528125-9d26-40a2-9591-4220c18cef37", "title": "Visualizer <= 3.11.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1528125-9d26-40a2-9591-4220c18cef37?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1532e12-b786-4b87-ae19-951297c47a6c": { "id": "c1532e12-b786-4b87-ae19-951297c47a6c", "title": "IP2Location Country Blocker <= 2.26.5 - Arbitrary Country Ban via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "IP2Location Country Blocker", "slug": "ip2location-country-blocker", "affected_versions": { "* - 2.26.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.26.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1532e12-b786-4b87-ae19-951297c47a6c?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c154cc4b-f0b9-4c3e-8e74-9bfa6de62d2f": { "id": "c154cc4b-f0b9-4c3e-8e74-9bfa6de62d2f", "title": "Counter Box \u2013 WordPress plugin for countdown, timer, counter <= 1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site", "slug": "counter-box", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c154cc4b-f0b9-4c3e-8e74-9bfa6de62d2f?source=api-scan" ], "published": "2022-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c15eda1f-dc9f-4601-a337-ad3e66baf3b2": { "id": "c15eda1f-dc9f-4601-a337-ad3e66baf3b2", "title": "WOOCS \u2013 Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c15eda1f-dc9f-4601-a337-ad3e66baf3b2?source=api-scan" ], "published": "2021-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1621cd2-78d3-4429-862a-b425f5436f38": { "id": "c1621cd2-78d3-4429-862a-b425f5436f38", "title": "iMember360 3.8.0.12 - 3.9.001 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "iMember360is", "slug": "imember360", "affected_versions": { "[3.8.012, 3.9.001)": { "from_version": "3.8.012", "from_inclusive": true, "to_version": "3.9.001", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.001" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1621cd2-78d3-4429-862a-b425f5436f38?source=api-scan" ], "published": "2014-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c16543db-2f8c-4266-9fb2-fc429f5647b6": { "id": "c16543db-2f8c-4266-9fb2-fc429f5647b6", "title": "Verse-O-Matic <= 4.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Verse-O-Matic", "slug": "verse-o-matic", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c16543db-2f8c-4266-9fb2-fc429f5647b6?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1690fe3-f03f-4640-9948-2109d73a841c": { "id": "c1690fe3-f03f-4640-9948-2109d73a841c", "title": "WP Support Plus Responsive Ticket System <= 7.1.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "* - 7.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1690fe3-f03f-4640-9948-2109d73a841c?source=api-scan" ], "published": "2016-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c16b6a15-9f15-44a6-8663-201f64af81cc": { "id": "c16b6a15-9f15-44a6-8663-201f64af81cc", "title": "WordPress Sentinel < 1.0.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Sentinel", "slug": "wordpress-sentinel", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c16b6a15-9f15-44a6-8663-201f64af81cc?source=api-scan" ], "published": "2011-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c16cd71e-a09e-4d34-99be-b632a3e64253": { "id": "c16cd71e-a09e-4d34-99be-b632a3e64253", "title": "WP Calendar <= 1.5.3 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Calendar", "slug": "wp-calendar", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c16cd71e-a09e-4d34-99be-b632a3e64253?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c16e16dc-8888-4222-862f-a57a9f14e7f4": { "id": "c16e16dc-8888-4222-862f-a57a9f14e7f4", "title": "iframe <= 5.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "iframe", "slug": "iframe", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c16e16dc-8888-4222-862f-a57a9f14e7f4?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c16fab08-6b2c-433a-9105-fc15f5c52575": { "id": "c16fab08-6b2c-433a-9105-fc15f5c52575", "title": "Platform < 1.4.4 - Missing Authorization", "software": [ { "type": "theme", "name": "Platform", "slug": "platform", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c16fab08-6b2c-433a-9105-fc15f5c52575?source=api-scan" ], "published": "2015-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1710f84-e3c1-4fbc-841e-c7c9ccf3a2e5": { "id": "c1710f84-e3c1-4fbc-841e-c7c9ccf3a2e5", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1710f84-e3c1-4fbc-841e-c7c9ccf3a2e5?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c177440a-4575-4202-be16-ac7ab0fbb90b": { "id": "c177440a-4575-4202-be16-ac7ab0fbb90b", "title": "GiveWP <= 2.4.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c177440a-4575-4202-be16-ac7ab0fbb90b?source=api-scan" ], "published": "2019-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c17967a4-20df-4b23-973f-591a0caeea39": { "id": "c17967a4-20df-4b23-973f-591a0caeea39", "title": "FormCraft <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c17967a4-20df-4b23-973f-591a0caeea39?source=api-scan" ], "published": "2023-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c17c344b-c891-4086-98c8-cea5673173d7": { "id": "c17c344b-c891-4086-98c8-cea5673173d7", "title": "More Featured Images <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "More Featured Images", "slug": "more-featured-images", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c17c344b-c891-4086-98c8-cea5673173d7?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c17d7fba-7b98-4a7a-a35e-78f16be81aca": { "id": "c17d7fba-7b98-4a7a-a35e-78f16be81aca", "title": "Sliced Invoices <= 3.9.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sliced Invoices \u2013 WordPress Invoice Plugin", "slug": "sliced-invoices", "affected_versions": { "* - 3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c17d7fba-7b98-4a7a-a35e-78f16be81aca?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c17ef8db-98ea-47b0-8d7f-b2b3f01bf6ec": { "id": "c17ef8db-98ea-47b0-8d7f-b2b3f01bf6ec", "title": "Inline Related Posts <= 3.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Inline Related Posts", "slug": "intelly-related-posts", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c17ef8db-98ea-47b0-8d7f-b2b3f01bf6ec?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1804afe-55a1-428f-ae5d-99d68f61d33b": { "id": "c1804afe-55a1-428f-ae5d-99d68f61d33b", "title": "RBX Gallery < 3.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "rbxgallery", "slug": "rbxgallery", "affected_versions": { "[*, 3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1804afe-55a1-428f-ae5d-99d68f61d33b?source=api-scan" ], "published": "2012-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1836b1e-6c37-4a07-ac29-687d2eebd3ec": { "id": "c1836b1e-6c37-4a07-ac29-687d2eebd3ec", "title": "ConvertPlus <= 3.4.4 - Unauthorized Account Creation", "software": [ { "type": "plugin", "name": "ConvertPlus", "slug": "convertplug", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1836b1e-6c37-4a07-ac29-687d2eebd3ec?source=api-scan" ], "published": "2019-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1870c6e-23b6-4f3b-adba-72633d62dfd0": { "id": "c1870c6e-23b6-4f3b-adba-72633d62dfd0", "title": "SiteAlert (Formerly WP Health) <= 1.9.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SiteAlert \u2013 Uptime, Speed, and Security Monitoring for WordPress", "slug": "my-wp-health-check", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1870c6e-23b6-4f3b-adba-72633d62dfd0?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1871009-8bf1-47a6-9fef-9ab2798b057c": { "id": "c1871009-8bf1-47a6-9fef-9ab2798b057c", "title": "Easy Accept Payments for PayPal <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Accept Payments via PayPal", "slug": "wordpress-easy-paypal-payment-or-donation-accept-plugin", "affected_versions": { "* - 4.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1871009-8bf1-47a6-9fef-9ab2798b057c?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c187ed25-6ba7-4a58-97df-5fea723d485a": { "id": "c187ed25-6ba7-4a58-97df-5fea723d485a", "title": "W3 Total Cache <= 0.9.4.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c187ed25-6ba7-4a58-97df-5fea723d485a?source=api-scan" ], "published": "2016-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c189a778-0338-408c-bcca-a0ac76d8eb44": { "id": "c189a778-0338-408c-bcca-a0ac76d8eb44", "title": "AutomatorWP <= 2.5.0 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "AutomatorWP \u2013 The #1 automator plugin for no-code automation in WordPress", "slug": "automatorwp", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c189a778-0338-408c-bcca-a0ac76d8eb44?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c189bdcb-3b72-4e25-8444-6852444b89f7": { "id": "c189bdcb-3b72-4e25-8444-6852444b89f7", "title": "Sync Post With Other Site <= 1.5.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sync Post With Other Site", "slug": "sync-post-with-other-site", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c189bdcb-3b72-4e25-8444-6852444b89f7?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c190c2d7-961b-4643-a7fe-6d4a22b0d5d7": { "id": "c190c2d7-961b-4643-a7fe-6d4a22b0d5d7", "title": "WDContactFormBuilder <= 1.0.68 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WDContactFormBuilder", "slug": "contact-form-builder", "affected_versions": { "[*, 1.0.69)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.69", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c190c2d7-961b-4643-a7fe-6d4a22b0d5d7?source=api-scan" ], "published": "2019-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c192425a-1e2d-4f7d-bd88-3a594d70a461": { "id": "c192425a-1e2d-4f7d-bd88-3a594d70a461", "title": "Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Slider 3", "slug": "smart-slider-3", "affected_versions": { "* - 3.5.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c192425a-1e2d-4f7d-bd88-3a594d70a461?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c195d62d-5f2f-4248-9a84-b551f532256b": { "id": "c195d62d-5f2f-4248-9a84-b551f532256b", "title": "Manual Image Crop <= 1.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Manual Image Crop", "slug": "manual-image-crop", "affected_versions": { "[*, 1.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c195d62d-5f2f-4248-9a84-b551f532256b?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c198008f-271e-431e-beb9-3a9f93cbbf8e": { "id": "c198008f-271e-431e-beb9-3a9f93cbbf8e", "title": "Wp Ultimate Review <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Ultimate Review", "slug": "wp-ultimate-review", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c198008f-271e-431e-beb9-3a9f93cbbf8e?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c19d9288-39b2-4db1-abc6-ba87f98fecad": { "id": "c19d9288-39b2-4db1-abc6-ba87f98fecad", "title": "Ad Manager <= 1.1.2 - Open Redirection", "software": [ { "type": "plugin", "name": "wordpress-admanager", "slug": "wordpress-admanager", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c19d9288-39b2-4db1-abc6-ba87f98fecad?source=api-scan" ], "published": "2014-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1a0d446-63b6-4265-a542-345d766faf15": { "id": "c1a0d446-63b6-4265-a542-345d766faf15", "title": "CLUEVO E-Learning Platform <= 1.8.0 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CLUEVO LMS, E-Learning Platform", "slug": "cluevo-lms", "affected_versions": { "[*, 1.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1a0d446-63b6-4265-a542-345d766faf15?source=api-scan" ], "published": "2022-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1a0d54f-08f7-4ec5-8cfe-6c4a6eb26748": { "id": "c1a0d54f-08f7-4ec5-8cfe-6c4a6eb26748", "title": "Ajax Search Pro <= 4.26.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ajax Search Pro", "slug": "ajax-search-pro", "affected_versions": { "* - 4.26.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.26.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.26.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1a0d54f-08f7-4ec5-8cfe-6c4a6eb26748?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1a4d8a3-5553-4b1c-b0f8-d6a372de3692": { "id": "c1a4d8a3-5553-4b1c-b0f8-d6a372de3692", "title": "Landing Page Builder <= 1.5.1.5 - Open Redirect", "software": [ { "type": "plugin", "name": "Landing Page Builder \u2013 Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages", "slug": "page-builder-add", "affected_versions": { "* - 1.5.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1a4d8a3-5553-4b1c-b0f8-d6a372de3692?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1ac9f77-eea7-4726-b2ba-019c26aec242": { "id": "c1ac9f77-eea7-4726-b2ba-019c26aec242", "title": "NPS computy <= 2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NPS computy", "slug": "nps-computy", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1ac9f77-eea7-4726-b2ba-019c26aec242?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1acc256-c8f5-4738-8788-d52b4e2b80ef": { "id": "c1acc256-c8f5-4738-8788-d52b4e2b80ef", "title": "AcyMailing SMTP Newsletter < 7.5.0 - Open Redirect", "software": [ { "type": "plugin", "name": "AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress", "slug": "acymailing", "affected_versions": { "[*, 7.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1acc256-c8f5-4738-8788-d52b4e2b80ef?source=api-scan" ], "published": "2021-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1b0ac88-8afd-4e46-9721-7aab91090e37": { "id": "c1b0ac88-8afd-4e46-9721-7aab91090e37", "title": "PublishPress: Editorial Calendar, Workflow, Comments, Notifications and Statuses <= 3.5.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Editorial Calendar, Marketing Content, Kanban Board \u2013 PublishPress Planner", "slug": "publishpress", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1b0ac88-8afd-4e46-9721-7aab91090e37?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1b1bdaf-eeec-4f93-86d6-cb94db6c32f8": { "id": "c1b1bdaf-eeec-4f93-86d6-cb94db6c32f8", "title": "Global Notification Bar <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Global Notification Bar", "slug": "global-notification-bar", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1b1bdaf-eeec-4f93-86d6-cb94db6c32f8?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a": { "id": "c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a", "title": "Tutor LMS \u2013 eLearning and online course solution <= 1.7.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a?source=api-scan" ], "published": "2021-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1b93229-55ef-4216-8d48-35e8b6506c19": { "id": "c1b93229-55ef-4216-8d48-35e8b6506c19", "title": "Master Slider <= 3.9.5 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1b93229-55ef-4216-8d48-35e8b6506c19?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1ba314e-0c7a-408a-9565-89989b22de44": { "id": "c1ba314e-0c7a-408a-9565-89989b22de44", "title": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists <= 3.1.42 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "* - 3.1.42": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1ba314e-0c7a-408a-9565-89989b22de44?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1bb3ab9-afbb-40e7-967a-45f737777dcf": { "id": "c1bb3ab9-afbb-40e7-967a-45f737777dcf", "title": "Ajax Load More < 2.11.2 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "[*, 2.11.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1bb3ab9-afbb-40e7-967a-45f737777dcf?source=api-scan" ], "published": "2016-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1c106e8-9642-4294-90fd-6838cc551b90": { "id": "c1c106e8-9642-4294-90fd-6838cc551b90", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_delete_snapshot", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1c106e8-9642-4294-90fd-6838cc551b90?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1c218c6-1599-4dc9-846f-e0ef74821488": { "id": "c1c218c6-1599-4dc9-846f-e0ef74821488", "title": "Buy Me a Coffee \u2013 Button and Widget Plugin <= 3.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Buy Me a Coffee \u2013 Button and Widget Plugin", "slug": "buymeacoffee", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1c218c6-1599-4dc9-846f-e0ef74821488?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1cae64e-caed-43c0-9a75-9aa4234946a0": { "id": "c1cae64e-caed-43c0-9a75-9aa4234946a0", "title": "AMP for WP \u2013 Accelerated Mobile Pages <= 1.0.92 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 1.0.92": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.92", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.92.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1cae64e-caed-43c0-9a75-9aa4234946a0?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1cec0b1-b77c-4d21-a3d2-c79fd3250bb0": { "id": "c1cec0b1-b77c-4d21-a3d2-c79fd3250bb0", "title": "YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1cec0b1-b77c-4d21-a3d2-c79fd3250bb0?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1d02646-271a-4079-8a47-00b4029e9c1f": { "id": "c1d02646-271a-4079-8a47-00b4029e9c1f", "title": "RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 9.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1d02646-271a-4079-8a47-00b4029e9c1f?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1d2b6bd-a75a-4a07-b2f0-8ec206d41211": { "id": "c1d2b6bd-a75a-4a07-b2f0-8ec206d41211", "title": "SupportCandy <= 3.1.6 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1d2b6bd-a75a-4a07-b2f0-8ec206d41211?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1d354fc-8137-44fa-980a-215dbeb7d15c": { "id": "c1d354fc-8137-44fa-980a-215dbeb7d15c", "title": "WP-Forum <= 1.7.4 - Remote SQL Injection", "software": [ { "type": "plugin", "name": "wp-forum", "slug": "wp-forum", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1d354fc-8137-44fa-980a-215dbeb7d15c?source=api-scan" ], "published": "2008-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1d67b80-67b7-4194-ab90-e9f8cea1ac33": { "id": "c1d67b80-67b7-4194-ab90-e9f8cea1ac33", "title": "youForms for WordPress \u2013 Creating Forms for CopeCart <= 1.0.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "youForms for WordPress \u2013 Creating Forms for CopeCart", "slug": "youforms-free-for-copecart", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1d67b80-67b7-4194-ab90-e9f8cea1ac33?source=api-scan" ], "published": "2021-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1d8ae51-5f5e-466d-9994-32c898f01f53": { "id": "c1d8ae51-5f5e-466d-9994-32c898f01f53", "title": "AdServe < 0.3 - SQL Injection", "software": [ { "type": "plugin", "name": "AdServe", "slug": "adserve", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1d8ae51-5f5e-466d-9994-32c898f01f53?source=api-scan" ], "published": "2008-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1d9ee9f-d8d0-4a9d-b414-bc79c4255b4e": { "id": "c1d9ee9f-d8d0-4a9d-b414-bc79c4255b4e", "title": "Events Shortcodes & Templates For The Events Calendar <= 2.3.1 - Authenticated (Contributor+) SQL Injection via shortcode", "software": [ { "type": "plugin", "name": "Events Shortcodes For The Events Calendar", "slug": "template-events-calendar", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1d9ee9f-d8d0-4a9d-b414-bc79c4255b4e?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1e563e1-5381-4353-aa09-b09971b830c8": { "id": "c1e563e1-5381-4353-aa09-b09971b830c8", "title": "Easy Digital Downloads <= 3.0.1 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1e563e1-5381-4353-aa09-b09971b830c8?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1ec113c-d11f-4b0b-8d4a-46d37687b3b2": { "id": "c1ec113c-d11f-4b0b-8d4a-46d37687b3b2", "title": "Countdown and CountUp, WooCommerce Sales Timer <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Countdown and CountUp, WooCommerce Sales Timer", "slug": "countdown-wpdevart-extended", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1ec113c-d11f-4b0b-8d4a-46d37687b3b2?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1f10e67-d301-46ba-b92e-432819cb9606": { "id": "c1f10e67-d301-46ba-b92e-432819cb9606", "title": "VK All in One Expansion Unit <= 9.85.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "VK All in One Expansion Unit", "slug": "vk-all-in-one-expansion-unit", "affected_versions": { "* - 9.85.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.85.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.86.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1f10e67-d301-46ba-b92e-432819cb9606?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1f643bd-a168-4506-9606-0b8b91573ebb": { "id": "c1f643bd-a168-4506-9606-0b8b91573ebb", "title": "Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoo Slider \u2013 Image Slider & Video Slider", "slug": "yoo-slider", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1f643bd-a168-4506-9606-0b8b91573ebb?source=api-scan" ], "published": "2022-03-21 21:28:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c1f64b77-5c8b-44f3-b1a8-6aa9f13624b7": { "id": "c1f64b77-5c8b-44f3-b1a8-6aa9f13624b7", "title": "WooCommerce Amazon Affiliates < 9.0.2.16 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WooCommerce Amazon Affiliates", "slug": "wwc-amz-aff", "affected_versions": { "[*, 9.0.2.16)": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.2.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.0.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c1f64b77-5c8b-44f3-b1a8-6aa9f13624b7?source=api-scan" ], "published": "2015-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2020323-b08d-4a5c-818f-1c440e057e75": { "id": "c2020323-b08d-4a5c-818f-1c440e057e75", "title": "Disqus Comment System < 2.76 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Disqus Comment System", "slug": "disqus-comment-system", "affected_versions": { "[*, 2.76)": { "from_version": "*", "from_inclusive": true, "to_version": "2.76", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2020323-b08d-4a5c-818f-1c440e057e75?source=api-scan" ], "published": "2014-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2036c08-3aaf-4e41-bcd6-787f4b8fba9d": { "id": "c2036c08-3aaf-4e41-bcd6-787f4b8fba9d", "title": "Calculated Fields Form <= 1.1.150 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.1.150": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.150", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.151" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2036c08-3aaf-4e41-bcd6-787f4b8fba9d?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2054dcd-1a65-48bc-9dcf-824fa448921d": { "id": "c2054dcd-1a65-48bc-9dcf-824fa448921d", "title": "User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "User Activity Log Pro", "slug": "user-activity-log-pro", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2054dcd-1a65-48bc-9dcf-824fa448921d?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2075960-fde4-4ca9-a000-23fdd6d5de1c": { "id": "c2075960-fde4-4ca9-a000-23fdd6d5de1c", "title": "Material Design Icons for Page Builders <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Material Design Icons for Page Builders", "slug": "material-design-icons-for-elementor", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2075960-fde4-4ca9-a000-23fdd6d5de1c?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2081e4a-c6b7-4730-be59-bc728b90ecaa": { "id": "c2081e4a-c6b7-4730-be59-bc728b90ecaa", "title": "WP Force SSL & HTTPS SSL Redirect <= 1.66 - Missing Authorization to Settings Update", "software": [ { "type": "plugin", "name": "WP Force SSL & HTTPS SSL Redirect", "slug": "wp-force-ssl", "affected_versions": { "* - 1.66": { "from_version": "*", "from_inclusive": true, "to_version": "1.66", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2081e4a-c6b7-4730-be59-bc728b90ecaa?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c20c1fb1-8803-4f84-bdbb-6f03edd907cf": { "id": "c20c1fb1-8803-4f84-bdbb-6f03edd907cf", "title": "The Post Grid <= 7.7.4 - Missing Authorization via AJAX", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c20c1fb1-8803-4f84-bdbb-6f03edd907cf?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c20c674f-54b5-470f-b470-07a63501eb4d": { "id": "c20c674f-54b5-470f-b470-07a63501eb4d", "title": "Modern Footnotes <= 1.4.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Modern Footnotes", "slug": "modern-footnotes", "affected_versions": { "* - 1.4.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c20c674f-54b5-470f-b470-07a63501eb4d?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c20e288e-492d-49ed-89cb-e1ee3e8c204e": { "id": "c20e288e-492d-49ed-89cb-e1ee3e8c204e", "title": "Twitter LiveBlog <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "twitter-liveblog", "slug": "twitter-liveblog", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c20e288e-492d-49ed-89cb-e1ee3e8c204e?source=api-scan" ], "published": "2014-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c20ff80c-75da-4879-ba1c-e14edf779f58": { "id": "c20ff80c-75da-4879-ba1c-e14edf779f58", "title": "Enjoy Social Feed <= 6.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Enjoy Social Feed plugin for WordPress website", "slug": "enjoy-instagram-instagram-responsive-images-gallery-and-carousel", "affected_versions": { "* - 6.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c20ff80c-75da-4879-ba1c-e14edf779f58?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2110dbe-a625-4fa5-8426-8f11b3c33844": { "id": "c2110dbe-a625-4fa5-8426-8f11b3c33844", "title": "GD Mylist <= 1.1.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GDMylist", "slug": "gd-mylist", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2110dbe-a625-4fa5-8426-8f11b3c33844?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2121162-68db-47c4-80f6-222f013f48c2": { "id": "c2121162-68db-47c4-80f6-222f013f48c2", "title": "External Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "External Media", "slug": "external-media", "affected_versions": { "* - 1.0.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2121162-68db-47c4-80f6-222f013f48c2?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2136e1c-5f69-434d-bdc7-72a144da744b": { "id": "c2136e1c-5f69-434d-bdc7-72a144da744b", "title": "Essential Blocks for Gutenberg <= 4.2.0 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2136e1c-5f69-434d-bdc7-72a144da744b?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c21c12b1-763e-4c01-bd41-5e2d0b34a50f": { "id": "c21c12b1-763e-4c01-bd41-5e2d0b34a50f", "title": "Glossary <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Glossary", "slug": "glossary-by-codeat", "affected_versions": { "* - 2.1.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c21c12b1-763e-4c01-bd41-5e2d0b34a50f?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c226ca9a-8a2e-4e56-a039-96c31526a379": { "id": "c226ca9a-8a2e-4e56-a039-96c31526a379", "title": "WolfNet IDX for WordPress <= 1.19.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WolfNet IDX for WordPress", "slug": "wolfnet-idx-for-wordpress", "affected_versions": { "* - 1.19.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.19.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c226ca9a-8a2e-4e56-a039-96c31526a379?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c22b9505-6341-4db8-9d21-23796caf63d3": { "id": "c22b9505-6341-4db8-9d21-23796caf63d3", "title": "PictPress <= 0.91 - Directory Traversal", "software": [ { "type": "plugin", "name": "PictPress", "slug": "pictpress", "affected_versions": { "* - 0.91": { "from_version": "*", "from_inclusive": true, "to_version": "0.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c22b9505-6341-4db8-9d21-23796caf63d3?source=api-scan" ], "published": "2007-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c22c2c17-c9c5-46eb-877a-a49ccf1a74ef": { "id": "c22c2c17-c9c5-46eb-877a-a49ccf1a74ef", "title": "Rename Media Files <= 1.0.1 - Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Rename Media Files", "slug": "rename-media-files", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c22c2c17-c9c5-46eb-877a-a49ccf1a74ef?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c232344c-5070-4461-b143-0f53d61d6eac": { "id": "c232344c-5070-4461-b143-0f53d61d6eac", "title": "Real3D Flipbook <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real3D Flipbook", "slug": "real3d-flipbook", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c232344c-5070-4461-b143-0f53d61d6eac?source=api-scan" ], "published": "2016-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2324caa-f804-4f76-9d08-8951fbee4669": { "id": "c2324caa-f804-4f76-9d08-8951fbee4669", "title": "Weather Atlas Widget <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Weather Atlas Widget", "slug": "weather-atlas", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2324caa-f804-4f76-9d08-8951fbee4669?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c232b39c-7144-4d3a-9770-883986ca8b29": { "id": "c232b39c-7144-4d3a-9770-883986ca8b29", "title": "WooCommerce <= 4.0.4 - Unauthorized Post Meta Creation\/Modification", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 4.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c232b39c-7144-4d3a-9770-883986ca8b29?source=api-scan" ], "published": "2020-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c232ddc0-35e8-42e0-8fff-831c74457615": { "id": "c232ddc0-35e8-42e0-8fff-831c74457615", "title": "Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wonder Video Embed", "slug": "wonderplugin-video-embed", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c232ddc0-35e8-42e0-8fff-831c74457615?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2385865-ff03-4daf-bf81-3ec3ea11c91f": { "id": "c2385865-ff03-4daf-bf81-3ec3ea11c91f", "title": "WordPress Core < 4.2.4 - Cross-Site Scripting in Theme Preview", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.9": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true }, "3.8 - 3.8.9": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true }, "3.9 - 3.9.7": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": true }, "4.0 - 4.0.6": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true }, "4.1 - 4.1.6": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true }, "4.2 - 4.2.3": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.10", "3.8.10", "3.9.8", "4.0.7", "4.1.7", "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2385865-ff03-4daf-bf81-3ec3ea11c91f?source=api-scan" ], "published": "2015-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c23995c6-989e-48d2-ba60-b0bf7b750245": { "id": "c23995c6-989e-48d2-ba60-b0bf7b750245", "title": "Gutenberg Page Builder Blocks & Ready-Made Patterns Library <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites \u2013 Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed", "slug": "blockspare", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c23995c6-989e-48d2-ba60-b0bf7b750245?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c23bba83-35d2-4098-8104-8389bb2ff880": { "id": "c23bba83-35d2-4098-8104-8389bb2ff880", "title": "WordPress Header Builder Plugin \u2013 Pearl <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Header Builder Plugin \u2013 Pearl", "slug": "pearl-header-builder", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c23bba83-35d2-4098-8104-8389bb2ff880?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c23c3b24-893f-4589-8fab-bd54259bd105": { "id": "c23c3b24-893f-4589-8fab-bd54259bd105", "title": "WP Fastest Cache < 0.8.4.9 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "[*, 0.8.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.8.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c23c3b24-893f-4589-8fab-bd54259bd105?source=api-scan" ], "published": "2015-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c23e9810-40ea-43e2-9292-f05f300a7ddf": { "id": "c23e9810-40ea-43e2-9292-f05f300a7ddf", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c23e9810-40ea-43e2-9292-f05f300a7ddf?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2421108-d4b0-480e-a020-95712cdfae8e": { "id": "c2421108-d4b0-480e-a020-95712cdfae8e", "title": "Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "3.6.0 - 3.6.2": { "from_version": "3.6.0", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2421108-d4b0-480e-a020-95712cdfae8e?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2475643-a0b4-444a-a2c6-a5c45e90e1dd": { "id": "c2475643-a0b4-444a-a2c6-a5c45e90e1dd", "title": "UltimateAI <= 2.8.3 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Ultimate AI", "slug": "Ultimate_AI", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c248606f-2d79-46c1-8975-e111b9118ceb": { "id": "c248606f-2d79-46c1-8975-e111b9118ceb", "title": "WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c248606f-2d79-46c1-8975-e111b9118ceb?source=api-scan" ], "published": "2011-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2487a5e-f038-414b-bc88-ed2c7f2c624c": { "id": "c2487a5e-f038-414b-bc88-ed2c7f2c624c", "title": "Business Directory Plugin <= 5.11.1 - Cross-Site Request Forgery to Arbitrary Payment History Update", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 5.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2487a5e-f038-414b-bc88-ed2c7f2c624c?source=api-scan" ], "published": "2021-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c248f11c-f381-4335-b6f7-bb18bbf1f7b0": { "id": "c248f11c-f381-4335-b6f7-bb18bbf1f7b0", "title": "WP-Invoice \u2013 Web Invoice and Billing <= 4.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Invoice \u2013 Web Invoice and Billing", "slug": "wp-invoice", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c248f11c-f381-4335-b6f7-bb18bbf1f7b0?source=api-scan" ], "published": "2022-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c24c57e5-2b42-40db-816a-f1327d1ac09b": { "id": "c24c57e5-2b42-40db-816a-f1327d1ac09b", "title": "OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion", "software": [ { "type": "plugin", "name": "OoohBoi Steroids for Elementor", "slug": "ooohboi-steroids-for-elementor", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c24c57e5-2b42-40db-816a-f1327d1ac09b?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c265590c-be4f-4191-8368-7d366d182dc0": { "id": "c265590c-be4f-4191-8368-7d366d182dc0", "title": "WP Airbnb Review Slider <= 3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Airbnb Review Slider", "slug": "wp-airbnb-review-slider", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c265590c-be4f-4191-8368-7d366d182dc0?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2663150-61f9-49e3-9219-fbe89cc6b03c": { "id": "c2663150-61f9-49e3-9219-fbe89cc6b03c", "title": "Nested Pages <= 3.2.7 - Cross-Site Request Forgery to Local File Inclusion", "software": [ { "type": "plugin", "name": "Nested Pages", "slug": "wp-nested-pages", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2663150-61f9-49e3-9219-fbe89cc6b03c?source=api-scan" ], "published": "2024-07-03 23:23:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c26e2aea-835e-4462-b4e3-99d2caf3a014": { "id": "c26e2aea-835e-4462-b4e3-99d2caf3a014", "title": "Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Custom Content Shortcode", "slug": "custom-content-shortcode", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c26e2aea-835e-4462-b4e3-99d2caf3a014?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c272f769-65da-4963-aff0-8f68a277ea63": { "id": "c272f769-65da-4963-aff0-8f68a277ea63", "title": "WordPress Core < 5.8.3 - Authenticated (Author+) Stored Cross Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[3.7, 3.7.37)": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.37", "to_inclusive": false }, "[3.8, 3.8.37)": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.37", "to_inclusive": false }, "[3.9, 3.9.35)": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.35", "to_inclusive": false }, "[4.0, 4.0.34)": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.34", "to_inclusive": false }, "[4.1, 4.1.34)": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.34", "to_inclusive": false }, "[4.2, 4.2.31)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.31", "to_inclusive": false }, "[4.3, 4.3.27)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.27", "to_inclusive": false }, "[4.4, 4.4.26)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.26", "to_inclusive": false }, "[4.5, 4.5.25)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.25", "to_inclusive": false }, "[4.6, 4.6.22)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.22", "to_inclusive": false }, "[4.7, 4.7.22)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.22", "to_inclusive": false }, "[4.8, 4.8.18)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.18", "to_inclusive": false }, "[4.9, 4.9.19)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.19", "to_inclusive": false }, "[5.0, 5.0.15)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.15", "to_inclusive": false }, "[5.1, 5.1.12)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.12", "to_inclusive": false }, "[5.2, 5.2.14)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.14", "to_inclusive": false }, "[5.3, 5.3.11)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.11", "to_inclusive": false }, "[5.4, 5.4.9)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": false }, "[5.5, 5.5.8)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.8", "to_inclusive": false }, "[5.6, 5.6.7)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.7", "to_inclusive": false }, "[5.7, 5.7.5)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": false }, "[5.8, 5.8.3)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.37", "3.8.37", "3.9.35", "4.0.34", "4.1.34", "4.2.31", "4.3.27", "4.4.26", "4.5.25", "4.6.22", "4.7.22", "4.8.18", "4.9.19", "5.0.15", "5.1.12", "5.2.14", "5.3.11", "5.4.9", "5.5.8", "5.6.7", "5.7.5", "5.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c272f769-65da-4963-aff0-8f68a277ea63?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c274a9b2-c95e-4898-afa4-d6e2f6006f91": { "id": "c274a9b2-c95e-4898-afa4-d6e2f6006f91", "title": "Premium Gallery Manager (Unknown Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Premium Gallery Manager", "slug": "Premium_Gallery_Manager", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c274a9b2-c95e-4898-afa4-d6e2f6006f91?source=api-scan" ], "published": "2014-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2760f65-a981-42f6-b18c-fcf493bd34b6": { "id": "c2760f65-a981-42f6-b18c-fcf493bd34b6", "title": "Codup Read Only Admin <= 1.1.1.7 - Cross Site Scripting", "software": [ { "type": "plugin", "name": "Codup Read Only Admin", "slug": "codup-read-only-admin", "affected_versions": { "* - 1.1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2760f65-a981-42f6-b18c-fcf493bd34b6?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2777158-baa4-4209-ae15-03da5adafc75": { "id": "c2777158-baa4-4209-ae15-03da5adafc75", "title": "OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "OneTone", "slug": "onetone", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "OneTone Companion", "slug": "onetone-companion", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2777158-baa4-4209-ae15-03da5adafc75?source=api-scan" ], "published": "2020-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c27f566a-913e-498e-90bb-113692b74612": { "id": "c27f566a-913e-498e-90bb-113692b74612", "title": "CodePen Embedded Pens Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CodePen Embedded Pens Shortcode", "slug": "codepen-embedded-pen-shortcode", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c27f566a-913e-498e-90bb-113692b74612?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2805cb0-8913-4487-8445-031b7d920e2d": { "id": "c2805cb0-8913-4487-8445-031b7d920e2d", "title": "BackUpWordPress <= 3.13 - Authenticated (Admin+) Directory Traversal", "software": [ { "type": "plugin", "name": "BackUpWordPress", "slug": "backupwordpress", "affected_versions": { "* - 3.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2805cb0-8913-4487-8445-031b7d920e2d?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2826ac2-bb1c-4aee-ba3f-c77825fc395c": { "id": "c2826ac2-bb1c-4aee-ba3f-c77825fc395c", "title": "Anti-Malware Security and Brute-Force Firewall <= 4.21.85 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Anti-Malware Security and Brute-Force Firewall", "slug": "gotmls", "affected_versions": { "* - 4.21.85": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.85", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.21.86" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2826ac2-bb1c-4aee-ba3f-c77825fc395c?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c284ed3e-7f8e-4841-88f3-33e99f98aa83": { "id": "c284ed3e-7f8e-4841-88f3-33e99f98aa83", "title": "Mooberry Book Manager <= 4.15.12 - Unauthenticated Information Exposure via Export Files", "software": [ { "type": "plugin", "name": "Mooberry Book Manager", "slug": "mooberry-book-manager", "affected_versions": { "* - 4.15.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c284ed3e-7f8e-4841-88f3-33e99f98aa83?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c287ed1d-83ff-4ee7-bebc-e57850d081a0": { "id": "c287ed1d-83ff-4ee7-bebc-e57850d081a0", "title": "Quick Code <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Code", "slug": "quick-code", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c287ed1d-83ff-4ee7-bebc-e57850d081a0?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c28e2aba-73eb-43f9-bae9-a78a67e6207c": { "id": "c28e2aba-73eb-43f9-bae9-a78a67e6207c", "title": "Product Designer <= 1.0.32 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Product Designer", "slug": "product-designer", "affected_versions": { "* - 1.0.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c28e2aba-73eb-43f9-bae9-a78a67e6207c?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c291aa80-f1cd-4933-b522-73ec115a3a68": { "id": "c291aa80-f1cd-4933-b522-73ec115a3a68", "title": "WP User Profile Avatar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP User Profile Avatar", "slug": "wp-user-profile-avatar", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c291aa80-f1cd-4933-b522-73ec115a3a68?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c296743a-ec08-4cdd-b3d0-ab3de93f5bb9": { "id": "c296743a-ec08-4cdd-b3d0-ab3de93f5bb9", "title": "Music Store \u2013 WordPress eCommerce < 1.0.15 - Open Redirect", "software": [ { "type": "plugin", "name": "Music Store \u2013 WordPress eCommerce", "slug": "music-store", "affected_versions": { "[*, 1.0.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c296743a-ec08-4cdd-b3d0-ab3de93f5bb9?source=api-scan" ], "published": "2015-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2967eae-82bb-4556-a21a-c5bb6b905c62": { "id": "c2967eae-82bb-4556-a21a-c5bb6b905c62", "title": "POWR <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Contact Form \u2013 Custom Builder, Payment Form, and More", "slug": "powr-pack", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2967eae-82bb-4556-a21a-c5bb6b905c62?source=api-scan" ], "published": "2023-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c298c87e-cf3c-4b72-bb0e-a01ca2dfe52f": { "id": "c298c87e-cf3c-4b72-bb0e-a01ca2dfe52f", "title": "Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Waitlist Woocommerce ( Back in stock notifier )", "slug": "waitlist-woocommerce", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c298c87e-cf3c-4b72-bb0e-a01ca2dfe52f?source=api-scan" ], "published": "2024-09-13 14:49:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2990ed9-061e-4d35-aae0-99282a4f3737": { "id": "c2990ed9-061e-4d35-aae0-99282a4f3737", "title": "WS Form LITE and WS Form Pro < 1.8.176 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress", "slug": "ws-form", "affected_versions": { "[*, 1.8.176)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.176", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.176" ] }, { "type": "plugin", "name": "WS Form Pro", "slug": "ws-form-pro", "affected_versions": { "[*, 1.8.176)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.176", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.176" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2990ed9-061e-4d35-aae0-99282a4f3737?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c29cb99f-72e9-4178-b961-7ab50a5b6c7d": { "id": "c29cb99f-72e9-4178-b961-7ab50a5b6c7d", "title": "Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rock Convert", "slug": "rock-convert", "affected_versions": { "* - 2.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c29cb99f-72e9-4178-b961-7ab50a5b6c7d?source=api-scan" ], "published": "2022-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2a2c069-5dc6-45e2-8ca1-842759d541c4": { "id": "c2a2c069-5dc6-45e2-8ca1-842759d541c4", "title": "Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager", "slug": "folders", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2a2c069-5dc6-45e2-8ca1-842759d541c4?source=api-scan" ], "published": "2024-08-05 22:52:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2a30bb9-501b-44bd-8121-c137bb1c3ae5": { "id": "c2a30bb9-501b-44bd-8121-c137bb1c3ae5", "title": "Unite Gallery Lite < 1.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Unite Gallery Lite", "slug": "unite-gallery-lite", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2a30bb9-501b-44bd-8121-c137bb1c3ae5?source=api-scan" ], "published": "2015-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2a515d9-dc4c-4755-b602-a9eb22f8e814": { "id": "c2a515d9-dc4c-4755-b602-a9eb22f8e814", "title": "Registrations for The Events Calendar <= 2.7.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Registrations for the Events Calendar \u2013 Event Registration Plugin", "slug": "registrations-for-the-events-calendar", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2a515d9-dc4c-4755-b602-a9eb22f8e814?source=api-scan" ], "published": "2021-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2a5ae9f-b57c-4a71-b976-5975ad086c74": { "id": "c2a5ae9f-b57c-4a71-b976-5975ad086c74", "title": "Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Question and Message", "software": [ { "type": "plugin", "name": "Wp-Adv-Quiz", "slug": "advanced-quiz", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2a5ae9f-b57c-4a71-b976-5975ad086c74?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2b2671e-0db7-4ba9-b574-a0122959e8fc": { "id": "c2b2671e-0db7-4ba9-b574-a0122959e8fc", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2b2671e-0db7-4ba9-b574-a0122959e8fc?source=api-scan" ], "published": "2024-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2b7802a-3cbe-4488-93d2-5f8a34faf8ae": { "id": "c2b7802a-3cbe-4488-93d2-5f8a34faf8ae", "title": "Sabre < 1.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sabre", "slug": "sabre", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2b7802a-3cbe-4488-93d2-5f8a34faf8ae?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2b79193-f8fc-4ea2-8973-fe292cfb926b": { "id": "c2b79193-f8fc-4ea2-8973-fe292cfb926b", "title": "RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "[*, 3.7.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2b79193-f8fc-4ea2-8973-fe292cfb926b?source=api-scan" ], "published": "2017-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2b795d8-3cab-4d81-a016-b4498315ddf4": { "id": "c2b795d8-3cab-4d81-a016-b4498315ddf4", "title": "JustTables \u2013 WooCommerce Product Table <= 1.4.9 - Cross-Site Request Forgery via plugin_activation()", "software": [ { "type": "plugin", "name": "JustTables \u2013 WooCommerce Product Table", "slug": "just-tables", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2b795d8-3cab-4d81-a016-b4498315ddf4?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2be56d2-d473-455e-8d6e-d2df6abb19ca": { "id": "c2be56d2-d473-455e-8d6e-d2df6abb19ca", "title": "Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Thrive Optimize", "slug": "thrive-ab-page-testing", "affected_versions": { "[*, 1.4.13.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.13.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.13.3" ] }, { "type": "plugin", "name": "Thrive Dashboard", "slug": "thrive-dashboard", "affected_versions": { "[*, 2.3.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.9.3" ] }, { "type": "plugin", "name": "Thrive Leads", "slug": "thrive-leads", "affected_versions": { "[*, 2.3.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.9.4" ] }, { "type": "plugin", "name": "Thrive Clever Widgets", "slug": "thrive-clever-widgets", "affected_versions": { "[*, 1.57.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.57.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.57.1" ] }, { "type": "theme", "name": "Thrive Themes Builder", "slug": "thrive-theme", "affected_versions": { "[*, 2.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.4" ] }, { "type": "plugin", "name": "Thrive Ultimatum", "slug": "thrive-ultimatum", "affected_versions": { "[*, 2.3.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.9.4" ] }, { "type": "theme", "name": "Ignition", "slug": "ignition", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Storied", "slug": "storied", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "Thrive Apprentice", "slug": "thrive-apprentice", "affected_versions": { "[*, 2.3.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.9.4" ] }, { "type": "theme", "name": "Luxe", "slug": "luxe", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "Thrive Comments", "slug": "thrive-comments", "affected_versions": { "[*, 1.4.15.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.15.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.15.3" ] }, { "type": "theme", "name": "Voice", "slug": "voice", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "Thrive Visual Editor", "slug": "thrive-visual-editor", "affected_versions": { "[*, 2.6.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.7.4" ] }, { "type": "plugin", "name": "Thrive Ovation", "slug": "thrive-ovation", "affected_versions": { "[*, 2.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.5" ] }, { "type": "theme", "name": "Squared", "slug": "squared", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Performag", "slug": "performag", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Minus", "slug": "minus", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "Thrive Quiz Builder", "slug": "thrive-quiz-builder", "affected_versions": { "[*, 2.3.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.9.4" ] }, { "type": "theme", "name": "Pressive", "slug": "pressive", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Rise", "slug": "rise", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "FocusBlog", "slug": "focusblog", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "Thrive Headline Optimizer", "slug": "thrive-headline-optimizer", "affected_versions": { "[*, 1.3.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan" ], "published": "2021-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2c80b7d-aad9-4d5e-814a-6ed928827043": { "id": "c2c80b7d-aad9-4d5e-814a-6ed928827043", "title": "Leyka <= 3.31.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "* - 3.31.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.31.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.31.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2c80b7d-aad9-4d5e-814a-6ed928827043?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2cb2475-2064-4212-89fe-402622736b78": { "id": "c2cb2475-2064-4212-89fe-402622736b78", "title": "WP MultiTasking <= 0.1.12 - Cross-Site Request Forgery to SMTP Settings Update", "software": [ { "type": "plugin", "name": "WP MultiTasking \u2013 WP Utilities", "slug": "wp-multitasking", "affected_versions": { "* - 0.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2cb2475-2064-4212-89fe-402622736b78?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77": { "id": "c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77", "title": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2d03b83-c406-4d3f-b6be-015edcc15515": { "id": "c2d03b83-c406-4d3f-b6be-015edcc15515", "title": "Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Templates", "software": [ { "type": "plugin", "name": "Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce", "slug": "a4-barcode-generator", "affected_versions": { "* - 3.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2d03b83-c406-4d3f-b6be-015edcc15515?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2da5ba0-530d-44a6-8a98-808276e0a9c6": { "id": "c2da5ba0-530d-44a6-8a98-808276e0a9c6", "title": "JetThemeCore for Elementor <= 2.2.0 - Authenticated (Subscriber+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "JetThemeCore for Elementor", "slug": "jet-theme-core", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2da5ba0-530d-44a6-8a98-808276e0a9c6?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2e0a227-670d-40d8-ba82-6602ab57bc4a": { "id": "c2e0a227-670d-40d8-ba82-6602ab57bc4a", "title": "We\u2019re Open! <= 1.45 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "We\u2019re Open!", "slug": "opening-hours", "affected_versions": { "* - 1.45": { "from_version": "*", "from_inclusive": true, "to_version": "1.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2e0a227-670d-40d8-ba82-6602ab57bc4a?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2e6a555-6f7e-48bd-8e8d-dfdcbd5f1e77": { "id": "c2e6a555-6f7e-48bd-8e8d-dfdcbd5f1e77", "title": "WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Discount Editing", "software": [ { "type": "plugin", "name": "WP eStore", "slug": "wp-cart-for-digital-products", "affected_versions": { "* - 8.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2e6a555-6f7e-48bd-8e8d-dfdcbd5f1e77?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2e770e0-1a39-4946-838b-4fd1f1dea1c8": { "id": "c2e770e0-1a39-4946-838b-4fd1f1dea1c8", "title": "WordPress Header Builder Plugin \u2013 Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion", "software": [ { "type": "plugin", "name": "WordPress Header Builder Plugin \u2013 Pearl", "slug": "pearl-header-builder", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2e770e0-1a39-4946-838b-4fd1f1dea1c8?source=api-scan" ], "published": "2024-06-11 20:05:56", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2e80e6f-08e7-426b-9797-97483c3dc410": { "id": "c2e80e6f-08e7-426b-9797-97483c3dc410", "title": "Google Doc Embedder <= 2.5.18 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Doc Embedder", "slug": "google-document-embedder", "affected_versions": { "[*, 2.5.19)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2e80e6f-08e7-426b-9797-97483c3dc410?source=api-scan" ], "published": "2015-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2e83cb5-3c10-45dc-b37e-4d47ebc6853d": { "id": "c2e83cb5-3c10-45dc-b37e-4d47ebc6853d", "title": "Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Landing Page Builder \u2013 Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages", "slug": "page-builder-add", "affected_versions": { "* - 1.5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2e83cb5-3c10-45dc-b37e-4d47ebc6853d?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2e92646-bb71-4cf1-b826-e749693b0c0c": { "id": "c2e92646-bb71-4cf1-b826-e749693b0c0c", "title": "RestroPress <= 3.1.2 - Cross-Site Request Forgery via rpress_orders_list_table_process_bulk_actions", "software": [ { "type": "plugin", "name": "RestroPress \u2013 Online Food Ordering System", "slug": "restropress", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2e92646-bb71-4cf1-b826-e749693b0c0c?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2e98359-6b38-4132-9699-a0180813bff3": { "id": "c2e98359-6b38-4132-9699-a0180813bff3", "title": "WPC Frequently Bought Together for WooCommerce <= 7.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "WPC Frequently Bought Together for WooCommerce", "slug": "woo-bought-together", "affected_versions": { "* - 7.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2e98359-6b38-4132-9699-a0180813bff3?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2f10cc4-82a8-4668-b1e5-a08a0f79b59c": { "id": "c2f10cc4-82a8-4668-b1e5-a08a0f79b59c", "title": "Bello - Directory & Listing - < 1.6.0 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Bello - Directory & Listing", "slug": "bello", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2f10cc4-82a8-4668-b1e5-a08a0f79b59c?source=api-scan" ], "published": "2021-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2f209e1-4837-404b-8e3e-63a9d842a944": { "id": "c2f209e1-4837-404b-8e3e-63a9d842a944", "title": "WP Social Comments <= 1.7.2 - Missing Authorization to Authenticated (Subscriber+) Settings Change", "software": [ { "type": "plugin", "name": "WP Social Comments", "slug": "gs-facebook-comments", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2f209e1-4837-404b-8e3e-63a9d842a944?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2f4461b-1373-4d09-8430-14d1961e1644": { "id": "c2f4461b-1373-4d09-8430-14d1961e1644", "title": "Microsoft Clarity <= 0.9.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Microsoft Clarity", "slug": "microsoft-clarity", "affected_versions": { "* - 0.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2f4461b-1373-4d09-8430-14d1961e1644?source=api-scan" ], "published": "2024-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2f4c1de-7eeb-45c4-bbff-ec85f2cda5aa": { "id": "c2f4c1de-7eeb-45c4-bbff-ec85f2cda5aa", "title": "Event Manager for WooCommerce <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mep_get_option' function", "software": [ { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "* - 3.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2f4c1de-7eeb-45c4-bbff-ec85f2cda5aa?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2f54e8d-9e81-4902-9111-b826ef5da164": { "id": "c2f54e8d-9e81-4902-9111-b826ef5da164", "title": "Contact Form 7 <= 5.3.1 - Arbitrary File Upload via Bypass", "software": [ { "type": "plugin", "name": "Contact Form 7", "slug": "contact-form-7", "affected_versions": { "[*, 5.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2f54e8d-9e81-4902-9111-b826ef5da164?source=api-scan" ], "published": "2020-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2fd1bd8-dcc2-4c9a-be3f-b0a58992a239": { "id": "c2fd1bd8-dcc2-4c9a-be3f-b0a58992a239", "title": "PostX \u2013 Gutenberg Blocks for Post Grid <= 3.2.3 - Incorrect Authorization", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2fd1bd8-dcc2-4c9a-be3f-b0a58992a239?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c2fe3724-f71c-4548-9410-838c0337f887": { "id": "c2fe3724-f71c-4548-9410-838c0337f887", "title": "BuddyPress <= 1.9.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c2fe3724-f71c-4548-9410-838c0337f887?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3016491-6a6a-433f-9018-5e84f9e3e37c": { "id": "c3016491-6a6a-433f-9018-5e84f9e3e37c", "title": "Bulk Delete <= 5.5.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Bulk Delete", "slug": "bulk-delete", "affected_versions": { "[*, 5.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3016491-6a6a-433f-9018-5e84f9e3e37c?source=api-scan" ], "published": "2016-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c30801d1-9335-4bba-b344-f0ff57cecf84": { "id": "c30801d1-9335-4bba-b344-f0ff57cecf84", "title": "Conversios <= 7.0.7 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory", "software": [ { "type": "plugin", "name": "Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress", "slug": "enhanced-e-commerce-for-woocommerce-store", "affected_versions": { "* - 7.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c30801d1-9335-4bba-b344-f0ff57cecf84?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c30d517b-e051-408c-a022-4399c3d62390": { "id": "c30d517b-e051-408c-a022-4399c3d62390", "title": "Easy Forms for MailChimp <= 6.8.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "* - 6.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c30d517b-e051-408c-a022-4399c3d62390?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c30f2322-14b1-476a-bbaf-99a14bc9e017": { "id": "c30f2322-14b1-476a-bbaf-99a14bc9e017", "title": "Stockholm <= 9.6 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "theme", "name": "Stockholm", "slug": "stockholm", "affected_versions": { "* - 9.6": { "from_version": "*", "from_inclusive": true, "to_version": "9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c30f2322-14b1-476a-bbaf-99a14bc9e017?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3114906-fac1-42b9-9ba1-0a5d44c2fb3a": { "id": "c3114906-fac1-42b9-9ba1-0a5d44c2fb3a", "title": "SAML SP Single Sign On <= 5.0.4 - Missing Authorization to notice dismissal", "software": [ { "type": "plugin", "name": "SAML Single Sign On \u2013 SSO Login Standard", "slug": "miniorange-saml-20-single-sign-on", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3114906-fac1-42b9-9ba1-0a5d44c2fb3a?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c312f915-fca6-4624-bfb9-8d8fd54d1b3c": { "id": "c312f915-fca6-4624-bfb9-8d8fd54d1b3c", "title": "Contact Form by Supsystic <= 1.7.28 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by Supsystic", "slug": "contact-form-by-supsystic", "affected_versions": { "* - 1.7.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c312f915-fca6-4624-bfb9-8d8fd54d1b3c?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3172e21-c2e4-4ec0-ad0f-4433303efcfb": { "id": "c3172e21-c2e4-4ec0-ad0f-4433303efcfb", "title": "Syncee for Suppliers <= 1.0.5 - Missing Authorization to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Syncee for Suppliers", "slug": "syncee-for-suppliers", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3172e21-c2e4-4ec0-ad0f-4433303efcfb?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c31732fa-eb35-4932-bee6-08955a14b010": { "id": "c31732fa-eb35-4932-bee6-08955a14b010", "title": "Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c31732fa-eb35-4932-bee6-08955a14b010?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c317fe6a-b691-40bb-a646-a06a8337da31": { "id": "c317fe6a-b691-40bb-a646-a06a8337da31", "title": "Axact Author List Widget < 3.0.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Axact Author List Widget", "slug": "knr-author-list-widget", "affected_versions": { "[*, 3.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c317fe6a-b691-40bb-a646-a06a8337da31?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c31828dc-ef94-4895-8395-a5d52a0a82bd": { "id": "c31828dc-ef94-4895-8395-a5d52a0a82bd", "title": "ContentStudio <= 1.2.5 - Authorization Bypass", "software": [ { "type": "plugin", "name": "ContentStudio", "slug": "contentstudio", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3190f9f-8b2f-4251-8804-f386e2c5678f": { "id": "c3190f9f-8b2f-4251-8804-f386e2c5678f", "title": "WP-Optimize <= 3.2.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-Optimize \u2013 Cache, Compress images, Minify & Clean database to boost page speed & performance", "slug": "wp-optimize", "affected_versions": { "* - 3.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3190f9f-8b2f-4251-8804-f386e2c5678f?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c320e437-c1b4-4ccf-9dfd-55ba9c810534": { "id": "c320e437-c1b4-4ccf-9dfd-55ba9c810534", "title": "Download Monitor <= 1.9.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c320e437-c1b4-4ccf-9dfd-55ba9c810534?source=api-scan" ], "published": "2017-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c322841a-4134-4c21-8028-0ccacd46335b": { "id": "c322841a-4134-4c21-8028-0ccacd46335b", "title": "BP Better Messages <= 1.9.9.37 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "[*, 1.9.9.41)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9.41", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.9.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c322841a-4134-4c21-8028-0ccacd46335b?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3248327-6e10-420e-83cf-a23296eb2e6f": { "id": "c3248327-6e10-420e-83cf-a23296eb2e6f", "title": "AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AliExpress Dropshipping Plugin for WooCommerce \u2013 AliNext", "slug": "ali2woo-lite", "affected_versions": { "* - 3.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3248327-6e10-420e-83cf-a23296eb2e6f?source=api-scan" ], "published": "2024-06-18 14:28:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3277d93-4f47-445b-a193-ff990b55d054": { "id": "c3277d93-4f47-445b-a193-ff990b55d054", "title": "Strong Testimonials <= 3.1.12 - Authenticated(Contributor+) Improper Authorization to Views Modification", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 3.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3277d93-4f47-445b-a193-ff990b55d054?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c32824cc-8895-462f-bd5b-03b8da4db680": { "id": "c32824cc-8895-462f-bd5b-03b8da4db680", "title": "WPGlobus \u2013 Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[post_type][page]", "software": [ { "type": "plugin", "name": "WPGlobus \u2013 Multilingual WordPress", "slug": "wpglobus", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c32824cc-8895-462f-bd5b-03b8da4db680?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c32f1c6a-cf65-419e-bfcd-48ac8e3735bc": { "id": "c32f1c6a-cf65-419e-bfcd-48ac8e3735bc", "title": "Slider Carousel \u2013 Responsive Image Slider <= 1.5.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Slider Carousel \u2013 Image Slider", "slug": "slider-images", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c32f1c6a-cf65-419e-bfcd-48ac8e3735bc?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3319993-6f2c-425d-8cb2-ab26f7a52139": { "id": "c3319993-6f2c-425d-8cb2-ab26f7a52139", "title": "Client Portal <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users", "software": [ { "type": "plugin", "name": "Client Portal \u2013 Private user pages and login", "slug": "client-portal", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3319993-6f2c-425d-8cb2-ab26f7a52139?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c33b51bb-d368-4056-97f2-03543c4e9f8c": { "id": "c33b51bb-d368-4056-97f2-03543c4e9f8c", "title": "WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c33b51bb-d368-4056-97f2-03543c4e9f8c?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c33d9295-0c7f-45a0-9d62-4293c8bbef0b": { "id": "c33d9295-0c7f-45a0-9d62-4293c8bbef0b", "title": "Admin Page Spider <= 3.31 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Page Spider", "slug": "admin-page-spider", "affected_versions": { "* - 3.31": { "from_version": "*", "from_inclusive": true, "to_version": "3.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c33d9295-0c7f-45a0-9d62-4293c8bbef0b?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c33d972f-921b-4b93-a20d-f3f7f6cbd3d4": { "id": "c33d972f-921b-4b93-a20d-f3f7f6cbd3d4", "title": "Attesa Extra <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Attesa Extra", "slug": "attesa-extra", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c33d972f-921b-4b93-a20d-f3f7f6cbd3d4?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c33f8b0d-97d9-4d00-bd31-444ee2afbfe6": { "id": "c33f8b0d-97d9-4d00-bd31-444ee2afbfe6", "title": "Tempera <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Tempera", "slug": "tempera", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c33f8b0d-97d9-4d00-bd31-444ee2afbfe6?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c340b7c0-35ab-4707-a999-261a721a9a37": { "id": "c340b7c0-35ab-4707-a999-261a721a9a37", "title": "Ultimate Member <= 2.1.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.1.20)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c340b7c0-35ab-4707-a999-261a721a9a37?source=api-scan" ], "published": "2021-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c342fe87-59f3-43e9-8694-cc2551650a91": { "id": "c342fe87-59f3-43e9-8694-cc2551650a91", "title": "Fusion Engage <= 1.0.5 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Fusion Engage", "slug": "fusion-engage", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c342fe87-59f3-43e9-8694-cc2551650a91?source=api-scan" ], "published": "2015-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c343cee6-909d-4c1a-a6e4-f916a2ae223e": { "id": "c343cee6-909d-4c1a-a6e4-f916a2ae223e", "title": "YML for Yandex Market <= 4.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YML for Yandex Market", "slug": "yml-for-yandex-market", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c343cee6-909d-4c1a-a6e4-f916a2ae223e?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3489038-2833-4080-b802-5733afab5de8": { "id": "c3489038-2833-4080-b802-5733afab5de8", "title": "Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's'", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.47.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.47.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.48.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3489038-2833-4080-b802-5733afab5de8?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c34b21da-6c35-4eec-826b-47dc46575971": { "id": "c34b21da-6c35-4eec-826b-47dc46575971", "title": "Popup Builder <= 4.1.10 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c34b21da-6c35-4eec-826b-47dc46575971?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c34ce601-5cf9-433f-bc9d-5c705eba6b08": { "id": "c34ce601-5cf9-433f-bc9d-5c705eba6b08", "title": "Subscribe2 <= 10.40 - Missing Authorization", "software": [ { "type": "plugin", "name": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters", "slug": "subscribe2", "affected_versions": { "* - 10.40": { "from_version": "*", "from_inclusive": true, "to_version": "10.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c34ce601-5cf9-433f-bc9d-5c705eba6b08?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3508b46-6920-48b9-9acb-620ea34e07e2": { "id": "c3508b46-6920-48b9-9acb-620ea34e07e2", "title": "Branda \u2013 White Label WordPress <= 3.4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Branda \u2013 White Label & Branding, Custom Login Page Customizer", "slug": "branda-white-labeling", "affected_versions": { "* - 3.4.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3508b46-6920-48b9-9acb-620ea34e07e2?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c357e34f-2d0f-4af4-bb67-cbbc6cd4e141": { "id": "c357e34f-2d0f-4af4-bb67-cbbc6cd4e141", "title": "Hreflang Manager <= 1.06 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hreflang Manager \u2013 Hreflang Implementation for International SEO", "slug": "hreflang-manager-lite", "affected_versions": { "* - 1.06": { "from_version": "*", "from_inclusive": true, "to_version": "1.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c357e34f-2d0f-4af4-bb67-cbbc6cd4e141?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c35bffb2-f805-48d6-938a-cb5142eac3b1": { "id": "c35bffb2-f805-48d6-938a-cb5142eac3b1", "title": "Fontiran <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fontiran", "slug": "fontiran", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c35bffb2-f805-48d6-938a-cb5142eac3b1?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c35ed3ef-49bd-4f64-bb0f-2abedb7b978e": { "id": "c35ed3ef-49bd-4f64-bb0f-2abedb7b978e", "title": "One User Avatar <= 2.3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "One User Avatar | User Profile Picture", "slug": "one-user-avatar", "affected_versions": { "[*, 2.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c35ed3ef-49bd-4f64-bb0f-2abedb7b978e?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c35efa26-9400-47f1-80c3-e86ca29c6b47": { "id": "c35efa26-9400-47f1-80c3-e86ca29c6b47", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.4.27.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.27.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c35efa26-9400-47f1-80c3-e86ca29c6b47?source=api-scan" ], "published": "2020-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3613f95-8338-40b8-8b16-2714fa3474ce": { "id": "c3613f95-8338-40b8-8b16-2714fa3474ce", "title": "Limit Login Attempts <= 4.0.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limit Login Attempts", "slug": "miniorange-limit-login-attempts", "affected_versions": { "[*, 4.0.50)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.50", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3613f95-8338-40b8-8b16-2714fa3474ce?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c36181aa-39c2-4009-b687-5964a6cc45c8": { "id": "c36181aa-39c2-4009-b687-5964a6cc45c8", "title": "Awin Data Feed <= 1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Awin Data Feed", "slug": "awin-data-feed", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c36181aa-39c2-4009-b687-5964a6cc45c8?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3728280-3487-4cb2-8e37-f33811bc0a22": { "id": "c3728280-3487-4cb2-8e37-f33811bc0a22", "title": "Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3728280-3487-4cb2-8e37-f33811bc0a22?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c37686f8-6bd7-4c06-b80a-7d6849bbc7b0": { "id": "c37686f8-6bd7-4c06-b80a-7d6849bbc7b0", "title": "Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Snap Pixel", "slug": "snap-pixel", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c37686f8-6bd7-4c06-b80a-7d6849bbc7b0?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c37bfdeb-2d0c-4ace-94cc-b85c16985994": { "id": "c37bfdeb-2d0c-4ace-94cc-b85c16985994", "title": "Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Kathmag", "slug": "kathmag", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Online eStore", "slug": "online-estore", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "SpiderMag", "slug": "spidermag", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Medical Heed", "slug": "medical-heed", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] }, { "type": "theme", "name": "Appzend", "slug": "appzend", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "theme", "name": "BuzzStore", "slug": "buzzstore", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Craft Blog", "slug": "craft-blog", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Fitness Park", "slug": "fitness-park", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Kingcabs", "slug": "kingcabs", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] }, { "type": "theme", "name": "MetroStore", "slug": "metrostore", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "SparkleStore", "slug": "sparklestore", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c37d8218-6059-46f2-a5d9-d7c22486211e": { "id": "c37d8218-6059-46f2-a5d9-d7c22486211e", "title": "Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Enable Media Replace", "slug": "enable-media-replace", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c37d8218-6059-46f2-a5d9-d7c22486211e?source=api-scan" ], "published": "2023-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c38a5e59-3233-4b37-bd6f-baf5dc9f9a01": { "id": "c38a5e59-3233-4b37-bd6f-baf5dc9f9a01", "title": "WordPress Core < 4.9.7 - Authenticated Arbitrary File Deletion", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.26": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.26", "to_inclusive": true }, "3.8 - 3.8.26": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.26", "to_inclusive": true }, "3.9 - 3.9.24": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.24", "to_inclusive": true }, "4.0 - 4.0.23": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.23", "to_inclusive": true }, "4.1 - 4.1.23": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.23", "to_inclusive": true }, "4.2 - 4.2.20": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.20", "to_inclusive": true }, "4.3 - 4.3.16": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.16", "to_inclusive": true }, "4.4 - 4.4.15": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.15", "to_inclusive": true }, "4.5 - 4.5.14": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.14", "to_inclusive": true }, "4.6 - 4.6.11": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.11", "to_inclusive": true }, "4.7 - 4.7.10": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.10", "to_inclusive": true }, "4.8 - 4.8.6": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.6", "to_inclusive": true }, "4.9 - 4.9.6": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.27", "3.8.27", "3.9.25", "4.0.24", "4.1.24", "4.2.21", "4.3.17", "4.4.16", "4.5.15", "4.6.12", "4.7.11", "4.8.7", "4.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c38a5e59-3233-4b37-bd6f-baf5dc9f9a01?source=api-scan" ], "published": "2018-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c38ac30d-95dc-415e-8ea6-507ed87d34db": { "id": "c38ac30d-95dc-415e-8ea6-507ed87d34db", "title": "WP iCal Availability <= 1.0.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP iCal Availability", "slug": "wp-ical-availability", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c38ac30d-95dc-415e-8ea6-507ed87d34db?source=api-scan" ], "published": "2023-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c38b6cce-ea8b-48f3-a995-173047d1caf8": { "id": "c38b6cce-ea8b-48f3-a995-173047d1caf8", "title": "Polylang <= 1.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Polylang", "slug": "polylang", "affected_versions": { "[*, 1.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c38b6cce-ea8b-48f3-a995-173047d1caf8?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c38eaab5-157c-43fa-ad67-6f063274ba69": { "id": "c38eaab5-157c-43fa-ad67-6f063274ba69", "title": "Addonify \u2013 Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure", "software": [ { "type": "plugin", "name": "Addonify \u2013 Quick View For WooCommerce", "slug": "addonify-quick-view", "affected_versions": { "* - 1.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c38eaab5-157c-43fa-ad67-6f063274ba69?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3915c2f-400d-433d-bbc8-4d88258123dc": { "id": "c3915c2f-400d-433d-bbc8-4d88258123dc", "title": "WooCommerce Pre-Orders <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Pre-Orders", "slug": "woocommerce-pre-orders", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3915c2f-400d-433d-bbc8-4d88258123dc?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c392750b-ae4a-48b5-9ccb-43852fb13e27": { "id": "c392750b-ae4a-48b5-9ccb-43852fb13e27", "title": "WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change", "software": [ { "type": "plugin", "name": "WP Quick FrontEnd Editor \u2013 WordPress Plugin", "slug": "wp-quick-front-end-editor", "affected_versions": { "* - 5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c392750b-ae4a-48b5-9ccb-43852fb13e27?source=api-scan" ], "published": "2021-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c394295f-d1b5-48be-978f-f15a6b56e40f": { "id": "c394295f-d1b5-48be-978f-f15a6b56e40f", "title": "WP Server Health Stats <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Server Health Stats", "slug": "wp-server-stats", "affected_versions": { "* - 1.6.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c394295f-d1b5-48be-978f-f15a6b56e40f?source=api-scan" ], "published": "2022-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3978cb6-1739-4671-bb98-17c409c67d1c": { "id": "c3978cb6-1739-4671-bb98-17c409c67d1c", "title": "Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice'", "software": [ { "type": "plugin", "name": "Justified Gallery", "slug": "justified-gallery", "affected_versions": { "* - 1.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3978cb6-1739-4671-bb98-17c409c67d1c?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c399687c-bb00-4b72-a17f-e3bf04918259": { "id": "c399687c-bb00-4b72-a17f-e3bf04918259", "title": "WordPress Core < 5.0.1 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c399687c-bb00-4b72-a17f-e3bf04918259?source=api-scan" ], "published": "2018-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3a993fb-cec5-4a36-9f92-3defff0ab11b": { "id": "c3a993fb-cec5-4a36-9f92-3defff0ab11b", "title": "LiquidPoll \u2013 Advanced Polls for Creators and Brands <= 3.3.77 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews", "slug": "wp-poll", "affected_versions": { "* - 3.3.77": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.77", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.78" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3a993fb-cec5-4a36-9f92-3defff0ab11b?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3b1ff70-7e37-4f74-bd72-ecda81d13d83": { "id": "c3b1ff70-7e37-4f74-bd72-ecda81d13d83", "title": "Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg Editor", "slug": "gutentor", "affected_versions": { "* - 3.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3b1ff70-7e37-4f74-bd72-ecda81d13d83?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3b42bd3-f7d3-43d1-bdd8-4389fd82e1e9": { "id": "c3b42bd3-f7d3-43d1-bdd8-4389fd82e1e9", "title": "WordPress Core < 2.0.7 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3b42bd3-f7d3-43d1-bdd8-4389fd82e1e9?source=api-scan" ], "published": "2007-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3b6c3ab-529d-44f2-b901-ea720cbc3fbc": { "id": "c3b6c3ab-529d-44f2-b901-ea720cbc3fbc", "title": "NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion & SQL injection", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.1.56": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3b6c3ab-529d-44f2-b901-ea720cbc3fbc?source=api-scan" ], "published": "2016-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3bdc0c4-34fb-43cc-ba2b-340347bca146": { "id": "c3bdc0c4-34fb-43cc-ba2b-340347bca146", "title": "Easy Social Icons <= 3.2.4 - Missing Authorization via cnss_save_ajax_order", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3bdc0c4-34fb-43cc-ba2b-340347bca146?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3c8cc17-2bda-413f-95dc-18c7a883ccea": { "id": "c3c8cc17-2bda-413f-95dc-18c7a883ccea", "title": "Bookster \u2013 WordPress Appointment Booking Plugin <= 1.1.0 - Unauthenticated Appointment Manipulation", "software": [ { "type": "plugin", "name": "Bookster \u2013 WordPress Appointment Booking Plugin", "slug": "bookster", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3c8cc17-2bda-413f-95dc-18c7a883ccea?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3c961eb-0174-4aa3-a117-7f72998eefbb": { "id": "c3c961eb-0174-4aa3-a117-7f72998eefbb", "title": "Read and Understood <= 2.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Read and Understood", "slug": "read-and-understood", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3c961eb-0174-4aa3-a117-7f72998eefbb?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3ccde73-8b88-48f9-8bbd-0392fcc40c81": { "id": "c3ccde73-8b88-48f9-8bbd-0392fcc40c81", "title": "WooCommerce PDF Vouchers <= 4.9.4 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WooCommerce - PDF Vouchers", "slug": "woocommerce-pdf-vouchers", "affected_versions": { "* - 4.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3ccde73-8b88-48f9-8bbd-0392fcc40c81?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3d0f9e9-29f5-4d74-814b-bad0fc535e1c": { "id": "c3d0f9e9-29f5-4d74-814b-bad0fc535e1c", "title": "ShopLentor <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3d0f9e9-29f5-4d74-814b-bad0fc535e1c?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3d2c9a4-32f7-484f-86ce-a33ef1174b28": { "id": "c3d2c9a4-32f7-484f-86ce-a33ef1174b28", "title": "MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "* - 2.88.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.88.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.88.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3d2c9a4-32f7-484f-86ce-a33ef1174b28?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3d356d1-2f6d-42e0-b774-6384872c0a90": { "id": "c3d356d1-2f6d-42e0-b774-6384872c0a90", "title": "Music Store <= 1.0.41 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Music Store \u2013 WordPress eCommerce", "slug": "music-store", "affected_versions": { "* - 1.0.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3d356d1-2f6d-42e0-b774-6384872c0a90?source=api-scan" ], "published": "2016-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3d40868-267f-4875-81ea-09e18010670a": { "id": "c3d40868-267f-4875-81ea-09e18010670a", "title": "Esteem <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Esteem", "slug": "esteem", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3d40868-267f-4875-81ea-09e18010670a?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3d5f51f-6abd-49d0-b8cd-bbe518787ab8": { "id": "c3d5f51f-6abd-49d0-b8cd-bbe518787ab8", "title": "WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3d5f51f-6abd-49d0-b8cd-bbe518787ab8?source=api-scan" ], "published": "2014-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3d7728f-7c25-4505-8db3-b67a5c17a439": { "id": "c3d7728f-7c25-4505-8db3-b67a5c17a439", "title": "Post Connector <= 1.0.3 and Post Conector Premium <= 1.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Connector Premium", "slug": "post-connector-pro", "affected_versions": { "[*, 1.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.4" ] }, { "type": "plugin", "name": "Post Connector", "slug": "post-connector", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3d7728f-7c25-4505-8db3-b67a5c17a439?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3d7a587-042d-4ba1-9373-aaeb24c711f5": { "id": "c3d7a587-042d-4ba1-9373-aaeb24c711f5", "title": "Masteriyo - LMS <= 1.11.4 - Authenticated (Student+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress", "slug": "learning-management-system", "affected_versions": { "* - 1.11.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3d7a587-042d-4ba1-9373-aaeb24c711f5?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3da10da-8de3-4547-abe4-202002728c80": { "id": "c3da10da-8de3-4547-abe4-202002728c80", "title": "BuddyPress 5.0.0-7.2.0 - Privilege Escalation via REST API", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "5.0.0 - 7.2.0": { "from_version": "5.0.0", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3da10da-8de3-4547-abe4-202002728c80?source=api-scan" ], "published": "2021-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c": { "id": "c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c", "title": "Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.986": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.986", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.987" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3e47d14-4c00-4b10-9e4d-7f1d7946a2b4": { "id": "c3e47d14-4c00-4b10-9e4d-7f1d7946a2b4", "title": "Royal Elementor Addons <= 1.3.93 - Authenticated (Contributor+) Stored Cross-Site Scriting", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.95" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3e47d14-4c00-4b10-9e4d-7f1d7946a2b4?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3ea04ba-b609-49cd-aae8-68f5b51df154": { "id": "c3ea04ba-b609-49cd-aae8-68f5b51df154", "title": "Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Plugins and Themes in ZIP from Dashboard", "slug": "download-plugins-dashboard", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3ea04ba-b609-49cd-aae8-68f5b51df154?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3ea4bf9-e109-465e-890a-c2923089fb66": { "id": "c3ea4bf9-e109-465e-890a-c2923089fb66", "title": "Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Market Exporter", "slug": "market-exporter", "affected_versions": { "* - 2.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3ea4bf9-e109-465e-890a-c2923089fb66?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3ecf638-dfc4-4e9d-bca8-cd008227e934": { "id": "c3ecf638-dfc4-4e9d-bca8-cd008227e934", "title": "User Avatar \u2013 Reloaded <= 1.2.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "User Avatar \u2013 Reloaded", "slug": "user-avatar-reloaded", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3ecf638-dfc4-4e9d-bca8-cd008227e934?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3ede2bc-15a6-4194-a963-d176cb0fc612": { "id": "c3ede2bc-15a6-4194-a963-d176cb0fc612", "title": "Atarim <= 4.0.1 - Missing Authorization via remove_feedbacktool_notice()", "software": [ { "type": "plugin", "name": "Visual Website Collaboration, Feedback & Project Management \u2013 Atarim", "slug": "atarim-visual-collaboration", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3ede2bc-15a6-4194-a963-d176cb0fc612?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3efb7b1-5230-40f9-a8a0-3712916284be": { "id": "c3efb7b1-5230-40f9-a8a0-3712916284be", "title": "YITH WooCommerce Product Add-Ons <= 4.5.0 - Unuathenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Product Add-Ons", "slug": "yith-woocommerce-product-add-ons", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3efb7b1-5230-40f9-a8a0-3712916284be?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3efbd9d-e2b5-4915-a964-29a49c7fba86": { "id": "c3efbd9d-e2b5-4915-a964-29a49c7fba86", "title": "Bookly <= 21.5 - Unauthenticated Stored Cross-Site Scripting via Name", "software": [ { "type": "plugin", "name": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly", "slug": "bookly-responsive-appointment-booking-tool", "affected_versions": { "21.5": { "from_version": "21.5", "from_inclusive": true, "to_version": "21.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3efbd9d-e2b5-4915-a964-29a49c7fba86?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3f0032e-a6f4-47f5-b3eb-6f1c9bf9670c": { "id": "c3f0032e-a6f4-47f5-b3eb-6f1c9bf9670c", "title": "Simple File List <= 6.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 6.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3f0032e-a6f4-47f5-b3eb-6f1c9bf9670c?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3f37ef5-ddf5-4bd5-b6aa-121dda22fb01": { "id": "c3f37ef5-ddf5-4bd5-b6aa-121dda22fb01", "title": "CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "CMB2", "slug": "cmb2", "affected_versions": { "* - 2.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3f37ef5-ddf5-4bd5-b6aa-121dda22fb01?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3f3e56e-bbb6-4ceb-811d-447ed837d176": { "id": "c3f3e56e-bbb6-4ceb-811d-447ed837d176", "title": "Smart Google Code Inserter < 3.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Google Code Inserter", "slug": "smart-google-code-inserter", "affected_versions": { "[*, 3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3f3e56e-bbb6-4ceb-811d-447ed837d176?source=api-scan" ], "published": "2018-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c3f50771-f889-4de9-9d43-a736c4c24efc": { "id": "c3f50771-f889-4de9-9d43-a736c4c24efc", "title": "WordPress Landing Pages < 1.2.3 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Landing Pages", "slug": "landing-pages", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c3f50771-f889-4de9-9d43-a736c4c24efc?source=api-scan" ], "published": "2013-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4006612-770a-482f-a8c2-e62f607914a9": { "id": "c4006612-770a-482f-a8c2-e62f607914a9", "title": "Product Expiry for WooCommerce <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update", "software": [ { "type": "plugin", "name": "Product Expiry for WooCommerce", "slug": "product-expiry-for-woocommerce", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4006612-770a-482f-a8c2-e62f607914a9?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4039a27-0100-49c5-8dce-cf015a08ef04": { "id": "c4039a27-0100-49c5-8dce-cf015a08ef04", "title": "ContentStudio <= 1.1.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "ContentStudio", "slug": "contentstudio", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4039a27-0100-49c5-8dce-cf015a08ef04?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4067e03-427c-4b03-a250-0354572ae361": { "id": "c4067e03-427c-4b03-a250-0354572ae361", "title": "myCred <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4067e03-427c-4b03-a250-0354572ae361?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c40752df-1337-475b-8b5e-0d171946bfe9": { "id": "c40752df-1337-475b-8b5e-0d171946bfe9", "title": "AI ChatBot <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c40752df-1337-475b-8b5e-0d171946bfe9?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4098a47-986c-4b2c-b27a-18ff81da0f58": { "id": "c4098a47-986c-4b2c-b27a-18ff81da0f58", "title": "All-in-one Floating Contact Form \u2013 My Sticky Elements <= 2.1.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs \u2013 My Sticky Elements", "slug": "mystickyelements", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4098a47-986c-4b2c-b27a-18ff81da0f58?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c40bf215-81c1-423a-9d41-9a231dfc8053": { "id": "c40bf215-81c1-423a-9d41-9a231dfc8053", "title": "Landing Page Builder \u2013 Free Landing Page Templates <= 3.1.9.8 - Local File Inclusion via 'lpp_template_select'", "software": [ { "type": "plugin", "name": "Landing Page Builder \u2013 Free Landing Page Templates", "slug": "ultimate-landing-page", "affected_versions": { "* - 3.1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c40bf215-81c1-423a-9d41-9a231dfc8053?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c42203bc-3f69-44d2-b165-abb55937f65b": { "id": "c42203bc-3f69-44d2-b165-abb55937f65b", "title": "Gallery Objects <= 0.4 - SQL Injection", "software": [ { "type": "plugin", "name": "gallery-objects", "slug": "gallery-objects", "affected_versions": { "* - 0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c42203bc-3f69-44d2-b165-abb55937f65b?source=api-scan" ], "published": "2014-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c42428c6-5d9d-4679-91fe-8ec6f3a3bf9e": { "id": "c42428c6-5d9d-4679-91fe-8ec6f3a3bf9e", "title": "Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) < 4.1.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)", "slug": "gift-voucher", "affected_versions": { "[*, 4.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c42428c6-5d9d-4679-91fe-8ec6f3a3bf9e?source=api-scan" ], "published": "2018-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4250395-3709-47cd-86d4-e6a1fec10298": { "id": "c4250395-3709-47cd-86d4-e6a1fec10298", "title": "The Ultimate Video Player For WordPress <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Ultimate Video Player For WordPress \u2013 by Presto Player", "slug": "presto-player", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4250395-3709-47cd-86d4-e6a1fec10298?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c42b646f-7a41-416b-8632-d088b8d0cb7c": { "id": "c42b646f-7a41-416b-8632-d088b8d0cb7c", "title": "Photosmash Plugin < 1.0.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "photosmash-galleries", "slug": "photosmash-galleries", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c42b646f-7a41-416b-8632-d088b8d0cb7c?source=api-scan" ], "published": "2011-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8": { "id": "c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8", "title": "BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation", "software": [ { "type": "plugin", "name": "BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net", "slug": "woo-bulk-editor", "affected_versions": { "* - 1.1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c434e6b8-0dd5-4ffe-93b1-1af614c08f85": { "id": "c434e6b8-0dd5-4ffe-93b1-1af614c08f85", "title": "Frontend File Manager <= 18.2 - Unauthenticated Content Injection", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "[*, 18.3)": { "from_version": "*", "from_inclusive": true, "to_version": "18.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c43c8c01-3f8a-4ae4-8113-d410850e721d": { "id": "c43c8c01-3f8a-4ae4-8113-d410850e721d", "title": "Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Share Buttons by Supsystic", "slug": "social-share-buttons-by-supsystic", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c43c8c01-3f8a-4ae4-8113-d410850e721d?source=api-scan" ], "published": "2022-05-27 13:59:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c43e292b-8344-4842-bed1-32e7f8cb992b": { "id": "c43e292b-8344-4842-bed1-32e7f8cb992b", "title": "Elementor Website Builder <= 2.9.13 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "[*, 2.9.14)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c43e292b-8344-4842-bed1-32e7f8cb992b?source=api-scan" ], "published": "2020-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c446f429-1981-4d6d-a5ec-a5837428d212": { "id": "c446f429-1981-4d6d-a5ec-a5837428d212", "title": "SEOPress \u2013 On-site SEO <= 7.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Social Image URL", "software": [ { "type": "plugin", "name": "SEOPress \u2013 On-site SEO", "slug": "wp-seopress", "affected_versions": { "* - 7.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c446f429-1981-4d6d-a5ec-a5837428d212?source=api-scan" ], "published": "2024-06-19 13:31:27", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4470c03-64fc-46d9-b224-de5a3149c3d5": { "id": "c4470c03-64fc-46d9-b224-de5a3149c3d5", "title": "Add to Cart Text Changer and Customize Button, Add Custom Icon <= 2.0 - Cross-Site Request Forgery via wactc_text_form", "software": [ { "type": "plugin", "name": "Add to Cart Text Changer and Customize Button, Add Custom Icon", "slug": "woo-add-to-cart-text-change", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4470c03-64fc-46d9-b224-de5a3149c3d5?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c44b9eb6-96a8-4e19-b4c1-72a69b9f159f": { "id": "c44b9eb6-96a8-4e19-b4c1-72a69b9f159f", "title": "Powerplay Gallery <= 3.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Powerplay Gallery", "slug": "wp-powerplaygallery", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c44b9eb6-96a8-4e19-b4c1-72a69b9f159f?source=api-scan" ], "published": "2015-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4528b63-8d8e-44a4-a71f-2ad1636ac93c": { "id": "c4528b63-8d8e-44a4-a71f-2ad1636ac93c", "title": "Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4528b63-8d8e-44a4-a71f-2ad1636ac93c?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c454a958-91c4-4847-91f6-dedebf857964": { "id": "c454a958-91c4-4847-91f6-dedebf857964", "title": "Download Monitor <= 4.9.13 - Missing Authorization", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c454a958-91c4-4847-91f6-dedebf857964?source=api-scan" ], "published": "2024-05-29 14:49:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4555cd1-5ae5-42b3-938f-ffce5ba4fe56": { "id": "c4555cd1-5ae5-42b3-938f-ffce5ba4fe56", "title": "The7 \u2014 Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute", "software": [ { "type": "theme", "name": "The7 \u2014 Website and eCommerce Builder for WordPress", "slug": "dt-the7", "affected_versions": { "* - 11.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "11.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4555cd1-5ae5-42b3-938f-ffce5ba4fe56?source=api-scan" ], "published": "2024-06-24 21:29:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4580748-f5dc-4f05-81d2-a8e9b76a7a7d": { "id": "c4580748-f5dc-4f05-81d2-a8e9b76a7a7d", "title": "Fotobook <= 3.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fotobook", "slug": "fotobook", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4580748-f5dc-4f05-81d2-a8e9b76a7a7d?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c458e6d6-28ba-4465-ace2-5da9e99ca2c7": { "id": "c458e6d6-28ba-4465-ace2-5da9e99ca2c7", "title": "DecaLog <= 3.9.0 - Authenticated (Admin+) SQL injection", "software": [ { "type": "plugin", "name": "DecaLog", "slug": "decalog", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c458e6d6-28ba-4465-ace2-5da9e99ca2c7?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c45b6163-7ebf-4f18-afd6-735d02d9170d": { "id": "c45b6163-7ebf-4f18-afd6-735d02d9170d", "title": "Joli FAQ SEO \u2013 WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Joli FAQ SEO \u2013 WordPress FAQ Plugin", "slug": "joli-faq-seo", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c45b6163-7ebf-4f18-afd6-735d02d9170d?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c466c0ff-d84b-4536-bea7-ada2a80aad15": { "id": "c466c0ff-d84b-4536-bea7-ada2a80aad15", "title": "WordPress Share Buttons Plugin \u2013 AddThis < 2.2.0 - Code Injection", "software": [ { "type": "plugin", "name": "WordPress Share Buttons Plugin \u2013 AddThis", "slug": "addthis", "affected_versions": { "[*, 2.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c466c0ff-d84b-4536-bea7-ada2a80aad15?source=api-scan" ], "published": "2011-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c468a56c-4411-49fc-8014-fc9b71a645c3": { "id": "c468a56c-4411-49fc-8014-fc9b71a645c3", "title": "RSS Feed Widget <= 2.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Feed Widget", "slug": "rss-feed-widget", "affected_versions": { "* - 2.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c468a56c-4411-49fc-8014-fc9b71a645c3?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c46b26c7-3302-4730-915c-1882b315600c": { "id": "c46b26c7-3302-4730-915c-1882b315600c", "title": "Wise Chat <= 2.6.3 - Reverse Tabnabbing", "software": [ { "type": "plugin", "name": "Wise Chat", "slug": "wise-chat", "affected_versions": { "[*, 2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c46b26c7-3302-4730-915c-1882b315600c?source=api-scan" ], "published": "2019-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c46bcbd1-566d-4b21-84a1-f25e3df7ddc7": { "id": "c46bcbd1-566d-4b21-84a1-f25e3df7ddc7", "title": "Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c46bcbd1-566d-4b21-84a1-f25e3df7ddc7?source=api-scan" ], "published": "2024-06-18 18:44:27", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c46cf202-320b-40a0-9de0-e4992f23395f": { "id": "c46cf202-320b-40a0-9de0-e4992f23395f", "title": "WP-Matomo Integration (WP-Piwik) < 1.0.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Connect Matomo (WP-Matomo, WP-Piwik)", "slug": "wp-piwik", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c46cf202-320b-40a0-9de0-e4992f23395f?source=api-scan" ], "published": "2015-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c47386ee-25c8-4a77-92e8-5a82afc9c826": { "id": "c47386ee-25c8-4a77-92e8-5a82afc9c826", "title": "wp-mpdf <= 3.5.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "wp-mpdf", "slug": "wp-mpdf", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c47386ee-25c8-4a77-92e8-5a82afc9c826?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4747f6c-d083-4f7e-a9ef-3dd9c8f6047b": { "id": "c4747f6c-d083-4f7e-a9ef-3dd9c8f6047b", "title": "Gwolle Guestbook <= 2.5.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gwolle Guestbook", "slug": "gwolle-gb", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4747f6c-d083-4f7e-a9ef-3dd9c8f6047b?source=api-scan" ], "published": "2018-07-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c47601b4-bf16-4f59-b5f3-584a8eac7c67": { "id": "c47601b4-bf16-4f59-b5f3-584a8eac7c67", "title": "Starbox \u2013 the Author Box for Humans <= 3.4.7 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Starbox \u2013 the Author Box for Humans", "slug": "starbox", "affected_versions": { "* - 3.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c476d9af-9060-4294-874a-86e550253d3b": { "id": "c476d9af-9060-4294-874a-86e550253d3b", "title": "Visual Composer <= 26.0 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Composer Website Builder", "slug": "visualcomposer", "affected_versions": { "* - 26.0": { "from_version": "*", "from_inclusive": true, "to_version": "26.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "27.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c476d9af-9060-4294-874a-86e550253d3b?source=api-scan" ], "published": "2020-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4770184-1b96-490c-b506-f648ab3ed764": { "id": "c4770184-1b96-490c-b506-f648ab3ed764", "title": "Getwid \u2013 Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4770184-1b96-490c-b506-f648ab3ed764?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c478a421-8dc1-46cb-ada8-ceb107f22a53": { "id": "c478a421-8dc1-46cb-ada8-ceb107f22a53", "title": "Perfect Brands for WooCommerce <= 2.0.4 - Unauthorized Brand Creation", "software": [ { "type": "plugin", "name": "Perfect Brands for WooCommerce", "slug": "perfect-woocommerce-brands", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c478a421-8dc1-46cb-ada8-ceb107f22a53?source=api-scan" ], "published": "2022-01-28 09:32:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c47e9220-d7d7-4a66-b555-8fa837d45d59": { "id": "c47e9220-d7d7-4a66-b555-8fa837d45d59", "title": "eVision Responsive Column Layout Shortcodes <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eVision Responsive Column Layout Shortcodes", "slug": "wens-responsive-column-layout-shortcodes", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c47e9220-d7d7-4a66-b555-8fa837d45d59?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c48091fc-c11d-4753-9763-e1face3723fe": { "id": "c48091fc-c11d-4753-9763-e1face3723fe", "title": "PublishPress Capabilities <= 1.5.8 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "PublishPress Capabilities \u2013 User Role Editor, Access Permissions, Admin Menus", "slug": "capability-manager-enhanced", "affected_versions": { "[*, 1.5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c48091fc-c11d-4753-9763-e1face3723fe?source=api-scan" ], "published": "2018-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4831a75-9d2b-4808-8b23-f1e9750fd905": { "id": "c4831a75-9d2b-4808-8b23-f1e9750fd905", "title": "wpDataTables Lite plugin <= 2.0.11 - SQL injection", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4831a75-9d2b-4808-8b23-f1e9750fd905?source=api-scan" ], "published": "2019-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4884ba9-4448-43b0-93d3-110b719845ea": { "id": "c4884ba9-4448-43b0-93d3-110b719845ea", "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4884ba9-4448-43b0-93d3-110b719845ea?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4886822-3a05-45b3-ad1d-4d4a4f921817": { "id": "c4886822-3a05-45b3-ad1d-4d4a4f921817", "title": "Serial Codes Generator and Validator with WooCommerce Support <= 2.4.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Serial Codes Generator and Validator with WooCommerce Support", "slug": "serial-codes-generator-and-validator", "affected_versions": { "[*, 2.4.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4886822-3a05-45b3-ad1d-4d4a4f921817?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c490e344-66da-4176-bd93-7e07a491bfa9": { "id": "c490e344-66da-4176-bd93-7e07a491bfa9", "title": "All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "[*, 2.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c490e344-66da-4176-bd93-7e07a491bfa9?source=api-scan" ], "published": "2016-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c49389b5-bf5a-49b8-8d20-404195b50308": { "id": "c49389b5-bf5a-49b8-8d20-404195b50308", "title": "Notification Bar for WordPress <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Notification Bar for WordPress", "slug": "8-degree-notification-bar", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c49389b5-bf5a-49b8-8d20-404195b50308?source=api-scan" ], "published": "2022-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c495ac39-c99b-423d-a601-d0bfcc514ebe": { "id": "c495ac39-c99b-423d-a601-d0bfcc514ebe", "title": "Product Import Export for WooCommerce <= 2.4.1 - Authenticated(Shop Manager+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Product Import Export for WooCommerce", "slug": "product-import-export-for-woo", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c495ac39-c99b-423d-a601-d0bfcc514ebe?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c496a5f8-9cfc-49b3-b360-d942d554b860": { "id": "c496a5f8-9cfc-49b3-b360-d942d554b860", "title": "3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin <= 3.62 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin", "slug": "real3d-flipbook-lite", "affected_versions": { "* - 3.62": { "from_version": "*", "from_inclusive": true, "to_version": "3.62", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c496a5f8-9cfc-49b3-b360-d942d554b860?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c49811bf-19d5-450f-9f11-a5fc9e8781c8": { "id": "c49811bf-19d5-450f-9f11-a5fc9e8781c8", "title": "Media Library Assistant <= 2.81 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 2.81": { "from_version": "*", "from_inclusive": true, "to_version": "2.81", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.82" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c49811bf-19d5-450f-9f11-a5fc9e8781c8?source=api-scan" ], "published": "2019-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c49b3841-370b-42ed-9545-e69c2544642d": { "id": "c49b3841-370b-42ed-9545-e69c2544642d", "title": "Marker.io <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Marker.io \u2013 Visual Website Feedback", "slug": "marker-io", "affected_versions": { "[*, 1.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c49b3841-370b-42ed-9545-e69c2544642d?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c49c97cf-78e9-4da2-ab0d-ff014c29feaa": { "id": "c49c97cf-78e9-4da2-ab0d-ff014c29feaa", "title": "Strong Testimonials <= 2.31.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 2.31.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.31.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.31.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c49c97cf-78e9-4da2-ab0d-ff014c29feaa?source=api-scan" ], "published": "2018-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c49dcb39-7d03-4d7e-9a07-7ac8a6506e7f": { "id": "c49dcb39-7d03-4d7e-9a07-7ac8a6506e7f", "title": "Bloog <= 1.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Bloog", "slug": "Blooog-v1.1", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c49dcb39-7d03-4d7e-9a07-7ac8a6506e7f?source=api-scan" ], "published": "2013-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4a051e3-4489-4124-abf6-905b7ff7fd3c": { "id": "c4a051e3-4489-4124-abf6-905b7ff7fd3c", "title": "Freesia Empire <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Freesia Empire", "slug": "freesia-empire", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4a051e3-4489-4124-abf6-905b7ff7fd3c?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4a649b0-d5b2-4e4c-833c-01ecf12611a5": { "id": "c4a649b0-d5b2-4e4c-833c-01ecf12611a5", "title": "Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms \u2013 CRM, Bigin", "slug": "cf7-zoho", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4a649b0-d5b2-4e4c-833c-01ecf12611a5?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4a6b786-d0ef-41f6-b2bf-83307ec02b91": { "id": "c4a6b786-d0ef-41f6-b2bf-83307ec02b91", "title": "Insert PHP Code Snippet <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Insert PHP Code Snippet", "slug": "insert-php-code-snippet", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4a70eec-ee14-4bef-8d23-5954b1f1baf5": { "id": "c4a70eec-ee14-4bef-8d23-5954b1f1baf5", "title": "Cache Images <= 3.2 - Cross-Site Request Forgery to Image Upload", "software": [ { "type": "plugin", "name": "Cache Images", "slug": "cache-images", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4a70eec-ee14-4bef-8d23-5954b1f1baf5?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4aa2813-6920-4886-b6d2-78fbcd00bdf7": { "id": "c4aa2813-6920-4886-b6d2-78fbcd00bdf7", "title": "Social Rocket \u2013 Social Sharing Plugin < 1.2.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Rocket \u2013 Social Sharing Plugin", "slug": "social-rocket", "affected_versions": { "[*, 1.2.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4aa2813-6920-4886-b6d2-78fbcd00bdf7?source=api-scan" ], "published": "2020-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4ab6fcd-9c03-4bab-8e31-57b57e67e1e3": { "id": "c4ab6fcd-9c03-4bab-8e31-57b57e67e1e3", "title": "Event Tickets with Ticket Scanner <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Tickets with Ticket Scanner", "slug": "event-tickets-with-ticket-scanner", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4ab6fcd-9c03-4bab-8e31-57b57e67e1e3?source=api-scan" ], "published": "2024-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4aceec4-4832-4d83-98b3-f705c391b0c9": { "id": "c4aceec4-4832-4d83-98b3-f705c391b0c9", "title": "Custom 404 Pro <= 3.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "[*, 3.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4aceec4-4832-4d83-98b3-f705c391b0c9?source=api-scan" ], "published": "2019-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4b1cae3-dc08-43b1-9a20-62b7263efeba": { "id": "c4b1cae3-dc08-43b1-9a20-62b7263efeba", "title": "WPCode <= 2.0.6 - Missing Authorization to Sensitive Key Disclosure\/Update", "software": [ { "type": "plugin", "name": "WPCode \u2013 Insert Headers and Footers + Custom Code Snippets \u2013 WordPress Code Manager", "slug": "insert-headers-and-footers", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4b1cae3-dc08-43b1-9a20-62b7263efeba?source=api-scan" ], "published": "2023-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4c2689d-be51-4907-b624-c85da39f545d": { "id": "c4c2689d-be51-4907-b624-c85da39f545d", "title": "Easy WP Cleaner <= 1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy WP Cleaner", "slug": "easy-wp-cleaner", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4c2689d-be51-4907-b624-c85da39f545d?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4c438e0-ea25-4372-8e4e-5d7163cc3447": { "id": "c4c438e0-ea25-4372-8e4e-5d7163cc3447", "title": "WooCommerce Customers Manager <= 29.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "* - 29.7": { "from_version": "*", "from_inclusive": true, "to_version": "29.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "29.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4c438e0-ea25-4372-8e4e-5d7163cc3447?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4c530fa-eaf4-4721-bfb6-9fc06d7f343c": { "id": "c4c530fa-eaf4-4721-bfb6-9fc06d7f343c", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4c530fa-eaf4-4721-bfb6-9fc06d7f343c?source=api-scan" ], "published": "2024-09-27 13:58:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4cad108-6574-4f14-8a37-89c4c10279d6": { "id": "c4cad108-6574-4f14-8a37-89c4c10279d6", "title": "wpView <=\u00a01.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Display Custom Fields \u2013 wpView", "slug": "wpview", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4cad108-6574-4f14-8a37-89c4c10279d6?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4d19f85-e39f-46e6-b62c-b6d3dc51a0df": { "id": "c4d19f85-e39f-46e6-b62c-b6d3dc51a0df", "title": "Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "[*, 3.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4d19f85-e39f-46e6-b62c-b6d3dc51a0df?source=api-scan" ], "published": "2018-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4d552a7-499f-4946-b0ec-5f733c01a365": { "id": "c4d552a7-499f-4946-b0ec-5f733c01a365", "title": "WP eBay Product Feeds <= 3.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP eBay Product Feeds", "slug": "ebay-feeds-for-wordpress", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4d552a7-499f-4946-b0ec-5f733c01a365?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4d5d58f-913a-4a26-8b2a-bfdd08033993": { "id": "c4d5d58f-913a-4a26-8b2a-bfdd08033993", "title": "Opal Estate Pro \u2013 Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Opal Estate Pro \u2013 Property Management and Submission", "slug": "opal-estate-pro", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4d5d58f-913a-4a26-8b2a-bfdd08033993?source=api-scan" ], "published": "2024-05-21 19:15:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4d86204-51df-4adf-aac4-f5e007d9f3c3": { "id": "c4d86204-51df-4adf-aac4-f5e007d9f3c3", "title": "Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "[*, 6.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.0" ] }, { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.3" ] }, { "type": "plugin", "name": "Booster Elite for WooCommerce", "slug": "booster-elite-for-woocommerce", "affected_versions": { "[*, 6.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4d86204-51df-4adf-aac4-f5e007d9f3c3?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4d8f5a9-56e1-4676-b03f-1f5464c5b29a": { "id": "c4d8f5a9-56e1-4676-b03f-1f5464c5b29a", "title": "Unyson <= 2.7.18 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Unyson", "slug": "unyson", "affected_versions": { "* - 2.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4d8f5a9-56e1-4676-b03f-1f5464c5b29a?source=api-scan" ], "published": "2018-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4d99e64-1daf-4349-9702-341f05a65c21": { "id": "c4d99e64-1daf-4349-9702-341f05a65c21", "title": "GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership <= 1.4.13 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership", "slug": "gourl-bitcoin-payment-gateway-paid-downloads-membership", "affected_versions": { "* - 1.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4d99e64-1daf-4349-9702-341f05a65c21?source=api-scan" ], "published": "2018-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4dc736a-6c34-489f-a73a-c7030c60b97f": { "id": "c4dc736a-6c34-489f-a73a-c7030c60b97f", "title": "Ninja Forms <= 3.8.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4dc736a-6c34-489f-a73a-c7030c60b97f?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4dfd5af-0af0-469c-81ed-52867609550c": { "id": "c4dfd5af-0af0-469c-81ed-52867609550c", "title": "Total Theme <= 2.1.19 - Authenticated(Subscriber+) Plugin Activation", "software": [ { "type": "theme", "name": "Total", "slug": "total", "affected_versions": { "* - 2.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4dfd5af-0af0-469c-81ed-52867609550c?source=api-scan" ], "published": "2023-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4e0ba71-74dc-414a-9c4e-ad07448e2f18": { "id": "c4e0ba71-74dc-414a-9c4e-ad07448e2f18", "title": "Arigato Autoresponder and Newsletter <= 2.7.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.7.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4e0ba71-74dc-414a-9c4e-ad07448e2f18?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4f19302-70a5-4132-b841-fba1dd86a0d3": { "id": "c4f19302-70a5-4132-b841-fba1dd86a0d3", "title": "SEO Change Monitor <= 1.2 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "SEO Change Monitor \u2013 Track Website Changes", "slug": "seo-change-monitor", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4f19302-70a5-4132-b841-fba1dd86a0d3?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c4feb8e8-8620-44b9-9e8d-7ea513e168ff": { "id": "c4feb8e8-8620-44b9-9e8d-7ea513e168ff", "title": "ChatBot <= 4.4.8 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c4feb8e8-8620-44b9-9e8d-7ea513e168ff?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c508d38c-f5e3-4193-8209-0083a8a18da4": { "id": "c508d38c-f5e3-4193-8209-0083a8a18da4", "title": "Helloprint <= 1.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plug your WooCommerce into the largest catalog of customized print products from Helloprint", "slug": "helloprint", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c508d38c-f5e3-4193-8209-0083a8a18da4?source=api-scan" ], "published": "2022-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c510063e-1c64-40fa-842a-e7efd3dc550a": { "id": "c510063e-1c64-40fa-842a-e7efd3dc550a", "title": "WordPress Core < 5.2.3 - Reflected Cross-Site Scripting via Shortcode Previews", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.29": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.29", "to_inclusive": true }, "3.8 - 3.8.29": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.29", "to_inclusive": true }, "3.9 - 3.9.27": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.27", "to_inclusive": true }, "4.0 - 4.0.26": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true }, "4.1 - 4.1.26": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.26", "to_inclusive": true }, "4.2 - 4.2.23": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.23", "to_inclusive": true }, "4.3 - 4.3.19": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.19", "to_inclusive": true }, "4.4 - 4.4.18": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.18", "to_inclusive": true }, "4.5 - 4.5.17": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.17", "to_inclusive": true }, "4.6 - 4.6.13": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true }, "4.7 - 4.7.12": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.12", "to_inclusive": true }, "4.8 - 4.8.9": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true }, "4.9 - 4.9.10": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true }, "5.0 - 5.0.5": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true }, "5.1 - 5.1.1": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true }, "5.2 - 5.2.2": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.30", "3.8.30", "3.9.28", "4.0.27", "4.1.27", "4.2.24", "4.3.20", "4.4.19", "4.5.18", "4.6.15", "4.7.13", "4.8.10", "4.9.11", "5.0.6", "5.1.2", "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c510063e-1c64-40fa-842a-e7efd3dc550a?source=api-scan" ], "published": "2019-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c513e674-c027-4335-8ba3-b19696a1ce9b": { "id": "c513e674-c027-4335-8ba3-b19696a1ce9b", "title": "The Events Calendar <= 6.1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c513e674-c027-4335-8ba3-b19696a1ce9b?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c51889e4-9ca2-4c3f-addb-8285579324f6": { "id": "c51889e4-9ca2-4c3f-addb-8285579324f6", "title": "Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "[*, 5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.11" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "[*, 5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c51889e4-9ca2-4c3f-addb-8285579324f6?source=api-scan" ], "published": "2021-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5203a17-cc4f-4545-a231-dfbfb900f0fd": { "id": "c5203a17-cc4f-4545-a231-dfbfb900f0fd", "title": "BuddyPress xProfile Checkout Manager for WooCommerce <= 1.3.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress xProfile Checkout Manager for WooCommerce", "slug": "woocommerce-buddypress-integration-xprofile-checkout-manager", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5203a17-cc4f-4545-a231-dfbfb900f0fd?source=api-scan" ], "published": "2022-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c52435f3-cc1c-4d3a-a664-a07e60fad6ae": { "id": "c52435f3-cc1c-4d3a-a664-a07e60fad6ae", "title": "Essential Blocks <= 4.4.2 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c52435f3-cc1c-4d3a-a664-a07e60fad6ae?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c525344a-fb62-48c9-bfd2-a77f59da3470": { "id": "c525344a-fb62-48c9-bfd2-a77f59da3470", "title": "Pocket Widget <= 0.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pocket Widget", "slug": "pocket-widget", "affected_versions": { "* - 0.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c525344a-fb62-48c9-bfd2-a77f59da3470?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5277e25-d923-4553-9371-192d4cf4389a": { "id": "c5277e25-d923-4553-9371-192d4cf4389a", "title": "Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Cost Calculator", "slug": "nd-projects", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5277e25-d923-4553-9371-192d4cf4389a?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c52a8b78-39bd-473b-ad78-377c31453f4e": { "id": "c52a8b78-39bd-473b-ad78-377c31453f4e", "title": "Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation", "software": [ { "type": "plugin", "name": "Media File Manager", "slug": "media-file-manager", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c52a8b78-39bd-473b-ad78-377c31453f4e?source=api-scan" ], "published": "2018-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c530f5d2-eed3-433b-bf96-656593ad6ce2": { "id": "c530f5d2-eed3-433b-bf96-656593ad6ce2", "title": "Responsive Video <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Video", "slug": "responsive-video", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c530f5d2-eed3-433b-bf96-656593ad6ce2?source=api-scan" ], "published": "2024-08-20 17:23:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c532fc06-1ddd-4472-a5aa-10d7c8688d36": { "id": "c532fc06-1ddd-4472-a5aa-10d7c8688d36", "title": "CSS JS Files <= 1.5.0 - Authenticated (Admin+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "CSS JS Files", "slug": "css-js-files", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c532fc06-1ddd-4472-a5aa-10d7c8688d36?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c536ae81-cf30-4af4-8b79-ee5dd03a4751": { "id": "c536ae81-cf30-4af4-8b79-ee5dd03a4751", "title": "AI Engine <= 2.4.7 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c536ae81-cf30-4af4-8b79-ee5dd03a4751?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5372890-72d4-482d-a7f2-04a50520c4dc": { "id": "c5372890-72d4-482d-a7f2-04a50520c4dc", "title": "WordPress Newsletter Plugin \u2013 Noptin < 1.6.5 - Open Redirect", "software": [ { "type": "plugin", "name": "Simple Newsletter Plugin \u2013 Noptin", "slug": "newsletter-optin-box", "affected_versions": { "[*, 1.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5372890-72d4-482d-a7f2-04a50520c4dc?source=api-scan" ], "published": "2022-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c53ebf2f-44ab-4d0f-ac3d-c08806c07343": { "id": "c53ebf2f-44ab-4d0f-ac3d-c08806c07343", "title": "Live Gold Price & Silver Price Charts Widgets <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Live Gold Price & Silver Price Charts Widgets", "slug": "gold-price-chart-widget", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c53ebf2f-44ab-4d0f-ac3d-c08806c07343?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5429fb1-7072-4a00-8fb3-48d4f876417f": { "id": "c5429fb1-7072-4a00-8fb3-48d4f876417f", "title": "Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "[*, 5.36.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.36.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.36.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5429fb1-7072-4a00-8fb3-48d4f876417f?source=api-scan" ], "published": "2023-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c542b535-f75c-4f63-a3d8-7f80139ac97e": { "id": "c542b535-f75c-4f63-a3d8-7f80139ac97e", "title": "FrieChat - WordPress Chat Plugin < 1.0.3 - SQL Injection", "software": [ { "type": "plugin", "name": "FrieChat - WordPress Chat Plugin", "slug": "friechat", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c542b535-f75c-4f63-a3d8-7f80139ac97e?source=api-scan" ], "published": "2015-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c544c86d-e414-49c2-ae57-3293b1a6409d": { "id": "c544c86d-e414-49c2-ae57-3293b1a6409d", "title": "WordPress Core < 3.5.1 - Server-Side Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c544c86d-e414-49c2-ae57-3293b1a6409d?source=api-scan" ], "published": "2013-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5451e21-2782-4d2b-8c2b-be12102e20c4": { "id": "c5451e21-2782-4d2b-8c2b-be12102e20c4", "title": "Card Elements for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Card Elements for Elementor", "slug": "card-elements-for-elementor", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5451e21-2782-4d2b-8c2b-be12102e20c4?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c54770f1-1409-4208-a4ab-0ff3dbc3835d": { "id": "c54770f1-1409-4208-a4ab-0ff3dbc3835d", "title": "Yoast SEO Premium <= 20.4 - Missing Authorization to Zapier Key Reset", "software": [ { "type": "plugin", "name": "Yoast SEO Premium", "slug": "wordpress-seo-premium", "affected_versions": { "* - 20.4": { "from_version": "*", "from_inclusive": true, "to_version": "20.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c54770f1-1409-4208-a4ab-0ff3dbc3835d?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c54d503f-9de5-496f-bd6d-2e417a5c1b67": { "id": "c54d503f-9de5-496f-bd6d-2e417a5c1b67", "title": "Picturesurf Gallery <= 1.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "picturesurf-gallery", "slug": "picturesurf-gallery", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c54d503f-9de5-496f-bd6d-2e417a5c1b67?source=api-scan" ], "published": "2012-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5519d4e-84b5-4901-b55c-a0a919f4b6c9": { "id": "c5519d4e-84b5-4901-b55c-a0a919f4b6c9", "title": "Active Products Tables for WooCommerce <= 1.0.6 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Active Products Tables for WooCommerce. Use constructor to create tables\u00a0", "slug": "profit-products-tables-for-woocommerce", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5519d4e-84b5-4901-b55c-a0a919f4b6c9?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c55487f9-dc8a-41a0-b052-625665c1543f": { "id": "c55487f9-dc8a-41a0-b052-625665c1543f", "title": "Easy US Sales Taxes Add-on for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy US Sales Taxes Add-on for iThemes Exchange", "slug": "exchange-addon-easy-us-sales-taxes", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c55487f9-dc8a-41a0-b052-625665c1543f?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c55792d6-3f31-4635-ad5c-17d03a5b2977": { "id": "c55792d6-3f31-4635-ad5c-17d03a5b2977", "title": "WordPress Related Posts <= 3.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Related Posts", "slug": "wordpress-23-related-posts-plugin", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c55792d6-3f31-4635-ad5c-17d03a5b2977?source=api-scan" ], "published": "2021-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c557fc55-3c0d-43ff-8575-32f669299b39": { "id": "c557fc55-3c0d-43ff-8575-32f669299b39", "title": "User IP and Location <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "User IP and Location", "slug": "user-ip-and-location", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c557fc55-3c0d-43ff-8575-32f669299b39?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c55ca7d4-6bc0-49c9-8ce0-50fff8775a76": { "id": "c55ca7d4-6bc0-49c9-8ce0-50fff8775a76", "title": "FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.37.7212": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.37.7212", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.39.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c55ca7d4-6bc0-49c9-8ce0-50fff8775a76?source=api-scan" ], "published": "2023-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c55e1d38-081c-4ef6-aad7-04ef52c6bee0": { "id": "c55e1d38-081c-4ef6-aad7-04ef52c6bee0", "title": "Commentator < 2.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "commentator", "slug": "commentator", "affected_versions": { "[*, 2.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c55e1d38-081c-4ef6-aad7-04ef52c6bee0?source=api-scan" ], "published": "2016-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c56b1dca-3841-48df-837e-7973940e74e3": { "id": "c56b1dca-3841-48df-837e-7973940e74e3", "title": "Breeze <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via breeze_api_token", "software": [ { "type": "plugin", "name": "Breeze \u2013 WordPress Cache Plugin", "slug": "breeze", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c56b1dca-3841-48df-837e-7973940e74e3?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c56e5250-7cbd-41f4-9b8c-79a644830708": { "id": "c56e5250-7cbd-41f4-9b8c-79a644830708", "title": "Frontend File Manager <= 21.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "* - 21.2": { "from_version": "*", "from_inclusive": true, "to_version": "21.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c56e5250-7cbd-41f4-9b8c-79a644830708?source=api-scan" ], "published": "2022-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c56ed896-9267-49e6-a207-fe5362fe18cd": { "id": "c56ed896-9267-49e6-a207-fe5362fe18cd", "title": "OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload", "software": [ { "type": "plugin", "name": "OoohBoi Steroids for Elementor", "slug": "ooohboi-steroids-for-elementor", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c56ed896-9267-49e6-a207-fe5362fe18cd?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5757abd-33dc-4751-bc55-afd944ff2341": { "id": "c5757abd-33dc-4751-bc55-afd944ff2341", "title": "Duplicator < 1.3.0 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5757abd-33dc-4751-bc55-afd944ff2341?source=api-scan" ], "published": "2023-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5782b71-3234-4e53-9b26-225472f604c5": { "id": "c5782b71-3234-4e53-9b26-225472f604c5", "title": "Advanced Form Integration <= 1.75.0 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "AFI \u2013 The Easiest Integration Plugin", "slug": "advanced-form-integration", "affected_versions": { "[*, 1.76.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.76.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.76.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5782b71-3234-4e53-9b26-225472f604c5?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c579825b-e92e-48d2-925e-d1fc81374c4a": { "id": "c579825b-e92e-48d2-925e-d1fc81374c4a", "title": "Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery via plugin_activation", "software": [ { "type": "plugin", "name": "Really Simple Google Tag Manager", "slug": "really-simple-google-tag-manager", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c579825b-e92e-48d2-925e-d1fc81374c4a?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c57bffc8-1ee5-4380-a78f-f4fc8c606861": { "id": "c57bffc8-1ee5-4380-a78f-f4fc8c606861", "title": "Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Scylla lite", "slug": "scylla-lite", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c57bffc8-1ee5-4380-a78f-f4fc8c606861?source=api-scan" ], "published": "2024-06-27 20:12:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c581616d-c9e7-46f2-9c2f-5e082a13fd0b": { "id": "c581616d-c9e7-46f2-9c2f-5e082a13fd0b", "title": "WordPress prettyPhoto <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter", "software": [ { "type": "plugin", "name": "WordPress prettyPhoto", "slug": "prettyphoto", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c581616d-c9e7-46f2-9c2f-5e082a13fd0b?source=api-scan" ], "published": "2024-06-05 15:42:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5820352-a271-43c6-950d-815402241362": { "id": "c5820352-a271-43c6-950d-815402241362", "title": "PowerPress <= 6.0.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 6.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5820352-a271-43c6-950d-815402241362?source=api-scan" ], "published": "2015-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c583ef34-ddec-4d6c-9685-ef4bce5e785e": { "id": "c583ef34-ddec-4d6c-9685-ef4bce5e785e", "title": "Inactive Logout <= 3.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Inactive Logout", "slug": "inactive-logout", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c583ef34-ddec-4d6c-9685-ef4bce5e785e?source=api-scan" ], "published": "2023-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c58a2de0-8bb3-4e48-889e-0a8f47ca2959": { "id": "c58a2de0-8bb3-4e48-889e-0a8f47ca2959", "title": "WP Database Backup <= 5.5 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "* - 5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c58a2de0-8bb3-4e48-889e-0a8f47ca2959?source=api-scan" ], "published": "2020-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c58d5a57-6b87-4a39-b995-c86fbc779565": { "id": "c58d5a57-6b87-4a39-b995-c86fbc779565", "title": "NextGEN Gallery <= 3.2.10 - SQL Injection", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "[*, 3.2.11)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c58d5a57-6b87-4a39-b995-c86fbc779565?source=api-scan" ], "published": "2019-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c58d9011-a082-48ca-b702-ef5563af2c66": { "id": "c58d9011-a082-48ca-b702-ef5563af2c66", "title": "Saphali Woocommerce Lite <= 1.8.13 - Cross-Site Request Forgery via 'woocommerce_saphali_page_s_l'", "software": [ { "type": "plugin", "name": "Saphali Woocommerce Lite", "slug": "saphali-woocommerce-lite", "affected_versions": { "* - 1.8.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c58d9011-a082-48ca-b702-ef5563af2c66?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c58fa0a0-0b22-42df-8d3a-c3de78e12aa7": { "id": "c58fa0a0-0b22-42df-8d3a-c3de78e12aa7", "title": "DW Question & Answer Pro <= 1.3.4 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "DW Question Answer Pro", "slug": "dw-question-answer-pro", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c58fa0a0-0b22-42df-8d3a-c3de78e12aa7?source=api-scan" ], "published": "2022-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c59195f5-bb77-4f96-bd5e-b871d663ccce": { "id": "c59195f5-bb77-4f96-bd5e-b871d663ccce", "title": "Filter & Grids <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Filter & Grids", "slug": "ymc-smart-filter", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c59195f5-bb77-4f96-bd5e-b871d663ccce?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c592887c-718c-46d7-8dc3-d337711471ee": { "id": "c592887c-718c-46d7-8dc3-d337711471ee", "title": "Next Page <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Next Page", "slug": "next-page", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c592887c-718c-46d7-8dc3-d337711471ee?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5960396-5320-4978-aa82-2e33700daa43": { "id": "c5960396-5320-4978-aa82-2e33700daa43", "title": "Essential Addons for Elementor -- Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5960396-5320-4978-aa82-2e33700daa43?source=api-scan" ], "published": "2024-09-10 17:52:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c596c278-4f16-4830-8e6e-5e1392d4d118": { "id": "c596c278-4f16-4830-8e6e-5e1392d4d118", "title": "PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode", "slug": "paypal-pay-buy-donation-and-cart-buttons-shortcode", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c596c278-4f16-4830-8e6e-5e1392d4d118?source=api-scan" ], "published": "2024-05-22 12:58:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c59871cc-2d62-4eea-a78b-19810570c47d": { "id": "c59871cc-2d62-4eea-a78b-19810570c47d", "title": "Easy Social Icons <= 3.2.0 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "[*, 3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c59871cc-2d62-4eea-a78b-19810570c47d?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c59a365c-7fed-431b-8c28-a3b04f9828fe": { "id": "c59a365c-7fed-431b-8c28-a3b04f9828fe", "title": "Striking <= 2.3.4 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "theme", "name": "Striking", "slug": "striking-r", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c59a365c-7fed-431b-8c28-a3b04f9828fe?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c59baad8-b888-4475-8371-645811a6b569": { "id": "c59baad8-b888-4475-8371-645811a6b569", "title": "Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Cloud Templates & Patterns collection", "slug": "templates-patterns-collection", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c59baad8-b888-4475-8371-645811a6b569?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c59cddfb-c434-4a69-9c1c-7d58f022c1aa": { "id": "c59cddfb-c434-4a69-9c1c-7d58f022c1aa", "title": "Download Manager <= 2.8.7 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c59cddfb-c434-4a69-9c1c-7d58f022c1aa?source=api-scan" ], "published": "2016-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c59f1784-da65-4e6d-b284-d65ee2196be9": { "id": "c59f1784-da65-4e6d-b284-d65ee2196be9", "title": "Responsive Slick Slider WordPress <= 1.4 - Authenticated (Contributor+) Content Injection", "software": [ { "type": "plugin", "name": "Responsive Slick Slider WordPress", "slug": "responsive-slick-slider", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c59f1784-da65-4e6d-b284-d65ee2196be9?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5a0b8fe-d284-4780-84b5-2e97fa96c99a": { "id": "c5a0b8fe-d284-4780-84b5-2e97fa96c99a", "title": "Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Content Blocks (Custom Post Widget)", "slug": "custom-post-widget", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5a0b8fe-d284-4780-84b5-2e97fa96c99a?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5a263d5-df39-412e-b40a-e06e23168b7e": { "id": "c5a263d5-df39-412e-b40a-e06e23168b7e", "title": "WC Marketplace <= 4.1.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 4.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5a263d5-df39-412e-b40a-e06e23168b7e?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5a404de-ee26-44af-9e4f-f93694da7a77": { "id": "c5a404de-ee26-44af-9e4f-f93694da7a77", "title": "XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XPlainer \u2013 Product FAQs for WooCommerce & AI FAQ Generator", "slug": "faq-for-woocommerce", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5a404de-ee26-44af-9e4f-f93694da7a77?source=api-scan" ], "published": "2024-07-08 19:41:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5a43f29-74d5-43ac-8c36-b4bc58942b9e": { "id": "c5a43f29-74d5-43ac-8c36-b4bc58942b9e", "title": "PVN Auth Popup <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "PVN Auth Popup", "slug": "pvn-auth-popup", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5a43f29-74d5-43ac-8c36-b4bc58942b9e?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5a5c209-0ccd-4fa9-b22d-05bb22247441": { "id": "c5a5c209-0ccd-4fa9-b22d-05bb22247441", "title": "OneLogin SAML-SSO Plugin < 2.1.6 - Authentication Bypass", "software": [ { "type": "plugin", "name": "OneLogin SAML SSO", "slug": "onelogin-saml-sso", "affected_versions": { "[*, 2.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5a5c209-0ccd-4fa9-b22d-05bb22247441?source=api-scan" ], "published": "2016-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5aa0006-435d-4874-8d71-659d5d72e702": { "id": "c5aa0006-435d-4874-8d71-659d5d72e702", "title": "10Web Social Photo Feed <= 1.4.28 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "10WebSocial", "slug": "wd-instagram-feed", "affected_versions": { "* - 1.4.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5aa0006-435d-4874-8d71-659d5d72e702?source=api-scan" ], "published": "2021-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5ab685c-1e58-43f3-a984-52afcfaa5aca": { "id": "c5ab685c-1e58-43f3-a984-52afcfaa5aca", "title": "Photocrati <= 4.8.0 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Photocrati", "slug": "photocrati-theme", "affected_versions": { "* - 4.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5ab685c-1e58-43f3-a984-52afcfaa5aca?source=api-scan" ], "published": "2014-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5ada976-03b8-4219-9ae3-9060fb7b9de5": { "id": "c5ada976-03b8-4219-9ae3-9060fb7b9de5", "title": "uListing <= 1.6.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5ada976-03b8-4219-9ae3-9060fb7b9de5?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5b0939a-1699-483c-9a4f-7978155e6ad1": { "id": "c5b0939a-1699-483c-9a4f-7978155e6ad1", "title": "Product Feed PRO for WooCommerce <= 12.4.0 - Cross-Site Request Forgery via update_project", "software": [ { "type": "plugin", "name": "Product Feed PRO for WooCommerce by AdTribes \u2013 WooCommerce Product Feeds", "slug": "woo-product-feed-pro", "affected_versions": { "* - 12.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "12.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5b0939a-1699-483c-9a4f-7978155e6ad1?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5b2e22c-3811-4bf8-a8da-2ca9c38333dc": { "id": "c5b2e22c-3811-4bf8-a8da-2ca9c38333dc", "title": "Realty Workstation <= 1.0.9 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Realty Workstation", "slug": "realty-workstation", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5b2e22c-3811-4bf8-a8da-2ca9c38333dc?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5b51ebf-4ae6-45b6-9eb3-dcfaeb8a06bd": { "id": "c5b51ebf-4ae6-45b6-9eb3-dcfaeb8a06bd", "title": "Shortcode Ninja <= 1.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "shortcode-ninja", "slug": "shortcode-ninja", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5b51ebf-4ae6-45b6-9eb3-dcfaeb8a06bd?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5b67927-5993-4e21-af52-8ebe7fee48ab": { "id": "c5b67927-5993-4e21-af52-8ebe7fee48ab", "title": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color'", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5b74908-65ed-4b6f-856f-e95cfd64f998": { "id": "c5b74908-65ed-4b6f-856f-e95cfd64f998", "title": "WP Abstracts <= 2.6.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Abstracts", "slug": "wp-abstracts-manuscripts-manager", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5b74908-65ed-4b6f-856f-e95cfd64f998?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5b9e53e-d2d3-40a0-adba-f489343c6ee6": { "id": "c5b9e53e-d2d3-40a0-adba-f489343c6ee6", "title": "System Dashboard <= 2.8.9 - Reflected Cross-Site Scripting via X-Forwarded-For", "software": [ { "type": "plugin", "name": "System Dashboard", "slug": "system-dashboard", "affected_versions": { "* - 2.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5b9e53e-d2d3-40a0-adba-f489343c6ee6?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5bd11c6-2f55-4eee-834a-c4e405482b9c": { "id": "c5bd11c6-2f55-4eee-834a-c4e405482b9c", "title": "Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.23": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5bd11c6-2f55-4eee-834a-c4e405482b9c?source=api-scan" ], "published": "2024-06-20 16:01:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5bf1c8c-97b0-412c-aa26-88fd7bbe7c8c": { "id": "c5bf1c8c-97b0-412c-aa26-88fd7bbe7c8c", "title": "Soundslides < 2.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Soundslides", "slug": "soundslides", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5bf1c8c-97b0-412c-aa26-88fd7bbe7c8c?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5bfa818-65e4-4b36-8b61-6f47b42eb6c5": { "id": "c5bfa818-65e4-4b36-8b61-6f47b42eb6c5", "title": "WordPress Core < 4.0.1 - Cross-Site Scripting via media-playlists", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.4": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true }, "3.8 - 3.8.4": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true }, "3.9 - 3.9.2": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true }, "4.0": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5", "3.8.5", "3.9.3", "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5bfa818-65e4-4b36-8b61-6f47b42eb6c5?source=api-scan" ], "published": "2014-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5c17dea-7b61-4e73-ac61-3fe536c22962": { "id": "c5c17dea-7b61-4e73-ac61-3fe536c22962", "title": "WooCommerce Products Vendor <= 2.1.65 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "* - 2.1.65": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5c17dea-7b61-4e73-ac61-3fe536c22962?source=api-scan" ], "published": "2022-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5c2beb1-9478-487d-b11a-654e68ca9c3d": { "id": "c5c2beb1-9478-487d-b11a-654e68ca9c3d", "title": "Bold Timeline Lite <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bold Timeline Lite", "slug": "bold-timeline-lite", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5c2beb1-9478-487d-b11a-654e68ca9c3d?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5c96063-a6ac-4325-9f44-a6f8344e00ef": { "id": "c5c96063-a6ac-4325-9f44-a6f8344e00ef", "title": "Woocommerce Social Media Share Buttons <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Social Media Share Buttons", "slug": "woocommerce-social-media-share-buttons", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5c96063-a6ac-4325-9f44-a6f8344e00ef?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5c9d5de-f0d0-4469-97cc-8a25740c8fde": { "id": "c5c9d5de-f0d0-4469-97cc-8a25740c8fde", "title": "Phone Orders for WooCommerce <= 3.7.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Phone Orders for WooCommerce", "slug": "phone-orders-for-woocommerce", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5c9d5de-f0d0-4469-97cc-8a25740c8fde?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5ce2d08-6e01-4a7c-a2d5-ba98639107a8": { "id": "c5ce2d08-6e01-4a7c-a2d5-ba98639107a8", "title": "MultiParcels Shipping For WooCommerce <= 1.15.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MultiParcels Shipping For WooCommerce", "slug": "multiparcels-shipping-for-woocommerce", "affected_versions": { "* - 1.15.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5ce2d08-6e01-4a7c-a2d5-ba98639107a8?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5d330cd-ad1f-451e-bf41-39cfeb296cf0": { "id": "c5d330cd-ad1f-451e-bf41-39cfeb296cf0", "title": "Pods - Custom Content Types and Fields - Missing Authorization", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "[*, 2.7.31)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.31", "to_inclusive": false }, "[2.8, 2.8.23.2)": { "from_version": "2.8", "from_inclusive": true, "to_version": "2.8.23.2", "to_inclusive": false }, "[3, 3.0.10.2)": { "from_version": "3", "from_inclusive": true, "to_version": "3.0.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.31.2", "2.8.23.2", "2.9.19.2", "3.0.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5d330cd-ad1f-451e-bf41-39cfeb296cf0?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5d39e9b-9753-4c87-8576-982f6744912f": { "id": "c5d39e9b-9753-4c87-8576-982f6744912f", "title": "Redirection <= 2.2.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirection", "affected_versions": { "[*, 2.2.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5d39e9b-9753-4c87-8576-982f6744912f?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5d6e18b-00d0-4f02-b56b-692170c08d99": { "id": "c5d6e18b-00d0-4f02-b56b-692170c08d99", "title": "Push Notifications for WordPress (Lite) < 6.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Push Notifications for WordPress (Lite)", "slug": "push-notifications-for-wp", "affected_versions": { "[*, 6.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5d6e18b-00d0-4f02-b56b-692170c08d99?source=api-scan" ], "published": "2021-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5d96be2-b89a-46b0-a4f1-da44f9b54b2d": { "id": "c5d96be2-b89a-46b0-a4f1-da44f9b54b2d", "title": "Page Builder: Live Composer <= 1.5.35 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Live Composer \u2013 Free WordPress Website Builder", "slug": "live-composer-page-builder", "affected_versions": { "* - 1.5.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5d96be2-b89a-46b0-a4f1-da44f9b54b2d?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5da24e6-442f-450c-91d3-581719dc7210": { "id": "c5da24e6-442f-450c-91d3-581719dc7210", "title": "Wordpress Clicksold IDX Plugin <= 1.90 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ClickSold IDX", "slug": "clicksold-wordpress-plugin", "affected_versions": { "* - 1.90": { "from_version": "*", "from_inclusive": true, "to_version": "1.90", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5da24e6-442f-450c-91d3-581719dc7210?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5decbb3-05a0-403f-918a-9b516df85778": { "id": "c5decbb3-05a0-403f-918a-9b516df85778", "title": "WP Contact Form <= 1.6 - Cross-Site Request Forgery via wpcf_adminpage", "software": [ { "type": "plugin", "name": "WP Contact Form", "slug": "wp-contact-form", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5decbb3-05a0-403f-918a-9b516df85778?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5e011d3-bd0f-46cb-9fb1-af06bcb7e307": { "id": "c5e011d3-bd0f-46cb-9fb1-af06bcb7e307", "title": "Advanced Text Widget <= 2.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Text Widget", "slug": "advanced-text-widget", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5e011d3-bd0f-46cb-9fb1-af06bcb7e307?source=api-scan" ], "published": "2012-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5e26a56-bba0-4204-bcb7-c5ec123a9b2d": { "id": "c5e26a56-bba0-4204-bcb7-c5ec123a9b2d", "title": "Link Whisper Free <= 0.6.5 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Link Whisper Free", "slug": "link-whisper", "affected_versions": { "* - 0.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5e26a56-bba0-4204-bcb7-c5ec123a9b2d?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5e516d6-eece-42d3-9349-29be685a3509": { "id": "c5e516d6-eece-42d3-9349-29be685a3509", "title": "Pure Chat \u2013 Live Chat Plugin & More! <= 2.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Pure Chat \u2013 Live Chat & More!", "slug": "pure-chat", "affected_versions": { "* - 2.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5e516d6-eece-42d3-9349-29be685a3509?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5e64adf-49b3-4e85-8dc1-918f7e92965b": { "id": "c5e64adf-49b3-4e85-8dc1-918f7e92965b", "title": "JetElements <= 2.6.20 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JetElements", "slug": "jet-elements", "affected_versions": { "* - 2.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5e64adf-49b3-4e85-8dc1-918f7e92965b?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5e66244-2b86-491b-9eca-19e42e7f2da8": { "id": "c5e66244-2b86-491b-9eca-19e42e7f2da8", "title": "Category Order and Taxonomy Terms Order <1.4.6.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Category Order and Taxonomy Terms Order", "slug": "taxonomy-terms-order", "affected_versions": { "[*, 1.4.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5e66244-2b86-491b-9eca-19e42e7f2da8?source=api-scan" ], "published": "2015-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5eb9b1f-39d5-4c5d-8fb3-71d4bbe5f43a": { "id": "c5eb9b1f-39d5-4c5d-8fb3-71d4bbe5f43a", "title": "Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5eb9b1f-39d5-4c5d-8fb3-71d4bbe5f43a?source=api-scan" ], "published": "2023-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5ee2ae1-ea25-46fa-bc7c-114d4f6f9b4b": { "id": "c5ee2ae1-ea25-46fa-bc7c-114d4f6f9b4b", "title": "Progress Planner <= 0.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Progress Planner", "slug": "progress-planner", "affected_versions": { "* - 0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5ee2ae1-ea25-46fa-bc7c-114d4f6f9b4b?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5f23c14-e9ed-474c-9acc-2d6d43201572": { "id": "c5f23c14-e9ed-474c-9acc-2d6d43201572", "title": "Toolpage <= 1.6.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Toolpage", "slug": "toolpage", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5f23c14-e9ed-474c-9acc-2d6d43201572?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5f30190-4576-4c2b-b069-72501538733b": { "id": "c5f30190-4576-4c2b-b069-72501538733b", "title": "MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5f30190-4576-4c2b-b069-72501538733b?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5f3e34d-07fb-4e49-a4e2-f8e92301b35e": { "id": "c5f3e34d-07fb-4e49-a4e2-f8e92301b35e", "title": "FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FreeMind WP Browser", "slug": "freemind-wp-browser", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5f3e34d-07fb-4e49-a4e2-f8e92301b35e?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5f6ae5d-7854-44c7-9fb8-efaa6e850d59": { "id": "c5f6ae5d-7854-44c7-9fb8-efaa6e850d59", "title": "Media Library Assistant <= 3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5f6ae5d-7854-44c7-9fb8-efaa6e850d59?source=api-scan" ], "published": "2023-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5fa2f02-4a81-4d49-b473-7447cd371244": { "id": "c5fa2f02-4a81-4d49-b473-7447cd371244", "title": "Recipes Writer <= 1.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recipes Writer", "slug": "recipes-writer", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5fa2f02-4a81-4d49-b473-7447cd371244?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5fcbb61-5f22-4333-bdd9-7d843dd7e45a": { "id": "c5fcbb61-5f22-4333-bdd9-7d843dd7e45a", "title": "TablePress <= 1.8 - XML External Entity Injection", "software": [ { "type": "plugin", "name": "TablePress \u2013 Tables in WordPress made easy", "slug": "tablepress", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5fcbb61-5f22-4333-bdd9-7d843dd7e45a?source=api-scan" ], "published": "2017-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5fe6884-4a31-4341-b30f-354b447f5313": { "id": "c5fe6884-4a31-4341-b30f-354b447f5313", "title": "Jigoshop Swipe plugin <= 3.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jigoshop Swipe plugin", "slug": "swipe-hq-checkout-for-jigoshop", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5fe6884-4a31-4341-b30f-354b447f5313?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c5fee6e4-b985-4190-953b-133bc90e47da": { "id": "c5fee6e4-b985-4190-953b-133bc90e47da", "title": "Freshmail <= 1.5.8 - Multiple SQL Injections", "software": [ { "type": "plugin", "name": "Freshmail for WordPress", "slug": "freshmail-newsletter", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c5fee6e4-b985-4190-953b-133bc90e47da?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c600e8d0-7fe1-408e-a51d-8519a9acceb1": { "id": "c600e8d0-7fe1-408e-a51d-8519a9acceb1", "title": "Login with phone number <= 1.6.93 - Missing Authorization", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.6.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c600e8d0-7fe1-408e-a51d-8519a9acceb1?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6025dd5-a1d7-48cc-90b3-f020d3d2298b": { "id": "c6025dd5-a1d7-48cc-90b3-f020d3d2298b", "title": "140+ Widgets | Xpro Addons For Elementor \u2013 FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid Widget", "software": [ { "type": "plugin", "name": "140+ Widgets | Xpro Addons For Elementor \u2013 FREE", "slug": "xpro-elementor-addons", "affected_versions": { "* - 1.4.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6025dd5-a1d7-48cc-90b3-f020d3d2298b?source=api-scan" ], "published": "2024-08-26 22:18:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6048ba9-671f-4729-9618-d7a0556a31e6": { "id": "c6048ba9-671f-4729-9618-d7a0556a31e6", "title": "Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6048ba9-671f-4729-9618-d7a0556a31e6?source=api-scan" ], "published": "2024-06-14 12:29:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c60f68e6-67f7-4a08-916c-83a1ab34fea6": { "id": "c60f68e6-67f7-4a08-916c-83a1ab34fea6", "title": "ImageMagick Sharpen Resized Images <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ImageMagick Sharpen Resized Images", "slug": "imagemagick-sharpen-resized-images", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c60f68e6-67f7-4a08-916c-83a1ab34fea6?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6168ee5-5df3-4d79-96bb-95029f2ac54b": { "id": "c6168ee5-5df3-4d79-96bb-95029f2ac54b", "title": "iThemes Security <= 4.6.12 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 4.6.13)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6168ee5-5df3-4d79-96bb-95029f2ac54b?source=api-scan" ], "published": "2015-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c619cb36-7216-4a23-96d2-57d8142be4af": { "id": "c619cb36-7216-4a23-96d2-57d8142be4af", "title": "Page\/Post Content Shortcode <= 1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Page\/Post Content Shortcode", "slug": "pagepost-content-shortcode", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c619cb36-7216-4a23-96d2-57d8142be4af?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c619e758-c71d-41cf-bff9-119ad9e3d9c4": { "id": "c619e758-c71d-41cf-bff9-119ad9e3d9c4", "title": "Post Grid and Gutenberg Blocks <= 2.2.89 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.89": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c619e758-c71d-41cf-bff9-119ad9e3d9c4?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c61b5668-18d8-42e0-9ee3-d26ab7424350": { "id": "c61b5668-18d8-42e0-9ee3-d26ab7424350", "title": "WP Category Post List Widget <= 2.0.3 - Cross-Site Request Forgery via gen_set_page", "software": [ { "type": "plugin", "name": "WP Category Post List Widget", "slug": "wp-category-posts-list", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c61b5668-18d8-42e0-9ee3-d26ab7424350?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c621e57e-8483-4dde-9c83-cc4522f92c1c": { "id": "c621e57e-8483-4dde-9c83-cc4522f92c1c", "title": "Simple Quotation <= 1.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Quotation", "slug": "simple-quotation", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c621e57e-8483-4dde-9c83-cc4522f92c1c?source=api-scan" ], "published": "2022-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c62860e2-8c89-4f1c-a7d8-ef13f545ad52": { "id": "c62860e2-8c89-4f1c-a7d8-ef13f545ad52", "title": "WordPress Payments Plugin | GetPaid <= 2.3.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Payment forms, Buy now buttons, and Invoicing System | GetPaid", "slug": "invoicing", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c62860e2-8c89-4f1c-a7d8-ef13f545ad52?source=api-scan" ], "published": "2021-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c62cb055-2816-40dc-b25b-395d7e230c9f": { "id": "c62cb055-2816-40dc-b25b-395d7e230c9f", "title": "GD bbPress Attachments <= 2.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD bbPress Attachments", "slug": "gd-bbpress-attachments", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c62cb055-2816-40dc-b25b-395d7e230c9f?source=api-scan" ], "published": "2018-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c62d8146-e4b1-4c86-9d8a-c3a9bbfb0763": { "id": "c62d8146-e4b1-4c86-9d8a-c3a9bbfb0763", "title": "Profile Builder \u2013 User Profile & User Registration Forms Plugin < 1.1.60 - Authentication Bypass", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "[*, 1.1.60)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.60", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c62d8146-e4b1-4c86-9d8a-c3a9bbfb0763?source=api-scan" ], "published": "2014-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c62ec31a-55e9-4404-b860-fa9a51ba3d3f": { "id": "c62ec31a-55e9-4404-b860-fa9a51ba3d3f", "title": "Essential Real Estate <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Essential Real Estate", "slug": "essential-real-estate", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c62ec31a-55e9-4404-b860-fa9a51ba3d3f?source=api-scan" ], "published": "2024-06-03 16:39:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c63048ad-3d37-402e-8e61-415d2d6caa69": { "id": "c63048ad-3d37-402e-8e61-415d2d6caa69", "title": "Form Lightbox <= 2.1 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Form Lightbox", "slug": "form-lightbox", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c63048ad-3d37-402e-8e61-415d2d6caa69?source=api-scan" ], "published": "2016-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c63079af-6a22-4692-ab81-96e166a00c38": { "id": "c63079af-6a22-4692-ab81-96e166a00c38", "title": "Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Arbitrary Settings Change", "software": [ { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "[*, 3.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c63079af-6a22-4692-ab81-96e166a00c38?source=api-scan" ], "published": "2021-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c63ddc62-a4f1-4da4-a65e-4573369d6c30": { "id": "c63ddc62-a4f1-4da4-a65e-4573369d6c30", "title": "Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c63e7dbb-af56-47b9-8206-5bef96754a38": { "id": "c63e7dbb-af56-47b9-8206-5bef96754a38", "title": "JobScout <= 1.1.4 - Cross-Site Request Forgery to Notice Dimissal", "software": [ { "type": "theme", "name": "JobScout", "slug": "jobscout", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c63e7dbb-af56-47b9-8206-5bef96754a38?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c63ff9d7-6a14-4186-8550-4e5c50855e7f": { "id": "c63ff9d7-6a14-4186-8550-4e5c50855e7f", "title": "Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode", "software": [ { "type": "plugin", "name": "Themify Shortcodes", "slug": "themify-shortcodes", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c63ff9d7-6a14-4186-8550-4e5c50855e7f?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c647beda-cf73-4372-975f-a8c8ed05217f": { "id": "c647beda-cf73-4372-975f-a8c8ed05217f", "title": "Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS Pro", "slug": "tutor-pro", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c647beda-cf73-4372-975f-a8c8ed05217f?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c648aace-93d9-46c9-bf10-80286c81422c": { "id": "c648aace-93d9-46c9-bf10-80286c81422c", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c648aace-93d9-46c9-bf10-80286c81422c?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c648fbb1-cc12-4334-b334-0f784542ab6d": { "id": "c648fbb1-cc12-4334-b334-0f784542ab6d", "title": "FormCraft Basic <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c648fbb1-cc12-4334-b334-0f784542ab6d?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c64956c3-b6f5-419e-82f3-3c9e90e1d677": { "id": "c64956c3-b6f5-419e-82f3-3c9e90e1d677", "title": "Subscribe To Comments Reloaded <= 220725 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Subscribe To Comments Reloaded", "slug": "subscribe-to-comments-reloaded", "affected_versions": { "* - 220725": { "from_version": "*", "from_inclusive": true, "to_version": "220725", "to_inclusive": true } }, "patched": true, "patched_versions": [ "240119" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c64956c3-b6f5-419e-82f3-3c9e90e1d677?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6670e56-ae81-4b1b-8274-bf355a411e92": { "id": "c6670e56-ae81-4b1b-8274-bf355a411e92", "title": "WordPress Core <= 2.1.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6670e56-ae81-4b1b-8274-bf355a411e92?source=api-scan" ], "published": "2007-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6683edc-8c77-446c-bd7e-e97b8c5d0c57": { "id": "c6683edc-8c77-446c-bd7e-e97b8c5d0c57", "title": "Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication", "software": [ { "type": "plugin", "name": "Gallery for Social Photo", "slug": "feed-instagram-lite", "affected_versions": { "* - 1.0.0.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6683edc-8c77-446c-bd7e-e97b8c5d0c57?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c66bc0b1-c157-4c05-ae9d-0927863c6b95": { "id": "c66bc0b1-c157-4c05-ae9d-0927863c6b95", "title": "Job Manager & Career <= 1.4.3 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Job Manager & Career \u2013 Manage job board listings, and recruitments", "slug": "job-manager-career", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c66bc0b1-c157-4c05-ae9d-0927863c6b95?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c66d88a1-0936-40c4-adcf-ad79b9c57a80": { "id": "c66d88a1-0936-40c4-adcf-ad79b9c57a80", "title": "Content Timeline <= 4.4.2 - SQL Injection", "software": [ { "type": "plugin", "name": "content_timeline", "slug": "content_timeline", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c66d88a1-0936-40c4-adcf-ad79b9c57a80?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c674bb2a-8ecf-4aea-a729-c9bdf4ee35fd": { "id": "c674bb2a-8ecf-4aea-a729-c9bdf4ee35fd", "title": "WordPress Core < 4.5.3 - Authorization Bypass to Remove Category Attribute", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.14": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.14", "to_inclusive": true }, "3.8 - 3.8.14": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true }, "3.9 - 3.9.12": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true }, "4.0 - 4.0.11": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true }, "4.1 - 4.1.11": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true }, "4.2 - 4.2.8": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.15", "3.8.15", "3.9.13", "4.0.12", "4.1.12", "4.2.9", "4.3.5", "4.4.4", "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c674bb2a-8ecf-4aea-a729-c9bdf4ee35fd?source=api-scan" ], "published": "2016-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c674ec32-7959-414a-8c31-3455bebb47bb": { "id": "c674ec32-7959-414a-8c31-3455bebb47bb", "title": "Simple Org Chart <= 2.3.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Simple Org Chart", "slug": "simple-org-chart", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c674ec32-7959-414a-8c31-3455bebb47bb?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c675f883-7e6f-43c3-a901-82ed2d2b3772": { "id": "c675f883-7e6f-43c3-a901-82ed2d2b3772", "title": "Better Notifications for WP <= 1.8.6 - Email Address Disclosure", "software": [ { "type": "plugin", "name": "Customize WordPress Emails and Alerts \u2013 Better Notifications for WP", "slug": "bnfw", "affected_versions": { "[*, 1.8.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c675f883-7e6f-43c3-a901-82ed2d2b3772?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c67b310c-4a27-427d-9f99-fab56f3f6580": { "id": "c67b310c-4a27-427d-9f99-fab56f3f6580", "title": "Add Categories Post Footer <= 2.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Categories Post Footer", "slug": "add-categories-post-footer", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c67b310c-4a27-427d-9f99-fab56f3f6580?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c67ee9bc-3626-4323-8b16-0fcae0db1991": { "id": "c67ee9bc-3626-4323-8b16-0fcae0db1991", "title": "Nudgify Social Proof, Sales Popup & FOMO <= 1.3.3 - Cross-Site Request Forgery via sync_orders_manually()", "software": [ { "type": "plugin", "name": "Nudgify Social Proof, Sales Popup & FOMO \u2013 Best WordPress Social Proof Plugin", "slug": "nudgify", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c67ee9bc-3626-4323-8b16-0fcae0db1991?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c681d1ac-a5d0-43f2-a1e4-0684cd56a3b8": { "id": "c681d1ac-a5d0-43f2-a1e4-0684cd56a3b8", "title": "ARMember <= 4.0.10 - Authenticated(Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c681d1ac-a5d0-43f2-a1e4-0684cd56a3b8?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6840350-7ff4-4ec2-bf2b-94ce6f782537": { "id": "c6840350-7ff4-4ec2-bf2b-94ce6f782537", "title": "Cost Calculator Builder Pro <= 3.1.72 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Cost Calculator Builder PRO", "slug": "cost-calculator-builder-pro", "affected_versions": { "* - 3.1.72": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6840350-7ff4-4ec2-bf2b-94ce6f782537?source=api-scan" ], "published": "2024-05-16 19:35:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c68a9b05-5e60-4d5f-9d00-a9a5b85271f2": { "id": "c68a9b05-5e60-4d5f-9d00-a9a5b85271f2", "title": "Team Members <= 5.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Members", "slug": "team-members", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c68a9b05-5e60-4d5f-9d00-a9a5b85271f2?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c68ec00c-20a5-461d-bf72-c3190d29c9cf": { "id": "c68ec00c-20a5-461d-bf72-c3190d29c9cf", "title": "WPUpper Share Buttons <= 3.43 - Missing Authorization", "software": [ { "type": "plugin", "name": "WPUpper Share Buttons", "slug": "wpupper-share-buttons", "affected_versions": { "* - 3.43": { "from_version": "*", "from_inclusive": true, "to_version": "3.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c68ec00c-20a5-461d-bf72-c3190d29c9cf?source=api-scan" ], "published": "2024-06-03 16:40:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6914c8c-50ae-482f-81cd-cbd28466f3a1": { "id": "c6914c8c-50ae-482f-81cd-cbd28466f3a1", "title": "Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress <= 1.7.2 - Authenticated (Author+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress", "slug": "contact-form-to-db", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6914c8c-50ae-482f-81cd-cbd28466f3a1?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c691d129-35db-4de8-a28e-5e77347e2280": { "id": "c691d129-35db-4de8-a28e-5e77347e2280", "title": "Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "[*, 1.15.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.15.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c691d129-35db-4de8-a28e-5e77347e2280?source=api-scan" ], "published": "2023-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c694f5e5-43eb-453c-98d7-0d575d53df1a": { "id": "c694f5e5-43eb-453c-98d7-0d575d53df1a", "title": "Contact Form 7 to Database Extension 2.10.32 - CSV Injection", "software": [ { "type": "plugin", "name": "Contact Form DB", "slug": "contact-form-7-to-database-extension", "affected_versions": { "2.10.32": { "from_version": "2.10.32", "from_inclusive": true, "to_version": "2.10.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c694f5e5-43eb-453c-98d7-0d575d53df1a?source=api-scan" ], "published": "2018-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6a02da1-b005-4fa9-9657-1c5f019f3858": { "id": "c6a02da1-b005-4fa9-9657-1c5f019f3858", "title": "WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6a02da1-b005-4fa9-9657-1c5f019f3858?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6a0811e-f02b-49d1-915e-cf7ac4b5e1f5": { "id": "c6a0811e-f02b-49d1-915e-cf7ac4b5e1f5", "title": "Power Zoomer <= 1.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Power Zoomer", "slug": "power-zoomer", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6a0811e-f02b-49d1-915e-cf7ac4b5e1f5?source=api-scan" ], "published": "2013-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6a3ae10-843f-484a-ad6c-221ffece7cc2": { "id": "c6a3ae10-843f-484a-ad6c-221ffece7cc2", "title": "Appointment Hour Booking <= 1.4.56 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "* - 1.4.56": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6a3ae10-843f-484a-ad6c-221ffece7cc2?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6a6fa09-f7bd-4ed0-8fdc-3f927b33af02": { "id": "c6a6fa09-f7bd-4ed0-8fdc-3f927b33af02", "title": "Unite Gallery Lite < 1.5 - Cross-Site Request Forgery and SQL Injection", "software": [ { "type": "plugin", "name": "Unite Gallery Lite", "slug": "unite-gallery-lite", "affected_versions": { "[*, 1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6a6fa09-f7bd-4ed0-8fdc-3f927b33af02?source=api-scan" ], "published": "2015-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6aa5b1d-e718-4c93-ab00-7fc343bbffba": { "id": "c6aa5b1d-e718-4c93-ab00-7fc343bbffba", "title": "Graphina <= 1.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Graphina \u2013 Elementor Charts and Graphs", "slug": "graphina-elementor-charts-and-graphs", "affected_versions": { "* - 1.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6aa5b1d-e718-4c93-ab00-7fc343bbffba?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6aaabe9-4f55-4c01-b350-573e6a944353": { "id": "c6aaabe9-4f55-4c01-b350-573e6a944353", "title": "ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6aaabe9-4f55-4c01-b350-573e6a944353?source=api-scan" ], "published": "2024-05-20 19:43:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6ae2633-caf6-4319-ba81-e71a673c89ee": { "id": "c6ae2633-caf6-4319-ba81-e71a673c89ee", "title": "WordPress Core < 4.2.4 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.9": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true }, "3.8 - 3.8.9": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.9", "to_inclusive": true }, "3.9 - 3.9.7": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": true }, "4.0 - 4.0.6": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true }, "4.1 - 4.1.6": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true }, "4.2 - 4.2.3": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.10", "3.8.10", "3.9.8", "4.0.7", "4.1.7", "4.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6ae2633-caf6-4319-ba81-e71a673c89ee?source=api-scan" ], "published": "2015-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6b079f5-715d-4fb3-bcaf-539412d5e956": { "id": "c6b079f5-715d-4fb3-bcaf-539412d5e956", "title": "MyBB Cross-Poster <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MyBB Cross-Poster", "slug": "mybb-cross-poster", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6b079f5-715d-4fb3-bcaf-539412d5e956?source=api-scan" ], "published": "2021-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6b17e90-42df-47ed-9e92-f5f1b990f921": { "id": "c6b17e90-42df-47ed-9e92-f5f1b990f921", "title": "Clock In Portal <= 2.1 - Cross-Site Request Forgery To Designation Deletion", "software": [ { "type": "plugin", "name": "Clock In Portal- Staff & Attendance Management", "slug": "clock-in-portal", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6b17e90-42df-47ed-9e92-f5f1b990f921?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6b395b1-c6fb-4ab9-b446-cba9e32ca65d": { "id": "c6b395b1-c6fb-4ab9-b446-cba9e32ca65d", "title": "Accessibility Suite by Online ADA < 2.0.11 - SQL Injection", "software": [ { "type": "plugin", "name": "Accessibility Suite by Ability, Inc", "slug": "online-accessibility", "affected_versions": { "[*, 2.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6b395b1-c6fb-4ab9-b446-cba9e32ca65d?source=api-scan" ], "published": "2019-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6b3d91c-591b-444d-888b-1b443e72afca": { "id": "c6b3d91c-591b-444d-888b-1b443e72afca", "title": "Domain Check <= 1.0.16 - Reflected Cross-Site Scripting via domain", "software": [ { "type": "plugin", "name": "Domain Check", "slug": "domain-check", "affected_versions": { "* - 1.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6b3d91c-591b-444d-888b-1b443e72afca?source=api-scan" ], "published": "2021-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6b3e014-fb08-41e9-a667-b70f96602134": { "id": "c6b3e014-fb08-41e9-a667-b70f96602134", "title": "Count Per Day <= 3.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6b3e014-fb08-41e9-a667-b70f96602134?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6b95cc2-c40b-40db-abd2-d66978cf55d1": { "id": "c6b95cc2-c40b-40db-abd2-d66978cf55d1", "title": "Salem Theme <= 1.5.5 - DOM-based Cross-Site Scripting", "software": [ { "type": "theme", "name": "salem", "slug": "salem", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6b95cc2-c40b-40db-abd2-d66978cf55d1?source=api-scan" ], "published": "2015-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6c1a446-055b-4ac4-bceb-451c0fbe6369": { "id": "c6c1a446-055b-4ac4-bceb-451c0fbe6369", "title": "MF Gig Calendar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MF Gig Calendar", "slug": "mf-gig-calendar", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6c1a446-055b-4ac4-bceb-451c0fbe6369?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6c370f5-087b-4e75-a726-b79bf792441b": { "id": "c6c370f5-087b-4e75-a726-b79bf792441b", "title": "Simple File List <= 4.4.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 4.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6c370f5-087b-4e75-a726-b79bf792441b?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6c93ec9-668d-4b8d-abc4-edd04cbf9839": { "id": "c6c93ec9-668d-4b8d-abc4-edd04cbf9839", "title": "BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BNE Testimonials", "slug": "bne-testimonials", "affected_versions": { "[*, 2.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6c93ec9-668d-4b8d-abc4-edd04cbf9839?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6cd7986-6d3b-426b-a539-8dc11f0d7b04": { "id": "c6cd7986-6d3b-426b-a539-8dc11f0d7b04", "title": "Client Dash <= 2.2.0 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Client Dash", "slug": "client-dash", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6cd7986-6d3b-426b-a539-8dc11f0d7b04?source=api-scan" ], "published": "2019-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6d45e18-7aa0-4f73-bf07-069870b467f4": { "id": "c6d45e18-7aa0-4f73-bf07-069870b467f4", "title": "WP-Paginate <= 2.1.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Paginate", "slug": "wp-paginate", "affected_versions": { "[*, 2.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6d45e18-7aa0-4f73-bf07-069870b467f4?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6d5275d-43d0-41f6-96c7-e7646eac4534": { "id": "c6d5275d-43d0-41f6-96c7-e7646eac4534", "title": "Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sydney Toolbox", "slug": "sydney-toolbox", "affected_versions": { "* - 1.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6d5275d-43d0-41f6-96c7-e7646eac4534?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6db680e-1fd4-420c-98f4-2b6dc5cf6781": { "id": "c6db680e-1fd4-420c-98f4-2b6dc5cf6781", "title": "EU\/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "EU\/UK VAT Manager for WooCommerce", "slug": "eu-vat-for-woocommerce", "affected_versions": { "* - 2.12.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6db680e-1fd4-420c-98f4-2b6dc5cf6781?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6e2710f-f51a-487d-a4bb-a19f614ff254": { "id": "c6e2710f-f51a-487d-a4bb-a19f614ff254", "title": "Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via manual review reminders", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "[*, 5.38.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.38.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.38.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6e2710f-f51a-487d-a4bb-a19f614ff254?source=api-scan" ], "published": "2023-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6e7ada1-c5ff-4a05-92e1-d681fc659956": { "id": "c6e7ada1-c5ff-4a05-92e1-d681fc659956", "title": "Per Page Add to Head <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Per page add to head", "slug": "per-page-add-to", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6e7ada1-c5ff-4a05-92e1-d681fc659956?source=api-scan" ], "published": "2021-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6e82b46-0b10-45fe-949e-dd94dd8656c0": { "id": "c6e82b46-0b10-45fe-949e-dd94dd8656c0", "title": "GMAce <= 1.5.2 - Cross-Site Request Forgery via gmace_manager_client", "software": [ { "type": "plugin", "name": "GMAce", "slug": "gmace", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6e82b46-0b10-45fe-949e-dd94dd8656c0?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6edff9f-9876-4824-b057-8acbda861ffa": { "id": "c6edff9f-9876-4824-b057-8acbda861ffa", "title": "Product Feed PRO for WooCommerce by AdTribes \u2013 WooCommerce Product Feeds for Google, Facebook\/Meta, Bing, & More <= 13.3.1 - Sensitive Information Exposure via Log Files", "software": [ { "type": "plugin", "name": "Product Feed PRO for WooCommerce by AdTribes \u2013 WooCommerce Product Feeds", "slug": "woo-product-feed-pro", "affected_versions": { "* - 13.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "13.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6edff9f-9876-4824-b057-8acbda861ffa?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6ef0c41-e498-4de6-a86a-d23f65a7a824": { "id": "c6ef0c41-e498-4de6-a86a-d23f65a7a824", "title": "Chained Quiz <= 1.0.8.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6ef0c41-e498-4de6-a86a-d23f65a7a824?source=api-scan" ], "published": "2018-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6efb471-3f6a-4ec0-a2cd-fc1154d48ef5": { "id": "c6efb471-3f6a-4ec0-a2cd-fc1154d48ef5", "title": "Form to Chat App <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form to Chat App \u26a1\ufe0f", "slug": "form-to-chat", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6efb471-3f6a-4ec0-a2cd-fc1154d48ef5?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6efb57a-9638-44d1-a8d1-8eeadcc81ecc": { "id": "c6efb57a-9638-44d1-a8d1-8eeadcc81ecc", "title": "Analytify \u2013 Google Analytics Dashboard For WordPress <= 4.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6efb57a-9638-44d1-a8d1-8eeadcc81ecc?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6f3b765-396f-422f-864d-a48bee8c69cb": { "id": "c6f3b765-396f-422f-864d-a48bee8c69cb", "title": "Quicksand Post Filter jQuery Plugin <= 3.1.1 - Missing Authorization via quicksand_admin_ajax", "software": [ { "type": "plugin", "name": "Quicksand Post Filter jQuery Plugin", "slug": "quicksand-jquery-post-filter", "affected_versions": { "* - 3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6f3b765-396f-422f-864d-a48bee8c69cb?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6f4ee5d-819d-4125-8cff-acf9811e2919": { "id": "c6f4ee5d-819d-4125-8cff-acf9811e2919", "title": "Podlove Podcast Publisher <= 4.0.12 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6f4ee5d-819d-4125-8cff-acf9811e2919?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6f68bfd-36c3-45f5-a50b-6803b5967e52": { "id": "c6f68bfd-36c3-45f5-a50b-6803b5967e52", "title": "Download from files <= 1.48 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Download from files", "slug": "download-from-files", "affected_versions": { "* - 1.48": { "from_version": "*", "from_inclusive": true, "to_version": "1.48", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6f68bfd-36c3-45f5-a50b-6803b5967e52?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6f7da0b-cc2c-43e5-8ae9-ef7d6d6f0ae9": { "id": "c6f7da0b-cc2c-43e5-8ae9-ef7d6d6f0ae9", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6f7da0b-cc2c-43e5-8ae9-ef7d6d6f0ae9?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c6fd7da8-d203-4076-8c7d-b8532d9d0bed": { "id": "c6fd7da8-d203-4076-8c7d-b8532d9d0bed", "title": "ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ELEX WooCommerce Dynamic Pricing and Discounts", "slug": "elex-woocommerce-dynamic-pricing-and-discounts", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c6fd7da8-d203-4076-8c7d-b8532d9d0bed?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7035903-d598-4db3-ba77-6e836229c5de": { "id": "c7035903-d598-4db3-ba77-6e836229c5de", "title": "Simple User Listing <= 1.9.2 - Reflected Cross-Site Scripting via as", "software": [ { "type": "plugin", "name": "Simple User Listing", "slug": "simple-user-listing", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7035903-d598-4db3-ba77-6e836229c5de?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c70865c8-3c63-4988-a1fd-f8f10c20228f": { "id": "c70865c8-3c63-4988-a1fd-f8f10c20228f", "title": "WP-CRM System <= 3.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress CRM Plugin \u2013 WP-CRM System", "slug": "wp-crm-system", "affected_versions": { "* - 3.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c70865c8-3c63-4988-a1fd-f8f10c20228f?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7088e84-a138-452b-bc4d-8ca9427ca8ae": { "id": "c7088e84-a138-452b-bc4d-8ca9427ca8ae", "title": "Embed Images in Comments < 0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Embed Images in Comments", "slug": "embed-comment-images", "affected_versions": { "[*, 0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7088e84-a138-452b-bc4d-8ca9427ca8ae?source=api-scan" ], "published": "2017-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c70bb3d6-6acd-46b2-8e47-30be031f73e4": { "id": "c70bb3d6-6acd-46b2-8e47-30be031f73e4", "title": "asMember <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "asMember", "slug": "asmember", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c70bb3d6-6acd-46b2-8e47-30be031f73e4?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c70ed02e-1183-475b-a110-4a2d8dbe610e": { "id": "c70ed02e-1183-475b-a110-4a2d8dbe610e", "title": "Nitro by WooRockets <= 1.7.9 - Missing Authorization to Arbitrary Plugin Installation", "software": [ { "type": "theme", "name": "Nitro by WooRockets", "slug": "wr-nitro", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c70ed02e-1183-475b-a110-4a2d8dbe610e?source=api-scan" ], "published": "2021-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7112f34-3055-4033-82ba-d59489cd8c6b": { "id": "c7112f34-3055-4033-82ba-d59489cd8c6b", "title": "Wise Chat <= 2.8.3 - CSV Injection", "software": [ { "type": "plugin", "name": "Wise Chat", "slug": "wise-chat", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7112f34-3055-4033-82ba-d59489cd8c6b?source=api-scan" ], "published": "2020-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7243f40-5cca-475a-bb27-44fab965bb0e": { "id": "c7243f40-5cca-475a-bb27-44fab965bb0e", "title": "Happy Addons for Elementor <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7243f40-5cca-475a-bb27-44fab965bb0e?source=api-scan" ], "published": "2024-05-15 19:30:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c726d8f0-7f2a-414b-9d73-a053921074d9": { "id": "c726d8f0-7f2a-414b-9d73-a053921074d9", "title": "MStore API <= 3.9.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c726d8f0-7f2a-414b-9d73-a053921074d9?source=api-scan" ], "published": "2023-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7296fdb-d5d6-4d4f-ac80-b9d5452191b4": { "id": "c7296fdb-d5d6-4d4f-ac80-b9d5452191b4", "title": "WP Symposium Pro < 16.01 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Symposium Pro", "slug": "wp-symposium-pro", "affected_versions": { "[*, 16.01)": { "from_version": "*", "from_inclusive": true, "to_version": "16.01", "to_inclusive": false } }, "patched": true, "patched_versions": [ "16.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7296fdb-d5d6-4d4f-ac80-b9d5452191b4?source=api-scan" ], "published": "2016-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c738e051-ad1c-4115-94d3-127dd5dff935": { "id": "c738e051-ad1c-4115-94d3-127dd5dff935", "title": "Your Journey <= 1.9.8 - Prototype Pollution to Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Your Journey", "slug": "yourjourney", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c738e051-ad1c-4115-94d3-127dd5dff935?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c73d4b78-72aa-409a-a787-898179773b82": { "id": "c73d4b78-72aa-409a-a787-898179773b82", "title": "Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.227": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.227", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.229" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c73d4b78-72aa-409a-a787-898179773b82?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c73dbc40-ba54-4836-9bb1-a35f95d5a077": { "id": "c73dbc40-ba54-4836-9bb1-a35f95d5a077", "title": "WordPress Job Board and Recruitment Plugin \u2013 JobWP <= 2.1 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WordPress Job Board and Recruitment Plugin \u2013 JobWP", "slug": "jobwp", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c73dbc40-ba54-4836-9bb1-a35f95d5a077?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c73e6889-78f1-4118-ba76-4cd696d24800": { "id": "c73e6889-78f1-4118-ba76-4cd696d24800", "title": "Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Backup by 10Web \u2013 Backup and Restore Plugin", "slug": "backup-wd", "affected_versions": { "* - 1.0.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c73e6889-78f1-4118-ba76-4cd696d24800?source=api-scan" ], "published": "2021-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c741350a-e083-499c-992d-727f46ca57f9": { "id": "c741350a-e083-499c-992d-727f46ca57f9", "title": "Simple Login Log < 1.1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Simple Login Log", "slug": "simple-login-log", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c741350a-e083-499c-992d-727f46ca57f9?source=api-scan" ], "published": "2017-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c74209e2-52cc-4ea1-967f-65fb9031e9a0": { "id": "c74209e2-52cc-4ea1-967f-65fb9031e9a0", "title": "Co-marquage service-public.fr <= 0.5.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Co-marquage service-public.fr", "slug": "co-marquage-service-public", "affected_versions": { "* - 0.5.71": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c74209e2-52cc-4ea1-967f-65fb9031e9a0?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c74553c0-366e-44d7-8c4a-161a05ef02b4": { "id": "c74553c0-366e-44d7-8c4a-161a05ef02b4", "title": "Templately <= 2.2.5 - Improper Authorization to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Templately \u2013 Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!", "slug": "templately", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c74553c0-366e-44d7-8c4a-161a05ef02b4?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7457ce7-8471-415d-8e34-4505aa34fd61": { "id": "c7457ce7-8471-415d-8e34-4505aa34fd61", "title": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.45": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7457ce7-8471-415d-8e34-4505aa34fd61?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c745b86b-8ab7-4e04-8888-65e43d568410": { "id": "c745b86b-8ab7-4e04-8888-65e43d568410", "title": "Sassy Social Share <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Sassy Social Share", "slug": "sassy-social-share", "affected_versions": { "* - 3.3.60": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.60", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c745b86b-8ab7-4e04-8888-65e43d568410?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7476f2c-c32f-4ff7-ad32-70cf68387342": { "id": "c7476f2c-c32f-4ff7-ad32-70cf68387342", "title": "Disqus Comment System < 2.76 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Disqus Comment System", "slug": "disqus-comment-system", "affected_versions": { "[*, 2.76)": { "from_version": "*", "from_inclusive": true, "to_version": "2.76", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7476f2c-c32f-4ff7-ad32-70cf68387342?source=api-scan" ], "published": "2014-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7528928-e677-4a2d-8ee1-78166d0c34df": { "id": "c7528928-e677-4a2d-8ee1-78166d0c34df", "title": "Catch Base <= 3.4.6 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Catch Base", "slug": "catch-base", "affected_versions": { "* - 3.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7528928-e677-4a2d-8ee1-78166d0c34df?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c75bfba9-b25a-4966-835c-8d22736de809": { "id": "c75bfba9-b25a-4966-835c-8d22736de809", "title": "UpdraftPlus WordPress Backup Plugin <= 1.9.50 - Nonce Leak to Authorization Bypass", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "[*, 1.9.51)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.51", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c75bfba9-b25a-4966-835c-8d22736de809?source=api-scan" ], "published": "2015-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c75e6d27-7f6b-4bec-b653-c2024504f427": { "id": "c75e6d27-7f6b-4bec-b653-c2024504f427", "title": "Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c75e6d27-7f6b-4bec-b653-c2024504f427?source=api-scan" ], "published": "2023-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7600fe1-94e4-4e3e-a9a6-ff3589813715": { "id": "c7600fe1-94e4-4e3e-a9a6-ff3589813715", "title": "Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "[*, 2.05.03)": { "from_version": "*", "from_inclusive": true, "to_version": "2.05.03", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.05.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=api-scan" ], "published": "2017-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c761f19e-3263-4fa5-90c0-d661f160ed3a": { "id": "c761f19e-3263-4fa5-90c0-d661f160ed3a", "title": "Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "integration-for-contact-form-7-and-pipedrive", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c761f19e-3263-4fa5-90c0-d661f160ed3a?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c763a8d8-c31a-4c9f-8f0e-814cda91b860": { "id": "c763a8d8-c31a-4c9f-8f0e-814cda91b860", "title": "Post Duplicator <= 2.23 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Duplicator", "slug": "post-duplicator", "affected_versions": { "[*, 2.24)": { "from_version": "*", "from_inclusive": true, "to_version": "2.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c763a8d8-c31a-4c9f-8f0e-814cda91b860?source=api-scan" ], "published": "2021-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7641d52-e930-4143-9180-2903d018da91": { "id": "c7641d52-e930-4143-9180-2903d018da91", "title": "Index Now <= 2.6.3 - Cross-Site Request Forgery via reset_form", "software": [ { "type": "plugin", "name": "Index Now SEO \u2013 Instant Indexing for Google, Bing, Yandex", "slug": "mihdan-index-now", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7641d52-e930-4143-9180-2903d018da91?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c76e7110-ff61-4fa9-8a29-b1b562187bb5": { "id": "c76e7110-ff61-4fa9-8a29-b1b562187bb5", "title": "WP Announcement <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Announcement | Dynamic Announcement, Banner, & Countdown Timer for Effective Promotions", "slug": "sp-announcement", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c76e7110-ff61-4fa9-8a29-b1b562187bb5?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7723579-33ca-4007-a6fa-31b15f3e70a1": { "id": "c7723579-33ca-4007-a6fa-31b15f3e70a1", "title": "Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tabs \u2013 Responsive Tabs with WooCommerce Product Tab Extension", "slug": "vc-tabs", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7723579-33ca-4007-a6fa-31b15f3e70a1?source=api-scan" ], "published": "2022-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c77295f3-0a37-4fa8-a375-b4bd3dc55945": { "id": "c77295f3-0a37-4fa8-a375-b4bd3dc55945", "title": "Contact Form Email < 1.1.48 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "[*, 1.1.48)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.48", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c77295f3-0a37-4fa8-a375-b4bd3dc55945?source=api-scan" ], "published": "2016-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c774b520-9d9f-4102-8564-49673d5ae1e6": { "id": "c774b520-9d9f-4102-8564-49673d5ae1e6", "title": "Transposh WordPress Translation <= 1.0.8.1 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c774b520-9d9f-4102-8564-49673d5ae1e6?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c77619cd-8d14-42b9-a536-cf39c50e714a": { "id": "c77619cd-8d14-42b9-a536-cf39c50e714a", "title": "Front End Upload < 0.5.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "front-end-upload", "slug": "front-end-upload", "affected_versions": { "* - 0.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c77619cd-8d14-42b9-a536-cf39c50e714a?source=api-scan" ], "published": "2012-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c77b0d79-5738-4ce2-b219-cb557216890f": { "id": "c77b0d79-5738-4ce2-b219-cb557216890f", "title": "Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated File Download w\/ Information Disclosure", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c77b0d79-5738-4ce2-b219-cb557216890f?source=api-scan" ], "published": "2019-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c77d94ae-528d-4525-b16d-96529bee08c0": { "id": "c77d94ae-528d-4525-b16d-96529bee08c0", "title": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.23 - Missing Authorization to Information Expsoure", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "* - 10.23": { "from_version": "*", "from_inclusive": true, "to_version": "10.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c77d94ae-528d-4525-b16d-96529bee08c0?source=api-scan" ], "published": "2024-05-29 19:55:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c77db815-e401-4410-b6ec-e6668dd988ab": { "id": "c77db815-e401-4410-b6ec-e6668dd988ab", "title": "WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WPIDE \u2013 File Manager & Code Editor", "slug": "wpide", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c77db815-e401-4410-b6ec-e6668dd988ab?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c77ef86e-ea5b-46fc-a3d7-d11a20f3f871": { "id": "c77ef86e-ea5b-46fc-a3d7-d11a20f3f871", "title": "EAN for WooCommerce <= 4.4.2 - Authenticated (Contributor+ )Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce", "slug": "ean-for-woocommerce", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c77ef86e-ea5b-46fc-a3d7-d11a20f3f871?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c77f6fff-8456-4979-90c3-52078ee12264": { "id": "c77f6fff-8456-4979-90c3-52078ee12264", "title": "Acobot Live Chat & Contact Form <= 2.0 - Cross-Site Request Forgery and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "acobot", "slug": "acobot", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c77f6fff-8456-4979-90c3-52078ee12264?source=api-scan" ], "published": "2015-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c77fce42-92e9-43bc-ab3b-599e036ed648": { "id": "c77fce42-92e9-43bc-ab3b-599e036ed648", "title": "WordPress Core < 3.4.1 - Cross-Site Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c77fce42-92e9-43bc-ab3b-599e036ed648?source=api-scan" ], "published": "2012-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c787d28e-c942-415d-8227-ce3e940fd0cc": { "id": "c787d28e-c942-415d-8227-ce3e940fd0cc", "title": "AGCA \u2013 Custom Dashboard & Login Page <= 7.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AGCA \u2013 Custom Dashboard & Login Page", "slug": "ag-custom-admin", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c787d28e-c942-415d-8227-ce3e940fd0cc?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c78acf9d-89bf-4c8f-b333-31a330701614": { "id": "c78acf9d-89bf-4c8f-b333-31a330701614", "title": "Sola Support Tickets < 3.13 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sola Support Tickets", "slug": "sola-support-tickets", "affected_versions": { "[*, 3.13)": { "from_version": "*", "from_inclusive": true, "to_version": "3.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c78acf9d-89bf-4c8f-b333-31a330701614?source=api-scan" ], "published": "2016-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c78ec44e-c3e4-410e-9937-46657664d6cb": { "id": "c78ec44e-c3e4-410e-9937-46657664d6cb", "title": "CodeColorer <= 0.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CodeColorer", "slug": "codecolorer", "affected_versions": { "* - 0.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c78ec44e-c3e4-410e-9937-46657664d6cb?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c793bf75-5e44-4511-9005-4175f349cef4": { "id": "c793bf75-5e44-4511-9005-4175f349cef4", "title": "MailUp newsletter sign-up form < 1.3.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MailUp newsletter sign-up form", "slug": "wp-mailup", "affected_versions": { "[*, 1.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c793bf75-5e44-4511-9005-4175f349cef4?source=api-scan" ], "published": "2013-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c793d7ad-987f-4b44-92aa-d0fdd66aa537": { "id": "c793d7ad-987f-4b44-92aa-d0fdd66aa537", "title": "Members List Plugin <= 4.3.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Members List Plugin", "slug": "members-list", "affected_versions": { "* - 4.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c793d7ad-987f-4b44-92aa-d0fdd66aa537?source=api-scan" ], "published": "2022-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c79587d8-56a9-4c1c-99dc-bc66194ffe52": { "id": "c79587d8-56a9-4c1c-99dc-bc66194ffe52", "title": "WP-UserOnline < 2.70 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-UserOnline", "slug": "wp-useronline", "affected_versions": { "* - 2.62": { "from_version": "*", "from_inclusive": true, "to_version": "2.62", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c79587d8-56a9-4c1c-99dc-bc66194ffe52?source=api-scan" ], "published": "2010-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c799a373-3c0e-4b77-9e51-0e6bd2ab4b7f": { "id": "c799a373-3c0e-4b77-9e51-0e6bd2ab4b7f", "title": "Car Repair Services & Auto Mechanic < 4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Car Repair Services & Auto Mechanic WordPress Theme + RTL", "slug": "car-repair-service", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c799a373-3c0e-4b77-9e51-0e6bd2ab4b7f?source=api-scan" ], "published": "2021-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c79a173d-b9c3-4554-95e7-2a4b87382079": { "id": "c79a173d-b9c3-4554-95e7-2a4b87382079", "title": "OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "OpenBook Book Data", "slug": "openbook-book-data", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c79a173d-b9c3-4554-95e7-2a4b87382079?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c79d781e-4c11-43e9-8c5f-aa89e8fbf635": { "id": "c79d781e-4c11-43e9-8c5f-aa89e8fbf635", "title": "Query Wrangler <= 1.5.51 - Reflected Cross-Site Scripting via page parameter", "software": [ { "type": "plugin", "name": "Query Wrangler", "slug": "query-wrangler", "affected_versions": { "* - 1.5.51": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c79d781e-4c11-43e9-8c5f-aa89e8fbf635?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c79fd08c-97bc-4d55-832e-92d0897bc3dc": { "id": "c79fd08c-97bc-4d55-832e-92d0897bc3dc", "title": "Protected Posts Logout Button <= 1.4.4 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Protected Posts Logout Button", "slug": "protected-posts-logout-button", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c79fd08c-97bc-4d55-832e-92d0897bc3dc?source=api-scan" ], "published": "2023-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7a34c76-34f0-42db-af90-b477a45b84d7": { "id": "c7a34c76-34f0-42db-af90-b477a45b84d7", "title": "canvasio3D Light <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "canvasio3D Light", "slug": "canvasio3d-light", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7a34c76-34f0-42db-af90-b477a45b84d7?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7a6eff3-a592-4476-aff4-c133bb4e5870": { "id": "c7a6eff3-a592-4476-aff4-c133bb4e5870", "title": "WP GPX Maps < 1.1.23 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP GPX Maps", "slug": "wp-gpx-maps", "affected_versions": { "[*, 1.1.23)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7a6eff3-a592-4476-aff4-c133bb4e5870?source=api-scan" ], "published": "2012-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7a7df90-a542-48cf-a58e-bcbddc978df2": { "id": "c7a7df90-a542-48cf-a58e-bcbddc978df2", "title": "PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission", "software": [ { "type": "plugin", "name": "PeproDev CF7 Database", "slug": "pepro-cf7-database", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7a7df90-a542-48cf-a58e-bcbddc978df2?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7a92dc0-f3bd-4133-b7c1-137eb7799d7f": { "id": "c7a92dc0-f3bd-4133-b7c1-137eb7799d7f", "title": "Mitm Bug Tracker <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mitm Bug Tracker", "slug": "mitm-bug-tracker", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7a92dc0-f3bd-4133-b7c1-137eb7799d7f?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7a97aeb-f34c-4997-864b-132bb5ed28e7": { "id": "c7a97aeb-f34c-4997-864b-132bb5ed28e7", "title": "KiviCare \u2013 Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection", "software": [ { "type": "plugin", "name": "KiviCare \u2013 Clinic & Patient Management System (EHR)", "slug": "kivicare-clinic-management-system", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7a97aeb-f34c-4997-864b-132bb5ed28e7?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7aa1f57-44c2-45ec-87a3-483f8dc9a957": { "id": "c7aa1f57-44c2-45ec-87a3-483f8dc9a957", "title": "FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.18.727": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.18.727", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.19.728" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7aa1f57-44c2-45ec-87a3-483f8dc9a957?source=api-scan" ], "published": "2022-04-04 05:25:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7aaff3e-0c81-4fe7-b162-569c517f6c49": { "id": "c7aaff3e-0c81-4fe7-b162-569c517f6c49", "title": "WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget", "software": [ { "type": "plugin", "name": "WPZOOM Addons for Elementor (Templates, Widgets)", "slug": "wpzoom-elementor-addons", "affected_versions": { "* - 1.1.36": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7aaff3e-0c81-4fe7-b162-569c517f6c49?source=api-scan" ], "published": "2024-05-14 10:38:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7ab5a00-ce1c-4d74-9192-c9834e2d702d": { "id": "c7ab5a00-ce1c-4d74-9192-c9834e2d702d", "title": "Visitor Traffic Real Time Statistics <= 6.7 - Missing Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Visitor Traffic Real Time Statistics", "slug": "visitors-traffic-real-time-statistics", "affected_versions": { "[*, 6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7ab5a00-ce1c-4d74-9192-c9834e2d702d?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7b540b9-cdf1-40ea-b693-c237e76c0958": { "id": "c7b540b9-cdf1-40ea-b693-c237e76c0958", "title": "Contact Form 7 Style <= 3.1.9 Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form 7 Style", "slug": "contact-form-7-style", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7b540b9-cdf1-40ea-b693-c237e76c0958?source=api-scan" ], "published": "2021-02-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7ba4218-5b60-4e72-b98d-7c95c9fc3d59": { "id": "c7ba4218-5b60-4e72-b98d-7c95c9fc3d59", "title": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels", "slug": "print-invoices-packing-slip-labels-for-woocommerce", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7bb055d-dd43-4c40-be30-325ecb6d7731": { "id": "c7bb055d-dd43-4c40-be30-325ecb6d7731", "title": "Amplus (Unspecified Version) - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Amplus", "slug": "amplus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7bb055d-dd43-4c40-be30-325ecb6d7731?source=api-scan" ], "published": "2013-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7bcd458-71bf-4961-a7ce-3f88593f6f5e": { "id": "c7bcd458-71bf-4961-a7ce-3f88593f6f5e", "title": "iFrame <= 4.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iframe", "slug": "iframe", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7bcd458-71bf-4961-a7ce-3f88593f6f5e?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7bfc7bf-19bb-43aa-95fc-7f4558699f41": { "id": "c7bfc7bf-19bb-43aa-95fc-7f4558699f41", "title": "WP Print Friendly <= 0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Print Friendly", "slug": "wp-print-friendly", "affected_versions": { "[*, 0.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7bfc7bf-19bb-43aa-95fc-7f4558699f41?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7c0a72a-08fe-4365-b762-93a96455a589": { "id": "c7c0a72a-08fe-4365-b762-93a96455a589", "title": "CB (legacy) <= 0.9.4.18 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CB (legacy)", "slug": "commons-booking", "affected_versions": { "* - 0.9.4.18": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7c0a72a-08fe-4365-b762-93a96455a589?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7c36911-4afe-4ac7-9a76-7365bb86f81c": { "id": "c7c36911-4afe-4ac7-9a76-7365bb86f81c", "title": "Advanced Contact Us Form Builder for WordPress <= 4.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "[*, 4.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7c36911-4afe-4ac7-9a76-7365bb86f81c?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7c8380b-02ae-49d2-8c64-debe7f73ee35": { "id": "c7c8380b-02ae-49d2-8c64-debe7f73ee35", "title": "Author Avatars List\/Block <= 2.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Author Avatars List\/Block", "slug": "author-avatars", "affected_versions": { "* - 2.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7c8380b-02ae-49d2-8c64-debe7f73ee35?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7cdf109-a9ce-4b1e-ac4d-07c5eee550cf": { "id": "c7cdf109-a9ce-4b1e-ac4d-07c5eee550cf", "title": "Block for Font Awesome <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Block for Font Awesome", "slug": "block-for-font-awesome", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7cdf109-a9ce-4b1e-ac4d-07c5eee550cf?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7cdfa6a-1555-494f-9802-bf92b90e7d9a": { "id": "c7cdfa6a-1555-494f-9802-bf92b90e7d9a", "title": "Helloprint <= 1.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Plug your WooCommerce into the largest catalog of customized print products from Helloprint", "slug": "helloprint", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7cdfa6a-1555-494f-9802-bf92b90e7d9a?source=api-scan" ], "published": "2022-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7d04f7d-d114-4104-a7cb-298c148e2b6d": { "id": "c7d04f7d-d114-4104-a7cb-298c148e2b6d", "title": "WordPress Core <= 2.1.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true }, "2.1 - 2.1.2": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.10", "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7d04f7d-d114-4104-a7cb-298c148e2b6d?source=api-scan" ], "published": "2007-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7d215e9-e615-46ab-b0b8-b37f10cfae98": { "id": "c7d215e9-e615-46ab-b0b8-b37f10cfae98", "title": "ZeroBounce Email Verification & Validation <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ZeroBounce Email Verification & Validation", "slug": "zerobounce", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7d215e9-e615-46ab-b0b8-b37f10cfae98?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7d3edf5-245f-42f2-9add-e87de6839ed1": { "id": "c7d3edf5-245f-42f2-9add-e87de6839ed1", "title": "CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "CITS Support SVG, WEBP, ICO Media and TTF,OTF File Upload", "slug": "cits-support-svg-webp-media-upload", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7d3edf5-245f-42f2-9add-e87de6839ed1?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7d667af-d15f-4fe0-91af-36a3ed314760": { "id": "c7d667af-d15f-4fe0-91af-36a3ed314760", "title": "Photoxhibit <= 2.1.8 - Reflected Cross-Site Scripting via gid", "software": [ { "type": "plugin", "name": "PhotoXhibit", "slug": "photoxhibit", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7d667af-d15f-4fe0-91af-36a3ed314760?source=api-scan" ], "published": "2016-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7e1028e-e04b-46c4-b574-889d9fc1069d": { "id": "c7e1028e-e04b-46c4-b574-889d9fc1069d", "title": "Elementor Website Builder \u2013 More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.21.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.21.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.21.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7e1028e-e04b-46c4-b574-889d9fc1069d?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7e3a8ee-9950-4da4-8450-8b5902b3b876": { "id": "c7e3a8ee-9950-4da4-8450-8b5902b3b876", "title": "User Verification <= 1.0.93 - Privilege Escalation", "software": [ { "type": "plugin", "name": "User Verification \u2013 Email Verification, Email OTP, Block Spam Email, Passwordless login", "slug": "user-verification", "affected_versions": { "* - 1.0.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7e3a8ee-9950-4da4-8450-8b5902b3b876?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7f10f62-98cf-4629-9a48-59a42490276d": { "id": "c7f10f62-98cf-4629-9a48-59a42490276d", "title": "Catch Themes Demo Import <= 2.1 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Catch Themes Demo Import", "slug": "catch-themes-demo-import", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7f10f62-98cf-4629-9a48-59a42490276d?source=api-scan" ], "published": "2022-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7f1ffba-bae2-4f69-ac96-c4570d36eb73": { "id": "c7f1ffba-bae2-4f69-ac96-c4570d36eb73", "title": "Woocommerce OpenPos <= 6.4.4 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Openpos - WooCommerce Point Of Sale(POS)", "slug": "woocommerce-openpos", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7f1ffba-bae2-4f69-ac96-c4570d36eb73?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7f7b6b1-61d6-4911-ad1f-16a14c16618d": { "id": "c7f7b6b1-61d6-4911-ad1f-16a14c16618d", "title": "uTubeVideo Gallery <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "uTubeVideo Gallery", "slug": "utubevideo-gallery", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7f7b6b1-61d6-4911-ad1f-16a14c16618d?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7fe06c1-fe51-42b5-9c56-cb9e6513f4af": { "id": "c7fe06c1-fe51-42b5-9c56-cb9e6513f4af", "title": "uListing <= 2.0.5 - Cross-Site Request Forgery leading to Settings Change", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7fe06c1-fe51-42b5-9c56-cb9e6513f4af?source=api-scan" ], "published": "2021-07-27 04:44:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c7fef895-95d3-4106-94f1-52f8044c3b62": { "id": "c7fef895-95d3-4106-94f1-52f8044c3b62", "title": "FGallery Plus (All Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FGallery Plus", "slug": "fgallery_plus", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c7fef895-95d3-4106-94f1-52f8044c3b62?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c801dfe6-a39f-4212-9cd7-71ef921c43ef": { "id": "c801dfe6-a39f-4212-9cd7-71ef921c43ef", "title": "Content Audit <= 1.9.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Audit", "slug": "content-audit", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c801dfe6-a39f-4212-9cd7-71ef921c43ef?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8065d25-2ded-4021-a53d-204242db0915": { "id": "c8065d25-2ded-4021-a53d-204242db0915", "title": "Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Registration Forms Builder for WooCommerce", "slug": "addify-custom-registration-forms-builder", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] }, { "type": "plugin", "name": "Custom Fields for WooCommerce", "slug": "addify-custom-fields-for-woocommerce", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "WooCommerce Product Labels and Stickets", "slug": "addify-product-labels-and-stickers", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Product Dynamic Pricing and Discounts for WooCommerce", "slug": "addify-product-dynamic-pricing-and-discounts", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooCommerce Abandoned Cart Recovery", "slug": "addify-abandoned-cart-recovery", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] }, { "type": "plugin", "name": "WooCommerce Checkout Field Manager", "slug": "addify-checkout-fields-manager", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] }, { "type": "plugin", "name": "WooCommerce Order Tracking", "slug": "addify-order-tracking-for-woocommerce", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] }, { "type": "plugin", "name": "WooCommerce Advanced Free Gifts", "slug": "addify-free-gifts-woocommerce", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] }, { "type": "plugin", "name": "Image Watermark for WooCommerce", "slug": "addify-image-watermark-for-woocommerce", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] }, { "type": "plugin", "name": "WooCommerce Gift Registry", "slug": "addify-gift-registry-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooCommerce Order Approval", "slug": "addify-order-approval-woocommerce", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Price Calculator for WooCommerce", "slug": "addify-price-calculator-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooCommerce Custom Order Number", "slug": "addify-custom-order-number", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c80833c3-8ffc-41a1-8d11-dafa962191fd": { "id": "c80833c3-8ffc-41a1-8d11-dafa962191fd", "title": "Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Product Feed PRO for WooCommerce by AdTribes \u2013 WooCommerce Product Feeds", "slug": "woo-product-feed-pro", "affected_versions": { "* - 12.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "12.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c80833c3-8ffc-41a1-8d11-dafa962191fd?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c80d994e-997f-457b-b6f9-3589815dc86e": { "id": "c80d994e-997f-457b-b6f9-3589815dc86e", "title": "WP Database Backup <= 4.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "[*, 4.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c80d994e-997f-457b-b6f9-3589815dc86e?source=api-scan" ], "published": "2016-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c80e6f0b-ccca-4755-b64e-cfcebc5cc1fe": { "id": "c80e6f0b-ccca-4755-b64e-cfcebc5cc1fe", "title": "WP Sticky Button <= 1.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Sticky Button \u2013 Click to Chat", "slug": "wa-sticky-button", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c80e6f0b-ccca-4755-b64e-cfcebc5cc1fe?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c814924a-bdcd-4b73-905b-a469f4d37ddf": { "id": "c814924a-bdcd-4b73-905b-a469f4d37ddf", "title": "Post Pay Counter < 2.731 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Post Pay Counter", "slug": "post-pay-counter", "affected_versions": { "[*, 2.731)": { "from_version": "*", "from_inclusive": true, "to_version": "2.731", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.731" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c814924a-bdcd-4b73-905b-a469f4d37ddf?source=api-scan" ], "published": "2017-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c81b2dca-d830-4901-8b16-5feb7cd1a4d5": { "id": "c81b2dca-d830-4901-8b16-5feb7cd1a4d5", "title": "Themify PTB Search Addon <= 1.3.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Post Type Builder (PTB) Search Addon", "slug": "themify-ptb-search", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c81b2dca-d830-4901-8b16-5feb7cd1a4d5?source=api-scan" ], "published": "2022-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c820003b-8f30-4557-a282-e3ad7e403062": { "id": "c820003b-8f30-4557-a282-e3ad7e403062", "title": "GiveWP <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c820003b-8f30-4557-a282-e3ad7e403062?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c824823c-68d0-4f41-ac22-c517763357eb": { "id": "c824823c-68d0-4f41-ac22-c517763357eb", "title": "Traveler \u2013 Travel Booking WordPress Theme < 2.7.8.6 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Travel Booking WordPress Theme", "slug": "traveler", "affected_versions": { "[*, 2.7.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c824823c-68d0-4f41-ac22-c517763357eb?source=api-scan" ], "published": "2020-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c829217a-c5be-4713-bbf4-c1ba829c1187": { "id": "c829217a-c5be-4713-bbf4-c1ba829c1187", "title": "Affiliate For WooCommerce <= 4.7.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Affiliate For WooCommerce", "slug": "affiliate-for-woocommerce", "affected_versions": { "* - 4.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c829217a-c5be-4713-bbf4-c1ba829c1187?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c829894f-05b8-4c65-9f3a-3a5d6e212cde": { "id": "c829894f-05b8-4c65-9f3a-3a5d6e212cde", "title": "Quiz And Survey Master <= 7.3.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c829894f-05b8-4c65-9f3a-3a5d6e212cde?source=api-scan" ], "published": "2022-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c82e24a3-8000-4aa5-953e-11415b94909b": { "id": "c82e24a3-8000-4aa5-953e-11415b94909b", "title": "Tutor LMS <= 2.7.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c82e24a3-8000-4aa5-953e-11415b94909b?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8313827-f3ce-451d-869a-99684f58daff": { "id": "c8313827-f3ce-451d-869a-99684f58daff", "title": "WordPress Core < 2.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8313827-f3ce-451d-869a-99684f58daff?source=api-scan" ], "published": "2006-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c83df43e-286d-4695-9c37-bee2870fd3b5": { "id": "c83df43e-286d-4695-9c37-bee2870fd3b5", "title": "Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms", "slug": "stop-spammer-registrations-plugin", "affected_versions": { "* - 2022.6": { "from_version": "*", "from_inclusive": true, "to_version": "2022.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2023" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c83df43e-286d-4695-9c37-bee2870fd3b5?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8416840-c022-40a1-bcd3-17b34df11d95": { "id": "c8416840-c022-40a1-bcd3-17b34df11d95", "title": "ProfilePress <= 4.5.3 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8416840-c022-40a1-bcd3-17b34df11d95?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8440240-f652-4372-9ed8-f3eb3b8336e0": { "id": "c8440240-f652-4372-9ed8-f3eb3b8336e0", "title": "Insights from Google PageSpeed <= 4.0.6 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Insights from Google PageSpeed", "slug": "google-pagespeed-insights", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8440240-f652-4372-9ed8-f3eb3b8336e0?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8452e54-7a81-4921-b531-8cb3b0953dab": { "id": "c8452e54-7a81-4921-b531-8cb3b0953dab", "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "software": [ { "type": "plugin", "name": "HT Mega \u2013 Absolute Addons For Elementor", "slug": "ht-mega-for-elementor", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8452e54-7a81-4921-b531-8cb3b0953dab?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c84e274e-292f-4d0f-b847-4a786b4cb15a": { "id": "c84e274e-292f-4d0f-b847-4a786b4cb15a", "title": "WordPress Core < 2.1 - Directory Traversal", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c84e274e-292f-4d0f-b847-4a786b4cb15a?source=api-scan" ], "published": "2007-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8582af5-92e9-43ef-836f-d87d5cf827d8": { "id": "c8582af5-92e9-43ef-836f-d87d5cf827d8", "title": "Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8582af5-92e9-43ef-836f-d87d5cf827d8?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c85c13ed-6981-4062-8aca-800721b28b88": { "id": "c85c13ed-6981-4062-8aca-800721b28b88", "title": "WxSync <= 2.7.24 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WxSync-\u6807\u51c6\u4e91\u5fae\u4fe1\u516c\u4f17\u53f7\u6587\u7ae0\u514d\u8d39\u91c7\u96c6-\u4efb\u610f\u516c\u4f17\u53f7\u81ea\u52a8\u91c7\u96c6\u4ed8\u8d39\u8d2d\u4e70", "slug": "wxsync", "affected_versions": { "* - 2.7.24": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.24", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c85c13ed-6981-4062-8aca-800721b28b88?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c85f6c1b-673d-4fe9-acef-a15d90fcf414": { "id": "c85f6c1b-673d-4fe9-acef-a15d90fcf414", "title": "Quizlord <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quizlord", "slug": "quizlord", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c85f6c1b-673d-4fe9-acef-a15d90fcf414?source=api-scan" ], "published": "2022-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c85fa04e-477e-4ac9-b112-02b2ab18ca32": { "id": "c85fa04e-477e-4ac9-b112-02b2ab18ca32", "title": "Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Extensive VC Addons for WPBakery page builder", "slug": "extensive-vc-addon", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c85fa04e-477e-4ac9-b112-02b2ab18ca32?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8647c44-4879-4895-bd07-19f7d62a7326": { "id": "c8647c44-4879-4895-bd07-19f7d62a7326", "title": "Weaver Show Posts <= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name", "software": [ { "type": "plugin", "name": "Weaver Show Posts", "slug": "show-posts", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8647c44-4879-4895-bd07-19f7d62a7326?source=api-scan" ], "published": "2023-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8661bd7-65b7-4277-81a0-fd410ae0ee1b": { "id": "c8661bd7-65b7-4277-81a0-fd410ae0ee1b", "title": "Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8661bd7-65b7-4277-81a0-fd410ae0ee1b?source=api-scan" ], "published": "2022-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c866b3b7-50cf-41a5-bdc2-60384b15df79": { "id": "c866b3b7-50cf-41a5-bdc2-60384b15df79", "title": "CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "[*, 2.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c866b3b7-50cf-41a5-bdc2-60384b15df79?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c86e5cfd-f450-48d6-819e-5345fc0fdfc8": { "id": "c86e5cfd-f450-48d6-819e-5345fc0fdfc8", "title": "Ninja Tables <= 5.0.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ninja Tables \u2013 Easiest Data Table Builder", "slug": "ninja-tables", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c86e5cfd-f450-48d6-819e-5345fc0fdfc8?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c86f157e-e7f2-4b00-977c-c4cc7c2b3b0b": { "id": "c86f157e-e7f2-4b00-977c-c4cc7c2b3b0b", "title": "SalesKing <= 1.6.15 - Missing Authorization to Settings Change", "software": [ { "type": "plugin", "name": "salesking", "slug": "salesking", "affected_versions": { "* - 1.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c86f157e-e7f2-4b00-977c-c4cc7c2b3b0b?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c873c76a-144e-4945-8fa2-c9ffe0e3c061": { "id": "c873c76a-144e-4945-8fa2-c9ffe0e3c061", "title": "Elementor Website Builder <= 3.16.4 - Missing Authorization to Arbitrary Attachment Read", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c873c76a-144e-4945-8fa2-c9ffe0e3c061?source=api-scan" ], "published": "2023-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c873d838-58e8-4f69-bccb-6d1de8d91877": { "id": "c873d838-58e8-4f69-bccb-6d1de8d91877", "title": "Login as User or Customer <= 2.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Login as User or Customer", "slug": "login-as-customer-or-user", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c873d838-58e8-4f69-bccb-6d1de8d91877?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c874c643-ceb6-4646-adfa-6cd7393bb4f5": { "id": "c874c643-ceb6-4646-adfa-6cd7393bb4f5", "title": "SEO Plugin by Squirrly SEO <= 12.3.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "* - 12.3.16": { "from_version": "*", "from_inclusive": true, "to_version": "12.3.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.3.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c874c643-ceb6-4646-adfa-6cd7393bb4f5?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c877ac24-a6da-4e61-a669-a0224c9e3bb5": { "id": "c877ac24-a6da-4e61-a669-a0224c9e3bb5", "title": "Fancy Elementor Flipbox <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Elementor Flipbox Widget", "software": [ { "type": "plugin", "name": "Fancy Elementor Flipbox", "slug": "fancy-elementor-flipbox", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c877ac24-a6da-4e61-a669-a0224c9e3bb5?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c879123c-531e-43d8-a7d3-16a3c86b68a3": { "id": "c879123c-531e-43d8-a7d3-16a3c86b68a3", "title": "Calculated Fields Form <= 1.2.40 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.2.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c879123c-531e-43d8-a7d3-16a3c86b68a3?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c87a80ad-27bf-404d-8adf-9acc91354515": { "id": "c87a80ad-27bf-404d-8adf-9acc91354515", "title": "Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy)", "slug": "google-analytics-for-wordpress", "affected_versions": { "* - 8.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.14.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c87a80ad-27bf-404d-8adf-9acc91354515?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c87e8245-236f-4ab8-837b-c5eeec92bb0c": { "id": "c87e8245-236f-4ab8-837b-c5eeec92bb0c", "title": "Maintenance & Coming Soon Redirect Animation <= 2.1.3 - IP Spoofing to Bypass", "software": [ { "type": "plugin", "name": "Maintenance & Coming Soon Redirect Animation", "slug": "maintenance-coming-soon-redirect-animation", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c87e8245-236f-4ab8-837b-c5eeec92bb0c?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c881ddce-05f8-4b56-ac72-52c9b7773db0": { "id": "c881ddce-05f8-4b56-ac72-52c9b7773db0", "title": "WP Prayer <= 1.5.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Prayer", "slug": "wp-prayer", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c881ddce-05f8-4b56-ac72-52c9b7773db0?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c884af7a-cd66-4f38-887d-a782ffb32219": { "id": "c884af7a-cd66-4f38-887d-a782ffb32219", "title": "AffiliateWP < 2.0.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AffiliateWP", "slug": "AffiliateWP", "affected_versions": { "[*, 2.0.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c884af7a-cd66-4f38-887d-a782ffb32219?source=api-scan" ], "published": "2017-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c892e5da-bab2-4689-bad0-4b4789015113": { "id": "c892e5da-bab2-4689-bad0-4b4789015113", "title": "Listing, Classified Ads & Business Directory \u2013 uListing <= 2.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c892e5da-bab2-4689-bad0-4b4789015113?source=api-scan" ], "published": "2021-07-27 04:26:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8958931-36be-47b7-9262-3061cff9be22": { "id": "c8958931-36be-47b7-9262-3061cff9be22", "title": "Amerisale-Re (All Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "amerisale-re", "slug": "amerisale-re", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8958931-36be-47b7-9262-3061cff9be22?source=api-scan" ], "published": "2013-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c896da97-3100-43a8-a5e0-44b61c4431fd": { "id": "c896da97-3100-43a8-a5e0-44b61c4431fd", "title": "Juicer <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Juicer.io: Effortlessly embed, curate, and aggregate social media feeds into your website", "slug": "juicer", "affected_versions": { "* - 1.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c896da97-3100-43a8-a5e0-44b61c4431fd?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8970d08-6c75-4dbb-ad24-6d9ba4c07530": { "id": "c8970d08-6c75-4dbb-ad24-6d9ba4c07530", "title": "WooCommerce Warranty Requests <= 2.2.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Warranty Requests", "slug": "woocommerce-warranty", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8970d08-6c75-4dbb-ad24-6d9ba4c07530?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c89a8001-ab50-466c-aa51-62c0ff5f86dc": { "id": "c89a8001-ab50-466c-aa51-62c0ff5f86dc", "title": "GS Logo Slider <= 3.5.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation", "slug": "gs-logo-slider", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c89a8001-ab50-466c-aa51-62c0ff5f86dc?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0": { "id": "c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0", "title": "Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Order Export For WooCommerce", "slug": "woo-order-export-lite", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0?source=api-scan" ], "published": "2020-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c89d56e2-68aa-4caf-bc1b-9aa32ec11ba3": { "id": "c89d56e2-68aa-4caf-bc1b-9aa32ec11ba3", "title": "Gravity Forms <= 2.0.6.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gravity Forms", "slug": "gravityforms", "affected_versions": { "* - 2.0.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c89d56e2-68aa-4caf-bc1b-9aa32ec11ba3?source=api-scan" ], "published": "2016-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8a1127c-308d-4347-bd42-2071b906e247": { "id": "c8a1127c-308d-4347-bd42-2071b906e247", "title": "Email Users <= 4.8.8 - Arbitrary Settings Update via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Email Users", "slug": "email-users", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8a1127c-308d-4347-bd42-2071b906e247?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8a27ec5-019b-4aa5-8317-1c832af3b7ca": { "id": "c8a27ec5-019b-4aa5-8317-1c832af3b7ca", "title": "Hot Random Image <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hot Random Image", "slug": "hot-random-image", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8a27ec5-019b-4aa5-8317-1c832af3b7ca?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8a49064-ad48-410e-9b32-f94109830ccf": { "id": "c8a49064-ad48-410e-9b32-f94109830ccf", "title": "Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8a49064-ad48-410e-9b32-f94109830ccf?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8a4e9b8-9794-48b7-8c53-cfad37ed530c": { "id": "c8a4e9b8-9794-48b7-8c53-cfad37ed530c", "title": "ConvertBox Auto Embed WordPress plugin <= 1.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "ConvertBox Auto Embed WordPress plugin", "slug": "convertbox-auto-embed", "affected_versions": { "* - 1.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8a4e9b8-9794-48b7-8c53-cfad37ed530c?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8a8be59-d4c1-4cce-b474-8d885b4d89c6": { "id": "c8a8be59-d4c1-4cce-b474-8d885b4d89c6", "title": "CommentLuv < 2.92.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CommentLuv", "slug": "commentluv", "affected_versions": { "[*, 2.92.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.92.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.92.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8a8be59-d4c1-4cce-b474-8d885b4d89c6?source=api-scan" ], "published": "2013-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8a93aab-4845-46ed-8adc-d06b2ee8ee9e": { "id": "c8a93aab-4845-46ed-8adc-d06b2ee8ee9e", "title": "Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode", "software": [ { "type": "plugin", "name": "Login Logout Register Menu", "slug": "login-logout-register-menu", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8a93aab-4845-46ed-8adc-d06b2ee8ee9e?source=api-scan" ], "published": "2024-05-29 14:17:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8ae0a47-cba5-468e-8d25-7b7176373b9c": { "id": "c8ae0a47-cba5-468e-8d25-7b7176373b9c", "title": "ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets", "software": [ { "type": "plugin", "name": "ElementsKit Pro", "slug": "elementskit", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8ae0a47-cba5-468e-8d25-7b7176373b9c?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8b1015f-6825-4813-b5db-71f1c1e88310": { "id": "c8b1015f-6825-4813-b5db-71f1c1e88310", "title": "Drag and Drop Multiple File Upload \u2013 Contact Form 7 <= 1.3.6.5 - Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete", "software": [ { "type": "plugin", "name": "Drag and Drop Multiple File Upload \u2013 Contact Form 7", "slug": "drag-and-drop-multiple-file-upload-contact-form-7", "affected_versions": { "* - 1.3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8b1015f-6825-4813-b5db-71f1c1e88310?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8bc1653-8fee-468a-bb6d-f24959846ee5": { "id": "c8bc1653-8fee-468a-bb6d-f24959846ee5", "title": "Ultimate Member <= 2.8.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8bc1653-8fee-468a-bb6d-f24959846ee5?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8bd5021-4895-4b0e-b517-186959f76095": { "id": "c8bd5021-4895-4b0e-b517-186959f76095", "title": "WP Easy Gallery \u2013 WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "* - 4.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8bd5021-4895-4b0e-b517-186959f76095?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8bd778b-1d56-4544-b2c3-a77a7ec05aa4": { "id": "c8bd778b-1d56-4544-b2c3-a77a7ec05aa4", "title": "Product Sort and Display for WooCommerce <= 2.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Sort and Display for WooCommerce", "slug": "woocommerce-product-sort-and-display", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8bd778b-1d56-4544-b2c3-a77a7ec05aa4?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8c530e2-ce42-40f3-82ab-1df9089a5407": { "id": "c8c530e2-ce42-40f3-82ab-1df9089a5407", "title": "Ecwid Shopping Cart <= 6.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ecwid by Lightspeed Ecommerce Shopping Cart", "slug": "ecwid-shopping-cart", "affected_versions": { "* - 6.11.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.11.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.11.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8c530e2-ce42-40f3-82ab-1df9089a5407?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8c69fc2-e1bf-43e7-a80e-931dbb70d8da": { "id": "c8c69fc2-e1bf-43e7-a80e-931dbb70d8da", "title": "Login No Captcha reCAPTCHA <= 1.6.11 - CAPTCHA Bypass via Whitelisted IP Address Spoofing", "software": [ { "type": "plugin", "name": "Login No Captcha reCAPTCHA", "slug": "login-recaptcha", "affected_versions": { "* - 1.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8c69fc2-e1bf-43e7-a80e-931dbb70d8da?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8c89eea-f6b0-4771-ab7d-05e266324d58": { "id": "c8c89eea-f6b0-4771-ab7d-05e266324d58", "title": "SULly <= 4.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SULly", "slug": "sully", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8c89eea-f6b0-4771-ab7d-05e266324d58?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8cef103-8b8d-4e9b-9cd2-6e998dcb68dd": { "id": "c8cef103-8b8d-4e9b-9cd2-6e998dcb68dd", "title": "Page Link Manager <= 1.0b - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Page Link Manager", "slug": "page-link-manager", "affected_versions": { "* - 1.0b": { "from_version": "*", "from_inclusive": true, "to_version": "1.0b", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8cef103-8b8d-4e9b-9cd2-6e998dcb68dd?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8d06b5d-43b8-4dae-abe9-abe07a63528e": { "id": "c8d06b5d-43b8-4dae-abe9-abe07a63528e", "title": "Shortcode for Font Awesome <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Shortcode for Font Awesome", "slug": "shortcode-for-font-awesome", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8d06b5d-43b8-4dae-abe9-abe07a63528e?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8d7448a-b8a6-4b0b-92df-a15272fc56bf": { "id": "c8d7448a-b8a6-4b0b-92df-a15272fc56bf", "title": "Elementor Website Builder \u2013 More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.20.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.20.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8d7448a-b8a6-4b0b-92df-a15272fc56bf?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8d9d19e-a080-40e9-8a71-01888393f618": { "id": "c8d9d19e-a080-40e9-8a71-01888393f618", "title": "GoDaddy Email Marketing <= 1.4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "GoDaddy Email Marketing", "slug": "godaddy-email-marketing-sign-up-forms", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8d9d19e-a080-40e9-8a71-01888393f618?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8db0c54-0a68-41bc-832f-1e0e1a92d167": { "id": "c8db0c54-0a68-41bc-832f-1e0e1a92d167", "title": "Embed Peertube Playlist <= 1.07 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Embed Peertube Playlist", "slug": "embed-peertube-playlist", "affected_versions": { "* - 1.07": { "from_version": "*", "from_inclusive": true, "to_version": "1.07", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8db0c54-0a68-41bc-832f-1e0e1a92d167?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8db80ef-5863-41dd-b33f-850984a72ee6": { "id": "c8db80ef-5863-41dd-b33f-850984a72ee6", "title": "Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.21": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8db80ef-5863-41dd-b33f-850984a72ee6?source=api-scan" ], "published": "2024-05-29 18:31:01", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8dc9fd0-929e-447f-be05-085be98e4d0f": { "id": "c8dc9fd0-929e-447f-be05-085be98e4d0f", "title": "BuddyPress Activity Plus <= 1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "BuddyPress Activity Plus", "slug": "buddypress-activity-plus", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8dc9fd0-929e-447f-be05-085be98e4d0f?source=api-scan" ], "published": "2015-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8dfc1de-e17d-45c0-aab7-351150c07545": { "id": "c8dfc1de-e17d-45c0-aab7-351150c07545", "title": "LWS Affiliation <= 2.3.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "LWS Affiliation", "slug": "lws-affiliation", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8dfc1de-e17d-45c0-aab7-351150c07545?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8e768a4-09ac-4772-9e5d-b9f63bac208c": { "id": "c8e768a4-09ac-4772-9e5d-b9f63bac208c", "title": "GD Rating System <= 2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8e768a4-09ac-4772-9e5d-b9f63bac208c?source=api-scan" ], "published": "2018-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8e90994-3b5c-4ae6-a27f-890a9101b440": { "id": "c8e90994-3b5c-4ae6-a27f-890a9101b440", "title": "WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback'", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8e90994-3b5c-4ae6-a27f-890a9101b440?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8e9a333-a6b7-4b5e-93c1-b95566e5d6fb": { "id": "c8e9a333-a6b7-4b5e-93c1-b95566e5d6fb", "title": "EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Cross-Site Request Forgery via evo_eventpost_update_meta", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8e9a333-a6b7-4b5e-93c1-b95566e5d6fb?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8eebc67-e590-4d7f-8925-e5e5090cedf0": { "id": "c8eebc67-e590-4d7f-8925-e5e5090cedf0", "title": "OSM \u2013 OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "OSM \u2013 OpenStreetMap", "slug": "osm", "affected_versions": { "* - 6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8eebc67-e590-4d7f-8925-e5e5090cedf0?source=api-scan" ], "published": "2024-07-08 20:10:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8effa36-de47-4a24-af76-fb10e9f6da0b": { "id": "c8effa36-de47-4a24-af76-fb10e9f6da0b", "title": "Quick Chat < 4.00 - SQL Injection", "software": [ { "type": "plugin", "name": "Quick Chat", "slug": "quick-chat", "affected_versions": { "[*, 4.00)": { "from_version": "*", "from_inclusive": true, "to_version": "4.00", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.00" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8effa36-de47-4a24-af76-fb10e9f6da0b?source=api-scan" ], "published": "2012-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8f008c6-42c6-40c3-9058-d8812ec40bef": { "id": "c8f008c6-42c6-40c3-9058-d8812ec40bef", "title": "Quick Event Manager <= 9.7.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Event Manager", "slug": "quick-event-manager", "affected_versions": { "[*, 9.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8f008c6-42c6-40c3-9058-d8812ec40bef?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8faa8bb-0ebe-4671-87cf-98edbebe913e": { "id": "c8faa8bb-0ebe-4671-87cf-98edbebe913e", "title": "TypoFR <= 0.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "typofr", "slug": "typofr", "affected_versions": { "* - 0.11": { "from_version": "*", "from_inclusive": true, "to_version": "0.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8faa8bb-0ebe-4671-87cf-98edbebe913e?source=api-scan" ], "published": "2021-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c8fe569a-62dd-4be5-915d-de589663658f": { "id": "c8fe569a-62dd-4be5-915d-de589663658f", "title": "Craw Data <= 1.0.0 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Craw Data", "slug": "craw-data", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c8fe569a-62dd-4be5-915d-de589663658f?source=api-scan" ], "published": "2022-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c901f85d-fcdb-43e5-8626-f2410e4e328f": { "id": "c901f85d-fcdb-43e5-8626-f2410e4e328f", "title": "WP ALL Export Pro <= 1.7.8 - Authenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "WP All Export Pro", "slug": "wp-all-export-pro", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c901f85d-fcdb-43e5-8626-f2410e4e328f?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c904391e-efa1-4fba-b6a5-b9b38822e194": { "id": "c904391e-efa1-4fba-b6a5-b9b38822e194", "title": "Flaming Forms <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flaming Forms", "slug": "flaming-forms", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c904391e-efa1-4fba-b6a5-b9b38822e194?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c906a988-ad45-49cc-9d77-6b501445ddc5": { "id": "c906a988-ad45-49cc-9d77-6b501445ddc5", "title": "Gallery for Social Photo <= 1.0.0.25 - Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "Gallery for Social Photo", "slug": "feed-instagram-lite", "affected_versions": { "* - 1.0.0.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c906a988-ad45-49cc-9d77-6b501445ddc5?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c90844e1-0502-4d08-888f-4835f63f8dd0": { "id": "c90844e1-0502-4d08-888f-4835f63f8dd0", "title": "WordPress Core < 5.9.1 - jQuery Prototype Pollution", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.37": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.37", "to_inclusive": true }, "3.8 - 3.8.37": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.37", "to_inclusive": true }, "3.9 - 3.9.35": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.35", "to_inclusive": true }, "4.0 - 4.0.34": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.34", "to_inclusive": true }, "4.1 - 4.1.34": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.34", "to_inclusive": true }, "4.2 - 4.2.31": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.31", "to_inclusive": true }, "4.3 - 4.3.27": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.27", "to_inclusive": true }, "4.4 - 4.4.26": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.26", "to_inclusive": true }, "4.5 - 4.5.25": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.25", "to_inclusive": true }, "4.6 - 4.6.22": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.22", "to_inclusive": true }, "4.7 - 4.7.22": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.22", "to_inclusive": true }, "4.8 - 4.8.18": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.18", "to_inclusive": true }, "4.9 - 4.9.19": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.19", "to_inclusive": true }, "5.0 - 5.0.15": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.15", "to_inclusive": true }, "5.1 - 5.1.12": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.12", "to_inclusive": true }, "5.2 - 5.2.14": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.14", "to_inclusive": true }, "5.3 - 5.3.11": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.11", "to_inclusive": true }, "5.4 - 5.4.9": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.9", "to_inclusive": true }, "5.5 - 5.5.8": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.8", "to_inclusive": true }, "5.6 - 5.6.7": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.7", "to_inclusive": true }, "5.7 - 5.7.5": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": true }, "5.8 - 5.8.3": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.3", "to_inclusive": true }, "5.9 - 5.9.1": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.38", "3.8.38", "3.9.36", "4.0.35", "4.1.35", "4.2.32", "4.3.28", "4.4.27", "4.5.26", "4.6.23", "4.7.23", "4.8.19", "4.9.20", "5.0.16", "5.1.13", "5.2.15", "5.3.12", "5.4.10", "5.5.9", "5.6.8", "5.7.6", "5.8.4", "5.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c90844e1-0502-4d08-888f-4835f63f8dd0?source=api-scan" ], "published": "2022-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9141ad3-86cf-47ae-be99-d78f0337f2ca": { "id": "c9141ad3-86cf-47ae-be99-d78f0337f2ca", "title": "WP SMS <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP SMS \u2013 Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More", "slug": "wp-sms", "affected_versions": { "* - 6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9141ad3-86cf-47ae-be99-d78f0337f2ca?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9176a81-fe51-48dd-a151-4596443b430f": { "id": "c9176a81-fe51-48dd-a151-4596443b430f", "title": "WP Ultimate CSV Importer <= 6.5.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 6.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9176a81-fe51-48dd-a151-4596443b430f?source=api-scan" ], "published": "2022-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9291a17-7add-4cc2-ab44-9b640940c6b7": { "id": "c9291a17-7add-4cc2-ab44-9b640940c6b7", "title": "verwei.se \u2013 WordPress \u2013 Twitter <= 1.0 2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "verwei.se \u2013 WordPress \u2013 Twitter", "slug": "verweise-wordpress-twitter", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9291a17-7add-4cc2-ab44-9b640940c6b7?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9295b82-27c1-4f35-b40c-1ac40ebe5d5e": { "id": "c9295b82-27c1-4f35-b40c-1ac40ebe5d5e", "title": "Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Interactive World Maps", "slug": "interactive-world-maps", "affected_versions": { "* - 2.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9295b82-27c1-4f35-b40c-1ac40ebe5d5e?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c929a742-6481-40a0-94b5-76ddb8494896": { "id": "c929a742-6481-40a0-94b5-76ddb8494896", "title": "Clerk <= 3.8.2 - Authorization Bypass via Insufficient Validation", "software": [ { "type": "plugin", "name": "Clerk", "slug": "clerkio", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c929a742-6481-40a0-94b5-76ddb8494896?source=api-scan" ], "published": "2022-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c92e166d-2ede-4280-a875-d30c0cf6f467": { "id": "c92e166d-2ede-4280-a875-d30c0cf6f467", "title": "Video Grid <= 1.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Grid", "slug": "video-grid", "affected_versions": { "* - 1.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c92e166d-2ede-4280-a875-d30c0cf6f467?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9381244-5ab9-4927-8e18-d6030a399d7c": { "id": "c9381244-5ab9-4927-8e18-d6030a399d7c", "title": "Easy Social Feed <= 6.5.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box", "slug": "easy-facebook-likebox", "affected_versions": { "* - 6.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9381244-5ab9-4927-8e18-d6030a399d7c?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c942fd74-7a2d-43ec-9806-cdfe21a83149": { "id": "c942fd74-7a2d-43ec-9806-cdfe21a83149", "title": "Quotes and Tips by BestWebSoft < 1.20 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quotes and Tips by BestWebSoft", "slug": "quotes-and-tips", "affected_versions": { "[*, 1.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c942fd74-7a2d-43ec-9806-cdfe21a83149?source=api-scan" ], "published": "2015-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c943cf0b-0e99-4d47-808d-2b803369d53a": { "id": "c943cf0b-0e99-4d47-808d-2b803369d53a", "title": "Popup with fancybox <= 3.5 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Popup with fancybox", "slug": "popup-with-fancybox", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c943cf0b-0e99-4d47-808d-2b803369d53a?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9466e5f-d8eb-4de4-a1d2-e5ef15bf1e4e": { "id": "c9466e5f-d8eb-4de4-a1d2-e5ef15bf1e4e", "title": "Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.263": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.263", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.270" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9466e5f-d8eb-4de4-a1d2-e5ef15bf1e4e?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c950ac0a-80fb-4f95-ba20-afb8ba6b137f": { "id": "c950ac0a-80fb-4f95-ba20-afb8ba6b137f", "title": "Mantenimiento web <= 0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mantenimiento web", "slug": "mantenimiento-web", "affected_versions": { "* - 0.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c950ac0a-80fb-4f95-ba20-afb8ba6b137f?source=api-scan" ], "published": "2022-10-31 15:54:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c95210ba-65f6-4bf8-8986-f537f1854d02": { "id": "c95210ba-65f6-4bf8-8986-f537f1854d02", "title": "Autoptimize <= 2.7.7 - Unsafe File Upload to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "[*, 2.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c95210ba-65f6-4bf8-8986-f537f1854d02?source=api-scan" ], "published": "2020-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c95505e3-6851-476e-af40-bb841eb01be7": { "id": "c95505e3-6851-476e-af40-bb841eb01be7", "title": "WordPress Core < 5.2.4 - Server Side Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.30": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.30", "to_inclusive": true }, "3.8 - 3.8.30": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.30", "to_inclusive": true }, "3.9 - 3.9.28": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.28", "to_inclusive": true }, "4.0 - 4.0.27": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true }, "4.1 - 4.1.27": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.27", "to_inclusive": true }, "4.2 - 4.2.24": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.24", "to_inclusive": true }, "4.3 - 4.3.20": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true }, "4.4 - 4.4.19": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.19", "to_inclusive": true }, "4.5 - 4.5.18": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.18", "to_inclusive": true }, "4.6 - 4.6.15": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.8 - 4.8.10": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.10", "to_inclusive": true }, "4.9 - 4.9.11": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.11", "to_inclusive": true }, "5.0 - 5.0.6": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true }, "5.1 - 5.1.2": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true }, "5.2 - 5.2.3": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.31", "3.8.31", "3.9.29", "4.0.28", "4.1.28", "4.2.25", "4.3.21", "4.4.20", "4.5.19", "4.6.16", "4.7.14", "4.8.11", "4.9.12", "5.0.7", "5.1.3", "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c95505e3-6851-476e-af40-bb841eb01be7?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c959d881-b00d-465c-bafa-988ffcf86995": { "id": "c959d881-b00d-465c-bafa-988ffcf86995", "title": "The Plus Addons for Elementor Page Builder <= 4.1.10 - Open Redirect", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "[*, 4.1.11)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c959d881-b00d-465c-bafa-988ffcf86995?source=api-scan" ], "published": "2021-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c96507cf-3c2d-4516-92f5-d08384aa6b1a": { "id": "c96507cf-3c2d-4516-92f5-d08384aa6b1a", "title": "WORDPRESS VIDEO GALLERY <= 2.8 - SQL Injection", "software": [ { "type": "plugin", "name": "WORDPRESS VIDEO GALLERY", "slug": "contus-video-gallery", "affected_versions": { "* - 2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c96507cf-3c2d-4516-92f5-d08384aa6b1a?source=api-scan" ], "published": "2015-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c96b3d65-431b-447a-8dc5-8865d83a92b9": { "id": "c96b3d65-431b-447a-8dc5-8865d83a92b9", "title": "Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Printful Integration for WooCommerce", "slug": "printful-shipping-for-woocommerce", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c96b3d65-431b-447a-8dc5-8865d83a92b9?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c978a252-1f77-4c8d-b51a-04ed3493ee34": { "id": "c978a252-1f77-4c8d-b51a-04ed3493ee34", "title": "Dynamic Font Replacement DFR4WP EN <= 1.3 EN - SQL Injection", "software": [ { "type": "plugin", "name": "Dynamic Font Replacement DFR4WP EN", "slug": "dynamic-font-replacement-4wp", "affected_versions": { "* - 1.3 EN": { "from_version": "*", "from_inclusive": true, "to_version": "1.3 EN", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c978a252-1f77-4c8d-b51a-04ed3493ee34?source=api-scan" ], "published": "2013-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9799ebf-1810-4c34-8262-2559de61c1c8": { "id": "c9799ebf-1810-4c34-8262-2559de61c1c8", "title": "Vanguard - Marketplace Digital Products PHP7 <= 2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Vanguard - Marketplace Digital Products PHP7", "slug": "vanguard", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9799ebf-1810-4c34-8262-2559de61c1c8?source=api-scan" ], "published": "2020-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c97b31bc-75d6-40af-bf4a-714ea69d2c28": { "id": "c97b31bc-75d6-40af-bf4a-714ea69d2c28", "title": "Easy Career Openings <= 0.4 - SQL Injection", "software": [ { "type": "plugin", "name": "Easy Career Openings", "slug": "easy-career-openings", "affected_versions": { "* - 0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c97b31bc-75d6-40af-bf4a-714ea69d2c28?source=api-scan" ], "published": "2013-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c97f7513-188b-434c-8cb1-883bed016848": { "id": "c97f7513-188b-434c-8cb1-883bed016848", "title": "LWS Optimize <= 1.9.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LWS Optimize", "slug": "lws-optimize", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c97f7513-188b-434c-8cb1-883bed016848?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c97fc289-1ee3-4401-a57e-b4c8d998259e": { "id": "c97fc289-1ee3-4401-a57e-b4c8d998259e", "title": "Ultimate Carousel For WPBakery Page Builder <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ultimate Carousel For WPBakery Page Builder", "slug": "ultimate-carousel-for-visual-composer", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c97fc289-1ee3-4401-a57e-b4c8d998259e?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9842bb5-0a71-40a9-83bc-f1841b660693": { "id": "c9842bb5-0a71-40a9-83bc-f1841b660693", "title": "WP Crowdfunding <= 2.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Crowdfunding", "slug": "wp-crowdfunding", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9842bb5-0a71-40a9-83bc-f1841b660693?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c988b505-d42a-4d23-a641-f2fc8ab9c988": { "id": "c988b505-d42a-4d23-a641-f2fc8ab9c988", "title": "Before And After <= 3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Before And After: Lead Capture Forms For WordPress", "slug": "before-and-after", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c988b505-d42a-4d23-a641-f2fc8ab9c988?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c98c1ce9-8213-47cb-b928-3641f821a806": { "id": "c98c1ce9-8213-47cb-b928-3641f821a806", "title": "InPost Gallery <= 2.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "InPost Gallery", "slug": "inpost-gallery", "affected_versions": { "[*, 2.1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c98c1ce9-8213-47cb-b928-3641f821a806?source=api-scan" ], "published": "2016-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9955d65-afb3-4d28-abd2-9f2fec92d013": { "id": "c9955d65-afb3-4d28-abd2-9f2fec92d013", "title": "Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9955d65-afb3-4d28-abd2-9f2fec92d013?source=api-scan" ], "published": "2022-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9983364-9b52-4acc-91d4-b352c6d24d52": { "id": "c9983364-9b52-4acc-91d4-b352c6d24d52", "title": "wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wordpress vertical image slider plugin", "slug": "wp-vertical-image-slider", "affected_versions": { "* - 1.2.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9983364-9b52-4acc-91d4-b352c6d24d52?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c99e7f4c-ba91-4d64-b8d4-23940381e79a": { "id": "c99e7f4c-ba91-4d64-b8d4-23940381e79a", "title": "Simple Personal Message < 2.0.0 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Simple Personal Message", "slug": "simple-personal-message", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c99e7f4c-ba91-4d64-b8d4-23940381e79a?source=api-scan" ], "published": "2016-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9a1f1a1-4f0a-48b5-80c8-525b69006863": { "id": "c9a1f1a1-4f0a-48b5-80c8-525b69006863", "title": "Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Advanced Contact form 7 DB", "slug": "advanced-cf7-db", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9a1f1a1-4f0a-48b5-80c8-525b69006863?source=api-scan" ], "published": "2024-06-10 17:31:33", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9a3d3c3-278b-46c7-87d0-53528d616951": { "id": "c9a3d3c3-278b-46c7-87d0-53528d616951", "title": "Replyable \u2013 Subscribe to Comments and Reply by Email < 1.4.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Replyable \u2013 Subscribe to Comments and Reply by Email", "slug": "postmatic", "affected_versions": { "[*, 1.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9a3d3c3-278b-46c7-87d0-53528d616951?source=api-scan" ], "published": "2015-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9a989db-683c-492c-8c26-abef0fecf00e": { "id": "c9a989db-683c-492c-8c26-abef0fecf00e", "title": "WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "[*, 9.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9a989db-683c-492c-8c26-abef0fecf00e?source=api-scan" ], "published": "2019-02-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9aa2a44-5a71-4a10-9876-3d54b8d268c5": { "id": "c9aa2a44-5a71-4a10-9876-3d54b8d268c5", "title": "Booking for Appointments and Events Calendar \u2013 Amelia <= 1.2 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9aa2a44-5a71-4a10-9876-3d54b8d268c5?source=api-scan" ], "published": "2024-08-07 14:41:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9ab868b-51ab-4dad-b662-8302cda9c0e7": { "id": "c9ab868b-51ab-4dad-b662-8302cda9c0e7", "title": "WWM Social Share On Image Hover <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WWM Social Share On Image Hover", "slug": "wwm-social-share-on-image-hover", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9ab868b-51ab-4dad-b662-8302cda9c0e7?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9bd3620-60a2-4741-b623-5147b6997575": { "id": "c9bd3620-60a2-4741-b623-5147b6997575", "title": "Page Builder: Pagelayer <= 1.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via Header\/Footer", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9bd3620-60a2-4741-b623-5147b6997575?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9c1ddaf-4bf2-4937-b7bf-a09162db043e": { "id": "c9c1ddaf-4bf2-4937-b7bf-a09162db043e", "title": "WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby'", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9c1ddaf-4bf2-4937-b7bf-a09162db043e?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9c29130-1b42-4edd-ad62-6f635e03ae31": { "id": "c9c29130-1b42-4edd-ad62-6f635e03ae31", "title": "Cyr to Lat <= 3.5 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Cyr to Lat enhanced", "slug": "cyr3lat", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9c29130-1b42-4edd-ad62-6f635e03ae31?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9c2fb7f-a05b-4852-97eb-7befe880d703": { "id": "c9c2fb7f-a05b-4852-97eb-7befe880d703", "title": "Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Booster Elite for WooCommerce", "slug": "booster-elite-for-woocommerce", "affected_versions": { "* - 7.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9c2fb7f-a05b-4852-97eb-7befe880d703?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9c907ea-3ab4-4674-8945-ade4f6ff2679": { "id": "c9c907ea-3ab4-4674-8945-ade4f6ff2679", "title": "Depicter Slider \u2013 Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 - Cross-Site Request Forgery via save", "software": [ { "type": "plugin", "name": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", "slug": "depicter", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9c907ea-3ab4-4674-8945-ade4f6ff2679?source=api-scan" ], "published": "2024-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9ce2107-18bd-4331-bd8e-578f56fdebf7": { "id": "c9ce2107-18bd-4331-bd8e-578f56fdebf7", "title": "Event Tickets <= 5.2.1 - Open Redirect", "software": [ { "type": "plugin", "name": "Event Tickets and Registration", "slug": "event-tickets", "affected_versions": { "* - 5.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9ce2107-18bd-4331-bd8e-578f56fdebf7?source=api-scan" ], "published": "2021-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9cf97a6-38bb-4499-98f0-ca2b7111f654": { "id": "c9cf97a6-38bb-4499-98f0-ca2b7111f654", "title": "UltraPress <= 1.2.1 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "theme", "name": "UltraPress", "slug": "ultrapress", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9cf97a6-38bb-4499-98f0-ca2b7111f654?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9d07faf-cc88-4233-a552-55e3376a2fc4": { "id": "c9d07faf-cc88-4233-a552-55e3376a2fc4", "title": "FunnelKit Checkout <= 3.10.3 - Unauthenticated Arbitrary Content Deletion", "software": [ { "type": "plugin", "name": "FunnelKit Checkout", "slug": "woofunnels-aero-checkout", "affected_versions": { "* - 3.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9d07faf-cc88-4233-a552-55e3376a2fc4?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9d58fde-54f6-4892-b5ed-2029593c3fa4": { "id": "c9d58fde-54f6-4892-b5ed-2029593c3fa4", "title": "Fluid Responsive Slideshow < 2.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fluid Responsive Slideshow", "slug": "fluid-responsive-slideshow", "affected_versions": { "[*, 2.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9d58fde-54f6-4892-b5ed-2029593c3fa4?source=api-scan" ], "published": "2016-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9d5c661-bc81-4706-b930-6e3309f3d705": { "id": "c9d5c661-bc81-4706-b930-6e3309f3d705", "title": "Affiliates Manager <= 2.9.13 - CSV Injection", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9d5c661-bc81-4706-b930-6e3309f3d705?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9de2fe9-c1d7-4898-806d-68628061a98d": { "id": "c9de2fe9-c1d7-4898-806d-68628061a98d", "title": "Convert Post Types <= 1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Convert Post Types", "slug": "convert-post-types", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9de2fe9-c1d7-4898-806d-68628061a98d?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9de6f14-67e4-40c2-8efb-7e9cad659d37": { "id": "c9de6f14-67e4-40c2-8efb-7e9cad659d37", "title": "Floating Contact Button <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Contact Button", "slug": "floating-contact", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9de6f14-67e4-40c2-8efb-7e9cad659d37?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9df788e-a92e-4519-9e23-8aed08479b68": { "id": "c9df788e-a92e-4519-9e23-8aed08479b68", "title": "User Activity Log <= 1.9 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "User Activity Log", "slug": "user-activity-log", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9df788e-a92e-4519-9e23-8aed08479b68?source=api-scan" ], "published": "2024-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9e1410f-10c9-4654-8b61-cfcdde696da7": { "id": "c9e1410f-10c9-4654-8b61-cfcdde696da7", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9e1410f-10c9-4654-8b61-cfcdde696da7?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9e45ae8-e5b5-460b-80f8-de562ae7c56a": { "id": "c9e45ae8-e5b5-460b-80f8-de562ae7c56a", "title": "SALERT <= 1.2.1 - Missing Authorization via salert_save_settings_with_ajax()", "software": [ { "type": "plugin", "name": "SALERT \u2013 Fake Sales Notification WooCommerce", "slug": "salert", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9e45ae8-e5b5-460b-80f8-de562ae7c56a?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9f4760c-a794-43e0-80a3-88b3f41810f5": { "id": "c9f4760c-a794-43e0-80a3-88b3f41810f5", "title": "WOOF - Products Filter for WooCommerce <= 1.1.9 - Remote Code Execution", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9f4760c-a794-43e0-80a3-88b3f41810f5?source=api-scan" ], "published": "2018-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9f71433-7b86-46c7-b91e-bc59679f0351": { "id": "c9f71433-7b86-46c7-b91e-bc59679f0351", "title": "Counter Box \u2013 WordPress plugin for countdown, timer, counter <= 1.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site", "slug": "counter-box", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9f71433-7b86-46c7-b91e-bc59679f0351?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9f8e9b5-f4bf-48e3-b315-1b9b24be6e93": { "id": "c9f8e9b5-f4bf-48e3-b315-1b9b24be6e93", "title": "Journey Analytics <= 1.0.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Journey Analytics", "slug": "journey-analytics", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9f8e9b5-f4bf-48e3-b315-1b9b24be6e93?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "c9fc747c-3b13-4a49-a181-fe6a952a4ce3": { "id": "c9fc747c-3b13-4a49-a181-fe6a952a4ce3", "title": "Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Error Log Viewer by BestWebSoft", "slug": "error-log-viewer", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/c9fc747c-3b13-4a49-a181-fe6a952a4ce3?source=api-scan" ], "published": "2021-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca036121-072c-4944-84e9-3b8b69f3e17c": { "id": "ca036121-072c-4944-84e9-3b8b69f3e17c", "title": "2Checkout Add-on for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "2Checkout Add-on for iThemes Exchange", "slug": "exchange-addon-2checkout", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca036121-072c-4944-84e9-3b8b69f3e17c?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca05783d-7516-469e-b8a0-c23035db43b7": { "id": "ca05783d-7516-469e-b8a0-c23035db43b7", "title": "PixTypes <= 1.4.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PixTypes", "slug": "pixtypes", "affected_versions": { "* - 1.4.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca05783d-7516-469e-b8a0-c23035db43b7?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca058dde-48fd-46f4-b16c-97cdf79578ff": { "id": "ca058dde-48fd-46f4-b16c-97cdf79578ff", "title": "ShiftController Employee Shift Scheduling <= 4.9.23 - Cross-Site Request Forgery via get", "software": [ { "type": "plugin", "name": "ShiftController Employee Shift Scheduling", "slug": "shiftcontroller", "affected_versions": { "* - 4.9.23": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca058dde-48fd-46f4-b16c-97cdf79578ff?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca064db0-2718-4521-9467-335b59208858": { "id": "ca064db0-2718-4521-9467-335b59208858", "title": "JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JVM Gutenberg Rich Text Icons", "slug": "jvm-rich-text-icons", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca064db0-2718-4521-9467-335b59208858?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca09ce0d-3989-420d-9457-f0acd709cc6b": { "id": "ca09ce0d-3989-420d-9457-f0acd709cc6b", "title": "Stagtools <= 2.3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StagTools", "slug": "stagtools", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca09ce0d-3989-420d-9457-f0acd709cc6b?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca0bc327-1a64-493b-8813-8bb7b71635f0": { "id": "ca0bc327-1a64-493b-8813-8bb7b71635f0", "title": "Easy Digital Downloads <= 3.2.11 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca0bc327-1a64-493b-8813-8bb7b71635f0?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca0e51b2-640a-4bd1-b667-74107b7dcc6f": { "id": "ca0e51b2-640a-4bd1-b667-74107b7dcc6f", "title": "WebinarPress <= 1.33.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Webinar Plugin \u2013 WebinarPress", "slug": "wp-webinarsystem", "affected_versions": { "* - 1.33.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.33.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.33.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca0e51b2-640a-4bd1-b667-74107b7dcc6f?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca12f906-d896-428a-a144-a1afe045197b": { "id": "ca12f906-d896-428a-a144-a1afe045197b", "title": "AnyComment <= 0.2.17 - Race Condition", "software": [ { "type": "plugin", "name": "AnyComment", "slug": "anycomment", "affected_versions": { "[*, 0.2.18)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca12f906-d896-428a-a144-a1afe045197b?source=api-scan" ], "published": "2022-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca132d26-e927-41f1-be57-0c3bdeace2e6": { "id": "ca132d26-e927-41f1-be57-0c3bdeace2e6", "title": "Fontsampler <= 0.4.12 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fontsampler", "slug": "fontsampler", "affected_versions": { "* - 0.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca132d26-e927-41f1-be57-0c3bdeace2e6?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca13db03-74ee-4fdf-96ea-28219f9324e5": { "id": "ca13db03-74ee-4fdf-96ea-28219f9324e5", "title": "ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ELEX WooCommerce Dynamic Pricing and Discounts", "slug": "elex-woocommerce-dynamic-pricing-and-discounts", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca13db03-74ee-4fdf-96ea-28219f9324e5?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca17fd4a-fd14-46e6-9348-19b74fec5df8": { "id": "ca17fd4a-fd14-46e6-9348-19b74fec5df8", "title": "Display Post Metadata <= 1.4.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Display Post Metadata", "slug": "display-post-metadata", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca17fd4a-fd14-46e6-9348-19b74fec5df8?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca1c1b43-def2-4f9f-b5c7-075ca188f6e7": { "id": "ca1c1b43-def2-4f9f-b5c7-075ca188f6e7", "title": "Live Sales Notification for Woocommerce \u2013 Woomotiv <= 3.4.3 - Cross-Site Request Forgery via ajax_cancel_review", "software": [ { "type": "plugin", "name": "Live Sales Notification for Woocommerce \u2013 Woomotiv", "slug": "woomotiv", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca1c1b43-def2-4f9f-b5c7-075ca188f6e7?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca1d5275-3398-47a7-889b-4050ebe635ee": { "id": "ca1d5275-3398-47a7-889b-4050ebe635ee", "title": "WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca1d5275-3398-47a7-889b-4050ebe635ee?source=api-scan" ], "published": "2024-09-03 14:04:34", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db": { "id": "ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db", "title": "YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update", "software": [ { "type": "plugin", "name": "YITH WooCommerce Gift Cards", "slug": "yith-woocommerce-gift-cards", "affected_versions": { "* - 4.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca1fd2f3-7f3a-4227-b013-95e4ec59fce4": { "id": "ca1fd2f3-7f3a-4227-b013-95e4ec59fce4", "title": "PostmagThemes Demo Import <= 1.0.7 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "PostmagThemes Demo Import", "slug": "postmagthemes-demo-import", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca1fd2f3-7f3a-4227-b013-95e4ec59fce4?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca203777-84ea-47ab-bafc-f2cc8f778fcd": { "id": "ca203777-84ea-47ab-bafc-f2cc8f778fcd", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca203777-84ea-47ab-bafc-f2cc8f778fcd?source=api-scan" ], "published": "2022-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca21320a-ee26-47e9-bbf8-cfbb45d7a882": { "id": "ca21320a-ee26-47e9-bbf8-cfbb45d7a882", "title": "About Me <= 1.0.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "About Me", "slug": "about-me", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca21320a-ee26-47e9-bbf8-cfbb45d7a882?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca24aa2f-5d31-4128-af75-68bd24637ee7": { "id": "ca24aa2f-5d31-4128-af75-68bd24637ee7", "title": "CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval", "software": [ { "type": "plugin", "name": "CURCY \u2013 Multi Currency for WooCommerce \u2013 The best free currency exchange plugin \u2013 Run smoothly on WooCommerce 8.x", "slug": "woo-multi-currency", "affected_versions": { "* - 2.1.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca24aa2f-5d31-4128-af75-68bd24637ee7?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca263c58-addd-4cd6-b55b-82b7023849e1": { "id": "ca263c58-addd-4cd6-b55b-82b7023849e1", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.105 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.105": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.105", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.106" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca263c58-addd-4cd6-b55b-82b7023849e1?source=api-scan" ], "published": "2024-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca29158a-ca60-46c7-93a5-bcf76e7666e4": { "id": "ca29158a-ca60-46c7-93a5-bcf76e7666e4", "title": "WordPress Infinite Scroll - Ajax Load More <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via button_label Parameter", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 7.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca29158a-ca60-46c7-93a5-bcf76e7666e4?source=api-scan" ], "published": "2024-10-01 21:01:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca29baf1-7214-4569-9106-6d369e9f4d6f": { "id": "ca29baf1-7214-4569-9106-6d369e9f4d6f", "title": "Simple Job Board <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Job Board", "slug": "simple-job-board", "affected_versions": { "* - 2.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca29baf1-7214-4569-9106-6d369e9f4d6f?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca32fd93-cab3-431b-91c3-9ed244f9d1f1": { "id": "ca32fd93-cab3-431b-91c3-9ed244f9d1f1", "title": "WP Google Map Plugin < 2.3.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 2.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca32fd93-cab3-431b-91c3-9ed244f9d1f1?source=api-scan" ], "published": "2015-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca33e88f-e76d-45ef-a8da-153f02214913": { "id": "ca33e88f-e76d-45ef-a8da-153f02214913", "title": "Admin Dashboard RSS Feed <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Admin Dashboard RSS Feed", "slug": "admin-dashboard-rss-feed", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca33e88f-e76d-45ef-a8da-153f02214913?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca37d453-9f9a-46b2-a17f-65a16e3e2ed1": { "id": "ca37d453-9f9a-46b2-a17f-65a16e3e2ed1", "title": "CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature", "software": [ { "type": "plugin", "name": "CMS Commander \u2013 Manage Multiple Sites", "slug": "cms-commander-client", "affected_versions": { "* - 2.287": { "from_version": "*", "from_inclusive": true, "to_version": "2.287", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.288" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca449d15-b05e-4341-99b0-472a14cab8f4": { "id": "ca449d15-b05e-4341-99b0-472a14cab8f4", "title": "GPS Plotter <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gps Plotter", "slug": "gps-plotter", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca449d15-b05e-4341-99b0-472a14cab8f4?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca46ea28-3115-4db1-8aeb-cbef731b0376": { "id": "ca46ea28-3115-4db1-8aeb-cbef731b0376", "title": "wpForo Forum <= 2.0.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca46ea28-3115-4db1-8aeb-cbef731b0376?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca481a37-8c45-499c-bf68-3af6795af827": { "id": "ca481a37-8c45-499c-bf68-3af6795af827", "title": "Predictive Search <= 1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Predictive Search", "slug": "predictive-search", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca481a37-8c45-499c-bf68-3af6795af827?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca4824fb-192a-499d-bf92-aa59410d8d4a": { "id": "ca4824fb-192a-499d-bf92-aa59410d8d4a", "title": "WordPress Core < 4.8.2 - Cross-Site Scripting via Template Name", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca4824fb-192a-499d-bf92-aa59410d8d4a?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca497ffa-6306-46dc-895f-94f1d5236e28": { "id": "ca497ffa-6306-46dc-895f-94f1d5236e28", "title": "YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation", "software": [ { "type": "plugin", "name": "YITH Essential Kit for WooCommerce #1", "slug": "yith-essential-kit-for-woocommerce-1", "affected_versions": { "* - 2.34.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.34.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.35.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca497ffa-6306-46dc-895f-94f1d5236e28?source=api-scan" ], "published": "2024-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0": { "id": "ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in optimizeAllOn", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca4dead2-c6da-4613-8ce6-13699a7495a1": { "id": "ca4dead2-c6da-4613-8ce6-13699a7495a1", "title": "Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax", "software": [ { "type": "plugin", "name": "Superb Social Media Share Buttons and Follow Buttons for WordPress", "slug": "superb-social-share-and-follow-buttons", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca4dead2-c6da-4613-8ce6-13699a7495a1?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca55a7a0-da31-4d3f-845b-80f89ffbadf5": { "id": "ca55a7a0-da31-4d3f-845b-80f89ffbadf5", "title": "CoSchedule <= 3.3.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CoSchedule", "slug": "coschedule-by-todaymade", "affected_versions": { "* - 3.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca55a7a0-da31-4d3f-845b-80f89ffbadf5?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca564941-4780-4da2-b937-c9bd45966d81": { "id": "ca564941-4780-4da2-b937-c9bd45966d81", "title": "WP Register Profile With Shortcode <= 3.5.9 - Cross-Site Request Forgery to User Password Reset", "software": [ { "type": "plugin", "name": "WP Register Profile With Shortcode", "slug": "wp-register-profile-with-shortcode", "affected_versions": { "* - 3.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca564941-4780-4da2-b937-c9bd45966d81?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca5bc2af-394b-4fc1-b6c3-ed9ff0a5959a": { "id": "ca5bc2af-394b-4fc1-b6c3-ed9ff0a5959a", "title": "Beds24 Online Booking <= 2.0.23 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beds24 Online Booking", "slug": "beds24-online-booking", "affected_versions": { "* - 2.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca5bc2af-394b-4fc1-b6c3-ed9ff0a5959a?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca5befe9-7769-4367-84cf-05aabeced67a": { "id": "ca5befe9-7769-4367-84cf-05aabeced67a", "title": "Clever Addons for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple CAFE Widgets", "software": [ { "type": "plugin", "name": "Clever Addons for Elementor", "slug": "cafe-lite", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca5befe9-7769-4367-84cf-05aabeced67a?source=api-scan" ], "published": "2024-06-05 13:03:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca616ae6-59d3-4037-b538-d371f007a037": { "id": "ca616ae6-59d3-4037-b538-d371f007a037", "title": "Frontend Registration \u2013 Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Frontend Registration \u2013 Contact Form 7", "slug": "frontend-registration-contact-form-7", "affected_versions": { "* - 5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca616ae6-59d3-4037-b538-d371f007a037?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca62b54e-dde6-440f-bed9-db320179269e": { "id": "ca62b54e-dde6-440f-bed9-db320179269e", "title": "Photo Gallery by Ays <= 5.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", "slug": "gallery-photo-gallery", "affected_versions": { "* - 5.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca62b54e-dde6-440f-bed9-db320179269e?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca646202-b9e2-4272-b0e2-d39cd748fb8e": { "id": "ca646202-b9e2-4272-b0e2-d39cd748fb8e", "title": "HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "HTML5 Audio Player- Best WordPress Audio Player Plugin", "slug": "html5-audio-player", "affected_versions": { "* - 2.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca646202-b9e2-4272-b0e2-d39cd748fb8e?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca64692b-b194-4ceb-975e-72e4041252f2": { "id": "ca64692b-b194-4ceb-975e-72e4041252f2", "title": "Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Optimizer Lite", "slug": "link-optimizer-lite", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca64692b-b194-4ceb-975e-72e4041252f2?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca66afc3-a749-4ddc-8e2f-959f65cebd45": { "id": "ca66afc3-a749-4ddc-8e2f-959f65cebd45", "title": "Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca66afc3-a749-4ddc-8e2f-959f65cebd45?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca6756d0-d1d2-41b3-ad62-fc665a281e6b": { "id": "ca6756d0-d1d2-41b3-ad62-fc665a281e6b", "title": "Smarty for WordPress <= 3.1.35 - Cross-Site Request Forgery via displaySmartyManagementPage", "software": [ { "type": "plugin", "name": "Smarty for WordPress", "slug": "smarty-for-wordpress", "affected_versions": { "* - 3.1.35": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.35", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca6756d0-d1d2-41b3-ad62-fc665a281e6b?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca6b7886-790a-4f00-855c-6dc913ea01db": { "id": "ca6b7886-790a-4f00-855c-6dc913ea01db", "title": "Broken Link Checker < 1.10.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "[*, 1.10.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca6b7886-790a-4f00-855c-6dc913ea01db?source=api-scan" ], "published": "2014-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca729178-8df0-437e-82cc-70c4975f7b47": { "id": "ca729178-8df0-437e-82cc-70c4975f7b47", "title": "MailPoet Newsletters <= 2.7.2 - SQL Injection", "software": [ { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca729178-8df0-437e-82cc-70c4975f7b47?source=api-scan" ], "published": "2016-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca72924f-23fc-42ef-9556-8fb9f5e88add": { "id": "ca72924f-23fc-42ef-9556-8fb9f5e88add", "title": "Cross-RSS <= 1.7 - Path Traversal", "software": [ { "type": "plugin", "name": "Cross-RSS", "slug": "cross-rss", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca72924f-23fc-42ef-9556-8fb9f5e88add?source=api-scan" ], "published": "2014-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca73de6d-2d47-4d7c-a917-0f99fed8c27d": { "id": "ca73de6d-2d47-4d7c-a917-0f99fed8c27d", "title": "SVG Sanitizer library <= 0.15.4 - Cross-Site Scripting Bypass", "software": [ { "type": "plugin", "name": "Safe SVG", "slug": "safe-svg", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca73de6d-2d47-4d7c-a917-0f99fed8c27d?source=api-scan" ], "published": "2023-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca7e7419-5e1f-42f3-8dad-78d536b36888": { "id": "ca7e7419-5e1f-42f3-8dad-78d536b36888", "title": "JoomSport <= 5.6.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more", "slug": "joomsport-sports-league-results-management", "affected_versions": { "* - 5.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca7e7419-5e1f-42f3-8dad-78d536b36888?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca7f1b56-a732-40c1-a05e-4ab3e6b05037": { "id": "ca7f1b56-a732-40c1-a05e-4ab3e6b05037", "title": "Page Builder: Pagelayer <= 1.7.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca7f1b56-a732-40c1-a05e-4ab3e6b05037?source=api-scan" ], "published": "2023-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca7f72bf-5271-42a2-99cb-3021f10ea5f3": { "id": "ca7f72bf-5271-42a2-99cb-3021f10ea5f3", "title": "Countdown & Clock <= 2.3.2 - Pro Features Lock Bypass", "software": [ { "type": "plugin", "name": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "slug": "countdown-builder", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca7f72bf-5271-42a2-99cb-3021f10ea5f3?source=api-scan" ], "published": "2022-04-28 12:59:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca88c62d-0f27-40e0-9dd2-21d3d133fda3": { "id": "ca88c62d-0f27-40e0-9dd2-21d3d133fda3", "title": "WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Amazon Affiliates - Wordpress Plugin", "slug": "woozone", "affected_versions": { "* - 14.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "14.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca88c62d-0f27-40e0-9dd2-21d3d133fda3?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca8c676a-144c-4809-b8f6-50cb9e1390b5": { "id": "ca8c676a-144c-4809-b8f6-50cb9e1390b5", "title": "Easy Digital Downloads \u2013 Invoices <= 1.0.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Invoices", "slug": "edd-invoices", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca8c676a-144c-4809-b8f6-50cb9e1390b5?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca8f4f6b-756b-4511-9e48-e41a872a9dad": { "id": "ca8f4f6b-756b-4511-9e48-e41a872a9dad", "title": "Contextual Related Posts <= 3.3.1 - Cross-Site Request Forgery in crpClearCache", "software": [ { "type": "plugin", "name": "Contextual Related Posts", "slug": "contextual-related-posts", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca8f4f6b-756b-4511-9e48-e41a872a9dad?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca8fe2c6-2a7e-4fed-baf0-c8a4979ab966": { "id": "ca8fe2c6-2a7e-4fed-baf0-c8a4979ab966", "title": "WordPress Notification Bar <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Notification Bar", "slug": "wordpress-notification-bar", "affected_versions": { "* - 1.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca8fe2c6-2a7e-4fed-baf0-c8a4979ab966?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca91046d-61c1-4a65-a078-c7dffb27092c": { "id": "ca91046d-61c1-4a65-a078-c7dffb27092c", "title": "WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)", "slug": "miniorange-login-openid", "affected_versions": { "* - 7.5.14": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca91046d-61c1-4a65-a078-c7dffb27092c?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca91e41d-b728-4eb0-86d5-043813d8c2c1": { "id": "ca91e41d-b728-4eb0-86d5-043813d8c2c1", "title": "WP Meta SEO <= 4.5.12 - Unauthenticated Stored Cross-Site Scripting via Referer header", "software": [ { "type": "plugin", "name": "WP Meta SEO", "slug": "wp-meta-seo", "affected_versions": { "* - 4.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca91e41d-b728-4eb0-86d5-043813d8c2c1?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca954d68-18a5-47e2-af56-261c7a55b017": { "id": "ca954d68-18a5-47e2-af56-261c7a55b017", "title": "CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CRM Perks Forms \u2013 WordPress Form Builder", "slug": "crm-perks-forms", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca954d68-18a5-47e2-af56-261c7a55b017?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca98fbc6-8cfa-4997-8a46-344afb75a97e": { "id": "ca98fbc6-8cfa-4997-8a46-344afb75a97e", "title": "File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 7.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca98fbc6-8cfa-4997-8a46-344afb75a97e?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ca9c10b6-6d32-45c9-beb1-7a5c84d0863d": { "id": "ca9c10b6-6d32-45c9-beb1-7a5c84d0863d", "title": "I Recommend This <= 3.7.2 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "I Recommend This", "slug": "i-recommend-this", "affected_versions": { "* - 3.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ca9c10b6-6d32-45c9-beb1-7a5c84d0863d?source=api-scan" ], "published": "2014-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caa09e12-60f9-4ef4-85f7-dadb6833e077": { "id": "caa09e12-60f9-4ef4-85f7-dadb6833e077", "title": "The Plus Addons for Elementor Page Builder <= 4.1.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "[*, 4.1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caa09e12-60f9-4ef4-85f7-dadb6833e077?source=api-scan" ], "published": "2021-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caa0f581-3fe8-4b9f-b69c-ec38ee25d697": { "id": "caa0f581-3fe8-4b9f-b69c-ec38ee25d697", "title": "Coming Soon Page by SeedProd <= 5.1.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode", "slug": "coming-soon", "affected_versions": { "[*, 5.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caa0f581-3fe8-4b9f-b69c-ec38ee25d697?source=api-scan" ], "published": "2020-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caa2bbdf-353e-49a2-b0e5-d9236848a211": { "id": "caa2bbdf-353e-49a2-b0e5-d9236848a211", "title": "Disable User Login <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update", "software": [ { "type": "plugin", "name": "Disable User Login", "slug": "wp-users-disable", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caa2bbdf-353e-49a2-b0e5-d9236848a211?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caa39613-aaf3-4e47-8866-8fda1f7fc15b": { "id": "caa39613-aaf3-4e47-8866-8fda1f7fc15b", "title": "Booking Calendar WpDevArt <= 3.2.11 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "* - 3.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caa39613-aaf3-4e47-8866-8fda1f7fc15b?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caa66246-7ffa-4944-ae3a-9c872300b7d4": { "id": "caa66246-7ffa-4944-ae3a-9c872300b7d4", "title": "WordPress Core < 5.0.1 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caa66246-7ffa-4944-ae3a-9c872300b7d4?source=api-scan" ], "published": "2018-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caa97ae8-40a8-4ca1-820b-83675c053bfc": { "id": "caa97ae8-40a8-4ca1-820b-83675c053bfc", "title": "EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caa97ae8-40a8-4ca1-820b-83675c053bfc?source=api-scan" ], "published": "2024-06-12 20:25:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caae093e-58e8-48b1-8665-2a5f49e98c58": { "id": "caae093e-58e8-48b1-8665-2a5f49e98c58", "title": "TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TheCartPress eCommerce Shopping Cart", "slug": "thecartpress", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caae093e-58e8-48b1-8665-2a5f49e98c58?source=api-scan" ], "published": "2011-12-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cab1d5a0-66e0-4017-8563-f8e582a6f964": { "id": "cab1d5a0-66e0-4017-8563-f8e582a6f964", "title": "Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import", "software": [ { "type": "plugin", "name": "Product Import Export for WooCommerce", "slug": "product-import-export-for-woo", "affected_versions": { "[*, 1.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cab1d5a0-66e0-4017-8563-f8e582a6f964?source=api-scan" ], "published": "2020-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cab2f0d7-f288-4462-b2a7-7a999cd47466": { "id": "cab2f0d7-f288-4462-b2a7-7a999cd47466", "title": "Contact Form Email <= 1.2.65 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.2.65": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cab2f0d7-f288-4462-b2a7-7a999cd47466?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cab56873-f79c-4fd2-8d40-ee4a338cbe8b": { "id": "cab56873-f79c-4fd2-8d40-ee4a338cbe8b", "title": "Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.27": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cab56873-f79c-4fd2-8d40-ee4a338cbe8b?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cabb9be3-581a-48d9-afa2-929921eae52d": { "id": "cabb9be3-581a-48d9-afa2-929921eae52d", "title": "Consulting Elementor Widgets <= 1.3.0 - Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Consulting Elementor Widgets", "slug": "consulting-elementor-widgets", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cabb9be3-581a-48d9-afa2-929921eae52d?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cabdc9db-2d1c-4390-a4b7-65648ef9f16a": { "id": "cabdc9db-2d1c-4390-a4b7-65648ef9f16a", "title": "SIS Handball <= 1.0.45 - Authenticated (Administrator+) SQL Injection via 'orderby'", "software": [ { "type": "plugin", "name": "SIS Handball", "slug": "sis-handball", "affected_versions": { "* - 1.0.45": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.45", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cabdc9db-2d1c-4390-a4b7-65648ef9f16a?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cabe5d20-710c-47d7-a5a3-562287ab5706": { "id": "cabe5d20-710c-47d7-a5a3-562287ab5706", "title": "Yasr \u2013 Yet Another Stars Rating <= 2.9.9 - Cross-Site Scripting via source", "software": [ { "type": "plugin", "name": "YASR \u2013 Yet Another Star Rating Plugin for WordPress", "slug": "yet-another-stars-rating", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cabe5d20-710c-47d7-a5a3-562287ab5706?source=api-scan" ], "published": "2022-02-03 21:54:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cabf7aae-0673-4358-a2df-0ca22c8432b5": { "id": "cabf7aae-0673-4358-a2df-0ca22c8432b5", "title": "Ditty <= 3.1.24 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "[*, 3.1.25)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cabf7aae-0673-4358-a2df-0ca22c8432b5?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cac2a45e-f09e-4639-9a45-68d528a5094e": { "id": "cac2a45e-f09e-4639-9a45-68d528a5094e", "title": "Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Shariff Wrapper", "slug": "shariff", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cac2a45e-f09e-4639-9a45-68d528a5094e?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cac4482e-bdf8-434a-ad22-ca2eeec15906": { "id": "cac4482e-bdf8-434a-ad22-ca2eeec15906", "title": "NiceJob <= 3.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NiceJob", "slug": "nicejob", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cac4482e-bdf8-434a-ad22-ca2eeec15906?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cac4608e-9eee-4e36-b219-a6133bac8a5f": { "id": "cac4608e-9eee-4e36-b219-a6133bac8a5f", "title": "Premium Blocks \u2013 Gutenberg Blocks for WordPress <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Blocks \u2013 Gutenberg Blocks for WordPress", "slug": "premium-blocks-for-gutenberg", "affected_versions": { "* - 2.1.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cac4608e-9eee-4e36-b219-a6133bac8a5f?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cac9614d-3fe5-4657-af6b-81acb71f51f1": { "id": "cac9614d-3fe5-4657-af6b-81acb71f51f1", "title": "My Calendar <= 3.2.17 - Subscriber+ Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.2.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cac9614d-3fe5-4657-af6b-81acb71f51f1?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cacd31bd-ccc6-49fa-89f1-09f3c5cd9072": { "id": "cacd31bd-ccc6-49fa-89f1-09f3c5cd9072", "title": "Captcha 4.3.6 - 4.4.4 - Plugin Backdoor", "software": [ { "type": "plugin", "name": "Captcha", "slug": "captcha", "affected_versions": { "4.3.6 - 4.4.4": { "from_version": "4.3.6", "from_inclusive": true, "to_version": "4.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cacd31bd-ccc6-49fa-89f1-09f3c5cd9072?source=api-scan" ], "published": "2017-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cace29fd-95d0-48ea-8dfa-6fd12dd9ccbf": { "id": "cace29fd-95d0-48ea-8dfa-6fd12dd9ccbf", "title": "Download Manager <= 3.2.43 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.43": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cace29fd-95d0-48ea-8dfa-6fd12dd9ccbf?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cad19306-6eef-4f80-9442-e7b314b3a873": { "id": "cad19306-6eef-4f80-9442-e7b314b3a873", "title": "Bulk Edit Post Titles <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles", "software": [ { "type": "plugin", "name": "Bulk Edit Post Titles", "slug": "bulk-edit-post-titles", "affected_versions": { "* - 5.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cad19306-6eef-4f80-9442-e7b314b3a873?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cad4300f-02f9-4c9f-9bb3-1c9da8b78ac9": { "id": "cad4300f-02f9-4c9f-9bb3-1c9da8b78ac9", "title": "WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Simple Booking Calendar", "slug": "wp-simple-booking-calendar", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cad4300f-02f9-4c9f-9bb3-1c9da8b78ac9?source=api-scan" ], "published": "2024-09-12 18:24:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cad4c72d-9374-410a-91b7-5e9aff01738b": { "id": "cad4c72d-9374-410a-91b7-5e9aff01738b", "title": "MainWP Boilerplate Extension <= 4.1 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "MainWP Boilerplate Extension", "slug": "boilerplate-extension", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cad4c72d-9374-410a-91b7-5e9aff01738b?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cad5274f-0d73-425d-bdfb-478c77d55d6c": { "id": "cad5274f-0d73-425d-bdfb-478c77d55d6c", "title": "WordPress Download Manager <= 2.9.96 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.9.97)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.97", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cad5274f-0d73-425d-bdfb-478c77d55d6c?source=api-scan" ], "published": "2019-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cad7731a-1f81-4055-9b49-15b35edd3fcf": { "id": "cad7731a-1f81-4055-9b49-15b35edd3fcf", "title": "Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload", "software": [ { "type": "plugin", "name": "Hash Form \u2013 Drag & Drop Form Builder", "slug": "hash-form", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cad7731a-1f81-4055-9b49-15b35edd3fcf?source=api-scan" ], "published": "2024-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cadd47e9-1d5b-4f04-8421-7707dad53ea6": { "id": "cadd47e9-1d5b-4f04-8421-7707dad53ea6", "title": "Google Forms <= 0.90 - Unauthenticated PHP Object injection", "software": [ { "type": "plugin", "name": "Google Forms", "slug": "wpgform", "affected_versions": { "[*, 0.91)": { "from_version": "*", "from_inclusive": true, "to_version": "0.91", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cadd47e9-1d5b-4f04-8421-7707dad53ea6?source=api-scan" ], "published": "2017-01-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cae15a1c-63bc-4349-aba3-7f34737d6045": { "id": "cae15a1c-63bc-4349-aba3-7f34737d6045", "title": "Ninja Forms \u2013 The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cae15a1c-63bc-4349-aba3-7f34737d6045?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cae1e209-96f3-49ed-a233-768db8e36c5b": { "id": "cae1e209-96f3-49ed-a233-768db8e36c5b", "title": "Event Management, Events Calendar, RSVP Event Tickets Plugin <= 3.8.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSVP and Event Tickets, Event Management, Events Calendar Plugin", "slug": "wp-easy-events", "affected_versions": { "* - 3.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cae1e209-96f3-49ed-a233-768db8e36c5b?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cae1e984-95b2-4b76-b6b3-563dc3104a72": { "id": "cae1e984-95b2-4b76-b6b3-563dc3104a72", "title": "Woo Custom Checkout Field < 1.3.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woo Custom Checkout Field", "slug": "woo-custom-checkout-field", "affected_versions": { "[*, 1.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cae1e984-95b2-4b76-b6b3-563dc3104a72?source=api-scan" ], "published": "2016-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cae1f5c7-ae91-4f45-8b4f-b2be89d36437": { "id": "cae1f5c7-ae91-4f45-8b4f-b2be89d36437", "title": "Video Lead Form < 0.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Lead Form", "slug": "video-lead-form", "affected_versions": { "[*, 0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cae1f5c7-ae91-4f45-8b4f-b2be89d36437?source=api-scan" ], "published": "2012-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cae284dd-34e0-4dc5-a954-b37935f3cfbc": { "id": "cae284dd-34e0-4dc5-a954-b37935f3cfbc", "title": "Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Awin Data Feed", "slug": "awin-data-feed", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cae284dd-34e0-4dc5-a954-b37935f3cfbc?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cae6e8b9-a8a9-41d3-83e8-d833515a0244": { "id": "cae6e8b9-a8a9-41d3-83e8-d833515a0244", "title": "Taggbox <= 3.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Tagbox \u2013 UGC Galleries, Social Media Widgets, User Reviews & Analytics", "slug": "taggbox-widget", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cae6e8b9-a8a9-41d3-83e8-d833515a0244?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cae72c7e-9bc8-40a7-b125-c9e8c86b14bf": { "id": "cae72c7e-9bc8-40a7-b125-c9e8c86b14bf", "title": "Advance Search <= 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Search", "slug": "advance-search", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cae72c7e-9bc8-40a7-b125-c9e8c86b14bf?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cae74177-7bfc-4fe2-9d45-0bc567a17909": { "id": "cae74177-7bfc-4fe2-9d45-0bc567a17909", "title": "White Label CMS <= 2.4 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "White Label CMS", "slug": "white-label-cms", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cae74177-7bfc-4fe2-9d45-0bc567a17909?source=api-scan" ], "published": "2022-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caf0d33d-4bfd-460f-b21c-df36b1452b2e": { "id": "caf0d33d-4bfd-460f-b21c-df36b1452b2e", "title": "Code Snippets <= 2.14.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Code Snippets", "slug": "code-snippets", "affected_versions": { "* - 2.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.14.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caf0d33d-4bfd-460f-b21c-df36b1452b2e?source=api-scan" ], "published": "2022-05-18 13:17:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caf61bf9-4b0f-450a-b571-b0fec42e9e39": { "id": "caf61bf9-4b0f-450a-b571-b0fec42e9e39", "title": "Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Cross-Site Request Forgery to Arbitrary Ban Deletion", "software": [ { "type": "plugin", "name": "Ad Invalid Click Protector (AICP)", "slug": "ad-invalid-click-protector", "affected_versions": { "* - 1.2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caf61bf9-4b0f-450a-b571-b0fec42e9e39?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caf879a7-650e-4c70-b23a-51cac00f0cc6": { "id": "caf879a7-650e-4c70-b23a-51cac00f0cc6", "title": "5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg <= 1.2.67 - Missing Authorization", "software": [ { "type": "plugin", "name": "Build 5 Star Reviews on Google Reviews, Yelp, Facebook\u2026 easily and risk-free | RRatingg", "slug": "5-stars-rating-funnel", "affected_versions": { "[*, 1.3.02)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.02", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caf879a7-650e-4c70-b23a-51cac00f0cc6?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "caff9be6-4161-47a0-ba47-6c8fc0c4ab40": { "id": "caff9be6-4161-47a0-ba47-6c8fc0c4ab40", "title": "WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending", "software": [ { "type": "plugin", "name": "WP 2FA \u2013 Two-factor authentication for WordPress", "slug": "wp-2fa", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/caff9be6-4161-47a0-ba47-6c8fc0c4ab40?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb0261c6-0477-4769-b92a-b49a192df4bb": { "id": "cb0261c6-0477-4769-b92a-b49a192df4bb", "title": "Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.31": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb0261c6-0477-4769-b92a-b49a192df4bb?source=api-scan" ], "published": "2024-05-30 17:09:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb072bfa-991a-4839-996d-fdc803427076": { "id": "cb072bfa-991a-4839-996d-fdc803427076", "title": "WordPress Core < 2.8.1 - Open Redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb072bfa-991a-4839-996d-fdc803427076?source=api-scan" ], "published": "2008-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb08cf02-4766-4093-9306-3b4581f54f77": { "id": "cb08cf02-4766-4093-9306-3b4581f54f77", "title": "Responsive Image Gallery, Gallery Album <= 2.0.3 - Missing Authorization via Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb08cf02-4766-4093-9306-3b4581f54f77?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb0ac434-7e85-44d4-b21e-df462f63cd9c": { "id": "cb0ac434-7e85-44d4-b21e-df462f63cd9c", "title": "Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.976": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.976", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.977" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb0ac434-7e85-44d4-b21e-df462f63cd9c?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb0fee1c-9dac-497c-a364-3b616e4b8ac0": { "id": "cb0fee1c-9dac-497c-a364-3b616e4b8ac0", "title": "PixelYourSite \u2013 Your smart PIXEL (TAG) Manager <= 9.6.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager", "slug": "pixelyoursite", "affected_versions": { "* - 9.6.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb0fee1c-9dac-497c-a364-3b616e4b8ac0?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb102a58-2fc0-4441-8f51-a6109e323878": { "id": "cb102a58-2fc0-4441-8f51-a6109e323878", "title": "WP Photo Album Plus <= 1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb102a58-2fc0-4441-8f51-a6109e323878?source=api-scan" ], "published": "2008-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb105ff0-5085-4813-81a6-b1f0798d576c": { "id": "cb105ff0-5085-4813-81a6-b1f0798d576c", "title": "MainWP (Various extensions) - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MainWP Wordfence Extension", "slug": "mainwp-wordfence-extension", "affected_versions": { "* - 4.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.8" ] }, { "type": "plugin", "name": "MainWP iThemes Security Extension", "slug": "mainwp-ithemes-security-extension", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] }, { "type": "plugin", "name": "MainWP File Uploader Extension", "slug": "mainwp-file-uploader-extension", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] }, { "type": "plugin", "name": "MainWP Code Snippets Extension", "slug": "mainwp-code-snippets-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "MainWP Post Plus Extension", "slug": "mainwp-post-plus-extension", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] }, { "type": "plugin", "name": "MainWP WordPress SEO Extension", "slug": "mainwp-seo-extension", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "MainWP Maintenance Extension", "slug": "mainwp-maintenance-extension", "affected_versions": { "* - 4.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] }, { "type": "plugin", "name": "MainWP Page Speed Extension", "slug": "mainwp-page-speed-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "MainWP Clone Extension", "slug": "mainwp-clone-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "MainWP Article Uploader Extension", "slug": "mainwp-article-uploader-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "MainWP Broken Link Checker", "slug": "mainwp-broken-links-checker-extension", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "MainWP Comments Extension", "slug": "mainwp-comments-extension", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] }, { "type": "plugin", "name": "MainWP UpdraftPlus Extension", "slug": "mainwp-updraftplus-extension", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] }, { "type": "plugin", "name": "MainWP Favorites Extension", "slug": "mainwp-favorites-extension", "affected_versions": { "* - 4.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.11" ] }, { "type": "plugin", "name": "MainWP Staging Extension", "slug": "mainwp-staging-extension", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] }, { "type": "plugin", "name": "MainWP Boilerplate Extension", "slug": "boilerplate-extension", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] }, { "type": "plugin", "name": "MainWP BlogVault Backup Extension", "slug": "mainwp-blogvault-backup-extension", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.2" ] }, { "type": "plugin", "name": "MainWP Google Analytics Extension", "slug": "mainwp-google-analytics-extension", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] }, { "type": "plugin", "name": "MainWP Buddy Extension", "slug": "mainwp-buddy-extension", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "MainWP Post Dripper Extension", "slug": "mainwp-post-dripper-extension", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] }, { "type": "plugin", "name": "MainWP Rocket Extension", "slug": "mainwp-rocket-extension", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb105ff0-5085-4813-81a6-b1f0798d576c?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb1105fc-ed12-4a82-9cc4-4b45aa34cdc5": { "id": "cb1105fc-ed12-4a82-9cc4-4b45aa34cdc5", "title": "Thumbs Rating <= 5.0.0 - Race Condition", "software": [ { "type": "plugin", "name": "Thumbs Rating", "slug": "thumbs-rating", "affected_versions": { "* - 5.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb1105fc-ed12-4a82-9cc4-4b45aa34cdc5?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb112c12-2587-46de-a688-d0f04e1ec431": { "id": "cb112c12-2587-46de-a688-d0f04e1ec431", "title": "WP Google Analytics Events <= 2.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Google Analytics Events \u2013 No-Code Custom Event Tracking for Google Analytics", "slug": "wp-google-analytics-events", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb112c12-2587-46de-a688-d0f04e1ec431?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb148264-c75e-4e73-95d7-3a06cdd8990e": { "id": "cb148264-c75e-4e73-95d7-3a06cdd8990e", "title": "Login Configurator <= 2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login Configurator", "slug": "login-configurator", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb148264-c75e-4e73-95d7-3a06cdd8990e?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb1576f8-0586-4ad8-befb-b502d30fab52": { "id": "cb1576f8-0586-4ad8-befb-b502d30fab52", "title": "CM Tooltip Glossary \u2013 Better SEO and UEX for your WP site <= 3.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Tooltip Glossary", "slug": "enhanced-tooltipglossary", "affected_versions": { "[*, 3.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb1576f8-0586-4ad8-befb-b502d30fab52?source=api-scan" ], "published": "2016-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb18d6d8-28e5-4125-9209-a71403f678f0": { "id": "cb18d6d8-28e5-4125-9209-a71403f678f0", "title": "Form Block <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Form Block", "slug": "form-block", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb18d6d8-28e5-4125-9209-a71403f678f0?source=api-scan" ], "published": "2023-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb1db880-0942-4fac-a548-8b6a28dce8c0": { "id": "cb1db880-0942-4fac-a548-8b6a28dce8c0", "title": "Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection", "software": [ { "type": "theme", "name": "Woodmart", "slug": "woodmart", "affected_versions": { "* - 7.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb1db880-0942-4fac-a548-8b6a28dce8c0?source=api-scan" ], "published": "2023-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb1dc7e4-a339-4760-9f63-aaa6590bd5e0": { "id": "cb1dc7e4-a339-4760-9f63-aaa6590bd5e0", "title": "GigPress <= 2.3.28 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "GigPress", "slug": "gigpress", "affected_versions": { "* - 2.3.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb1dc7e4-a339-4760-9f63-aaa6590bd5e0?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb2829eb-3079-429e-ab0f-e23a2c32d616": { "id": "cb2829eb-3079-429e-ab0f-e23a2c32d616", "title": "WP Post Disclaimer <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Post Disclaimer", "slug": "wp-post-disclaimer", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb2829eb-3079-429e-ab0f-e23a2c32d616?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb2e9370-f50e-4792-99f6-4678e0256a56": { "id": "cb2e9370-f50e-4792-99f6-4678e0256a56", "title": "Gallery Bank \u2013 WordPress Photo Gallery Plugin < 3.0.61 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Gallery Bank \u2013 WordPress Photo Gallery Plugin", "slug": "gallery-bank", "affected_versions": { "[*, 3.0.61)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.61", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb2e9370-f50e-4792-99f6-4678e0256a56?source=api-scan" ], "published": "2014-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb2f764f-1e50-4e42-9b70-88f9967906fd": { "id": "cb2f764f-1e50-4e42-9b70-88f9967906fd", "title": "WP File Download Light <= 1.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP File Download Light", "slug": "wp-file-download-light", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb2f764f-1e50-4e42-9b70-88f9967906fd?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb334b74-5561-4ac7-b321-397600e26d06": { "id": "cb334b74-5561-4ac7-b321-397600e26d06", "title": "Motors \u2013 Car Dealer, Classifieds & Listing <= 1.4.3 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Motors \u2013 Car Dealer, Classifieds & Listing", "slug": "motors-car-dealership-classified-listings", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb334b74-5561-4ac7-b321-397600e26d06?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb37b784-b1ff-4cee-889d-751218e5b95d": { "id": "cb37b784-b1ff-4cee-889d-751218e5b95d", "title": "WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress Popular Posts", "slug": "wordpress-popular-posts", "affected_versions": { "* - 5.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb37b784-b1ff-4cee-889d-751218e5b95d?source=api-scan" ], "published": "2021-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb38d3bc-ae82-40ef-b20d-525d51432b1c": { "id": "cb38d3bc-ae82-40ef-b20d-525d51432b1c", "title": "ImageInject <= 1.15 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ImageInject", "slug": "wp-inject", "affected_versions": { "* - 1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb38d3bc-ae82-40ef-b20d-525d51432b1c?source=api-scan" ], "published": "2018-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb427792-8675-4c38-a4e6-ba2b8091003f": { "id": "cb427792-8675-4c38-a4e6-ba2b8091003f", "title": "TinyMCE Advanced <= 4.1.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Editor Tools", "slug": "tinymce-advanced", "affected_versions": { "[*, 4.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb427792-8675-4c38-a4e6-ba2b8091003f?source=api-scan" ], "published": "2014-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb4681a5-d722-4585-97d3-370938c079a2": { "id": "cb4681a5-d722-4585-97d3-370938c079a2", "title": "WP Table Builder \u2013 WordPress Table Plugin <= 1.3.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Table Builder \u2013 WordPress Table Plugin", "slug": "wp-table-builder", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb4681a5-d722-4585-97d3-370938c079a2?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb47b6cc-87e4-4d29-bbc7-6d7552bc3943": { "id": "cb47b6cc-87e4-4d29-bbc7-6d7552bc3943", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Deactivation", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb47b6cc-87e4-4d29-bbc7-6d7552bc3943?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb4bb127-360d-4f17-9da9-f7be17140ff3": { "id": "cb4bb127-360d-4f17-9da9-f7be17140ff3", "title": "Full Width Banner Slider Wp <= 1.1.7 - Reflected Cross-Site Scripting via search_term", "software": [ { "type": "plugin", "name": "Full Width Banner Slider Wp", "slug": "full-width-responsive-slider-wp", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb4bb127-360d-4f17-9da9-f7be17140ff3?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb4e3b3c-20f4-4591-af0a-539b405d675e": { "id": "cb4e3b3c-20f4-4591-af0a-539b405d675e", "title": "Ultimate Product Catalog < 4.2.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "[*, 4.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb4e3b3c-20f4-4591-af0a-539b405d675e?source=api-scan" ], "published": "2017-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb4eb28a-3dd5-4d8d-bef0-53cee7285180": { "id": "cb4eb28a-3dd5-4d8d-bef0-53cee7285180", "title": "Simple Counter <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Simple Counter", "slug": "abwp-simple-counter", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb4eb28a-3dd5-4d8d-bef0-53cee7285180?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb51383f-03c8-4e81-bfed-40fd9f5c4d20": { "id": "cb51383f-03c8-4e81-bfed-40fd9f5c4d20", "title": "AutomateWoo <= 5.7.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "AutomateWoo", "slug": "automatewoo", "affected_versions": { "* - 5.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb51383f-03c8-4e81-bfed-40fd9f5c4d20?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb56b00c-31dd-4076-aeaf-9b249f04f1c6": { "id": "cb56b00c-31dd-4076-aeaf-9b249f04f1c6", "title": "WBW Currency Switcher <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WBW Currency Switcher for WooCommerce", "slug": "woo-currency", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb56b00c-31dd-4076-aeaf-9b249f04f1c6?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb5c08ea-1321-42f8-aea2-49661396311b": { "id": "cb5c08ea-1321-42f8-aea2-49661396311b", "title": "RSS Includes Pages <= 3.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSS Includes Pages", "slug": "rss-includes-pages", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb5c08ea-1321-42f8-aea2-49661396311b?source=api-scan" ], "published": "2017-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb5c5e82-d6e5-4237-958f-12fc4698e77e": { "id": "cb5c5e82-d6e5-4237-958f-12fc4698e77e", "title": "Resoto <= 1.0.8 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Resoto", "slug": "resoto", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb5c5e82-d6e5-4237-958f-12fc4698e77e?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb5cb1a5-30d2-434f-90f9-d37aecfbe158": { "id": "cb5cb1a5-30d2-434f-90f9-d37aecfbe158", "title": "MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb5cb1a5-30d2-434f-90f9-d37aecfbe158?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb5d3d64-a465-4c26-9cf7-7acc7dab862a": { "id": "cb5d3d64-a465-4c26-9cf7-7acc7dab862a", "title": "Spicy Blogroll <= 1.0.0 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Spicy Blogroll", "slug": "spicy-blogroll", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb5d3d64-a465-4c26-9cf7-7acc7dab862a?source=api-scan" ], "published": "2013-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb62eefe-9993-43f7-b3ae-de47c0951bee": { "id": "cb62eefe-9993-43f7-b3ae-de47c0951bee", "title": "WPFactory Helper <= 1.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFactory Helper", "slug": "wpcodefactory-helper", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb62eefe-9993-43f7-b3ae-de47c0951bee?source=api-scan" ], "published": "2024-09-12 15:26:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb6457ea-6353-4a69-ad72-cd5acd47ed8c": { "id": "cb6457ea-6353-4a69-ad72-cd5acd47ed8c", "title": "Yoast SEO: Local <= 14.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO: Local", "slug": "wpseo-local", "affected_versions": { "* - 14.9": { "from_version": "*", "from_inclusive": true, "to_version": "14.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb6457ea-6353-4a69-ad72-cd5acd47ed8c?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb64952e-170e-47c5-87fd-d2ec60192b65": { "id": "cb64952e-170e-47c5-87fd-d2ec60192b65", "title": "Magical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )", "slug": "magical-addons-for-elementor", "affected_versions": { "* - 1.1.39": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb64952e-170e-47c5-87fd-d2ec60192b65?source=api-scan" ], "published": "2024-06-05 15:35:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb649fb2-2d0e-4fe3-89d5-90bcbc0bcfcf": { "id": "cb649fb2-2d0e-4fe3-89d5-90bcbc0bcfcf", "title": "Popup Maker <= 1.17.1 - Missing Authorization via save_popup_enabled_state", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.17.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb649fb2-2d0e-4fe3-89d5-90bcbc0bcfcf?source=api-scan" ], "published": "2023-03-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb68f328-3090-487e-bb1f-95fe1571abd0": { "id": "cb68f328-3090-487e-bb1f-95fe1571abd0", "title": "wpDataTables Lite plugin <= 2.0.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb68f328-3090-487e-bb1f-95fe1571abd0?source=api-scan" ], "published": "2019-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb6bfe31-0c90-4aca-8165-b30507f18ea5": { "id": "cb6bfe31-0c90-4aca-8165-b30507f18ea5", "title": "Multivendor Marketplace Solution for WooCommerce \u2013 WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "[*, 3.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb6bfe31-0c90-4aca-8165-b30507f18ea5?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb6d11ad-0983-4a4b-b52b-824eae8b8e3c": { "id": "cb6d11ad-0983-4a4b-b52b-824eae8b8e3c", "title": "Google Maps Plugin by Intergeo <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Google Maps Plugin by Intergeo", "slug": "intergeo-maps", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb6d11ad-0983-4a4b-b52b-824eae8b8e3c?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb6de4da-0d60-4332-be25-5521e430a4fa": { "id": "cb6de4da-0d60-4332-be25-5521e430a4fa", "title": "Use Any Font <= 6.2.0 - Unauthenticated Arbitrary CSS Appending", "software": [ { "type": "plugin", "name": "Use Any Font | Custom Font Uploader", "slug": "use-any-font", "affected_versions": { "[*, 6.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb6de4da-0d60-4332-be25-5521e430a4fa?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb714378-ed60-4bf1-8c9c-b37515ddb353": { "id": "cb714378-ed60-4bf1-8c9c-b37515ddb353", "title": "Erident Custom Login and Dashboard <= 3.5.8 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Erident Custom Login and Dashboard", "slug": "erident-custom-login-and-dashboard", "affected_versions": { "* - 3.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb714378-ed60-4bf1-8c9c-b37515ddb353?source=api-scan" ], "published": "2021-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb7316cd-8a15-4b81-b57c-b8e4adcaf1ef": { "id": "cb7316cd-8a15-4b81-b57c-b8e4adcaf1ef", "title": "WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WHA Crossword", "slug": "wha-crossword", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb7316cd-8a15-4b81-b57c-b8e4adcaf1ef?source=api-scan" ], "published": "2022-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb7335c0-b6ed-43bb-91b7-870093d14cb8": { "id": "cb7335c0-b6ed-43bb-91b7-870093d14cb8", "title": "Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Image Regenerate & Select Crop", "slug": "image-regenerate-select-crop", "affected_versions": { "* - 7.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb7335c0-b6ed-43bb-91b7-870093d14cb8?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb73e92b-b807-4406-b378-cef6cff9eb82": { "id": "cb73e92b-b807-4406-b378-cef6cff9eb82", "title": "Mortgage Calculator Estatik <= 2.0.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Estatik Mortgage Calculator", "slug": "estatik-mortgage-calculator", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb73e92b-b807-4406-b378-cef6cff9eb82?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb75b6ba-feb7-4e18-91f6-7ca1e90ef039": { "id": "cb75b6ba-feb7-4e18-91f6-7ca1e90ef039", "title": "ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ImageLinks Interactive Image Builder for WordPress", "slug": "imagelinks-interactive-image-builder-lite", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb75b6ba-feb7-4e18-91f6-7ca1e90ef039?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb7ec7ad-797b-4a5c-9b1c-31284083faef": { "id": "cb7ec7ad-797b-4a5c-9b1c-31284083faef", "title": "GiveWP <= 2.25.1 - Cross-Site Request Forgery via save", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb7ec7ad-797b-4a5c-9b1c-31284083faef?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb823899-e90d-4857-9f72-aa7fe60aaca2": { "id": "cb823899-e90d-4857-9f72-aa7fe60aaca2", "title": "Jibu Pro <= 1.7 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jibu Pro", "slug": "jibu-pro", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb823899-e90d-4857-9f72-aa7fe60aaca2?source=api-scan" ], "published": "2018-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb855743-1d08-4e21-a23c-a4ffba615f57": { "id": "cb855743-1d08-4e21-a23c-a4ffba615f57", "title": "NextGen Gallery <= 2.0 - Path Traversal", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb855743-1d08-4e21-a23c-a4ffba615f57?source=api-scan" ], "published": "2014-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb866476-14c0-4ade-90b0-670418b397fb": { "id": "cb866476-14c0-4ade-90b0-670418b397fb", "title": "Webapp builder 2.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "webapp-builder", "slug": "webapp-builder", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb866476-14c0-4ade-90b0-670418b397fb?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb879587-6210-4e23-8f02-9ce93a271962": { "id": "cb879587-6210-4e23-8f02-9ce93a271962", "title": "Flexible Shipping <= 4.24.15 - Missing Authorization", "software": [ { "type": "plugin", "name": "Table Rate Shipping Method for WooCommerce by Flexible Shipping", "slug": "flexible-shipping", "affected_versions": { "* - 4.24.15": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb879587-6210-4e23-8f02-9ce93a271962?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb8c80fc-3b51-4003-b221-6f02e74bead0": { "id": "cb8c80fc-3b51-4003-b221-6f02e74bead0", "title": "Limit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limit Login Attempts", "slug": "limit-login-attempts", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb8ecbbc-ada9-4887-92e6-25a587ecfb84": { "id": "cb8ecbbc-ada9-4887-92e6-25a587ecfb84", "title": "WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author", "software": [ { "type": "plugin", "name": "WPBakery Visual Composer", "slug": "js_composer", "affected_versions": { "* - 7.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb8ecbbc-ada9-4887-92e6-25a587ecfb84?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb8eea53-64d1-4375-9364-292b96080f68": { "id": "cb8eea53-64d1-4375-9364-292b96080f68", "title": "Slider Revolution <= 4.1.4 - Directory Traversal", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb8eea53-64d1-4375-9364-292b96080f68?source=api-scan" ], "published": "2014-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb91188b-71df-4aee-98f1-b77e0a33e01c": { "id": "cb91188b-71df-4aee-98f1-b77e0a33e01c", "title": "ActiveHelper LiveHelp Live Chat < 3.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ActiveHelper LiveHelp Live Chat", "slug": "activehelper-livehelp", "affected_versions": { "[*, 3.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb91188b-71df-4aee-98f1-b77e0a33e01c?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb93a5f2-9bcf-4b06-aad7-ba36c7dea714": { "id": "cb93a5f2-9bcf-4b06-aad7-ba36c7dea714", "title": "Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg", "slug": "borderless", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb93a5f2-9bcf-4b06-aad7-ba36c7dea714?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cb9ca8e0-741c-4763-b677-61f16e5a3b50": { "id": "cb9ca8e0-741c-4763-b677-61f16e5a3b50", "title": "Event Monster <= 1.2.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event", "slug": "event-monster", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cb9ca8e0-741c-4763-b677-61f16e5a3b50?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cba77ced-412e-4461-8d2a-980371c78a17": { "id": "cba77ced-412e-4461-8d2a-980371c78a17", "title": "Dashboard Widgets Suite <= 3.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dashboard Widgets Suite", "slug": "dashboard-widgets-suite", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cba77ced-412e-4461-8d2a-980371c78a17?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbaa95d4-899f-49a0-a888-4ffee61c0335": { "id": "cbaa95d4-899f-49a0-a888-4ffee61c0335", "title": "Simple LDAP Login <= 1.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple LDAP Login", "slug": "simple-ldap-login", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbaa95d4-899f-49a0-a888-4ffee61c0335?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbafdc15-cf42-4a12-bd79-5c602ce10625": { "id": "cbafdc15-cf42-4a12-bd79-5c602ce10625", "title": "Libsyn Publisher Hub <= 1.3.2 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Libsyn Publisher Hub", "slug": "libsyn-podcasting", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbafdc15-cf42-4a12-bd79-5c602ce10625?source=api-scan" ], "published": "2023-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbb31cc2-d221-4e2c-a4de-e954d3c9069d": { "id": "cbb31cc2-d221-4e2c-a4de-e954d3c9069d", "title": "Kenta Blocks \u2013 Responsive Blocks and block templates library <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kenta Blocks \u2013 Responsive Blocks and block templates library", "slug": "kenta-blocks", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbb31cc2-d221-4e2c-a4de-e954d3c9069d?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbb3bd9b-ac1f-4488-931f-2ba37576df2d": { "id": "cbb3bd9b-ac1f-4488-931f-2ba37576df2d", "title": "Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget", "software": [ { "type": "plugin", "name": "Futurio Extra", "slug": "futurio-extra", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbb3bd9b-ac1f-4488-931f-2ba37576df2d?source=api-scan" ], "published": "2024-06-11 08:10:30", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbb51383-1eab-4490-aa4c-bd1488312400": { "id": "cbb51383-1eab-4490-aa4c-bd1488312400", "title": "Trust Payments Gateway (3DS2) <= 1.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Trust Payments Gateway for WooCommerce (JavaScript Library)", "slug": "trust-payments-gateway-3ds2", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbb51383-1eab-4490-aa4c-bd1488312400?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbb5e80a-4dfe-429c-96c1-7fab52e0ce21": { "id": "cbb5e80a-4dfe-429c-96c1-7fab52e0ce21", "title": "Contact Form Widget <= 1.4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form Widget \u2013 Contact Query, Contact Page, Form Maker, Query Table", "slug": "new-contact-form-widget", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbb5e80a-4dfe-429c-96c1-7fab52e0ce21?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbb8501e-7e8b-4ed6-8792-c685a69de982": { "id": "cbb8501e-7e8b-4ed6-8792-c685a69de982", "title": "Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 5.0.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbb8501e-7e8b-4ed6-8792-c685a69de982?source=api-scan" ], "published": "2023-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbbf9fbb-74fd-42eb-a781-2a720fe56b13": { "id": "cbbf9fbb-74fd-42eb-a781-2a720fe56b13", "title": "WP Compress \u2013 Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css", "software": [ { "type": "plugin", "name": "WP Compress \u2013 Instant Performance & Speed Optimization", "slug": "wp-compress-image-optimizer", "affected_versions": { "* - 6.20.01": { "from_version": "*", "from_inclusive": true, "to_version": "6.20.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.20.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbbf9fbb-74fd-42eb-a781-2a720fe56b13?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbc3fa27-630d-4048-b727-903da09ad644": { "id": "cbc3fa27-630d-4048-b727-903da09ad644", "title": "OneClick Chat to Order <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OneClick Chat to Order", "slug": "oneclick-whatsapp-order", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbc3fa27-630d-4048-b727-903da09ad644?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbca88e0-1563-43cb-adf4-4f89856a07d0": { "id": "cbca88e0-1563-43cb-adf4-4f89856a07d0", "title": "Dan's Embedder for Google Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Dan's Embedder for Google Calendar", "slug": "dans-gcal", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbca88e0-1563-43cb-adf4-4f89856a07d0?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbcb1acb-1784-4ba2-83de-0fb89f5bd4d5": { "id": "cbcb1acb-1784-4ba2-83de-0fb89f5bd4d5", "title": "Da Reactions <= 5.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Da Reactions", "slug": "da-reactions", "affected_versions": { "* - 5.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbcb1acb-1784-4ba2-83de-0fb89f5bd4d5?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbce42a0-29a7-40df-973c-1fe7338f6c94": { "id": "cbce42a0-29a7-40df-973c-1fe7338f6c94", "title": "SendPress Newsletters <= 1.22.3.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "SendPress Newsletters", "slug": "sendpress", "affected_versions": { "* - 1.22.3.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.3.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.11.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbce42a0-29a7-40df-973c-1fe7338f6c94?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbcf3487-c1d4-4173-b197-1dd381990eb7": { "id": "cbcf3487-c1d4-4173-b197-1dd381990eb7", "title": "WP Emoji One <= 0.6.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Emoji One", "slug": "wp-emoji-one", "affected_versions": { "* - 0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbcf3487-c1d4-4173-b197-1dd381990eb7?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbcf65b9-0114-46e6-a51f-61d606c68e5c": { "id": "cbcf65b9-0114-46e6-a51f-61d606c68e5c", "title": "Live Chat from ClickDesk \u2013 Live Chat \u2013 Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Live Chat from ClickDesk \u2013 Live Chat \u2013 Help Desk Plugin for Websites", "slug": "clickdesk-live-support-chat-plugin", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbcf65b9-0114-46e6-a51f-61d606c68e5c?source=api-scan" ], "published": "2011-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbd42fc4-ab4a-4053-b765-18272eacd2bc": { "id": "cbd42fc4-ab4a-4053-b765-18272eacd2bc", "title": "Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.7.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbd42fc4-ab4a-4053-b765-18272eacd2bc?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbd4983f-bf92-45c3-95a6-6f5e39bca228": { "id": "cbd4983f-bf92-45c3-95a6-6f5e39bca228", "title": "Google Map Shortcode <= 3.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Map Shortcode", "slug": "google-map-shortcode", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbd4983f-bf92-45c3-95a6-6f5e39bca228?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbd4f08c-9989-4af9-b615-1db82909a1db": { "id": "cbd4f08c-9989-4af9-b615-1db82909a1db", "title": "Import any XML or CSV File to WordPress <= 3.6.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "[*, 3.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbd4f08c-9989-4af9-b615-1db82909a1db?source=api-scan" ], "published": "2021-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbd5dc98-ac5b-4548-9f98-faa91f5b1e2b": { "id": "cbd5dc98-ac5b-4548-9f98-faa91f5b1e2b", "title": "Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cool Tag Cloud", "slug": "cool-tag-cloud", "affected_versions": { "* - 2.25": { "from_version": "*", "from_inclusive": true, "to_version": "2.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbd5dc98-ac5b-4548-9f98-faa91f5b1e2b?source=api-scan" ], "published": "2021-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbd8d37d-50f7-4480-acef-cdec33c9f07f": { "id": "cbd8d37d-50f7-4480-acef-cdec33c9f07f", "title": "WP Attachment Export < 0.2.4 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "WP Attachment Export", "slug": "wp-attachment-export", "affected_versions": { "[*, 0.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbd8d37d-50f7-4480-acef-cdec33c9f07f?source=api-scan" ], "published": "2015-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbdb3be2-50c5-4516-bce1-8785e338fe5c": { "id": "cbdb3be2-50c5-4516-bce1-8785e338fe5c", "title": "Tidio \u2013 Live Chat, Chatbots & Email Integration <= 5.2.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Tidio \u2013 Live Chat & AI Chatbots", "slug": "tidio-live-chat", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbdb3be2-50c5-4516-bce1-8785e338fe5c?source=api-scan" ], "published": "2022-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbdfef0e-aadd-456b-84f6-ecd626400cbe": { "id": "cbdfef0e-aadd-456b-84f6-ecd626400cbe", "title": "Videopack (formerly Video Embed & Thumbnail Generator) < 2.0 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Videopack", "slug": "video-embed-thumbnail-generator", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbdfef0e-aadd-456b-84f6-ecd626400cbe?source=api-scan" ], "published": "2012-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbe7a209-d5c8-4616-bdcb-c52569231774": { "id": "cbe7a209-d5c8-4616-bdcb-c52569231774", "title": "WP Mobile Menu <= 2.8.4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu", "slug": "mobile-menu", "affected_versions": { "* - 2.8.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbe7a209-d5c8-4616-bdcb-c52569231774?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbf193ef-e172-4fe3-9bff-b5cbac9adb54": { "id": "cbf193ef-e172-4fe3-9bff-b5cbac9adb54", "title": "illi Link Party! <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "illi Link Party!", "slug": "link-party", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbf193ef-e172-4fe3-9bff-b5cbac9adb54?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbf8a398-334b-4b89-8a39-b8f0032fefc7": { "id": "cbf8a398-334b-4b89-8a39-b8f0032fefc7", "title": "Transposh WordPress Translation <= 1.0.8.1 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbf8a398-334b-4b89-8a39-b8f0032fefc7?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbfbb06c-f048-4912-9ff7-59aa10bc96bd": { "id": "cbfbb06c-f048-4912-9ff7-59aa10bc96bd", "title": "Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) SQL Injection", "software": [ { "type": "plugin", "name": "Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress", "slug": "gallery-plugin", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbfbb06c-f048-4912-9ff7-59aa10bc96bd?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbfbd7c2-7a46-4292-9173-f90298a7fcc4": { "id": "cbfbd7c2-7a46-4292-9173-f90298a7fcc4", "title": "eDoc Employee Job Application <= 1.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees", "slug": "edoc-employee-application", "affected_versions": { "* - 1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbfbd7c2-7a46-4292-9173-f90298a7fcc4?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cbff7ec1-535d-43bf-be61-83a1e7625c77": { "id": "cbff7ec1-535d-43bf-be61-83a1e7625c77", "title": "Top 10 \u2013 Popular posts plugin for WordPress <= 3.2.4 - Missing Authorization on tptn_chart_data", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cbff7ec1-535d-43bf-be61-83a1e7625c77?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc0087a8-ec3a-4c16-8ce3-d346ae0ca58d": { "id": "cc0087a8-ec3a-4c16-8ce3-d346ae0ca58d", "title": "WP Customer Area <= 8.2.0 - Insecure Direct Object Reference to Account Address Disclosure", "software": [ { "type": "plugin", "name": "WP Customer Area", "slug": "customer-area", "affected_versions": { "* - 8.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc0087a8-ec3a-4c16-8ce3-d346ae0ca58d?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc01bb79-67cd-40d8-b0e0-1853df1aa3c4": { "id": "cc01bb79-67cd-40d8-b0e0-1853df1aa3c4", "title": "Product Catalog 8 <= 1.2.0 - SQL Injection", "software": [ { "type": "plugin", "name": "product-catalog-8", "slug": "product-catalog-8", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc01bb79-67cd-40d8-b0e0-1853df1aa3c4?source=api-scan" ], "published": "2016-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc030c9a-3cda-4eb8-9a7f-94a4b65a4272": { "id": "cc030c9a-3cda-4eb8-9a7f-94a4b65a4272", "title": "Mailster <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mailster WordPress Newsletter Plugin", "slug": "mailster", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc030c9a-3cda-4eb8-9a7f-94a4b65a4272?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc046b72-692a-4980-90ad-26c8fc2a131a": { "id": "cc046b72-692a-4980-90ad-26c8fc2a131a", "title": "Ultimate Member <= 1.3.64 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 1.3.65)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.65", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc046b72-692a-4980-90ad-26c8fc2a131a?source=api-scan" ], "published": "2016-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc06a6d7-4fd9-450d-99f2-3f40343a9555": { "id": "cc06a6d7-4fd9-450d-99f2-3f40343a9555", "title": "iubenda < 2.3.5 - Failure to Restrict URL Protocol", "software": [ { "type": "plugin", "name": "iubenda | All-in-one Compliance for GDPR \/ CCPA Cookie Consent + more", "slug": "iubenda-cookie-law-solution", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc06a6d7-4fd9-450d-99f2-3f40343a9555?source=api-scan" ], "published": "2020-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc0d15ab-e0a4-4ac5-8558-23aeaf00b11a": { "id": "cc0d15ab-e0a4-4ac5-8558-23aeaf00b11a", "title": "WordPress Core < 2.0.3 - Remote Code Execution", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc0d15ab-e0a4-4ac5-8558-23aeaf00b11a?source=api-scan" ], "published": "2006-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc0e133d-b1c7-42c4-bd1f-7b91f0ec4fb3": { "id": "cc0e133d-b1c7-42c4-bd1f-7b91f0ec4fb3", "title": "Social Media Share Buttons <= 3.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MashShare \u2013 Social Media Share Buttons, Social Share Icons", "slug": "mashsharer", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc0e133d-b1c7-42c4-bd1f-7b91f0ec4fb3?source=api-scan" ], "published": "2022-06-16 15:39:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc1c76ee-078d-4c9a-a4d3-063d9147d7e8": { "id": "cc1c76ee-078d-4c9a-a4d3-063d9147d7e8", "title": "Zita Elementor Site Library <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Zita Elementor Site Library", "slug": "zita-site-library", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc1c76ee-078d-4c9a-a4d3-063d9147d7e8?source=api-scan" ], "published": "2024-10-15 21:49:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc1cf03f-265c-4cb5-b32b-8039b9e5da2a": { "id": "cc1cf03f-265c-4cb5-b32b-8039b9e5da2a", "title": "Stylish Price List < 6.9.0 - Arbitrary Image Upload", "software": [ { "type": "plugin", "name": "Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu", "slug": "stylish-price-list", "affected_versions": { "[*, 6.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc1cf03f-265c-4cb5-b32b-8039b9e5da2a?source=api-scan" ], "published": "2021-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc1e480c-577a-467a-8297-747512286a39": { "id": "cc1e480c-577a-467a-8297-747512286a39", "title": "RapidExpCart <= 1.0 - Authenticated (Level 8\/Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RapidExpCart", "slug": "rapidexpcart", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc1e480c-577a-467a-8297-747512286a39?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc1e9778-2860-4e3c-a2e4-28f10d585fed": { "id": "cc1e9778-2860-4e3c-a2e4-28f10d585fed", "title": "CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Gravity Forms HubSpot", "slug": "gf-hubspot", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] }, { "type": "plugin", "name": "Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms", "slug": "cf7-salesforce", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "plugin", "name": "WP Gravity Forms Constant Contact Plugin", "slug": "gf-constant-contact", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "plugin", "name": "Database for Contact Form 7, WPforms, Elementor forms", "slug": "contact-form-entries", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] }, { "type": "plugin", "name": "WP Gravity Forms Insightly", "slug": "gf-insightly", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "plugin", "name": "Integration for Keap\/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms", "slug": "cf7-infusionsoft", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "plugin", "name": "WP Gravity Forms Dynamics CRM", "slug": "gf-dynamics-crm", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "cf7-active-campaign", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "Integration for HubSpot and WooCommerce", "slug": "wp-hubspot-woocommerce", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "plugin", "name": "Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "integration-for-contact-form-7-and-pipedrive", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "WP Gravity Forms Zendesk", "slug": "gf-zendesk", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "WP Gravity Forms Salesforce", "slug": "gf-salesforce-crmperks", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "plugin", "name": "Integration for Gravity Forms and Pipedrive", "slug": "integration-for-gravity-forms-and-pipedrive", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "plugin", "name": "WP Gravity Forms Keap\/Infusionsoft", "slug": "gf-infusionsoft", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] }, { "type": "plugin", "name": "Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "cf7-mailchimp", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "WP Gravity Forms Zoho CRM and Bigin", "slug": "gf-zoho", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] }, { "type": "plugin", "name": "WP Gravity Forms FreshDesk Plugin", "slug": "gf-freshdesk", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] }, { "type": "plugin", "name": "Integration for WooCommerce and Salesforce", "slug": "woo-salesforce-plugin-crm-perks", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] }, { "type": "plugin", "name": "WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms", "slug": "cf7-insightly", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] }, { "type": "plugin", "name": "Connector for Gravity Forms and Google Sheets", "slug": "wp-gravity-forms-spreadsheets", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms \u2013 CRM, Bigin", "slug": "cf7-zoho", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] }, { "type": "plugin", "name": "Integration for WooCommerce and QuickBooks", "slug": "wp-woocommerce-quickbooks", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] }, { "type": "plugin", "name": "WP Keap\/Infusionsoft WooCommerce Plugin", "slug": "wp-infusionsoft-woocommerce", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] }, { "type": "plugin", "name": "Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin", "slug": "woo-zoho", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms", "slug": "cf7-zendesk", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] }, { "type": "plugin", "name": "Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "cf7-constant-contact", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms", "slug": "cf7-hubspot", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc1e9778-2860-4e3c-a2e4-28f10d585fed?source=api-scan" ], "published": "2021-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc26d20e-3ecd-438e-a123-5015ecc17290": { "id": "cc26d20e-3ecd-438e-a123-5015ecc17290", "title": "VideoWhisper Video Presentation <= 4.1.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "VideoWhisper Video Presentation", "slug": "videowhisper-video-presentation", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc26d20e-3ecd-438e-a123-5015ecc17290?source=api-scan" ], "published": "2015-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc2cd74d-b828-4524-b33d-c806bfd970b9": { "id": "cc2cd74d-b828-4524-b33d-c806bfd970b9", "title": "Email Marketing for WooCommerce by Omnisend <= 1.13.8 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Email Marketing for WooCommerce by Omnisend", "slug": "omnisend-connect", "affected_versions": { "* - 1.13.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc2cd74d-b828-4524-b33d-c806bfd970b9?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc358df9-7930-44da-8b33-d39db8a87b20": { "id": "cc358df9-7930-44da-8b33-d39db8a87b20", "title": "Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc358df9-7930-44da-8b33-d39db8a87b20?source=api-scan" ], "published": "2014-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc3d49c5-3054-4e1f-b571-6591a0b31d69": { "id": "cc3d49c5-3054-4e1f-b571-6591a0b31d69", "title": "Everest Forms <= 2.0.3 - Unauthorized Form Submission via Disabled Forms", "software": [ { "type": "plugin", "name": "Everest Forms \u2013 Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!", "slug": "everest-forms", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc3d49c5-3054-4e1f-b571-6591a0b31d69?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc42ac65-969a-476d-993e-7d8bc2b4fa96": { "id": "cc42ac65-969a-476d-993e-7d8bc2b4fa96", "title": "Method <= 2.1 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Method", "slug": "method", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc42ac65-969a-476d-993e-7d8bc2b4fa96?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc465757-4295-4a75-90f6-92c4be4e8944": { "id": "cc465757-4295-4a75-90f6-92c4be4e8944", "title": "ReviewX <= 1.6.7 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc465757-4295-4a75-90f6-92c4be4e8944?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc472230-bd80-4bdb-a969-fed7551cc60d": { "id": "cc472230-bd80-4bdb-a969-fed7551cc60d", "title": "IgniteUp \u2013 Coming Soon and Maintenance Mode <= 3.4.0 - Information Disclosure", "software": [ { "type": "plugin", "name": "IgniteUp \u2013 Coming Soon and Maintenance Mode", "slug": "igniteup", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc472230-bd80-4bdb-a969-fed7551cc60d?source=api-scan" ], "published": "2019-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc49db10-988d-42bd-a9cf-9a86f4c79568": { "id": "cc49db10-988d-42bd-a9cf-9a86f4c79568", "title": "Backup Migration <= 1.3.9 - Authenticated (Admin+) OS Command Injection via url", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521": { "id": "cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521", "title": "Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Perfmatters", "slug": "perfmatters", "affected_versions": { "[*, 2.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc4d09e3-487a-4f12-818a-72ae9a6f33c0": { "id": "cc4d09e3-487a-4f12-818a-72ae9a6f33c0", "title": "Master Slider \u2013 Responsive Touch Slider <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc4d09e3-487a-4f12-818a-72ae9a6f33c0?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc4ec554-f7f5-4c0a-9f86-8d5c74bfe0ab": { "id": "cc4ec554-f7f5-4c0a-9f86-8d5c74bfe0ab", "title": "Knowledge Base documentation & wiki plugin \u2013 BasePress <= 2.16.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Knowledge Base documentation & wiki plugin \u2013 BasePress Docs", "slug": "basepress", "affected_versions": { "* - 2.16.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc4ec554-f7f5-4c0a-9f86-8d5c74bfe0ab?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc4f2fd3-ed6b-4fe4-b300-02b1b35ebb7b": { "id": "cc4f2fd3-ed6b-4fe4-b300-02b1b35ebb7b", "title": "Easy Social Icons <= 3.2.0 - Authenticated (Admin+) Cross-Site Scripting and Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc4f2fd3-ed6b-4fe4-b300-02b1b35ebb7b?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc525501-1fe9-4c31-a126-c1984446b978": { "id": "cc525501-1fe9-4c31-a126-c1984446b978", "title": "Houzez Login Register <= 3.2.5 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover", "software": [ { "type": "plugin", "name": "Houzez Login Register", "slug": "houzez-login-register", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc525501-1fe9-4c31-a126-c1984446b978?source=api-scan" ], "published": "2024-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc550fd9-c332-4a40-b4a9-166d5ffebc76": { "id": "cc550fd9-c332-4a40-b4a9-166d5ffebc76", "title": "My Geo Posts Free <= 1.2 - PHP Object Injection", "software": [ { "type": "plugin", "name": "My Geo Posts Free", "slug": "my-geo-posts-free", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc550fd9-c332-4a40-b4a9-166d5ffebc76?source=api-scan" ], "published": "2017-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc5754c2-a052-41ac-af19-7c4f55860f95": { "id": "cc5754c2-a052-41ac-af19-7c4f55860f95", "title": "Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Comments Extra Fields For Post,Pages and CPT", "slug": "wp-comment-fields", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc5754c2-a052-41ac-af19-7c4f55860f95?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc5a6724-e860-410e-8a3d-c26d9bc7e842": { "id": "cc5a6724-e860-410e-8a3d-c26d9bc7e842", "title": "Redirect 404 to parent < 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Redirect 404 to parent", "slug": "redirect-404-to-parent", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc5a6724-e860-410e-8a3d-c26d9bc7e842?source=api-scan" ], "published": "2021-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc5f7a07-8117-4305-a72c-6afed80b6bcf": { "id": "cc5f7a07-8117-4305-a72c-6afed80b6bcf", "title": "GiveWP <= 2.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc5f7a07-8117-4305-a72c-6afed80b6bcf?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc6d943d-32c0-45d7-9de9-b576199e6fe7": { "id": "cc6d943d-32c0-45d7-9de9-b576199e6fe7", "title": "Login\/Signup Popup <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Login\/Signup Popup ( Inline Form + Woocommerce )", "slug": "easy-login-woocommerce", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc6d943d-32c0-45d7-9de9-b576199e6fe7?source=api-scan" ], "published": "2022-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc6ed7d3-7a57-4146-997b-96d4a9063214": { "id": "cc6ed7d3-7a57-4146-997b-96d4a9063214", "title": "Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds", "slug": "tagembed-widget", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc6ed7d3-7a57-4146-997b-96d4a9063214?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc6f017d-b0ba-494d-9ad1-8b6cdca48fb1": { "id": "cc6f017d-b0ba-494d-9ad1-8b6cdca48fb1", "title": "AMP for WP <= 1.0.77.32 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 1.0.77.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.77.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.77.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc6f017d-b0ba-494d-9ad1-8b6cdca48fb1?source=api-scan" ], "published": "2021-12-15 10:11:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc6fdb7c-b750-4f03-9785-a9dc7573580d": { "id": "cc6fdb7c-b750-4f03-9785-a9dc7573580d", "title": "The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc6fdb7c-b750-4f03-9785-a9dc7573580d?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc727156-28dc-4b0a-b777-52a1bbc72f79": { "id": "cc727156-28dc-4b0a-b777-52a1bbc72f79", "title": "AccessPress Anonymous Post <= 2.8.4 - Authenticated (Contributor+) Arbitrary Redirect", "software": [ { "type": "plugin", "name": "Frontend Post WordPress Plugin \u2013 AccessPress Anonymous Post", "slug": "accesspress-anonymous-post", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc727156-28dc-4b0a-b777-52a1bbc72f79?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc742fa0-7d10-4fe4-b95c-7d4ca563d402": { "id": "cc742fa0-7d10-4fe4-b95c-7d4ca563d402", "title": "Newspaper - News & WooCommerce WordPress Theme <= 6.7 - Arbitrary Options Update", "software": [ { "type": "theme", "name": "Newspaper - News & WooCommerce WordPress Theme", "slug": "Newspaper", "affected_versions": { "* - 6.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc742fa0-7d10-4fe4-b95c-7d4ca563d402?source=api-scan" ], "published": "2016-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc748d31-b8e6-44b6-af30-944c0b0f1f0c": { "id": "cc748d31-b8e6-44b6-af30-944c0b0f1f0c", "title": "Omni Secure Files <= 0.1.13 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Omni Secure Files", "slug": "omni-secure-files", "affected_versions": { "* - 0.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc748d31-b8e6-44b6-af30-944c0b0f1f0c?source=api-scan" ], "published": "2012-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc74e973-90ab-4678-a035-82b4b2b85604": { "id": "cc74e973-90ab-4678-a035-82b4b2b85604", "title": "I Recommend This <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "I Recommend This", "slug": "i-recommend-this", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc74e973-90ab-4678-a035-82b4b2b85604?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc7689ea-3e7b-4367-872d-fa036a29f842": { "id": "cc7689ea-3e7b-4367-872d-fa036a29f842", "title": "WP Chat App <= 3.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Chat App", "slug": "wp-whatsapp", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc7689ea-3e7b-4367-872d-fa036a29f842?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc886378-cebf-4c0b-a089-62e9469dd954": { "id": "cc886378-cebf-4c0b-a089-62e9469dd954", "title": "KONTXT Content Advisor <= 2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "KONTXT Content Advisor", "slug": "blobinator", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc886378-cebf-4c0b-a089-62e9469dd954?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc8e2042-93aa-454a-97b7-283d8a22bf46": { "id": "cc8e2042-93aa-454a-97b7-283d8a22bf46", "title": "Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mingle Forum", "slug": "mingle-forum", "affected_versions": { "* - 1.0.33.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.33.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc8e2042-93aa-454a-97b7-283d8a22bf46?source=api-scan" ], "published": "2013-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc8e2524-b77d-447e-aea9-0dfef33809f9": { "id": "cc8e2524-b77d-447e-aea9-0dfef33809f9", "title": "Timely All-in-One Events Calendar < 1.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timely All-in-One Events Calendar", "slug": "all-in-one-event-calendar", "affected_versions": { "[*, 1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc8e2524-b77d-447e-aea9-0dfef33809f9?source=api-scan" ], "published": "2013-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc910c27-d83c-4f3d-b491-f3e169d8f25f": { "id": "cc910c27-d83c-4f3d-b491-f3e169d8f25f", "title": "Fluid Responsive Slideshow < 2.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fluid Responsive Slideshow", "slug": "fluid-responsive-slideshow", "affected_versions": { "[*, 2.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc910c27-d83c-4f3d-b491-f3e169d8f25f?source=api-scan" ], "published": "2016-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc912ace-65d9-4833-a3ad-dc5d37989269": { "id": "cc912ace-65d9-4833-a3ad-dc5d37989269", "title": "TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Blog Option Update", "software": [ { "type": "plugin", "name": "TrustMate.io \u2013 WooCommerce integration", "slug": "trustmate-io-integration-for-woocommerce", "affected_versions": { "* - 1.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc912ace-65d9-4833-a3ad-dc5d37989269?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc940d0c-446a-417b-95ac-b5f8a0586906": { "id": "cc940d0c-446a-417b-95ac-b5f8a0586906", "title": "Zoho CRM Lead Magnet <= 1.7.8.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zoho CRM Lead Magnet", "slug": "zoho-crm-forms", "affected_versions": { "* - 1.7.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc940d0c-446a-417b-95ac-b5f8a0586906?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc97109c-187f-43b7-b5ed-5afeec5ea8fd": { "id": "cc97109c-187f-43b7-b5ed-5afeec5ea8fd", "title": "Clock In Portal <= 2.1 - Cross-Site Request Forgery to Designation Deletion", "software": [ { "type": "plugin", "name": "Clock In Portal- Staff & Attendance Management", "slug": "clock-in-portal", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc97109c-187f-43b7-b5ed-5afeec5ea8fd?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc987edf-5a68-4baf-947c-e623c85ec659": { "id": "cc987edf-5a68-4baf-947c-e623c85ec659", "title": "PowerPress <= 8.3.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "PowerPress Podcasting plugin by Blubrry", "slug": "powerpress", "affected_versions": { "* - 8.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc987edf-5a68-4baf-947c-e623c85ec659?source=api-scan" ], "published": "2020-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc9935d8-7790-457b-88bf-bee5e13b0f5a": { "id": "cc9935d8-7790-457b-88bf-bee5e13b0f5a", "title": "Ivory Search \u2013 WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index Creation", "software": [ { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "* - 5.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc9935d8-7790-457b-88bf-bee5e13b0f5a?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc994b2a-b3da-4edc-ada3-1150065efd30": { "id": "cc994b2a-b3da-4edc-ada3-1150065efd30", "title": "Themify Ultra <= 7.3.5 - Privilege Escalation", "software": [ { "type": "theme", "name": "Themify Ultra", "slug": "themify-ultra", "affected_versions": { "* - 7.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc994b2a-b3da-4edc-ada3-1150065efd30?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc9d8d04-78af-4e43-8a51-89ece1d80336": { "id": "cc9d8d04-78af-4e43-8a51-89ece1d80336", "title": "Advanced Woo Labels \u2013 Product Labels for WooCommerce <= 1.93 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Woo Labels \u2013 Product Labels for WooCommerce", "slug": "advanced-woo-labels", "affected_versions": { "* - 1.93": { "from_version": "*", "from_inclusive": true, "to_version": "1.93", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc9d8d04-78af-4e43-8a51-89ece1d80336?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cc9dd55d-3c37-4f24-81a1-fdc8ca284566": { "id": "cc9dd55d-3c37-4f24-81a1-fdc8ca284566", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in disableOptimization", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cca16945-f230-4d0d-9f40-eabd5bf42e30": { "id": "cca16945-f230-4d0d-9f40-eabd5bf42e30", "title": "Easy Social Icons <= 3.2.2 - Admin+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cca16945-f230-4d0d-9f40-eabd5bf42e30?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cca71257-05dc-43d5-8de6-faf0a2feab2e": { "id": "cca71257-05dc-43d5-8de6-faf0a2feab2e", "title": "Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation", "software": [ { "type": "plugin", "name": "Envo's Elementor Templates & Widgets for WooCommerce", "slug": "envo-elementor-for-woocommerce", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cca7bb88-4a2c-4406-8610-15ce6e77c31f": { "id": "cca7bb88-4a2c-4406-8610-15ce6e77c31f", "title": "Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.975": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.975", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.976" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cca7bb88-4a2c-4406-8610-15ce6e77c31f?source=api-scan" ], "published": "2024-05-31 17:38:07", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccad206a-407e-4c49-9a4a-d5dce3e9612a": { "id": "ccad206a-407e-4c49-9a4a-d5dce3e9612a", "title": "Two Way CHAT \u2013 Send or receive messages to your user <= 3.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TWChat \u2013 Send or receive messages from users", "slug": "twchat", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccad206a-407e-4c49-9a4a-d5dce3e9612a?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccb34b44-9fa4-4ebe-b217-b2a42920247f": { "id": "ccb34b44-9fa4-4ebe-b217-b2a42920247f", "title": "Funnelforms Free <= 3.4 - Missing Authorization to Enable\/Disable Dark Mode", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccb34b44-9fa4-4ebe-b217-b2a42920247f?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccb518a4-bdc7-463e-95b7-0628c566aab8": { "id": "ccb518a4-bdc7-463e-95b7-0628c566aab8", "title": "If-So Dynamic Content Personalization <= 1.8.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "If-So Dynamic Content Personalization", "slug": "if-so", "affected_versions": { "* - 1.8.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccb518a4-bdc7-463e-95b7-0628c566aab8?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccb6275e-d933-428c-890c-dbfb95d5e4a1": { "id": "ccb6275e-d933-428c-890c-dbfb95d5e4a1", "title": "WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Popups \u2013 WordPress Popup builder", "slug": "wp-popups-lite", "affected_versions": { "* - 2.1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccb6275e-d933-428c-890c-dbfb95d5e4a1?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccb65de5-bfb5-47db-87c9-ad46e65924b8": { "id": "ccb65de5-bfb5-47db-87c9-ad46e65924b8", "title": "Premium SEO Pack \u2013 WP SEO Plugin <= 1.6.001 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Premium SEO Pack \u2013 WP SEO Plugin", "slug": "premium-seo-pack", "affected_versions": { "* - 1.6.001": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.001", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccb7e94c-385e-4ce9-acfa-978403047159": { "id": "ccb7e94c-385e-4ce9-acfa-978403047159", "title": "Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.24": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccb7e94c-385e-4ce9-acfa-978403047159?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccbeb69e-6476-42a6-86ac-723947c70301": { "id": "ccbeb69e-6476-42a6-86ac-723947c70301", "title": "BuddyBoss Theme <= 2.4.60 - Missing Authorization", "software": [ { "type": "theme", "name": "BuddyBoss Theme", "slug": "buddyboss-theme", "affected_versions": { "* - 2.4.60": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.60", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccbeb69e-6476-42a6-86ac-723947c70301?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887": { "id": "ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887", "title": "Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Advanced AJAX Page Loader", "slug": "advanced-ajax-page-loader", "affected_versions": { "* - 2.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccc7fd8b-ac7d-4b40-816a-a5a1565c422a": { "id": "ccc7fd8b-ac7d-4b40-816a-a5a1565c422a", "title": "WP Symposium <= 14.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "* - 14.10": { "from_version": "*", "from_inclusive": true, "to_version": "14.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccc7fd8b-ac7d-4b40-816a-a5a1565c422a?source=api-scan" ], "published": "2014-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cccbdb49-d423-4955-a078-ae0acdb79804": { "id": "cccbdb49-d423-4955-a078-ae0acdb79804", "title": "Copperleaf Photolog <= 0.16- SQL injection", "software": [ { "type": "plugin", "name": "Copperleaf Photolog", "slug": "cpl", "affected_versions": { "* - 0.16": { "from_version": "*", "from_inclusive": true, "to_version": "0.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cccbdb49-d423-4955-a078-ae0acdb79804?source=api-scan" ], "published": "2010-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cccdc9ea-7511-4588-9459-61c38000724d": { "id": "cccdc9ea-7511-4588-9459-61c38000724d", "title": "LearnPress <= 3.0.12 - Open Redirect", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 3.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cccdc9ea-7511-4588-9459-61c38000724d?source=api-scan" ], "published": "2018-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccd2ef23-23b7-4a32-aeda-41ea9439f166": { "id": "ccd2ef23-23b7-4a32-aeda-41ea9439f166", "title": "WP-Recall <= 16.24.47 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Recall \u2013 Registration, Profile, Commerce & More", "slug": "wp-recall", "affected_versions": { "* - 16.24.47": { "from_version": "*", "from_inclusive": true, "to_version": "16.24.47", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.24.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccd2ef23-23b7-4a32-aeda-41ea9439f166?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccd73030-7185-4302-b3fd-29cbbe716e3e": { "id": "ccd73030-7185-4302-b3fd-29cbbe716e3e", "title": "WP 2FA with Telegram <= 3.0 - Two-Factor Authentication Bypass", "software": [ { "type": "plugin", "name": "WP 2FA with Telegram", "slug": "two-factor-login-telegram", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a": { "id": "ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a", "title": "Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cce0fd52-b4a3-4608-81ca-f50c859ae6a5": { "id": "cce0fd52-b4a3-4608-81ca-f50c859ae6a5", "title": "WP Media Category Management <= 2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Media Category Management", "slug": "wp-media-category-management", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cce0fd52-b4a3-4608-81ca-f50c859ae6a5?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cce13008-a0f8-458f-ade5-450d0dcc966a": { "id": "cce13008-a0f8-458f-ade5-450d0dcc966a", "title": "Social Share Icons & Social Share Buttons <= 3.6.2 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Social Share Icons & Social Share Buttons", "slug": "ultimate-social-media-plus", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cce13008-a0f8-458f-ade5-450d0dcc966a?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cce4a7cc-d93c-4d0e-ba63-b73bee0ea181": { "id": "cce4a7cc-d93c-4d0e-ba63-b73bee0ea181", "title": "Find Slow Functions & Actions & Filters & Hooks <= 1.40 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Find Slow Functions & Actions & Filters & Hooks (Debug Bar)", "slug": "debug-functions-time", "affected_versions": { "* - 1.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cce4a7cc-d93c-4d0e-ba63-b73bee0ea181?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cce4d44a-4613-4230-ace1-2d26c7c487b3": { "id": "cce4d44a-4613-4230-ace1-2d26c7c487b3", "title": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cce4d44a-4613-4230-ace1-2d26c7c487b3?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccea6d3e-a889-4058-a9ff-e75b8de16ba0": { "id": "ccea6d3e-a889-4058-a9ff-e75b8de16ba0", "title": "Survey Maker \u2013 Customer Satisfaction Survey, Chat Survey, Calculaton Form, Payment Surveys <= 4.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 4.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccea6d3e-a889-4058-a9ff-e75b8de16ba0?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccf0d2ca-2891-45d1-8ea2-90dd435b359f": { "id": "ccf0d2ca-2891-45d1-8ea2-90dd435b359f", "title": "Avada <= 7.11.6 - Authenticated (Admin+) SQL Injection via entry", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccf0d2ca-2891-45d1-8ea2-90dd435b359f?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccf0d482-b4a1-47a8-8741-0970531e9630": { "id": "ccf0d482-b4a1-47a8-8741-0970531e9630", "title": "Companion Sitemap Generator <= 4.5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Companion Sitemap Generator \u2013 HTML & XML", "slug": "companion-sitemap-generator", "affected_versions": { "* - 4.5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccf0d482-b4a1-47a8-8741-0970531e9630?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccf2bd2a-6041-49ca-8ff9-d8541b2d2b73": { "id": "ccf2bd2a-6041-49ca-8ff9-d8541b2d2b73", "title": "Goolytics \u2013 Simple Google Analytics <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Goolytics \u2013 Simple Google Analytics", "slug": "goolytics-simple-google-analytics", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccf2bd2a-6041-49ca-8ff9-d8541b2d2b73?source=api-scan" ], "published": "2022-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccf4554e-4b34-46b0-b423-5cee7150e6c2": { "id": "ccf4554e-4b34-46b0-b423-5cee7150e6c2", "title": "Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery", "software": [ { "type": "plugin", "name": "Sydney Toolbox", "slug": "sydney-toolbox", "affected_versions": { "* - 1.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccf4554e-4b34-46b0-b423-5cee7150e6c2?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccf80f2d-3d2d-4fe6-a4c4-5a850cf5bdc8": { "id": "ccf80f2d-3d2d-4fe6-a4c4-5a850cf5bdc8", "title": "GD Rating System <= 2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccf80f2d-3d2d-4fe6-a4c4-5a850cf5bdc8?source=api-scan" ], "published": "2018-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ccfdb5f5-8417-44a3-a27c-157a9619c68b": { "id": "ccfdb5f5-8417-44a3-a27c-157a9619c68b", "title": "WPPizza <= 3.18.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPPizza \u2013 A Restaurant Plugin", "slug": "wppizza", "affected_versions": { "* - 3.18.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.18.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.18.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ccfdb5f5-8417-44a3-a27c-157a9619c68b?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd01d83e-a337-4f93-8bd0-0c9f3c786583": { "id": "cd01d83e-a337-4f93-8bd0-0c9f3c786583", "title": "WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Admin Logo Changer", "slug": "wp-admin-logo-changer", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd01d83e-a337-4f93-8bd0-0c9f3c786583?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd066a04-8094-4004-8a64-317c6bd4e101": { "id": "cd066a04-8094-4004-8a64-317c6bd4e101", "title": "WP Font Awesome Share Icons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Font Awesome Share Icons", "slug": "wp-font-awesome-share-icons", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd066a04-8094-4004-8a64-317c6bd4e101?source=api-scan" ], "published": "2024-05-21 18:38:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd0abdf2-24da-4e87-825b-0796af6c3ccd": { "id": "cd0abdf2-24da-4e87-825b-0796af6c3ccd", "title": "Remove\/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Remove\/hide Author, Date, Category Like Entry-Meta", "slug": "removehide-author-date-category-like-entry-meta", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd0abdf2-24da-4e87-825b-0796af6c3ccd?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd106b92-48ee-46f4-b0a3-f595d227a0a1": { "id": "cd106b92-48ee-46f4-b0a3-f595d227a0a1", "title": "pretix widget <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "pretix widget", "slug": "pretix-widget", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd106b92-48ee-46f4-b0a3-f595d227a0a1?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd126bcb-0add-4662-a4d9-03a55a7d9a32": { "id": "cd126bcb-0add-4662-a4d9-03a55a7d9a32", "title": "Image Hover Effects \u2013 Elementor Addon <= 1.3.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Hover Effects \u2013 Elementor Addon", "slug": "image-hover-effects-addon-for-elementor", "affected_versions": { "[*, 1.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd126bcb-0add-4662-a4d9-03a55a7d9a32?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd177a43-6059-4125-9408-1090b9a54117": { "id": "cd177a43-6059-4125-9408-1090b9a54117", "title": "Security, Antivirus, Firewall \u2013 S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Security, Antivirus, Firewall \u2013 S.A.F", "slug": "security-antivirus-firewall", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd177a43-6059-4125-9408-1090b9a54117?source=api-scan" ], "published": "2024-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd1fc89f-b0f0-43a3-a311-07a79232a3ea": { "id": "cd1fc89f-b0f0-43a3-a311-07a79232a3ea", "title": "Link Library <= 7.2.7 - Cross-Site Request Forgery to Library Settings Reset", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd1fc89f-b0f0-43a3-a311-07a79232a3ea?source=api-scan" ], "published": "2021-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd224169-ae51-4af8-b6de-706ed580ff8d": { "id": "cd224169-ae51-4af8-b6de-706ed580ff8d", "title": "Avada <= 7.11.5 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd224169-ae51-4af8-b6de-706ed580ff8d?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd25daac-23a2-4375-9dc2-8e9f20a564c8": { "id": "cd25daac-23a2-4375-9dc2-8e9f20a564c8", "title": "Photo Gallery <= 1.5.68 - Multiple Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.5.69)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.69", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd25daac-23a2-4375-9dc2-8e9f20a564c8?source=api-scan" ], "published": "2021-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd28e5cc-94a2-4a0f-a795-7c2ddb01c35a": { "id": "cd28e5cc-94a2-4a0f-a795-7c2ddb01c35a", "title": "link-list-manager <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "link-list-manager", "slug": "link-list-manager", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd28e5cc-94a2-4a0f-a795-7c2ddb01c35a?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd2951c4-6450-48a3-bcfb-5c74dc778ee7": { "id": "cd2951c4-6450-48a3-bcfb-5c74dc778ee7", "title": "CSV Product Import Export for WooCommerce <= 1.0.0 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "CSV Product Import Export for WooCommerce", "slug": "csv-wc-product-import-export", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd2951c4-6450-48a3-bcfb-5c74dc778ee7?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd2abab4-f93c-454d-928d-128a490da0e2": { "id": "cd2abab4-f93c-454d-928d-128a490da0e2", "title": "Gumroad <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gumroad", "slug": "gumroad", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd2abab4-f93c-454d-928d-128a490da0e2?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd2c9b28-d5b5-4930-a441-f889ee2778cd": { "id": "cd2c9b28-d5b5-4930-a441-f889ee2778cd", "title": "SchedulePress <= 5.0.4 - Insufficient Authorization to Authenticated (Contributor+) Arbitrary Post Modifications", "software": [ { "type": "plugin", "name": "SchedulePress \u2013 Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher", "slug": "wp-scheduled-posts", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd2c9b28-d5b5-4930-a441-f889ee2778cd?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd2dcc09-7de5-489a-95a5-e82cb88d8cbb": { "id": "cd2dcc09-7de5-489a-95a5-e82cb88d8cbb", "title": "Simple Ads Manager 2.5.94 & 2.5.96 - Information Disclosure", "software": [ { "type": "plugin", "name": "Simple Ads Manager", "slug": "simple-ads-manager", "affected_versions": { "2.5.94": { "from_version": "2.5.94", "from_inclusive": true, "to_version": "2.5.94", "to_inclusive": true }, "2.5.96": { "from_version": "2.5.96", "from_inclusive": true, "to_version": "2.5.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd2dcc09-7de5-489a-95a5-e82cb88d8cbb?source=api-scan" ], "published": "2015-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd312b95-03b1-4d0f-8bb4-712900557c67": { "id": "cd312b95-03b1-4d0f-8bb4-712900557c67", "title": "Tabs <= 4.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tabs \u2013 Responsive Tabs with WooCommerce Product Tab Extension", "slug": "vc-tabs", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd312b95-03b1-4d0f-8bb4-712900557c67?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd328738-7467-4f30-83bb-9e1c836fa940": { "id": "cd328738-7467-4f30-83bb-9e1c836fa940", "title": "Event Registration < 6.00.03 - SQL Injection", "software": [ { "type": "plugin", "name": "Event Registration", "slug": "event-registration", "affected_versions": { "[*, 6.00.03)": { "from_version": "*", "from_inclusive": true, "to_version": "6.00.03", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.00.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd328738-7467-4f30-83bb-9e1c836fa940?source=api-scan" ], "published": "2010-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd36530d-4165-4b98-a75f-b9c88178a5b6": { "id": "cd36530d-4165-4b98-a75f-b9c88178a5b6", "title": "WhyDoWork AdSense <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WhyDoWork AdSense", "slug": "whydowork-adsense", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd36530d-4165-4b98-a75f-b9c88178a5b6?source=api-scan" ], "published": "2014-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd3a7af1-0cae-4872-9e61-58e9a9e3eda5": { "id": "cd3a7af1-0cae-4872-9e61-58e9a9e3eda5", "title": "Plus Addons for Elementor Page Builder <= 4.1.6 - Authentication Bypass", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "[*, 4.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd3a7af1-0cae-4872-9e61-58e9a9e3eda5?source=api-scan" ], "published": "2021-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd4336a9-35db-4994-9e2a-5ed9b51a74ae": { "id": "cd4336a9-35db-4994-9e2a-5ed9b51a74ae", "title": "Crayon Syntax Highlighter < 2.8.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crayon Syntax Highlighter", "slug": "crayon-syntax-highlighter", "affected_versions": { "[*, 2.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd4336a9-35db-4994-9e2a-5ed9b51a74ae?source=api-scan" ], "published": "2016-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd47f21c-70e1-4458-a552-377956141a65": { "id": "cd47f21c-70e1-4458-a552-377956141a65", "title": "Transcoder <= 1.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Transcoder", "slug": "transcoder", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd47f21c-70e1-4458-a552-377956141a65?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd4d67cd-5fb0-425d-8b22-c69ebb0ffa72": { "id": "cd4d67cd-5fb0-425d-8b22-c69ebb0ffa72", "title": "Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure", "software": [ { "type": "plugin", "name": "Falang multilanguage for WordPress", "slug": "falang", "affected_versions": { "* - 1.3.52": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd4d67cd-5fb0-425d-8b22-c69ebb0ffa72?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd4f7b73-947b-4962-9880-5f279580f43c": { "id": "cd4f7b73-947b-4962-9880-5f279580f43c", "title": "Yith WooCommerce Gift Cards Premium <= 3.19.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "YITH WooCommerce Gift Cards Premium", "slug": "yith-woocommerce-gift-cards-premium", "affected_versions": { "* - 3.19.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd4f7b73-947b-4962-9880-5f279580f43c?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd53147f-2230-4b8b-a1a1-df377b334072": { "id": "cd53147f-2230-4b8b-a1a1-df377b334072", "title": "WOOCS <= 1.3.7.4 - Reflected Cross-Site Scripting via AJAX action", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.3.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd53147f-2230-4b8b-a1a1-df377b334072?source=api-scan" ], "published": "2022-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd54d335-eb9c-4d0a-92c0-13462ef41a85": { "id": "cd54d335-eb9c-4d0a-92c0-13462ef41a85", "title": "Schema - All In One Schema Rich Snippets <= 1.4.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Schema \u2013 All In One Schema Rich Snippets", "slug": "all-in-one-schemaorg-rich-snippets", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd54d335-eb9c-4d0a-92c0-13462ef41a85?source=api-scan" ], "published": "2017-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd552e86-5f0f-4203-b648-f069503b48e3": { "id": "cd552e86-5f0f-4203-b648-f069503b48e3", "title": "WordPress + Microsoft Office 365 \/ Azure AD | LOGIN <= 15.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress + Microsoft Office 365 \/ Azure AD | LOGIN", "slug": "wpo365-login", "affected_versions": { "* - 15.3": { "from_version": "*", "from_inclusive": true, "to_version": "15.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd552e86-5f0f-4203-b648-f069503b48e3?source=api-scan" ], "published": "2021-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd59bee7-5de5-406d-8c1b-654306d68ab8": { "id": "cd59bee7-5de5-406d-8c1b-654306d68ab8", "title": "Master Slider \u2013 Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd59bee7-5de5-406d-8c1b-654306d68ab8?source=api-scan" ], "published": "2024-05-20 17:59:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd5a3d4b-6e8b-4abe-9f38-58accada2f57": { "id": "cd5a3d4b-6e8b-4abe-9f38-58accada2f57", "title": "Fast WP Speed <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fast WP Speed", "slug": "fast-wp-speed", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd5a3d4b-6e8b-4abe-9f38-58accada2f57?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd5e9736-e4d9-4730-aaaf-2069a9633f02": { "id": "cd5e9736-e4d9-4730-aaaf-2069a9633f02", "title": "NewsXpress <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "NewsXpress", "slug": "newsxpress", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd5e9736-e4d9-4730-aaaf-2069a9633f02?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd5f5861-5be4-456d-915d-bafb7bff2110": { "id": "cd5f5861-5be4-456d-915d-bafb7bff2110", "title": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return", "software": [ { "type": "plugin", "name": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction", "slug": "paid-member-subscriptions", "affected_versions": { "* - 2.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd5f5861-5be4-456d-915d-bafb7bff2110?source=api-scan" ], "published": "2024-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd64b4cb-955a-4942-9837-bdf0e6a1b48a": { "id": "cd64b4cb-955a-4942-9837-bdf0e6a1b48a", "title": "Easy Pricing Tables <= 3.1.2 - Arbitrary Post Removal via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables", "slug": "easy-pricing-tables", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd64b4cb-955a-4942-9837-bdf0e6a1b48a?source=api-scan" ], "published": "2022-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd6ed285-f215-44d3-9db9-9b2bfffee60a": { "id": "cd6ed285-f215-44d3-9db9-9b2bfffee60a", "title": "Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.8.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd6ed285-f215-44d3-9db9-9b2bfffee60a?source=api-scan" ], "published": "2024-05-10 08:49:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd6f4f0d-0e70-459a-8f09-64d1f6f8bb7e": { "id": "cd6f4f0d-0e70-459a-8f09-64d1f6f8bb7e", "title": "BuddyForms ACF <= 1.3.8 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Custom Fields Frontend Forms \u2013 ACF Forms \u2013 ACF Post Form \u2013 ACF Registration Form \u2013 ACF Content Form \u2013 ACF Profile Form", "slug": "buddyforms-acf", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd6f4f0d-0e70-459a-8f09-64d1f6f8bb7e?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd7346e8-cd77-46dd-8e7d-694f65b6b62f": { "id": "cd7346e8-cd77-46dd-8e7d-694f65b6b62f", "title": "Second Street <= 3.1.6 - Stored Cross-Site Scripting via organization_id", "software": [ { "type": "plugin", "name": "Second Street", "slug": "second-street-promotion", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd7346e8-cd77-46dd-8e7d-694f65b6b62f?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd73cf64-289d-4401-bef7-9a4398a85055": { "id": "cd73cf64-289d-4401-bef7-9a4398a85055", "title": "Easy Captcha <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Captcha", "slug": "easy-captcha", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd73cf64-289d-4401-bef7-9a4398a85055?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd7553e8-e43d-4740-b2ee-e3d8dc351e53": { "id": "cd7553e8-e43d-4740-b2ee-e3d8dc351e53", "title": "Active Directory Integration \/ LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection", "software": [ { "type": "plugin", "name": "Active Directory Integration \/ LDAP Integration", "slug": "ldap-login-for-intranet-sites", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd7c763f-5c2b-407e-bdb1-4ea34fac5f4d": { "id": "cd7c763f-5c2b-407e-bdb1-4ea34fac5f4d", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Remote Command Execution", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd7c763f-5c2b-407e-bdb1-4ea34fac5f4d?source=api-scan" ], "published": "2015-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd7ed687-4049-4957-86e9-b2f59621c747": { "id": "cd7ed687-4049-4957-86e9-b2f59621c747", "title": "Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial Slider", "slug": "testimonial-slider", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd7ed687-4049-4957-86e9-b2f59621c747?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd8389f1-b70d-4d1a-bb25-e219c9099313": { "id": "cd8389f1-b70d-4d1a-bb25-e219c9099313", "title": "Newsletter Manager <= 1.4 - Open Redirect", "software": [ { "type": "plugin", "name": "Newsletter Manager", "slug": "newsletter-manager", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd8389f1-b70d-4d1a-bb25-e219c9099313?source=api-scan" ], "published": "2019-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd85da97-f62c-4c4e-ae29-dea5aa529f54": { "id": "cd85da97-f62c-4c4e-ae29-dea5aa529f54", "title": "BuddyPress <= 1.9.1 - Authorization Bypass", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "[*, 1.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd85da97-f62c-4c4e-ae29-dea5aa529f54?source=api-scan" ], "published": "2014-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd88b116-0a6e-412b-8d43-024fdf36bcdf": { "id": "cd88b116-0a6e-412b-8d43-024fdf36bcdf", "title": "Beaver Builder \u2013 WordPress Page Builder (Free & Pro) <= 1.7 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd88b116-0a6e-412b-8d43-024fdf36bcdf?source=api-scan" ], "published": "2016-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd89c6ff-2737-4c48-8b0f-f305c4735775": { "id": "cd89c6ff-2737-4c48-8b0f-f305c4735775", "title": "WP BlipBot <= 3.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP BlipBot", "slug": "wp-blipbot", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd89c6ff-2737-4c48-8b0f-f305c4735775?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd8c07cc-7fdd-4474-8be1-b08d857ae109": { "id": "cd8c07cc-7fdd-4474-8be1-b08d857ae109", "title": "Page Restriction WordPress <= 1.2.6 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Restriction WordPress (WP) \u2013 Protect WP Pages\/Post", "slug": "page-and-post-restriction", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd8c07cc-7fdd-4474-8be1-b08d857ae109?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd8f5406-bbd2-44ab-9d98-3857216efc28": { "id": "cd8f5406-bbd2-44ab-9d98-3857216efc28", "title": "Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flexible Custom Post Type", "slug": "flexible-custom-post-type", "affected_versions": { "[*, 0.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd8f5406-bbd2-44ab-9d98-3857216efc28?source=api-scan" ], "published": "2011-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd90d9c0-0cab-4fd3-b016-106032f300f7": { "id": "cd90d9c0-0cab-4fd3-b016-106032f300f7", "title": "Vertical marquee plugin <= 7.1 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Vertical marquee plugin", "slug": "vertical-marquee-plugin", "affected_versions": { "* - 7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd90d9c0-0cab-4fd3-b016-106032f300f7?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd93da2b-a64d-45a0-8d6c-e2a93ef20e13": { "id": "cd93da2b-a64d-45a0-8d6c-e2a93ef20e13", "title": "WordPress to Hootsuite <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post to Social Media \u2013 WordPress to Hootsuite", "slug": "wp-to-hootsuite", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd93da2b-a64d-45a0-8d6c-e2a93ef20e13?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd9490f2-ad52-477e-ae3b-be49984e8189": { "id": "cd9490f2-ad52-477e-ae3b-be49984e8189", "title": "Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Squelch Tabs and Accordions Shortcodes", "slug": "squelch-tabs-and-accordions-shortcodes", "affected_versions": { "* - 0.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd9490f2-ad52-477e-ae3b-be49984e8189?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd95f517-baf6-4feb-a9a5-f73008634dd4": { "id": "cd95f517-baf6-4feb-a9a5-f73008634dd4", "title": "WP Client Reports <= 1.0.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Client Reports", "slug": "wp-client-reports", "affected_versions": { "* - 1.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd95f517-baf6-4feb-a9a5-f73008634dd4?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd97d688-d8af-4598-8faa-97eefad63808": { "id": "cd97d688-d8af-4598-8faa-97eefad63808", "title": "Anyfont <= 2.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "anyfont", "slug": "anyfont", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd97d688-d8af-4598-8faa-97eefad63808?source=api-scan" ], "published": "2014-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cd9e0044-263e-453a-b9e5-b3c6b98e90be": { "id": "cd9e0044-263e-453a-b9e5-b3c6b98e90be", "title": "Restricted Site Access <= 7.3.1 - Access Bypass via IP Spoofing", "software": [ { "type": "plugin", "name": "Restricted Site Access", "slug": "restricted-site-access", "affected_versions": { "[*, 7.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cd9e0044-263e-453a-b9e5-b3c6b98e90be?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cda2465e-b17e-4b5c-ad86-3c3c7a354d03": { "id": "cda2465e-b17e-4b5c-ad86-3c3c7a354d03", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.6.7 - Email Address Disclosure", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cda2465e-b17e-4b5c-ad86-3c3c7a354d03?source=api-scan" ], "published": "2022-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdaa7450-3b51-470d-8903-52fd1d4215a2": { "id": "cdaa7450-3b51-470d-8903-52fd1d4215a2", "title": "Uncanny Toolkit for LearnDash <= 3.6.4.3 - Missing Authorization via review-banner-visibility REST route", "software": [ { "type": "plugin", "name": "Uncanny Toolkit for LearnDash", "slug": "uncanny-learndash-toolkit", "affected_versions": { "* - 3.6.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdaa7450-3b51-470d-8903-52fd1d4215a2?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdaaffa7-eb5e-4cb9-aa26-12cfeb7dabd1": { "id": "cdaaffa7-eb5e-4cb9-aa26-12cfeb7dabd1", "title": "External Media without Import < 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "External Media without Import", "slug": "external-media-without-import", "affected_versions": { "[*, 1.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdaaffa7-eb5e-4cb9-aa26-12cfeb7dabd1?source=api-scan" ], "published": "2017-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdac6080-5e23-488d-8b3c-de0c6c92e344": { "id": "cdac6080-5e23-488d-8b3c-de0c6c92e344", "title": "Service Finder - Provider and Business Listing Theme < 3.2 - Path Traversal", "software": [ { "type": "theme", "name": "Service Finder - Provider and Business Listing WordPress Theme", "slug": "sf-booking", "affected_versions": { "[*, 3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdac6080-5e23-488d-8b3c-de0c6c92e344?source=api-scan" ], "published": "2018-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdaea9be-64ef-4567-ae17-08ae44293b5e": { "id": "cdaea9be-64ef-4567-ae17-08ae44293b5e", "title": "Easy Digital Downloads \u2013 Manual Purchases < 1.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 Manual Purchases", "slug": "edd-manual-purchases", "affected_versions": { "[*, 1.9.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdaea9be-64ef-4567-ae17-08ae44293b5e?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdaf96b6-1286-4bbc-893e-68de43ba1f25": { "id": "cdaf96b6-1286-4bbc-893e-68de43ba1f25", "title": "SVG Block <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "SVG Block", "slug": "svg-block", "affected_versions": { "* - 1.1.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdaf96b6-1286-4bbc-893e-68de43ba1f25?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdb35927-b239-4243-a2d0-2e2c2cc61668": { "id": "cdb35927-b239-4243-a2d0-2e2c2cc61668", "title": "WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "FundEngine \u2013 Donation and Crowdfunding Platform", "slug": "wp-fundraising-donation", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdb35927-b239-4243-a2d0-2e2c2cc61668?source=api-scan" ], "published": "2022-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdb3cdf8-7563-4ccd-83fe-7ebd13fa7936": { "id": "cdb3cdf8-7563-4ccd-83fe-7ebd13fa7936", "title": "WP Google Map <= 1.7.6 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Maps Plugin using Google Maps for WordPress \u2013 WP Google Map", "slug": "gmap-embed", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdb3cdf8-7563-4ccd-83fe-7ebd13fa7936?source=api-scan" ], "published": "2021-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdb3fbaa-4d33-4754-848b-77e902ea4a85": { "id": "cdb3fbaa-4d33-4754-848b-77e902ea4a85", "title": "AI ChatBot <= 4.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdb3fbaa-4d33-4754-848b-77e902ea4a85?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdb483db-56f7-4d12-9022-46c829091cc1": { "id": "cdb483db-56f7-4d12-9022-46c829091cc1", "title": "Custom Content Type Manager <= 0.9.8.5 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Custom Content Type Manager", "slug": "custom-content-type-manager", "affected_versions": { "* - 0.9.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdb483db-56f7-4d12-9022-46c829091cc1?source=api-scan" ], "published": "2015-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc": { "id": "cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc?source=api-scan" ], "published": "2024-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdb9c321-1a2c-4593-9947-2071a908ee1c": { "id": "cdb9c321-1a2c-4593-9947-2071a908ee1c", "title": "WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding", "software": [ { "type": "plugin", "name": "WooCommerce Multiple Free Gift", "slug": "woocommerce-multiple-free-gift", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdb9c321-1a2c-4593-9947-2071a908ee1c?source=api-scan" ], "published": "2024-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdbad4b2-961a-41df-b284-14deb0a76677": { "id": "cdbad4b2-961a-41df-b284-14deb0a76677", "title": "WP Statistics <= 12.6.3 - Referer Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 12.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "12.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdbad4b2-961a-41df-b284-14deb0a76677?source=api-scan" ], "published": "2019-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdbf2658-b819-4fd3-ac89-8b90a7e3a2cf": { "id": "cdbf2658-b819-4fd3-ac89-8b90a7e3a2cf", "title": "Social Share, Social Login and Social Comments <= 7.10.6 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer", "slug": "super-socializer", "affected_versions": { "* - 7.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdbf2658-b819-4fd3-ac89-8b90a7e3a2cf?source=api-scan" ], "published": "2018-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdcac5f9-a744-4853-8a80-ed38fec81dbb": { "id": "cdcac5f9-a744-4853-8a80-ed38fec81dbb", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.89 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.89": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.89", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.90" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdcac5f9-a744-4853-8a80-ed38fec81dbb?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdcdbba7-8280-457b-a511-66a486978a31": { "id": "cdcdbba7-8280-457b-a511-66a486978a31", "title": "Ultimate Member \u2013 User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdcdbba7-8280-457b-a511-66a486978a31?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdd464ad-24bc-4922-8bfa-ac42fbe60b52": { "id": "cdd464ad-24bc-4922-8bfa-ac42fbe60b52", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdd464ad-24bc-4922-8bfa-ac42fbe60b52?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdd7971c-6f1c-437a-832c-e2b2817a197e": { "id": "cdd7971c-6f1c-437a-832c-e2b2817a197e", "title": "MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "MainWP Child Reports", "slug": "mainwp-child-reports", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdd7971c-6f1c-437a-832c-e2b2817a197e?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdd7b2ec-5470-492d-a8ea-ae69b45572ce": { "id": "cdd7b2ec-5470-492d-a8ea-ae69b45572ce", "title": "NEX-Forms \u2013 Ultimate Form Builder <= 8.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdd7b2ec-5470-492d-a8ea-ae69b45572ce?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cddda02e-c36f-4ed8-b3ac-6cb3f17c6ce2": { "id": "cddda02e-c36f-4ed8-b3ac-6cb3f17c6ce2", "title": "CBX Bookmark & Favorite <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CBX Bookmark & Favorite", "slug": "cbxwpbookmark", "affected_versions": { "* - 1.7.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cddda02e-c36f-4ed8-b3ac-6cb3f17c6ce2?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cddf4aa1-5c7d-4aa1-9384-1c352f0c6da9": { "id": "cddf4aa1-5c7d-4aa1-9384-1c352f0c6da9", "title": "WP Crowdfunding <= 2.1.4 - Missing Authorization via settings_reset", "software": [ { "type": "plugin", "name": "WP Crowdfunding", "slug": "wp-crowdfunding", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cddf4aa1-5c7d-4aa1-9384-1c352f0c6da9?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cde35356-daba-47ff-9278-21447337f0c7": { "id": "cde35356-daba-47ff-9278-21447337f0c7", "title": "Remove Footer Credit <= 1.0.10 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Remove Footer Credit", "slug": "remove-footer-credit", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cde35356-daba-47ff-9278-21447337f0c7?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cde526f2-7eff-49cf-8a9f-e0c0cdd12522": { "id": "cde526f2-7eff-49cf-8a9f-e0c0cdd12522", "title": "Kv TinyMCE Editor Add Fonts <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Kv TinyMCE Editor Add Fonts", "slug": "kv-tinymce-editor-fonts", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cde526f2-7eff-49cf-8a9f-e0c0cdd12522?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cde57dc8-9bfe-482c-8f04-654f4386e484": { "id": "cde57dc8-9bfe-482c-8f04-654f4386e484", "title": "StaffList <= 3.1.2 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "StaffList", "slug": "stafflist", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cde57dc8-9bfe-482c-8f04-654f4386e484?source=api-scan" ], "published": "2022-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cde6e758-9723-43f2-9972-32be8aeb2b91": { "id": "cde6e758-9723-43f2-9972-32be8aeb2b91", "title": "Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cde6e758-9723-43f2-9972-32be8aeb2b91?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cde8c669-c9bb-4ecc-b589-3cda8757dfc6": { "id": "cde8c669-c9bb-4ecc-b589-3cda8757dfc6", "title": "Logaster Logo Generator <= 1.3 - Cross-Site Request Forgery to Arbitrary Media Deletion and Creation", "software": [ { "type": "plugin", "name": "Logaster Logo Generator", "slug": "logaster-logo-generator", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cde8c669-c9bb-4ecc-b589-3cda8757dfc6?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cde92185-d63a-47b3-a17e-3f2b2b20270c": { "id": "cde92185-d63a-47b3-a17e-3f2b2b20270c", "title": "WP-dTree <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "WP-dTree", "slug": "wp-dtree-30", "affected_versions": { "* - 4.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cde92185-d63a-47b3-a17e-3f2b2b20270c?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdec0d79-a78a-499d-a7d0-94b65bfb84bd": { "id": "cdec0d79-a78a-499d-a7d0-94b65bfb84bd", "title": "Embed Youtube Video <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Embed Youtube Video", "slug": "embed-youtube-video", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdec0d79-a78a-499d-a7d0-94b65bfb84bd?source=api-scan" ], "published": "2021-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdee0cd8-b83b-4436-aebe-533f5af03ef1": { "id": "cdee0cd8-b83b-4436-aebe-533f5af03ef1", "title": "Forminator \u2013 Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "[*, 1.13.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.13.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdee0cd8-b83b-4436-aebe-533f5af03ef1?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cdf3b629-c1a2-4fdd-b7fc-d3550bd30857": { "id": "cdf3b629-c1a2-4fdd-b7fc-d3550bd30857", "title": "Display custom fields in the frontend \u2013 Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode", "software": [ { "type": "plugin", "name": "Display custom fields in the frontend \u2013 Post and User Profile Fields", "slug": "shortcode-to-display-post-and-user-data", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cdf3b629-c1a2-4fdd-b7fc-d3550bd30857?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce03e98d-7c29-405f-81bc-4a1114d9889d": { "id": "ce03e98d-7c29-405f-81bc-4a1114d9889d", "title": "Subscribe To Comments Reloaded < 150820 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Subscribe To Comments Reloaded", "slug": "subscribe-to-comments-reloaded", "affected_versions": { "[*, 150820)": { "from_version": "*", "from_inclusive": true, "to_version": "150820", "to_inclusive": false } }, "patched": true, "patched_versions": [ "150820" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce03e98d-7c29-405f-81bc-4a1114d9889d?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce047db1-b701-4903-9244-68b3ecaad78f": { "id": "ce047db1-b701-4903-9244-68b3ecaad78f", "title": "Gravityforms <= 2.4.8 - Information Exposure", "software": [ { "type": "plugin", "name": "Gravity Forms", "slug": "gravityforms", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce047db1-b701-4903-9244-68b3ecaad78f?source=api-scan" ], "published": "2019-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce060989-ce70-49ac-921c-a687bc944090": { "id": "ce060989-ce70-49ac-921c-a687bc944090", "title": "Mass Delete Taxonomies <= 3.0.0 - Cross-Site Request Forgery via mp_plugin_mass_delete_tags_init", "software": [ { "type": "plugin", "name": "Mass Delete Taxonomies", "slug": "mass-delete-tags", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce060989-ce70-49ac-921c-a687bc944090?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce0dcbe6-9231-45d9-9658-5d775e02cfcb": { "id": "ce0dcbe6-9231-45d9-9658-5d775e02cfcb", "title": "Estatik Real Estate Plugin <= 4.1.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Estatik Real Estate Plugin", "slug": "estatik", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce0dcbe6-9231-45d9-9658-5d775e02cfcb?source=api-scan" ], "published": "2023-12-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce106c3a-e99b-4182-84d8-8f896edbbefd": { "id": "ce106c3a-e99b-4182-84d8-8f896edbbefd", "title": "WP Custom Fields Search <= 1.2.34 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Custom Fields Search", "slug": "wp-custom-fields-search", "affected_versions": { "* - 1.2.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce106c3a-e99b-4182-84d8-8f896edbbefd?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce116ee1-f0ea-469b-8c17-8c17c76fdc66": { "id": "ce116ee1-f0ea-469b-8c17-8c17c76fdc66", "title": "Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Content", "software": [ { "type": "plugin", "name": "Genesis Blocks", "slug": "genesis-blocks", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce116ee1-f0ea-469b-8c17-8c17c76fdc66?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce16175a-c58e-4432-80de-7872216ae273": { "id": "ce16175a-c58e-4432-80de-7872216ae273", "title": "ARforms <= 6.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce16175a-c58e-4432-80de-7872216ae273?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce1ac711-6026-49ef-b66b-2cc199697942": { "id": "ce1ac711-6026-49ef-b66b-2cc199697942", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.66": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.66", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce1ac711-6026-49ef-b66b-2cc199697942?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce23efed-fe21-486a-ab3b-9ed0dd26a971": { "id": "ce23efed-fe21-486a-ab3b-9ed0dd26a971", "title": "AI ChatBot for WordPress \u2013 WPBot <= 5.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 5.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce23efed-fe21-486a-ab3b-9ed0dd26a971?source=api-scan" ], "published": "2024-07-16 18:32:59", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce27f598-b64a-45da-b61a-190570220ec2": { "id": "ce27f598-b64a-45da-b61a-190570220ec2", "title": "Opal Widgets For Elementor <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Opal Widgets For Elementor", "slug": "opal-widgets-for-elementor", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce27f598-b64a-45da-b61a-190570220ec2?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce297421-506c-4230-837e-96200677e1e2": { "id": "ce297421-506c-4230-837e-96200677e1e2", "title": "Survey Maker <= 4.0.9 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 4.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce297421-506c-4230-837e-96200677e1e2?source=api-scan" ], "published": "2024-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce2a438c-8506-4f07-ac1d-b682ad5a038b": { "id": "ce2a438c-8506-4f07-ac1d-b682ad5a038b", "title": "Email Subscription Popup <= 1.2.20 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Subscription Popup", "slug": "email-subscribe", "affected_versions": { "* - 1.2.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce2a438c-8506-4f07-ac1d-b682ad5a038b?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce2b4f93-93a6-480f-a877-ca47bd133bb6": { "id": "ce2b4f93-93a6-480f-a877-ca47bd133bb6", "title": "Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload", "software": [ { "type": "plugin", "name": "Advanced File Manager", "slug": "file-manager-advanced", "affected_versions": { "* - 5.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce2b4f93-93a6-480f-a877-ca47bd133bb6?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce2bef2f-fe28-48ea-8b83-052eebd31622": { "id": "ce2bef2f-fe28-48ea-8b83-052eebd31622", "title": "Classic Editor and Classic Widgets <= 1.2.5 - Cross-Site Request Forgery via render_settings_page", "software": [ { "type": "plugin", "name": "Classic Editor and Classic Widgets", "slug": "classic-editor-and-classic-widgets", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce2bef2f-fe28-48ea-8b83-052eebd31622?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce2edda2-7707-415e-9493-e1067a421f54": { "id": "ce2edda2-7707-415e-9493-e1067a421f54", "title": "Insight Core <= 1.0 - Authenticated PHP Object Injection & Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Insight Core", "slug": "insight-core", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce2edda2-7707-415e-9493-e1067a421f54?source=api-scan" ], "published": "2021-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce30649a-c1a0-42d5-b2e7-1ebe7989efa3": { "id": "ce30649a-c1a0-42d5-b2e7-1ebe7989efa3", "title": "Mercado Pago payments for WooCommerce <= 6.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mercado Pago payments for WooCommerce", "slug": "woocommerce-mercadopago", "affected_versions": { "* - 6.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce30649a-c1a0-42d5-b2e7-1ebe7989efa3?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce330cae-c2f8-42f3-822b-ca24bf46e433": { "id": "ce330cae-c2f8-42f3-822b-ca24bf46e433", "title": "MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "MailArchiver", "slug": "mailarchiver", "affected_versions": { "* - 2.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce330cae-c2f8-42f3-822b-ca24bf46e433?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce340b88-cbab-4ba8-93ae-8790f2348456": { "id": "ce340b88-cbab-4ba8-93ae-8790f2348456", "title": "All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce340b88-cbab-4ba8-93ae-8790f2348456?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce3e5bc7-63e9-4c0e-ae66-c24c2b8be2da": { "id": "ce3e5bc7-63e9-4c0e-ae66-c24c2b8be2da", "title": "Youzify <= 1.2.5 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce3e5bc7-63e9-4c0e-ae66-c24c2b8be2da?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e": { "id": "ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e", "title": "EmbedPress <= 3.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce3ff7f9-ccad-45c0-a278-f66fbb6263ee": { "id": "ce3ff7f9-ccad-45c0-a278-f66fbb6263ee", "title": "Auto Delete Posts <= 1.3.0 - Cross-Site Request Forgery to Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "Auto Delete Posts", "slug": "auto-delete-posts", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce3ff7f9-ccad-45c0-a278-f66fbb6263ee?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce457c98-c55b-4b71-a80b-393eceb9effd": { "id": "ce457c98-c55b-4b71-a80b-393eceb9effd", "title": "Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe", "software": [ { "type": "plugin", "name": "Ad Inserter \u2013 Ad Manager & AdSense Ads", "slug": "ad-inserter", "affected_versions": { "* - 2.7.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce457c98-c55b-4b71-a80b-393eceb9effd?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce47c956-5b19-43e4-8e04-9e7f68aeb924": { "id": "ce47c956-5b19-43e4-8e04-9e7f68aeb924", "title": "Upunzipper <= 1.0.0 - Authenticated (Admin+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Upunzipper", "slug": "upunzipper", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce47c956-5b19-43e4-8e04-9e7f68aeb924?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce4ac97d-7eb3-4005-b75a-0fe32e31fa92": { "id": "ce4ac97d-7eb3-4005-b75a-0fe32e31fa92", "title": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction", "slug": "paid-member-subscriptions", "affected_versions": { "* - 2.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce4ac97d-7eb3-4005-b75a-0fe32e31fa92?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce4c4395-6d1a-4d5f-885f-383e5c44c0f8": { "id": "ce4c4395-6d1a-4d5f-885f-383e5c44c0f8", "title": "Tutor LMS <= 2.7.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce4ca9c6-7ffd-4170-9004-f7bc3ad15df0": { "id": "ce4ca9c6-7ffd-4170-9004-f7bc3ad15df0", "title": "IMPress for IDX Broker <= 2.6.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IMPress for IDX Broker", "slug": "idx-broker-platinum", "affected_versions": { "[*, 2.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce4ca9c6-7ffd-4170-9004-f7bc3ad15df0?source=api-scan" ], "published": "2020-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce4fd12c-824c-44b9-a5be-d2f1abf79acc": { "id": "ce4fd12c-824c-44b9-a5be-d2f1abf79acc", "title": "Error Log Viewer by BestWebSoft < 1.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Error Log Viewer by BestWebSoft", "slug": "error-log-viewer", "affected_versions": { "[*, 1.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce4fd12c-824c-44b9-a5be-d2f1abf79acc?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce544dd0-6e4a-4a73-bba0-db2d667e378e": { "id": "ce544dd0-6e4a-4a73-bba0-db2d667e378e", "title": "Pie Register \u2013 User Registration Forms. Invitation based registrations, Custom Login, Payments < 3.1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce544dd0-6e4a-4a73-bba0-db2d667e378e?source=api-scan" ], "published": "2019-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce55230e-8c9e-41aa-b107-16c5988d1feb": { "id": "ce55230e-8c9e-41aa-b107-16c5988d1feb", "title": "PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.7.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce55230e-8c9e-41aa-b107-16c5988d1feb?source=api-scan" ], "published": "2024-06-12 17:12:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce57a3eb-a71b-4335-9e6c-52648ce00062": { "id": "ce57a3eb-a71b-4335-9e6c-52648ce00062", "title": "Allow SVG Files <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Allow svg files", "slug": "asf-allow-svg-files", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce57a3eb-a71b-4335-9e6c-52648ce00062?source=api-scan" ], "published": "2022-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce5efd37-131f-4b75-b682-023a07070ca0": { "id": "ce5efd37-131f-4b75-b682-023a07070ca0", "title": "WP Academic People List <= 0.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Academic People List", "slug": "wp-academic-people", "affected_versions": { "* - 0.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce5efd37-131f-4b75-b682-023a07070ca0?source=api-scan" ], "published": "2021-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce5f4960-e47c-4926-97f2-8c94c438a4e0": { "id": "ce5f4960-e47c-4926-97f2-8c94c438a4e0", "title": "Sina Extension for Elementor <= 3.3.11 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "[*, 3.3.12)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce5f4960-e47c-4926-97f2-8c94c438a4e0?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce695f15-557c-47b1-a5c4-ce68cc84d721": { "id": "ce695f15-557c-47b1-a5c4-ce68cc84d721", "title": "eRoom \u2013 Zoom Meetings & Webinar <= 1.3.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "eRoom \u2013 Zoom Meetings & Webinars", "slug": "eroom-zoom-meetings-webinar", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce695f15-557c-47b1-a5c4-ce68cc84d721?source=api-scan" ], "published": "2022-04-11 17:58:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce6b9b0a-e82e-459a-bddf-1c9354bcec00": { "id": "ce6b9b0a-e82e-459a-bddf-1c9354bcec00", "title": "GTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update", "software": [ { "type": "plugin", "name": "GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels", "slug": "gg-woo-feed", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce6b9b0a-e82e-459a-bddf-1c9354bcec00?source=api-scan" ], "published": "2023-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce6ea115-941e-482f-a2a4-95293ff10a69": { "id": "ce6ea115-941e-482f-a2a4-95293ff10a69", "title": "Contact Form Email <= 1.3.31 - Cross-Site Request Forgery to Feedback Submission", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "* - 1.3.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce6ea115-941e-482f-a2a4-95293ff10a69?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce779d08-93bf-4634-bb83-f5573876e086": { "id": "ce779d08-93bf-4634-bb83-f5573876e086", "title": "Powerkit < 2.5.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Powerkit \u2013 Supercharge your WordPress Site", "slug": "powerkit", "affected_versions": { "[*, 2.5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce779d08-93bf-4634-bb83-f5573876e086?source=api-scan" ], "published": "2022-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce7c2f30-188a-4ae7-976f-c7f0aaf96eee": { "id": "ce7c2f30-188a-4ae7-976f-c7f0aaf96eee", "title": "Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Titles", "software": [ { "type": "plugin", "name": "Themesflat Addons For Elementor", "slug": "themesflat-addons-for-elementor", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce7c2f30-188a-4ae7-976f-c7f0aaf96eee?source=api-scan" ], "published": "2024-06-05 15:27:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce8028a3-6fca-448f-b9a0-444db651148c": { "id": "ce8028a3-6fca-448f-b9a0-444db651148c", "title": "Scalable Vector Graphics (SVG) <= 3.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Scalable Vector Graphics (SVG)", "slug": "scalable-vector-graphics-svg", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce8028a3-6fca-448f-b9a0-444db651148c?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce834ae1-e05a-4b0e-9d7f-144669437d70": { "id": "ce834ae1-e05a-4b0e-9d7f-144669437d70", "title": "Caldera Forms Pro < 1.8.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Caldera Forms Pro", "slug": "caldera-forms-pro", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true }, "[1.8, 1.8.2)": { "from_version": "1.8", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7", "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce834ae1-e05a-4b0e-9d7f-144669437d70?source=api-scan" ], "published": "2019-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce8526f0-9dfb-4020-aa58-d2ff5bd652bf": { "id": "ce8526f0-9dfb-4020-aa58-d2ff5bd652bf", "title": "WP Helper Premium <= 4.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Helper Premium", "slug": "wp-helper-lite", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce8526f0-9dfb-4020-aa58-d2ff5bd652bf?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce8e5635-a343-40b4-838c-21b942af5242": { "id": "ce8e5635-a343-40b4-838c-21b942af5242", "title": "Photo Gallery by 10Web <= 1.2.12 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.2.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce8e5635-a343-40b4-838c-21b942af5242?source=api-scan" ], "published": "2015-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce90db0c-d4ca-4b32-8a64-681642aaf032": { "id": "ce90db0c-d4ca-4b32-8a64-681642aaf032", "title": "Image Slider by NextCode <= 1.1.2 - Cross-Site Request Forgery to Slide Deletion", "software": [ { "type": "plugin", "name": "Image Slider by NextCode \u2013 Photo & Video Slider", "slug": "baslider", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce90db0c-d4ca-4b32-8a64-681642aaf032?source=api-scan" ], "published": "2022-05-26 11:06:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce96ab3a-a8a4-44a3-80ce-3a3ec419db47": { "id": "ce96ab3a-a8a4-44a3-80ce-3a3ec419db47", "title": "EasyJobs <= 2.4.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg", "slug": "easyjobs", "affected_versions": { "* - 2.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce96ab3a-a8a4-44a3-80ce-3a3ec419db47?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce96dab2-70ab-4925-8323-daf65d61c81a": { "id": "ce96dab2-70ab-4925-8323-daf65d61c81a", "title": "Connections Business Directory < 0.7.9.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Connections Business Directory", "slug": "connections", "affected_versions": { "[*, 0.7.9.4)": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.9.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.7.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce96dab2-70ab-4925-8323-daf65d61c81a?source=api-scan" ], "published": "2014-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce978334-42e1-4334-a2d1-c3966339e4fc": { "id": "ce978334-42e1-4334-a2d1-c3966339e4fc", "title": "WordPress Backup & Migration <= 1.4.0 - Missing Authorization via wt_delete_schedule", "software": [ { "type": "plugin", "name": "WebToffee WP Backup and Migration", "slug": "wp-migration-duplicator", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce978334-42e1-4334-a2d1-c3966339e4fc?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce9aa906-72be-4551-9850-76f0adb6da97": { "id": "ce9aa906-72be-4551-9850-76f0adb6da97", "title": "SlickNav Mobile Menu <= 1.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlickNav Mobile Menu", "slug": "slicknav-mobile-menu", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce9aa906-72be-4551-9850-76f0adb6da97?source=api-scan" ], "published": "2023-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce9b908b-1388-41fb-915c-e4e29eaf57ed": { "id": "ce9b908b-1388-41fb-915c-e4e29eaf57ed", "title": "Magic Action Box <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Magic Action Box", "slug": "magic-action-box", "affected_versions": { "* - 2.17.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce9b908b-1388-41fb-915c-e4e29eaf57ed?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce9e9298-7ff3-4ecc-9665-cc4a3b76059c": { "id": "ce9e9298-7ff3-4ecc-9665-cc4a3b76059c", "title": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "mapsmarker", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce9e9298-7ff3-4ecc-9665-cc4a3b76059c?source=api-scan" ], "published": "2012-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ce9ec867-a23a-4081-b791-c6dba6985294": { "id": "ce9ec867-a23a-4081-b791-c6dba6985294", "title": "YITH WooCommerce Ajax Product Filter <= 5.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Ajax Product Filter", "slug": "yith-woocommerce-ajax-navigation", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ce9ec867-a23a-4081-b791-c6dba6985294?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cea30a5d-2074-48b1-aca5-7c502e496961": { "id": "cea30a5d-2074-48b1-aca5-7c502e496961", "title": "Email Template Customizer for WooCommerce <= 1.2.5 - Authenticated (Shop manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Template Customizer for WooCommerce", "slug": "email-template-customizer-for-woo", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cea30a5d-2074-48b1-aca5-7c502e496961?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceae0115-268c-401b-876b-3477d10c10e6": { "id": "ceae0115-268c-401b-876b-3477d10c10e6", "title": "EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "[*, 3.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceae0115-268c-401b-876b-3477d10c10e6?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceaf5f81-1adf-4512-b610-d1d183876762": { "id": "ceaf5f81-1adf-4512-b610-d1d183876762", "title": "Gwolle Guestbook <= 4.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gwolle Guestbook", "slug": "gwolle-gb", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceaf5f81-1adf-4512-b610-d1d183876762?source=api-scan" ], "published": "2021-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceaf64d6-9872-4572-807e-7fce76edee57": { "id": "ceaf64d6-9872-4572-807e-7fce76edee57", "title": "Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fish and Ships \u2013 Most flexible shipping table rate. A WooCommerce shipping rate", "slug": "fish-and-ships", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceaf64d6-9872-4572-807e-7fce76edee57?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceb041f6-b88a-495a-8f5f-7f39f640748d": { "id": "ceb041f6-b88a-495a-8f5f-7f39f640748d", "title": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag'", "software": [ { "type": "plugin", "name": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-blocks", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceb041f6-b88a-495a-8f5f-7f39f640748d?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceb08ca9-e512-4a97-b323-cd9447b8bcac": { "id": "ceb08ca9-e512-4a97-b323-cd9447b8bcac", "title": "Academy LMS <= 1.9.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution", "slug": "academy", "affected_versions": { "* - 1.9.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceb08ca9-e512-4a97-b323-cd9447b8bcac?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceb25a7b-da93-41eb-bae7-8bffa96f7a1c": { "id": "ceb25a7b-da93-41eb-bae7-8bffa96f7a1c", "title": "Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode", "software": [ { "type": "plugin", "name": "Slivery Extender", "slug": "slivery-extender", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceb25a7b-da93-41eb-bae7-8bffa96f7a1c?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceb7d0a7-ea34-4c6f-a144-660debc74a9e": { "id": "ceb7d0a7-ea34-4c6f-a144-660debc74a9e", "title": "TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset", "software": [ { "type": "plugin", "name": "Advance WordPress Search Plugin", "slug": "th-advance-product-search", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceb7d0a7-ea34-4c6f-a144-660debc74a9e?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceba35c3-16b0-4366-b33c-603bdc2c1006": { "id": "ceba35c3-16b0-4366-b33c-603bdc2c1006", "title": "Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access", "software": [ { "type": "plugin", "name": "Advanced File Manager", "slug": "file-manager-advanced", "affected_versions": { "* - 5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceba35c3-16b0-4366-b33c-603bdc2c1006?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cebd40c2-42df-4792-81dc-2b1082f1712b": { "id": "cebd40c2-42df-4792-81dc-2b1082f1712b", "title": "WordPress Real Media Library <= 4.14.1 - Authenticated (Author) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real Media Library: Media Library Folder & File Manager", "slug": "real-media-library-lite", "affected_versions": { "* - 4.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.14.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cebd40c2-42df-4792-81dc-2b1082f1712b?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cec0ba0e-28a5-46c0-97c2-bbf73bd2dbad": { "id": "cec0ba0e-28a5-46c0-97c2-bbf73bd2dbad", "title": "Bard <= 2.210 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Bard", "slug": "bard", "affected_versions": { "* - 2.210": { "from_version": "*", "from_inclusive": true, "to_version": "2.210", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.211" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cec0ba0e-28a5-46c0-97c2-bbf73bd2dbad?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cec5bfa6-96ed-4a5a-be19-63434af32c89": { "id": "cec5bfa6-96ed-4a5a-be19-63434af32c89", "title": "WordPress Core < 4.2.1 - Cross-Site Scripting via Comments", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "4.0 - 4.0.3": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true }, "4.1 - 4.1.3": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.3", "to_inclusive": true }, "4.2": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4", "4.1.4", "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cec5bfa6-96ed-4a5a-be19-63434af32c89?source=api-scan" ], "published": "2015-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cece751c-400d-42b4-9438-950d5aca51fc": { "id": "cece751c-400d-42b4-9438-950d5aca51fc", "title": "AIT CSV import\/export <= 3.0.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AIT CSV import\/export", "slug": "ait-csv-import-export", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cece751c-400d-42b4-9438-950d5aca51fc?source=api-scan" ], "published": "2020-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cecf1bcc-ed3e-430c-80d4-d940416eed9a": { "id": "cecf1bcc-ed3e-430c-80d4-d940416eed9a", "title": "Import XML and RSS Feeds <= 2.1.5 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Import XML and RSS Feeds", "slug": "import-xml-feed", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cecf1bcc-ed3e-430c-80d4-d940416eed9a?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cecffd72-4597-4308-9f21-4731269e8cf1": { "id": "cecffd72-4597-4308-9f21-4731269e8cf1", "title": "Popup Builder <= 3.44 - SQL Injection", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 3.44": { "from_version": "*", "from_inclusive": true, "to_version": "3.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cecffd72-4597-4308-9f21-4731269e8cf1?source=api-scan" ], "published": "2019-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ced380a5-04a6-40c1-a731-0d3b929e4428": { "id": "ced380a5-04a6-40c1-a731-0d3b929e4428", "title": "CP Media Player <= 1.1.3 - Cross-Site Request Forgery to Player Deletion and Duplication", "software": [ { "type": "plugin", "name": "CP Media Player \u2013 Audio Player and Video Player", "slug": "audio-and-video-player", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ced380a5-04a6-40c1-a731-0d3b929e4428?source=api-scan" ], "published": "2024-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ced4a635-f579-41fb-840c-3ba54dbe92c8": { "id": "ced4a635-f579-41fb-840c-3ba54dbe92c8", "title": "Improved Include Page <= 1.2 - Authenticated (Contributor+) Arbitrary Posts\/Pages Access", "software": [ { "type": "plugin", "name": "Improved Include Page", "slug": "improved-include-page", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ced4a635-f579-41fb-840c-3ba54dbe92c8?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ced6450a-7d5a-4091-8181-98c005e74346": { "id": "ced6450a-7d5a-4091-8181-98c005e74346", "title": "Mantra <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Mantra", "slug": "mantra", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ced6450a-7d5a-4091-8181-98c005e74346?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cedc575c-ee8f-4c62-bc44-95252a0c8b6f": { "id": "cedc575c-ee8f-4c62-bc44-95252a0c8b6f", "title": "InstaWP Connect <= 0.1.0.38 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.38": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cedc575c-ee8f-4c62-bc44-95252a0c8b6f?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cede59f9-611f-4da4-8140-181bd0a469d5": { "id": "cede59f9-611f-4da4-8140-181bd0a469d5", "title": "Contact Form by FormGet < 5.3.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by FormGet \u2013 Best Form Builder Plugin for WordPress", "slug": "formget-contact-form", "affected_versions": { "[*, 5.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cede59f9-611f-4da4-8140-181bd0a469d5?source=api-scan" ], "published": "2015-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cede7e6f-e3e8-479b-9c7b-91c390ed3936": { "id": "cede7e6f-e3e8-479b-9c7b-91c390ed3936", "title": "Export customers list csv for WooCommerce <= 2.0.67 - CSV Injection", "software": [ { "type": "plugin", "name": "Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list", "slug": "export-woocommerce-customer-list", "affected_versions": { "* - 2.0.67": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.67", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cede7e6f-e3e8-479b-9c7b-91c390ed3936?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cee6a100-cda5-48a6-9f9c-ea17f80c4165": { "id": "cee6a100-cda5-48a6-9f9c-ea17f80c4165", "title": "Product Import Export for WooCommerce <= 2.3.7 - Authenticated(Shop Manager+) Arbitrary File Upload via upload_import_file", "software": [ { "type": "plugin", "name": "Product Import Export for WooCommerce", "slug": "product-import-export-for-woo", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cee6a100-cda5-48a6-9f9c-ea17f80c4165?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceeefc3f-1cb7-48df-9978-258f015d93c7": { "id": "ceeefc3f-1cb7-48df-9978-258f015d93c7", "title": "Easy Image Collage <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Data Clearance", "software": [ { "type": "plugin", "name": "Easy Image Collage", "slug": "easy-image-collage", "affected_versions": { "* - 1.13.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceeefc3f-1cb7-48df-9978-258f015d93c7?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ceef080c-3d3b-494d-8cfa-fe9724b9207f": { "id": "ceef080c-3d3b-494d-8cfa-fe9724b9207f", "title": "SecuPress Free and SecuPress Pro <= 1.4.12 - Unauthenticated Arbitrary IP Ban", "software": [ { "type": "plugin", "name": "secupress-pro", "slug": "secupress-pro", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "plugin", "name": "SecuPress Free \u2014 WordPress Security", "slug": "secupress", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ceef080c-3d3b-494d-8cfa-fe9724b9207f?source=api-scan" ], "published": "2021-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cef83a3e-9e8b-4c4c-9adc-cdcebefadd39": { "id": "cef83a3e-9e8b-4c4c-9adc-cdcebefadd39", "title": "Image Gallery with Slideshow Plugin <= 1.5.2 - SQL Injection via gid", "software": [ { "type": "plugin", "name": "Image Gallery with Slideshow Plugin", "slug": "image-gallery-with-slideshow", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cef83a3e-9e8b-4c4c-9adc-cdcebefadd39?source=api-scan" ], "published": "2017-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cefa38d0-7da1-48dd-98d7-fe2f36e19d7c": { "id": "cefa38d0-7da1-48dd-98d7-fe2f36e19d7c", "title": "WooCommerce Order Barcodes <= 1.6.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Woocommerce Order Barcodes", "slug": "woocommerce-order-barcodes", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cefa38d0-7da1-48dd-98d7-fe2f36e19d7c?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cefb979e-2b5b-4820-a350-ee106131f0f9": { "id": "cefb979e-2b5b-4820-a350-ee106131f0f9", "title": "WordPress Core < 3.1.1 - Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cefb979e-2b5b-4820-a350-ee106131f0f9?source=api-scan" ], "published": "2011-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cefcd612-0ba8-4225-8f23-817b7220ee7b": { "id": "cefcd612-0ba8-4225-8f23-817b7220ee7b", "title": "EleForms \u2013 All In One Form Integration including DB for Elementor <= 2.9.9.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EleForms \u2013 All In One Form Integration including DB for Elementor", "slug": "all-contact-form-integration-for-elementor", "affected_versions": { "* - 2.9.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cefcd612-0ba8-4225-8f23-817b7220ee7b?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cefdf1c5-eab4-4f06-aa5c-24cdef36e5f9": { "id": "cefdf1c5-eab4-4f06-aa5c-24cdef36e5f9", "title": "Misiek Paypal <= 1.1.20090324 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Misiek Paypal", "slug": "misiek-paypal", "affected_versions": { "* - 1.1.20090324": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.20090324", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cefdf1c5-eab4-4f06-aa5c-24cdef36e5f9?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf00d5a9-bf7f-404c-b91f-1d7cf14d883b": { "id": "cf00d5a9-bf7f-404c-b91f-1d7cf14d883b", "title": "YITH Maintenance Mode <= 1.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH Maintenance Mode", "slug": "yith-maintenance-mode", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf00d5a9-bf7f-404c-b91f-1d7cf14d883b?source=api-scan" ], "published": "2015-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf02db2c-5fd2-4f21-a95c-e7645e22ecc6": { "id": "cf02db2c-5fd2-4f21-a95c-e7645e22ecc6", "title": "WP Advanced Importer <= 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Advanced Importer", "slug": "wp-advanced-importer", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf02db2c-5fd2-4f21-a95c-e7645e22ecc6?source=api-scan" ], "published": "2016-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf037a61-7e4d-4c20-b868-2fa78950bad3": { "id": "cf037a61-7e4d-4c20-b868-2fa78950bad3", "title": "Golo - City Travel Guide WordPress Theme < 1.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Golo - City Travel Guide WordPress Theme", "slug": "golo", "affected_versions": { "[*, 1.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf037a61-7e4d-4c20-b868-2fa78950bad3?source=api-scan" ], "published": "2020-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf0798cd-bf1a-4c1c-82c5-e417b9983c77": { "id": "cf0798cd-bf1a-4c1c-82c5-e417b9983c77", "title": "WPRealty <= 2.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPRealty", "slug": "wp-realty", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf0798cd-bf1a-4c1c-82c5-e417b9983c77?source=api-scan" ], "published": "2013-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf0c34d3-5c7d-43a5-9430-2ebdc155123f": { "id": "cf0c34d3-5c7d-43a5-9430-2ebdc155123f", "title": "Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf0c34d3-5c7d-43a5-9430-2ebdc155123f?source=api-scan" ], "published": "2024-07-01 19:02:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf0f5fd4-cd06-4d11-9f22-1f417b546afb": { "id": "cf0f5fd4-cd06-4d11-9f22-1f417b546afb", "title": "YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Ajax Search", "slug": "yith-woocommerce-ajax-search", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf0f5fd4-cd06-4d11-9f22-1f417b546afb?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf1000eb-fac3-4710-bfcd-a6cc2c6327d4": { "id": "cf1000eb-fac3-4710-bfcd-a6cc2c6327d4", "title": "Aparat for WordPress <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Aparat for WordPress", "slug": "wp-aparat", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf1000eb-fac3-4710-bfcd-a6cc2c6327d4?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf11be7a-0b31-46ce-82ce-5a42898a8a10": { "id": "cf11be7a-0b31-46ce-82ce-5a42898a8a10", "title": "Log WP_Mail <= 0.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Log WP_Mail", "slug": "logwpmail", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf11be7a-0b31-46ce-82ce-5a42898a8a10?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf13732b-7c24-443a-bae9-d8cf70b5cb33": { "id": "cf13732b-7c24-443a-bae9-d8cf70b5cb33", "title": "Stock Sync for WooCommerce <= 2.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Stock Sync for WooCommerce", "slug": "stock-sync-for-woocommerce", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf13732b-7c24-443a-bae9-d8cf70b5cb33?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf159a11-9490-4f79-a62d-c279cfe26108": { "id": "cf159a11-9490-4f79-a62d-c279cfe26108", "title": "Ripe HD FLV <= 1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Ripe HD FLV", "slug": "ripe-hd-player", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf159a11-9490-4f79-a62d-c279cfe26108?source=api-scan" ], "published": "2013-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf17a817-6f61-43d5-9da2-58fbbef458d9": { "id": "cf17a817-6f61-43d5-9da2-58fbbef458d9", "title": "FormCraft <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fcb shortcode", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf17a817-6f61-43d5-9da2-58fbbef458d9?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf195cca-4e07-41ff-bf26-9ad5fca3635d": { "id": "cf195cca-4e07-41ff-bf26-9ad5fca3635d", "title": "ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf195cca-4e07-41ff-bf26-9ad5fca3635d?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf1cc19a-2ca2-4322-9f37-3f7e24ea38c6": { "id": "cf1cc19a-2ca2-4322-9f37-3f7e24ea38c6", "title": "Transposh WordPress Translation <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf1cc19a-2ca2-4322-9f37-3f7e24ea38c6?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf1e4b20-e7e5-4a3a-9895-02d51499d54e": { "id": "cf1e4b20-e7e5-4a3a-9895-02d51499d54e", "title": "Lucas String Replace <= 2.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lucas String Replace", "slug": "lucas-string-replace", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf1e4b20-e7e5-4a3a-9895-02d51499d54e?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf238735-8c21-495b-8da0-912921c1f11c": { "id": "cf238735-8c21-495b-8da0-912921c1f11c", "title": "Omnipress <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Omnipress", "slug": "omnipress", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf238735-8c21-495b-8da0-912921c1f11c?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf24216c-7882-4359-b526-44d845de0249": { "id": "cf24216c-7882-4359-b526-44d845de0249", "title": "EZPZ One Click Backup <= 12.03.10 - Unauthenticated Command Injection", "software": [ { "type": "plugin", "name": "EZPZ One Click Backup", "slug": "ezpz-one-click-backup", "affected_versions": { "* - 12.03.10": { "from_version": "*", "from_inclusive": true, "to_version": "12.03.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf24216c-7882-4359-b526-44d845de0249?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8": { "id": "cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8", "title": "Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[]", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5.1" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf2d14ff-d02a-4bed-9604-ff2489d4bef9": { "id": "cf2d14ff-d02a-4bed-9604-ff2489d4bef9", "title": "Corona (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Corona", "slug": "corona", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf2d14ff-d02a-4bed-9604-ff2489d4bef9?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf2e8b6f-2bdb-46c4-84a0-9e196355dda9": { "id": "cf2e8b6f-2bdb-46c4-84a0-9e196355dda9", "title": "No-Bot Registration <= 1.9.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "No-Bot Registration", "slug": "no-bot-registration", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf2e8b6f-2bdb-46c4-84a0-9e196355dda9?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf2f2474-50d6-46da-a97c-731edb514ae5": { "id": "cf2f2474-50d6-46da-a97c-731edb514ae5", "title": "Manage Calameo Publications by Athlon < 1.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Manage Calameo Publications by Athlon", "slug": "athlon-manage-calameo-publications", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf2f2474-50d6-46da-a97c-731edb514ae5?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf34af9d-4de7-498d-8065-c3cc6818b7c4": { "id": "cf34af9d-4de7-498d-8065-c3cc6818b7c4", "title": "Advance Menu Manager <= 3.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advance Menu Manager", "slug": "advance-menu-manager", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf34af9d-4de7-498d-8065-c3cc6818b7c4?source=api-scan" ], "published": "2023-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8": { "id": "cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8", "title": "Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.7.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf3a16b6-7256-4fad-b3f2-d1d9d833f45e": { "id": "cf3a16b6-7256-4fad-b3f2-d1d9d833f45e", "title": "ConvertKit <= 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Kit (formerly ConvertKit) \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages", "slug": "convertkit", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf3a16b6-7256-4fad-b3f2-d1d9d833f45e?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf3d2b0f-667f-469e-a1de-3be213cd7007": { "id": "cf3d2b0f-667f-469e-a1de-3be213cd7007", "title": "TrueBooker <= 1.0.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "TrueBooker \u2013 Appointment Booking and Scheduler Plugin.", "slug": "truebooker-appointment-booking", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf3d2b0f-667f-469e-a1de-3be213cd7007?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf3df923-9426-4e5b-ba59-eda0b5c18d40": { "id": "cf3df923-9426-4e5b-ba59-eda0b5c18d40", "title": "PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "PublishPress Capabilities \u2013 User Role Editor, Access Permissions, Admin Menus", "slug": "capability-manager-enhanced", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf3df923-9426-4e5b-ba59-eda0b5c18d40?source=api-scan" ], "published": "2021-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf3f82dc-3820-4c9d-adbb-ca0375078876": { "id": "cf3f82dc-3820-4c9d-adbb-ca0375078876", "title": "IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IDPay for Contact Form 7", "slug": "idpay-contact-form-7", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf3f82dc-3820-4c9d-adbb-ca0375078876?source=api-scan" ], "published": "2021-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf44a96e-0efb-4363-9f49-ba4a82924569": { "id": "cf44a96e-0efb-4363-9f49-ba4a82924569", "title": "Video Lightbox <= 1.9.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Video Lightbox", "slug": "wp-video-lightbox", "affected_versions": { "* - 1.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf44a96e-0efb-4363-9f49-ba4a82924569?source=api-scan" ], "published": "2022-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf458f57-2c8b-44d1-8e36-bbfc1a66c2e2": { "id": "cf458f57-2c8b-44d1-8e36-bbfc1a66c2e2", "title": "OMFG Mobile Pro <= 1.1.26 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OMFG Mobile Pro", "slug": "omfg-mobile", "affected_versions": { "* - 1.1.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.26", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf458f57-2c8b-44d1-8e36-bbfc1a66c2e2?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf48ad3b-9b3a-4052-bacf-52a729d62365": { "id": "cf48ad3b-9b3a-4052-bacf-52a729d62365", "title": "Link Checker <= 1.16.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Checker Professional", "slug": "link-checker", "affected_versions": { "[*, 1.17.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.17.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf48ad3b-9b3a-4052-bacf-52a729d62365?source=api-scan" ], "published": "2019-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf4d42a2-746b-4c23-b0fe-b66eafb76303": { "id": "cf4d42a2-746b-4c23-b0fe-b66eafb76303", "title": "Sniplets < 1.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sniplets", "slug": "sniplets", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf4d42a2-746b-4c23-b0fe-b66eafb76303?source=api-scan" ], "published": "2008-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf4e9b41-20e8-4dba-a51c-6e8f09232ffb": { "id": "cf4e9b41-20e8-4dba-a51c-6e8f09232ffb", "title": "Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title'", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.21": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf4e9b41-20e8-4dba-a51c-6e8f09232ffb?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf4f3f5e-28f7-492c-9d54-4826826bd904": { "id": "cf4f3f5e-28f7-492c-9d54-4826826bd904", "title": "Starter Templates \u2014 Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "slug": "astra-sites", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf4f3f5e-28f7-492c-9d54-4826826bd904?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf5075f9-9658-4a09-bd38-34a72f6560f4": { "id": "cf5075f9-9658-4a09-bd38-34a72f6560f4", "title": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "slug": "astra-sites", "affected_versions": { "* - 4.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf5075f9-9658-4a09-bd38-34a72f6560f4?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf57aeaa-e37e-4b22-aeaa-f0a9f4877484": { "id": "cf57aeaa-e37e-4b22-aeaa-f0a9f4877484", "title": "RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf57aeaa-e37e-4b22-aeaa-f0a9f4877484?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf6563a4-56ca-46b1-a854-aad7cc550f73": { "id": "cf6563a4-56ca-46b1-a854-aad7cc550f73", "title": "PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read", "software": [ { "type": "plugin", "name": "PayPal Currency Converter BASIC for WooCommerce", "slug": "paypal-currency-converter-basic-for-woocommerce", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf6563a4-56ca-46b1-a854-aad7cc550f73?source=api-scan" ], "published": "2015-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf665438-20d2-4df9-b3ff-54123343a46d": { "id": "cf665438-20d2-4df9-b3ff-54123343a46d", "title": "Rencontre \u2013 Dating Site <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "[*, 3.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf665438-20d2-4df9-b3ff-54123343a46d?source=api-scan" ], "published": "2019-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf6c13de-e666-4c80-aa4c-6f610d899d03": { "id": "cf6c13de-e666-4c80-aa4c-6f610d899d03", "title": "Flatsome <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "theme", "name": "Flatsome", "slug": "flatsome", "affected_versions": { "* - 3.18.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.18.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf6c13de-e666-4c80-aa4c-6f610d899d03?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf6e3552-9616-4da1-8d8e-a6144ba1d0a3": { "id": "cf6e3552-9616-4da1-8d8e-a6144ba1d0a3", "title": "Easy PayPal Shopping Cart <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy PayPal Shopping Cart", "slug": "easy-paypal-shopping-cart", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf6e3552-9616-4da1-8d8e-a6144ba1d0a3?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf711c64-dd5e-4725-824c-fbe9063916d9": { "id": "cf711c64-dd5e-4725-824c-fbe9063916d9", "title": "Ad Invalid Click Protector <= 1.2.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Ad Invalid Click Protector (AICP)", "slug": "ad-invalid-click-protector", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf711c64-dd5e-4725-824c-fbe9063916d9?source=api-scan" ], "published": "2022-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf71d36c-c730-470b-bd22-a393370d867c": { "id": "cf71d36c-c730-470b-bd22-a393370d867c", "title": "WebinarPress <= 1.33.20 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Webinar Plugin \u2013 WebinarPress", "slug": "wp-webinarsystem", "affected_versions": { "* - 1.33.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.33.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.33.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf71d36c-c730-470b-bd22-a393370d867c?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf753fcf-9db0-4161-97e5-0f09c3452544": { "id": "cf753fcf-9db0-4161-97e5-0f09c3452544", "title": "Appointment Bookings for Zoom GoogleMeet and more \u2013 Wappointment <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Appointment Bookings for Zoom GoogleMeet and more \u2013 Wappointment", "slug": "wappointment", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf753fcf-9db0-4161-97e5-0f09c3452544?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3": { "id": "cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3", "title": "Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function", "software": [ { "type": "plugin", "name": "SSL Mixed Content Fix", "slug": "http-https-remover", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] }, { "type": "plugin", "name": "Duplicate Post", "slug": "copy-delete-posts", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] }, { "type": "plugin", "name": "Social Share Icons & Social Share Buttons", "slug": "ultimate-social-media-plus", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] }, { "type": "plugin", "name": "Ultimate Posts Widget", "slug": "ultimate-posts-widget", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] }, { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] }, { "type": "plugin", "name": "Pop-up", "slug": "pop-up-pop-up", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "plugin", "name": "Clone", "slug": "wp-clone-by-wp-academy", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] }, { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] }, { "type": "plugin", "name": "RSS Redirect & Feedburner Alternative", "slug": "feedburner-alternative-and-rss-redirect", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] }, { "type": "plugin", "name": "Enhanced Text Widget", "slug": "enhanced-text-widget", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf7c3ffe-079e-4db4-9dc4-3405527c0a99": { "id": "cf7c3ffe-079e-4db4-9dc4-3405527c0a99", "title": "Image Over Image For WPBakery Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Image Over Image For WPBakery Page Builder", "slug": "image-over-image-vc-extension", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf7c3ffe-079e-4db4-9dc4-3405527c0a99?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf803368-64ff-4dbe-85ae-af30e18bc833": { "id": "cf803368-64ff-4dbe-85ae-af30e18bc833", "title": "WordPress Core < 2.6 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf803368-64ff-4dbe-85ae-af30e18bc833?source=api-scan" ], "published": "2008-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf806412-9f21-468e-a497-319d5b24e677": { "id": "cf806412-9f21-468e-a497-319d5b24e677", "title": "Tickera <= 3.5.2.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tickera \u2013 WordPress Event Ticketing", "slug": "tickera-event-ticketing-system", "affected_versions": { "* - 3.5.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf806412-9f21-468e-a497-319d5b24e677?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf85ddc7-cb90-4502-9936-f2c51030b4a6": { "id": "cf85ddc7-cb90-4502-9936-f2c51030b4a6", "title": "Disc Golf Manager <= 1.0.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Disc Golf Manager", "slug": "disc-golf-manager", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf85ddc7-cb90-4502-9936-f2c51030b4a6?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf8919d4-6ca7-44ed-ae2a-14b0c96a568f": { "id": "cf8919d4-6ca7-44ed-ae2a-14b0c96a568f", "title": "Maintenance Redirect <= 2.0.1 - IP Spoofing to Maintenance Mode Bypass", "software": [ { "type": "plugin", "name": "Maintenance Redirect", "slug": "jf3-maintenance-mode", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf8919d4-6ca7-44ed-ae2a-14b0c96a568f?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf9470c9-693b-4f36-91d9-26b2d488b377": { "id": "cf9470c9-693b-4f36-91d9-26b2d488b377", "title": "All In One Favicon <= 4.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All In One Favicon", "slug": "all-in-one-favicon", "affected_versions": { "* - 4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf9470c9-693b-4f36-91d9-26b2d488b377?source=api-scan" ], "published": "2018-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf96887c-6e0d-43d9-a3f2-88981adb4c98": { "id": "cf96887c-6e0d-43d9-a3f2-88981adb4c98", "title": "Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf96887c-6e0d-43d9-a3f2-88981adb4c98?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cf992c75-a1ae-49c3-8110-2f3b31b23f6c": { "id": "cf992c75-a1ae-49c3-8110-2f3b31b23f6c", "title": "Zyrex Popup <= 1.0 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ZYREX POPUP", "slug": "popup-zyrex", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cf992c75-a1ae-49c3-8110-2f3b31b23f6c?source=api-scan" ], "published": "2023-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfb27513-61ad-4cf0-a471-0ab7aeb0801b": { "id": "cfb27513-61ad-4cf0-a471-0ab7aeb0801b", "title": "RSVPMarker <= 10.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 10.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfb27513-61ad-4cf0-a471-0ab7aeb0801b?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfb45af3-c22a-4045-b564-22f7081868d7": { "id": "cfb45af3-c22a-4045-b564-22f7081868d7", "title": "WP Mail Catcher <= 2.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mail logging \u2013 WP Mail Catcher", "slug": "wp-mail-catcher", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfb45af3-c22a-4045-b564-22f7081868d7?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfb48c2e-9447-4fd1-a5a4-d9b675276ced": { "id": "cfb48c2e-9447-4fd1-a5a4-d9b675276ced", "title": "Frontend Checklist <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Items", "software": [ { "type": "plugin", "name": "Frontend Checklist", "slug": "frontend-checklist", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfb48c2e-9447-4fd1-a5a4-d9b675276ced?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfb87c87-f9dc-4f26-93f5-10d6bf6c822b": { "id": "cfb87c87-f9dc-4f26-93f5-10d6bf6c822b", "title": "WP Discourse <= 2.5.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Discourse", "slug": "wp-discourse", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfb87c87-f9dc-4f26-93f5-10d6bf6c822b?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfbc7af2-1e2c-4aaf-b73c-870f7519aff1": { "id": "cfbc7af2-1e2c-4aaf-b73c-870f7519aff1", "title": "File Manager Pro \u2013 Filester - <= 1.7.6 - Cross-Site Request Forgery to Arbitrary File Rename", "software": [ { "type": "plugin", "name": "File Manager Pro \u2013 Filester", "slug": "filester", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfbc7af2-1e2c-4aaf-b73c-870f7519aff1?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfbc7f74-89c6-4418-9e1e-12650e179912": { "id": "cfbc7f74-89c6-4418-9e1e-12650e179912", "title": "WP Photo Album Plus <= 8.7.01.001 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 8.7.01.001": { "from_version": "*", "from_inclusive": true, "to_version": "8.7.01.001", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.7.01.002" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfbc7f74-89c6-4418-9e1e-12650e179912?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfbd41fa-15f0-473a-be5a-862e8a14b287": { "id": "cfbd41fa-15f0-473a-be5a-862e8a14b287", "title": "Restrict Content <= 3.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Membership Plugin \u2013 Restrict Content", "slug": "restrict-content", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfbd41fa-15f0-473a-be5a-862e8a14b287?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfc09dee-9af6-49ff-bfe2-abcc616940d7": { "id": "cfc09dee-9af6-49ff-bfe2-abcc616940d7", "title": "MW Font Changer <= 4.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MW Font Changer", "slug": "parsi-font", "affected_versions": { "[*, 4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfc09dee-9af6-49ff-bfe2-abcc616940d7?source=api-scan" ], "published": "2016-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfc59270-d08c-4b78-9863-4bb88120b878": { "id": "cfc59270-d08c-4b78-9863-4bb88120b878", "title": "Petfinder Listings <= 1.0.19 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "List Petfinder Pets", "slug": "petfinder-listings", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfc59270-d08c-4b78-9863-4bb88120b878?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfc59e3d-13c6-4051-8a1a-d109ea06b10b": { "id": "cfc59e3d-13c6-4051-8a1a-d109ea06b10b", "title": "Opening Hours <= 2.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Opening Hours", "slug": "wp-opening-hours", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfc59e3d-13c6-4051-8a1a-d109ea06b10b?source=api-scan" ], "published": "2023-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfc6b4a5-ff13-457f-9e06-de15e8cb5510": { "id": "cfc6b4a5-ff13-457f-9e06-de15e8cb5510", "title": "WP Import Export Lite <= 3.9.26 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "WP Import Export Lite", "slug": "wp-import-export-lite", "affected_versions": { "* - 3.9.26": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfc6b4a5-ff13-457f-9e06-de15e8cb5510?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfc6c595-dad2-4abc-8187-ed72355273b8": { "id": "cfc6c595-dad2-4abc-8187-ed72355273b8", "title": "Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import", "software": [ { "type": "plugin", "name": "Better Search \u2013 Relevant search results for WordPress", "slug": "better-search", "affected_versions": { "[*, 2.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfc6c595-dad2-4abc-8187-ed72355273b8?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfc78684-fdb7-4ce1-8464-0d057b48a7fa": { "id": "cfc78684-fdb7-4ce1-8464-0d057b48a7fa", "title": "Custom field finder <= 0.3 - Authenticated (Author+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Custom field finder", "slug": "custom-field-finder", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfc78684-fdb7-4ce1-8464-0d057b48a7fa?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfcc1a4d-c6c7-4ca8-afe5-79298e7ad3d7": { "id": "cfcc1a4d-c6c7-4ca8-afe5-79298e7ad3d7", "title": "Balkon <= 1.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Balkon", "slug": "balkon", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfcc1a4d-c6c7-4ca8-afe5-79298e7ad3d7?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfcd59ae-085f-47d2-a4d2-2d1239f035d2": { "id": "cfcd59ae-085f-47d2-a4d2-2d1239f035d2", "title": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfcd59ae-085f-47d2-a4d2-2d1239f035d2?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfd1e59a-a76d-4f6d-9d22-021afd45d9af": { "id": "cfd1e59a-a76d-4f6d-9d22-021afd45d9af", "title": "Better Click To Tweet <= 5.10.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Better Click To Tweet", "slug": "better-click-to-tweet", "affected_versions": { "* - 5.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfd1e59a-a76d-4f6d-9d22-021afd45d9af?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfd32e46-a4fc-4c10-b546-9f9da75db791": { "id": "cfd32e46-a4fc-4c10-b546-9f9da75db791", "title": "BookIt <= 2.3.7 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Booking Calendar | Appointment Booking | Bookit", "slug": "bookit", "affected_versions": { "* - 2.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfd32e46-a4fc-4c10-b546-9f9da75db791?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfd3f0e3-e73e-4ec2-ac67-da1cc15aa217": { "id": "cfd3f0e3-e73e-4ec2-ac67-da1cc15aa217", "title": "Simple Membership <= 3.5.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "[*, 3.5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfd3f0e3-e73e-4ec2-ac67-da1cc15aa217?source=api-scan" ], "published": "2017-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfd69b54-3056-4909-b3e8-ef2387ea9ea8": { "id": "cfd69b54-3056-4909-b3e8-ef2387ea9ea8", "title": "WOOCS \u2013 WooCommerce Currency Switcher <= 1.4.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfd69b54-3056-4909-b3e8-ef2387ea9ea8?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfd8a6a4-9159-480f-abe2-71972585217b": { "id": "cfd8a6a4-9159-480f-abe2-71972585217b", "title": "Quick Restaurant Menu <= 2.0.2 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Restaurant Menu", "slug": "quick-restaurant-menu", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfd8a6a4-9159-480f-abe2-71972585217b?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfe2cabd-98f6-4ebc-8a02-e6951202aa88": { "id": "cfe2cabd-98f6-4ebc-8a02-e6951202aa88", "title": "WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 9.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfe2cabd-98f6-4ebc-8a02-e6951202aa88?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfe4d99c-9cbd-4255-8f90-f904313d46b4": { "id": "cfe4d99c-9cbd-4255-8f90-f904313d46b4", "title": "Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dashboard Widgets Suite", "slug": "dashboard-widgets-suite", "affected_versions": { "* - 3.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfe4d99c-9cbd-4255-8f90-f904313d46b4?source=api-scan" ], "published": "2024-06-12 19:49:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfe5d24a-a2ed-46c1-8d9b-9bd2c63cb8b3": { "id": "cfe5d24a-a2ed-46c1-8d9b-9bd2c63cb8b3", "title": "MoveTo <= 6.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "moveto", "slug": "moveto", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfe5d24a-a2ed-46c1-8d9b-9bd2c63cb8b3?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfec4c31-ba09-4832-a095-4ca5f5192674": { "id": "cfec4c31-ba09-4832-a095-4ca5f5192674", "title": "ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ENL Newsletter", "slug": "enl-newsletter", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfec4c31-ba09-4832-a095-4ca5f5192674?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfec9303-bdc5-4ba7-90dd-0c7559459d23": { "id": "cfec9303-bdc5-4ba7-90dd-0c7559459d23", "title": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock <= 2.3.9.5 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "slug": "countdown-builder", "affected_versions": { "* - 2.3.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfec9303-bdc5-4ba7-90dd-0c7559459d23?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cff04656-5930-4324-9ddf-43a2166cdf04": { "id": "cff04656-5930-4324-9ddf-43a2166cdf04", "title": "Molongui <= 4.6.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui", "slug": "molongui-authorship", "affected_versions": { "* - 4.6.19": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cff04656-5930-4324-9ddf-43a2166cdf04?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cff2e5be-0de0-4e62-a881-6156760b7d99": { "id": "cff2e5be-0de0-4e62-a881-6156760b7d99", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.36": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cff2e5be-0de0-4e62-a881-6156760b7d99?source=api-scan" ], "published": "2024-05-10 13:33:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cff6b26e-bafa-4b85-b7f1-eea9bb4b6476": { "id": "cff6b26e-bafa-4b85-b7f1-eea9bb4b6476", "title": "Advanced Sermons <= 3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Sermons", "slug": "advanced-sermons", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cff6b26e-bafa-4b85-b7f1-eea9bb4b6476?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cff74b3d-f056-4e9f-a62d-a3d79b4f4d56": { "id": "cff74b3d-f056-4e9f-a62d-a3d79b4f4d56", "title": "Car Rental System < 3.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Car Rental System", "slug": "car-rental-system", "affected_versions": { "[*, 3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cff74b3d-f056-4e9f-a62d-a3d79b4f4d56?source=api-scan" ], "published": "2015-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cffaa829-3eee-4390-b3c0-5c0f04ff9e8f": { "id": "cffaa829-3eee-4390-b3c0-5c0f04ff9e8f", "title": "Asgaros Forum <= 1.15.14 - Admin+ SQL Injection via forum_id", "software": [ { "type": "plugin", "name": "Asgaros Forum", "slug": "asgaros-forum", "affected_versions": { "* - 1.15.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cffaa829-3eee-4390-b3c0-5c0f04ff9e8f?source=api-scan" ], "published": "2021-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cffb26bc-3d3f-4593-bb36-d2abcd67861e": { "id": "cffb26bc-3d3f-4593-bb36-d2abcd67861e", "title": "Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cffb26bc-3d3f-4593-bb36-d2abcd67861e?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cffb3b61-fefc-4bf8-9904-55a7143aeef1": { "id": "cffb3b61-fefc-4bf8-9904-55a7143aeef1", "title": "Uncanny Automator Pro < 5.3.0.1 - Cross-Site Request Forgery to License Setting Reset", "software": [ { "type": "plugin", "name": "Uncanny Automator Pro", "slug": "uncanny-automator-pro", "affected_versions": { "[*, 5.3.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cffb3b61-fefc-4bf8-9904-55a7143aeef1?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cffe745d-2fe2-4959-9641-9a0ae33bff4c": { "id": "cffe745d-2fe2-4959-9641-9a0ae33bff4c", "title": "Simple Payment Donations <= 4.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paymattic \u2013 Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management", "slug": "wp-payment-form", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cffe745d-2fe2-4959-9641-9a0ae33bff4c?source=api-scan" ], "published": "2022-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cffeac2c-8ca3-44f7-b54c-3c23b7a849a3": { "id": "cffeac2c-8ca3-44f7-b54c-3c23b7a849a3", "title": "ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal", "software": [ { "type": "plugin", "name": "ZoomSounds - WordPress Wave Audio Player with Playlist", "slug": "dzs-zoomsounds", "affected_versions": { "* - 6.45": { "from_version": "*", "from_inclusive": true, "to_version": "6.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cffeac2c-8ca3-44f7-b54c-3c23b7a849a3?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "cfffe880-e3f9-4163-a726-e248433e1034": { "id": "cfffe880-e3f9-4163-a726-e248433e1034", "title": "My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 2.3.29": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/cfffe880-e3f9-4163-a726-e248433e1034?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0029883-79e0-4dd3-85a3-6bbf30452267": { "id": "d0029883-79e0-4dd3-85a3-6bbf30452267", "title": "Page Builder: Live Composer <= 1.5.42 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Live Composer \u2013 Free WordPress Website Builder", "slug": "live-composer-page-builder", "affected_versions": { "* - 1.5.42": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0029883-79e0-4dd3-85a3-6bbf30452267?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0033a19-47ac-4ffc-93a4-2ea693e93397": { "id": "d0033a19-47ac-4ffc-93a4-2ea693e93397", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting <= 1.5.68 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.5.68": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0033a19-47ac-4ffc-93a4-2ea693e93397?source=api-scan" ], "published": "2021-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0059382-3e13-434a-a3d1-7892d14a371b": { "id": "d0059382-3e13-434a-a3d1-7892d14a371b", "title": "Html5 Audio Player <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "HTML5 Audio Player- Best WordPress Audio Player Plugin", "slug": "html5-audio-player", "affected_versions": { "* - 2.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0059382-3e13-434a-a3d1-7892d14a371b?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d00edaf1-2a97-4000-afd9-432ca8fa3df4": { "id": "d00edaf1-2a97-4000-afd9-432ca8fa3df4", "title": "HUSKY \u2013 Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Missing Authorization via woof_meta_get_keys()", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d00edaf1-2a97-4000-afd9-432ca8fa3df4?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0117436-7a2a-42f3-8c05-75dfddfb9d09": { "id": "d0117436-7a2a-42f3-8c05-75dfddfb9d09", "title": "The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0117436-7a2a-42f3-8c05-75dfddfb9d09?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d014f512-9030-49ce-945d-4900594fb373": { "id": "d014f512-9030-49ce-945d-4900594fb373", "title": "Namaste! LMS <= 2.6.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Namaste! LMS", "slug": "namaste-lms", "affected_versions": { "* - 2.6.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d014f512-9030-49ce-945d-4900594fb373?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0177510-cd7d-4cc5-96c3-78433aa0e3f6": { "id": "d0177510-cd7d-4cc5-96c3-78433aa0e3f6", "title": "BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0177510-cd7d-4cc5-96c3-78433aa0e3f6?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d01b6056-a38d-4a60-9cdc-68663aa2aed6": { "id": "d01b6056-a38d-4a60-9cdc-68663aa2aed6", "title": "Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode", "software": [ { "type": "plugin", "name": "Share This Image", "slug": "share-this-image", "affected_versions": { "* - 2.02": { "from_version": "*", "from_inclusive": true, "to_version": "2.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d01b6056-a38d-4a60-9cdc-68663aa2aed6?source=api-scan" ], "published": "2024-09-04 20:25:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0215e53-0394-4845-93e4-463cd5642fb3": { "id": "d0215e53-0394-4845-93e4-463cd5642fb3", "title": "Modal Survey < 2.0.1.8.2 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Modal Survey - WordPress Poll, Survey & Quiz Plugin", "slug": "modal_survey", "affected_versions": { "[*, 2.0.1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0215e53-0394-4845-93e4-463cd5642fb3?source=api-scan" ], "published": "2021-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d021636e-2d23-4fb3-baf7-0f40d4ade3db": { "id": "d021636e-2d23-4fb3-baf7-0f40d4ade3db", "title": "Elementor Website Builder <= 2.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d021636e-2d23-4fb3-baf7-0f40d4ade3db?source=api-scan" ], "published": "2020-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0237d64-40db-4e4e-be61-893217135ef7": { "id": "d0237d64-40db-4e4e-be61-893217135ef7", "title": "AM-HiLi <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AM-HiLi", "slug": "am-hili-affiliate-manager-for-publishers", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0237d64-40db-4e4e-be61-893217135ef7?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0240b35-72d0-4943-84cd-5d1574609b36": { "id": "d0240b35-72d0-4943-84cd-5d1574609b36", "title": "Popup Maker <= 1.17.1 - Sensitive Data Exposure via debug log file", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.17.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0240b35-72d0-4943-84cd-5d1574609b36?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d02fc744-35e5-44eb-8790-66997e95d017": { "id": "d02fc744-35e5-44eb-8790-66997e95d017", "title": "Option Tree <= 2.5.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OptionTree", "slug": "option-tree", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d02fc744-35e5-44eb-8790-66997e95d017?source=api-scan" ], "published": "2019-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d03008ae-ccb5-43b2-834a-71c71c43c678": { "id": "d03008ae-ccb5-43b2-834a-71c71c43c678", "title": "Fastly <= 1.2.25 - Missing Authorization", "software": [ { "type": "plugin", "name": "Fastly", "slug": "fastly", "affected_versions": { "* - 1.2.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d03008ae-ccb5-43b2-834a-71c71c43c678?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0301141-bbc6-4a9e-b816-888554600b57": { "id": "d0301141-bbc6-4a9e-b816-888554600b57", "title": "iubenda <= 3.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "iubenda | All-in-one Compliance for GDPR \/ CCPA Cookie Consent + more", "slug": "iubenda-cookie-law-solution", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0301141-bbc6-4a9e-b816-888554600b57?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0318ed9-a464-498b-a821-f7746740937c": { "id": "d0318ed9-a464-498b-a821-f7746740937c", "title": "WordPress Core <= 2.8.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0318ed9-a464-498b-a821-f7746740937c?source=api-scan" ], "published": "2009-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d03459d8-b1f2-4270-a294-403754db1f2f": { "id": "d03459d8-b1f2-4270-a294-403754db1f2f", "title": "User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile", "slug": "user-registration", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d03459d8-b1f2-4270-a294-403754db1f2f?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d034c3cb-8089-47d6-839b-659bedab5ca1": { "id": "d034c3cb-8089-47d6-839b-659bedab5ca1", "title": "Contact Form By Mega Forms <= 1.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form By Mega Forms \u2013 Drag and Drop Form Builder", "slug": "mega-forms", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d034c3cb-8089-47d6-839b-659bedab5ca1?source=api-scan" ], "published": "2022-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d038f1a2-4755-417f-965d-508b57c05738": { "id": "d038f1a2-4755-417f-965d-508b57c05738", "title": "WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "WP Easy Post Types", "slug": "easy-post-types", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d038f1a2-4755-417f-965d-508b57c05738?source=api-scan" ], "published": "2024-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d039ba8f-0452-4c14-a655-7f6880c1f1b4": { "id": "d039ba8f-0452-4c14-a655-7f6880c1f1b4", "title": "My Calendar <= 3.4.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "* - 3.4.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d039ba8f-0452-4c14-a655-7f6880c1f1b4?source=api-scan" ], "published": "2024-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d03b4dcd-297d-4361-9cc4-6ccf3d4f0e85": { "id": "d03b4dcd-297d-4361-9cc4-6ccf3d4f0e85", "title": "Pyrmont V2 <= 2.0.7 - SQL Injection", "software": [ { "type": "theme", "name": "Pyrmont V2", "slug": "pyrmont-v2", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d03b4dcd-297d-4361-9cc4-6ccf3d4f0e85?source=api-scan" ], "published": "2009-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0467548-f1eb-4ea2-9913-4b7ffeb6e91a": { "id": "d0467548-f1eb-4ea2-9913-4b7ffeb6e91a", "title": "Events Addon for Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets", "software": [ { "type": "plugin", "name": "Events Addon for Elementor", "slug": "events-addon-for-elementor", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0467548-f1eb-4ea2-9913-4b7ffeb6e91a?source=api-scan" ], "published": "2024-06-11 08:17:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d04f11b4-ee58-428b-aaa2-dc7d9f3e68e3": { "id": "d04f11b4-ee58-428b-aaa2-dc7d9f3e68e3", "title": "ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShopWP", "slug": "wpshopify", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d04f11b4-ee58-428b-aaa2-dc7d9f3e68e3?source=api-scan" ], "published": "2019-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0506137-82e3-4988-9b23-370465a866c0": { "id": "d0506137-82e3-4988-9b23-370465a866c0", "title": "Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover", "software": [ { "type": "plugin", "name": "Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors", "slug": "publishpress-authors", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0506137-82e3-4988-9b23-370465a866c0?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0567dc8-7a4c-42f4-bf45-f31a8efaa354": { "id": "d0567dc8-7a4c-42f4-bf45-f31a8efaa354", "title": "WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "WordPress Automatic Plugin", "slug": "wp-automatic", "affected_versions": { "[*, 3.53.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.53.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.53.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d056ad60-0102-490e-89a8-31fe6513645e": { "id": "d056ad60-0102-490e-89a8-31fe6513645e", "title": "WP phpMyAdmin <= 5.2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP phpMyAdmin", "slug": "wp-phpmyadmin-extension", "affected_versions": { "* - 5.2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d056ad60-0102-490e-89a8-31fe6513645e?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d056eeea-6ed2-4139-ba32-727a95f29aaf": { "id": "d056eeea-6ed2-4139-ba32-727a95f29aaf", "title": "Polylang <= 2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Polylang", "slug": "polylang", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d056eeea-6ed2-4139-ba32-727a95f29aaf?source=api-scan" ], "published": "2019-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0586453-76ec-4ec9-9965-780af7cb31ec": { "id": "d0586453-76ec-4ec9-9965-780af7cb31ec", "title": "Async Javascript <= 2.20.12.09 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Async JavaScript", "slug": "async-javascript", "affected_versions": { "* - 2.20.12.09": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.12.09", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.21.06.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0586453-76ec-4ec9-9965-780af7cb31ec?source=api-scan" ], "published": "2021-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0598341-0088-42bf-9a34-794c941a848d": { "id": "d0598341-0088-42bf-9a34-794c941a848d", "title": "Vikinghammer Tweet <= 0.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Vikinghammer Tweet", "slug": "vikinghammer-tweet", "affected_versions": { "* - 0.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0598341-0088-42bf-9a34-794c941a848d?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d05f7b77-382b-422a-8096-f47291f4dc45": { "id": "d05f7b77-382b-422a-8096-f47291f4dc45", "title": "Professional Social Sharing Buttons, Icons & Related Posts \u2013 Shareaholic <= 9.7.5 - Information Disclosure", "software": [ { "type": "plugin", "name": "Professional Social Sharing Buttons, Icons & Related Posts \u2013 Shareaholic", "slug": "shareaholic", "affected_versions": { "* - 9.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d05f7b77-382b-422a-8096-f47291f4dc45?source=api-scan" ], "published": "2022-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d062bc7b-0cb0-46bd-b203-90cc9a44a403": { "id": "d062bc7b-0cb0-46bd-b203-90cc9a44a403", "title": "Smart External Link Click Monitor [Link Log] <= 5.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart External Link Click Monitor [Link Log]", "slug": "link-log", "affected_versions": { "* - 5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d062bc7b-0cb0-46bd-b203-90cc9a44a403?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0631ac6-2d85-4073-be2c-05480deecf97": { "id": "d0631ac6-2d85-4073-be2c-05480deecf97", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslation function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0631ac6-2d85-4073-be2c-05480deecf97?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0631ec9-fb72-4573-a41b-9b6b01aeaae9": { "id": "d0631ec9-fb72-4573-a41b-9b6b01aeaae9", "title": "CartFlows Pro <= 1.11.12 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "cartflows-pro", "slug": "cartflows-pro", "affected_versions": { "* - 1.11.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0631ec9-fb72-4573-a41b-9b6b01aeaae9?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d06f265c-c1c1-4316-9526-3392f6ee31da": { "id": "d06f265c-c1c1-4316-9526-3392f6ee31da", "title": "Lock User Account <= 1.0.3 - Cross-Site Request Forgery to Account Lock\/Unlock", "software": [ { "type": "plugin", "name": "Lock User Account", "slug": "lock-user-account", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d06f265c-c1c1-4316-9526-3392f6ee31da?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d070e12e-ec53-4574-ac37-dc8805d9a553": { "id": "d070e12e-ec53-4574-ac37-dc8805d9a553", "title": "WPSchoolPress <= 2.2.4 - Authenticated(Teacher+) SQL Injection via ClassID", "software": [ { "type": "plugin", "name": "School Management System \u2013 WPSchoolPress", "slug": "wpschoolpress", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d070e12e-ec53-4574-ac37-dc8805d9a553?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d070f07a-c4e4-48ea-942d-7bb0bb834a52": { "id": "d070f07a-c4e4-48ea-942d-7bb0bb834a52", "title": "ComboBlocks <= 2.2.86 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.86": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.87" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d070f07a-c4e4-48ea-942d-7bb0bb834a52?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d07b5377-ce5f-4faa-ac72-78f5175913c3": { "id": "d07b5377-ce5f-4faa-ac72-78f5175913c3", "title": "Magazine Basic (Unknown Versions) - SQL Injection", "software": [ { "type": "theme", "name": "Magazine Basic", "slug": "magazine-basic", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d07b5377-ce5f-4faa-ac72-78f5175913c3?source=api-scan" ], "published": "2012-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d07d8c3a-5e97-422a-ba20-e0bc206dda59": { "id": "d07d8c3a-5e97-422a-ba20-e0bc206dda59", "title": "Rus-To-Lat <= 0.3 - Cross-Site Request Forgery to Plugins Options Changes", "software": [ { "type": "plugin", "name": "Rus-To-Lat", "slug": "rustolat", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d07d8c3a-5e97-422a-ba20-e0bc206dda59?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0864b6e-e193-4704-99ec-a5f2232c4816": { "id": "d0864b6e-e193-4704-99ec-a5f2232c4816", "title": "Common Tools for Site <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Common Tools for Site", "slug": "common-tools-for-site", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0864b6e-e193-4704-99ec-a5f2232c4816?source=api-scan" ], "published": "2024-09-25 21:23:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d087957c-0dd5-46a9-a6bc-85f2f79f43bd": { "id": "d087957c-0dd5-46a9-a6bc-85f2f79f43bd", "title": "Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Responsive Contact Form Builder & Lead Generation Plugin", "slug": "lead-form-builder", "affected_versions": { "* - 1.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d087957c-0dd5-46a9-a6bc-85f2f79f43bd?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0913632-85c5-4835-b606-4eca51df2496": { "id": "d0913632-85c5-4835-b606-4eca51df2496", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0913632-85c5-4835-b606-4eca51df2496?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d097d918-04dc-4291-bb82-3f5cc8eea158": { "id": "d097d918-04dc-4291-bb82-3f5cc8eea158", "title": "WP DS FAQ Plus < 1.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP DS FAQ Plus", "slug": "wp-ds-faq-plus", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d097d918-04dc-4291-bb82-3f5cc8eea158?source=api-scan" ], "published": "2020-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0999244-4097-4e8c-8f7e-4accd7727d69": { "id": "d0999244-4097-4e8c-8f7e-4accd7727d69", "title": "Dropshix < 4.0.14 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Dropshix", "slug": "dropshipping-xox", "affected_versions": { "[*, 4.0.14)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0999244-4097-4e8c-8f7e-4accd7727d69?source=api-scan" ], "published": "2019-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d09a0b62-6556-4be5-a6f2-0cb0edcced3b": { "id": "d09a0b62-6556-4be5-a6f2-0cb0edcced3b", "title": "GiveWP <= 2.25.2 - Cross-Site Request Forgery via give_ajax_store_payment_note", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.25.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d09a0b62-6556-4be5-a6f2-0cb0edcced3b?source=api-scan" ], "published": "2023-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d09d8ac7-67f4-490b-8d09-6811f132fede": { "id": "d09d8ac7-67f4-490b-8d09-6811f132fede", "title": "Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.13": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d09d8ac7-67f4-490b-8d09-6811f132fede?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0a311b7-5582-4581-bf4e-636d8a936ac6": { "id": "d0a311b7-5582-4581-bf4e-636d8a936ac6", "title": "WooCommerce Blocks <= 3.7.0 - Authorization Bypass", "software": [ { "type": "plugin", "name": "WooCommerce Blocks", "slug": "woo-gutenberg-products-block", "affected_versions": { "[*, 3.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0a311b7-5582-4581-bf4e-636d8a936ac6?source=api-scan" ], "published": "2020-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0a81d60-d489-4786-aa21-805a1e2aa198": { "id": "d0a81d60-d489-4786-aa21-805a1e2aa198", "title": "Ad Inserter Pro <= 2.7.15 - Arbitrary File Modification", "software": [ { "type": "plugin", "name": "Ad Inserter Pro", "slug": "ad-inserter-pro", "affected_versions": { "* - 2.7.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0a81d60-d489-4786-aa21-805a1e2aa198?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0aa1fad-1ff4-4bc5-a584-99b528470990": { "id": "d0aa1fad-1ff4-4bc5-a584-99b528470990", "title": "WP Job Portal <= 2.0.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0aa1fad-1ff4-4bc5-a584-99b528470990?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0ace3b6-7941-43c6-b636-8f7b9d51da3e": { "id": "d0ace3b6-7941-43c6-b636-8f7b9d51da3e", "title": "Level Four Store Front < 8.1.15 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Level Four Store Front", "slug": "levelfourstorefront", "affected_versions": { "[*, 8.1.15)": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0ace3b6-7941-43c6-b636-8f7b9d51da3e?source=api-scan" ], "published": "2013-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0b1fa88-2fc6-41af-bd39-12af92dc6533": { "id": "d0b1fa88-2fc6-41af-bd39-12af92dc6533", "title": "Message ticker <= 9.2 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "Message ticker", "slug": "message-ticker", "affected_versions": { "* - 9.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0b1fa88-2fc6-41af-bd39-12af92dc6533?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0b369b4-b107-4207-8d5a-4551a2adf437": { "id": "d0b369b4-b107-4207-8d5a-4551a2adf437", "title": "Access Category Password <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Access Category Password", "slug": "access-category-password", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0b369b4-b107-4207-8d5a-4551a2adf437?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0b3d83b-9695-40c5-b6ee-2a76c940de6e": { "id": "d0b3d83b-9695-40c5-b6ee-2a76c940de6e", "title": "The Plus Addons for Elementor <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0b3d83b-9695-40c5-b6ee-2a76c940de6e?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0b4a357-fddd-4b42-8834-3a294e0d150c": { "id": "d0b4a357-fddd-4b42-8834-3a294e0d150c", "title": "WordPress Landing Pages <= 1.8.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Landing Pages", "slug": "landing-pages", "affected_versions": { "[*, 1.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0b4a357-fddd-4b42-8834-3a294e0d150c?source=api-scan" ], "published": "2015-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0c0562f-1f3b-4630-bbc5-4ea2985d71d1": { "id": "d0c0562f-1f3b-4630-bbc5-4ea2985d71d1", "title": "Ultimate Member <= 2.0.45 - Low-Privileged Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.45": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0c0562f-1f3b-4630-bbc5-4ea2985d71d1?source=api-scan" ], "published": "2019-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0c4b963-047a-4d41-8dba-9eaa5e555235": { "id": "d0c4b963-047a-4d41-8dba-9eaa5e555235", "title": "Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure", "software": [ { "type": "plugin", "name": "Widget Options - Extended", "slug": "extended-widget-options", "affected_versions": { "[*, 5.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.3" ] }, { "type": "plugin", "name": "Widget Options \u2013 The #1 WordPress Widget & Block Control Plugin", "slug": "widget-options", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0c4b963-047a-4d41-8dba-9eaa5e555235?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0c72033-ab9b-49bb-be28-e09a810137fe": { "id": "d0c72033-ab9b-49bb-be28-e09a810137fe", "title": "FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "feedburner-feedsmith", "slug": "feedburner-feedsmith", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0c72033-ab9b-49bb-be28-e09a810137fe?source=api-scan" ], "published": "2007-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0c724a4-7783-4d2a-938e-800960c2be64": { "id": "d0c724a4-7783-4d2a-938e-800960c2be64", "title": "Pet Manager <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pet Manager", "slug": "pet-manager", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0c724a4-7783-4d2a-938e-800960c2be64?source=api-scan" ], "published": "2024-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0c91a58-31e9-4f6e-81fb-0681fb9ce4d6": { "id": "d0c91a58-31e9-4f6e-81fb-0681fb9ce4d6", "title": "WpStream \u2013 Live Streaming, Video on Demand, Pay Per View <= 4.5.4 - Cross-Site Request Forgery via wpstream_update_local_event_settings", "software": [ { "type": "plugin", "name": "WpStream \u2013 Live Streaming, Video on Demand, Pay Per View", "slug": "wpstream", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0c91a58-31e9-4f6e-81fb-0681fb9ce4d6?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0c9f4c5-a4f6-4cab-8531-5b88b3f347ea": { "id": "d0c9f4c5-a4f6-4cab-8531-5b88b3f347ea", "title": "PostX \u2013 Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX", "slug": "ultimate-post", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0c9f4c5-a4f6-4cab-8531-5b88b3f347ea?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0ca76a3-143c-4e86-a6d7-e1d3b3d7b378": { "id": "d0ca76a3-143c-4e86-a6d7-e1d3b3d7b378", "title": "Nice PayPal Button Lite <= 1.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Nice PayPal Button Lite", "slug": "nice-paypal-button-lite", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0ca76a3-143c-4e86-a6d7-e1d3b3d7b378?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0ca9780-8918-40ff-80c0-62ce483adbae": { "id": "d0ca9780-8918-40ff-80c0-62ce483adbae", "title": "BuddyPress <= 7.2.1 - Missing Authorization to Unauthorized Group Access", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0ca9780-8918-40ff-80c0-62ce483adbae?source=api-scan" ], "published": "2021-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0cae039-e112-48b4-8e8b-f617108601df": { "id": "d0cae039-e112-48b4-8e8b-f617108601df", "title": "Database Backups <= 1.2.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Database Backups", "slug": "database-backups", "affected_versions": { "* - 1.2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0cae039-e112-48b4-8e8b-f617108601df?source=api-scan" ], "published": "2021-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0cb4434-94c5-42a9-bd86-869058dcbf67": { "id": "d0cb4434-94c5-42a9-bd86-869058dcbf67", "title": "Forminator <= 1.22.1 - Missing Authorization on 'hubspot_support_request' AJAX function", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.22.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0cb4434-94c5-42a9-bd86-869058dcbf67?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0d61395-3434-460f-8821-79e7676eff17": { "id": "d0d61395-3434-460f-8821-79e7676eff17", "title": "Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0d61395-3434-460f-8821-79e7676eff17?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0d6f467-6e62-45ff-bf9d-4db5b1ed1dd2": { "id": "d0d6f467-6e62-45ff-bf9d-4db5b1ed1dd2", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'logFilter' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0d6f467-6e62-45ff-bf9d-4db5b1ed1dd2?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0d8d660-4f8f-4fd5-b001-b182219cf327": { "id": "d0d8d660-4f8f-4fd5-b001-b182219cf327", "title": "Post to Twitter <= 0.7 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post to Twitter", "slug": "post-to-twitter", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0d8d660-4f8f-4fd5-b001-b182219cf327?source=api-scan" ], "published": "2014-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0dcf95e-1540-48ed-a4a2-f803d67ea141": { "id": "d0dcf95e-1540-48ed-a4a2-f803d67ea141", "title": "Multi Rating <= 5.0.5 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Multi Rating", "slug": "multi-rating", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0dcf95e-1540-48ed-a4a2-f803d67ea141?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0e02954-a2e7-417b-a467-fee0076d9b2a": { "id": "d0e02954-a2e7-417b-a467-fee0076d9b2a", "title": "User Meta Manager <= 3.4.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Meta Manager", "slug": "user-meta-manager", "affected_versions": { "* - 3.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0e02954-a2e7-417b-a467-fee0076d9b2a?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0e10c09-03b2-4286-95ef-e819fc2b900f": { "id": "d0e10c09-03b2-4286-95ef-e819fc2b900f", "title": "Parabola <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Parabola", "slug": "parabola", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0e10c09-03b2-4286-95ef-e819fc2b900f?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0e2ae5c-685d-4cf0-91e2-2f8620b2eb6b": { "id": "d0e2ae5c-685d-4cf0-91e2-2f8620b2eb6b", "title": "Better Tag Cloud <= 0.99.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Tag Cloud", "slug": "nktagcloud", "affected_versions": { "* - 0.99.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.99.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0e2ae5c-685d-4cf0-91e2-2f8620b2eb6b?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0ec4f27-2057-468e-bfcd-818c50952cac": { "id": "d0ec4f27-2057-468e-bfcd-818c50952cac", "title": "Paypal Donation <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accept Donations with PayPal & Stripe", "slug": "easy-paypal-donation", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0ec4f27-2057-468e-bfcd-818c50952cac?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0f216fc-7073-42da-a3cc-7452fa9775bd": { "id": "d0f216fc-7073-42da-a3cc-7452fa9775bd", "title": "ShopBuilder \u2013 Elementor WooCommerce Builder Addons <= 2.1.8 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "ShopBuilder \u2013 Elementor WooCommerce Builder Addons", "slug": "shopbuilder", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0f216fc-7073-42da-a3cc-7452fa9775bd?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0f35a20-ffcf-4413-b1ea-748cd6aa6f20": { "id": "d0f35a20-ffcf-4413-b1ea-748cd6aa6f20", "title": "Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clockwork SMS Notfications", "slug": "mediaburst-email-to-sms", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Two-Factor Authentication \u2013 Clockwork SMS", "slug": "clockwork-two-factor-authentication", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Booking Calendar \u2013 Clockwork SMS", "slug": "booking-sms", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Formidable \u2013 Clockwork SMS", "slug": "formidable-sms", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "Gravity Forms \u2013 Clockwork SMS", "slug": "gravity-forms-sms-notifications", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "plugin", "name": "Contact Form 7 \u2013 Clockwork SMS", "slug": "contact-form-7-sms-addon", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "plugin", "name": "WP e-Commerce \u2013 Clockwork SMS", "slug": "mediaburst-ecommerce-sms-notifications", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "plugin", "name": "Fast Secure Contact Form \u2013 Clockwork SMS", "slug": "fscf-sms", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan" ], "published": "2017-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0f5b9b7-2482-4f25-b50e-e2d9b3ef4902": { "id": "d0f5b9b7-2482-4f25-b50e-e2d9b3ef4902", "title": "SL User Create < 0.2.5 - Information Disclosure", "software": [ { "type": "plugin", "name": "SL User Create", "slug": "sl-user-create", "affected_versions": { "[*, 0.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0f5b9b7-2482-4f25-b50e-e2d9b3ef4902?source=api-scan" ], "published": "2013-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0fa6998-b85a-413e-be00-81926b4ea6ab": { "id": "d0fa6998-b85a-413e-be00-81926b4ea6ab", "title": "Telecash Ricaricaweb <= 2.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Telecash Ricaricaweb", "slug": "telecash-ricaricaweb", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0fa6998-b85a-413e-be00-81926b4ea6ab?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d0fb6bf0-48b8-48cc-8080-8fe19c36ce7c": { "id": "d0fb6bf0-48b8-48cc-8080-8fe19c36ce7c", "title": "Dendelion < 2.6.6 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Dendelion", "slug": "dandelion", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d0fb6bf0-48b8-48cc-8080-8fe19c36ce7c?source=api-scan" ], "published": "2014-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d10336c2-656f-40f7-a95a-dbf829c2ce38": { "id": "d10336c2-656f-40f7-a95a-dbf829c2ce38", "title": "Browser and Operating System Finder <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Browser and Operating System Finder", "slug": "browser-and-operating-system-finder", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d10336c2-656f-40f7-a95a-dbf829c2ce38?source=api-scan" ], "published": "2021-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d10364ed-179d-4506-a6f0-42b03c005242": { "id": "d10364ed-179d-4506-a6f0-42b03c005242", "title": "Page Builder by SiteOrigin < 2.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder by SiteOrigin", "slug": "siteorigin-panels", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d10364ed-179d-4506-a6f0-42b03c005242?source=api-scan" ], "published": "2015-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1040d5b-e02d-4762-825f-409c8770c66f": { "id": "d1040d5b-e02d-4762-825f-409c8770c66f", "title": "Zoner - Real Estate <= 4.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Zoner - Real Estate WordPress Theme", "slug": "zoner", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1040d5b-e02d-4762-825f-409c8770c66f?source=api-scan" ], "published": "2019-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d108cb36-c072-483e-9746-15b8e7a880c3": { "id": "d108cb36-c072-483e-9746-15b8e7a880c3", "title": "Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d108cb36-c072-483e-9746-15b8e7a880c3?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d10a0372-1ab3-474e-8d5c-33f71fddfe06": { "id": "d10a0372-1ab3-474e-8d5c-33f71fddfe06", "title": "Mail Subscribe List <= 2.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mail Subscribe List", "slug": "mail-subscribe-list", "affected_versions": { "[*, 2.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d10a0372-1ab3-474e-8d5c-33f71fddfe06?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d116e432-ded9-4fc1-9509-710269dba5e0": { "id": "d116e432-ded9-4fc1-9509-710269dba5e0", "title": "WordPress Core < 3.5.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d116e432-ded9-4fc1-9509-710269dba5e0?source=api-scan" ], "published": "2013-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d118beb2-bcb1-4d35-b25e-172fa4b6d916": { "id": "d118beb2-bcb1-4d35-b25e-172fa4b6d916", "title": "WP-FB-AutoConnect <= 4.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Social AutoConnect", "slug": "wp-fb-autoconnect", "affected_versions": { "* - 4.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d118beb2-bcb1-4d35-b25e-172fa4b6d916?source=api-scan" ], "published": "2014-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d11c84ea-e52b-4396-a508-9d415040b76e": { "id": "d11c84ea-e52b-4396-a508-9d415040b76e", "title": "Leyka <= 3.30.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "* - 3.30.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.30.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.30.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d11c84ea-e52b-4396-a508-9d415040b76e?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d11d5dbc-7329-40ed-8e84-d57fa59460a4": { "id": "d11d5dbc-7329-40ed-8e84-d57fa59460a4", "title": "SKT Templates \u2013 Elementor & Gutenberg templates <= 6.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SKT Templates \u2013 100% free Elementor & Gutenberg templates", "slug": "skt-templates", "affected_versions": { "* - 6.14": { "from_version": "*", "from_inclusive": true, "to_version": "6.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d11d5dbc-7329-40ed-8e84-d57fa59460a4?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d11e8124-1028-4dba-bbd9-c45699d78909": { "id": "d11e8124-1028-4dba-bbd9-c45699d78909", "title": "Product Slider for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Product Carousel, Product Slider, Product Grid Gallery, and Product Table for WooCommerce \u2013 WooProduct Slider", "slug": "woo-product-slider", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d11e8124-1028-4dba-bbd9-c45699d78909?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d12c4b1c-23d0-430f-a6ea-0a3ab487ed10": { "id": "d12c4b1c-23d0-430f-a6ea-0a3ab487ed10", "title": "WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions", "software": [ { "type": "plugin", "name": "WP Easy Post Types", "slug": "easy-post-types", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=api-scan" ], "published": "2024-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d131115b-e2c9-42c6-9262-a19272944652": { "id": "d131115b-e2c9-42c6-9262-a19272944652", "title": "Panorama \u2013 WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Panorama \u2013 WordPress Project Management Plugin", "slug": "project-panorama-lite", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d131115b-e2c9-42c6-9262-a19272944652?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1354ba0-bc2b-40ff-bcfa-61987afba87b": { "id": "d1354ba0-bc2b-40ff-bcfa-61987afba87b", "title": "WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "[*, 6.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1354ba0-bc2b-40ff-bcfa-61987afba87b?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1390c22-3c8d-47f1-b225-1bcbc215832a": { "id": "d1390c22-3c8d-47f1-b225-1bcbc215832a", "title": "Don't Muck My Markup <= 1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Don't Muck My Markup", "slug": "dont-muck-my-markup", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1390c22-3c8d-47f1-b225-1bcbc215832a?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d13d072e-9c9c-4a32-b9f4-7d15dc704b50": { "id": "d13d072e-9c9c-4a32-b9f4-7d15dc704b50", "title": "Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce <= 3.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce", "slug": "cost-of-goods-for-woocommerce", "affected_versions": { "* - 3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1429549-2e73-4db3-bc83-98c722a80903": { "id": "d1429549-2e73-4db3-bc83-98c722a80903", "title": "FormLift for Infusionsoft Web Forms <= 7.5.17 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "FormLift for Infusionsoft Web Forms", "slug": "formlift", "affected_versions": { "* - 7.5.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1429549-2e73-4db3-bc83-98c722a80903?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1436ca4-933b-426a-987d-c5cbbc29353b": { "id": "d1436ca4-933b-426a-987d-c5cbbc29353b", "title": "WooCommerce Pre-Orders <= 2.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Pre-Orders", "slug": "woocommerce-pre-orders", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1436ca4-933b-426a-987d-c5cbbc29353b?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d143cefc-e387-47bd-aff6-a2099f704d20": { "id": "d143cefc-e387-47bd-aff6-a2099f704d20", "title": "Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Settings Disconnect", "software": [ { "type": "plugin", "name": "Creative Mail \u2013 Easier WordPress & WooCommerce Email Marketing", "slug": "creative-mail-by-constant-contact", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d143cefc-e387-47bd-aff6-a2099f704d20?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d145d0af-e364-4cc3-af4f-03117eb34637": { "id": "d145d0af-e364-4cc3-af4f-03117eb34637", "title": "My Custom CSS PHP & ADS <= 3.3 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "My Custom CSS PHP & ADS", "slug": "my-custom-css", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d145d0af-e364-4cc3-af4f-03117eb34637?source=api-scan" ], "published": "2024-08-08 20:34:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1498fdf-9d5e-4277-92be-469d6646864b": { "id": "d1498fdf-9d5e-4277-92be-469d6646864b", "title": "AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass", "software": [ { "type": "plugin", "name": "AppPresser \u2013 Mobile App Framework", "slug": "apppresser", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1498fdf-9d5e-4277-92be-469d6646864b?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d14c8890-482c-4d43-a68f-0d04c4feca8f": { "id": "d14c8890-482c-4d43-a68f-0d04c4feca8f", "title": "PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d14c8890-482c-4d43-a68f-0d04c4feca8f?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d151c9a1-d47e-4155-8539-133f6abd57a5": { "id": "d151c9a1-d47e-4155-8539-133f6abd57a5", "title": "Handsome Testimonials & Reviews < 2.1.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Handsome Testimonials & Reviews", "slug": "handsome-testimonials", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d151c9a1-d47e-4155-8539-133f6abd57a5?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1568e8d-9ea5-4673-a657-03e89cfb6000": { "id": "d1568e8d-9ea5-4673-a657-03e89cfb6000", "title": "Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode", "software": [ { "type": "plugin", "name": "Remote Content Shortcode", "slug": "remote-content-shortcode", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1568e8d-9ea5-4673-a657-03e89cfb6000?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d159130a-c99d-44d3-a130-aa0146f17157": { "id": "d159130a-c99d-44d3-a130-aa0146f17157", "title": "Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seamless Donations is Sunset", "slug": "seamless-donations", "affected_versions": { "* - 5.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d159130a-c99d-44d3-a130-aa0146f17157?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d16363d6-ca4b-4de0-abae-a7b07803e2e3": { "id": "d16363d6-ca4b-4de0-abae-a7b07803e2e3", "title": "TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll <= 2.4.0 - Authenticated (Administrator+) SQL Injection via orderby Parameter", "software": [ { "type": "plugin", "name": "TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll", "slug": "poll-wp", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d16363d6-ca4b-4de0-abae-a7b07803e2e3?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1647a2c-d21d-4b4b-a22e-32351022404e": { "id": "d1647a2c-d21d-4b4b-a22e-32351022404e", "title": "Logo Scheduler <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Scheduler \u2013 Great for holidays, events, and more", "slug": "logo-scheduler-great-for-holidays-events-and-more", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1647a2c-d21d-4b4b-a22e-32351022404e?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d16a3da0-9539-4555-8dfc-65cb4f4d7b4d": { "id": "d16a3da0-9539-4555-8dfc-65cb4f4d7b4d", "title": "Autoptimize <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Rules", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d16a3da0-9539-4555-8dfc-65cb4f4d7b4d?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d16f7c33-0e60-43bb-b200-883cced640f3": { "id": "d16f7c33-0e60-43bb-b200-883cced640f3", "title": "YITH WooCommerce Ajax Product Filter <= 3.11.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Ajax Product Filter", "slug": "yith-woocommerce-ajax-navigation", "affected_versions": { "[*, 3.11.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d16f7c33-0e60-43bb-b200-883cced640f3?source=api-scan" ], "published": "2020-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d16fa590-1409-4f04-b8b7-0cce17412a5f": { "id": "d16fa590-1409-4f04-b8b7-0cce17412a5f", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'queue_posts'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d16fa590-1409-4f04-b8b7-0cce17412a5f?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d170af2a-9b8c-43ad-b712-b89bcfadd5b7": { "id": "d170af2a-9b8c-43ad-b712-b89bcfadd5b7", "title": "Ultimate Maps by Supsystic <= 1.2.15 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Maps by Supsystic", "slug": "ultimate-maps-by-supsystic", "affected_versions": { "* - 1.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d170af2a-9b8c-43ad-b712-b89bcfadd5b7?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d174f856-d94a-42ed-b547-67699e175cd8": { "id": "d174f856-d94a-42ed-b547-67699e175cd8", "title": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 4.15.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d174f856-d94a-42ed-b547-67699e175cd8?source=api-scan" ], "published": "2024-08-14 14:08:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d175e862-64ea-4b7e-bf66-e1222efee6b6": { "id": "d175e862-64ea-4b7e-bf66-e1222efee6b6", "title": "Idyllic <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Idyllic", "slug": "idyllic", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d175e862-64ea-4b7e-bf66-e1222efee6b6?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1769ed5-5f56-4b70-af36-c60119f0a356": { "id": "d1769ed5-5f56-4b70-af36-c60119f0a356", "title": "Five Star Restaurant Menu <= 2.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Five Star Restaurant Menu and Food Ordering", "slug": "food-and-drink-menu", "affected_versions": { "* - 2.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1769ed5-5f56-4b70-af36-c60119f0a356?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1772e79-85c7-4a8e-a5d8-8d73013e6de3": { "id": "d1772e79-85c7-4a8e-a5d8-8d73013e6de3", "title": "Candidate Application Form <= 1.3 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "candidate-application-form", "slug": "candidate-application-form", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1772e79-85c7-4a8e-a5d8-8d73013e6de3?source=api-scan" ], "published": "2015-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d178b2c9-a157-4e53-a7d7-940370cb3b57": { "id": "d178b2c9-a157-4e53-a7d7-940370cb3b57", "title": "Header Image Slider <= 0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Header Image Slider", "slug": "header-image-slider", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d178b2c9-a157-4e53-a7d7-940370cb3b57?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d17d9610-d0fd-419d-a7ea-e9c313f1c542": { "id": "d17d9610-d0fd-419d-a7ea-e9c313f1c542", "title": "Best WordPress Gallery Plugin \u2013 FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d187a8d6-fa81-45c6-a107-f8b96b130e6c": { "id": "d187a8d6-fa81-45c6-a107-f8b96b130e6c", "title": "WooCommerce AWeber Newsletter Subscription <= 4.0.2 - Missing Authorization to Access Token Modification", "software": [ { "type": "plugin", "name": "AWeber for WooCommerce", "slug": "woocommerce-aweber-newsletter-subscription", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d187a8d6-fa81-45c6-a107-f8b96b130e6c?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d18c17f1-7b85-46d6-a92e-948be98adf87": { "id": "d18c17f1-7b85-46d6-a92e-948be98adf87", "title": "MZ MBO Access <= 2.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MZ MBO Access", "slug": "mindbody-access-management", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d18c17f1-7b85-46d6-a92e-948be98adf87?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d18d800b-647f-4706-9ec1-a8ea4e643965": { "id": "d18d800b-647f-4706-9ec1-a8ea4e643965", "title": "Multiple Page Generator Plugin \u2013 MPG <= 3.3.19 - Authenticated (Administrator+) SQL Injection in projects_list and total_projects", "software": [ { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d18d800b-647f-4706-9ec1-a8ea4e643965?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1925082-eeee-4472-9721-c6205782d567": { "id": "d1925082-eeee-4472-9721-c6205782d567", "title": "Migrate Users <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Migrate Users", "slug": "migrate-users", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1925082-eeee-4472-9721-c6205782d567?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d199e597-64ed-4dcc-a153-b5c8e4e9e93d": { "id": "d199e597-64ed-4dcc-a153-b5c8e4e9e93d", "title": "JetElements For Elementor <= 2.6.13 - Missing Authorization to Unauthenticated Arbitrary Attachment Download", "software": [ { "type": "plugin", "name": "JetElements", "slug": "jet-elements", "affected_versions": { "* - 2.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d199e597-64ed-4dcc-a153-b5c8e4e9e93d?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d19a9c96-918f-4f19-82a9-badd5765cea3": { "id": "d19a9c96-918f-4f19-82a9-badd5765cea3", "title": "Easy Digital Downloads <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d19a9c96-918f-4f19-82a9-badd5765cea3?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d19b433f-2245-4ba3-8f46-36a184c2454d": { "id": "d19b433f-2245-4ba3-8f46-36a184c2454d", "title": "WP-Polls <= 2.76.0 - Race Condition", "software": [ { "type": "plugin", "name": "WP-Polls", "slug": "wp-polls", "affected_versions": { "* - 2.76.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.76.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.77.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d19b433f-2245-4ba3-8f46-36a184c2454d?source=api-scan" ], "published": "2022-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d19df1f1-df64-4b4a-8dcb-8c76566fc2ec": { "id": "d19df1f1-df64-4b4a-8dcb-8c76566fc2ec", "title": "Organization chart <= 1.4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Organization chart", "slug": "organization-chart", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d19df1f1-df64-4b4a-8dcb-8c76566fc2ec?source=api-scan" ], "published": "2022-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d19e6433-c248-44ff-97a9-0f351eb77763": { "id": "d19e6433-c248-44ff-97a9-0f351eb77763", "title": "Product Enquiry for WooCommerce <= 3.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Enquiry for WooCommerce", "slug": "gm-woocommerce-quote-popup", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d19e6433-c248-44ff-97a9-0f351eb77763?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d19eeb42-2438-4126-8c60-14839baceff0": { "id": "d19eeb42-2438-4126-8c60-14839baceff0", "title": "WPaudio MP3 Player <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WPaudio MP3 Player", "slug": "wpaudio-mp3-player", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d19eeb42-2438-4126-8c60-14839baceff0?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1a14fc2-cebe-4a0e-92b0-af2a9c805401": { "id": "d1a14fc2-cebe-4a0e-92b0-af2a9c805401", "title": "WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Amazon Affiliates - Wordpress Plugin", "slug": "woozone", "affected_versions": { "* - 14.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "14.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1a14fc2-cebe-4a0e-92b0-af2a9c805401?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44": { "id": "d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44", "title": "Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action()", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.9.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1a7e39a-5fd1-4bb3-9cd9-4bded794f8f0": { "id": "d1a7e39a-5fd1-4bb3-9cd9-4bded794f8f0", "title": "GD Rating System <= 2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1a7e39a-5fd1-4bb3-9cd9-4bded794f8f0?source=api-scan" ], "published": "2018-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1b3d4d5-9d2b-4924-a830-27c07fa1ba98": { "id": "d1b3d4d5-9d2b-4924-a830-27c07fa1ba98", "title": "Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Salient Shortcodes", "slug": "salient-shortcodes", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1b3d4d5-9d2b-4924-a830-27c07fa1ba98?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1b4841b-c701-4915-9592-518e68179d20": { "id": "d1b4841b-c701-4915-9592-518e68179d20", "title": "Highlight Focus <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Highlight Focus", "slug": "highlight-focus", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1b4841b-c701-4915-9592-518e68179d20?source=api-scan" ], "published": "2022-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1b92249-bc18-4939-aefa-286667f6c003": { "id": "d1b92249-bc18-4939-aefa-286667f6c003", "title": "ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Title Exposure", "software": [ { "type": "plugin", "name": "ActivityPub", "slug": "activitypub", "affected_versions": { "* - 0.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1b92249-bc18-4939-aefa-286667f6c003?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1ba4b18-ff46-45ef-b7d4-0a314cf2d74c": { "id": "d1ba4b18-ff46-45ef-b7d4-0a314cf2d74c", "title": "Laposta Signup Basic <= 1.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Laposta Signup Basic", "slug": "laposta-signup-basic", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1ba4b18-ff46-45ef-b7d4-0a314cf2d74c?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1bf83df-7a1f-4572-9c8d-1013750d51d7": { "id": "d1bf83df-7a1f-4572-9c8d-1013750d51d7", "title": "Embed Calendly <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Embed Calendly", "slug": "embed-calendly-scheduling", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1bf83df-7a1f-4572-9c8d-1013750d51d7?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1c3ddae-046a-4080-ac2b-90fb89fbff7b": { "id": "d1c3ddae-046a-4080-ac2b-90fb89fbff7b", "title": "Responsive Tabs For WPBakery Page Builder <= 1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Responsive Tabs For WPBakery Page Builder (formerly Visual Composer)", "slug": "responsive-tabs-for-wpbakery", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1c3ddae-046a-4080-ac2b-90fb89fbff7b?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1c43e93-69a3-407e-860e-ab25af5d7177": { "id": "d1c43e93-69a3-407e-860e-ab25af5d7177", "title": "Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1c43e93-69a3-407e-860e-ab25af5d7177?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1c514dd-132f-4e42-a512-bb0cf24da937": { "id": "d1c514dd-132f-4e42-a512-bb0cf24da937", "title": "Custom Field Template <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1c514dd-132f-4e42-a512-bb0cf24da937?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1c80d7c-0eab-4437-ad03-9789d34638a1": { "id": "d1c80d7c-0eab-4437-ad03-9789d34638a1", "title": "WordPress MU <= 1.0 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress MU", "slug": "wpmu", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1c80d7c-0eab-4437-ad03-9789d34638a1?source=api-scan" ], "published": "2007-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1c9da9c-8a92-44fd-a35a-4c6d3777901f": { "id": "d1c9da9c-8a92-44fd-a35a-4c6d3777901f", "title": "Advanced Access Manager <= 6.6.1 - Authenticated Information Disclosure", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "* - 6.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1c9da9c-8a92-44fd-a35a-4c6d3777901f?source=api-scan" ], "published": "2020-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1cc604a-b3dc-4dc1-b20b-4021b5b7d426": { "id": "d1cc604a-b3dc-4dc1-b20b-4021b5b7d426", "title": "WP-Polls <= 2.71 - SQL Injection", "software": [ { "type": "plugin", "name": "WP-Polls", "slug": "wp-polls", "affected_versions": { "* - 2.71": { "from_version": "*", "from_inclusive": true, "to_version": "2.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1cc604a-b3dc-4dc1-b20b-4021b5b7d426?source=api-scan" ], "published": "2019-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1cd5209-7959-49ae-a363-5fb4f06e2aec": { "id": "d1cd5209-7959-49ae-a363-5fb4f06e2aec", "title": "Five Star Restaurant Menu and Food Ordering <= 2.4.10 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Five Star Restaurant Menu and Food Ordering", "slug": "food-and-drink-menu", "affected_versions": { "* - 2.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1cd5209-7959-49ae-a363-5fb4f06e2aec?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1d32a1d-076e-4a93-a678-145d154edb3a": { "id": "d1d32a1d-076e-4a93-a678-145d154edb3a", "title": "Order Limit for WooCommerce <= 2.0.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Order Limit for WooCommerce", "slug": "wc-order-limit-lite", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1d32a1d-076e-4a93-a678-145d154edb3a?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1e30342-143d-4ea3-9947-b5e5c55725a7": { "id": "d1e30342-143d-4ea3-9947-b5e5c55725a7", "title": "Slimstat Analytics <= 3.9.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "[*, 3.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1e30342-143d-4ea3-9947-b5e5c55725a7?source=api-scan" ], "published": "2015-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1e38cdc-7bc5-4963-9ebe-efd6c6ea228d": { "id": "d1e38cdc-7bc5-4963-9ebe-efd6c6ea228d", "title": "Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Media Download", "slug": "easy-media-download", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1e38cdc-7bc5-4963-9ebe-efd6c6ea228d?source=api-scan" ], "published": "2021-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1e5131a-9e72-441d-971c-8b9af35cf3f7": { "id": "d1e5131a-9e72-441d-971c-8b9af35cf3f7", "title": "CoDesigner WooCommerce Builder for Elementor \u2013 Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "CoDesigner \u2013 All in One Elementor WooCommerce Builder", "slug": "woolementor", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1e5131a-9e72-441d-971c-8b9af35cf3f7?source=api-scan" ], "published": "2024-06-12 19:54:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1ed7ed0-5bcd-42ca-ab56-70ebd3d3c63a": { "id": "d1ed7ed0-5bcd-42ca-ab56-70ebd3d3c63a", "title": "GarageSale < 1.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GarageSale", "slug": "garagesale", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1ed7ed0-5bcd-42ca-ab56-70ebd3d3c63a?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1efe450-d081-421e-95c3-f2d79c328a33": { "id": "d1efe450-d081-421e-95c3-f2d79c328a33", "title": "Easy Student Results <= 2.2.8 - Missing Authorization to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Easy Student Results", "slug": "easy-student-results", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1efe450-d081-421e-95c3-f2d79c328a33?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1f41400-5c59-444d-9c1e-121e83449521": { "id": "d1f41400-5c59-444d-9c1e-121e83449521", "title": "LifterLMS \u2013 WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "* - 7.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1f41400-5c59-444d-9c1e-121e83449521?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1f86c9d-38dc-4d5d-af37-9443348fe1e8": { "id": "d1f86c9d-38dc-4d5d-af37-9443348fe1e8", "title": "Redirect By Cookie <= 1.06 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Redirect By Cookie", "slug": "redirect-by-cookie", "affected_versions": { "* - 1.06": { "from_version": "*", "from_inclusive": true, "to_version": "1.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1f86c9d-38dc-4d5d-af37-9443348fe1e8?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1f957ce-7bb0-4701-8b2a-522211c408d8": { "id": "d1f957ce-7bb0-4701-8b2a-522211c408d8", "title": "iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iFolders \u2013 Ultimate Folder Organizer for Media Library, Pages, Posts and Users", "slug": "ifolders", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1f957ce-7bb0-4701-8b2a-522211c408d8?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d1f9a46c-5702-448a-b97b-3e2ba107737a": { "id": "d1f9a46c-5702-448a-b97b-3e2ba107737a", "title": "HTML Forms \u2013 Simple WordPress Forms Plugin <= 1.3.33 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HTML Forms \u2013 Simple WordPress Forms Plugin", "slug": "html-forms", "affected_versions": { "* - 1.3.33": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d1f9a46c-5702-448a-b97b-3e2ba107737a?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2031289-eaf3-4a1b-8771-769c08d99ca3": { "id": "d2031289-eaf3-4a1b-8771-769c08d99ca3", "title": "Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.55": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.55", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2031289-eaf3-4a1b-8771-769c08d99ca3?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d20eb274-e578-445f-95f4-5e677d9ad7f3": { "id": "d20eb274-e578-445f-95f4-5e677d9ad7f3", "title": "W3 Total Cache plugin <= 0.9.7.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d20eb274-e578-445f-95f4-5e677d9ad7f3?source=api-scan" ], "published": "2019-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d20ff1a8-8794-41e1-9e66-1cda90f9ff77": { "id": "d20ff1a8-8794-41e1-9e66-1cda90f9ff77", "title": "EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log", "software": [ { "type": "plugin", "name": "EWWW Image Optimizer", "slug": "ewww-image-optimizer", "affected_versions": { "* - 7.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d20ff1a8-8794-41e1-9e66-1cda90f9ff77?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d20ffc7c-0e12-45ec-940f-a42655093021": { "id": "d20ffc7c-0e12-45ec-940f-a42655093021", "title": "Shopping Cart & eCommerce Store <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d20ffc7c-0e12-45ec-940f-a42655093021?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d21209a7-efed-4526-8dd6-199e0fdf8657": { "id": "d21209a7-efed-4526-8dd6-199e0fdf8657", "title": "Ultimate Posts Widget <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Posts Widget", "slug": "ultimate-posts-widget", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d21209a7-efed-4526-8dd6-199e0fdf8657?source=api-scan" ], "published": "2024-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d212c19d-fca9-4daf-95f4-5b3ac302e817": { "id": "d212c19d-fca9-4daf-95f4-5b3ac302e817", "title": "LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes", "software": [ { "type": "plugin", "name": "LoginPress | wp-login Custom Login Page Customizer", "slug": "loginpress", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d212c19d-fca9-4daf-95f4-5b3ac302e817?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2137662-d328-4da7-986a-341ff1bdca63": { "id": "d2137662-d328-4da7-986a-341ff1bdca63", "title": "iThemes Security < 3.4.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 3.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2137662-d328-4da7-986a-341ff1bdca63?source=api-scan" ], "published": "2012-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2165d61-dc86-4893-91c4-85f0a577fc1c": { "id": "d2165d61-dc86-4893-91c4-85f0a577fc1c", "title": "WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via platform", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 13.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2165d61-dc86-4893-91c4-85f0a577fc1c?source=api-scan" ], "published": "2022-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d216f8ea-2253-475d-9d23-9a83bfa2c21f": { "id": "d216f8ea-2253-475d-9d23-9a83bfa2c21f", "title": "Ultimate Product Catalog <= 4.2.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "* - 4.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d216f8ea-2253-475d-9d23-9a83bfa2c21f?source=api-scan" ], "published": "2017-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2183a22-fba5-48d2-a68a-6914f04fb902": { "id": "d2183a22-fba5-48d2-a68a-6914f04fb902", "title": "WooCommerce UPS Shipping \u2013 Live Rates and Access Points <= 2.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce UPS Shipping \u2013 Live Rates and Access Points", "slug": "flexible-shipping-ups", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2183a22-fba5-48d2-a68a-6914f04fb902?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d21aeeb6-2e7d-426e-82c5-ff65e33bc5cb": { "id": "d21aeeb6-2e7d-426e-82c5-ff65e33bc5cb", "title": "ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d21aeeb6-2e7d-426e-82c5-ff65e33bc5cb?source=api-scan" ], "published": "2024-09-24 23:43:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d21b09f2-6766-4f55-9745-ae9fd4a0d88c": { "id": "d21b09f2-6766-4f55-9745-ae9fd4a0d88c", "title": "KKProgressbar2 Free <= 1.1.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "KKProgressbar2 Free \u2013 advanced progress bars", "slug": "kkprogressbar", "affected_versions": { "* - 1.1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d21b09f2-6766-4f55-9745-ae9fd4a0d88c?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d21bebcc-8dba-407d-8a3a-b91d3cddd38f": { "id": "d21bebcc-8dba-407d-8a3a-b91d3cddd38f", "title": "WP Ultimate CSV Importer <= 6.4.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 6.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d21bebcc-8dba-407d-8a3a-b91d3cddd38f?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d21ca709-183f-4dd1-849c-f1b2a4f7ec43": { "id": "d21ca709-183f-4dd1-849c-f1b2a4f7ec43", "title": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "slug": "user-submitted-posts", "affected_versions": { "* - 20230811": { "from_version": "*", "from_inclusive": true, "to_version": "20230811", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20230901" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d21ca709-183f-4dd1-849c-f1b2a4f7ec43?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d21cf285-9d75-43a2-9e81-67116f0bf896": { "id": "d21cf285-9d75-43a2-9e81-67116f0bf896", "title": "WP Database Backup < 5.2 - OS Command Injection", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "[*, 5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d21cf285-9d75-43a2-9e81-67116f0bf896?source=api-scan" ], "published": "2019-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d21dc02f-789c-497e-9d01-02fa49bf9e30": { "id": "d21dc02f-789c-497e-9d01-02fa49bf9e30", "title": "Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Custom css-js-php", "slug": "custom-css-js-php", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d21dc02f-789c-497e-9d01-02fa49bf9e30?source=api-scan" ], "published": "2021-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d22013e5-896a-4dcb-bbe4-e6be7d697816": { "id": "d22013e5-896a-4dcb-bbe4-e6be7d697816", "title": "WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Fusion Lite \u2013 Marketing Automation and CRM Integration for WordPress", "slug": "wp-fusion-lite", "affected_versions": { "* - 3.41.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.41.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.42.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d22013e5-896a-4dcb-bbe4-e6be7d697816?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d22134ec-00ca-4672-b9b1-1b1efad13aeb": { "id": "d22134ec-00ca-4672-b9b1-1b1efad13aeb", "title": "Wp EMember <= 10.6.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d22134ec-00ca-4672-b9b1-1b1efad13aeb?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d223de07-6377-491f-8d2c-9c31aa814792": { "id": "d223de07-6377-491f-8d2c-9c31aa814792", "title": "PPOM for WooCommerce <= 32.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PPOM \u2013 Product Addons & Custom Fields for WooCommerce", "slug": "woocommerce-product-addon", "affected_versions": { "* - 32.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "32.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "32.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d223de07-6377-491f-8d2c-9c31aa814792?source=api-scan" ], "published": "2023-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d225dee1-305c-4378-bc07-192347a0c838": { "id": "d225dee1-305c-4378-bc07-192347a0c838", "title": "WP ULike \u2013 Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d225dee1-305c-4378-bc07-192347a0c838?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2266254-9281-4859-8630-f7bb5c0ead19": { "id": "d2266254-9281-4859-8630-f7bb5c0ead19", "title": "Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection", "software": [ { "type": "plugin", "name": "Media Library Folders", "slug": "media-library-plus", "affected_versions": { "* - 8.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2266254-9281-4859-8630-f7bb5c0ead19?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2278347-d961-47d7-b89d-61a82441597c": { "id": "d2278347-d961-47d7-b89d-61a82441597c", "title": "WZone - Lite <= 3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WZone \u2013 Lite Version", "slug": "woocommerce-amazon-affiliates-light-version", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2278347-d961-47d7-b89d-61a82441597c?source=api-scan" ], "published": "2022-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d22d9414-2df9-4528-a426-dce6e83f8d44": { "id": "d22d9414-2df9-4528-a426-dce6e83f8d44", "title": "Jquery news ticker <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Jquery news ticker", "slug": "jquery-news-ticker", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d22d9414-2df9-4528-a426-dce6e83f8d44?source=api-scan" ], "published": "2023-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d22fb2e8-bb61-49bc-9fab-8f7c58339a69": { "id": "d22fb2e8-bb61-49bc-9fab-8f7c58339a69", "title": "Custom 404 Pro <= 3.7.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "[*, 3.7.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d22fb2e8-bb61-49bc-9fab-8f7c58339a69?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d23ac5df-3331-47e0-94b7-53ac8f228935": { "id": "d23ac5df-3331-47e0-94b7-53ac8f228935", "title": "Fancy Product Designer <= 6.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "* - 6.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d23ac5df-3331-47e0-94b7-53ac8f228935?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d23d2cdf-206e-4714-9753-198519ba737b": { "id": "d23d2cdf-206e-4714-9753-198519ba737b", "title": "WP Travel <= 7.7.0 - Missing Authorization via Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "WP Travel \u2013 Ultimate Travel Booking System, Tour Management Engine", "slug": "wp-travel", "affected_versions": { "* - 7.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d23d2cdf-206e-4714-9753-198519ba737b?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d242a466-0611-4e64-8145-29f64100e62b": { "id": "d242a466-0611-4e64-8145-29f64100e62b", "title": "Announcement & Notification Banner \u2013 Bulletin <= 3.6.0 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Announcement & Notification Banner \u2013 Bulletin", "slug": "bulletin-announcements", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d242a466-0611-4e64-8145-29f64100e62b?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d245dc6c-c579-4e28-a953-9227261911d4": { "id": "d245dc6c-c579-4e28-a953-9227261911d4", "title": "Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Custom Content Shortcode", "slug": "custom-content-shortcode", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d245dc6c-c579-4e28-a953-9227261911d4?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d24c65b6-20da-4f17-be9f-b8fbf5e721e3": { "id": "d24c65b6-20da-4f17-be9f-b8fbf5e721e3", "title": "Slider by 10Web \u2013 Responsive Image Slider <= 1.2.54 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider by 10Web \u2013 Responsive Image Slider", "slug": "slider-wd", "affected_versions": { "* - 1.2.54": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.54", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.55" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d24c65b6-20da-4f17-be9f-b8fbf5e721e3?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d24c9310-5470-4d08-83b3-c801f4d25d3e": { "id": "d24c9310-5470-4d08-83b3-c801f4d25d3e", "title": "Grow Social <= 1.18.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons", "slug": "social-pug", "affected_versions": { "* - 1.18.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d24c9310-5470-4d08-83b3-c801f4d25d3e?source=api-scan" ], "published": "2021-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d253a001-7023-4070-81c5-35d485ffd36c": { "id": "d253a001-7023-4070-81c5-35d485ffd36c", "title": "WP Advanced Search <= 1.1.6 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Search", "slug": "advance-search", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d253a001-7023-4070-81c5-35d485ffd36c?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2547355-cfc0-4a87-9bab-32753bd456ad": { "id": "d2547355-cfc0-4a87-9bab-32753bd456ad", "title": "iPanorama 360 WordPress Virtual Tour Builder <= 1.8.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "iPanorama 360 \u2013 WordPress Virtual Tour Builder", "slug": "ipanorama-360-virtual-tour-builder-lite", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2547355-cfc0-4a87-9bab-32753bd456ad?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d254e43f-8a8b-4309-91f3-c60710c13647": { "id": "d254e43f-8a8b-4309-91f3-c60710c13647", "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'thumb_url'", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "* - 1.8.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d254e43f-8a8b-4309-91f3-c60710c13647?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2550461-2546-4dc4-85ff-decf2fca3f10": { "id": "d2550461-2546-4dc4-85ff-decf2fca3f10", "title": "Events Made Easy <= 2.3.14 - Authenticated (Subscriber+) SQL Injection via 'search_name'", "software": [ { "type": "plugin", "name": "Events Made Easy", "slug": "events-made-easy", "affected_versions": { "* - 2.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2550461-2546-4dc4-85ff-decf2fca3f10?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d257d0e0-7e42-49d5-83c6-f5c44f2e15fc": { "id": "d257d0e0-7e42-49d5-83c6-f5c44f2e15fc", "title": "WP Marketplace \u2013 Complete Shopping Cart \/ eCommerce Solution <= 1.2.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Marketplace \u2013 Complete Shopping Cart \/ eCommerce Solution", "slug": "wpmarketplace", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d257d0e0-7e42-49d5-83c6-f5c44f2e15fc?source=api-scan" ], "published": "2012-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2594cef-6bde-425f-9412-fd4ed3da312e": { "id": "d2594cef-6bde-425f-9412-fd4ed3da312e", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslationstay function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2594cef-6bde-425f-9412-fd4ed3da312e?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d25ed357-2895-47c7-9418-628068c6d18e": { "id": "d25ed357-2895-47c7-9418-628068c6d18e", "title": "Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d25ed357-2895-47c7-9418-628068c6d18e?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d25f23cc-6012-4607-a643-5350175a439b": { "id": "d25f23cc-6012-4607-a643-5350175a439b", "title": "Smart Flv <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Flv", "slug": "smart-flv", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d25f23cc-6012-4607-a643-5350175a439b?source=api-scan" ], "published": "2013-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d266b6ee-24ec-4363-a986-5ccd4db5ae3c": { "id": "d266b6ee-24ec-4363-a986-5ccd4db5ae3c", "title": "EventPrime \u2013 Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d26e8b21-fa9e-4dfe-a095-5c9f74d968f4": { "id": "d26e8b21-fa9e-4dfe-a095-5c9f74d968f4", "title": "Quick Event Manager <= 9.7.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quick Event Manager", "slug": "quick-event-manager", "affected_versions": { "* - 9.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d26e8b21-fa9e-4dfe-a095-5c9f74d968f4?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2716f7e-ae73-482a-acf7-772884f0b3ab": { "id": "d2716f7e-ae73-482a-acf7-772884f0b3ab", "title": "WordPress Core < 4.8.2 - Cross-Site Scripting in oEmbed", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2716f7e-ae73-482a-acf7-772884f0b3ab?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d274f8b1-0f7c-44cc-8063-3d04a33a9404": { "id": "d274f8b1-0f7c-44cc-8063-3d04a33a9404", "title": "TeraWallet \u2013 For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via admin_options", "software": [ { "type": "plugin", "name": "Wallet for WooCommerce", "slug": "woo-wallet", "affected_versions": { "* - 1.3.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d274f8b1-0f7c-44cc-8063-3d04a33a9404?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d276af21-fa9d-46bd-94e3-03776d4f2238": { "id": "d276af21-fa9d-46bd-94e3-03776d4f2238", "title": "Tutor LMS < 1.5.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d276af21-fa9d-46bd-94e3-03776d4f2238?source=api-scan" ], "published": "2020-02-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d27ef0b4-266f-47b8-a7aa-ddff5adaac7a": { "id": "d27ef0b4-266f-47b8-a7aa-ddff5adaac7a", "title": "Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Admin Post Navigation", "slug": "admin-post-navigation", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d27ef0b4-266f-47b8-a7aa-ddff5adaac7a?source=api-scan" ], "published": "2024-07-26 13:08:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d283527a-a955-4f82-9827-81a71158d8e2": { "id": "d283527a-a955-4f82-9827-81a71158d8e2", "title": "Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Coming Soon & Maintenance Mode Page & Under Construction", "slug": "nifty-coming-soon-and-under-construction-page", "affected_versions": { "* - 1.57": { "from_version": "*", "from_inclusive": true, "to_version": "1.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.58" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d283527a-a955-4f82-9827-81a71158d8e2?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2922c85-7e16-48a1-9c43-c1a9d34571e0": { "id": "d2922c85-7e16-48a1-9c43-c1a9d34571e0", "title": "StreamWeasels Twitch Integration <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode", "software": [ { "type": "plugin", "name": "StreamWeasels Twitch Integration", "slug": "streamweasels-twitch-integration", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2922c85-7e16-48a1-9c43-c1a9d34571e0?source=api-scan" ], "published": "2024-10-18 20:37:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d292c4ff-123e-4aa0-8ce8-d2bb2f3c6e02": { "id": "d292c4ff-123e-4aa0-8ce8-d2bb2f3c6e02", "title": "Ninja Forms Contact Form <= 3.4.22 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.4.23)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.23", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d292c4ff-123e-4aa0-8ce8-d2bb2f3c6e02?source=api-scan" ], "published": "2020-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d293f35a-a42f-441f-b521-da0ba9887c45": { "id": "d293f35a-a42f-441f-b521-da0ba9887c45", "title": "HappyFiles Pro <= 1.8.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "HappyFiles Pro", "slug": "happyfiles-pro", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d293f35a-a42f-441f-b521-da0ba9887c45?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2994fbb-29b0-4725-a046-edeca4bcbcd7": { "id": "d2994fbb-29b0-4725-a046-edeca4bcbcd7", "title": "EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via get_virtual_users", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2994fbb-29b0-4725-a046-edeca4bcbcd7?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2a3ad97-b4ea-4ad9-ac83-071e56cb8df7": { "id": "d2a3ad97-b4ea-4ad9-ac83-071e56cb8df7", "title": "Tiny Carousel Horizontal Slider <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tiny Carousel Horizontal Slider", "slug": "tiny-carousel-horizontal-slider", "affected_versions": { "* - 8.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2a3ad97-b4ea-4ad9-ac83-071e56cb8df7?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2a60cb2-fe7d-4c51-9995-5cb4682d9d26": { "id": "d2a60cb2-fe7d-4c51-9995-5cb4682d9d26", "title": "Multi-column Tag Map <= 17.0.26 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Multi-column Tag Map", "slug": "multi-column-tag-map", "affected_versions": { "* - 17.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "17.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "17.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2a60cb2-fe7d-4c51-9995-5cb4682d9d26?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2a77443-9fca-4686-be48-b3905a33c87f": { "id": "d2a77443-9fca-4686-be48-b3905a33c87f", "title": "TinyMCE Custom Styles <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TinyMCE Custom Styles", "slug": "tinymce-custom-styles", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2a77443-9fca-4686-be48-b3905a33c87f?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2a95c6f-7248-4805-af86-11fd536b5d8d": { "id": "d2a95c6f-7248-4805-af86-11fd536b5d8d", "title": "WPZOOM Shortcodes <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPZOOM Shortcodes", "slug": "wpzoom-shortcodes", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2a95c6f-7248-4805-af86-11fd536b5d8d?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2a99b86-5eb8-438d-a040-68aba2ffa183": { "id": "d2a99b86-5eb8-438d-a040-68aba2ffa183", "title": "Request a Quote <= 2.3.8 - CSV Injection", "software": [ { "type": "plugin", "name": "Request a Quote", "slug": "request-a-quote", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2a99b86-5eb8-438d-a040-68aba2ffa183?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2a9a2fd-5667-4033-a273-f4f5660cb27e": { "id": "d2a9a2fd-5667-4033-a273-f4f5660cb27e", "title": "Team Showcase <= 1.22.15 - Object Injection", "software": [ { "type": "plugin", "name": "Team Showcase", "slug": "team", "affected_versions": { "[*, 1.22.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.22.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2a9a2fd-5667-4033-a273-f4f5660cb27e?source=api-scan" ], "published": "2020-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2aabec9-1968-4c0e-baed-9aa78eb236e8": { "id": "d2aabec9-1968-4c0e-baed-9aa78eb236e8", "title": "WP Brutal AI < 2.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Brutal AI", "slug": "wpbrutalai", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2aabec9-1968-4c0e-baed-9aa78eb236e8?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2aea3e1-60cb-4992-a217-4250bed2641e": { "id": "d2aea3e1-60cb-4992-a217-4250bed2641e", "title": "Ultimate Instagram Feed - WordPress Plugin < 1.3.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Instagram Feed \u2013 WordPress Plugin", "slug": "ultimate-instagram-feed", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2aea3e1-60cb-4992-a217-4250bed2641e?source=api-scan" ], "published": "2017-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2b3279b-fd39-4c34-92e8-57d309f37a93": { "id": "d2b3279b-fd39-4c34-92e8-57d309f37a93", "title": "Popup by Supsystic <= 1.10.8 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Popup by Supsystic", "slug": "popup-by-supsystic", "affected_versions": { "[*, 1.10.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2b3279b-fd39-4c34-92e8-57d309f37a93?source=api-scan" ], "published": "2022-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2b32fdc-b73f-48e5-88bf-e836ec2f791f": { "id": "d2b32fdc-b73f-48e5-88bf-e836ec2f791f", "title": "Seraphinite Accelerator (Base, cache only) <= 2.20.31 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Seraphinite Accelerator", "slug": "seraphinite-accelerator", "affected_versions": { "* - 2.20.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2b32fdc-b73f-48e5-88bf-e836ec2f791f?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2b3612e-3c91-469b-98ef-fdb03b0ee9d9": { "id": "d2b3612e-3c91-469b-98ef-fdb03b0ee9d9", "title": "MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2b3612e-3c91-469b-98ef-fdb03b0ee9d9?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2b4203f-7301-4ab6-b7a1-c43516bea477": { "id": "d2b4203f-7301-4ab6-b7a1-c43516bea477", "title": "Football Live Scores <= 1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Football Live Scores", "slug": "football-live-scores", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2b4203f-7301-4ab6-b7a1-c43516bea477?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2b66eca-67cf-404e-9c4b-6add0ee79141": { "id": "d2b66eca-67cf-404e-9c4b-6add0ee79141", "title": "Optinly <= 1.0.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Optinly \u2013 Exit Intent, Newsletter Popups, Gamification & Opt-in Forms", "slug": "optinly", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2b66eca-67cf-404e-9c4b-6add0ee79141?source=api-scan" ], "published": "2022-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2b66f27-e4d2-4f6e-be96-b7f967a30885": { "id": "d2b66f27-e4d2-4f6e-be96-b7f967a30885", "title": "Klaviyo <= 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Klaviyo", "slug": "klaviyo", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2b66f27-e4d2-4f6e-be96-b7f967a30885?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2b74b9d-b296-4d3b-936f-419dad502d79": { "id": "d2b74b9d-b296-4d3b-936f-419dad502d79", "title": "Wheel of Life <= 1.1.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Wheel of Life: Coaching and Assessment Tool for Life Coach", "slug": "wheel-of-life", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2b74b9d-b296-4d3b-936f-419dad502d79?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2c62f42-b649-4873-a330-4a0f268cab21": { "id": "d2c62f42-b649-4873-a330-4a0f268cab21", "title": "Comment Attachment <= 1.5.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comment Attachment", "slug": "comment-attachment", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2c62f42-b649-4873-a330-4a0f268cab21?source=api-scan" ], "published": "2013-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2ccdafb-39f4-4249-95fa-a3d752c435f4": { "id": "d2ccdafb-39f4-4249-95fa-a3d752c435f4", "title": "Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2ccdafb-39f4-4249-95fa-a3d752c435f4?source=api-scan" ], "published": "2012-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2cffdc3-bd74-42ab-befd-8a396c5d990d": { "id": "d2cffdc3-bd74-42ab-befd-8a396c5d990d", "title": "ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsReady Addons for Elementor", "slug": "element-ready-lite", "affected_versions": { "* - 6.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2cffdc3-bd74-42ab-befd-8a396c5d990d?source=api-scan" ], "published": "2024-06-05 15:36:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2d34c84-473c-49f8-b55c-c869b5479974": { "id": "d2d34c84-473c-49f8-b55c-c869b5479974", "title": "Grid Plus <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Grid Layout Add\/Update\/Delete", "software": [ { "type": "plugin", "name": "Grid Plus \u2013 Unlimited grid layout", "slug": "grid-plus", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2d34c84-473c-49f8-b55c-c869b5479974?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2d4c7ff-ecd3-4cfb-9466-08f3e6c4bd48": { "id": "d2d4c7ff-ecd3-4cfb-9466-08f3e6c4bd48", "title": "Intuitive Custom Post Order <= 3.1.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Intuitive Custom Post Order", "slug": "intuitive-custom-post-order", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2d4c7ff-ecd3-4cfb-9466-08f3e6c4bd48?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2e040bd-df5f-4b40-bc7b-9521f224c297": { "id": "d2e040bd-df5f-4b40-bc7b-9521f224c297", "title": "Photo Gallery by 10Web < 1.3.43 - Authenticated Path Traversal", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.3.43)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.43", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2e040bd-df5f-4b40-bc7b-9521f224c297?source=api-scan" ], "published": "2017-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2e10791-7158-47ae-85c9-4a5a53b25d68": { "id": "d2e10791-7158-47ae-85c9-4a5a53b25d68", "title": "WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes", "software": [ { "type": "plugin", "name": "WordPress Books Gallery", "slug": "wp-books-gallery", "affected_versions": { "* - 4.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2e10791-7158-47ae-85c9-4a5a53b25d68?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2e3ac14-1421-49f0-9c60-7f7d5c9d7654": { "id": "d2e3ac14-1421-49f0-9c60-7f7d5c9d7654", "title": "B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure", "software": [ { "type": "plugin", "name": "B2BKing \u2014 Ultimate WooCommerce Wholesale and B2B Solution \u2014 Wholesale Order Form, Catalog Mode, Dynamic Pricing & More", "slug": "b2bking-wholesale-for-woocommerce", "affected_versions": { "* - 4.6.00": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.00", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2e3ac14-1421-49f0-9c60-7f7d5c9d7654?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2e99867-4992-47b5-a642-abd104eee18f": { "id": "d2e99867-4992-47b5-a642-abd104eee18f", "title": "Caldera Forms <= 1.9.6 - Reflected Cross-Site Scripting via cf-api", "software": [ { "type": "plugin", "name": "Caldera Forms \u2013 More Than Contact Forms", "slug": "caldera-forms", "affected_versions": { "[*, 1.9.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2e99867-4992-47b5-a642-abd104eee18f?source=api-scan" ], "published": "2022-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2ea39fb-5adc-4666-95da-b25024ca32d6": { "id": "d2ea39fb-5adc-4666-95da-b25024ca32d6", "title": "Count per Day < 3.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "[*, 3.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2ea39fb-5adc-4666-95da-b25024ca32d6?source=api-scan" ], "published": "2016-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2f777b6-5872-4196-81fb-82a9b6aaef2e": { "id": "d2f777b6-5872-4196-81fb-82a9b6aaef2e", "title": "WP ULike <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "* - 4.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2f777b6-5872-4196-81fb-82a9b6aaef2e?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2f78187-310a-4b6a-98f7-47917149ae7f": { "id": "d2f78187-310a-4b6a-98f7-47917149ae7f", "title": "Ninja Forms <= 3.8.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2f78187-310a-4b6a-98f7-47917149ae7f?source=api-scan" ], "published": "2024-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2fbd599-0a6c-4182-87d9-ad7cf3fb5865": { "id": "d2fbd599-0a6c-4182-87d9-ad7cf3fb5865", "title": "Import and export users and customers <= 1.26.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.26.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2fbd599-0a6c-4182-87d9-ad7cf3fb5865?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d2fdd6eb-c848-446c-abad-7d2ea93f5512": { "id": "d2fdd6eb-c848-446c-abad-7d2ea93f5512", "title": "WP User Frontend <= 4.0.7 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "* - 4.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d2fdd6eb-c848-446c-abad-7d2ea93f5512?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d300288e-f100-4c02-ba65-d728e3b1522e": { "id": "d300288e-f100-4c02-ba65-d728e3b1522e", "title": "Seers <= 8.1.1 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Seers | GDPR & CCPA Cookie Consent & Compliance", "slug": "seers-cookie-consent-banner-privacy-policy", "affected_versions": { "* - 8.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d300288e-f100-4c02-ba65-d728e3b1522e?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3004699-3285-426a-8a85-33be6c0c0b6f": { "id": "d3004699-3285-426a-8a85-33be6c0c0b6f", "title": "Print My Blog \u2013 Print, PDF, & eBook Converter <= 3.15.8 - Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "Print My Blog \u2013 Print, PDF, & eBook Converter WordPress Plugin", "slug": "print-my-blog", "affected_versions": { "* - 3.15.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.15.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.15.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3004699-3285-426a-8a85-33be6c0c0b6f?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3027edb-770a-43d8-8abe-e9d9a51f4ab3": { "id": "d3027edb-770a-43d8-8abe-e9d9a51f4ab3", "title": "Dynamic Widgets <= 1.5.1 - Cross Site Scripting", "software": [ { "type": "plugin", "name": "Dynamic Widgets", "slug": "dynamic-widgets", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3027edb-770a-43d8-8abe-e9d9a51f4ab3?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d302f956-3f6e-41a7-a02b-d6b4431138b8": { "id": "d302f956-3f6e-41a7-a02b-d6b4431138b8", "title": "JS Multi Hotel <= 2.2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JS Multi Hotel", "slug": "js-multihotel", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d302f956-3f6e-41a7-a02b-d6b4431138b8?source=api-scan" ], "published": "2014-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3034130-98f8-4907-862f-e04ff67b4d20": { "id": "d3034130-98f8-4907-862f-e04ff67b4d20", "title": "WP Custom Cursors <= 3.0.1 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Custom Cursors | WordPress Cursor Plugin", "slug": "wp-custom-cursors", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3034130-98f8-4907-862f-e04ff67b4d20?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3039831-6a29-48de-bdf3-66cac7655719": { "id": "d3039831-6a29-48de-bdf3-66cac7655719", "title": "WordPress Core < 4.9.5 - Authenticated Stored Cross-Site Scripting via Generator Tag", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.25": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.25", "to_inclusive": true }, "3.8 - 3.8.25": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.25", "to_inclusive": true }, "3.9 - 3.9.23": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.23", "to_inclusive": true }, "4.0 - 4.0.22": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.22", "to_inclusive": true }, "4.1 - 4.1.22": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.22", "to_inclusive": true }, "4.2 - 4.2.19": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.19", "to_inclusive": true }, "4.3 - 4.3.15": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.15", "to_inclusive": true }, "4.4 - 4.4.14": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.14", "to_inclusive": true }, "4.5 - 4.5.13": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.13", "to_inclusive": true }, "4.6 - 4.6.10": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.10", "to_inclusive": true }, "4.7 - 4.7.9": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.9", "to_inclusive": true }, "4.8 - 4.8.5": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.5", "to_inclusive": true }, "4.9 - 4.9.4": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.26", "3.8.26", "3.9.24", "4.0.23", "4.1.23", "4.2.20", "4.3.16", "4.4.15", "4.5.14", "4.6.11", "4.7.10", "4.8.6", "4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3039831-6a29-48de-bdf3-66cac7655719?source=api-scan" ], "published": "2018-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3092a92-db5b-4e22-b4cf-43b773c7eb48": { "id": "d3092a92-db5b-4e22-b4cf-43b773c7eb48", "title": "Hello Elementor <= 3.0.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Hello Elementor", "slug": "hello-elementor", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3092a92-db5b-4e22-b4cf-43b773c7eb48?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3098565-d037-4a31-af3c-00e8b93b922e": { "id": "d3098565-d037-4a31-af3c-00e8b93b922e", "title": "Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure", "software": [ { "type": "plugin", "name": "Opal Membership", "slug": "opal-membership", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3098565-d037-4a31-af3c-00e8b93b922e?source=api-scan" ], "published": "2024-08-09 15:03:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d30cc136-ebde-4c76-9831-ffde79bf3c4a": { "id": "d30cc136-ebde-4c76-9831-ffde79bf3c4a", "title": "Image Optimizer, Resizer and CDN \u2013 Sirv <= 7.2.0 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 7.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d30cc136-ebde-4c76-9831-ffde79bf3c4a?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d311170c-db2b-4c23-aa43-98d7e92839bb": { "id": "d311170c-db2b-4c23-aa43-98d7e92839bb", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.8.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d311170c-db2b-4c23-aa43-98d7e92839bb?source=api-scan" ], "published": "2024-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d311aab4-fca8-4e83-83cf-c4b8350d7dd1": { "id": "d311aab4-fca8-4e83-83cf-c4b8350d7dd1", "title": "SWFUpload <= 2.2.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-ecommerce-cvs-importer", "slug": "wp-ecommerce-cvs-importer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Image News Slider", "slug": "wp-image-news-slider", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] }, { "type": "plugin", "name": "apptha-banner", "slug": "apptha-banner", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "mac-dock-photogallery", "slug": "mac-dock-photogallery", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Comment Extra Fields", "slug": "comment-extra-field", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "sprapid", "slug": "sprapid", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "MailPoet Newsletters (Previous)", "slug": "wysija-newsletters", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] }, { "type": "plugin", "name": "Power Zoomer", "slug": "power-zoomer", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "dm-albums", "slug": "dm-albums", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Powerplay Gallery", "slug": "wp-powerplaygallery", "affected_versions": { "[*, 3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2" ] }, { "type": "plugin", "name": "wp-dreamworkgallery", "slug": "wp-dreamworkgallery", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "Levo Slideshow", "slug": "wp-levoslideshow", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "apptha-slider-gallery", "slug": "apptha-slider-gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Smart Slideshow", "slug": "smart-slide-show", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] }, { "type": "plugin", "name": "mac-dock-gallery", "slug": "mac-dock-gallery", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] }, { "type": "plugin", "name": "slide-show-pro", "slug": "slide-show-pro", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] }, { "type": "plugin", "name": "fluid-accessible-ui-options", "slug": "fluid-accessible-ui-options", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Spotlight", "slug": "spotlightyour", "affected_versions": { "[*, 4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4" ] }, { "type": "plugin", "name": "Blaze Slideshow", "slug": "blaze-slide-show-for-wordpress", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] }, { "type": "plugin", "name": "fresh-page", "slug": "fresh-page", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "wp-3dbanner-rotator", "slug": "wp-3dbanner-rotator", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] }, { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.2" ] }, { "type": "plugin", "name": "wp-bliss-gallery", "slug": "wp-bliss-gallery", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "wp-carouselslideshow", "slug": "wp-carouselslideshow", "affected_versions": { "* - 3.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11" ] }, { "type": "plugin", "name": "wp-matrix-gallery", "slug": "wp-matrix-gallery", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "wp-royal-gallery", "slug": "wp-royal-gallery", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] }, { "type": "plugin", "name": "wp-extended", "slug": "wp-extended", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "3D Flick Slideshow", "slug": "wp-3dflick-slideshow", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "wp-superb-slideshow", "slug": "wp-superb-slideshow", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] }, { "type": "plugin", "name": "wp-flipslideshow", "slug": "wp-flipslideshow", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] }, { "type": "plugin", "name": "wp-vertical-gallery", "slug": "wp-vertical-gallery", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "fluid-accessible-uploader", "slug": "fluid-accessible-uploader", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "PDF File Browser", "slug": "pdw-file-browser", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Homepage SlideShow", "slug": "wp-homepage-slideshow", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] }, { "type": "plugin", "name": "wp-yasslideshow", "slug": "wp-yasslideshow", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] }, { "type": "plugin", "name": "Album and Image Gallery with Lightbox \u2013 Flagallery Photo Portfolio", "slug": "flash-album-gallery", "affected_versions": { "[*, 2.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.12" ] }, { "type": "plugin", "name": "fluid-accessible-pager", "slug": "fluid-accessible-pager", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] }, { "type": "plugin", "name": "Ultimate TinyMCE", "slug": "ultimate-tinymce", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] }, { "type": "plugin", "name": "fluid-accessible-rich-inline-edit", "slug": "fluid-accessible-rich-inline-edit", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "PICA Photo Gallery", "slug": "pica-photo-gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan" ], "published": "2012-11-09 20:12:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d317f2c7-06f3-4875-9f9b-eb7f450aa2f4": { "id": "d317f2c7-06f3-4875-9f9b-eb7f450aa2f4", "title": "Getwid \u2013 Gutenberg Blocks <= 2.0.4 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d31aad1c-89d4-4f71-bfed-a795f7a4f209": { "id": "d31aad1c-89d4-4f71-bfed-a795f7a4f209", "title": "Blocksy Companion <= 1.8.81 - Authenticated(Subscriber+) Sensitive Information Exposure via blocksy_posts shortcode", "software": [ { "type": "plugin", "name": "Blocksy Companion", "slug": "blocksy-companion", "affected_versions": { "* - 1.8.81": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.81", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.82" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d31aad1c-89d4-4f71-bfed-a795f7a4f209?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d31b9022-ae45-4bc2-b820-fb88faf0796f": { "id": "d31b9022-ae45-4bc2-b820-fb88faf0796f", "title": "IMPress Listings <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Listing Fields", "software": [ { "type": "plugin", "name": "IMPress Listings", "slug": "wp-listings", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d31b9022-ae45-4bc2-b820-fb88faf0796f?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d31d0553-9378-4c7e-a258-12562aa6b388": { "id": "d31d0553-9378-4c7e-a258-12562aa6b388", "title": "Super Store Finder <= 6.9.3 - Unauthenticated Email Creation\/Sending", "software": [ { "type": "plugin", "name": "Super Store Finder", "slug": "superstorefinder-wp", "affected_versions": { "* - 6.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d31d0553-9378-4c7e-a258-12562aa6b388?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d32215b5-9ecb-4feb-b76f-18821184dd8b": { "id": "d32215b5-9ecb-4feb-b76f-18821184dd8b", "title": "wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification", "software": [ { "type": "plugin", "name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", "slug": "wpdatatables", "affected_versions": { "* - 6.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d32215b5-9ecb-4feb-b76f-18821184dd8b?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3221af7-13ea-4c90-b2ca-75eb3d373ed3": { "id": "d3221af7-13ea-4c90-b2ca-75eb3d373ed3", "title": "Ultimate Member <= 2.0.3 - Improper Access Control", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3221af7-13ea-4c90-b2ca-75eb3d373ed3?source=api-scan" ], "published": "2018-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d323d28f-280c-49cd-b7f7-3e272ea62549": { "id": "d323d28f-280c-49cd-b7f7-3e272ea62549", "title": "Mail Masta <= 1.0 - SQL Injection via list_id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d323d28f-280c-49cd-b7f7-3e272ea62549?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c": { "id": "d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c", "title": "Visualizer <= 3.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3343d96-ca52-46a6-b464-cd2e5375d10f": { "id": "d3343d96-ca52-46a6-b464-cd2e5375d10f", "title": "Fathom Analytics <= 3.0.7 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fathom Analytics for WP", "slug": "fathom-analytics", "affected_versions": { "[*, 3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3343d96-ca52-46a6-b464-cd2e5375d10f?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d33467d4-aabd-4030-ba10-68e2460b2ed2": { "id": "d33467d4-aabd-4030-ba10-68e2460b2ed2", "title": "PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode", "software": [ { "type": "plugin", "name": "PHP Everywhere", "slug": "php-everywhere", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d33467d4-aabd-4030-ba10-68e2460b2ed2?source=api-scan" ], "published": "2022-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d337e39c-3a3d-4465-bc40-77f0b27aeab2": { "id": "d337e39c-3a3d-4465-bc40-77f0b27aeab2", "title": "Import Spreadsheets from Microsoft Excel <= 10.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import Spreadsheets from Microsoft Excel", "slug": "import-spreadsheets-from-microsoft-excel", "affected_versions": { "* - 10.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "10.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d337e39c-3a3d-4465-bc40-77f0b27aeab2?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d338b583-4587-4b8d-b78e-a1b9a1054435": { "id": "d338b583-4587-4b8d-b78e-a1b9a1054435", "title": "WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MDTF \u2013 Meta Data and Taxonomies Filter", "slug": "wp-meta-data-filter-and-taxonomy-filter", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d338b583-4587-4b8d-b78e-a1b9a1054435?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d33a77c6-9977-4d92-92c4-4273ee73452e": { "id": "d33a77c6-9977-4d92-92c4-4273ee73452e", "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.1.1 - Missing Authorization to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d33a77c6-9977-4d92-92c4-4273ee73452e?source=api-scan" ], "published": "2020-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d33cc844-eaed-4006-aae1-122b773e9f11": { "id": "d33cc844-eaed-4006-aae1-122b773e9f11", "title": "PeproDev Ultimate Invoice <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PeproDev Ultimate Invoice", "slug": "pepro-ultimate-invoice", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d33cc844-eaed-4006-aae1-122b773e9f11?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d33df4e4-6ac7-499a-9d43-d19e287f7689": { "id": "d33df4e4-6ac7-499a-9d43-d19e287f7689", "title": "GF Windcave Free <= 1.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GF Windcave Free", "slug": "gravity-forms-dps-pxpay", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d33df4e4-6ac7-499a-9d43-d19e287f7689?source=api-scan" ], "published": "2015-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d33ff4cc-a44d-4c13-bbed-f4581469e9cd": { "id": "d33ff4cc-a44d-4c13-bbed-f4581469e9cd", "title": "SpeedyCache <= 1.1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SpeedyCache \u2013 Cache, Optimization, Performance", "slug": "speedycache", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d33ff4cc-a44d-4c13-bbed-f4581469e9cd?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3457b87-c860-4cf2-ac3d-2c6521b629ea": { "id": "d3457b87-c860-4cf2-ac3d-2c6521b629ea", "title": "Royal Elementor Addons and Templates <= 1.3.87 - Missing Authorization via wpr_update_form_action_meta", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.87": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d35266cd-41e6-4358-afaa-bc008962f2e1": { "id": "d35266cd-41e6-4358-afaa-bc008962f2e1", "title": "Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow <= 1.3.8 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow", "slug": "slider-responsive-slideshow", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d35266cd-41e6-4358-afaa-bc008962f2e1?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d353d8b7-76a5-45ce-aa7c-d571dedcbfd4": { "id": "d353d8b7-76a5-45ce-aa7c-d571dedcbfd4", "title": "Podlove Podcast Publisher <= 3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d353d8b7-76a5-45ce-aa7c-d571dedcbfd4?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3543a39-ad88-40be-93b8-36ec638db4bd": { "id": "d3543a39-ad88-40be-93b8-36ec638db4bd", "title": "Multiple Themes (Various Versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Viral News", "slug": "viral-news", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.6" ] }, { "type": "theme", "name": "HashOne", "slug": "hashone", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] }, { "type": "theme", "name": "Viral", "slug": "viral", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3543a39-ad88-40be-93b8-36ec638db4bd?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d357f92a-3c20-4972-af4d-65053027d31c": { "id": "d357f92a-3c20-4972-af4d-65053027d31c", "title": "WordPress Core < 4.7.5 - Server-Side Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.20": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.20", "to_inclusive": true }, "3.8 - 3.8.20": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.20", "to_inclusive": true }, "3.9 - 3.9.18": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.18", "to_inclusive": true }, "4.0 - 4.0.17": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.17", "to_inclusive": true }, "4.1 - 4.1.17": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.17", "to_inclusive": true }, "4.2 - 4.2.14": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.14", "to_inclusive": true }, "4.3 - 4.3.10": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.10", "to_inclusive": true }, "4.4 - 4.4.9": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true }, "4.5 - 4.5.8": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": true }, "4.6 - 4.6.5": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": true }, "4.7 - 4.7.4": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.21", "3.8.21", "3.9.19", "4.0.18", "4.1.18", "4.2.15", "4.3.11", "4.4.10", "4.5.9", "4.6.6", "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d357f92a-3c20-4972-af4d-65053027d31c?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d359dc78-fc90-4570-a768-5f1a05f865e1": { "id": "d359dc78-fc90-4570-a768-5f1a05f865e1", "title": "Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real Media Library: Media Library Folder & File Manager", "slug": "real-media-library-lite", "affected_versions": { "* - 4.22.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.22.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.22.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d359dc78-fc90-4570-a768-5f1a05f865e1?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d35dd18b-0f05-482f-aef3-08977cbec8a0": { "id": "d35dd18b-0f05-482f-aef3-08977cbec8a0", "title": "ElementsKit Pro <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "ElementsKit Pro", "slug": "elementskit", "affected_versions": { "* - 3.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d35dd18b-0f05-482f-aef3-08977cbec8a0?source=api-scan" ], "published": "2024-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d35e2d84-12c7-4c01-bde9-2fb05583a212": { "id": "d35e2d84-12c7-4c01-bde9-2fb05583a212", "title": "PowerPack Pro for Elementor <= 2.10.14 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "PowerPack Pro for Elementor", "slug": "powerpack-elements", "affected_versions": { "* - 2.10.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d35e2d84-12c7-4c01-bde9-2fb05583a212?source=api-scan" ], "published": "2024-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d35ec0f0-fa7a-4531-b5f7-5adcf2af051c": { "id": "d35ec0f0-fa7a-4531-b5f7-5adcf2af051c", "title": "Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d35ff2cc-9af2-4b72-bc49-e205275daa4d": { "id": "d35ff2cc-9af2-4b72-bc49-e205275daa4d", "title": "Spreadsheet Integration \u2013 Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Spreadsheet Integration \u2013 Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.", "slug": "wpgsi", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d35ff2cc-9af2-4b72-bc49-e205275daa4d?source=api-scan" ], "published": "2024-09-24 12:20:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d36d97fb-2fce-4248-8955-7d66919487e3": { "id": "d36d97fb-2fce-4248-8955-7d66919487e3", "title": "Automatic pages for Privacy Policy, Terms, About, Contact us <= 1.41 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Automatic pages for Privacy Policy, Terms, About, Contact us", "slug": "automatic-pages-for-privacy-policy-terms-about-and-contact", "affected_versions": { "* - 1.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d36d97fb-2fce-4248-8955-7d66919487e3?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d36e869a-5bd4-4f59-8e28-01fa586024c5": { "id": "d36e869a-5bd4-4f59-8e28-01fa586024c5", "title": "Super Progressive Web Apps <= 2.2.21 - Missing Authorization", "software": [ { "type": "plugin", "name": "Super Progressive Web Apps", "slug": "super-progressive-web-apps", "affected_versions": { "* - 2.2.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d36e869a-5bd4-4f59-8e28-01fa586024c5?source=api-scan" ], "published": "2023-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d372fbca-47c8-45b8-b5cb-83b8367860f4": { "id": "d372fbca-47c8-45b8-b5cb-83b8367860f4", "title": "Carousel Slider <= 1.10.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Carousel Slider", "slug": "carousel-slider", "affected_versions": { "* - 1.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d372fbca-47c8-45b8-b5cb-83b8367860f4?source=api-scan" ], "published": "2024-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d37b10f7-ea20-47cb-913a-4286c2ee2771": { "id": "d37b10f7-ea20-47cb-913a-4286c2ee2771", "title": "Testimonial < 2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Testimonial", "slug": "indianic-testimonial", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d37b10f7-ea20-47cb-913a-4286c2ee2771?source=api-scan" ], "published": "2013-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3804220-7c80-419c-9bf5-174e5c8ea924": { "id": "d3804220-7c80-419c-9bf5-174e5c8ea924", "title": "Hotel Galaxy <= 4.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Hotel Galaxy", "slug": "hotel-galaxy", "affected_versions": { "* - 4.4.24": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.24", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3804220-7c80-419c-9bf5-174e5c8ea924?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d38cf4d5-a2b3-46c7-9cbc-777ebf6a68be": { "id": "d38cf4d5-a2b3-46c7-9cbc-777ebf6a68be", "title": "Comic Easel <= 1.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comic Easel", "slug": "comic-easel", "affected_versions": { "* - 1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d38cf4d5-a2b3-46c7-9cbc-777ebf6a68be?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d38d41c7-8786-4145-9591-3e24eff3b79c": { "id": "d38d41c7-8786-4145-9591-3e24eff3b79c", "title": "Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d38d41c7-8786-4145-9591-3e24eff3b79c?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d38ee896-8cdd-45c5-b393-bdcb7baa7bd3": { "id": "d38ee896-8cdd-45c5-b393-bdcb7baa7bd3", "title": "Mapster WP Maps <= 1.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mapster WP Maps", "slug": "mapster-wp-maps", "affected_versions": { "* - 1.2.38": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d38ee896-8cdd-45c5-b393-bdcb7baa7bd3?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3905ebe-334c-4c6f-a430-4c25cd15c61f": { "id": "d3905ebe-334c-4c6f-a430-4c25cd15c61f", "title": "Sina Extension for Elementor <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3905ebe-334c-4c6f-a430-4c25cd15c61f?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d392b84b-2a1f-430c-84a1-22431763a6a5": { "id": "d392b84b-2a1f-430c-84a1-22431763a6a5", "title": "Yuzo Related Posts <= 5.12.93 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YUZO", "slug": "yuzo-related-post", "affected_versions": { "[*, 5.12.94)": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.94", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.12.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d392b84b-2a1f-430c-84a1-22431763a6a5?source=api-scan" ], "published": "2019-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d396e47a-cabe-4498-9269-d67bdeb0c570": { "id": "d396e47a-cabe-4498-9269-d67bdeb0c570", "title": "Popup Builder by OptinMonster <= 1.1.4.5 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation", "slug": "optinmonster", "affected_versions": { "[*, 1.1.4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d396e47a-cabe-4498-9269-d67bdeb0c570?source=api-scan" ], "published": "2016-01-14 11:25:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d396e90b-c113-4534-8ce3-27bea3bd7296": { "id": "d396e90b-c113-4534-8ce3-27bea3bd7296", "title": "Predictive Search <= 1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Predictive Search", "slug": "predictive-search", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d396e90b-c113-4534-8ce3-27bea3bd7296?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3999c59-57a9-410c-a550-7d198bdb25ea": { "id": "d3999c59-57a9-410c-a550-7d198bdb25ea", "title": "Hubbub Lite \u2013 Fast, Reliable Social Network Sharing Buttons <= 1.33.1 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons", "slug": "social-pug", "affected_versions": { "* - 1.33.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.33.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.33.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3999c59-57a9-410c-a550-7d198bdb25ea?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d39a73dd-5d62-43cc-af36-6bdf85dec3f1": { "id": "d39a73dd-5d62-43cc-af36-6bdf85dec3f1", "title": "Newsletter Manager < 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newsletter Manager", "slug": "newsletter-manager", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d39a73dd-5d62-43cc-af36-6bdf85dec3f1?source=api-scan" ], "published": "2014-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3a5d7c3-b9dd-46e8-92e2-455ef1394b50": { "id": "d3a5d7c3-b9dd-46e8-92e2-455ef1394b50", "title": "Easy Testimonials <= 3.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Testimonials", "slug": "easy-testimonials", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3a5d7c3-b9dd-46e8-92e2-455ef1394b50?source=api-scan" ], "published": "2017-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3a9a1f1-566f-478e-a0b7-857c12f21ff7": { "id": "d3a9a1f1-566f-478e-a0b7-857c12f21ff7", "title": "Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting via 'post'", "software": [ { "type": "plugin", "name": "Slideshow, Image Slider by 2J", "slug": "2j-slideshow", "affected_versions": { "* - 1.3.54": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.54", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3a9a1f1-566f-478e-a0b7-857c12f21ff7?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3a9a836-34c1-4ef3-9cde-c7ccb3163165": { "id": "d3a9a836-34c1-4ef3-9cde-c7ccb3163165", "title": "Seo 301 Meta <= 1.9.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seo 301 Meta", "slug": "seo-301-meta", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3a9a836-34c1-4ef3-9cde-c7ccb3163165?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3abf6bd-bece-470e-93c7-ab9968171a3f": { "id": "d3abf6bd-bece-470e-93c7-ab9968171a3f", "title": "HD Quiz <= 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "HD Quiz", "slug": "hd-quiz", "affected_versions": { "* - 1.8.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3abf6bd-bece-470e-93c7-ab9968171a3f?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3ace116-69e1-44b1-a63f-693153ab4679": { "id": "d3ace116-69e1-44b1-a63f-693153ab4679", "title": "Weather Effect \u2013 Christmas Santa Snow Falling <= 1.3.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Weather Effect \u2013 Christmas, Santa, Snow Falling, Snowflake Effect", "slug": "weather-effect", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3ace116-69e1-44b1-a63f-693153ab4679?source=api-scan" ], "published": "2021-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3adabcc-3259-4d4d-8359-71af16823d18": { "id": "d3adabcc-3259-4d4d-8359-71af16823d18", "title": "Login Block IPs <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Login Block IPs", "slug": "login-block-ips", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3adabcc-3259-4d4d-8359-71af16823d18?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3ae776f-65d7-4bb5-9368-9cd22207ea98": { "id": "d3ae776f-65d7-4bb5-9368-9cd22207ea98", "title": "Forty Four \u2013 404 Plugin for WordPress <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forty Four \u2013 404 Plugin for WordPress", "slug": "forty-four", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3ae776f-65d7-4bb5-9368-9cd22207ea98?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3b26060-294e-4d4c-9295-0b08f533d5c4": { "id": "d3b26060-294e-4d4c-9295-0b08f533d5c4", "title": "Team Showcase <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Team Showcase", "slug": "team-showcase", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3b26060-294e-4d4c-9295-0b08f533d5c4?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3b62eb2-6c03-4e24-a454-5de54a4521b2": { "id": "d3b62eb2-6c03-4e24-a454-5de54a4521b2", "title": "Avada <= 7.11.1 - Authenticated(Author+) Arbitrary File Upload via Zip Extraction", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3b62eb2-6c03-4e24-a454-5de54a4521b2?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3b954e6-cf5d-4451-b770-777d116edd90": { "id": "d3b954e6-cf5d-4451-b770-777d116edd90", "title": "Image Gallery - Responsive Photo Gallery < 2.0.6 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Gallery - Responsive Photo Gallery", "slug": "gallery-images", "affected_versions": { "[*, 2.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3b954e6-cf5d-4451-b770-777d116edd90?source=api-scan" ], "published": "2016-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3b9d0ab-d785-4e93-9ab8-f75673a27334": { "id": "d3b9d0ab-d785-4e93-9ab8-f75673a27334", "title": "ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.15.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3bad1f8-0351-421e-ab00-015e15643f0f": { "id": "d3bad1f8-0351-421e-ab00-015e15643f0f", "title": "Business Card <= 1.0.0 - Cross-Site Request Forgery to Card Edit", "software": [ { "type": "plugin", "name": "Business Card", "slug": "business-card-by-esterox-100", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3bad1f8-0351-421e-ab00-015e15643f0f?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3bb5bb0-2c70-4416-8ee1-97aba100cc1d": { "id": "d3bb5bb0-2c70-4416-8ee1-97aba100cc1d", "title": "Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Themify Portfolio Post", "slug": "themify-portfolio-post", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3bb5bb0-2c70-4416-8ee1-97aba100cc1d?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3bd7b0e-aae3-4ac9-b092-3101da441e1e": { "id": "d3bd7b0e-aae3-4ac9-b092-3101da441e1e", "title": "Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Decon WP SMS", "slug": "decon-wp-sms", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3bd7b0e-aae3-4ac9-b092-3101da441e1e?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3bea017-9fc3-4e14-97c4-5bb525650cde": { "id": "d3bea017-9fc3-4e14-97c4-5bb525650cde", "title": "WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPC Composite Products for WooCommerce", "slug": "wpc-composite-products", "affected_versions": { "* - 7.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3bea017-9fc3-4e14-97c4-5bb525650cde?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3beee75-0480-4504-a177-45f8cd32cf36": { "id": "d3beee75-0480-4504-a177-45f8cd32cf36", "title": "WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update", "software": [ { "type": "plugin", "name": "WP Accessibility Helper (WAH)", "slug": "wp-accessibility-helper", "affected_versions": { "* - 0.6.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3beee75-0480-4504-a177-45f8cd32cf36?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3c26454-a91d-4141-9b31-5c902c5e8eec": { "id": "d3c26454-a91d-4141-9b31-5c902c5e8eec", "title": "pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "pTypeConverter", "slug": "ptypeconverter", "affected_versions": { "* - 0.2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3c26454-a91d-4141-9b31-5c902c5e8eec?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3c2e5fe-cc02-479e-9f33-e1a783088596": { "id": "d3c2e5fe-cc02-479e-9f33-e1a783088596", "title": "Elementor Addons by Livemesh <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3c2e5fe-cc02-479e-9f33-e1a783088596?source=api-scan" ], "published": "2024-09-24 21:40:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3c4b62b-c8b1-40b8-b250-d9da94208c62": { "id": "d3c4b62b-c8b1-40b8-b250-d9da94208c62", "title": "EasyJobs <= 1.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg", "slug": "easyjobs", "affected_versions": { "[*, 1.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3c4b62b-c8b1-40b8-b250-d9da94208c62?source=api-scan" ], "published": "2022-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3c6fb8b-9df8-4cf5-b9e6-702852bb1977": { "id": "d3c6fb8b-9df8-4cf5-b9e6-702852bb1977", "title": "PixFields <= 0.7.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PixFields", "slug": "pixfields", "affected_versions": { "* - 0.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3c6fb8b-9df8-4cf5-b9e6-702852bb1977?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3c997cd-37b4-4b9c-b99e-397be484aa36": { "id": "d3c997cd-37b4-4b9c-b99e-397be484aa36", "title": "Soisy Pagamento Rateale <= 6.0.1 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Soisy Pagamento Rateale", "slug": "soisy-pagamento-rateale", "affected_versions": { "* - 6.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3ca4c3c-2b20-42d4-8dcf-77f4d52c25a3": { "id": "d3ca4c3c-2b20-42d4-8dcf-77f4d52c25a3", "title": "Square <= 2.0.0 - Missing Authorization via activate_plugin", "software": [ { "type": "theme", "name": "Square", "slug": "square", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3ca4c3c-2b20-42d4-8dcf-77f4d52c25a3?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3cda8d0-321c-4b15-980e-5ebf49fac367": { "id": "d3cda8d0-321c-4b15-980e-5ebf49fac367", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3cda8d0-321c-4b15-980e-5ebf49fac367?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3d0f705-2458-4cc6-8730-997314084f24": { "id": "d3d0f705-2458-4cc6-8730-997314084f24", "title": "Invitation Code Content Restriction Plugin from CreativeMinds <= 1.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Invitation Code Content Restriction Plugin from CreativeMinds", "slug": "invitation-code-content-access", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3d0f705-2458-4cc6-8730-997314084f24?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3d26aa4-8bea-48e8-ad14-513690a31831": { "id": "d3d26aa4-8bea-48e8-ad14-513690a31831", "title": "Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode", "software": [ { "type": "plugin", "name": "Button", "slug": "button", "affected_versions": { "* - 1.1.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3d26aa4-8bea-48e8-ad14-513690a31831?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3d6104b-eb2d-4e7e-98bd-6a46bd69ef5c": { "id": "d3d6104b-eb2d-4e7e-98bd-6a46bd69ef5c", "title": "OPcache Dashboard <= 0.3.1 - Reflected Cross-Site Scripting via 'page'", "software": [ { "type": "plugin", "name": "OPcache Dashboard", "slug": "opcache", "affected_versions": { "* - 0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3d6104b-eb2d-4e7e-98bd-6a46bd69ef5c?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3d795f5-c79a-4615-be1f-120a6ffd663d": { "id": "d3d795f5-c79a-4615-be1f-120a6ffd663d", "title": "Ninja Forms <= 3.6.25 - Authenticated (Administrator+) Stored HTML Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3d795f5-c79a-4615-be1f-120a6ffd663d?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3dae870-9b5f-47ef-b8b2-23fac613ec00": { "id": "d3dae870-9b5f-47ef-b8b2-23fac613ec00", "title": "i2 Pros & Cons <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "i2 Pros & Cons", "slug": "i2-pro-cons", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3dae870-9b5f-47ef-b8b2-23fac613ec00?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3dccecb-893c-4746-9047-5c32ca227508": { "id": "d3dccecb-893c-4746-9047-5c32ca227508", "title": "Blog2Social: Social Media Auto Post & Scheduler <= 5.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "[*, 5.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3dccecb-893c-4746-9047-5c32ca227508?source=api-scan" ], "published": "2019-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3df5cc6-f998-409a-93fe-e514633e4905": { "id": "d3df5cc6-f998-409a-93fe-e514633e4905", "title": "Uk Cookie <= 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Uk Cookie", "slug": "uk-cookie", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3df5cc6-f998-409a-93fe-e514633e4905?source=api-scan" ], "published": "2012-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3dfa92a-57da-49ab-95f7-504fa99ed47f": { "id": "d3dfa92a-57da-49ab-95f7-504fa99ed47f", "title": "oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode", "software": [ { "type": "plugin", "name": "oik", "slug": "oik", "affected_versions": { "* - 4.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3dfa92a-57da-49ab-95f7-504fa99ed47f?source=api-scan" ], "published": "2024-07-08 23:21:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3e0f601-d445-4805-858a-8ad1ce9e62df": { "id": "d3e0f601-d445-4805-858a-8ad1ce9e62df", "title": "Dewplayer <= 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dewplayer", "slug": "dewplayer-flash-mp3-player", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3e0f601-d445-4805-858a-8ad1ce9e62df?source=api-scan" ], "published": "2014-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3e194c0-b35a-496b-b31a-666334312f20": { "id": "d3e194c0-b35a-496b-b31a-666334312f20", "title": "Paid Memberships Pro \u2013 Payfast Gateway Add On <= 1.4.1 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Payfast Gateway Add On", "slug": "pmpro-payfast", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3e194c0-b35a-496b-b31a-666334312f20?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3ea9e96-9958-4a4f-b988-6f024b113fc9": { "id": "d3ea9e96-9958-4a4f-b988-6f024b113fc9", "title": "PromoBar by BestWebSoft \u2013 Customizable Advertisement Banner for WordPress Website <= 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PromoBar by BestWebSoft \u2013 Customizable Advertisement Banner for WordPress Website", "slug": "promobar", "affected_versions": { "[*, 1.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3ea9e96-9958-4a4f-b988-6f024b113fc9?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3ec7d23-4386-470f-955e-631f461e290b": { "id": "d3ec7d23-4386-470f-955e-631f461e290b", "title": "S3 Video Plugin < 0.98 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "S3 Video Plugin", "slug": "s3-video", "affected_versions": { "[*, 0.98)": { "from_version": "*", "from_inclusive": true, "to_version": "0.98", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.98" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3ec7d23-4386-470f-955e-631f461e290b?source=api-scan" ], "published": "2013-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3ee6004-03d1-4216-b22e-0aadc1f4d9de": { "id": "d3ee6004-03d1-4216-b22e-0aadc1f4d9de", "title": "RealHomes <= 4.0.2 - Missing Authorization", "software": [ { "type": "theme", "name": "RealHomes", "slug": "realhomes", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3ee6004-03d1-4216-b22e-0aadc1f4d9de?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3f9e624-c176-403c-a3c5-7bd11027ebe5": { "id": "d3f9e624-c176-403c-a3c5-7bd11027ebe5", "title": "LetterPress <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "LetterPress \u2013 Elevate Your WordPress Site's E-Mail Campaigns and Marketing", "slug": "letterpress", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3f9e624-c176-403c-a3c5-7bd11027ebe5?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d3fb6a84-2339-4d5c-a88a-f8e08a940840": { "id": "d3fb6a84-2339-4d5c-a88a-f8e08a940840", "title": "Responsive Zoom In\/Out Slider WordPress Plugin (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Zoom In\/Out Slider WordPress Plugin", "slug": "lbg_zoominoutslider", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d3fb6a84-2339-4d5c-a88a-f8e08a940840?source=api-scan" ], "published": "2013-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4070a24-04fa-44e8-8ec2-bc84ba53b90d": { "id": "d4070a24-04fa-44e8-8ec2-bc84ba53b90d", "title": "SpiderVPlayer <= 1.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SpiderVPlayer", "slug": "player", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4070a24-04fa-44e8-8ec2-bc84ba53b90d?source=api-scan" ], "published": "2014-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4093f00-838b-49d1-930c-c7ee2238046f": { "id": "d4093f00-838b-49d1-930c-c7ee2238046f", "title": "Photo Gallery by 10Web <= 1.6.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4093f00-838b-49d1-930c-c7ee2238046f?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4095518-0daf-4cfe-a521-86fb1c927f51": { "id": "d4095518-0daf-4cfe-a521-86fb1c927f51", "title": "Quick Chat < 4.00 - SQL Injection", "software": [ { "type": "plugin", "name": "Quick Chat", "slug": "quick-chat", "affected_versions": { "[*, 4.00)": { "from_version": "*", "from_inclusive": true, "to_version": "4.00", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.00" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4095518-0daf-4cfe-a521-86fb1c927f51?source=api-scan" ], "published": "2012-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a": { "id": "d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a", "title": "Digirisk 6.0.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Digirisk", "slug": "digirisk", "affected_versions": { "6.0.0.0": { "from_version": "6.0.0.0", "from_inclusive": true, "to_version": "6.0.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a?source=api-scan" ], "published": "2023-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4170426-b418-48ec-8233-1ca1aca60473": { "id": "d4170426-b418-48ec-8233-1ca1aca60473", "title": "DW Question & Answer < 1.4.2.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DW Question & Answer", "slug": "dw-question-answer", "affected_versions": { "[*, 1.4.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4170426-b418-48ec-8233-1ca1aca60473?source=api-scan" ], "published": "2016-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4185a0e-d944-408f-8a43-8f9c6bc3964d": { "id": "d4185a0e-d944-408f-8a43-8f9c6bc3964d", "title": "FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.46.7212": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.46.7212", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.47.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4185a0e-d944-408f-8a43-8f9c6bc3964d?source=api-scan" ], "published": "2024-07-18 19:26:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d41fb15c-9e0b-46d2-b60b-4213facc02a7": { "id": "d41fb15c-9e0b-46d2-b60b-4213facc02a7", "title": "EmbedPress <= 3.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 3.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d41fb15c-9e0b-46d2-b60b-4213facc02a7?source=api-scan" ], "published": "2023-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d42eeda5-7034-4544-be97-8064ff6d3185": { "id": "d42eeda5-7034-4544-be97-8064ff6d3185", "title": "Ajax Pagination (twitter Style) <= 1.1 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Ajax Pagination (twitter Style)", "slug": "ajax-pagination", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d42eeda5-7034-4544-be97-8064ff6d3185?source=api-scan" ], "published": "2014-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d43234d0-5f44-4484-a8d6-16d43d1db51e": { "id": "d43234d0-5f44-4484-a8d6-16d43d1db51e", "title": "WP Dark Mode <= 4.0.7 - Authenticated (Subscriber+) Local File Inclusion via 'style'", "software": [ { "type": "plugin", "name": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing", "slug": "wp-dark-mode", "affected_versions": { "* - 4.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d43234d0-5f44-4484-a8d6-16d43d1db51e?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4325e51-5d57-4763-a6c4-29c67330bdbd": { "id": "d4325e51-5d57-4763-a6c4-29c67330bdbd", "title": "FoxyPress <= 0.4.2.7 - Open Redirect", "software": [ { "type": "plugin", "name": "FoxyPress", "slug": "foxypress", "affected_versions": { "* - 0.4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4325e51-5d57-4763-a6c4-29c67330bdbd?source=api-scan" ], "published": "2012-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d433a5b3-4661-4246-ae60-8a99633372ad": { "id": "d433a5b3-4661-4246-ae60-8a99633372ad", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'deleteRedirect' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d433a5b3-4661-4246-ae60-8a99633372ad?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4429eb0-2b9a-4366-9f93-90484872c48e": { "id": "d4429eb0-2b9a-4366-9f93-90484872c48e", "title": "Church Admin <= 4.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4429eb0-2b9a-4366-9f93-90484872c48e?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4491b89-2120-4edb-a396-e45ba09b3b99": { "id": "d4491b89-2120-4edb-a396-e45ba09b3b99", "title": "Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account'", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4491b89-2120-4edb-a396-e45ba09b3b99?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d449466d-e78a-48a3-8eff-90b56646dd6b": { "id": "d449466d-e78a-48a3-8eff-90b56646dd6b", "title": "Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 5.12.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d449466d-e78a-48a3-8eff-90b56646dd6b?source=api-scan" ], "published": "2023-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d44a45fb-3bff-4a1f-8319-a58a47a9d76b": { "id": "d44a45fb-3bff-4a1f-8319-a58a47a9d76b", "title": "Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d44a45fb-3bff-4a1f-8319-a58a47a9d76b?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d44ecf8a-d19a-403a-96c7-89e223a5cc22": { "id": "d44ecf8a-d19a-403a-96c7-89e223a5cc22", "title": "Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d44f8891-cc24-4f6f-9032-3a4c632c6fb6": { "id": "d44f8891-cc24-4f6f-9032-3a4c632c6fb6", "title": "Image Optimizer, Resizer and CDN \u2013 Sirv <= 6.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 6.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d44f8891-cc24-4f6f-9032-3a4c632c6fb6?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4561441-d147-4c02-a837-c1656e17627d": { "id": "d4561441-d147-4c02-a837-c1656e17627d", "title": "Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url", "software": [ { "type": "plugin", "name": "Everest Forms \u2013 Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!", "slug": "everest-forms", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4561441-d147-4c02-a837-c1656e17627d?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d45a4b0b-bb98-4c35-a743-c434946002a2": { "id": "d45a4b0b-bb98-4c35-a743-c434946002a2", "title": "Responsive Lightbox2 <= 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Lightbox2", "slug": "responsive-lightbox2", "affected_versions": { "[*, 1.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d45a4b0b-bb98-4c35-a743-c434946002a2?source=api-scan" ], "published": "2020-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d460cc34-c8b0-453b-9b6b-3bd53137625a": { "id": "d460cc34-c8b0-453b-9b6b-3bd53137625a", "title": "Booking Package <= 1.6.01 - Reflected Cross-Site Scripting via 'mode'", "software": [ { "type": "plugin", "name": "Booking Package", "slug": "booking-package", "affected_versions": { "* - 1.6.01": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d460cc34-c8b0-453b-9b6b-3bd53137625a?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4655236-7dfe-40ae-9d0c-6eacc59af13d": { "id": "d4655236-7dfe-40ae-9d0c-6eacc59af13d", "title": "Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification", "software": [ { "type": "plugin", "name": "Hide Dashboard Notifications", "slug": "wp-hide-backed-notices", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4655236-7dfe-40ae-9d0c-6eacc59af13d?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4664b8d-4f8f-4be3-90e9-2dba4e737b2c": { "id": "d4664b8d-4f8f-4be3-90e9-2dba4e737b2c", "title": "Smart Logo Showcase Lite <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Responsive Clients Logo Gallery Plugin for WordPress \u2013 Smart Logo Showcase Lite", "slug": "smart-logo-showcase-lite", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4664b8d-4f8f-4be3-90e9-2dba4e737b2c?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d46edcfe-ab6b-4966-9d85-40a2e2ee3d44": { "id": "d46edcfe-ab6b-4966-9d85-40a2e2ee3d44", "title": "Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "* - 1.3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d46edcfe-ab6b-4966-9d85-40a2e2ee3d44?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d46f8e8a-80cb-4407-ac07-f4c93be691b6": { "id": "d46f8e8a-80cb-4407-ac07-f4c93be691b6", "title": "RegistrationMagic \u2013 Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 4.6.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d46f8e8a-80cb-4407-ac07-f4c93be691b6?source=api-scan" ], "published": "2020-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d47d582d-7c90-4f49-aee1-03a8775b850d": { "id": "d47d582d-7c90-4f49-aee1-03a8775b850d", "title": "Duplicator <= 1.5.9 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d47d582d-7c90-4f49-aee1-03a8775b850d?source=api-scan" ], "published": "2024-07-10 13:42:05", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d47f5d90-dc7d-4500-a6e6-e585e4a5c11b": { "id": "d47f5d90-dc7d-4500-a6e6-e585e4a5c11b", "title": "Change WooCommerce Add To Cart Button Text <= 1.3 - Missing Authorization via rexvs_settings_submit", "software": [ { "type": "plugin", "name": "Change WooCommerce Add To Cart Button Text", "slug": "change-woocommerce-add-to-cart-button-text", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d47f5d90-dc7d-4500-a6e6-e585e4a5c11b?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4804081-67b1-4c62-af8e-bdbcea2ba6e7": { "id": "d4804081-67b1-4c62-af8e-bdbcea2ba6e7", "title": "WP Support Plus Responsive Ticket System <= 7.1.4 - Authentication Bypass", "software": [ { "type": "plugin", "name": "WP Support Plus Responsive Ticket System", "slug": "wp-support-plus-responsive-ticket-system", "affected_versions": { "[*, 8.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4804081-67b1-4c62-af8e-bdbcea2ba6e7?source=api-scan" ], "published": "2016-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d484500f-c8c1-4278-8a38-82a7fd5674f9": { "id": "d484500f-c8c1-4278-8a38-82a7fd5674f9", "title": "ProjectHuddle Client Site <= 1.0.34 - Missing Authorization via ph_child_ajax_notice_handler", "software": [ { "type": "plugin", "name": "SureFeedback Client Site", "slug": "projecthuddle-child-site", "affected_versions": { "* - 1.0.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d484500f-c8c1-4278-8a38-82a7fd5674f9?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d488cfef-8ee7-483a-94f2-c172e5576005": { "id": "d488cfef-8ee7-483a-94f2-c172e5576005", "title": "SSU <= 1.5.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "SSU \u2013 WordPress Amazon S3 & Wasabi Smart File Uploads Plugin", "slug": "wp-s3-smart-upload", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d488cfef-8ee7-483a-94f2-c172e5576005?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4933a30-974f-487d-9444-b0ea1283a09c": { "id": "d4933a30-974f-487d-9444-b0ea1283a09c", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4933a30-974f-487d-9444-b0ea1283a09c?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4994d7d-82f7-4cb0-869f-e27abe04b621": { "id": "d4994d7d-82f7-4cb0-869f-e27abe04b621", "title": "Knews Multilingual Newsletters Plugin <= 1.7.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Knews Multilingual Newsletters", "slug": "knews", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4994d7d-82f7-4cb0-869f-e27abe04b621?source=api-scan" ], "published": "2015-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d49a2180-cf3f-4ef9-805f-e7592b793a2c": { "id": "d49a2180-cf3f-4ef9-805f-e7592b793a2c", "title": "WP Ultimate Email Marketer <= 1.1.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Ultimate Email Marketer", "slug": "wp-ultimate-email-marketer", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d49a2180-cf3f-4ef9-805f-e7592b793a2c?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d49b8c44-4dad-4990-a8a8-116b424a7dfa": { "id": "d49b8c44-4dad-4990-a8a8-116b424a7dfa", "title": "Post Meta Data Manager <= 1.2.1 - Cross-Site Request Forgery to Post, Term, and User Meta Deletion", "software": [ { "type": "plugin", "name": "Post Meta Data Manager", "slug": "post-meta-data-manager", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d49b8c44-4dad-4990-a8a8-116b424a7dfa?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d49bd587-26fc-48fb-86aa-a043a5938d43": { "id": "d49bd587-26fc-48fb-86aa-a043a5938d43", "title": "CP Image Store with Slideshow < 1.0.7 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "CP Image Store with Slideshow", "slug": "cp-image-store", "affected_versions": { "[*, 1.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d49bd587-26fc-48fb-86aa-a043a5938d43?source=api-scan" ], "published": "2015-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4a59aa8-db96-4487-97e9-e42aa57967fc": { "id": "d4a59aa8-db96-4487-97e9-e42aa57967fc", "title": "IdeaPush <= 8.65 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IdeaPush", "slug": "ideapush", "affected_versions": { "* - 8.65": { "from_version": "*", "from_inclusive": true, "to_version": "8.65", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.66" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4a59aa8-db96-4487-97e9-e42aa57967fc?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4a5c931-16f8-41b6-b4b6-567aa6c6c90e": { "id": "d4a5c931-16f8-41b6-b4b6-567aa6c6c90e", "title": "All-In-One Security <= 5.1.2 - Information Disclosure", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4a5c931-16f8-41b6-b4b6-567aa6c6c90e?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4a6c1e4-635f-4d4d-87a4-8eeded25f07f": { "id": "d4a6c1e4-635f-4d4d-87a4-8eeded25f07f", "title": "WP Forum Server < 1.7.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Forum Server", "slug": "forum-server", "affected_versions": { "[*, 1.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4a6c1e4-635f-4d4d-87a4-8eeded25f07f?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4a7c647-4c57-499a-8e46-ca273985bd6d": { "id": "d4a7c647-4c57-499a-8e46-ca273985bd6d", "title": "Contact Form to Any API <= 1.1.6 - Missing Authorization via delete_cf7_records()", "software": [ { "type": "plugin", "name": "Contact Form to Any API", "slug": "contact-form-to-any-api", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4a7c647-4c57-499a-8e46-ca273985bd6d?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4a905c0-f958-4c9b-9e96-dd8653b50497": { "id": "d4a905c0-f958-4c9b-9e96-dd8653b50497", "title": "WPCafe <= 2.2.28 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce", "slug": "wp-cafe", "affected_versions": { "* - 2.2.28": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4a905c0-f958-4c9b-9e96-dd8653b50497?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4aaca22-76b9-42ec-a960-65d44d696324": { "id": "d4aaca22-76b9-42ec-a960-65d44d696324", "title": "Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "Mail Queue", "slug": "mail-queue", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4aaca22-76b9-42ec-a960-65d44d696324?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4ae4e05-cdbf-481f-abcc-9704e75ec8ad": { "id": "d4ae4e05-cdbf-481f-abcc-9704e75ec8ad", "title": "Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4ae4e05-cdbf-481f-abcc-9704e75ec8ad?source=api-scan" ], "published": "2022-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4b17cce-bb52-4125-8c85-6da15517275f": { "id": "d4b17cce-bb52-4125-8c85-6da15517275f", "title": "Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders", "software": [ { "type": "plugin", "name": "Ebook Store", "slug": "ebook-store", "affected_versions": { "* - 5.775": { "from_version": "*", "from_inclusive": true, "to_version": "5.775", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.78" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4b17cce-bb52-4125-8c85-6da15517275f?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4b6d2c6-d157-4c4c-b6e1-557b8353c742": { "id": "d4b6d2c6-d157-4c4c-b6e1-557b8353c742", "title": "Auto Tag Creator <= 1.0.2 - Missing Authorization via tag_save_settings_callback", "software": [ { "type": "plugin", "name": "Auto Tag Creator", "slug": "auto-tag-creator", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4b6d2c6-d157-4c4c-b6e1-557b8353c742?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4ba4365-449e-4271-b46e-7f149efc752c": { "id": "d4ba4365-449e-4271-b46e-7f149efc752c", "title": "Video Conferencing with Zoom < 3.8.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Conferencing with Zoom", "slug": "video-conferencing-with-zoom-api", "affected_versions": { "[*, 3.8.16)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4ba4365-449e-4271-b46e-7f149efc752c?source=api-scan" ], "published": "2021-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4bbb00b-4baf-4dc1-85ab-3ca3d59eaf33": { "id": "d4bbb00b-4baf-4dc1-85ab-3ca3d59eaf33", "title": "Easy Forms for Mailchimp < 6.1 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "[*, 6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4bbb00b-4baf-4dc1-85ab-3ca3d59eaf33?source=api-scan" ], "published": "2016-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4bce9d1-38b9-4c25-b5dc-fd9dedfc3ede": { "id": "d4bce9d1-38b9-4c25-b5dc-fd9dedfc3ede", "title": "WholesaleX \u2013 WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) <= 1.3.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "WholesaleX \u2013 WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)", "slug": "wholesalex", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4bce9d1-38b9-4c25-b5dc-fd9dedfc3ede?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4beb0b7-e287-43bd-b8d1-3aa65e268ead": { "id": "d4beb0b7-e287-43bd-b8d1-3aa65e268ead", "title": "Calendarista Basic Edition <= 3.0.2 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calendarista Basic Edition \u2013 WordPress appointment booking system", "slug": "calendarista-basic-edition", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4beb0b7-e287-43bd-b8d1-3aa65e268ead?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4bf80cd-8956-4143-afcb-995013554d56": { "id": "d4bf80cd-8956-4143-afcb-995013554d56", "title": "My Wish List < 1.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Wish List", "slug": "my-wish-list", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4bf80cd-8956-4143-afcb-995013554d56?source=api-scan" ], "published": "2015-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4c1add9-2141-4221-889b-f9b0efebd6c7": { "id": "d4c1add9-2141-4221-889b-f9b0efebd6c7", "title": "Activello <= 1.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Activello", "slug": "activello", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4c1add9-2141-4221-889b-f9b0efebd6c7?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4c27c06-214a-4c20-80d0-b6b4d18737c3": { "id": "d4c27c06-214a-4c20-80d0-b6b4d18737c3", "title": "LiteSpeed Cache <= 5.7 - Unauthenticated Stored Cross-Site Scripting via 'nameservers' and '_msg'", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 5.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4c27c06-214a-4c20-80d0-b6b4d18737c3?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4c56931-c2af-4940-95e4-3f3dae51c31c": { "id": "d4c56931-c2af-4940-95e4-3f3dae51c31c", "title": "Collapse-O-Matic <= 1.8.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Collapse-O-Matic", "slug": "jquery-collapse-o-matic", "affected_versions": { "* - 1.8.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4c56931-c2af-4940-95e4-3f3dae51c31c?source=api-scan" ], "published": "2024-06-14 20:12:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4c5a982-74ba-4a54-8c95-515a628f9c39": { "id": "d4c5a982-74ba-4a54-8c95-515a628f9c39", "title": "FLV Embed <= 1.2.1 - Cross-Site Request Forgery to Options Update", "software": [ { "type": "plugin", "name": "FLV Embed", "slug": "flv-embed", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4c5a982-74ba-4a54-8c95-515a628f9c39?source=api-scan" ], "published": "2022-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4c6d0ef-fe2c-4449-9e9c-135529a99575": { "id": "d4c6d0ef-fe2c-4449-9e9c-135529a99575", "title": "Soundy Background Music <= 3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Soundy Background Music", "slug": "soundy-background-music", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4c6d0ef-fe2c-4449-9e9c-135529a99575?source=api-scan" ], "published": "2016-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4c79242-5c89-40c0-abcc-c112f7a64a74": { "id": "d4c79242-5c89-40c0-abcc-c112f7a64a74", "title": "WPCS \u2013 WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing", "software": [ { "type": "plugin", "name": "WPCS \u2013 WordPress Currency Switcher Professional", "slug": "currency-switcher", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4c79242-5c89-40c0-abcc-c112f7a64a74?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4c8333f-1570-4bf2-a7d0-cce705e88f27": { "id": "d4c8333f-1570-4bf2-a7d0-cce705e88f27", "title": "Secure Copy Content Protection and Content Locking <= 4.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure Copy Content Protection and Content Locking", "slug": "secure-copy-content-protection", "affected_versions": { "* - 4.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4c8333f-1570-4bf2-a7d0-cce705e88f27?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4cb4dea-afaa-4ab5-a48a-f1bee6d4665b": { "id": "d4cb4dea-afaa-4ab5-a48a-f1bee6d4665b", "title": "Striking <= 2.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Striking", "slug": "striking-r", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4cb4dea-afaa-4ab5-a48a-f1bee6d4665b?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4cdf774-c93b-4b94-85ba-aa56bf401873": { "id": "d4cdf774-c93b-4b94-85ba-aa56bf401873", "title": "Bookly <= 21.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Online Booking and Scheduling Plugin \u2013 Bookly", "slug": "bookly-responsive-appointment-booking-tool", "affected_versions": { "21.7": { "from_version": "21.7", "from_inclusive": true, "to_version": "21.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4cdf774-c93b-4b94-85ba-aa56bf401873?source=api-scan" ], "published": "2023-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4d11477-8a9a-42a0-aafd-5ef10ca5a349": { "id": "d4d11477-8a9a-42a0-aafd-5ef10ca5a349", "title": "3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery", "slug": "interactive-3d-flipbook-powered-physics-engine", "affected_versions": { "* - 1.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4d11477-8a9a-42a0-aafd-5ef10ca5a349?source=api-scan" ], "published": "2022-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4d5ae93-000e-4001-adfa-c11058032469": { "id": "d4d5ae93-000e-4001-adfa-c11058032469", "title": "Featured Image from URL (FIFU) <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text", "software": [ { "type": "plugin", "name": "Featured Image from URL (FIFU)", "slug": "featured-image-from-url", "affected_versions": { "* - 4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4d5ae93-000e-4001-adfa-c11058032469?source=api-scan" ], "published": "2023-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4d9e8fa-abc5-477a-bf99-dc910f0aabda": { "id": "d4d9e8fa-abc5-477a-bf99-dc910f0aabda", "title": "The Moneytizer <= 9.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Moneytizer", "slug": "the-moneytizer", "affected_versions": { "* - 9.5.20": { "from_version": "*", "from_inclusive": true, "to_version": "9.5.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4d9e8fa-abc5-477a-bf99-dc910f0aabda?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4da8ead-326f-4c93-b56d-8bfa643d7906": { "id": "d4da8ead-326f-4c93-b56d-8bfa643d7906", "title": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.4 - Authenticater (Administrator+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "2.0 - 2.13.4": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.13.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4da8ead-326f-4c93-b56d-8bfa643d7906?source=api-scan" ], "published": "2024-08-19 14:58:34", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4dacd15-85cc-41f5-830c-b02c85c798f9": { "id": "d4dacd15-85cc-41f5-830c-b02c85c798f9", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'cronLogDeleteOption' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4dacd15-85cc-41f5-830c-b02c85c798f9?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4e04650-624a-4440-b166-8de0f24bb1dd": { "id": "d4e04650-624a-4440-b166-8de0f24bb1dd", "title": "WP ERP <= 1.12.9 - Authenticated (AccountingManager+) SQL Injection", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.12.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4e04650-624a-4440-b166-8de0f24bb1dd?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4e1ca02-4eb5-4a46-99d5-89630f37d9ed": { "id": "d4e1ca02-4eb5-4a46-99d5-89630f37d9ed", "title": "Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Steveas WP Live Chat Shoutbox", "slug": "wp-shoutbox-live-chat", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4e1ca02-4eb5-4a46-99d5-89630f37d9ed?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4e3e818-8d47-467a-b5cf-7eebd6a624a2": { "id": "d4e3e818-8d47-467a-b5cf-7eebd6a624a2", "title": "ThinkTwit < 1.7.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ThinkTwit", "slug": "thinktwit", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4e3e818-8d47-467a-b5cf-7eebd6a624a2?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4e97c01-7e8a-41b7-90ad-029d8c5fd37c": { "id": "d4e97c01-7e8a-41b7-90ad-029d8c5fd37c", "title": "BookIt <= 2.4.3 - Authenticated(Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Booking Calendar | Appointment Booking | Bookit", "slug": "bookit", "affected_versions": { "[*, 2.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4e97c01-7e8a-41b7-90ad-029d8c5fd37c?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4efe60a-d8e3-4e51-95b2-246e30e90e89": { "id": "d4efe60a-d8e3-4e51-95b2-246e30e90e89", "title": "Uncode Core <= 2.8.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "uncode-core", "slug": "uncode-core", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4efe60a-d8e3-4e51-95b2-246e30e90e89?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4f28285-bfa3-4063-bc8b-303db72d0156": { "id": "d4f28285-bfa3-4063-bc8b-303db72d0156", "title": "Timely All-in-One Events Calendar <= 2.5.38 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Timely All-in-One Events Calendar", "slug": "all-in-one-event-calendar", "affected_versions": { "* - 2.5.38": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4f28285-bfa3-4063-bc8b-303db72d0156?source=api-scan" ], "published": "2019-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4f29711-6aec-4481-a3bc-2303592bb79c": { "id": "d4f29711-6aec-4481-a3bc-2303592bb79c", "title": "WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Wishlist Member", "slug": "wishlist-member-x", "affected_versions": { "* - 3.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.25.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4f29711-6aec-4481-a3bc-2303592bb79c?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4f3d386-98cc-4b5a-b13f-841e812bb37f": { "id": "d4f3d386-98cc-4b5a-b13f-841e812bb37f", "title": "Enfold < 3.0.1 - Unspecified Vulnerability", "software": [ { "type": "theme", "name": "Enfold - Responsive Multi-Purpose Theme", "slug": "enfold", "affected_versions": { "[*, 3.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4f3d386-98cc-4b5a-b13f-841e812bb37f?source=api-scan" ], "published": "2014-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4f60e8c-2745-4930-9101-914bd73c6e1c": { "id": "d4f60e8c-2745-4930-9101-914bd73c6e1c", "title": "Horizontal scrolling announcement <= 9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Horizontal scrolling announcement", "slug": "horizontal-scrolling-announcement", "affected_versions": { "* - 9.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4f60e8c-2745-4930-9101-914bd73c6e1c?source=api-scan" ], "published": "2023-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d4fb697f-4571-4aa8-8430-fd4f457de2a8": { "id": "d4fb697f-4571-4aa8-8430-fd4f457de2a8", "title": "Corona Virus (COVID-19) Banner & Live Data <= 1.8.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Website Banner", "slug": "corona-virus-covid-19-banner", "affected_versions": { "* - 1.8.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d4fb697f-4571-4aa8-8430-fd4f457de2a8?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d502e617-a59f-4385-b050-3702a1b1ed7e": { "id": "d502e617-a59f-4385-b050-3702a1b1ed7e", "title": "BoldGrid Easy SEO \u2013 Simple and Effective SEO <= 1.6.14 - Information Exposure", "software": [ { "type": "plugin", "name": "BoldGrid Easy SEO \u2013 Simple and Effective SEO", "slug": "boldgrid-easy-seo", "affected_versions": { "* - 1.6.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d502e617-a59f-4385-b050-3702a1b1ed7e?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d503de5f-ba13-4c51-b514-15f2e7b2752b": { "id": "d503de5f-ba13-4c51-b514-15f2e7b2752b", "title": "WP 2FA <= 2.6.3 - Unauthenticated Information Exposure via Log File", "software": [ { "type": "plugin", "name": "WP 2FA \u2013 Two-factor authentication for WordPress", "slug": "wp-2fa", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d503de5f-ba13-4c51-b514-15f2e7b2752b?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d50d0e87-a4be-465b-8cc1-4b56201c9fc0": { "id": "d50d0e87-a4be-465b-8cc1-4b56201c9fc0", "title": "AIKit <= 4.14.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "AIKit - WordPress AI Automatic Writer, Chatbot, Writing Assistant & Content Repurposer \/ OpenAI GPT", "slug": "aikit-wordpress-ai-writing-assistant-using-gpt3", "affected_versions": { "* - 4.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d50d0e87-a4be-465b-8cc1-4b56201c9fc0?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d50d8d51-3bb4-4556-95e3-06812a31d0d6": { "id": "d50d8d51-3bb4-4556-95e3-06812a31d0d6", "title": "Image Optimizer WD <= 1.0.26 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Optimizer by 10web \u2013 Image Optimizer and Compression plugin", "slug": "image-optimizer-wd", "affected_versions": { "* - 1.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d50d8d51-3bb4-4556-95e3-06812a31d0d6?source=api-scan" ], "published": "2023-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d51d8b79-04ff-470f-92da-12eb72ac023a": { "id": "d51d8b79-04ff-470f-92da-12eb72ac023a", "title": "WP Ticket Ultra Help Desk & Support Plugin <= 1.0.5 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Ticket Ultra Help Desk & Support Plugin", "slug": "wp-ticket-ultra", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d51d8b79-04ff-470f-92da-12eb72ac023a?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d51db160-c701-426d-890f-73cc4785cad8": { "id": "d51db160-c701-426d-890f-73cc4785cad8", "title": "Restaurant Reservations <= 1.9 - Directory Traversal to Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Restaurant Reservations", "slug": "nd-restaurant-reservations", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d51db160-c701-426d-890f-73cc4785cad8?source=api-scan" ], "published": "2024-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d51f0230-b85c-4c2d-9fa0-e68b52e51c76": { "id": "d51f0230-b85c-4c2d-9fa0-e68b52e51c76", "title": "WP Inventory Manager <= 2.1.0.13 - Cross-Site Request Forgery via delete_item", "software": [ { "type": "plugin", "name": "WP Inventory Manager", "slug": "wp-inventory-manager", "affected_versions": { "* - 2.1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d51f0230-b85c-4c2d-9fa0-e68b52e51c76?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5244db8-86b3-4d1d-8fd6-febfd5a7372e": { "id": "d5244db8-86b3-4d1d-8fd6-febfd5a7372e", "title": "Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion", "software": [ { "type": "theme", "name": "rehub-theme", "slug": "rehub-theme", "affected_versions": { "* - 19.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5244db8-86b3-4d1d-8fd6-febfd5a7372e?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d524a2c1-43df-4059-b1ec-b0738026158e": { "id": "d524a2c1-43df-4059-b1ec-b0738026158e", "title": "Travel Booking WordPress Theme < 2.8.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Travel Booking WordPress Theme", "slug": "traveler", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d524a2c1-43df-4059-b1ec-b0738026158e?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d52983d1-7da4-44e6-bfed-75107b923267": { "id": "d52983d1-7da4-44e6-bfed-75107b923267", "title": "Kish Guest Posting <= 1.2 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Kish Guest Posting", "slug": "kish-guest-posting", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d52983d1-7da4-44e6-bfed-75107b923267?source=api-scan" ], "published": "2012-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d52cdc45-efea-46b5-9004-f3169e807747": { "id": "d52cdc45-efea-46b5-9004-f3169e807747", "title": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme <= 2.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme", "slug": "kingcomposer", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d52cdc45-efea-46b5-9004-f3169e807747?source=api-scan" ], "published": "2020-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d52d3291-838a-4b23-b969-8c6273faec1e": { "id": "d52d3291-838a-4b23-b969-8c6273faec1e", "title": "Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Product Filter For WooCommerce Product", "slug": "product-filter-for-woocommerce-product", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d52d3291-838a-4b23-b969-8c6273faec1e?source=api-scan" ], "published": "2022-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d52f601b-6a80-4b6f-895b-fcbbdf73103a": { "id": "d52f601b-6a80-4b6f-895b-fcbbdf73103a", "title": "3DPrint Lite < 1.9.1.5 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "3DPrint Lite", "slug": "3dprint-lite", "affected_versions": { "[*, 1.9.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d52f601b-6a80-4b6f-895b-fcbbdf73103a?source=api-scan" ], "published": "2021-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d53069a3-5b8e-4ee1-b4da-97ff8f58ab03": { "id": "d53069a3-5b8e-4ee1-b4da-97ff8f58ab03", "title": "Code Styling Localization <= 1.99.19 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Codestyling Localization", "slug": "codestyling-localization", "affected_versions": { "* - 1.99.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.99.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.99.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d53069a3-5b8e-4ee1-b4da-97ff8f58ab03?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d53161ad-cc5f-4433-b288-a8095cdfd7db": { "id": "d53161ad-cc5f-4433-b288-a8095cdfd7db", "title": "Blog-in-Blog <= 1.1.1 - Authenticated (Editor+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Blog-in-Blog", "slug": "blog-in-blog", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d53161ad-cc5f-4433-b288-a8095cdfd7db?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d535c069-cfa3-4c41-9a01-b4c4e7c75764": { "id": "d535c069-cfa3-4c41-9a01-b4c4e7c75764", "title": "Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service", "software": [ { "type": "plugin", "name": "Publisher Media Kit", "slug": "publisher-media-kit", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] }, { "type": "plugin", "name": "Retro Winamp Block", "slug": "retro-winamp-block", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Block for Apple Maps", "slug": "maps-block-apple", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "Autopost for X (formerly Autoshare for Twitter)", "slug": "autoshare-for-twitter", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d535c069-cfa3-4c41-9a01-b4c4e7c75764?source=api-scan" ], "published": "2022-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d536d3a8-9ac5-4ea9-8c65-16ad8b3a7106": { "id": "d536d3a8-9ac5-4ea9-8c65-16ad8b3a7106", "title": "Happy Elementor Addons Pro <= 2.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor Pro", "slug": "happy-elementor-addons-pro", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d536d3a8-9ac5-4ea9-8c65-16ad8b3a7106?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d539a066-6b59-4235-868e-f3085436e9f4": { "id": "d539a066-6b59-4235-868e-f3085436e9f4", "title": "Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gantry 4 Framework", "slug": "gantry", "affected_versions": { "* - 4.1.21": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d539a066-6b59-4235-868e-f3085436e9f4?source=api-scan" ], "published": "2024-10-17 15:42:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5400ec0-383b-4ac5-9b38-44533519e44d": { "id": "d5400ec0-383b-4ac5-9b38-44533519e44d", "title": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more <= 5.1.7 - Object Injection", "software": [ { "type": "plugin", "name": "JoomSport \u2013 for Sports: Team & League, Football, Hockey & more", "slug": "joomsport-sports-league-results-management", "affected_versions": { "[*, 5.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5400ec0-383b-4ac5-9b38-44533519e44d?source=api-scan" ], "published": "2021-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d541f86a-744e-498e-bfab-b1a917c6ac49": { "id": "d541f86a-744e-498e-bfab-b1a917c6ac49", "title": "Easy Career Opening <= 0.4 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Career Openings", "slug": "easy-career-openings", "affected_versions": { "* - 0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d541f86a-744e-498e-bfab-b1a917c6ac49?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d542c1e8-7e9f-4687-8739-0ebcb865b998": { "id": "d542c1e8-7e9f-4687-8739-0ebcb865b998", "title": "Media Library Categories <= 1.9.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Media Library Categories", "slug": "wp-media-library-categories", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d542c1e8-7e9f-4687-8739-0ebcb865b998?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d549fcd5-6808-4d7d-bf1f-df8cfa458744": { "id": "d549fcd5-6808-4d7d-bf1f-df8cfa458744", "title": "Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick\/Bulk Order Form for WooCommerce", "slug": "woocommerce-bulk-order-form", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d549fcd5-6808-4d7d-bf1f-df8cfa458744?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d54b4dc9-8590-433c-873a-efb49e2e79cd": { "id": "d54b4dc9-8590-433c-873a-efb49e2e79cd", "title": "Hueman <= 3.6.3 - Cross-Site Request Forgery Bypass", "software": [ { "type": "theme", "name": "Hueman", "slug": "hueman", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d54b4dc9-8590-433c-873a-efb49e2e79cd?source=api-scan" ], "published": "2020-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d54c7623-25af-4bf1-a6e0-9022ec26f391": { "id": "d54c7623-25af-4bf1-a6e0-9022ec26f391", "title": "Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial", "software": [ { "type": "plugin", "name": "Jeg Elementor Kit", "slug": "jeg-elementor-kit", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d54c7623-25af-4bf1-a6e0-9022ec26f391?source=api-scan" ], "published": "2024-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5502ebc-0b35-4966-bff6-90efdcb0db58": { "id": "d5502ebc-0b35-4966-bff6-90efdcb0db58", "title": "MultiParcels Shipping For WooCommerce <= 1.14.13 - Missing Authorization via get_history", "software": [ { "type": "plugin", "name": "MultiParcels Shipping For WooCommerce", "slug": "multiparcels-shipping-for-woocommerce", "affected_versions": { "* - 1.14.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5502ebc-0b35-4966-bff6-90efdcb0db58?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d55033fb-17a6-4b8d-87f4-1c102ef7dbcd": { "id": "d55033fb-17a6-4b8d-87f4-1c102ef7dbcd", "title": "Limb Gallery \u2013 Create Beautiful Image & Video Galleries <= 1.3.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Limb Gallery | Create Beautiful Image & Video Galleries", "slug": "limb-gallery", "affected_versions": { "[*, 1.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d55033fb-17a6-4b8d-87f4-1c102ef7dbcd?source=api-scan" ], "published": "2019-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d557ccb4-99c3-4286-91cd-87576a95f179": { "id": "d557ccb4-99c3-4286-91cd-87576a95f179", "title": "Repagent (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "repagent", "slug": "repagent", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d557ccb4-99c3-4286-91cd-87576a95f179?source=api-scan" ], "published": "2013-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d557db81-9689-4fc1-b749-3595859048de": { "id": "d557db81-9689-4fc1-b749-3595859048de", "title": "Testimonial Slider <= 1.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Testimonial Slider", "slug": "testimonial-slider", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d557db81-9689-4fc1-b749-3595859048de?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d559b862-ee07-4207-8c64-81961516a046": { "id": "d559b862-ee07-4207-8c64-81961516a046", "title": "Testimonial Carousel For Elementor <= 10.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial Carousel For Elementor", "slug": "testimonials-carousel-elementor", "affected_versions": { "* - 10.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "10.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d559b862-ee07-4207-8c64-81961516a046?source=api-scan" ], "published": "2024-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d55b210f-bbed-4206-a109-99f217a2eb67": { "id": "d55b210f-bbed-4206-a109-99f217a2eb67", "title": "ARMember <= 4.0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d55b210f-bbed-4206-a109-99f217a2eb67?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d55bab2a-5e2e-440e-b4fa-03853679ba22": { "id": "d55bab2a-5e2e-440e-b4fa-03853679ba22", "title": "Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=api-scan" ], "published": "2024-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d55c832b-f558-4e8a-8301-33dd38d39ef1": { "id": "d55c832b-f558-4e8a-8301-33dd38d39ef1", "title": "Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d55f10f3-5484-4b90-80da-3d91f409fe04": { "id": "d55f10f3-5484-4b90-80da-3d91f409fe04", "title": "Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass", "software": [ { "type": "plugin", "name": "Event Espresso \u2013 Event Registration & Ticketing Sales", "slug": "event-espresso-decaf", "affected_versions": { "* - 4.10.44.decaf": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.44.decaf", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.45.decaf" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d55f10f3-5484-4b90-80da-3d91f409fe04?source=api-scan" ], "published": "2023-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d560f28f-899c-44cf-8640-55647c1de7dc": { "id": "d560f28f-899c-44cf-8640-55647c1de7dc", "title": "ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ScrollTo Bottom", "slug": "scrollto-bottom", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d560f28f-899c-44cf-8640-55647c1de7dc?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5631826-6975-41e9-a896-f2aa0581334f": { "id": "d5631826-6975-41e9-a896-f2aa0581334f", "title": "News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection", "software": [ { "type": "theme", "name": "News Flash", "slug": "news-flash", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5631826-6975-41e9-a896-f2aa0581334f?source=api-scan" ], "published": "2024-08-07 13:00:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5688bb7-cd2d-42c6-b8cf-d908448ccfc1": { "id": "d5688bb7-cd2d-42c6-b8cf-d908448ccfc1", "title": "Order Your Posts Manually <= 2.2.5 - Reflected Cross-Site Scripting via 'cat_id'", "software": [ { "type": "plugin", "name": "Order Your Posts Manually", "slug": "order-your-posts-manually", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5688bb7-cd2d-42c6-b8cf-d908448ccfc1?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d56aaa20-f40c-4f99-bc38-0b14fa39a175": { "id": "d56aaa20-f40c-4f99-bc38-0b14fa39a175", "title": "Kebo Twitter Feed <= 1.5.12 - Cross-Site Request Forgery via kebo_twitter_menu_render", "software": [ { "type": "plugin", "name": "Kebo Twitter Feed", "slug": "kebo-twitter-feed", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d56aaa20-f40c-4f99-bc38-0b14fa39a175?source=api-scan" ], "published": "2023-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d570009f-0011-485a-bd14-f511cb2b60d7": { "id": "d570009f-0011-485a-bd14-f511cb2b60d7", "title": "Post Kinds < 1.3.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Kinds", "slug": "indieweb-post-kinds", "affected_versions": { "[*, 1.3.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d570009f-0011-485a-bd14-f511cb2b60d7?source=api-scan" ], "published": "2015-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5744ed4-f150-48a6-9f5d-d49f9d4c8454": { "id": "d5744ed4-f150-48a6-9f5d-d49f9d4c8454", "title": "Flex Local Fonts <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flex Local Fonts", "slug": "fsflex-local-fonts", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5744ed4-f150-48a6-9f5d-d49f9d4c8454?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d574ed8b-2887-4a56-9fca-914148095ba1": { "id": "d574ed8b-2887-4a56-9fca-914148095ba1", "title": "AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AN_GradeBook", "slug": "an-gradebook", "affected_versions": { "* - 5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d574ed8b-2887-4a56-9fca-914148095ba1?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d57b8c89-109c-4b3b-bea4-adfe7dbfb26d": { "id": "d57b8c89-109c-4b3b-bea4-adfe7dbfb26d", "title": "Ultimate NoFollow <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Nofollow", "slug": "nofollow", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d57b8c89-109c-4b3b-bea4-adfe7dbfb26d?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d57e4c3b-6e0d-40d5-bcf3-10af797d2f1b": { "id": "d57e4c3b-6e0d-40d5-bcf3-10af797d2f1b", "title": "Shiny Buttons \u2013 CSS3 Button Generator for WordPress <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shiny Buttons \u2013 CSS3 Button Generator for WordPress", "slug": "shiny-buttons", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d57e4c3b-6e0d-40d5-bcf3-10af797d2f1b?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5848d3a-d6a8-4e56-9012-9d600a3cf7fa": { "id": "d5848d3a-d6a8-4e56-9012-9d600a3cf7fa", "title": "Ultimate Maps by Supsystic <= 1.2.4 - Reflected Cross-Site scripting", "software": [ { "type": "plugin", "name": "Ultimate Maps by Supsystic", "slug": "ultimate-maps-by-supsystic", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5848d3a-d6a8-4e56-9012-9d600a3cf7fa?source=api-scan" ], "published": "2021-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d586e455-c73f-4916-a926-4d53699bb434": { "id": "d586e455-c73f-4916-a926-4d53699bb434", "title": "YARPP \u2013 Yet Another Related Posts Plugin <= 5.30.9 - Authenticated(Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YARPP \u2013 Yet Another Related Posts Plugin", "slug": "yet-another-related-posts-plugin", "affected_versions": { "* - 5.30.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.30.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.30.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d586e455-c73f-4916-a926-4d53699bb434?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d586f258-ddd4-48a1-9c7a-2d1b343b0d23": { "id": "d586f258-ddd4-48a1-9c7a-2d1b343b0d23", "title": "post highlights 2.0 - 2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "post highlights", "slug": "post-highlights", "affected_versions": { "2.0 - 2.6": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d586f258-ddd4-48a1-9c7a-2d1b343b0d23?source=api-scan" ], "published": "2014-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d589bada-3568-45ed-9f7c-fb14363a617a": { "id": "d589bada-3568-45ed-9f7c-fb14363a617a", "title": "MainWP (Various extensions) - Missing Authorization to Arbitrary Page\/Post Deletion", "software": [ { "type": "plugin", "name": "MainWP Article Uploader Extension", "slug": "mainwp-article-uploader-extension", "affected_versions": { "4.0.2": { "from_version": "4.0.2", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] }, { "type": "plugin", "name": "MainWP Boilerplate Extension", "slug": "boilerplate-extension", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d589bada-3568-45ed-9f7c-fb14363a617a?source=api-scan" ], "published": "2023-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d58ca75a-f425-477d-8e48-a5d600543578": { "id": "d58ca75a-f425-477d-8e48-a5d600543578", "title": "FooGallery <= 2.2.44 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "* - 2.2.44": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d58ca75a-f425-477d-8e48-a5d600543578?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d58e4317-8ad5-40d5-98b8-f8f07ab37e1f": { "id": "d58e4317-8ad5-40d5-98b8-f8f07ab37e1f", "title": "Stream <= 3.9.2 - Missing Authorization via load_alerts_settings", "software": [ { "type": "plugin", "name": "Stream", "slug": "stream", "affected_versions": { "[*, 3.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d58e4317-8ad5-40d5-98b8-f8f07ab37e1f?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d58fd503-84d0-4d62-9290-870b1dd32be7": { "id": "d58fd503-84d0-4d62-9290-870b1dd32be7", "title": "Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings", "software": [ { "type": "theme", "name": "Bricks", "slug": "bricks", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d58fd503-84d0-4d62-9290-870b1dd32be7?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d592b81d-48c7-4b48-948d-f2b98719fdfc": { "id": "d592b81d-48c7-4b48-948d-f2b98719fdfc", "title": "Minimal Coming Soon \u2013 Coming Soon Page <= 2.33 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Minimal Coming Soon \u2013 Coming Soon Page", "slug": "minimal-coming-soon-maintenance-mode", "affected_versions": { "* - 2.33": { "from_version": "*", "from_inclusive": true, "to_version": "2.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d592b81d-48c7-4b48-948d-f2b98719fdfc?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5947859-df78-475b-89b4-ad2441d9cf63": { "id": "d5947859-df78-475b-89b4-ad2441d9cf63", "title": "Advanced Database Cleaner <= 3.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Database Cleaner", "slug": "advanced-database-cleaner", "affected_versions": { "[*, 3.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5947859-df78-475b-89b4-ad2441d9cf63?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5a124b3-257b-4331-ac8f-eecd7a759127": { "id": "d5a124b3-257b-4331-ac8f-eecd7a759127", "title": "WP-OliveCart <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-OliveCart", "slug": "wp-olivecart", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5a124b3-257b-4331-ac8f-eecd7a759127?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5a3b416-4434-456e-91c7-24f874e8f959": { "id": "d5a3b416-4434-456e-91c7-24f874e8f959", "title": "Shortcode For Elementor Templates <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shortcode For Elementor Templates", "slug": "shortcode-support-for-elementor-templates", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5a3b416-4434-456e-91c7-24f874e8f959?source=api-scan" ], "published": "2024-10-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5a4bfee-5e20-4898-aea2-c7e86718ccca": { "id": "d5a4bfee-5e20-4898-aea2-c7e86718ccca", "title": "iframe <= 5.0 - Authenticated (Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iframe", "slug": "iframe", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5a4bfee-5e20-4898-aea2-c7e86718ccca?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5a6e9f4-dbc3-4af0-b9e4-4c9ad7b5fe9f": { "id": "d5a6e9f4-dbc3-4af0-b9e4-4c9ad7b5fe9f", "title": "Filebird <= 5.1.4 - Missing Authorization via resAdminPermissionsCheck", "software": [ { "type": "plugin", "name": "FileBird \u2013 WordPress Media Library Folders & File Manager", "slug": "filebird", "affected_versions": { "* - 5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5a6e9f4-dbc3-4af0-b9e4-4c9ad7b5fe9f?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5ab090c-14fd-4d58-a915-fd68e5eaefe1": { "id": "d5ab090c-14fd-4d58-a915-fd68e5eaefe1", "title": "AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AllWebMenus WordPress Menu Plugin", "slug": "allwebmenus-wordpress-menu-plugin", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5ab090c-14fd-4d58-a915-fd68e5eaefe1?source=api-scan" ], "published": "2012-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5abb538-9e69-485e-9389-90a2422510ca": { "id": "d5abb538-9e69-485e-9389-90a2422510ca", "title": "JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane", "software": [ { "type": "theme", "name": "JupiterX", "slug": "jupiterx", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5abb538-9e69-485e-9389-90a2422510ca?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5b110a5-4027-4c98-a348-325c8b9c8405": { "id": "d5b110a5-4027-4c98-a348-325c8b9c8405", "title": "WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "WooCommerce Amazon Affiliates - Wordpress Plugin", "slug": "woozone", "affected_versions": { "* - 14.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "14.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5b110a5-4027-4c98-a348-325c8b9c8405?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5b573e2-373f-41bc-8d9a-ea42e908ac4e": { "id": "d5b573e2-373f-41bc-8d9a-ea42e908ac4e", "title": "WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WCP OpenWeather", "slug": "wcp-openweather", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5b573e2-373f-41bc-8d9a-ea42e908ac4e?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5b74a84-e418-4bd4-b36e-5bd4ba5197c9": { "id": "d5b74a84-e418-4bd4-b36e-5bd4ba5197c9", "title": "Salon booking system <= 10.7 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 10.7": { "from_version": "*", "from_inclusive": true, "to_version": "10.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5b74a84-e418-4bd4-b36e-5bd4ba5197c9?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5bf4972-424a-4470-a0bc-7dcc95378e0e": { "id": "d5bf4972-424a-4470-a0bc-7dcc95378e0e", "title": "Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7", "slug": "contact-form-7", "affected_versions": { "* - 5.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5c0c64c-7105-4bc3-b42d-89cfa44d02b9": { "id": "d5c0c64c-7105-4bc3-b42d-89cfa44d02b9", "title": "ChurcHope <= 2.1 - Local File Inclusion", "software": [ { "type": "theme", "name": "ChurcHope", "slug": "churchope", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5c0c64c-7105-4bc3-b42d-89cfa44d02b9?source=api-scan" ], "published": "2014-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5c23952-3732-4316-aa43-ddab88a6ba79": { "id": "d5c23952-3732-4316-aa43-ddab88a6ba79", "title": "Rating by BestWebSoft < 0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rating by BestWebSoft", "slug": "rating-bws", "affected_versions": { "[*, 0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5c23952-3732-4316-aa43-ddab88a6ba79?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5c29af7-f607-429a-9a1e-f8701fbb9e7a": { "id": "d5c29af7-f607-429a-9a1e-f8701fbb9e7a", "title": "Giphypress <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Giphypress", "slug": "giphypress", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5c29af7-f607-429a-9a1e-f8701fbb9e7a?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5c704f9-4fcb-455e-a1c7-f48d47b12dec": { "id": "d5c704f9-4fcb-455e-a1c7-f48d47b12dec", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via run_sync", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5c704f9-4fcb-455e-a1c7-f48d47b12dec?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5cab96c-f6ab-4ee6-8453-22e8a39cc82f": { "id": "d5cab96c-f6ab-4ee6-8453-22e8a39cc82f", "title": "Mark User as Spammer <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mark User as Spammer", "slug": "mark-user-as-spammer", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5cab96c-f6ab-4ee6-8453-22e8a39cc82f?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5d0ccbd-a091-4897-a100-eac75ffa0e3b": { "id": "d5d0ccbd-a091-4897-a100-eac75ffa0e3b", "title": "Sky Addons for Elementor <= 2.4.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL", "software": [ { "type": "plugin", "name": "Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)", "slug": "sky-elementor-addons", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5d0ccbd-a091-4897-a100-eac75ffa0e3b?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5d23a02-11b6-4674-a13a-884de2d51ed7": { "id": "d5d23a02-11b6-4674-a13a-884de2d51ed7", "title": "Formcraft3 <= 3.8.27 - Server Side Request Forgery", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "[*, 3.8.28)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.28", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5d23a02-11b6-4674-a13a-884de2d51ed7?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5d23fdc-081a-4228-897f-2470a9327887": { "id": "d5d23fdc-081a-4228-897f-2470a9327887", "title": "WooCommerce AJAX Product Filters <= 1.3.6 - Arbitrary Settings Update", "software": [ { "type": "plugin", "name": "Advanced AJAX Product Filters", "slug": "woocommerce-ajax-filters", "affected_versions": { "[*, 1.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5d23fdc-081a-4228-897f-2470a9327887?source=api-scan" ], "published": "2019-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5d2ff90-9817-490e-8162-ca4860b3ffe3": { "id": "d5d2ff90-9817-490e-8162-ca4860b3ffe3", "title": "Cooked \u2013 Recipe Management <= Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cooked \u2013 Recipe Management", "slug": "cooked", "affected_versions": { "* - 1.7.15.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.15.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5d2ff90-9817-490e-8162-ca4860b3ffe3?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5d3e333-4dcd-414b-85a6-8d9fbef357bd": { "id": "d5d3e333-4dcd-414b-85a6-8d9fbef357bd", "title": "SEO Friendly Images <= 3.0.4 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Friendly Images", "slug": "seo-image", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5d3e333-4dcd-414b-85a6-8d9fbef357bd?source=api-scan" ], "published": "2015-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5d4aeb1-0a4f-49f1-b5a9-b582e271eae1": { "id": "d5d4aeb1-0a4f-49f1-b5a9-b582e271eae1", "title": "FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "* - 2.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5d4aeb1-0a4f-49f1-b5a9-b582e271eae1?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5d77105-19a8-40eb-8a9c-aa519a757a8d": { "id": "d5d77105-19a8-40eb-8a9c-aa519a757a8d", "title": "1003 Mortgage Application <= 1.75 - Authenticated (Subscriber+) Arbitrary File Download", "software": [ { "type": "plugin", "name": "1003 Mortgage Application", "slug": "1003-mortgage-application", "affected_versions": { "* - 1.75": { "from_version": "*", "from_inclusive": true, "to_version": "1.75", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.80" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5d77105-19a8-40eb-8a9c-aa519a757a8d?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5d7e59e-962c-45d9-b3be-033bccf4c6b1": { "id": "d5d7e59e-962c-45d9-b3be-033bccf4c6b1", "title": "PhoneTrack Meu Site Manager <= 0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PhoneTrack Meu Site Manager", "slug": "phonetrack-meu-site-manager", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5d7e59e-962c-45d9-b3be-033bccf4c6b1?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5df75f8-1250-4b79-a796-9146d3037bec": { "id": "d5df75f8-1250-4b79-a796-9146d3037bec", "title": "Under Construction <= 3.85 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Under Construction", "slug": "under-construction-page", "affected_versions": { "* - 3.85": { "from_version": "*", "from_inclusive": true, "to_version": "3.85", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.86" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5df75f8-1250-4b79-a796-9146d3037bec?source=api-scan" ], "published": "2021-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5e60125-35e2-4d6d-8ea7-078df0b9e55f": { "id": "d5e60125-35e2-4d6d-8ea7-078df0b9e55f", "title": "Donation Block For PayPal <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Donation Block For PayPal", "slug": "donations-block", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5e60125-35e2-4d6d-8ea7-078df0b9e55f?source=api-scan" ], "published": "2023-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5e70f6f-fc83-4c89-a1d5-35f188e0fd90": { "id": "d5e70f6f-fc83-4c89-a1d5-35f188e0fd90", "title": "FG PrestaShop to WooCommerce Plugin <= 3.19.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FG PrestaShop to WooCommerce", "slug": "fg-prestashop-to-woocommerce", "affected_versions": { "* - 3.19.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5e70f6f-fc83-4c89-a1d5-35f188e0fd90?source=api-scan" ], "published": "2017-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5ecb52e-6bf0-4168-b0d7-6972d23c9122": { "id": "d5ecb52e-6bf0-4168-b0d7-6972d23c9122", "title": "Real Estate 7 WordPress < 2.9.5 - Multiple Vulnerabilities", "software": [ { "type": "theme", "name": "Real Estate 7 WordPress", "slug": "realestate-7", "affected_versions": { "[*, 2.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5ecb52e-6bf0-4168-b0d7-6972d23c9122?source=api-scan" ], "published": "2020-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5ef3350-3eec-48b7-9241-5d2ce25555f0": { "id": "d5ef3350-3eec-48b7-9241-5d2ce25555f0", "title": "Quiz And Survey Master <= 7.1.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5ef3350-3eec-48b7-9241-5d2ce25555f0?source=api-scan" ], "published": "2021-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5f1ceb3-34b6-4d97-9787-d52a92f84662": { "id": "d5f1ceb3-34b6-4d97-9787-d52a92f84662", "title": "WordPress Core < 3.5.2 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5f1ceb3-34b6-4d97-9787-d52a92f84662?source=api-scan" ], "published": "2013-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5f36574-b4d0-4b67-baea-f5ef5e6618d1": { "id": "d5f36574-b4d0-4b67-baea-f5ef5e6618d1", "title": "Ad Buttons <= 2.3.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ad Buttons", "slug": "ad-buttons", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5f36574-b4d0-4b67-baea-f5ef5e6618d1?source=api-scan" ], "published": "2015-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5f372bf-6b13-4ba7-8b8b-9d3b500e4420": { "id": "d5f372bf-6b13-4ba7-8b8b-9d3b500e4420", "title": "Lana Email Logger <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "Lana Email Logger", "slug": "lana-email-logger", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5f372bf-6b13-4ba7-8b8b-9d3b500e4420?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5f82abe-64bb-4539-8fe7-261fad60cfa9": { "id": "d5f82abe-64bb-4539-8fe7-261fad60cfa9", "title": "Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modal Dialog", "slug": "modal-dialog", "affected_versions": { "* - 3.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5f82abe-64bb-4539-8fe7-261fad60cfa9?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d5fbca66-403e-41bc-8f80-3fb56d4b9c66": { "id": "d5fbca66-403e-41bc-8f80-3fb56d4b9c66", "title": "GS Pins for Pinterest <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode", "software": [ { "type": "plugin", "name": "WordPress Pinterest Plugin \u2013 Make a Popup, User Profile, Masonry and Gallery Layout", "slug": "gs-pinterest-portfolio", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d5fbca66-403e-41bc-8f80-3fb56d4b9c66?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d608a4c0-14ba-4801-aa5a-0b4dab0acd65": { "id": "d608a4c0-14ba-4801-aa5a-0b4dab0acd65", "title": "PDF.js Viewer <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF.js Viewer", "slug": "pdfjs-viewer-shortcode", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d608a4c0-14ba-4801-aa5a-0b4dab0acd65?source=api-scan" ], "published": "2021-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d60b5741-5496-4e87-bcb0-adaa0db07d90": { "id": "d60b5741-5496-4e87-bcb0-adaa0db07d90", "title": "TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update", "software": [ { "type": "plugin", "name": "TI WooCommerce Wishlist", "slug": "ti-woocommerce-wishlist", "affected_versions": { "* - 1.21.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.21.12" ] }, { "type": "plugin", "name": "TI WooCommerce Wishlist Pro", "slug": "ti-woocommerce-wishlist-premium", "affected_versions": { "* - 1.21.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.21.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d60b5741-5496-4e87-bcb0-adaa0db07d90?source=api-scan" ], "published": "2020-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d60e1a2c-a3f1-4c39-a22f-9c09d0fed2c5": { "id": "d60e1a2c-a3f1-4c39-a22f-9c09d0fed2c5", "title": "stats <= 1.1 - SQL Injection", "software": [ { "type": "plugin", "name": "stats", "slug": "stats", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d60e1a2c-a3f1-4c39-a22f-9c09d0fed2c5?source=api-scan" ], "published": "2007-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d60f3da1-1184-4629-880c-ce3893fb55a5": { "id": "d60f3da1-1184-4629-880c-ce3893fb55a5", "title": "Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.36.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.36.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.36.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d60f3da1-1184-4629-880c-ce3893fb55a5?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d60f69f1-eaea-49cb-bbe3-281ec4f872f1": { "id": "d60f69f1-eaea-49cb-bbe3-281ec4f872f1", "title": "TableOn \u2013 WordPress Posts Table Filterable <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TableOn \u2013 WordPress Posts Table Filterable\u00a0", "slug": "posts-table-filterable", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d60f69f1-eaea-49cb-bbe3-281ec4f872f1?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6198e3e-a8e8-4d67-a0d6-b62f187d4903": { "id": "d6198e3e-a8e8-4d67-a0d6-b62f187d4903", "title": "BestWebSoft's Twitter <= 2.14 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "BestWebSoft's Twitter", "slug": "twitter-plugin", "affected_versions": { "* - 2.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6198e3e-a8e8-4d67-a0d6-b62f187d4903?source=api-scan" ], "published": "2012-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d619d300-8bba-45a1-bd0a-d82e9066a43d": { "id": "d619d300-8bba-45a1-bd0a-d82e9066a43d", "title": "rtMedia for WordPress, BuddyPress and bbPress WordPress <= 4.6.15 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "* - 4.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d619d300-8bba-45a1-bd0a-d82e9066a43d?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d61ed3e3-5102-4293-a999-e324e721ab89": { "id": "d61ed3e3-5102-4293-a999-e324e721ab89", "title": "Sponsors Carousel <= 4.02 - Authenticated (Admin+) Stored Cross-Site Scripting in show", "software": [ { "type": "plugin", "name": "Sponsors Carousel", "slug": "sponsors-carousel", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d61ed3e3-5102-4293-a999-e324e721ab89?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6206d7e-90b9-43fd-a6cd-90e98162cd09": { "id": "d6206d7e-90b9-43fd-a6cd-90e98162cd09", "title": "Simple Fields < 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Fields", "slug": "simple-fields", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6206d7e-90b9-43fd-a6cd-90e98162cd09?source=api-scan" ], "published": "2013-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d621869c-31f7-4243-9815-f6d1bbe469e2": { "id": "d621869c-31f7-4243-9815-f6d1bbe469e2", "title": "Crypto Converter Widget <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Crypto Converter \u26a1 Widget", "slug": "crypto-converter-widget", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d621869c-31f7-4243-9815-f6d1bbe469e2?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6221374-3c0d-4d37-8a27-130c504ea70d": { "id": "d6221374-3c0d-4d37-8a27-130c504ea70d", "title": "Nexos - Real Estate WordPress Theme < 1.8 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Nexos - Real Estate WordPress Theme", "slug": "nexos", "affected_versions": { "[*, 1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6221374-3c0d-4d37-8a27-130c504ea70d?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6226ae5-3b75-4521-b060-004f291203c7": { "id": "d6226ae5-3b75-4521-b060-004f291203c7", "title": "WatuPRO < 5.5.3.7 - SQL Injection", "software": [ { "type": "plugin", "name": "WatuPRO", "slug": "watupro", "affected_versions": { "[*, 5.5.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6226ae5-3b75-4521-b060-004f291203c7?source=api-scan" ], "published": "2017-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d624f234-c57a-4a66-900d-362194a79d34": { "id": "d624f234-c57a-4a66-900d-362194a79d34", "title": "WooCommerce Dynamic Pricing and Discount Rules <= 2.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Dynamic Pricing and Discount Rules for WooCommerce", "slug": "woo-conditional-discount-rules-for-checkout", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d624f234-c57a-4a66-900d-362194a79d34?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6286cda-c5b1-4923-bbf3-9f5b56973d23": { "id": "d6286cda-c5b1-4923-bbf3-9f5b56973d23", "title": "NextCellent Gallery <= 1.9.35 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextCellent Gallery \u2013 NextGEN Legacy", "slug": "nextcellent-gallery-nextgen-legacy", "affected_versions": { "* - 1.9.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.35", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6286cda-c5b1-4923-bbf3-9f5b56973d23?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d62bd2bd-db01-479f-89e4-8031d69a912f": { "id": "d62bd2bd-db01-479f-89e4-8031d69a912f", "title": "Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link'", "software": [ { "type": "plugin", "name": "Dropbox Folder Share", "slug": "dropbox-folder-share", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d62bd2bd-db01-479f-89e4-8031d69a912f?source=api-scan" ], "published": "2023-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d62bd71c-3d08-4767-b471-a1d5a17fe6ba": { "id": "d62bd71c-3d08-4767-b471-a1d5a17fe6ba", "title": "Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Aramex Shipping WooCommerce", "slug": "aramex-shipping-woocommerce", "affected_versions": { "* - 1.1.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.21", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d62bd71c-3d08-4767-b471-a1d5a17fe6ba?source=api-scan" ], "published": "2024-07-26 13:12:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d62c6a7e-2390-4e27-8419-53aa80b1dbac": { "id": "d62c6a7e-2390-4e27-8419-53aa80b1dbac", "title": "ChaosTheory <= 1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "ChaosTheory", "slug": "chaostheory", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d62c6a7e-2390-4e27-8419-53aa80b1dbac?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d62d0971-c4bc-40f7-80b4-a3d54ce4f3ac": { "id": "d62d0971-c4bc-40f7-80b4-a3d54ce4f3ac", "title": "Daily Prayer Time <= 2021.08.09 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Daily Prayer Time", "slug": "daily-prayer-time-for-mosques", "affected_versions": { "[*, 2021.08.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2021.08.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2021.08.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d62d0971-c4bc-40f7-80b4-a3d54ce4f3ac?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d62d3ca5-5795-46ef-ad8c-4474ff1e504e": { "id": "d62d3ca5-5795-46ef-ad8c-4474ff1e504e", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.7.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d62da9a3-3a57-4bbd-b07d-8df39fa14c52": { "id": "d62da9a3-3a57-4bbd-b07d-8df39fa14c52", "title": "WP Athletics <= 1.1.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Athletics", "slug": "wp-athletics", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d62da9a3-3a57-4bbd-b07d-8df39fa14c52?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6302ecb-07a1-4b80-a5f5-be6b623c7c9f": { "id": "d6302ecb-07a1-4b80-a5f5-be6b623c7c9f", "title": "WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP Prayer", "slug": "wp-prayer", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6302ecb-07a1-4b80-a5f5-be6b623c7c9f?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6331b42-f15b-46c6-b8bd-7f65c28c4a12": { "id": "d6331b42-f15b-46c6-b8bd-7f65c28c4a12", "title": "Slider by Soliloquy <= 2.7.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Slider by Soliloquy \u2013 Responsive Image Slider for WordPress", "slug": "soliloquy-lite", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6331b42-f15b-46c6-b8bd-7f65c28c4a12?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d634ba5c-842c-44d0-b919-01c297a779f2": { "id": "d634ba5c-842c-44d0-b919-01c297a779f2", "title": "ResAds < 1.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ResAds", "slug": "resads", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d634ba5c-842c-44d0-b919-01c297a779f2?source=api-scan" ], "published": "2015-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d63543f9-4865-444f-9a32-3b23e92b0bd4": { "id": "d63543f9-4865-444f-9a32-3b23e92b0bd4", "title": "Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Catalyst Connect Zoho CRM Client Portal", "slug": "catalyst-connect-client-portal", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d63543f9-4865-444f-9a32-3b23e92b0bd4?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d638120b-5396-408b-8273-d003ff9dd01d": { "id": "d638120b-5396-408b-8273-d003ff9dd01d", "title": "Ultimate Member <= 2.3.1 - Arbitrary Redirect", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d638120b-5396-408b-8273-d003ff9dd01d?source=api-scan" ], "published": "2022-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d63bc735-b2ba-4be6-bd1c-f904ef860f5e": { "id": "d63bc735-b2ba-4be6-bd1c-f904ef860f5e", "title": "Testimonials <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Super Testimonials", "slug": "super-testimonial", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d63bc735-b2ba-4be6-bd1c-f904ef860f5e?source=api-scan" ], "published": "2022-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6421c33-152d-4e50-a96c-f97e2981b72f": { "id": "d6421c33-152d-4e50-a96c-f97e2981b72f", "title": "RD Order Modifier for WooCommerce <= 1.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "RD Order Modifier for WooCommerce", "slug": "rd-wc-order-modifier", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6421c33-152d-4e50-a96c-f97e2981b72f?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6489214-2155-47f4-83ef-0119b3c26e43": { "id": "d6489214-2155-47f4-83ef-0119b3c26e43", "title": "Tutor LMS <=1.8.2 - SQL Injection via tutor_quiz_builder_get_answers_by_question", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6489214-2155-47f4-83ef-0119b3c26e43?source=api-scan" ], "published": "2021-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6516fc0-4ef8-423b-9cdb-a275996fd98b": { "id": "d6516fc0-4ef8-423b-9cdb-a275996fd98b", "title": "WP Basic Elements <= 5.2.15 - Missing Authorization to Plugin Settings Update via wpbe_save_settings", "software": [ { "type": "plugin", "name": "WP Basic Elements", "slug": "wp-basic-elements", "affected_versions": { "* - 5.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6516fc0-4ef8-423b-9cdb-a275996fd98b?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6572568-5586-4ed9-b0e2-32509b42ed31": { "id": "d6572568-5586-4ed9-b0e2-32509b42ed31", "title": "Welcart e-Commerce <= 2.8.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6572568-5586-4ed9-b0e2-32509b42ed31?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d65eeb25-8c94-44e9-976d-db5d42e2d06e": { "id": "d65eeb25-8c94-44e9-976d-db5d42e2d06e", "title": "WP TripAdvisor Review Slider <= 12.6 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WP TripAdvisor Review Slider", "slug": "wp-tripadvisor-review-slider", "affected_versions": { "* - 12.6": { "from_version": "*", "from_inclusive": true, "to_version": "12.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d65eeb25-8c94-44e9-976d-db5d42e2d06e?source=api-scan" ], "published": "2024-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d66665b6-8cb2-4bc0-929d-4a8689bada9e": { "id": "d66665b6-8cb2-4bc0-929d-4a8689bada9e", "title": "WooSwipe WooCommerce Gallery <= 3.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooSwipe WooCommerce Gallery", "slug": "wooswipe", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d66665b6-8cb2-4bc0-929d-4a8689bada9e?source=api-scan" ], "published": "2022-11-17 15:35:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d666d0fc-0362-4289-81c4-67f96e729877": { "id": "d666d0fc-0362-4289-81c4-67f96e729877", "title": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List <= 2.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List", "slug": "cryptocurrency-price-ticker-widget", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d666d0fc-0362-4289-81c4-67f96e729877?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d667bafc-5f19-4889-a988-236df050c013": { "id": "d667bafc-5f19-4889-a988-236df050c013", "title": "Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Post Author \u2013 Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder", "slug": "wp-post-author", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d667bafc-5f19-4889-a988-236df050c013?source=api-scan" ], "published": "2024-10-11 20:41:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6686b67-8648-4f1b-8e05-fa67db60c8aa": { "id": "d6686b67-8648-4f1b-8e05-fa67db60c8aa", "title": "OrderConvo <= 12.4 - Missing Authorization to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Admin and Customer Messages After Order for WooCommerce: OrderConvo", "slug": "admin-and-client-message-after-order-for-woocommerce", "affected_versions": { "* - 12.4": { "from_version": "*", "from_inclusive": true, "to_version": "12.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6686b67-8648-4f1b-8e05-fa67db60c8aa?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d66df15e-1a0a-49e9-bcf9-67091499b24e": { "id": "d66df15e-1a0a-49e9-bcf9-67091499b24e", "title": "Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce", "slug": "wp-carousel-free", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d66df15e-1a0a-49e9-bcf9-67091499b24e?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d672fcb9-6607-477e-b168-546669886ea4": { "id": "d672fcb9-6607-477e-b168-546669886ea4", "title": "Captcha by BestWebSoft <= 5.2.0 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Captcha by BestWebSoft \u2013 Spam Protection, Security Plugin for WordPress Forms", "slug": "captcha-bws", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d672fcb9-6607-477e-b168-546669886ea4?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d67b1a6c-001d-452e-861c-0e5c7ab465dd": { "id": "d67b1a6c-001d-452e-861c-0e5c7ab465dd", "title": "Generate Child Theme <= 2.0 - Cross-Site Request Forgery via process_create_form()", "software": [ { "type": "plugin", "name": "Generate Child Theme", "slug": "generate-child-theme", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d67b1a6c-001d-452e-861c-0e5c7ab465dd?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d67cd96b-6fec-44db-be50-395bed199e9b": { "id": "d67cd96b-6fec-44db-be50-395bed199e9b", "title": "Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive WordPress Plugin <= 2.1.6 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Slider, Gallery, and Carousel by MetaSlider \u2013 Image Sliders, Video Sliders", "slug": "ml-slider", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d67cd96b-6fec-44db-be50-395bed199e9b?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d67d5662-0cc7-4b14-a50b-15158f6e4239": { "id": "d67d5662-0cc7-4b14-a50b-15158f6e4239", "title": "Netroics Blog Posts Grid <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Netroics Blog Posts Grid", "slug": "netroics-blog-posts-grid", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d67d5662-0cc7-4b14-a50b-15158f6e4239?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d681fcaf-c7b3-496f-b0d8-a8ed48901cec": { "id": "d681fcaf-c7b3-496f-b0d8-a8ed48901cec", "title": "Welcart e-Commerce <= 1.3.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 1.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d681fcaf-c7b3-496f-b0d8-a8ed48901cec?source=api-scan" ], "published": "2014-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d684efcd-74fa-4b0c-b8dd-9674a2748fc3": { "id": "d684efcd-74fa-4b0c-b8dd-9674a2748fc3", "title": "Newsletter <= 6.8.1 - Authenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "[*, 6.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d684efcd-74fa-4b0c-b8dd-9674a2748fc3?source=api-scan" ], "published": "2020-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d68841f1-f3f2-45e7-8a4f-d2d65624b617": { "id": "d68841f1-f3f2-45e7-8a4f-d2d65624b617", "title": "ND Learning <= 4.7 - Open Redirect", "software": [ { "type": "plugin", "name": "Learning Courses", "slug": "nd-learning", "affected_versions": { "* - 4.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d68841f1-f3f2-45e7-8a4f-d2d65624b617?source=api-scan" ], "published": "2019-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d68a2b60-ee89-4231-b256-214eba418244": { "id": "d68a2b60-ee89-4231-b256-214eba418244", "title": "MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d68a2b60-ee89-4231-b256-214eba418244?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d68d2144-96b9-482e-9791-c3506661596e": { "id": "d68d2144-96b9-482e-9791-c3506661596e", "title": "WP Job Portal <= 2.0.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d68d2144-96b9-482e-9791-c3506661596e?source=api-scan" ], "published": "2023-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d68e74c2-3732-40ae-b589-3a9159aff93d": { "id": "d68e74c2-3732-40ae-b589-3a9159aff93d", "title": "Affiliates Manager <= 2.8.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d68e74c2-3732-40ae-b589-3a9159aff93d?source=api-scan" ], "published": "2021-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6934c0e-7526-4de7-9478-3c953b3dc64f": { "id": "d6934c0e-7526-4de7-9478-3c953b3dc64f", "title": "NEX-Forms \u2013 Ultimate Form Builder <= 8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6934c0e-7526-4de7-9478-3c953b3dc64f?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6951a50-954b-4c2b-8499-7623027406c8": { "id": "d6951a50-954b-4c2b-8499-7623027406c8", "title": "Weekly Class Schedule <= 3.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Weekly Class Schedule", "slug": "weekly-class-schedule", "affected_versions": { "* - 3.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.19", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6951a50-954b-4c2b-8499-7623027406c8?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d69915e9-af9b-4c07-ac43-21c6e350c3c4": { "id": "d69915e9-af9b-4c07-ac43-21c6e350c3c4", "title": "Awesome Support <= 6.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d69915e9-af9b-4c07-ac43-21c6e350c3c4?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d69cfed9-7369-40f3-b9a7-0cf2430e8eed": { "id": "d69cfed9-7369-40f3-b9a7-0cf2430e8eed", "title": "ChatBot <= 4.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via openai_settings_option_callback", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d69cfed9-7369-40f3-b9a7-0cf2430e8eed?source=api-scan" ], "published": "2023-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6a1a2c2-e754-43e5-84b5-579a805c8d71": { "id": "d6a1a2c2-e754-43e5-84b5-579a805c8d71", "title": "Bookshelf <= 2.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bookshelf", "slug": "bookshelf", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6a1a2c2-e754-43e5-84b5-579a805c8d71?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6a44d36-43e6-4785-b2bc-0b4b98d847e7": { "id": "d6a44d36-43e6-4785-b2bc-0b4b98d847e7", "title": "Terms Descriptions <= 3.4.4 - Reflected Cross-Site Scripting via term_search", "software": [ { "type": "plugin", "name": "Terms descriptions", "slug": "terms-descriptions", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6a44d36-43e6-4785-b2bc-0b4b98d847e7?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6a4872e-0f62-44b1-b77e-0817b065980f": { "id": "d6a4872e-0f62-44b1-b77e-0817b065980f", "title": "WP Payeezy Pay < 2.98 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Payeezy Pay", "slug": "wp-payeezy-pay", "affected_versions": { "[*, 2.98)": { "from_version": "*", "from_inclusive": true, "to_version": "2.98", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.98" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6a4872e-0f62-44b1-b77e-0817b065980f?source=api-scan" ], "published": "2018-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6a51962-fe99-4911-85c9-a75bd18e74c2": { "id": "d6a51962-fe99-4911-85c9-a75bd18e74c2", "title": "WordPress Core < 5.2.4 - Server Side Request Forgery #2", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.30": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.30", "to_inclusive": true }, "3.8 - 3.8.30": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.30", "to_inclusive": true }, "3.9 - 3.9.28": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.28", "to_inclusive": true }, "4.0 - 4.0.27": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true }, "4.1 - 4.1.27": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.27", "to_inclusive": true }, "4.2 - 4.2.24": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.24", "to_inclusive": true }, "4.3 - 4.3.20": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true }, "4.4 - 4.4.19": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.19", "to_inclusive": true }, "4.5 - 4.5.18": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.18", "to_inclusive": true }, "4.6 - 4.6.15": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.8 - 4.8.10": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.10", "to_inclusive": true }, "4.9 - 4.9.11": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.11", "to_inclusive": true }, "5.0 - 5.0.6": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true }, "5.1 - 5.1.2": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true }, "5.2 - 5.2.3": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.31", "3.8.31", "3.9.29", "4.0.28", "4.1.28", "4.2.25", "4.3.21", "4.4.20", "4.5.19", "4.6.16", "4.7.14", "4.8.11", "4.9.12", "5.0.7", "5.1.3", "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6a51962-fe99-4911-85c9-a75bd18e74c2?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6a60159-5aa6-40fd-a1ea-320b56fd8b91": { "id": "d6a60159-5aa6-40fd-a1ea-320b56fd8b91", "title": "Simple Popup Manager <= 1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Popup Manager", "slug": "simple-popup-manager", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6a60159-5aa6-40fd-a1ea-320b56fd8b91?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6a73a7f-53ac-4930-a1cd-c39818f64678": { "id": "d6a73a7f-53ac-4930-a1cd-c39818f64678", "title": "ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6a73a7f-53ac-4930-a1cd-c39818f64678?source=api-scan" ], "published": "2024-05-20 19:41:22", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6a7f882-4582-4b08-9597-329d140ad782": { "id": "d6a7f882-4582-4b08-9597-329d140ad782", "title": "Post Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion", "software": [ { "type": "plugin", "name": "Post Meta Data Manager", "slug": "post-meta-data-manager", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6a7f882-4582-4b08-9597-329d140ad782?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6ae7c9f-852d-428f-a469-6bfeead53db5": { "id": "d6ae7c9f-852d-428f-a469-6bfeead53db5", "title": "GTranslate Pro and GTranslate Enterprise <= 2.8.64 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translate WordPress with GTranslate", "slug": "gtranslate", "affected_versions": { "[*, 2.8.65)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.65", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.65" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6ae7c9f-852d-428f-a469-6bfeead53db5?source=api-scan" ], "published": "2021-07-23 15:18:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6b6d824-51d3-4da9-a39a-b957368df4dc": { "id": "d6b6d824-51d3-4da9-a39a-b957368df4dc", "title": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=api-scan" ], "published": "2024-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6b8ba69-aa8b-436f-990c-39e283f5d2f2": { "id": "d6b8ba69-aa8b-436f-990c-39e283f5d2f2", "title": "WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure", "software": [ { "type": "plugin", "name": "WooCommerce POS \u2013 Point of Sale", "slug": "woocommerce-pos", "affected_versions": { "* - 1.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6bb08e8-9ef5-41db-a111-c377a5dfae77": { "id": "d6bb08e8-9ef5-41db-a111-c377a5dfae77", "title": "Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization to Post Duplication", "software": [ { "type": "plugin", "name": "Duplicate Post Page Menu & Custom Post Type", "slug": "duplicate-post-page-menu-custom-post-type", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=api-scan" ], "published": "2023-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6c906b3-8819-409c-946a-eeb9d938142d": { "id": "d6c906b3-8819-409c-946a-eeb9d938142d", "title": "VRView <= 1.1.3 and WP-VR-view <= 1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VRView", "slug": "vrview", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP-VR-view \u2013 Add Photo Sphere, 360 video to WordPress", "slug": "wp-vr-view", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6c906b3-8819-409c-946a-eeb9d938142d?source=api-scan" ], "published": "2018-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6cbec61-cbe8-44a6-8cc8-8603393ed6b0": { "id": "d6cbec61-cbe8-44a6-8cc8-8603393ed6b0", "title": "WooCommerce Beta Tester < 2.2.4 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WooCommerce Beta Tester", "slug": "woocommerce-beta-tester", "affected_versions": { "[*, 2.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6cbec61-cbe8-44a6-8cc8-8603393ed6b0?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6d3396d-708d-45de-b32a-66e17624dc62": { "id": "d6d3396d-708d-45de-b32a-66e17624dc62", "title": "wp-Monalisa <= 6.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "wp-Monalisa", "slug": "wp-monalisa", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6d3396d-708d-45de-b32a-66e17624dc62?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6d394af-67b0-4754-bdec-6ee89b7e8bbd": { "id": "d6d394af-67b0-4754-bdec-6ee89b7e8bbd", "title": "Xhanch \u2013 My Twitter <= 2.7.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Xhanch \u2013 My Twitter", "slug": "xhanch-my-twitter", "affected_versions": { "* - 2.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6d394af-67b0-4754-bdec-6ee89b7e8bbd?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6dfed14-bb6f-4418-bdd8-9c548e63dac0": { "id": "d6dfed14-bb6f-4418-bdd8-9c548e63dac0", "title": "WordPress Core < 4.6 - Cross-Site Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6dfed14-bb6f-4418-bdd8-9c548e63dac0?source=api-scan" ], "published": "2016-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6e1cc0d-2c5f-4e34-bd19-d7c90cd4dff6": { "id": "d6e1cc0d-2c5f-4e34-bd19-d7c90cd4dff6", "title": "Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bulk NoIndex & NoFollow Toolkit", "slug": "bulk-noindex-nofollow-toolkit-by-mad-fish", "affected_versions": { "* - 2.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6e1cc0d-2c5f-4e34-bd19-d7c90cd4dff6?source=api-scan" ], "published": "2024-09-25 13:45:17", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6e7b44c-fe94-493b-846b-57c40e00d8fe": { "id": "d6e7b44c-fe94-493b-846b-57c40e00d8fe", "title": "Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.16.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6e7b44c-fe94-493b-846b-57c40e00d8fe?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6ea95b5-9e1c-41b1-9bc5-5fd5cecef65d": { "id": "d6ea95b5-9e1c-41b1-9bc5-5fd5cecef65d", "title": "Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget", "software": [ { "type": "plugin", "name": "Primary Addon for Elementor", "slug": "primary-addon-for-elementor", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6ea95b5-9e1c-41b1-9bc5-5fd5cecef65d?source=api-scan" ], "published": "2024-05-24 14:12:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6eb094a-4f5a-418a-ba95-635765abfcff": { "id": "d6eb094a-4f5a-418a-ba95-635765abfcff", "title": "WP Easy Gallery \u2013 WordPress Gallery Plugin <= 4.8.5 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Easy Gallery \u2013 WordPress Gallery Plugin", "slug": "wp-easy-gallery", "affected_versions": { "* - 4.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6eb094a-4f5a-418a-ba95-635765abfcff?source=api-scan" ], "published": "2024-09-23 18:51:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6ebb590-1291-45dc-818a-258143a2d9a2": { "id": "d6ebb590-1291-45dc-818a-258143a2d9a2", "title": "Slideshow Gallery <= 1.7.8 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Slideshow Gallery LITE", "slug": "slideshow-gallery", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6ebb590-1291-45dc-818a-258143a2d9a2?source=api-scan" ], "published": "2024-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6f20fc3-41e5-4220-ac8b-54eb11719f07": { "id": "d6f20fc3-41e5-4220-ac8b-54eb11719f07", "title": "Freshdesk (official) <= 1.7 - Open Redirect", "software": [ { "type": "plugin", "name": "Freshdesk (official)", "slug": "freshdesk-support", "affected_versions": { "1.7": { "from_version": "1.7", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6f20fc3-41e5-4220-ac8b-54eb11719f07?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6f3de97-5b87-49e4-9239-f405f72b893a": { "id": "d6f3de97-5b87-49e4-9239-f405f72b893a", "title": "Eventin <= 3.3.57 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin", "slug": "wp-event-solution", "affected_versions": { "* - 3.3.57": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.57", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6f3de97-5b87-49e4-9239-f405f72b893a?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6f68904-e575-457d-9040-c791b645e6c8": { "id": "d6f68904-e575-457d-9040-c791b645e6c8", "title": "WP Property <= 1.35.0 - Remote File Upload", "software": [ { "type": "plugin", "name": "WP-Property \u2013 WordPress Powered Real Estate and Property Management", "slug": "wp-property", "affected_versions": { "* - 1.35.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.35.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.35.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6f68904-e575-457d-9040-c791b645e6c8?source=api-scan" ], "published": "2012-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6fbf684-8651-484d-9459-ed11d6d9008f": { "id": "d6fbf684-8651-484d-9459-ed11d6d9008f", "title": "SB Random Posts Widget <= 1.0 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "SB Random Posts Widget", "slug": "sb-random-posts-widget", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6fbf684-8651-484d-9459-ed11d6d9008f?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d6fc087b-c28d-4c6a-a59f-085773d542dd": { "id": "d6fc087b-c28d-4c6a-a59f-085773d542dd", "title": "Smoke Signal < 1.2.7 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SmokeSignal", "slug": "smokesignal", "affected_versions": { "[*, 1.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d6fc087b-c28d-4c6a-a59f-085773d542dd?source=api-scan" ], "published": "2017-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7023a3e-35ba-4d52-8092-ae40b53d5efa": { "id": "d7023a3e-35ba-4d52-8092-ae40b53d5efa", "title": "Hustle <= 7.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups", "slug": "wordpress-popup", "affected_versions": { "* - 7.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7023a3e-35ba-4d52-8092-ae40b53d5efa?source=api-scan" ], "published": "2024-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d703abc2-3269-42b2-a75c-d163df62260d": { "id": "d703abc2-3269-42b2-a75c-d163df62260d", "title": "Jetpack <= 6.4.2 - Cross-Site Scripting via post_meta", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 6.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d703abc2-3269-42b2-a75c-d163df62260d?source=api-scan" ], "published": "2018-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d707d766-a46d-49f5-b1be-a9b9e423e61e": { "id": "d707d766-a46d-49f5-b1be-a9b9e423e61e", "title": "VOD Infomaniak <= 1.5.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "VOD Infomaniak", "slug": "vod-infomaniak", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d707d766-a46d-49f5-b1be-a9b9e423e61e?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d70e9d4e-2137-411b-bc01-28388a7b2519": { "id": "d70e9d4e-2137-411b-bc01-28388a7b2519", "title": "SpamReferrerBlock <= 2.22 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SpamReferrerBlock", "slug": "spamreferrerblock", "affected_versions": { "* - 2.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d70e9d4e-2137-411b-bc01-28388a7b2519?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d713ff91-30ba-474d-87ca-39b15c77b30a": { "id": "d713ff91-30ba-474d-87ca-39b15c77b30a", "title": "Form Maker by 10Web <= 1.15.24 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.24": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d713ff91-30ba-474d-87ca-39b15c77b30a?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d71caa62-6f77-44a6-8645-a27a08a48a78": { "id": "d71caa62-6f77-44a6-8645-a27a08a48a78", "title": "Mail Masta <= 1.0 - SQL Injection via member_id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d71caa62-6f77-44a6-8645-a27a08a48a78?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d71cdd64-7cd6-4b1a-ae8d-e9bf78e630c7": { "id": "d71cdd64-7cd6-4b1a-ae8d-e9bf78e630c7", "title": "DK PDF <= 1.9.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DK PDF", "slug": "dk-pdf", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d71cdd64-7cd6-4b1a-ae8d-e9bf78e630c7?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7220537-aad0-48e0-81f1-7104ec15ffbe": { "id": "d7220537-aad0-48e0-81f1-7104ec15ffbe", "title": "Accept Donations with PayPal <= 1.3.0 Cross-Site Request Forgery to Post Deletion", "software": [ { "type": "plugin", "name": "Accept Donations with PayPal & Stripe", "slug": "easy-paypal-donation", "affected_versions": { "[*, 1.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7220537-aad0-48e0-81f1-7104ec15ffbe?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d72c8140-90f1-49f5-bc42-925e29ecc0b1": { "id": "d72c8140-90f1-49f5-bc42-925e29ecc0b1", "title": "Video Playlist For YouTube <= 6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Video Playlist For YouTube", "slug": "video-playlist-for-youtube", "affected_versions": { "* - 6.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d72c8140-90f1-49f5-bc42-925e29ecc0b1?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d732ea2d-c763-4735-b541-6c5fd5167cb4": { "id": "d732ea2d-c763-4735-b541-6c5fd5167cb4", "title": "WeSecur Security <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WeSecur Security \u2013 Antivirus, Malware Scanner and Protection for your WordPress", "slug": "wesecur-security", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d732ea2d-c763-4735-b541-6c5fd5167cb4?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7362f3f-c5d9-4ba0-b9c3-282c58861e2f": { "id": "d7362f3f-c5d9-4ba0-b9c3-282c58861e2f", "title": "Analytify Dashboard <= 5.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy)", "slug": "wp-analytify", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7362f3f-c5d9-4ba0-b9c3-282c58861e2f?source=api-scan" ], "published": "2023-11-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d73b4634-1547-41b0-beb5-ae80edd16936": { "id": "d73b4634-1547-41b0-beb5-ae80edd16936", "title": "Booking Ultra Pro <= 1.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d73b4634-1547-41b0-beb5-ae80edd16936?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d73ca391-97a3-4701-8429-e73f5914e65e": { "id": "d73ca391-97a3-4701-8429-e73f5914e65e", "title": "RokStories <= 1.25 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "RokStories", "slug": "wp_rokstories", "affected_versions": { "* - 1.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d73ca391-97a3-4701-8429-e73f5914e65e?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d73fd485-cb59-42eb-9426-9b89299bb6bc": { "id": "d73fd485-cb59-42eb-9426-9b89299bb6bc", "title": "Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thank Me Later", "slug": "thank-me-later", "affected_versions": { "* - 3.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d73fd485-cb59-42eb-9426-9b89299bb6bc?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d74040d0-1fee-4906-af6f-a5d842c42fd4": { "id": "d74040d0-1fee-4906-af6f-a5d842c42fd4", "title": "Admin side data storage for Contact Form 7 <= 1.1.1 - Missing Authorization to Unauthenticated Bookmark Status Alteration", "software": [ { "type": "plugin", "name": "Admin side data storage for Contact Form 7", "slug": "admin-side-data-storage-for-contact-form-7", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d74553a4-0ef7-4908-a2e8-5e0216f7b256": { "id": "d74553a4-0ef7-4908-a2e8-5e0216f7b256", "title": "Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "[*, 2.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d748e0f8-fe00-4751-9c24-561fd27e62c3": { "id": "d748e0f8-fe00-4751-9c24-561fd27e62c3", "title": "WooCommerce \u2013 Store Exporter <= 1.8.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More", "slug": "woocommerce-exporter", "affected_versions": { "[*, 1.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d748e0f8-fe00-4751-9c24-561fd27e62c3?source=api-scan" ], "published": "2016-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d749c24c-0ed9-423b-872a-4771e9d8a2eb": { "id": "d749c24c-0ed9-423b-872a-4771e9d8a2eb", "title": "Responsive Column Widgets <= 1.2.7 - Reflected Cross-Site Scripting via tab", "software": [ { "type": "plugin", "name": "Responsive Column Widgets", "slug": "responsive-column-widgets", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d749c24c-0ed9-423b-872a-4771e9d8a2eb?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d74d71a8-774a-4ebb-b254-0e65a8044319": { "id": "d74d71a8-774a-4ebb-b254-0e65a8044319", "title": "GiveWP <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d74d71a8-774a-4ebb-b254-0e65a8044319?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d74efb03-4a1c-4163-bd79-ef17975a609e": { "id": "d74efb03-4a1c-4163-bd79-ef17975a609e", "title": "Export Import Menus <= 1.8.0 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Export Import Menus", "slug": "export-import-menus", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d74efb03-4a1c-4163-bd79-ef17975a609e?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d74f5813-cf7a-4ffb-9306-56f29b3a7d04": { "id": "d74f5813-cf7a-4ffb-9306-56f29b3a7d04", "title": "Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Order Delivery Date for WP e-Commerce", "slug": "order-delivery-date", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d74f5813-cf7a-4ffb-9306-56f29b3a7d04?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7576dd9-198b-49a7-950e-fc301e4bc5f8": { "id": "d7576dd9-198b-49a7-950e-fc301e4bc5f8", "title": "Zero Spam <= 5.4.4 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Zero Spam for WordPress", "slug": "zero-spam", "affected_versions": { "* - 5.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7576dd9-198b-49a7-950e-fc301e4bc5f8?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d759d7ab-74d5-4195-9258-7281f49b5132": { "id": "d759d7ab-74d5-4195-9258-7281f49b5132", "title": "FoxyPress < 0.4.2.6 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "FoxyPress", "slug": "foxypress", "affected_versions": { "* - 0.4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d759d7ab-74d5-4195-9258-7281f49b5132?source=api-scan" ], "published": "2012-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d75d0f16-015b-49cd-a0d1-41e007fc7398": { "id": "d75d0f16-015b-49cd-a0d1-41e007fc7398", "title": "Phoenix Media Rename <= 3.4.2 - Author Arbitrary Media File Renaming", "software": [ { "type": "plugin", "name": "Phoenix Media Rename", "slug": "phoenix-media-rename", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d75d0f16-015b-49cd-a0d1-41e007fc7398?source=api-scan" ], "published": "2021-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d75f1475-fa81-4eed-87da-0a0fa48ac082": { "id": "d75f1475-fa81-4eed-87da-0a0fa48ac082", "title": "Current Menu Item for Custom Post Types <= 1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Current Menu Item for Custom Post Types", "slug": "current-menu-item-for-custom-post-types", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d75f1475-fa81-4eed-87da-0a0fa48ac082?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d75f6c80-ffbf-47a5-9180-5153b705cb28": { "id": "d75f6c80-ffbf-47a5-9180-5153b705cb28", "title": "Dyslexiefont Free <= 1.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Dyslexiefont Free", "slug": "dyslexiefont", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d75f6c80-ffbf-47a5-9180-5153b705cb28?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d76229c9-39e6-48ab-b038-be40b36aa7bd": { "id": "d76229c9-39e6-48ab-b038-be40b36aa7bd", "title": "Anti-Malware Security and Brute-Force Firewall <= 4.15.17 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Malware Security and Brute-Force Firewall", "slug": "gotmls", "affected_versions": { "* - 4.15.17": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d76229c9-39e6-48ab-b038-be40b36aa7bd?source=api-scan" ], "published": "2016-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d764b1be-b4ae-4845-b506-846f782cf21e": { "id": "d764b1be-b4ae-4845-b506-846f782cf21e", "title": "Private Files <= 0.40 - Cross-Site Request Forgery to Disable Protection", "software": [ { "type": "plugin", "name": "Private Files", "slug": "private-files", "affected_versions": { "* - 0.40": { "from_version": "*", "from_inclusive": true, "to_version": "0.40", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d764b1be-b4ae-4845-b506-846f782cf21e?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d767b710-0bef-4f36-8edd-eccd845a2b07": { "id": "d767b710-0bef-4f36-8edd-eccd845a2b07", "title": "Content Slide <= 1.4.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Content Slide", "slug": "content-slide", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d767b710-0bef-4f36-8edd-eccd845a2b07?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d76b08c3-0d28-4e81-8843-5afded9efaa6": { "id": "d76b08c3-0d28-4e81-8843-5afded9efaa6", "title": "Gallery from files <= 1.60 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery from files", "slug": "gallery-from-files", "affected_versions": { "* - 1.60": { "from_version": "*", "from_inclusive": true, "to_version": "1.60", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d76b08c3-0d28-4e81-8843-5afded9efaa6?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d76b6355-a1c5-41a0-b3b6-ee13e5490314": { "id": "d76b6355-a1c5-41a0-b3b6-ee13e5490314", "title": "EasyCart <= 2.0.5 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Shopping Cart & eCommerce Store", "slug": "wp-easycart", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d76b6355-a1c5-41a0-b3b6-ee13e5490314?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d77666b5-956d-420b-93ed-a15cdbfcced7": { "id": "d77666b5-956d-420b-93ed-a15cdbfcced7", "title": "WooCommerce Product Add-ons <= 6.1.3 - Authenticated (Shop Manager+) PHP Object Injection", "software": [ { "type": "plugin", "name": "WooCommerce Product Add-ons", "slug": "woocommerce-product-addons", "affected_versions": { "* - 6.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d77666b5-956d-420b-93ed-a15cdbfcced7?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7778de0-591e-469a-acb2-5a66490a4690": { "id": "d7778de0-591e-469a-acb2-5a66490a4690", "title": "Mihdan: No External Links <= 4.7.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "No External Links", "slug": "mihdan-no-external-links", "affected_versions": { "* - 4.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7778de0-591e-469a-acb2-5a66490a4690?source=api-scan" ], "published": "2022-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d77db5be-fa72-45f8-ad87-82cb0d0b4c94": { "id": "d77db5be-fa72-45f8-ad87-82cb0d0b4c94", "title": "SKT Addons for Elementor <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Block", "software": [ { "type": "plugin", "name": "SKT Addons for Elementor", "slug": "skt-addons-for-elementor", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d77db5be-fa72-45f8-ad87-82cb0d0b4c94?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d77e94ad-2bb7-442d-be67-b4f42b3b3107": { "id": "d77e94ad-2bb7-442d-be67-b4f42b3b3107", "title": "Leaflet Maps Marker <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", "slug": "leaflet-maps-marker", "affected_versions": { "* - 3.12.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d77e94ad-2bb7-442d-be67-b4f42b3b3107?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d78ac022-6f07-4da5-a657-cafa78dc1845": { "id": "d78ac022-6f07-4da5-a657-cafa78dc1845", "title": "RSS Aggregator by Feedzy <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d78ac022-6f07-4da5-a657-cafa78dc1845?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7911337-57fa-4268-8366-d37ff13fae86": { "id": "d7911337-57fa-4268-8366-d37ff13fae86", "title": "Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Audio Merchant", "slug": "audio-merchant", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7911337-57fa-4268-8366-d37ff13fae86?source=api-scan" ], "published": "2023-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d791cd67-03a8-4408-8ca7-7b1ea613e660": { "id": "d791cd67-03a8-4408-8ca7-7b1ea613e660", "title": "Forums < 1.4.4 - Directory Traversal", "software": [ { "type": "plugin", "name": "Forums", "slug": "zingiri-forum", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d791cd67-03a8-4408-8ca7-7b1ea613e660?source=api-scan" ], "published": "2013-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d798406b-2b7f-4ca0-8d05-8aff4bf44dd8": { "id": "d798406b-2b7f-4ca0-8d05-8aff4bf44dd8", "title": "EAN for WooCommerce <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode", "software": [ { "type": "plugin", "name": "EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce", "slug": "ean-for-woocommerce", "affected_versions": { "* - 4.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d798406b-2b7f-4ca0-8d05-8aff4bf44dd8?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d79b092c-9e2c-4752-bf95-d3a6ac145073": { "id": "d79b092c-9e2c-4752-bf95-d3a6ac145073", "title": "WP SendFox <= 1.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP SendFox", "slug": "wp-sendfox", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d79b092c-9e2c-4752-bf95-d3a6ac145073?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d79dc179-8f0e-47e3-9697-82d9c9d44be2": { "id": "d79dc179-8f0e-47e3-9697-82d9c9d44be2", "title": "WP Masquerade <= 1.1.0 - Authenticated (Subscriber+) Account Takeover", "software": [ { "type": "plugin", "name": "WP Masquerade", "slug": "wp-masquerade", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d79dc179-8f0e-47e3-9697-82d9c9d44be2?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d79ffe25-8acd-4b52-ac14-7df62247c0d4": { "id": "d79ffe25-8acd-4b52-ac14-7df62247c0d4", "title": "Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg", "slug": "borderless", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d79ffe25-8acd-4b52-ac14-7df62247c0d4?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7a02502-bc3c-4fd1-b6db-7b3c476c141f": { "id": "d7a02502-bc3c-4fd1-b6db-7b3c476c141f", "title": "Better Search <= 3.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Better Search \u2013 Relevant search results for WordPress", "slug": "better-search", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7a02502-bc3c-4fd1-b6db-7b3c476c141f?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7a05894-8f9d-442f-961c-2e80aa25c3db": { "id": "d7a05894-8f9d-442f-961c-2e80aa25c3db", "title": "WP-Backgrounds Lite <= 2.3 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP-Backgrounds Lite", "slug": "wp-backgrounds-lite", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7a05894-8f9d-442f-961c-2e80aa25c3db?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7a5d60e-5de1-4fc5-b6d1-88700d38e5f0": { "id": "d7a5d60e-5de1-4fc5-b6d1-88700d38e5f0", "title": "Member Approval <= 131109 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Member Approval", "slug": "member-approval", "affected_versions": { "* - 131109": { "from_version": "*", "from_inclusive": true, "to_version": "131109", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7a5d60e-5de1-4fc5-b6d1-88700d38e5f0?source=api-scan" ], "published": "2014-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7aceccc-7004-42f2-b085-eade9c45141c": { "id": "d7aceccc-7004-42f2-b085-eade9c45141c", "title": "Social Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7aceccc-7004-42f2-b085-eade9c45141c?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7b33199-d254-4d0c-88d0-ad2f7515d747": { "id": "d7b33199-d254-4d0c-88d0-ad2f7515d747", "title": "Kingkong Board <= 2.1.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Kingkong Board", "slug": "kingkong-board", "affected_versions": { "* - 2.1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7b33199-d254-4d0c-88d0-ad2f7515d747?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7b40a67-40b2-4f9b-9f31-0afaeaebbeab": { "id": "d7b40a67-40b2-4f9b-9f31-0afaeaebbeab", "title": "WP Page Builder <= 1.2.6 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Page Builder", "slug": "wp-pagebuilder", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7b40a67-40b2-4f9b-9f31-0afaeaebbeab?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7b566f6-58d9-448e-bccf-8806ef1ed3c2": { "id": "d7b566f6-58d9-448e-bccf-8806ef1ed3c2", "title": "Post Grid Elementor Addon <= 2.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag", "software": [ { "type": "plugin", "name": "Post Grid Elementor Addon", "slug": "post-grid-elementor-addon", "affected_versions": { "* - 2.0.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7b566f6-58d9-448e-bccf-8806ef1ed3c2?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7b67c83-7fb7-4bac-a8eb-7fc318f2ff50": { "id": "d7b67c83-7fb7-4bac-a8eb-7fc318f2ff50", "title": "Evergreen Content Poster <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media", "slug": "evergreen-content-poster", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7b67c83-7fb7-4bac-a8eb-7fc318f2ff50?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7b7b31a-2bc4-42b7-ba60-0f29fe65bbe7": { "id": "d7b7b31a-2bc4-42b7-ba60-0f29fe65bbe7", "title": "Hermit \u97f3\u4e50\u64ad\u653e\u5668 <= 3.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hermit \u97f3\u4e50\u64ad\u653e\u5668", "slug": "hermit", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7b7b31a-2bc4-42b7-ba60-0f29fe65bbe7?source=api-scan" ], "published": "2022-04-28 12:49:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7bee25e-7574-4d3d-ad58-9b30d99de525": { "id": "d7bee25e-7574-4d3d-ad58-9b30d99de525", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.1.6.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7bee25e-7574-4d3d-ad58-9b30d99de525?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7befdf6-07d7-42c9-876a-abb8f8f9c3df": { "id": "d7befdf6-07d7-42c9-876a-abb8f8f9c3df", "title": "Ninja Forms <= 3.6.25 - Missing Authorization to Form Submission Export", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7befdf6-07d7-42c9-876a-abb8f8f9c3df?source=api-scan" ], "published": "2023-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7bf5f3c-9577-4824-a8ae-e13827fa5166": { "id": "d7bf5f3c-9577-4824-a8ae-e13827fa5166", "title": "WP Slider Plugin <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Slider Plugin", "slug": "simple-slider-ssp", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7bf5f3c-9577-4824-a8ae-e13827fa5166?source=api-scan" ], "published": "2022-05-04 12:51:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7c05856-fbee-498d-9e9f-f0a232df6d24": { "id": "d7c05856-fbee-498d-9e9f-f0a232df6d24", "title": "Extra Product Options Builder for WooCommerce <= 1.2.104 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Extra Product Options Builder for WooCommerce", "slug": "additional-product-fields-for-woocommerce", "affected_versions": { "* - 1.2.104": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.104", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.105" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7c05856-fbee-498d-9e9f-f0a232df6d24?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7c0b933-469e-4f8b-94b2-8823568c5d45": { "id": "d7c0b933-469e-4f8b-94b2-8823568c5d45", "title": "Rough Chart <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rough Chart", "slug": "rough-chart", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7c0b933-469e-4f8b-94b2-8823568c5d45?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7c94c68-bf3c-49b0-b7eb-39374c6002aa": { "id": "d7c94c68-bf3c-49b0-b7eb-39374c6002aa", "title": "Edit Comments <= 0.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Edit Comments", "slug": "edit-comments", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7c94c68-bf3c-49b0-b7eb-39374c6002aa?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7ccbe77-939f-4828-9b86-40cd654cfce6": { "id": "d7ccbe77-939f-4828-9b86-40cd654cfce6", "title": "Charitable <= 1.8.1.7 - Missing Authorization via ajax_license_check()", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "* - 1.8.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7ccbe77-939f-4828-9b86-40cd654cfce6?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7d08bfd-9861-4e21-a696-25b00233ad94": { "id": "d7d08bfd-9861-4e21-a696-25b00233ad94", "title": "EWWW Image Optimizer <= 7.2.0 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "EWWW Image Optimizer", "slug": "ewww-image-optimizer", "affected_versions": { "[*, 7.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7d08bfd-9861-4e21-a696-25b00233ad94?source=api-scan" ], "published": "2023-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7d20733-d61b-4b2f-8597-528644f0bc26": { "id": "d7d20733-d61b-4b2f-8597-528644f0bc26", "title": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing", "slug": "wp-dark-mode", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7d20733-d61b-4b2f-8597-528644f0bc26?source=api-scan" ], "published": "2024-06-05 15:09:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7d381af-bb2a-43cb-9e5d-0b3d0e5f88f0": { "id": "d7d381af-bb2a-43cb-9e5d-0b3d0e5f88f0", "title": "Download Manager <= 2.8.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 2.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7d381af-bb2a-43cb-9e5d-0b3d0e5f88f0?source=api-scan" ], "published": "2016-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7d6d15c-067f-44cb-bd61-ff39bed7e356": { "id": "d7d6d15c-067f-44cb-bd61-ff39bed7e356", "title": "UserPro <= 4.9.27 - Privilege Escalation", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "[*, 4.9.28)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.28", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7d6d15c-067f-44cb-bd61-ff39bed7e356?source=api-scan" ], "published": "2018-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7d8d1e9-04d6-43f0-86a1-386cc1255802": { "id": "d7d8d1e9-04d6-43f0-86a1-386cc1255802", "title": "Toolset Types <= 1.2.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Toolset Types \u2013 Custom Post Types, Custom Fields and Taxonomies", "slug": "types", "affected_versions": { "* - 1.2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7d8d1e9-04d6-43f0-86a1-386cc1255802?source=api-scan" ], "published": "2013-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7d94443-3ab2-4d89-a580-2e9697d28cd7": { "id": "d7d94443-3ab2-4d89-a580-2e9697d28cd7", "title": "WordPress Core < 3.5.2 - Missing Authorization Checks", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7d94443-3ab2-4d89-a580-2e9697d28cd7?source=api-scan" ], "published": "2013-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7e18997-90be-4fa4-aa4f-3b79544e00f5": { "id": "d7e18997-90be-4fa4-aa4f-3b79544e00f5", "title": "Save as PDF plugin by Pdfcrowd <= 3.2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Save as PDF Plugin by Pdfcrowd", "slug": "save-as-pdf-by-pdfcrowd", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7e18997-90be-4fa4-aa4f-3b79544e00f5?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7e4dd2c-5f6a-4bce-a46b-7bdd9d460804": { "id": "d7e4dd2c-5f6a-4bce-a46b-7bdd9d460804", "title": "Geo Controller <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Geo Controller", "slug": "cf-geoplugin", "affected_versions": { "* - 8.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7e4dd2c-5f6a-4bce-a46b-7bdd9d460804?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e": { "id": "d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e", "title": "Crocoblock JetEngine <= 3.1.3 - Authenticated(Author+) Arbitrary File Upload to Remote Code Execution", "software": [ { "type": "plugin", "name": "JetEngine", "slug": "jet-engine", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7e81331-0b39-4490-8624-38078b3d5420": { "id": "d7e81331-0b39-4490-8624-38078b3d5420", "title": "Anti-Malware Security and Brute-Force Firewall <= 4.21.96 - Unauthenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "Anti-Malware Security and Brute-Force Firewall", "slug": "gotmls", "affected_versions": { "* - 4.21.96": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.23.56" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7e81331-0b39-4490-8624-38078b3d5420?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7eda36e-7cdf-444f-82ce-561ba96cd0f9": { "id": "d7eda36e-7cdf-444f-82ce-561ba96cd0f9", "title": "Simple Link Directory < 7.3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Link Directory", "slug": "simple-link-directory", "affected_versions": { "[*, 7.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7eda36e-7cdf-444f-82ce-561ba96cd0f9?source=api-scan" ], "published": "2019-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7edb3be-ffa9-4e80-addf-5e5aca6050ef": { "id": "d7edb3be-ffa9-4e80-addf-5e5aca6050ef", "title": "Pie Register < 3.0.18 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 3.0.18)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7edb3be-ffa9-4e80-addf-5e5aca6050ef?source=api-scan" ], "published": "2018-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7f024c5-80d8-490f-b448-9bccb877024b": { "id": "d7f024c5-80d8-490f-b448-9bccb877024b", "title": "Premium Courses & eLearning <= 1.0.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Premium Courses & eLearning with Paid Memberships Pro for LearnDash, LifterLMS, Sensei LMS & TutorLMS", "slug": "pmpro-courses", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7f024c5-80d8-490f-b448-9bccb877024b?source=api-scan" ], "published": "2022-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7f294af-7702-4762-806b-2abdb1454a7c": { "id": "d7f294af-7702-4762-806b-2abdb1454a7c", "title": "FV Flowplayer Video Player 6.1.2 - 6.6.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "6.1.2 - 6.6.4": { "from_version": "6.1.2", "from_inclusive": true, "to_version": "6.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7f294af-7702-4762-806b-2abdb1454a7c?source=api-scan" ], "published": "2018-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7f4e710-99a2-49df-a513-725e1daaa18a": { "id": "d7f4e710-99a2-49df-a513-725e1daaa18a", "title": "Post Meta Data Manager <=1.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Post Meta Data Manager", "slug": "post-meta-data-manager", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7f4e710-99a2-49df-a513-725e1daaa18a?source=api-scan" ], "published": "2023-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7f59489-9bff-4d22-8f99-6ea52d702ecf": { "id": "d7f59489-9bff-4d22-8f99-6ea52d702ecf", "title": "Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro", "slug": "back-in-stock-notifier-for-woocommerce", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7f59489-9bff-4d22-8f99-6ea52d702ecf?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d7fa63b7-2e7f-4ed5-96b9-ae06d429af47": { "id": "d7fa63b7-2e7f-4ed5-96b9-ae06d429af47", "title": "Zephyr Project Manager <= 3.3.100 - Authenticated (Subscriber+) Stored Cross-Site Scripting via filename Parameter", "software": [ { "type": "plugin", "name": "Zephyr Project Manager", "slug": "zephyr-project-manager", "affected_versions": { "* - 3.3.100": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.100", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.101" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d7fa63b7-2e7f-4ed5-96b9-ae06d429af47?source=api-scan" ], "published": "2024-08-02 20:41:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8009f10-85d0-4798-8b6b-c1e4452139af": { "id": "d8009f10-85d0-4798-8b6b-c1e4452139af", "title": "Fluid Responsive Slideshow < 2.2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fluid Responsive Slideshow", "slug": "fluid-responsive-slideshow", "affected_versions": { "[*, 2.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8009f10-85d0-4798-8b6b-c1e4452139af?source=api-scan" ], "published": "2016-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d80199a2-8a12-44f7-ba20-169d7af88c26": { "id": "d80199a2-8a12-44f7-ba20-169d7af88c26", "title": "Finale Lite <= 2.18.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation", "software": [ { "type": "plugin", "name": "Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce", "slug": "finale-woocommerce-sales-countdown-timer-discount", "affected_versions": { "* - 2.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d80199a2-8a12-44f7-ba20-169d7af88c26?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8029737-f3ad-4025-948a-ba0298c0869d": { "id": "d8029737-f3ad-4025-948a-ba0298c0869d", "title": "WP Job Manager <= 1.26.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Job Manager", "slug": "wp-job-manager", "affected_versions": { "[*, 1.26.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.26.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8029737-f3ad-4025-948a-ba0298c0869d?source=api-scan" ], "published": "2016-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8074af6-cb2c-44db-9110-517f33caa96e": { "id": "d8074af6-cb2c-44db-9110-517f33caa96e", "title": "LadiApp <= 4.4 - Missing Authorization via save_config()", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8074af6-cb2c-44db-9110-517f33caa96e?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d80ab1a4-19f9-4fea-87b4-1d2ba465e860": { "id": "d80ab1a4-19f9-4fea-87b4-1d2ba465e860", "title": "Web Directory Free <= 1.7.2 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Web Directory Free", "slug": "web-directory-free", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d80ab1a4-19f9-4fea-87b4-1d2ba465e860?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d80d583f-42c8-48fb-b757-88346c740b0e": { "id": "d80d583f-42c8-48fb-b757-88346c740b0e", "title": "eExamhall <= 4.0 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Online Exam Software : eExamhall", "slug": "eexamhall", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d80d583f-42c8-48fb-b757-88346c740b0e?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d811782e-3b59-4a46-9a2e-f24ef3dfbd4a": { "id": "d811782e-3b59-4a46-9a2e-f24ef3dfbd4a", "title": "Print Invoice & Delivery Notes for WooCommerce <= 4.7.2 - Cross-Site Request Forgery via ts_reset_tracking_setting", "software": [ { "type": "plugin", "name": "Print Invoice & Delivery Notes for WooCommerce", "slug": "woocommerce-delivery-notes", "affected_versions": { "* - 4.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d811782e-3b59-4a46-9a2e-f24ef3dfbd4a?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d81b2927-f855-48f2-b7ae-f1411bee0040": { "id": "d81b2927-f855-48f2-b7ae-f1411bee0040", "title": "Theme Editor <= 2.5 - Authenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Theme Editor", "slug": "theme-editor", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d81b2927-f855-48f2-b7ae-f1411bee0040?source=api-scan" ], "published": "2021-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d81ed8d9-4a7a-4b75-aab4-8e4dbd554f32": { "id": "d81ed8d9-4a7a-4b75-aab4-8e4dbd554f32", "title": "Mediamatic \u2013 Media Library Folders <= 2.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mediamatic \u2013 Media Library Folders", "slug": "mediamatic", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d81ed8d9-4a7a-4b75-aab4-8e4dbd554f32?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8272233-afb3-46f1-ab85-189a3923e29d": { "id": "d8272233-afb3-46f1-ab85-189a3923e29d", "title": "Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author", "software": [ { "type": "theme", "name": "Virtue", "slug": "virtue", "affected_versions": { "* - 3.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8272233-afb3-46f1-ab85-189a3923e29d?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d82d1dd2-b5b5-490a-92e5-1a4d4ab0085d": { "id": "d82d1dd2-b5b5-490a-92e5-1a4d4ab0085d", "title": "Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'edit'", "software": [ { "type": "plugin", "name": "Product Catalog Feed by PixelYourSite", "slug": "product-catalog-feed", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d82d1dd2-b5b5-490a-92e5-1a4d4ab0085d?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d82d43b9-4c70-4525-88ba-eec7c81a62c1": { "id": "d82d43b9-4c70-4525-88ba-eec7c81a62c1", "title": "CWW Companion <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CWW Companion", "slug": "cww-companion", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d82d43b9-4c70-4525-88ba-eec7c81a62c1?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d82e856b-c8c9-4139-ad54-89368e3b7125": { "id": "d82e856b-c8c9-4139-ad54-89368e3b7125", "title": "Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 2.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d82e856b-c8c9-4139-ad54-89368e3b7125?source=api-scan" ], "published": "2021-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d830b73c-0666-4632-8001-fe2c467a37a0": { "id": "d830b73c-0666-4632-8001-fe2c467a37a0", "title": "Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 7.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d830b73c-0666-4632-8001-fe2c467a37a0?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d831fa81-4714-4757-b75d-0a8f5edda910": { "id": "d831fa81-4714-4757-b75d-0a8f5edda910", "title": "Web Directory Free <= 1.6.8 - Authenticated (Contributor+) SQL Injection via post_id", "software": [ { "type": "plugin", "name": "Web Directory Free", "slug": "web-directory-free", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d831fa81-4714-4757-b75d-0a8f5edda910?source=api-scan" ], "published": "2023-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d83d1fd0-6e21-406e-a7c0-89d26eabbb32": { "id": "d83d1fd0-6e21-406e-a7c0-89d26eabbb32", "title": "Real Estate Manager <= 7.2 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Real Estate Manager \u2013 Property Listing and Agent Management", "slug": "real-estate-manager", "affected_versions": { "* - 7.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d844ca83-84e5-4b6c-ae26-f300c7328d78": { "id": "d844ca83-84e5-4b6c-ae26-f300c7328d78", "title": "WP ULike <= 4.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP ULike \u2013 All-in-One Engagement Toolkit", "slug": "wp-ulike", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d844ca83-84e5-4b6c-ae26-f300c7328d78?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8451f0f-0dfd-4926-aa35-75edf70ed6f2": { "id": "d8451f0f-0dfd-4926-aa35-75edf70ed6f2", "title": "Permalink Manager Lite <= 2.2.20 - Missing Authorization", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.2.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8451f0f-0dfd-4926-aa35-75edf70ed6f2?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8461a10-44e1-437a-ad6c-7107aeb66124": { "id": "d8461a10-44e1-437a-ad6c-7107aeb66124", "title": "WordPress Affiliates Plugin \u2014 SliceWP Affiliates <= 1.0.45 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliate Program Suite \u2014 SliceWP Affiliates", "slug": "slicewp", "affected_versions": { "* - 1.0.45": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8461a10-44e1-437a-ad6c-7107aeb66124?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d847e26b-8c11-4612-84d7-ff319ca374dc": { "id": "d847e26b-8c11-4612-84d7-ff319ca374dc", "title": "Elementor Website Builder <= 1.7.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 1.7.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d847e26b-8c11-4612-84d7-ff319ca374dc?source=api-scan" ], "published": "2017-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d84a934f-a807-4968-9db0-9a292767046b": { "id": "d84a934f-a807-4968-9db0-9a292767046b", "title": "Html5 Audio Player <= 2.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML5 Audio Player- Best WordPress Audio Player Plugin", "slug": "html5-audio-player", "affected_versions": { "* - 2.2.23": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d84a934f-a807-4968-9db0-9a292767046b?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d84ad258-8a0c-44b2-9897-03ad214e8493": { "id": "d84ad258-8a0c-44b2-9897-03ad214e8493", "title": "Barclaycart (All Versions) - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "barclaycart", "slug": "barclaycart", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d84ad258-8a0c-44b2-9897-03ad214e8493?source=api-scan" ], "published": "2014-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d84cf972-be7e-497c-b360-2ea491e44ad6": { "id": "d84cf972-be7e-497c-b360-2ea491e44ad6", "title": "WordPress Core < 2.8 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d84cf972-be7e-497c-b360-2ea491e44ad6?source=api-scan" ], "published": "2009-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d84f9b06-9127-4526-8f17-21608ec2f601": { "id": "d84f9b06-9127-4526-8f17-21608ec2f601", "title": "Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link", "software": [ { "type": "plugin", "name": "Global Elementor Buttons", "slug": "global-elementor-buttons", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d84f9b06-9127-4526-8f17-21608ec2f601?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d857324c-94c9-471a-9da8-0b8c9bb50262": { "id": "d857324c-94c9-471a-9da8-0b8c9bb50262", "title": "Ultimate Addons for Contact Form 7 <= 3.1.0 - Reflected Cross-Site Scripting via 'page'", "software": [ { "type": "plugin", "name": "Ultimate Addons for Contact Form 7", "slug": "ultimate-addons-for-contact-form-7", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d857324c-94c9-471a-9da8-0b8c9bb50262?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d85b98c3-c912-4467-962c-eb64465266b2": { "id": "d85b98c3-c912-4467-962c-eb64465266b2", "title": "WP Cloudy <= 4.4.9 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Cloudy, weather plugin", "slug": "wp-cloudy", "affected_versions": { "* - 4.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d85b98c3-c912-4467-962c-eb64465266b2?source=api-scan" ], "published": "2021-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8616189-5ab8-4db0-ab9e-768cc738aeb6": { "id": "d8616189-5ab8-4db0-ab9e-768cc738aeb6", "title": "Jetpack <= 3.5.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8616189-5ab8-4db0-ab9e-768cc738aeb6?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8624f48-9938-4114-a55a-e635ca0dff2c": { "id": "d8624f48-9938-4114-a55a-e635ca0dff2c", "title": "Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "buddybadges", "slug": "buddybadges", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8624f48-9938-4114-a55a-e635ca0dff2c?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d862e8e6-ecf6-41f5-8f40-1225ecec7e1f": { "id": "d862e8e6-ecf6-41f5-8f40-1225ecec7e1f", "title": "New Adman <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "New Adman", "slug": "new-adman", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d862e8e6-ecf6-41f5-8f40-1225ecec7e1f?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d86aa41c-24df-49ec-b273-7bb57addddde": { "id": "d86aa41c-24df-49ec-b273-7bb57addddde", "title": "Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion", "software": [ { "type": "plugin", "name": "Tickera \u2013 WordPress Event Ticketing", "slug": "tickera-event-ticketing-system", "affected_versions": { "* - 3.5.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d86aa41c-24df-49ec-b273-7bb57addddde?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d86c720b-ede6-4789-ba83-2d035e1641bf": { "id": "d86c720b-ede6-4789-ba83-2d035e1641bf", "title": "Gift Vouchers <= 4.4.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)", "slug": "gift-voucher", "affected_versions": { "* - 4.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d86c720b-ede6-4789-ba83-2d035e1641bf?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d870ff8d-ea4b-4777-9892-0d9982182b9f": { "id": "d870ff8d-ea4b-4777-9892-0d9982182b9f", "title": "Calculated Fields Form <= 1.2.52 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.2.52": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d87134e8-9d73-4a39-b071-37a5dac033b4": { "id": "d87134e8-9d73-4a39-b071-37a5dac033b4", "title": "Translate WordPress and go Multilingual \u2013 Weglot <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes", "software": [ { "type": "plugin", "name": "Translate WordPress and go Multilingual \u2013 Weglot", "slug": "weglot", "affected_versions": { "* - 4.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d87134e8-9d73-4a39-b071-37a5dac033b4?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d874f9d7-c532-467d-9e3d-9529dd5bdc47": { "id": "d874f9d7-c532-467d-9e3d-9529dd5bdc47", "title": "Pods <= 2.9.10.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "* - 2.9.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d874f9d7-c532-467d-9e3d-9529dd5bdc47?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d875969e-3749-4f0b-a807-36609bfca4d3": { "id": "d875969e-3749-4f0b-a807-36609bfca4d3", "title": "BulletProof Security <= .48.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "* - .48.9": { "from_version": "*", "from_inclusive": true, "to_version": ".48.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ ".49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d875969e-3749-4f0b-a807-36609bfca4d3?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8781ed1-6609-4965-9ba2-30e70eac1c1a": { "id": "d8781ed1-6609-4965-9ba2-30e70eac1c1a", "title": "Lightbox Gallery <= 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Lightbox Gallery", "slug": "lightbox-gallery", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8781ed1-6609-4965-9ba2-30e70eac1c1a?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d888cd53-415c-4667-b35a-5b3bd2226eeb": { "id": "d888cd53-415c-4667-b35a-5b3bd2226eeb", "title": "Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Viewer Block for Gutenberg", "slug": "pdf-viewer-block", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d888cd53-415c-4667-b35a-5b3bd2226eeb?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d88a7c35-fe98-48eb-960b-0e4f8fcab4cb": { "id": "d88a7c35-fe98-48eb-960b-0e4f8fcab4cb", "title": "Easy Digital Downloads \u2013 Product Reviews <= 1.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads - Product Reviews", "slug": "edd-product-reviews", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d88a7c35-fe98-48eb-960b-0e4f8fcab4cb?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d88eb628-09c9-451c-b5ae-f26a93514447": { "id": "d88eb628-09c9-451c-b5ae-f26a93514447", "title": "Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Continuous announcement scroller", "slug": "continuous-announcement-scroller", "affected_versions": { "* - 13.0": { "from_version": "*", "from_inclusive": true, "to_version": "13.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d88eb628-09c9-451c-b5ae-f26a93514447?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d890e7a5-ea9f-40e5-9549-a6f26421b043": { "id": "d890e7a5-ea9f-40e5-9549-a6f26421b043", "title": "Easy Load More <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Load More", "slug": "easy-load-more", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d890e7a5-ea9f-40e5-9549-a6f26421b043?source=api-scan" ], "published": "2024-09-30 19:13:05", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d891caca-40be-4905-b5c3-bc3f2ddcd3cd": { "id": "d891caca-40be-4905-b5c3-bc3f2ddcd3cd", "title": "AZAN Plugin <= 0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AZAN Plugin", "slug": "azan", "affected_versions": { "* - 0.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d891caca-40be-4905-b5c3-bc3f2ddcd3cd?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d893edd0-8a60-43fd-94bb-3b52cea1d00e": { "id": "d893edd0-8a60-43fd-94bb-3b52cea1d00e", "title": "BackupBuddy < 3.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "BackupBuddy", "slug": "backupbuddy", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d893edd0-8a60-43fd-94bb-3b52cea1d00e?source=api-scan" ], "published": "2013-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d897daf8-5320-4546-9a63-1d34a15b2a58": { "id": "d897daf8-5320-4546-9a63-1d34a15b2a58", "title": "AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d897daf8-5320-4546-9a63-1d34a15b2a58?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d89918e1-b525-4d32-9b11-5e014eb02c16": { "id": "d89918e1-b525-4d32-9b11-5e014eb02c16", "title": "Auto Affiliate Links <= 6.4.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "* - 6.4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d89918e1-b525-4d32-9b11-5e014eb02c16?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d89cf759-5e5f-43e2-90a9-a8e554653ee1": { "id": "d89cf759-5e5f-43e2-90a9-a8e554653ee1", "title": "Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation", "software": [ { "type": "plugin", "name": "Hostinger Tools", "slug": "hostinger", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d89cf759-5e5f-43e2-90a9-a8e554653ee1?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d89ff7ef-e184-4993-9496-867f7bf28a4b": { "id": "d89ff7ef-e184-4993-9496-867f7bf28a4b", "title": "JobSearch WP Job Board <= 1.5.2 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d89ff7ef-e184-4993-9496-867f7bf28a4b?source=api-scan" ], "published": "2020-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8a12e1d-f46a-499e-bfd6-185d5b955071": { "id": "d8a12e1d-f46a-499e-bfd6-185d5b955071", "title": "Ecwid Ecommerce Shopping Cart <= 6.10.22 - Insufficient Access Control on Multiple AJAX Actions", "software": [ { "type": "plugin", "name": "Ecwid by Lightspeed Ecommerce Shopping Cart", "slug": "ecwid-shopping-cart", "affected_versions": { "* - 6.10.22": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.10.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8a12e1d-f46a-499e-bfd6-185d5b955071?source=api-scan" ], "published": "2022-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8a3e69e-b6d2-495a-878d-1c2329e9e553": { "id": "d8a3e69e-b6d2-495a-878d-1c2329e9e553", "title": "WPtouch <= 1.9.8 - SQL Injection", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "[*, 1.9.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8a3e69e-b6d2-495a-878d-1c2329e9e553?source=api-scan" ], "published": "2011-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8a490c6-14c1-4c71-b44c-1e362cc892a8": { "id": "d8a490c6-14c1-4c71-b44c-1e362cc892a8", "title": "WooCommerce Multi Currency <= 2.1.17 - Missing Authorization", "software": [ { "type": "plugin", "name": "CURCY \u2013 Multi Currency for WooCommerce \u2013 The best free currency exchange plugin \u2013 Run smoothly on WooCommerce 8.x", "slug": "woo-multi-currency", "affected_versions": { "* - 2.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8a56a1c-6af0-47e6-906c-bb3eb1440eb9": { "id": "d8a56a1c-6af0-47e6-906c-bb3eb1440eb9", "title": "My Calendar < 2.3.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Calendar \u2013 Accessible Event Manager", "slug": "my-calendar", "affected_versions": { "[*, 2.3.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8a56a1c-6af0-47e6-906c-bb3eb1440eb9?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8b544ba-8530-4c00-a8a8-b24d8b68a33a": { "id": "d8b544ba-8530-4c00-a8a8-b24d8b68a33a", "title": "Double Opt-In for Download <= 2.0.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Double Opt-In for Download", "slug": "double-opt-in-for-download", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8b544ba-8530-4c00-a8a8-b24d8b68a33a?source=api-scan" ], "published": "2016-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8ba1a2f-d4f9-4cfe-9a42-ec2e116aed1b": { "id": "d8ba1a2f-d4f9-4cfe-9a42-ec2e116aed1b", "title": "Rezgo Online Booking <= 4.1.7 - Reflected Cross-Site-Scripting", "software": [ { "type": "plugin", "name": "Rezgo Online Booking", "slug": "rezgo", "affected_versions": { "4.1.7": { "from_version": "4.1.7", "from_inclusive": true, "to_version": "4.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8ba1a2f-d4f9-4cfe-9a42-ec2e116aed1b?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8ba4a74-6649-4566-b9d5-19662539158b": { "id": "d8ba4a74-6649-4566-b9d5-19662539158b", "title": "RegistrationMagic <= 5.0.1.5 - SQL Injection", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.0.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8ba4a74-6649-4566-b9d5-19662539158b?source=api-scan" ], "published": "2022-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8bf1d64-8012-4588-9897-aa8bb0cacfb6": { "id": "d8bf1d64-8012-4588-9897-aa8bb0cacfb6", "title": "GiveWP <= 3.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8bf1d64-8012-4588-9897-aa8bb0cacfb6?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8c0cd48-b27c-4bc1-9e5f-d918448290fb": { "id": "d8c0cd48-b27c-4bc1-9e5f-d918448290fb", "title": "Trade Runner <= 3.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Trade Runner", "slug": "traderunner", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8c0cd48-b27c-4bc1-9e5f-d918448290fb?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8c19868-49c2-4ee2-883a-93549e65d41a": { "id": "d8c19868-49c2-4ee2-883a-93549e65d41a", "title": "SimpleModal Contact Form (SMCF) <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SimpleModal Contact Form (SMCF)", "slug": "simplemodal-contact-form-smcf", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8c19868-49c2-4ee2-883a-93549e65d41a?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8c89641-805f-4f23-9eae-01e05fde19d0": { "id": "d8c89641-805f-4f23-9eae-01e05fde19d0", "title": ".htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": ".htaccess Redirect", "slug": "htaccess-redirect", "affected_versions": { "* - 0.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8c89641-805f-4f23-9eae-01e05fde19d0?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8ce9ab4-d6d6-4e06-a042-145db02cf7ba": { "id": "d8ce9ab4-d6d6-4e06-a042-145db02cf7ba", "title": "Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Responsive Contact Form Builder & Lead Generation Plugin", "slug": "lead-form-builder", "affected_versions": { "* - 1.8.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8ce9ab4-d6d6-4e06-a042-145db02cf7ba?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8cf8cff-9d69-4593-afd5-1fc9a10ebd14": { "id": "d8cf8cff-9d69-4593-afd5-1fc9a10ebd14", "title": "Verbosa <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Verbosa", "slug": "verbosa", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8cf8cff-9d69-4593-afd5-1fc9a10ebd14?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8d17ee3-73b3-4f58-8d08-14bbf2d9d9d8": { "id": "d8d17ee3-73b3-4f58-8d08-14bbf2d9d9d8", "title": "Adaptive Images for WordPress <= 0.6.66 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Adaptive Images for WordPress", "slug": "adaptive-images", "affected_versions": { "[*, 0.6.67)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8d17ee3-73b3-4f58-8d08-14bbf2d9d9d8?source=api-scan" ], "published": "2019-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8d44f9b-0eee-49ee-b640-40f3bd377be0": { "id": "d8d44f9b-0eee-49ee-b640-40f3bd377be0", "title": "WooCommerce \u2013 Product Importer <= 1.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce \u2013 Product Importer", "slug": "woocommerce-product-importer", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8d44f9b-0eee-49ee-b640-40f3bd377be0?source=api-scan" ], "published": "2022-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8d52ced-807b-48c0-bb7a-e40d143ae5d3": { "id": "d8d52ced-807b-48c0-bb7a-e40d143ae5d3", "title": "PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8d52ced-807b-48c0-bb7a-e40d143ae5d3?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8d6684a-5e79-4103-921d-4d997deecd23": { "id": "d8d6684a-5e79-4103-921d-4d997deecd23", "title": "UiPress lite <= 3.4.06 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "UiPress lite | Effortless custom dashboards, admin themes and pages", "slug": "uipress-lite", "affected_versions": { "* - 3.4.06": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8d6684a-5e79-4103-921d-4d997deecd23?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8da513f-19b1-4ec4-b3ad-dc3a7bb6ab49": { "id": "d8da513f-19b1-4ec4-b3ad-dc3a7bb6ab49", "title": "SP Projects & Document Manager <= 2.5.9.5 - SQL Injection", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 2.5.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8da513f-19b1-4ec4-b3ad-dc3a7bb6ab49?source=api-scan" ], "published": "2016-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8db8ed5-ebeb-4102-928f-fe417e429ad2": { "id": "d8db8ed5-ebeb-4102-928f-fe417e429ad2", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8db8ed5-ebeb-4102-928f-fe417e429ad2?source=api-scan" ], "published": "2024-05-20 20:36:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8e23501-9fc4-484b-b308-a9c51494bc9d": { "id": "d8e23501-9fc4-484b-b308-a9c51494bc9d", "title": "LaTeX <= 3.4.10 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LaTeX for WordPress", "slug": "latex", "affected_versions": { "* - 3.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8e23501-9fc4-484b-b308-a9c51494bc9d?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8e64525-6080-40f3-a296-389b800a5e8a": { "id": "d8e64525-6080-40f3-a296-389b800a5e8a", "title": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8e64525-6080-40f3-a296-389b800a5e8a?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8e849fb-76e0-427a-8e05-d340add1c150": { "id": "d8e849fb-76e0-427a-8e05-d340add1c150", "title": "FCChat Widget < 2.2.13.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "FCChat Widget", "slug": "fcchat", "affected_versions": { "[*, 2.2.13.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.13.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.13.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8e849fb-76e0-427a-8e05-d340add1c150?source=api-scan" ], "published": "2012-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8e967ce-fd36-44de-acca-c1985642ee5b": { "id": "d8e967ce-fd36-44de-acca-c1985642ee5b", "title": "Custom Field Suite <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8e967ce-fd36-44de-acca-c1985642ee5b?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8ec03c6-6ea9-4017-915a-e10b757d98ff": { "id": "d8ec03c6-6ea9-4017-915a-e10b757d98ff", "title": "Clock In Portal <= 2.1 - Cross-Site Request Forgery to Staff Deletion", "software": [ { "type": "plugin", "name": "Clock In Portal- Staff & Attendance Management", "slug": "clock-in-portal", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8ec03c6-6ea9-4017-915a-e10b757d98ff?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8ee82cf-916c-41e9-82d2-f25cc7a632ae": { "id": "d8ee82cf-916c-41e9-82d2-f25cc7a632ae", "title": "PropertyHive <= 2.0.5 - Unauthenticated PHP Object Injection via propertyhive_currency", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8ee82cf-916c-41e9-82d2-f25cc7a632ae?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8f40034-c868-4337-bf0a-385a961f9c35": { "id": "d8f40034-c868-4337-bf0a-385a961f9c35", "title": "Gutenverse <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenverse \u2013 Ultimate Block Addons and Page Builder for Site Editor", "slug": "gutenverse", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8f40034-c868-4337-bf0a-385a961f9c35?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8f6d1cb-330b-4405-9249-4dd1c0e98922": { "id": "d8f6d1cb-330b-4405-9249-4dd1c0e98922", "title": "Google Doc Embedder <= 2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Doc Embedder", "slug": "google-document-embedder", "affected_versions": { "[*, 2.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8f6d1cb-330b-4405-9249-4dd1c0e98922?source=api-scan" ], "published": "2016-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8f7d1c3-50eb-44ef-a832-a0230ff1406f": { "id": "d8f7d1c3-50eb-44ef-a832-a0230ff1406f", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8f7d1c3-50eb-44ef-a832-a0230ff1406f?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8f94588-635c-44b2-bd7e-af3068734713": { "id": "d8f94588-635c-44b2-bd7e-af3068734713", "title": "Materialis Companion <= 1.3.39 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Materialis Companion", "slug": "materialis-companion", "affected_versions": { "* - 1.3.39": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8f94588-635c-44b2-bd7e-af3068734713?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8fab229-cd6b-45a3-9e80-a03a1704ad3e": { "id": "d8fab229-cd6b-45a3-9e80-a03a1704ad3e", "title": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock", "slug": "countdown-builder", "affected_versions": { "* - 2.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8fab229-cd6b-45a3-9e80-a03a1704ad3e?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d8fb20fb-a795-4ab0-9614-6ae6ac4f2eda": { "id": "d8fb20fb-a795-4ab0-9614-6ae6ac4f2eda", "title": "Images Optimize and Upload CF7 <= 2.1.4 - Missing Authorization to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Images Optimize and Upload CF7", "slug": "images-optimize-and-upload-cf7", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d8fb20fb-a795-4ab0-9614-6ae6ac4f2eda?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d900584c-0f58-4abc-92ff-841f898d02fc": { "id": "d900584c-0f58-4abc-92ff-841f898d02fc", "title": "Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection", "software": [ { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.3.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d900584c-0f58-4abc-92ff-841f898d02fc?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9022afe-0c79-413b-ac0a-a1d32ec09619": { "id": "d9022afe-0c79-413b-ac0a-a1d32ec09619", "title": "Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update", "software": [ { "type": "plugin", "name": "Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells", "slug": "funnel-builder", "affected_versions": { "* - 3.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9022afe-0c79-413b-ac0a-a1d32ec09619?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d906992f-8675-4170-8643-48799ae7ac7c": { "id": "d906992f-8675-4170-8643-48799ae7ac7c", "title": "Pretty Links \u2013 Link Management, Branding, Tracking & Sharing Plugin <= 1.6.7 - SQL Injection", "software": [ { "type": "plugin", "name": "PrettyLinks \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "pretty-link", "affected_versions": { "[*, 1.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d906992f-8675-4170-8643-48799ae7ac7c?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d908e8ac-6864-4951-bbef-8d98ac641912": { "id": "d908e8ac-6864-4951-bbef-8d98ac641912", "title": "WPBulky <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPBulky \u2013 WordPress Bulk Edit Post Types", "slug": "wpbulky-wp-bulk-edit-post-types", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d908e8ac-6864-4951-bbef-8d98ac641912?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2": { "id": "d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2", "title": "Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "[*, 2.7.31)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.31", "to_inclusive": false }, "[2.8, 2.8.23.2)": { "from_version": "2.8", "from_inclusive": true, "to_version": "2.8.23.2", "to_inclusive": false }, "[3, 3.0.10.2)": { "from_version": "3", "from_inclusive": true, "to_version": "3.0.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.31.2", "2.8.23.2", "2.9.19.2", "3.0.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d911be19-6b8c-4e38-b955-7f8826aeed8a": { "id": "d911be19-6b8c-4e38-b955-7f8826aeed8a", "title": "Products, Order & Customers Export for WooCommerce <= 2.0.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Products, Order & Customers Export for WooCommerce", "slug": "export-woocommerce", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d911be19-6b8c-4e38-b955-7f8826aeed8a?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9189eb3-be7f-42e1-92cc-b48af5615eb9": { "id": "d9189eb3-be7f-42e1-92cc-b48af5615eb9", "title": "Inactive Logout <= 3.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Inactive Logout", "slug": "inactive-logout", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9189eb3-be7f-42e1-92cc-b48af5615eb9?source=api-scan" ], "published": "2023-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d918b6ae-a72c-48dc-885b-19be49d578dc": { "id": "d918b6ae-a72c-48dc-885b-19be49d578dc", "title": "RealHomes <= 4.0.2 - Missing Authorization", "software": [ { "type": "theme", "name": "RealHomes", "slug": "realhomes", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d918b6ae-a72c-48dc-885b-19be49d578dc?source=api-scan" ], "published": "2023-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d918cfa5-8bae-45a0-a888-06f4cdb2ef33": { "id": "d918cfa5-8bae-45a0-a888-06f4cdb2ef33", "title": "WebLibrarian < 3.4.8.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WebLibrarian", "slug": "weblibrarian", "affected_versions": { "[*, 3.4.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d918cfa5-8bae-45a0-a888-06f4cdb2ef33?source=api-scan" ], "published": "2017-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d91a2713-238b-4c56-bff8-9129d77f4d77": { "id": "d91a2713-238b-4c56-bff8-9129d77f4d77", "title": "Simple Download Monitor <= 3.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "[*, 3.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d91a2713-238b-4c56-bff8-9129d77f4d77?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d91ea0c9-ee41-4c8f-a16b-8b36c7f0a72e": { "id": "d91ea0c9-ee41-4c8f-a16b-8b36c7f0a72e", "title": "WordPress Core < 3.6.1 - Deserialization", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d91ea0c9-ee41-4c8f-a16b-8b36c7f0a72e?source=api-scan" ], "published": "2013-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9244775-eab8-4cf4-98bb-97e467dcc5cf": { "id": "d9244775-eab8-4cf4-98bb-97e467dcc5cf", "title": "AdRotate \u2013 Ad manager & AdSense Ads <= 5.2 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "* - 5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9244775-eab8-4cf4-98bb-97e467dcc5cf?source=api-scan" ], "published": "2019-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d928b738-d8ed-447a-b604-e71e90d4d23d": { "id": "d928b738-d8ed-447a-b604-e71e90d4d23d", "title": "WordPress Core < 2.8.4 - Forced Password Reset", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d928b738-d8ed-447a-b604-e71e90d4d23d?source=api-scan" ], "published": "2009-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d92b9c21-067b-41c3-a385-a65faa8dd0ae": { "id": "d92b9c21-067b-41c3-a385-a65faa8dd0ae", "title": "TPG Redirect <= 1.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "TPG Redirect", "slug": "tpg-redirect", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d92b9c21-067b-41c3-a385-a65faa8dd0ae?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d92bfa61-7ae2-427a-8f3a-82709471735b": { "id": "d92bfa61-7ae2-427a-8f3a-82709471735b", "title": "WP Discord Invite < 2.5.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP Discord Invite", "slug": "wp-discord-invite", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d92bfa61-7ae2-427a-8f3a-82709471735b?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d93006ac-037f-4291-b945-afa38358a037": { "id": "d93006ac-037f-4291-b945-afa38358a037", "title": "Contextual Related Posts <= 2.9.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contextual Related Posts", "slug": "contextual-related-posts", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d93006ac-037f-4291-b945-afa38358a037?source=api-scan" ], "published": "2020-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9318d57-499b-4804-8f83-1e4a68c5790f": { "id": "d9318d57-499b-4804-8f83-1e4a68c5790f", "title": "Inline Related Posts <= 3.5.0 - Information Exposure", "software": [ { "type": "plugin", "name": "Inline Related Posts", "slug": "intelly-related-posts", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9318d57-499b-4804-8f83-1e4a68c5790f?source=api-scan" ], "published": "2024-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d93c70d6-c439-4bcd-a855-b71896bf9d22": { "id": "d93c70d6-c439-4bcd-a855-b71896bf9d22", "title": "Prismatic <= 2.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Prismatic", "slug": "prismatic", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d93c70d6-c439-4bcd-a855-b71896bf9d22?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d93c9c2d-1216-44e6-bdb8-d419a9ba6c6e": { "id": "d93c9c2d-1216-44e6-bdb8-d419a9ba6c6e", "title": "Mediavine Control Panel <= 2.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mediavine Control Panel", "slug": "mediavine-control-panel", "affected_versions": { "* - 2.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d93c9c2d-1216-44e6-bdb8-d419a9ba6c6e?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d93e0175-db55-42ab-8475-cd0f47e5dcbb": { "id": "d93e0175-db55-42ab-8475-cd0f47e5dcbb", "title": "Duplicate Theme <= 0.1.6 - Cross-Site Request Forgery via themeDuplicationAction", "software": [ { "type": "plugin", "name": "Duplicate Theme", "slug": "duplicate-theme", "affected_versions": { "* - 0.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d93e0175-db55-42ab-8475-cd0f47e5dcbb?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9450e6b-df5e-4265-a3df-08cb10eb8dc0": { "id": "d9450e6b-df5e-4265-a3df-08cb10eb8dc0", "title": "Kiddo Theme (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "kiddo", "slug": "kiddo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9450e6b-df5e-4265-a3df-08cb10eb8dc0?source=api-scan" ], "published": "2014-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9456921-e56a-402f-a80a-fd5659b9aac6": { "id": "d9456921-e56a-402f-a80a-fd5659b9aac6", "title": "ExactMetrics <= 7.12.0 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ExactMetrics \u2013 Google Analytics Dashboard for WordPress (Website Stats Plugin)", "slug": "google-analytics-dashboard-for-wp", "affected_versions": { "* - 7.12.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.12.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9456921-e56a-402f-a80a-fd5659b9aac6?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d94661c1-2d70-4943-9452-b51a76116ebb": { "id": "d94661c1-2d70-4943-9452-b51a76116ebb", "title": "Booster for WooCommerce <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+) Order Information Disclosure", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d94661c1-2d70-4943-9452-b51a76116ebb?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d946d4b5-bed7-4808-b133-783b2dcd7992": { "id": "d946d4b5-bed7-4808-b133-783b2dcd7992", "title": "WCFM Frontend Manager <= 6.6.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible", "slug": "wc-frontend-manager", "affected_versions": { "6.6.0": { "from_version": "6.6.0", "from_inclusive": true, "to_version": "6.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d946d4b5-bed7-4808-b133-783b2dcd7992?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d94bcbf7-c20e-4b04-b4de-f68f9a793b73": { "id": "d94bcbf7-c20e-4b04-b4de-f68f9a793b73", "title": "Quiz And Survey Master <= 6.2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 6.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d94bcbf7-c20e-4b04-b4de-f68f9a793b73?source=api-scan" ], "published": "2019-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d94c0775-3852-463f-b393-1a12e63548e0": { "id": "d94c0775-3852-463f-b393-1a12e63548e0", "title": "WOOF - Products Filter for WooCommerce <= 1.2.6.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "[*, 1.2.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d94c0775-3852-463f-b393-1a12e63548e0?source=api-scan" ], "published": "2021-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d94f0347-2167-4840-b21c-3279de0f9325": { "id": "d94f0347-2167-4840-b21c-3279de0f9325", "title": "WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via Referer Header", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "* - 1.5.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d94f0347-2167-4840-b21c-3279de0f9325?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d94f6cdd-8232-4e0c-b510-0e755c280b58": { "id": "d94f6cdd-8232-4e0c-b510-0e755c280b58", "title": "Site Reviews <= 6.5.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 6.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d94f6cdd-8232-4e0c-b510-0e755c280b58?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d951e6b4-986a-400a-ab28-066a4ea5cbca": { "id": "d951e6b4-986a-400a-ab28-066a4ea5cbca", "title": "Quick Contact Form < 6.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quick Contact Form", "slug": "quick-contact-form", "affected_versions": { "[*, 6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d951e6b4-986a-400a-ab28-066a4ea5cbca?source=api-scan" ], "published": "2013-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d95295ed-4878-414d-be6b-bfb3e9076cca": { "id": "d95295ed-4878-414d-be6b-bfb3e9076cca", "title": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.11 - Unauthenticated Information Disclosure via Unprotected Directories", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d95295ed-4878-414d-be6b-bfb3e9076cca?source=api-scan" ], "published": "2024-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9545264-0434-4976-b94e-4e520e5ae9c6": { "id": "d9545264-0434-4976-b94e-4e520e5ae9c6", "title": "Postie <= 1.9.40 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Postie", "slug": "postie", "affected_versions": { "[*, 1.9.41)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.41", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9545264-0434-4976-b94e-4e520e5ae9c6?source=api-scan" ], "published": "2020-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d95b01c3-5db4-40ac-8787-0db58a9cc3a6": { "id": "d95b01c3-5db4-40ac-8787-0db58a9cc3a6", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ajax_deactivate'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d95b01c3-5db4-40ac-8787-0db58a9cc3a6?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d95d8ca6-a36e-4d95-bce3-ead237dac938": { "id": "d95d8ca6-a36e-4d95-bce3-ead237dac938", "title": "Tabs Responsive <= 2.2.7 - Editor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tabs Responsive \u2013 With WooCommerce Product Tabs Extension", "slug": "tabs-responsive", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d95d8ca6-a36e-4d95-bce3-ead237dac938?source=api-scan" ], "published": "2022-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9606d92-8061-4dfc-a6e2-509b54613277": { "id": "d9606d92-8061-4dfc-a6e2-509b54613277", "title": "Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9606d92-8061-4dfc-a6e2-509b54613277?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d964e0ef-f14e-463b-bf4e-3f25788df03c": { "id": "d964e0ef-f14e-463b-bf4e-3f25788df03c", "title": "Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset", "software": [ { "type": "theme", "name": "Yuki", "slug": "yuki", "affected_versions": { "* - 1.3.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d964e0ef-f14e-463b-bf4e-3f25788df03c?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d969fb35-2ee9-42ca-a9e8-f6453a1e6be9": { "id": "d969fb35-2ee9-42ca-a9e8-f6453a1e6be9", "title": "Companion Auto Update <= 3.3.5 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Companion Auto Update", "slug": "companion-auto-update", "affected_versions": { "[*, 3.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d969fb35-2ee9-42ca-a9e8-f6453a1e6be9?source=api-scan" ], "published": "2019-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d96a3d43-81dd-4c23-984b-a9ddf450164b": { "id": "d96a3d43-81dd-4c23-984b-a9ddf450164b", "title": "WP Media folder <= 5.7.2 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change", "software": [ { "type": "plugin", "name": "WP Media folder", "slug": "wp-media-folder", "affected_versions": { "* - 5.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d96a3d43-81dd-4c23-984b-a9ddf450164b?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d96c9b04-6850-40ab-8006-81cca8a9dffe": { "id": "d96c9b04-6850-40ab-8006-81cca8a9dffe", "title": "CM Ad Changer <= 1.7.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Ad Changer \u2013 Ad Manager and Ad Server", "slug": "cm-ad-changer", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d96c9b04-6850-40ab-8006-81cca8a9dffe?source=api-scan" ], "published": "2016-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d96e5986-8c89-4e7e-aa63-f41aa13eeff4": { "id": "d96e5986-8c89-4e7e-aa63-f41aa13eeff4", "title": "WP Post Columns <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Post Columns", "slug": "wp-post-columns", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d96e5986-8c89-4e7e-aa63-f41aa13eeff4?source=api-scan" ], "published": "2023-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d970a9f6-69f6-42d2-b863-82b8110e52c3": { "id": "d970a9f6-69f6-42d2-b863-82b8110e52c3", "title": "Taggbox <= 3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tagbox \u2013 UGC Galleries, Social Media Widgets, User Reviews & Analytics", "slug": "taggbox-widget", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d970a9f6-69f6-42d2-b863-82b8110e52c3?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d970e2fa-ba2f-4c0f-8ff4-10041b9c276e": { "id": "d970e2fa-ba2f-4c0f-8ff4-10041b9c276e", "title": "AI ChatBot with ChatGPT and Content Generator by AYS <= 2.0.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "AI ChatBot with ChatGPT and Content Generator by AYS", "slug": "ays-chatgpt-assistant", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d970e2fa-ba2f-4c0f-8ff4-10041b9c276e?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9731e3a-4972-4e1e-b6cd-4bc00a6e9552": { "id": "d9731e3a-4972-4e1e-b6cd-4bc00a6e9552", "title": "AZIndex <= 0.8.1 - Cross-Site Request Forgery to Index Deletion", "software": [ { "type": "plugin", "name": "AZIndex", "slug": "azindex", "affected_versions": { "* - 0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9731e3a-4972-4e1e-b6cd-4bc00a6e9552?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d97761cb-8645-474d-9f9a-15ecdd426db4": { "id": "d97761cb-8645-474d-9f9a-15ecdd426db4", "title": "Theme Blvd Responsive Google Maps <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Theme Blvd Responsive Google Maps", "slug": "theme-blvd-responsive-google-maps", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d97761cb-8645-474d-9f9a-15ecdd426db4?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d979f899-8cdc-4230-b1b5-865c025dc86a": { "id": "d979f899-8cdc-4230-b1b5-865c025dc86a", "title": "My YouTube Channel <= 3.0.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My YouTube Channel", "slug": "youtube-channel", "affected_versions": { "* - 3.0.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d979f899-8cdc-4230-b1b5-865c025dc86a?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d97af468-d345-4d19-a1b0-f42d890a34d8": { "id": "d97af468-d345-4d19-a1b0-f42d890a34d8", "title": "WP Performance Score Booster <= 2.0 - Settings Change via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Performance Score Booster \u2013 Optimize Speed, Enable Cache & Page Preload", "slug": "wp-performance-score-booster", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d97af468-d345-4d19-a1b0-f42d890a34d8?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d97b6f64-a596-4c83-8ab5-98b4b246897f": { "id": "d97b6f64-a596-4c83-8ab5-98b4b246897f", "title": "Formidable Form Builder <= 1.07.11 - SQL Injection", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 1.07.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.07.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d97b6f64-a596-4c83-8ab5-98b4b246897f?source=api-scan" ], "published": "2016-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d97ba75a-278d-4239-bfcf-53b5396fe321": { "id": "d97ba75a-278d-4239-bfcf-53b5396fe321", "title": "Remove Footer Credit <= 1.0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Remove Footer Credit", "slug": "remove-footer-credit", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d97ba75a-278d-4239-bfcf-53b5396fe321?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d97df193-28ed-4961-9d71-00098c0bec45": { "id": "d97df193-28ed-4961-9d71-00098c0bec45", "title": "Ninja Forms Contact Form <= 3.4.24.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 3.4.24.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.24.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.24.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d97df193-28ed-4961-9d71-00098c0bec45?source=api-scan" ], "published": "2020-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d97eb079-5b19-461c-8a80-d00ab45e2bff": { "id": "d97eb079-5b19-461c-8a80-d00ab45e2bff", "title": "my-category-order <= 2.8.7 - SQL Injection", "software": [ { "type": "plugin", "name": "my-category-order", "slug": "my-category-order", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d97eb079-5b19-461c-8a80-d00ab45e2bff?source=api-scan" ], "published": "2009-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d98d1782-a6cc-403a-b0fa-43282daa1136": { "id": "d98d1782-a6cc-403a-b0fa-43282daa1136", "title": "DukaPress <= 2.5.9 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "DukaPress", "slug": "dukapress", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d98d1782-a6cc-403a-b0fa-43282daa1136?source=api-scan" ], "published": "2015-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9906b19-1ac7-4015-adb3-0674dde0331e": { "id": "d9906b19-1ac7-4015-adb3-0674dde0331e", "title": "Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Yoo Slider \u2013 Image Slider & Video Slider", "slug": "yoo-slider", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9906b19-1ac7-4015-adb3-0674dde0331e?source=api-scan" ], "published": "2022-04-11 17:36:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d992a9cf-f24c-4c82-a56b-22394524ba3b": { "id": "d992a9cf-f24c-4c82-a56b-22394524ba3b", "title": "PowerPack Lite for Beaver Builder <= 1.2.9.2 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack Lite for Beaver Builder", "slug": "powerpack-addon-for-beaver-builder", "affected_versions": { "* - 1.2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d992a9cf-f24c-4c82-a56b-22394524ba3b?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9938c7d-ef0d-45a2-900f-ac8bda9ce75a": { "id": "d9938c7d-ef0d-45a2-900f-ac8bda9ce75a", "title": "BookIt <=2.4.0 - Price Bypass", "software": [ { "type": "plugin", "name": "Booking Calendar | Appointment Booking | Bookit", "slug": "bookit", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9938c7d-ef0d-45a2-900f-ac8bda9ce75a?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d99614e6-4543-4594-9a46-71ecc986be45": { "id": "d99614e6-4543-4594-9a46-71ecc986be45", "title": "Wishlist and Compare for WooCommerce <= 1.0.4 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Wishlist and Compare for WooCommerce", "slug": "wishlist-and-compare", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d99614e6-4543-4594-9a46-71ecc986be45?source=api-scan" ], "published": "2021-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d99d7a26-3645-4ff5-8c48-17b6fa77a228": { "id": "d99d7a26-3645-4ff5-8c48-17b6fa77a228", "title": "Responsive Lightbox & Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Lightbox & Gallery", "slug": "responsive-lightbox", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d99d7a26-3645-4ff5-8c48-17b6fa77a228?source=api-scan" ], "published": "2022-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d99dc270-1b28-4e76-9346-38b2b96be01c": { "id": "d99dc270-1b28-4e76-9346-38b2b96be01c", "title": "Simple Page Access Restriction <= 1.0.21 - Improper Access Control to Sensitive Information Exposure via REST API", "software": [ { "type": "plugin", "name": "Simple Page Access Restriction", "slug": "simple-page-access-restriction", "affected_versions": { "* - 1.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d99dc270-1b28-4e76-9346-38b2b96be01c?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d99f81ea-1e74-4b67-a6c5-3dbc7865a68a": { "id": "d99f81ea-1e74-4b67-a6c5-3dbc7865a68a", "title": "WS Form LITE <= 1.9.117 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress", "slug": "ws-form", "affected_versions": { "* - 1.9.117": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.117", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.118" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d99f81ea-1e74-4b67-a6c5-3dbc7865a68a?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d99fe68c-3c0e-4a5a-96c8-de50b7a7e753": { "id": "d99fe68c-3c0e-4a5a-96c8-de50b7a7e753", "title": "Keyword Strategy Internal Links <= 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keyword Strategy Internal Links", "slug": "keyword-strategy-internal-links", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d99fe68c-3c0e-4a5a-96c8-de50b7a7e753?source=api-scan" ], "published": "2014-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9a2ee71-8be5-448b-a052-1d98880ba847": { "id": "d9a2ee71-8be5-448b-a052-1d98880ba847", "title": "WS Contact Form <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WS Contact Form", "slug": "ws-contact-form", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9a2ee71-8be5-448b-a052-1d98880ba847?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9a70e02-fdbc-43ee-9382-101391f363a3": { "id": "d9a70e02-fdbc-43ee-9382-101391f363a3", "title": "Anti-Malware Security and Brute-Force Firewall <= 4.20.93 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anti-Malware Security and Brute-Force Firewall", "slug": "gotmls", "affected_versions": { "[*, 4.20.94)": { "from_version": "*", "from_inclusive": true, "to_version": "4.20.94", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.20.94" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9a70e02-fdbc-43ee-9382-101391f363a3?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9a77b4f-46a3-45d3-bf2b-448584125874": { "id": "d9a77b4f-46a3-45d3-bf2b-448584125874", "title": "Variation Swatches for WooCommerce <= 2.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Variation Swatches for WooCommerce", "slug": "product-variation-swatches-for-woocommerce", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9a77b4f-46a3-45d3-bf2b-448584125874?source=api-scan" ], "published": "2021-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9af12ac-68ef-4c65-aecb-82ce7b927340": { "id": "d9af12ac-68ef-4c65-aecb-82ce7b927340", "title": "Responsive Tabs < 4.0.6 - Authenticated (Contributor+) Content Injection", "software": [ { "type": "plugin", "name": "Responsive Tabs", "slug": "responsive-tabs", "affected_versions": { "[*, 4.0.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9af12ac-68ef-4c65-aecb-82ce7b927340?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9af843e-dcbb-4b09-b131-4e470c006d38": { "id": "d9af843e-dcbb-4b09-b131-4e470c006d38", "title": "Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute", "software": [ { "type": "plugin", "name": "Contextual Related Posts", "slug": "contextual-related-posts", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9af843e-dcbb-4b09-b131-4e470c006d38?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9b1044d-6858-498f-9b89-352650061858": { "id": "d9b1044d-6858-498f-9b89-352650061858", "title": "Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9b1044d-6858-498f-9b89-352650061858?source=api-scan" ], "published": "2024-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9b8e6dc-a9ac-4afb-ad47-4f51032bb1f4": { "id": "d9b8e6dc-a9ac-4afb-ad47-4f51032bb1f4", "title": "Hummingbird <= 3.4.1 - Unauthenticated Path Traversal", "software": [ { "type": "plugin", "name": "Hummingbird Performance \u2013 Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN", "slug": "hummingbird-performance", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9b8e6dc-a9ac-4afb-ad47-4f51032bb1f4?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9bfae23-7b5c-46d8-9d7e-cc261280e223": { "id": "d9bfae23-7b5c-46d8-9d7e-cc261280e223", "title": "Login or Logout Menu Item <= 1.1.1 - Unauthenticated Settings Update", "software": [ { "type": "plugin", "name": "Login or Logout Menu Item", "slug": "login-or-logout-menu-item", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9bfae23-7b5c-46d8-9d7e-cc261280e223?source=api-scan" ], "published": "2019-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9c20584-d791-4788-8dc3-77069b92601f": { "id": "d9c20584-d791-4788-8dc3-77069b92601f", "title": "CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CP Contact Form with PayPal", "slug": "cp-contact-form-with-paypal", "affected_versions": { "* - 1.3.01": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.01", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9c20584-d791-4788-8dc3-77069b92601f?source=api-scan" ], "published": "2019-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9c97745-9fe2-4ae9-b083-0eda9c20ac73": { "id": "d9c97745-9fe2-4ae9-b083-0eda9c20ac73", "title": "Wordpress Simple Share Plugin <= 0.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Share", "slug": "dts-simple-share", "affected_versions": { "* - 0.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9c97745-9fe2-4ae9-b083-0eda9c20ac73?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9cefc8e-9c1c-4b5e-adf8-665b8d4dc774": { "id": "d9cefc8e-9c1c-4b5e-adf8-665b8d4dc774", "title": "TinyMCE Color Picker <= 1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "TinyMCE Color Picker", "slug": "tinymce-colorpicker", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9cefc8e-9c1c-4b5e-adf8-665b8d4dc774?source=api-scan" ], "published": "2014-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9d19571-f0a1-4f15-a292-89b938c49afc": { "id": "d9d19571-f0a1-4f15-a292-89b938c49afc", "title": "Travelpayouts: All Travel Brands in One Place <= 1.1.16 - Open Redirect", "software": [ { "type": "plugin", "name": "Travelpayouts: All Travel Brands in One Place", "slug": "travelpayouts", "affected_versions": { "* - 1.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9d19571-f0a1-4f15-a292-89b938c49afc?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9d37248-d024-4465-a1e6-d8f2d3a2e02f": { "id": "d9d37248-d024-4465-a1e6-d8f2d3a2e02f", "title": "Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9d37248-d024-4465-a1e6-d8f2d3a2e02f?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9d6e168-a768-4062-9ef1-0be9d6c65c51": { "id": "d9d6e168-a768-4062-9ef1-0be9d6c65c51", "title": "RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest", "software": [ { "type": "plugin", "name": "RumbleTalk Live Group Chat \u2013 HTML5", "slug": "rumbletalk-chat-a-chat-with-themes", "affected_versions": { "* - 6.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9d6e168-a768-4062-9ef1-0be9d6c65c51?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9d7dc61-1e28-426b-a9da-3a36134e7821": { "id": "d9d7dc61-1e28-426b-a9da-3a36134e7821", "title": "SCv1 Theme (All Known Versions) - Arbitrary File Download", "software": [ { "type": "theme", "name": "SCv1 Theme", "slug": "SCv1", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9d7dc61-1e28-426b-a9da-3a36134e7821?source=api-scan" ], "published": "2014-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9de41de-f2f7-4b16-8ec9-d30bbd3d8786": { "id": "d9de41de-f2f7-4b16-8ec9-d30bbd3d8786", "title": "Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Dokan Pro", "slug": "dokan-pro", "affected_versions": { "* - 3.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9de41de-f2f7-4b16-8ec9-d30bbd3d8786?source=api-scan" ], "published": "2024-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9df6792-d208-44c9-b04b-00e86d76cbfa": { "id": "d9df6792-d208-44c9-b04b-00e86d76cbfa", "title": "FG PrestaShop to WooCommerce <= 4.45.1 - Unauthenticated Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "FG PrestaShop to WooCommerce", "slug": "fg-prestashop-to-woocommerce", "affected_versions": { "* - 4.45.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.45.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.47.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9df6792-d208-44c9-b04b-00e86d76cbfa?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9e3f310-5a5e-4ca8-806d-9a7aacfaf5ed": { "id": "d9e3f310-5a5e-4ca8-806d-9a7aacfaf5ed", "title": "Ivory Search <= 4.6 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "* - 4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9e3f310-5a5e-4ca8-806d-9a7aacfaf5ed?source=api-scan" ], "published": "2021-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9ed939c-dc9c-46e8-9b23-0a3e5733e8d5": { "id": "d9ed939c-dc9c-46e8-9b23-0a3e5733e8d5", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.12.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9ed939c-dc9c-46e8-9b23-0a3e5733e8d5?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9f060bd-029a-462e-b308-8366e82be383": { "id": "d9f060bd-029a-462e-b308-8366e82be383", "title": "Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "[*, 6.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9f060bd-029a-462e-b308-8366e82be383?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9f1719c-ef66-4c68-b25c-175c99938e7a": { "id": "d9f1719c-ef66-4c68-b25c-175c99938e7a", "title": "Telefication <= 1.8.0 - Open Relay and Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Telefication", "slug": "telefication", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9f1719c-ef66-4c68-b25c-175c99938e7a?source=api-scan" ], "published": "2021-09-21 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9f6b600-a35a-49c2-8758-a7cc5c00e947": { "id": "d9f6b600-a35a-49c2-8758-a7cc5c00e947", "title": "Customizr <= 4.3.0 - Cross-Site Request Forgery Bypass", "software": [ { "type": "theme", "name": "Customizr", "slug": "customizr", "affected_versions": { "* - 4.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9f6b600-a35a-49c2-8758-a7cc5c00e947?source=api-scan" ], "published": "2020-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9f6b761-9c4b-4dcc-885d-9a5b4e8e534d": { "id": "d9f6b761-9c4b-4dcc-885d-9a5b4e8e534d", "title": "AI Engine <= 2.5.0 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9f6b761-9c4b-4dcc-885d-9a5b4e8e534d?source=api-scan" ], "published": "2024-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9f6ef14-dc04-46da-b2fc-e84b91153bfe": { "id": "d9f6ef14-dc04-46da-b2fc-e84b91153bfe", "title": "ShiftThis (Unspecified Version) - SQL Injection", "software": [ { "type": "plugin", "name": "ShiftThis", "slug": "st_newsletter", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9f6ef14-dc04-46da-b2fc-e84b91153bfe?source=api-scan" ], "published": "2008-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9f7130d-883a-4db4-9edf-f5526724de11": { "id": "d9f7130d-883a-4db4-9edf-f5526724de11", "title": "MakeStories (for Google Web Stories) <= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options'", "software": [ { "type": "plugin", "name": "MakeStories (for Google Web Stories)", "slug": "makestories-helper", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9f7130d-883a-4db4-9edf-f5526724de11?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9f7f66f-5d58-4a23-8444-805569ec8294": { "id": "d9f7f66f-5d58-4a23-8444-805569ec8294", "title": "Church Content \u2013 Sermons, Events and More <= 2.6 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Church Content \u2013 Sermons, Events and More", "slug": "church-theme-content", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9f7f66f-5d58-4a23-8444-805569ec8294?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9fbd7ee-cfd0-4621-9eb9-df0202657ce9": { "id": "d9fbd7ee-cfd0-4621-9eb9-df0202657ce9", "title": "Crelly Slider <= 1.3.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Crelly Slider", "slug": "crelly-slider", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9fbd7ee-cfd0-4621-9eb9-df0202657ce9?source=api-scan" ], "published": "2019-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "d9fe53e3-1916-4de2-91a6-83e823fc6e91": { "id": "d9fe53e3-1916-4de2-91a6-83e823fc6e91", "title": "Automatically Hierarchic Categories in Menu <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Automatically Hierarchic Categories in Menu", "slug": "automatically-hierarchic-categories-in-menu", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/d9fe53e3-1916-4de2-91a6-83e823fc6e91?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da025593-ad11-4a48-97e1-d31c6f0e62ea": { "id": "da025593-ad11-4a48-97e1-d31c6f0e62ea", "title": "Breezing Forms <= 1.2.7.30 - SQL Injection", "software": [ { "type": "plugin", "name": "Breezing Forms", "slug": "breezing-forms", "affected_versions": { "* - 1.2.7.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da025593-ad11-4a48-97e1-d31c6f0e62ea?source=api-scan" ], "published": "2015-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da082107-1c71-4d18-a864-986807568de9": { "id": "da082107-1c71-4d18-a864-986807568de9", "title": "Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "[*, 2.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da082107-1c71-4d18-a864-986807568de9?source=api-scan" ], "published": "2017-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da0950ad-4d6c-46fe-83c9-c14653fe9f1f": { "id": "da0950ad-4d6c-46fe-83c9-c14653fe9f1f", "title": "Backup Scheduler <= 1.5.13 - Missing Authorization to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Backup Scheduler", "slug": "backup-scheduler", "affected_versions": { "* - 1.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da0950ad-4d6c-46fe-83c9-c14653fe9f1f?source=api-scan" ], "published": "2022-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da09b158-3626-455b-b3bc-b1109d0fab2e": { "id": "da09b158-3626-455b-b3bc-b1109d0fab2e", "title": "Advanced Category Template <= 0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Category Template", "slug": "advanced-category-template", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da09b158-3626-455b-b3bc-b1109d0fab2e?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da0c91e5-d9dc-413a-95f6-9e2fc6746ec0": { "id": "da0c91e5-d9dc-413a-95f6-9e2fc6746ec0", "title": "WPML <= 3.1.9 - Arbitrary Deletion of Content", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da0c91e5-d9dc-413a-95f6-9e2fc6746ec0?source=api-scan" ], "published": "2015-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da11abe7-49fa-496b-bcd7-c666eef63896": { "id": "da11abe7-49fa-496b-bcd7-c666eef63896", "title": "What's New Generator <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "What's New Generator", "slug": "whats-new-genarator", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da11abe7-49fa-496b-bcd7-c666eef63896?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da15614b-6619-4ccb-93eb-12923910fb41": { "id": "da15614b-6619-4ccb-93eb-12923910fb41", "title": "Click to top <= 1.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Click to top", "slug": "click-to-top", "affected_versions": { "[*, 1.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da15614b-6619-4ccb-93eb-12923910fb41?source=api-scan" ], "published": "2020-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da1d37f5-45d5-4775-a217-24fdb3b53da7": { "id": "da1d37f5-45d5-4775-a217-24fdb3b53da7", "title": "Plugmatter Optin Feature Box < 2.0.14 - SQL Injection", "software": [ { "type": "plugin", "name": "Plugmatter Optin Feature Box", "slug": "plugmatter-optin-feature-box-lite", "affected_versions": { "[*, 2.0.14)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da1d37f5-45d5-4775-a217-24fdb3b53da7?source=api-scan" ], "published": "2015-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da1f68a5-8ca7-4744-9b73-09e767072885": { "id": "da1f68a5-8ca7-4744-9b73-09e767072885", "title": "Products & Order Export for WooCommerce <= 2.0.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Products, Order & Customers Export for WooCommerce", "slug": "export-woocommerce", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da1f68a5-8ca7-4744-9b73-09e767072885?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da2050ea-70b3-476d-841f-021c3baddf35": { "id": "da2050ea-70b3-476d-841f-021c3baddf35", "title": "Flamix: Bitrix24 and Contact Form 7 integrations <= 3.1.0 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Flamix: Bitrix24 and Contact Form 7 integrations", "slug": "flamix-bitrix24-and-contact-forms-7-integrations", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da2050ea-70b3-476d-841f-021c3baddf35?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da24aad2-ae6b-411e-a229-0df585215731": { "id": "da24aad2-ae6b-411e-a229-0df585215731", "title": "Limit Login Attempts (Spam Protection) <= 2.8 - Missing Authorization to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Limit Login Attempts (Spam Protection)", "slug": "wp-limit-failed-login-attempts", "affected_versions": { "[*, 2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da24aad2-ae6b-411e-a229-0df585215731?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da2b7267-936b-4011-af42-210885d5dbb9": { "id": "da2b7267-936b-4011-af42-210885d5dbb9", "title": "Posts reminder <= 0.20 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Posts reminder", "slug": "posts-reminder", "affected_versions": { "* - 0.20": { "from_version": "*", "from_inclusive": true, "to_version": "0.20", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da2b7267-936b-4011-af42-210885d5dbb9?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da2d8494-aea3-4a1e-9eca-946c0bd390cd": { "id": "da2d8494-aea3-4a1e-9eca-946c0bd390cd", "title": "WP Video Lightbox <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter", "software": [ { "type": "plugin", "name": "WP Video Lightbox", "slug": "wp-video-lightbox", "affected_versions": { "* - 1.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da2d8494-aea3-4a1e-9eca-946c0bd390cd?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da3070aa-fae8-465a-95e5-ae92dcd89f66": { "id": "da3070aa-fae8-465a-95e5-ae92dcd89f66", "title": "Microsoft Clarity <= 0.3 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Microsoft Clarity", "slug": "microsoft-clarity", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da3070aa-fae8-465a-95e5-ae92dcd89f66?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da308b0c-a892-4bd7-b242-3bbf9ad709ad": { "id": "da308b0c-a892-4bd7-b242-3bbf9ad709ad", "title": "Roseta <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Roseta", "slug": "roseta", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da308b0c-a892-4bd7-b242-3bbf9ad709ad?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da36ba83-490e-4c9d-8a34-c5c79392a09a": { "id": "da36ba83-490e-4c9d-8a34-c5c79392a09a", "title": "MStore API <= 3.9.7 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da36ba83-490e-4c9d-8a34-c5c79392a09a?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da4592b6-5e84-4a89-9ade-6cc227740d32": { "id": "da4592b6-5e84-4a89-9ade-6cc227740d32", "title": "Sell Media <= 2.5.5 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Sell Media", "slug": "sell-media", "affected_versions": { "* - 2.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da4592b6-5e84-4a89-9ade-6cc227740d32?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da4684b8-20f6-4dc1-8f29-d79f64ccb9d8": { "id": "da4684b8-20f6-4dc1-8f29-d79f64ccb9d8", "title": "Contractor Contact Form Website to Workflow Tool <= 4.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contractor Contact Form Website to Workflow Tool", "slug": "contractor-contact-form-website-to-workflow-tool", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da4684b8-20f6-4dc1-8f29-d79f64ccb9d8?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da4f5af6-61b2-4983-9096-66f6ff7fc060": { "id": "da4f5af6-61b2-4983-9096-66f6ff7fc060", "title": "Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Analytics for WP", "slug": "analytics-for-wp", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da4f5af6-61b2-4983-9096-66f6ff7fc060?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da4f81c5-c796-4052-ac1a-007a1e8f5a50": { "id": "da4f81c5-c796-4052-ac1a-007a1e8f5a50", "title": "Form \u2013 Contact Form <= 1.2.0 - Administrator+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form \u2013 Contact Form", "slug": "form-forms", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da4f81c5-c796-4052-ac1a-007a1e8f5a50?source=api-scan" ], "published": "2022-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da51b3ef-b12f-4af0-90b7-1ea61595b661": { "id": "da51b3ef-b12f-4af0-90b7-1ea61595b661", "title": "Documentor \u2013 Create Product Documentation <= 1.5.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Documentor \u2013 Create Product Documentation", "slug": "documentor-lite", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da51b3ef-b12f-4af0-90b7-1ea61595b661?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da550fd7-3c1a-4b07-afc0-2366e0f5cccd": { "id": "da550fd7-3c1a-4b07-afc0-2366e0f5cccd", "title": "WP Like Button <= 1.7.0 - Missing Authorization via crublabFBLBAjax", "software": [ { "type": "plugin", "name": "WP Like Button", "slug": "wp-like-button", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da550fd7-3c1a-4b07-afc0-2366e0f5cccd?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da5b700c-ec1f-4803-8165-581382cef482": { "id": "da5b700c-ec1f-4803-8165-581382cef482", "title": "Social Auto Poster <= 5.3.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Auto Poster", "slug": "social-auto-poster", "affected_versions": { "* - 5.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da5b700c-ec1f-4803-8165-581382cef482?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da5ba18a-97ec-42c5-a7c4-ca38611c1fcd": { "id": "da5ba18a-97ec-42c5-a7c4-ca38611c1fcd", "title": "Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Student Results", "slug": "easy-student-results", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da5ba18a-97ec-42c5-a7c4-ca38611c1fcd?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da6dcf5c-bb70-4227-a784-55cf28980308": { "id": "da6dcf5c-bb70-4227-a784-55cf28980308", "title": "Sina Extension for Elementor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "* - 3.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da6dcf5c-bb70-4227-a784-55cf28980308?source=api-scan" ], "published": "2024-07-01 20:25:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da6eb803-3e2a-4ff1-9b93-6f109e8d0714": { "id": "da6eb803-3e2a-4ff1-9b93-6f109e8d0714", "title": "RSVPMaker <= 7.8.1 - Unauthenticated SQL Injection via 'event_count'", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "[*, 7.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da6eb803-3e2a-4ff1-9b93-6f109e8d0714?source=api-scan" ], "published": "2020-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da760bcf-b252-4b88-9f54-af0a097e3295": { "id": "da760bcf-b252-4b88-9f54-af0a097e3295", "title": "WordPress Core <= 0.70 - Remote File Inclusion", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 0.70": { "from_version": "*", "from_inclusive": true, "to_version": "0.70", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da760bcf-b252-4b88-9f54-af0a097e3295?source=api-scan" ], "published": "2003-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da76d034-3e9a-4f3f-a314-48e776028369": { "id": "da76d034-3e9a-4f3f-a314-48e776028369", "title": "Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice", "software": [ { "type": "plugin", "name": "Sunshine Photo Cart: Free Client Photo Galleries for Photographers", "slug": "sunshine-photo-cart", "affected_versions": { "* - 3.0.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da76d034-3e9a-4f3f-a314-48e776028369?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da807a8d-56de-494d-9f8a-9f749ab6c90e": { "id": "da807a8d-56de-494d-9f8a-9f749ab6c90e", "title": "Neosense - Multipurpose WordPress Theme | WordPress < 1.8 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Neosense - Multipurpose WordPress Theme | WordPress", "slug": "neosense", "affected_versions": { "[*, 1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da807a8d-56de-494d-9f8a-9f749ab6c90e?source=api-scan" ], "published": "2016-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da81c849-fc85-4794-a79f-fcc3ef6a3bbc": { "id": "da81c849-fc85-4794-a79f-fcc3ef6a3bbc", "title": "WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce EnvioPack", "slug": "woo-enviopack", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da81c849-fc85-4794-a79f-fcc3ef6a3bbc?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da848ced-acc4-48bc-8fbe-e90cdd53b3e8": { "id": "da848ced-acc4-48bc-8fbe-e90cdd53b3e8", "title": "User Submitted Posts < 20160215 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "slug": "user-submitted-posts", "affected_versions": { "[*, 20160215)": { "from_version": "*", "from_inclusive": true, "to_version": "20160215", "to_inclusive": false } }, "patched": true, "patched_versions": [ "20160215" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da848ced-acc4-48bc-8fbe-e90cdd53b3e8?source=api-scan" ], "published": "2016-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da86c6e0-2cff-4aca-b440-ef3fc1f61324": { "id": "da86c6e0-2cff-4aca-b440-ef3fc1f61324", "title": "amr shortcode any widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "amr shortcode any widget", "slug": "amr-shortcode-any-widget", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da86c6e0-2cff-4aca-b440-ef3fc1f61324?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da89e8f9-3843-4d72-92b2-cd2f717510cd": { "id": "da89e8f9-3843-4d72-92b2-cd2f717510cd", "title": "ShareThis Dashboard for Google Analytics <= 2.5.1 - Reflected Cross-Site Scripting via ga_action parameter", "software": [ { "type": "plugin", "name": "ShareThis Dashboard for Google Analytics", "slug": "googleanalytics", "affected_versions": { "[*, 2.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da89e8f9-3843-4d72-92b2-cd2f717510cd?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da8af540-1623-42f2-a8af-4d3cadf1f5d0": { "id": "da8af540-1623-42f2-a8af-4d3cadf1f5d0", "title": "Woocommerce Products Price Bulk Edit <= 2.0 - Cross-Site Scripting via show_products_page_limit parameter", "software": [ { "type": "plugin", "name": "Woocommerce Products Price Bulk Edit", "slug": "mq-woocommerce-products-price-bulk-edit", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da8af540-1623-42f2-a8af-4d3cadf1f5d0?source=api-scan" ], "published": "2019-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da8d1659-c532-4020-be16-527c1437952a": { "id": "da8d1659-c532-4020-be16-527c1437952a", "title": "WordPress Core < 4.6 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da8d1659-c532-4020-be16-527c1437952a?source=api-scan" ], "published": "2016-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da8dd02f-0d9f-44a2-bcad-1e392668dd67": { "id": "da8dd02f-0d9f-44a2-bcad-1e392668dd67", "title": "Service Area Postcode Checker <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Service Area Postcode Checker", "slug": "service-area-postcode-checker", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da8dd02f-0d9f-44a2-bcad-1e392668dd67?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da94a7dc-f666-44fd-9f76-e610cbd2b610": { "id": "da94a7dc-f666-44fd-9f76-e610cbd2b610", "title": "Easy Digital Downloads <= 3.1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da94a7dc-f666-44fd-9f76-e610cbd2b610?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da95086a-6ae2-4b4d-8312-78e3800ded7f": { "id": "da95086a-6ae2-4b4d-8312-78e3800ded7f", "title": "FeedWordPress < 2015.0514 - SQL Injection", "software": [ { "type": "plugin", "name": "FeedWordPress", "slug": "feedwordpress", "affected_versions": { "[*, 2015.0514)": { "from_version": "*", "from_inclusive": true, "to_version": "2015.0514", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2015.0514" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da95086a-6ae2-4b4d-8312-78e3800ded7f?source=api-scan" ], "published": "2015-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da95e282-54b9-4296-99f3-9187c04dcaac": { "id": "da95e282-54b9-4296-99f3-9187c04dcaac", "title": "Leaflet Maps Marker Pro < 1.5.8 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker Pro", "slug": "leaflet-maps-marker-pro", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da95e282-54b9-4296-99f3-9187c04dcaac?source=api-scan" ], "published": "2014-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da9b1132-fb02-443d-8d56-9e89658aad89": { "id": "da9b1132-fb02-443d-8d56-9e89658aad89", "title": "underConstruction <= 1.19 - Cross-Site Request Forgery to Construction Mode Disabled", "software": [ { "type": "plugin", "name": "underConstruction", "slug": "underconstruction", "affected_versions": { "[*, 1.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da9b1132-fb02-443d-8d56-9e89658aad89?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "da9e3db0-9cbf-4b1a-bdaa-d5d86be744af": { "id": "da9e3db0-9cbf-4b1a-bdaa-d5d86be744af", "title": "Simple File List <= 4.4.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 4.4.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/da9e3db0-9cbf-4b1a-bdaa-d5d86be744af?source=api-scan" ], "published": "2022-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daa30370-0d11-45b7-8ca3-b2a3b9046127": { "id": "daa30370-0d11-45b7-8ca3-b2a3b9046127", "title": "NitroPack <= 1.10.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "NitroPack \u2013 Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN", "slug": "nitropack", "affected_versions": { "* - 1.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daa30370-0d11-45b7-8ca3-b2a3b9046127?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daa30b1b-cb8f-43fd-8329-c64b4024408f": { "id": "daa30b1b-cb8f-43fd-8329-c64b4024408f", "title": "Stackable \u2013 Page Builder Gutenberg Blocks <= 3.12.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Posts Block", "software": [ { "type": "plugin", "name": "Stackable \u2013 Page Builder Gutenberg Blocks", "slug": "stackable-ultimate-gutenberg-blocks", "affected_versions": { "* - 3.12.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daa30b1b-cb8f-43fd-8329-c64b4024408f?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daa48b64-6f89-40be-a31f-31d1481dfc91": { "id": "daa48b64-6f89-40be-a31f-31d1481dfc91", "title": "Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name", "software": [ { "type": "plugin", "name": "Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager", "slug": "folders", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daa48b64-6f89-40be-a31f-31d1481dfc91?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daa9abc2-310f-4bd9-9b88-d6f3024ab5f1": { "id": "daa9abc2-310f-4bd9-9b88-d6f3024ab5f1", "title": "Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Psychological tests & quizzes", "slug": "wp-testing", "affected_versions": { "* - 0.21.19": { "from_version": "*", "from_inclusive": true, "to_version": "0.21.19", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daa9abc2-310f-4bd9-9b88-d6f3024ab5f1?source=api-scan" ], "published": "2022-04-26 07:49:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daaa6507-cd8a-40c9-95af-34cc96551417": { "id": "daaa6507-cd8a-40c9-95af-34cc96551417", "title": "Tweet Wheel <= 0.2 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Tweet Wheel", "slug": "tweet-wheel", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daaa6507-cd8a-40c9-95af-34cc96551417?source=api-scan" ], "published": "2015-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daac4d63-3789-4262-9b06-aadb4ca1f01e": { "id": "daac4d63-3789-4262-9b06-aadb4ca1f01e", "title": "Groundhogg <= 3.4.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 3.4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daac4d63-3789-4262-9b06-aadb4ca1f01e?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dab0ddfb-6e30-4bde-95fb-90570579ff04": { "id": "dab0ddfb-6e30-4bde-95fb-90570579ff04", "title": "WordPress Core <= 2.0.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dab0ddfb-6e30-4bde-95fb-90570579ff04?source=api-scan" ], "published": "2006-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dab3786b-1f8e-428c-afee-afd3e43f40ba": { "id": "dab3786b-1f8e-428c-afee-afd3e43f40ba", "title": "Security Audit <= 1.0.0 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Security Audit", "slug": "titan-labs-security-audit", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dab3786b-1f8e-428c-afee-afd3e43f40ba?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dab7e451-f2ea-4f41-8e38-a2a983ccb18b": { "id": "dab7e451-f2ea-4f41-8e38-a2a983ccb18b", "title": "File Manager <= 6.8 - Arbitrary File Upload\/Remote Code Execution", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dab7e451-f2ea-4f41-8e38-a2a983ccb18b?source=api-scan" ], "published": "2020-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dabc2ae0-6005-4287-b1b0-385bc6d5c467": { "id": "dabc2ae0-6005-4287-b1b0-385bc6d5c467", "title": "WP-Members Membership <= 3.4.7.3 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP-Members Membership Plugin", "slug": "wp-members", "affected_versions": { "* - 3.4.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dabc2ae0-6005-4287-b1b0-385bc6d5c467?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dabd12b9-c07d-4a5d-bec3-905b90ff0dbf": { "id": "dabd12b9-c07d-4a5d-bec3-905b90ff0dbf", "title": "Fontsy <= 1.8.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Fontsy", "slug": "fontsy", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dabd12b9-c07d-4a5d-bec3-905b90ff0dbf?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dac38b2e-4d38-4b16-b6a1-ed3c0561e7c2": { "id": "dac38b2e-4d38-4b16-b6a1-ed3c0561e7c2", "title": "WPtouch < 1.9.30 - Open Redirect", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "[*, 1.9.30)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dac38b2e-4d38-4b16-b6a1-ed3c0561e7c2?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dac658b5-4253-4095-9fda-4d3cdc7f7e2e": { "id": "dac658b5-4253-4095-9fda-4d3cdc7f7e2e", "title": "CDN Vote < 0.4.2 - SQL Injection", "software": [ { "type": "plugin", "name": "CDN Vote", "slug": "cdnvote", "affected_versions": { "[*, 0.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dac658b5-4253-4095-9fda-4d3cdc7f7e2e?source=api-scan" ], "published": "2011-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dac9e21b-b229-4e19-90cd-2748862047cf": { "id": "dac9e21b-b229-4e19-90cd-2748862047cf", "title": "Gum Elementor Addon <= 1.3.5 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gum Elementor Addon", "slug": "gum-elementor-addon", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dac9e21b-b229-4e19-90cd-2748862047cf?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dacfba3e-c1d7-475c-885b-f77b77a65f91": { "id": "dacfba3e-c1d7-475c-885b-f77b77a65f91", "title": "Keyword Rank Tracker <= 1.0.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keyword Rank Tracker", "slug": "serp-rank", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dacfba3e-c1d7-475c-885b-f77b77a65f91?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dad12b10-2e04-4bc2-b5ad-c00cb287e456": { "id": "dad12b10-2e04-4bc2-b5ad-c00cb287e456", "title": "WDS Multisite Aggregate <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WDS Multisite Aggregate", "slug": "wds-multisite-aggregate", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dad12b10-2e04-4bc2-b5ad-c00cb287e456?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dad27b29-d106-44f2-9b88-6cce0c0cf4a5": { "id": "dad27b29-d106-44f2-9b88-6cce0c0cf4a5", "title": "WPtouch <= 4.3.44 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "* - 4.3.44": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dad27b29-d106-44f2-9b88-6cce0c0cf4a5?source=api-scan" ], "published": "2022-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dad288b3-e599-460d-9b99-3bce04489557": { "id": "dad288b3-e599-460d-9b99-3bce04489557", "title": "RD Station <= 5.2.0 - Cross-Site Request Forgery to Plugin Settings Update", "software": [ { "type": "plugin", "name": "RD Station", "slug": "integracao-rd-station", "affected_versions": { "* - 5.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dad288b3-e599-460d-9b99-3bce04489557?source=api-scan" ], "published": "2022-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dad7078d-16bf-4ca9-9a59-7b8374a1b49e": { "id": "dad7078d-16bf-4ca9-9a59-7b8374a1b49e", "title": "mgl-instagram-gallery Plugin (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "mgl-instagram-gallery", "slug": "mgl-instagram-gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dad7078d-16bf-4ca9-9a59-7b8374a1b49e?source=api-scan" ], "published": "2017-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dad9b612-5575-4e64-a1b3-52a2cf3f05a7": { "id": "dad9b612-5575-4e64-a1b3-52a2cf3f05a7", "title": "NotifyVisitors <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Free WordPress Lead Generation Opt in, Free Popups, Generated Lead Email Popup, Exit-Intent Popup \u2013 NotifyVisitors", "slug": "notifyvisitors-lead-form", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dad9b612-5575-4e64-a1b3-52a2cf3f05a7?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dadb6bf5-dbbd-4afb-8783-f6880dec2cbf": { "id": "dadb6bf5-dbbd-4afb-8783-f6880dec2cbf", "title": "Elegant Custom Fonts <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Elegant Custom Fonts", "slug": "elegant-custom-fonts", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dadb6bf5-dbbd-4afb-8783-f6880dec2cbf?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dadfc9c5-79cb-4e43-bf27-8a7f059190e3": { "id": "dadfc9c5-79cb-4e43-bf27-8a7f059190e3", "title": "Animate It <= 2.3.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Animate It!", "slug": "animate-it", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dadfc9c5-79cb-4e43-bf27-8a7f059190e3?source=api-scan" ], "published": "2019-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dae2d028-6976-468a-9e93-ec712887d657": { "id": "dae2d028-6976-468a-9e93-ec712887d657", "title": "LionScripts: IP Blocker Lite <= 10.4 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "LionScripts: IP Blocker Lite", "slug": "ip-address-blocker", "affected_versions": { "* - 10.4": { "from_version": "*", "from_inclusive": true, "to_version": "10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dae2d028-6976-468a-9e93-ec712887d657?source=api-scan" ], "published": "2019-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daeb24e0-7f3f-472f-aee5-be42e374aa52": { "id": "daeb24e0-7f3f-472f-aee5-be42e374aa52", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daeb24e0-7f3f-472f-aee5-be42e374aa52?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daedec14-6177-43c7-89d4-a39c13d94ca4": { "id": "daedec14-6177-43c7-89d4-a39c13d94ca4", "title": "LMS by LifterLMS <= 4.21.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes", "slug": "lifterlms", "affected_versions": { "[*, 4.21.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.21.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.21.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daedec14-6177-43c7-89d4-a39c13d94ca4?source=api-scan" ], "published": "2021-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "daf6b0d5-79a6-4b8f-924e-9e78cb2b5742": { "id": "daf6b0d5-79a6-4b8f-924e-9e78cb2b5742", "title": "HUSKY \u2013 Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/daf6b0d5-79a6-4b8f-924e-9e78cb2b5742?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dafc355c-18e7-4312-bd16-8ef65ad54dad": { "id": "dafc355c-18e7-4312-bd16-8ef65ad54dad", "title": "Schema Pro <= 2.7.15 - Authenticated (Contributor+) Custom Field Access", "software": [ { "type": "plugin", "name": "Schema Pro", "slug": "wp-schema-pro", "affected_versions": { "* - 2.7.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dafc355c-18e7-4312-bd16-8ef65ad54dad?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dafd1821-1f37-4193-b4bf-19a3d2d15946": { "id": "dafd1821-1f37-4193-b4bf-19a3d2d15946", "title": "Tag Miner (Automatic Tag Extraction) < 1.1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tag Miner (Automatic Tag Extraction)", "slug": "fossura-tag-miner", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dafd1821-1f37-4193-b4bf-19a3d2d15946?source=api-scan" ], "published": "2015-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db0508dd-143f-4674-8193-d46967d2799f": { "id": "db0508dd-143f-4674-8193-d46967d2799f", "title": "Legal Pages <= 1.3.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Legal Pages \u2013 Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator", "slug": "legal-pages", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db0508dd-143f-4674-8193-d46967d2799f?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db0feb49-35c3-4bb1-9ec9-2b5bdbb28189": { "id": "db0feb49-35c3-4bb1-9ec9-2b5bdbb28189", "title": "Blessing Premium Responsive WordPress Theme < 1.3.2.1 - Sensitive Information Disclosure", "software": [ { "type": "theme", "name": "Blessing Premium Responsive WordPress Theme", "slug": "blessing", "affected_versions": { "[*, 1.3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db0feb49-35c3-4bb1-9ec9-2b5bdbb28189?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db12f986-580e-4e81-8bd2-124393e5d21b": { "id": "db12f986-580e-4e81-8bd2-124393e5d21b", "title": "Typing Effect <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Typing Effect", "slug": "animated-typing-effect", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db12f986-580e-4e81-8bd2-124393e5d21b?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db14b141-521b-464d-a638-2228b1a86c2b": { "id": "db14b141-521b-464d-a638-2228b1a86c2b", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email'", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.112": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.112", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.113" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db14b141-521b-464d-a638-2228b1a86c2b?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db15295f-505f-4a0a-bb3a-3ff6daf73008": { "id": "db15295f-505f-4a0a-bb3a-3ff6daf73008", "title": "Conditional Payments for WooCommerce <= 2.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Conditional Payments for WooCommerce", "slug": "conditional-payments-for-woocommerce", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db15295f-505f-4a0a-bb3a-3ff6daf73008?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db18ac07-2e7a-466d-b00c-a598401f8633": { "id": "db18ac07-2e7a-466d-b00c-a598401f8633", "title": "Website Optimization \u2013 Plerdy <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Website Optimization \u2013 Plerdy", "slug": "plerdy-heatmap", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db18ac07-2e7a-466d-b00c-a598401f8633?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db1bad2e-55df-40c5-9a3f-651858a19b42": { "id": "db1bad2e-55df-40c5-9a3f-651858a19b42", "title": "WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Import CSV or XML Datafeed With Ease", "slug": "wp-ultimate-csv-importer", "affected_versions": { "* - 7.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db1bad2e-55df-40c5-9a3f-651858a19b42?source=api-scan" ], "published": "2023-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db1bb11d-4752-42d0-b538-2d2a4c827226": { "id": "db1bb11d-4752-42d0-b538-2d2a4c827226", "title": "ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "* - 4.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db1bb11d-4752-42d0-b538-2d2a4c827226?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db25e8f7-07f2-470e-850e-b8cd3388baea": { "id": "db25e8f7-07f2-470e-850e-b8cd3388baea", "title": "Car Dealer <= 4.15 - Authenticated (Admin+) Content Injection", "software": [ { "type": "plugin", "name": "Car Dealer (Dealership) and Vehicle sales", "slug": "cardealer", "affected_versions": { "* - 4.15": { "from_version": "*", "from_inclusive": true, "to_version": "4.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db25e8f7-07f2-470e-850e-b8cd3388baea?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db2915ca-610a-42a9-a4f8-d15729091cd6": { "id": "db2915ca-610a-42a9-a4f8-d15729091cd6", "title": "More From Google <= 0.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "More from Google", "slug": "more-from-google", "affected_versions": { "* - 0.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db2915ca-610a-42a9-a4f8-d15729091cd6?source=api-scan" ], "published": "2021-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db29f17d-1d2b-4f78-a78d-1579e2a5d975": { "id": "db29f17d-1d2b-4f78-a78d-1579e2a5d975", "title": "10WebAnalytics <= 1.2.8 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "10WebAnalytics", "slug": "wd-google-analytics", "affected_versions": { "[*, 1.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db29f17d-1d2b-4f78-a78d-1579e2a5d975?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db2a0b6f-5629-4ebe-8431-ebb3bc583e31": { "id": "db2a0b6f-5629-4ebe-8431-ebb3bc583e31", "title": "WordPress Popular Posts <= 5.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Popular Posts", "slug": "wordpress-popular-posts", "affected_versions": { "* - 5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db2a0b6f-5629-4ebe-8431-ebb3bc583e31?source=api-scan" ], "published": "2022-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db2a2ca9-a12c-412d-80f7-66f1dc3e09af": { "id": "db2a2ca9-a12c-412d-80f7-66f1dc3e09af", "title": "Newsletter <= 3.8.2 - Open Redirect", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db2a2ca9-a12c-412d-80f7-66f1dc3e09af?source=api-scan" ], "published": "2015-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db2a9f84-2696-42a5-961c-3c69e64a6d42": { "id": "db2a9f84-2696-42a5-961c-3c69e64a6d42", "title": "Persian WooCommerce <= 7.1.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "\u0648\u0648\u06a9\u0627\u0645\u0631\u0633 \u0641\u0627\u0631\u0633\u06cc", "slug": "persian-woocommerce", "affected_versions": { "* - 7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db2a9f84-2696-42a5-961c-3c69e64a6d42?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db2d5cc4-70e9-4512-8004-b6735c2c3ee1": { "id": "db2d5cc4-70e9-4512-8004-b6735c2c3ee1", "title": "Responsive Logo Slideshow < 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Logo Slideshow", "slug": "responsive-logo-slideshow", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db2d5cc4-70e9-4512-8004-b6735c2c3ee1?source=api-scan" ], "published": "2013-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db30acd7-ce51-45d9-8ff0-6ceea8237a8c": { "id": "db30acd7-ce51-45d9-8ff0-6ceea8237a8c", "title": "Ultimate Reviews < 2.1.33 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Ultimate Reviews", "slug": "ultimate-reviews", "affected_versions": { "[*, 2.1.33)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=api-scan" ], "published": "2020-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db3594df-8f24-4e24-b960-b13e5bca966e": { "id": "db3594df-8f24-4e24-b960-b13e5bca966e", "title": "Modular <= 2.4 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Modular", "slug": "modular", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db3594df-8f24-4e24-b960-b13e5bca966e?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db3724bf-35bb-4e28-b5e2-1bbc96adc7b6": { "id": "db3724bf-35bb-4e28-b5e2-1bbc96adc7b6", "title": "WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'action=confirmaction'", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db3724bf-35bb-4e28-b5e2-1bbc96adc7b6?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db3a9106-2d90-44fe-a86b-9ea882f56eb4": { "id": "db3a9106-2d90-44fe-a86b-9ea882f56eb4", "title": "Contextual Adminbar Color <= 0.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contextual Adminbar Color", "slug": "contextual-adminbar-color", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db3a9106-2d90-44fe-a86b-9ea882f56eb4?source=api-scan" ], "published": "2020-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db3b206d-16c5-48fb-800d-d017a0c76630": { "id": "db3b206d-16c5-48fb-800d-d017a0c76630", "title": "Ultimate Member <= 2.1.6 - Open Redirect", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db3b206d-16c5-48fb-800d-d017a0c76630?source=api-scan" ], "published": "2020-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db4616f7-e685-4dc7-947c-23c378a9bdd6": { "id": "db4616f7-e685-4dc7-947c-23c378a9bdd6", "title": "Sina Extension for Elementor <= 3.5.1 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db4616f7-e685-4dc7-947c-23c378a9bdd6?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db484c8a-e46d-457b-b634-28d823ff2120": { "id": "db484c8a-e46d-457b-b634-28d823ff2120", "title": "Advanced Database Cleaner <= 3.0.1 - SQL injection", "software": [ { "type": "plugin", "name": "Advanced Database Cleaner", "slug": "advanced-database-cleaner", "affected_versions": { "[*, 3.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db484c8a-e46d-457b-b634-28d823ff2120?source=api-scan" ], "published": "2020-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db48a271-e649-4dbe-901b-aa55eba9123b": { "id": "db48a271-e649-4dbe-901b-aa55eba9123b", "title": "Photo Gallery by Ays <= 5.1.3 - Reflected Cross-Site Scripting via ays_gpg_settings_tab", "software": [ { "type": "plugin", "name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", "slug": "gallery-photo-gallery", "affected_versions": { "* - 5.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db48a271-e649-4dbe-901b-aa55eba9123b?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db4b6c65-f6e2-46de-81d7-a31541d0a67a": { "id": "db4b6c65-f6e2-46de-81d7-a31541d0a67a", "title": "Tainacan <= 0.20.6 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.20.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.20.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.20.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db4b6c65-f6e2-46de-81d7-a31541d0a67a?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db4b92ba-b98f-4e9d-bd1e-75bf89d83977": { "id": "db4b92ba-b98f-4e9d-bd1e-75bf89d83977", "title": "SVGator \u2013 Add Animated SVG Easily <= 1.2.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SVGator \u2013 Add Animated SVG Easily", "slug": "svgator", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db4b92ba-b98f-4e9d-bd1e-75bf89d83977?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db4dbbbe-1edb-47a6-8d11-8a019e05dfae": { "id": "db4dbbbe-1edb-47a6-8d11-8a019e05dfae", "title": "Freshmail for WordPress <= 1.5.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Freshmail for WordPress", "slug": "freshmail-newsletter", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db4dbbbe-1edb-47a6-8d11-8a019e05dfae?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db5247ad-dbbf-4d8e-92f5-3a673b97d080": { "id": "db5247ad-dbbf-4d8e-92f5-3a673b97d080", "title": "Video Grid <= 1.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Grid", "slug": "video-grid", "affected_versions": { "* - 1.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db5247ad-dbbf-4d8e-92f5-3a673b97d080?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db565c28-84ae-4b70-a56e-e91c1a27341d": { "id": "db565c28-84ae-4b70-a56e-e91c1a27341d", "title": "No Follow All External Links 2.1.0 - 2.3.0 - Backdoor", "software": [ { "type": "plugin", "name": "No Follow All External Links", "slug": "nofollow-all-external-links", "affected_versions": { "2.1.0 - 2.3.0": { "from_version": "2.1.0", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db565c28-84ae-4b70-a56e-e91c1a27341d?source=api-scan" ], "published": "2017-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db56844f-9988-4f6a-ba1d-f190ff009f2b": { "id": "db56844f-9988-4f6a-ba1d-f190ff009f2b", "title": "Colibri WP <= 1.0.94 - Cross-Site Request Forgery to Limited Plugin Installation", "software": [ { "type": "theme", "name": "Colibri WP", "slug": "colibri-wp", "affected_versions": { "* - 1.0.94": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.94", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.101" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db56844f-9988-4f6a-ba1d-f190ff009f2b?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db5764f7-3e5e-4a0f-8280-c851ccb7dbc3": { "id": "db5764f7-3e5e-4a0f-8280-c851ccb7dbc3", "title": "Ready! Google Maps <= 1.1.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ready! Google Maps", "slug": "google-maps-ready", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db5764f7-3e5e-4a0f-8280-c851ccb7dbc3?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db5d6cc9-24d7-42bf-905e-4c3764c659ed": { "id": "db5d6cc9-24d7-42bf-905e-4c3764c659ed", "title": "Ecwid Ecommerce Shopping Cart <= 6.12.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ecwid by Lightspeed Ecommerce Shopping Cart", "slug": "ecwid-shopping-cart", "affected_versions": { "* - 6.12.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.12.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.12.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db5d6cc9-24d7-42bf-905e-4c3764c659ed?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db5e26cf-e6c7-4b79-807a-643a1effd2a0": { "id": "db5e26cf-e6c7-4b79-807a-643a1effd2a0", "title": "Link Library <= 5.8.10.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 5.8.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db5e26cf-e6c7-4b79-807a-643a1effd2a0?source=api-scan" ], "published": "2014-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db6616b5-4c4e-4cc7-83eb-22fac94f47f2": { "id": "db6616b5-4c4e-4cc7-83eb-22fac94f47f2", "title": "Themeflection Numbers <= 1.8.1 - Authenticated(Subscriber+) Privilege Escalation via tf_numb_save_licenses", "software": [ { "type": "plugin", "name": "Themeflection Numbers \u2013 Number Counter and Animated Numbers", "slug": "tf-numbers-number-counter-animaton", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db6616b5-4c4e-4cc7-83eb-22fac94f47f2?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db664d0a-a58d-4d8b-ae0a-074f32d8710c": { "id": "db664d0a-a58d-4d8b-ae0a-074f32d8710c", "title": "Decorator - WooCommerce Email Customizer <= 1.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Decorator \u2013 WooCommerce Email Customizer", "slug": "decorator-woocommerce-email-customizer", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db664d0a-a58d-4d8b-ae0a-074f32d8710c?source=api-scan" ], "published": "2023-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db6995d1-8060-40cb-9e35-2baea4e39072": { "id": "db6995d1-8060-40cb-9e35-2baea4e39072", "title": "Floating Tweets <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Tweets", "slug": "floating-tweets", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db6995d1-8060-40cb-9e35-2baea4e39072?source=api-scan" ], "published": "2012-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db6bb000-4f46-4a5a-b118-dcd3e78e4029": { "id": "db6bb000-4f46-4a5a-b118-dcd3e78e4029", "title": "User Meta Manager <= 3.4.9 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "User Meta Manager", "slug": "user-meta-manager", "affected_versions": { "* - 3.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db6bb000-4f46-4a5a-b118-dcd3e78e4029?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db6bec6c-77d1-4dab-9893-cf33a2fac629": { "id": "db6bec6c-77d1-4dab-9893-cf33a2fac629", "title": "Photo Engine <= 6.2.5 - Authenticated (Author+) Insecure Direct Object Reference in ajax_generate_auth_token", "software": [ { "type": "plugin", "name": "Photo Engine (Media Organizer & Lightroom)", "slug": "wplr-sync", "affected_versions": { "* - 6.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db6bec6c-77d1-4dab-9893-cf33a2fac629?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db701ad3-10fd-4a40-b239-139fbc95ab61": { "id": "db701ad3-10fd-4a40-b239-139fbc95ab61", "title": "Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Rich Reviews by Starfish", "slug": "rich-reviews", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db701ad3-10fd-4a40-b239-139fbc95ab61?source=api-scan" ], "published": "2019-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db707507-c53f-45b8-a8e1-7fea1c6f8f3c": { "id": "db707507-c53f-45b8-a8e1-7fea1c6f8f3c", "title": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026 <= 4.4 - Cross-Site Request Forgery via publish_lp()", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db707507-c53f-45b8-a8e1-7fea1c6f8f3c?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db70b37c-707a-47b8-a3a2-5a2b7d30de89": { "id": "db70b37c-707a-47b8-a3a2-5a2b7d30de89", "title": "File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "File Manager Pro", "slug": "wp-file-manager-pro", "affected_versions": { "* - 8.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db70b37c-707a-47b8-a3a2-5a2b7d30de89?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db7234a1-e888-454d-8a1c-4de19c4cbec4": { "id": "db7234a1-e888-454d-8a1c-4de19c4cbec4", "title": "WP Limit Login Attempts < 2.0.1 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Limit Login Attempts", "slug": "wp-limit-login-attempts", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db7234a1-e888-454d-8a1c-4de19c4cbec4?source=api-scan" ], "published": "2015-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db761098-e76a-4be8-8b3d-ec964ecbc01c": { "id": "db761098-e76a-4be8-8b3d-ec964ecbc01c", "title": "BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BP Group Documents", "slug": "bp-group-documents", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db761098-e76a-4be8-8b3d-ec964ecbc01c?source=api-scan" ], "published": "2013-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db7903ef-f4e5-452b-b88a-a3933ced833f": { "id": "db7903ef-f4e5-452b-b88a-a3933ced833f", "title": "Grid Gallery \u2013 Photo Image Grid Gallery <= 1.2.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Grid Gallery \u2013 Photo Image Grid Gallery", "slug": "new-grid-gallery", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db7903ef-f4e5-452b-b88a-a3933ced833f?source=api-scan" ], "published": "2021-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db836f4b-d31f-4442-89a5-1a400525c598": { "id": "db836f4b-d31f-4442-89a5-1a400525c598", "title": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-blocks", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db836f4b-d31f-4442-89a5-1a400525c598?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db8437ee-d917-406d-810d-6b7cbe7976c1": { "id": "db8437ee-d917-406d-810d-6b7cbe7976c1", "title": "Better Elementor Addons <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Elementor Addons", "slug": "better-elementor-addons", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db8437ee-d917-406d-810d-6b7cbe7976c1?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db8bebe2-c50c-4148-b232-04bcd808745e": { "id": "db8bebe2-c50c-4148-b232-04bcd808745e", "title": "Shapely Companion <= 1.2.6 - Unprotected AJAX Action to Content Import", "software": [ { "type": "plugin", "name": "Shapely Companion", "slug": "shapely-companion", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db8bebe2-c50c-4148-b232-04bcd808745e?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db8c4bd1-8886-40a4-98e2-e42fc1b81fc9": { "id": "db8c4bd1-8886-40a4-98e2-e42fc1b81fc9", "title": "WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Affiliate Editing", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "[*, 6.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db8c4bd1-8886-40a4-98e2-e42fc1b81fc9?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db8cfdba-f3b2-45dc-9be7-6f6374fd5f39": { "id": "db8cfdba-f3b2-45dc-9be7-6f6374fd5f39", "title": "SpeedyCache <= 1.1.3 - Missing Authorization to Plugin Options Update", "software": [ { "type": "plugin", "name": "SpeedyCache \u2013 Cache, Optimization, Performance", "slug": "speedycache", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db8cfdba-f3b2-45dc-9be7-6f6374fd5f39?source=api-scan" ], "published": "2023-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db934b29-38ed-4f95-8ad7-2d15447c5732": { "id": "db934b29-38ed-4f95-8ad7-2d15447c5732", "title": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", "slug": "bulk-editor", "affected_versions": { "* - 1.0.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db934b29-38ed-4f95-8ad7-2d15447c5732?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db952443-2588-4da0-87d8-5bd2d3be039c": { "id": "db952443-2588-4da0-87d8-5bd2d3be039c", "title": "ShopLentor <= 2.5.1 - Cross-Site Request Forgery to Post Updates", "software": [ { "type": "plugin", "name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", "slug": "woolentor-addons", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db952443-2588-4da0-87d8-5bd2d3be039c?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db95415a-5354-498b-8368-58c47d9948de": { "id": "db95415a-5354-498b-8368-58c47d9948de", "title": "tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db95415a-5354-498b-8368-58c47d9948de?source=api-scan" ], "published": "2024-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db959eaf-300c-4ecd-ac15-216a17ec5a50": { "id": "db959eaf-300c-4ecd-ac15-216a17ec5a50", "title": "10Web Social Post Feed <= 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "10Web Social Post Feed", "slug": "wd-facebook-feed", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db959eaf-300c-4ecd-ac15-216a17ec5a50?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db9819c4-e000-4113-a613-7510fce923c9": { "id": "db9819c4-e000-4113-a613-7510fce923c9", "title": "Search Everything <= 8.1.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Search Everything", "slug": "search-everything", "affected_versions": { "* - 8.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db9819c4-e000-4113-a613-7510fce923c9?source=api-scan" ], "published": "2017-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "db9cd10e-90c1-48b2-8760-d5fc501fb3ba": { "id": "db9cd10e-90c1-48b2-8760-d5fc501fb3ba", "title": "Javo Spot < 3.0.0 - Directory Traversal", "software": [ { "type": "theme", "name": "Javo Spot - Multi Purpose Directory WordPress Theme", "slug": "javo-spot", "affected_versions": { "[*, 3.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/db9cd10e-90c1-48b2-8760-d5fc501fb3ba?source=api-scan" ], "published": "2017-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dba01dc2-c73b-461a-bcbd-86daa0bf0ad0": { "id": "dba01dc2-c73b-461a-bcbd-86daa0bf0ad0", "title": "Ninja Forms <= 2.9.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 2.9.11)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dba01dc2-c73b-461a-bcbd-86daa0bf0ad0?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dba0a90b-f13c-4914-b6b7-278227ffc122": { "id": "dba0a90b-f13c-4914-b6b7-278227ffc122", "title": "Locatoraid Store Locator <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Locatoraid Store Locator", "slug": "locatoraid", "affected_versions": { "* - 3.9.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dba0a90b-f13c-4914-b6b7-278227ffc122?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dba3f3a6-3f55-4f4e-98e4-bb98d9c94bdd": { "id": "dba3f3a6-3f55-4f4e-98e4-bb98d9c94bdd", "title": "EventON <= 2.1 - Missing Authorization to Event Access", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dba3f3a6-3f55-4f4e-98e4-bb98d9c94bdd?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dba61faf-b7fa-4910-9101-8f2a3dac8dc9": { "id": "dba61faf-b7fa-4910-9101-8f2a3dac8dc9", "title": "zeList <= 0.5.11.07 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "zeList", "slug": "zelist-directory", "affected_versions": { "* - 0.5.11.07": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.11.07", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dba61faf-b7fa-4910-9101-8f2a3dac8dc9?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dba7f15a-29f8-4c7b-b506-7e82c563c6a9": { "id": "dba7f15a-29f8-4c7b-b506-7e82c563c6a9", "title": "MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MF Gig Calendar", "slug": "mf-gig-calendar", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dba7f15a-29f8-4c7b-b506-7e82c563c6a9?source=api-scan" ], "published": "2021-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbaedb36-6710-48ab-8bb5-e6065fa8df51": { "id": "dbaedb36-6710-48ab-8bb5-e6065fa8df51", "title": "Charitable <= 1.7.0.13 - Authenticated(Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "[*, 1.7.0.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbaedb36-6710-48ab-8bb5-e6065fa8df51?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbb59e76-5256-4883-b9cf-7c336b4ff8a3": { "id": "dbb59e76-5256-4883-b9cf-7c336b4ff8a3", "title": "Awesome Support <= 6.1.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbb59e76-5256-4883-b9cf-7c336b4ff8a3?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbbd9eda-756b-4fa7-b7b6-d91181cc80d6": { "id": "dbbd9eda-756b-4fa7-b7b6-d91181cc80d6", "title": "BuddyForms Members <= 1.4.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress & BuddyBoss Member Profile Forms", "slug": "buddyforms-members", "affected_versions": { "* - 1.4.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbbd9eda-756b-4fa7-b7b6-d91181cc80d6?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbc1d257-bc56-4e8f-bdb4-b2a323026625": { "id": "dbc1d257-bc56-4e8f-bdb4-b2a323026625", "title": "WP Live Chat Support <= 7.0.06 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "* - 7.0.06": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbc1d257-bc56-4e8f-bdb4-b2a323026625?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbc5edda-c503-4a0c-be9e-6ce17eee2c51": { "id": "dbc5edda-c503-4a0c-be9e-6ce17eee2c51", "title": "Icegram <= 1.9.18 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "[*, 1.9.19)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbc5edda-c503-4a0c-be9e-6ce17eee2c51?source=api-scan" ], "published": "2016-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbc60daa-c093-4cd6-8f07-d9015e2bd957": { "id": "dbc60daa-c093-4cd6-8f07-d9015e2bd957", "title": "Carousel Slider <= 2.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Carousel Slider", "slug": "carousel-slider", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbc60daa-c093-4cd6-8f07-d9015e2bd957?source=api-scan" ], "published": "2024-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbc98f55-a8f9-4234-84aa-df38302bf0b8": { "id": "dbc98f55-a8f9-4234-84aa-df38302bf0b8", "title": "WooCommerce Subscriptions <= 3.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Subscription", "slug": "woocommerce-subscriptions", "affected_versions": { "[*, 3.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbc98f55-a8f9-4234-84aa-df38302bf0b8?source=api-scan" ], "published": "2020-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbcdeda4-85b7-48d6-b89d-1d1756d183d2": { "id": "dbcdeda4-85b7-48d6-b89d-1d1756d183d2", "title": "WordPress Core < 3.5.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbcdeda4-85b7-48d6-b89d-1d1756d183d2?source=api-scan" ], "published": "2013-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbce48b2-aa7c-4c92-8df8-ee3a17336e97": { "id": "dbce48b2-aa7c-4c92-8df8-ee3a17336e97", "title": "Easy Digital Downloads <= 3.1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbce48b2-aa7c-4c92-8df8-ee3a17336e97?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbd4a482-7176-446f-804d-e0cd0764a2cb": { "id": "dbd4a482-7176-446f-804d-e0cd0764a2cb", "title": "Store Toolkit for WooCommerce <= 1.5.7 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Store Toolkit \u2013 WooCommerce Extensions, Quick Enhancements & Handy Tools", "slug": "woocommerce-store-toolkit", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbd4a482-7176-446f-804d-e0cd0764a2cb?source=api-scan" ], "published": "2016-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbd76c3d-028a-48e3-9a80-1a8da934d097": { "id": "dbd76c3d-028a-48e3-9a80-1a8da934d097", "title": "Counter Box <= 1.1.1 - Authenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site", "slug": "counter-box", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbd76c3d-028a-48e3-9a80-1a8da934d097?source=api-scan" ], "published": "2022-05-16 13:55:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbda16f5-65c2-47cf-8b06-6aa231b8fd11": { "id": "dbda16f5-65c2-47cf-8b06-6aa231b8fd11", "title": "Alphabetic Pagination <= 3.0.7 - Missing Authorization to Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Alphabetic Pagination", "slug": "alphabetic-pagination", "affected_versions": { "* - 3.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbda16f5-65c2-47cf-8b06-6aa231b8fd11?source=api-scan" ], "published": "2022-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbe0cc57-a17d-4f91-887f-fe819b32f6b3": { "id": "dbe0cc57-a17d-4f91-887f-fe819b32f6b3", "title": "Responsive <= 5.0.2 - Missing Authorization to HTML Injection", "software": [ { "type": "theme", "name": "Responsive", "slug": "responsive", "affected_versions": { "* - 5.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbe0cc57-a17d-4f91-887f-fe819b32f6b3?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbe53b09-84c6-4fb6-9a79-1e4987678129": { "id": "dbe53b09-84c6-4fb6-9a79-1e4987678129", "title": "Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget", "software": [ { "type": "plugin", "name": "Envo Extra", "slug": "envo-extra", "affected_versions": { "* - 1.8.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbe53b09-84c6-4fb6-9a79-1e4987678129?source=api-scan" ], "published": "2024-06-06 20:49:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbe8d164-85c7-444d-80ad-4d03151b939b": { "id": "dbe8d164-85c7-444d-80ad-4d03151b939b", "title": "ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "ApexChat", "slug": "apexchat", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbe8d164-85c7-444d-80ad-4d03151b939b?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbe8d453-21f0-43e2-84d3-3c520ab9c308": { "id": "dbe8d453-21f0-43e2-84d3-3c520ab9c308", "title": "Breakdance <= 1.7.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Breakdance", "slug": "breakdance", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbe8d453-21f0-43e2-84d3-3c520ab9c308?source=api-scan" ], "published": "2024-07-31 17:55:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbf0f614-e5e9-486c-a0dd-cd494708a2a8": { "id": "dbf0f614-e5e9-486c-a0dd-cd494708a2a8", "title": "WP Repost <= 0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Repost", "slug": "wp-repost", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbf0f614-e5e9-486c-a0dd-cd494708a2a8?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbf32808-b5d7-4f12-ada5-0578e0bef321": { "id": "dbf32808-b5d7-4f12-ada5-0578e0bef321", "title": "Media File Renamer \u2013 Auto & Manual Rename <= 5.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Media File Renamer: Rename for better SEO (AI-Powered)", "slug": "media-file-renamer", "affected_versions": { "* - 5.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbf32808-b5d7-4f12-ada5-0578e0bef321?source=api-scan" ], "published": "2021-04-08 23:09:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbf491d6-e546-4e3f-88c2-237b647a2b1e": { "id": "dbf491d6-e546-4e3f-88c2-237b647a2b1e", "title": "Delicate <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Delicate", "slug": "delicate", "affected_versions": { "* - 3.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbf491d6-e546-4e3f-88c2-237b647a2b1e?source=api-scan" ], "published": "2024-09-12 21:31:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbf54852-f3fe-4c9e-9348-44a73f9a8131": { "id": "dbf54852-f3fe-4c9e-9348-44a73f9a8131", "title": "WooCommerce Parcel Pro <= 1.6.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Parcel Pro", "slug": "woo-parcel-pro", "affected_versions": { "* - 1.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbf54852-f3fe-4c9e-9348-44a73f9a8131?source=api-scan" ], "published": "2023-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbfc52a4-6c9d-480b-9247-1513318ff84b": { "id": "dbfc52a4-6c9d-480b-9247-1513318ff84b", "title": "Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection via 'post'", "software": [ { "type": "plugin", "name": "Contact form 7 Custom validation", "slug": "cf7-field-validation", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbfc52a4-6c9d-480b-9247-1513318ff84b?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dbfe3f7d-d653-421b-a054-a4ab266866c3": { "id": "dbfe3f7d-d653-421b-a054-a4ab266866c3", "title": "Payment Gateway Based Fees and Discounts for WooCommerce <= 2.12.1 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Payment Gateway Based Fees and Discounts for WooCommerce", "slug": "checkout-fees-for-woocommerce", "affected_versions": { "* - 2.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dbfe3f7d-d653-421b-a054-a4ab266866c3?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc01108f-e781-484b-997a-c1d4e218a3f4": { "id": "dc01108f-e781-484b-997a-c1d4e218a3f4", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc01108f-e781-484b-997a-c1d4e218a3f4?source=api-scan" ], "published": "2023-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc023c1b-7ec6-45b6-b50a-f0d823065843": { "id": "dc023c1b-7ec6-45b6-b50a-f0d823065843", "title": "Brizy \u2013 Page Builder <= 2.4.40 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "2.4.40": { "from_version": "2.4.40", "from_inclusive": true, "to_version": "2.4.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc023c1b-7ec6-45b6-b50a-f0d823065843?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc024183-0244-4ef9-9171-057ecd1c3e1d": { "id": "dc024183-0244-4ef9-9171-057ecd1c3e1d", "title": "Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Auto Featured Image (Auto Post Thumbnail)", "slug": "auto-post-thumbnail", "affected_versions": { "* - 4.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc024183-0244-4ef9-9171-057ecd1c3e1d?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc052b00-65a7-4668-8bdd-b06d69d12a4a": { "id": "dc052b00-65a7-4668-8bdd-b06d69d12a4a", "title": "video carousel slider with lightbox 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "video carousel slider with lightbox", "slug": "wp-responsive-video-gallery-with-lightbox", "affected_versions": { "1.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc052b00-65a7-4668-8bdd-b06d69d12a4a?source=api-scan" ], "published": "2023-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc057069-15cd-477f-9106-e616e919c62f": { "id": "dc057069-15cd-477f-9106-e616e919c62f", "title": "Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.23": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc057069-15cd-477f-9106-e616e919c62f?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc07620e-23fe-4039-a6f5-e0b320424444": { "id": "dc07620e-23fe-4039-a6f5-e0b320424444", "title": "Newsletter Popup <= 1.2 - Cross-Site Request Forgery to List Deletion", "software": [ { "type": "plugin", "name": "Newsletter Popup", "slug": "newsletter-popup", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc07620e-23fe-4039-a6f5-e0b320424444?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc07bcec-f822-492a-b73d-79e791907dd1": { "id": "dc07bcec-f822-492a-b73d-79e791907dd1", "title": "Easy Forms for Mailchimp <= 6.8.10 - Sensitive Information Exposure via logfile", "software": [ { "type": "plugin", "name": "Easy Forms for Mailchimp", "slug": "yikes-inc-easy-mailchimp-extender", "affected_versions": { "* - 6.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc07bcec-f822-492a-b73d-79e791907dd1?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc15bc48-31f6-4829-8f9b-cd2d1c7c5280": { "id": "dc15bc48-31f6-4829-8f9b-cd2d1c7c5280", "title": "eCommerce Product Catalog Plugin for WordPress <= 3.3.32 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.3.32": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc15bc48-31f6-4829-8f9b-cd2d1c7c5280?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc19313b-f9d0-4a92-8e33-d632d8a478df": { "id": "dc19313b-f9d0-4a92-8e33-d632d8a478df", "title": "Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping", "software": [ { "type": "plugin", "name": "Simple Slug Translate", "slug": "simple-slug-translate", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc19313b-f9d0-4a92-8e33-d632d8a478df?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc1e5fb7-92d0-4e7f-9b1b-15673e3b852a": { "id": "dc1e5fb7-92d0-4e7f-9b1b-15673e3b852a", "title": "Gravity Forms <= 2.7.3 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Gravity Forms", "slug": "gravityforms", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc1e5fb7-92d0-4e7f-9b1b-15673e3b852a?source=api-scan" ], "published": "2023-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc221b37-565d-41e4-874c-06015753045f": { "id": "dc221b37-565d-41e4-874c-06015753045f", "title": "Attendance Manager <= 0.5.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Attendance Manager", "slug": "attendance-manager", "affected_versions": { "* - 0.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc221b37-565d-41e4-874c-06015753045f?source=api-scan" ], "published": "2019-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc2356b2-e153-4e80-bfac-c25c15cdc259": { "id": "dc2356b2-e153-4e80-bfac-c25c15cdc259", "title": "Media Library Helper by Codexin <= 1.2.0 - Cross-Site Request Forgery via rate_the_plugin_action", "software": [ { "type": "plugin", "name": "Bulk edit image alt tag, caption & description \u2013 WordPress Media Library Helper by Codexin", "slug": "media-library-helper", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc2356b2-e153-4e80-bfac-c25c15cdc259?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc24d2de-352c-4215-a4db-2966aa6467c7": { "id": "dc24d2de-352c-4215-a4db-2966aa6467c7", "title": "Real3D Flipbook <= 2.8 - Directory Traversal via Uploads", "software": [ { "type": "plugin", "name": "Real3D Flipbook", "slug": "real3d-flipbook", "affected_versions": { "[*, 2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc24d2de-352c-4215-a4db-2966aa6467c7?source=api-scan" ], "published": "2016-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc2532b4-907f-438b-baab-c3966cf30f74": { "id": "dc2532b4-907f-438b-baab-c3966cf30f74", "title": "Student Result or Employee Database <= 1.7.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "Student Result or Employee Database", "slug": "simple-student-result", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc2532b4-907f-438b-baab-c3966cf30f74?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc26fef6-58e8-441c-ae72-19a3822903a5": { "id": "dc26fef6-58e8-441c-ae72-19a3822903a5", "title": "wp-mpdf <= 3.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-mpdf", "slug": "wp-mpdf", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc26fef6-58e8-441c-ae72-19a3822903a5?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc277e7c-86ec-448f-a91e-e4d12a4b4177": { "id": "dc277e7c-86ec-448f-a91e-e4d12a4b4177", "title": "MAS Companies For WP Job Manager <= 1.0.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MAS Companies For WP Job Manager", "slug": "mas-wp-job-manager-company", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc277e7c-86ec-448f-a91e-e4d12a4b4177?source=api-scan" ], "published": "2024-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc314c13-4be4-40fc-a035-5de0acb36c91": { "id": "dc314c13-4be4-40fc-a035-5de0acb36c91", "title": "WP Simple Spreadsheet Fetcher for Google < 0.3.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Simple Spreadsheet Fetcher for Google", "slug": "wp-simple-spreadsheet-fetcher-for-google", "affected_versions": { "[*, 0.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc314c13-4be4-40fc-a035-5de0acb36c91?source=api-scan" ], "published": "2020-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc322548-ffc9-4246-9835-fcc5705cef3f": { "id": "dc322548-ffc9-4246-9835-fcc5705cef3f", "title": "Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc322548-ffc9-4246-9835-fcc5705cef3f?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc3457a5-3d5b-40dc-b9b1-e819187c4d99": { "id": "dc3457a5-3d5b-40dc-b9b1-e819187c4d99", "title": "TI WooCommerce Wishlist \/ TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "TI WooCommerce Wishlist", "slug": "ti-woocommerce-wishlist", "affected_versions": { "[*, 1.40.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.40.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.40.1" ] }, { "type": "plugin", "name": "TI WooCommerce Wishlist Pro", "slug": "ti-woocommerce-wishlist-premium", "affected_versions": { "[*, 1.40.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.40.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.40.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc3457a5-3d5b-40dc-b9b1-e819187c4d99?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc37397e-cd23-4ffd-9771-316d7f9ff9fa": { "id": "dc37397e-cd23-4ffd-9771-316d7f9ff9fa", "title": "Twitter Bootstrap Slider <= 1.1.3 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Twitter Bootstrap Slider", "slug": "twitter-bootstrap-slider", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc37397e-cd23-4ffd-9771-316d7f9ff9fa?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc3e3d47-cae3-46a6-9b60-ad1eb6b7ced7": { "id": "dc3e3d47-cae3-46a6-9b60-ad1eb6b7ced7", "title": "Crew HRM <= 1.1.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Employee, Leave and Recruitment Management System \u2013 Crew HRM", "slug": "hr-management", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc3e3d47-cae3-46a6-9b60-ad1eb6b7ced7?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc3e89e5-2e7e-497e-b340-b787ebdf3711": { "id": "dc3e89e5-2e7e-497e-b340-b787ebdf3711", "title": "Reviews Feed \u2013 Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update", "software": [ { "type": "plugin", "name": "Reviews Feed \u2013 Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More", "slug": "reviews-feed", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc3e89e5-2e7e-497e-b340-b787ebdf3711?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc428f4b-fe82-419a-aee3-38f0bb582506": { "id": "dc428f4b-fe82-419a-aee3-38f0bb582506", "title": "WooCommerce Predictive Search <= 5.8.0 - Cross-Site Request Forgery via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Predictive Search for WooCommerce", "slug": "woocommerce-predictive-search", "affected_versions": { "* - 5.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc428f4b-fe82-419a-aee3-38f0bb582506?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc4c4f01-cc48-47a3-a7b7-025b261ab54c": { "id": "dc4c4f01-cc48-47a3-a7b7-025b261ab54c", "title": "Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.17.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode", "slug": "coming-soon", "affected_versions": { "* - 6.17.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.17.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.18.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc4c4f01-cc48-47a3-a7b7-025b261ab54c?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc4e59ba-9732-4c0c-a89f-866f274661d9": { "id": "dc4e59ba-9732-4c0c-a89f-866f274661d9", "title": "JSON Content Importer <= 1.5.6 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Get Use APIs \u2013 JSON Content Importer", "slug": "json-content-importer", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc4e59ba-9732-4c0c-a89f-866f274661d9?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc5050dc-39de-4544-bf51-0927b2972d34": { "id": "dc5050dc-39de-4544-bf51-0927b2972d34", "title": "WP Cerber Security <= 9.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "* - 9.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc5050dc-39de-4544-bf51-0927b2972d34?source=api-scan" ], "published": "2022-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc5276e2-e9de-4409-bbe0-4d0b37244367": { "id": "dc5276e2-e9de-4409-bbe0-4d0b37244367", "title": "WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection", "software": [ { "type": "plugin", "name": "Woocommerce Follow-ups", "slug": "woocommerce-follow-up-emails", "affected_versions": { "* - 4.9.50": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc5276e2-e9de-4409-bbe0-4d0b37244367?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc57d762-1e26-4980-ac82-ba35bf252ef8": { "id": "dc57d762-1e26-4980-ac82-ba35bf252ef8", "title": "Demo My WordPress <= 1.0.9.1 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Demo My WordPress", "slug": "demo-my-wordpress", "affected_versions": { "* - 1.0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc57d762-1e26-4980-ac82-ba35bf252ef8?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc59510c-6eaf-4526-8acb-c07e39923ad9": { "id": "dc59510c-6eaf-4526-8acb-c07e39923ad9", "title": "Font Awesome 4 Menus <= 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Font Awesome 4 Menus", "slug": "font-awesome-4-menus", "affected_versions": { "* - 4.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc59510c-6eaf-4526-8acb-c07e39923ad9?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc5c511f-dc79-468b-a107-cdf50999faf8": { "id": "dc5c511f-dc79-468b-a107-cdf50999faf8", "title": "GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin installation", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.33.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.33.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc5c511f-dc79-468b-a107-cdf50999faf8?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc686a35-4ce3-4359-a7d3-e6459e2f5dfe": { "id": "dc686a35-4ce3-4359-a7d3-e6459e2f5dfe", "title": "Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets", "software": [ { "type": "plugin", "name": "Themesflat Addons For Elementor", "slug": "themesflat-addons-for-elementor", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc686a35-4ce3-4359-a7d3-e6459e2f5dfe?source=api-scan" ], "published": "2024-06-05 15:27:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc7099d7-94fd-42be-a921-bfcad43ae252": { "id": "dc7099d7-94fd-42be-a921-bfcad43ae252", "title": "Blocksy <= 2.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blocksy", "slug": "blocksy", "affected_versions": { "* - 2.0.46": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc7099d7-94fd-42be-a921-bfcad43ae252?source=api-scan" ], "published": "2024-05-20 14:17:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc762385-a099-4bec-9b30-ebbbc00faaeb": { "id": "dc762385-a099-4bec-9b30-ebbbc00faaeb", "title": "The Events Calendar <= 6.5.1.4 - Cross-Site Request Forgery via action_restore_events", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc762385-a099-4bec-9b30-ebbbc00faaeb?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc783305-1cd0-4ec1-b4e2-57afeeec8034": { "id": "dc783305-1cd0-4ec1-b4e2-57afeeec8034", "title": "Bulk Edit and Create User Profiles \u2013 WP Sheet Editor <= 1.5.13 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bulk Edit and Create User Profiles \u2013 WP Sheet Editor", "slug": "bulk-edit-user-profiles-in-spreadsheet", "affected_versions": { "[*, 1.5.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc783305-1cd0-4ec1-b4e2-57afeeec8034?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc7b51e5-6eb7-41ba-add3-f083fb34c5e1": { "id": "dc7b51e5-6eb7-41ba-add3-f083fb34c5e1", "title": "Advanced Popups <= 1.1.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Advanced Popups", "slug": "advanced-popups", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc7b51e5-6eb7-41ba-add3-f083fb34c5e1?source=api-scan" ], "published": "2020-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc7d0124-9ddd-4f88-bffd-e09e10137a3d": { "id": "dc7d0124-9ddd-4f88-bffd-e09e10137a3d", "title": "Yoast SEO <= 1.7.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true }, "1.6 - 1.6.3": { "from_version": "1.6", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true }, "1.7 - 1.7.3.3": { "from_version": "1.7", "from_inclusive": true, "to_version": "1.7.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7", "1.6.4", "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc7d0124-9ddd-4f88-bffd-e09e10137a3d?source=api-scan" ], "published": "2015-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc7e4235-5f40-48c2-8474-cf57af5e35bd": { "id": "dc7e4235-5f40-48c2-8474-cf57af5e35bd", "title": "Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Tooltips", "slug": "simple-tooltips", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc7e4235-5f40-48c2-8474-cf57af5e35bd?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc7ff863-3a8e-41cd-ae20-78bb4577c16a": { "id": "dc7ff863-3a8e-41cd-ae20-78bb4577c16a", "title": "The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Clients Widget", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc7ff863-3a8e-41cd-ae20-78bb4577c16a?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc83b0ff-7228-466a-b831-53cca252a3f3": { "id": "dc83b0ff-7228-466a-b831-53cca252a3f3", "title": "DM Albums <= 1.9.2 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "dm-albums", "slug": "dm-albums", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc83b0ff-7228-466a-b831-53cca252a3f3?source=api-scan" ], "published": "2009-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc8704f2-01ee-4193-ae8d-96a7f5383d21": { "id": "dc8704f2-01ee-4193-ae8d-96a7f5383d21", "title": "WP-Recall <= 16.26.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-Recall \u2013 Registration, Profile, Commerce & More", "slug": "wp-recall", "affected_versions": { "* - 16.26.6": { "from_version": "*", "from_inclusive": true, "to_version": "16.26.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "16.26.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc8704f2-01ee-4193-ae8d-96a7f5383d21?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc878508-200d-4bc7-aa99-c34e63cba4b3": { "id": "dc878508-200d-4bc7-aa99-c34e63cba4b3", "title": "Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Intuitive Custom Post Order", "slug": "intuitive-custom-post-order", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc878508-200d-4bc7-aa99-c34e63cba4b3?source=api-scan" ], "published": "2023-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc8bef03-51e0-4448-bddd-85300104e875": { "id": "dc8bef03-51e0-4448-bddd-85300104e875", "title": "Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via wpr_update_form_action_meta", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.87": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc8bef03-51e0-4448-bddd-85300104e875?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc8c0726-82b7-487e-ba9e-7adc892979d2": { "id": "dc8c0726-82b7-487e-ba9e-7adc892979d2", "title": "BackWPup < 3.0.13 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BackWPup \u2013 WordPress Backup & Restore Plugin", "slug": "backwpup", "affected_versions": { "[*, 3.0.13)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc8c0726-82b7-487e-ba9e-7adc892979d2?source=api-scan" ], "published": "2013-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc8d63ee-4929-4940-bc6a-931524e20272": { "id": "dc8d63ee-4929-4940-bc6a-931524e20272", "title": "SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets", "software": [ { "type": "plugin", "name": "SKT Addons for Elementor", "slug": "skt-addons-for-elementor", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc8d63ee-4929-4940-bc6a-931524e20272?source=api-scan" ], "published": "2024-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc8dc895-8caa-4a37-80f0-3a5516c25dfe": { "id": "dc8dc895-8caa-4a37-80f0-3a5516c25dfe", "title": "Chained Quiz Plugin < 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chained Quiz", "slug": "chained-quiz", "affected_versions": { "[*, 1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc8dc895-8caa-4a37-80f0-3a5516c25dfe?source=api-scan" ], "published": "2017-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc8eea10-3c51-4147-a7f6-d73553158f84": { "id": "dc8eea10-3c51-4147-a7f6-d73553158f84", "title": "Simple Custom Post Order <= 2.5.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Simple Custom Post Order", "slug": "simple-custom-post-order", "affected_versions": { "* - 2.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc8eea10-3c51-4147-a7f6-d73553158f84?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc8f46a4-b086-440c-809f-1a3db44125f1": { "id": "dc8f46a4-b086-440c-809f-1a3db44125f1", "title": "Animator <= 3.0.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Animator \u2013 Scroll Triggered Animations", "slug": "scroll-triggered-animations", "affected_versions": { "* - 3.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc8f46a4-b086-440c-809f-1a3db44125f1?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc9676ef-34d7-4a88-a295-1c7136a0e6cd": { "id": "dc9676ef-34d7-4a88-a295-1c7136a0e6cd", "title": "Dextaz Ping <= 0.65 - Authenticated (Admin+) Remote Code Execution", "software": [ { "type": "plugin", "name": "Dextaz Ping", "slug": "dextaz-ping", "affected_versions": { "* - 0.65": { "from_version": "*", "from_inclusive": true, "to_version": "0.65", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc9676ef-34d7-4a88-a295-1c7136a0e6cd?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dc9dcd42-bec1-4323-b5bf-6c0518ae546d": { "id": "dc9dcd42-bec1-4323-b5bf-6c0518ae546d", "title": "Newsletter by Supsystic < 1.1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newsletter by Supsystic", "slug": "newsletter-by-supsystic", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dc9dcd42-bec1-4323-b5bf-6c0518ae546d?source=api-scan" ], "published": "2017-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dca8f186-c58a-40bc-b1d1-b29bcf4631c5": { "id": "dca8f186-c58a-40bc-b1d1-b29bcf4631c5", "title": "Feed Statistics < 4.0 - Open Redirect", "software": [ { "type": "plugin", "name": "Feed Statistics", "slug": "wordpress-feed-statistics", "affected_versions": { "[*, 4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dca8f186-c58a-40bc-b1d1-b29bcf4631c5?source=api-scan" ], "published": "2014-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcabc099-ef35-4dcd-ba53-ef20a0ad1abc": { "id": "dcabc099-ef35-4dcd-ba53-ef20a0ad1abc", "title": "Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authentication on Option Changes", "software": [ { "type": "plugin", "name": "Simple 301 Redirects \u2013 Addon \u2013 Bulk Uploader", "slug": "simple-301-redirects-addon-bulk-uploader", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcabc099-ef35-4dcd-ba53-ef20a0ad1abc?source=api-scan" ], "published": "2019-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcb0334c-d5eb-40b9-be7c-42857dedc96d": { "id": "dcb0334c-d5eb-40b9-be7c-42857dedc96d", "title": "Extend Themes <= (Multiple Versions) - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Consus", "slug": "consus", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "theme", "name": "Skyline WP", "slug": "skyline-wp", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.11" ] }, { "type": "theme", "name": "Oasis", "slug": "oasis", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.13" ] }, { "type": "theme", "name": "Ketos", "slug": "ketos", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] }, { "type": "theme", "name": "Zeka", "slug": "zeka", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.10" ] }, { "type": "theme", "name": "Niveau", "slug": "niveau", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcb0334c-d5eb-40b9-be7c-42857dedc96d?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcbc0ceb-7e23-4475-a138-25dc15ec17f7": { "id": "dcbc0ceb-7e23-4475-a138-25dc15ec17f7", "title": "Yes\/No Chart < 1.0.12 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Yes\/No Chart", "slug": "yesno", "affected_versions": { "[*, 1.0.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcbc0ceb-7e23-4475-a138-25dc15ec17f7?source=api-scan" ], "published": "2021-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcbe0c72-d518-45d3-a220-896a51071b26": { "id": "dcbe0c72-d518-45d3-a220-896a51071b26", "title": "Advanced Custom Fields: Extended <= 0.8.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Advanced Custom Fields: Extended", "slug": "acf-extended", "affected_versions": { "* - 0.8.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcbe0c72-d518-45d3-a220-896a51071b26?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcbfcaeb-2635-4b11-b426-ee04345d5f36": { "id": "dcbfcaeb-2635-4b11-b426-ee04345d5f36", "title": "Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Download Plugins and Themes in ZIP from Dashboard", "slug": "download-plugins-dashboard", "affected_versions": { "* - 1.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcbfcaeb-2635-4b11-b426-ee04345d5f36?source=api-scan" ], "published": "2024-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcc5a611-23bf-499e-8141-684458d9ce3b": { "id": "dcc5a611-23bf-499e-8141-684458d9ce3b", "title": "Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcc5a611-23bf-499e-8141-684458d9ce3b?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcd05142-9700-46a8-9ca6-f85e81dfee0d": { "id": "dcd05142-9700-46a8-9ca6-f85e81dfee0d", "title": "Short URL <= 1.6.7 - Missing Authorization via multiple AJAX functions", "software": [ { "type": "plugin", "name": "Short URL", "slug": "shorten-url", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcd05142-9700-46a8-9ca6-f85e81dfee0d?source=api-scan" ], "published": "2023-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcd24b90-94ff-4625-8e3e-9c90e38683f9": { "id": "dcd24b90-94ff-4625-8e3e-9c90e38683f9", "title": "Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Leyka", "slug": "leyka", "affected_versions": { "* - 3.30.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.30.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.30.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcd24b90-94ff-4625-8e3e-9c90e38683f9?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcd463de-ae26-4477-89e1-21f4aada1e86": { "id": "dcd463de-ae26-4477-89e1-21f4aada1e86", "title": "BuddyPress Xprofile Custom Fields Type <= 2.6.3 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "BuddyPress Xprofile Custom Fields Type", "slug": "buddypress-xprofile-custom-fields-type", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcd463de-ae26-4477-89e1-21f4aada1e86?source=api-scan" ], "published": "2018-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcd7204f-d950-4fb8-beb2-d9f619824fa1": { "id": "dcd7204f-d950-4fb8-beb2-d9f619824fa1", "title": "All in One SEO <= 2.2.4.1 - Privilege Escalation to Arbitrary Post Modification", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 2.2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcd7204f-d950-4fb8-beb2-d9f619824fa1?source=api-scan" ], "published": "2014-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcd986cd-d6c0-4d8f-8078-ac0ac83572a3": { "id": "dcd986cd-d6c0-4d8f-8078-ac0ac83572a3", "title": "My Content Management <= 1.7.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Content Management", "slug": "my-content-management", "affected_versions": { "1.7.1": { "from_version": "1.7.1", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcd986cd-d6c0-4d8f-8078-ac0ac83572a3?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcdb5d23-b9fe-495b-8431-f82f22813531": { "id": "dcdb5d23-b9fe-495b-8431-f82f22813531", "title": "iQ Block Country < 1.1.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "iQ Block Country", "slug": "iq-block-country", "affected_versions": { "[*, 1.1.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcdb5d23-b9fe-495b-8431-f82f22813531?source=api-scan" ], "published": "2015-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcddb0f3-41d5-4635-88ac-556ee3eec49a": { "id": "dcddb0f3-41d5-4635-88ac-556ee3eec49a", "title": "Track The Click <= 0.3.11 - Authenticated (Author+) SQL Injection via 'stats' REST Endpoint", "software": [ { "type": "plugin", "name": "Track The Click", "slug": "track-the-click", "affected_versions": { "* - 0.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcddb0f3-41d5-4635-88ac-556ee3eec49a?source=api-scan" ], "published": "2023-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcdf22be-8af4-4596-b138-67ebfd04c06d": { "id": "dcdf22be-8af4-4596-b138-67ebfd04c06d", "title": "GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url'", "software": [ { "type": "plugin", "name": "GTmetrix for WordPress", "slug": "gtmetrix-for-wordpress", "affected_versions": { "* - 0.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcdf22be-8af4-4596-b138-67ebfd04c06d?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dce76d59-e798-4762-8247-eddebd38c165": { "id": "dce76d59-e798-4762-8247-eddebd38c165", "title": "WP Edit Menu < 1.5.0 - Missing Authorization to Post Deletion", "software": [ { "type": "plugin", "name": "WP Edit Menu", "slug": "wp-edit-menu", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dce76d59-e798-4762-8247-eddebd38c165?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dce89625-d00e-4f96-a7c4-2a215c1dfdeb": { "id": "dce89625-d00e-4f96-a7c4-2a215c1dfdeb", "title": "AB Categories Search Widget <= 0.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AB Categories Search Widget", "slug": "ab-categories-search-widget", "affected_versions": { "* - 0.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dce89625-d00e-4f96-a7c4-2a215c1dfdeb?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dce8ac32-cab8-4e05-bf6f-cc348d0c9472": { "id": "dce8ac32-cab8-4e05-bf6f-cc348d0c9472", "title": "FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FooGallery Premium", "slug": "foogallery-premium", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] }, { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dce8ac32-cab8-4e05-bf6f-cc348d0c9472?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcea4ecf-e690-4d1f-beab-fbb30c5bb52e": { "id": "dcea4ecf-e690-4d1f-beab-fbb30c5bb52e", "title": "SupportCandy \u2013 Helpdesk & Support Ticket System <= 2.0.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "SupportCandy \u2013 Helpdesk & Customer Support Ticket System", "slug": "supportcandy", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcea4ecf-e690-4d1f-beab-fbb30c5bb52e?source=api-scan" ], "published": "2019-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dceca4ee-6587-4eaa-974e-a21e7a10b6e8": { "id": "dceca4ee-6587-4eaa-974e-a21e7a10b6e8", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'logPageContent' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dceca4ee-6587-4eaa-974e-a21e7a10b6e8?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcf4a063-6954-4414-a2ee-d92f4192f4d4": { "id": "dcf4a063-6954-4414-a2ee-d92f4192f4d4", "title": "Mikiurl Wordpress Eklentisi <= 2.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mikiurl Wordpress Eklentisi", "slug": "mikiurl-wordpress-eklentisi", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcf4a063-6954-4414-a2ee-d92f4192f4d4?source=api-scan" ], "published": "2014-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcf54e27-e2d1-4d87-8eb6-2881054b70fe": { "id": "dcf54e27-e2d1-4d87-8eb6-2881054b70fe", "title": "Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Fluent Support \u2013 Helpdesk & Customer Support Ticket System", "slug": "fluent-support", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcf54e27-e2d1-4d87-8eb6-2881054b70fe?source=api-scan" ], "published": "2022-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcf59d89-43e9-4bb2-be4f-9308698d1bb3": { "id": "dcf59d89-43e9-4bb2-be4f-9308698d1bb3", "title": "Community by PeepSo <= 6.0.2.0 - Cross-Site Request Forgery leading to Plugin\/Subscription Deletion", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.0.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcf59d89-43e9-4bb2-be4f-9308698d1bb3?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcfca0fe-5b15-4276-896a-9ad12b9a9478": { "id": "dcfca0fe-5b15-4276-896a-9ad12b9a9478", "title": "Easy Digital Downloads \u2013 Amazon S3 <= 2.1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads - Amazon S3", "slug": "edd-amazon-s3", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcfca0fe-5b15-4276-896a-9ad12b9a9478?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef": { "id": "dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef", "title": "ProfileGrid <= 5.9.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcfd8c4d-d48b-468d-a7d5-1ec05b068f79": { "id": "dcfd8c4d-d48b-468d-a7d5-1ec05b068f79", "title": "Newsletter Manager <= 1.5.1 - Insecure Deserialization", "software": [ { "type": "plugin", "name": "Newsletter Manager", "slug": "newsletter-manager", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79?source=api-scan" ], "published": "2020-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcfe3035-db43-499f-b09f-be528725b1d8": { "id": "dcfe3035-db43-499f-b09f-be528725b1d8", "title": "Easy Digital Downloads \u2013 Shoppette Theme < 1.0.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Shoppette", "slug": "shoppette", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcfe3035-db43-499f-b09f-be528725b1d8?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dcfead67-d75d-46ae-ac68-a34643ac2f52": { "id": "dcfead67-d75d-46ae-ac68-a34643ac2f52", "title": "BuddyPress Members Only <= 3.4.8 - Improper Access Control to Sensitive Information Exposure via REST API", "software": [ { "type": "plugin", "name": "BuddyPress Members Only", "slug": "buddypress-members-only", "affected_versions": { "* - 3.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dcfead67-d75d-46ae-ac68-a34643ac2f52?source=api-scan" ], "published": "2024-06-05 15:33:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd0054b5-537b-412f-8b10-8bbc9f2ea256": { "id": "dd0054b5-537b-412f-8b10-8bbc9f2ea256", "title": "Marketo Forms and Tracking <= 1.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Marketo Forms and Tracking", "slug": "marketo-forms-and-tracking", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd0054b5-537b-412f-8b10-8bbc9f2ea256?source=api-scan" ], "published": "2020-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd02becd-77e5-46b9-acc9-dba6c5caba27": { "id": "dd02becd-77e5-46b9-acc9-dba6c5caba27", "title": "LWS Plugins <= (Various Versions) - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "LWS Affiliation", "slug": "lws-affiliation", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] }, { "type": "plugin", "name": "LWS SMS", "slug": "lws-sms", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] }, { "type": "plugin", "name": "LWS Cleaner", "slug": "lws-cleaner", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] }, { "type": "plugin", "name": "LWS Tools", "slug": "lws-tools", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] }, { "type": "plugin", "name": "LWS Hide Login", "slug": "lws-hide-login", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] }, { "type": "plugin", "name": "LWS Optimize", "slug": "lws-optimize", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd02becd-77e5-46b9-acc9-dba6c5caba27?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd052762-5bd3-4008-b6b9-aca7be1151c2": { "id": "dd052762-5bd3-4008-b6b9-aca7be1151c2", "title": "Weblizar Pin Feeds < 1.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Weblizar Pin Feeds", "slug": "weblizar-pinterest-feeds", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd052762-5bd3-4008-b6b9-aca7be1151c2?source=api-scan" ], "published": "2018-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd0597d2-07ba-4fb4-bf73-95770f8c3d6b": { "id": "dd0597d2-07ba-4fb4-bf73-95770f8c3d6b", "title": "WP Go Maps (formerly WP Google Maps) <= 9.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.38": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd0597d2-07ba-4fb4-bf73-95770f8c3d6b?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd0a4212-fe04-4c3b-9d78-b1a0bf97e274": { "id": "dd0a4212-fe04-4c3b-9d78-b1a0bf97e274", "title": "Booster Plus for WooCommerce < 7.1.3 - Missing Authorization to Arbitrary Options Disclosure", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "[*, 7.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd0a4212-fe04-4c3b-9d78-b1a0bf97e274?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd108f90-7afc-43e1-86d4-939c1c25fb2d": { "id": "dd108f90-7afc-43e1-86d4-939c1c25fb2d", "title": "IP Blacklist Cloud <= 5.00 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IP Blacklist Cloud", "slug": "ip-blacklist-cloud", "affected_versions": { "* - 5.00": { "from_version": "*", "from_inclusive": true, "to_version": "5.00", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd108f90-7afc-43e1-86d4-939c1c25fb2d?source=api-scan" ], "published": "2022-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd112c38-e6c1-435c-b62d-8fab06e90eb6": { "id": "dd112c38-e6c1-435c-b62d-8fab06e90eb6", "title": "videowall (All Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "videowall", "slug": "videowall", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd112c38-e6c1-435c-b62d-8fab06e90eb6?source=api-scan" ], "published": "2013-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd1248b2-21ae-449e-acf8-3e5d6353f593": { "id": "dd1248b2-21ae-449e-acf8-3e5d6353f593", "title": "Photo Gallery by 10Web <= 1.2.5 - Unrestricted File Upload", "software": [ { "type": "plugin", "name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "slug": "photo-gallery", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd1248b2-21ae-449e-acf8-3e5d6353f593?source=api-scan" ], "published": "2015-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd15c7c8-6538-4443-a409-0d34ff893963": { "id": "dd15c7c8-6538-4443-a409-0d34ff893963", "title": "Koko Analytics <= 1.3.12 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Koko Analytics", "slug": "koko-analytics", "affected_versions": { "* - 1.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd15c7c8-6538-4443-a409-0d34ff893963?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd163f14-c638-4185-8e14-f3a03312ee42": { "id": "dd163f14-c638-4185-8e14-f3a03312ee42", "title": "Advanced Comment Form <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Comment Form", "slug": "comment-form", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd163f14-c638-4185-8e14-f3a03312ee42?source=api-scan" ], "published": "2022-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd1b6b89-6c3c-4956-aa99-798ce186eb97": { "id": "dd1b6b89-6c3c-4956-aa99-798ce186eb97", "title": "Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beautiful Cookie Consent Banner", "slug": "beautiful-and-responsive-cookie-consent", "affected_versions": { "* - 2.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd1b6b89-6c3c-4956-aa99-798ce186eb97?source=api-scan" ], "published": "2022-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd22276b-41d4-4795-a79e-d770d0cf4b76": { "id": "dd22276b-41d4-4795-a79e-d770d0cf4b76", "title": "WPGraphQL <= 1.3.5 - Denial of Service", "software": [ { "type": "plugin", "name": "WPGraphQL", "slug": "wp-graphql", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd22276b-41d4-4795-a79e-d770d0cf4b76?source=api-scan" ], "published": "2021-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd248b4b-e7a6-4997-81d8-1d163cd85a9b": { "id": "dd248b4b-e7a6-4997-81d8-1d163cd85a9b", "title": "PopularFX <= 1.2.4 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "PopularFX", "slug": "popularfx", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd248b4b-e7a6-4997-81d8-1d163cd85a9b?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd27aeb9-4257-4b15-8f14-8a8c89522c32": { "id": "dd27aeb9-4257-4b15-8f14-8a8c89522c32", "title": "QuBotChat <= 1.1.5 - Unauthenticated Self-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "QuBot \u2013 Chatbot Builder with Templates", "slug": "qubotchat", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd27aeb9-4257-4b15-8f14-8a8c89522c32?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd2d82f4-1493-4829-a4e9-adbb98301324": { "id": "dd2d82f4-1493-4829-a4e9-adbb98301324", "title": "Bestbooks <= 2.6.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Bestbooks", "slug": "bestbooks", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd2d82f4-1493-4829-a4e9-adbb98301324?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd300737-dda4-4ed3-b21f-0407a5e32a05": { "id": "dd300737-dda4-4ed3-b21f-0407a5e32a05", "title": "Internal Link Building <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Internal Link Building", "slug": "internal-link-building-plugin", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd300737-dda4-4ed3-b21f-0407a5e32a05?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd340ecc-d698-43e1-a15c-479088fb8cf4": { "id": "dd340ecc-d698-43e1-a15c-479088fb8cf4", "title": "Easy Accept Payments <= 4.9.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Easy Accept Payments via PayPal", "slug": "wordpress-easy-paypal-payment-or-donation-accept-plugin", "affected_versions": { "* - 4.9.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd340ecc-d698-43e1-a15c-479088fb8cf4?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd36f50b-f9c9-4ca2-81ed-a4e20fc38e82": { "id": "dd36f50b-f9c9-4ca2-81ed-a4e20fc38e82", "title": "SuperSaaS \u2013 online appointment scheduling <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SuperSaaS \u2013 online appointment scheduling", "slug": "supersaas-appointment-scheduling", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd36f50b-f9c9-4ca2-81ed-a4e20fc38e82?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd3a198c-7c24-45b1-95a7-eb16472a51e2": { "id": "dd3a198c-7c24-45b1-95a7-eb16472a51e2", "title": "ShiftController Employee Shift Scheduling <= 4.9.66 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ShiftController Employee Shift Scheduling", "slug": "shiftcontroller", "affected_versions": { "* - 4.9.66": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.66", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd3a198c-7c24-45b1-95a7-eb16472a51e2?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd3bfdc0-8e1b-49e9-b800-cb2dde2d5acb": { "id": "dd3bfdc0-8e1b-49e9-b800-cb2dde2d5acb", "title": "Booking Calendar Contact Form <= 1.0.23 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Calendar Contact Form", "slug": "booking-calendar-contact-form", "affected_versions": { "* - 1.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd3bfdc0-8e1b-49e9-b800-cb2dde2d5acb?source=api-scan" ], "published": "2016-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd3fc3a4-ba32-4c05-bc93-ed7b86c426fa": { "id": "dd3fc3a4-ba32-4c05-bc93-ed7b86c426fa", "title": "Contact Form 7 extension for Google Map fields <= 1.8.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 extension for Google Map fields", "slug": "cf7-google-map", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd3fc3a4-ba32-4c05-bc93-ed7b86c426fa?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd4d7c44-890c-4560-b637-cdc0ca00de31": { "id": "dd4d7c44-890c-4560-b637-cdc0ca00de31", "title": "WP Symposium <= 13.04 - Open Redirection", "software": [ { "type": "plugin", "name": "WP Symposium", "slug": "wp-symposium", "affected_versions": { "* - 13.04": { "from_version": "*", "from_inclusive": true, "to_version": "13.04", "to_inclusive": true } }, "patched": true, "patched_versions": [ "13.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd4d7c44-890c-4560-b637-cdc0ca00de31?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd56cb73-1c40-44b1-b713-c0291832d988": { "id": "dd56cb73-1c40-44b1-b713-c0291832d988", "title": "Page Builder by AZEXO <= 1.27.133 - Missing Authorization to Post Creation", "software": [ { "type": "plugin", "name": "Page Builder with Image Map by AZEXO", "slug": "page-builder-by-azexo", "affected_versions": { "* - 1.27.133": { "from_version": "*", "from_inclusive": true, "to_version": "1.27.133", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd56cb73-1c40-44b1-b713-c0291832d988?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd58a528-4c01-407d-b3f9-99c0817e9820": { "id": "dd58a528-4c01-407d-b3f9-99c0817e9820", "title": "Social Network Tabs - Social Media API Key Leakage <= 1.7.1 - Information Exposure", "software": [ { "type": "plugin", "name": "Social Network Tabs", "slug": "social-network-tabs", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd58a528-4c01-407d-b3f9-99c0817e9820?source=api-scan" ], "published": "2019-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd5b0c3a-0dd0-440f-b3a5-6d80f70e0f7c": { "id": "dd5b0c3a-0dd0-440f-b3a5-6d80f70e0f7c", "title": "Zingiri Web Shop < 2.4.0 - Multiple Vulnerabilities", "software": [ { "type": "plugin", "name": "zingiri-web-shop", "slug": "zingiri-web-shop", "affected_versions": { "[*, 2.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd5b0c3a-0dd0-440f-b3a5-6d80f70e0f7c?source=api-scan" ], "published": "2012-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37": { "id": "dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37", "title": "WPCS \u2013 WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation", "software": [ { "type": "plugin", "name": "WPCS \u2013 WordPress Currency Switcher Professional", "slug": "currency-switcher", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd6becbf-29cc-4744-8c9b-5b75f8c5f402": { "id": "dd6becbf-29cc-4744-8c9b-5b75f8c5f402", "title": "Tipsacarrier < 1.5.0.5 - Missing Authorization to Order Disclosure", "software": [ { "type": "plugin", "name": "Tipsacarrier", "slug": "tipsacarrier", "affected_versions": { "[*, 1.5.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd6becbf-29cc-4744-8c9b-5b75f8c5f402?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd6df4fa-01b8-460f-b414-bb07fbc0436a": { "id": "dd6df4fa-01b8-460f-b414-bb07fbc0436a", "title": "SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "SlickQuiz", "slug": "slickquiz", "affected_versions": { "* - 1.3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd6df4fa-01b8-460f-b414-bb07fbc0436a?source=api-scan" ], "published": "2019-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd7312ec-9654-4ddc-aec6-71c7e684fac0": { "id": "dd7312ec-9654-4ddc-aec6-71c7e684fac0", "title": "Customizer Export\/Import <= 0.9.5 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Customizer Export\/Import", "slug": "customizer-export-import", "affected_versions": { "* - 0.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd7312ec-9654-4ddc-aec6-71c7e684fac0?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd731533-e2cd-4604-8d7a-145a0d1aadc6": { "id": "dd731533-e2cd-4604-8d7a-145a0d1aadc6", "title": "Frontend Checklist <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Frontend Checklist", "slug": "frontend-checklist", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd731533-e2cd-4604-8d7a-145a0d1aadc6?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd77f939-cd1c-4624-9a0c-d8f89a8e5221": { "id": "dd77f939-cd1c-4624-9a0c-d8f89a8e5221", "title": "weDocs <= 2.1.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "weDocs \u2013 Knowledgebase, Documentation, and Wiki Plugin for WP", "slug": "wedocs", "affected_versions": { "* - 2.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd77f939-cd1c-4624-9a0c-d8f89a8e5221?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd784fce-67a1-4740-9b0e-dcf54342f018": { "id": "dd784fce-67a1-4740-9b0e-dcf54342f018", "title": "Zoho Campaigns <= 2.0.7 - Cross-Site Request Forgery via zcwc_optin_save", "software": [ { "type": "plugin", "name": "Zoho Campaigns", "slug": "zoho-campaigns", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd784fce-67a1-4740-9b0e-dcf54342f018?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd7a5a36-0e78-4fdc-b159-b4cc89cd3ffb": { "id": "dd7a5a36-0e78-4fdc-b159-b4cc89cd3ffb", "title": "My Page Order <= 4.3 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Page Order", "slug": "my-page-order", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd7a5a36-0e78-4fdc-b159-b4cc89cd3ffb?source=api-scan" ], "published": "2015-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd7b72bb-2cf7-4a8d-b323-66c94b500cb0": { "id": "dd7b72bb-2cf7-4a8d-b323-66c94b500cb0", "title": "WPQA - Builder forms Addon For WordPress < 5.7 - Information Disclosure", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "[*, 5.7)": { "from_version": "*", "from_inclusive": true, "to_version": "5.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd7b72bb-2cf7-4a8d-b323-66c94b500cb0?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd7c3a5d-b8aa-45cb-983c-55ba7e3d72f3": { "id": "dd7c3a5d-b8aa-45cb-983c-55ba7e3d72f3", "title": "Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation", "software": [ { "type": "plugin", "name": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", "slug": "depicter", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd7c3a5d-b8aa-45cb-983c-55ba7e3d72f3?source=api-scan" ], "published": "2024-06-19 14:33:29", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd7d3afd-6648-4ffb-85a9-cd5a6096963e": { "id": "dd7d3afd-6648-4ffb-85a9-cd5a6096963e", "title": "Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter", "software": [ { "type": "plugin", "name": "Recipe Cards For Your Food Blog from Zip Recipes", "slug": "zip-recipes", "affected_versions": { "[*, 8.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd7d3afd-6648-4ffb-85a9-cd5a6096963e?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd7db465-ebeb-477b-b6c8-a9b89ba2372b": { "id": "dd7db465-ebeb-477b-b6c8-a9b89ba2372b", "title": "MC4WP: Mailchimp for WordPress <= 4.8.4 - Open Redirect", "software": [ { "type": "plugin", "name": "MC4WP: Mailchimp for WordPress", "slug": "mailchimp-for-wp", "affected_versions": { "* - 4.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd7db465-ebeb-477b-b6c8-a9b89ba2372b?source=api-scan" ], "published": "2021-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd805cb5-45ce-4213-b313-d9e300527265": { "id": "dd805cb5-45ce-4213-b313-d9e300527265", "title": "VOD Infomaniak <= 1.5.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VOD Infomaniak", "slug": "vod-infomaniak", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd805cb5-45ce-4213-b313-d9e300527265?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd8f348d-07ff-480d-bcc1-fb39aead1b1d": { "id": "dd8f348d-07ff-480d-bcc1-fb39aead1b1d", "title": "Folo (Unknown Versions) - Cross Site Scripting", "software": [ { "type": "theme", "name": "Folo", "slug": "folo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd8f348d-07ff-480d-bcc1-fb39aead1b1d?source=api-scan" ], "published": "2013-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd8f355b-736b-442a-917e-9fa603abb853": { "id": "dd8f355b-736b-442a-917e-9fa603abb853", "title": "AB Press Optimizer <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AB Press Optimizer", "slug": "ab-press-optimizer-lite", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd8f355b-736b-442a-917e-9fa603abb853?source=api-scan" ], "published": "2022-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd8f5cfa-3431-4617-b2cd-d5a8ce4530f4": { "id": "dd8f5cfa-3431-4617-b2cd-d5a8ce4530f4", "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 3.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd8f5cfa-3431-4617-b2cd-d5a8ce4530f4?source=api-scan" ], "published": "2024-05-17 16:06:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd979c94-f6e7-4edd-b2c5-0880ed13e9b0": { "id": "dd979c94-f6e7-4edd-b2c5-0880ed13e9b0", "title": "YITH WooCommerce Product Add-Ons <= 4.13.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YITH WooCommerce Product Add-Ons", "slug": "yith-woocommerce-product-add-ons", "affected_versions": { "* - 4.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd979c94-f6e7-4edd-b2c5-0880ed13e9b0?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd9826d7-f8f5-4d3d-8145-3d4e6a63d784": { "id": "dd9826d7-f8f5-4d3d-8145-3d4e6a63d784", "title": "WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP Hotel Booking", "slug": "wp-hotel-booking", "affected_versions": { "[*, 1.10.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd9826d7-f8f5-4d3d-8145-3d4e6a63d784?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dd9d22b0-a84a-4bf2-b8b4-89bae2970f29": { "id": "dd9d22b0-a84a-4bf2-b8b4-89bae2970f29", "title": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", "slug": "wp-event-manager", "affected_versions": { "* - 3.1.37.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.37.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dd9d22b0-a84a-4bf2-b8b4-89bae2970f29?source=api-scan" ], "published": "2023-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dda74c05-54f0-4bb5-90af-9b1256021afa": { "id": "dda74c05-54f0-4bb5-90af-9b1256021afa", "title": "Floating Social Media Links <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Social Media Links", "slug": "floating-social-media-links", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dda74c05-54f0-4bb5-90af-9b1256021afa?source=api-scan" ], "published": "2024-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dda9aa4a-bac7-4aa1-b0c3-c8e37b1fbe70": { "id": "dda9aa4a-bac7-4aa1-b0c3-c8e37b1fbe70", "title": "WP HTML Mail <= 3.4.0 - Cross-Site Request Forgery via 'send_test'", "software": [ { "type": "plugin", "name": "Email Template Designer \u2013 WP HTML Mail", "slug": "wp-html-mail", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dda9aa4a-bac7-4aa1-b0c3-c8e37b1fbe70?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddacd612-0cd5-4b07-9184-bec6f1adbb4c": { "id": "ddacd612-0cd5-4b07-9184-bec6f1adbb4c", "title": "Simple 301 Redirects by BetterLinks <= 2.0.7 - Missing Authorization via clicked", "software": [ { "type": "plugin", "name": "Simple 301 Redirects By BetterLinks \u2013 Easy WordPress Redirect Manager for Redirects, 404 Error Log & More", "slug": "simple-301-redirects", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddacd612-0cd5-4b07-9184-bec6f1adbb4c?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddb7b668-f023-427e-9ab5-90dc6d481028": { "id": "ddb7b668-f023-427e-9ab5-90dc6d481028", "title": "Sassy Social Share 3.3.23 - Object Injection", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Sassy Social Share", "slug": "sassy-social-share", "affected_versions": { "3.3.23": { "from_version": "3.3.23", "from_inclusive": true, "to_version": "3.3.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddb7b668-f023-427e-9ab5-90dc6d481028?source=api-scan" ], "published": "2021-10-21 16:05:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddb979b5-8fd6-41ed-a535-ad6646a14677": { "id": "ddb979b5-8fd6-41ed-a535-ad6646a14677", "title": "ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "[*, 2.0.14.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.14.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddb979b5-8fd6-41ed-a535-ad6646a14677?source=api-scan" ], "published": "2019-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddb97db0-cbf3-42be-a5c7-12fc2a2bc9e8": { "id": "ddb97db0-cbf3-42be-a5c7-12fc2a2bc9e8", "title": "WP Lead Plus X <= 0.99 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Landing Page \u2013 Squeeze Page \u2013 Responsive Landing Page Builder Free \u2013 WP Lead Plus X", "slug": "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make", "affected_versions": { "* - 0.99": { "from_version": "*", "from_inclusive": true, "to_version": "0.99", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddb97db0-cbf3-42be-a5c7-12fc2a2bc9e8?source=api-scan" ], "published": "2020-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddbb4bcf-daf7-4ae3-8f42-fce5f1d2c279": { "id": "ddbb4bcf-daf7-4ae3-8f42-fce5f1d2c279", "title": "Table Addons for Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter", "software": [ { "type": "plugin", "name": "Table Addons for Elementor", "slug": "table-addons-for-elementor", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddbb4bcf-daf7-4ae3-8f42-fce5f1d2c279?source=api-scan" ], "published": "2024-06-21 13:07:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddbc76d0-23cd-4f49-939b-b8f19ff55d5c": { "id": "ddbc76d0-23cd-4f49-939b-b8f19ff55d5c", "title": "Page Security & Membership <= 1.5.15 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Security & Membership", "slug": "contexture-page-security", "affected_versions": { "* - 1.5.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddbc76d0-23cd-4f49-939b-b8f19ff55d5c?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddc0261d-56ed-47a6-a0b2-0ab5f9dee815": { "id": "ddc0261d-56ed-47a6-a0b2-0ab5f9dee815", "title": "Clock In Portal <= 2.1 - Cross-Site Request Forgery To Holiday Deletion", "software": [ { "type": "plugin", "name": "Clock In Portal- Staff & Attendance Management", "slug": "clock-in-portal", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddc0261d-56ed-47a6-a0b2-0ab5f9dee815?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddc1aedb-e64f-4b61-a247-c3cdc731f001": { "id": "ddc1aedb-e64f-4b61-a247-c3cdc731f001", "title": "Exit Notifier <= 1.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exit Notifier", "slug": "exit-notifier", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddc1aedb-e64f-4b61-a247-c3cdc731f001?source=api-scan" ], "published": "2024-09-12 21:16:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddc29341-a23e-4694-b852-90794c01473a": { "id": "ddc29341-a23e-4694-b852-90794c01473a", "title": "Clearfy Cache <= 2.2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, CSS & JS, Defer", "slug": "clearfy", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddc29341-a23e-4694-b852-90794c01473a?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddc4b758-5a1e-4d0a-949e-869fcd9df0bc": { "id": "ddc4b758-5a1e-4d0a-949e-869fcd9df0bc", "title": "URL Shortify <= 1.7.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "URL Shortify \u2013 Simple, Powerful and Easy URL Shortener Plugin For WordPress", "slug": "url-shortify", "affected_versions": { "* - 1.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddc4b758-5a1e-4d0a-949e-869fcd9df0bc?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddc889bf-8062-4a2c-9d50-d1c76a3c3386": { "id": "ddc889bf-8062-4a2c-9d50-d1c76a3c3386", "title": "Emag Marketplace Connector < 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Emag Marketplace Connector", "slug": "emag-marketplace-connector", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddc889bf-8062-4a2c-9d50-d1c76a3c3386?source=api-scan" ], "published": "2017-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddc91762-b1b0-4d88-bf2d-04a35aab62b1": { "id": "ddc91762-b1b0-4d88-bf2d-04a35aab62b1", "title": "SiteSuperCharger <= 5.1.10 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "SiteSuperCharger", "slug": "sitesupercharger", "affected_versions": { "* - 5.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddc91762-b1b0-4d88-bf2d-04a35aab62b1?source=api-scan" ], "published": "2022-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddcf7901-e9cf-4ca0-87ae-70ecac09d102": { "id": "ddcf7901-e9cf-4ca0-87ae-70ecac09d102", "title": "SVG Support 2.5 - 2.5.1 - Insecure Plugin Defaults to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SVG Support", "slug": "svg-support", "affected_versions": { "2.5 - 2.5.1": { "from_version": "2.5", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddcf7901-e9cf-4ca0-87ae-70ecac09d102?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddd06190-d0c1-445d-8c6f-4c7df3248db4": { "id": "ddd06190-d0c1-445d-8c6f-4c7df3248db4", "title": "WordPress Core < 6.0.3 - Cross-Site Request Forgery via wp-trackback.php", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddd06190-d0c1-445d-8c6f-4c7df3248db4?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddd25026-f507-47f0-bf4e-5b58c37f398c": { "id": "ddd25026-f507-47f0-bf4e-5b58c37f398c", "title": "Easy2Map <= 1.2.4 - SQL Injection", "software": [ { "type": "plugin", "name": "Easy2Map", "slug": "easy2map", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddd25026-f507-47f0-bf4e-5b58c37f398c?source=api-scan" ], "published": "2015-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddd2c0c2-49b5-4745-9e52-d0ae6b997640": { "id": "ddd2c0c2-49b5-4745-9e52-d0ae6b997640", "title": "WP Design Maps & Places <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Design Maps & Places", "slug": "wp-design-maps-places", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddd2c0c2-49b5-4745-9e52-d0ae6b997640?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddd2c5d9-6489-4154-a494-20392f435bc6": { "id": "ddd2c5d9-6489-4154-a494-20392f435bc6", "title": "W3 Total Cache <= 0.9.4.1 - Authenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddd2c5d9-6489-4154-a494-20392f435bc6?source=api-scan" ], "published": "2016-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddd37b7a-3ef8-4269-ba3b-665ae34bde26": { "id": "ddd37b7a-3ef8-4269-ba3b-665ae34bde26", "title": "Affiliates Manager <= 2.9.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddd37b7a-3ef8-4269-ba3b-665ae34bde26?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56": { "id": "ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56", "title": "Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode", "software": [ { "type": "plugin", "name": "MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor", "slug": "metform", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddde9db5-3ed7-42f7-97c1-4ff9b9d1f627": { "id": "ddde9db5-3ed7-42f7-97c1-4ff9b9d1f627", "title": "DrawIt (draw.io) <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DrawIt (draw.io)", "slug": "drawit", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddde9db5-3ed7-42f7-97c1-4ff9b9d1f627?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dddecb2e-9ad6-4e44-afce-5eba7da6322d": { "id": "dddecb2e-9ad6-4e44-afce-5eba7da6322d", "title": "The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.7.11": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=api-scan" ], "published": "2024-08-28 15:35:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dde2edc7-74dd-4763-b83b-97cfeb2b764c": { "id": "dde2edc7-74dd-4763-b83b-97cfeb2b764c", "title": "Element Pack Elementor Addons <= 5.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dde2edc7-74dd-4763-b83b-97cfeb2b764c?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dde57a98-06d5-4a3c-b100-170e9c339908": { "id": "dde57a98-06d5-4a3c-b100-170e9c339908", "title": "Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "[*, 5.0.07)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.07", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dde57a98-06d5-4a3c-b100-170e9c339908?source=api-scan" ], "published": "2021-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddf4ec13-bca3-4994-9e11-11fbbead371a": { "id": "ddf4ec13-bca3-4994-9e11-11fbbead371a", "title": "Yoast SEO <= 1.7.3.3 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 1.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": true }, "1.6 - 1.6.3": { "from_version": "1.6", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true }, "1.7 - 1.7.3": { "from_version": "1.7", "from_inclusive": true, "to_version": "1.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7", "1.6.4", "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddf4ec13-bca3-4994-9e11-11fbbead371a?source=api-scan" ], "published": "2015-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddf67d69-f362-4380-a396-300c7edbd9f3": { "id": "ddf67d69-f362-4380-a396-300c7edbd9f3", "title": "Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 4.7.60": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.60", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddf67d69-f362-4380-a396-300c7edbd9f3?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddfbde0f-8e41-45c9-b808-bee82c2ff172": { "id": "ddfbde0f-8e41-45c9-b808-bee82c2ff172", "title": "WP Remote Upload <= 1.2.1 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Remote Upload", "slug": "remote-upload", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddfbde0f-8e41-45c9-b808-bee82c2ff172?source=api-scan" ], "published": "2016-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddfc0150-d05c-4027-80d2-64c565fdd56d": { "id": "ddfc0150-d05c-4027-80d2-64c565fdd56d", "title": "Podlove Podcast Publisher <= 4.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddfc0150-d05c-4027-80d2-64c565fdd56d?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ddff1a95-64f9-4076-a81a-cdda04106c46": { "id": "ddff1a95-64f9-4076-a81a-cdda04106c46", "title": "Disconnected <= 1.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Disconnected", "slug": "disconnected", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ddff1a95-64f9-4076-a81a-cdda04106c46?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de00d13b-fab9-4284-9594-abd000fbb7ef": { "id": "de00d13b-fab9-4284-9594-abd000fbb7ef", "title": "WP Mail Logging <= 1.11.2 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "WP Mail Logging", "slug": "wp-mail-logging", "affected_versions": { "[*, 1.12.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de00d13b-fab9-4284-9594-abd000fbb7ef?source=api-scan" ], "published": "2023-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de0fbcf0-64c6-4b33-8a9d-9c9c5d826a4d": { "id": "de0fbcf0-64c6-4b33-8a9d-9c9c5d826a4d", "title": "Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack CRM \u2013 Clients, Leads, Invoices, Billing, Email Marketing, & Automation", "slug": "zero-bs-crm", "affected_versions": { "* - 5.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de0fbcf0-64c6-4b33-8a9d-9c9c5d826a4d?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4": { "id": "de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4", "title": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio", "slug": "play-ht", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de11636b-a051-4e76-bc26-ed76f66fe0df": { "id": "de11636b-a051-4e76-bc26-ed76f66fe0df", "title": "CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CRM Perks Forms \u2013 WordPress Form Builder", "slug": "crm-perks-forms", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de11636b-a051-4e76-bc26-ed76f66fe0df?source=api-scan" ], "published": "2023-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de1742d4-f498-4ad4-b6a1-88cb60e83afc": { "id": "de1742d4-f498-4ad4-b6a1-88cb60e83afc", "title": "Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.20.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.20.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de1742d4-f498-4ad4-b6a1-88cb60e83afc?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de1da248-2e03-40fa-8997-7176dc06abc9": { "id": "de1da248-2e03-40fa-8997-7176dc06abc9", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "* - 0.9.35": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de1da248-2e03-40fa-8997-7176dc06abc9?source=api-scan" ], "published": "2020-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de207181-0163-4222-ac16-d7b74179ff9b": { "id": "de207181-0163-4222-ac16-d7b74179ff9b", "title": "Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.52": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.53" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de207181-0163-4222-ac16-d7b74179ff9b?source=api-scan" ], "published": "2024-09-26 18:10:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de20d896-1493-43ed-8e0c-c686bf2b32d6": { "id": "de20d896-1493-43ed-8e0c-c686bf2b32d6", "title": "Master Slider <= 3.10.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Slider \u2013 Responsive Touch Slider", "slug": "master-slider", "affected_versions": { "* - 3.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de20d896-1493-43ed-8e0c-c686bf2b32d6?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de28d287-af14-45c9-b69c-125968fc4879": { "id": "de28d287-af14-45c9-b69c-125968fc4879", "title": "Timeline and History slider <= 2.3 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Timeline and History slider", "slug": "timeline-and-history-slider", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de28d287-af14-45c9-b69c-125968fc4879?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de2c2c90-52b6-4315-a8d1-6519a90f81e7": { "id": "de2c2c90-52b6-4315-a8d1-6519a90f81e7", "title": "YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de2c2c90-52b6-4315-a8d1-6519a90f81e7?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de30e953-4995-4b98-a3b8-c3613a91d006": { "id": "de30e953-4995-4b98-a3b8-c3613a91d006", "title": "AI Engine <= 2.4.7 - Authenticated (Subscriber+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "AI Engine", "slug": "ai-engine", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de30e953-4995-4b98-a3b8-c3613a91d006?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de331d1d-b2f8-4cc6-a998-779595eca70c": { "id": "de331d1d-b2f8-4cc6-a998-779595eca70c", "title": "WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Responsive Tabs horizontal vertical and accordion Tabs", "slug": "responsive-horizontal-vertical-and-accordion-tabs", "affected_versions": { "* - 1.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de331d1d-b2f8-4cc6-a998-779595eca70c?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de394637-7215-4fe7-8529-2d785deef0c8": { "id": "de394637-7215-4fe7-8529-2d785deef0c8", "title": "Vmax Project Manager <= 1.0 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Vmax Project Manager", "slug": "vmax-project-manager", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de394637-7215-4fe7-8529-2d785deef0c8?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de39bad4-858a-4332-8ed0-bfd92a67b9cb": { "id": "de39bad4-858a-4332-8ed0-bfd92a67b9cb", "title": "All-In-One Security (AIOS) \u2013 Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 5.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de39bad4-858a-4332-8ed0-bfd92a67b9cb?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de3a6e77-47ee-4989-81a0-5447a73185bb": { "id": "de3a6e77-47ee-4989-81a0-5447a73185bb", "title": "Activity Reactions For Buddypress <= 1.0.22 - Missing Authorization", "software": [ { "type": "plugin", "name": "Activity Reactions For Buddypress", "slug": "activity-reactions-for-buddypress", "affected_versions": { "* - 1.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de3a6e77-47ee-4989-81a0-5447a73185bb?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de3cf63f-ac30-47bb-978d-d3353d06de1b": { "id": "de3cf63f-ac30-47bb-978d-d3353d06de1b", "title": "Post Slider <= 1.6.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Post Slider", "slug": "adl-post-slider", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de3cf63f-ac30-47bb-978d-d3353d06de1b?source=api-scan" ], "published": "2022-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de45dd8c-c734-4b14-89ee-dbc46dcdae6a": { "id": "de45dd8c-c734-4b14-89ee-dbc46dcdae6a", "title": "WP Libre Form 2 <= 2.0.8 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "WP Libre Form 2", "slug": "libreform", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de45dd8c-c734-4b14-89ee-dbc46dcdae6a?source=api-scan" ], "published": "2022-07-22 13:07:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de46743b-2cc6-4a29-bbc4-bc6cfb540e26": { "id": "de46743b-2cc6-4a29-bbc4-bc6cfb540e26", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateCommonToProductOnly function", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de46743b-2cc6-4a29-bbc4-bc6cfb540e26?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de476d40-47eb-417f-927f-d80d32745965": { "id": "de476d40-47eb-417f-927f-d80d32745965", "title": "WP-DBManager < 2.72 - OS Command Injection", "software": [ { "type": "plugin", "name": "WP-DBManager", "slug": "wp-dbmanager", "affected_versions": { "[*, 2.72)": { "from_version": "*", "from_inclusive": true, "to_version": "2.72", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de476d40-47eb-417f-927f-d80d32745965?source=api-scan" ], "published": "2014-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de495201-669c-4483-b30d-bb2abf6fe6c6": { "id": "de495201-669c-4483-b30d-bb2abf6fe6c6", "title": "ProfileGrid <= 5.7.6 - Authenticated (Subscriber+) Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de495201-669c-4483-b30d-bb2abf6fe6c6?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de5397c2-b23c-412a-b419-e36023daa989": { "id": "de5397c2-b23c-412a-b419-e36023daa989", "title": "DNUI <= 2.8.1 - Cross-Site Request Forgery leading to Unused Image Deletion and Database Image Access", "software": [ { "type": "plugin", "name": "DNUI", "slug": "dnui-delete-not-used-image-wordpress", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de5397c2-b23c-412a-b419-e36023daa989?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de568a71-f51d-4948-839c-48e51d165a64": { "id": "de568a71-f51d-4948-839c-48e51d165a64", "title": "Simple Tweet <= 1.4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Simple Tweet", "slug": "simple-tweet", "affected_versions": { "* - 1.4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de568a71-f51d-4948-839c-48e51d165a64?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de5d5ffc-e76a-4ea9-be68-9ca5f847a363": { "id": "de5d5ffc-e76a-4ea9-be68-9ca5f847a363", "title": "All 404 Pages Redirect to Homepage <= 1.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All 404 Pages Redirect to Homepage", "slug": "all-404-pages-redirect-to-homepage", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de5d5ffc-e76a-4ea9-be68-9ca5f847a363?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de6048e7-75c6-44b1-bc68-e36dce936c78": { "id": "de6048e7-75c6-44b1-bc68-e36dce936c78", "title": "Category SEO Meta Tags <= 2.5 - Cross-Site Request Forgery via csmt_admin_options", "software": [ { "type": "plugin", "name": "Category SEO Meta Tags", "slug": "category-seo-meta-tags", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de6048e7-75c6-44b1-bc68-e36dce936c78?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de614bbd-42ae-4c2a-aec6-31245124de76": { "id": "de614bbd-42ae-4c2a-aec6-31245124de76", "title": "Essential Addons for Elementor Lite <= 4.5.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "[*, 4.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de614bbd-42ae-4c2a-aec6-31245124de76?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de62020b-5803-4ea7-89a1-24e5a512f2f3": { "id": "de62020b-5803-4ea7-89a1-24e5a512f2f3", "title": "WPML <= 4.5.10 - Missing Authorization to Settings Change", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 4.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de62020b-5803-4ea7-89a1-24e5a512f2f3?source=api-scan" ], "published": "2022-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de63f5bf-9cf5-428d-80da-c0030988b4a6": { "id": "de63f5bf-9cf5-428d-80da-c0030988b4a6", "title": "Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de63f5bf-9cf5-428d-80da-c0030988b4a6?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de648bea-35c5-4611-aa2f-79e37a0299bb": { "id": "de648bea-35c5-4611-aa2f-79e37a0299bb", "title": "WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings", "software": [ { "type": "plugin", "name": "WP To Do", "slug": "wp-todo", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de648bea-35c5-4611-aa2f-79e37a0299bb?source=api-scan" ], "published": "2024-05-29 15:53:31", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de69d597-b663-4c58-82e0-c90391fb8416": { "id": "de69d597-b663-4c58-82e0-c90391fb8416", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'selectAll' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de69d597-b663-4c58-82e0-c90391fb8416?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de6da87e-8f7d-4120-8a1b-390ef7733d84": { "id": "de6da87e-8f7d-4120-8a1b-390ef7733d84", "title": "FluentCRM - Marketing Automation For WordPress <= 2.8.01 - Insufficient Use of Hash as Authorization Control", "software": [ { "type": "plugin", "name": "FluentCRM \u2013 Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution", "slug": "fluent-crm", "affected_versions": { "* - 2.8.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=api-scan" ], "published": "2023-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de73304e-7a28-4304-b1ed-2f6dd7738236": { "id": "de73304e-7a28-4304-b1ed-2f6dd7738236", "title": "PrivateContent <= 8.4.3 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "PrivateContent", "slug": "private-content", "affected_versions": { "* - 8.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de73304e-7a28-4304-b1ed-2f6dd7738236?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de74cf61-d15f-4d77-9c7e-950f48579d22": { "id": "de74cf61-d15f-4d77-9c7e-950f48579d22", "title": "WordPress WP-Advanced-Search <= 3.3.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WordPress WP-Advanced-Search", "slug": "wp-advanced-search", "affected_versions": { "* - 3.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de74cf61-d15f-4d77-9c7e-950f48579d22?source=api-scan" ], "published": "2024-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de7b68e2-9cae-4e6f-a625-d8346836da39": { "id": "de7b68e2-9cae-4e6f-a625-d8346836da39", "title": "MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery to Event Deletion", "software": [ { "type": "plugin", "name": "MF Gig Calendar", "slug": "mf-gig-calendar", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de7b68e2-9cae-4e6f-a625-d8346836da39?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de7cde2c-142c-4004-9302-be335265d87d": { "id": "de7cde2c-142c-4004-9302-be335265d87d", "title": "Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation", "software": [ { "type": "plugin", "name": "Login with phone number", "slug": "login-with-phone-number", "affected_versions": { "* - 1.7.49": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.49", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de7cde2c-142c-4004-9302-be335265d87d?source=api-scan" ], "published": "2024-09-14 00:06:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de7db1d6-b352-44c7-a6cc-b21cb65a0482": { "id": "de7db1d6-b352-44c7-a6cc-b21cb65a0482", "title": "SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token", "software": [ { "type": "plugin", "name": "SALESmanago", "slug": "salesmanago", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de7db1d6-b352-44c7-a6cc-b21cb65a0482?source=api-scan" ], "published": "2023-10-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de805955-b7c7-455b-bc1a-69b8a14ba79d": { "id": "de805955-b7c7-455b-bc1a-69b8a14ba79d", "title": "WC Vendors Marketplace <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Sites Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WC Vendors \u2013 WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors", "slug": "wc-vendors", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de805955-b7c7-455b-bc1a-69b8a14ba79d?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de821236-f878-46a4-9265-bcf6e8661910": { "id": "de821236-f878-46a4-9265-bcf6e8661910", "title": "Activity Log <= 2.8.7 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "Activity Log \u2013 Monitor & Record User Changes", "slug": "aryo-activity-log", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de821236-f878-46a4-9265-bcf6e8661910?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de871598-e4e7-49f6-8530-68243544c06c": { "id": "de871598-e4e7-49f6-8530-68243544c06c", "title": "Maps Widget for Google Maps <= 4.24 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Maps Widget for Google Maps", "slug": "google-maps-widget", "affected_versions": { "* - 4.24": { "from_version": "*", "from_inclusive": true, "to_version": "4.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de871598-e4e7-49f6-8530-68243544c06c?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de8b14c0-00f8-4c4d-ae78-bc29a1e5007c": { "id": "de8b14c0-00f8-4c4d-ae78-bc29a1e5007c", "title": "YARPP \u2013 Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "YARPP \u2013 Yet Another Related Posts Plugin", "slug": "yet-another-related-posts-plugin", "affected_versions": { "* - 5.30.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.30.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.30.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de8b14c0-00f8-4c4d-ae78-bc29a1e5007c?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de918177-5901-40ed-a936-c212cdcf940d": { "id": "de918177-5901-40ed-a936-c212cdcf940d", "title": "P3 (Plugin Performance Profiler) < 1.5.3.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "P3 (Plugin Performance Profiler)", "slug": "p3-profiler", "affected_versions": { "[*, 1.5.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de918177-5901-40ed-a936-c212cdcf940d?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de91c6f1-12b6-4759-90b0-507c9736b3d4": { "id": "de91c6f1-12b6-4759-90b0-507c9736b3d4", "title": "WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "[*, 30.1)": { "from_version": "*", "from_inclusive": true, "to_version": "30.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "30.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de91c6f1-12b6-4759-90b0-507c9736b3d4?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de957e90-5758-46f3-90f8-521b47d247ff": { "id": "de957e90-5758-46f3-90f8-521b47d247ff", "title": "Sender by BestWebSoft <= 1.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sender by BestWebSoft", "slug": "sender", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de957e90-5758-46f3-90f8-521b47d247ff?source=api-scan" ], "published": "2019-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de9a945b-31fb-4d0d-9dd1-23bcef1399c2": { "id": "de9a945b-31fb-4d0d-9dd1-23bcef1399c2", "title": "Show-Hide \/ Collapse-Expand <= 1.2.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Show-Hide \/ Collapse-Expand", "slug": "show-hidecollapse-expand", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de9a945b-31fb-4d0d-9dd1-23bcef1399c2?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de9be7bc-4f8a-4393-8ebb-1b1f141b7585": { "id": "de9be7bc-4f8a-4393-8ebb-1b1f141b7585", "title": "UserPro <= 5.1.1 - Insecure Password Reset Mechanism", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "de9f3b83-4575-4566-9731-0af9107c7c30": { "id": "de9f3b83-4575-4566-9731-0af9107c7c30", "title": "0mk Shortener <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "0mk Shortener", "slug": "0mk-shortener", "affected_versions": { "* - 0.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/de9f3b83-4575-4566-9731-0af9107c7c30?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dea1e775-68b4-45e6-9d90-41e39d5d0dfd": { "id": "dea1e775-68b4-45e6-9d90-41e39d5d0dfd", "title": "Gravity Forms Google Sheet Connector <= 1.3.4 - Cross-Site Request Forgery via verify_code_integation_new", "software": [ { "type": "plugin", "name": "Gravity Forms Google Sheet Connector", "slug": "gsheetconnector-gravity-forms", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dea1e775-68b4-45e6-9d90-41e39d5d0dfd?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "deac4e1d-edeb-4d66-a152-6dca84e60b68": { "id": "deac4e1d-edeb-4d66-a152-6dca84e60b68", "title": "Zotpress <= 7.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zotpress", "slug": "zotpress", "affected_versions": { "* - 7.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/deac4e1d-edeb-4d66-a152-6dca84e60b68?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "deb2544f-75ac-4d6c-bec7-9f35cfe0028d": { "id": "deb2544f-75ac-4d6c-bec7-9f35cfe0028d", "title": "HT Menu <= 1.2.1 - Cross-Site Request Forgery via plugin_activation", "software": [ { "type": "plugin", "name": "HT Menu \u2013 WordPress Mega Menu Builder for Elementor", "slug": "ht-menu-lite", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/deb2544f-75ac-4d6c-bec7-9f35cfe0028d?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "deb6821e-93ff-4636-912b-887deba59577": { "id": "deb6821e-93ff-4636-912b-887deba59577", "title": "WP All Import <= 3.4.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "[*, 3.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/deb6821e-93ff-4636-912b-887deba59577?source=api-scan" ], "published": "2018-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "deb912f0-bfba-470f-9a18-47c3d65905dc": { "id": "deb912f0-bfba-470f-9a18-47c3d65905dc", "title": "Transposh WordPress Translation <= 1.0.8.1 - Authenticated (Admin+) SQL Injection via 'tp_editor'", "software": [ { "type": "plugin", "name": "Transposh WordPress Translation", "slug": "transposh-translation-filter-for-wordpress", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/deb912f0-bfba-470f-9a18-47c3d65905dc?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "deba9cd0-2c7e-4789-8499-977c694aba8b": { "id": "deba9cd0-2c7e-4789-8499-977c694aba8b", "title": "Events Made Easy <= 1.6.20 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Made Easy", "slug": "events-made-easy", "affected_versions": { "* - 1.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/deba9cd0-2c7e-4789-8499-977c694aba8b?source=api-scan" ], "published": "2016-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "debe6f54-0f56-4bc9-a0cd-4f2caa1ed9e3": { "id": "debe6f54-0f56-4bc9-a0cd-4f2caa1ed9e3", "title": "Newsmag <= 2.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "NewsMag", "slug": "newsmag", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/debe6f54-0f56-4bc9-a0cd-4f2caa1ed9e3?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "debed89a-dcae-41e3-945e-1cd592fdd1c9": { "id": "debed89a-dcae-41e3-945e-1cd592fdd1c9", "title": "RobotCPA <= 5 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "robotcpa", "slug": "robotcpa", "affected_versions": { "* - 5": { "from_version": "*", "from_inclusive": true, "to_version": "5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/debed89a-dcae-41e3-945e-1cd592fdd1c9?source=api-scan" ], "published": "2015-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dec2855c-71a8-46b2-819a-d85cd11a1a24": { "id": "dec2855c-71a8-46b2-819a-d85cd11a1a24", "title": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List <= 2.6.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List", "slug": "cryptocurrency-price-ticker-widget", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dec2855c-71a8-46b2-819a-d85cd11a1a24?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dec2e656-8936-43e2-b156-e96718fd7ef4": { "id": "dec2e656-8936-43e2-b156-e96718fd7ef4", "title": "WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery", "software": [ { "type": "plugin", "name": "WPB Show Core", "slug": "wpb-show-core", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dec2e656-8936-43e2-b156-e96718fd7ef4?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dec51bd6-2ffe-47b6-9423-6131395bf439": { "id": "dec51bd6-2ffe-47b6-9423-6131395bf439", "title": "FOX \u2013 Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.4.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dec51bd6-2ffe-47b6-9423-6131395bf439?source=api-scan" ], "published": "2024-09-13 13:27:43", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "decb80c9-8f04-4d39-8e77-220f7862995e": { "id": "decb80c9-8f04-4d39-8e77-220f7862995e", "title": "HTML5 Maps <= 1.6.5.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "HTML5 Maps", "slug": "html5-maps", "affected_versions": { "* - 1.6.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/decb80c9-8f04-4d39-8e77-220f7862995e?source=api-scan" ], "published": "2019-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "decba9c0-36ee-4f97-9cc8-b56039233d10": { "id": "decba9c0-36ee-4f97-9cc8-b56039233d10", "title": "ActiveCampaign < 8.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ActiveCampaign \u2013 Forms, Site Tracking, Live Chat", "slug": "activecampaign-subscription-forms", "affected_versions": { "[*, 8.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/decba9c0-36ee-4f97-9cc8-b56039233d10?source=api-scan" ], "published": "2020-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dececd27-d311-41c0-a10c-3b9cc8b8f128": { "id": "dececd27-d311-41c0-a10c-3b9cc8b8f128", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dececd27-d311-41c0-a10c-3b9cc8b8f128?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ded05261-36f2-4414-b30a-7467b0c79938": { "id": "ded05261-36f2-4414-b30a-7467b0c79938", "title": "WP Fountain <= 1.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Fountain", "slug": "wp-fountain", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ded05261-36f2-4414-b30a-7467b0c79938?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ded1944f-662d-4d25-8277-4b1dc63b2144": { "id": "ded1944f-662d-4d25-8277-4b1dc63b2144", "title": "Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Simple Basic Contact Form", "slug": "simple-basic-contact-form", "affected_versions": { "* - 20240502": { "from_version": "*", "from_inclusive": true, "to_version": "20240502", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240511" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ded1944f-662d-4d25-8277-4b1dc63b2144?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ded1b46e-b4b0-4f0d-929e-e1caf93576a7": { "id": "ded1b46e-b4b0-4f0d-929e-e1caf93576a7", "title": "CP Image Store with Slideshow <= 1.0.67 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "CP Image Store with Slideshow", "slug": "cp-image-store", "affected_versions": { "[*, 1.0.68)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.68", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ded1b46e-b4b0-4f0d-929e-e1caf93576a7?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ded4b93f-fd90-4803-9d20-3109512b1a24": { "id": "ded4b93f-fd90-4803-9d20-3109512b1a24", "title": "Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class", "software": [ { "type": "plugin", "name": "Image Tag Manager", "slug": "image-tag-manager", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ded4b93f-fd90-4803-9d20-3109512b1a24?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ded73f27-6b3a-435a-861f-5e10938d6d1a": { "id": "ded73f27-6b3a-435a-861f-5e10938d6d1a", "title": "Appointment Bookings for Zoom GoogleMeet and more \u2013 Wappointment <= 2.2.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Bookings for Zoom GoogleMeet and more \u2013 Wappointment", "slug": "wappointment", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ded73f27-6b3a-435a-861f-5e10938d6d1a?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dedb1a15-933b-4e8a-b82d-a154414c61ba": { "id": "dedb1a15-933b-4e8a-b82d-a154414c61ba", "title": "Print-O-Matic <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Print-O-Matic", "slug": "print-o-matic", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dedb1a15-933b-4e8a-b82d-a154414c61ba?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dede9cfc-61f1-4df1-bd40-e5ae73199575": { "id": "dede9cfc-61f1-4df1-bd40-e5ae73199575", "title": "OneLogin SAML SSO <= 3.1.2 - Open Redirection", "software": [ { "type": "plugin", "name": "OneLogin SAML SSO", "slug": "onelogin-saml-sso", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dede9cfc-61f1-4df1-bd40-e5ae73199575?source=api-scan" ], "published": "2021-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dee00cec-782a-406f-a918-c65cd80c56b0": { "id": "dee00cec-782a-406f-a918-c65cd80c56b0", "title": "MegaMenu <= 2.3.12 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "MegaMenu", "slug": "stm-megamenu", "affected_versions": { "* - 2.3.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dee00cec-782a-406f-a918-c65cd80c56b0?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dee18143-3b95-42fe-a69c-1862f3d30237": { "id": "dee18143-3b95-42fe-a69c-1862f3d30237", "title": "CM WordPress Search And Replace Plugin <= 1.3.8 - Cross-Site Request Forgery to Plugin Setting Reset", "software": [ { "type": "plugin", "name": "CM WordPress Search And Replace Plugin", "slug": "cm-on-demand-search-and-replace", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dee18143-3b95-42fe-a69c-1862f3d30237?source=api-scan" ], "published": "2024-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "def06edd-ea4f-4b49-9902-b179d40e4133": { "id": "def06edd-ea4f-4b49-9902-b179d40e4133", "title": "DoLogin Security <= 3.6 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "DoLogin Security", "slug": "dologin", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/def06edd-ea4f-4b49-9902-b179d40e4133?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "def0da23-248b-40e2-9d70-8dd1ecbe3d45": { "id": "def0da23-248b-40e2-9d70-8dd1ecbe3d45", "title": "WooCommerce <= 4.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 4.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/def0da23-248b-40e2-9d70-8dd1ecbe3d45?source=api-scan" ], "published": "2020-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "def28d93-744f-4232-b745-8430d466b9fa": { "id": "def28d93-744f-4232-b745-8430d466b9fa", "title": "WP-Invoice \u2013 Web Invoice and Billing <= 4.1.0 - Privilege Escalation", "software": [ { "type": "plugin", "name": "WP-Invoice \u2013 Web Invoice and Billing", "slug": "wp-invoice", "affected_versions": { "[*, 4.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/def28d93-744f-4232-b745-8430d466b9fa?source=api-scan" ], "published": "2016-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "defb87dd-bf5f-411f-b948-699337d05d44": { "id": "defb87dd-bf5f-411f-b948-699337d05d44", "title": "WP Compress \u2013 Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css", "software": [ { "type": "plugin", "name": "WP Compress \u2013 Instant Performance & Speed Optimization", "slug": "wp-compress-image-optimizer", "affected_versions": { "* - 6.10.33": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.10.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/defb87dd-bf5f-411f-b948-699337d05d44?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "defc5b5a-243d-4564-a9f8-3ecf3538129b": { "id": "defc5b5a-243d-4564-a9f8-3ecf3538129b", "title": "Notice Bar <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Notice Bar", "slug": "notice-bar", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/defc5b5a-243d-4564-a9f8-3ecf3538129b?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "defd82dd-bda0-4f0c-88cb-4db983953097": { "id": "defd82dd-bda0-4f0c-88cb-4db983953097", "title": "Simple JWT Login <= 3.2.1 - Insecure Password Creation", "software": [ { "type": "plugin", "name": "Simple JWT Login \u2013 Allows you to use JWT on REST endpoints.", "slug": "simple-jwt-login", "affected_versions": { "[*, 3.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/defd82dd-bda0-4f0c-88cb-4db983953097?source=api-scan" ], "published": "2021-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df00c8bc-8acd-4197-86fe-b88cb47d52c3": { "id": "df00c8bc-8acd-4197-86fe-b88cb47d52c3", "title": "MasterStudy LMS <= 3.0.17 - Privilege Escalation", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df00c8bc-8acd-4197-86fe-b88cb47d52c3?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df015a51-7eb8-4fbc-839f-bcf6b2e2b1a7": { "id": "df015a51-7eb8-4fbc-839f-bcf6b2e2b1a7", "title": "AccessPress Social Icons 1.8.2 - Backdoor", "software": [ { "type": "plugin", "name": "AccessPress Social Icons", "slug": "accesspress-social-icons", "affected_versions": { "1.8.2": { "from_version": "1.8.2", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df015a51-7eb8-4fbc-839f-bcf6b2e2b1a7?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df086b87-b025-417f-adc0-5f2829024a0b": { "id": "df086b87-b025-417f-adc0-5f2829024a0b", "title": "mTouch Quiz < 3.0.7 - SQL Injection", "software": [ { "type": "plugin", "name": "mTouch Quiz", "slug": "mtouch-quiz", "affected_versions": { "[*, 3.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df086b87-b025-417f-adc0-5f2829024a0b?source=api-scan" ], "published": "2014-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df0b25cb-5233-412d-8704-63f037b4fcec": { "id": "df0b25cb-5233-412d-8704-63f037b4fcec", "title": "Directorist <= 7.4.3 - Authenticated (Subscriber+) Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df0b25cb-5233-412d-8704-63f037b4fcec?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df0dcdf4-fcb1-4832-b39b-4ec3ee980506": { "id": "df0dcdf4-fcb1-4832-b39b-4ec3ee980506", "title": "WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Profile Picture Deletion", "software": [ { "type": "plugin", "name": "WPQA - Builder forms Addon For WordPress", "slug": "wpqa", "affected_versions": { "[*, 5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df0dcdf4-fcb1-4832-b39b-4ec3ee980506?source=api-scan" ], "published": "2022-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df1a3425-b1d7-4914-ab19-c215d4e845ea": { "id": "df1a3425-b1d7-4914-ab19-c215d4e845ea", "title": "Album and Image Gallery plus Lightbox <= 1.6.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Album and Image Gallery plus Lightbox", "slug": "album-and-image-gallery-plus-lightbox", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df1a3425-b1d7-4914-ab19-c215d4e845ea?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df20aa75-c6d3-48a6-9b19-7547bf12fb82": { "id": "df20aa75-c6d3-48a6-9b19-7547bf12fb82", "title": "WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Athletics", "slug": "wp-athletics", "affected_versions": { "* - 1.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df20aa75-c6d3-48a6-9b19-7547bf12fb82?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df32e1d0-3645-432c-a2e4-2d63709c4ffd": { "id": "df32e1d0-3645-432c-a2e4-2d63709c4ffd", "title": "WP Fastest Cache < 0.8.3.5 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "[*, 0.8.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.8.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df32e1d0-3645-432c-a2e4-2d63709c4ffd?source=api-scan" ], "published": "2015-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df35d8c6-55ec-4cf5-8055-93ec5193c0a4": { "id": "df35d8c6-55ec-4cf5-8055-93ec5193c0a4", "title": "Options for Twenty Seventeen <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Options for Twenty Seventeen", "slug": "options-for-twenty-seventeen", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df35d8c6-55ec-4cf5-8055-93ec5193c0a4?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df3b5124-1151-4402-b30f-038470c7a951": { "id": "df3b5124-1151-4402-b30f-038470c7a951", "title": "TS Poll \u2013 Best Poll Plugin for WordPress <= 1.5.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll", "slug": "poll-wp", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df3b5124-1151-4402-b30f-038470c7a951?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df40eb21-2080-4de5-9055-09246a8a275e": { "id": "df40eb21-2080-4de5-9055-09246a8a275e", "title": "Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.30": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df40eb21-2080-4de5-9055-09246a8a275e?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df413b9d-5c22-4276-a11b-4f193c48740d": { "id": "df413b9d-5c22-4276-a11b-4f193c48740d", "title": "HT Builder <= 1.2.9 - Cross-Site Request Forgery via plugin_activation", "software": [ { "type": "plugin", "name": "HT Builder \u2013 WordPress Theme Builder for Elementor", "slug": "ht-builder", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df413b9d-5c22-4276-a11b-4f193c48740d?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df46b3d5-a433-47b5-99b8-117591f7dd16": { "id": "df46b3d5-a433-47b5-99b8-117591f7dd16", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.0.34.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.34.1", "to_inclusive": true }, "3.1 - 3.1.9": { "from_version": "3.1", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true }, "3.2 - 3.2.27": { "from_version": "3.2", "from_inclusive": true, "to_version": "3.2.27", "to_inclusive": true }, "3.3 - 3.3.21.3": { "from_version": "3.3", "from_inclusive": true, "to_version": "3.3.21.3", "to_inclusive": true }, "3.4 - 3.4.34.1": { "from_version": "3.4", "from_inclusive": true, "to_version": "3.4.34.1", "to_inclusive": true }, "3.5 - 3.5.8.3": { "from_version": "3.5", "from_inclusive": true, "to_version": "3.5.8.3", "to_inclusive": true }, "3.6 - 3.6.10": { "from_version": "3.6", "from_inclusive": true, "to_version": "3.6.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.34.2", "3.1.10", "3.2.28", "3.3.21.4", "3.4.34.2", "3.5.8.4", "3.6.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df46b3d5-a433-47b5-99b8-117591f7dd16?source=api-scan" ], "published": "2022-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df4ad83f-280e-46fa-ad47-3822fa67b10d": { "id": "df4ad83f-280e-46fa-ad47-3822fa67b10d", "title": "Events Manager < 5.5.7.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.5.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df4ad83f-280e-46fa-ad47-3822fa67b10d?source=api-scan" ], "published": "2015-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df4dabd8-b676-4449-ab28-34d73fe0c39a": { "id": "df4dabd8-b676-4449-ab28-34d73fe0c39a", "title": "Chatbot with ChatGPT <= 2.4.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Chatbot with ChatGPT WordPress", "slug": "smartsearchwp", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df4dabd8-b676-4449-ab28-34d73fe0c39a?source=api-scan" ], "published": "2024-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df534aba-242a-45c2-9d1c-6a08b58f8ee7": { "id": "df534aba-242a-45c2-9d1c-6a08b58f8ee7", "title": "Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Vertical Icon Menu", "slug": "wpdevart-vertical-menu", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df534aba-242a-45c2-9d1c-6a08b58f8ee7?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df53dea5-4497-45ee-8f5c-e43f19a702f9": { "id": "df53dea5-4497-45ee-8f5c-e43f19a702f9", "title": "mTheme-Unus < 2.3 - Directory Traversal", "software": [ { "type": "theme", "name": "mTheme-Unus", "slug": "mTheme-Unus", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df53dea5-4497-45ee-8f5c-e43f19a702f9?source=api-scan" ], "published": "2015-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df54a888-fe7a-43ef-a77f-fb6e3401defe": { "id": "df54a888-fe7a-43ef-a77f-fb6e3401defe", "title": "Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Embed Swagger", "slug": "embed-swagger", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df54a888-fe7a-43ef-a77f-fb6e3401defe?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df5cd6e7-e821-403f-a048-25c2ca1fb2de": { "id": "df5cd6e7-e821-403f-a048-25c2ca1fb2de", "title": "WP DSGVO Tools (GDPR) <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP DSGVO Tools (GDPR)", "slug": "shapepress-dsgvo", "affected_versions": { "* - 3.1.32": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df5cd6e7-e821-403f-a048-25c2ca1fb2de?source=api-scan" ], "published": "2024-05-22 13:28:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df657cdc-00fc-476a-a64f-abfdd6b30739": { "id": "df657cdc-00fc-476a-a64f-abfdd6b30739", "title": "Cerber Security, Anti-spam & Malware Scan < 2.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "[*, 2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df657cdc-00fc-476a-a64f-abfdd6b30739?source=api-scan" ], "published": "2016-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df65af54-ce55-4c50-8a62-5541a1879ad4": { "id": "df65af54-ce55-4c50-8a62-5541a1879ad4", "title": "Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Arbitrary Page\/Post Deletion", "software": [ { "type": "plugin", "name": "Booster Plus for WooCommerce", "slug": "booster-plus-for-woocommerce", "affected_versions": { "[*, 7.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df65af54-ce55-4c50-8a62-5541a1879ad4?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df681544-f64b-4590-a377-08b05693ff1f": { "id": "df681544-f64b-4590-a377-08b05693ff1f", "title": "WP Post Author \u2013 Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.7.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Post Author \u2013 Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder", "slug": "wp-post-author", "affected_versions": { "* - 3.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df681544-f64b-4590-a377-08b05693ff1f?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df6e5aee-e79d-4c3f-a0c4-47436ae7c1da": { "id": "df6e5aee-e79d-4c3f-a0c4-47436ae7c1da", "title": "Premium Addons PRO <= 2.9.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df6e5aee-e79d-4c3f-a0c4-47436ae7c1da?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df911497-8504-424e-8717-42d0bb6c90f1": { "id": "df911497-8504-424e-8717-42d0bb6c90f1", "title": "Product Gallery Slider for WooCommerce <= 2.2.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Product Gallery Slider, Additional Variation Images for WooCommerce", "slug": "woo-product-gallery-slider", "affected_versions": { "[*, 2.2.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df911497-8504-424e-8717-42d0bb6c90f1?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df946b56-f3a5-4b0e-b281-1632abf93b34": { "id": "df946b56-f3a5-4b0e-b281-1632abf93b34", "title": "Membermouse <= 2.2.8 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "membermouse", "slug": "membermouse", "affected_versions": { "* - 2.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df946b56-f3a5-4b0e-b281-1632abf93b34?source=api-scan" ], "published": "2018-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df9ad765-dc7b-4da6-951e-045274caeaae": { "id": "df9ad765-dc7b-4da6-951e-045274caeaae", "title": "Cordobo Green Park (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Cordobo Green Park", "slug": "cordobo-green-park", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df9ad765-dc7b-4da6-951e-045274caeaae?source=api-scan" ], "published": "2007-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "df9b0578-d5fb-459b-b857-d907e4ca22b4": { "id": "df9b0578-d5fb-459b-b857-d907e4ca22b4", "title": "Themify Portfolio Post <= 1.1.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Portfolio Post", "slug": "themify-portfolio-post", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/df9b0578-d5fb-459b-b857-d907e4ca22b4?source=api-scan" ], "published": "2022-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfa22747-b9f5-403e-81bb-87a593e603a4": { "id": "dfa22747-b9f5-403e-81bb-87a593e603a4", "title": "Slideshow 2.2.8 - 2.2.21 - Information Exposure", "software": [ { "type": "plugin", "name": "Slideshow", "slug": "slideshow-jquery-image-gallery", "affected_versions": { "2.2.8 - 2.2.21": { "from_version": "2.2.8", "from_inclusive": true, "to_version": "2.2.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfa22747-b9f5-403e-81bb-87a593e603a4?source=api-scan" ], "published": "2015-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfa2af3d-ef5a-484b-83a3-552b03b16f4b": { "id": "dfa2af3d-ef5a-484b-83a3-552b03b16f4b", "title": "BxSlider WP <= 2.0.0 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BxSlider WP", "slug": "bxslider-wp", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfa2af3d-ef5a-484b-83a3-552b03b16f4b?source=api-scan" ], "published": "2022-07-27 14:26:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfa3efa2-c542-44b9-8039-13e6eac75101": { "id": "dfa3efa2-c542-44b9-8039-13e6eac75101", "title": "Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Free Live Chat Support", "slug": "livesupporti", "affected_versions": { "* - 1.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfa3efa2-c542-44b9-8039-13e6eac75101?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfafdc46-e747-42b4-963b-7b966b1f67a4": { "id": "dfafdc46-e747-42b4-963b-7b966b1f67a4", "title": "Ask Me <= 6.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Ask Me - Responsive Questions & Answers WordPress", "slug": "ask-me", "affected_versions": { "[*, 6.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfafdc46-e747-42b4-963b-7b966b1f67a4?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfb0da20-99f1-4bf1-8b30-3c8d15bf9679": { "id": "dfb0da20-99f1-4bf1-8b30-3c8d15bf9679", "title": "Download Manager <= 3.2.84 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Manager Pro", "slug": "download-manager", "affected_versions": { "* - 3.2.84": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.84", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.85" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfb0da20-99f1-4bf1-8b30-3c8d15bf9679?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfb2dda8-1389-4b19-a5cd-d6b3436ab3b6": { "id": "dfb2dda8-1389-4b19-a5cd-d6b3436ab3b6", "title": "Roomcloud < 1.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Roomcloud", "slug": "roomcloud", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfb2dda8-1389-4b19-a5cd-d6b3436ab3b6?source=api-scan" ], "published": "2015-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfb6961b-1398-409d-ada2-cf5424cb2b73": { "id": "dfb6961b-1398-409d-ada2-cf5424cb2b73", "title": "Essential Addons for Elementor <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.15": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfb6961b-1398-409d-ada2-cf5424cb2b73?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfb760fb-f281-4649-9bd3-92f8e281f07e": { "id": "dfb760fb-f281-4649-9bd3-92f8e281f07e", "title": "Yuki <= 1.3.14 - Cross-Site Request Forgery to Theme Setting Reset", "software": [ { "type": "theme", "name": "Yuki", "slug": "yuki", "affected_versions": { "* - 1.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfb760fb-f281-4649-9bd3-92f8e281f07e?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfbaa3e4-40c2-41d8-996c-232e27a04b73": { "id": "dfbaa3e4-40c2-41d8-996c-232e27a04b73", "title": "Smush \u2013 Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion", "software": [ { "type": "plugin", "name": "Smush Image Optimization \u2013 Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN", "slug": "wp-smushit", "affected_versions": { "* - 3.16.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.16.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.16.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfbaa3e4-40c2-41d8-996c-232e27a04b73?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfbdb5a7-e949-4d3a-8c8d-5dc6702f4675": { "id": "dfbdb5a7-e949-4d3a-8c8d-5dc6702f4675", "title": "OptinMonster <= 2.12.1 - Authenticated (Subscriber+) Sensitive Information Disclosure via Shortcode", "software": [ { "type": "plugin", "name": "Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation", "slug": "optinmonster", "affected_versions": { "* - 2.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfbdb5a7-e949-4d3a-8c8d-5dc6702f4675?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfbf2556-0509-4d8a-8949-494c6bc82ea1": { "id": "dfbf2556-0509-4d8a-8949-494c6bc82ea1", "title": "Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Admin Bar Editor \u2013 Hide Toolbar by User Roles", "slug": "admin-bar", "affected_versions": { "* - 1.0.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfbf2556-0509-4d8a-8949-494c6bc82ea1?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfcc2ab2-504d-4151-9435-618e317ce95c": { "id": "dfcc2ab2-504d-4151-9435-618e317ce95c", "title": "Seraphinite Post .DOCX Source <= 2.16.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Seraphinite Post .DOCX Source", "slug": "seraphinite-post-docx-source", "affected_versions": { "* - 2.16.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfcc2ab2-504d-4151-9435-618e317ce95c?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfcc3d8c-c36a-4994-aa79-99953d9adfc1": { "id": "dfcc3d8c-c36a-4994-aa79-99953d9adfc1", "title": "Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Analyticator", "slug": "google-analyticator", "affected_versions": { "* - 6.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfcc3d8c-c36a-4994-aa79-99953d9adfc1?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfd638bb-ae0b-403d-8d34-c4b62a749d7f": { "id": "dfd638bb-ae0b-403d-8d34-c4b62a749d7f", "title": "Asset CleanUp: Page Speed Booster <= 1.3.6.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Asset CleanUp: Page Speed Booster", "slug": "wp-asset-clean-up", "affected_versions": { "[*, 1.3.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfd638bb-ae0b-403d-8d34-c4b62a749d7f?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfd67329-11b1-4f00-a422-bb4833a3181d": { "id": "dfd67329-11b1-4f00-a422-bb4833a3181d", "title": "Chatbot for WordPress <= 2.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chatbot for WordPress by Collect.chat \u26a1\ufe0f", "slug": "collectchat", "affected_versions": { "2.3.9": { "from_version": "2.3.9", "from_inclusive": true, "to_version": "2.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfd67329-11b1-4f00-a422-bb4833a3181d?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfd6c2b8-b00c-49d1-930f-50397e742ac5": { "id": "dfd6c2b8-b00c-49d1-930f-50397e742ac5", "title": "Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation", "software": [ { "type": "plugin", "name": "Gallery Images Ape", "slug": "gallery-images-ape", "affected_versions": { "[*, 2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=api-scan" ], "published": "2019-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfd7b788-03a0-41a4-96f2-cfca74ef281b": { "id": "dfd7b788-03a0-41a4-96f2-cfca74ef281b", "title": "Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field", "software": [ { "type": "plugin", "name": "Custom Field Suite", "slug": "custom-field-suite", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfd7b788-03a0-41a4-96f2-cfca74ef281b?source=api-scan" ], "published": "2024-06-19 13:10:24", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfd95489-c1d5-45cc-8ac4-400a39391aa2": { "id": "dfd95489-c1d5-45cc-8ac4-400a39391aa2", "title": "Secure Copy Content Protection and Content Locking <= 3.7.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Secure Copy Content Protection and Content Locking", "slug": "secure-copy-content-protection", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfd95489-c1d5-45cc-8ac4-400a39391aa2?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfe07cd7-e448-4468-8280-3514690d8648": { "id": "dfe07cd7-e448-4468-8280-3514690d8648", "title": "Post Content XMLRPC <= 1.0 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Post Content XMLRPC", "slug": "post-content-xmlrpc", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfe07cd7-e448-4468-8280-3514690d8648?source=api-scan" ], "published": "2021-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfe41d6f-5026-4fcb-9ba0-a5180a03222c": { "id": "dfe41d6f-5026-4fcb-9ba0-a5180a03222c", "title": "Sniplets < 1.2.3 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Sniplets", "slug": "sniplets", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfe41d6f-5026-4fcb-9ba0-a5180a03222c?source=api-scan" ], "published": "2008-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfe6f49a-1dd1-46d9-8e15-a8a766917092": { "id": "dfe6f49a-1dd1-46d9-8e15-a8a766917092", "title": "Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks", "slug": "ht-contactform", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfe6f49a-1dd1-46d9-8e15-a8a766917092?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfea441c-2e77-47fa-8f6e-8d17d0c90ebe": { "id": "dfea441c-2e77-47fa-8f6e-8d17d0c90ebe", "title": "Guest posting \/ Frontend Posting wordpress plugin \u2013 WP Front User Submit \/ Front Editor <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Guest posting \/ Frontend Posting wordpress plugin \u2013 WP Front User Submit \/ Front Editor", "slug": "front-editor", "affected_versions": { "* - 4.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfea441c-2e77-47fa-8f6e-8d17d0c90ebe?source=api-scan" ], "published": "2023-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dfed10b0-f2eb-4228-b835-2a29c13e4a3f": { "id": "dfed10b0-f2eb-4228-b835-2a29c13e4a3f", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.36": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dfed10b0-f2eb-4228-b835-2a29c13e4a3f?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "dffaf909-72f5-466f-8dd0-d46a81402caf": { "id": "dffaf909-72f5-466f-8dd0-d46a81402caf", "title": "Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader.", "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/dffaf909-72f5-466f-8dd0-d46a81402caf?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e004bba3-d281-4f84-a941-a6c5b64b9dcd": { "id": "e004bba3-d281-4f84-a941-a6c5b64b9dcd", "title": "Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks", "software": [ { "type": "plugin", "name": "Schema & Structured Data for WP & AMP", "slug": "schema-and-structured-data-for-wp", "affected_versions": { "* - 1.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e004bba3-d281-4f84-a941-a6c5b64b9dcd?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e005861c-3ca5-4cee-a84b-9ebc095f4a1f": { "id": "e005861c-3ca5-4cee-a84b-9ebc095f4a1f", "title": "WP SlackSync <= 1.8.5 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "wpslacksync", "slug": "wpslacksync", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e005861c-3ca5-4cee-a84b-9ebc095f4a1f?source=api-scan" ], "published": "2019-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e007c713-74bc-4ff5-a198-70dcc8a8ee68": { "id": "e007c713-74bc-4ff5-a198-70dcc8a8ee68", "title": "Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e007c713-74bc-4ff5-a198-70dcc8a8ee68?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e00ba29c-acdc-42ba-a6f7-cd064aec662d": { "id": "e00ba29c-acdc-42ba-a6f7-cd064aec662d", "title": "Perfect Survey <= 1.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Perfect Survey", "slug": "perfect-survey", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e00ba29c-acdc-42ba-a6f7-cd064aec662d?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e00e67fb-65fa-4f35-9a3d-5794eb0505aa": { "id": "e00e67fb-65fa-4f35-9a3d-5794eb0505aa", "title": "Masterstudy LMS Starter <= 1.1.8 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "theme", "name": "Masterstudy - Education WordPress Theme", "slug": "ms-lms-starter-theme", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e00e67fb-65fa-4f35-9a3d-5794eb0505aa?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e012d7a0-46f9-4f3b-a178-2d06655fd441": { "id": "e012d7a0-46f9-4f3b-a178-2d06655fd441", "title": "External url as post Featured Image <= 2.02 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "External url as post Featured Image (thumbnail)", "slug": "external-url-as-post-featured-image-thumbnail", "affected_versions": { "* - 2.02": { "from_version": "*", "from_inclusive": true, "to_version": "2.02", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e012d7a0-46f9-4f3b-a178-2d06655fd441?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e014d8b6-9ce3-40ec-862e-ab5f220f1b6d": { "id": "e014d8b6-9ce3-40ec-862e-ab5f220f1b6d", "title": "Defender Security <= 4.4.1 - IP Address Spoofing", "software": [ { "type": "plugin", "name": "Defender Security \u2013 Malware Scanner, Login Security & Firewall", "slug": "defender-security", "affected_versions": { "* - 4.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e014d8b6-9ce3-40ec-862e-ab5f220f1b6d?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e01532bb-3011-4efe-b072-d0df5708f8e9": { "id": "e01532bb-3011-4efe-b072-d0df5708f8e9", "title": "Ninja Forms Contact Form <= 2.9.51 - Multiple Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "[*, 2.9.52)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.52", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e01532bb-3011-4efe-b072-d0df5708f8e9?source=api-scan" ], "published": "2016-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e018ca7c-06dd-4d40-91d4-4ed188b8aaf2": { "id": "e018ca7c-06dd-4d40-91d4-4ed188b8aaf2", "title": "POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.0.20": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e018ca7c-06dd-4d40-91d4-4ed188b8aaf2?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e01b4259-ed8d-44a4-9771-470de45b14a8": { "id": "e01b4259-ed8d-44a4-9771-470de45b14a8", "title": "CMP \u2013 Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure", "software": [ { "type": "plugin", "name": "CMP \u2013 Coming Soon & Maintenance Plugin by NiteoThemes", "slug": "cmp-coming-soon-maintenance", "affected_versions": { "* - 4.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e01b4259-ed8d-44a4-9771-470de45b14a8?source=api-scan" ], "published": "2023-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e01dd955-fa25-4cb2-8ab8-a648816857f1": { "id": "e01dd955-fa25-4cb2-8ab8-a648816857f1", "title": "IdeaPush <= 8.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IdeaPush", "slug": "ideapush", "affected_versions": { "* - 8.60": { "from_version": "*", "from_inclusive": true, "to_version": "8.60", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e01dd955-fa25-4cb2-8ab8-a648816857f1?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e01f5bd8-de0f-48aa-8007-61a0ebd0ebf3": { "id": "e01f5bd8-de0f-48aa-8007-61a0ebd0ebf3", "title": "VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Tag Edit", "software": [ { "type": "plugin", "name": "VK Blocks Pro", "slug": "vk-blocks-pro", "affected_versions": { "* - 1.53.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.53.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.54.0" ] }, { "type": "plugin", "name": "VK Blocks", "slug": "vk-blocks", "affected_versions": { "* - 1.53.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.53.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.54.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e01f5bd8-de0f-48aa-8007-61a0ebd0ebf3?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e01fd891-631e-47df-9f29-f3d4d5afa02f": { "id": "e01fd891-631e-47df-9f29-f3d4d5afa02f", "title": "Social Media Share Buttons <= 2.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e01fd891-631e-47df-9f29-f3d4d5afa02f?source=api-scan" ], "published": "2024-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e022febe-7295-493d-afa7-185f55b4d3b9": { "id": "e022febe-7295-493d-afa7-185f55b4d3b9", "title": "Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update", "software": [ { "type": "plugin", "name": "Ibtana \u2013 WordPress Website Builder", "slug": "ibtana-visual-editor", "affected_versions": { "* - 1.2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e022febe-7295-493d-afa7-185f55b4d3b9?source=api-scan" ], "published": "2024-06-17 14:09:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e02472a8-5b88-43ad-86f3-e890b49899ad": { "id": "e02472a8-5b88-43ad-86f3-e890b49899ad", "title": "Add Widget After Content <= 2.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Widget After Content", "slug": "add-widget-after-content", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e02472a8-5b88-43ad-86f3-e890b49899ad?source=api-scan" ], "published": "2024-10-17 15:47:41", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e029bc15-8128-42d1-8874-b0689312cb35": { "id": "e029bc15-8128-42d1-8874-b0689312cb35", "title": "MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "theme", "name": "MultiPurpose", "slug": "multipurpose", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e029bc15-8128-42d1-8874-b0689312cb35?source=api-scan" ], "published": "2024-08-07 13:13:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e02cf6d3-3c50-4da5-b28c-7bda30deca3e": { "id": "e02cf6d3-3c50-4da5-b28c-7bda30deca3e", "title": "WP Scrippets <= 1.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Scrippets", "slug": "wp-scrippets", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e02cf6d3-3c50-4da5-b28c-7bda30deca3e?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e03390e5-5604-4b9d-ab1b-dac2b19270cd": { "id": "e03390e5-5604-4b9d-ab1b-dac2b19270cd", "title": "Crowdsignal Dashboard \u2013 Polls, Surveys & more <= 3.0.11 - Cross-Site Request Forgery via update_rating", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "* - 3.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e03390e5-5604-4b9d-ab1b-dac2b19270cd?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e033dd4a-bc82-403a-82aa-cd8516290f4a": { "id": "e033dd4a-bc82-403a-82aa-cd8516290f4a", "title": "Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection", "software": [ { "type": "plugin", "name": "Export Post Info", "slug": "export-post-info", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e033dd4a-bc82-403a-82aa-cd8516290f4a?source=api-scan" ], "published": "2022-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0365efc-f443-40a6-a365-fd36c1818242": { "id": "e0365efc-f443-40a6-a365-fd36c1818242", "title": "User Meta Manager < 3.4.8 - Missing Authorization to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "User Meta Manager", "slug": "user-meta-manager", "affected_versions": { "[*, 3.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0365efc-f443-40a6-a365-fd36c1818242?source=api-scan" ], "published": "2016-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e036fd56-c13f-486d-acae-66378426d380": { "id": "e036fd56-c13f-486d-acae-66378426d380", "title": "WP-Invoice \u2013 Web Invoice and Billing <= 4.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP-Invoice \u2013 Web Invoice and Billing", "slug": "wp-invoice", "affected_versions": { "[*, 4.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e036fd56-c13f-486d-acae-66378426d380?source=api-scan" ], "published": "2016-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e03f95ae-c1ba-4679-888b-055293e1351f": { "id": "e03f95ae-c1ba-4679-888b-055293e1351f", "title": "ClickCease Click Fraud Protection <= 3.2.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ClickCease Click Fraud Protection", "slug": "clickcease-click-fraud-protection", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e03f95ae-c1ba-4679-888b-055293e1351f?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0403a76-86ce-4772-bc0b-22b183f0f684": { "id": "e0403a76-86ce-4772-bc0b-22b183f0f684", "title": "Print, PDF, Email by PrintFriendly <= 5.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Print, PDF, Email by PrintFriendly", "slug": "printfriendly", "affected_versions": { "* - 5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0403a76-86ce-4772-bc0b-22b183f0f684?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e04e2f24-ca52-4f7c-961b-f35b9ff90536": { "id": "e04e2f24-ca52-4f7c-961b-f35b9ff90536", "title": "OnePress Social Locker < 4.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OnePress Social Locker", "slug": "social-locker", "affected_versions": { "[*, 4.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e04e2f24-ca52-4f7c-961b-f35b9ff90536?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e056dcb5-a66b-4cd3-9a73-37f226015e09": { "id": "e056dcb5-a66b-4cd3-9a73-37f226015e09", "title": "Brizy \u2013 Page Builder <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.41": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e056dcb5-a66b-4cd3-9a73-37f226015e09?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e057a35b-8162-4636-9fd9-419378df1ca1": { "id": "e057a35b-8162-4636-9fd9-419378df1ca1", "title": "Better Search <= 1.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Search \u2013 Relevant search results for WordPress", "slug": "better-search", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e057a35b-8162-4636-9fd9-419378df1ca1?source=api-scan" ], "published": "2014-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e062c794-1ab7-4d44-95da-40cd401f3a37": { "id": "e062c794-1ab7-4d44-95da-40cd401f3a37", "title": "TimThumb <= 1.33 - Remote File Download", "software": [ { "type": "plugin", "name": "Category List Portfolio Page", "slug": "category-list-portfolio-page", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "TimThumb", "slug": "timthumb", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "plugin", "name": "Simple Post Thumbnails", "slug": "simple-post-thumbnails", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e062c794-1ab7-4d44-95da-40cd401f3a37?source=api-scan" ], "published": "2011-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0662c3a-5b82-4b9a-aa69-147094930d1f": { "id": "e0662c3a-5b82-4b9a-aa69-147094930d1f", "title": "Display custom fields in the frontend \u2013 Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection", "software": [ { "type": "plugin", "name": "Display custom fields in the frontend \u2013 Post and User Profile Fields", "slug": "shortcode-to-display-post-and-user-data", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0662c3a-5b82-4b9a-aa69-147094930d1f?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e068573d-bc3e-48de-b4e7-6a0666086ac3": { "id": "e068573d-bc3e-48de-b4e7-6a0666086ac3", "title": "Checkout Mestres WP <= 7.1.9.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Checkout Mestres do WP for WooCommerce", "slug": "checkout-mestres-wp", "affected_versions": { "* - 7.1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e068573d-bc3e-48de-b4e7-6a0666086ac3?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e06c7e0a-f972-430a-9f87-786e0c6e1a84": { "id": "e06c7e0a-f972-430a-9f87-786e0c6e1a84", "title": "Beauty & Clean <= 1.0.8 - Cross-Site Request Forgery & Arbitrary File Upload", "software": [ { "type": "theme", "name": "Beauty & Clean", "slug": "beauty-premium", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e06c7e0a-f972-430a-9f87-786e0c6e1a84?source=api-scan" ], "published": "2016-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e06ceba5-9c50-442e-9cba-da64a38de00f": { "id": "e06ceba5-9c50-442e-9cba-da64a38de00f", "title": "All in One Support Button + Callback Request <= 1.8.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Us all-in-one button", "slug": "ar-contactus", "affected_versions": { "[*, 1.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e06ceba5-9c50-442e-9cba-da64a38de00f?source=api-scan" ], "published": "2020-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e06fb465-4c72-49a8-af35-ff6d629ff9a0": { "id": "e06fb465-4c72-49a8-af35-ff6d629ff9a0", "title": "WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Product Table Lite", "slug": "wc-product-table-lite", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e06fb465-4c72-49a8-af35-ff6d629ff9a0?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e070b422-9036-4362-832b-43fd4838f394": { "id": "e070b422-9036-4362-832b-43fd4838f394", "title": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", "slug": "mailin", "affected_versions": { "* - 3.1.87": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.87", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.88" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e070b422-9036-4362-832b-43fd4838f394?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0755c8f-89c4-45a5-95a4-fcfe985f037f": { "id": "e0755c8f-89c4-45a5-95a4-fcfe985f037f", "title": "A Forms <= 1.4.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "A Forms", "slug": "a-forms", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0755c8f-89c4-45a5-95a4-fcfe985f037f?source=api-scan" ], "published": "2013-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e07649c0-b2eb-421b-95ae-a9530524470a": { "id": "e07649c0-b2eb-421b-95ae-a9530524470a", "title": "Coming soon and Maintenance mode <= 3.6.6 - Missing Authorization to Arbitrary Email Send", "software": [ { "type": "plugin", "name": "Coming soon and Maintenance mode", "slug": "coming-soon-page", "affected_versions": { "* - 3.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e07649c0-b2eb-421b-95ae-a9530524470a?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e076e054-6a0b-4c08-b0cc-bd3a5b0751e5": { "id": "e076e054-6a0b-4c08-b0cc-bd3a5b0751e5", "title": "Front End Users <= 3.2.24 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Front End Users", "slug": "front-end-only-users", "affected_versions": { "* - 3.2.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e076e054-6a0b-4c08-b0cc-bd3a5b0751e5?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0861584-6850-40c6-92d4-b4efb1ea103f": { "id": "e0861584-6850-40c6-92d4-b4efb1ea103f", "title": "Contact Form 7 Math Captcha <= 2.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Math Captcha", "slug": "ds-cf7-math-captcha", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0861584-6850-40c6-92d4-b4efb1ea103f?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e087817e-9edb-4c93-96c6-e8d8e99d4d9b": { "id": "e087817e-9edb-4c93-96c6-e8d8e99d4d9b", "title": "WP All Backup <= 2.4.3 - Cross-Site Request Forgery to Backup Storage Modification", "software": [ { "type": "plugin", "name": "WP All Backup", "slug": "wp-all-backup", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e087817e-9edb-4c93-96c6-e8d8e99d4d9b?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e08c0e74-4ce0-4278-8f58-909f7c24f346": { "id": "e08c0e74-4ce0-4278-8f58-909f7c24f346", "title": "Restaurant Reservations Widget <= 1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Restaurant Reservations Widget", "slug": "restaurantconnect-reswidget", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e08c0e74-4ce0-4278-8f58-909f7c24f346?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e08c3db4-6353-4bca-ab89-af46e5a0a128": { "id": "e08c3db4-6353-4bca-ab89-af46e5a0a128", "title": "Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution", "software": [ { "type": "plugin", "name": "Similar Posts \u2013 Best Related Posts Plugin for WordPress", "slug": "similar-posts", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e08c3db4-6353-4bca-ab89-af46e5a0a128?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e08cd1b6-3faf-4650-9606-3724b6a52df5": { "id": "e08cd1b6-3faf-4650-9606-3724b6a52df5", "title": "Notification \u2013 Custom Notifications and Alerts for WordPress <= 7.2.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Notification \u2013 Custom Notifications and Alerts for WordPress", "slug": "notification", "affected_versions": { "* - 7.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e08cd1b6-3faf-4650-9606-3724b6a52df5?source=api-scan" ], "published": "2021-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e08d455e-925d-4a94-8d57-484aedc25411": { "id": "e08d455e-925d-4a94-8d57-484aedc25411", "title": "Tipsacarrier < 1.5.0.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Tipsacarrier", "slug": "tipsacarrier", "affected_versions": { "[*, 1.5.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e08d455e-925d-4a94-8d57-484aedc25411?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e093a923-4b9b-4def-a81b-78584aead5c1": { "id": "e093a923-4b9b-4def-a81b-78584aead5c1", "title": "Custom Product Tabs for WooCommerce <= 1.7.7 - Subscriber+ Settings Update", "software": [ { "type": "plugin", "name": "Custom Product Tabs for WooCommerce", "slug": "yikes-inc-easy-custom-woocommerce-product-tabs", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e093a923-4b9b-4def-a81b-78584aead5c1?source=api-scan" ], "published": "2022-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0976e3c-dcc2-41aa-a734-84afa50310ed": { "id": "e0976e3c-dcc2-41aa-a734-84afa50310ed", "title": "MJ Update History <= 1.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MJ Update History", "slug": "mj-update-history", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0976e3c-dcc2-41aa-a734-84afa50310ed?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0981349-e627-4a3c-9972-01111a6b6140": { "id": "e0981349-e627-4a3c-9972-01111a6b6140", "title": "Custom Order Statuses for WooCommerce <= 1.5.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Custom Order Statuses for WooCommerce", "slug": "custom-order-statuses-for-woocommerce", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0981349-e627-4a3c-9972-01111a6b6140?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e099d8e2-6305-43fc-8807-a37791deb2ff": { "id": "e099d8e2-6305-43fc-8807-a37791deb2ff", "title": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e099d8e2-6305-43fc-8807-a37791deb2ff?source=api-scan" ], "published": "2024-10-09 13:30:38", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e09c629b-9908-4548-b828-9e6140ff5670": { "id": "e09c629b-9908-4548-b828-9e6140ff5670", "title": "Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cab Grid", "slug": "cab-grid", "affected_versions": { "* - 1.5.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e09c629b-9908-4548-b828-9e6140ff5670?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e09e48db-f74a-4663-a724-24938a6c277c": { "id": "e09e48db-f74a-4663-a724-24938a6c277c", "title": "Multiple Themes (Various Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Travel Booking", "slug": "travel-booking", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "theme", "name": "AwpBusinessPress", "slug": "awpbusinesspress", "affected_versions": { "[*, 0.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2.4" ] }, { "type": "theme", "name": "Fifteen", "slug": "fifteen", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Rambo", "slug": "rambo", "affected_versions": { "[*, 2.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.4" ] }, { "type": "theme", "name": "Wallstreet", "slug": "wallstreet", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] }, { "type": "theme", "name": "Rara Business", "slug": "rara-business", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] }, { "type": "theme", "name": "Auto Car", "slug": "auto-car", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Shopbiz Lite", "slug": "shopbiz-lite", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] }, { "type": "theme", "name": "CloudPress", "slug": "cloudpress", "affected_versions": { "[*, 2.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.9" ] }, { "type": "theme", "name": "Spawp", "slug": "spawp", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] }, { "type": "theme", "name": "Designexo", "slug": "designexo", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7" ] }, { "type": "theme", "name": "Cactus", "slug": "cactus", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Perfect Portfolio", "slug": "perfect-portfolio", "affected_versions": { "[*, 1.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.6" ] }, { "type": "theme", "name": "Envo Business", "slug": "envo-business", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "StartKit", "slug": "startkit", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "ElitePress", "slug": "elitepress", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] }, { "type": "theme", "name": "ConsultStreet", "slug": "consultstreet", "affected_versions": { "[*, 1.6.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.7" ] }, { "type": "theme", "name": "Spasalon", "slug": "spasalon", "affected_versions": { "[*, 2.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.1" ] }, { "type": "theme", "name": "ColorWay", "slug": "colorway", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "ArileWP", "slug": "arilewp", "affected_versions": { "[*, 2.9.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.7" ] }, { "type": "theme", "name": "Businesswp", "slug": "businesswp", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] }, { "type": "theme", "name": "Spice Software", "slug": "spice-software", "affected_versions": { "[*, 1.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.5" ] }, { "type": "theme", "name": "Appointment", "slug": "appointment", "affected_versions": { "[*, 3.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.6" ] }, { "type": "theme", "name": "lawyerpress lite", "slug": "lawyerpress-lite", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Short", "slug": "short", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] }, { "type": "theme", "name": "WP Real Estate", "slug": "wp-real-estate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Mediciti Lite", "slug": "mediciti-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Quality", "slug": "quality", "affected_versions": { "[*, 2.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.4" ] }, { "type": "theme", "name": "HoneyPress", "slug": "honeypress", "affected_versions": { "[*, 2.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.6" ] }, { "type": "theme", "name": "AStore", "slug": "astore", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Blain", "slug": "blain", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Robolist Lite", "slug": "robolist-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Spiko", "slug": "spiko", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] }, { "type": "theme", "name": "Travel Agency", "slug": "travel-agency", "affected_versions": { "[*, 1.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "theme", "name": "Jewelry Store", "slug": "jewelry-store", "affected_versions": { "[*, 2.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.5" ] }, { "type": "theme", "name": "NGO Charity Lite", "slug": "ngo-charity-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Busiprof", "slug": "busiprof", "affected_versions": { "[*, 2.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.8" ] }, { "type": "theme", "name": "Hasten Lite", "slug": "hasten-lite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "BusiCare", "slug": "busicare", "affected_versions": { "[*, 1.1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.9" ] }, { "type": "theme", "name": "EventPress", "slug": "eventpress", "affected_versions": { "* - 5.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7" ] }, { "type": "theme", "name": "ConsultEra", "slug": "consultera", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "BusinessExpo", "slug": "businessexpo", "affected_versions": { "[*, 0.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.1.4" ] }, { "type": "theme", "name": "IH Business Pro", "slug": "ih-business-pro", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e09e48db-f74a-4663-a724-24938a6c277c?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0a0303a-2c8e-4ac5-ad89-df3774db9679": { "id": "e0a0303a-2c8e-4ac5-ad89-df3774db9679", "title": "Pz-LinkCard <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pz-LinkCard", "slug": "pz-linkcard", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0a0303a-2c8e-4ac5-ad89-df3774db9679?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0a294c5-dc2f-4739-9519-ae2a1268ff55": { "id": "e0a294c5-dc2f-4739-9519-ae2a1268ff55", "title": "SecureMoz Security Audit <= 1.0.5 - PHP Object Injection", "software": [ { "type": "plugin", "name": "SecureMoz Security Audit", "slug": "securemoz-security-audit", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0a294c5-dc2f-4739-9519-ae2a1268ff55?source=api-scan" ], "published": "2015-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0b81941-ae2b-451a-ae72-07fd72f70a95": { "id": "e0b81941-ae2b-451a-ae72-07fd72f70a95", "title": "Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode", "software": [ { "type": "plugin", "name": "Posts List Designer by Category \u2013 List Category Posts Or Recent Posts", "slug": "post-list-designer", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0b81941-ae2b-451a-ae72-07fd72f70a95?source=api-scan" ], "published": "2023-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0b8c24b-3e51-4637-9d8e-da065077d082": { "id": "e0b8c24b-3e51-4637-9d8e-da065077d082", "title": "Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action", "software": [ { "type": "plugin", "name": "Advanced Database Cleaner", "slug": "advanced-database-cleaner", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0b8c24b-3e51-4637-9d8e-da065077d082?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0bf0bf1-91c3-4f91-b5e4-189944b6a557": { "id": "e0bf0bf1-91c3-4f91-b5e4-189944b6a557", "title": "BEAF <= 4.5.4 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Ultimate Before After Image Slider & Gallery \u2013 BEAF", "slug": "beaf-before-and-after-gallery", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0bf0bf1-91c3-4f91-b5e4-189944b6a557?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0bfa461-5cea-40e8-af9f-800cdbb6efb5": { "id": "e0bfa461-5cea-40e8-af9f-800cdbb6efb5", "title": "WooDiscuz \u2013 WooCommerce Comments <= 2.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooDiscuz \u2013 WooCommerce Comments", "slug": "woodiscuz-woocommerce-comments", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0bfa461-5cea-40e8-af9f-800cdbb6efb5?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0ca6ac4-0d89-4601-94fc-cce5a0af9c56": { "id": "e0ca6ac4-0d89-4601-94fc-cce5a0af9c56", "title": "Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0ca6ac4-0d89-4601-94fc-cce5a0af9c56?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0ccdc0d-7c38-4dd3-be39-2359d63b2b6c": { "id": "e0ccdc0d-7c38-4dd3-be39-2359d63b2b6c", "title": "Strong Testimonials <= 3.1.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 3.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0ccdc0d-7c38-4dd3-be39-2359d63b2b6c?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0cf5711-a02b-4db7-9bf7-47d512680428": { "id": "e0cf5711-a02b-4db7-9bf7-47d512680428", "title": "Safe Editor < 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Safe Editor", "slug": "safe-editor", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0cf5711-a02b-4db7-9bf7-47d512680428?source=api-scan" ], "published": "2016-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0d5b1a5-0078-402b-b834-8091bfc02dd5": { "id": "e0d5b1a5-0078-402b-b834-8091bfc02dd5", "title": "EventON <= 4.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0d5b1a5-0078-402b-b834-8091bfc02dd5?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0d6c8dc-d32b-4ac8-8b0d-6d7ecbac86b5": { "id": "e0d6c8dc-d32b-4ac8-8b0d-6d7ecbac86b5", "title": "GD Rating System <= 2.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "GD Rating System", "slug": "gd-rating-system", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0d6c8dc-d32b-4ac8-8b0d-6d7ecbac86b5?source=api-scan" ], "published": "2018-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0d6ef49-288b-47d9-bbf2-dc31a6e3621e": { "id": "e0d6ef49-288b-47d9-bbf2-dc31a6e3621e", "title": "Pretty Links Lite < 1.6.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PrettyLinks \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin", "slug": "pretty-link", "affected_versions": { "[*, 1.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0d6ef49-288b-47d9-bbf2-dc31a6e3621e?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0de1962-13bd-4710-ae1f-ab5ced7cc59d": { "id": "e0de1962-13bd-4710-ae1f-ab5ced7cc59d", "title": "WP eCommerce Shop Styling < 1.8 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "WP eCommerce Shop Styling", "slug": "wp-ecommerce-shop-styling", "affected_versions": { "[*, 1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0de1962-13bd-4710-ae1f-ab5ced7cc59d?source=api-scan" ], "published": "2013-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0df0a4e-282e-483a-8d5e-a192620ed2d2": { "id": "e0df0a4e-282e-483a-8d5e-a192620ed2d2", "title": "Call&Book Mobile Bar <= 1.2.2 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Call&Book Mobile Bar", "slug": "callbook-mobile-bar", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0df0a4e-282e-483a-8d5e-a192620ed2d2?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0e503f4-5864-49f0-aa52-6a44af5e8087": { "id": "e0e503f4-5864-49f0-aa52-6a44af5e8087", "title": "WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0e503f4-5864-49f0-aa52-6a44af5e8087?source=api-scan" ], "published": "2021-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0e70739-88c2-498e-b96c-1f27b8641cb8": { "id": "e0e70739-88c2-498e-b96c-1f27b8641cb8", "title": "Sliced Invoices <= 3.8.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sliced Invoices \u2013 WordPress Invoice Plugin", "slug": "sliced-invoices", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0e70739-88c2-498e-b96c-1f27b8641cb8?source=api-scan" ], "published": "2019-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0f19403-af02-4a29-b4f3-778da4c2df17": { "id": "e0f19403-af02-4a29-b4f3-778da4c2df17", "title": "Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.6.24 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Poll, Survey & Quiz Maker Plugin by Opinion Stage", "slug": "social-polls-by-opinionstage", "affected_versions": { "* - 19.6.24": { "from_version": "*", "from_inclusive": true, "to_version": "19.6.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.6.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0f19403-af02-4a29-b4f3-778da4c2df17?source=api-scan" ], "published": "2019-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0f295f9-1090-4b10-abc5-3f73c5b4e28d": { "id": "e0f295f9-1090-4b10-abc5-3f73c5b4e28d", "title": "All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image", "software": [ { "type": "plugin", "name": "All-in-One Video Gallery", "slug": "all-in-one-video-gallery", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0f295f9-1090-4b10-abc5-3f73c5b4e28d?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0f2fe23-c77c-4e24-a1e4-0aa3697370e6": { "id": "e0f2fe23-c77c-4e24-a1e4-0aa3697370e6", "title": "Easy Digital Downloads - Cross-Sell and Upsell <= 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads - Cross-Sell and Upsell", "slug": "edd-cross-sell-and-upsell", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0f2fe23-c77c-4e24-a1e4-0aa3697370e6?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0fdeb83-78c3-4b29-809c-662bd2a2bb51": { "id": "e0fdeb83-78c3-4b29-809c-662bd2a2bb51", "title": "Simple Download Button Shortcode <= 1.0 - Information Disclosure via Arbitrary File Downloads", "software": [ { "type": "plugin", "name": "simple-download-button-shortcode", "slug": "simple-download-button-shortcode", "affected_versions": { "1.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0fdeb83-78c3-4b29-809c-662bd2a2bb51?source=api-scan" ], "published": "2012-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e0fdee40-9d60-4657-9e2b-42d548dea1c0": { "id": "e0fdee40-9d60-4657-9e2b-42d548dea1c0", "title": "MomentoPress for Momento360 <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "MomentoPress for Momento360", "slug": "cmyee-momentopress", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e0fdee40-9d60-4657-9e2b-42d548dea1c0?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e10127aa-a5a5-4394-8b54-b57ba1369d77": { "id": "e10127aa-a5a5-4394-8b54-b57ba1369d77", "title": "Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ecwid by Lightspeed Ecommerce Shopping Cart", "slug": "ecwid-shopping-cart", "affected_versions": { "* - 6.12.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.12.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.12.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e10127aa-a5a5-4394-8b54-b57ba1369d77?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e103f59a-00fa-4d4c-b4fc-834754886d49": { "id": "e103f59a-00fa-4d4c-b4fc-834754886d49", "title": "ProfilePress <= 4.13.1 Cross-Site Request Forgery via 'admin_notice'", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "[*, 4.13.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.13.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e103f59a-00fa-4d4c-b4fc-834754886d49?source=api-scan" ], "published": "2023-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e10a95e3-e834-4f84-85c1-4a1ffad41b5b": { "id": "e10a95e3-e834-4f84-85c1-4a1ffad41b5b", "title": "WooCommerce <= 2.6.3 - Stored Cross-Site Scripting via REST-API", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 2.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e10a95e3-e834-4f84-85c1-4a1ffad41b5b?source=api-scan" ], "published": "2016-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e10b668b-b7fc-4626-8e97-15b1fdee93b5": { "id": "e10b668b-b7fc-4626-8e97-15b1fdee93b5", "title": "Tainacan <= 0.21.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.21.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.21.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.21.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e10b668b-b7fc-4626-8e97-15b1fdee93b5?source=api-scan" ], "published": "2024-05-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e10db126-a22e-4e15-a868-6fd9172fa805": { "id": "e10db126-a22e-4e15-a868-6fd9172fa805", "title": "Login Widget With Shortcode < 3.2.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login Widget With Shortcode", "slug": "login-sidebar-widget", "affected_versions": { "[*, 3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e10db126-a22e-4e15-a868-6fd9172fa805?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e10dd0e6-1567-437b-ace7-fae013d66514": { "id": "e10dd0e6-1567-437b-ace7-fae013d66514", "title": "Custom Dashboard & Login Page \u2013 AGCA <= 6.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AGCA \u2013 Custom Dashboard & Login Page", "slug": "ag-custom-admin", "affected_versions": { "* - 6.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e10dd0e6-1567-437b-ace7-fae013d66514?source=api-scan" ], "published": "2020-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e10fc7e4-11ec-409b-9f16-b38adceaf622": { "id": "e10fc7e4-11ec-409b-9f16-b38adceaf622", "title": "PropertyHive <= 2.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e10fc7e4-11ec-409b-9f16-b38adceaf622?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e110ea99-e2fa-4558-bcf3-942a35af0b91": { "id": "e110ea99-e2fa-4558-bcf3-942a35af0b91", "title": "NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "NotificationX \u2013 Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar", "slug": "notificationx", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e110ea99-e2fa-4558-bcf3-942a35af0b91?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e11662b0-5f67-4c27-abdb-522204acb35e": { "id": "e11662b0-5f67-4c27-abdb-522204acb35e", "title": "WP-UserOnline <= 2.88.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-UserOnline", "slug": "wp-useronline", "affected_versions": { "* - 2.88.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.88.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.88.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e11662b0-5f67-4c27-abdb-522204acb35e?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e116f1f1-ef11-408f-8368-ddd94ba50b41": { "id": "e116f1f1-ef11-408f-8368-ddd94ba50b41", "title": "Chatbot Support AI <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot", "slug": "chatbot-support-ai", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e116f1f1-ef11-408f-8368-ddd94ba50b41?source=api-scan" ], "published": "2024-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e11ceba3-6bf4-4759-a8ac-ca779e2924cd": { "id": "e11ceba3-6bf4-4759-a8ac-ca779e2924cd", "title": "Muslim Prayer Time BD <= 2.4 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "plugin", "name": "Muslim Prayer Time BD", "slug": "muslim-prayer-time-bd", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e11ceba3-6bf4-4759-a8ac-ca779e2924cd?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e11e4bab-f8a9-4ecb-b36e-09a55e47f1ae": { "id": "e11e4bab-f8a9-4ecb-b36e-09a55e47f1ae", "title": "Phlox Shop <= 2.0.0 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Phlox Shop", "slug": "auxin-shop", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e11e4bab-f8a9-4ecb-b36e-09a55e47f1ae?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e11f1a56-d5a2-47a4-a5cc-34345966495a": { "id": "e11f1a56-d5a2-47a4-a5cc-34345966495a", "title": "ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ScrollTo Top", "slug": "scrollto-top", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e11f1a56-d5a2-47a4-a5cc-34345966495a?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e122d75b-0bde-4886-a8e0-d07a535fc967": { "id": "e122d75b-0bde-4886-a8e0-d07a535fc967", "title": "Apollo13 Framework Extensions <= 1.8.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Apollo13 Framework Extensions", "slug": "apollo13-framework-extensions", "affected_versions": { "* - 1.8.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e122d75b-0bde-4886-a8e0-d07a535fc967?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e12c14c8-9603-483b-9b07-fa36c9f98285": { "id": "e12c14c8-9603-483b-9b07-fa36c9f98285", "title": "Ultimate Addons for Elementor <= 1.36.31 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Ultimate Addons for Elementor", "slug": "ultimate-elementor", "affected_versions": { "* - 1.36.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.36.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.36.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e12c14c8-9603-483b-9b07-fa36c9f98285?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e136ab52-a193-430b-b2b2-d7640d009c99": { "id": "e136ab52-a193-430b-b2b2-d7640d009c99", "title": "Newsletter \u2013 Send awesome emails from WordPress <= 7.4.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 7.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e136ab52-a193-430b-b2b2-d7640d009c99?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e13a38d0-9781-4b1e-8b2b-fdcb1001b8d5": { "id": "e13a38d0-9781-4b1e-8b2b-fdcb1001b8d5", "title": "Giveaways and Contests by RafflePress <= 1.12.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers", "slug": "rafflepress", "affected_versions": { "* - 1.12.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e13a38d0-9781-4b1e-8b2b-fdcb1001b8d5?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e140973b-d37c-45bf-aed2-9223bd812957": { "id": "e140973b-d37c-45bf-aed2-9223bd812957", "title": "Webpushr <= 4.34.0 - Cross-Site Request Forgery to Local File Inclusion via menu", "software": [ { "type": "plugin", "name": "Web Push Notifications \u2013 Webpushr", "slug": "webpushr-web-push-notifications", "affected_versions": { "* - 4.34.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.34.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.35.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e140973b-d37c-45bf-aed2-9223bd812957?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e14f0fc6-fca4-4dd7-8f7b-ed5ed535c9af": { "id": "e14f0fc6-fca4-4dd7-8f7b-ed5ed535c9af", "title": "Widget Settings Importer\/Exporter Plugin <= 1.5.3 - Unauthorized Widget Import to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widget Settings Importer\/Exporter", "slug": "widget-settings-importexport", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e14f0fc6-fca4-4dd7-8f7b-ed5ed535c9af?source=api-scan" ], "published": "2020-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1523ba0-9cac-43e2-9441-4d02fbaaf705": { "id": "e1523ba0-9cac-43e2-9441-4d02fbaaf705", "title": "Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Analyticator", "slug": "google-analyticator", "affected_versions": { "* - 6.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1523ba0-9cac-43e2-9441-4d02fbaaf705?source=api-scan" ], "published": "2023-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e153ca31-56fe-4071-9e0e-786eca875e80": { "id": "e153ca31-56fe-4071-9e0e-786eca875e80", "title": "Theme <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Event", "slug": "event", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e153ca31-56fe-4071-9e0e-786eca875e80?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1549ae5-267d-4fbb-be07-5b3842efd4f1": { "id": "e1549ae5-267d-4fbb-be07-5b3842efd4f1", "title": "OWM Weather <= 5.6.8 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "OWM Weather", "slug": "owm-weather", "affected_versions": { "* - 5.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1549ae5-267d-4fbb-be07-5b3842efd4f1?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e154a12d-8ade-456e-ad64-e1cd419e2b2c": { "id": "e154a12d-8ade-456e-ad64-e1cd419e2b2c", "title": "Qi Addons For Elementor <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown widget", "software": [ { "type": "plugin", "name": "Qi Addons For Elementor", "slug": "qi-addons-for-elementor", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e154a12d-8ade-456e-ad64-e1cd419e2b2c?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e15b81f7-4d3b-4505-b345-1019fed0fef1": { "id": "e15b81f7-4d3b-4505-b345-1019fed0fef1", "title": "WooSidebars <= 1.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooSidebars", "slug": "woosidebars", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e15b81f7-4d3b-4505-b345-1019fed0fef1?source=api-scan" ], "published": "2015-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e15ca55b-b8e4-4f65-87a4-e13209cfea78": { "id": "e15ca55b-b8e4-4f65-87a4-e13209cfea78", "title": "Add User Role <= 0.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add User Role", "slug": "add-user-role", "affected_versions": { "* - 0.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e15ca55b-b8e4-4f65-87a4-e13209cfea78?source=api-scan" ], "published": "2022-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1634f86-21c0-4b9a-b521-c6b9986f91fc": { "id": "e1634f86-21c0-4b9a-b521-c6b9986f91fc", "title": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.67 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "slug": "stopbadbots", "affected_versions": { "[*, 6.67)": { "from_version": "*", "from_inclusive": true, "to_version": "6.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1634f86-21c0-4b9a-b521-c6b9986f91fc?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e166a7db-45f7-4a0d-9966-dbec9ade204a": { "id": "e166a7db-45f7-4a0d-9966-dbec9ade204a", "title": "Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e167eedc-0828-4707-85b9-a78f9aeff27e": { "id": "e167eedc-0828-4707-85b9-a78f9aeff27e", "title": "BA Book Everything <= 1.6.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BA Book Everything", "slug": "ba-book-everything", "affected_versions": { "* - 1.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e167eedc-0828-4707-85b9-a78f9aeff27e?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e16d8d28-e1e5-46ab-a64c-1da07747559e": { "id": "e16d8d28-e1e5-46ab-a64c-1da07747559e", "title": "Twittee Text Tweet <= 1.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Twittee Text Tweet", "slug": "twittee-text-tweet", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e16d8d28-e1e5-46ab-a64c-1da07747559e?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e16da850-6429-4402-ab09-6d2d145bcfd7": { "id": "e16da850-6429-4402-ab09-6d2d145bcfd7", "title": "Perfect Pullquotes <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Perfect Pullquotes", "slug": "perfect-pullquotes", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e16da850-6429-4402-ab09-6d2d145bcfd7?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e17c4ed6-b09a-40ca-bcda-2b881056469c": { "id": "e17c4ed6-b09a-40ca-bcda-2b881056469c", "title": "Crowdsignal Dashboard \u2013 Polls, Surveys & more <= 2.0.31 - Stored Cross-Site scripting", "software": [ { "type": "plugin", "name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more", "slug": "polldaddy", "affected_versions": { "* - 2.0.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e17c4ed6-b09a-40ca-bcda-2b881056469c?source=api-scan" ], "published": "2016-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e17dd3e7-9bd9-4852-9512-72fe1e40f86a": { "id": "e17dd3e7-9bd9-4852-9512-72fe1e40f86a", "title": "One User Avatar <= 2.3.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "One User Avatar | User Profile Picture", "slug": "one-user-avatar", "affected_versions": { "[*, 2.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e17dd3e7-9bd9-4852-9512-72fe1e40f86a?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e180758a-d1c8-4b68-937b-89878619da8f": { "id": "e180758a-d1c8-4b68-937b-89878619da8f", "title": "WP Fundraising Donation and Crowdfunding Platform <= 1.6.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "FundEngine \u2013 Donation and Crowdfunding Platform", "slug": "wp-fundraising-donation", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e180758a-d1c8-4b68-937b-89878619da8f?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e186123e-313f-4b0e-9579-135cfdfa4bc0": { "id": "e186123e-313f-4b0e-9579-135cfdfa4bc0", "title": "YITH Easy Login & Register Popup for WooCommerce <= 1.8.0 - Authentication Bypass via Password Reset", "software": [ { "type": "plugin", "name": "YITH Easy Login & Register Popup for WooCommerce", "slug": "yith-easy-login-register-popup-for-woocommerce", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e186123e-313f-4b0e-9579-135cfdfa4bc0?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e188b3a4-ddb2-405b-840f-4f13db5dbf3a": { "id": "e188b3a4-ddb2-405b-840f-4f13db5dbf3a", "title": "Rehub <= 19.6.1 - Unauthenticated Local File Inclusion", "software": [ { "type": "theme", "name": "rehub-theme", "slug": "rehub-theme", "affected_versions": { "* - 19.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e188b3a4-ddb2-405b-840f-4f13db5dbf3a?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e18aba51-46a8-4670-8e15-85b12f5d06e6": { "id": "e18aba51-46a8-4670-8e15-85b12f5d06e6", "title": "Name Directory <= 1.17.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Name Directory", "slug": "name-directory", "affected_versions": { "* - 1.17.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e18aba51-46a8-4670-8e15-85b12f5d06e6?source=api-scan" ], "published": "2021-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e18ae7a9-7761-432f-a983-16ff1131c1e8": { "id": "e18ae7a9-7761-432f-a983-16ff1131c1e8", "title": "Advanced Category Template <= 0.1 - Stored Cross-Site Scripting via Cross-Site Request Forgery in _form.php", "software": [ { "type": "plugin", "name": "Advanced Category Template", "slug": "advanced-category-template", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e18ae7a9-7761-432f-a983-16ff1131c1e8?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e18b3a85-9d4a-4af8-9a73-1f8794ad467b": { "id": "e18b3a85-9d4a-4af8-9a73-1f8794ad467b", "title": "SEO SearchTerms Tagging 2 <=1.535 - SQL Injection", "software": [ { "type": "plugin", "name": "SEO SearchTerms Tagging 2", "slug": "searchterms-tagging-2", "affected_versions": { "* - 1.535": { "from_version": "*", "from_inclusive": true, "to_version": "1.535", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e18b3a85-9d4a-4af8-9a73-1f8794ad467b?source=api-scan" ], "published": "2015-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1900948-8813-4c88-87fe-ddf830c6ae3b": { "id": "e1900948-8813-4c88-87fe-ddf830c6ae3b", "title": "LiteSpeed Cache <= 5.3 - Missing Authorization to Toggle Crawler State", "software": [ { "type": "plugin", "name": "LiteSpeed Cache", "slug": "litespeed-cache", "affected_versions": { "* - 5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1900948-8813-4c88-87fe-ddf830c6ae3b?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e19f4cb9-09ec-4711-a799-1ba809f2eda8": { "id": "e19f4cb9-09ec-4711-a799-1ba809f2eda8", "title": "Formidable Form Builder <= 4.02 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "[*, 4.02.01)": { "from_version": "*", "from_inclusive": true, "to_version": "4.02.01", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.02.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e19f4cb9-09ec-4711-a799-1ba809f2eda8?source=api-scan" ], "published": "2019-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1a20ca8-8eb8-4247-9145-63bcb0d5d681": { "id": "e1a20ca8-8eb8-4247-9145-63bcb0d5d681", "title": "Search Atlas SEO <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Search Atlas SEO \u2013 Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization", "slug": "metasync", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1a20ca8-8eb8-4247-9145-63bcb0d5d681?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1a3cc98-3bee-4d52-a4bf-2a1a284b9311": { "id": "e1a3cc98-3bee-4d52-a4bf-2a1a284b9311", "title": "BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "* - 1.0.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1a3cc98-3bee-4d52-a4bf-2a1a284b9311?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1a3ea4c-163f-406c-a819-92d3157fd93f": { "id": "e1a3ea4c-163f-406c-a819-92d3157fd93f", "title": "Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Albo Pretorio On line", "slug": "albo-pretorio-on-line", "affected_versions": { "* - 4.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1a3ea4c-163f-406c-a819-92d3157fd93f?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1a492f6-8248-4a84-b163-7262b02563c2": { "id": "e1a492f6-8248-4a84-b163-7262b02563c2", "title": "MBE eShip <= 2.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MBE eShip", "slug": "mail-boxes-etc", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1a492f6-8248-4a84-b163-7262b02563c2?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1af37ed-fcc6-479c-8c53-25ccb9a8659f": { "id": "e1af37ed-fcc6-479c-8c53-25ccb9a8659f", "title": "Responsive Addons \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.", "slug": "responsive-add-ons", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1af37ed-fcc6-479c-8c53-25ccb9a8659f?source=api-scan" ], "published": "2024-06-04 18:19:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1bcebb3-920b-40cc-aa5c-24a1f729b28d": { "id": "e1bcebb3-920b-40cc-aa5c-24a1f729b28d", "title": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1bcebb3-920b-40cc-aa5c-24a1f729b28d?source=api-scan" ], "published": "2024-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1bdda78-e0e3-4d0b-81b8-9c018f445225": { "id": "e1bdda78-e0e3-4d0b-81b8-9c018f445225", "title": "Import any XML or CSV File to WordPress <= 3.2.3 & PRO < 4.1.1 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "WP All Import Pro", "slug": "wp-all-import-pro", "affected_versions": { "[*, 4.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.1" ] }, { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "[*, 3.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1bdda78-e0e3-4d0b-81b8-9c018f445225?source=api-scan" ], "published": "2019-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1be11c5-0a44-4816-b6bf-d330cb51dbf3": { "id": "e1be11c5-0a44-4816-b6bf-d330cb51dbf3", "title": "UpdraftPlus <= 1.23.10 - Cross-Site Request Forgery to Google Drive Storage Update", "software": [ { "type": "plugin", "name": "UpdraftPlus: WP Backup & Migration Plugin", "slug": "updraftplus", "affected_versions": { "* - 1.23.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1be11c5-0a44-4816-b6bf-d330cb51dbf3?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1c11388-fff4-4206-b7b5-3d7e3e0da16a": { "id": "e1c11388-fff4-4206-b7b5-3d7e3e0da16a", "title": "Client Logo Carousel <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Client Logo Carousel", "slug": "wp-client-logo-carousel", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1c11388-fff4-4206-b7b5-3d7e3e0da16a?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1c4b5e9-e141-4d0d-866a-ff4fb8b68dea": { "id": "e1c4b5e9-e141-4d0d-866a-ff4fb8b68dea", "title": "WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP-ShowHide", "slug": "wp-showhide", "affected_versions": { "* - 1.04": { "from_version": "*", "from_inclusive": true, "to_version": "1.04", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1c4b5e9-e141-4d0d-866a-ff4fb8b68dea?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1c97b99-ca39-45de-8df9-312ba1573e8d": { "id": "e1c97b99-ca39-45de-8df9-312ba1573e8d", "title": "Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1c97b99-ca39-45de-8df9-312ba1573e8d?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1cc3dbe-26e3-478f-9574-f57ffa0f50c3": { "id": "e1cc3dbe-26e3-478f-9574-f57ffa0f50c3", "title": "Ajax Search Lite <= 4.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ajax Search Lite", "slug": "ajax-search-lite", "affected_versions": { "* - 4.12.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.12.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.12.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1cc3dbe-26e3-478f-9574-f57ffa0f50c3?source=api-scan" ], "published": "2024-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1dbd0e2-8c6c-4127-b37c-269af3b7f71c": { "id": "e1dbd0e2-8c6c-4127-b37c-269af3b7f71c", "title": "Jetpack CRM <= 5.5.0 - Authenticated (Client+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack CRM \u2013 Clients, Leads, Invoices, Billing, Email Marketing, & Automation", "slug": "zero-bs-crm", "affected_versions": { "* - 5.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1dbd0e2-8c6c-4127-b37c-269af3b7f71c?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1dcdc7f-ae52-4c76-90db-ea136656bb0b": { "id": "e1dcdc7f-ae52-4c76-90db-ea136656bb0b", "title": "WP24 Domain Check <= 1.6.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP24 Domain Check", "slug": "wp24-domain-check", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1dcdc7f-ae52-4c76-90db-ea136656bb0b?source=api-scan" ], "published": "2021-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1e973e3-f2a2-465c-aec7-5a7d4290c00b": { "id": "e1e973e3-f2a2-465c-aec7-5a7d4290c00b", "title": "WordPress Core <= 3.5.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1e973e3-f2a2-465c-aec7-5a7d4290c00b?source=api-scan" ], "published": "2012-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1eeabdb-f1c0-49c5-9234-8ff4eaa38087": { "id": "e1eeabdb-f1c0-49c5-9234-8ff4eaa38087", "title": "WooCommerce <= 2.0.17 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 2.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1eeabdb-f1c0-49c5-9234-8ff4eaa38087?source=api-scan" ], "published": "2013-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1f0ec5c-6853-4df9-816a-1790f3dc86e0": { "id": "e1f0ec5c-6853-4df9-816a-1790f3dc86e0", "title": "WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters", "software": [ { "type": "plugin", "name": "WooPayments: Integrated WooCommerce Payments", "slug": "woocommerce-payments", "affected_versions": { "* - 5.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1f0ec5c-6853-4df9-816a-1790f3dc86e0?source=api-scan" ], "published": "2023-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1f701e5-194a-4245-855e-c3b8204d4959": { "id": "e1f701e5-194a-4245-855e-c3b8204d4959", "title": "KKProgressbar2 Free <= 1.1.4.2 - Cross-Site Request Forgery to Progress Bar Deletion", "software": [ { "type": "plugin", "name": "KKProgressbar2 Free \u2013 advanced progress bars", "slug": "kkprogressbar", "affected_versions": { "* - 1.1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1f701e5-194a-4245-855e-c3b8204d4959?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e1fc6a2e-9c91-4517-8f04-fb3ea65413b8": { "id": "e1fc6a2e-9c91-4517-8f04-fb3ea65413b8", "title": "Zengo Custom Thumbnail Image Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zengo Custom Thumbnail Image Gallery", "slug": "zengo-custom-thumbnail-image", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e1fc6a2e-9c91-4517-8f04-fb3ea65413b8?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e20082a0-dca6-4a26-919f-d59752dfbe90": { "id": "e20082a0-dca6-4a26-919f-d59752dfbe90", "title": "Visual Portfolio, Photo Gallery & Post Grid <= 2.17.1 - Unauthenticated CSS Injection", "software": [ { "type": "plugin", "name": "Visual Portfolio, Photo Gallery & Post Grid", "slug": "visual-portfolio", "affected_versions": { "* - 2.17.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e20082a0-dca6-4a26-919f-d59752dfbe90?source=api-scan" ], "published": "2022-08-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2008e0b-32c6-46fb-93b9-2b0004f478e8": { "id": "e2008e0b-32c6-46fb-93b9-2b0004f478e8", "title": "WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup", "software": [ { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] }, { "type": "plugin", "name": "WP Activity Log Premium", "slug": "wp-security-audit-log-premium", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=api-scan" ], "published": "2023-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e203fc8f-fc57-4918-8ef2-3ba6ae979d40": { "id": "e203fc8f-fc57-4918-8ef2-3ba6ae979d40", "title": "WooCommerce Conversion Tracking <= 2.0.4 - Cross-Site Request Forgery and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Conversion Tracking", "slug": "woocommerce-conversion-tracking", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e203fc8f-fc57-4918-8ef2-3ba6ae979d40?source=api-scan" ], "published": "2020-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e206ad70-c50d-46c3-b3d8-ad7305bfaa32": { "id": "e206ad70-c50d-46c3-b3d8-ad7305bfaa32", "title": "Premmerce Permalink Manager for WooCommerce <= 2.3.10 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Premmerce Permalink Manager for WooCommerce", "slug": "woo-permalink-manager", "affected_versions": { "* - 2.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e206ad70-c50d-46c3-b3d8-ad7305bfaa32?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e20fe2b7-4396-465e-be41-d4e8a069bb74": { "id": "e20fe2b7-4396-465e-be41-d4e8a069bb74", "title": "Image\/Banner Widget <= 1.4.5 - Authenticated (Administrator+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image\/Banner Widget", "slug": "image-banner-widget", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e20fe2b7-4396-465e-be41-d4e8a069bb74?source=api-scan" ], "published": "2022-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e20feb23-f78e-42e7-8922-e7cf37dbdcb1": { "id": "e20feb23-f78e-42e7-8922-e7cf37dbdcb1", "title": "Shortcodes by Angie Makes <= 3.46 - Missing Authorization", "software": [ { "type": "plugin", "name": "Shortcodes by Angie Makes", "slug": "wc-shortcodes", "affected_versions": { "* - 3.46": { "from_version": "*", "from_inclusive": true, "to_version": "3.46", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e20feb23-f78e-42e7-8922-e7cf37dbdcb1?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e214fadf-73fd-430f-8608-6630ce82b78c": { "id": "e214fadf-73fd-430f-8608-6630ce82b78c", "title": "Eazy Plugin Manager <= 4.1.2 - Missing Authorization via update_options", "software": [ { "type": "plugin", "name": "Eazy Plugin Manager \u2013 Powerful Plugin Management Solution for WordPress", "slug": "plugins-on-steroids", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e214fadf-73fd-430f-8608-6630ce82b78c?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2152db7-be9a-4e09-97cf-60445d87b576": { "id": "e2152db7-be9a-4e09-97cf-60445d87b576", "title": "Email Subscribers & Newsletters <= 4.2.2 - Cross-Site Request Forgery on Settings", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2152db7-be9a-4e09-97cf-60445d87b576?source=api-scan" ], "published": "2019-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e226d75f-37b2-4af2-bba0-0fd3a96cc1a0": { "id": "e226d75f-37b2-4af2-bba0-0fd3a96cc1a0", "title": "Video Gallery & Management <= 3.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plugin for WordPress", "slug": "youtube-showcase", "affected_versions": { "* - 3.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e226d75f-37b2-4af2-bba0-0fd3a96cc1a0?source=api-scan" ], "published": "2023-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2273c53-bc8a-45c7-914d-a3b934c2cb18": { "id": "e2273c53-bc8a-45c7-914d-a3b934c2cb18", "title": "Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_view", "software": [ { "type": "plugin", "name": "Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend", "slug": "views-for-wpforms-lite", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2283bd6-7d69-40b9-a1f3-56b9c71c8574": { "id": "e2283bd6-7d69-40b9-a1f3-56b9c71c8574", "title": "WooCommerce <= 3.5.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "[*, 3.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2283bd6-7d69-40b9-a1f3-56b9c71c8574?source=api-scan" ], "published": "2019-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e229ab5e-c9e3-4a7c-ac28-ba35b6abf85e": { "id": "e229ab5e-c9e3-4a7c-ac28-ba35b6abf85e", "title": "404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "404 to 301 \u2013 Redirect, Log and Notify 404 Errors", "slug": "404-to-301", "affected_versions": { "[*, 3.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e229ab5e-c9e3-4a7c-ac28-ba35b6abf85e?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2318ae9-4115-442e-9293-a9251787c5f3": { "id": "e2318ae9-4115-442e-9293-a9251787c5f3", "title": "WooCommerce Multi Currency <= 2.1.17 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Multi Currency", "slug": "woocommerce-multi-currency", "affected_versions": { "* - 2.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2318ae9-4115-442e-9293-a9251787c5f3?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e23335c9-0830-4c6b-8e0d-6897a7176ba5": { "id": "e23335c9-0830-4c6b-8e0d-6897a7176ba5", "title": "WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e23335c9-0830-4c6b-8e0d-6897a7176ba5?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2389b9c-c766-4cb7-83d6-b0ad7d2a075e": { "id": "e2389b9c-c766-4cb7-83d6-b0ad7d2a075e", "title": "No Page Comment <= 1.1 - Cross-Site-Request Forgery to Settings Change", "software": [ { "type": "plugin", "name": "No Page Comment", "slug": "no-page-comment", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2389b9c-c766-4cb7-83d6-b0ad7d2a075e?source=api-scan" ], "published": "2022-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e23bdcf9-8068-40c5-b27e-4562040068ca": { "id": "e23bdcf9-8068-40c5-b27e-4562040068ca", "title": "WP Easybooking <= 1.0.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-easybooking", "slug": "wp-easybooking", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e23bdcf9-8068-40c5-b27e-4562040068ca?source=api-scan" ], "published": "2014-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e23dcadf-5858-4b8e-8b48-d3133c40cd89": { "id": "e23dcadf-5858-4b8e-8b48-d3133c40cd89", "title": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel <= 2.2.74 - Information Exposure", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.74": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.74", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.76" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e23dcadf-5858-4b8e-8b48-d3133c40cd89?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e23e52d7-871f-46fc-bd71-60a9f50a22e1": { "id": "e23e52d7-871f-46fc-bd71-60a9f50a22e1", "title": "Buddyboss Platform <= 2.5.91 - Insecure Direct Object Reference to Authenticated (Subscriber+) Comment on Private Post", "software": [ { "type": "plugin", "name": "Buddyboss Platform", "slug": "buddyboss-platform", "affected_versions": { "* - 2.5.91": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.91", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e23e52d7-871f-46fc-bd71-60a9f50a22e1?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e23e7d66-4b57-4feb-bf77-46238bc6ce7c": { "id": "e23e7d66-4b57-4feb-bf77-46238bc6ce7c", "title": "Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Spectra Pro", "slug": "spectra-pro", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=api-scan" ], "published": "2024-05-09 18:13:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2407d25-75da-4a04-8a39-04cb1711ae33": { "id": "e2407d25-75da-4a04-8a39-04cb1711ae33", "title": "Easy Team Manager <= 1.3.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Easy Team Manager", "slug": "easy-team-manager", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2407d25-75da-4a04-8a39-04cb1711ae33?source=api-scan" ], "published": "2017-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2422f54-244c-4e69-8174-ee462a861e98": { "id": "e2422f54-244c-4e69-8174-ee462a861e98", "title": "Modular <= 2.4 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Modular", "slug": "modular", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2422f54-244c-4e69-8174-ee462a861e98?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e24339c3-f8f8-4357-9717-a3077420603a": { "id": "e24339c3-f8f8-4357-9717-a3077420603a", "title": "Total Security <= 3.4.0 - Unauthenticated Settings Change", "software": [ { "type": "plugin", "name": "Total Security", "slug": "total-security", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e24339c3-f8f8-4357-9717-a3077420603a?source=api-scan" ], "published": "2016-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e247c919-6210-4769-9022-d7f7a0178f14": { "id": "e247c919-6210-4769-9022-d7f7a0178f14", "title": "Events Manager < 5.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e247c919-6210-4769-9022-d7f7a0178f14?source=api-scan" ], "published": "2013-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e249e50b-44fb-4e68-9efa-701f4ecdcdcf": { "id": "e249e50b-44fb-4e68-9efa-701f4ecdcdcf", "title": "Easy Contact Form Builder < 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Contact Form Builder", "slug": "tidio-form", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e249e50b-44fb-4e68-9efa-701f4ecdcdcf?source=api-scan" ], "published": "2016-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e24c9e9a-4f18-41b6-a0b7-700fecb5d3e6": { "id": "e24c9e9a-4f18-41b6-a0b7-700fecb5d3e6", "title": "Sayfa Saya\u00e7 <= 2.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Sayfa Sayac", "slug": "sayfa-sayac", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e24c9e9a-4f18-41b6-a0b7-700fecb5d3e6?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e25015c9-d764-44b2-ad54-edf5d248e56c": { "id": "e25015c9-d764-44b2-ad54-edf5d248e56c", "title": "Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.0 - Information Exposure", "software": [ { "type": "plugin", "name": "Email Customizer for WooCommerce | Drag and Drop Email Templates Builder", "slug": "email-customizer-for-woocommerce", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e25015c9-d764-44b2-ad54-edf5d248e56c?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2510cee-d9d7-4b30-bf94-254a1dec9bd8": { "id": "e2510cee-d9d7-4b30-bf94-254a1dec9bd8", "title": "Awake <= 3.3 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Awake", "slug": "awake", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2510cee-d9d7-4b30-bf94-254a1dec9bd8?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e252f833-3b0c-44df-969d-aff9314133b7": { "id": "e252f833-3b0c-44df-969d-aff9314133b7", "title": "So Audible Cloud Music Player <= 0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "So Audible Cloud Music Player", "slug": "so-audible", "affected_versions": { "* - 0.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e252f833-3b0c-44df-969d-aff9314133b7?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e25f524e-360d-4c80-a0ab-90ee94825b1b": { "id": "e25f524e-360d-4c80-a0ab-90ee94825b1b", "title": "WP-Polls <= 2.70 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-Polls", "slug": "wp-polls", "affected_versions": { "* - 2.70": { "from_version": "*", "from_inclusive": true, "to_version": "2.70", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.71" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e25f524e-360d-4c80-a0ab-90ee94825b1b?source=api-scan" ], "published": "2015-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e264af7c-84bb-4bfa-a433-39dd94a9d83b": { "id": "e264af7c-84bb-4bfa-a433-39dd94a9d83b", "title": "Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via html_tag", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "0.1.0 - 3.1.3": { "from_version": "0.1.0", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e264af7c-84bb-4bfa-a433-39dd94a9d83b?source=api-scan" ], "published": "2021-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e26a1c7c-8c4d-450d-bbfa-6ab1af4bceba": { "id": "e26a1c7c-8c4d-450d-bbfa-6ab1af4bceba", "title": "Tevolution < 2.3.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Tevolution", "slug": "Tevolution", "affected_versions": { "[*, 2.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e26a1c7c-8c4d-450d-bbfa-6ab1af4bceba?source=api-scan" ], "published": "2016-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e26a438d-7e2d-47de-81f2-39731ce51bd6": { "id": "e26a438d-7e2d-47de-81f2-39731ce51bd6", "title": "Language Bar Flags <= 1.0.8 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Language Bar Flags", "slug": "language-bar-flags", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e26a438d-7e2d-47de-81f2-39731ce51bd6?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e26b7e73-2d04-493a-a7d9-2276bc0e1ba8": { "id": "e26b7e73-2d04-493a-a7d9-2276bc0e1ba8", "title": "Better Find and Replace <= 1.3.5 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Better Find and Replace", "slug": "real-time-auto-find-and-replace", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e26b7e73-2d04-493a-a7d9-2276bc0e1ba8?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e26ccd06-22e0-4d91-a53a-df6ead8a8e3b": { "id": "e26ccd06-22e0-4d91-a53a-df6ead8a8e3b", "title": "CRM and Lead Management by vcita <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CRM and Lead Management by vcita", "slug": "crm-customer-relationship-management-by-vcita", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e26ccd06-22e0-4d91-a53a-df6ead8a8e3b?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e26d4914-23fd-4e93-a08a-7e9dd5222a73": { "id": "e26d4914-23fd-4e93-a08a-7e9dd5222a73", "title": "Nexter <= 2.0.3 - Missing Authorization", "software": [ { "type": "theme", "name": "Nexter", "slug": "nexter", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e26d4914-23fd-4e93-a08a-7e9dd5222a73?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2719afc-e52c-4fcc-b030-2f6aaddb5ab9": { "id": "e2719afc-e52c-4fcc-b030-2f6aaddb5ab9", "title": "Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2719afc-e52c-4fcc-b030-2f6aaddb5ab9?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e271effa-2c40-4635-ad6b-ca82b4742567": { "id": "e271effa-2c40-4635-ad6b-ca82b4742567", "title": "Poll Maker < 3.4.2 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e271effa-2c40-4635-ad6b-ca82b4742567?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e27634f8-493b-4edb-a0c7-1bc8890b70f0": { "id": "e27634f8-493b-4edb-a0c7-1bc8890b70f0", "title": "Parcel Tracker eCourier <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Parcel Tracker eCourier", "slug": "parcel-tracker-ecourier", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e27634f8-493b-4edb-a0c7-1bc8890b70f0?source=api-scan" ], "published": "2021-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e276cc49-2da1-4e2f-bb64-28ffe6ec9acf": { "id": "e276cc49-2da1-4e2f-bb64-28ffe6ec9acf", "title": "Private Google Calendars <= 20231125 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Private Google Calendars", "slug": "private-google-calendars", "affected_versions": { "* - 20231125": { "from_version": "*", "from_inclusive": true, "to_version": "20231125", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e276cc49-2da1-4e2f-bb64-28ffe6ec9acf?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e27825b9-c3ef-4740-bd19-7198c806c70b": { "id": "e27825b9-c3ef-4740-bd19-7198c806c70b", "title": "intimate Payments Plugin <= 1.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "intimate Payments Plugin", "slug": "intimate-io-cryptocurrency-payments", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e27825b9-c3ef-4740-bd19-7198c806c70b?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e278df67-e4d3-416c-ac7d-6e43442dde17": { "id": "e278df67-e4d3-416c-ac7d-6e43442dde17", "title": "[GWA] AutoResponder <= 2.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "[GWA] AutoResponder", "slug": "autoresponder-gwa", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e278df67-e4d3-416c-ac7d-6e43442dde17?source=api-scan" ], "published": "2022-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2793547-5edf-4d2a-bc3b-fcaeed62963d": { "id": "e2793547-5edf-4d2a-bc3b-fcaeed62963d", "title": "All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode", "software": [ { "type": "plugin", "name": "All-in-One Video Gallery", "slug": "all-in-one-video-gallery", "affected_versions": { "* - 3.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2793547-5edf-4d2a-bc3b-fcaeed62963d?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2795202-64e6-488b-a0e1-da2923f6f791": { "id": "e2795202-64e6-488b-a0e1-da2923f6f791", "title": "Marketing Twitter Bot <= 1.11 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Marketing Twitter Bot", "slug": "wordpress-twitterbot", "affected_versions": { "* - 1.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2795202-64e6-488b-a0e1-da2923f6f791?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e279f923-e30d-45b6-9734-2bd50731c33c": { "id": "e279f923-e30d-45b6-9734-2bd50731c33c", "title": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads <= 2.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads", "slug": "insert-php", "affected_versions": { "* - 2.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e279f923-e30d-45b6-9734-2bd50731c33c?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e27c1d20-cef7-4801-beb9-adaeb1b95145": { "id": "e27c1d20-cef7-4801-beb9-adaeb1b95145", "title": "Membership Simplified <= 1.58 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "Membership Simplified", "slug": "membership-simplified-for-oap-members-only", "affected_versions": { "* - 1.58": { "from_version": "*", "from_inclusive": true, "to_version": "1.58", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e27c1d20-cef7-4801-beb9-adaeb1b95145?source=api-scan" ], "published": "2017-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2876c97-a612-4c0f-b094-3233768703b1": { "id": "e2876c97-a612-4c0f-b094-3233768703b1", "title": "SP Rental Manager <= 1.5.3 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "SP Rental Manager", "slug": "sp-rental-manager", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2876c97-a612-4c0f-b094-3233768703b1?source=api-scan" ], "published": "2021-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e287e85d-8687-4079-99ea-92718031f343": { "id": "e287e85d-8687-4079-99ea-92718031f343", "title": "Elementor Contact Form DB <= 1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form DB \u2013 Elementor", "slug": "sb-elementor-contact-form-db", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e287e85d-8687-4079-99ea-92718031f343?source=api-scan" ], "published": "2021-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e28b78c3-c370-4076-836e-9f61acba064c": { "id": "e28b78c3-c370-4076-836e-9f61acba064c", "title": "Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget", "software": [ { "type": "plugin", "name": "Elementor Addons by Livemesh", "slug": "addons-for-elementor", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e28b78c3-c370-4076-836e-9f61acba064c?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e28caf56-b0b0-49dc-8489-ad5d4d8d7cfd": { "id": "e28caf56-b0b0-49dc-8489-ad5d4d8d7cfd", "title": "Simple Photoswipe <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Photoswipe", "slug": "simple-photoswipe", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e28caf56-b0b0-49dc-8489-ad5d4d8d7cfd?source=api-scan" ], "published": "2024-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e28f0ff6-eee3-45bb-be7e-91e2349a91d5": { "id": "e28f0ff6-eee3-45bb-be7e-91e2349a91d5", "title": "tarteaucitron.js \u2013 Cookies legislation & GDPR <= 1.5.4 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "tarteaucitron.js \u2013 Cookies legislation & GDPR", "slug": "tarteaucitronjs", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e28f0ff6-eee3-45bb-be7e-91e2349a91d5?source=api-scan" ], "published": "2021-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e292e704-4b98-4e95-ac25-29cedcf005c7": { "id": "e292e704-4b98-4e95-ac25-29cedcf005c7", "title": "Blue Memories <= 1.5 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blue Memories", "slug": "blue-memories", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e292e704-4b98-4e95-ac25-29cedcf005c7?source=api-scan" ], "published": "2007-08-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2945971-80c6-44a2-bc65-1243af365692": { "id": "e2945971-80c6-44a2-bc65-1243af365692", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in save_admin_widgets function", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "* - 1.5.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2945971-80c6-44a2-bc65-1243af365692?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e298663b-746c-40fc-a2ca-cb35d472baab": { "id": "e298663b-746c-40fc-a2ca-cb35d472baab", "title": "Amazon Auto Links <= 4.6.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin", "slug": "amazon-auto-links", "affected_versions": { "* - 4.6.19": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e298663b-746c-40fc-a2ca-cb35d472baab?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e29dac44-5c85-4f73-ae96-4bc0deca64f4": { "id": "e29dac44-5c85-4f73-ae96-4bc0deca64f4", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'bulkDelete' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e29dac44-5c85-4f73-ae96-4bc0deca64f4?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2b020c3-0eb9-4ff1-b94e-e32452695b5d": { "id": "e2b020c3-0eb9-4ff1-b94e-e32452695b5d", "title": "Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Copy or Move Comments", "slug": "copy-or-move-comments", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2b020c3-0eb9-4ff1-b94e-e32452695b5d?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2b16b9c-48c7-4370-839b-696797ff2101": { "id": "e2b16b9c-48c7-4370-839b-696797ff2101", "title": "WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.24.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.24.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.24.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2b16b9c-48c7-4370-839b-696797ff2101?source=api-scan" ], "published": "2024-08-15 16:20:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2b2a90f-7a0a-4150-8a24-14b2ed11663e": { "id": "e2b2a90f-7a0a-4150-8a24-14b2ed11663e", "title": "Tutor LMS <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2b2a90f-7a0a-4150-8a24-14b2ed11663e?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2b9b6f4-6ee7-498d-9693-a5ae5f7f4719": { "id": "e2b9b6f4-6ee7-498d-9693-a5ae5f7f4719", "title": "Baidu Tongji generator <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Baidu Tongji generator", "slug": "baidu-tongji-generator", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2b9b6f4-6ee7-498d-9693-a5ae5f7f4719?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2bd8eec-5984-42f8-ba9a-ce61bf7cd440": { "id": "e2bd8eec-5984-42f8-ba9a-ce61bf7cd440", "title": "Organization chart <= 1.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Organization chart", "slug": "organization-chart", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2bd8eec-5984-42f8-ba9a-ce61bf7cd440?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2c11005-dcb3-40b3-863a-0612132acb08": { "id": "e2c11005-dcb3-40b3-863a-0612132acb08", "title": "Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "[*, 3.9.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2c11005-dcb3-40b3-863a-0612132acb08?source=api-scan" ], "published": "2015-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2c1606e-b6b6-4f7d-8473-1015677ded7c": { "id": "e2c1606e-b6b6-4f7d-8473-1015677ded7c", "title": "WP EasyPay <= 4.0.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP EasyPay \u2013 Square for WordPress", "slug": "wp-easy-pay", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2c1606e-b6b6-4f7d-8473-1015677ded7c?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2c837b9-c205-4fdc-8305-b9387dedd581": { "id": "e2c837b9-c205-4fdc-8305-b9387dedd581", "title": "Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 9.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "9.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2c837b9-c205-4fdc-8305-b9387dedd581?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2c9f6a5-8698-4452-bf0a-c1d796b2fdad": { "id": "e2c9f6a5-8698-4452-bf0a-c1d796b2fdad", "title": "Calculated Fields Form <= 5.2.45 - HTML Injection", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 5.2.45": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2c9f6a5-8698-4452-bf0a-c1d796b2fdad?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2cc2776-9496-42b5-a242-c572ae5462fb": { "id": "e2cc2776-9496-42b5-a242-c572ae5462fb", "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.7.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2cc2776-9496-42b5-a242-c572ae5462fb?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2ce98c3-b0a5-4b6b-ac3c-26e0a3195944": { "id": "e2ce98c3-b0a5-4b6b-ac3c-26e0a3195944", "title": "Contact Us Page \u2013 Contact People <= 3.6.1 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "plugin", "name": "Contact Us Page \u2013 Contact People", "slug": "contact-us-page-contact-people", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2ce98c3-b0a5-4b6b-ac3c-26e0a3195944?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2d29afd-06e8-461a-918f-38228441a51a": { "id": "e2d29afd-06e8-461a-918f-38228441a51a", "title": "Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2d29afd-06e8-461a-918f-38228441a51a?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2d46ac3-6751-475d-8d91-eabbc27a6295": { "id": "e2d46ac3-6751-475d-8d91-eabbc27a6295", "title": "Brute Force Login Protection <= 1.5.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Brute Force Login Protection", "slug": "brute-force-login-protection", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2d46ac3-6751-475d-8d91-eabbc27a6295?source=api-scan" ], "published": "2015-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2defe79-137f-45a0-85a1-f61dce9afd28": { "id": "e2defe79-137f-45a0-85a1-f61dce9afd28", "title": "WP LMS \u2013 Best WordPress LMS Plugin <= 1.1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Learn Manager", "slug": "learn-manager", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2defe79-137f-45a0-85a1-f61dce9afd28?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2e2f446-5391-4189-8c9c-3be2459808d0": { "id": "e2e2f446-5391-4189-8c9c-3be2459808d0", "title": "Social Slider Feed <= 2.0.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social Slider Feed", "slug": "instagram-slider-widget", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2e2f446-5391-4189-8c9c-3be2459808d0?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2e39fe4-8c22-4da6-8cb6-737ddd4dc36e": { "id": "e2e39fe4-8c22-4da6-8cb6-737ddd4dc36e", "title": "Elementor Website Builder <= 2.9.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 2.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2e39fe4-8c22-4da6-8cb6-737ddd4dc36e?source=api-scan" ], "published": "2020-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2e62675-e3d5-4545-bb80-0330da966368": { "id": "e2e62675-e3d5-4545-bb80-0330da966368", "title": "Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real-Time Find and Replace", "slug": "real-time-find-and-replace", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2e62675-e3d5-4545-bb80-0330da966368?source=api-scan" ], "published": "2020-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2e8d217-51a7-4653-bb23-c53f5c75cb85": { "id": "e2e8d217-51a7-4653-bb23-c53f5c75cb85", "title": "Product Slider for WooCommerce <= 2.5.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Carousel, Product Slider, Product Grid Gallery, and Product Table for WooCommerce \u2013 WooProduct Slider", "slug": "woo-product-slider", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2e8d217-51a7-4653-bb23-c53f5c75cb85?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2e96557-7341-4da9-81ca-2bd17a85559e": { "id": "e2e96557-7341-4da9-81ca-2bd17a85559e", "title": "Frontend Dashboard <= 2.2.2 -", "software": [ { "type": "plugin", "name": "Frontend Dashboard", "slug": "frontend-dashboard", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2e96557-7341-4da9-81ca-2bd17a85559e?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2edeb63-56ad-45e7-9e85-cdf0a8ef41e7": { "id": "e2edeb63-56ad-45e7-9e85-cdf0a8ef41e7", "title": "FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "* - 2.4.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2edeb63-56ad-45e7-9e85-cdf0a8ef41e7?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2f19051-fe80-469c-a514-ec3a848a4015": { "id": "e2f19051-fe80-469c-a514-ec3a848a4015", "title": "Graphene <= 2.9.2 - Missing Authorization", "software": [ { "type": "theme", "name": "Graphene", "slug": "graphene", "affected_versions": { "* - 2.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2f19051-fe80-469c-a514-ec3a848a4015?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2f57c50-f6d1-4583-a75e-17c543ed7fa6": { "id": "e2f57c50-f6d1-4583-a75e-17c543ed7fa6", "title": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2f57c50-f6d1-4583-a75e-17c543ed7fa6?source=api-scan" ], "published": "2013-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2f5a49a-117a-473c-8853-ed292eece620": { "id": "e2f5a49a-117a-473c-8853-ed292eece620", "title": "Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Contact Form Builder & Lead Generation Plugin", "slug": "lead-form-builder", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2f5a49a-117a-473c-8853-ed292eece620?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2f8cdd3-f873-42bd-9891-a63a398df846": { "id": "e2f8cdd3-f873-42bd-9891-a63a398df846", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.3.1 - Email Spoofing", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2f8cdd3-f873-42bd-9891-a63a398df846?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2f94d61-a3ec-4e25-bbd0-651b553b9c7c": { "id": "e2f94d61-a3ec-4e25-bbd0-651b553b9c7c", "title": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "OpenID Connect Generic Client", "slug": "daggerhart-openid-connect-generic", "affected_versions": { "[3.8.0, 3.8.2)": { "from_version": "3.8.0", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2f94d61-a3ec-4e25-bbd0-651b553b9c7c?source=api-scan" ], "published": "2021-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e2f9b5ae-bbb9-4b1d-8762-6889a9b8a209": { "id": "e2f9b5ae-bbb9-4b1d-8762-6889a9b8a209", "title": "Realtyna Organic IDX plugin <= 4.14.13 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Realtyna Organic IDX plugin + WPL Real Estate", "slug": "real-estate-listing-realtyna-wpl", "affected_versions": { "* - 4.14.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e2f9b5ae-bbb9-4b1d-8762-6889a9b8a209?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e30187da-c25d-4651-a32d-abdc6da53978": { "id": "e30187da-c25d-4651-a32d-abdc6da53978", "title": "Contact Form With Captcha <= 1.6.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form With Captcha", "slug": "contact-form-with-captcha", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e30187da-c25d-4651-a32d-abdc6da53978?source=api-scan" ], "published": "2021-11-29 12:43:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e30b62de-7280-4c29-b882-dfa83e65966b": { "id": "e30b62de-7280-4c29-b882-dfa83e65966b", "title": "Web3 \u2013 Crypto wallet Login & NFT token gating <= 2.6.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Web3 \u2013 Crypto wallet Login & NFT token gating", "slug": "web3-authentication", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e30b62de-7280-4c29-b882-dfa83e65966b?source=api-scan" ], "published": "2023-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e30e4615-f9b6-4ff6-a227-82cace868f93": { "id": "e30e4615-f9b6-4ff6-a227-82cace868f93", "title": "WCFM \u2013 Frontend Manager for WooCommerce <= 6.7.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible", "slug": "wc-frontend-manager", "affected_versions": { "* - 6.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e30e4615-f9b6-4ff6-a227-82cace868f93?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e30e64e7-5de9-4eb3-914f-457daa6f3fe5": { "id": "e30e64e7-5de9-4eb3-914f-457daa6f3fe5", "title": "WooCommerce Google Sheet Connector <= 1.3.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce Google Sheet Connector", "slug": "wc-gsheetconnector", "affected_versions": { "* - 1.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e30e64e7-5de9-4eb3-914f-457daa6f3fe5?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e30fe90a-774c-41ba-b28e-8b8128fd72cc": { "id": "e30fe90a-774c-41ba-b28e-8b8128fd72cc", "title": "Modal Survey <= 2.0.1.8 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Modal Survey - WordPress Poll, Survey & Quiz Plugin", "slug": "modal_survey", "affected_versions": { "* - 2.0.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e30fe90a-774c-41ba-b28e-8b8128fd72cc?source=api-scan" ], "published": "2021-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e312db9f-8f02-4c7e-9d49-553a154c95a4": { "id": "e312db9f-8f02-4c7e-9d49-553a154c95a4", "title": "Activello <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Activello", "slug": "activello", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e312db9f-8f02-4c7e-9d49-553a154c95a4?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3147a94-056a-4454-8815-44c0b9d1de81": { "id": "e3147a94-056a-4454-8815-44c0b9d1de81", "title": "decode-uri-component <= 0.2.1 - Denial of Service", "software": [ { "type": "plugin", "name": "Autopost for X (formerly Autoshare for Twitter)", "slug": "autoshare-for-twitter", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3147a94-056a-4454-8815-44c0b9d1de81?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e31bf122-e3b0-43d4-afff-f3baf3aa53e6": { "id": "e31bf122-e3b0-43d4-afff-f3baf3aa53e6", "title": "Shantz WordPress QOTD <= 1.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Shantz WordPress QOTD", "slug": "shantz-wordpress-qotd", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e31bf122-e3b0-43d4-afff-f3baf3aa53e6?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e31d8218-5e04-44a1-89aa-f93e9677680b": { "id": "e31d8218-5e04-44a1-89aa-f93e9677680b", "title": "Quiz And Survey Master <= 8.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 8.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e31d8218-5e04-44a1-89aa-f93e9677680b?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e324cd49-beaf-44bf-8890-5377731f0cc5": { "id": "e324cd49-beaf-44bf-8890-5377731f0cc5", "title": "Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Proof (Testimonial) Slider", "slug": "social-proof-testimonials-slider", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e324cd49-beaf-44bf-8890-5377731f0cc5?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e32a2644-df8a-4aea-8e70-49ab3075be9e": { "id": "e32a2644-df8a-4aea-8e70-49ab3075be9e", "title": "Gwolle Guestbook <= 1.5.3 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Gwolle Guestbook", "slug": "gwolle-gb", "affected_versions": { "[*, 1.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e32a2644-df8a-4aea-8e70-49ab3075be9e?source=api-scan" ], "published": "2015-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e32a4038-0f67-48b3-80c9-94d279752c31": { "id": "e32a4038-0f67-48b3-80c9-94d279752c31", "title": "Lightbox < 1.6.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "lightbox", "slug": "lightbox", "affected_versions": { "[*, 1.6.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e32a4038-0f67-48b3-80c9-94d279752c31?source=api-scan" ], "published": "2016-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e32d9104-5a39-4455-b76a-e24ae787bdfd": { "id": "e32d9104-5a39-4455-b76a-e24ae787bdfd", "title": "GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "* - 2.33.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.33.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e32d9104-5a39-4455-b76a-e24ae787bdfd?source=api-scan" ], "published": "2023-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e340f400-1d20-4fa1-9cc7-8c0f49075bc0": { "id": "e340f400-1d20-4fa1-9cc7-8c0f49075bc0", "title": "Elementor Pro <= 2.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "[*, 2.0.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e340f400-1d20-4fa1-9cc7-8c0f49075bc0?source=api-scan" ], "published": "2018-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e349f07d-a520-4700-a6e0-25e68c1deeae": { "id": "e349f07d-a520-4700-a6e0-25e68c1deeae", "title": "Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress", "slug": "burst-statistics", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e349f07d-a520-4700-a6e0-25e68c1deeae?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e34b6ae5-1370-4058-95dd-5686978ca45b": { "id": "e34b6ae5-1370-4058-95dd-5686978ca45b", "title": "PageLayer <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e34b6ae5-1370-4058-95dd-5686978ca45b?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e353a269-c7f5-4b6a-9f9e-be459ead0335": { "id": "e353a269-c7f5-4b6a-9f9e-be459ead0335", "title": "WooCommerce Upload Files <= 59.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WooCommerce Upload Files", "slug": "woocommerce-upload-files", "affected_versions": { "[*, 59.4)": { "from_version": "*", "from_inclusive": true, "to_version": "59.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "59.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e353a269-c7f5-4b6a-9f9e-be459ead0335?source=api-scan" ], "published": "2021-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e353d938-8844-41dc-96dc-7e2facf96446": { "id": "e353d938-8844-41dc-96dc-7e2facf96446", "title": "Enqueue Anything <= 1.0.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Enqueue Anything", "slug": "enqueue-anything", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e353d938-8844-41dc-96dc-7e2facf96446?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3551218-e272-4c96-94fe-9db0aee0d4f4": { "id": "e3551218-e272-4c96-94fe-9db0aee0d4f4", "title": "Build App Online <= 1.0.20 - Missing Authorization Authenticated(Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Build App Online", "slug": "build-app-online", "affected_versions": { "* - 1.0.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3551218-e272-4c96-94fe-9db0aee0d4f4?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e358355e-097c-4a6d-a21a-3d08098efff0": { "id": "e358355e-097c-4a6d-a21a-3d08098efff0", "title": "W3SPEEDSTER <= 7.19 - Cross-Site Request Forgery via launch", "software": [ { "type": "plugin", "name": "W3SPEEDSTER", "slug": "w3speedster-wp", "affected_versions": { "* - 7.19": { "from_version": "*", "from_inclusive": true, "to_version": "7.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e358355e-097c-4a6d-a21a-3d08098efff0?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e358c32d-6d0b-421d-9746-aafa1252dcea": { "id": "e358c32d-6d0b-421d-9746-aafa1252dcea", "title": "Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Site Kit by Google \u2013 Analytics, Search Console, AdSense, Speed", "slug": "google-site-kit", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e358c32d-6d0b-421d-9746-aafa1252dcea?source=api-scan" ], "published": "2020-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3593dfd-7b2a-4d01-8af0-725b444dc81b": { "id": "e3593dfd-7b2a-4d01-8af0-725b444dc81b", "title": "Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 6.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.5" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "* - 6.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3593dfd-7b2a-4d01-8af0-725b444dc81b?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e35be8ee-81a3-42ce-8304-992bc75663fd": { "id": "e35be8ee-81a3-42ce-8304-992bc75663fd", "title": "wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Privacy Change", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e35be8ee-81a3-42ce-8304-992bc75663fd?source=api-scan" ], "published": "2022-11-26 09:52:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e363c09a-4381-4b3a-951c-9a0ff5669016": { "id": "e363c09a-4381-4b3a-951c-9a0ff5669016", "title": "WordPress Core < 6.5.2 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "6.0 - 6.0.7": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.7", "to_inclusive": true }, "6.1 - 6.1.5": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": true }, "6.2 - 6.2.4": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.4", "to_inclusive": true }, "6.3 - 6.3.3": { "from_version": "6.3", "from_inclusive": true, "to_version": "6.3.3", "to_inclusive": true }, "6.4 - 6.4.3": { "from_version": "6.4", "from_inclusive": true, "to_version": "6.4.3", "to_inclusive": true }, "6.5 - 6.5.1": { "from_version": "6.5", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.8", "6.1.6", "6.2.5", "6.3.4", "6.4.4", "6.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e363c09a-4381-4b3a-951c-9a0ff5669016?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e36df7b7-fcbc-4e5d-812c-861bfe8abb55": { "id": "e36df7b7-fcbc-4e5d-812c-861bfe8abb55", "title": "WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Google Sheet Connector", "slug": "wc-gsheetconnector", "affected_versions": { "* - 1.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e36e5099-c5ff-4794-b7df-25d8eab27bac": { "id": "e36e5099-c5ff-4794-b7df-25d8eab27bac", "title": "Metricool <= 1.17 - Authenticated (Administrator+) Stored Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Metricool", "slug": "metricool", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e36e5099-c5ff-4794-b7df-25d8eab27bac?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e36eed5b-f76d-451e-a0f8-fd4b91bcf9f1": { "id": "e36eed5b-f76d-451e-a0f8-fd4b91bcf9f1", "title": "Ebook Store <= 5.8001 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ebook Store", "slug": "ebook-store", "affected_versions": { "* - 5.8001": { "from_version": "*", "from_inclusive": true, "to_version": "5.8001", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e36eed5b-f76d-451e-a0f8-fd4b91bcf9f1?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3702936-9ae2-4efb-bdfe-9e1dfceb246b": { "id": "e3702936-9ae2-4efb-bdfe-9e1dfceb246b", "title": "Protect uploads <= 0.3 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Protect uploads", "slug": "protect-uploads", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3702936-9ae2-4efb-bdfe-9e1dfceb246b?source=api-scan" ], "published": "2022-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3820f80-9b80-4672-b2ff-3864793d2de2": { "id": "e3820f80-9b80-4672-b2ff-3864793d2de2", "title": "Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3820f80-9b80-4672-b2ff-3864793d2de2?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3891928-3780-426b-ae9c-e57b05ab3718": { "id": "e3891928-3780-426b-ae9c-e57b05ab3718", "title": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via bg_color parameter", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3891928-3780-426b-ae9c-e57b05ab3718?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e39044c6-8b72-478d-a762-418b2c58429a": { "id": "e39044c6-8b72-478d-a762-418b2c58429a", "title": "Appointment Hour Booking \u2013 WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "[*, 1.1.46)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.46", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e39044c6-8b72-478d-a762-418b2c58429a?source=api-scan" ], "published": "2019-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e39810d7-260f-4729-9b11-69dba0e16684": { "id": "e39810d7-260f-4729-9b11-69dba0e16684", "title": "Mail Masta <= 1.0 - SQL Injection via filter_list parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e39810d7-260f-4729-9b11-69dba0e16684?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e399153e-8a13-4e1b-bcfa-2d7864c6828b": { "id": "e399153e-8a13-4e1b-bcfa-2d7864c6828b", "title": "WP Prayer II <= 2.4.7 - Cross-Site Request Forgery to Email Settings Update", "software": [ { "type": "plugin", "name": "Prayer", "slug": "wp-prayers-request", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e399153e-8a13-4e1b-bcfa-2d7864c6828b?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e39d3ec1-b1a5-4176-88ac-432d91dbf621": { "id": "e39d3ec1-b1a5-4176-88ac-432d91dbf621", "title": "Leadinfo <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Leadinfo", "slug": "leadinfo", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e39d3ec1-b1a5-4176-88ac-432d91dbf621?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3a70510-51c8-49c3-933b-79e79dfb8611": { "id": "e3a70510-51c8-49c3-933b-79e79dfb8611", "title": "WPZOOM Social Feed Widget & Block <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion", "software": [ { "type": "plugin", "name": "WPZOOM Social Feed Widget & Block", "slug": "instagram-widget-by-wpzoom", "affected_versions": { "* - 2.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3a70510-51c8-49c3-933b-79e79dfb8611?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3a7e0b6-dc6d-4e3a-bb05-12d6ace330df": { "id": "e3a7e0b6-dc6d-4e3a-bb05-12d6ace330df", "title": "BigCommerce <= 5.1.0 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "BigCommerce For WordPress", "slug": "bigcommerce", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3a7e0b6-dc6d-4e3a-bb05-12d6ace330df?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3a8f554-7cb6-40b7-b83c-819e7785058a": { "id": "e3a8f554-7cb6-40b7-b83c-819e7785058a", "title": "HyperComments <= 1.2.2 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "HyperComments", "slug": "hypercomments", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3a8f554-7cb6-40b7-b83c-819e7785058a?source=api-scan" ], "published": "2020-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3ab817c-3677-4251-adaf-f340bf4c5336": { "id": "e3ab817c-3677-4251-adaf-f340bf4c5336", "title": "DBargain <= 3.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "D-Bargain", "slug": "d-bargain", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3ab817c-3677-4251-adaf-f340bf4c5336?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3adcb85-efc5-429c-8a06-9bfb472d668f": { "id": "e3adcb85-efc5-429c-8a06-9bfb472d668f", "title": "Easy Digital Downloads <= 3.1.1.4.2 - Cross-Site Request Forgery via edd_trigger_upgrades", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3adcb85-efc5-429c-8a06-9bfb472d668f?source=api-scan" ], "published": "2023-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3afaa85-9eb5-4cc4-883a-11d42504a8e1": { "id": "e3afaa85-9eb5-4cc4-883a-11d42504a8e1", "title": "Droit Dark Mode <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Droit Dark Mode", "slug": "droit-dark-mode", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3afaa85-9eb5-4cc4-883a-11d42504a8e1?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3b3ce65-b226-4b93-ab0c-984f774454f7": { "id": "e3b3ce65-b226-4b93-ab0c-984f774454f7", "title": "Image Source Control <= 2.17.0 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "Image Source Control Lite \u2013 Show Image Credits and Captions", "slug": "image-source-control-isc", "affected_versions": { "* - 2.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.17.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3b3ce65-b226-4b93-ab0c-984f774454f7?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3b916dc-3b94-4319-a805-0ea99d14429f": { "id": "e3b916dc-3b94-4319-a805-0ea99d14429f", "title": "RSS Aggregator by Feedzy <= 3.4.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator", "slug": "feedzy-rss-feeds", "affected_versions": { "[*, 3.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3b916dc-3b94-4319-a805-0ea99d14429f?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3bcc0aa-281f-4c59-b3de-dde4277cc989": { "id": "e3bcc0aa-281f-4c59-b3de-dde4277cc989", "title": "WordPress Infinite Scroll \u2013 Ajax Load More <= 6.1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 6.1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3bcc0aa-281f-4c59-b3de-dde4277cc989?source=api-scan" ], "published": "2023-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3c371fc-4cf0-478e-b6ae-3bb258c5062e": { "id": "e3c371fc-4cf0-478e-b6ae-3bb258c5062e", "title": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List <= 2.6.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List", "slug": "cryptocurrency-price-ticker-widget", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3c371fc-4cf0-478e-b6ae-3bb258c5062e?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de": { "id": "e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de", "title": "Coming Soon Page & Maintenance Mode <= 2.2.1 - Maintenance Mode Bypass", "software": [ { "type": "plugin", "name": "Coming Soon Page & Maintenance Mode", "slug": "responsive-coming-soon", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3c52da7-ddfb-4c47-b8d2-2e1db6ec3946": { "id": "e3c52da7-ddfb-4c47-b8d2-2e1db6ec3946", "title": "Stop User Enumeration plugin <1.3.9 - User Enumeration", "software": [ { "type": "plugin", "name": "Stop User Enumeration", "slug": "stop-user-enumeration", "affected_versions": { "[*, 1.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3c52da7-ddfb-4c47-b8d2-2e1db6ec3946?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3cc99df-b709-40e7-a911-ea19f5af2c82": { "id": "e3cc99df-b709-40e7-a911-ea19f5af2c82", "title": "Easy2Map <= 1.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy2Map", "slug": "easy2map", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3cc99df-b709-40e7-a911-ea19f5af2c82?source=api-scan" ], "published": "2015-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3ce0eca-5ec3-4af9-bc83-2f973b18e7f7": { "id": "e3ce0eca-5ec3-4af9-bc83-2f973b18e7f7", "title": "PlugNedit Adaptive Editor < 6.2.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "plugnedit", "slug": "plugnedit", "affected_versions": { "[*, 6.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3ce0eca-5ec3-4af9-bc83-2f973b18e7f7?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3d21ebb-52de-4b25-b9e9-5d6f3284cf94": { "id": "e3d21ebb-52de-4b25-b9e9-5d6f3284cf94", "title": "Lava Directory Manager <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Lava Directory Manager", "slug": "lava-directory-manager", "affected_versions": { "* - 1.1.34": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.34", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3d21ebb-52de-4b25-b9e9-5d6f3284cf94?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3dc1dd6-7f35-4771-a795-f0e37088dfda": { "id": "e3dc1dd6-7f35-4771-a795-f0e37088dfda", "title": "Image Gallery \u2013 Grid Gallery <= 1.1.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Gallery \u2013 Grid Gallery", "slug": "gallery-image-gallery-photo", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3dc1dd6-7f35-4771-a795-f0e37088dfda?source=api-scan" ], "published": "2022-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3dd3b5e-b0df-45b0-b42d-eaea765f3193": { "id": "e3dd3b5e-b0df-45b0-b42d-eaea765f3193", "title": "ImageInject <= 1.18 - Authenticated (Admin+) Stored XSS", "software": [ { "type": "plugin", "name": "ImageInject", "slug": "wp-inject", "affected_versions": { "* - 1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.18", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3dd3b5e-b0df-45b0-b42d-eaea765f3193?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3de6969-a27c-40a1-87ff-ce09a702613c": { "id": "e3de6969-a27c-40a1-87ff-ce09a702613c", "title": "WP Maintenance Mode <= 2.0.6 - Authenticated Information Disclosure", "software": [ { "type": "plugin", "name": "LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder", "slug": "wp-maintenance-mode", "affected_versions": { "[*, 2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3de6969-a27c-40a1-87ff-ce09a702613c?source=api-scan" ], "published": "2016-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3e00ae4-68a6-4835-8dd7-da5dc104feba": { "id": "e3e00ae4-68a6-4835-8dd7-da5dc104feba", "title": "Google Typography <= 1.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Google Typography", "slug": "google-typography", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3e00ae4-68a6-4835-8dd7-da5dc104feba?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3e1833e-31de-418b-bbd3-d41daa3ac9d5": { "id": "e3e1833e-31de-418b-bbd3-d41daa3ac9d5", "title": "Newsletter Manager < 1.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter Manager", "slug": "newsletter-manager", "affected_versions": { "[*, 1.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3e1833e-31de-418b-bbd3-d41daa3ac9d5?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3e2efbf-11ac-4a85-8136-cb40468089e1": { "id": "e3e2efbf-11ac-4a85-8136-cb40468089e1", "title": "Calendar <= 1.3.10 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calendar", "slug": "calendar", "affected_versions": { "[*, 1.3.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3e2efbf-11ac-4a85-8136-cb40468089e1?source=api-scan" ], "published": "2018-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3e340b8-4eed-4622-b7c4-73d5bafb7e8e": { "id": "e3e340b8-4eed-4622-b7c4-73d5bafb7e8e", "title": "Simple add pages or posts < 1.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple add pages or posts", "slug": "simple-add-pages-or-posts", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3e340b8-4eed-4622-b7c4-73d5bafb7e8e?source=api-scan" ], "published": "2016-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3e3ac84-dd82-42b0-80b9-c876731170d5": { "id": "e3e3ac84-dd82-42b0-80b9-c876731170d5", "title": "Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations", "slug": "master-addons", "affected_versions": { "* - 2.0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3e3ac84-dd82-42b0-80b9-c876731170d5?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3e3c9dc-985a-48fb-8300-add83046100a": { "id": "e3e3c9dc-985a-48fb-8300-add83046100a", "title": "Move Addons for Elementor <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Move Addons for Elementor", "slug": "move-addons", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3e3c9dc-985a-48fb-8300-add83046100a?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3ec9b11-e689-4796-8b05-59ab05a98184": { "id": "e3ec9b11-e689-4796-8b05-59ab05a98184", "title": "WP Page Builder <= 1.2.3 - Insecure Default to Unauthorized Page Editing", "software": [ { "type": "plugin", "name": "WP Page Builder", "slug": "wp-pagebuilder", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3ec9b11-e689-4796-8b05-59ab05a98184?source=api-scan" ], "published": "2021-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3eec839-9009-48de-80c8-911dc9b545ba": { "id": "e3eec839-9009-48de-80c8-911dc9b545ba", "title": "FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.5.43.7212": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.43.7212", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.45.7212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3eec839-9009-48de-80c8-911dc9b545ba?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3f05af5-35f5-4813-b8a3-bb90709af677": { "id": "e3f05af5-35f5-4813-b8a3-bb90709af677", "title": "Google Map Shortcode <= 3.1.2 - Cross-Site Request Forgery to Plugin Setting Update", "software": [ { "type": "plugin", "name": "Google Map Shortcode", "slug": "google-map-shortcode", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3f05af5-35f5-4813-b8a3-bb90709af677?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3f0a20b-d572-4040-b5b6-ede0aec4e2b0": { "id": "e3f0a20b-d572-4040-b5b6-ede0aec4e2b0", "title": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3f0a20b-d572-4040-b5b6-ede0aec4e2b0?source=api-scan" ], "published": "2024-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3f3ff3b-d621-46d4-a98a-e5ebf65ddace": { "id": "e3f3ff3b-d621-46d4-a98a-e5ebf65ddace", "title": "TweetScroll Widget <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TweetScroll Widget", "slug": "tweetscroll-widget", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3f3ff3b-d621-46d4-a98a-e5ebf65ddace?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3f59671-0db2-4acf-8e97-a0ead518bebd": { "id": "e3f59671-0db2-4acf-8e97-a0ead518bebd", "title": "Archivist \u2013 Custom Archive Templates <= 1.7.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Archivist \u2013 Custom Archive Templates", "slug": "archivist-custom-archive-templates", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3f59671-0db2-4acf-8e97-a0ead518bebd?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3f665b8-fbd5-4100-baf6-3fa99332a5dc": { "id": "e3f665b8-fbd5-4100-baf6-3fa99332a5dc", "title": "VS Contact Form <= 13.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "VS Contact Form", "slug": "very-simple-contact-form", "affected_versions": { "* - 13.9": { "from_version": "*", "from_inclusive": true, "to_version": "13.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3f665b8-fbd5-4100-baf6-3fa99332a5dc?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e3f71928-3f1d-4c15-8655-41cdfb707370": { "id": "e3f71928-3f1d-4c15-8655-41cdfb707370", "title": "Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block", "software": [ { "type": "theme", "name": "Blocksy", "slug": "blocksy", "affected_versions": { "* - 2.0.39": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e3f71928-3f1d-4c15-8655-41cdfb707370?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e40089db-25cc-4987-b976-d1f962645203": { "id": "e40089db-25cc-4987-b976-d1f962645203", "title": "SociallyViral <= 1.0.10 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "SociallyViral", "slug": "sociallyviral", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e40089db-25cc-4987-b976-d1f962645203?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e404d689-f0b5-43cc-b366-b7d6a44a9dcc": { "id": "e404d689-f0b5-43cc-b366-b7d6a44a9dcc", "title": "MaxGalleria <= 6.2.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MaxGalleria", "slug": "maxgalleria", "affected_versions": { "[*, 6.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e404d689-f0b5-43cc-b366-b7d6a44a9dcc?source=api-scan" ], "published": "2022-02-22 07:27:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4077fda-3f39-4e17-b7b8-3f1b6bf0a9e1": { "id": "e4077fda-3f39-4e17-b7b8-3f1b6bf0a9e1", "title": "ProfilePress <= 4.5.4 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4077fda-3f39-4e17-b7b8-3f1b6bf0a9e1?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e409a4af-9998-4b77-8f6b-50ae1b70da2d": { "id": "e409a4af-9998-4b77-8f6b-50ae1b70da2d", "title": "Sitemap by BestWebSoft \u2013 WordPress XML Site Map Page Generator Plugin < 3.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sitemap by BestWebSoft \u2013 WordPress XML Site Map Page Generator Plugin", "slug": "google-sitemap-plugin", "affected_versions": { "[*, 3.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e409a4af-9998-4b77-8f6b-50ae1b70da2d?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e40cba5c-455c-44ba-bba2-c825697b837a": { "id": "e40cba5c-455c-44ba-bba2-c825697b837a", "title": "Locatoraid Store Locator <= 3.9.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Locatoraid Store Locator", "slug": "locatoraid", "affected_versions": { "* - 3.9.18": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e40cba5c-455c-44ba-bba2-c825697b837a?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e40f07b5-9e6e-430b-86fc-3bb863a51b01": { "id": "e40f07b5-9e6e-430b-86fc-3bb863a51b01", "title": "WP GoToWebinar <= 14.45 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "WP GoToWebinar", "slug": "wp-gotowebinar", "affected_versions": { "* - 14.45": { "from_version": "*", "from_inclusive": true, "to_version": "14.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e40f07b5-9e6e-430b-86fc-3bb863a51b01?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e414a36f-7212-47b9-8e7f-6bf0ae6518af": { "id": "e414a36f-7212-47b9-8e7f-6bf0ae6518af", "title": "RVM - Responsive Vector Maps <= 6.4.1 - Subscriber+ Arbitrary File Read", "software": [ { "type": "plugin", "name": "RVM \u2013 Responsive Vector Maps", "slug": "responsive-vector-maps", "affected_versions": { "* - 6.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e414a36f-7212-47b9-8e7f-6bf0ae6518af?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e421cb35-e9f4-43f3-a39e-d51d197bc279": { "id": "e421cb35-e9f4-43f3-a39e-d51d197bc279", "title": "Contact Form 7 < 3.7.2 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "Contact Form 7", "slug": "contact-form-7", "affected_versions": { "[*, 3.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e421cb35-e9f4-43f3-a39e-d51d197bc279?source=api-scan" ], "published": "2014-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e42841dc-157f-45eb-8959-249326d50650": { "id": "e42841dc-157f-45eb-8959-249326d50650", "title": "MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 2.4.1 - Multiple Admin+ Cross Site Scripting", "software": [ { "type": "plugin", "name": "MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar", "slug": "mp3-music-player-by-sonaar", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e42841dc-157f-45eb-8959-249326d50650?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e42cef39-35d7-4ef5-99da-c34d3ccab667": { "id": "e42cef39-35d7-4ef5-99da-c34d3ccab667", "title": "TypeSquare Webfonts <= 2.0.7 - Missing Authorization via typesquare_admin_init()", "software": [ { "type": "plugin", "name": "TypeSquare Webfonts for \u30a8\u30c3\u30af\u30b9\u30b5\u30fc\u30d0\u30fc", "slug": "xserver-typesquare-webfonts", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e42cef39-35d7-4ef5-99da-c34d3ccab667?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e43482e1-7e11-49a6-bb44-0db421b51ed1": { "id": "e43482e1-7e11-49a6-bb44-0db421b51ed1", "title": "MobileChief \u2013 Mobile Site Builder <= 1.5.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MobileChief", "slug": "mobilechief-mobile-site-creator", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e43482e1-7e11-49a6-bb44-0db421b51ed1?source=api-scan" ], "published": "2013-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd": { "id": "e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd", "title": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html()", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e43713c7-32bd-4b82-a4da-6c02d91f3d3e": { "id": "e43713c7-32bd-4b82-a4da-6c02d91f3d3e", "title": "APIExperts Square for WooCommerce <= 4.2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WC Shop Sync \u2013 Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin", "slug": "woosquare", "affected_versions": { "* - 4.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e43713c7-32bd-4b82-a4da-6c02d91f3d3e?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e437ef90-5321-4543-a4ef-716b898315eb": { "id": "e437ef90-5321-4543-a4ef-716b898315eb", "title": "My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution", "software": [ { "type": "plugin", "name": "My wpdb", "slug": "my-wpdb", "affected_versions": { "[*, 2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e437ef90-5321-4543-a4ef-716b898315eb?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4383f41-bd08-4fab-9491-4cf9f7326300": { "id": "e4383f41-bd08-4fab-9491-4cf9f7326300", "title": "Broken Link Checker | Finder <= 2.4.2 - Missing Authorization via moblc_auth_save_settings", "software": [ { "type": "plugin", "name": "Broken Link Checker | Finder", "slug": "broken-link-finder", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4383f41-bd08-4fab-9491-4cf9f7326300?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e438a090-1a73-450d-9325-276e45eee9ee": { "id": "e438a090-1a73-450d-9325-276e45eee9ee", "title": "Gallery \u2013 Photo Albums Plugin < 1.3.03 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Gallery \u2013 Photo Albums Plugin", "slug": "easy-media-gallery", "affected_versions": { "[*, 1.3.03)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.03", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.03" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e438a090-1a73-450d-9325-276e45eee9ee?source=api-scan" ], "published": "2014-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e43fb223-8b0a-4232-8e15-43f8b38652c1": { "id": "e43fb223-8b0a-4232-8e15-43f8b38652c1", "title": "WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Smart Preloader", "slug": "wp-smart-preloader", "affected_versions": { "* - 1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e43fb223-8b0a-4232-8e15-43f8b38652c1?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4414b5d-9ce5-4378-ab41-c82ae3bebd6e": { "id": "e4414b5d-9ce5-4378-ab41-c82ae3bebd6e", "title": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", "slug": "leaflet-maps-marker", "affected_versions": { "* - 3.12.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4414b5d-9ce5-4378-ab41-c82ae3bebd6e?source=api-scan" ], "published": "2022-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4421c1b-742c-4307-9736-d6263bab4ae4": { "id": "e4421c1b-742c-4307-9736-d6263bab4ae4", "title": "WP ALL Export Pro <= 1.7.8 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP All Export Pro", "slug": "wp-all-export-pro", "affected_versions": { "* - 1.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4421c1b-742c-4307-9736-d6263bab4ae4?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4457df6-81ca-4149-bcca-623cff2cbeef": { "id": "e4457df6-81ca-4149-bcca-623cff2cbeef", "title": "WooCommerce Product Vendors <= 2.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4457df6-81ca-4149-bcca-623cff2cbeef?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e44ad307-2663-4613-ae53-9ef6208f08f9": { "id": "e44ad307-2663-4613-ae53-9ef6208f08f9", "title": "Structured Content <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Structured Content (JSON-LD) #wpsc", "slug": "structured-content", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e44ad307-2663-4613-ae53-9ef6208f08f9?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e44c5dc0-6bf6-417a-9383-b345ff57ac32": { "id": "e44c5dc0-6bf6-417a-9383-b345ff57ac32", "title": "GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "GutenKit \u2013 Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor", "slug": "gutenkit-blocks-addon", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e44c5dc0-6bf6-417a-9383-b345ff57ac32?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e44e4bdd-d84e-4315-9232-48a3b240242d": { "id": "e44e4bdd-d84e-4315-9232-48a3b240242d", "title": "WP Statistics <= 14.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 14.5": { "from_version": "*", "from_inclusive": true, "to_version": "14.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e44e4bdd-d84e-4315-9232-48a3b240242d?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e46139c8-dd7e-4904-81b2-283952cea9b5": { "id": "e46139c8-dd7e-4904-81b2-283952cea9b5", "title": "Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Easy Coming Soon", "slug": "easy-coming-soon", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e46139c8-dd7e-4904-81b2-283952cea9b5?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e46513d2-65d0-4215-99a7-051603ec4569": { "id": "e46513d2-65d0-4215-99a7-051603ec4569", "title": "AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt", "slug": "adfoxly", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e46513d2-65d0-4215-99a7-051603ec4569?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e46732ac-1aa4-434d-8c49-7ed065bc907b": { "id": "e46732ac-1aa4-434d-8c49-7ed065bc907b", "title": "Advance Search for WooCommerce < 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advance Search for WooCommerce", "slug": "woo-advance-search", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e46732ac-1aa4-434d-8c49-7ed065bc907b?source=api-scan" ], "published": "2018-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4696f7a-8b87-4376-b4c9-596eca30b38c": { "id": "e4696f7a-8b87-4376-b4c9-596eca30b38c", "title": "Etsy Shop <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Etsy Shop", "slug": "etsy-shop", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4696f7a-8b87-4376-b4c9-596eca30b38c?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e46a2031-e304-43fb-85bf-ec9abf0b2f90": { "id": "e46a2031-e304-43fb-85bf-ec9abf0b2f90", "title": "Doofinder for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via tab", "software": [ { "type": "plugin", "name": "DOOFINDER Search and Discovery for WP & WooCommerce", "slug": "doofinder-for-woocommerce", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e46a2031-e304-43fb-85bf-ec9abf0b2f90?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e46e8a7e-4032-4357-9553-d03bdf168383": { "id": "e46e8a7e-4032-4357-9553-d03bdf168383", "title": "MakeCommerce for WooCommerce <= 3.5.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MakeCommerce for WooCommerce", "slug": "makecommerce", "affected_versions": { "* - 3.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e46e8a7e-4032-4357-9553-d03bdf168383?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e46ff294-0be1-47c1-8c21-f6242c6f832a": { "id": "e46ff294-0be1-47c1-8c21-f6242c6f832a", "title": "Import and export users and customers 1.15 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "1.15": { "from_version": "1.15", "from_inclusive": true, "to_version": "1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e46ff294-0be1-47c1-8c21-f6242c6f832a?source=api-scan" ], "published": "2020-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4704495-8342-4846-9242-f1eab4de25d6": { "id": "e4704495-8342-4846-9242-f1eab4de25d6", "title": "Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bad Behavior", "slug": "bad-behavior", "affected_versions": { "[*, 2.0.47)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.47", "to_inclusive": false }, "[2.2.0, 2.2.5)": { "from_version": "2.2.0", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.47", "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4704495-8342-4846-9242-f1eab4de25d6?source=api-scan" ], "published": "2012-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4731811-23d7-4a8e-8db3-794077720545": { "id": "e4731811-23d7-4a8e-8db3-794077720545", "title": "Daisho Theme <= 4.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Daisho", "slug": "daisho", "affected_versions": { "* - 4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4731811-23d7-4a8e-8db3-794077720545?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4785012-d160-42cc-bd06-d9b8e65652a4": { "id": "e4785012-d160-42cc-bd06-d9b8e65652a4", "title": "Calculated Fields Form <= 1.1.120 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Calculated Fields Form", "slug": "calculated-fields-form", "affected_versions": { "* - 1.1.120": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.120", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.121" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4785012-d160-42cc-bd06-d9b8e65652a4?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e47f6c33-1a4b-4c4c-8323-99d06ce0731a": { "id": "e47f6c33-1a4b-4c4c-8323-99d06ce0731a", "title": "Imagements <= 1.2.5 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Imagements", "slug": "imagements", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e47f6c33-1a4b-4c4c-8323-99d06ce0731a?source=api-scan" ], "published": "2021-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e48142c2-3688-4638-abfc-1e191f362055": { "id": "e48142c2-3688-4638-abfc-1e191f362055", "title": "Masteriyo - LMS <= 1.11.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress", "slug": "learning-management-system", "affected_versions": { "* - 1.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e48142c2-3688-4638-abfc-1e191f362055?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e481c916-0789-4b04-a7f8-dbde554a5e8c": { "id": "e481c916-0789-4b04-a7f8-dbde554a5e8c", "title": "Social comments by WpDevArt <= 2.4.9 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social comments by WpDevArt", "slug": "comments-from-facebook", "affected_versions": { "* - 2.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e481c916-0789-4b04-a7f8-dbde554a5e8c?source=api-scan" ], "published": "2022-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e485949f-f48e-4a8c-b799-d1a41f36848c": { "id": "e485949f-f48e-4a8c-b799-d1a41f36848c", "title": "Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blocksy Companion", "slug": "blocksy-companion", "affected_versions": { "[*, 1.8.68)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.68", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e485949f-f48e-4a8c-b799-d1a41f36848c?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e485f089-689f-4f73-bb0d-eca6815388be": { "id": "e485f089-689f-4f73-bb0d-eca6815388be", "title": "BuddyBoss Media <= 3.2.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyBoss Media", "slug": "buddyboss-media", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e485f089-689f-4f73-bb0d-eca6815388be?source=api-scan" ], "published": "2018-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e489960e-254a-4b8d-85ab-0f749ff48e8c": { "id": "e489960e-254a-4b8d-85ab-0f749ff48e8c", "title": "Media Library Folders <= 7.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Media Library Folders", "slug": "media-library-plus", "affected_versions": { "* - 7.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e489960e-254a-4b8d-85ab-0f749ff48e8c?source=api-scan" ], "published": "2022-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e489a90e-f226-4900-938c-b5a7550d199c": { "id": "e489a90e-f226-4900-938c-b5a7550d199c", "title": "SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.67": { "from_version": "*", "from_inclusive": true, "to_version": "4.67", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e489a90e-f226-4900-938c-b5a7550d199c?source=api-scan" ], "published": "2023-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4930b03-9142-464e-98ae-a910dfa46f2a": { "id": "e4930b03-9142-464e-98ae-a910dfa46f2a", "title": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin", "slug": "simply-schedule-appointments", "affected_versions": { "* - 1.6.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4930b03-9142-464e-98ae-a910dfa46f2a?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4941cce-c6c0-4e8a-859e-cf0f50f92ce6": { "id": "e4941cce-c6c0-4e8a-859e-cf0f50f92ce6", "title": "Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Page View Count", "slug": "page-views-count", "affected_versions": { "[*, 2.4.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4941cce-c6c0-4e8a-859e-cf0f50f92ce6?source=api-scan" ], "published": "2022-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e495507d-7eac-4f38-ab6f-b8f0809b2be4": { "id": "e495507d-7eac-4f38-ab6f-b8f0809b2be4", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e495507d-7eac-4f38-ab6f-b8f0809b2be4?source=api-scan" ], "published": "2024-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4966f96-713c-471f-8f36-55977a547f12": { "id": "e4966f96-713c-471f-8f36-55977a547f12", "title": "Easy Digital Downloads <= 3.1.0.1.1 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.1.0.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4966f96-713c-471f-8f36-55977a547f12?source=api-scan" ], "published": "2022-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9": { "id": "e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9", "title": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.80": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.80", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4a2c3cf-0785-4bf0-9ad8-0d2479545067": { "id": "e4a2c3cf-0785-4bf0-9ad8-0d2479545067", "title": "WP Video Lightbox <= 1.9.2 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Video Lightbox", "slug": "wp-video-lightbox", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4a2c3cf-0785-4bf0-9ad8-0d2479545067?source=api-scan" ], "published": "2021-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4a2d6ee-ee1b-44a1-ad74-61837d9ef4b2": { "id": "e4a2d6ee-ee1b-44a1-ad74-61837d9ef4b2", "title": "SEO Plugin by Squirrly SEO <= 11.1.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Plugin by Squirrly SEO", "slug": "squirrly-seo", "affected_versions": { "[*, 11.1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "11.1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4a2d6ee-ee1b-44a1-ad74-61837d9ef4b2?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4a32267-6d99-4882-8601-8c4d36575e0f": { "id": "e4a32267-6d99-4882-8601-8c4d36575e0f", "title": "Sharebar <= 1.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sharebar", "slug": "sharebar", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4a32267-6d99-4882-8601-8c4d36575e0f?source=api-scan" ], "published": "2013-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4a32fdc-1c72-45fc-bb57-44f6888e0885": { "id": "e4a32fdc-1c72-45fc-bb57-44f6888e0885", "title": "Mang Board WP <= 1.8.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Mang Board WP", "slug": "mangboard", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4a32fdc-1c72-45fc-bb57-44f6888e0885?source=api-scan" ], "published": "2023-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4a5dc4f-3eb6-410e-af3d-e3b0639319f3": { "id": "e4a5dc4f-3eb6-410e-af3d-e3b0639319f3", "title": "PayU India <= 3.8.2 - Reflected Cross-Site Scripting via type", "software": [ { "type": "plugin", "name": "PayU CommercePro Plugin", "slug": "payu-india", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4a5dc4f-3eb6-410e-af3d-e3b0639319f3?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4a853e0-0ebc-4ed5-b6ff-ce3973fb3ee1": { "id": "e4a853e0-0ebc-4ed5-b6ff-ce3973fb3ee1", "title": "Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "[*, 4.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4a853e0-0ebc-4ed5-b6ff-ce3973fb3ee1?source=api-scan" ], "published": "2023-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4a8a202-e44a-4874-9e7a-c8224edd8591": { "id": "e4a8a202-e44a-4874-9e7a-c8224edd8591", "title": "Find My Blocks < 3.4.0 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Find My Blocks \u2013 Locate blocks on your site", "slug": "find-my-blocks", "affected_versions": { "[*, 3.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4a8a202-e44a-4874-9e7a-c8224edd8591?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4ae2b7d-e48d-4880-9202-6e564a3b404f": { "id": "e4ae2b7d-e48d-4880-9202-6e564a3b404f", "title": "Shared Files <= 1.7.28 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "slug": "shared-files", "affected_versions": { "* - 1.7.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4ae2b7d-e48d-4880-9202-6e564a3b404f?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4b10172-7e54-4ff8-9fbb-41d160ce49e4": { "id": "e4b10172-7e54-4ff8-9fbb-41d160ce49e4", "title": "Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4b10172-7e54-4ff8-9fbb-41d160ce49e4?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4b16cf2-7e29-47c5-921e-188e2db33084": { "id": "e4b16cf2-7e29-47c5-921e-188e2db33084", "title": "Slick Popup <= 1.7.1 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Slick Popup: Contact Form 7 Popup Plugin", "slug": "slick-popup", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4b16cf2-7e29-47c5-921e-188e2db33084?source=api-scan" ], "published": "2019-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340": { "id": "e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340", "title": "WP Coder \u2013 add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Coder \u2013 Code Snippets + HTML, CSS, JS and PHP Injection", "slug": "wp-coder", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4b7f31c-084e-489c-a902-c16e62b99e45": { "id": "e4b7f31c-084e-489c-a902-c16e62b99e45", "title": "VikBooking <= 1.5.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "[*, 1.5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4b7f31c-084e-489c-a902-c16e62b99e45?source=api-scan" ], "published": "2022-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4b8947a-6c87-4430-b62d-494863e18fdb": { "id": "e4b8947a-6c87-4430-b62d-494863e18fdb", "title": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via logo_height parameter", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4b8947a-6c87-4430-b62d-494863e18fdb?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4b94952-229c-4336-a985-d2f47c89f7de": { "id": "e4b94952-229c-4336-a985-d2f47c89f7de", "title": "InstaSqueeze Sexy Squeeze Pages (All Known Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "InstaSqueeze Sexy Squeeze Pages", "slug": "instasqueeze", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4b94952-229c-4336-a985-d2f47c89f7de?source=api-scan" ], "published": "2014-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4b9eeb9-7ce4-446d-8ac0-af9cea0c893a": { "id": "e4b9eeb9-7ce4-446d-8ac0-af9cea0c893a", "title": "Affiliate Booster \u2013 Pros & Cons, Notice, and CTA Blocks for Affiliates <= 3.0.5 - Cross-Site Request Forgery via process_bulk_action", "software": [ { "type": "plugin", "name": "Affiliate Booster \u2013 Pros & Cons, Notice, and CTA Blocks for Affiliates", "slug": "affiliatebooster-blocks", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4b9eeb9-7ce4-446d-8ac0-af9cea0c893a?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4ba2243-8a4f-4ecb-8f77-6f4fd24865e3": { "id": "e4ba2243-8a4f-4ecb-8f77-6f4fd24865e3", "title": "MF Gig Calendar <= 0.9.4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MF Gig Calendar", "slug": "mf-gig-calendar", "affected_versions": { "* - 0.9.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4ba2243-8a4f-4ecb-8f77-6f4fd24865e3?source=api-scan" ], "published": "2012-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4c27225-f9db-4ae5-bb1f-ce8648c216eb": { "id": "e4c27225-f9db-4ae5-bb1f-ce8648c216eb", "title": "Magazine Blocks \u2013 Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magazine Blocks \u2013 Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid", "slug": "magazine-blocks", "affected_versions": { "* - 1.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4c27225-f9db-4ae5-bb1f-ce8648c216eb?source=api-scan" ], "published": "2024-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4c58479-2924-4b56-9c27-3bdf4be388a3": { "id": "e4c58479-2924-4b56-9c27-3bdf4be388a3", "title": "BackWPup <= 3.4.1 - Unauthenticated Backup Download", "software": [ { "type": "plugin", "name": "BackWPup \u2013 WordPress Backup & Restore Plugin", "slug": "backwpup", "affected_versions": { "[*, 3.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4c58479-2924-4b56-9c27-3bdf4be388a3?source=api-scan" ], "published": "2017-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4d55309-d178-4b3d-9de6-2cf2769b76fe": { "id": "e4d55309-d178-4b3d-9de6-2cf2769b76fe", "title": "Responsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload", "software": [ { "type": "plugin", "name": "Responsive Lightbox & Gallery", "slug": "responsive-lightbox", "affected_versions": { "* - 2.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4d55309-d178-4b3d-9de6-2cf2769b76fe?source=api-scan" ], "published": "2024-08-21 21:21:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4d9c659-ec6a-43ca-b484-02afd06f3c13": { "id": "e4d9c659-ec6a-43ca-b484-02afd06f3c13", "title": "10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion", "software": [ { "type": "plugin", "name": "10Web Booster \u2013 Website speed optimization, Cache & Page Speed optimizer", "slug": "tenweb-speed-optimizer", "affected_versions": { "* - 2.24.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.24.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.24.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4d9c659-ec6a-43ca-b484-02afd06f3c13?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4dc8f18-d990-4e41-8bf8-dfa9de4c0f6e": { "id": "e4dc8f18-d990-4e41-8bf8-dfa9de4c0f6e", "title": "WP Crowdfunding <= 2.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Crowdfunding", "slug": "wp-crowdfunding", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4dc8f18-d990-4e41-8bf8-dfa9de4c0f6e?source=api-scan" ], "published": "2023-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4dd0c6a-75af-4b53-ac13-fc4ef0e9001d": { "id": "e4dd0c6a-75af-4b53-ac13-fc4ef0e9001d", "title": "Tainacan <= 0.21.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "Tainacan", "slug": "tainacan", "affected_versions": { "* - 0.21.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.21.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.21.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4dd0c6a-75af-4b53-ac13-fc4ef0e9001d?source=api-scan" ], "published": "2024-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4e16526-89a5-4d49-ab9d-dcc7ad3bc8d0": { "id": "e4e16526-89a5-4d49-ab9d-dcc7ad3bc8d0", "title": "WP Editor <= 1.2.6.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Editor", "slug": "wp-editor", "affected_versions": { "[*, 1.2.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4e16526-89a5-4d49-ab9d-dcc7ad3bc8d0?source=api-scan" ], "published": "2016-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4e6e410-5778-41f7-a259-daa506bfb161": { "id": "e4e6e410-5778-41f7-a259-daa506bfb161", "title": "Media File Manager Advanced <= 1.1.5 - Improper Access Control", "software": [ { "type": "plugin", "name": "Media File Manager Advanced", "slug": "media-file-manager-advanced", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4e6e410-5778-41f7-a259-daa506bfb161?source=api-scan" ], "published": "2012-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4ed8c6e-5f80-4360-9478-fff49b1fee94": { "id": "e4ed8c6e-5f80-4360-9478-fff49b1fee94", "title": "Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 21.2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "21.2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4ed8c6e-5f80-4360-9478-fff49b1fee94?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4eef7f0-5f09-4618-a3f8-a9e8dabef334": { "id": "e4eef7f0-5f09-4618-a3f8-a9e8dabef334", "title": "Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via postTitleTag", "software": [ { "type": "plugin", "name": "Genesis Blocks", "slug": "genesis-blocks", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4eef7f0-5f09-4618-a3f8-a9e8dabef334?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4f0fdaf-a3b3-4ffe-aa18-ecd7c3a33513": { "id": "e4f0fdaf-a3b3-4ffe-aa18-ecd7c3a33513", "title": "Waitlist Woocommerce ( Back in stock notifier ) <= 2.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Waitlist Woocommerce ( Back in stock notifier )", "slug": "waitlist-woocommerce", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4f0fdaf-a3b3-4ffe-aa18-ecd7c3a33513?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4fc23cb-e443-4c8e-b1a0-b8eefbb25dae": { "id": "e4fc23cb-e443-4c8e-b1a0-b8eefbb25dae", "title": "Edwiser Bridge <= 3.0.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Edwiser Bridge \u2013 WordPress Moodle LMS Integration", "slug": "edwiser-bridge", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4fc23cb-e443-4c8e-b1a0-b8eefbb25dae?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e4fdc902-4cfe-4116-a294-9a0fcb2de346": { "id": "e4fdc902-4cfe-4116-a294-9a0fcb2de346", "title": "Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Pinterest Automatic", "slug": "wp-pinterest-automatic", "affected_versions": { "* - 4.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.14.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.14.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e500a5e4-f3f2-4732-a861-3c8d66f8ebfa": { "id": "e500a5e4-f3f2-4732-a861-3c8d66f8ebfa", "title": "Customizr <= 4.4.21 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Customizr", "slug": "customizr", "affected_versions": { "* - 4.4.21": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.22" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e500a5e4-f3f2-4732-a861-3c8d66f8ebfa?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e505b376-89ca-4df1-85a1-f8c472325547": { "id": "e505b376-89ca-4df1-85a1-f8c472325547", "title": "Plugin Notes Plus <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Note Deletion", "software": [ { "type": "plugin", "name": "Plugin Notes Plus", "slug": "plugin-notes-plus", "affected_versions": { "* - 1.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e505b376-89ca-4df1-85a1-f8c472325547?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e50a998e-b6f2-443a-83a9-299def2420c5": { "id": "e50a998e-b6f2-443a-83a9-299def2420c5", "title": "LearnPress <= 3.0.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 3.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e50a998e-b6f2-443a-83a9-299def2420c5?source=api-scan" ], "published": "2018-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5103e60-771f-46cf-b432-21d131e30bcc": { "id": "e5103e60-771f-46cf-b432-21d131e30bcc", "title": "Ultimate Dashboard <= 3.7.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Ultimate Dashboard \u2013 Custom WordPress Dashboard", "slug": "ultimate-dashboard", "affected_versions": { "[*, 3.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5103e60-771f-46cf-b432-21d131e30bcc?source=api-scan" ], "published": "2023-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e51a0db0-0ee0-463b-8d82-81a991ef9222": { "id": "e51a0db0-0ee0-463b-8d82-81a991ef9222", "title": "Animate It <= 2.3.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Animate It!", "slug": "animate-it", "affected_versions": { "* - 2.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e51a0db0-0ee0-463b-8d82-81a991ef9222?source=api-scan" ], "published": "2019-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e51e1cd2-6de9-4820-8bba-1c6b5053e2c1": { "id": "e51e1cd2-6de9-4820-8bba-1c6b5053e2c1", "title": "Thumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Thumbnail Slider With Lightbox", "slug": "wp-responsive-slider-with-lightbox", "affected_versions": { "1.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5240171-6051-455c-b6df-630e2cd8308d": { "id": "e5240171-6051-455c-b6df-630e2cd8308d", "title": "Testimonial Slider < 1.2.5 - SQL Injection", "software": [ { "type": "plugin", "name": "Testimonial Slider", "slug": "testimonial-slider", "affected_versions": { "[*, 1.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5240171-6051-455c-b6df-630e2cd8308d?source=api-scan" ], "published": "2018-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5252b2f-c1a1-4fec-abaf-ad234affdcfb": { "id": "e5252b2f-c1a1-4fec-abaf-ad234affdcfb", "title": "WordPress Core < 4.9.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.23": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.23", "to_inclusive": true }, "3.8 - 3.8.23": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.23", "to_inclusive": true }, "3.9 - 3.9.21": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.21", "to_inclusive": true }, "4.0 - 4.0.20": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.20", "to_inclusive": true }, "4.1 - 4.1.20": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.20", "to_inclusive": true }, "4.2 - 4.2.17": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.17", "to_inclusive": true }, "4.3 - 4.3.13": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.13", "to_inclusive": true }, "4.4 - 4.4.12": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.12", "to_inclusive": true }, "4.5 - 4.5.11": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.11", "to_inclusive": true }, "4.6 - 4.6.8": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.8", "to_inclusive": true }, "4.7 - 4.7.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.7", "to_inclusive": true }, "4.8 - 4.8.3": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.3", "to_inclusive": true }, "4.9": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.24", "3.8.24", "3.9.22", "4.0.21", "4.1.21", "4.2.18", "4.3.14", "4.4.13", "4.5.12", "4.6.9", "4.7.8", "4.8.4", "4.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5252b2f-c1a1-4fec-abaf-ad234affdcfb?source=api-scan" ], "published": "2017-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e52914cc-da0c-4b79-b378-4ef63e7974bb": { "id": "e52914cc-da0c-4b79-b378-4ef63e7974bb", "title": "Real Estate 7 WordPress < 3.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Real Estate 7 WordPress", "slug": "realestate-7", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e52914cc-da0c-4b79-b378-4ef63e7974bb?source=api-scan" ], "published": "2020-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e52b27fa-10e8-43d0-be29-774c2f5487ae": { "id": "e52b27fa-10e8-43d0-be29-774c2f5487ae", "title": "Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e52b27fa-10e8-43d0-be29-774c2f5487ae?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e52c53c1-4f04-4075-9329-d93fabf5a6ce": { "id": "e52c53c1-4f04-4075-9329-d93fabf5a6ce", "title": "WPCode <= 2.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WPCode \u2013 Insert Headers and Footers + Custom Code Snippets \u2013 WordPress Code Manager", "slug": "insert-headers-and-footers", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e52c53c1-4f04-4075-9329-d93fabf5a6ce?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e52f799e-9174-45a2-9ed6-7aedb26b36bd": { "id": "e52f799e-9174-45a2-9ed6-7aedb26b36bd", "title": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin <= 6.0.13 - Cross-Site Scripting via post_title", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e52f799e-9174-45a2-9ed6-7aedb26b36bd?source=api-scan" ], "published": "2020-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e532a2b4-0fb4-4256-89a9-435b55d9de91": { "id": "e532a2b4-0fb4-4256-89a9-435b55d9de91", "title": "WordPress Membership, User Registration, Login Form, User Profile & Restrict Content Plugin \u2013 ProfilePress <= 3.2.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 3.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e532a2b4-0fb4-4256-89a9-435b55d9de91?source=api-scan" ], "published": "2022-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e53bb240-8784-4d34-8d3f-4a7af917f3f4": { "id": "e53bb240-8784-4d34-8d3f-4a7af917f3f4", "title": "Simple Membership <= 4.3.4 - Account Takeover via Password Reset", "software": [ { "type": "plugin", "name": "Simple Membership", "slug": "simple-membership", "affected_versions": { "* - 4.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e53bb240-8784-4d34-8d3f-4a7af917f3f4?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e53cd64c-9278-48cc-8181-1d6c40a05eb7": { "id": "e53cd64c-9278-48cc-8181-1d6c40a05eb7", "title": "wp-forecast <= 9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-forecast", "slug": "wp-forecast", "affected_versions": { "* - 9.2": { "from_version": "*", "from_inclusive": true, "to_version": "9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e53cd64c-9278-48cc-8181-1d6c40a05eb7?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e53e75be-d4d6-4c10-b192-fe9691f27dd8": { "id": "e53e75be-d4d6-4c10-b192-fe9691f27dd8", "title": "User Private Files < 2.0.5 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "User Private Files \u2013 File Upload & Download Manager with Secure File Sharing", "slug": "user-private-files", "affected_versions": { "[*, 2.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e53e75be-d4d6-4c10-b192-fe9691f27dd8?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5482dd5-edb0-4208-a864-e9a3dd89d557": { "id": "e5482dd5-edb0-4208-a864-e9a3dd89d557", "title": "Community Events <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Community Events", "slug": "community-events", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5482dd5-edb0-4208-a864-e9a3dd89d557?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e54b0294-6829-493f-b7d3-6349000c249c": { "id": "e54b0294-6829-493f-b7d3-6349000c249c", "title": "Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tax Rate Upload", "slug": "tax-rate-upload", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e54b0294-6829-493f-b7d3-6349000c249c?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e54d5ab2-40ba-4ad8-9a77-44aba37f0283": { "id": "e54d5ab2-40ba-4ad8-9a77-44aba37f0283", "title": "Easy Digital Downloads \u2013 Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e54d5ab2-40ba-4ad8-9a77-44aba37f0283?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e54f2e28-7320-4d2d-a416-e46202c08375": { "id": "e54f2e28-7320-4d2d-a416-e46202c08375", "title": "Quizlord <= 2.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quizlord", "slug": "quizlord", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e54f2e28-7320-4d2d-a416-e46202c08375?source=api-scan" ], "published": "2018-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5539ad8-4203-4d22-9a40-0ed6e0471e19": { "id": "e5539ad8-4203-4d22-9a40-0ed6e0471e19", "title": "WordPress Core 2.2.1 - Backdoor", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "2.2.1": { "from_version": "2.2.1", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5539ad8-4203-4d22-9a40-0ed6e0471e19?source=api-scan" ], "published": "2007-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e556d8c9-3ca5-4bec-a840-7a6d67532e59": { "id": "e556d8c9-3ca5-4bec-a840-7a6d67532e59", "title": "Ultimate Member <= 2.0.39 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.39": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e556d8c9-3ca5-4bec-a840-7a6d67532e59?source=api-scan" ], "published": "2019-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e55742de-9eaf-48e4-8d5d-ea980dfa17cf": { "id": "e55742de-9eaf-48e4-8d5d-ea980dfa17cf", "title": "Stackable \u2013 Page Builder Gutenberg Blocks <= 3.13.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stackable \u2013 Page Builder Gutenberg Blocks", "slug": "stackable-ultimate-gutenberg-blocks", "affected_versions": { "* - 3.13.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.13.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.13.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e55742de-9eaf-48e4-8d5d-ea980dfa17cf?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5575725-99ba-4499-93e5-f7648c82ac52": { "id": "e5575725-99ba-4499-93e5-f7648c82ac52", "title": "MyCryptoCheckout <= 2.125 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MyCryptoCheckout \u2013 Bitcoin, Ethereum, and 100+ altcoins for WooCommerce", "slug": "mycryptocheckout", "affected_versions": { "* - 2.125": { "from_version": "*", "from_inclusive": true, "to_version": "2.125", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.126" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5575725-99ba-4499-93e5-f7648c82ac52?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e558100a-5866-4e7f-bae7-47a1f492ab27": { "id": "e558100a-5866-4e7f-bae7-47a1f492ab27", "title": "Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "[*, 1.14.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.14.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e558100a-5866-4e7f-bae7-47a1f492ab27?source=api-scan" ], "published": "2021-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e55b86e2-b42e-483d-93cd-2f09af64dbc7": { "id": "e55b86e2-b42e-483d-93cd-2f09af64dbc7", "title": "Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes", "software": [ { "type": "plugin", "name": "Elements For Elementor", "slug": "nd-elements", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e55b86e2-b42e-483d-93cd-2f09af64dbc7?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e55ba61d-6fd0-4269-8ee9-3b8645d52e1d": { "id": "e55ba61d-6fd0-4269-8ee9-3b8645d52e1d", "title": "Poll Maker <= 4.6.2 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "* - 4.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e55ba61d-6fd0-4269-8ee9-3b8645d52e1d?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e55f6d1d-b0b3-41e6-9ca9-c6e9f6dd34ed": { "id": "e55f6d1d-b0b3-41e6-9ca9-c6e9f6dd34ed", "title": "CC & BCC for Woocommerce Order Emails <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CC & BCC for Woocommerce Order Emails", "slug": "cc-bcc-for-woocommerce-order-emails", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e55f6d1d-b0b3-41e6-9ca9-c6e9f6dd34ed?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e55ff883-1796-4282-b005-26dfd154b11f": { "id": "e55ff883-1796-4282-b005-26dfd154b11f", "title": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Arbitrary Vendor Deletion", "software": [ { "type": "plugin", "name": "MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution", "slug": "dc-woocommerce-multi-vendor", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e55ff883-1796-4282-b005-26dfd154b11f?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e560fb5f-0548-4b3e-9f8d-9e80af364c04": { "id": "e560fb5f-0548-4b3e-9f8d-9e80af364c04", "title": "Contact Bank \u2013 Contact Form Builder for WordPress <= 2.0.69 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Bank \u2013 Contact Form Builder for WordPress", "slug": "contact-bank", "affected_versions": { "* - 2.0.69": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.69", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e560fb5f-0548-4b3e-9f8d-9e80af364c04?source=api-scan" ], "published": "2014-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5665931-8da9-44db-a5b1-46acebf14f3b": { "id": "e5665931-8da9-44db-a5b1-46acebf14f3b", "title": "Post Duplicator <= 2.31 - Missing Authorization via mtphr_duplicate_post", "software": [ { "type": "plugin", "name": "Post Duplicator", "slug": "post-duplicator", "affected_versions": { "* - 2.31": { "from_version": "*", "from_inclusive": true, "to_version": "2.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5665931-8da9-44db-a5b1-46acebf14f3b?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e56b11a1-dd40-461b-9624-b60367c0c727": { "id": "e56b11a1-dd40-461b-9624-b60367c0c727", "title": "Product Visibility by Country for WooCommerce <= 1.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Visibility by Country for WooCommerce", "slug": "product-visibility-by-country-for-woocommerce", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e56b11a1-dd40-461b-9624-b60367c0c727?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e56d98b5-ae38-4059-bc32-d0fffd326740": { "id": "e56d98b5-ae38-4059-bc32-d0fffd326740", "title": "Theme My Login <= 7.1.6 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Theme My Login", "slug": "theme-my-login", "affected_versions": { "* - 7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.7" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e56d98b5-ae38-4059-bc32-d0fffd326740?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e56ebe2a-8a7e-454b-a1cd-7103112087e0": { "id": "e56ebe2a-8a7e-454b-a1cd-7103112087e0", "title": "podPress <= 8.8.10.17 - Cross-Site Scripting via playerID", "software": [ { "type": "plugin", "name": "podpress", "slug": "podpress", "affected_versions": { "* - 8.8.10.17": { "from_version": "*", "from_inclusive": true, "to_version": "8.8.10.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e56ebe2a-8a7e-454b-a1cd-7103112087e0?source=api-scan" ], "published": "2013-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e570a66a-14f4-4ce9-b820-c54d09dd051d": { "id": "e570a66a-14f4-4ce9-b820-c54d09dd051d", "title": "Apptivo Business Site CRM <= 3.0.12 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Apptivo Business Site CRM", "slug": "apptivo-business-site", "affected_versions": { "* - 3.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e570a66a-14f4-4ce9-b820-c54d09dd051d?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e571ded0-ea7a-40ec-b90b-c5009b463d87": { "id": "e571ded0-ea7a-40ec-b90b-c5009b463d87", "title": "Directorist <= 7.5.3 - Authenticated (Administrator+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e571ded0-ea7a-40ec-b90b-c5009b463d87?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5726c70-c2c7-45b9-bd03-38cf1320646a": { "id": "e5726c70-c2c7-45b9-bd03-38cf1320646a", "title": "Brilliance <= 1.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Brilliance", "slug": "brilliance", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5726c70-c2c7-45b9-bd03-38cf1320646a?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e573c0a4-d053-400b-828c-0d0eca880776": { "id": "e573c0a4-d053-400b-828c-0d0eca880776", "title": "Woody code snippets <= 2.3.9 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads", "slug": "insert-php", "affected_versions": { "[*, 2.3.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e573c0a4-d053-400b-828c-0d0eca880776?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5748252-d02a-463b-abb4-537144ccd608": { "id": "e5748252-d02a-463b-abb4-537144ccd608", "title": "E2Pdf <= 1.16.44 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "E2Pdf \u2013 Export Pdf Tool for WordPress", "slug": "e2pdf", "affected_versions": { "* - 1.16.44": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5748252-d02a-463b-abb4-537144ccd608?source=api-scan" ], "published": "2022-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e57631c2-ad6c-4c8c-985e-948285058567": { "id": "e57631c2-ad6c-4c8c-985e-948285058567", "title": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via coming-soon_sub_title parameter", "software": [ { "type": "plugin", "name": "Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode", "slug": "responsive-coming-soon-page", "affected_versions": { "* - 1.1.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e57631c2-ad6c-4c8c-985e-948285058567?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e579b7fd-141f-4d5f-9e0e-a1e6b985f0b9": { "id": "e579b7fd-141f-4d5f-9e0e-a1e6b985f0b9", "title": "ClickBank Affiliate Ads < 1.31 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliate Ads for ClickBank", "slug": "clickbank-ads-clickbank-widget", "affected_versions": { "[*, 1.31)": { "from_version": "*", "from_inclusive": true, "to_version": "1.31", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e579b7fd-141f-4d5f-9e0e-a1e6b985f0b9?source=api-scan" ], "published": "2015-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e57bfae5-4cc0-4d97-9431-4c8ebb2f0882": { "id": "e57bfae5-4cc0-4d97-9431-4c8ebb2f0882", "title": "Simple Share Buttons Adder <= 8.4.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple Share Buttons Adder", "slug": "simple-share-buttons-adder", "affected_versions": { "* - 8.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e57bfae5-4cc0-4d97-9431-4c8ebb2f0882?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e57f4853-cade-4bb5-8f12-4a88a200921f": { "id": "e57f4853-cade-4bb5-8f12-4a88a200921f", "title": "WP Custom Admin Interface <= 7.28 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "WP Custom Admin Interface", "slug": "wp-custom-admin-interface", "affected_versions": { "* - 7.28": { "from_version": "*", "from_inclusive": true, "to_version": "7.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e57f4853-cade-4bb5-8f12-4a88a200921f?source=api-scan" ], "published": "2022-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e57f7912-4af3-4dcb-b267-afec1c373b00": { "id": "e57f7912-4af3-4dcb-b267-afec1c373b00", "title": "Wp-ImageZoom <= 1.0.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Wp-ImageZoom", "slug": "wp-imagezoom", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e57f7912-4af3-4dcb-b267-afec1c373b00?source=api-scan" ], "published": "2013-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e582fa40-b03e-4194-b612-d139e981cce2": { "id": "e582fa40-b03e-4194-b612-d139e981cce2", "title": "Display Widgets < 2.7 - SEO Spam Injection (Hidden Functionality)", "software": [ { "type": "plugin", "name": "Display Widgets", "slug": "display-widget", "affected_versions": { "[*, 2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e582fa40-b03e-4194-b612-d139e981cce2?source=api-scan" ], "published": "2017-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e58634c3-7fcd-4885-b897-4e6a97fb06ac": { "id": "e58634c3-7fcd-4885-b897-4e6a97fb06ac", "title": "All-in-One WP Migration <= 7.58 - Directory Traversal to File Deletion on Windows Hosts", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "* - 7.58": { "from_version": "*", "from_inclusive": true, "to_version": "7.58", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e58634c3-7fcd-4885-b897-4e6a97fb06ac?source=api-scan" ], "published": "2022-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5863e9b-3f98-41ea-97ed-26563493cffd": { "id": "e5863e9b-3f98-41ea-97ed-26563493cffd", "title": "WP ERP <= 1.12.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5863e9b-3f98-41ea-97ed-26563493cffd?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e58a45c4-06cb-4b2b-97f2-a614fc230942": { "id": "e58a45c4-06cb-4b2b-97f2-a614fc230942", "title": "Alter <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Alter", "slug": "alter", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e58a45c4-06cb-4b2b-97f2-a614fc230942?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e58fa0b6-22f3-4e56-96f8-d1085498a1ac": { "id": "e58fa0b6-22f3-4e56-96f8-d1085498a1ac", "title": "WordPress Webinar Plugin \u2013 WebinarPress <= 1.33.20 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Webinar Plugin \u2013 WebinarPress", "slug": "wp-webinarsystem", "affected_versions": { "* - 1.33.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.33.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.33.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e58fa0b6-22f3-4e56-96f8-d1085498a1ac?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e58fe046-0119-48e6-ac90-8b70d7eb9956": { "id": "e58fe046-0119-48e6-ac90-8b70d7eb9956", "title": "CM Download Manager < 2.9.0 - Cross-Site Request Forgery via delHeader", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "[*, 2.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e58fe046-0119-48e6-ac90-8b70d7eb9956?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5911815-db53-46f2-a16d-ed21be20bbfb": { "id": "e5911815-db53-46f2-a16d-ed21be20bbfb", "title": "RAYS Grid <= 1.2.2 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "RAYS Grid", "slug": "rays-grid", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5911815-db53-46f2-a16d-ed21be20bbfb?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e59293a6-cc61-4913-9ed0-13fa16299705": { "id": "e59293a6-cc61-4913-9ed0-13fa16299705", "title": "Update Theme and Plugins from Zip File <= 2.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Update Theme and Plugins from Zip File", "slug": "update-theme-and-plugins-from-zip-file", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e59293a6-cc61-4913-9ed0-13fa16299705?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e597b677-e298-4507-86a5-70a93a9afd6e": { "id": "e597b677-e298-4507-86a5-70a93a9afd6e", "title": "SpiderCalendar <= 1.4.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SpiderCalendar", "slug": "spider-event-calendar", "affected_versions": { "* - 1.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e597b677-e298-4507-86a5-70a93a9afd6e?source=api-scan" ], "published": "2015-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5986c72-ae6d-4cd2-929d-fe2ff6462b4f": { "id": "e5986c72-ae6d-4cd2-929d-fe2ff6462b4f", "title": "Syndication Links < 1.0.3 - DOM-based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Syndication Links", "slug": "syndication-links", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5986c72-ae6d-4cd2-929d-fe2ff6462b4f?source=api-scan" ], "published": "2015-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e599393b-f009-4a3f-a89e-6219ecf33efc": { "id": "e599393b-f009-4a3f-a89e-6219ecf33efc", "title": "Donate by BestWebSoft \u2013 Donations Acception Extention for WordPress < 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Donate by BestWebSoft \u2013 Donations Acception Extention for WordPress", "slug": "donate-button", "affected_versions": { "[*, 2.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e599393b-f009-4a3f-a89e-6219ecf33efc?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e59b75cf-491a-4894-8a4a-567832b47048": { "id": "e59b75cf-491a-4894-8a4a-567832b47048", "title": "flowpaper <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "flowpaper", "slug": "flowpaper-lite-pdf-flipbook", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e59b75cf-491a-4894-8a4a-567832b47048?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5a26786-2b15-43ce-a992-fd8cc9cf5600": { "id": "e5a26786-2b15-43ce-a992-fd8cc9cf5600", "title": "FormCraft <= 1.3.7 - SQL Injection", "software": [ { "type": "plugin", "name": "FormCraft", "slug": "formcraft", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5a26786-2b15-43ce-a992-fd8cc9cf5600?source=api-scan" ], "published": "2013-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5a2ed81-254e-460c-b3a4-0cb38e089142": { "id": "e5a2ed81-254e-460c-b3a4-0cb38e089142", "title": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)", "slug": "bdthemes-prime-slider-lite", "affected_versions": { "* - 3.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.14.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5a2ed81-254e-460c-b3a4-0cb38e089142?source=api-scan" ], "published": "2024-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5a53e42-ad71-4c13-b18b-9958656bbee4": { "id": "e5a53e42-ad71-4c13-b18b-9958656bbee4", "title": "BSK Forms Blacklist <= 3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BSK Forms Blacklist", "slug": "bsk-gravityforms-blacklist", "affected_versions": { "* - 3.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5a53e42-ad71-4c13-b18b-9958656bbee4?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5a9cced-0e5e-4b6e-8291-0a862c9f9523": { "id": "e5a9cced-0e5e-4b6e-8291-0a862c9f9523", "title": "CHP Ads Block Detector <= 3.9.4 - Cross-Site Request Forgery via chp_abd_action", "software": [ { "type": "plugin", "name": "CHP Ads Block Detector", "slug": "chp-ads-block-detector", "affected_versions": { "* - 3.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5a9cced-0e5e-4b6e-8291-0a862c9f9523?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5ab6dcd-ef22-4fea-9e35-9358ede3ff5d": { "id": "e5ab6dcd-ef22-4fea-9e35-9358ede3ff5d", "title": "Backup Bank: WordPress Backup Plugin <= 4.0.28 - Missing Authorization via post_user_feedback_backup_bank", "software": [ { "type": "plugin", "name": "Backup Bank: WordPress Backup Plugin", "slug": "wp-backup-bank", "affected_versions": { "* - 4.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.28", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5ab6dcd-ef22-4fea-9e35-9358ede3ff5d?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5b7b20d-d701-4146-b982-23d6be7a7ea0": { "id": "e5b7b20d-d701-4146-b982-23d6be7a7ea0", "title": "Like Button Rating \u2665 LikeBtn <= 2.6.44 - Arbitrary e-mail Sending", "software": [ { "type": "plugin", "name": "Like Button Rating \u2665 LikeBtn", "slug": "likebtn-like-button", "affected_versions": { "* - 2.6.44": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.44", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.45" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5b7b20d-d701-4146-b982-23d6be7a7ea0?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5bab390-1590-44f2-8c65-bc329955ed84": { "id": "e5bab390-1590-44f2-8c65-bc329955ed84", "title": "Advanced Custom Fields <= 5.12.2 - File Upload", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "* - 5.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5bab390-1590-44f2-8c65-bc329955ed84?source=api-scan" ], "published": "2022-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5c0ff52-57c2-447f-bb22-2079607c3217": { "id": "e5c0ff52-57c2-447f-bb22-2079607c3217", "title": "eCommerce Product Catalog <= 3.3.28 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.3.28": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5c0ff52-57c2-447f-bb22-2079607c3217?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5c87ae0-9a53-4292-a4d3-05b3bdb37b71": { "id": "e5c87ae0-9a53-4292-a4d3-05b3bdb37b71", "title": "Mediamatic \u2013 Media Library Folders <= 2.8.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Mediamatic \u2013 Media Library Folders", "slug": "mediamatic", "affected_versions": { "* - 2.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5c87ae0-9a53-4292-a4d3-05b3bdb37b71?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5ca3c84-9d3d-4bbe-90f7-44c9d77a6690": { "id": "e5ca3c84-9d3d-4bbe-90f7-44c9d77a6690", "title": "Plugin for Google Reviews <= 2.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Plugin for Google Reviews", "slug": "widget-google-reviews", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5ca3c84-9d3d-4bbe-90f7-44c9d77a6690?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5cc30d9-c73c-440d-a592-08e85270efdb": { "id": "e5cc30d9-c73c-440d-a592-08e85270efdb", "title": "Responsive Gallery Grid <= 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Responsive Gallery Grid", "slug": "responsive-gallery-grid", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5cc30d9-c73c-440d-a592-08e85270efdb?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5d67eb3-c399-437e-a504-2ccdda7c7882": { "id": "e5d67eb3-c399-437e-a504-2ccdda7c7882", "title": "Everest Forms <= 1.7.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Everest Forms \u2013 Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!", "slug": "everest-forms", "affected_versions": { "[*, 1.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5d67eb3-c399-437e-a504-2ccdda7c7882?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5da24fa-fc7c-406b-896d-8cb8cc107cff": { "id": "e5da24fa-fc7c-406b-896d-8cb8cc107cff", "title": "YaySMTP \u2013 Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "YaySMTP \u2013 WP SMTP Plugin with Full Email Log & 15+ SMTP Services", "slug": "yaysmtp", "affected_versions": { "2.2": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5da24fa-fc7c-406b-896d-8cb8cc107cff?source=api-scan" ], "published": "2022-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5db103a-a823-47ac-a1f4-c297619cf1a4": { "id": "e5db103a-a823-47ac-a1f4-c297619cf1a4", "title": "Z-URL Preview <= 1.6.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Z-URL Preview", "slug": "z-url-preview", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5db103a-a823-47ac-a1f4-c297619cf1a4?source=api-scan" ], "published": "2017-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5dc87cd-4f45-4faf-b1e2-64e94eacb180": { "id": "e5dc87cd-4f45-4faf-b1e2-64e94eacb180", "title": "WordPress Core - Informational - All known Versions - Weak Hashing Algorithm", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5dc87cd-4f45-4faf-b1e2-64e94eacb180?source=api-scan" ], "published": "2012-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5df79e6-649e-4213-b2ff-bc994b372224": { "id": "e5df79e6-649e-4213-b2ff-bc994b372224", "title": "Download Monitor <= 3.3.5.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 3.3.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5df79e6-649e-4213-b2ff-bc994b372224?source=api-scan" ], "published": "2012-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e5eea72d-f10b-460b-be00-bb5b1c4a1a62": { "id": "e5eea72d-f10b-460b-be00-bb5b1c4a1a62", "title": "Image Optimizer WD <= 1.0.26 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Optimizer by 10web \u2013 Image Optimizer and Compression plugin", "slug": "image-optimizer-wd", "affected_versions": { "* - 1.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e5eea72d-f10b-460b-be00-bb5b1c4a1a62?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6001516-3d3c-48a9-92ae-a1d249d58cec": { "id": "e6001516-3d3c-48a9-92ae-a1d249d58cec", "title": "Kwayy HTML Sitemap <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scipting", "software": [ { "type": "plugin", "name": "Kwayy HTML Sitemap", "slug": "kwayy-html-sitemap", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6001516-3d3c-48a9-92ae-a1d249d58cec?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6003a2a-dda5-4db4-8a0c-0d26d79529f2": { "id": "e6003a2a-dda5-4db4-8a0c-0d26d79529f2", "title": "core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "core plugin for kitestudio themes", "slug": "kitestudio-core", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6003a2a-dda5-4db4-8a0c-0d26d79529f2?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e604979e-81e0-4c9a-844c-381599bf226e": { "id": "e604979e-81e0-4c9a-844c-381599bf226e", "title": "Zoho Campaigns <= 2.0.6 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Zoho Campaigns", "slug": "zoho-campaigns", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e604979e-81e0-4c9a-844c-381599bf226e?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e608c75f-dd84-4921-ae61-2bfa5cd717a5": { "id": "e608c75f-dd84-4921-ae61-2bfa5cd717a5", "title": "BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BannerMan", "slug": "bannerman", "affected_versions": { "* - 0.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e608c75f-dd84-4921-ae61-2bfa5cd717a5?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6090a49-f3dc-4b7b-bc86-eb7ec57b7ba4": { "id": "e6090a49-f3dc-4b7b-bc86-eb7ec57b7ba4", "title": "Stock Locations for WooCommerce <= 2.5.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Stock Locations for WooCommerce", "slug": "stock-locations-for-woocommerce", "affected_versions": { "* - 2.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6090a49-f3dc-4b7b-bc86-eb7ec57b7ba4?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e60de5d9-34f8-4068-b656-11b2b6cb36d4": { "id": "e60de5d9-34f8-4068-b656-11b2b6cb36d4", "title": "Keyring < 1.5.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Keyring", "slug": "keyring", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e60de5d9-34f8-4068-b656-11b2b6cb36d4?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e61110fc-cc2d-4207-97b6-b21459334216": { "id": "e61110fc-cc2d-4207-97b6-b21459334216", "title": "ADFO \u2013 Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ADFO \u2013 Custom data in admin dashboard", "slug": "admin-form", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e61110fc-cc2d-4207-97b6-b21459334216?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e615833a-0408-4e39-b63d-075bff39a9bf": { "id": "e615833a-0408-4e39-b63d-075bff39a9bf", "title": "DupeOff <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DupeOff", "slug": "dupeoff", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e615833a-0408-4e39-b63d-075bff39a9bf?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e61a5989-ea75-4c11-a937-66488ecdb10d": { "id": "e61a5989-ea75-4c11-a937-66488ecdb10d", "title": "Cookie Notification Plugin for WordPress < 1.0.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Cookie Notification Plugin for WordPress \u2013 WP Cookie User Info", "slug": "wp-cookie-user-info", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e61a5989-ea75-4c11-a937-66488ecdb10d?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e61b6e54-b330-41a5-b13f-ba11c10d8bfe": { "id": "e61b6e54-b330-41a5-b13f-ba11c10d8bfe", "title": "Simple File List <= 6.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 6.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e61b6e54-b330-41a5-b13f-ba11c10d8bfe?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e61f1835-2e56-40c8-b4b9-b3b9766d7e46": { "id": "e61f1835-2e56-40c8-b4b9-b3b9766d7e46", "title": "Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Homepage Pop-up", "slug": "homepage-pop-up", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e61f1835-2e56-40c8-b4b9-b3b9766d7e46?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e620328e-f4f4-4f3a-8767-efbc676f72a4": { "id": "e620328e-f4f4-4f3a-8767-efbc676f72a4", "title": "WordPress Core < 4.7.1 - Cross-Site Request Forgery via Uploading Flash File", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.16": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.16", "to_inclusive": true }, "3.8 - 3.8.16": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.16", "to_inclusive": true }, "3.9 - 3.9.14": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true }, "4.0 - 4.0.13": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.13", "to_inclusive": true }, "4.1 - 4.1.13": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true }, "4.2 - 4.2.10": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.10", "to_inclusive": true }, "4.3 - 4.3.6": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true }, "4.4 - 4.4.5": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true }, "4.5 - 4.5.4": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true }, "4.6 - 4.6.1": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true }, "4.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.17", "3.8.17", "3.9.15", "4.0.14", "4.1.14", "4.2.11", "4.3.7", "4.4.6", "4.5.5", "4.6.2", "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e620328e-f4f4-4f3a-8767-efbc676f72a4?source=api-scan" ], "published": "2017-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e621c82c-ab35-4188-a592-03c09b70f0ae": { "id": "e621c82c-ab35-4188-a592-03c09b70f0ae", "title": "Web Directory Free <= 1.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Web Directory Free", "slug": "web-directory-free", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e621c82c-ab35-4188-a592-03c09b70f0ae?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e625130f-8e21-4baf-9d3c-4cbb806b9e52": { "id": "e625130f-8e21-4baf-9d3c-4cbb806b9e52", "title": "Relevanssi \u2013 A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search (Pro)", "slug": "relevanssi-premium", "affected_versions": { "* - 2.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.25.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.25.2" ] }, { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "* - 4.22.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.22.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.22.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e625130f-8e21-4baf-9d3c-4cbb806b9e52?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6270944-31c0-4d6d-a23f-87fce37ff8b0": { "id": "e6270944-31c0-4d6d-a23f-87fce37ff8b0", "title": "SyntaxHighlighter Evolved <= 3.1.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SyntaxHighlighter Evolved", "slug": "syntaxhighlighter", "affected_versions": { "* - 3.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6270944-31c0-4d6d-a23f-87fce37ff8b0?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6292935-a67e-4b59-9b3c-0b71365193b7": { "id": "e6292935-a67e-4b59-9b3c-0b71365193b7", "title": "Custom Base Terms <= 1.0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'base'", "software": [ { "type": "plugin", "name": "Custom Base Terms", "slug": "custom-base-terms", "affected_versions": { "* - 1.0.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6292935-a67e-4b59-9b3c-0b71365193b7?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e62a58ec-4ea5-4241-8148-fc8801bd59b3": { "id": "e62a58ec-4ea5-4241-8148-fc8801bd59b3", "title": "Our Services Showcase <= 2.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Our Services Showcase", "slug": "our-services-showcase", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e62a58ec-4ea5-4241-8148-fc8801bd59b3?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e62a77a4-d2c4-4043-99b2-0918ea18eeb5": { "id": "e62a77a4-d2c4-4043-99b2-0918ea18eeb5", "title": "Pray For Me <= 1.0.4 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pray For Me", "slug": "pray-for-me", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e62a77a4-d2c4-4043-99b2-0918ea18eeb5?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e62fa16f-a4a1-44a7-9a66-abafd8dddf67": { "id": "e62fa16f-a4a1-44a7-9a66-abafd8dddf67", "title": "Jetpack <= 12.6.2 - Improper Authorization via WPCom External Media REST endpoints", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 12.7)": { "from_version": "*", "from_inclusive": true, "to_version": "12.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e62fa16f-a4a1-44a7-9a66-abafd8dddf67?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e635dfb3-002d-4197-b14a-0136a1990a75": { "id": "e635dfb3-002d-4197-b14a-0136a1990a75", "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button", "software": [ { "type": "plugin", "name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "slug": "pagelayer", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e635dfb3-002d-4197-b14a-0136a1990a75?source=api-scan" ], "published": "2024-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e637044d-9b49-4de5-b8b8-d48a0e5e1afc": { "id": "e637044d-9b49-4de5-b8b8-d48a0e5e1afc", "title": "Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.19.20": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e637044d-9b49-4de5-b8b8-d48a0e5e1afc?source=api-scan" ], "published": "2024-07-16 18:29:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e63c566d-744b-42f5-9ba6-9007cc60313a": { "id": "e63c566d-744b-42f5-9ba6-9007cc60313a", "title": "SiteOrigin Widgets Bundle <= 1.58.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SiteOrigin Widgets Bundle", "slug": "so-widgets-bundle", "affected_versions": { "* - 1.58.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.58.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.58.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e63c566d-744b-42f5-9ba6-9007cc60313a?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e63da1a9-235d-4a6e-95e0-ac4488dc9eff": { "id": "e63da1a9-235d-4a6e-95e0-ac4488dc9eff", "title": "WP Site Protect <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Site Protect", "slug": "wp-site-protect", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e63da1a9-235d-4a6e-95e0-ac4488dc9eff?source=api-scan" ], "published": "2017-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e641453c-8fa0-4b44-b912-b797aeae1795": { "id": "e641453c-8fa0-4b44-b912-b797aeae1795", "title": "Comments - wpDiscuz <= 7.3.3 - Arbitrary Comment Addition\/Edition\/Deletion by Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "[*, 7.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e641453c-8fa0-4b44-b912-b797aeae1795?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6460406-da83-4dad-97a5-fe961f0c46fc": { "id": "e6460406-da83-4dad-97a5-fe961f0c46fc", "title": "Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode", "software": [ { "type": "plugin", "name": "Tippy", "slug": "tippy", "affected_versions": { "* - 6.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6460406-da83-4dad-97a5-fe961f0c46fc?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e647d1ff-2d2c-43e4-b723-28ed410c4b3a": { "id": "e647d1ff-2d2c-43e4-b723-28ed410c4b3a", "title": "Classic Editor Addon < 2.6.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Classic Editor +", "slug": "classic-editor-addon", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e647d1ff-2d2c-43e4-b723-28ed410c4b3a?source=api-scan" ], "published": "2022-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e647fcde-e36a-4432-abec-73e414991e96": { "id": "e647fcde-e36a-4432-abec-73e414991e96", "title": "Ditty (formerly Ditty News Ticker) <= 3.0.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "[*, 3.0.15)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e647fcde-e36a-4432-abec-73e414991e96?source=api-scan" ], "published": "2022-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6481a6e-5875-44d8-9b24-594fb73e8942": { "id": "e6481a6e-5875-44d8-9b24-594fb73e8942", "title": "Covert VideoPress (All Known Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Covert VideoPress Theme", "slug": "covertvideopress", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6481a6e-5875-44d8-9b24-594fb73e8942?source=api-scan" ], "published": "2013-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e649765f-c051-438e-ba9a-df9a91fef428": { "id": "e649765f-c051-438e-ba9a-df9a91fef428", "title": "Zotpress <= 7.3.9 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zotpress", "slug": "zotpress", "affected_versions": { "* - 7.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e649765f-c051-438e-ba9a-df9a91fef428?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6499f46-b3b6-496f-a9bc-531bcbba2418": { "id": "e6499f46-b3b6-496f-a9bc-531bcbba2418", "title": "WP Sort Order <= 1.3.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Sort Order", "slug": "wp-sort-order", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6499f46-b3b6-496f-a9bc-531bcbba2418?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e64a688c-c150-4b10-81ef-bbe7f6dd1b8e": { "id": "e64a688c-c150-4b10-81ef-bbe7f6dd1b8e", "title": "Integration for Contact Form 7 and Salesforce <= 1.3.3 - Open Redirect", "software": [ { "type": "plugin", "name": "Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms", "slug": "cf7-salesforce", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e64a688c-c150-4b10-81ef-bbe7f6dd1b8e?source=api-scan" ], "published": "2023-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e64e41a1-ea8e-41b4-911c-672caf0d2df1": { "id": "e64e41a1-ea8e-41b4-911c-672caf0d2df1", "title": "UserPlus <= 2.0 - Missing Authorization via Multiple Functions", "software": [ { "type": "plugin", "name": "User registration & user profile \u2013 UserPlus", "slug": "userplus", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e64e41a1-ea8e-41b4-911c-672caf0d2df1?source=api-scan" ], "published": "2024-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e651766b-705d-415d-90bc-8b4f4418222c": { "id": "e651766b-705d-415d-90bc-8b4f4418222c", "title": "Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Field For WP Job Manager", "slug": "custom-field-for-wp-job-manager", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e651766b-705d-415d-90bc-8b4f4418222c?source=api-scan" ], "published": "2023-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e659cc27-ae01-4d7b-a6f4-9fcb2aeb1b57": { "id": "e659cc27-ae01-4d7b-a6f4-9fcb2aeb1b57", "title": "Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Qe SEO Handyman", "slug": "qe-seo-handyman", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e659cc27-ae01-4d7b-a6f4-9fcb2aeb1b57?source=api-scan" ], "published": "2022-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e65cf73b-349b-4982-b6ec-a2c94d327d0a": { "id": "e65cf73b-349b-4982-b6ec-a2c94d327d0a", "title": "Marekkis Watermark-Plugin <= 0.9.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Marekkis Watermark-Plugin", "slug": "marekkis-watermark", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e65cf73b-349b-4982-b6ec-a2c94d327d0a?source=api-scan" ], "published": "2013-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e662761d-1dc8-4998-83b5-316ce683b5b6": { "id": "e662761d-1dc8-4998-83b5-316ce683b5b6", "title": "Persian WooCommerce <= 5.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\u0648\u0648\u06a9\u0627\u0645\u0631\u0633 \u0641\u0627\u0631\u0633\u06cc", "slug": "persian-woocommerce", "affected_versions": { "* - 5.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e662761d-1dc8-4998-83b5-316ce683b5b6?source=api-scan" ], "published": "2022-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6650eb7-143f-4c8f-b18f-056fc82972fc": { "id": "e6650eb7-143f-4c8f-b18f-056fc82972fc", "title": "Product Reviews Import Export for WooCommerce <= 1.4.8 - CSV Injection", "software": [ { "type": "plugin", "name": "Product Reviews Import Export for WooCommerce", "slug": "product-reviews-import-export-for-woocommerce", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6650eb7-143f-4c8f-b18f-056fc82972fc?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e669ae60-c015-4b84-86a8-56aab9fe23bd": { "id": "e669ae60-c015-4b84-86a8-56aab9fe23bd", "title": "WordPress Core < 2.6.5 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e669ae60-c015-4b84-86a8-56aab9fe23bd?source=api-scan" ], "published": "2008-12-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e66b5c12-3acb-41f7-ae5f-8a9130053e45": { "id": "e66b5c12-3acb-41f7-ae5f-8a9130053e45", "title": "The Plus Addons for Elementor <= 5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e66b5c12-3acb-41f7-ae5f-8a9130053e45?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e66d0c9c-39a2-4f09-b87f-630f1a8054ea": { "id": "e66d0c9c-39a2-4f09-b87f-630f1a8054ea", "title": "BulletProof Security <= 6.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "[*, 6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e66d0c9c-39a2-4f09-b87f-630f1a8054ea?source=api-scan" ], "published": "2022-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e67422cc-c1ad-40b6-abae-23447e2ff491": { "id": "e67422cc-c1ad-40b6-abae-23447e2ff491", "title": "Customer Service Software & Support Ticket System < 5.10.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Customer Service Software & Support Ticket System", "slug": "wp-ticket", "affected_versions": { "[*, 5.10.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.10.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e67422cc-c1ad-40b6-abae-23447e2ff491?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e675d64c-cbb8-4f24-9b6f-2597a97b49af": { "id": "e675d64c-cbb8-4f24-9b6f-2597a97b49af", "title": "POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e679b853-3207-47c9-9cbe-d3ce3826cd00": { "id": "e679b853-3207-47c9-9cbe-d3ce3826cd00", "title": "Rate My Post \u2013 Star Rating Plugin by FeedbackWP <= 3.4.4 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Rate My Post \u2013 Star Rating Plugin by FeedbackWP", "slug": "rate-my-post", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e679b853-3207-47c9-9cbe-d3ce3826cd00?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e67b6467-b96b-431c-9a0d-91919ab1c138": { "id": "e67b6467-b96b-431c-9a0d-91919ab1c138", "title": "WooCommerce License Manager <= 5.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce License Manager", "slug": "fs-license-manager", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e67b6467-b96b-431c-9a0d-91919ab1c138?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e67dfe0f-ac1c-4a78-bfc9-0cfd6c3040d4": { "id": "e67dfe0f-ac1c-4a78-bfc9-0cfd6c3040d4", "title": "Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Filterable Portfolio", "slug": "responsive-filterable-portfolio", "affected_versions": { "* - 1.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e67dfe0f-ac1c-4a78-bfc9-0cfd6c3040d4?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6809f7f-4495-4185-b439-820010afc305": { "id": "e6809f7f-4495-4185-b439-820010afc305", "title": "WooCommerce JazzCash Gateway Plugin <= 2.0 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce JazzCash Gateway Plugin", "slug": "jazzcash-woocommerce-gateway", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6809f7f-4495-4185-b439-820010afc305?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6838714-4128-47c5-b596-91cfc68abade": { "id": "e6838714-4128-47c5-b596-91cfc68abade", "title": "Caldera forms <= 1.9.4 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Caldera Forms \u2013 More Than Contact Forms", "slug": "caldera-forms", "affected_versions": { "[*, 1.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6838714-4128-47c5-b596-91cfc68abade?source=api-scan" ], "published": "2021-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e68bbee2-1c1a-4751-988e-dde423f8aab3": { "id": "e68bbee2-1c1a-4751-988e-dde423f8aab3", "title": "PowerPack Pro for Elementor < 2.10.8 - Cross-Site Request Forgery to Plugin Settings Modification and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PowerPack Pro for Elementor", "slug": "powerpack-elements", "affected_versions": { "[*, 2.10.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e68bbee2-1c1a-4751-988e-dde423f8aab3?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e69122ed-8f18-4f2d-ba77-7538c7b6de6d": { "id": "e69122ed-8f18-4f2d-ba77-7538c7b6de6d", "title": "Akismet Spam Protection < 2.0.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Akismet Anti-spam: Spam Protection", "slug": "akismet", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e69122ed-8f18-4f2d-ba77-7538c7b6de6d?source=api-scan" ], "published": "2007-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e694ef1a-3e81-4995-a96b-2417cb308ce6": { "id": "e694ef1a-3e81-4995-a96b-2417cb308ce6", "title": "Logo Carousel \u2013 Clients logo carousel for WP <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Logo Carousel \u2013 Clients logo carousel for WP", "slug": "responsive-client-logo-carousel-slider", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e694ef1a-3e81-4995-a96b-2417cb308ce6?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6977a58-cce0-4ae8-abe6-1870bbb2bf06": { "id": "e6977a58-cce0-4ae8-abe6-1870bbb2bf06", "title": "Youzify <= 1.1.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6977a58-cce0-4ae8-abe6-1870bbb2bf06?source=api-scan" ], "published": "2022-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6a2580f-4a40-4aed-acbf-afecbd16bbf7": { "id": "e6a2580f-4a40-4aed-acbf-afecbd16bbf7", "title": "WTI Like Post <= 1.4.6 - IP Spoofing", "software": [ { "type": "plugin", "name": "WTI Like Post", "slug": "wti-like-post", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6a2580f-4a40-4aed-acbf-afecbd16bbf7?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6a9ae9e-17f2-4fcb-8428-f6bf1a500bc4": { "id": "e6a9ae9e-17f2-4fcb-8428-f6bf1a500bc4", "title": "FooGallery <= 1.8.12 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "* - 1.8.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6a9ae9e-17f2-4fcb-8428-f6bf1a500bc4?source=api-scan" ], "published": "2020-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6b289c2-0e04-43b1-baf1-6a594cc47ea0": { "id": "e6b289c2-0e04-43b1-baf1-6a594cc47ea0", "title": "AntiSpam for Contact Form 7 <= 0.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AntiSpam for Contact Form 7", "slug": "cf7-antispam", "affected_versions": { "* - 0.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6b289c2-0e04-43b1-baf1-6a594cc47ea0?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6bb3680-0623-4633-971e-3bc4a52dfad3": { "id": "e6bb3680-0623-4633-971e-3bc4a52dfad3", "title": "WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "WP Show Posts", "slug": "wp-show-posts", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6bb3680-0623-4633-971e-3bc4a52dfad3?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6c01d91-a912-4826-97eb-fd77368ae117": { "id": "e6c01d91-a912-4826-97eb-fd77368ae117", "title": "Nextgen Gallery <= 3.59 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.59": { "from_version": "*", "from_inclusive": true, "to_version": "3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.59.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6c01d91-a912-4826-97eb-fd77368ae117?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6c4e102-7a09-4a01-8fa2-40f5f41d45ab": { "id": "e6c4e102-7a09-4a01-8fa2-40f5f41d45ab", "title": "ACF Photo Gallery Field <= 1.7.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ACF Photo Gallery Field", "slug": "navz-photo-gallery", "affected_versions": { "* - 1.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6c4e102-7a09-4a01-8fa2-40f5f41d45ab?source=api-scan" ], "published": "2021-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6d14dd6-ff1c-475b-8cff-efc7736124b4": { "id": "e6d14dd6-ff1c-475b-8cff-efc7736124b4", "title": "Aparat <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Aparat", "slug": "aparat", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6d14dd6-ff1c-475b-8cff-efc7736124b4?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6d195cd-4df8-4926-b834-d695fc05f81d": { "id": "e6d195cd-4df8-4926-b834-d695fc05f81d", "title": "Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Slider Hero with Animation, Video Background", "slug": "slider-hero", "affected_versions": { "* - 8.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6d195cd-4df8-4926-b834-d695fc05f81d?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6d1ad58-894c-40ed-968e-9ce64eebba55": { "id": "e6d1ad58-894c-40ed-968e-9ce64eebba55", "title": "Advanced Booking Calendar <= 1.6.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Booking Calendar", "slug": "advanced-booking-calendar", "affected_versions": { "[*, 1.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6d1ad58-894c-40ed-968e-9ce64eebba55?source=api-scan" ], "published": "2020-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6d40b41-540d-476d-afde-970845543933": { "id": "e6d40b41-540d-476d-afde-970845543933", "title": "Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys", "software": [ { "type": "plugin", "name": "Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups", "slug": "wordpress-popup", "affected_versions": { "* - 7.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6d40b41-540d-476d-afde-970845543933?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6d5036a-c756-47a6-b071-c393f8a6ce5e": { "id": "e6d5036a-c756-47a6-b071-c393f8a6ce5e", "title": "Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Medibazar - Medical WooCommerce Theme", "slug": "medibazar", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Machic - Electronics Store WooCommerce Theme", "slug": "machic-core", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Furnob - Furniture Store WooCommerce Theme", "slug": "furnob", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Cosmetsy - Beauty Cosmetics Shop Theme", "slug": "cosmetsy", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Clotya - Fashion Store eCommerce Theme", "slug": "clotya", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Bacola - Grocery Store and Food eCommerce Theme", "slug": "bacola", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Partdo - Auto Parts and Tools Shop WooCommerce Theme", "slug": "partdo", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6d5036a-c756-47a6-b071-c393f8a6ce5e?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6dbbb52-4202-4d69-837f-c7d5ca06fab5": { "id": "e6dbbb52-4202-4d69-837f-c7d5ca06fab5", "title": "Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "[*, 3.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6dbbb52-4202-4d69-837f-c7d5ca06fab5?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6de7a25-3079-4023-9faa-7a63952afe25": { "id": "e6de7a25-3079-4023-9faa-7a63952afe25", "title": "Crayon Syntax Highlighter <= 2.6.10 - Directory Traversal", "software": [ { "type": "plugin", "name": "Crayon Syntax Highlighter", "slug": "crayon-syntax-highlighter", "affected_versions": { "[*, 2.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6de7a25-3079-4023-9faa-7a63952afe25?source=api-scan" ], "published": "2015-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6e114a3-8a17-4c79-9829-374646b53ed4": { "id": "e6e114a3-8a17-4c79-9829-374646b53ed4", "title": "Server Status by Hostname\/IP <= 4.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Server Status by Hostname\/IP", "slug": "server-status-by-hostnameip", "affected_versions": { "* - 4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6e114a3-8a17-4c79-9829-374646b53ed4?source=api-scan" ], "published": "2019-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6e48963-e773-46e1-ae45-03fe5e20f09e": { "id": "e6e48963-e773-46e1-ae45-03fe5e20f09e", "title": "WP Cerber < 8.9.3 - Access Bypass Control", "software": [ { "type": "plugin", "name": "WP Cerber Security, Anti-spam & Malware Scan", "slug": "wp-cerber", "affected_versions": { "[*, 8.9.3)": { "from_version": "*", "from_inclusive": true, "to_version": "8.9.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6e48963-e773-46e1-ae45-03fe5e20f09e?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6e96578-d54b-4c45-91cd-f143311445ea": { "id": "e6e96578-d54b-4c45-91cd-f143311445ea", "title": "PayPlus Payment Gateway <= 7.0.7 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "PayPlus Payment Gateway", "slug": "payplus-payment-gateway", "affected_versions": { "* - 7.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6e96578-d54b-4c45-91cd-f143311445ea?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6ebce82-6260-489e-b0b1-5037a0100626": { "id": "e6ebce82-6260-489e-b0b1-5037a0100626", "title": "YourChannel <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'yrc_lang[Videos]'", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6ebce82-6260-489e-b0b1-5037a0100626?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6eea2cb-a2a9-4f65-9aea-b88565e47503": { "id": "e6eea2cb-a2a9-4f65-9aea-b88565e47503", "title": "ProfileGrid <= 5.7.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6eea2cb-a2a9-4f65-9aea-b88565e47503?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6f1907e-9584-4ff7-8cf5-b285b7df9ec4": { "id": "e6f1907e-9584-4ff7-8cf5-b285b7df9ec4", "title": "simpleSAMLphp Authentication <= 0.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "simpleSAMLphp Authentication", "slug": "simplesamlphp-authentication", "affected_versions": { "* - 0.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6f1907e-9584-4ff7-8cf5-b285b7df9ec4?source=api-scan" ], "published": "2021-09-08 20:09:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6f549c8-673b-4032-9b56-5a2e2239eff3": { "id": "e6f549c8-673b-4032-9b56-5a2e2239eff3", "title": "WP Statistics <= 13.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "[*, 13.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "13.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "13.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6f549c8-673b-4032-9b56-5a2e2239eff3?source=api-scan" ], "published": "2022-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e6f6dab2-da03-43b6-b9c1-ebc6a7e1d1c9": { "id": "e6f6dab2-da03-43b6-b9c1-ebc6a7e1d1c9", "title": "WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "WooCommerce Product Carousel Slider", "slug": "product-carousel-slider-for-woocommerce", "affected_versions": { "* - 3.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e6f6dab2-da03-43b6-b9c1-ebc6a7e1d1c9?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e700a02f-21a7-4786-b7a7-d0c83a9314e3": { "id": "e700a02f-21a7-4786-b7a7-d0c83a9314e3", "title": "ILC Thickbox <= 1.0 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "ILC Thickbox", "slug": "ilc-thickbox", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e700a02f-21a7-4786-b7a7-d0c83a9314e3?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e702675c-b3ec-458b-a382-cba5c03879c2": { "id": "e702675c-b3ec-458b-a382-cba5c03879c2", "title": "OnePress Opt-In Panda <= 2.6.2 - Missing Authorization on AJAX Actions", "software": [ { "type": "plugin", "name": "OnePress Opt-In Panda", "slug": "opt-in-panda", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e702675c-b3ec-458b-a382-cba5c03879c2?source=api-scan" ], "published": "2022-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7028184-2b16-45a8-893a-37eb74bab329": { "id": "e7028184-2b16-45a8-893a-37eb74bab329", "title": "WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WRC Pricing Tables \u2013 WordPress Responsive CSS3 Pricing Tables", "slug": "wrc-pricing-tables", "affected_versions": { "* - 2.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7028184-2b16-45a8-893a-37eb74bab329?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e703d411-d608-43cc-8806-1d1e837cf797": { "id": "e703d411-d608-43cc-8806-1d1e837cf797", "title": "WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "[*, 5.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e703d411-d608-43cc-8806-1d1e837cf797?source=api-scan" ], "published": "2017-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e709eb98-d814-45aa-baeb-90a1d7471bcc": { "id": "e709eb98-d814-45aa-baeb-90a1d7471bcc", "title": "WP MultiTasking <= 0.1.12 - Cross-Site Request Forgery to Welcome Popup Update", "software": [ { "type": "plugin", "name": "WP MultiTasking \u2013 WP Utilities", "slug": "wp-multitasking", "affected_versions": { "* - 0.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.12", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e709eb98-d814-45aa-baeb-90a1d7471bcc?source=api-scan" ], "published": "2024-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7113b1c-78dc-4648-b14a-52ff6668fd1d": { "id": "e7113b1c-78dc-4648-b14a-52ff6668fd1d", "title": "Classified Listing \u2013 Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion", "software": [ { "type": "plugin", "name": "Classified Listing \u2013 Classified ads & Business Directory Plugin", "slug": "classified-listing", "affected_versions": { "* - 3.0.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7113b1c-78dc-4648-b14a-52ff6668fd1d?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e71386ea-0546-4aa7-b77a-e1824e80accc": { "id": "e71386ea-0546-4aa7-b77a-e1824e80accc", "title": "Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e71386ea-0546-4aa7-b77a-e1824e80accc?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e71e3624-ccda-4c9c-90e9-e557dd19b644": { "id": "e71e3624-ccda-4c9c-90e9-e557dd19b644", "title": "Popup Box \u2013 Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "* - 4.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e71e3624-ccda-4c9c-90e9-e557dd19b644?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7203b5c-5753-453c-8fc2-26fcebdeea5b": { "id": "e7203b5c-5753-453c-8fc2-26fcebdeea5b", "title": "Stream <= 3.9.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Stream", "slug": "stream", "affected_versions": { "* - 3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7203b5c-5753-453c-8fc2-26fcebdeea5b?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e724394d-97aa-42e4-b36e-6e49bfefa2f6": { "id": "e724394d-97aa-42e4-b36e-6e49bfefa2f6", "title": "ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e724394d-97aa-42e4-b36e-6e49bfefa2f6?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7263e89-94b2-42e6-a7ed-a86579ce649e": { "id": "e7263e89-94b2-42e6-a7ed-a86579ce649e", "title": "Smart Online Order for Clover <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode", "software": [ { "type": "plugin", "name": "Smart Online Order for Clover", "slug": "clover-online-orders", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7263e89-94b2-42e6-a7ed-a86579ce649e?source=api-scan" ], "published": "2024-10-14 19:57:34", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e72b7e6b-c8ad-44be-b23d-69e8a27670ea": { "id": "e72b7e6b-c8ad-44be-b23d-69e8a27670ea", "title": "ShortPixel Adaptive Images <= 3.8.3 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "ShortPixel Adaptive Images \u2013 WebP, AVIF, CDN, Image Optimization", "slug": "shortpixel-adaptive-images", "affected_versions": { "* - 3.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e72b7e6b-c8ad-44be-b23d-69e8a27670ea?source=api-scan" ], "published": "2024-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e72e35de-caeb-4ecb-8d13-72fd2df4dd69": { "id": "e72e35de-caeb-4ecb-8d13-72fd2df4dd69", "title": "HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HAL", "slug": "hal", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e72e35de-caeb-4ecb-8d13-72fd2df4dd69?source=api-scan" ], "published": "2021-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e72e87ae-f5c0-4582-a644-b90e93d98e74": { "id": "e72e87ae-f5c0-4582-a644-b90e93d98e74", "title": "WordPress Core < 4.4.2 - Open Redirect via wp_validate_redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.12": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.12", "to_inclusive": true }, "3.8 - 3.8.12": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.12", "to_inclusive": true }, "3.9 - 3.9.10": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.10", "to_inclusive": true }, "4.0 - 4.0.9": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.9", "to_inclusive": true }, "4.1 - 4.1.9": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.9", "to_inclusive": true }, "4.2 - 4.2.6": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.6", "to_inclusive": true }, "4.3 - 4.3.2": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.2", "to_inclusive": true }, "4.4 - 4.4.1": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.13", "3.8.13", "3.9.11", "4.0.10", "4.1.10", "4.2.7", "4.3.3", "4.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e72e87ae-f5c0-4582-a644-b90e93d98e74?source=api-scan" ], "published": "2016-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e730114e-bbe1-4385-84cc-a5484acc9da7": { "id": "e730114e-bbe1-4385-84cc-a5484acc9da7", "title": "Jobs for WordPress <= 2.5.10.2 - Authenticated (Author+) Cross Site Scripting", "software": [ { "type": "plugin", "name": "Jobs for WordPress", "slug": "job-postings", "affected_versions": { "* - 2.5.10.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.10.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e730114e-bbe1-4385-84cc-a5484acc9da7?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e731292a-4f95-46eb-889e-b00d58f3444e": { "id": "e731292a-4f95-46eb-889e-b00d58f3444e", "title": "Profile Builder \u2013 User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e731292a-4f95-46eb-889e-b00d58f3444e?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e732031f-378a-4e71-8559-19c5e957d38b": { "id": "e732031f-378a-4e71-8559-19c5e957d38b", "title": "Album Gallery \u2013 WordPress Gallery <= 1.5.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Album Gallery \u2013 WordPress Gallery", "slug": "new-album-gallery", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e732031f-378a-4e71-8559-19c5e957d38b?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7346f1e-a101-4131-8950-dbb0af4505f2": { "id": "e7346f1e-a101-4131-8950-dbb0af4505f2", "title": "Community by PeepSo <= 6.0.2.0 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.0.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7346f1e-a101-4131-8950-dbb0af4505f2?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e743e656-2dd9-43ed-a190-b03af7c75c54": { "id": "e743e656-2dd9-43ed-a190-b03af7c75c54", "title": "Abandoned Cart Lite for WooCommerce <= 5.14.1 - Cross-Site Request Forgery via ts_reset_tracking_setting", "software": [ { "type": "plugin", "name": "Abandoned Cart Lite for WooCommerce", "slug": "woocommerce-abandoned-cart", "affected_versions": { "[*, 5.14.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.14.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.14.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e743e656-2dd9-43ed-a190-b03af7c75c54?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7465ca4-21e8-4935-b294-e7378b2b01a7": { "id": "e7465ca4-21e8-4935-b294-e7378b2b01a7", "title": "Modern Events Calendar lite < 6.10.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "[*, 6.10.5)": { "from_version": "*", "from_inclusive": true, "to_version": "6.10.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7465ca4-21e8-4935-b294-e7378b2b01a7?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e74be387-1413-49c5-91c6-66e620562b42": { "id": "e74be387-1413-49c5-91c6-66e620562b42", "title": "Hustle <= 7.6.4 = Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups", "slug": "wordpress-popup", "affected_versions": { "* - 7.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e74be387-1413-49c5-91c6-66e620562b42?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e74ff260-48af-4fc2-80d8-1ff2403f8f33": { "id": "e74ff260-48af-4fc2-80d8-1ff2403f8f33", "title": "Taxonomy filter <= 2.2.9 - Cross-Site Request Forgery via taxonomy_filter_save_main_settings()", "software": [ { "type": "plugin", "name": "Taxonomy Filter", "slug": "taxonomy-filter", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e74ff260-48af-4fc2-80d8-1ff2403f8f33?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7506429-7f8a-45b5-b1b0-6fdb39599ee5": { "id": "e7506429-7f8a-45b5-b1b0-6fdb39599ee5", "title": "Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal", "software": [ { "type": "plugin", "name": "Adning Advertising", "slug": "angwp", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=api-scan" ], "published": "2020-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7535b43-dcf0-4d00-833a-d9d86b2520d5": { "id": "e7535b43-dcf0-4d00-833a-d9d86b2520d5", "title": "Anthologize <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Anthologize", "slug": "anthologize", "affected_versions": { "* - 0.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7535b43-dcf0-4d00-833a-d9d86b2520d5?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e757ca2f-c4d9-4747-9f84-75ef8a54d485": { "id": "e757ca2f-c4d9-4747-9f84-75ef8a54d485", "title": "PeproDev CF7 Database <= 1.8.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PeproDev CF7 Database", "slug": "pepro-cf7-database", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e757ca2f-c4d9-4747-9f84-75ef8a54d485?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e758b973-dc2f-4bcf-9846-56ddd73f38db": { "id": "e758b973-dc2f-4bcf-9846-56ddd73f38db", "title": "Backup and Restore plugin \u2013 WordPress <= 1.0.3 - Authenticated (Admin+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Backup and Restore plugin \u2013 WordPress", "slug": "backup-and-restore-for-wp", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e758b973-dc2f-4bcf-9846-56ddd73f38db?source=api-scan" ], "published": "2021-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e75a96ab-499b-4f1d-a60b-a5aa9d804363": { "id": "e75a96ab-499b-4f1d-a60b-a5aa9d804363", "title": "Plugin Logic <= 1.0.7 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Plugin Logic", "slug": "plugin-logic", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e75a96ab-499b-4f1d-a60b-a5aa9d804363?source=api-scan" ], "published": "2022-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e75b3cc3-5bd6-4af9-94bf-2c3b6270e1c5": { "id": "e75b3cc3-5bd6-4af9-94bf-2c3b6270e1c5", "title": "Icegram Engage <= 2.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Icegram Engage \u2013 Ultimate WP Popup Builder, Lead Generation, Optins, and CTA", "slug": "icegram", "affected_versions": { "[*, 2.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e75b3cc3-5bd6-4af9-94bf-2c3b6270e1c5?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e75cc91a-9117-4d18-ba70-d8cbae42cd08": { "id": "e75cc91a-9117-4d18-ba70-d8cbae42cd08", "title": "Post Type Builder <= 2.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Type Builder", "slug": "themify-ptb", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e75cc91a-9117-4d18-ba70-d8cbae42cd08?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e75f7e1a-f3bb-4b24-bf04-b83d0e572551": { "id": "e75f7e1a-f3bb-4b24-bf04-b83d0e572551", "title": "Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e75f7e1a-f3bb-4b24-bf04-b83d0e572551?source=api-scan" ], "published": "2024-05-15 20:30:53", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7613875-b44e-4b91-9a5b-41ea0854cd61": { "id": "e7613875-b44e-4b91-9a5b-41ea0854cd61", "title": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds", "slug": "another-wordpress-classifieds-plugin", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7613875-b44e-4b91-9a5b-41ea0854cd61?source=api-scan" ], "published": "2012-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e764e567-524e-40b9-aa9f-653a5553375d": { "id": "e764e567-524e-40b9-aa9f-653a5553375d", "title": "Participants Database <= 2.4.5 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Participants Database", "slug": "participants-database", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e764e567-524e-40b9-aa9f-653a5553375d?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e766f735-f5b2-4189-b4b1-40161c5aba8b": { "id": "e766f735-f5b2-4189-b4b1-40161c5aba8b", "title": "WP HTML Sitemap <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "wp-html-sitemap", "slug": "wp-html-sitemap", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e766f735-f5b2-4189-b4b1-40161c5aba8b?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e76e4c4c-3f84-46b0-b305-2513714a8525": { "id": "e76e4c4c-3f84-46b0-b305-2513714a8525", "title": "Proofreading <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Proofreading", "slug": "proofreading", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e76e4c4c-3f84-46b0-b305-2513714a8525?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e76f5e04-f38e-4c65-858b-af646f53de3a": { "id": "e76f5e04-f38e-4c65-858b-af646f53de3a", "title": "Light Poll <= 1.0.0 - Cross-Site Request Forgery to Poll Deletion", "software": [ { "type": "plugin", "name": "Light Poll", "slug": "light-poll", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e76f5e04-f38e-4c65-858b-af646f53de3a?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e77082a7-dd65-40e9-a1be-0144afa869ef": { "id": "e77082a7-dd65-40e9-a1be-0144afa869ef", "title": "Simple:Press <= 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Signatures", "software": [ { "type": "plugin", "name": "Simple:Press Forum", "slug": "simplepress", "affected_versions": { "* - 6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e77082a7-dd65-40e9-a1be-0144afa869ef?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e770d1fc-b941-4f0f-87ee-8b0c9edb640b": { "id": "e770d1fc-b941-4f0f-87ee-8b0c9edb640b", "title": "FL3R FeelBox <= 8.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "FL3R FeelBox", "slug": "fl3r-feelbox", "affected_versions": { "* - 8..1": { "from_version": "*", "from_inclusive": true, "to_version": "8..1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e770d1fc-b941-4f0f-87ee-8b0c9edb640b?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e772fbbe-33d5-46fa-a041-ab07d3f9318f": { "id": "e772fbbe-33d5-46fa-a041-ab07d3f9318f", "title": "Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Defender Security \u2013 Malware Scanner, Login Security & Firewall", "slug": "defender-security", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e772fbbe-33d5-46fa-a041-ab07d3f9318f?source=api-scan" ], "published": "2021-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7782522-78bc-4ad2-997e-81c8870d55fa": { "id": "e7782522-78bc-4ad2-997e-81c8870d55fa", "title": "Comments \u2013 wpDiscuz <= 7.4.2 - Insecure Direct Object References", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7782522-78bc-4ad2-997e-81c8870d55fa?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e77bb0b8-e101-4230-b707-10a3a126192d": { "id": "e77bb0b8-e101-4230-b707-10a3a126192d", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e77bb0b8-e101-4230-b707-10a3a126192d?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e78097a6-6828-4d62-abf0-995a906ad68b": { "id": "e78097a6-6828-4d62-abf0-995a906ad68b", "title": "Button Generator \u2013 easily Button Builder <= 2.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Button Generator \u2013 easily Button Builder", "slug": "button-generation", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e78097a6-6828-4d62-abf0-995a906ad68b?source=api-scan" ], "published": "2021-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e78116a6-5ce5-4567-95d4-2c19fc1b085a": { "id": "e78116a6-5ce5-4567-95d4-2c19fc1b085a", "title": "Avartan Slider Lite <= 1.5.3 - Reflected Cross-Site Scripting via 'asview-nouce'", "software": [ { "type": "plugin", "name": "Responsive WordPress Slider \u2013 Avartan Slider Lite", "slug": "avartan-slider-lite", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e78116a6-5ce5-4567-95d4-2c19fc1b085a?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7819dbf-fbcc-4dca-8300-b75ec096c541": { "id": "e7819dbf-fbcc-4dca-8300-b75ec096c541", "title": "Wordfence Security \u2013 Firewall & Malware Scan <= 7.1.13 - Reflected Cross-Site Scripting and Information Disclosure", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "[*, 7.1.14)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7819dbf-fbcc-4dca-8300-b75ec096c541?source=api-scan" ], "published": "2018-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e781e1aa-7fa2-4cea-913b-4aa582ec6a4f": { "id": "e781e1aa-7fa2-4cea-913b-4aa582ec6a4f", "title": "Blocksy <= 2.0.19 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blocksy", "slug": "blocksy", "affected_versions": { "* - 2.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e781e1aa-7fa2-4cea-913b-4aa582ec6a4f?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7837208-97e3-45f9-8f9f-b1906a4fcbcc": { "id": "e7837208-97e3-45f9-8f9f-b1906a4fcbcc", "title": "Kama Click Counter <= 3.4.9 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "Kama Click Counter", "slug": "kama-clic-counter", "affected_versions": { "* - 3.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7837208-97e3-45f9-8f9f-b1906a4fcbcc?source=api-scan" ], "published": "2017-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e78b5ed9-4e46-4bc9-9e4e-0f70bc81d1cb": { "id": "e78b5ed9-4e46-4bc9-9e4e-0f70bc81d1cb", "title": "SSL Zen \u2013 Free Let's Encrypt SSL Certificate & HTTPS\/SSL Redirect WordPress Plugin <= 4.5.0 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "SSL Certificate \u2013 Free SSL, HTTPS by SSL Zen", "slug": "ssl-zen", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e78b5ed9-4e46-4bc9-9e4e-0f70bc81d1cb?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e78c539c-5b72-4043-aa5a-6234913364ac": { "id": "e78c539c-5b72-4043-aa5a-6234913364ac", "title": "semver-regex <= 3.1.3 and 4.0.0-4.0.3 - Regular Expression Denial of Service (ReDoS)", "software": [ { "type": "plugin", "name": "Insert Special Characters", "slug": "insert-special-characters", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e78c539c-5b72-4043-aa5a-6234913364ac?source=api-scan" ], "published": "2022-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e78f4832-6d14-4eef-8e4b-f4136b0c1902": { "id": "e78f4832-6d14-4eef-8e4b-f4136b0c1902", "title": "WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Wishlist Member", "slug": "wishlist-member-x", "affected_versions": { "* - 3.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.25.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e78f4832-6d14-4eef-8e4b-f4136b0c1902?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7939401-822c-4d27-9d8c-c5680165e6a7": { "id": "e7939401-822c-4d27-9d8c-c5680165e6a7", "title": "RegistrationMagic \u2013 Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings Import to Privilege Escalation", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 4.6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7939401-822c-4d27-9d8c-c5680165e6a7?source=api-scan" ], "published": "2020-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e796b203-31b4-47c6-9018-190389ce4df7": { "id": "e796b203-31b4-47c6-9018-190389ce4df7", "title": "Portable phpMyAdmin <= 1.3.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Portable phpMyAdmin", "slug": "portable-phpmyadmin", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e796b203-31b4-47c6-9018-190389ce4df7?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e797c0ca-f348-4d9c-815e-0c1756686690": { "id": "e797c0ca-f348-4d9c-815e-0c1756686690", "title": "Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Electric Studio Client Login", "slug": "electric-studio-client-login", "affected_versions": { "* - 0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e797c0ca-f348-4d9c-815e-0c1756686690?source=api-scan" ], "published": "2023-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7a0b40b-560a-4f2a-ad6d-6b2284fd5f25": { "id": "e7a0b40b-560a-4f2a-ad6d-6b2284fd5f25", "title": "Duplicate Post WordPress Plugin <= 1.1.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Duplicate Post", "slug": "copy-delete-posts", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7a0b40b-560a-4f2a-ad6d-6b2284fd5f25?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7a24213-5191-4b6d-a2d1-7b79729e6517": { "id": "e7a24213-5191-4b6d-a2d1-7b79729e6517", "title": "SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion", "software": [ { "type": "plugin", "name": "SVS Pricing Tables", "slug": "svs-pricing-tables", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7a24213-5191-4b6d-a2d1-7b79729e6517?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7a28382-facb-43a7-892a-8ca9e7f0f62b": { "id": "e7a28382-facb-43a7-892a-8ca9e7f0f62b", "title": "SMS Alert Order Notifications \u2013 WooCommerce <= 3.6.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SMS Alert Order Notifications \u2013 WooCommerce", "slug": "sms-alert", "affected_versions": { "* - 3.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7a28382-facb-43a7-892a-8ca9e7f0f62b?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7a67693-d6e6-4492-ad26-28530e7c4a67": { "id": "e7a67693-d6e6-4492-ad26-28530e7c4a67", "title": "Community by PeepSo <= 6.3.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.3.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7a67693-d6e6-4492-ad26-28530e7c4a67?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7a6dee6-b3ff-4325-a356-4a65ab7a0ce5": { "id": "e7a6dee6-b3ff-4325-a356-4a65ab7a0ce5", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7a6dee6-b3ff-4325-a356-4a65ab7a0ce5?source=api-scan" ], "published": "2022-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7a731ff-12e9-4fab-a055-c0193b3b2da8": { "id": "e7a731ff-12e9-4fab-a055-c0193b3b2da8", "title": "WP Time Slots Booking Form <= 1.2.06 - Unauthenticated Price Manipulation", "software": [ { "type": "plugin", "name": "WP Time Slots Booking Form", "slug": "wp-time-slots-booking-form", "affected_versions": { "* - 1.2.06": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.06", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7a731ff-12e9-4fab-a055-c0193b3b2da8?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7ad57d0-375b-4a64-a61c-90b72052552f": { "id": "e7ad57d0-375b-4a64-a61c-90b72052552f", "title": "ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "ListingPro - WordPress Directory & Listing Theme", "slug": "listingpro", "affected_versions": { "* - 2.0.14.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.14.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.14.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7ad57d0-375b-4a64-a61c-90b72052552f?source=api-scan" ], "published": "2019-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7ae8dcd-00b6-4afc-85bb-6697820bb37c": { "id": "e7ae8dcd-00b6-4afc-85bb-6697820bb37c", "title": "Advanced Custom Fields (Free and Pro) 5.8.10 to 5.12.5 & 6.0.0 to 6.1.5 - Reflected Cross-Site Scripting via 'post_status'", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "5.8.10 - 5.12.5": { "from_version": "5.8.10", "from_inclusive": true, "to_version": "5.12.5", "to_inclusive": true }, "6.0.0 - 6.1.5": { "from_version": "6.0.0", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.6", "6.1.6" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "5.8.10 - 5.12.5": { "from_version": "5.8.10", "from_inclusive": true, "to_version": "5.12.5", "to_inclusive": true }, "6.0.0 - 6.1.5": { "from_version": "6.0.0", "from_inclusive": true, "to_version": "6.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.12.6", "6.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7ae8dcd-00b6-4afc-85bb-6697820bb37c?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7b49fd1-2d1e-4083-bc1d-010a9c8f4c2f": { "id": "e7b49fd1-2d1e-4083-bc1d-010a9c8f4c2f", "title": "Droit Elementor Addons <= 3.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library For Elementor Builder", "slug": "droit-elementor-addons", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7b49fd1-2d1e-4083-bc1d-010a9c8f4c2f?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe": { "id": "e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe", "title": "Move Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Move Addons for Elementor", "slug": "move-addons", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=api-scan" ], "published": "2024-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7b78960-51ff-440f-8831-d50c11961d9d": { "id": "e7b78960-51ff-440f-8831-d50c11961d9d", "title": "Deep Blue <= 1.9.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Deep Blue", "slug": "deep-blue", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7b78960-51ff-440f-8831-d50c11961d9d?source=api-scan" ], "published": "2018-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7b7e0b5-56a2-4f1f-be13-92721f4055fb": { "id": "e7b7e0b5-56a2-4f1f-be13-92721f4055fb", "title": "Product Feed PRO for WooCommerce <= 11.0.6 - Settings Update to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Feed PRO for WooCommerce by AdTribes \u2013 WooCommerce Product Feeds", "slug": "woo-product-feed-pro", "affected_versions": { "[*, 11.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "11.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7b7e0b5-56a2-4f1f-be13-92721f4055fb?source=api-scan" ], "published": "2021-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7b81559-93a2-4e50-b213-0e22eea8a219": { "id": "e7b81559-93a2-4e50-b213-0e22eea8a219", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_duplicate_cookiebanner", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7b81559-93a2-4e50-b213-0e22eea8a219?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7b84f9b-2b01-4e25-907d-4be735594d07": { "id": "e7b84f9b-2b01-4e25-907d-4be735594d07", "title": "WP Microblogs <= 0.4.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Microblogs", "slug": "wp-microblogs", "affected_versions": { "* - 0.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7b84f9b-2b01-4e25-907d-4be735594d07?source=api-scan" ], "published": "2014-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7bb5c89-93db-4454-a16d-b99fc14737f8": { "id": "e7bb5c89-93db-4454-a16d-b99fc14737f8", "title": "Support SVG <= 1.0.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG", "software": [ { "type": "plugin", "name": "Support SVG \u2013 Upload svg files in wordpress without hassle", "slug": "support-svg", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7bb5c89-93db-4454-a16d-b99fc14737f8?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7c98de6-7e76-48f3-aa79-57bf4f387428": { "id": "e7c98de6-7e76-48f3-aa79-57bf4f387428", "title": "1 click disable all <= 1.0.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "1 click disable all", "slug": "first-graders-toolbox", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7c98de6-7e76-48f3-aa79-57bf4f387428?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7d4830b-f60a-4556-b40f-1bf9d5a296ad": { "id": "e7d4830b-f60a-4556-b40f-1bf9d5a296ad", "title": "Stop User Enumeration <= 1.3.4 - Username Enumeration Bypasses", "software": [ { "type": "plugin", "name": "Stop User Enumeration", "slug": "stop-user-enumeration", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7d4830b-f60a-4556-b40f-1bf9d5a296ad?source=api-scan" ], "published": "2017-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7d6f828-0d7b-4ee2-a316-ab55eb7a3d70": { "id": "e7d6f828-0d7b-4ee2-a316-ab55eb7a3d70", "title": "Woocommerce Vietnam Checkout <= 2.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woocommerce Vietnam Checkout", "slug": "woo-vietnam-checkout", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7d6f828-0d7b-4ee2-a316-ab55eb7a3d70?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7d74fa8-43ba-41ac-82ec-94addc88fc52": { "id": "e7d74fa8-43ba-41ac-82ec-94addc88fc52", "title": "Feedify \u2013 Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feedify \u2013 Web Push Notifications", "slug": "push-notification-by-feedify", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7d74fa8-43ba-41ac-82ec-94addc88fc52?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7d7ec5b-0616-4895-b5bf-be25ac37fb17": { "id": "e7d7ec5b-0616-4895-b5bf-be25ac37fb17", "title": "Login as User or Customer < 1.8 - Missing Authorization to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Login as User or Customer", "slug": "login-as-customer-or-user", "affected_versions": { "[*, 1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7d7ec5b-0616-4895-b5bf-be25ac37fb17?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7e25e64-4504-4aad-aeb6-d58b5c36a4bd": { "id": "e7e25e64-4504-4aad-aeb6-d58b5c36a4bd", "title": "Time Sheets <= 1.29.2 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Time Sheets", "slug": "time-sheets", "affected_versions": { "* - 1.29.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7e25e64-4504-4aad-aeb6-d58b5c36a4bd?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7e33fbc-da1b-4109-8b29-37e1050a559b": { "id": "e7e33fbc-da1b-4109-8b29-37e1050a559b", "title": "Spectra \u2013 WordPress Gutenberg Blocks <= 2.3.1 - Captcha Bypass", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7e33fbc-da1b-4109-8b29-37e1050a559b?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7e67b84-6b75-49ca-b5cc-e80ad7f5c899": { "id": "e7e67b84-6b75-49ca-b5cc-e80ad7f5c899", "title": "Permalink Manager Lite <= 2.4.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Permalink Manager Lite", "slug": "permalink-manager", "affected_versions": { "* - 2.4.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7e67b84-6b75-49ca-b5cc-e80ad7f5c899?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7e83cee-f2c6-4de0-8801-fb63398f98fc": { "id": "e7e83cee-f2c6-4de0-8801-fb63398f98fc", "title": "Diary & Availability Calendar <= 1.0.3 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Diary & Availability Calendar", "slug": "diary-availability-calendar", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7e83cee-f2c6-4de0-8801-fb63398f98fc?source=api-scan" ], "published": "2021-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7eb6137-5c03-4f73-a478-c1c18ee91fba": { "id": "e7eb6137-5c03-4f73-a478-c1c18ee91fba", "title": "WP Business Intelligence Lite <= 1.6.2 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Business Intelligence Lite", "slug": "wp-business-intelligence-lite", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7eb6137-5c03-4f73-a478-c1c18ee91fba?source=api-scan" ], "published": "2015-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7eb9cb7-ca71-454b-bb4c-da89c8a6e584": { "id": "e7eb9cb7-ca71-454b-bb4c-da89c8a6e584", "title": "JW Player for Flash & HTML5 Video < 2.1.4 - Cross-Site Request Forgery leading to player deletion", "software": [ { "type": "plugin", "name": "JW Player for Flash & HTML5 Video", "slug": "jw-player-plugin-for-wordpress", "affected_versions": { "[*, 2.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7eb9cb7-ca71-454b-bb4c-da89c8a6e584?source=api-scan" ], "published": "2014-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7ebf975-0fa7-43cd-a4fe-99284ad3aaf6": { "id": "e7ebf975-0fa7-43cd-a4fe-99284ad3aaf6", "title": "ReDi Restaurant Reservation <= 23.0211 - Missing Authorization", "software": [ { "type": "plugin", "name": "ReDi Restaurant Reservation", "slug": "redi-restaurant-reservation", "affected_versions": { "* - 23.0211": { "from_version": "*", "from_inclusive": true, "to_version": "23.0211", "to_inclusive": true } }, "patched": true, "patched_versions": [ "23.0212" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7ebf975-0fa7-43cd-a4fe-99284ad3aaf6?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7ecd712-a7b3-40e2-b982-be8b58e9b8c3": { "id": "e7ecd712-a7b3-40e2-b982-be8b58e9b8c3", "title": "Welcart e-Commerce <= 2.1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7ecd712-a7b3-40e2-b982-be8b58e9b8c3?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7f3e583-a486-4e25-bc40-e437cf5b3ebd": { "id": "e7f3e583-a486-4e25-bc40-e437cf5b3ebd", "title": "Companion Auto Update <= 3.2.0 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Companion Auto Update", "slug": "companion-auto-update", "affected_versions": { "[*, 3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7f3e583-a486-4e25-bc40-e437cf5b3ebd?source=api-scan" ], "published": "2018-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7f86396-2f3f-4cd6-b3d4-e518b074a579": { "id": "e7f86396-2f3f-4cd6-b3d4-e518b074a579", "title": "PixFields <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PixFields", "slug": "pixfields", "affected_versions": { "* - 0.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7f86396-2f3f-4cd6-b3d4-e518b074a579?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7f90a88-6c19-4adf-8282-2d77234fcc11": { "id": "e7f90a88-6c19-4adf-8282-2d77234fcc11", "title": "TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TemplatesNext ToolKit", "slug": "templatesnext-toolkit", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7f90a88-6c19-4adf-8282-2d77234fcc11?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7fb6233-3f58-4237-aaaf-4bc60c5cc8ca": { "id": "e7fb6233-3f58-4237-aaaf-4bc60c5cc8ca", "title": "Erident Custom Login and Dashboard <= 3.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Erident Custom Login and Dashboard", "slug": "erident-custom-login-and-dashboard", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7fb6233-3f58-4237-aaaf-4bc60c5cc8ca?source=api-scan" ], "published": "2015-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7fcda2b-d679-44af-9592-4a96a0115a08": { "id": "e7fcda2b-d679-44af-9592-4a96a0115a08", "title": "Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5.1" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7fcda2b-d679-44af-9592-4a96a0115a08?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e7fe482e-a4e8-411c-97a4-a32ccf5b3682": { "id": "e7fe482e-a4e8-411c-97a4-a32ccf5b3682", "title": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.34": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e7fe482e-a4e8-411c-97a4-a32ccf5b3682?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8021ef2-e1ce-442a-965a-b2628fe48964": { "id": "e8021ef2-e1ce-442a-965a-b2628fe48964", "title": "Curvo Theme (All Known Versions) - Cross-Site Request Forgery and Arbitrary File Upload", "software": [ { "type": "theme", "name": "curvo", "slug": "curvo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8021ef2-e1ce-442a-965a-b2628fe48964?source=api-scan" ], "published": "2013-10-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e806ca3b-daae-48a2-9923-315dbf86a9e5": { "id": "e806ca3b-daae-48a2-9923-315dbf86a9e5", "title": "Innovs HR \u2013 Complete Human Resource Management System for Your Business <= 1.0.3.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Innovs HR \u2013 Complete Human Resource Management System for Your Business", "slug": "innovs-hr-manager", "affected_versions": { "* - 1.0.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e806ca3b-daae-48a2-9923-315dbf86a9e5?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8088547-650f-41b1-bb53-18be38f4aeb2": { "id": "e8088547-650f-41b1-bb53-18be38f4aeb2", "title": "Link Log \u2013 external link click monitor < 2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Smart External Link Click Monitor [Link Log]", "slug": "link-log", "affected_versions": { "[*, 2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8088547-650f-41b1-bb53-18be38f4aeb2?source=api-scan" ], "published": "2015-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e809cd39-7bb0-475f-a2ae-c7bc4bdba63c": { "id": "e809cd39-7bb0-475f-a2ae-c7bc4bdba63c", "title": "WidgetKit <= 2.5.1 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "All-in-One Addons for Elementor \u2013 WidgetKit", "slug": "widgetkit-for-elementor", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e809cd39-7bb0-475f-a2ae-c7bc4bdba63c?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e80a74f7-7983-4d66-a038-3c57c5d94ea1": { "id": "e80a74f7-7983-4d66-a038-3c57c5d94ea1", "title": "Backup Migration <= 1.2.8 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e80a74f7-7983-4d66-a038-3c57c5d94ea1?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e80bb7de-ce18-40d5-bf4c-9616739b2f9d": { "id": "e80bb7de-ce18-40d5-bf4c-9616739b2f9d", "title": "Webmaster Tools <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Webmaster Tools", "slug": "webmaster-tools", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e80bb7de-ce18-40d5-bf4c-9616739b2f9d?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8150619-9710-4dc0-ab62-ffd3e9fa8cd6": { "id": "e8150619-9710-4dc0-ab62-ffd3e9fa8cd6", "title": "TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Directory Traversal", "software": [ { "type": "plugin", "name": "TheCartPress eCommerce Shopping Cart", "slug": "thecartpress", "affected_versions": { "* - 1.5.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8150619-9710-4dc0-ab62-ffd3e9fa8cd6?source=api-scan" ], "published": "2015-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e818a5db-acb7-4b16-80b1-939904e93791": { "id": "e818a5db-acb7-4b16-80b1-939904e93791", "title": "Email posts to subscribers <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email posts to subscribers", "slug": "email-posts-to-subscribers", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e818a5db-acb7-4b16-80b1-939904e93791?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e81c4d77-5459-4f56-b339-8da0877a6663": { "id": "e81c4d77-5459-4f56-b339-8da0877a6663", "title": "Stock Ticker <= 3.23.0 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Stock Ticker", "slug": "stock-ticker", "affected_versions": { "* - 3.23.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.23.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.23.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e81c4d77-5459-4f56-b339-8da0877a6663?source=api-scan" ], "published": "2023-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e820c00d-0456-49e8-aca4-bb981a9cfea1": { "id": "e820c00d-0456-49e8-aca4-bb981a9cfea1", "title": "Image Gallery with Slideshow Plugin <= 1.5.2 - Blind SQL Injection via imgid", "software": [ { "type": "plugin", "name": "Image Gallery with Slideshow Plugin", "slug": "image-gallery-with-slideshow", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e820c00d-0456-49e8-aca4-bb981a9cfea1?source=api-scan" ], "published": "2017-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8270ef0-7c98-4bb1-af83-bdcc2c7867ab": { "id": "e8270ef0-7c98-4bb1-af83-bdcc2c7867ab", "title": "Content Staging <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Staging", "slug": "content-staging", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8270ef0-7c98-4bb1-af83-bdcc2c7867ab?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e82cdfab-8090-4979-81b6-5b860e9ae187": { "id": "e82cdfab-8090-4979-81b6-5b860e9ae187", "title": "Hover Effects \u2013 easily create any hover effect <= 2.1 - Authenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Hover Effects \u2013 easily create any hover effect", "slug": "hover-effects", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e82cdfab-8090-4979-81b6-5b860e9ae187?source=api-scan" ], "published": "2022-05-16 12:18:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e82e7745-4642-43c3-9bce-12384b9d9309": { "id": "e82e7745-4642-43c3-9bce-12384b9d9309", "title": "Multipurpose Ticket Booking Manager <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multipurpose Ticket Booking Manager (Bus\/Train\/Ferry\/Boat\/Shuttle) | WpTicketly", "slug": "bus-booking-manager", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e82e7745-4642-43c3-9bce-12384b9d9309?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e830fe1e-1171-46da-8ee7-0a6654153f18": { "id": "e830fe1e-1171-46da-8ee7-0a6654153f18", "title": "BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal", "software": [ { "type": "plugin", "name": "BackWPup \u2013 WordPress Backup & Restore Plugin", "slug": "backwpup", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e830fe1e-1171-46da-8ee7-0a6654153f18?source=api-scan" ], "published": "2023-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8336c89-44ac-4e41-bc81-7dae9599c050": { "id": "e8336c89-44ac-4e41-bc81-7dae9599c050", "title": "Woo Products Widgets For Elementor <= 2.0.4 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Widgets for WooCommerce Products on Elementor", "slug": "woo-products-widgets-for-elementor", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8336c89-44ac-4e41-bc81-7dae9599c050?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e834a211-ccc8-4a30-a15d-879ba34184e9": { "id": "e834a211-ccc8-4a30-a15d-879ba34184e9", "title": "Copy Anything to Clipboard <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Copy Anything to Clipboard", "slug": "copy-the-code", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e834a211-ccc8-4a30-a15d-879ba34184e9?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e83ad1b7-e7d6-41cd-87de-c98362e31879": { "id": "e83ad1b7-e7d6-41cd-87de-c98362e31879", "title": "Shopp <= 1.4 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Shopp", "slug": "shopp", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e83ad1b7-e7d6-41cd-87de-c98362e31879?source=api-scan" ], "published": "2021-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8469ffc-477a-4ff1-853b-dcefba2b9c4e": { "id": "e8469ffc-477a-4ff1-853b-dcefba2b9c4e", "title": "Rockhoist Ratings < 1.2.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Rockhoist Ratings", "slug": "rockhoist-ratings", "affected_versions": { "[*, 1.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8469ffc-477a-4ff1-853b-dcefba2b9c4e?source=api-scan" ], "published": "2018-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e84b1f01-1c3b-4498-aea9-02ced5f1109e": { "id": "e84b1f01-1c3b-4498-aea9-02ced5f1109e", "title": "Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "[*, 2.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e84b1f01-1c3b-4498-aea9-02ced5f1109e?source=api-scan" ], "published": "2018-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e84b68b6-1ce8-45fb-823f-a61158aa4d21": { "id": "e84b68b6-1ce8-45fb-823f-a61158aa4d21", "title": "Frontend Post Submission Manager Lite \u2013 Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Frontend Post Submission Manager Lite \u2013 Frontend Posting WordPress Plugin", "slug": "frontend-post-submission-manager-lite", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e84b68b6-1ce8-45fb-823f-a61158aa4d21?source=api-scan" ], "published": "2024-09-05 18:13:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e84d3e22-8568-4bdb-be9b-ffe78c69ec24": { "id": "e84d3e22-8568-4bdb-be9b-ffe78c69ec24", "title": "WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save", "software": [ { "type": "plugin", "name": "WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTravelly", "slug": "tour-booking-manager", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e84d3e22-8568-4bdb-be9b-ffe78c69ec24?source=api-scan" ], "published": "2024-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e84d50e1-65fe-4323-981f-e2ae6da0ddab": { "id": "e84d50e1-65fe-4323-981f-e2ae6da0ddab", "title": "CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "CRM Perks Forms \u2013 WordPress Form Builder", "slug": "crm-perks-forms", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e84d50e1-65fe-4323-981f-e2ae6da0ddab?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e84e7d6e-9ec9-49f9-90e3-19ac499264ef": { "id": "e84e7d6e-9ec9-49f9-90e3-19ac499264ef", "title": "MailPress <= 7.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MailPress", "slug": "mailpress", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e84e7d6e-9ec9-49f9-90e3-19ac499264ef?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e84ee2b5-96b5-427c-ac66-7f80418ae02f": { "id": "e84ee2b5-96b5-427c-ac66-7f80418ae02f", "title": "Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quantity Dynamic Pricing & Bulk Discounts for WooCommerce", "slug": "wholesale-pricing-woocommerce", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e84ee2b5-96b5-427c-ac66-7f80418ae02f?source=api-scan" ], "published": "2024-10-03 14:03:11", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e850aca1-72b3-4436-bc35-2d52c439a7b5": { "id": "e850aca1-72b3-4436-bc35-2d52c439a7b5", "title": "DiveBook <= 1.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DiveBook", "slug": "divebook", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e850aca1-72b3-4436-bc35-2d52c439a7b5?source=api-scan" ], "published": "2020-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8574ff9-847c-4337-8c0e-2a717b51f66c": { "id": "e8574ff9-847c-4337-8c0e-2a717b51f66c", "title": "Adifier System < 3.1.4 - Unauthenticated Local File Inclusion", "software": [ { "type": "theme", "name": "Adifier - Classified Ads WordPress Theme", "slug": "adifier-system", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8574ff9-847c-4337-8c0e-2a717b51f66c?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8596412-53d5-45ed-998a-49799bd269d0": { "id": "e8596412-53d5-45ed-998a-49799bd269d0", "title": "Image Regenerate & Select Crop <= 7.1.0 - Cross-Site Request Forgery on multiple AJAX actions", "software": [ { "type": "plugin", "name": "Image Regenerate & Select Crop", "slug": "image-regenerate-select-crop", "affected_versions": { "[*, 7.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8596412-53d5-45ed-998a-49799bd269d0?source=api-scan" ], "published": "2023-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e85df0dc-d3da-4503-9249-939bb36f18ab": { "id": "e85df0dc-d3da-4503-9249-939bb36f18ab", "title": "Coming Soon & Maintenance Mode by Colorlib <= 1.0.98 - Administrator+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coming Soon & Maintenance Mode by Colorlib", "slug": "colorlib-coming-soon-maintenance", "affected_versions": { "* - 1.0.98": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.98", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.99" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e85df0dc-d3da-4503-9249-939bb36f18ab?source=api-scan" ], "published": "2022-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e85ee611-ae81-4736-b4f0-b9d06714da18": { "id": "e85ee611-ae81-4736-b4f0-b9d06714da18", "title": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e85ee611-ae81-4736-b4f0-b9d06714da18?source=api-scan" ], "published": "2024-09-09 19:04:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e85efdc1-cffc-411a-a2f7-6fa1132e2910": { "id": "e85efdc1-cffc-411a-a2f7-6fa1132e2910", "title": "Church Admin <= 3.7.29 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 3.7.29": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e85efdc1-cffc-411a-a2f7-6fa1132e2910?source=api-scan" ], "published": "2023-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e85f11e5-309b-40a6-b9fa-5416015ea21d": { "id": "e85f11e5-309b-40a6-b9fa-5416015ea21d", "title": "AMP for WP <= 1.0.96.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 1.0.96.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.96.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.97" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e85f11e5-309b-40a6-b9fa-5416015ea21d?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e86152a6-cd8d-4466-bcc5-830413500e12": { "id": "e86152a6-cd8d-4466-bcc5-830413500e12", "title": "Feed Them Social <= 4.2.0 - Cross-Site Request Forgery via review_nag_check", "software": [ { "type": "plugin", "name": "Feed Them Social \u2013 Social Media Feeds, Video, and Photo Galleries", "slug": "feed-them-social", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e86152a6-cd8d-4466-bcc5-830413500e12?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e865324e-a2a2-40fb-8c6a-a89317b59c8c": { "id": "e865324e-a2a2-40fb-8c6a-a89317b59c8c", "title": "Booking Calendar <= 6.2 - Cross-Site Request Forgery to SQL Injection", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "[*, 6.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e865324e-a2a2-40fb-8c6a-a89317b59c8c?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e86581bd-94c3-4b05-9590-ca3b62073703": { "id": "e86581bd-94c3-4b05-9590-ca3b62073703", "title": "WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-ViperGB", "slug": "wp-vipergb", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e86581bd-94c3-4b05-9590-ca3b62073703?source=api-scan" ], "published": "2024-05-23 14:23:40", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8687bf7-4172-4cc3-bd6e-830fc5fc28e9": { "id": "e8687bf7-4172-4cc3-bd6e-830fc5fc28e9", "title": "WordPress Core < 1.2.1 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8687bf7-4172-4cc3-bd6e-830fc5fc28e9?source=api-scan" ], "published": "2004-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e869800a-6fbc-4a1a-97fd-92ecbf3305ff": { "id": "e869800a-6fbc-4a1a-97fd-92ecbf3305ff", "title": "Appsero <= 1.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PT Addons for Elementor Lite", "slug": "pt-elementor-addons-lite", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Subscribe2 \u2013 Form, Email Subscribers & Newsletters", "slug": "subscribe2", "affected_versions": { "* - 10.37": { "from_version": "*", "from_inclusive": true, "to_version": "10.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.38" ] }, { "type": "plugin", "name": "wePOS \u2013 Point Of Sale (POS) for WooCommerce", "slug": "wepos", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] }, { "type": "plugin", "name": "Easy Video Reviews \u2013 Video Testimonial Plugin for WordPress & WooCommerce with Texts Reviews, Review Widget, Testimonial Grid & Social Proof", "slug": "easy-video-reviews", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Worth The Read", "slug": "worth-the-read", "affected_versions": { "* - 1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.1" ] }, { "type": "plugin", "name": "Woostify Sites Library", "slug": "woostify-sites-library", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "plugin", "name": "Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration \u2013 FlexTable", "slug": "sheets-to-wp-table-live-sync", "affected_versions": { "* - 2.12.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.15" ] }, { "type": "plugin", "name": "Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget", "slug": "post-grid-carousel-ultimate", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] }, { "type": "plugin", "name": "Wp Edit Password Protected \u2013 Create Member\/User Only Page & Design Password Protected Form", "slug": "wp-edit-password-protected", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Product Carousel Slider & Grid Ultimate for WooCommerce", "slug": "woo-product-carousel-slider-and-grid-ultimate", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] }, { "type": "plugin", "name": "Product Gallery Slider, Additional Variation Images for WooCommerce", "slug": "woo-product-gallery-slider", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] }, { "type": "plugin", "name": "WP Markdown Editor (Formerly Dark Mode)", "slug": "dark-mode", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] }, { "type": "plugin", "name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts", "slug": "wedevs-project-manager", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Dashboard Welcome for Elementor", "slug": "dashboard-welcome-for-elementor", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] }, { "type": "plugin", "name": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing", "slug": "wp-dark-mode", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] }, { "type": "plugin", "name": "Fuse Social Floating Sidebar", "slug": "fuse-social-floating-sidebar", "affected_versions": { "* - 5.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.7" ] }, { "type": "plugin", "name": "Stylish Cost Calculator \u2013 Quote Generator, Lead Gen & Price Estimator", "slug": "stylish-cost-calculator", "affected_versions": { "* - 7.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.7" ] }, { "type": "plugin", "name": "Slider, Gallery, and Carousel by MetaSlider \u2013 Image Sliders, Video Sliders", "slug": "ml-slider", "affected_versions": { "* - 3.28.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.28.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.28.1" ] }, { "type": "plugin", "name": "Product Category Slider for WooCommerce", "slug": "woo-category-slider-by-pluginever", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] }, { "type": "plugin", "name": "Webinar and Video Conference with Jitsi Meet \u2013 Create Branded Webinars for WordPress, Meetings & Livestreaming", "slug": "webinar-and-video-conference-with-jitsi-meet", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "W4 Post List", "slug": "w4-post-list", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] }, { "type": "plugin", "name": "weMail \u2013 Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A\/B Testing, and Automation", "slug": "wemail", "affected_versions": { "* - 1.14.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.2" ] }, { "type": "plugin", "name": "BuddyPress Builder for Elementor \u2013 BuddyBuilder", "slug": "stax-buddy-builder", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] }, { "type": "plugin", "name": "Legal Pages \u2013 Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator", "slug": "legal-pages", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] }, { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.6" ] }, { "type": "plugin", "name": "WooCommerce Conversion Tracking", "slug": "woocommerce-conversion-tracking", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] }, { "type": "plugin", "name": "A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials", "slug": "gs-testimonial", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] }, { "type": "plugin", "name": "Increase Maximum Upload File Size | Increase Execution Time", "slug": "wp-maximum-upload-file-size", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] }, { "type": "plugin", "name": "weDocs \u2013 Knowledgebase, Documentation, and Wiki Plugin for WP", "slug": "wedocs", "affected_versions": { "1.6 - 1.7.5": { "from_version": "1.6", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] }, { "type": "plugin", "name": "Bangladeshi Payment Gateways \u2013 Make Payment Using QR Code", "slug": "bangladeshi-payment-gateways", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] }, { "type": "plugin", "name": "Texty \u2013 SMS Notification for WordPress, WooCommerce, Dokan and more", "slug": "texty", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] }, { "type": "plugin", "name": "Visibility Logic for Elementor", "slug": "visibility-logic-elementor", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] }, { "type": "plugin", "name": "Challan \u2013 PDF Invoice & Packing Slip for WooCommerce", "slug": "webappick-pdf-invoice-for-woocommerce", "affected_versions": { "* - 3.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.9" ] }, { "type": "plugin", "name": "Darklup \u2013 Enhanced WordPress Dark Mode, Dark Theme, Night Mode Plugin", "slug": "darklup-lite-wp-dark-mode", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] }, { "type": "plugin", "name": "Exclusive Team for Elementor", "slug": "exclusive-team-for-elementor", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Click to top", "slug": "click-to-top", "affected_versions": { "* - 1.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.20" ] }, { "type": "plugin", "name": "Update Image Tag Alt Attribute", "slug": "update-alt-attribute", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Magical Posts Display \u2013 Elementor Advanced Posts widgets", "slug": "magical-posts-display", "affected_versions": { "* - 1.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.16" ] }, { "type": "plugin", "name": "WordPress Pinterest Plugin \u2013 Make a Popup, User Profile, Masonry and Gallery Layout", "slug": "gs-pinterest-portfolio", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] }, { "type": "plugin", "name": "WP Mail Logging", "slug": "wp-mail-logging", "affected_versions": { "* - 1.10.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.0" ] }, { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.2" ] }, { "type": "plugin", "name": "Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission \u2013 WP User Frontend", "slug": "wp-user-frontend", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] }, { "type": "plugin", "name": "Zero BS Accounting", "slug": "zero-bs-accounting", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] }, { "type": "plugin", "name": "Boostify Header Footer Builder for Elementor", "slug": "boostify-header-footer-builder", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] }, { "type": "plugin", "name": "Elementor Addons, Widgets and Enhancements \u2013 Stax", "slug": "stax-addons-for-elementor", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] }, { "type": "plugin", "name": "WP CTA \u2013 Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin", "slug": "easy-sticky-sidebar", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] }, { "type": "plugin", "name": "Gallery Box", "slug": "gallery-box", "affected_versions": { "* - 1.7.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.31" ] }, { "type": "plugin", "name": "Unlimited Elementor Inner Sections By BoomDevs", "slug": "unlimited-elementor-inner-sections-by-boomdevs", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] }, { "type": "plugin", "name": "Wiremo \u2013 Product Reviews for WooCommerce", "slug": "woo-reviews-by-wiremo", "affected_versions": { "* - 1.4.96": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.96", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.97" ] }, { "type": "plugin", "name": "Cart Lift \u2013 Abandoned Cart Recovery for WooCommerce and EDD", "slug": "cart-lift", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] }, { "type": "plugin", "name": "Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels", "slug": "wpfunnels", "affected_versions": { "2.6.4": { "from_version": "2.6.4", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] }, { "type": "plugin", "name": "Product Category Showcase for WooCommerce", "slug": "wc-category-showcase", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan" ], "published": "2022-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e86ab1ea-5b3c-4a14-9de1-3bae14f587c5": { "id": "e86ab1ea-5b3c-4a14-9de1-3bae14f587c5", "title": "Social Media Flying Icons | Floating Social Media Icon <= 4.3.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Media Flying Icons | Floating Social Media Icon", "slug": "floating-social-media-icon", "affected_versions": { "* - 4.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e86ab1ea-5b3c-4a14-9de1-3bae14f587c5?source=api-scan" ], "published": "2021-10-27 08:17:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e86c080d-202c-4c41-b9cc-c35249aabba5": { "id": "e86c080d-202c-4c41-b9cc-c35249aabba5", "title": "WordPress Infinite Scroll \u2013 Ajax Load More <= 7.1.1 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Infinite Scroll \u2013 Ajax Load More", "slug": "ajax-load-more", "affected_versions": { "* - 7.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e86c080d-202c-4c41-b9cc-c35249aabba5?source=api-scan" ], "published": "2024-05-31 14:21:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8786f44-09b9-4281-b615-5df4b494a083": { "id": "e8786f44-09b9-4281-b615-5df4b494a083", "title": "WP EasyPay <= 4.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP EasyPay \u2013 Square for WordPress", "slug": "wp-easy-pay", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8786f44-09b9-4281-b615-5df4b494a083?source=api-scan" ], "published": "2023-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e87d7ca0-6fa3-4ca3-b308-d47e1e2e6566": { "id": "e87d7ca0-6fa3-4ca3-b308-d47e1e2e6566", "title": "Eptonic <= 1.4 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Eptonic", "slug": "eptonic", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e87d7ca0-6fa3-4ca3-b308-d47e1e2e6566?source=api-scan" ], "published": "2013-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e87ea6b5-4288-4ebb-8a29-e0a179e6b584": { "id": "e87ea6b5-4288-4ebb-8a29-e0a179e6b584", "title": "Animated Number Counters <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Animated Number Counters", "slug": "animated-number-counters", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e87ea6b5-4288-4ebb-8a29-e0a179e6b584?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e87fe70d-5ac3-40ee-a8d0-601d7b417562": { "id": "e87fe70d-5ac3-40ee-a8d0-601d7b417562", "title": "FreshMail For WordPress <= 2.3.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FreshMail For WordPress", "slug": "freshmail-integration", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e87fe70d-5ac3-40ee-a8d0-601d7b417562?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e881ba2f-0e88-4c7b-aa0d-84e816019db9": { "id": "e881ba2f-0e88-4c7b-aa0d-84e816019db9", "title": "Product Catalog Mode For Woocommerce <= 5.0.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "CatalogX \u2013 Product Catalog Mode For WooCommerce", "slug": "woocommerce-catalog-enquiry", "affected_versions": { "[*, 5.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e881ba2f-0e88-4c7b-aa0d-84e816019db9?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8845d56-2e8a-472a-bc32-e26b388ce58d": { "id": "e8845d56-2e8a-472a-bc32-e26b388ce58d", "title": "Persian WooCommerce SMS <= 7.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS", "slug": "persian-woocommerce-sms", "affected_versions": { "* - 7.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8845d56-2e8a-472a-bc32-e26b388ce58d?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e884af8b-c83f-4380-bfaf-f1419fce125c": { "id": "e884af8b-c83f-4380-bfaf-f1419fce125c", "title": "WPIDE <= 3.4.9 - Unauthenticated Full Path Dislcosure", "software": [ { "type": "plugin", "name": "WPIDE \u2013 File Manager & Code Editor", "slug": "wpide", "affected_versions": { "* - 3.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e884af8b-c83f-4380-bfaf-f1419fce125c?source=api-scan" ], "published": "2024-10-14 10:52:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e88a45e5-f882-419e-b0b0-612912666693": { "id": "e88a45e5-f882-419e-b0b0-612912666693", "title": "WordPress Toolbar Plugin <= 2.2.6 - Open Redirect via wptbto", "software": [ { "type": "plugin", "name": "WordPress Toolbar", "slug": "wordpress-toolbar", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e88a45e5-f882-419e-b0b0-612912666693?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e88afde4-6920-4086-940e-34b4a4ee30c5": { "id": "e88afde4-6920-4086-940e-34b4a4ee30c5", "title": "WordPress InviteBox Plugin <= 1.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress InviteBox Plugin", "slug": "refer-a-friend-widget-for-wp", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e88afde4-6920-4086-940e-34b4a4ee30c5?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e88bb3a8-de24-46fb-a3e4-9ca3fdd4cca7": { "id": "e88bb3a8-de24-46fb-a3e4-9ca3fdd4cca7", "title": "video carousel slider with lightbox <= 1.0.22 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "video carousel slider with lightbox", "slug": "wp-responsive-video-gallery-with-lightbox", "affected_versions": { "* - 1.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e88bb3a8-de24-46fb-a3e4-9ca3fdd4cca7?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e89b40ec-1952-46e3-a91b-bd38e62f8929": { "id": "e89b40ec-1952-46e3-a91b-bd38e62f8929", "title": "Image Optimizer, Resizer and CDN \u2013 Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Image Optimizer, Resizer and CDN \u2013 Sirv", "slug": "sirv", "affected_versions": { "* - 7.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e89b40ec-1952-46e3-a91b-bd38e62f8929?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e89d912d-fa7a-4fb1-8872-95fa861c21ca": { "id": "e89d912d-fa7a-4fb1-8872-95fa861c21ca", "title": "WP User Switch <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie", "software": [ { "type": "plugin", "name": "WP User Switch", "slug": "wp-user-switch", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=api-scan" ], "published": "2023-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8a0c18b-9caf-4667-b0f2-6477a1638347": { "id": "e8a0c18b-9caf-4667-b0f2-6477a1638347", "title": "WooCommerce Dropshipping <= 5.0.4 - Missing Authorization to Unauthenticated Arbitrary Email Send", "software": [ { "type": "plugin", "name": "WooCommerce Dropshipping Premium", "slug": "woocommerce-dropshipping", "affected_versions": { "* - 5.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8a0c18b-9caf-4667-b0f2-6477a1638347?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8a4c656-8df8-44ce-884f-dd502d17f594": { "id": "e8a4c656-8df8-44ce-884f-dd502d17f594", "title": "Easy Affiliate Links <= 3.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Reset", "software": [ { "type": "plugin", "name": "Easy Affiliate Links", "slug": "easy-affiliate-links", "affected_versions": { "* - 3.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8a4c656-8df8-44ce-884f-dd502d17f594?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8a69fa8-c2a8-4d63-8db4-823122632b3a": { "id": "e8a69fa8-c2a8-4d63-8db4-823122632b3a", "title": "CP Blocks <= 1.0.14 - Authenticated Stored Cross-Site Scripting via License ID settings", "software": [ { "type": "plugin", "name": "CP Blocks", "slug": "cp-blocks", "affected_versions": { "[*, 1.0.15)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8a69fa8-c2a8-4d63-8db4-823122632b3a?source=api-scan" ], "published": "2022-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8a6e9b7-5e74-4a45-9e6e-5781bf2a4a07": { "id": "e8a6e9b7-5e74-4a45-9e6e-5781bf2a4a07", "title": "Slide Anything \u2013 Responsive Content \/ HTML Slider and Carousel <= 2.3.43 - Editor+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slide Anything \u2013 Responsive Content \/ HTML Slider and Carousel", "slug": "slide-anything", "affected_versions": { "[*, 2.3.44)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.44", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8a6e9b7-5e74-4a45-9e6e-5781bf2a4a07?source=api-scan" ], "published": "2022-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8a78f06-1af2-462e-b328-0e9e603ad904": { "id": "e8a78f06-1af2-462e-b328-0e9e603ad904", "title": "Real Cookie Banner <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Real Cookie Banner: GDPR & ePrivacy Cookie Consent", "slug": "real-cookie-banner", "affected_versions": { "* - 3.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8a78f06-1af2-462e-b328-0e9e603ad904?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8a7c04a-1fa0-434d-8161-7a32cefb44c4": { "id": "e8a7c04a-1fa0-434d-8161-7a32cefb44c4", "title": "Tutor LMS <= 2.6.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=api-scan" ], "published": "2024-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8a7d3b1-ceb7-4ff9-84e4-bc58a597b2cf": { "id": "e8a7d3b1-ceb7-4ff9-84e4-bc58a597b2cf", "title": "BackWPup \u2013 WordPress Backup Plugin < 1.4.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "BackWPup \u2013 WordPress Backup & Restore Plugin", "slug": "backwpup", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8a7d3b1-ceb7-4ff9-84e4-bc58a597b2cf?source=api-scan" ], "published": "2011-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8a864ff-2c0e-40c3-8c4e-dc034d8838b9": { "id": "e8a864ff-2c0e-40c3-8c4e-dc034d8838b9", "title": "Relevanssi \u2013 A Better Search < 3.3.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Relevanssi \u2013 A Better Search", "slug": "relevanssi", "affected_versions": { "[*, 3.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8a864ff-2c0e-40c3-8c4e-dc034d8838b9?source=api-scan" ], "published": "2015-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8ac3187-b065-434e-9051-d13330dd3da5": { "id": "e8ac3187-b065-434e-9051-d13330dd3da5", "title": "Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Duplicate Page and Post", "slug": "duplicate-wp-page-post", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8ac3187-b065-434e-9051-d13330dd3da5?source=api-scan" ], "published": "2022-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8b03deb-4134-4dde-8545-a14977a47209": { "id": "e8b03deb-4134-4dde-8545-a14977a47209", "title": "WordPress Social Login <= 3.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Social Login", "slug": "wordpress-social-login", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8b03deb-4134-4dde-8545-a14977a47209?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8b47cc6-437b-45c9-b263-ee43c7ec7d14": { "id": "e8b47cc6-437b-45c9-b263-ee43c7ec7d14", "title": "Contact Form Plugin <= 3.81 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "* - 3.81": { "from_version": "*", "from_inclusive": true, "to_version": "3.81", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.82" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8b47cc6-437b-45c9-b263-ee43c7ec7d14?source=api-scan" ], "published": "2014-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b": { "id": "e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b", "title": "Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nooz", "slug": "nooz", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8b62157-8c32-462f-aba7-dab137f98f32": { "id": "e8b62157-8c32-462f-aba7-dab137f98f32", "title": "Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8b62157-8c32-462f-aba7-dab137f98f32?source=api-scan" ], "published": "2018-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8bc24df-4d95-44b7-a58c-00a1b24f91e9": { "id": "e8bc24df-4d95-44b7-a58c-00a1b24f91e9", "title": "LH Add Media From Url <= 1.22 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "LH Add Media From Url", "slug": "lh-add-media-from-url", "affected_versions": { "* - 1.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8bc24df-4d95-44b7-a58c-00a1b24f91e9?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8bed9c0-dae3-405e-a946-5f28a3c30851": { "id": "e8bed9c0-dae3-405e-a946-5f28a3c30851", "title": "UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8c01984-e8ba-4671-b63c-46ea245e7efa": { "id": "e8c01984-e8ba-4671-b63c-46ea245e7efa", "title": "Podlove Podcast Publisher <= 3.5.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Podlove Podcast Publisher", "slug": "podlove-podcasting-plugin-for-wordpress", "affected_versions": { "[*, 3.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8c01984-e8ba-4671-b63c-46ea245e7efa?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8c16dd9-0c04-42b9-a2d3-28b442cecdb3": { "id": "e8c16dd9-0c04-42b9-a2d3-28b442cecdb3", "title": "WP SVG Icons <= 3.2.2 - Cross-Site Request Forgery to Remote Code Execution", "software": [ { "type": "plugin", "name": "WP SVG Icons", "slug": "svg-vector-icon-plugin", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8c16dd9-0c04-42b9-a2d3-28b442cecdb3?source=api-scan" ], "published": "2019-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8c74105-3f0c-4322-96f3-e6bf4760cc2f": { "id": "e8c74105-3f0c-4322-96f3-e6bf4760cc2f", "title": "Blaze Theme (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blaze", "slug": "blaze", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8c74105-3f0c-4322-96f3-e6bf4760cc2f?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8d042be-e272-4e2d-93ec-83a0a42ecd51": { "id": "e8d042be-e272-4e2d-93ec-83a0a42ecd51", "title": "SendPress Newsletters < 1.20.7.13 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SendPress Newsletters", "slug": "sendpress", "affected_versions": { "[*, 1.20.7.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.7.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20.7.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8d042be-e272-4e2d-93ec-83a0a42ecd51?source=api-scan" ], "published": "2020-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8d1c4ab-1207-4414-9351-3ef2a3cd131b": { "id": "e8d1c4ab-1207-4414-9351-3ef2a3cd131b", "title": "WP-PostRatings <= 1.86 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-PostRatings", "slug": "wp-postratings", "affected_versions": { "* - 1.86": { "from_version": "*", "from_inclusive": true, "to_version": "1.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.86.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8d1c4ab-1207-4414-9351-3ef2a3cd131b?source=api-scan" ], "published": "2020-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8d41006-ab36-4eed-8c17-2937ca7aff1b": { "id": "e8d41006-ab36-4eed-8c17-2937ca7aff1b", "title": "Simple Yearly Archive <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Yearly Archive", "slug": "simple-yearly-archive", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8d41006-ab36-4eed-8c17-2937ca7aff1b?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8d75eb6-2a9f-4c33-9e15-db7db037b67e": { "id": "e8d75eb6-2a9f-4c33-9e15-db7db037b67e", "title": "Health Check & Troubleshooting <= 1.5.1 - Cross-Site Request Forgery via health_check_troubleshoot_get_captures", "software": [ { "type": "plugin", "name": "Health Check & Troubleshooting", "slug": "health-check", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8d75eb6-2a9f-4c33-9e15-db7db037b67e?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8d7ace3-af34-4951-810b-87923ef2ec30": { "id": "e8d7ace3-af34-4951-810b-87923ef2ec30", "title": "Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links", "software": [ { "type": "plugin", "name": "Better Elementor Addons", "slug": "better-elementor-addons", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8d7ace3-af34-4951-810b-87923ef2ec30?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8db52ce-fbc3-4fe1-b9b4-cb2ce7d88a67": { "id": "e8db52ce-fbc3-4fe1-b9b4-cb2ce7d88a67", "title": "Maspik \u2013 Spam blacklist <= 0.9.2 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log", "software": [ { "type": "plugin", "name": "Maspik \u2013 Advanced Spam Protection", "slug": "contact-forms-anti-spam", "affected_versions": { "* - 0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8db52ce-fbc3-4fe1-b9b4-cb2ce7d88a67?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8efc5cf-3497-4426-a8a5-740783a7c2c9": { "id": "e8efc5cf-3497-4426-a8a5-740783a7c2c9", "title": "Acumbamail < 1.0.4.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Acumbamail", "slug": "acumbamail-signup-forms", "affected_versions": { "[*, 1.0.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8efc5cf-3497-4426-a8a5-740783a7c2c9?source=api-scan" ], "published": "2014-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8f20aae-37e2-44f6-ac2d-692a87bf5728": { "id": "e8f20aae-37e2-44f6-ac2d-692a87bf5728", "title": "Memphis Documents Library <= 2.6.16 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Memphis Documents Library", "slug": "memphis-documents-library", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8f20aae-37e2-44f6-ac2d-692a87bf5728?source=api-scan" ], "published": "2014-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8f73f1e-8f0a-4c4c-aca2-c9ae9bc4f63d": { "id": "e8f73f1e-8f0a-4c4c-aca2-c9ae9bc4f63d", "title": "Repute ARForms <= 3.5.1 - Unauthenticated Arbitrary File Deletion via Path Traversal", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "[*, 3.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8f73f1e-8f0a-4c4c-aca2-c9ae9bc4f63d?source=api-scan" ], "published": "2018-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8fa1f97-72f6-4e84-bee4-0d3f7e16eb96": { "id": "e8fa1f97-72f6-4e84-bee4-0d3f7e16eb96", "title": "Uploadify Integration <= 0.9.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Uploadify Integration", "slug": "uploadify-integration", "affected_versions": { "* - 0.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8fa1f97-72f6-4e84-bee4-0d3f7e16eb96?source=api-scan" ], "published": "2012-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8fcc105-0b37-47a7-a726-fee33b86790e": { "id": "e8fcc105-0b37-47a7-a726-fee33b86790e", "title": "WordPress Core <= 2.0.9 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8fcc105-0b37-47a7-a726-fee33b86790e?source=api-scan" ], "published": "2007-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8fe4aa7-13e6-48ec-afec-2888edd999f5": { "id": "e8fe4aa7-13e6-48ec-afec-2888edd999f5", "title": "WP Fastest Cache <= 0.8.5.9 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8fe4aa7-13e6-48ec-afec-2888edd999f5?source=api-scan" ], "published": "2016-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e8ffdd43-b353-4296-bcb6-978751aae1b6": { "id": "e8ffdd43-b353-4296-bcb6-978751aae1b6", "title": "EventPrime < 3.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "[*, 3.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e8ffdd43-b353-4296-bcb6-978751aae1b6?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9012824-7221-4b93-a5fb-65caf7994e92": { "id": "e9012824-7221-4b93-a5fb-65caf7994e92", "title": "WordPress Popular Posts <= 5.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Popular Posts", "slug": "wordpress-popular-posts", "affected_versions": { "* - 5.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9012824-7221-4b93-a5fb-65caf7994e92?source=api-scan" ], "published": "2021-07-04 20:59:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e904a619-4388-4c83-af7b-9642cb0b97c0": { "id": "e904a619-4388-4c83-af7b-9642cb0b97c0", "title": "WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "WooCommerce Customers Manager", "slug": "woocommerce-customers-manager", "affected_versions": { "* - 29.7": { "from_version": "*", "from_inclusive": true, "to_version": "29.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "29.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e904a619-4388-4c83-af7b-9642cb0b97c0?source=api-scan" ], "published": "2024-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e90f04e4-eb4c-4822-89c6-79f553987c37": { "id": "e90f04e4-eb4c-4822-89c6-79f553987c37", "title": "Email Encoder <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers", "slug": "email-encoder-bundle", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e90f04e4-eb4c-4822-89c6-79f553987c37?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9160c10-8e10-44b2-b08a-612856869689": { "id": "e9160c10-8e10-44b2-b08a-612856869689", "title": "PlugNedit Adaptive Editor < 6.2.0 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "plugnedit", "slug": "plugnedit", "affected_versions": { "[*, 6.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9160c10-8e10-44b2-b08a-612856869689?source=api-scan" ], "published": "2015-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9171908-5b6e-44f3-ab93-899932be527f": { "id": "e9171908-5b6e-44f3-ab93-899932be527f", "title": "Zoho CRM Lead Magnet <= 1.6.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zoho CRM Lead Magnet", "slug": "zoho-crm-forms", "affected_versions": { "[*, 1.6.9.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9171908-5b6e-44f3-ab93-899932be527f?source=api-scan" ], "published": "2019-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9178920-d865-45d3-bfdf-b8ad207d4546": { "id": "e9178920-d865-45d3-bfdf-b8ad207d4546", "title": "FeedWordPress < 2015.0426 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FeedWordPress", "slug": "feedwordpress", "affected_versions": { "* - 2014.0805": { "from_version": "*", "from_inclusive": true, "to_version": "2014.0805", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2015.0426" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9178920-d865-45d3-bfdf-b8ad207d4546?source=api-scan" ], "published": "2015-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e91c0935-4213-4376-86ec-7ff78808fb9e": { "id": "e91c0935-4213-4376-86ec-7ff78808fb9e", "title": "Loginizer <= 1.3.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Loginizer", "slug": "loginizer", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e91c0935-4213-4376-86ec-7ff78808fb9e?source=api-scan" ], "published": "2017-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e91e6101-bd30-4cf1-9a39-23218c3bff6f": { "id": "e91e6101-bd30-4cf1-9a39-23218c3bff6f", "title": "Newsletter <= 6.5.3 - CSV Injection", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 6.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e91e6101-bd30-4cf1-9a39-23218c3bff6f?source=api-scan" ], "published": "2020-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e91e864a-20f6-48a2-ab9f-d20836207383": { "id": "e91e864a-20f6-48a2-ab9f-d20836207383", "title": "LearnPress <= 4.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e91e864a-20f6-48a2-ab9f-d20836207383?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e920caeb-5ee6-4428-9b53-edee316ee39f": { "id": "e920caeb-5ee6-4428-9b53-edee316ee39f", "title": "Photoracer Plugin <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "Photoracer Plugin", "slug": "photoracer", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e920caeb-5ee6-4428-9b53-edee316ee39f?source=api-scan" ], "published": "2009-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9222c74-7f4f-4d20-8c1e-03be125709ff": { "id": "e9222c74-7f4f-4d20-8c1e-03be125709ff", "title": "VDZ Google Analytics or Google Tag Manager < 1.4.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VDZ Google Analytics or Google Tag Manager \/ GTM", "slug": "vdz-google-analytics", "affected_versions": { "[*, 1.4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9222c74-7f4f-4d20-8c1e-03be125709ff?source=api-scan" ], "published": "2021-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9224b37-d6ce-4847-afb0-9a42c9fa665c": { "id": "e9224b37-d6ce-4847-afb0-9a42c9fa665c", "title": "Blogstand Banner <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Blogstand Banner", "slug": "blogstand-smart-banner", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9224b37-d6ce-4847-afb0-9a42c9fa665c?source=api-scan" ], "published": "2014-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e92a0387-bd09-46d3-9f6c-09f701b9e550": { "id": "e92a0387-bd09-46d3-9f6c-09f701b9e550", "title": "Breakdance <= 1.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta", "software": [ { "type": "plugin", "name": "Breakdance", "slug": "breakdance", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e92a0387-bd09-46d3-9f6c-09f701b9e550?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e92c6374-d11d-458c-b089-0ee79c33e4a6": { "id": "e92c6374-d11d-458c-b089-0ee79c33e4a6", "title": "Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Copify", "slug": "copify", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e92c6374-d11d-458c-b089-0ee79c33e4a6?source=api-scan" ], "published": "2022-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e92cc6a3-062c-4f0e-9539-07d0fa0e9404": { "id": "e92cc6a3-062c-4f0e-9539-07d0fa0e9404", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.4.36 - SQL Injection", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "[*, 1.4.36)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.36", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e92cc6a3-062c-4f0e-9539-07d0fa0e9404?source=api-scan" ], "published": "2015-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e92ce899-556f-4a17-8902-1919d485ee15": { "id": "e92ce899-556f-4a17-8902-1919d485ee15", "title": "JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e92ce899-556f-4a17-8902-1919d485ee15?source=api-scan" ], "published": "2022-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e92f35dc-7e19-464a-bb8a-40a662e2270a": { "id": "e92f35dc-7e19-464a-bb8a-40a662e2270a", "title": "WP eCommerce <= 3.8.14.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "* - 3.8.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.14.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.14.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e92f35dc-7e19-464a-bb8a-40a662e2270a?source=api-scan" ], "published": "2014-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9303719-3d48-4a55-ac19-0c603801d458": { "id": "e9303719-3d48-4a55-ac19-0c603801d458", "title": "Dropshipping and affiliates for Amazon and woocommerce <= 1.4.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Dropshipping and affiliates for Amazon and woocommerce", "slug": "wooshark-woocommerce-dropshipping", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9303719-3d48-4a55-ac19-0c603801d458?source=api-scan" ], "published": "2022-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9346103-9773-4cda-9b32-d3ce2076e8fb": { "id": "e9346103-9773-4cda-9b32-d3ce2076e8fb", "title": "Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Floating Content Lite", "slug": "advanced-floating-content-lite", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9346103-9773-4cda-9b32-d3ce2076e8fb?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e93632e3-7321-48ee-828a-c539e16f07b2": { "id": "e93632e3-7321-48ee-828a-c539e16f07b2", "title": "File Manager <= 3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e93632e3-7321-48ee-828a-c539e16f07b2?source=api-scan" ], "published": "2018-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9388404-40b9-4d2c-b009-0417ff48e74c": { "id": "e9388404-40b9-4d2c-b009-0417ff48e74c", "title": "Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP", "software": [ { "type": "plugin", "name": "Perfect Survey", "slug": "perfect-survey", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9388404-40b9-4d2c-b009-0417ff48e74c?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e93ad115-1a0b-4d33-b89f-13e39508c9b0": { "id": "e93ad115-1a0b-4d33-b89f-13e39508c9b0", "title": "Careerfy <= 7.0 - Cross-Site Request Forgery and Missing Authorization", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "* - 7.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e93ad115-1a0b-4d33-b89f-13e39508c9b0?source=api-scan" ], "published": "2021-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e93ccf9d-cd8b-4399-8d2d-c844a23d66c8": { "id": "e93ccf9d-cd8b-4399-8d2d-c844a23d66c8", "title": "Event Manager and Tickets Selling for WooCommerce < 3.5.8 - SQL Injection", "software": [ { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "[*, 3.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e93ccf9d-cd8b-4399-8d2d-c844a23d66c8?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e947abb8-be40-4090-80a6-5255692ef693": { "id": "e947abb8-be40-4090-80a6-5255692ef693", "title": "BuddyStream <= 3.6.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyStream", "slug": "buddystream", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e947abb8-be40-4090-80a6-5255692ef693?source=api-scan" ], "published": "2012-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9481bd2-a8fa-43b3-bfd2-a9a51f528ebf": { "id": "e9481bd2-a8fa-43b3-bfd2-a9a51f528ebf", "title": "Name Directory <= 1.27.1 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Name Directory", "slug": "name-directory", "affected_versions": { "* - 1.27.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.27.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.27.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9481bd2-a8fa-43b3-bfd2-a9a51f528ebf?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9489254-dbdc-4754-86d0-d28756b269a9": { "id": "e9489254-dbdc-4754-86d0-d28756b269a9", "title": "ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities <= 5.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9489254-dbdc-4754-86d0-d28756b269a9?source=api-scan" ], "published": "2022-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e94e39d3-61da-4adb-a89a-97cda4c9203d": { "id": "e94e39d3-61da-4adb-a89a-97cda4c9203d", "title": "SyntaxHighlighter Evolved < 3.5.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SyntaxHighlighter Evolved", "slug": "syntaxhighlighter", "affected_versions": { "[*, 3.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e94e39d3-61da-4adb-a89a-97cda4c9203d?source=api-scan" ], "published": "2019-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e94f9cde-5e8b-4d68-8ede-12d678a370ed": { "id": "e94f9cde-5e8b-4d68-8ede-12d678a370ed", "title": "Amazon Affiliate <= 3.12.2 - Reflected File Download", "software": [ { "type": "plugin", "name": "Amazon Affiliate", "slug": "aawp", "affected_versions": { "* - 3.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e94f9cde-5e8b-4d68-8ede-12d678a370ed?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e95b2bfe-8675-4932-9b37-73ad15fa228e": { "id": "e95b2bfe-8675-4932-9b37-73ad15fa228e", "title": "Pods \u2013 Custom Content Types and Fields < 2.5.1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Pods \u2013 Custom Content Types and Fields", "slug": "pods", "affected_versions": { "[*, 2.5.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e95b2bfe-8675-4932-9b37-73ad15fa228e?source=api-scan" ], "published": "2015-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e95ecb22-7946-4830-95a4-f145f0f99d68": { "id": "e95ecb22-7946-4830-95a4-f145f0f99d68", "title": "Invite Anyone < 1.3.16 - Email Injection", "software": [ { "type": "plugin", "name": "Invite Anyone", "slug": "invite-anyone", "affected_versions": { "[*, 1.3.16)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e95ecb22-7946-4830-95a4-f145f0f99d68?source=api-scan" ], "published": "2017-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e966a266-4265-4a72-8a50-e872805219a7": { "id": "e966a266-4265-4a72-8a50-e872805219a7", "title": "Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure", "software": [ { "type": "plugin", "name": "Smart Custom Fields", "slug": "smart-custom-fields", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e966a266-4265-4a72-8a50-e872805219a7?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e96b3d21-edeb-4dec-b13c-3688d3996cb5": { "id": "e96b3d21-edeb-4dec-b13c-3688d3996cb5", "title": "Clean-Contact <= 1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Clean-Contact", "slug": "clean-contact", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e96b3d21-edeb-4dec-b13c-3688d3996cb5?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e96e94f8-f61c-4458-9ede-53bab30502b6": { "id": "e96e94f8-f61c-4458-9ede-53bab30502b6", "title": "Advanced Access Manager <= 6.9.20 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "* - 6.9.20": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e96e94f8-f61c-4458-9ede-53bab30502b6?source=api-scan" ], "published": "2024-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e97479b1-06a0-4e24-9d2b-005bdfec9eaf": { "id": "e97479b1-06a0-4e24-9d2b-005bdfec9eaf", "title": "Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e97479b1-06a0-4e24-9d2b-005bdfec9eaf?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e97bc3a8-ce82-47c2-9ff1-174b2656a296": { "id": "e97bc3a8-ce82-47c2-9ff1-174b2656a296", "title": "Multi Currency For WooCommerce <= 1.5.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Multi Currency For WooCommerce", "slug": "wc-multi-currency", "affected_versions": { "* - 1.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e97bc3a8-ce82-47c2-9ff1-174b2656a296?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e97c652c-f191-493d-9857-acaa4db8a49a": { "id": "e97c652c-f191-493d-9857-acaa4db8a49a", "title": "Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Ignition", "slug": "ignition", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Storied", "slug": "storied", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Luxe", "slug": "luxe", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Voice", "slug": "voice", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Squared", "slug": "squared", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Performag", "slug": "performag", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Minus", "slug": "minus", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Pressive", "slug": "pressive", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "Rise", "slug": "rise", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] }, { "type": "theme", "name": "FocusBlog", "slug": "focusblog", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan" ], "published": "2021-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e982d457-29db-468f-88c3-5afe04002dcf": { "id": "e982d457-29db-468f-88c3-5afe04002dcf", "title": "ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation", "software": [ { "type": "theme", "name": "ColorMag", "slug": "colormag", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e982d457-29db-468f-88c3-5afe04002dcf?source=api-scan" ], "published": "2024-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9885db9-b1eb-4cc6-a7ea-af2c34b1d065": { "id": "e9885db9-b1eb-4cc6-a7ea-af2c34b1d065", "title": "All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter", "software": [ { "type": "plugin", "name": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic", "slug": "all-in-one-seo-pack", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9885db9-b1eb-4cc6-a7ea-af2c34b1d065?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e988d042-147c-4782-b728-71f5a50cecd8": { "id": "e988d042-147c-4782-b728-71f5a50cecd8", "title": "Essential Addons for Elementor <= 5.7.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e988d042-147c-4782-b728-71f5a50cecd8?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e989dbb9-41eb-4c56-8d6b-7c0518500f2d": { "id": "e989dbb9-41eb-4c56-8d6b-7c0518500f2d", "title": "Pardot <= 2.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Account Engagement", "slug": "pardot", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e989dbb9-41eb-4c56-8d6b-7c0518500f2d?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e98aa389-9113-4997-8b96-1ca03cdfc235": { "id": "e98aa389-9113-4997-8b96-1ca03cdfc235", "title": "Mobile Banner <= 1.5 - Cross-Site Request Forgery leading to Plugin Settings Changes", "software": [ { "type": "plugin", "name": "Mobile Banner", "slug": "mobile-banner", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e98aa389-9113-4997-8b96-1ca03cdfc235?source=api-scan" ], "published": "2023-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e98b0a3a-6c14-45f1-a6b2-9911ba34ce0d": { "id": "e98b0a3a-6c14-45f1-a6b2-9911ba34ce0d", "title": "Thumbs Rating <= 5.1.0 - Unauthenticated Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Thumbs Rating", "slug": "thumbs-rating", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e98b0a3a-6c14-45f1-a6b2-9911ba34ce0d?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e98b1bc7-8dcb-4fcf-9238-598ce53e443e": { "id": "e98b1bc7-8dcb-4fcf-9238-598ce53e443e", "title": "dwnldr < 1.01 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "dwnldr", "slug": "dwnldr", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.01" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e98b1bc7-8dcb-4fcf-9238-598ce53e443e?source=api-scan" ], "published": "2016-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e98ed932-4e4c-4127-ae72-500e2a34f371": { "id": "e98ed932-4e4c-4127-ae72-500e2a34f371", "title": "TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Tag, Category, and Taxonomy Manager \u2013 AI Autotagger", "slug": "simple-tags", "affected_versions": { "* - 3.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e98ed932-4e4c-4127-ae72-500e2a34f371?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9944443-2e71-45c4-8a19-d76863cf66df": { "id": "e9944443-2e71-45c4-8a19-d76863cf66df", "title": "Advanced iFrame <= 2023.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Advanced iFrame", "slug": "advanced-iframe", "affected_versions": { "* - 2023.8": { "from_version": "*", "from_inclusive": true, "to_version": "2023.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2023.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9944443-2e71-45c4-8a19-d76863cf66df?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9960282-4730-4ee8-b338-adcc57f01cc6": { "id": "e9960282-4730-4ee8-b338-adcc57f01cc6", "title": "Bus Ticket Booking with Seat Reservation <= 5.2.5 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bus Ticket Booking with Seat Reservation \u2013 WpBusTicketly | WordPress plugin", "slug": "bus-ticket-booking-with-seat-reservation", "affected_versions": { "* - 5.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9960282-4730-4ee8-b338-adcc57f01cc6?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e999f4c0-03dd-4ea3-9245-b12ffd8da3e2": { "id": "e999f4c0-03dd-4ea3-9245-b12ffd8da3e2", "title": "Contact Form & Lead Form Elementor Builder < 1.7.4 - Arbitrary Settings Change", "software": [ { "type": "plugin", "name": "Responsive Contact Form Builder & Lead Generation Plugin", "slug": "lead-form-builder", "affected_versions": { "[*, 1.7.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e999f4c0-03dd-4ea3-9245-b12ffd8da3e2?source=api-scan" ], "published": "2022-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e99a7d46-a3be-4408-9000-fb43fe397dd9": { "id": "e99a7d46-a3be-4408-9000-fb43fe397dd9", "title": "InJob | Multi features for recruitment WordPress Theme < 3.3.8 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "InJob | Multi features for recruitment WordPress Theme", "slug": "injob", "affected_versions": { "[*, 3.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e99a7d46-a3be-4408-9000-fb43fe397dd9?source=api-scan" ], "published": "2019-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9a0ca58-ddc1-43ec-bb08-7fd31f92e275": { "id": "e9a0ca58-ddc1-43ec-bb08-7fd31f92e275", "title": "PropertyHive <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9a0ca58-ddc1-43ec-bb08-7fd31f92e275?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9a28625-19e4-4696-bb51-7115368120d3": { "id": "e9a28625-19e4-4696-bb51-7115368120d3", "title": "WP-Cache.com <= 1.1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP-Cache.com", "slug": "wp-cachecom", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9a28625-19e4-4696-bb51-7115368120d3?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9a65dc9-4c9a-4f19-bd1f-2ca8a6ded18c": { "id": "e9a65dc9-4c9a-4f19-bd1f-2ca8a6ded18c", "title": "AI Contact Us Form <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI Contact Us Form", "slug": "ai-contact-us", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9a65dc9-4c9a-4f19-bd1f-2ca8a6ded18c?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9a89613-cfd9-4a96-b8eb-4b17376be433": { "id": "e9a89613-cfd9-4a96-b8eb-4b17376be433", "title": "WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce", "slug": "cartflows", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9a89613-cfd9-4a96-b8eb-4b17376be433?source=api-scan" ], "published": "2024-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9a94b81-6430-4f04-ac16-4bf79318b5de": { "id": "e9a94b81-6430-4f04-ac16-4bf79318b5de", "title": "Simple File List <= 4.4.12 - Cross-Site Request Forgery to Page Creation", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 4.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9a94b81-6430-4f04-ac16-4bf79318b5de?source=api-scan" ], "published": "2022-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9ad2dff-0c6d-4d91-a35d-803b97def01f": { "id": "e9ad2dff-0c6d-4d91-a35d-803b97def01f", "title": "Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9ad2dff-0c6d-4d91-a35d-803b97def01f?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9ad533d-4ec0-42a0-99fc-75fc59498c94": { "id": "e9ad533d-4ec0-42a0-99fc-75fc59498c94", "title": "Autochat Automatic Conversation <= 1.1.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Autochat Automatic Conversation", "slug": "auyautochat-for-wp", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9ad533d-4ec0-42a0-99fc-75fc59498c94?source=api-scan" ], "published": "2023-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9ae8fa3-206c-496d-9902-c6468964b717": { "id": "e9ae8fa3-206c-496d-9902-c6468964b717", "title": "WordPress Advanced Ticket System, Elite Support Helpdesk <= 1.0.63 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Advanced Ticket System, Elite Support Helpdesk", "slug": "wats", "affected_versions": { "[*, 1.0.64)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.64", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9ae8fa3-206c-496d-9902-c6468964b717?source=api-scan" ], "published": "2021-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9b28209-498f-4319-be87-3f54c64d9ccd": { "id": "e9b28209-498f-4319-be87-3f54c64d9ccd", "title": "CM Pop-Up banners <= 1.4.10 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Pop-Up Banners for WordPress", "slug": "cm-pop-up-banners", "affected_versions": { "* - 1.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9b28209-498f-4319-be87-3f54c64d9ccd?source=api-scan" ], "published": "2020-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9b58db6-4059-4923-b1e3-3321cc7d3573": { "id": "e9b58db6-4059-4923-b1e3-3321cc7d3573", "title": "Avada <= 7.4.1 - Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9b58db6-4059-4923-b1e3-3321cc7d3573?source=api-scan" ], "published": "2021-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9c2a942-c14c-4b59-92a7-6946b2e4731b": { "id": "e9c2a942-c14c-4b59-92a7-6946b2e4731b", "title": "Getwid \u2013 Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=api-scan" ], "published": "2023-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9c33bab-a27b-43b1-aa48-3f8c09a38528": { "id": "e9c33bab-a27b-43b1-aa48-3f8c09a38528", "title": "Sticky Anything <= 2.1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sticky Anything", "slug": "toast-stick-anything", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9c33bab-a27b-43b1-aa48-3f8c09a38528?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9c81117-a9da-41bb-afc6-94196167af04": { "id": "e9c81117-a9da-41bb-afc6-94196167af04", "title": "Social Share Buttons by Supsystic <= 2.2.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Social Share Buttons by Supsystic", "slug": "social-share-buttons-by-supsystic", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9c81117-a9da-41bb-afc6-94196167af04?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9caf6a8-d7f6-4686-889a-79ba9cf911c4": { "id": "e9caf6a8-d7f6-4686-889a-79ba9cf911c4", "title": "Admin renamer extended <= 3.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Admin renamer extended", "slug": "admin-renamer-extended", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9caf6a8-d7f6-4686-889a-79ba9cf911c4?source=api-scan" ], "published": "2019-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9d1a33b-2518-48f7-90b6-a94a34473d1e": { "id": "e9d1a33b-2518-48f7-90b6-a94a34473d1e", "title": "System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)", "software": [ { "type": "plugin", "name": "System Dashboard", "slug": "system-dashboard", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9d1a33b-2518-48f7-90b6-a94a34473d1e?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9d42cc5-c213-454b-b05a-a57705e5c7e4": { "id": "e9d42cc5-c213-454b-b05a-a57705e5c7e4", "title": "Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags", "software": [ { "type": "plugin", "name": "Plugins List", "slug": "plugins-list", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9d42cc5-c213-454b-b05a-a57705e5c7e4?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9d545fc-fed0-428a-bad5-a0d7d09c04a7": { "id": "e9d545fc-fed0-428a-bad5-a0d7d09c04a7", "title": "AdminPad <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AdminPad", "slug": "adminpad", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9d545fc-fed0-428a-bad5-a0d7d09c04a7?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9d58191-769c-4632-a086-4dbce9bfb6ad": { "id": "e9d58191-769c-4632-a086-4dbce9bfb6ad", "title": "JetFormBuilder <= 3.0.8 - Authenticated (Author+) Privilege Escalation", "software": [ { "type": "plugin", "name": "JetFormBuilder \u2014 Dynamic Blocks Form Builder", "slug": "jetformbuilder", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9d58191-769c-4632-a086-4dbce9bfb6ad?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9e256b0-e4e3-4f41-842c-80aa2b80af72": { "id": "e9e256b0-e4e3-4f41-842c-80aa2b80af72", "title": "affiliate-toolkit \u2013 WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9e256b0-e4e3-4f41-842c-80aa2b80af72?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9e30377-2b5a-4b2d-9f19-bae91608fb24": { "id": "e9e30377-2b5a-4b2d-9f19-bae91608fb24", "title": "Memberful \u2013 Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Memberful \u2013 Membership Plugin", "slug": "memberful-wp", "affected_versions": { "* - 1.73.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.73.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.73.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9e30377-2b5a-4b2d-9f19-bae91608fb24?source=api-scan" ], "published": "2024-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9e43c5b-a094-44ab-a8a3-52d437f0e00d": { "id": "e9e43c5b-a094-44ab-a8a3-52d437f0e00d", "title": "Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9e49406-a007-4c38-8e69-bf4b5438260e": { "id": "e9e49406-a007-4c38-8e69-bf4b5438260e", "title": "Paytium: Mollie payment forms & donations <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9e49406-a007-4c38-8e69-bf4b5438260e?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9ec79e5-9f02-4a73-9437-58821ca855ef": { "id": "e9ec79e5-9f02-4a73-9437-58821ca855ef", "title": "WordPress Core 1.5 - 2.3.1 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "1.5 - 2.3.1": { "from_version": "1.5", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9ec79e5-9f02-4a73-9437-58821ca855ef?source=api-scan" ], "published": "2007-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9ee4f4e-5098-406c-b712-a2484180a07d": { "id": "e9ee4f4e-5098-406c-b712-a2484180a07d", "title": "Broken Link Checker <= 1.11.19 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Broken Link Checker", "slug": "broken-link-checker", "affected_versions": { "* - 1.11.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9ee4f4e-5098-406c-b712-a2484180a07d?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9f0689d-aa35-4dfb-b264-5d7378ab1a54": { "id": "e9f0689d-aa35-4dfb-b264-5d7378ab1a54", "title": "iThemes Security < 5.3.5 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "[*, 5.3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9f0689d-aa35-4dfb-b264-5d7378ab1a54?source=api-scan" ], "published": "2016-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9f090bb-8e85-4fc3-a904-0a7ff85db8f1": { "id": "e9f090bb-8e85-4fc3-a904-0a7ff85db8f1", "title": "SMTP Mail <= 1.1.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SMTP Mail", "slug": "smtp-mail", "affected_versions": { "* - 1.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9f090bb-8e85-4fc3-a904-0a7ff85db8f1?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9f73654-2e5a-4762-8cac-613e24d3216a": { "id": "e9f73654-2e5a-4762-8cac-613e24d3216a", "title": "Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "2.9.36 - 2.9.42": { "from_version": "2.9.36", "from_inclusive": true, "to_version": "2.9.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.42.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9f73654-2e5a-4762-8cac-613e24d3216a?source=api-scan" ], "published": "2016-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9f9f72f-01f4-47db-8efd-f25f0276896f": { "id": "e9f9f72f-01f4-47db-8efd-f25f0276896f", "title": "Name Directory <= 1.29.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Name Directory", "slug": "name-directory", "affected_versions": { "* - 1.29.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.29.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9f9f72f-01f4-47db-8efd-f25f0276896f?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9fa55cc-c686-43e4-a028-dd2721d2db85": { "id": "e9fa55cc-c686-43e4-a028-dd2721d2db85", "title": "Most And Least Read Posts Widget <=2.5.16 - Authenticated(Contributor+) SQL Injection via Widget settings", "software": [ { "type": "plugin", "name": "Most And Least Read Posts Widget", "slug": "most-and-least-read-posts-widget", "affected_versions": { "[*, 2.5.17)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.17", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9fa55cc-c686-43e4-a028-dd2721d2db85?source=api-scan" ], "published": "2023-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9fba508-9a18-4c02-8d3a-0bcf990c457d": { "id": "e9fba508-9a18-4c02-8d3a-0bcf990c457d", "title": "Zoho SalesIQ <= 1.0.8 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zoho SalesIQ \u2013 Live chat, chatbots, and visitor tracking", "slug": "zoho-salesiq", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9fba508-9a18-4c02-8d3a-0bcf990c457d?source=api-scan" ], "published": "2019-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "e9fc118e-f402-4042-85b0-2175cb0e3048": { "id": "e9fc118e-f402-4042-85b0-2175cb0e3048", "title": "10Web Map Builder for Google Maps <= 1.0.69 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "10Web Map Builder for Google Maps", "slug": "wd-google-maps", "affected_versions": { "[*, 1.0.70)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.70", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/e9fc118e-f402-4042-85b0-2175cb0e3048?source=api-scan" ], "published": "2021-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea00bcc9-6f9c-4704-8337-074d5356e9e2": { "id": "ea00bcc9-6f9c-4704-8337-074d5356e9e2", "title": "WP Activity Log <= 4.1.4 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "[*, 4.1.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea00bcc9-6f9c-4704-8337-074d5356e9e2?source=api-scan" ], "published": "2020-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea01e11e-31b5-4cd9-8fab-3693e47f705a": { "id": "ea01e11e-31b5-4cd9-8fab-3693e47f705a", "title": "Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo List < 1.4.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo List", "slug": "picture-gallery", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea01e11e-31b5-4cd9-8fab-3693e47f705a?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea070d9c-c04c-432f-a110-47b9eaa67614": { "id": "ea070d9c-c04c-432f-a110-47b9eaa67614", "title": "UserPro <= 5.1.6 - Disabled Membership Registration Bypass", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea070d9c-c04c-432f-a110-47b9eaa67614?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea097cb7-85f4-4b6d-9f29-bc2636993f21": { "id": "ea097cb7-85f4-4b6d-9f29-bc2636993f21", "title": "Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "* - 4.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea0d1acc-d2c9-4851-9753-d87587236d7e": { "id": "ea0d1acc-d2c9-4851-9753-d87587236d7e", "title": "LeagueManager < 3.8.1 - SQL Injection", "software": [ { "type": "plugin", "name": "LeagueManager", "slug": "leaguemanager", "affected_versions": { "[*, 3.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea0d1acc-d2c9-4851-9753-d87587236d7e?source=api-scan" ], "published": "2013-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea0d5859-7304-4d65-9ba9-679d0fc3c3fd": { "id": "ea0d5859-7304-4d65-9ba9-679d0fc3c3fd", "title": "Easy Table <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Table", "slug": "easy-table", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea0d5859-7304-4d65-9ba9-679d0fc3c3fd?source=api-scan" ], "published": "2017-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea136a60-aa42-4577-88b6-a49c79098954": { "id": "ea136a60-aa42-4577-88b6-a49c79098954", "title": "LearnPress <= 4.2.3 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea136a60-aa42-4577-88b6-a49c79098954?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea13aebb-c853-4828-8d7f-b607aa83b702": { "id": "ea13aebb-c853-4828-8d7f-b607aa83b702", "title": "Fast Velocity Minify <= 2.7.6 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Fast Velocity Minify", "slug": "fast-velocity-minify", "affected_versions": { "* - 2.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea13aebb-c853-4828-8d7f-b607aa83b702?source=api-scan" ], "published": "2019-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea189072-aa96-441b-ad5e-b6433da06d22": { "id": "ea189072-aa96-441b-ad5e-b6433da06d22", "title": "Relevant \u2013 Related, Featured, Latest, and Popular Posts by BestWebSoft < 1.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Relevant \u2013 Related, Featured, Latest, and Popular Posts by BestWebSoft", "slug": "relevant", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea189072-aa96-441b-ad5e-b6433da06d22?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea1dc52d-fcd6-4b35-899a-3aff814073e0": { "id": "ea1dc52d-fcd6-4b35-899a-3aff814073e0", "title": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.7 - Missing Authorization to Unauthenticated Media Upload", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.11.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea1dc52d-fcd6-4b35-899a-3aff814073e0?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea23bcc2-ce71-4f16-85f3-11276deb659f": { "id": "ea23bcc2-ce71-4f16-85f3-11276deb659f", "title": "Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Collapse-O-Matic", "slug": "jquery-collapse-o-matic", "affected_versions": { "* - 1.8.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea23bcc2-ce71-4f16-85f3-11276deb659f?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea24cb9e-88a5-45a2-93f8-544afef5a83b": { "id": "ea24cb9e-88a5-45a2-93f8-544afef5a83b", "title": "WP Visited Countries Reloaded <= 3.1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Visited Countries Reloaded", "slug": "wp-visited-countries-reloaded", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea24cb9e-88a5-45a2-93f8-544afef5a83b?source=api-scan" ], "published": "2021-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea26eb81-e6d1-4c6d-95f4-fd1b2d919632": { "id": "ea26eb81-e6d1-4c6d-95f4-fd1b2d919632", "title": "WordPress Core < 4.5 - Server-Side Request Forgery", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea26eb81-e6d1-4c6d-95f4-fd1b2d919632?source=api-scan" ], "published": "2016-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea2b5dca-42a5-49d4-800d-b268572968a9": { "id": "ea2b5dca-42a5-49d4-800d-b268572968a9", "title": "VK All in One Expansion Unit <= 9.95.0.1 - Information Exposure", "software": [ { "type": "plugin", "name": "VK All in One Expansion Unit", "slug": "vk-all-in-one-expansion-unit", "affected_versions": { "* - 9.95.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.95.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.96.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea2b5dca-42a5-49d4-800d-b268572968a9?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea2d4716-2ae1-45ca-a4b2-4edb4a89d7b4": { "id": "ea2d4716-2ae1-45ca-a4b2-4edb4a89d7b4", "title": "Specialist (Unspecified Version) - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "theme", "name": "Specialist", "slug": "specialist", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea2d4716-2ae1-45ca-a4b2-4edb4a89d7b4?source=api-scan" ], "published": "2014-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea3afa3c-9a88-4f91-a74a-04306639feb5": { "id": "ea3afa3c-9a88-4f91-a74a-04306639feb5", "title": "Google Language Translator <= 4.0.9 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Translate WordPress \u2013 Google Language Translator", "slug": "google-language-translator", "affected_versions": { "[*, 5.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea3afa3c-9a88-4f91-a74a-04306639feb5?source=api-scan" ], "published": "2015-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea3ba0f5-6bc2-455c-b4e3-891ed6b2518c": { "id": "ea3ba0f5-6bc2-455c-b4e3-891ed6b2518c", "title": "Elemin < 1.4.3 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Elemin", "slug": "elemin", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea3ba0f5-6bc2-455c-b4e3-891ed6b2518c?source=api-scan" ], "published": "2013-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea3c5188-4570-4958-8b2d-69048b10c5f9": { "id": "ea3c5188-4570-4958-8b2d-69048b10c5f9", "title": "Business Directory Plugin <= 6.3.9 - Missing Authorization via dispatch", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 6.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea3c5188-4570-4958-8b2d-69048b10c5f9?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea3daad1-74a1-44be-b7ed-b58b806da614": { "id": "ea3daad1-74a1-44be-b7ed-b58b806da614", "title": "Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea3daad1-74a1-44be-b7ed-b58b806da614?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea40d06e-672c-42db-9378-d382de5838d4": { "id": "ea40d06e-672c-42db-9378-d382de5838d4", "title": "File Manager Advanced Shortcode WordPress <= 2.3.2 - Unauthenticated Arbitrary File Upload to Remote Code Execution via Shortcode", "software": [ { "type": "plugin", "name": "File Manager Advanced Shortcode WordPress", "slug": "file-manager-advanced-shortcode", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea40d06e-672c-42db-9378-d382de5838d4?source=api-scan" ], "published": "2023-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea4453bc-557b-4abf-85c6-4aecfd8f4012": { "id": "ea4453bc-557b-4abf-85c6-4aecfd8f4012", "title": "WP Simple Shopping Cart <= 4.6.3 - Information Disclosure", "software": [ { "type": "plugin", "name": "WordPress Simple Shopping Cart", "slug": "wordpress-simple-paypal-shopping-cart", "affected_versions": { "4.6.3": { "from_version": "4.6.3", "from_inclusive": true, "to_version": "4.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea4453bc-557b-4abf-85c6-4aecfd8f4012?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea489c69-d4d9-4e05-8cac-25fd17d48506": { "id": "ea489c69-d4d9-4e05-8cac-25fd17d48506", "title": "BitPay Checkout for WooCommerce <= 4.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "BitPay Checkout for WooCommerce", "slug": "bitpay-checkout-for-woocommerce", "affected_versions": { "* - 4.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea489c69-d4d9-4e05-8cac-25fd17d48506?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea4b35ef-99ae-4ef9-8618-f9993306521b": { "id": "ea4b35ef-99ae-4ef9-8618-f9993306521b", "title": "Ultimate Addons for Elementor <= 1.36.20 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Ultimate Addons for Elementor", "slug": "ultimate-elementor", "affected_versions": { "* - 1.36.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.36.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.36.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea4b35ef-99ae-4ef9-8618-f9993306521b?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea4e6718-4e1e-44ce-8463-860f0d3d80f5": { "id": "ea4e6718-4e1e-44ce-8463-860f0d3d80f5", "title": "ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.24": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=api-scan" ], "published": "2024-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea4e9263-36f7-490c-9dad-d3b806bcfdf4": { "id": "ea4e9263-36f7-490c-9dad-d3b806bcfdf4", "title": "Visitor Traffic Real Time Statistics <= 2.13 - Cross-Site Request Forgery to Arbitrary Plugin Installation\/Activation", "software": [ { "type": "plugin", "name": "Visitor Traffic Real Time Statistics", "slug": "visitors-traffic-real-time-statistics", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea4e9263-36f7-490c-9dad-d3b806bcfdf4?source=api-scan" ], "published": "2021-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea4fd340-6e94-4032-9202-8ccfa7481223": { "id": "ea4fd340-6e94-4032-9202-8ccfa7481223", "title": "PNG to JPG <= 5.8 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PNG to JPG", "slug": "png-to-jpg", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea4fd340-6e94-4032-9202-8ccfa7481223?source=api-scan" ], "published": "2022-05-06 13:18:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea5215b3-fd25-4ca5-b651-18c935aa2ca0": { "id": "ea5215b3-fd25-4ca5-b651-18c935aa2ca0", "title": "AF Companion <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AF Companion \u2013 Build Stylish WordPress Websites in Minutes \u2013 No Coding, Just Click and Go! Starter Sites Importer for WordPress", "slug": "af-companion", "affected_versions": { "[1.1.0, 1.1.2)": { "from_version": "1.1.0", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea5215b3-fd25-4ca5-b651-18c935aa2ca0?source=api-scan" ], "published": "2021-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea52bacf-e21d-4ea9-b51b-ee0c37620bf9": { "id": "ea52bacf-e21d-4ea9-b51b-ee0c37620bf9", "title": "Magee Shortcodes <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Magee Shortcodes", "slug": "magee-shortcodes", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea52bacf-e21d-4ea9-b51b-ee0c37620bf9?source=api-scan" ], "published": "2023-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea56f0a1-7359-4beb-aae6-e2a3757ec8cd": { "id": "ea56f0a1-7359-4beb-aae6-e2a3757ec8cd", "title": "Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal", "software": [ { "type": "plugin", "name": "Enable Media Replace", "slug": "enable-media-replace", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea56f0a1-7359-4beb-aae6-e2a3757ec8cd?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea595e78-f4fc-491d-8143-c836302618d5": { "id": "ea595e78-f4fc-491d-8143-c836302618d5", "title": "LadiApp <= 4.4 - Cross-Site Request Forgery via save_config()", "software": [ { "type": "plugin", "name": "LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing\u2026", "slug": "ladipage", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea595e78-f4fc-491d-8143-c836302618d5?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea5f9fba-6b25-40c8-b237-361eb6365693": { "id": "ea5f9fba-6b25-40c8-b237-361eb6365693", "title": "JiangQie Free Mini Program <= 2.5.2 - Unauthenticated Arbitrary File Uplaod", "software": [ { "type": "plugin", "name": "JiangQie Free Mini Program", "slug": "jiangqie-free-mini-program", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea5f9fba-6b25-40c8-b237-361eb6365693?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea607a56-ed6e-44dd-be42-a0b0d970742e": { "id": "ea607a56-ed6e-44dd-be42-a0b0d970742e", "title": "Store Locator Plus < 4.2.27 - Email Injection", "software": [ { "type": "plugin", "name": "Store Locator Plus\u00ae for WordPress", "slug": "store-locator-le", "affected_versions": { "[*, 4.2.27)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea607a56-ed6e-44dd-be42-a0b0d970742e?source=api-scan" ], "published": "2015-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea630be6-16f8-4d93-ae27-8a29f82c5db9": { "id": "ea630be6-16f8-4d93-ae27-8a29f82c5db9", "title": "Ultimate Store Kit Elementor Addons <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider", "slug": "ultimate-store-kit", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea630be6-16f8-4d93-ae27-8a29f82c5db9?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea6e0856-ba3d-4fa1-ac90-45a51ff994ef": { "id": "ea6e0856-ba3d-4fa1-ac90-45a51ff994ef", "title": "Buttons Shortcode and Widget <= 1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Buttons Shortcode and Widget", "slug": "buttons-shortcode-and-widget", "affected_versions": { "* - 1.16": { "from_version": "*", "from_inclusive": true, "to_version": "1.16", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea6e0856-ba3d-4fa1-ac90-45a51ff994ef?source=api-scan" ], "published": "2024-02-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea7d643c-3388-469f-b4a9-5c68341e2af0": { "id": "ea7d643c-3388-469f-b4a9-5c68341e2af0", "title": "Japanized For WooCommerce <= 2.5.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Japanized For WooCommerce", "slug": "woocommerce-for-japan", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea7d643c-3388-469f-b4a9-5c68341e2af0?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea7f654b-88d1-4ed8-bab0-701e2e66e060": { "id": "ea7f654b-88d1-4ed8-bab0-701e2e66e060", "title": "E2Pdf <= 1.20.18 - Authenticated (Administrator+) PHP Object Injection", "software": [ { "type": "plugin", "name": "E2Pdf \u2013 Export Pdf Tool for WordPress", "slug": "e2pdf", "affected_versions": { "* - 1.20.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.20.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea7f654b-88d1-4ed8-bab0-701e2e66e060?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea82e978-a653-4ae3-94aa-bc77b94a176c": { "id": "ea82e978-a653-4ae3-94aa-bc77b94a176c", "title": "PropertyHive <= 1.5.48 - Reflected Cross-Site Scripting via date_post_id", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 1.5.48": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.48", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.49" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea82e978-a653-4ae3-94aa-bc77b94a176c?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea85fa9a-78ea-4017-b72e-49db7eafa11e": { "id": "ea85fa9a-78ea-4017-b72e-49db7eafa11e", "title": "Galleria <= 1.0.3 - Cross-Site Request Forgery via showOptionsPage", "software": [ { "type": "plugin", "name": "Galleria", "slug": "galleria", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea85fa9a-78ea-4017-b72e-49db7eafa11e?source=api-scan" ], "published": "2023-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea984974-2835-4bad-b7ca-975ad21c80e5": { "id": "ea984974-2835-4bad-b7ca-975ad21c80e5", "title": "Amelia <= 1.0.95 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booking for Appointments and Events Calendar \u2013 Amelia", "slug": "ameliabooking", "affected_versions": { "* - 1.0.95": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.95", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.96" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea984974-2835-4bad-b7ca-975ad21c80e5?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea99795f-45fa-4d4c-a6bd-2197b58efcb2": { "id": "ea99795f-45fa-4d4c-a6bd-2197b58efcb2", "title": "Easy Digital Downloads <= 2.11.7 - Cross-Site Request Forgery to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 2.11.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea99795f-45fa-4d4c-a6bd-2197b58efcb2?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea9eaca6-3441-4976-8556-0ce288d1a0c6": { "id": "ea9eaca6-3441-4976-8556-0ce288d1a0c6", "title": "BP Profile Shortcodes Extra <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BP Profile Shortcodes Extra", "slug": "bp-profile-shortcodes-extra", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea9eaca6-3441-4976-8556-0ce288d1a0c6?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ea9ee672-76d3-4d6a-b309-cd0023ca6c0d": { "id": "ea9ee672-76d3-4d6a-b309-cd0023ca6c0d", "title": "Daily Deal (Unknown Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Daily Deal by Templatic", "slug": "dailydeal", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ea9ee672-76d3-4d6a-b309-cd0023ca6c0d?source=api-scan" ], "published": "2013-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaa4b7b9-ea5b-46a1-847e-027bcb1fa5a6": { "id": "eaa4b7b9-ea5b-46a1-847e-027bcb1fa5a6", "title": "Quiz And Survey Master <= 7.3.10 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaa4b7b9-ea5b-46a1-847e-027bcb1fa5a6?source=api-scan" ], "published": "2022-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaabaadf-7881-4c4f-8987-fbba8318a458": { "id": "eaabaadf-7881-4c4f-8987-fbba8318a458", "title": "Meks Smart Social Widget <= 1.6 - Missing Authorization to notice dimissal", "software": [ { "type": "plugin", "name": "Meks Smart Social Widget", "slug": "meks-smart-social-widget", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaabaadf-7881-4c4f-8987-fbba8318a458?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaaf1ac0-1ea6-4bcb-a385-87267525801c": { "id": "eaaf1ac0-1ea6-4bcb-a385-87267525801c", "title": "Visualizer: Tables and Charts Manager for WordPress <= 3.3.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visualizer: Tables and Charts Manager for WordPress", "slug": "visualizer", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaaf1ac0-1ea6-4bcb-a385-87267525801c?source=api-scan" ], "published": "2019-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaafeadd-f44c-49b1-b900-ef40800c629e": { "id": "eaafeadd-f44c-49b1-b900-ef40800c629e", "title": "Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Salon Booking System", "slug": "salon-booking-system", "affected_versions": { "* - 9.9": { "from_version": "*", "from_inclusive": true, "to_version": "9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaafeadd-f44c-49b1-b900-ef40800c629e?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eab1fe39-dda2-49c9-9c76-c1127626a85c": { "id": "eab1fe39-dda2-49c9-9c76-c1127626a85c", "title": "WP-FB-AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page", "software": [ { "type": "plugin", "name": "WP Social AutoConnect", "slug": "wp-fb-autoconnect", "affected_versions": { "* - 4.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eab1fe39-dda2-49c9-9c76-c1127626a85c?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eab422b8-8cf5-441e-a21f-6a0e1b7642b2": { "id": "eab422b8-8cf5-441e-a21f-6a0e1b7642b2", "title": "AffiliateWP <= 2.14.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "AffiliateWP", "slug": "AffiliateWP", "affected_versions": { "2.14.0": { "from_version": "2.14.0", "from_inclusive": true, "to_version": "2.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.14.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eab422b8-8cf5-441e-a21f-6a0e1b7642b2?source=api-scan" ], "published": "2023-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eab729ed-ec00-4be1-a738-fce8a4f26100": { "id": "eab729ed-ec00-4be1-a738-fce8a4f26100", "title": "Exchange Addon Membership < 1.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exchange Addon Membership", "slug": "exchange-addon-membership", "affected_versions": { "[*, 1.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eab729ed-ec00-4be1-a738-fce8a4f26100?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eab85a0a-f328-4cb6-b01f-d7e57540969d": { "id": "eab85a0a-f328-4cb6-b01f-d7e57540969d", "title": "Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Import any XML or CSV File to WordPress", "slug": "wp-all-import", "affected_versions": { "* - 3.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eab85a0a-f328-4cb6-b01f-d7e57540969d?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eab98c41-f0f2-4953-b9b3-c08e1e92c03a": { "id": "eab98c41-f0f2-4953-b9b3-c08e1e92c03a", "title": "BulletProof Security <= .53.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "* - .53.2": { "from_version": "*", "from_inclusive": true, "to_version": ".53.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ ".53.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eab98c41-f0f2-4953-b9b3-c08e1e92c03a?source=api-scan" ], "published": "2016-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eac8685b-8ed9-432d-8912-b66bd62c950f": { "id": "eac8685b-8ed9-432d-8912-b66bd62c950f", "title": "Products, Order & Customers Export for WooCommerce <= 2.0.10 - Reflected Cross-Site Scripting via date parameters", "software": [ { "type": "plugin", "name": "Products, Order & Customers Export for WooCommerce", "slug": "export-woocommerce", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eac8685b-8ed9-432d-8912-b66bd62c950f?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eac9d9b5-6812-4fe2-9427-500d4bb2ea09": { "id": "eac9d9b5-6812-4fe2-9427-500d4bb2ea09", "title": "WP Opt-in <= 1.4.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "WP Opt-in", "slug": "wp-opt-in", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eac9d9b5-6812-4fe2-9427-500d4bb2ea09?source=api-scan" ], "published": "2022-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eacfcc78-b4c3-46ba-a9d3-302fd207dd33": { "id": "eacfcc78-b4c3-46ba-a9d3-302fd207dd33", "title": "Spectra <= 2.13.7 - Missing Authorization via generate_ai_content", "software": [ { "type": "plugin", "name": "Spectra \u2013 WordPress Gutenberg Blocks", "slug": "ultimate-addons-for-gutenberg", "affected_versions": { "* - 2.13.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eacfcc78-b4c3-46ba-a9d3-302fd207dd33?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ead5b943-731d-484a-a6b0-ca4f27eccff0": { "id": "ead5b943-731d-484a-a6b0-ca4f27eccff0", "title": "Newsletters <= 4.9.5 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Newsletters", "slug": "newsletters-lite", "affected_versions": { "* - 4.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ead5b943-731d-484a-a6b0-ca4f27eccff0?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ead76977-d0dc-4385-8666-c8a4694c3bbe": { "id": "ead76977-d0dc-4385-8666-c8a4694c3bbe", "title": "Site Reviews <= 6.2.0 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "Site Reviews", "slug": "site-reviews", "affected_versions": { "* - 6.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ead76977-d0dc-4385-8666-c8a4694c3bbe?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eada519e-a647-4425-9e41-b8527b592c8a": { "id": "eada519e-a647-4425-9e41-b8527b592c8a", "title": "Custom Searchable Data Entry System <= 1.7.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Custom Searchable Data Entry System", "slug": "custom-searchable-data-entry-system", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eada519e-a647-4425-9e41-b8527b592c8a?source=api-scan" ], "published": "2020-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eadbfb77-fb9a-4363-acc8-8dd9b87820eb": { "id": "eadbfb77-fb9a-4363-acc8-8dd9b87820eb", "title": "WordPress Core < 6.0.3 - Stored Cross-Site Scripting via wp-mail.php", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eadbfb77-fb9a-4363-acc8-8dd9b87820eb?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eae1ee2c-1be5-4be5-8873-f99c8fdd41ba": { "id": "eae1ee2c-1be5-4be5-8873-f99c8fdd41ba", "title": "lote27 (All Versions) - Arbitrary File Download", "software": [ { "type": "theme", "name": "lote27", "slug": "lote27", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eae1ee2c-1be5-4be5-8873-f99c8fdd41ba?source=api-scan" ], "published": "2014-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eae9b960-36b1-4b83-855a-d1beaa60a93f": { "id": "eae9b960-36b1-4b83-855a-d1beaa60a93f", "title": "Exclusive Addons Elementor <= 2.6.9.1 - Missing Authorization to Post Duplication", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eae9b960-36b1-4b83-855a-d1beaa60a93f?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaea07ad-e6f1-4f23-a508-94203967af7f": { "id": "eaea07ad-e6f1-4f23-a508-94203967af7f", "title": "WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.30": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.30", "to_inclusive": true }, "3.8 - 3.8.30": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.30", "to_inclusive": true }, "3.9 - 3.9.28": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.28", "to_inclusive": true }, "4.0 - 4.0.27": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.27", "to_inclusive": true }, "4.1 - 4.1.27": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.27", "to_inclusive": true }, "4.2 - 4.2.24": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.24", "to_inclusive": true }, "4.3 - 4.3.20": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.20", "to_inclusive": true }, "4.4 - 4.4.19": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.19", "to_inclusive": true }, "4.5 - 4.5.18": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.18", "to_inclusive": true }, "4.6 - 4.6.15": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true }, "4.7 - 4.7.13": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.13", "to_inclusive": true }, "4.7 - 4.7.14": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.14", "to_inclusive": true }, "4.8 - 4.8.10": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.10", "to_inclusive": true }, "4.9 - 4.9.11": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.11", "to_inclusive": true }, "5.0 - 5.0.6": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true }, "5.1 - 5.1.2": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true }, "5.2 - 5.2.3": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.31", "3.8.31", "3.9.29", "4.0.28", "4.1.28", "4.2.25", "4.3.21", "4.4.20", "4.5.19", "4.6.16", "4.7.15", "4.8.11", "4.9.12", "5.0.7", "5.1.3", "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaea07ad-e6f1-4f23-a508-94203967af7f?source=api-scan" ], "published": "2019-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaead805-b122-4418-a4a0-cf1b0925f3c3": { "id": "eaead805-b122-4418-a4a0-cf1b0925f3c3", "title": "Tabs & Accordion <= 1.3.10 - Authenticated (Contributor+) Content Injection", "software": [ { "type": "plugin", "name": "Tabs & Accordion", "slug": "tabs", "affected_versions": { "* - 1.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaead805-b122-4418-a4a0-cf1b0925f3c3?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaebcae4-cdf5-4eb7-9246-07185fe62d07": { "id": "eaebcae4-cdf5-4eb7-9246-07185fe62d07", "title": "Protecci\u00f3n de Datos RGPD <= 3.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Protecci\u00f3n de Datos RGPD", "slug": "click-datos-lopd", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaebcae4-cdf5-4eb7-9246-07185fe62d07?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaf0d324-bf2c-4da7-b2ab-f53f7b7881f2": { "id": "eaf0d324-bf2c-4da7-b2ab-f53f7b7881f2", "title": "Ninja Forms Contact Form <= 3.6.9 - Cross-Site Scripting via field label", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaf0d324-bf2c-4da7-b2ab-f53f7b7881f2?source=api-scan" ], "published": "2022-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaf17a09-3e35-4df8-acb9-7829942597c6": { "id": "eaf17a09-3e35-4df8-acb9-7829942597c6", "title": "Woffice CRM <= 4.0.1 - Authorization Bypass", "software": [ { "type": "theme", "name": "Woffice CRM", "slug": "woffice", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaf17a09-3e35-4df8-acb9-7829942597c6?source=api-scan" ], "published": "2021-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eaf9cc48-1ba6-4e9b-9f49-54f7747c26e0": { "id": "eaf9cc48-1ba6-4e9b-9f49-54f7747c26e0", "title": "Meks Video Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) API Keys Modification", "software": [ { "type": "plugin", "name": "Meks Video Importer", "slug": "meks-video-importer", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eaf9cc48-1ba6-4e9b-9f49-54f7747c26e0?source=api-scan" ], "published": "2024-07-17 12:58:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb022e51-32fd-403e-a9b3-34114e957020": { "id": "eb022e51-32fd-403e-a9b3-34114e957020", "title": "rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "rtMedia for WordPress, BuddyPress and bbPress", "slug": "buddypress-media", "affected_versions": { "* - 4.6.15": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb022e51-32fd-403e-a9b3-34114e957020?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb088999-0727-4645-890b-f584b85cda48": { "id": "eb088999-0727-4645-890b-f584b85cda48", "title": "WP File Manager <= 7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "File Manager", "slug": "wp-file-manager", "affected_versions": { "[*, 7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb088999-0727-4645-890b-f584b85cda48?source=api-scan" ], "published": "2021-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb0b9c2b-c536-4697-be4c-7557ba66c2c4": { "id": "eb0b9c2b-c536-4697-be4c-7557ba66c2c4", "title": "WPML <= 4.5.10 - Unprotected AJAX Actions", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 4.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb0b9c2b-c536-4697-be4c-7557ba66c2c4?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb117172-c853-4448-9648-367bb9a0d2c2": { "id": "eb117172-c853-4448-9648-367bb9a0d2c2", "title": "Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro", "slug": "pmpro-register-helper", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb117172-c853-4448-9648-367bb9a0d2c2?source=api-scan" ], "published": "2023-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb1f5fc6-9e0e-423a-bd71-32e12d201c37": { "id": "eb1f5fc6-9e0e-423a-bd71-32e12d201c37", "title": "Search Keyword Redirect <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Search Keyword Redirect", "slug": "wp-search-keyword-redirect", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb1f5fc6-9e0e-423a-bd71-32e12d201c37?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb23c4d7-d9be-4162-bb7b-8a74f3c339eb": { "id": "eb23c4d7-d9be-4162-bb7b-8a74f3c339eb", "title": "Events Made Easy <= 2.2.35 - Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "Events Made Easy", "slug": "events-made-easy", "affected_versions": { "* - 2.2.35": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb23c4d7-d9be-4162-bb7b-8a74f3c339eb?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb271cc8-01ec-45eb-9d6f-efc55c7c3923": { "id": "eb271cc8-01ec-45eb-9d6f-efc55c7c3923", "title": "Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Work The Flow File Upload", "slug": "work-the-flow-file-upload", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb271cc8-01ec-45eb-9d6f-efc55c7c3923?source=api-scan" ], "published": "2015-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb2776d8-1e2f-46fb-9d3b-693c8fa115b3": { "id": "eb2776d8-1e2f-46fb-9d3b-693c8fa115b3", "title": "Pre-Orders for WooCommerce <= 1.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pre-Orders for WooCommerce", "slug": "pre-orders-for-woocommerce", "affected_versions": { "* - 1.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb2776d8-1e2f-46fb-9d3b-693c8fa115b3?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb290fa8-206e-44c6-9107-8a896225664c": { "id": "eb290fa8-206e-44c6-9107-8a896225664c", "title": "Job Board Vanila Plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Job Board Vanila Plugin", "slug": "job-board-vanilla", "affected_versions": { "1.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb290fa8-206e-44c6-9107-8a896225664c?source=api-scan" ], "published": "2021-10-14 13:46:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb2918c4-b9b5-4cc3-a4fa-625944984a20": { "id": "eb2918c4-b9b5-4cc3-a4fa-625944984a20", "title": "Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Dracula Dark Mode \u2013 Enhanced Accessibility, Dark Mode & Reading Mode for WordPress", "slug": "dracula-dark-mode", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb2918c4-b9b5-4cc3-a4fa-625944984a20?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb299b03-a176-43b3-beca-944c32a5af49": { "id": "eb299b03-a176-43b3-beca-944c32a5af49", "title": "BP Group Documents <= 1.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BP Group Documents", "slug": "bp-group-documents", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb299b03-a176-43b3-beca-944c32a5af49?source=api-scan" ], "published": "2013-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb2cda13-4fc8-4158-9462-db20fb0965bd": { "id": "eb2cda13-4fc8-4158-9462-db20fb0965bd", "title": "Podcast Channels <= 0.20 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Podcast Channels", "slug": "podcast-channels", "affected_versions": { "[*, 0.21)": { "from_version": "*", "from_inclusive": true, "to_version": "0.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb2cda13-4fc8-4158-9462-db20fb0965bd?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb329862-8cfa-49a5-b9cb-908acc4182e3": { "id": "eb329862-8cfa-49a5-b9cb-908acc4182e3", "title": "Market < 5.1.27 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Market", "slug": "BuilderChild-Market", "affected_versions": { "[*, 5.1.27)": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.27", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.1.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb329862-8cfa-49a5-b9cb-908acc4182e3?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb32a095-7d2b-4a57-9d91-f79fb3486f9a": { "id": "eb32a095-7d2b-4a57-9d91-f79fb3486f9a", "title": "Copy or Move Comments < 1.0.1 - Cross-Site Scripting and SQL Injection", "software": [ { "type": "plugin", "name": "Copy or Move Comments", "slug": "copy-or-move-comments", "affected_versions": { "[*, 1.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb32a095-7d2b-4a57-9d91-f79fb3486f9a?source=api-scan" ], "published": "2015-06-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb35b27f-e938-4a51-b441-887d23b7082a": { "id": "eb35b27f-e938-4a51-b441-887d23b7082a", "title": "Photo Gallery by Ays <= 5.5.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", "slug": "gallery-photo-gallery", "affected_versions": { "* - 5.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb35b27f-e938-4a51-b441-887d23b7082a?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb367998-5c5c-4c4d-81cb-519023f028e6": { "id": "eb367998-5c5c-4c4d-81cb-519023f028e6", "title": "W3 Total Cache <= 0.9.4.1 - Arbitrary Code Execution via settings import", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "* - 0.9.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb367998-5c5c-4c4d-81cb-519023f028e6?source=api-scan" ], "published": "2016-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb38024c-880d-4d22-b81a-412d46183e1b": { "id": "eb38024c-880d-4d22-b81a-412d46183e1b", "title": "AI ChatBot with ChatGPT and Content Generator by AYS <= 2.0.9 - Unauthenticated OpenAI Key Exposure", "software": [ { "type": "plugin", "name": "AI ChatBot with ChatGPT and Content Generator by AYS", "slug": "ays-chatgpt-assistant", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb38024c-880d-4d22-b81a-412d46183e1b?source=api-scan" ], "published": "2024-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb3a7623-ced8-4738-8a95-a3eda7e86ec1": { "id": "eb3a7623-ced8-4738-8a95-a3eda7e86ec1", "title": "April's Super Functions Pack <= 1.4.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "April's Super Functions Pack", "slug": "aprils-super-functions-pack", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb3a7623-ced8-4738-8a95-a3eda7e86ec1?source=api-scan" ], "published": "2014-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb3aa518-ef12-4168-a524-ad36397f67cb": { "id": "eb3aa518-ef12-4168-a524-ad36397f67cb", "title": "Dbox 3D Slider Lite <= 1.2.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Dbox 3D Slider Lite", "slug": "dbox-slider-lite", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb3aa518-ef12-4168-a524-ad36397f67cb?source=api-scan" ], "published": "2018-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb3c0108-dfb6-4786-af04-9d54cb22c74c": { "id": "eb3c0108-dfb6-4786-af04-9d54cb22c74c", "title": "Support Board < 3.3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Support Board", "slug": "supportboard", "affected_versions": { "[*, 3.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb3c0108-dfb6-4786-af04-9d54cb22c74c?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb3ef121-13ea-4e42-90c1-1f4bd31ebbcf": { "id": "eb3ef121-13ea-4e42-90c1-1f4bd31ebbcf", "title": "Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Ocean Extra", "slug": "ocean-extra", "affected_versions": { "[*, 1.6.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb3ef121-13ea-4e42-90c1-1f4bd31ebbcf?source=api-scan" ], "published": "2020-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb40f948-1252-4b6d-8c2d-3eb0e1f08987": { "id": "eb40f948-1252-4b6d-8c2d-3eb0e1f08987", "title": "Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via RCCWP_CreateCustomFieldPage.php custom-group-id parameter", "software": [ { "type": "plugin", "name": "Magic Fields", "slug": "magic-fields", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb40f948-1252-4b6d-8c2d-3eb0e1f08987?source=api-scan" ], "published": "2019-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb4487e3-4276-4a7e-bf6f-e8ec49bb29f2": { "id": "eb4487e3-4276-4a7e-bf6f-e8ec49bb29f2", "title": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.28 - Missing Authorization", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb4487e3-4276-4a7e-bf6f-e8ec49bb29f2?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb49e8d5-1f4f-46d1-8206-0a43b4284f19": { "id": "eb49e8d5-1f4f-46d1-8206-0a43b4284f19", "title": "My Chatbot <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "My Chatbot", "slug": "my-chatbot", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb49e8d5-1f4f-46d1-8206-0a43b4284f19?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb4b1871-7c13-4f7c-93b5-d5254f89da8f": { "id": "eb4b1871-7c13-4f7c-93b5-d5254f89da8f", "title": "GeoDirectory <= 2.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "* - 2.2.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb4b1871-7c13-4f7c-93b5-d5254f89da8f?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb519441-2598-4907-8e49-036c455176ad": { "id": "eb519441-2598-4907-8e49-036c455176ad", "title": "WP Statistics <= 12.0.9 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 12.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "12.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb519441-2598-4907-8e49-036c455176ad?source=api-scan" ], "published": "2017-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb562efb-eb17-4366-9f6d-02653df6ece1": { "id": "eb562efb-eb17-4366-9f6d-02653df6ece1", "title": "Ultimate FAQ <= 1.8.24 - Unauthenticated Options Import\/Export", "software": [ { "type": "plugin", "name": "Ultimate FAQ Accordion Plugin", "slug": "ultimate-faqs", "affected_versions": { "[*, 1.8.25)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.25", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb562efb-eb17-4366-9f6d-02653df6ece1?source=api-scan" ], "published": "2019-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb56da48-c928-42d4-8c71-de72f879d430": { "id": "eb56da48-c928-42d4-8c71-de72f879d430", "title": "WordPress Core < 4.5.3 - Password Change via Stolen Cookie", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.14": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.14", "to_inclusive": true }, "3.8 - 3.8.14": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true }, "3.9 - 3.9.12": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true }, "4.0 - 4.0.11": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true }, "4.1 - 4.1.11": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true }, "4.2 - 4.2.8": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.15", "3.8.15", "3.9.13", "4.0.12", "4.1.12", "4.2.9", "4.3.5", "4.4.4", "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb56da48-c928-42d4-8c71-de72f879d430?source=api-scan" ], "published": "2016-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb613de8-d298-471f-b585-2da3b5500f10": { "id": "eb613de8-d298-471f-b585-2da3b5500f10", "title": "FV Flowplayer Video Player <= 7.2.0.727 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FV Flowplayer Video Player", "slug": "fv-wordpress-flowplayer", "affected_versions": { "* - 7.2.0.727": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.0.727", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.1.727" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb613de8-d298-471f-b585-2da3b5500f10?source=api-scan" ], "published": "2018-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb629dfc-1be2-4a56-907f-0b5c64cc066e": { "id": "eb629dfc-1be2-4a56-907f-0b5c64cc066e", "title": "Relocate Upload < 0.20 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Relocate Upload", "slug": "relocate-upload", "affected_versions": { "[*, 0.20)": { "from_version": "*", "from_inclusive": true, "to_version": "0.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb629dfc-1be2-4a56-907f-0b5c64cc066e?source=api-scan" ], "published": "2011-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb6642c0-9011-419b-bef6-5aa594993c01": { "id": "eb6642c0-9011-419b-bef6-5aa594993c01", "title": "Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb6642c0-9011-419b-bef6-5aa594993c01?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb68f3b4-b4c7-4e16-bed2-2bd41f1b5a44": { "id": "eb68f3b4-b4c7-4e16-bed2-2bd41f1b5a44", "title": "WP Video Lightbox <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Video Lightbox", "slug": "wp-video-lightbox", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb68f3b4-b4c7-4e16-bed2-2bd41f1b5a44?source=api-scan" ], "published": "2022-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb6ac547-59fd-4d51-a140-06f7f70a43ab": { "id": "eb6ac547-59fd-4d51-a140-06f7f70a43ab", "title": "WordPress Ultra Simple Paypal Shopping Cart <= 4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Ultra Simple Paypal Shopping Cart", "slug": "wp-ultra-simple-paypal-shopping-cart", "affected_versions": { "* - 4.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb6ac547-59fd-4d51-a140-06f7f70a43ab?source=api-scan" ], "published": "2019-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb6bbbbb-b201-4fd5-8ee1-2369fb27070f": { "id": "eb6bbbbb-b201-4fd5-8ee1-2369fb27070f", "title": "WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps < 2.0.2 - Information Disclosure", "software": [ { "type": "plugin", "name": "WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps", "slug": "wordpress-mobile-pack", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb6bbbbb-b201-4fd5-8ee1-2369fb27070f?source=api-scan" ], "published": "2014-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb6f38ce-2378-480f-8f43-140ed7be5cc0": { "id": "eb6f38ce-2378-480f-8f43-140ed7be5cc0", "title": "PixCodes <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "PixCodes", "slug": "pixcodes", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb6f38ce-2378-480f-8f43-140ed7be5cc0?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb71befb-8b79-46b0-9d0b-0159542147c1": { "id": "eb71befb-8b79-46b0-9d0b-0159542147c1", "title": "RapidLoad Power-Up for Autoptimize <= 1.6.35 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.6.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb71befb-8b79-46b0-9d0b-0159542147c1?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb828160-b537-4435-9d85-47e0d70a6704": { "id": "eb828160-b537-4435-9d85-47e0d70a6704", "title": "Remove tabs and fields from WooCommerce <= 1.68 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Remove tabs and fields from WooCommerce", "slug": "wc-remove-tabs-and-fields", "affected_versions": { "* - 1.68": { "from_version": "*", "from_inclusive": true, "to_version": "1.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb828160-b537-4435-9d85-47e0d70a6704?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb8517bc-f45f-40a1-ae80-ed227c8b32d7": { "id": "eb8517bc-f45f-40a1-ae80-ed227c8b32d7", "title": "WooCommerce <= 8.2.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 8.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb8517bc-f45f-40a1-ae80-ed227c8b32d7?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb89a16c-fae0-4d36-85aa-79beab753cba": { "id": "eb89a16c-fae0-4d36-85aa-79beab753cba", "title": "BP Better Messages <= 1.9.9.37 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "[*, 1.9.9.41)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9.41", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.9.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb89a16c-fae0-4d36-85aa-79beab753cba?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb9253de-7139-422b-aa17-b25937d6a21c": { "id": "eb9253de-7139-422b-aa17-b25937d6a21c", "title": "Strong Testimonials <= 3.1.16 - Missing Authorization", "software": [ { "type": "plugin", "name": "Strong Testimonials", "slug": "strong-testimonials", "affected_versions": { "* - 3.1.16": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb9253de-7139-422b-aa17-b25937d6a21c?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb94520e-a99d-4e34-b174-e01898de0978": { "id": "eb94520e-a99d-4e34-b174-e01898de0978", "title": "Custom post types <= 4.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom post types, Custom Fields & more", "slug": "custom-post-types", "affected_versions": { "[*, 5.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb94520e-a99d-4e34-b174-e01898de0978?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb99c1a0-a0c3-4a6e-84b1-4ced45015db4": { "id": "eb99c1a0-a0c3-4a6e-84b1-4ced45015db4", "title": "Really Simple Facebook Twitter Share Buttons < 2.10.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Really Simple Facebook Twitter Share Buttons", "slug": "really-simple-facebook-twitter-share-buttons", "affected_versions": { "[*, 2.10.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.10.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb99c1a0-a0c3-4a6e-84b1-4ced45015db4?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb9a6c9b-24fb-436f-b583-55adeedb726e": { "id": "eb9a6c9b-24fb-436f-b583-55adeedb726e", "title": "Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function", "software": [ { "type": "plugin", "name": "Podlove Subscribe button", "slug": "podlove-subscribe-button", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb9a6c9b-24fb-436f-b583-55adeedb726e?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eb9bcd3e-bb8c-4c7b-8904-56790acd2655": { "id": "eb9bcd3e-bb8c-4c7b-8904-56790acd2655", "title": "WP Google My Business Auto Publish <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Auto Publish for Google My Business", "slug": "wp-google-my-business-auto-publish", "affected_versions": { "* - 3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eb9bcd3e-bb8c-4c7b-8904-56790acd2655?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eba48c51-87d9-4e7e-b4c1-0205cd96d033": { "id": "eba48c51-87d9-4e7e-b4c1-0205cd96d033", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eba48c51-87d9-4e7e-b4c1-0205cd96d033?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eba7ab33-bcb6-4ada-ae5f-0df758fc719a": { "id": "eba7ab33-bcb6-4ada-ae5f-0df758fc719a", "title": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin <= 6.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eba7ab33-bcb6-4ada-ae5f-0df758fc719a?source=api-scan" ], "published": "2021-11-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eba81d49-7af5-4031-aa0e-43c2fa61cd38": { "id": "eba81d49-7af5-4031-aa0e-43c2fa61cd38", "title": "Seriously Simple Podcasting <= 3.0.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seriously Simple Podcasting", "slug": "seriously-simple-podcasting", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eba81d49-7af5-4031-aa0e-43c2fa61cd38?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebacd411-6def-4026-a619-5e08a181507b": { "id": "ebacd411-6def-4026-a619-5e08a181507b", "title": "Custom 404 Pro <= 3.8.0 - Unauthenticated SQL Injection via 's'", "software": [ { "type": "plugin", "name": "Custom 404 Pro", "slug": "custom-404-pro", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebacd411-6def-4026-a619-5e08a181507b?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebae4b18-5b5f-45c3-86e2-02eefd7abdb7": { "id": "ebae4b18-5b5f-45c3-86e2-02eefd7abdb7", "title": "Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness", "software": [ { "type": "plugin", "name": "Customer Email Verification for WooCommerce", "slug": "emails-verification-for-woocommerce", "affected_versions": { "* - 2.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebae4b18-5b5f-45c3-86e2-02eefd7abdb7?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebafc14a-1197-4ac4-ad95-8965a755d5c4": { "id": "ebafc14a-1197-4ac4-ad95-8965a755d5c4", "title": "Search & Filter Pro <= 2.5.17 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Search & Filter Pro", "slug": "search-filter-pro", "affected_versions": { "* - 2.5.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebafc14a-1197-4ac4-ad95-8965a755d5c4?source=api-scan" ], "published": "2024-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebb275e9-3a5b-421e-b857-95880ebe000d": { "id": "ebb275e9-3a5b-421e-b857-95880ebe000d", "title": "JobCareer | Job Board Responsive WordPress Theme <= 2.5.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobCareer | Job Board Responsive WordPress Theme", "slug": "jobcareer", "affected_versions": { "[*, 2.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebb275e9-3a5b-421e-b857-95880ebe000d?source=api-scan" ], "published": "2019-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebb33fdc-fd89-4d4f-9107-287a64abc150": { "id": "ebb33fdc-fd89-4d4f-9107-287a64abc150", "title": "Spam protection, AntiSpam, FireWall by CleanTalk <= 5.173 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "* - 5.173": { "from_version": "*", "from_inclusive": true, "to_version": "5.173", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.174.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebb33fdc-fd89-4d4f-9107-287a64abc150?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebb76379-0cac-47c6-a0eb-34780bc837bc": { "id": "ebb76379-0cac-47c6-a0eb-34780bc837bc", "title": "DiveBook <= 1.1.4 - Improper Access Control", "software": [ { "type": "plugin", "name": "DiveBook", "slug": "divebook", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebb76379-0cac-47c6-a0eb-34780bc837bc?source=api-scan" ], "published": "2020-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebb80964-761b-410c-998f-4408439e0d48": { "id": "ebb80964-761b-410c-998f-4408439e0d48", "title": "Patreon WordPress < 1.2.2 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebb80964-761b-410c-998f-4408439e0d48?source=api-scan" ], "published": "2018-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebb9e37c-9e8b-429b-b4ef-cd875351852c": { "id": "ebb9e37c-9e8b-429b-b4ef-cd875351852c", "title": "BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion", "software": [ { "type": "plugin", "name": "BadgeOS", "slug": "badgeos", "affected_versions": { "* - 3.7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebb9e37c-9e8b-429b-b4ef-cd875351852c?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebbee05c-fd32-4dd9-99d3-716ba604b859": { "id": "ebbee05c-fd32-4dd9-99d3-716ba604b859", "title": "AnyComment <= 0.0.32 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AnyComment", "slug": "anycomment", "affected_versions": { "* - 0.0.32": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebbee05c-fd32-4dd9-99d3-716ba604b859?source=api-scan" ], "published": "2018-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebc0c8e6-a365-4ef7-9c1a-41454855096c": { "id": "ebc0c8e6-a365-4ef7-9c1a-41454855096c", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.102": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.102", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.105" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebc0c8e6-a365-4ef7-9c1a-41454855096c?source=api-scan" ], "published": "2024-05-10 08:41:48", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebcbeb7c-eadb-4541-94f0-6e85f7f3e6a1": { "id": "ebcbeb7c-eadb-4541-94f0-6e85f7f3e6a1", "title": "Homepage SlideShow <= 2.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Homepage SlideShow", "slug": "wp-homepage-slideshow", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebcbeb7c-eadb-4541-94f0-6e85f7f3e6a1?source=api-scan" ], "published": "2013-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebcbf872-1420-4a57-a4b4-8a52ba74e0a1": { "id": "ebcbf872-1420-4a57-a4b4-8a52ba74e0a1", "title": "Funnelforms Free <= 3.3.9 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free", "slug": "funnelforms-free", "affected_versions": { "[*, 3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebcbf872-1420-4a57-a4b4-8a52ba74e0a1?source=api-scan" ], "published": "2023-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebcd13e2-bc72-415f-9e2b-7213e9acf425": { "id": "ebcd13e2-bc72-415f-9e2b-7213e9acf425", "title": "Digital Newspaper <= 1.1.5 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Digital Newspaper", "slug": "digital-newspaper", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebcd13e2-bc72-415f-9e2b-7213e9acf425?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebd1483a-949d-4edb-9b86-007879d2d207": { "id": "ebd1483a-949d-4edb-9b86-007879d2d207", "title": "Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Recipe Cards For Your Food Blog from Zip Recipes", "slug": "zip-recipes", "affected_versions": { "* - 8.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebd1483a-949d-4edb-9b86-007879d2d207?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebd1c1c0-0eb4-430d-a65b-9bf30a7dd52a": { "id": "ebd1c1c0-0eb4-430d-a65b-9bf30a7dd52a", "title": "DandyID Services <= 1.5.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DandyID Services", "slug": "dandyid-services", "affected_versions": { "* - 1.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebd1c1c0-0eb4-430d-a65b-9bf30a7dd52a?source=api-scan" ], "published": "2014-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82": { "id": "ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82", "title": "Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Salient Core", "slug": "salient-core", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebd42227-1cc2-42ab-b64b-3fe3fe1880c8": { "id": "ebd42227-1cc2-42ab-b64b-3fe3fe1880c8", "title": "HTML5 Video Player with Playlist <= 2.4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML5 Video Player with Playlist", "slug": "html5-video-player-with-playlist", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebd42227-1cc2-42ab-b64b-3fe3fe1880c8?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebd6acc9-b7df-4cf8-a211-1e39f3abcf79": { "id": "ebd6acc9-b7df-4cf8-a211-1e39f3abcf79", "title": "Cowidgets \u2013 Elementor Addons <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Cowidgets \u2013 Elementor Addons", "slug": "cowidgets-elementor-addons", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebd6acc9-b7df-4cf8-a211-1e39f3abcf79?source=api-scan" ], "published": "2024-06-05 13:52:03", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebd78e52-f20d-42be-8f68-3d09d5abf837": { "id": "ebd78e52-f20d-42be-8f68-3d09d5abf837", "title": "Starter Templates <= 3.2.5 - Incorrect Authorization", "software": [ { "type": "plugin", "name": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "slug": "astra-sites", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] }, { "type": "plugin", "name": "Premium Starter Templates", "slug": "astra-pro-sites", "affected_versions": { "* - 3.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebd78e52-f20d-42be-8f68-3d09d5abf837?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebdac9a2-2114-4b3c-ab2f-bd461f2c648c": { "id": "ebdac9a2-2114-4b3c-ab2f-bd461f2c648c", "title": "Rencontre \u2013 Dating Site <= 3.1.2 - SQL Injection", "software": [ { "type": "plugin", "name": "Rencontre \u2013 Dating Site", "slug": "rencontre", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebdac9a2-2114-4b3c-ab2f-bd461f2c648c?source=api-scan" ], "published": "2019-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebe03cde-7956-4185-8990-8d47f174e60a": { "id": "ebe03cde-7956-4185-8990-8d47f174e60a", "title": "WP Calameo <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Calameo", "slug": "wp-calameo", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebe03cde-7956-4185-8990-8d47f174e60a?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebe215c6-b328-49b7-aed7-e164e1c5f0d0": { "id": "ebe215c6-b328-49b7-aed7-e164e1c5f0d0", "title": "VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VikBooking Hotel Booking Engine & PMS", "slug": "vikbooking", "affected_versions": { "[*, 1.5.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebe215c6-b328-49b7-aed7-e164e1c5f0d0?source=api-scan" ], "published": "2022-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebe431a7-b552-4891-9784-c6a7353228da": { "id": "ebe431a7-b552-4891-9784-c6a7353228da", "title": "Ebook Store <= 5.8001 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "Ebook Store", "slug": "ebook-store", "affected_versions": { "* - 5.8001": { "from_version": "*", "from_inclusive": true, "to_version": "5.8001", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebe431a7-b552-4891-9784-c6a7353228da?source=api-scan" ], "published": "2024-08-01 13:11:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebea0ec0-f7ee-41c5-b0a5-a78e9cd11d41": { "id": "ebea0ec0-f7ee-41c5-b0a5-a78e9cd11d41", "title": "Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax", "software": [ { "type": "plugin", "name": "Superb Social Media Share Buttons and Follow Buttons for WordPress", "slug": "superb-social-share-and-follow-buttons", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebea0ec0-f7ee-41c5-b0a5-a78e9cd11d41?source=api-scan" ], "published": "2023-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebf2e701-9f9b-4a78-a61a-0cf90cdd9755": { "id": "ebf2e701-9f9b-4a78-a61a-0cf90cdd9755", "title": "WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save", "software": [ { "type": "plugin", "name": "PDF Builder for WooCommerce. Create invoices,packing slips and more", "slug": "woo-pdf-invoice-builder", "affected_versions": { "* - 1.2.90": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.90", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebf2e701-9f9b-4a78-a61a-0cf90cdd9755?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebf84c6a-fd6c-4113-91ff-27c7564cabdb": { "id": "ebf84c6a-fd6c-4113-91ff-27c7564cabdb", "title": "wpForo Forum <= 1.9.6 - Open Redirect", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebf84c6a-fd6c-4113-91ff-27c7564cabdb?source=api-scan" ], "published": "2021-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebf9760d-b7c2-43c7-bfb0-dde96de3dcb9": { "id": "ebf9760d-b7c2-43c7-bfb0-dde96de3dcb9", "title": "Brisk (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Brisk", "slug": "brisk", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebf9760d-b7c2-43c7-bfb0-dde96de3dcb9?source=api-scan" ], "published": "2012-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ebfc2677-6e5c-49f2-915b-b07af8c2037d": { "id": "ebfc2677-6e5c-49f2-915b-b07af8c2037d", "title": "ARforms <= 6.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 6.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ebfc2677-6e5c-49f2-915b-b07af8c2037d?source=api-scan" ], "published": "2024-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec002a5a-1965-4828-8a0a-19941af98e2d": { "id": "ec002a5a-1965-4828-8a0a-19941af98e2d", "title": "Tab \u2013 Accordion, FAQ < 1.3.2 - Unauthenticated Arbitrary Tab Modification", "software": [ { "type": "plugin", "name": "Tab \u2013 Accordion, FAQ", "slug": "tabbed", "affected_versions": { "[*, 1.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec002a5a-1965-4828-8a0a-19941af98e2d?source=api-scan" ], "published": "2021-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec015f49-cdb6-4a08-81cd-6fa505086537": { "id": "ec015f49-cdb6-4a08-81cd-6fa505086537", "title": "WP Customer Area <= 7.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Customer Area", "slug": "customer-area", "affected_versions": { "[*, 7.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "7.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec015f49-cdb6-4a08-81cd-6fa505086537?source=api-scan" ], "published": "2017-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec03840e-807b-4a9c-87e7-a1560b8b7f5c": { "id": "ec03840e-807b-4a9c-87e7-a1560b8b7f5c", "title": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings <= 7.2.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "slug": "directorist", "affected_versions": { "* - 7.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec03840e-807b-4a9c-87e7-a1560b8b7f5c?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec084ade-d2e7-4484-8381-a83b04c41059": { "id": "ec084ade-d2e7-4484-8381-a83b04c41059", "title": "RSVPmaker Excel <= 1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "RSVPmaker Excel", "slug": "rsvpmaker-excel", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec084ade-d2e7-4484-8381-a83b04c41059?source=api-scan" ], "published": "2021-09-09 16:20:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec0d80f7-96fb-466d-9701-9751f71b926d": { "id": "ec0d80f7-96fb-466d-9701-9751f71b926d", "title": "News Element Elementor Blog Magazine <= 1.0.5 - Unauthenticated Local File Inlcusion", "software": [ { "type": "plugin", "name": "News Element Elementor Blog Magazine", "slug": "news-element", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec0d80f7-96fb-466d-9701-9751f71b926d?source=api-scan" ], "published": "2024-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec0fff2a-602d-441b-89d1-64d609a4abc0": { "id": "ec0fff2a-602d-441b-89d1-64d609a4abc0", "title": "Popup Builder <= 3.72 Missing Authorization on AJAX actions", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 3.71": { "from_version": "*", "from_inclusive": true, "to_version": "3.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec0fff2a-602d-441b-89d1-64d609a4abc0?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec1461a9-4504-4e60-9e38-a7257666e699": { "id": "ec1461a9-4504-4e60-9e38-a7257666e699", "title": "Whydonate \u2013 FREE Donate button <= 3.12.14 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WhyDonate \u2013 FREE Donate button \u2013 Crowdfunding \u2013 Fundraising", "slug": "wp-whydonate", "affected_versions": { "* - 3.12.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.12.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.12.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec1461a9-4504-4e60-9e38-a7257666e699?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec162cdc-d4cd-47d9-b941-24bfee6c48fd": { "id": "ec162cdc-d4cd-47d9-b941-24bfee6c48fd", "title": "Front End Users <= 3.2.28 - Authenticated (Contributor+) Time-Based SQL Injection", "software": [ { "type": "plugin", "name": "Front End Users", "slug": "front-end-only-users", "affected_versions": { "* - 3.2.28": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec162cdc-d4cd-47d9-b941-24bfee6c48fd?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec1ee47d-020c-482d-ad6f-663d78e624b8": { "id": "ec1ee47d-020c-482d-ad6f-663d78e624b8", "title": "Absolute Reviews <= 1.0.8 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Absolute Reviews", "slug": "absolute-reviews", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec1ee47d-020c-482d-ad6f-663d78e624b8?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec1ffc70-fc0c-4c25-926c-e78e0f206d2b": { "id": "ec1ffc70-fc0c-4c25-926c-e78e0f206d2b", "title": "Simple Posts Ticker <= 1.1.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Simple Posts Ticker \u2013 Easy, Lightweight & Flexible", "slug": "simple-posts-ticker", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec1ffc70-fc0c-4c25-926c-e78e0f206d2b?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec201702-8c8c-4049-b647-422d18001b7f": { "id": "ec201702-8c8c-4049-b647-422d18001b7f", "title": "WP Recipe Maker <= 9.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 9.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec201702-8c8c-4049-b647-422d18001b7f?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec20d5c4-4c41-4ec9-8d0a-ec8f03634f7d": { "id": "ec20d5c4-4c41-4ec9-8d0a-ec8f03634f7d", "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec20d5c4-4c41-4ec9-8d0a-ec8f03634f7d?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec2181cb-dfb2-43d5-90e8-c68d0d98c98b": { "id": "ec2181cb-dfb2-43d5-90e8-c68d0d98c98b", "title": "WordPress RokBox <= 2.13 - Abuse of Functionality", "software": [ { "type": "plugin", "name": "WordPress RokBox", "slug": "wp_rokbox", "affected_versions": { "* - 2.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec2181cb-dfb2-43d5-90e8-c68d0d98c98b?source=api-scan" ], "published": "2012-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec281e0d-0217-4cdd-af31-71158bb3a25d": { "id": "ec281e0d-0217-4cdd-af31-71158bb3a25d", "title": "Side Cart Woocommerce (Ajax) <= 2.0 - Cross-Site Request Forgery to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Side Cart Woocommerce | Woocommerce Cart", "slug": "side-cart-woocommerce", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec281e0d-0217-4cdd-af31-71158bb3a25d?source=api-scan" ], "published": "2022-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec2825b2-c8df-40fd-b44d-a840be66446f": { "id": "ec2825b2-c8df-40fd-b44d-a840be66446f", "title": "Mediciti Lite <= 1.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Mediciti Lite", "slug": "mediciti-lite", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec2825b2-c8df-40fd-b44d-a840be66446f?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec29bc37-db27-4bf3-b55f-15c4a7274acd": { "id": "ec29bc37-db27-4bf3-b55f-15c4a7274acd", "title": "Option Tree <= 2.6.0 - PHP Object Injection", "software": [ { "type": "plugin", "name": "OptionTree", "slug": "option-tree", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec29bc37-db27-4bf3-b55f-15c4a7274acd?source=api-scan" ], "published": "2019-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec29e5fc-5635-4809-9bb5-cd28f7fac17e": { "id": "ec29e5fc-5635-4809-9bb5-cd28f7fac17e", "title": "Login With Ajax <= 4.1 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Login With Ajax \u2013 Fast Logins, 2FA, Redirects", "slug": "login-with-ajax", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec29e5fc-5635-4809-9bb5-cd28f7fac17e?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec2da093-9f36-44c5-948b-590fd99734e8": { "id": "ec2da093-9f36-44c5-948b-590fd99734e8", "title": "qTranslate <= 2.5.39 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "qTranslate", "slug": "qtranslate", "affected_versions": { "* - 2.5.39": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.39", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec2da093-9f36-44c5-948b-590fd99734e8?source=api-scan" ], "published": "2015-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec2daf19-51ef-4e1b-becb-252955a61523": { "id": "ec2daf19-51ef-4e1b-becb-252955a61523", "title": "EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EventON", "slug": "eventon-lite", "affected_versions": { "* - 2.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.8" ] }, { "type": "plugin", "name": "EventON Pro", "slug": "eventon", "affected_versions": { "* - 4.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec2daf19-51ef-4e1b-becb-252955a61523?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec2edcdf-3a0c-40bc-8b33-1ad15cad5acb": { "id": "ec2edcdf-3a0c-40bc-8b33-1ad15cad5acb", "title": "Welcart e-Commerce < 1.4.18 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "[*, 1.4.18)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec2edcdf-3a0c-40bc-8b33-1ad15cad5acb?source=api-scan" ], "published": "2015-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec2eec5a-7767-4215-b77d-5cfd2d148f73": { "id": "ec2eec5a-7767-4215-b77d-5cfd2d148f73", "title": "NotificationX <= 2.3.8 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "NotificationX \u2013 Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar", "slug": "notificationx", "affected_versions": { "* - 2.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec2eec5a-7767-4215-b77d-5cfd2d148f73?source=api-scan" ], "published": "2022-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec311df2-33af-4b91-80a1-252d934c7f61": { "id": "ec311df2-33af-4b91-80a1-252d934c7f61", "title": "Social proof testimonials and reviews by Repuso <= 4.97 - Missing Authorization", "software": [ { "type": "plugin", "name": "Social proof testimonials and reviews by Repuso", "slug": "social-testimonials-and-reviews-widget", "affected_versions": { "* - 4.97": { "from_version": "*", "from_inclusive": true, "to_version": "4.97", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.00" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec311df2-33af-4b91-80a1-252d934c7f61?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec395e79-b82a-45c3-a704-a15a5efaf26d": { "id": "ec395e79-b82a-45c3-a704-a15a5efaf26d", "title": "AWP Classifieds <= 4.3.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds", "slug": "another-wordpress-classifieds-plugin", "affected_versions": { "* - 4.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec395e79-b82a-45c3-a704-a15a5efaf26d?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec3dd825-bee3-4d09-bc98-aff665988641": { "id": "ec3dd825-bee3-4d09-bc98-aff665988641", "title": "Astra Pro Addon <= 3.5.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Astra Pro Addon", "slug": "astra-addon", "affected_versions": { "[*, 3.5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec3dd825-bee3-4d09-bc98-aff665988641?source=api-scan" ], "published": "2021-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec47ffee-0599-4f16-a71d-d17dcfe9b183": { "id": "ec47ffee-0599-4f16-a71d-d17dcfe9b183", "title": "Custom Field Template <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label", "software": [ { "type": "plugin", "name": "Custom Field Template", "slug": "custom-field-template", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec47ffee-0599-4f16-a71d-d17dcfe9b183?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec4c14ec-d085-42c8-9e98-4155f7fa8c10": { "id": "ec4c14ec-d085-42c8-9e98-4155f7fa8c10", "title": "MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "moveto", "slug": "moveto", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec4c14ec-d085-42c8-9e98-4155f7fa8c10?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec4d27d6-b54f-4fac-9a49-6798da4f0acc": { "id": "ec4d27d6-b54f-4fac-9a49-6798da4f0acc", "title": "WP Fast Total Search <= 1.59.211 - Authenticated (Contributor+) Stored Cross-Site Scripting via WPFTS Live Search Widget", "software": [ { "type": "plugin", "name": "WP Fast Total Search \u2013 The Power of Indexed Search", "slug": "fulltext-search", "affected_versions": { "* - 1.59.211": { "from_version": "*", "from_inclusive": true, "to_version": "1.59.211", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.60.213" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec4d27d6-b54f-4fac-9a49-6798da4f0acc?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec4d807b-7119-40f0-99a8-5df8471c515b": { "id": "ec4d807b-7119-40f0-99a8-5df8471c515b", "title": "Migration, Backup, Staging \u2013 WPvivid <= 0.9.69 - Reflected Cross-Site Scripting via sub_page Parameter", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "[*, 0.9.70)": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.70", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.9.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec4d807b-7119-40f0-99a8-5df8471c515b?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec52337f-bdd1-4632-853b-da86d64751e7": { "id": "ec52337f-bdd1-4632-853b-da86d64751e7", "title": "Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import", "software": [ { "type": "plugin", "name": "Spice Starter Sites", "slug": "spice-starter-sites", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec52337f-bdd1-4632-853b-da86d64751e7?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec5474ac-62d7-4431-b789-51c831dd1c20": { "id": "ec5474ac-62d7-4431-b789-51c831dd1c20", "title": "Flat UI Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode", "software": [ { "type": "plugin", "name": "Flat UI Button", "slug": "flat-ui-button", "affected_versions": { "1.0": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec5474ac-62d7-4431-b789-51c831dd1c20?source=api-scan" ], "published": "2024-10-17 15:41:27", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec547a1f-d57b-4792-b9d0-38e9a9c4d0a2": { "id": "ec547a1f-d57b-4792-b9d0-38e9a9c4d0a2", "title": "Pie Register <= 3.7.1.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 3.7.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.7.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec547a1f-d57b-4792-b9d0-38e9a9c4d0a2?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec56fc7e-9752-4418-87b2-b27b09cf2654": { "id": "ec56fc7e-9752-4418-87b2-b27b09cf2654", "title": "MasterStudy LMS <= 3.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education", "slug": "masterstudy-lms-learning-management-system", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec56fc7e-9752-4418-87b2-b27b09cf2654?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec57e0b2-61b0-4b67-9784-dbb4e6c4e4a6": { "id": "ec57e0b2-61b0-4b67-9784-dbb4e6c4e4a6", "title": "TeraWallet \u2013 For WooCommerce <= 1.4.3 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Wallet for WooCommerce", "slug": "woo-wallet", "affected_versions": { "* - 1.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec57e0b2-61b0-4b67-9784-dbb4e6c4e4a6?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec5e4e3f-df8f-4e07-a6e0-72247b2dd7a7": { "id": "ec5e4e3f-df8f-4e07-a6e0-72247b2dd7a7", "title": "WooCommerce Multiple Customer Addresses & Shipping <= 21.6 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Address Creation\/Deletion\/View\/Updates", "software": [ { "type": "plugin", "name": "WooCommerce Multiple Customer Addresses & Shipping", "slug": "woocommerce-multiple-customer-addresses", "affected_versions": { "[*, 21.7)": { "from_version": "*", "from_inclusive": true, "to_version": "21.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "21.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec5e4e3f-df8f-4e07-a6e0-72247b2dd7a7?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec5fa360-6fff-46f5-8221-4b28a6db3e73": { "id": "ec5fa360-6fff-46f5-8221-4b28a6db3e73", "title": "JSON REST API <= 1.1 - Potential Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "WP REST API (WP API)", "slug": "json-rest-api", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec5fa360-6fff-46f5-8221-4b28a6db3e73?source=api-scan" ], "published": "2014-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec5fc038-b855-4744-8797-ce2cedd88f6a": { "id": "ec5fc038-b855-4744-8797-ce2cedd88f6a", "title": "Bitcoin Satoshi Tools <= 1.7.0 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bitcoin Satoshi Tools : Faucets, Visitor Rewarder, Satoshi Games, Referral Program", "slug": "simple-bitcoin-faucets", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec5fc038-b855-4744-8797-ce2cedd88f6a?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec6331e1-7a7c-486d-873b-02b3af38387c": { "id": "ec6331e1-7a7c-486d-873b-02b3af38387c", "title": "Wp-D3 < 2.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wp-D3", "slug": "wp-d3", "affected_versions": { "[*, 2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec6331e1-7a7c-486d-873b-02b3af38387c?source=api-scan" ], "published": "2016-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec6ea63d-60de-4b3f-8b7c-cbd951c3f737": { "id": "ec6ea63d-60de-4b3f-8b7c-cbd951c3f737", "title": "WangGuard <= 1.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WangGuard", "slug": "wangguard", "affected_versions": { "* - 1.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec6ea63d-60de-4b3f-8b7c-cbd951c3f737?source=api-scan" ], "published": "2017-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec6ea6e7-9c43-4b58-a1df-947a3aa7cd54": { "id": "ec6ea6e7-9c43-4b58-a1df-947a3aa7cd54", "title": "Embed Google Fonts <= 3.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Embed Google Fonts", "slug": "embed-google-fonts", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec6ea6e7-9c43-4b58-a1df-947a3aa7cd54?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec6f2c0d-4d92-4982-995d-5d8a9866b888": { "id": "ec6f2c0d-4d92-4982-995d-5d8a9866b888", "title": "Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting via 'name'", "software": [ { "type": "plugin", "name": "Custom Global Variables", "slug": "custom-global-variables", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec6f2c0d-4d92-4982-995d-5d8a9866b888?source=api-scan" ], "published": "2021-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec7649da-5358-4fe2-8706-b945bba02c93": { "id": "ec7649da-5358-4fe2-8706-b945bba02c93", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec7649da-5358-4fe2-8706-b945bba02c93?source=api-scan" ], "published": "2024-06-04 20:15:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec7b77d8-490e-4eaf-a9df-54de63f128d4": { "id": "ec7b77d8-490e-4eaf-a9df-54de63f128d4", "title": "E Unlocked - Student Result <= 1.0.4 - Cross-Site Request Forgery to Arbitrary File Upload", "software": [ { "type": "plugin", "name": "E Unlocked \u2013 Student Result", "slug": "e-unlocked-student-result", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec7b77d8-490e-4eaf-a9df-54de63f128d4?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8": { "id": "ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8", "title": "WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta", "software": [ { "type": "plugin", "name": "WPCOM Member", "slug": "wpcom-member", "affected_versions": { "* - 1.5.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8?source=api-scan" ], "published": "2024-09-06 01:15:44", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec83bf1f-a2da-4ecf-8d82-9a555c751073": { "id": "ec83bf1f-a2da-4ecf-8d82-9a555c751073", "title": "Tutor LMS <=1.8.2 - SQL Injection via tutor_answering_quiz_question\/get_answer_by_id", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "[*, 1.8.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec83bf1f-a2da-4ecf-8d82-9a555c751073?source=api-scan" ], "published": "2021-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec860ad9-7054-4ed2-a8f2-6589e4db36cd": { "id": "ec860ad9-7054-4ed2-a8f2-6589e4db36cd", "title": "wp tell a friend popup form <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp tell a friend popup form", "slug": "wp-tell-a-friend-popup-form", "affected_versions": { "* - 7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec860ad9-7054-4ed2-a8f2-6589e4db36cd?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec864830-2c8b-4ae4-9c45-3624d0be7d24": { "id": "ec864830-2c8b-4ae4-9c45-3624d0be7d24", "title": "Disqus Comment System < 2.68 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Disqus Comment System", "slug": "disqus-comment-system", "affected_versions": { "[*, 2.68)": { "from_version": "*", "from_inclusive": true, "to_version": "2.68", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.68" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec864830-2c8b-4ae4-9c45-3624d0be7d24?source=api-scan" ], "published": "2011-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec882062-0059-47ca-a007-3347e7adb70b": { "id": "ec882062-0059-47ca-a007-3347e7adb70b", "title": "WP Mailto Links \u2013 Protect Email Addresses <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Mailto Links \u2013 Protect Email Addresses", "slug": "wp-mailto-links", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec882062-0059-47ca-a007-3347e7adb70b?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec894433-53c8-4d04-bb8a-92c66cbd2ce7": { "id": "ec894433-53c8-4d04-bb8a-92c66cbd2ce7", "title": "Google Language Translator <= 6.0.20 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "Translate WordPress \u2013 Google Language Translator", "slug": "google-language-translator", "affected_versions": { "[*, 6.0.20)": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.0.20" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec894433-53c8-4d04-bb8a-92c66cbd2ce7?source=api-scan" ], "published": "2023-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec8ad817-9716-4d29-a02a-57eb9aa58a13": { "id": "ec8ad817-9716-4d29-a02a-57eb9aa58a13", "title": "WordPress Core <= 1.2 - HTTP Response Splitting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec8ad817-9716-4d29-a02a-57eb9aa58a13?source=api-scan" ], "published": "2004-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec9029a3-be05-469a-a8e2-20987a4a4ad9": { "id": "ec9029a3-be05-469a-a8e2-20987a4a4ad9", "title": "Nested Pages <= 3.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nested Pages", "slug": "wp-nested-pages", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec9029a3-be05-469a-a8e2-20987a4a4ad9?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec93f360-2eed-4858-b36f-8cc17f7b4ac1": { "id": "ec93f360-2eed-4858-b36f-8cc17f7b4ac1", "title": "Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Remote Content Shortcode", "slug": "remote-content-shortcode", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec93f360-2eed-4858-b36f-8cc17f7b4ac1?source=api-scan" ], "published": "2024-07-31 15:49:57", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ec9cd4a8-286e-43d7-8cb6-6cc363800e20": { "id": "ec9cd4a8-286e-43d7-8cb6-6cc363800e20", "title": "MailerLite Signup Forms < 1.4.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "MailerLite \u2013 Signup forms (official)", "slug": "official-mailerlite-sign-up-forms", "affected_versions": { "[*, 1.4.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ec9cd4a8-286e-43d7-8cb6-6cc363800e20?source=api-scan" ], "published": "2020-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eca703ec-645c-4d12-ae57-75db14e08f3e": { "id": "eca703ec-645c-4d12-ae57-75db14e08f3e", "title": "Essential Blocks for Gutenberg <= 4.2.0 - Incorrect Authorization Checks", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eca703ec-645c-4d12-ae57-75db14e08f3e?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecaa02bf-62be-4f1d-af31-96afc72a830d": { "id": "ecaa02bf-62be-4f1d-af31-96afc72a830d", "title": "Gixaw Chat <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gixaw Chat", "slug": "gixaw-chat", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecaa02bf-62be-4f1d-af31-96afc72a830d?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecad5438-8992-454c-bdc8-fac7635c1024": { "id": "ecad5438-8992-454c-bdc8-fac7635c1024", "title": "BetterDocs <= 3.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg", "slug": "betterdocs", "affected_versions": { "* - 3.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecad5438-8992-454c-bdc8-fac7635c1024?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecae113c-c66a-4f27-bf81-6679a4717ff8": { "id": "ecae113c-c66a-4f27-bf81-6679a4717ff8", "title": "affiliate-toolkit <= 3.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via ratings", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecae113c-c66a-4f27-bf81-6679a4717ff8?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecb40bc2-aff5-4ced-8ded-1505d7b9db45": { "id": "ecb40bc2-aff5-4ced-8ded-1505d7b9db45", "title": "Contact Form DB <= 2.8.26 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form DB", "slug": "contact-form-7-to-database-extension", "affected_versions": { "* - 2.8.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecb40bc2-aff5-4ced-8ded-1505d7b9db45?source=api-scan" ], "published": "2015-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecb86ea6-2aca-4f7c-be81-a572b53b7953": { "id": "ecb86ea6-2aca-4f7c-be81-a572b53b7953", "title": "WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecb86ea6-2aca-4f7c-be81-a572b53b7953?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecbb40a5-3e33-4084-a19b-daf014ce68c8": { "id": "ecbb40a5-3e33-4084-a19b-daf014ce68c8", "title": "Affiliates Manager <= 2.9.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Affiliates Manager", "slug": "affiliates-manager", "affected_versions": { "* - 2.9.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecbb40a5-3e33-4084-a19b-daf014ce68c8?source=api-scan" ], "published": "2022-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecbbe9f0-bf6c-4153-9843-8ae7713adef9": { "id": "ecbbe9f0-bf6c-4153-9843-8ae7713adef9", "title": "Nested Pages <= 3.1.15 - Cross-Site Request Forgery to Arbitrary Post Deletion and Modification", "software": [ { "type": "plugin", "name": "Nested Pages", "slug": "wp-nested-pages", "affected_versions": { "* - 3.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecbbe9f0-bf6c-4153-9843-8ae7713adef9?source=api-scan" ], "published": "2021-08-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecc00cbc-ec65-4664-8ec6-8cfb47196ec1": { "id": "ecc00cbc-ec65-4664-8ec6-8cfb47196ec1", "title": "WPPizza <= 3.18.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "WPPizza \u2013 A Restaurant Plugin", "slug": "wppizza", "affected_versions": { "* - 3.18.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.18.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.18.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecc00cbc-ec65-4664-8ec6-8cfb47196ec1?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecc59a6f-5e4a-44b4-932d-ed990ebb075a": { "id": "ecc59a6f-5e4a-44b4-932d-ed990ebb075a", "title": "Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Media Library Assistant", "slug": "media-library-assistant", "affected_versions": { "* - 3.05": { "from_version": "*", "from_inclusive": true, "to_version": "3.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.06" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecc59a6f-5e4a-44b4-932d-ed990ebb075a?source=api-scan" ], "published": "2023-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecc5a17e-c716-48bd-9b4d-49d870ae6bf3": { "id": "ecc5a17e-c716-48bd-9b4d-49d870ae6bf3", "title": "Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.10.27": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.10.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=api-scan" ], "published": "2024-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecc8996a-d95c-4711-ac7d-523f5100c7fc": { "id": "ecc8996a-d95c-4711-ac7d-523f5100c7fc", "title": "Elementor Pro <= 3.19.2 - Authenticated (Contributor+) Information Exposure", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.19.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecc8996a-d95c-4711-ac7d-523f5100c7fc?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eccc47cb-9078-405b-9b09-2e14e72ee005": { "id": "eccc47cb-9078-405b-9b09-2e14e72ee005", "title": "Import XML and RSS Feeds <= 2.0.2 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Import XML and RSS Feeds", "slug": "import-xml-feed", "affected_versions": { "[*, 2.0.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eccc47cb-9078-405b-9b09-2e14e72ee005?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecd01ea6-9476-47e1-9959-3f8d9ce1c1f3": { "id": "ecd01ea6-9476-47e1-9959-3f8d9ce1c1f3", "title": "Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload", "software": [ { "type": "plugin", "name": "Elementor Website Builder Pro", "slug": "elementor-pro", "affected_versions": { "* - 3.20.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.20.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.20.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecd01ea6-9476-47e1-9959-3f8d9ce1c1f3?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecd35d5a-5270-4132-bc62-d75da5141313": { "id": "ecd35d5a-5270-4132-bc62-d75da5141313", "title": "Floating Social Media Links < 1.4.3 - Remote File Inclusion via fsml-admin.js.php wpp parameter", "software": [ { "type": "plugin", "name": "Floating Social Media Links", "slug": "floating-social-media-links", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecd35d5a-5270-4132-bc62-d75da5141313?source=api-scan" ], "published": "2012-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecd504ad-8812-46ec-be18-e98d05982312": { "id": "ecd504ad-8812-46ec-be18-e98d05982312", "title": "Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales <= 1.0.13 - Cross-Site Request Forgery via send_email", "software": [ { "type": "plugin", "name": "Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales", "slug": "woo-thank-you-page-customizer", "affected_versions": { "* - 1.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecd504ad-8812-46ec-be18-e98d05982312?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecd68933-e808-4816-b9d2-7491194f2347": { "id": "ecd68933-e808-4816-b9d2-7491194f2347", "title": "Stream <= 3.0.5 - Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "Stream", "slug": "stream", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecd68933-e808-4816-b9d2-7491194f2347?source=api-scan" ], "published": "2016-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecd8a81b-b1db-411b-90f4-2a7de3a3ca27": { "id": "ecd8a81b-b1db-411b-90f4-2a7de3a3ca27", "title": "Mega Elements <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mega Elements \u2013 Addons for Elementor", "slug": "mega-elements-addons-for-elementor", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecd8a81b-b1db-411b-90f4-2a7de3a3ca27?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecd9800e-ce0f-45f3-bb66-3690c51d885b": { "id": "ecd9800e-ce0f-45f3-bb66-3690c51d885b", "title": "Newsletter - API v1 and v2 addon for Newsletter <= 2.4.5 - Missing Authorization to Email Subscribers Management", "software": [ { "type": "plugin", "name": "Newsletter - API v1 and v2 addon for Newsletter", "slug": "newsletter-api", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecd9800e-ce0f-45f3-bb66-3690c51d885b?source=api-scan" ], "published": "2024-06-11 22:11:42", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecdcad88-c926-490f-8e83-09d92ba080f8": { "id": "ecdcad88-c926-490f-8e83-09d92ba080f8", "title": "WordPress Core < 5.0.1 Reflected Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.27": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.27", "to_inclusive": true }, "3.8 - 3.8.27": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.27", "to_inclusive": true }, "3.9 - 3.9.25": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.25", "to_inclusive": true }, "4.0 - 4.0.24": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.24", "to_inclusive": true }, "4.1 - 4.1.24": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.24", "to_inclusive": true }, "4.2 - 4.2.21": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true }, "4.3 - 4.3.17": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.17", "to_inclusive": true }, "4.4 - 4.4.16": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.16", "to_inclusive": true }, "4.5 - 4.5.15": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.15", "to_inclusive": true }, "4.6 - 4.6.12": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true }, "4.7 - 4.7.11": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.11", "to_inclusive": true }, "4.8 - 4.8.7": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.7", "to_inclusive": true }, "4.9 - 4.9.8": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.8", "to_inclusive": true }, "5.0": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.28", "3.8.28", "3.9.26", "4.0.25", "4.1.25", "4.2.22", "4.3.18", "4.4.17", "4.5.16", "4.6.13", "4.7.12", "4.8.8", "4.9.9", "5.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecdcad88-c926-490f-8e83-09d92ba080f8?source=api-scan" ], "published": "2018-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecde34f7-4624-4361-8d95-56fd4b08b476": { "id": "ecde34f7-4624-4361-8d95-56fd4b08b476", "title": "Minimal Coming Soon \u2013 Coming Soon Page <= 2.33 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Minimal Coming Soon \u2013 Coming Soon Page", "slug": "minimal-coming-soon-maintenance-mode", "affected_versions": { "* - 2.34": { "from_version": "*", "from_inclusive": true, "to_version": "2.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecde34f7-4624-4361-8d95-56fd4b08b476?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecdfb19e-ef3a-4c5a-96a5-4c9ce3dca3a6": { "id": "ecdfb19e-ef3a-4c5a-96a5-4c9ce3dca3a6", "title": "MyCSS <= 1.1 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "MyCSS", "slug": "mycss", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecdfb19e-ef3a-4c5a-96a5-4c9ce3dca3a6?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ece4eca1-9dc1-4f17-92e4-8b2e3e1a7306": { "id": "ece4eca1-9dc1-4f17-92e4-8b2e3e1a7306", "title": "Ultimate Addons for WPBakery <= 3.19.17 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Addons for WPBakery", "slug": "Ultimate_VC_Addons", "affected_versions": { "* - 3.19.17": { "from_version": "*", "from_inclusive": true, "to_version": "3.19.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.19.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ece4eca1-9dc1-4f17-92e4-8b2e3e1a7306?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ece7810c-a65d-421e-ad16-03e51eafeeb6": { "id": "ece7810c-a65d-421e-ad16-03e51eafeeb6", "title": "Uncanny Toolkit Pro for LearnDash <= 4.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Uncanny Toolkit Pro for LearnDash", "slug": "uncanny-toolkit-pro", "affected_versions": { "* - 4.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ece7810c-a65d-421e-ad16-03e51eafeeb6?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ece9e89c-99d5-446d-a189-21848d75c273": { "id": "ece9e89c-99d5-446d-a189-21848d75c273", "title": "Point <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Point", "slug": "point", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ece9e89c-99d5-446d-a189-21848d75c273?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecec3eb4-04db-47af-974f-bacc530a7c70": { "id": "ecec3eb4-04db-47af-974f-bacc530a7c70", "title": "Adding drop down roles in registration <= 1.1 - Unauthenticated Privilege Escalation", "software": [ { "type": "plugin", "name": "Adding drop down roles in registration", "slug": "user-drop-down-roles-in-registration", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecec3eb4-04db-47af-974f-bacc530a7c70?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ececa0ea-3d44-4b1b-b962-809a8b24c890": { "id": "ececa0ea-3d44-4b1b-b962-809a8b24c890", "title": "Quiz And Survey Master <= 4.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "[*, 4.7.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ececa0ea-3d44-4b1b-b962-809a8b24c890?source=api-scan" ], "published": "2016-12-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecf1ce11-58cd-459c-ab9e-6ac40535fabd": { "id": "ecf1ce11-58cd-459c-ab9e-6ac40535fabd", "title": "WP Page Builder <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Page Builder", "slug": "wp-pagebuilder", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecf1ce11-58cd-459c-ab9e-6ac40535fabd?source=api-scan" ], "published": "2022-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecf1dfb2-8140-45c0-b75c-10d1c1fdc07a": { "id": "ecf1dfb2-8140-45c0-b75c-10d1c1fdc07a", "title": "ARForms Form Builder <= 1.6.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form, Survey, Quiz & Popup Form Builder \u2013 ARForms", "slug": "arforms-form-builder", "affected_versions": { "* - 1.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecf1dfb2-8140-45c0-b75c-10d1c1fdc07a?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecf36533-1dd1-43d7-b12e-7b425c13530a": { "id": "ecf36533-1dd1-43d7-b12e-7b425c13530a", "title": "Login by Auth0 <= 3.11.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Login by Auth0", "slug": "auth0", "affected_versions": { "* - 3.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecf36533-1dd1-43d7-b12e-7b425c13530a?source=api-scan" ], "published": "2020-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecf73f3a-5f7b-4ef4-a31a-f282b953f294": { "id": "ecf73f3a-5f7b-4ef4-a31a-f282b953f294", "title": "BulletProof Security < .51.1 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "* - .51": { "from_version": "*", "from_inclusive": true, "to_version": ".51", "to_inclusive": true } }, "patched": true, "patched_versions": [ ".51.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecf73f3a-5f7b-4ef4-a31a-f282b953f294?source=api-scan" ], "published": "2014-11-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecfa530c-a164-4215-b68a-7be81be3fd48": { "id": "ecfa530c-a164-4215-b68a-7be81be3fd48", "title": "ColorWay <= 4.2.3 - Cross Site Request Forgery", "software": [ { "type": "theme", "name": "ColorWay", "slug": "colorway", "affected_versions": { "* - 4.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecfa530c-a164-4215-b68a-7be81be3fd48?source=api-scan" ], "published": "2023-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecfc1466-41d2-498b-8210-c67e8550f5b8": { "id": "ecfc1466-41d2-498b-8210-c67e8550f5b8", "title": "Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecfc1466-41d2-498b-8210-c67e8550f5b8?source=api-scan" ], "published": "2024-08-29 14:38:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecfcbb55-10ba-45d8-9b05-c08d0aeb7675": { "id": "ecfcbb55-10ba-45d8-9b05-c08d0aeb7675", "title": "PeoplePond <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PeoplePond", "slug": "peoplepond", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecfcbb55-10ba-45d8-9b05-c08d0aeb7675?source=api-scan" ], "published": "2024-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecfdd114-b7bb-45bf-84df-a92f10b2fd81": { "id": "ecfdd114-b7bb-45bf-84df-a92f10b2fd81", "title": "Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Google Site Verification plugin using Meta Tag", "slug": "google-site-verification-using-meta-tag", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecfdd114-b7bb-45bf-84df-a92f10b2fd81?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ecfdf7b1-9bb8-4c1d-a00a-ca1e44440cab": { "id": "ecfdf7b1-9bb8-4c1d-a00a-ca1e44440cab", "title": "HUSKY - Products Filter Professional for WooCommerce <= 1.3.6 - Unauthenticated Time-Based SQL Injection", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ecfdf7b1-9bb8-4c1d-a00a-ca1e44440cab?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed037e94-68b4-4efc-9d1a-fffc4aff1c45": { "id": "ed037e94-68b4-4efc-9d1a-fffc4aff1c45", "title": "Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 6.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=api-scan" ], "published": "2024-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed053a6b-4163-4e82-a180-619a7841899a": { "id": "ed053a6b-4163-4e82-a180-619a7841899a", "title": "WP Travel Engine <= 5.7.9 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator Software", "slug": "wp-travel-engine", "affected_versions": { "* - 5.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed053a6b-4163-4e82-a180-619a7841899a?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed0860db-0e1f-4929-90d5-ff2766ba71ad": { "id": "ed0860db-0e1f-4929-90d5-ff2766ba71ad", "title": "WP eCommerce <= 3.9.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP eCommerce", "slug": "wp-e-commerce", "affected_versions": { "* - 3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed0860db-0e1f-4929-90d5-ff2766ba71ad?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed0a37cc-49db-4919-8d0d-cb7739332229": { "id": "ed0a37cc-49db-4919-8d0d-cb7739332229", "title": "Product page shipping calculator for WooCommerce <= 1.3.20 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product page shipping calculator for WooCommerce", "slug": "product-page-shipping-calculator-for-woocommerce", "affected_versions": { "* - 1.3.20": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed0a37cc-49db-4919-8d0d-cb7739332229?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed0a9db6-24bd-48ba-befa-ce537304ab52": { "id": "ed0a9db6-24bd-48ba-befa-ce537304ab52", "title": "Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library For Elementor Builder", "slug": "droit-elementor-addons", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed0a9db6-24bd-48ba-befa-ce537304ab52?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed0e7717-d9ac-4333-8e79-fc030a410dab": { "id": "ed0e7717-d9ac-4333-8e79-fc030a410dab", "title": "CC BMI Calculator <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CC BMI Calculator", "slug": "cc-bmi-calculator", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed0e7717-d9ac-4333-8e79-fc030a410dab?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed117fb8-c13a-4088-aa33-8d44fc5dcf37": { "id": "ed117fb8-c13a-4088-aa33-8d44fc5dcf37", "title": "miniOrange's Google Authenticator <= 5.6.1 - Cross-Site Request Forgery to Malware Scan Termination", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed117fb8-c13a-4088-aa33-8d44fc5dcf37?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed128ef2-0399-4daa-95f6-f5ba74281d89": { "id": "ed128ef2-0399-4daa-95f6-f5ba74281d89", "title": "Plugin for Google Reviews <= 2.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Plugin for Google Reviews", "slug": "widget-google-reviews", "affected_versions": { "* - 2.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed128ef2-0399-4daa-95f6-f5ba74281d89?source=api-scan" ], "published": "2022-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed137706-1313-4bff-882b-13d9fa11498c": { "id": "ed137706-1313-4bff-882b-13d9fa11498c", "title": "WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Quick FrontEnd Editor \u2013 WordPress Plugin", "slug": "wp-quick-front-end-editor", "affected_versions": { "* - 5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed137706-1313-4bff-882b-13d9fa11498c?source=api-scan" ], "published": "2021-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed18e919-eec9-4907-93d4-a95d9a95395b": { "id": "ed18e919-eec9-4907-93d4-a95d9a95395b", "title": "Titan Anti-spam & Security <= 7.3.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "Titan Anti-spam & Security", "slug": "anti-spam", "affected_versions": { "* - 7.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed18e919-eec9-4907-93d4-a95d9a95395b?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed191380-6037-4d59-8db7-cb33136a304e": { "id": "ed191380-6037-4d59-8db7-cb33136a304e", "title": "Ultimate Bootstrap Elements for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Bootstrap Elements for Elementor", "slug": "ultimate-bootstrap-elements-for-elementor", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed191380-6037-4d59-8db7-cb33136a304e?source=api-scan" ], "published": "2024-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed19835f-2718-41d8-95af-47c8b9589529": { "id": "ed19835f-2718-41d8-95af-47c8b9589529", "title": "WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation", "software": [ { "type": "plugin", "name": "WordPress & WooCommerce Affiliate Program", "slug": "wp-wc-affiliate-program", "affected_versions": { "* - 8.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed19835f-2718-41d8-95af-47c8b9589529?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed1aae32-6040-4c42-b8a7-4c3be371a8c0": { "id": "ed1aae32-6040-4c42-b8a7-4c3be371a8c0", "title": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms <= 2.3.41 - Missing Authorization", "software": [ { "type": "plugin", "name": "Contact Form builder with drag & drop for WordPress \u2013 Kali Forms", "slug": "kali-forms", "affected_versions": { "* - 2.3.41": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed1aae32-6040-4c42-b8a7-4c3be371a8c0?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed1f3d5a-9551-421e-8f38-416976a704ba": { "id": "ed1f3d5a-9551-421e-8f38-416976a704ba", "title": "Polls CP <= 1.0.1 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Polls CP", "slug": "cp-polls", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed1f3d5a-9551-421e-8f38-416976a704ba?source=api-scan" ], "published": "2014-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed2511a2-745a-42a9-a78c-96e35b4cb156": { "id": "ed2511a2-745a-42a9-a78c-96e35b4cb156", "title": "The Post Grid <= 7.7.4 - Missing Authorization via REST API", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed2511a2-745a-42a9-a78c-96e35b4cb156?source=api-scan" ], "published": "2024-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed2796b0-0667-451d-9208-272651bc6a4c": { "id": "ed2796b0-0667-451d-9208-272651bc6a4c", "title": "Codestyling Localization <= 1.99.30 - Cross-Site Request Forgery to Remote Code Execution", "software": [ { "type": "plugin", "name": "Codestyling Localization", "slug": "codestyling-localization", "affected_versions": { "* - 1.99.30": { "from_version": "*", "from_inclusive": true, "to_version": "1.99.30", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed2796b0-0667-451d-9208-272651bc6a4c?source=api-scan" ], "published": "2015-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed28fe16-0835-4e94-a30e-305e7ba03740": { "id": "ed28fe16-0835-4e94-a30e-305e7ba03740", "title": "Ultimate Member \u2013 User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-Select", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed28fe16-0835-4e94-a30e-305e7ba03740?source=api-scan" ], "published": "2022-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed2bb3e2-5002-4746-a4f8-b5d1752ccbbf": { "id": "ed2bb3e2-5002-4746-a4f8-b5d1752ccbbf", "title": "Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Opal Membership", "slug": "opal-membership", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed2bb3e2-5002-4746-a4f8-b5d1752ccbbf?source=api-scan" ], "published": "2024-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed3ad791-4d4d-41df-bf14-2aef77d6fecb": { "id": "ed3ad791-4d4d-41df-bf14-2aef77d6fecb", "title": "Nexos - Real Estate WordPress Theme <= 1.7 - SQL Injection", "software": [ { "type": "theme", "name": "Nexos - Real Estate WordPress Theme", "slug": "nexos", "affected_versions": { "[*, 1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed3ad791-4d4d-41df-bf14-2aef77d6fecb?source=api-scan" ], "published": "2020-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed40b50b-7d70-4abf-8895-2bf891124bae": { "id": "ed40b50b-7d70-4abf-8895-2bf891124bae", "title": "Social Slider Widget <= 1.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Slider Feed", "slug": "instagram-slider-widget", "affected_versions": { "[*, 1.8.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed40b50b-7d70-4abf-8895-2bf891124bae?source=api-scan" ], "published": "2021-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed40b874-68e2-49f3-95b0-653600394e78": { "id": "ed40b874-68e2-49f3-95b0-653600394e78", "title": "WordPress Download Manager < 3.1.19 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.1.19)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed40b874-68e2-49f3-95b0-653600394e78?source=api-scan" ], "published": "2021-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed42e29f-d263-43fc-b06e-b7aaaa7622f7": { "id": "ed42e29f-d263-43fc-b06e-b7aaaa7622f7", "title": "eCommerce Product Catalog <= 3.0.71 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eCommerce Product Catalog Plugin for WordPress", "slug": "ecommerce-product-catalog", "affected_versions": { "* - 3.0.71": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed42e29f-d263-43fc-b06e-b7aaaa7622f7?source=api-scan" ], "published": "2022-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed43e0ee-0b0e-4367-ba33-a8f08fafcd33": { "id": "ed43e0ee-0b0e-4367-ba33-a8f08fafcd33", "title": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress <= 4.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form by BestWebSoft \u2013 Advanced Contact Us Form Builder for WordPress", "slug": "contact-form-plugin", "affected_versions": { "[*, 4.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed43e0ee-0b0e-4367-ba33-a8f08fafcd33?source=api-scan" ], "published": "2019-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed488dcd-7400-47ab-a161-47c7caa414c2": { "id": "ed488dcd-7400-47ab-a161-47c7caa414c2", "title": "Jquery Validation For Contact Form 7 <= 5.2 - Cross-Site Request Forgery to Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Jquery Validation For Contact Form 7", "slug": "jquery-validation-for-contact-form-7", "affected_versions": { "* - 5.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed488dcd-7400-47ab-a161-47c7caa414c2?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed494a5a-2edf-43c9-a88a-331448c4e6d7": { "id": "ed494a5a-2edf-43c9-a88a-331448c4e6d7", "title": "BMI Adult & Kid Calculator <= 1.2.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BMI Adult & Kid Calculator", "slug": "bmi-adultkid-calculator", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed494a5a-2edf-43c9-a88a-331448c4e6d7?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed4e1a56-708d-4a12-8153-9568d11fe4d0": { "id": "ed4e1a56-708d-4a12-8153-9568d11fe4d0", "title": "Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.7 - Cross-Site Request Forgery to Settings Chage", "software": [ { "type": "plugin", "name": "Seamless Donations is Sunset", "slug": "seamless-donations", "affected_versions": { "* - 5.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed4e1a56-708d-4a12-8153-9568d11fe4d0?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed507ac7-6732-4315-99dd-0a8636cc9cc3": { "id": "ed507ac7-6732-4315-99dd-0a8636cc9cc3", "title": "Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification", "software": [ { "type": "plugin", "name": "Yumpu E-Paper publishing", "slug": "yumpu-epaper-publishing", "affected_versions": { "* - 2.0.24": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed507ac7-6732-4315-99dd-0a8636cc9cc3?source=api-scan" ], "published": "2024-05-29 15:50:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed5251e7-64d2-4210-9864-144952a49327": { "id": "ed5251e7-64d2-4210-9864-144952a49327", "title": "Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "theme", "name": "Themify Ultra", "slug": "themify-ultra", "affected_versions": { "* - 7.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed5251e7-64d2-4210-9864-144952a49327?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed579468-c998-4bec-b3a5-01d0ff206d35": { "id": "ed579468-c998-4bec-b3a5-01d0ff206d35", "title": "Tutor LMS <= 2.0.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed579468-c998-4bec-b3a5-01d0ff206d35?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed5c433b-eaab-4716-8749-2a5598a1dbb9": { "id": "ed5c433b-eaab-4716-8749-2a5598a1dbb9", "title": "WP EXtra <= 6.2 - Missing Authorization to Export Settings", "software": [ { "type": "plugin", "name": "WP EXtra", "slug": "wp-extra", "affected_versions": { "* - 6.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed5c433b-eaab-4716-8749-2a5598a1dbb9?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed5cf097-1b27-4d20-b7b2-2aa909bce042": { "id": "ed5cf097-1b27-4d20-b7b2-2aa909bce042", "title": "BuddyPress <= 5.1.0 - Denial of Service", "software": [ { "type": "plugin", "name": "BuddyPress", "slug": "buddypress", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed5cf097-1b27-4d20-b7b2-2aa909bce042?source=api-scan" ], "published": "2019-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed5d8b70-eb0e-4e5c-a68a-d9bff493c04c": { "id": "ed5d8b70-eb0e-4e5c-a68a-d9bff493c04c", "title": "Trending < 0.2 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Trending", "slug": "trending", "affected_versions": { "[*, 0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed5d8b70-eb0e-4e5c-a68a-d9bff493c04c?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed61a6b5-5c54-408b-973c-69b0f12d2df5": { "id": "ed61a6b5-5c54-408b-973c-69b0f12d2df5", "title": "Gwolle Guestbook <= 2.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Gwolle Guestbook", "slug": "gwolle-gb", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed61a6b5-5c54-408b-973c-69b0f12d2df5?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e": { "id": "ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e", "title": "Order Tracking Pro <= 3.3.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Order Tracking \u2013 WordPress Status Tracking Plugin", "slug": "order-tracking", "affected_versions": { "* - 3.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed6e0136-f4fa-4739-b02d-b53091991e58": { "id": "ed6e0136-f4fa-4739-b02d-b53091991e58", "title": "WordPress Download Manager <= 3.2.33 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.2.34)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.34", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed6e0136-f4fa-4739-b02d-b53091991e58?source=api-scan" ], "published": "2022-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed6e2b9e-3d70-4c07-a779-45164816b89c": { "id": "ed6e2b9e-3d70-4c07-a779-45164816b89c", "title": "UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed6e2b9e-3d70-4c07-a779-45164816b89c?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed74aebc-9d52-4fac-b308-97765db62d3d": { "id": "ed74aebc-9d52-4fac-b308-97765db62d3d", "title": "FormBuilder <= 0.90 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FormBuilder", "slug": "formbuilder", "affected_versions": { "* - 0.90": { "from_version": "*", "from_inclusive": true, "to_version": "0.90", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed74aebc-9d52-4fac-b308-97765db62d3d?source=api-scan" ], "published": "2012-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed766000-557b-483b-9b86-c1cc6898abb7": { "id": "ed766000-557b-483b-9b86-c1cc6898abb7", "title": "Pretty Link Lite < 1.5.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pretty Link Lite", "slug": "pretty-link-lite", "affected_versions": { "[*, 1.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed766000-557b-483b-9b86-c1cc6898abb7?source=api-scan" ], "published": "2012-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed79e382-acb4-4348-9bc6-b44ec0d75fb5": { "id": "ed79e382-acb4-4348-9bc6-b44ec0d75fb5", "title": "Depicter Slider <= 1.9.0 - Missing Authorization on 'make' function", "software": [ { "type": "plugin", "name": "Slider & Popup Builder by Depicter \u2013 Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", "slug": "depicter", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed79e382-acb4-4348-9bc6-b44ec0d75fb5?source=api-scan" ], "published": "2023-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed82f527-b7af-4466-a977-855f109ed997": { "id": "ed82f527-b7af-4466-a977-855f109ed997", "title": "QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval", "software": [ { "type": "plugin", "name": "QQWorld Auto Save Images", "slug": "qqworld-auto-save-images", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed82f527-b7af-4466-a977-855f109ed997?source=api-scan" ], "published": "2024-05-31 18:47:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed8636bf-229a-42a5-a19c-332679613dd2": { "id": "ed8636bf-229a-42a5-a19c-332679613dd2", "title": "Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Product Carousel Slider & Grid Ultimate for WooCommerce", "slug": "woo-product-carousel-slider-and-grid-ultimate", "affected_versions": { "* - 1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed8636bf-229a-42a5-a19c-332679613dd2?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed866cda-2244-4172-a8bd-63005bbee4fc": { "id": "ed866cda-2244-4172-a8bd-63005bbee4fc", "title": "Feed Them Gallery <= 1.1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feed Them Gallery", "slug": "feed-them-gallery", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed866cda-2244-4172-a8bd-63005bbee4fc?source=api-scan" ], "published": "2019-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed881d06-e652-45ac-8f56-c2db9e403485": { "id": "ed881d06-e652-45ac-8f56-c2db9e403485", "title": "EventPrime < 3.2.0 - Reflected HTML Content Injection", "software": [ { "type": "plugin", "name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", "slug": "eventprime-event-calendar-management", "affected_versions": { "[*, 3.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed881d06-e652-45ac-8f56-c2db9e403485?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed8cd92a-c791-4781-a7bc-9b2a4d559d7d": { "id": "ed8cd92a-c791-4781-a7bc-9b2a4d559d7d", "title": "Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Back To The Top Button", "slug": "back-to-the-top-button", "affected_versions": { "* - 2.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed8cd92a-c791-4781-a7bc-9b2a4d559d7d?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed8f8984-bea6-44aa-9bde-5b40b455767f": { "id": "ed8f8984-bea6-44aa-9bde-5b40b455767f", "title": "WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "* - 2.1.76": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.76", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.77" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed8f8984-bea6-44aa-9bde-5b40b455767f?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed914e67-4cf7-49b1-96be-ed8c604e6dce": { "id": "ed914e67-4cf7-49b1-96be-ed8c604e6dce", "title": "Astra <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name", "software": [ { "type": "theme", "name": "Astra", "slug": "astra", "affected_versions": { "* - 4.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed914e67-4cf7-49b1-96be-ed8c604e6dce?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed98d335-16f9-4be8-bace-06e2b5db4cb9": { "id": "ed98d335-16f9-4be8-bace-06e2b5db4cb9", "title": "Simple Share Follow Button <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Share Follow Button", "slug": "simple-share-follow-button", "affected_versions": { "* - 1.03": { "from_version": "*", "from_inclusive": true, "to_version": "1.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.04" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed98d335-16f9-4be8-bace-06e2b5db4cb9?source=api-scan" ], "published": "2023-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed99a056-42c6-4540-950e-12f8b547b64d": { "id": "ed99a056-42c6-4540-950e-12f8b547b64d", "title": "Doneren met Mollie <= 2.8.4 - Information Disclosure", "software": [ { "type": "plugin", "name": "Doneren met Mollie", "slug": "doneren-met-mollie", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed99a056-42c6-4540-950e-12f8b547b64d?source=api-scan" ], "published": "2021-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed9a6e27-c18f-4edf-b793-16021ebf0a6f": { "id": "ed9a6e27-c18f-4edf-b793-16021ebf0a6f", "title": "WP Live Chat Support < 4.1.0 - JavaScript Code Injection", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "[*, 4.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed9a6e27-c18f-4edf-b793-16021ebf0a6f?source=api-scan" ], "published": "2014-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed9ae337-fd2b-49c1-baac-6540f1152f94": { "id": "ed9ae337-fd2b-49c1-baac-6540f1152f94", "title": "AdRotate < 5.8.4 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "[*, 5.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed9ae337-fd2b-49c1-baac-6540f1152f94?source=api-scan" ], "published": "2020-06-03 01:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed9db9c1-c6b5-459e-9820-ec4ee47b244e": { "id": "ed9db9c1-c6b5-459e-9820-ec4ee47b244e", "title": "tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[]", "software": [ { "type": "plugin", "name": "tagDiv Composer", "slug": "td-composer", "affected_versions": { "* - 5.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed9db9c1-c6b5-459e-9820-ec4ee47b244e?source=api-scan" ], "published": "2024-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ed9f8948-085b-4ac5-befd-c70085aa23cd": { "id": "ed9f8948-085b-4ac5-befd-c70085aa23cd", "title": "Buy Me a Coffee \u2013 Button and Widget Plugin <= 3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Buy Me a Coffee \u2013 Button and Widget Plugin", "slug": "buymeacoffee", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ed9f8948-085b-4ac5-befd-c70085aa23cd?source=api-scan" ], "published": "2023-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eda18b47-1c23-4ef5-9628-d6b5842bca04": { "id": "eda18b47-1c23-4ef5-9628-d6b5842bca04", "title": "WPUpper Share Buttons <= 3.42 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPUpper Share Buttons", "slug": "wpupper-share-buttons", "affected_versions": { "* - 3.42": { "from_version": "*", "from_inclusive": true, "to_version": "3.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eda18b47-1c23-4ef5-9628-d6b5842bca04?source=api-scan" ], "published": "2022-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eda538ef-c053-4347-b345-d5d03db25a01": { "id": "eda538ef-c053-4347-b345-d5d03db25a01", "title": "Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via License Field", "software": [ { "type": "plugin", "name": "Fancy Product Designer", "slug": "fancy-product-designer", "affected_versions": { "[*, 6.1.81)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.81", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.81" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eda538ef-c053-4347-b345-d5d03db25a01?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edacede9-8a31-4d7f-b075-8265e3bbe2d0": { "id": "edacede9-8a31-4d7f-b075-8265e3bbe2d0", "title": "Popup box < 2.3.4 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "[*, 2.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edacede9-8a31-4d7f-b075-8265e3bbe2d0?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edaec73f-25b5-4ace-afef-844eb4143bf2": { "id": "edaec73f-25b5-4ace-afef-844eb4143bf2", "title": "WordPress Gallery Plugin \u2013 NextGEN Gallery <= 3.38 - Authenticated (Admin+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 3.38": { "from_version": "*", "from_inclusive": true, "to_version": "3.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edaec73f-25b5-4ace-afef-844eb4143bf2?source=api-scan" ], "published": "2023-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edafc213-a95f-483e-ac5f-d5b56817d046": { "id": "edafc213-a95f-483e-ac5f-d5b56817d046", "title": "Groundhogg <= 2.7.11.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data", "software": [ { "type": "plugin", "name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", "slug": "groundhogg", "affected_versions": { "* - 2.7.11.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.11.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.11.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edafc213-a95f-483e-ac5f-d5b56817d046?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edb34ad0-352e-462e-a7f1-64a804a760ed": { "id": "edb34ad0-352e-462e-a7f1-64a804a760ed", "title": "Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal", "software": [ { "type": "theme", "name": "Intrace", "slug": "intrace", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "theme", "name": "Travey", "slug": "travey", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] }, { "type": "theme", "name": "Startupzy", "slug": "startupzy", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] }, { "type": "theme", "name": "Zeever", "slug": "zeever", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "theme", "name": "Photology", "slug": "photology", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] }, { "type": "theme", "name": "Accountra", "slug": "accountra", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edb4f4b7-a59c-454b-82b5-d8e91c1c82a3": { "id": "edb4f4b7-a59c-454b-82b5-d8e91c1c82a3", "title": "ARI Stream Quiz <= 1.2.32 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARI Stream Quiz \u2013 WordPress Quizzes Builder", "slug": "ari-stream-quiz", "affected_versions": { "* - 1.2.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edb4f4b7-a59c-454b-82b5-d8e91c1c82a3?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edb65eb7-f1d5-495c-84ee-1b9b2cc45a24": { "id": "edb65eb7-f1d5-495c-84ee-1b9b2cc45a24", "title": "Packlink PRO shipping module <= 3.4.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Packlink PRO shipping module", "slug": "packlink-pro-shipping", "affected_versions": { "* - 3.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edb65eb7-f1d5-495c-84ee-1b9b2cc45a24?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edb8505b-3caa-4ccf-b0fc-69264f95b7ca": { "id": "edb8505b-3caa-4ccf-b0fc-69264f95b7ca", "title": "Swift Framework < 2024.04.30 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Swift Framework", "slug": "socialdriver-framework", "affected_versions": { "[*, 2024.04.30)": { "from_version": "*", "from_inclusive": true, "to_version": "2024.04.30", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2024.04.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edb8505b-3caa-4ccf-b0fc-69264f95b7ca?source=api-scan" ], "published": "2024-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edc0d90f-41a7-430a-a994-57be7fba8753": { "id": "edc0d90f-41a7-430a-a994-57be7fba8753", "title": "WordPress Core < 2.6.2 - Cryptographic Weakness", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edc0d90f-41a7-430a-a994-57be7fba8753?source=api-scan" ], "published": "2008-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edc35f8c-f916-433e-9d3f-4992e8c9d7cd": { "id": "edc35f8c-f916-433e-9d3f-4992e8c9d7cd", "title": "WP Bannerize Pro <= 1.6.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Bannerize Pro", "slug": "wp-bannerize-pro", "affected_versions": { "* - 1.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edc35f8c-f916-433e-9d3f-4992e8c9d7cd?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edcc23e0-075a-47e6-979d-7e75eed4337d": { "id": "edcc23e0-075a-47e6-979d-7e75eed4337d", "title": "Ultimate Product Catalog <= 4.2.21 - Authorization Bypass and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "* - 4.2.21": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edcc23e0-075a-47e6-979d-7e75eed4337d?source=api-scan" ], "published": "2017-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edcc51f8-bf79-453a-aa4d-5d1d491316eb": { "id": "edcc51f8-bf79-453a-aa4d-5d1d491316eb", "title": "StatCounter <= 2.0.6 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "StatCounter \u2013 Free Real Time Visitor Stats", "slug": "official-statcounter-plugin-for-wordpress", "affected_versions": { "[*, 2.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edcc51f8-bf79-453a-aa4d-5d1d491316eb?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edcf46b6-368e-49c0-b2c3-99bf6e2d358f": { "id": "edcf46b6-368e-49c0-b2c3-99bf6e2d358f", "title": "WordPress Core < 6.2.1 - Directory Traversal", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 4.1.38)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.38", "to_inclusive": false }, "[4.2, 4.2.35)": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.35", "to_inclusive": false }, "[4.3, 4.3.31)": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.31", "to_inclusive": false }, "[4.4, 4.4.30)": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.30", "to_inclusive": false }, "[4.5, 4.5.29)": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.29", "to_inclusive": false }, "[4.6, 4.6.26)": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.26", "to_inclusive": false }, "[4.7, 4.7.26)": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.26", "to_inclusive": false }, "[4.8, 4.8.22)": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.22", "to_inclusive": false }, "[4.9, 4.9.23)": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.23", "to_inclusive": false }, "[5.0, 5.0.19)": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.19", "to_inclusive": false }, "[5.1, 5.1.16)": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.16", "to_inclusive": false }, "[5.2, 5.2.18)": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.18", "to_inclusive": false }, "[5.3, 5.3.15)": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.15", "to_inclusive": false }, "[5.4, 5.4.13)": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.13", "to_inclusive": false }, "[5.5, 5.5.12)": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.12", "to_inclusive": false }, "[5.6, 5.6.11)": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.11", "to_inclusive": false }, "[5.7, 5.7.9)": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.9", "to_inclusive": false }, "[5.8, 5.8.7)": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.7", "to_inclusive": false }, "[5.9, 5.9.6)": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.6", "to_inclusive": false }, "[6.0, 6.0.4)": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.4", "to_inclusive": false }, "[6.1, 6.1.2)": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": false }, "[6.2, 6.2.1)": { "from_version": "6.2", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.38", "4.2.35", "4.3.31", "4.4.30", "4.5.29", "4.6.26", "4.7.26", "4.8.22", "4.9.23", "5.0.19", "5.1.16", "5.2.18", "5.3.15", "5.4.13", "5.5.12", "5.6.11", "5.7.9", "5.8.7", "5.9.6", "6.0.4", "6.1.2", "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=api-scan" ], "published": "2023-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edd1396b-02f6-4292-82df-76c5eeecfe20": { "id": "edd1396b-02f6-4292-82df-76c5eeecfe20", "title": "Facebook Chat Plugin <= 1.2 - Cross-Site Request Forgery to Site Settings Changes", "software": [ { "type": "plugin", "name": "Facebook Chat Plugin \u2013 Live Chat Plugin for WordPress", "slug": "facebook-messenger-customer-chat", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edd1396b-02f6-4292-82df-76c5eeecfe20?source=api-scan" ], "published": "2019-06-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edd1b549-0975-446d-8ff8-770dbc957f92": { "id": "edd1b549-0975-446d-8ff8-770dbc957f92", "title": "The Plus Addons for Elementor - Pro <= 5.0.6 - SQL Injection", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor Page Builder", "slug": "theplus_elementor_addon", "affected_versions": { "[*, 5.0.7)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edd1b549-0975-446d-8ff8-770dbc957f92?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edd1f4f9-c0d7-4b7b-bb5e-7388e0935e32": { "id": "edd1f4f9-c0d7-4b7b-bb5e-7388e0935e32", "title": "ColorWay <= 3.4.1 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "ColorWay", "slug": "colorway", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edd1f4f9-c0d7-4b7b-bb5e-7388e0935e32?source=api-scan" ], "published": "2016-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edd7f442-32a1-4ce9-bf47-96f313a8d5df": { "id": "edd7f442-32a1-4ce9-bf47-96f313a8d5df", "title": "Wicked Folders <= 2.18.9 - Subscriber+ SQL Injection", "software": [ { "type": "plugin", "name": "Wicked Folders", "slug": "wicked-folders", "affected_versions": { "* - 2.18.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edd7f442-32a1-4ce9-bf47-96f313a8d5df?source=api-scan" ], "published": "2021-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eddce6e0-2ea7-4980-97a7-857b2e1e3b69": { "id": "eddce6e0-2ea7-4980-97a7-857b2e1e3b69", "title": "authLdap <= 2.5.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "authLdap", "slug": "authldap", "affected_versions": { "* - 2.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eddce6e0-2ea7-4980-97a7-857b2e1e3b69?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ede4b8ad-3c12-4ed8-9eda-806afa580bad": { "id": "ede4b8ad-3c12-4ed8-9eda-806afa580bad", "title": "WooODT Lite <= 2.4.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WooODT Lite \u2013 Delivery & pickup date time location for WooCommerce", "slug": "byconsole-woo-order-delivery-time", "affected_versions": { "* - 2.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ede4b8ad-3c12-4ed8-9eda-806afa580bad?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ede6c4d1-e4bd-44c0-a66a-fffc0e1b22f6": { "id": "ede6c4d1-e4bd-44c0-a66a-fffc0e1b22f6", "title": "Gallery Photoblocks <= 1.1.40 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery PhotoBlocks", "slug": "photoblocks-grid-gallery", "affected_versions": { "* - 1.1.40": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ede6c4d1-e4bd-44c0-a66a-fffc0e1b22f6?source=api-scan" ], "published": "2019-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edecb27b-ff11-4186-b8a8-41a85e3e2023": { "id": "edecb27b-ff11-4186-b8a8-41a85e3e2023", "title": "Accept Stripe Payments < 2.0.40 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Accept Stripe Payments", "slug": "stripe-payments", "affected_versions": { "[*, 2.0.40)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.40", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edecb27b-ff11-4186-b8a8-41a85e3e2023?source=api-scan" ], "published": "2021-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edf0760c-356a-4c55-9ccc-9f086dae12b6": { "id": "edf0760c-356a-4c55-9ccc-9f086dae12b6", "title": "Casso \u2013 T\u1ef1 \u0111\u1ed9ng x\u00e1c nh\u1eadn thanh to\u00e1n chuy\u1ec3n kho\u1ea3n ng\u00e2n h\u00e0ng <= 2.8.6 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Casso \u2013 T\u1ef1 \u0111\u1ed9ng x\u00e1c nh\u1eadn thanh to\u00e1n chuy\u1ec3n kho\u1ea3n ng\u00e2n h\u00e0ng", "slug": "casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edf0760c-356a-4c55-9ccc-9f086dae12b6?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "edf2e060-5ae4-4b46-bc68-22ae5f516fe8": { "id": "edf2e060-5ae4-4b46-bc68-22ae5f516fe8", "title": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via content Parameter", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/edf2e060-5ae4-4b46-bc68-22ae5f516fe8?source=api-scan" ], "published": "2024-09-09 19:11:12", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee013d3f-18bc-418e-ab5b-87724710f340": { "id": "ee013d3f-18bc-418e-ab5b-87724710f340", "title": "Onclick Show Popup <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Onclick show popup", "slug": "onclick-show-popup", "affected_versions": { "* - 8.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee013d3f-18bc-418e-ab5b-87724710f340?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee01dab6-8e10-43aa-bc20-1f389f1e7d07": { "id": "ee01dab6-8e10-43aa-bc20-1f389f1e7d07", "title": "WordPress Core < 3.1.3 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee01dab6-8e10-43aa-bc20-1f389f1e7d07?source=api-scan" ], "published": "2011-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee03ca88-97c1-45b0-a9d9-1ed57e124f13": { "id": "ee03ca88-97c1-45b0-a9d9-1ed57e124f13", "title": "WP Limit Posts Automatically <= 0.7 - Cross-Site Request Forgery leading to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-limit-posts-automatically", "slug": "wp-limit-posts-automatically", "affected_versions": { "* - 0.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee03ca88-97c1-45b0-a9d9-1ed57e124f13?source=api-scan" ], "published": "2014-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee03d780-076b-4501-a353-376198a4bd7b": { "id": "ee03d780-076b-4501-a353-376198a4bd7b", "title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode", "software": [ { "type": "plugin", "name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate", "slug": "shortcodes-ultimate", "affected_versions": { "* - 7.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee03d780-076b-4501-a353-376198a4bd7b?source=api-scan" ], "published": "2024-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee069cb3-370e-48ea-aa35-c30fe83c2498": { "id": "ee069cb3-370e-48ea-aa35-c30fe83c2498", "title": "Oxygen Builder <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field", "software": [ { "type": "plugin", "name": "Oxygen Builder", "slug": "oxygenbuilder", "affected_versions": { "* - 4.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee069cb3-370e-48ea-aa35-c30fe83c2498?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee11d9e5-64d5-49b4-b5f5-b76605250028": { "id": "ee11d9e5-64d5-49b4-b5f5-b76605250028", "title": "GeoDirectory <= 2.2.19 - CSV Injection", "software": [ { "type": "plugin", "name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory", "slug": "geodirectory", "affected_versions": { "* - 2.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee11d9e5-64d5-49b4-b5f5-b76605250028?source=api-scan" ], "published": "2022-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee13399f-0fc9-40f3-93f5-34c913d54aa0": { "id": "ee13399f-0fc9-40f3-93f5-34c913d54aa0", "title": "Front End Users <= 3.2.24 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Front End Users", "slug": "front-end-only-users", "affected_versions": { "* - 3.2.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee13399f-0fc9-40f3-93f5-34c913d54aa0?source=api-scan" ], "published": "2023-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee13ee9a-dd53-4124-a7e9-679afe362f58": { "id": "ee13ee9a-dd53-4124-a7e9-679afe362f58", "title": "Elfsight Instagram Widget \u2013 Instagram Gallery < 1.1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elfsight Instagram Widget \u2013 Instagram Gallery", "slug": "instalinker", "affected_versions": { "[*, 1.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee13ee9a-dd53-4124-a7e9-679afe362f58?source=api-scan" ], "published": "2016-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee1a3105-ebb2-44ce-bbbe-3ab95d69670a": { "id": "ee1a3105-ebb2-44ce-bbbe-3ab95d69670a", "title": "Watcheezy Live chat plugin for WordPress <= 2.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watcheezy Live chat plugin for WordPress", "slug": "watcheezy", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee1a3105-ebb2-44ce-bbbe-3ab95d69670a?source=api-scan" ], "published": "2021-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee1aab28-e9db-4010-ad46-ad4aec1d5dab": { "id": "ee1aab28-e9db-4010-ad46-ad4aec1d5dab", "title": "WP Image Zoom <= 1.46 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Image Zoom", "slug": "wp-image-zoooom", "affected_versions": { "* - 1.46": { "from_version": "*", "from_inclusive": true, "to_version": "1.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.47.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee1aab28-e9db-4010-ad46-ad4aec1d5dab?source=api-scan" ], "published": "2021-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee1b6961-1453-4f59-b03a-ab78b2e3f9d4": { "id": "ee1b6961-1453-4f59-b03a-ab78b2e3f9d4", "title": "Zendesk Chat < 1.2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zendesk Chat", "slug": "zopim-live-chat", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee1b6961-1453-4f59-b03a-ab78b2e3f9d4?source=api-scan" ], "published": "2013-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee1ee4c4-871d-4a3d-8ca6-3675d248d5e8": { "id": "ee1ee4c4-871d-4a3d-8ca6-3675d248d5e8", "title": "Soledad <= 8.2.5 - Missing Authorization", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee1ee4c4-871d-4a3d-8ca6-3675d248d5e8?source=api-scan" ], "published": "2022-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee20726a-b5a8-4778-b5b4-5ea232ca4fc8": { "id": "ee20726a-b5a8-4778-b5b4-5ea232ca4fc8", "title": "Survey Maker < 1.5.6 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "[*, 1.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee20726a-b5a8-4778-b5b4-5ea232ca4fc8?source=api-scan" ], "published": "2021-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee213b2c-b59d-4563-98d1-a26b1e8e13a7": { "id": "ee213b2c-b59d-4563-98d1-a26b1e8e13a7", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee213b2c-b59d-4563-98d1-a26b1e8e13a7?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee23629c-6147-4527-929f-8c932cd7d7a7": { "id": "ee23629c-6147-4527-929f-8c932cd7d7a7", "title": "Filr \u2013 Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Filr \u2013 Secure document library", "slug": "filr-protection", "affected_versions": { "[*, 1.2.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee23629c-6147-4527-929f-8c932cd7d7a7?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee269bc7-2822-4a07-be91-6763c1cf6cf2": { "id": "ee269bc7-2822-4a07-be91-6763c1cf6cf2", "title": "WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Solid Mail \u2013 SMTP email and logging made by SolidWP", "slug": "wp-smtp", "affected_versions": { "1.2 - 1.2.6": { "from_version": "1.2", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee269bc7-2822-4a07-be91-6763c1cf6cf2?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee27a988-6afd-4da7-a750-0af801d7fa15": { "id": "ee27a988-6afd-4da7-a750-0af801d7fa15", "title": "Elementor Website Builder <= 2.8.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee27a988-6afd-4da7-a750-0af801d7fa15?source=api-scan" ], "published": "2020-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee2b4055-8cbd-49b7-bb0b-eddef85060fc": { "id": "ee2b4055-8cbd-49b7-bb0b-eddef85060fc", "title": "HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "HTML filter and csv-file search", "slug": "hk-filter-and-search", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee2b4055-8cbd-49b7-bb0b-eddef85060fc?source=api-scan" ], "published": "2023-10-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee2bbe3a-b1d2-4266-af55-35f60ac52733": { "id": "ee2bbe3a-b1d2-4266-af55-35f60ac52733", "title": "Arabic Font <= 1.2 Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arabic Font", "slug": "arabic-font", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee2bbe3a-b1d2-4266-af55-35f60ac52733?source=api-scan" ], "published": "2017-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee2c5df2-250a-4e35-9219-2630d8d9253a": { "id": "ee2c5df2-250a-4e35-9219-2630d8d9253a", "title": "WordPress Core < 3.1.3 - Clickjacking", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee2c5df2-250a-4e35-9219-2630d8d9253a?source=api-scan" ], "published": "2011-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee3548ca-423f-4e2f-b87b-366200b31777": { "id": "ee3548ca-423f-4e2f-b87b-366200b31777", "title": "Testimonial < 2.3 - Multiple Vulnerabilities", "software": [ { "type": "plugin", "name": "Testimonial", "slug": "indianic-testimonial", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee3548ca-423f-4e2f-b87b-366200b31777?source=api-scan" ], "published": "2013-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee36fec3-1fc1-43e8-8428-301cb4e5b689": { "id": "ee36fec3-1fc1-43e8-8428-301cb4e5b689", "title": "Digitally <= 1.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Digitally", "slug": "digitally", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee36fec3-1fc1-43e8-8428-301cb4e5b689?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee396f94-8934-47db-9bc8-783a2b20f427": { "id": "ee396f94-8934-47db-9bc8-783a2b20f427", "title": "Breadcrumb <= 1.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Breadcrumb", "slug": "breadcrumb", "affected_versions": { "* - 1.5.32": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee396f94-8934-47db-9bc8-783a2b20f427?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee3fdeb2-9e2a-4fe7-aa74-aaf60a74c060": { "id": "ee3fdeb2-9e2a-4fe7-aa74-aaf60a74c060", "title": "WP GDPR <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP GDPR", "slug": "wp-gdpr-core", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee3fdeb2-9e2a-4fe7-aa74-aaf60a74c060?source=api-scan" ], "published": "2020-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee3ff4ee-48d3-4b35-b6c9-320bd42780d6": { "id": "ee3ff4ee-48d3-4b35-b6c9-320bd42780d6", "title": "Wp Limits <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Wp Limits", "slug": "wp-limits", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee3ff4ee-48d3-4b35-b6c9-320bd42780d6?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee4a9dc6-fc0b-4bab-9511-fa0a713800ff": { "id": "ee4a9dc6-fc0b-4bab-9511-fa0a713800ff", "title": "hpb Dashboard <= 1.3.1 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "hpb Dashboard", "slug": "hpbtool", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee4a9dc6-fc0b-4bab-9511-fa0a713800ff?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee4e08e0-25b7-47b2-9ec2-de93afc437a6": { "id": "ee4e08e0-25b7-47b2-9ec2-de93afc437a6", "title": "Events Manager <= 5.5.7.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee4e08e0-25b7-47b2-9ec2-de93afc437a6?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee50731f-696f-4e9f-a930-05b2b23752de": { "id": "ee50731f-696f-4e9f-a930-05b2b23752de", "title": "Cost of Goods for WooCommerce <= 2.8.6 - Cross-Site Request Forgery in save_costs", "software": [ { "type": "plugin", "name": "Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce", "slug": "cost-of-goods-for-woocommerce", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee50731f-696f-4e9f-a930-05b2b23752de?source=api-scan" ], "published": "2023-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee520664-0c1f-4af0-8cdf-a33c1dfaaca7": { "id": "ee520664-0c1f-4af0-8cdf-a33c1dfaaca7", "title": "Rife Elementor Extensions & Templates <= 1.1.10 - Missing Authorization via import_templates", "software": [ { "type": "plugin", "name": "Rife Elementor Extensions & Templates", "slug": "rife-elementor-extensions", "affected_versions": { "* - 1.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee520664-0c1f-4af0-8cdf-a33c1dfaaca7?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee52c6c0-c69e-46c4-9e4b-94aa69c00737": { "id": "ee52c6c0-c69e-46c4-9e4b-94aa69c00737", "title": "Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Google Maps", "slug": "google-maps-easy", "affected_versions": { "* - 1.11.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee52c6c0-c69e-46c4-9e4b-94aa69c00737?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee5737b3-de32-4b5c-a9df-7909ad32ec93": { "id": "ee5737b3-de32-4b5c-a9df-7909ad32ec93", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee5737b3-de32-4b5c-a9df-7909ad32ec93?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee595f48-b72f-4569-a248-7dbd0b9152ae": { "id": "ee595f48-b72f-4569-a248-7dbd0b9152ae", "title": "Easy Form by AYS <= 1.3.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Form by AYS \u2013 Form Builder Plugin for WordPress", "slug": "easy-form", "affected_versions": { "[*, 1.3.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee595f48-b72f-4569-a248-7dbd0b9152ae?source=api-scan" ], "published": "2023-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee5acf1d-e405-4aa6-8355-b5aebbbb1d1d": { "id": "ee5acf1d-e405-4aa6-8355-b5aebbbb1d1d", "title": "WPtouch <= 3.4.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "* - 3.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee5acf1d-e405-4aa6-8355-b5aebbbb1d1d?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee5af42d-71d8-4e65-bd74-55456480da8b": { "id": "ee5af42d-71d8-4e65-bd74-55456480da8b", "title": "WP Image Resizer (Unspecified Version) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Image Resizer", "slug": "wp-image-resizer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee5af42d-71d8-4e65-bd74-55456480da8b?source=api-scan" ], "published": "2013-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee5e1262-193c-480b-bc27-481c961c7c47": { "id": "ee5e1262-193c-480b-bc27-481c961c7c47", "title": "Quick Adsense < 2.8.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Quick Adsense", "slug": "quick-adsense", "affected_versions": { "[*, 2.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee5e1262-193c-480b-bc27-481c961c7c47?source=api-scan" ], "published": "2022-04-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee678085-ce74-4a35-9d90-3b94a3d39a8e": { "id": "ee678085-ce74-4a35-9d90-3b94a3d39a8e", "title": "Ultimate Addons for Elementor < 1.20.1 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Ultimate Addons for Elementor", "slug": "ultimate-elementor", "affected_versions": { "[*, 1.20.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.20.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee678085-ce74-4a35-9d90-3b94a3d39a8e?source=api-scan" ], "published": "2019-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee6f936b-704a-486f-836b-9a1892271bfa": { "id": "ee6f936b-704a-486f-836b-9a1892271bfa", "title": "Woocommerce Addon by Greenshift< 1.9.8 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Woocommerce Addon Greenshift", "slug": "greenshiftwoo", "affected_versions": { "[*, 1.9.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee6f936b-704a-486f-836b-9a1892271bfa?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee702ee5-d1de-4b25-8c2d-f47cc4ad076b": { "id": "ee702ee5-d1de-4b25-8c2d-f47cc4ad076b", "title": "Limit Login Attempts <= 1.7.0 - Brute Force Bypass", "software": [ { "type": "plugin", "name": "Limit Login Attempts", "slug": "limit-login-attempts", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee702ee5-d1de-4b25-8c2d-f47cc4ad076b?source=api-scan" ], "published": "2012-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee725cff-959d-4078-9c2e-2d52bb904ca0": { "id": "ee725cff-959d-4078-9c2e-2d52bb904ca0", "title": "Allow SVG <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Allow SVG", "slug": "allow-svg", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee725cff-959d-4078-9c2e-2d52bb904ca0?source=api-scan" ], "published": "2024-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee7408d2-3cff-4c80-bc07-b0418676e961": { "id": "ee7408d2-3cff-4c80-bc07-b0418676e961", "title": "Tumult Hype Animations <= 1.9.11 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tumult Hype Animations", "slug": "tumult-hype-animations", "affected_versions": { "* - 1.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee7408d2-3cff-4c80-bc07-b0418676e961?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee74d229-499e-4f9a-ad7d-c707f6eeac6e": { "id": "ee74d229-499e-4f9a-ad7d-c707f6eeac6e", "title": "Ninja Forms Contact Form <= 2.9.21 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 2.9.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee74d229-499e-4f9a-ad7d-c707f6eeac6e?source=api-scan" ], "published": "2015-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee7513d9-e76c-4da4-919b-ba376f0c4022": { "id": "ee7513d9-e76c-4da4-919b-ba376f0c4022", "title": "BizLibrary <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BizLibrary", "slug": "bizlibrary", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee7513d9-e76c-4da4-919b-ba376f0c4022?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee78642c-ad2a-4012-94e8-e01f71863791": { "id": "ee78642c-ad2a-4012-94e8-e01f71863791", "title": "wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Status Change", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee78642c-ad2a-4012-94e8-e01f71863791?source=api-scan" ], "published": "2022-09-26 09:03:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee7eb754-27f0-47b0-a82f-4781cfbb0fa6": { "id": "ee7eb754-27f0-47b0-a82f-4781cfbb0fa6", "title": "Neshan Maps <= 1.1.4 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Neshan Maps", "slug": "neshan-maps", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee7eb754-27f0-47b0-a82f-4781cfbb0fa6?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee8436c2-3dda-481c-92b3-cc2ba8fc1993": { "id": "ee8436c2-3dda-481c-92b3-cc2ba8fc1993", "title": "WooCommerce <= 8.9.2 - Authenticated (Shop Manager+) Content Injection", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 8.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee8436c2-3dda-481c-92b3-cc2ba8fc1993?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee862f44-903d-4b1c-9a5c-98e63379d5cb": { "id": "ee862f44-903d-4b1c-9a5c-98e63379d5cb", "title": "WP Menu Cart <= 2.11.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Menu Cart", "slug": "wp-menu-cart", "affected_versions": { "* - 2.11.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee862f44-903d-4b1c-9a5c-98e63379d5cb?source=api-scan" ], "published": "2022-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee8ad691-b598-4eeb-b8a7-645c3bd968ff": { "id": "ee8ad691-b598-4eeb-b8a7-645c3bd968ff", "title": "WP Business intelligence lite < 1.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Business Intelligence Lite", "slug": "wp-business-intelligence-lite", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee8ad691-b598-4eeb-b8a7-645c3bd968ff?source=api-scan" ], "published": "2014-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee8f274b-fe25-4111-94a4-e67dd17dc24b": { "id": "ee8f274b-fe25-4111-94a4-e67dd17dc24b", "title": "WP-Ban < 1.64 - Improper Input Validation", "software": [ { "type": "plugin", "name": "WP-Ban", "slug": "wp-ban", "affected_versions": { "[*, 1.64)": { "from_version": "*", "from_inclusive": true, "to_version": "1.64", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.64" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee8f274b-fe25-4111-94a4-e67dd17dc24b?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee9261c0-927a-4d0b-97e1-b7861e1e0b31": { "id": "ee9261c0-927a-4d0b-97e1-b7861e1e0b31", "title": "uListing <= 2.1.5 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee9261c0-927a-4d0b-97e1-b7861e1e0b31?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ee95976d-6454-466b-96b3-7c33ccc03d41": { "id": "ee95976d-6454-466b-96b3-7c33ccc03d41", "title": "Simple Real Estate Pack <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Real Estate Pack", "slug": "simple-real-estate-pack-4", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ee95976d-6454-466b-96b3-7c33ccc03d41?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eea754db-495a-4518-840e-0eeeeb1c31b9": { "id": "eea754db-495a-4518-840e-0eeeeb1c31b9", "title": "JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JH 404 Logger", "slug": "jh-404-logger", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eea754db-495a-4518-840e-0eeeeb1c31b9?source=api-scan" ], "published": "2021-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eea99e1e-63c9-4021-80a0-1ed732b58ca9": { "id": "eea99e1e-63c9-4021-80a0-1ed732b58ca9", "title": "Wp-ImageZoom < 1.0.5 - Directory Traversal", "software": [ { "type": "plugin", "name": "Wp-ImageZoom", "slug": "wp-imagezoom", "affected_versions": { "[*, 1.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eea99e1e-63c9-4021-80a0-1ed732b58ca9?source=api-scan" ], "published": "2012-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eeabdaae-dc77-4909-9b96-b480ccaa58fb": { "id": "eeabdaae-dc77-4909-9b96-b480ccaa58fb", "title": "FooGallery (Free and Premium) < 2.4.15 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FooGallery Premium", "slug": "foogallery-premium", "affected_versions": { "[*, 2.4.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.15" ] }, { "type": "plugin", "name": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel", "slug": "foogallery", "affected_versions": { "[*, 2.4.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eeabdaae-dc77-4909-9b96-b480ccaa58fb?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eeae2042-ccad-4e4b-a321-8ea58af9d775": { "id": "eeae2042-ccad-4e4b-a321-8ea58af9d775", "title": "WooCommerce \u2013 Store Exporter <= 1.7.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More", "slug": "woocommerce-exporter", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eeae2042-ccad-4e4b-a321-8ea58af9d775?source=api-scan" ], "published": "2014-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eeae71a6-53b2-4eab-82c0-d23cff3f0f7c": { "id": "eeae71a6-53b2-4eab-82c0-d23cff3f0f7c", "title": "Cookie Notice & Compliance for GDPR \/ CCPA <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Notice & Compliance for GDPR \/ CCPA", "slug": "cookie-notice", "affected_versions": { "[*, 2.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eeae71a6-53b2-4eab-82c0-d23cff3f0f7c?source=api-scan" ], "published": "2021-08-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eebc0318-8db3-44b4-ac04-d246db3a10ed": { "id": "eebc0318-8db3-44b4-ac04-d246db3a10ed", "title": "Hotel Booking < 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hotel Booking", "slug": "nd-booking", "affected_versions": { "[*, 3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eebc0318-8db3-44b4-ac04-d246db3a10ed?source=api-scan" ], "published": "2022-05-26 12:29:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eebe1bf7-0366-4226-bcbc-027186136008": { "id": "eebe1bf7-0366-4226-bcbc-027186136008", "title": "Cart Lift \u2013 Abandoned Cart Recovery for WooCommerce and EDD <= 3.1.5 - Reflected Cross-Site Scripting via cart_search", "software": [ { "type": "plugin", "name": "Cart Lift \u2013 Abandoned Cart Recovery for WooCommerce and EDD", "slug": "cart-lift", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eebe1bf7-0366-4226-bcbc-027186136008?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eebe37bf-2983-47c0-afd8-0aa3e7982196": { "id": "eebe37bf-2983-47c0-afd8-0aa3e7982196", "title": "Embed Any Document \u2013 Embed PDF, Word, PowerPoint and Excel Files <= 2.7.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG files", "software": [ { "type": "plugin", "name": "Embed Any Document \u2013 Embed PDF, Word, PowerPoint and Excel Files", "slug": "embed-any-document", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eebe37bf-2983-47c0-afd8-0aa3e7982196?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eebfa8de-8a20-4fac-b43a-f7ae674d9184": { "id": "eebfa8de-8a20-4fac-b43a-f7ae674d9184", "title": "WP-Filebase <= 0.2.9.24 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "WP-Filebase", "slug": "wp-filebase", "affected_versions": { "* - 0.2.9.24": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.9.24", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.9.25" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eebfa8de-8a20-4fac-b43a-f7ae674d9184?source=api-scan" ], "published": "2012-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eec21717-dffa-40c0-90c0-007b568609cc": { "id": "eec21717-dffa-40c0-90c0-007b568609cc", "title": "SEO <= 4.0.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SEO", "slug": "seo-wizard", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eec21717-dffa-40c0-90c0-007b568609cc?source=api-scan" ], "published": "2021-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eec34b6a-aae7-4267-accd-96ebc6b71dd3": { "id": "eec34b6a-aae7-4267-accd-96ebc6b71dd3", "title": "SEO Watcher <= 1.3.3 - Remote Code Execution", "software": [ { "type": "plugin", "name": "seo-watcher", "slug": "seo-watcher", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eec34b6a-aae7-4267-accd-96ebc6b71dd3?source=api-scan" ], "published": "2013-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eecd1497-c94e-4f67-8cc5-72afffe9fae2": { "id": "eecd1497-c94e-4f67-8cc5-72afffe9fae2", "title": "Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Be POPIA Compliant", "slug": "be-popia-compliant", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eecd1497-c94e-4f67-8cc5-72afffe9fae2?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eed6306a-317b-40ed-b7f5-7f930b3509e0": { "id": "eed6306a-317b-40ed-b7f5-7f930b3509e0", "title": "Conference Scheduler <= 2.4.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Conference Scheduler", "slug": "conference-scheduler", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eed6306a-317b-40ed-b7f5-7f930b3509e0?source=api-scan" ], "published": "2022-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eed667d2-e53e-47b9-8012-2b9b46022f3a": { "id": "eed667d2-e53e-47b9-8012-2b9b46022f3a", "title": "Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode", "software": [ { "type": "plugin", "name": "Bold Page Builder", "slug": "bold-page-builder", "affected_versions": { "* - 4.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eed667d2-e53e-47b9-8012-2b9b46022f3a?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eedada2a-5543-46b1-a3d2-5e5b86a05ff9": { "id": "eedada2a-5543-46b1-a3d2-5e5b86a05ff9", "title": "Careerfy - Job Board WordPress Theme <= 3.9.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Careerfy - Job Board WordPress Theme", "slug": "careerfy", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eedada2a-5543-46b1-a3d2-5e5b86a05ff9?source=api-scan" ], "published": "2020-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eedced7b-bda4-4292-8e87-fc3e37e4868b": { "id": "eedced7b-bda4-4292-8e87-fc3e37e4868b", "title": "GamiPress \u2013 Button <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GamiPress \u2013 Button", "slug": "gamipress-button", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eedced7b-bda4-4292-8e87-fc3e37e4868b?source=api-scan" ], "published": "2023-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee04b1d-188a-4b92-a6f3-dfa843ca20d7": { "id": "eee04b1d-188a-4b92-a6f3-dfa843ca20d7", "title": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "* - 3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee04b1d-188a-4b92-a6f3-dfa843ca20d7?source=api-scan" ], "published": "2024-05-14 13:32:23", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee27f2c-bc21-4b0f-9de5-da1035c54857": { "id": "eee27f2c-bc21-4b0f-9de5-da1035c54857", "title": "Awesome Support <= 6.1.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee27f2c-bc21-4b0f-9de5-da1035c54857?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee517de-a47e-47c9-8322-92ce772191b0": { "id": "eee517de-a47e-47c9-8322-92ce772191b0", "title": "Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.9.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee517de-a47e-47c9-8322-92ce772191b0?source=api-scan" ], "published": "2024-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee60ee9-ec48-4c09-9905-edd2dbbcccf3": { "id": "eee60ee9-ec48-4c09-9905-edd2dbbcccf3", "title": "Advanced Booking Calendar <= 1.7.0 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Advanced Booking Calendar", "slug": "advanced-booking-calendar", "affected_versions": { "[*, 1.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee60ee9-ec48-4c09-9905-edd2dbbcccf3?source=api-scan" ], "published": "2022-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee7344d-5459-4558-a557-d8c5935ecc30": { "id": "eee7344d-5459-4558-a557-d8c5935ecc30", "title": "Change Memory Limit <= 1.0 - Missing Authorization via admin_logic()", "software": [ { "type": "plugin", "name": "Change Memory Limit", "slug": "change-memory-limit", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee7344d-5459-4558-a557-d8c5935ecc30?source=api-scan" ], "published": "2024-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee7cad6-7910-4860-add9-c500d1f6eff3": { "id": "eee7cad6-7910-4860-add9-c500d1f6eff3", "title": "Essential Addons for Elementor <= 5.9.26 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.26": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee7cad6-7910-4860-add9-c500d1f6eff3?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee88bc6-b7e3-4eff-afc7-59b9a1cc9d2c": { "id": "eee88bc6-b7e3-4eff-afc7-59b9a1cc9d2c", "title": "Custom Sidebars <= 3.0.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom Sidebars \u2013 Dynamic Sidebar Widget Area Manager", "slug": "custom-sidebars", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee88bc6-b7e3-4eff-afc7-59b9a1cc9d2c?source=api-scan" ], "published": "2017-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee91d95-afdb-45e3-b639-50eb3c46115d": { "id": "eee91d95-afdb-45e3-b639-50eb3c46115d", "title": "Pixabay Images <= 2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pixabay Images", "slug": "pixabay-images", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee91d95-afdb-45e3-b639-50eb3c46115d?source=api-scan" ], "published": "2015-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee9d564-5d52-47fa-a6a5-b908bb64a2ba": { "id": "eee9d564-5d52-47fa-a6a5-b908bb64a2ba", "title": "Clockstone <= 1.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Clockstone", "slug": "clockstone", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee9d564-5d52-47fa-a6a5-b908bb64a2ba?source=api-scan" ], "published": "2012-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eee9e199-00c6-4640-bd7c-e1316e2bba51": { "id": "eee9e199-00c6-4640-bd7c-e1316e2bba51", "title": "Sync WooCommerce Product feed to Google Shopping <= 1.2.4 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Sync WooCommerce Product feed to Google Shopping", "slug": "exportfeed-for-woocommerce-google-product-feed", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eee9e199-00c6-4640-bd7c-e1316e2bba51?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eeeb03f7-5f78-4462-b0b4-5080bbc419a3": { "id": "eeeb03f7-5f78-4462-b0b4-5080bbc419a3", "title": "WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation", "software": [ { "type": "plugin", "name": "WooCommerce Smart Coupons", "slug": "woocommerce-smart-coupons", "affected_versions": { "[*, 4.6.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eeeb03f7-5f78-4462-b0b4-5080bbc419a3?source=api-scan" ], "published": "2020-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eeef2a59-47a1-4d8d-b815-8c74cc608e6c": { "id": "eeef2a59-47a1-4d8d-b815-8c74cc608e6c", "title": "CommentLuv <= 3.0.4 - Server Side Request Forgery via do_click", "software": [ { "type": "plugin", "name": "CommentLuv", "slug": "commentluv", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eeef2a59-47a1-4d8d-b815-8c74cc608e6c?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eef60624-d90c-4e98-9151-3f6eb9cfe0c0": { "id": "eef60624-d90c-4e98-9151-3f6eb9cfe0c0", "title": "affiliate-toolkit <= 3.4.4 - Unauthenticated Sensitive Information Exposure via Logs", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eef60624-d90c-4e98-9151-3f6eb9cfe0c0?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eef7f964-8330-4c57-a5f4-0280853dcf76": { "id": "eef7f964-8330-4c57-a5f4-0280853dcf76", "title": "Internal Link Juicer: SEO Auto Linker for WordPress <= 2.24.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Internal Link Juicer: SEO Auto Linker for WordPress", "slug": "internal-links", "affected_versions": { "* - 2.24.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.24.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.24.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eef7f964-8330-4c57-a5f4-0280853dcf76?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14": { "id": "eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14", "title": "Hash Form \u2013 Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution", "software": [ { "type": "plugin", "name": "Hash Form \u2013 Drag & Drop Form Builder", "slug": "hash-form", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef08c1ad-fc85-4154-8634-21c506436317": { "id": "ef08c1ad-fc85-4154-8634-21c506436317", "title": "Easy Digital Downloads \u2013 QR Codes <= 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads - QR Codes", "slug": "edd-qr-codes", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef08c1ad-fc85-4154-8634-21c506436317?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef0dc868-f617-408f-9333-ebfee4897701": { "id": "ef0dc868-f617-408f-9333-ebfee4897701", "title": "BruteBank - WP Security & Firewall <= 1.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "BruteBank \u2013 WP Security & Firewall", "slug": "brutebank", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef0dc868-f617-408f-9333-ebfee4897701?source=api-scan" ], "published": "2022-12-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef104a10-9e47-420b-aba9-71095870bf4f": { "id": "ef104a10-9e47-420b-aba9-71095870bf4f", "title": "SlimStat-Ex <= 2.1.2 - Arbitrary Code Execution", "software": [ { "type": "plugin", "name": "wp-slimstat-ex", "slug": "wp-slimstat-ex", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef104a10-9e47-420b-aba9-71095870bf4f?source=api-scan" ], "published": "2013-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef1362b5-576d-4d22-ad5d-89f38e8e3743": { "id": "ef1362b5-576d-4d22-ad5d-89f38e8e3743", "title": "Business Card <= 1.0.0 - Cross-Site Request Forgery to Category Deletion", "software": [ { "type": "plugin", "name": "Business Card", "slug": "business-card-by-esterox-100", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef1362b5-576d-4d22-ad5d-89f38e8e3743?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef1468eb-9b98-4d45-b357-70998ba17de7": { "id": "ef1468eb-9b98-4d45-b357-70998ba17de7", "title": "UpdraftCentral Dashboard 0.8.23 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "UpdraftCentral Dashboard", "slug": "updraftcentral", "affected_versions": { "0.8.23": { "from_version": "0.8.23", "from_inclusive": true, "to_version": "0.8.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef1468eb-9b98-4d45-b357-70998ba17de7?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef14c7b4-8cad-4139-a170-42470202ec24": { "id": "ef14c7b4-8cad-4139-a170-42470202ec24", "title": "MOLIE \u2013 Instructure Canvas Linking tool <= 0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MOLIE \u2013 Instructure Canvas Linking tool", "slug": "molie-instructure-canvas-linking-tool", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef14c7b4-8cad-4139-a170-42470202ec24?source=api-scan" ], "published": "2021-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef1aafc2-e47b-49da-8a4e-9111209308c2": { "id": "ef1aafc2-e47b-49da-8a4e-9111209308c2", "title": "LeadSquared Suite <= 0.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "LeadSquared Suite", "slug": "leadsquared-suite", "affected_versions": { "* - 0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef1aafc2-e47b-49da-8a4e-9111209308c2?source=api-scan" ], "published": "2023-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87": { "id": "ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87", "title": "Follow Us Badges <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode", "software": [ { "type": "plugin", "name": "Follow Us Badges", "slug": "wpsite-follow-us-badges", "affected_versions": { "* - 3.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87?source=api-scan" ], "published": "2024-05-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef20b3e6-d8f4-458e-b604-b46ef16e229e": { "id": "ef20b3e6-d8f4-458e-b604-b46ef16e229e", "title": "WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email", "software": [ { "type": "plugin", "name": "WP Mail Logging", "slug": "wp-mail-logging", "affected_versions": { "* - 1.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef20b3e6-d8f4-458e-b604-b46ef16e229e?source=api-scan" ], "published": "2023-06-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef21fae3-65ef-43e8-9792-619dfc4dfda8": { "id": "ef21fae3-65ef-43e8-9792-619dfc4dfda8", "title": "Genesis Blocks <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes", "software": [ { "type": "plugin", "name": "Genesis Blocks", "slug": "genesis-blocks", "affected_versions": { "* - 3.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef21fae3-65ef-43e8-9792-619dfc4dfda8?source=api-scan" ], "published": "2024-07-08 19:44:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef2ac5c8-9e76-40b8-a2a4-8cb4291871f2": { "id": "ef2ac5c8-9e76-40b8-a2a4-8cb4291871f2", "title": "Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Meta", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef2ac5c8-9e76-40b8-a2a4-8cb4291871f2?source=api-scan" ], "published": "2020-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef36a2a1-b3be-4270-8890-76705817b4b5": { "id": "ef36a2a1-b3be-4270-8890-76705817b4b5", "title": "WP Custom Fields Search <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode", "software": [ { "type": "plugin", "name": "WP Custom Fields Search", "slug": "wp-custom-fields-search", "affected_versions": { "* - 1.2.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.35", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef36a2a1-b3be-4270-8890-76705817b4b5?source=api-scan" ], "published": "2024-09-18 15:37:01", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef395956-477c-4970-becd-4f437e4807a3": { "id": "ef395956-477c-4970-becd-4f437e4807a3", "title": "Arconix Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Arconix Shortcodes", "slug": "arconix-shortcodes", "affected_versions": { "* - 2.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef395956-477c-4970-becd-4f437e4807a3?source=api-scan" ], "published": "2024-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef3b11ef-c328-489e-8c12-331621a0327c": { "id": "ef3b11ef-c328-489e-8c12-331621a0327c", "title": "WP Live Chat Support <= 8.0.17 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "3CX Free Live Chat, Calls & WhatsApp", "slug": "wp-live-chat-support", "affected_versions": { "[*, 8.0.18)": { "from_version": "*", "from_inclusive": true, "to_version": "8.0.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "8.0.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef3b11ef-c328-489e-8c12-331621a0327c?source=api-scan" ], "published": "2019-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef4134a1-e2c6-495a-bc00-cc8cd783cd7a": { "id": "ef4134a1-e2c6-495a-bc00-cc8cd783cd7a", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.5.58 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "[*, 1.5.59)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.59", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.59" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef4134a1-e2c6-495a-bc00-cc8cd783cd7a?source=api-scan" ], "published": "2015-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef45fa78-7005-483e-a708-5aab0f7ba07b": { "id": "ef45fa78-7005-483e-a708-5aab0f7ba07b", "title": "Avada <= 7.8.1 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef45fa78-7005-483e-a708-5aab0f7ba07b?source=api-scan" ], "published": "2022-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef4603b2-bd41-4f65-ba2a-8d06e32e67c1": { "id": "ef4603b2-bd41-4f65-ba2a-8d06e32e67c1", "title": "Testimonials Widget <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode", "software": [ { "type": "plugin", "name": "Testimonials Widget", "slug": "testimonials-widget", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef4603b2-bd41-4f65-ba2a-8d06e32e67c1?source=api-scan" ], "published": "2024-06-05 13:10:49", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef47feb7-76fd-470d-ba48-55ba3c323c6d": { "id": "ef47feb7-76fd-470d-ba48-55ba3c323c6d", "title": "Gutenberg Blocks and Page Layouts \u2013 Attire Blocks <= 1.9.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Gutenberg Blocks and Page Layouts \u2013 Attire Blocks", "slug": "attire-blocks", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef47feb7-76fd-470d-ba48-55ba3c323c6d?source=api-scan" ], "published": "2024-06-04 18:36:28", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef480fce-d0e3-47af-92ea-2c84c3f8e2f7": { "id": "ef480fce-d0e3-47af-92ea-2c84c3f8e2f7", "title": "Popup Box \u2013 new WordPress popup plugin <= 2.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Popup Box: Create Custom WordPress Popups Easily", "slug": "popup-box", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef480fce-d0e3-47af-92ea-2c84c3f8e2f7?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef4a7a20-663e-4e6a-af23-e8a87b18521e": { "id": "ef4a7a20-663e-4e6a-af23-e8a87b18521e", "title": "eShop <= 6.3.14 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eShop", "slug": "eshop", "affected_versions": { "* - 6.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef4a7a20-663e-4e6a-af23-e8a87b18521e?source=api-scan" ], "published": "2016-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef4c6f76-4d3e-4ab0-9e12-1df55a8edae5": { "id": "ef4c6f76-4d3e-4ab0-9e12-1df55a8edae5", "title": "Browser Theme Color <= 1.3 - Cross-Site Request Forgery via btc_settings_page", "software": [ { "type": "plugin", "name": "Browser Theme Color", "slug": "browser-theme-color", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef4c6f76-4d3e-4ab0-9e12-1df55a8edae5?source=api-scan" ], "published": "2024-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef4ecdd3-1041-4dbe-a804-59a51f6123e4": { "id": "ef4ecdd3-1041-4dbe-a804-59a51f6123e4", "title": "Videojs HTML5 Player <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Videojs HTML5 Player", "slug": "videojs-html5-player", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef4ecdd3-1041-4dbe-a804-59a51f6123e4?source=api-scan" ], "published": "2022-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef5028a0-6a5a-40ad-92df-ffc988cad389": { "id": "ef5028a0-6a5a-40ad-92df-ffc988cad389", "title": "Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "[*, 4.09.05)": { "from_version": "*", "from_inclusive": true, "to_version": "4.09.05", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.09.05" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef5028a0-6a5a-40ad-92df-ffc988cad389?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef528553-4037-43e0-af2d-8324412147f3": { "id": "ef528553-4037-43e0-af2d-8324412147f3", "title": "MihanPanel <= 12.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MihanPanel \u2013 User Login , Registration and Dashboard", "slug": "mihanpanel-lite", "affected_versions": { "* - 12.4": { "from_version": "*", "from_inclusive": true, "to_version": "12.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "12.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef528553-4037-43e0-af2d-8324412147f3?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef543c61-2acc-4b72-81ff-883960d4c7c3": { "id": "ef543c61-2acc-4b72-81ff-883960d4c7c3", "title": "Stripe Payment Plugin for WooCommerce <= 3.7.9 - Missing Authorization to Arbitrary Order Status Modification", "software": [ { "type": "plugin", "name": "Stripe Payment Plugin for WooCommerce", "slug": "payment-gateway-stripe-and-woocommerce-integration", "affected_versions": { "3.7.9": { "from_version": "3.7.9", "from_inclusive": true, "to_version": "3.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef54b45e-19e4-4423-aace-99b017cdd6ee": { "id": "ef54b45e-19e4-4423-aace-99b017cdd6ee", "title": "Page Builder Gutenberg Blocks \u2013 CoBlocks <= 3.1.12 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder Gutenberg Blocks \u2013 CoBlocks", "slug": "coblocks", "affected_versions": { "* - 3.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef54b45e-19e4-4423-aace-99b017cdd6ee?source=api-scan" ], "published": "2024-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef566dca-91ed-4929-b36b-4e424e07e1d4": { "id": "ef566dca-91ed-4929-b36b-4e424e07e1d4", "title": "Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider", "slug": "ultimate-store-kit", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef566dca-91ed-4929-b36b-4e424e07e1d4?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef5859b7-0f15-43ad-9f45-aa846d045f5d": { "id": "ef5859b7-0f15-43ad-9f45-aa846d045f5d", "title": "WP Project Manager <= 2.4.13 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts", "slug": "wedevs-project-manager", "affected_versions": { "* - 2.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef5859b7-0f15-43ad-9f45-aa846d045f5d?source=api-scan" ], "published": "2021-10-11 13:37:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef5bccca-39d6-40e2-94fa-b321da58789d": { "id": "ef5bccca-39d6-40e2-94fa-b321da58789d", "title": "JobSearch WP Job Board <= 1.5.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef5bccca-39d6-40e2-94fa-b321da58789d?source=api-scan" ], "published": "2020-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef5f99ca-8a0d-4ec4-8b59-c0c4637dfbc3": { "id": "ef5f99ca-8a0d-4ec4-8b59-c0c4637dfbc3", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'statusBulkEdit' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef5f99ca-8a0d-4ec4-8b59-c0c4637dfbc3?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef60c109-30e2-48e9-8599-6f226e74b6bc": { "id": "ef60c109-30e2-48e9-8599-6f226e74b6bc", "title": "WP Limit Login Attempts <= 2.6.4 - IP Spoofing to Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "WP Limit Login Attempts", "slug": "wp-limit-login-attempts", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef60c109-30e2-48e9-8599-6f226e74b6bc?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef60f4c3-e38f-4f95-80cd-5e1f5512ebf5": { "id": "ef60f4c3-e38f-4f95-80cd-5e1f5512ebf5", "title": "Outdoor <= 3.9.6 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "outdoor", "slug": "outdoor", "affected_versions": { "* - 3.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef60f4c3-e38f-4f95-80cd-5e1f5512ebf5?source=api-scan" ], "published": "2023-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef6538e7-8cde-4c49-9965-0624a25ffe65": { "id": "ef6538e7-8cde-4c49-9965-0624a25ffe65", "title": "WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via the rules[0][content] parameter in a wpfc_save_exclude_pages action", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef6538e7-8cde-4c49-9965-0624a25ffe65?source=api-scan" ], "published": "2018-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef6b36a2-c18a-403a-aa0b-5d3e3ef1ca90": { "id": "ef6b36a2-c18a-403a-aa0b-5d3e3ef1ca90", "title": "Easy Property Listings <= 3.5.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Easy Property Listings", "slug": "easy-property-listings", "affected_versions": { "* - 3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef6b36a2-c18a-403a-aa0b-5d3e3ef1ca90?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef6b80c1-7f5e-4f8d-964a-a9c9c4f2a882": { "id": "ef6b80c1-7f5e-4f8d-964a-a9c9c4f2a882", "title": "Genesis Columns Advanced <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Genesis Columns Advanced", "slug": "genesis-columns-advanced", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef6b80c1-7f5e-4f8d-964a-a9c9c4f2a882?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef7727e5-fb20-4d9b-baaa-c123a0100ee0": { "id": "ef7727e5-fb20-4d9b-baaa-c123a0100ee0", "title": "WP Code Highlight.js <= 0.6.2 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Code Highlight.js", "slug": "wp-code-highlightjs", "affected_versions": { "[*, 0.6.3)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef7727e5-fb20-4d9b-baaa-c123a0100ee0?source=api-scan" ], "published": "2019-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef778a1d-d4ce-47fd-932b-9e86b38e2681": { "id": "ef778a1d-d4ce-47fd-932b-9e86b38e2681", "title": "AFFILIATE Solution <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AFFILIATE Solution", "slug": "affiliate-solution", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef778a1d-d4ce-47fd-932b-9e86b38e2681?source=api-scan" ], "published": "2023-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef792894-b841-495c-aae0-08476a435471": { "id": "ef792894-b841-495c-aae0-08476a435471", "title": "WP Go Maps (formerly WP Google Maps) <= 9.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "* - 9.0.36": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef792894-b841-495c-aae0-08476a435471?source=api-scan" ], "published": "2024-05-23 16:04:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef79e5a8-8bac-42b3-a064-6eea597701c9": { "id": "ef79e5a8-8bac-42b3-a064-6eea597701c9", "title": "Woodmart Core <= 1.0.36 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Woodmart Core", "slug": "woodmart-core", "affected_versions": { "* - 1.0.36": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef79e5a8-8bac-42b3-a064-6eea597701c9?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef7cf633-e907-4da1-bd96-0013e88defbb": { "id": "ef7cf633-e907-4da1-bd96-0013e88defbb", "title": "Minify HTML <= 2.1.7 - Cross-Site Request Forgery in minify_html_menu_options", "software": [ { "type": "plugin", "name": "Minify HTML", "slug": "minify-html-markup", "affected_versions": { "* - 2.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef7cf633-e907-4da1-bd96-0013e88defbb?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef7d7378-fa94-4964-916b-a41f69866d76": { "id": "ef7d7378-fa94-4964-916b-a41f69866d76", "title": "VS Contact Form <= 11.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "VS Contact Form", "slug": "very-simple-contact-form", "affected_versions": { "* - 11.5": { "from_version": "*", "from_inclusive": true, "to_version": "11.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "11.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef7d7378-fa94-4964-916b-a41f69866d76?source=api-scan" ], "published": "2022-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef7ec175-cee5-4559-909d-ee689158d67c": { "id": "ef7ec175-cee5-4559-909d-ee689158d67c", "title": "League Table <= 1.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "League Table \u2013 WordPress Table Plugin", "slug": "league-table-lite", "affected_versions": { "* - 1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef7ec175-cee5-4559-909d-ee689158d67c?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef7ef45a-612b-40ca-817d-05b3d29b2b05": { "id": "ef7ef45a-612b-40ca-817d-05b3d29b2b05", "title": "Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin", "slug": "mage-eventpress", "affected_versions": { "[*, 3.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef7ef45a-612b-40ca-817d-05b3d29b2b05?source=api-scan" ], "published": "2021-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef80a076-98cb-42c1-8d7d-0a6b38d7bfc8": { "id": "ef80a076-98cb-42c1-8d7d-0a6b38d7bfc8", "title": "WordPress Country Selector <= 1.6.5 - Reflected Cross-Site Scripting via AJAX call of check_country_selector", "software": [ { "type": "plugin", "name": "WordPress Country Selector", "slug": "wordpress-country-selector", "affected_versions": { "* - 1.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef80a076-98cb-42c1-8d7d-0a6b38d7bfc8?source=api-scan" ], "published": "2022-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef847b12-a380-410a-9368-6b2751d1836e": { "id": "ef847b12-a380-410a-9368-6b2751d1836e", "title": "Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef847b12-a380-410a-9368-6b2751d1836e?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef8697a2-7c58-43be-aaa9-05273fc3114b": { "id": "ef8697a2-7c58-43be-aaa9-05273fc3114b", "title": "Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Ditty \u2013 Responsive News Tickers, Sliders, and Lists", "slug": "ditty-news-ticker", "affected_versions": { "* - 3.0.32": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.32", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef8697a2-7c58-43be-aaa9-05273fc3114b?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef888b2e-1fc7-442b-8b67-ebfdcbc76696": { "id": "ef888b2e-1fc7-442b-8b67-ebfdcbc76696", "title": "I Recommend This < 3.8.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "I Recommend This", "slug": "i-recommend-this", "affected_versions": { "[*, 3.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef888b2e-1fc7-442b-8b67-ebfdcbc76696?source=api-scan" ], "published": "2018-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef8a43c7-f391-44fc-882c-26c1c8b5df78": { "id": "ef8a43c7-f391-44fc-882c-26c1c8b5df78", "title": "WordPress Users <= 1.3 - SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Users", "slug": "wordpress-users", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef8a43c7-f391-44fc-882c-26c1c8b5df78?source=api-scan" ], "published": "2011-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef8a592a-8100-4347-8407-189ca2867c3b": { "id": "ef8a592a-8100-4347-8407-189ca2867c3b", "title": "Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Progressive License", "slug": "progressive-license", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef8a592a-8100-4347-8407-189ca2867c3b?source=api-scan" ], "published": "2022-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3": { "id": "ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3", "title": "WPvivid Backup and Migration <= 0.9.68 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Migration, Backup, Staging \u2013 WPvivid", "slug": "wpvivid-backuprestore", "affected_versions": { "0.9.68": { "from_version": "0.9.68", "from_inclusive": true, "to_version": "0.9.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3?source=api-scan" ], "published": "2024-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef96782e-d3a6-43de-bf6a-801bbe2e43ed": { "id": "ef96782e-d3a6-43de-bf6a-801bbe2e43ed", "title": "Hide My WP <= 4.53 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hide My WP - Amazing Security Plugin for WordPress!", "slug": "hide_my_wp", "affected_versions": { "[*, 4.54)": { "from_version": "*", "from_inclusive": true, "to_version": "4.54", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef96782e-d3a6-43de-bf6a-801bbe2e43ed?source=api-scan" ], "published": "2015-08-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef9a6ef5-368e-40df-9a17-2779e453dfcc": { "id": "ef9a6ef5-368e-40df-9a17-2779e453dfcc", "title": "Autoptimize <= 2.7.7 - Race Condition leading to Remote Code Execution", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "[*, 2.7.8)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef9a6ef5-368e-40df-9a17-2779e453dfcc?source=api-scan" ], "published": "2020-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ef9d256b-9156-4172-8892-29a26beddb71": { "id": "ef9d256b-9156-4172-8892-29a26beddb71", "title": "Booking Calendar <= 6.2 - Authenticated (Editor+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "[*, 6.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef9d256b-9156-4172-8892-29a26beddb71?source=api-scan" ], "published": "2016-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efa01956-7c03-4f0f-9054-6920013a2b32": { "id": "efa01956-7c03-4f0f-9054-6920013a2b32", "title": "MaxButtons <= 6.18 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 6.18": { "from_version": "*", "from_inclusive": true, "to_version": "6.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efa01956-7c03-4f0f-9054-6920013a2b32?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efa156b7-ab18-414d-80a5-3a1c2a977b3b": { "id": "efa156b7-ab18-414d-80a5-3a1c2a977b3b", "title": "Themify Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Icons", "slug": "themify-icons", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efa156b7-ab18-414d-80a5-3a1c2a977b3b?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efa4b67c-1bb8-413a-8cb8-039168b0b586": { "id": "efa4b67c-1bb8-413a-8cb8-039168b0b586", "title": "Chankhe <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation", "software": [ { "type": "theme", "name": "Chankhe", "slug": "chankhe", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efa4b67c-1bb8-413a-8cb8-039168b0b586?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efa646ee-ebee-4528-a421-09ee3dc8275a": { "id": "efa646ee-ebee-4528-a421-09ee3dc8275a", "title": "Bit Form Pro <= 2.6.4 - Authenticated (Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Bit Form Pro", "slug": "bitformpro", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efa646ee-ebee-4528-a421-09ee3dc8275a?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efab7ec7-7143-4556-8d68-4a7e34f46e9e": { "id": "efab7ec7-7143-4556-8d68-4a7e34f46e9e", "title": "Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'", "software": [ { "type": "plugin", "name": "Woocommerce Support System", "slug": "wc-support-system", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efab7ec7-7143-4556-8d68-4a7e34f46e9e?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efac70f6-d959-41f7-bdef-d554f1c9133e": { "id": "efac70f6-d959-41f7-bdef-d554f1c9133e", "title": "Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Divi Builder", "slug": "divi-builder", "affected_versions": { "* - 4.25.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.25.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.25.1" ] }, { "type": "theme", "name": "Divi", "slug": "Divi", "affected_versions": { "* - 4.25.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.25.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.25.1" ] }, { "type": "theme", "name": "Divi Extra", "slug": "extra", "affected_versions": { "* - 4.25.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.25.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.25.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efac70f6-d959-41f7-bdef-d554f1c9133e?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efacb174-5eb6-4a58-bd76-8111031bbd4d": { "id": "efacb174-5eb6-4a58-bd76-8111031bbd4d", "title": "Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Jetpack CRM \u2013 Clients, Leads, Invoices, Billing, Email Marketing, & Automation", "slug": "zero-bs-crm", "affected_versions": { "* - 5.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efacb174-5eb6-4a58-bd76-8111031bbd4d?source=api-scan" ], "published": "2022-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efadd529-f369-4c7a-ab71-170e72c997f1": { "id": "efadd529-f369-4c7a-ab71-170e72c997f1", "title": "WP Custom Cursors < 3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Custom Cursors | WordPress Cursor Plugin", "slug": "wp-custom-cursors", "affected_versions": { "[*, 3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efadd529-f369-4c7a-ab71-170e72c997f1?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efaef405-9721-4fb6-bcb4-4bd4f78742fd": { "id": "efaef405-9721-4fb6-bcb4-4bd4f78742fd", "title": "WP Tiles <= 1.1.2 - Authenticated(Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WP Tiles", "slug": "wp-tiles", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efaef405-9721-4fb6-bcb4-4bd4f78742fd?source=api-scan" ], "published": "2023-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efb0c7d9-0e93-404b-9032-54d64cfcd4c3": { "id": "efb0c7d9-0e93-404b-9032-54d64cfcd4c3", "title": "Fullscreen Galleria <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Fullscreen Galleria", "slug": "fullscreen-galleria", "affected_versions": { "* - 1.6.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efb0c7d9-0e93-404b-9032-54d64cfcd4c3?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efb37c6a-e1a0-4960-b53a-858b22b6e706": { "id": "efb37c6a-e1a0-4960-b53a-858b22b6e706", "title": "SagePay Server Gateway for WooCommerce < 1.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SagePay Server Gateway for WooCommerce", "slug": "sagepay-server-gateway-for-woocommerce", "affected_versions": { "[*, 1.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efb37c6a-e1a0-4960-b53a-858b22b6e706?source=api-scan" ], "published": "2017-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efb692da-6878-420a-b16e-2cb871bef764": { "id": "efb692da-6878-420a-b16e-2cb871bef764", "title": "PDF Flipbook, 3D Flipbook WordPress \u2013 DearFlip Lite <= 1.7.12 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Dear Flipbook \u2013 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer", "slug": "3d-flipbook-dflip-lite", "affected_versions": { "* - 1.7.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efb692da-6878-420a-b16e-2cb871bef764?source=api-scan" ], "published": "2021-09-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efb816e4-c07f-4e72-bfd3-06d83ed4d642": { "id": "efb816e4-c07f-4e72-bfd3-06d83ed4d642", "title": "Powerkit \u2013 Supercharge your WordPress Site <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Powerkit \u2013 Supercharge your WordPress Site", "slug": "powerkit", "affected_versions": { "* - 2.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efb816e4-c07f-4e72-bfd3-06d83ed4d642?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efbcac1c-854c-4521-848a-d403bc27328f": { "id": "efbcac1c-854c-4521-848a-d403bc27328f", "title": "Flexible Captcha <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Flexible Captcha", "slug": "flexible-captcha", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efbcac1c-854c-4521-848a-d403bc27328f?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efbea599-3d04-42d2-9b91-6b68210d8b01": { "id": "efbea599-3d04-42d2-9b91-6b68210d8b01", "title": "Appius Theme <= 1.0 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "appius", "slug": "appius", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efbea599-3d04-42d2-9b91-6b68210d8b01?source=api-scan" ], "published": "2014-03-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efbecb4b-fc41-4719-be5e-af11b47ff683": { "id": "efbecb4b-fc41-4719-be5e-af11b47ff683", "title": "LoginPress | Custom Login Page Customizer <= 1.1.13 - Unauthorized Settings Update", "software": [ { "type": "plugin", "name": "LoginPress | wp-login Custom Login Page Customizer", "slug": "loginpress", "affected_versions": { "* - 1.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efbecb4b-fc41-4719-be5e-af11b47ff683?source=api-scan" ], "published": "2019-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efbf83d9-ce5e-4139-ba12-b00df4d9ad89": { "id": "efbf83d9-ce5e-4139-ba12-b00df4d9ad89", "title": "Nafeza Prayer Time <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nafeza Prayer Time", "slug": "nafeza-prayer-time", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efbf83d9-ce5e-4139-ba12-b00df4d9ad89?source=api-scan" ], "published": "2024-06-03 17:14:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efc2a21d-b6f9-405d-a9a0-779a736e5d94": { "id": "efc2a21d-b6f9-405d-a9a0-779a736e5d94", "title": "Splashing Images <= 2.1 - PHP Object Injection", "software": [ { "type": "plugin", "name": "Splashing Images", "slug": "wp-splashing-images", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efc2a21d-b6f9-405d-a9a0-779a736e5d94?source=api-scan" ], "published": "2018-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efc434fd-320a-4808-9289-7c2f63d4f5a4": { "id": "efc434fd-320a-4808-9289-7c2f63d4f5a4", "title": "SMTP Mail <= 1.2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "SMTP Mail", "slug": "smtp-mail", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efc434fd-320a-4808-9289-7c2f63d4f5a4?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efc53d78-a664-48d0-a752-00c56b3f792f": { "id": "efc53d78-a664-48d0-a752-00c56b3f792f", "title": "No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Missing Authorization to Notification Dismissal", "software": [ { "type": "plugin", "name": "No CAPTCHA reCAPTCHA for WooCommerce", "slug": "no-captcha-recaptcha-for-woocommerce", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efc53d78-a664-48d0-a752-00c56b3f792f?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efd25f74-3c4a-4f5a-8c81-f1d42ca2a541": { "id": "efd25f74-3c4a-4f5a-8c81-f1d42ca2a541", "title": "Events Manager <= 5.3.6 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 5.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efd25f74-3c4a-4f5a-8c81-f1d42ca2a541?source=api-scan" ], "published": "2013-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efd279c2-9e95-45bd-9494-fb53a6333c65": { "id": "efd279c2-9e95-45bd-9494-fb53a6333c65", "title": "Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 4.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efd279c2-9e95-45bd-9494-fb53a6333c65?source=api-scan" ], "published": "2024-09-25 16:13:20", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efd81ba5-b9e6-493a-a6a4-55c9e2971378": { "id": "efd81ba5-b9e6-493a-a6a4-55c9e2971378", "title": "Corner Ad < 1.0.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Corner Ad", "slug": "corner-ad", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efd81ba5-b9e6-493a-a6a4-55c9e2971378?source=api-scan" ], "published": "2017-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efdf76b2-7640-4384-a72b-789159eb9c86": { "id": "efdf76b2-7640-4384-a72b-789159eb9c86", "title": "Watu Quiz <= 2.5.0.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Watu Quiz", "slug": "watu", "affected_versions": { "* - 2.5.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efdf76b2-7640-4384-a72b-789159eb9c86?source=api-scan" ], "published": "2014-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00": { "id": "efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00", "title": "Forminator Plugin <= 1.5.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00?source=api-scan" ], "published": "2019-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efe6d975-310d-4286-af2a-e599990e3b0b": { "id": "efe6d975-310d-4286-af2a-e599990e3b0b", "title": "Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Web Icons", "slug": "icon", "affected_versions": { "* - 1.0.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efe6d975-310d-4286-af2a-e599990e3b0b?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "efe9ca48-b6df-4a2d-8713-d8b21f6c9701": { "id": "efe9ca48-b6df-4a2d-8713-d8b21f6c9701", "title": "Point Maker <= 0.1.4 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Point Maker", "slug": "point-maker", "affected_versions": { "* - 0.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/efe9ca48-b6df-4a2d-8713-d8b21f6c9701?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eff03dbc-1bb7-4a72-b57c-f1bde966c286": { "id": "eff03dbc-1bb7-4a72-b57c-f1bde966c286", "title": "Product Table by WBW <= 1.8.6 - Cross-Site Request Forgery via saveGroup", "software": [ { "type": "plugin", "name": "Product Table by WBW", "slug": "woo-product-tables", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eff03dbc-1bb7-4a72-b57c-f1bde966c286?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eff47e59-9a2c-424f-b138-47fcf554c06b": { "id": "eff47e59-9a2c-424f-b138-47fcf554c06b", "title": "Crayon Syntax Highlighter Plugin <= 1.13 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Crayon Syntax Highlighter", "slug": "crayon-syntax-highlighter", "affected_versions": { "* - 1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eff47e59-9a2c-424f-b138-47fcf554c06b?source=api-scan" ], "published": "2012-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eff4cb35-492b-448a-8d16-b9210917c567": { "id": "eff4cb35-492b-448a-8d16-b9210917c567", "title": "WP Simple HTML Sitemap <= 2.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WordPress Simple HTML Sitemap", "slug": "wp-simple-html-sitemap", "affected_versions": { "* - 2.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eff4cb35-492b-448a-8d16-b9210917c567?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eff83c19-c223-4f70-affc-adb0f560264a": { "id": "eff83c19-c223-4f70-affc-adb0f560264a", "title": "Uploading SVG, WEBP and ICO files <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG", "software": [ { "type": "plugin", "name": "Uploading SVG, WEBP and ICO files", "slug": "uploading-svgwebp-and-ico-files", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eff83c19-c223-4f70-affc-adb0f560264a?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "eff9fcce-01b2-4698-a2c2-ee5991bfd963": { "id": "eff9fcce-01b2-4698-a2c2-ee5991bfd963", "title": "Patreon WordPress <= 1.8.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "[*, 1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/eff9fcce-01b2-4698-a2c2-ee5991bfd963?source=api-scan" ], "published": "2022-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "effd72d2-876d-4f8d-b1e4-5ab38eab401b": { "id": "effd72d2-876d-4f8d-b1e4-5ab38eab401b", "title": "AdSanity < 1.8.2 - Authenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "AdSanity", "slug": "adsanity", "affected_versions": { "[*, 1.8.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/effd72d2-876d-4f8d-b1e4-5ab38eab401b?source=api-scan" ], "published": "2022-01-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f002d061-4e9d-49be-9d4c-c470ec97f653": { "id": "f002d061-4e9d-49be-9d4c-c470ec97f653", "title": "YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "YITH WooCommerce Bulk Product Editing", "slug": "yith-woocommerce-bulk-product-editing", "affected_versions": { "* - 1.2.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.27", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Product Gallery & Image Zoom", "slug": "yith-woocommerce-zoom-magnifier", "affected_versions": { "* - 2.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Popup", "slug": "yith-woocommerce-popup", "affected_versions": { "* - 1.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.21.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Badge Management", "slug": "yith-woocommerce-badges-management", "affected_versions": { "* - 2.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Product Add-Ons", "slug": "yith-woocommerce-product-add-ons", "affected_versions": { "* - 2.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Tab Manager", "slug": "yith-woocommerce-tab-manager", "affected_versions": { "* - 1.17.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.17.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Questions and Answers", "slug": "yith-woocommerce-questions-and-answers", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Authorize.net Payment Gateway", "slug": "yith-woocommerce-authorizenet-payment-gateway", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Name Your Price", "slug": "yith-woocommerce-name-your-price", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Order & Shipment Tracking", "slug": "yith-woocommerce-order-tracking", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Cart Messages", "slug": "yith-woocommerce-cart-messages", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Subscription", "slug": "yith-woocommerce-subscription", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.1" ] }, { "type": "plugin", "name": "YITH PayPal Express Checkout for WooCommerce", "slug": "yith-paypal-express-checkout-for-woocommerce", "affected_versions": { "* - 1.20.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.20.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.20.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Ajax Product Filter", "slug": "yith-woocommerce-ajax-navigation", "affected_versions": { "* - 4.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.16.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Wishlist", "slug": "yith-woocommerce-wishlist", "affected_versions": { "* - 3.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.15.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Stripe", "slug": "yith-woocommerce-stripe", "affected_versions": { "* - 2.0.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Custom Thank You Page for WooCommerce", "slug": "yith-custom-thank-you-page-for-woocommerce", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Donations for WooCommerce", "slug": "yith-donations-for-woocommerce", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Compare", "slug": "yith-woocommerce-compare", "affected_versions": { "* - 2.20.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.20.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.20.1" ] }, { "type": "plugin", "name": "YITH Color and Label Variations for WooCommerce", "slug": "yith-color-and-label-variations-for-woocommerce", "affected_versions": { "* - 1.25.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Ajax Search", "slug": "yith-woocommerce-ajax-search", "affected_versions": { "* - 1.25.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.1" ] }, { "type": "plugin", "name": "YITH Essential Kit for WooCommerce #1", "slug": "yith-essential-kit-for-woocommerce-1", "affected_versions": { "* - 2.13.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.13.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.14.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Mailchimp", "slug": "yith-woocommerce-mailchimp", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Infinite Scrolling", "slug": "yith-infinite-scrolling", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Multi Vendor", "slug": "yith-woocommerce-product-vendors", "affected_versions": { "* - 3.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Pre-Order for WooCommerce", "slug": "yith-pre-order-for-woocommerce", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Product Bundles", "slug": "yith-woocommerce-product-bundles", "affected_versions": { "* - 1.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.17.0" ] }, { "type": "plugin", "name": "YITH Request a Quote for WooCommerce", "slug": "yith-woocommerce-request-a-quote", "affected_versions": { "* - 2.15.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Waitlist", "slug": "yith-woocommerce-waiting-list", "affected_versions": { "* - 1.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.21.1" ] }, { "type": "plugin", "name": "YITH WooCommerce PDF Invoice and Shipping List", "slug": "yith-woocommerce-pdf-invoice", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Category Accordion", "slug": "yith-woocommerce-category-accordion", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Brands Add-On", "slug": "yith-woocommerce-brands-add-on", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Gift Cards", "slug": "yith-woocommerce-gift-cards", "affected_versions": { "* - 2.14.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.14.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.0" ] }, { "type": "plugin", "name": "YITH PayPal Payments for WooCommerce", "slug": "yith-paypal-payments-for-woocommerce", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Points and Rewards", "slug": "yith-woocommerce-points-and-rewards", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Multi-step Checkout", "slug": "yith-woocommerce-multi-step-checkout", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Added to Cart Popup", "slug": "yith-woocommerce-added-to-cart-popup", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH WooCommerce Product Slider Carousel", "slug": "yith-woocommerce-product-slider-carousel", "affected_versions": { "* - 1.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Catalog Mode", "slug": "yith-woocommerce-catalog-mode", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Affiliates", "slug": "yith-woocommerce-affiliates", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.0" ] }, { "type": "plugin", "name": "YITH WooCommerce Quick View", "slug": "yith-woocommerce-quick-view", "affected_versions": { "* - 1.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.21.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Advanced Reviews", "slug": "yith-woocommerce-advanced-reviews", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "YITH Frequently Bought Together for WooCommerce", "slug": "yith-woocommerce-frequently-bought-together", "affected_versions": { "* - 1.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Featured Video", "slug": "yith-woocommerce-featured-video", "affected_versions": { "* - 1.18.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18.1" ] }, { "type": "plugin", "name": "YITH WooCommerce Social Login", "slug": "yith-woocommerce-social-login", "affected_versions": { "* - 1.4.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f002e61b-7395-4ba7-8695-da17cfc001cc": { "id": "f002e61b-7395-4ba7-8695-da17cfc001cc", "title": "WP Maintenance <= 6.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Maintenance", "slug": "wp-maintenance", "affected_versions": { "* - 6.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f002e61b-7395-4ba7-8695-da17cfc001cc?source=api-scan" ], "published": "2022-04-15 12:44:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f004c401-6b71-413c-bbbd-229b6ddfffe4": { "id": "f004c401-6b71-413c-bbbd-229b6ddfffe4", "title": "Zingiri Tickets <= 3.0.3 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Support Tickets Center", "slug": "zingiri-tickets", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f004c401-6b71-413c-bbbd-229b6ddfffe4?source=api-scan" ], "published": "2012-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f006bb33-d017-445b-9c02-bd848c199671": { "id": "f006bb33-d017-445b-9c02-bd848c199671", "title": "WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.37 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "WPZOOM Addons for Elementor (Templates, Widgets)", "slug": "wpzoom-elementor-addons", "affected_versions": { "* - 1.1.37": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.37", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.38" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f006bb33-d017-445b-9c02-bd848c199671?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f00761a7-fe24-49a3-b3e3-a471e05815c1": { "id": "f00761a7-fe24-49a3-b3e3-a471e05815c1", "title": "MStore API <= 3.9.2 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 3.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f00761a7-fe24-49a3-b3e3-a471e05815c1?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f00a12ed-d8c2-40b2-b0c8-71507469ee95": { "id": "f00a12ed-d8c2-40b2-b0c8-71507469ee95", "title": "Easy Social Icons <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f00a12ed-d8c2-40b2-b0c8-71507469ee95?source=api-scan" ], "published": "2015-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f00b2602-b9ab-4f4a-a19e-5c2a98c232e3": { "id": "f00b2602-b9ab-4f4a-a19e-5c2a98c232e3", "title": "SpiderCalendar <= 1.4.9 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "SpiderCalendar", "slug": "spider-event-calendar", "affected_versions": { "[*, 1.4.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f00b2602-b9ab-4f4a-a19e-5c2a98c232e3?source=api-scan" ], "published": "2015-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f00ca075-cbf0-428b-a53b-dc723889f69b": { "id": "f00ca075-cbf0-428b-a53b-dc723889f69b", "title": "Email Address Encoder <= 1.0.23 - Cross-Site Request Forgery via eae_clear_caches()", "software": [ { "type": "plugin", "name": "Email Address Encoder", "slug": "email-address-encoder", "affected_versions": { "* - 1.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f00ca075-cbf0-428b-a53b-dc723889f69b?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f00cdef3-d733-4e85-8099-204ef76096b4": { "id": "f00cdef3-d733-4e85-8099-204ef76096b4", "title": "Image Hover Effects Ultimate 9.8.1 - 9.8.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)", "slug": "image-hover-effects-ultimate", "affected_versions": { "9.8.1 - 9.8.4": { "from_version": "9.8.1", "from_inclusive": true, "to_version": "9.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f00cdef3-d733-4e85-8099-204ef76096b4?source=api-scan" ], "published": "2022-12-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f00e8169-3b8f-44a0-9af2-e81777a913f8": { "id": "f00e8169-3b8f-44a0-9af2-e81777a913f8", "title": "Tutor LMS \u2013 eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=api-scan" ], "published": "2024-06-06 15:55:08", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f00eeaef-f277-481f-9e18-bf1ced0015a0": { "id": "f00eeaef-f277-481f-9e18-bf1ced0015a0", "title": "Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Ninja Forms - File Uploads", "slug": "ninja-forms-uploads", "affected_versions": { "* - 3.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=api-scan" ], "published": "2020-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f00ef5c1-1025-489c-a294-a87e10afde2b": { "id": "f00ef5c1-1025-489c-a294-a87e10afde2b", "title": "Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Customer Reviews for WooCommerce", "slug": "customer-reviews-woocommerce", "affected_versions": { "* - 5.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.17.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f00ef5c1-1025-489c-a294-a87e10afde2b?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f015ff9b-a7dc-47de-83d4-d6b91ec433f7": { "id": "f015ff9b-a7dc-47de-83d4-d6b91ec433f7", "title": "ParityPress <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ParityPress \u2013 Parity Pricing with Discount Rules", "slug": "paritypress", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f015ff9b-a7dc-47de-83d4-d6b91ec433f7?source=api-scan" ], "published": "2024-07-26 13:05:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f01e9908-c4d7-4eaf-8bba-4f5da7fa7703": { "id": "f01e9908-c4d7-4eaf-8bba-4f5da7fa7703", "title": "miniOrange\u2019s Malware Scanner <= 4.5.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Malware Scanner", "slug": "miniorange-malware-protection", "affected_versions": { "* - 4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f01e9908-c4d7-4eaf-8bba-4f5da7fa7703?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0257620-3a0e-4011-9378-7aa423e7c0b2": { "id": "f0257620-3a0e-4011-9378-7aa423e7c0b2", "title": "Booster for WooCommerce <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 7.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0257620-3a0e-4011-9378-7aa423e7c0b2?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f02945e0-6214-46c4-ada8-49e8161d2ce4": { "id": "f02945e0-6214-46c4-ada8-49e8161d2ce4", "title": "Seriously Simple Podcasting <= 2.16.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Seriously Simple Podcasting", "slug": "seriously-simple-podcasting", "affected_versions": { "* - 2.16.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f02945e0-6214-46c4-ada8-49e8161d2ce4?source=api-scan" ], "published": "2022-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f029bd86-d979-45d1-97fe-75c43fb71148": { "id": "f029bd86-d979-45d1-97fe-75c43fb71148", "title": "Modula <= 2.7.4 - Incomplete Authorization via 'save_image' and 'save_images'", "software": [ { "type": "plugin", "name": "Modula Image Gallery", "slug": "modula-best-grid-gallery", "affected_versions": { "[*, 2.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f029bd86-d979-45d1-97fe-75c43fb71148?source=api-scan" ], "published": "2023-09-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f033b843-d26a-4176-badd-3d0e2c2aa30f": { "id": "f033b843-d26a-4176-badd-3d0e2c2aa30f", "title": "Qi Blocks <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Qi Blocks", "slug": "qi-blocks", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f033b843-d26a-4176-badd-3d0e2c2aa30f?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0343861-a376-43ea-826e-277c2a5ea635": { "id": "f0343861-a376-43ea-826e-277c2a5ea635", "title": "JetFormBuilder <= 3.1.4 - Unauthenticated Content Injection", "software": [ { "type": "plugin", "name": "JetFormBuilder \u2014 Dynamic Blocks Form Builder", "slug": "jetformbuilder", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0343861-a376-43ea-826e-277c2a5ea635?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f037e2d8-1444-46e6-b7aa-57db812e44c5": { "id": "f037e2d8-1444-46e6-b7aa-57db812e44c5", "title": "Comments Evolved for WordPress <= 1.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comments Evolved for WordPress", "slug": "gplus-comments", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f037e2d8-1444-46e6-b7aa-57db812e44c5?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f03dfbd4-b34a-46ab-b8aa-e37fb0321e8e": { "id": "f03dfbd4-b34a-46ab-b8aa-e37fb0321e8e", "title": "SendPress Newsletters <= 1.23.11.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "SendPress Newsletters", "slug": "sendpress", "affected_versions": { "* - 1.23.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.11.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f03dfbd4-b34a-46ab-b8aa-e37fb0321e8e?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f040d5b9-0db2-467b-91fa-98aede9f7280": { "id": "f040d5b9-0db2-467b-91fa-98aede9f7280", "title": "Subscribe to Category <= 2.7.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "Subscribe to Category", "slug": "subscribe-to-category", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f040d5b9-0db2-467b-91fa-98aede9f7280?source=api-scan" ], "published": "2022-10-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f04166e0-9f43-43ad-9552-618b81ab2d6f": { "id": "f04166e0-9f43-43ad-9552-618b81ab2d6f", "title": "ZdStatistics <= 2.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ZdStatistics", "slug": "zdstats", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f04166e0-9f43-43ad-9552-618b81ab2d6f?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f04afca9-a03f-4390-9872-f744d0a86bec": { "id": "f04afca9-a03f-4390-9872-f744d0a86bec", "title": "Lazyest Backup < 0.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Lazyest Backup", "slug": "lazyest-backup", "affected_versions": { "[*, 0.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f04afca9-a03f-4390-9872-f744d0a86bec?source=api-scan" ], "published": "2011-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f04c83b9-33a0-4f4b-afc4-929d40c2ef67": { "id": "f04c83b9-33a0-4f4b-afc4-929d40c2ef67", "title": "JCH Optimize <= 3.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings", "software": [ { "type": "plugin", "name": "JCH Optimize", "slug": "jch-optimize", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f04c83b9-33a0-4f4b-afc4-929d40c2ef67?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f04dee5b-d16f-4ef0-88a4-1567e2287bd5": { "id": "f04dee5b-d16f-4ef0-88a4-1567e2287bd5", "title": "Category Discount Woocommerce <= 4.11 - Cross-Site Request Forgery via wpcd_save_discount()", "software": [ { "type": "plugin", "name": "Category Discount Woocommerce", "slug": "woo-product-category-discount", "affected_versions": { "* - 4.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f04dee5b-d16f-4ef0-88a4-1567e2287bd5?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f04eab14-dd86-4145-b5eb-20d064bc8417": { "id": "f04eab14-dd86-4145-b5eb-20d064bc8417", "title": "Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value", "software": [ { "type": "plugin", "name": "Miniorange OTP Verification with Firebase", "slug": "miniorange-firebase-sms-otp-verification", "affected_versions": { "* - 3.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f04eab14-dd86-4145-b5eb-20d064bc8417?source=api-scan" ], "published": "2024-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0543f32-54d4-4180-95c4-c9ddc0e08384": { "id": "f0543f32-54d4-4180-95c4-c9ddc0e08384", "title": "Inline Google Spreadsheet Viewer <= 0.9.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Inline Google Spreadsheet Viewer", "slug": "inline-google-spreadsheet-viewer", "affected_versions": { "* - 0.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0543f32-54d4-4180-95c4-c9ddc0e08384?source=api-scan" ], "published": "2015-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0576cde-8d32-4f06-899a-a9ebff99d8ba": { "id": "f0576cde-8d32-4f06-899a-a9ebff99d8ba", "title": "Post Expirator <= 2.5.1 - Contributor+ Arbitrary Post Schedule Deletion", "software": [ { "type": "plugin", "name": "Schedule Post Changes: Unpublish, Delete, Change Status, Trash, Change Categories and Tags with PublishPress Future", "slug": "post-expirator", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0576cde-8d32-4f06-899a-a9ebff99d8ba?source=api-scan" ], "published": "2021-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f05b82c3-bb29-494e-a020-427cb1a816a0": { "id": "f05b82c3-bb29-494e-a020-427cb1a816a0", "title": "Envira Photo Gallery <= 1.7.6 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery", "slug": "envira-gallery-lite", "affected_versions": { "[*, 1.7.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f05b82c3-bb29-494e-a020-427cb1a816a0?source=api-scan" ], "published": "2020-02-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f05e5283-e9d9-44c8-9214-96dc18d94f7a": { "id": "f05e5283-e9d9-44c8-9214-96dc18d94f7a", "title": "PressForward <= 5.2.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PressForward", "slug": "pressforward", "affected_versions": { "* - 5.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f05e5283-e9d9-44c8-9214-96dc18d94f7a?source=api-scan" ], "published": "2022-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f06008c0-0ce3-4d78-934e-2a7fa5ce4e98": { "id": "f06008c0-0ce3-4d78-934e-2a7fa5ce4e98", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f06008c0-0ce3-4d78-934e-2a7fa5ce4e98?source=api-scan" ], "published": "2015-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0644fc5-6b37-4730-a051-f36dec650649": { "id": "f0644fc5-6b37-4730-a051-f36dec650649", "title": "Mingle Forum <= 1.0.32.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Mingle Forum", "slug": "mingle-forum", "affected_versions": { "[*, 1.0.33)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.33", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0644fc5-6b37-4730-a051-f36dec650649?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f065648a-436a-459c-8ab1-c948c78b43c9": { "id": "f065648a-436a-459c-8ab1-c948c78b43c9", "title": "Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details'", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f065648a-436a-459c-8ab1-c948c78b43c9?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f068abb4-cbe6-4698-b547-78503b2a455e": { "id": "f068abb4-cbe6-4698-b547-78503b2a455e", "title": "AdRotate Banner Manager <= 5.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AdRotate Banner Manager \u2013 The only ad manager you'll need", "slug": "adrotate", "affected_versions": { "* - 5.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f068abb4-cbe6-4698-b547-78503b2a455e?source=api-scan" ], "published": "2022-11-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0691a2a-734e-4726-97a1-9e0c796c2fb5": { "id": "f0691a2a-734e-4726-97a1-9e0c796c2fb5", "title": "WordPress Core < 6.0.3 - Information Disclosure (Email Address)", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0691a2a-734e-4726-97a1-9e0c796c2fb5?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f06d1b9e-e27d-4c43-a69b-7641518e4615": { "id": "f06d1b9e-e27d-4c43-a69b-7641518e4615", "title": "Slideshow, Image Slider by 2J <= 1.3.31 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Slideshow, Image Slider by 2J", "slug": "2j-slideshow", "affected_versions": { "* - 1.3.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.33" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f06d1b9e-e27d-4c43-a69b-7641518e4615?source=api-scan" ], "published": "2020-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f06f0492-c03d-44d7-9441-4d79f89e5c1f": { "id": "f06f0492-c03d-44d7-9441-4d79f89e5c1f", "title": "Appius Theme <= 1.0 - Full Path Disclosure", "software": [ { "type": "theme", "name": "appius", "slug": "appius", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f06f0492-c03d-44d7-9441-4d79f89e5c1f?source=api-scan" ], "published": "2012-12-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f079037c-cea6-4ba6-843f-99c5e5fe59a5": { "id": "f079037c-cea6-4ba6-843f-99c5e5fe59a5", "title": "Search in Place <= 1.0.104 - Cross-Site Request Forgery to Feedback Submission", "software": [ { "type": "plugin", "name": "Search in Place", "slug": "search-in-place", "affected_versions": { "* - 1.0.104": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.104", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.105" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f079037c-cea6-4ba6-843f-99c5e5fe59a5?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f07957b3-27cb-4a5e-a8bb-2bca72f8eecf": { "id": "f07957b3-27cb-4a5e-a8bb-2bca72f8eecf", "title": "Woffice Core <= 5.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woffice Core", "slug": "woffice-core", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f07957b3-27cb-4a5e-a8bb-2bca72f8eecf?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f07b166b-3436-4797-a2df-096ff7c27a09": { "id": "f07b166b-3436-4797-a2df-096ff7c27a09", "title": "WebSub (FKA. PubSubHubbub) <= 3.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WebSub (FKA. PubSubHubbub)", "slug": "pubsubhubbub", "affected_versions": { "* - 3.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f07b166b-3436-4797-a2df-096ff7c27a09?source=api-scan" ], "published": "2024-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f07c1aac-28c1-47fc-a2e5-fbe48a90f051": { "id": "f07c1aac-28c1-47fc-a2e5-fbe48a90f051", "title": "Sitemap by click5 <= 1.0.35 - Unauthenticated Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Sitemap by click5", "slug": "sitemap-by-click5", "affected_versions": { "* - 1.0.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f07c1aac-28c1-47fc-a2e5-fbe48a90f051?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f082a21e-0239-45fc-a7f2-9600f215783a": { "id": "f082a21e-0239-45fc-a7f2-9600f215783a", "title": "Ezoic <= 2.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ezoic", "slug": "ezoic-integration", "affected_versions": { "* - 2.8.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f082a21e-0239-45fc-a7f2-9600f215783a?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f082ff4a-2adb-461e-875a-b3701cfea074": { "id": "f082ff4a-2adb-461e-875a-b3701cfea074", "title": "AccessPress Social Icons <= 1.8.0 - Author+ SQL Injection", "software": [ { "type": "plugin", "name": "AccessPress Social Icons", "slug": "accesspress-social-icons", "affected_versions": { "[*, 1.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f082ff4a-2adb-461e-875a-b3701cfea074?source=api-scan" ], "published": "2020-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0882205-3037-4ada-9e44-ddd55d88fcb1": { "id": "f0882205-3037-4ada-9e44-ddd55d88fcb1", "title": "Shortcodes and extra features for Phlox theme <= 2.16.2 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.16.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.16.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f08ad322-6458-4608-b53a-6aaed38a9ef2": { "id": "f08ad322-6458-4608-b53a-6aaed38a9ef2", "title": "Email Before Download <= 6.7 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "Email Before Download", "slug": "email-before-download", "affected_versions": { "* - 6.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f08ad322-6458-4608-b53a-6aaed38a9ef2?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f08ca5e3-8b48-4333-9c42-cc103d40394c": { "id": "f08ca5e3-8b48-4333-9c42-cc103d40394c", "title": "Related Post <= 2.0.53 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins", "slug": "related-post", "affected_versions": { "* - 2.0.53": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.53", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.54" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f08ca5e3-8b48-4333-9c42-cc103d40394c?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f090e1f1-2713-4f3a-b908-9407c242fdf9": { "id": "f090e1f1-2713-4f3a-b908-9407c242fdf9", "title": "Gutenberge Blocks <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "software": [ { "type": "plugin", "name": "Gutenberg Blocks by WordPress Download Manager", "slug": "wpdm-gutenberg-blocks", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f090e1f1-2713-4f3a-b908-9407c242fdf9?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0936f5b-a0b2-466b-bb92-143db6c32456": { "id": "f0936f5b-a0b2-466b-bb92-143db6c32456", "title": "Captain Slider <= 1.0.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Captain Slider", "slug": "captain-slider", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0936f5b-a0b2-466b-bb92-143db6c32456?source=api-scan" ], "published": "2015-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f093dfc8-8a2f-4614-b7c1-4fbf1afa9589": { "id": "f093dfc8-8a2f-4614-b7c1-4fbf1afa9589", "title": "Demon image annotation <= 5.3 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "demon image annotation", "slug": "demon-image-annotation", "affected_versions": { "* - 5.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f093dfc8-8a2f-4614-b7c1-4fbf1afa9589?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f09584f9-7ea3-4cfb-bbdf-7ca241e64bb1": { "id": "f09584f9-7ea3-4cfb-bbdf-7ca241e64bb1", "title": "Easy Pricing Tables <= 3.1.2 - Author+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables", "slug": "easy-pricing-tables", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f09584f9-7ea3-4cfb-bbdf-7ca241e64bb1?source=api-scan" ], "published": "2022-05-27 13:43:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f098d66f-43a6-44e9-b836-2994d2c97782": { "id": "f098d66f-43a6-44e9-b836-2994d2c97782", "title": "Cool Video Gallery <= 1.9 - Authenticated Command Injection", "software": [ { "type": "plugin", "name": "Cool Video Gallery", "slug": "cool-video-gallery", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f098d66f-43a6-44e9-b836-2994d2c97782?source=api-scan" ], "published": "2015-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0a261e9-8b96-4065-8fd3-7be53cc3c9a2": { "id": "f0a261e9-8b96-4065-8fd3-7be53cc3c9a2", "title": "10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "10Web Map Builder for Google Maps", "slug": "wd-google-maps", "affected_versions": { "* - 1.0.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0a261e9-8b96-4065-8fd3-7be53cc3c9a2?source=api-scan" ], "published": "2023-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0a3a0a8-dd1d-4d10-a084-128204b411ae": { "id": "f0a3a0a8-dd1d-4d10-a084-128204b411ae", "title": "Debug Info <= 1.3.10 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Debug Info", "slug": "debug-info", "affected_versions": { "* - 1.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0a3a0a8-dd1d-4d10-a084-128204b411ae?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0a5771b-0108-4393-a54e-b5e2c35caeb0": { "id": "f0a5771b-0108-4393-a54e-b5e2c35caeb0", "title": "Mangboard <= 1.9.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Mang Board WP", "slug": "mangboard", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0a5771b-0108-4393-a54e-b5e2c35caeb0?source=api-scan" ], "published": "2021-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0accbee-8ab3-4e6a-b7c8-a204d681d8cf": { "id": "f0accbee-8ab3-4e6a-b7c8-a204d681d8cf", "title": "Social Media Widget <= 4.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Social Media Widget", "slug": "social-media-widget", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0accbee-8ab3-4e6a-b7c8-a204d681d8cf?source=api-scan" ], "published": "2013-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0af86e4-c30b-49e2-ad6a-97a415a74d18": { "id": "f0af86e4-c30b-49e2-ad6a-97a415a74d18", "title": "Top 10 <= 2.9.4 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "[*, 2.9.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0af86e4-c30b-49e2-ad6a-97a415a74d18?source=api-scan" ], "published": "2020-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0b25726-0b8e-4fce-a986-5f1e176da75a": { "id": "f0b25726-0b8e-4fce-a986-5f1e176da75a", "title": "Booking Calendar < 4.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "[*, 4.1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0b25726-0b8e-4fce-a986-5f1e176da75a?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0b60313-042b-4e85-a117-9abd95824402": { "id": "f0b60313-042b-4e85-a117-9abd95824402", "title": "Deny All Firewall <= 1.1.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Deny All Firewall", "slug": "deny-all-firewall", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0b60313-042b-4e85-a117-9abd95824402?source=api-scan" ], "published": "2019-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0b8fd44-75af-4fb8-bcc1-94cb5fc9e4eb": { "id": "f0b8fd44-75af-4fb8-bcc1-94cb5fc9e4eb", "title": "GDPR Data Request Form <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GDPR Data Request Form", "slug": "gdpr-data-request-form", "affected_versions": { "* - 1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0b8fd44-75af-4fb8-bcc1-94cb5fc9e4eb?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0b95670-0767-4325-88d0-4ae6d7302558": { "id": "f0b95670-0767-4325-88d0-4ae6d7302558", "title": "Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce", "slug": "cartflows", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0b95670-0767-4325-88d0-4ae6d7302558?source=api-scan" ], "published": "2019-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0c23687-2e79-460a-96eb-7d11bf883ced": { "id": "f0c23687-2e79-460a-96eb-7d11bf883ced", "title": "Pk Favicon Manager <=2.1 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Pk Favicon Manager", "slug": "phpsword-favicon-manager", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0c23687-2e79-460a-96eb-7d11bf883ced?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0c7324f-4c22-44e0-8d2a-9b95fd89467d": { "id": "f0c7324f-4c22-44e0-8d2a-9b95fd89467d", "title": "vSlider Multi Image Slider <= 4.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "vSlider Multi Image Slider for WordPress", "slug": "vslider", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0c7324f-4c22-44e0-8d2a-9b95fd89467d?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0ccd265-2e64-4b23-a032-aaeb9941df34": { "id": "f0ccd265-2e64-4b23-a032-aaeb9941df34", "title": "Daily Prayer Time <= 2023.10.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode", "software": [ { "type": "plugin", "name": "Daily Prayer Time", "slug": "daily-prayer-time-for-mosques", "affected_versions": { "* - 2023.10.13": { "from_version": "*", "from_inclusive": true, "to_version": "2023.10.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2023.10.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0ccd265-2e64-4b23-a032-aaeb9941df34?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0cf53e3-1d5b-4f02-b1a1-61f6fc3ffe58": { "id": "f0cf53e3-1d5b-4f02-b1a1-61f6fc3ffe58", "title": "Event Espresso Core <= 4.10.6.p - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "event-espresso-core", "slug": "event-espresso-core", "affected_versions": { "* - 4.10.6.p": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.6.p", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.7.p" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0cf53e3-1d5b-4f02-b1a1-61f6fc3ffe58?source=api-scan" ], "published": "2021-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0d05295-182c-4c4a-bb0d-15831fe7e691": { "id": "f0d05295-182c-4c4a-bb0d-15831fe7e691", "title": "CTX Feed <= 6.5.6 - Authenticated (Shop Manager+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "CTX Feed \u2013 WooCommerce Product Feed Manager Plugin", "slug": "webappick-product-feed-for-woocommerce", "affected_versions": { "* - 6.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0d05295-182c-4c4a-bb0d-15831fe7e691?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0d96341-049c-4554-946b-12e2bf3e972e": { "id": "f0d96341-049c-4554-946b-12e2bf3e972e", "title": "Easy Digital Downloads \u2013 Wish Lists < 1.1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads - Wish Lists", "slug": "edd-wish-lists", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0d96341-049c-4554-946b-12e2bf3e972e?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0de5502-20a4-4436-89c6-ef42b8b40c08": { "id": "f0de5502-20a4-4436-89c6-ef42b8b40c08", "title": "Preview E-Mails for WooCommerce <= 1.6.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Preview E-mails for WooCommerce", "slug": "woo-preview-emails", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0de5502-20a4-4436-89c6-ef42b8b40c08?source=api-scan" ], "published": "2021-11-18 16:38:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0de8ff3-ac03-4640-829d-66a8496aa8aa": { "id": "f0de8ff3-ac03-4640-829d-66a8496aa8aa", "title": "NextGen Gallery <= 2.1.56 - Remote File Inclusion", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 2.1.56": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0de8ff3-ac03-4640-829d-66a8496aa8aa?source=api-scan" ], "published": "2016-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0e2d690-7562-438a-aa9f-d2711ddd7d2c": { "id": "f0e2d690-7562-438a-aa9f-d2711ddd7d2c", "title": "WishList Member X <= 3.25.1 - Missing Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Wishlist Member", "slug": "wishlist-member-x", "affected_versions": { "* - 3.25.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.25.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0e2d690-7562-438a-aa9f-d2711ddd7d2c?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0e77557-f377-4752-bc5b-ec00f2520150": { "id": "f0e77557-f377-4752-bc5b-ec00f2520150", "title": "Chocolate WP \u2013 Responsive Photography Theme (All Versions) - Remote File Inclusion", "software": [ { "type": "theme", "name": "Chocolate WP \u2013 Responsive Photography Theme | Photography", "slug": "dt-chocolate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0e77557-f377-4752-bc5b-ec00f2520150?source=api-scan" ], "published": "2013-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0e8d029-af6b-43cb-aa90-f92777c5ac99": { "id": "f0e8d029-af6b-43cb-aa90-f92777c5ac99", "title": "Timthumb Vulnerability Scanner <= 1.54 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Timthumb Vulnerability Scanner", "slug": "timthumb-vulnerability-scanner", "affected_versions": { "* - 1.54": { "from_version": "*", "from_inclusive": true, "to_version": "1.54", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0e8d029-af6b-43cb-aa90-f92777c5ac99?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0ea7279-bba3-49c4-b36a-0d51c96a23cf": { "id": "f0ea7279-bba3-49c4-b36a-0d51c96a23cf", "title": "BackupBuddy < 3.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "BackupBuddy", "slug": "backupbuddy", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0ea7279-bba3-49c4-b36a-0d51c96a23cf?source=api-scan" ], "published": "2013-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0ec70a0-d1be-4652-b029-d8268c2667ec": { "id": "f0ec70a0-d1be-4652-b029-d8268c2667ec", "title": "Nirweb support <= 2.7.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Nirweb support", "slug": "nirweb-support", "affected_versions": { "* - 2.7.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0ec70a0-d1be-4652-b029-d8268c2667ec?source=api-scan" ], "published": "2022-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0edfebc-bf6b-4346-9cd7-ce00007e3620": { "id": "f0edfebc-bf6b-4346-9cd7-ce00007e3620", "title": "Brizy \u2013 Page Builder <= 2.4.43 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget Link To URL", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.43": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.43", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.44" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0edfebc-bf6b-4346-9cd7-ce00007e3620?source=api-scan" ], "published": "2024-06-04 17:26:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0fa8050-6318-4528-8dd4-a3ca5467cfaa": { "id": "f0fa8050-6318-4528-8dd4-a3ca5467cfaa", "title": "Ads Invalid Click Protection <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ads Invalid Click Protection", "slug": "ads-invalid-click-protection", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0fa8050-6318-4528-8dd4-a3ca5467cfaa?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0ff03ab-eeb9-4445-92c8-326783d4b10e": { "id": "f0ff03ab-eeb9-4445-92c8-326783d4b10e", "title": "Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLs", "software": [ { "type": "plugin", "name": "Themesflat Addons For Elementor", "slug": "themesflat-addons-for-elementor", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0ff03ab-eeb9-4445-92c8-326783d4b10e?source=api-scan" ], "published": "2024-06-05 15:28:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f0ff2cb3-a385-4f5c-b555-b6a3dadfc458": { "id": "f0ff2cb3-a385-4f5c-b555-b6a3dadfc458", "title": "Fusion <= 2.1 - Arbitrary File Download", "software": [ { "type": "theme", "name": "Fusion", "slug": "fushion-theme", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f0ff2cb3-a385-4f5c-b555-b6a3dadfc458?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f105bee6-21b2-4014-bb0a-9e53c49e29b0": { "id": "f105bee6-21b2-4014-bb0a-9e53c49e29b0", "title": "Social Sharing Plugin \u2013 Social Warfare <= 4.4.5.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Social Sharing Plugin \u2013 Social Warfare", "slug": "social-warfare", "affected_versions": { "* - 4.4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f105bee6-21b2-4014-bb0a-9e53c49e29b0?source=api-scan" ], "published": "2024-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f105f6bf-3224-4f5c-8334-1a53ff9af9c0": { "id": "f105f6bf-3224-4f5c-8334-1a53ff9af9c0", "title": "Survey Maker \u2013 Best WordPress Survey Plugin <= 3.6.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Survey Maker", "slug": "survey-maker", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f105f6bf-3224-4f5c-8334-1a53ff9af9c0?source=api-scan" ], "published": "2024-04-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1060875-21dc-41fb-866a-940e6aeb3c22": { "id": "f1060875-21dc-41fb-866a-940e6aeb3c22", "title": "Echelon <= 2.4 - Arbitrary File Deletion", "software": [ { "type": "theme", "name": "Echelon", "slug": "echelon", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1060875-21dc-41fb-866a-940e6aeb3c22?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f107496b-020b-4222-91f3-49caba1a39db": { "id": "f107496b-020b-4222-91f3-49caba1a39db", "title": "Advanced Import <= 1.3.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Advanced Import : One Click Import for WordPress or Theme Demo Data", "slug": "advanced-import", "affected_versions": { "* - 1.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f107496b-020b-4222-91f3-49caba1a39db?source=api-scan" ], "published": "2022-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f107a2be-e75b-43f3-8d41-b68c50c27f55": { "id": "f107a2be-e75b-43f3-8d41-b68c50c27f55", "title": "jQuery HTML5 File Upload <= 3.0 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JQuery Html5 File Upload", "slug": "jquery-html5-file-upload", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f107a2be-e75b-43f3-8d41-b68c50c27f55?source=api-scan" ], "published": "2017-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f10a11d8-1ef8-427b-b256-ffe8769d61bb": { "id": "f10a11d8-1ef8-427b-b256-ffe8769d61bb", "title": "One Click Demo Import <= 3.2.0 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "One Click Demo Import", "slug": "one-click-demo-import", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f10a11d8-1ef8-427b-b256-ffe8769d61bb?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f10ae2b6-1580-418c-9cf7-e75ed71bb309": { "id": "f10ae2b6-1580-418c-9cf7-e75ed71bb309", "title": "Product Recommendation Quiz for eCommerce <= 2.1.0 - Missing Authorization in prq_set_token", "software": [ { "type": "plugin", "name": "Product Recommendation Quiz for eCommerce", "slug": "product-recommendation-quiz-for-ecommerce", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f10ae2b6-1580-418c-9cf7-e75ed71bb309?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f10e5eef-1ccf-4f98-b0e9-5ed05b3881a6": { "id": "f10e5eef-1ccf-4f98-b0e9-5ed05b3881a6", "title": "Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id", "software": [ { "type": "plugin", "name": "Ultimate Addons for Contact Form 7", "slug": "ultimate-addons-for-contact-form-7", "affected_versions": { "* - 3.1.23": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f10e5eef-1ccf-4f98-b0e9-5ed05b3881a6?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f10f6b12-5bf0-475a-ad9e-084ce5801b84": { "id": "f10f6b12-5bf0-475a-ad9e-084ce5801b84", "title": "WP Google Maps <= 7.11.27 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Go Maps (formerly WP Google Maps)", "slug": "wp-google-maps", "affected_versions": { "[*, 7.11.28)": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.28", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.11.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f10f6b12-5bf0-475a-ad9e-084ce5801b84?source=api-scan" ], "published": "2019-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f10fd22e-a25b-4f16-ad65-a995559908e9": { "id": "f10fd22e-a25b-4f16-ad65-a995559908e9", "title": "Mocho Blog <= 1.0.4 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Mocho Blog", "slug": "mocho-blog", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f10fd22e-a25b-4f16-ad65-a995559908e9?source=api-scan" ], "published": "2023-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f10fdf31-6941-4d41-8c15-90ed61addc2f": { "id": "f10fdf31-6941-4d41-8c15-90ed61addc2f", "title": "WordPress Core < 4.7.1 - Stored Cross-Site Scripting via theme directory name", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.16": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.16", "to_inclusive": true }, "3.8 - 3.8.16": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.16", "to_inclusive": true }, "3.9 - 3.9.14": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true }, "4.0 - 4.0.13": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.13", "to_inclusive": true }, "4.1 - 4.1.13": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true }, "4.2 - 4.2.10": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.10", "to_inclusive": true }, "4.3 - 4.3.6": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true }, "4.4 - 4.4.5": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true }, "4.5 - 4.5.4": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true }, "4.6 - 4.6.1": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true }, "4.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.17", "3.8.17", "3.9.15", "4.0.14", "4.1.14", "4.2.11", "4.3.7", "4.4.6", "4.5.5", "4.6.2", "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f10fdf31-6941-4d41-8c15-90ed61addc2f?source=api-scan" ], "published": "2017-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1105dc3-222f-46a5-a9b1-74c11923f886": { "id": "f1105dc3-222f-46a5-a9b1-74c11923f886", "title": "Replyable \u2013 Subscribe to Comments and Reply by Email <= 2.2.9 - Authenticated (Subscriber+) PHP Object Injection via prompt_dismiss_notice", "software": [ { "type": "plugin", "name": "Replyable \u2013 Subscribe to Comments and Reply by Email", "slug": "postmatic", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1105dc3-222f-46a5-a9b1-74c11923f886?source=api-scan" ], "published": "2023-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f111c87e-e1e8-45df-ab92-0a81e32467b4": { "id": "f111c87e-e1e8-45df-ab92-0a81e32467b4", "title": "Popup Maker <= 1.19.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.19.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.19.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f111c87e-e1e8-45df-ab92-0a81e32467b4?source=api-scan" ], "published": "2024-08-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f117fffb-2bbb-4e95-b589-909972db1e5e": { "id": "f117fffb-2bbb-4e95-b589-909972db1e5e", "title": "Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Language Switcher", "slug": "language-switcher", "affected_versions": { "* - 3.7.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f117fffb-2bbb-4e95-b589-909972db1e5e?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f11926c8-2b31-4ad5-9fd0-225071a91b2a": { "id": "f11926c8-2b31-4ad5-9fd0-225071a91b2a", "title": "Login With Ajax <= 4.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Login With Ajax \u2013 Fast Logins, 2FA, Redirects", "slug": "login-with-ajax", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f11926c8-2b31-4ad5-9fd0-225071a91b2a?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f119c6c2-cd4e-415a-b717-2bfc90ed729e": { "id": "f119c6c2-cd4e-415a-b717-2bfc90ed729e", "title": "Piotnet Forms <= 1.0.25 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Piotnet Forms", "slug": "piotnetforms", "affected_versions": { "* - 1.0.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f119c6c2-cd4e-415a-b717-2bfc90ed729e?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f11bc707-2465-4b64-945a-c0db6e9043dd": { "id": "f11bc707-2465-4b64-945a-c0db6e9043dd", "title": "Elementor Website Builder <= 3.22.1 - Authenticated (Contributor+) Arbitrary SVG Download", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.22.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.22.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.22.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f11bc707-2465-4b64-945a-c0db6e9043dd?source=api-scan" ], "published": "2024-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f11ea6b2-1225-42a5-aa7b-260315d0bec5": { "id": "f11ea6b2-1225-42a5-aa7b-260315d0bec5", "title": "WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website", "slug": "wp-job-portal", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f11ea6b2-1225-42a5-aa7b-260315d0bec5?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f124b5a0-b58b-45ff-bd22-7a09a9abd9bd": { "id": "f124b5a0-b58b-45ff-bd22-7a09a9abd9bd", "title": "Social Feed <= 2.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Feed | Custom Feed for Social Media Networks", "slug": "wp-social-feed", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f124b5a0-b58b-45ff-bd22-7a09a9abd9bd?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f125a9d4-7399-47ae-9b5d-4cfe12c4c177": { "id": "f125a9d4-7399-47ae-9b5d-4cfe12c4c177", "title": "Sahifa <= 2.4.0 - Full Path Disclosure", "software": [ { "type": "theme", "name": "Sahifa", "slug": "sahifa", "affected_versions": { "* - 2.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f125a9d4-7399-47ae-9b5d-4cfe12c4c177?source=api-scan" ], "published": "2013-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1388322-d935-4101-a6c4-a7c99228ddec": { "id": "f1388322-d935-4101-a6c4-a7c99228ddec", "title": "Flash Uploader <= 3.1.2 - Arbitrary Command Execution", "software": [ { "type": "plugin", "name": "WordPress Flash Uploader", "slug": "wordpress-flash-uploader", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1388322-d935-4101-a6c4-a7c99228ddec?source=api-scan" ], "published": "2014-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f14478d9-2c17-48a8-a7d3-658a92a10d9c": { "id": "f14478d9-2c17-48a8-a7d3-658a92a10d9c", "title": "Login Logo Editor <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login Logo Editor", "slug": "login-logo-editor-by-oizuled", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f14478d9-2c17-48a8-a7d3-658a92a10d9c?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f147641a-f430-4743-901e-539373dc10b7": { "id": "f147641a-f430-4743-901e-539373dc10b7", "title": "MemberPress <= 1.11.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via arglist Parameter", "software": [ { "type": "plugin", "name": "Memberpress", "slug": "memberpress", "affected_versions": { "* - 1.11.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f147641a-f430-4743-901e-539373dc10b7?source=api-scan" ], "published": "2024-05-21 20:02:06", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f15415aa-b820-4697-8360-b526312c89d3": { "id": "f15415aa-b820-4697-8360-b526312c89d3", "title": "ICS Calendar <= 10.12.0.2 - Authenticated (Contributor+) Arbitrary File Read and Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "ICS Calendar", "slug": "ics-calendar", "affected_versions": { "* - 10.12.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "10.12.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.12.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f15415aa-b820-4697-8360-b526312c89d3?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f15af4eb-5752-4a85-babd-cee7e89c329d": { "id": "f15af4eb-5752-4a85-babd-cee7e89c329d", "title": "Auto Prune Posts <= 1.8.0 - Cross-Site Request Forgery via admin_menu", "software": [ { "type": "plugin", "name": "Auto Prune Posts", "slug": "auto-prune-posts", "affected_versions": { "* - 1.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f15af4eb-5752-4a85-babd-cee7e89c329d?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f15d39ba-9211-4d35-8252-20d53c6bc249": { "id": "f15d39ba-9211-4d35-8252-20d53c6bc249", "title": "WP-DownloadManager <= 1.68.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP-DownloadManager", "slug": "wp-downloadmanager", "affected_versions": { "[*, 1.68.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.68.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.68.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f15d39ba-9211-4d35-8252-20d53c6bc249?source=api-scan" ], "published": "2022-01-10 13:42:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f15f85c6-0bba-4bbd-b097-d205b9e0a075": { "id": "f15f85c6-0bba-4bbd-b097-d205b9e0a075", "title": "Build App Online <= 1.0.18 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Build App Online", "slug": "build-app-online", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f15f85c6-0bba-4bbd-b097-d205b9e0a075?source=api-scan" ], "published": "2022-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f160f474-de8d-4120-9f46-a185b035a627": { "id": "f160f474-de8d-4120-9f46-a185b035a627", "title": "Team Circle Image Slider With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Circle Image Slider With Lightbox", "slug": "circle-image-slider-with-lightbox", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f160f474-de8d-4120-9f46-a185b035a627?source=api-scan" ], "published": "2022-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f162e046-a7d3-4f2c-899d-6c46cb92c8ee": { "id": "f162e046-a7d3-4f2c-899d-6c46cb92c8ee", "title": "Yoast SEO <= 17.2 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "[*, 17.3)": { "from_version": "*", "from_inclusive": true, "to_version": "17.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "17.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f162e046-a7d3-4f2c-899d-6c46cb92c8ee?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1666371-9401-4b62-b44e-abc7fb4c6138": { "id": "f1666371-9401-4b62-b44e-abc7fb4c6138", "title": "Night Mode <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Night Mode", "slug": "night-mode", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1666371-9401-4b62-b44e-abc7fb4c6138?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f167c3c5-df35-456c-a5f1-139cc3c02ffb": { "id": "f167c3c5-df35-456c-a5f1-139cc3c02ffb", "title": "CSS JS Manager <= 2.4.49 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce", "slug": "css-js-manager", "affected_versions": { "* - 2.4.49": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.49", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.49.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f167c3c5-df35-456c-a5f1-139cc3c02ffb?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f16ea30d-0d03-4464-b75d-e77264af2510": { "id": "f16ea30d-0d03-4464-b75d-e77264af2510", "title": "Easy Custom Code (LESS\/CSS\/JS) \u2013 Live editing <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Custom Code (LESS\/CSS\/JS) \u2013 Live editing", "slug": "easy-custom-code", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f16ea30d-0d03-4464-b75d-e77264af2510?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f170379e-e833-42e0-96fd-1e1722a8331c": { "id": "f170379e-e833-42e0-96fd-1e1722a8331c", "title": "System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)", "software": [ { "type": "plugin", "name": "System Dashboard", "slug": "system-dashboard", "affected_versions": { "* - 2.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f170379e-e833-42e0-96fd-1e1722a8331c?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f17c4748-2a95-495c-ad3b-86b272855791": { "id": "f17c4748-2a95-495c-ad3b-86b272855791", "title": "Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Piraeus Bank WooCommerce Payment Gateway", "slug": "woo-payment-gateway-for-piraeus-bank", "affected_versions": { "* - 1.6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f17c4748-2a95-495c-ad3b-86b272855791?source=api-scan" ], "published": "2024-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f185709e-0d13-48d3-9c15-03466b72dac2": { "id": "f185709e-0d13-48d3-9c15-03466b72dac2", "title": "Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] }, { "type": "plugin", "name": "Contest Gallery Pro", "slug": "contest-gallery-pro", "affected_versions": { "* - 19.1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "19.1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "19.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f185709e-0d13-48d3-9c15-03466b72dac2?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f18617cd-b2e9-480d-9ec0-9438a416721e": { "id": "f18617cd-b2e9-480d-9ec0-9438a416721e", "title": "Cost Calculator Builder <= 3.2.28 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cost Calculator Builder", "slug": "cost-calculator-builder", "affected_versions": { "* - 3.2.28": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f18617cd-b2e9-480d-9ec0-9438a416721e?source=api-scan" ], "published": "2024-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f188c032-6f36-45a9-9ca8-39bfe91c97d4": { "id": "f188c032-6f36-45a9-9ca8-39bfe91c97d4", "title": "Konzept (Unkown Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Konzept - Fullscreen Portfolio WordPress Theme", "slug": "konzept", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f188c032-6f36-45a9-9ca8-39bfe91c97d4?source=api-scan" ], "published": "2014-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f18b7523-fa8f-4c5d-acd7-db0e2135c796": { "id": "f18b7523-fa8f-4c5d-acd7-db0e2135c796", "title": "Product Enquiry for WooCommerce <= 3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Product Enquiry for WooCommerce", "slug": "gm-woocommerce-quote-popup", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f18b7523-fa8f-4c5d-acd7-db0e2135c796?source=api-scan" ], "published": "2024-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f18be13a-1b16-40f8-85a7-bd77b49e243c": { "id": "f18be13a-1b16-40f8-85a7-bd77b49e243c", "title": "Otter - Gutenberg Blocks <= 2.2.5 - Authenticated (Author+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-blocks", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f18be13a-1b16-40f8-85a7-bd77b49e243c?source=api-scan" ], "published": "2023-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f19006a0-6848-467b-90ed-33b3ebd2c7ba": { "id": "f19006a0-6848-467b-90ed-33b3ebd2c7ba", "title": "Order date time for WooCommerce <= 3.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce", "slug": "pi-woocommerce-order-date-time-and-type", "affected_versions": { "* - 3.0.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f19006a0-6848-467b-90ed-33b3ebd2c7ba?source=api-scan" ], "published": "2023-03-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1946a48-c1d6-4ca9-909f-0d4b78c25c36": { "id": "f1946a48-c1d6-4ca9-909f-0d4b78c25c36", "title": "Delete Post Revisions In WordPress <= 4.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Delete Post Revisions In WordPress", "slug": "delete-post-revisions-on-single-click", "affected_versions": { "* - 4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1946a48-c1d6-4ca9-909f-0d4b78c25c36?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f19c84c7-9b27-48b0-b648-b5681eff1371": { "id": "f19c84c7-9b27-48b0-b648-b5681eff1371", "title": "Advanced Custom Fields: Table Field < 1.1.13 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Table Field Add-on for SCF and ACF", "slug": "advanced-custom-fields-table-field", "affected_versions": { "[*, 1.1.13)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f19c84c7-9b27-48b0-b648-b5681eff1371?source=api-scan" ], "published": "2016-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1a2a09d-b50e-499d-8cfd-6e2884e66127": { "id": "f1a2a09d-b50e-499d-8cfd-6e2884e66127", "title": "EazyDocs 2.3.8 - 2.3.9 - Missing Authorization", "software": [ { "type": "plugin", "name": "EazyDocs \u2013 Most Powerful Knowledge base, wiki, Documentation Builder Plugin", "slug": "eazydocs", "affected_versions": { "2.3.8 - 2.3.9": { "from_version": "2.3.8", "from_inclusive": true, "to_version": "2.3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1a2a09d-b50e-499d-8cfd-6e2884e66127?source=api-scan" ], "published": "2023-12-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1aa6c8b-8231-49f1-a30a-fc1a03813221": { "id": "f1aa6c8b-8231-49f1-a30a-fc1a03813221", "title": "ProductX \u2013 Gutenberg WooCommerce Blocks <= 2.7.8 - Missing Authorization via option_data_save", "software": [ { "type": "plugin", "name": "WooCommerce Builder & Gutenberg WooCommerce Blocks \u2013 WowStore", "slug": "product-blocks", "affected_versions": { "* - 2.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1aa6c8b-8231-49f1-a30a-fc1a03813221?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1add368-81d2-455f-a95a-c13566c58d39": { "id": "f1add368-81d2-455f-a95a-c13566c58d39", "title": "Web Invoice <= 2.1.3 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Web Invoice \u2013 Invoicing and billing for WordPress", "slug": "web-invoice", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1add368-81d2-455f-a95a-c13566c58d39?source=api-scan" ], "published": "2022-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1b6f041-5ea6-48ca-9ca7-4ce96cbfa275": { "id": "f1b6f041-5ea6-48ca-9ca7-4ce96cbfa275", "title": "WP Migration Plugin DB & Files \u2013 WP Synchro <= 1.9.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Synchro \u2013 WordPress Migration Plugin for Database & Files", "slug": "wpsynchro", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1b6f041-5ea6-48ca-9ca7-4ce96cbfa275?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1b6fe67-cbd8-438f-8e06-d0f25eddc81a": { "id": "f1b6fe67-cbd8-438f-8e06-d0f25eddc81a", "title": "Custom Content Type Manager 0.9.8.7 - 0.9.8.8 - Malicious Backdoor", "software": [ { "type": "plugin", "name": "Custom Content Type Manager", "slug": "custom-content-type-manager", "affected_versions": { "0.9.8.7 - 0.9.8.8": { "from_version": "0.9.8.7", "from_inclusive": true, "to_version": "0.9.8.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.8.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1b6fe67-cbd8-438f-8e06-d0f25eddc81a?source=api-scan" ], "published": "2016-03-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1bf4f77-9539-4a9f-afec-f43f602c684f": { "id": "f1bf4f77-9539-4a9f-afec-f43f602c684f", "title": "Advanced Access Manager <= 6.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More", "slug": "advanced-access-manager", "affected_versions": { "* - 6.9.18": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1bf4f77-9539-4a9f-afec-f43f602c684f?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1c08c10-7358-4618-b892-7d222ba460de": { "id": "f1c08c10-7358-4618-b892-7d222ba460de", "title": "terser (JS Package) < 5.14.2 - Denial of Service", "software": [ { "type": "plugin", "name": "Retro Winamp Block", "slug": "retro-winamp-block", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Sophi", "slug": "sophi", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] }, { "type": "plugin", "name": "ElasticPress", "slug": "elasticpress", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] }, { "type": "plugin", "name": "Simple Podcasting", "slug": "simple-podcasting", "affected_versions": { "[*, 1.2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Simple Local Avatars", "slug": "simple-local-avatars", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1c08c10-7358-4618-b892-7d222ba460de?source=api-scan" ], "published": "2022-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1c5ce2b-9ac4-4fd2-9e49-ccb8538ba100": { "id": "f1c5ce2b-9ac4-4fd2-9e49-ccb8538ba100", "title": "Surveys 1.01.8 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "surveys", "slug": "surveys", "affected_versions": { "* - 1.01.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.01.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1c5ce2b-9ac4-4fd2-9e49-ccb8538ba100?source=api-scan" ], "published": "2017-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1c68f9d-a026-4cef-82e6-25949a3d59ad": { "id": "f1c68f9d-a026-4cef-82e6-25949a3d59ad", "title": "GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "GutenGeek Free Gutenberg Blocks for WordPress", "slug": "gtg-advanced-blocks", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1c68f9d-a026-4cef-82e6-25949a3d59ad?source=api-scan" ], "published": "2024-09-24 12:21:15", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1cbe675-4c0f-430a-b2db-85ba8605d172": { "id": "f1cbe675-4c0f-430a-b2db-85ba8605d172", "title": "Deeper Comments <= 2.1.1 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Options Update", "software": [ { "type": "plugin", "name": "Deeper Comments", "slug": "deeper-comments", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1cbe675-4c0f-430a-b2db-85ba8605d172?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1d2015b-86e8-4d0f-b095-f3917480ff15": { "id": "f1d2015b-86e8-4d0f-b095-f3917480ff15", "title": "Bridge Theme <= 18.2, Qode Instagram Widget <=2.0.1, Qode Twitter Feed <= 2.0.0 - Open Redirect", "software": [ { "type": "theme", "name": "Bridge - Creative Multipurpose WordPress Theme", "slug": "bridge", "affected_versions": { "[*, 18.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "18.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "18.2.1" ] }, { "type": "plugin", "name": "Bridge Theme Qode Instagram Widget", "slug": "qode-instagram-widget", "affected_versions": { "[*, 2.0.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.2" ] }, { "type": "plugin", "name": "Bridge Theme Qode Twitter Feed", "slug": "qode-twitter-feed", "affected_versions": { "[*, 2.0.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1d2015b-86e8-4d0f-b095-f3917480ff15?source=api-scan" ], "published": "2019-10-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1d26326-c5c5-4993-aadf-298759eb873d": { "id": "f1d26326-c5c5-4993-aadf-298759eb873d", "title": "Chop Slider 3 <= 3.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Chop Slider 3", "slug": "chopslider", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1d26326-c5c5-4993-aadf-298759eb873d?source=api-scan" ], "published": "2020-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1de8404-5c7b-48d7-ab7f-7f99b309ee43": { "id": "f1de8404-5c7b-48d7-ab7f-7f99b309ee43", "title": "timelineoptinpro Plugin (All Versions) - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "timelineoptinpro", "slug": "timelineoptinpro", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1de8404-5c7b-48d7-ab7f-7f99b309ee43?source=api-scan" ], "published": "2013-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1e31357-7fbc-414b-a4f4-53fa5f2fc715": { "id": "f1e31357-7fbc-414b-a4f4-53fa5f2fc715", "title": "User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "User Email Verification for WooCommerce", "slug": "woo-confirmation-email", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1e31357-7fbc-414b-a4f4-53fa5f2fc715?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1e98579-6e23-4309-9db5-e47d1e77ab07": { "id": "f1e98579-6e23-4309-9db5-e47d1e77ab07", "title": "File Download <= 1.4 - Open Proxy", "software": [ { "type": "plugin", "name": "filedownload", "slug": "filedownload", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1e98579-6e23-4309-9db5-e47d1e77ab07?source=api-scan" ], "published": "2017-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1eb0852-00ef-489a-aa39-7d8603249deb": { "id": "f1eb0852-00ef-489a-aa39-7d8603249deb", "title": "Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "[*, 5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.11" ] }, { "type": "plugin", "name": "Advanced Custom Fields Pro", "slug": "advanced-custom-fields-pro", "affected_versions": { "[*, 5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1eb0852-00ef-489a-aa39-7d8603249deb?source=api-scan" ], "published": "2021-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1ef067b-e4b4-4174-b6ff-ec94a7afd55d": { "id": "f1ef067b-e4b4-4174-b6ff-ec94a7afd55d", "title": "CMP <= 3.8.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "CMP \u2013 Coming Soon & Maintenance Plugin by NiteoThemes", "slug": "cmp-coming-soon-maintenance", "affected_versions": { "* - 3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1ef067b-e4b4-4174-b6ff-ec94a7afd55d?source=api-scan" ], "published": "2020-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1efcff5-3af6-4c44-9654-b917523419aa": { "id": "f1efcff5-3af6-4c44-9654-b917523419aa", "title": "WooCommerce <= 7.0.0 - Authenticated(Shop Manager+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 7.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1efcff5-3af6-4c44-9654-b917523419aa?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f1fa1999-685c-4b68-927d-617abf9143d7": { "id": "f1fa1999-685c-4b68-927d-617abf9143d7", "title": "Premium Addons PRO <= 2.9.0 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Premium Addons Pro for Elementor", "slug": "premium-addons-pro", "affected_versions": { "* - 2.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f1fa1999-685c-4b68-927d-617abf9143d7?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f203f30c-998b-4719-9268-0a78e1dc84be": { "id": "f203f30c-998b-4719-9268-0a78e1dc84be", "title": "Asset Manager <= 0.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Asset Manager", "slug": "asset-manager", "affected_versions": { "* - 0.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f203f30c-998b-4719-9268-0a78e1dc84be?source=api-scan" ], "published": "2012-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f203fb35-e217-4912-aa80-0bb6b3de1830": { "id": "f203fb35-e217-4912-aa80-0bb6b3de1830", "title": "Easy Digital Downloads \u2013 Free Downloads <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads - Free Downloads", "slug": "edd-free-downloads", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f203fb35-e217-4912-aa80-0bb6b3de1830?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f208ca5a-a404-4664-80f5-643e713f600a": { "id": "f208ca5a-a404-4664-80f5-643e713f600a", "title": "NewsPlugin <= 1.0.18 \u2013 Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NewsPlugin", "slug": "newsplugin", "affected_versions": { "* - 1.0.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f208ca5a-a404-4664-80f5-643e713f600a?source=api-scan" ], "published": "2021-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f20aff55-f9c9-42f7-9c7b-3f4a709f4a60": { "id": "f20aff55-f9c9-42f7-9c7b-3f4a709f4a60", "title": "bbPress <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting via the forums list table", "software": [ { "type": "plugin", "name": "bbPress", "slug": "bbpress", "affected_versions": { "* - 2.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f20aff55-f9c9-42f7-9c7b-3f4a709f4a60?source=api-scan" ], "published": "2020-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f20b79cd-4393-4c96-ac78-139ac7c11144": { "id": "f20b79cd-4393-4c96-ac78-139ac7c11144", "title": "o2s gallery (All Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "o2s gallery", "slug": "o2s-gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f20b79cd-4393-4c96-ac78-139ac7c11144?source=api-scan" ], "published": "2013-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f20fc354-e93c-4da4-8344-a71b07e04e56": { "id": "f20fc354-e93c-4da4-8344-a71b07e04e56", "title": "AdsPlace'r \u2013 Ad Manager, Inserter, AdSense Ads <= 1.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AdsPlace'r \u2013 Ad Manager, Inserter, AdSense Ads", "slug": "adsplacer", "affected_versions": { "* - 1.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f20fc354-e93c-4da4-8344-a71b07e04e56?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f21100f4-f655-41e6-a31c-70ce4dfb1ba6": { "id": "f21100f4-f655-41e6-a31c-70ce4dfb1ba6", "title": "Ceceppa Multilingua <= 1.5.17 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ceceppa Multilingua", "slug": "ceceppa-multilingua", "affected_versions": { "* - 1.5.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f21100f4-f655-41e6-a31c-70ce4dfb1ba6?source=api-scan" ], "published": "2020-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2126761-cbff-4d46-a6df-4566d15216d7": { "id": "f2126761-cbff-4d46-a6df-4566d15216d7", "title": "MW WP Form <= 5.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MW WP Form", "slug": "mw-wp-form", "affected_versions": { "* - 5.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2126761-cbff-4d46-a6df-4566d15216d7?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f213fb42-5bab-4017-80ea-ce6543031af2": { "id": "f213fb42-5bab-4017-80ea-ce6543031af2", "title": "Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "[*, 7.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f213fb42-5bab-4017-80ea-ce6543031af2?source=api-scan" ], "published": "2023-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f219b6ea-58b9-455e-a99d-8412661c8e39": { "id": "f219b6ea-58b9-455e-a99d-8412661c8e39", "title": "postMash \u2013 custom post order <= 1.2.0 - Reflected Cross-Site Scripting via m", "software": [ { "type": "plugin", "name": "postMash \u2013 custom post order", "slug": "postmash", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f219b6ea-58b9-455e-a99d-8412661c8e39?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f21c70aa-22be-456d-93bb-f478b70deaef": { "id": "f21c70aa-22be-456d-93bb-f478b70deaef", "title": "WordPress Core < 4.7.5 - Cross-Site Scripting via Customizer", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.20": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.20", "to_inclusive": true }, "3.8 - 3.8.20": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.20", "to_inclusive": true }, "3.9 - 3.9.18": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.18", "to_inclusive": true }, "4.0 - 4.0.17": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.17", "to_inclusive": true }, "4.1 - 4.1.17": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.17", "to_inclusive": true }, "4.2 - 4.2.14": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.14", "to_inclusive": true }, "4.3 - 4.3.10": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.10", "to_inclusive": true }, "4.4 - 4.4.9": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true }, "4.5 - 4.5.8": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": true }, "4.6 - 4.6.5": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": true }, "4.7 - 4.7.4": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.21", "3.8.21", "3.9.19", "4.0.18", "4.1.18", "4.2.15", "4.3.11", "4.4.10", "4.5.9", "4.6.6", "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f21c70aa-22be-456d-93bb-f478b70deaef?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f21cbe18-77e1-4a9a-96a0-74edaef0db3e": { "id": "f21cbe18-77e1-4a9a-96a0-74edaef0db3e", "title": "Attire <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "theme", "name": "Attire", "slug": "attire", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f21cbe18-77e1-4a9a-96a0-74edaef0db3e?source=api-scan" ], "published": "2024-08-30 14:33:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f21f757b-43f8-4371-886c-b9f7fd79c715": { "id": "f21f757b-43f8-4371-886c-b9f7fd79c715", "title": "Pricing Table Plugin - < 2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Pricing Table Plugin", "slug": "arprice-responsive-pricing-table", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f21f757b-43f8-4371-886c-b9f7fd79c715?source=api-scan" ], "published": "2019-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2244c29-9d79-47d5-b077-bf04a9199cdc": { "id": "f2244c29-9d79-47d5-b077-bf04a9199cdc", "title": "Events Manager <= 5.9.7.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "* - 5.9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2244c29-9d79-47d5-b077-bf04a9199cdc?source=api-scan" ], "published": "2020-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2251c72-cc98-477e-bd4d-0e134b86acce": { "id": "f2251c72-cc98-477e-bd4d-0e134b86acce", "title": "Conversational Forms for ChatBot <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ChatBot Conversational Forms", "slug": "conversational-forms", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2251c72-cc98-477e-bd4d-0e134b86acce?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2268be8-f9b8-4028-b681-7793b2bd43f8": { "id": "f2268be8-f9b8-4028-b681-7793b2bd43f8", "title": "Ivory Search <= 4.6.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ivory Search \u2013 WordPress Search Plugin", "slug": "add-search-to-menu", "affected_versions": { "* - 4.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2268be8-f9b8-4028-b681-7793b2bd43f8?source=api-scan" ], "published": "2021-10-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2329a5d-0649-498e-a18c-a17de7b30df4": { "id": "f2329a5d-0649-498e-a18c-a17de7b30df4", "title": "Modern Events Calendar Lite <= 6.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 6.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2329a5d-0649-498e-a18c-a17de7b30df4?source=api-scan" ], "published": "2022-04-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f232f550-f964-4a69-9a80-aa9768149094": { "id": "f232f550-f964-4a69-9a80-aa9768149094", "title": "BulletProof Security <= .53.3 - Authenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BulletProof Security", "slug": "bulletproof-security", "affected_versions": { "[*, .53.4)": { "from_version": "*", "from_inclusive": true, "to_version": ".53.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ ".53.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f232f550-f964-4a69-9a80-aa9768149094?source=api-scan" ], "published": "2016-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f234f05f-e377-4e89-81e1-f47ff44eebc5": { "id": "f234f05f-e377-4e89-81e1-f47ff44eebc5", "title": "Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Podlove Subscribe button", "slug": "podlove-subscribe-button", "affected_versions": { "* - 1.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f234f05f-e377-4e89-81e1-f47ff44eebc5?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f23b144e-4380-4099-89b5-816c8c2f710f": { "id": "f23b144e-4380-4099-89b5-816c8c2f710f", "title": "WP Attachments <= 5.0.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Attachments", "slug": "wp-attachments", "affected_versions": { "* - 5.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f23b144e-4380-4099-89b5-816c8c2f710f?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f23d80ae-a686-4e89-a8c0-648289521c58": { "id": "f23d80ae-a686-4e89-a8c0-648289521c58", "title": "All-in-One Events Calendar < 1.10 - SQL Injection", "software": [ { "type": "plugin", "name": "Timely All-in-One Events Calendar", "slug": "all-in-one-event-calendar", "affected_versions": { "[*, 1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f23d80ae-a686-4e89-a8c0-648289521c58?source=api-scan" ], "published": "2013-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f23e7274-45f6-46da-b4c8-2eaa1bd39257": { "id": "f23e7274-45f6-46da-b4c8-2eaa1bd39257", "title": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security <= 20.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security", "slug": "wp-simple-firewall", "affected_versions": { "* - 20.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "20.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f23e7274-45f6-46da-b4c8-2eaa1bd39257?source=api-scan" ], "published": "2024-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2448450-9d0e-42bc-bfdb-66861b2f212c": { "id": "f2448450-9d0e-42bc-bfdb-66861b2f212c", "title": "Gravityforms <= 1.9.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gravity Forms", "slug": "gravityforms", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2448450-9d0e-42bc-bfdb-66861b2f212c?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f24af4f2-bb05-4833-a2bc-771143970e00": { "id": "f24af4f2-bb05-4833-a2bc-771143970e00", "title": "HD FLV Player <= 1.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "HD FLV PLayer", "slug": "contus-hd-flv-player", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f24af4f2-bb05-4833-a2bc-771143970e00?source=api-scan" ], "published": "2012-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f24b3afe-5de3-464c-92af-a654e97f0945": { "id": "f24b3afe-5de3-464c-92af-a654e97f0945", "title": "Taxi Booking Manager for WooCommerce \u2013 WordPress plugin | Ecab <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Taxi Booking Manager for WooCommerce \u2013 WordPress plugin | Ecab", "slug": "ecab-taxi-booking-manager", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f24b3afe-5de3-464c-92af-a654e97f0945?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f24cfefe-f671-456d-a378-44a41fc81c0e": { "id": "f24cfefe-f671-456d-a378-44a41fc81c0e", "title": "Ultimate Member <= 2.0.3 - Directory Traversal", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f24cfefe-f671-456d-a378-44a41fc81c0e?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f24db166-93d6-4a61-a8fe-455eebde0777": { "id": "f24db166-93d6-4a61-a8fe-455eebde0777", "title": "Dtracker <= 1.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "DTracker", "slug": "dtracker", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f24db166-93d6-4a61-a8fe-455eebde0777?source=api-scan" ], "published": "2017-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f24e753e-2eb0-49a2-9fb1-68daaca12816": { "id": "f24e753e-2eb0-49a2-9fb1-68daaca12816", "title": "Sell Downloads <= 1.0.7 - Improper Input Validation", "software": [ { "type": "plugin", "name": "Sell Downloads", "slug": "sell-downloads", "affected_versions": { "[*, 1.0.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f24e753e-2eb0-49a2-9fb1-68daaca12816?source=api-scan" ], "published": "2015-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f256036d-11e8-4311-baa0-d15193c72da0": { "id": "f256036d-11e8-4311-baa0-d15193c72da0", "title": "Eventin <= 3.3.52 - Missing Authorization", "software": [ { "type": "plugin", "name": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin", "slug": "wp-event-solution", "affected_versions": { "* - 3.3.52": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.53" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f256036d-11e8-4311-baa0-d15193c72da0?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f256518c-9a3e-4e6e-8d49-d309e397c14d": { "id": "f256518c-9a3e-4e6e-8d49-d309e397c14d", "title": "Bravo Translate <= 1.2 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Bravo Translate", "slug": "bravo-translate", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f256518c-9a3e-4e6e-8d49-d309e397c14d?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f25b2a4b-d863-4f24-ae67-4c8e41602c6f": { "id": "f25b2a4b-d863-4f24-ae67-4c8e41602c6f", "title": "WP Event Manager <= 3.1.41 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", "slug": "wp-event-manager", "affected_versions": { "* - 3.1.41": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f25b2a4b-d863-4f24-ae67-4c8e41602c6f?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f25b355a-edeb-4d88-8419-ab0d716ec5bf": { "id": "f25b355a-edeb-4d88-8419-ab0d716ec5bf", "title": "Flexi Quote Rotator <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flexi Quote Rotator", "slug": "flexi-quote-rotator", "affected_versions": { "* - 0.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f25b355a-edeb-4d88-8419-ab0d716ec5bf?source=api-scan" ], "published": "2022-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f25cd403-77a4-437b-b9ba-93137bf9c936": { "id": "f25cd403-77a4-437b-b9ba-93137bf9c936", "title": "POST SMTP Mailer <= 2.7.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f25cd403-77a4-437b-b9ba-93137bf9c936?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f25cdb02-4624-4a46-a622-28665e1d856e": { "id": "f25cdb02-4624-4a46-a622-28665e1d856e", "title": "Amazon Link <= 3.2.10 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Amazon Link", "slug": "amazon-link", "affected_versions": { "* - 3.2.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f25cdb02-4624-4a46-a622-28665e1d856e?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f25d0409-dbca-4c5a-9f43-fc03e5307d0f": { "id": "f25d0409-dbca-4c5a-9f43-fc03e5307d0f", "title": "WordPress Core < 1.5.1.3 - Arbitrary Email Content Change", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 1.5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f25d0409-dbca-4c5a-9f43-fc03e5307d0f?source=api-scan" ], "published": "2005-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f25f358b-f9b7-4660-8dda-673023dc1967": { "id": "f25f358b-f9b7-4660-8dda-673023dc1967", "title": "Child Theme Creator <= 1.5.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Child Theme Creator by Orbisius", "slug": "orbisius-child-theme-creator", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f25f358b-f9b7-4660-8dda-673023dc1967?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2667b7c-b743-44d1-90d6-b1be6fcd7dca": { "id": "f2667b7c-b743-44d1-90d6-b1be6fcd7dca", "title": "Premium Blocks \u2013 Gutenberg Blocks for WordPress <= 2.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Blocks \u2013 Gutenberg Blocks for WordPress", "slug": "premium-blocks-for-gutenberg", "affected_versions": { "* - 2.1.33": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.33", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.34" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2667b7c-b743-44d1-90d6-b1be6fcd7dca?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2675177-8b85-4fb8-ba10-ae02cb5c6c72": { "id": "f2675177-8b85-4fb8-ba10-ae02cb5c6c72", "title": "Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2675177-8b85-4fb8-ba10-ae02cb5c6c72?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f268974a-db92-42d2-9e1d-f990ea067740": { "id": "f268974a-db92-42d2-9e1d-f990ea067740", "title": "Contact Form Manager <= 1.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Manager", "slug": "contact-form-manager", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f268974a-db92-42d2-9e1d-f990ea067740?source=api-scan" ], "published": "2015-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f26a6ace-4623-4931-a4e4-8176d799d274": { "id": "f26a6ace-4623-4931-a4e4-8176d799d274", "title": "WordPress Hosting Benchmark tool <= 1.3.6 - Cross-Site Request Forgery via execute_plugin()", "software": [ { "type": "plugin", "name": "WordPress Hosting Benchmark tool", "slug": "wpbenchmark", "affected_versions": { "* - 1.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f26a6ace-4623-4931-a4e4-8176d799d274?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f26fcef3-6d94-46f6-9832-bdb03b6cb867": { "id": "f26fcef3-6d94-46f6-9832-bdb03b6cb867", "title": "CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CP Contact Form with PayPal", "slug": "cp-contact-form-with-paypal", "affected_versions": { "[*, 1.3.02)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.02", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.02" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f26fcef3-6d94-46f6-9832-bdb03b6cb867?source=api-scan" ], "published": "2019-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f270c73f-ccdb-4575-ab9b-014c65873607": { "id": "f270c73f-ccdb-4575-ab9b-014c65873607", "title": "Slideshow SE <= 2.5.17 - Authenticated (Author+) Limited Local File Inclusion", "software": [ { "type": "plugin", "name": "Slideshow SE", "slug": "slideshow-se", "affected_versions": { "* - 2.5.17": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f270c73f-ccdb-4575-ab9b-014c65873607?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f271c2e7-9d58-4dea-95d3-3ffc4ec7c3b2": { "id": "f271c2e7-9d58-4dea-95d3-3ffc4ec7c3b2", "title": "Front-end Editor < 2.3 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Front-end Editor", "slug": "front-end-editor", "affected_versions": { "[*, 2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f271c2e7-9d58-4dea-95d3-3ffc4ec7c3b2?source=api-scan" ], "published": "2012-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f27853e0-1785-4670-a7b2-f72c19f4a6ac": { "id": "f27853e0-1785-4670-a7b2-f72c19f4a6ac", "title": "WP Clictracker <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Clictracker", "slug": "clictracker", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f27853e0-1785-4670-a7b2-f72c19f4a6ac?source=api-scan" ], "published": "2022-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2862cee-0412-42ba-9a8e-e5722bece775": { "id": "f2862cee-0412-42ba-9a8e-e5722bece775", "title": "Redirection <= 3.6.3 - Cross-Site Request Forgery to Remote Code Execution", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirection", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2862cee-0412-42ba-9a8e-e5722bece775?source=api-scan" ], "published": "2018-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f28826e7-913e-4a88-a48a-3b8dd5623d39": { "id": "f28826e7-913e-4a88-a48a-3b8dd5623d39", "title": "Ni WooCommerce Custom Order Status <= 1.9.6 - SQL Injection", "software": [ { "type": "plugin", "name": "Ni WooCommerce Custom Order Status", "slug": "ni-woocommerce-custom-order-status", "affected_versions": { "* - 1.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f28826e7-913e-4a88-a48a-3b8dd5623d39?source=api-scan" ], "published": "2021-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f288b68a-2455-4ee7-b217-5cb46fb79caf": { "id": "f288b68a-2455-4ee7-b217-5cb46fb79caf", "title": "JW-Player-Plugin-For-Wordpress <= 2.1.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JW Player for Flash & HTML5 Video", "slug": "jw-player-plugin-for-wordpress", "affected_versions": { "* - 2.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.14", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f288b68a-2455-4ee7-b217-5cb46fb79caf?source=api-scan" ], "published": "2015-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f28afb93-b72a-4a56-994b-144124202147": { "id": "f28afb93-b72a-4a56-994b-144124202147", "title": "Custom Post Type UI <= 1.13.4 - Cross-Site Request Forgery to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Custom Post Type UI", "slug": "custom-post-type-ui", "affected_versions": { "* - 1.13.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f28afb93-b72a-4a56-994b-144124202147?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f28c47e6-a37d-4328-afb2-6a9e6b3fe20a": { "id": "f28c47e6-a37d-4328-afb2-6a9e6b3fe20a", "title": "Under Construction \/ Maintenance Mode from Acurax <= 2.6 - Information Exposure", "software": [ { "type": "plugin", "name": "Under Construction \/ Maintenance Mode from Acurax", "slug": "coming-soon-maintenance-mode-from-acurax", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f28c47e6-a37d-4328-afb2-6a9e6b3fe20a?source=api-scan" ], "published": "2024-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f28ca2dc-404d-4abf-9d44-1b1f8309e9ee": { "id": "f28ca2dc-404d-4abf-9d44-1b1f8309e9ee", "title": "Post Grid <= 2.0.12 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f28ca2dc-404d-4abf-9d44-1b1f8309e9ee?source=api-scan" ], "published": "2016-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f28d7659-9244-4da8-97e9-4539d7d874f7": { "id": "f28d7659-9244-4da8-97e9-4539d7d874f7", "title": "CP Polls <= 1.0.71 - Unauthenticated Content Injection", "software": [ { "type": "plugin", "name": "Polls CP", "slug": "cp-polls", "affected_versions": { "* - 1.0.71": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.71", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.72" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f28d7659-9244-4da8-97e9-4539d7d874f7?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f28dc553-32de-459e-a0e9-2fd428ef42a0": { "id": "f28dc553-32de-459e-a0e9-2fd428ef42a0", "title": "Magnitudo (All Versions) - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Magnitudo - Powerful Business Theme", "slug": "magnitudo", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f28dc553-32de-459e-a0e9-2fd428ef42a0?source=api-scan" ], "published": "2013-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f28e36e9-7d02-48fc-8f20-64a951af75e0": { "id": "f28e36e9-7d02-48fc-8f20-64a951af75e0", "title": "Hermit \u97f3\u4e50\u64ad\u653e\u5668 <= 3.1.6 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Hermit \u97f3\u4e50\u64ad\u653e\u5668", "slug": "hermit", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f28e36e9-7d02-48fc-8f20-64a951af75e0?source=api-scan" ], "published": "2022-04-28 13:11:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f28feb11-7e28-4b97-b529-f6d266c3e534": { "id": "f28feb11-7e28-4b97-b529-f6d266c3e534", "title": "Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 5.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f28feb11-7e28-4b97-b529-f6d266c3e534?source=api-scan" ], "published": "2022-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f294175e-dfcd-4d8d-84ee-a945ec7ac7e3": { "id": "f294175e-dfcd-4d8d-84ee-a945ec7ac7e3", "title": "SoundCloud Is Gold <= 2.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SoundCloud Is Gold", "slug": "soundcloud-is-gold", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f294175e-dfcd-4d8d-84ee-a945ec7ac7e3?source=api-scan" ], "published": "2015-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f294575d-ce83-4301-ae38-3f0761d9b610": { "id": "f294575d-ce83-4301-ae38-3f0761d9b610", "title": "WP Booking System \u2013 Booking Calendar <= 2.0.14 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking System \u2013 Booking Calendar", "slug": "wp-booking-system", "affected_versions": { "[*, 2.0.15)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f294575d-ce83-4301-ae38-3f0761d9b610?source=api-scan" ], "published": "2021-12-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2949ff1-5c69-4189-99a9-e50c65c78461": { "id": "f2949ff1-5c69-4189-99a9-e50c65c78461", "title": "Freesoul Deactivate Plugins <= 2.1.3 - Cross-Site Request Forgery via eos_dp_pro_delete_transient", "software": [ { "type": "plugin", "name": "Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup", "slug": "freesoul-deactivate-plugins", "affected_versions": { "[*, 2.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2949ff1-5c69-4189-99a9-e50c65c78461?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f29a843d-a8c5-4477-b7cc-620b19b5f585": { "id": "f29a843d-a8c5-4477-b7cc-620b19b5f585", "title": "Clearpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Clearpay Gateway for WooCommerce", "slug": "clearpay-gateway-for-woocommerce", "affected_versions": { "* - 3.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f29a843d-a8c5-4477-b7cc-620b19b5f585?source=api-scan" ], "published": "2022-12-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f29f9290-1f98-4019-997b-e33f2c151a5d": { "id": "f29f9290-1f98-4019-997b-e33f2c151a5d", "title": "WordPress Core <= 3.3.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f29f9290-1f98-4019-997b-e33f2c151a5d?source=api-scan" ], "published": "2012-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2a59015-eb29-44fe-bc21-ba8832ac750b": { "id": "f2a59015-eb29-44fe-bc21-ba8832ac750b", "title": "Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "[*, 1.13.40)": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.40", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.13.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2a59015-eb29-44fe-bc21-ba8832ac750b?source=api-scan" ], "published": "2020-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2a5d8ef-109c-471b-a135-c834f090eb5b": { "id": "f2a5d8ef-109c-471b-a135-c834f090eb5b", "title": "WPC Smart Wishlist for WooCommerce <= 2.9.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPC Smart Wishlist for WooCommerce", "slug": "woo-smart-wishlist", "affected_versions": { "[*, 2.9.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2a5d8ef-109c-471b-a135-c834f090eb5b?source=api-scan" ], "published": "2022-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2a61a12-df0c-47a2-ba39-b70dbfaddf0a": { "id": "f2a61a12-df0c-47a2-ba39-b70dbfaddf0a", "title": "Flat Preloader <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Flat Preloader", "slug": "flat-preloader", "affected_versions": { "[*, 1.5.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2a61a12-df0c-47a2-ba39-b70dbfaddf0a?source=api-scan" ], "published": "2021-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2a6f8ec-6a3e-453d-9ef4-794b5791ac2b": { "id": "f2a6f8ec-6a3e-453d-9ef4-794b5791ac2b", "title": "WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP User Merger", "slug": "wp-user-merger", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2a6f8ec-6a3e-453d-9ef4-794b5791ac2b?source=api-scan" ], "published": "2022-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2a87cb3-5cce-4b5a-937d-71e96aeef7c9": { "id": "f2a87cb3-5cce-4b5a-937d-71e96aeef7c9", "title": "ProfilePress <= 3.2.2 - Reflected Cross-Site Scripting via ppress_cc_data Parameter", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2a87cb3-5cce-4b5a-937d-71e96aeef7c9?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2b31db1-c4f7-47c6-ad83-7ecd375e5f65": { "id": "f2b31db1-c4f7-47c6-ad83-7ecd375e5f65", "title": "Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Piotnet Addons For Elementor Pro", "slug": "piotnet-addons-for-elementor-pro", "affected_versions": { "* - 7.1.17": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.17", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2b31db1-c4f7-47c6-ad83-7ecd375e5f65?source=api-scan" ], "published": "2024-04-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2b5213d-fdc5-4c98-9a05-15d83bd7308f": { "id": "f2b5213d-fdc5-4c98-9a05-15d83bd7308f", "title": "Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 21.2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "21.2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "21.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2b5213d-fdc5-4c98-9a05-15d83bd7308f?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2b70e27-87fb-4905-bbfa-62cca3dbb433": { "id": "f2b70e27-87fb-4905-bbfa-62cca3dbb433", "title": "Xenon - Bootstrap Admin Theme with AngularJS <= 1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Xenon - Bootstrap Admin Theme with AngularJS", "slug": "xenon", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2b70e27-87fb-4905-bbfa-62cca3dbb433?source=api-scan" ], "published": "2020-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2b7258e-c594-415a-a872-d5b28397e40d": { "id": "f2b7258e-c594-415a-a872-d5b28397e40d", "title": "weForms <= 1.6.18 - Missing Authorization via export_form_entries", "software": [ { "type": "plugin", "name": "weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress", "slug": "weforms", "affected_versions": { "* - 1.6.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2b7258e-c594-415a-a872-d5b28397e40d?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2bc0449-b5cc-403b-a943-f53d0d9c663a": { "id": "f2bc0449-b5cc-403b-a943-f53d0d9c663a", "title": "Manual Purchases < 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Manual Purchases Add-on for iThemes Exchange", "slug": "exchange-addon-manual-purchases", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2bc0449-b5cc-403b-a943-f53d0d9c663a?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2c3b646-d865-4425-bc8f-00b3555a3d74": { "id": "f2c3b646-d865-4425-bc8f-00b3555a3d74", "title": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more <= 8.5.6 - Missing Authorization via set_read()", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2c6d446-75cd-4f42-a5f2-f4c59d4084ce": { "id": "f2c6d446-75cd-4f42-a5f2-f4c59d4084ce", "title": "House Manager \u2013 Easy Renter Management System for WordPress <= 1.0.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "House Manager \u2013 Easy Renter Management System for WordPress", "slug": "house-manager", "affected_versions": { "* - 1.0.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2c6d446-75cd-4f42-a5f2-f4c59d4084ce?source=api-scan" ], "published": "2024-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2c88c5a-ea87-4aab-a0ce-8246e5cb540a": { "id": "f2c88c5a-ea87-4aab-a0ce-8246e5cb540a", "title": "Quiz And Survey Master <= 7.3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2c88c5a-ea87-4aab-a0ce-8246e5cb540a?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2ce4a14-5c56-4ca0-9deb-80cd609b71e6": { "id": "f2ce4a14-5c56-4ca0-9deb-80cd609b71e6", "title": "WP Config File Editor <= 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Config File Editor", "slug": "wp-config-file-editor", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2ce4a14-5c56-4ca0-9deb-80cd609b71e6?source=api-scan" ], "published": "2021-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2d2bce2-90a9-4b3d-875d-3fbedc397cd4": { "id": "f2d2bce2-90a9-4b3d-875d-3fbedc397cd4", "title": "WP QuickLaTeX <= 3.8.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP QuickLaTeX", "slug": "wp-quicklatex", "affected_versions": { "* - 3.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2d2bce2-90a9-4b3d-875d-3fbedc397cd4?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2d69d59-390d-4f3c-96ba-487707cac7a6": { "id": "f2d69d59-390d-4f3c-96ba-487707cac7a6", "title": "WP Visitor Statistics (Real Time Traffic) <= 6.9.4 - Sensitive Information Exposure via Log File", "software": [ { "type": "plugin", "name": "WP Visitor Statistics (Real Time Traffic)", "slug": "wp-stats-manager", "affected_versions": { "* - 6.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2d69d59-390d-4f3c-96ba-487707cac7a6?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2d7c5b6-ce4d-4dbe-abec-8c223cb652af": { "id": "f2d7c5b6-ce4d-4dbe-abec-8c223cb652af", "title": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features <= 3.2.19 - Authenticated (Contributor+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2d7c5b6-ce4d-4dbe-abec-8c223cb652af?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2db06b1-c823-45db-b6f5-b656978cc779": { "id": "f2db06b1-c823-45db-b6f5-b656978cc779", "title": "Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion", "software": [ { "type": "plugin", "name": "Adaptive Images for WordPress", "slug": "adaptive-images", "affected_versions": { "[*, 0.6.67)": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.67", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.6.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2db06b1-c823-45db-b6f5-b656978cc779?source=api-scan" ], "published": "2019-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2e36b11-db93-4bac-a9bd-16d2e22efe4d": { "id": "f2e36b11-db93-4bac-a9bd-16d2e22efe4d", "title": "WP-MUI \u2013 Mass User Input \u2013 Add and Export WP Users Quickly <= 1.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP-MUI \u2013 Mass User Input \u2013 Add and Export WP Users Quickly", "slug": "wp-mui-mass-user-input", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2e36b11-db93-4bac-a9bd-16d2e22efe4d?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2e6f09e-0ebc-47e3-84f3-9aede2781f42": { "id": "f2e6f09e-0ebc-47e3-84f3-9aede2781f42", "title": "GD Star Rating <= 1.9.22 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GD Star Rating", "slug": "gd-star-rating", "affected_versions": { "* - 1.9.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2e6f09e-0ebc-47e3-84f3-9aede2781f42?source=api-scan" ], "published": "2011-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2ed5e51-8783-4b7f-9177-c116bf0fad44": { "id": "f2ed5e51-8783-4b7f-9177-c116bf0fad44", "title": "Frontend File Manager <= 3.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Frontend File Manager Plugin", "slug": "nmedia-user-file-uploader", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2ed5e51-8783-4b7f-9177-c116bf0fad44?source=api-scan" ], "published": "2015-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2ef8ee4-7388-4263-ad6a-bb043b09c97c": { "id": "f2ef8ee4-7388-4263-ad6a-bb043b09c97c", "title": "Elementor Website Builder <= 2.7.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "[*, 2.7.5)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2ef8ee4-7388-4263-ad6a-bb043b09c97c?source=api-scan" ], "published": "2019-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2f11c32-d58e-4ac8-83c7-30927a626e10": { "id": "f2f11c32-d58e-4ac8-83c7-30927a626e10", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username'", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.112": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.112", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.113" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2f11c32-d58e-4ac8-83c7-30927a626e10?source=api-scan" ], "published": "2024-07-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2f4313a-568e-4ee2-b283-cd7bb62b75fa": { "id": "f2f4313a-568e-4ee2-b283-cd7bb62b75fa", "title": "Simple Social Media Share Buttons <= 3.2.3 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Social Media Share Buttons \u2013 Social Sharing for Everyone", "slug": "simple-social-buttons", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2f4313a-568e-4ee2-b283-cd7bb62b75fa?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2fad774-f140-4891-8c6f-fbd684e19dc2": { "id": "f2fad774-f140-4891-8c6f-fbd684e19dc2", "title": "Montezuma < 1.1.8 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Montezuma", "slug": "montezuma", "affected_versions": { "[*, 1.1.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2fad774-f140-4891-8c6f-fbd684e19dc2?source=api-scan" ], "published": "2013-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2febf69-b146-4ca5-bfa9-f5477da5cd6c": { "id": "f2febf69-b146-4ca5-bfa9-f5477da5cd6c", "title": "Memphis Documents Library <= 3.1.5 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "Memphis Documents Library", "slug": "memphis-documents-library", "affected_versions": { "* - 3.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2febf69-b146-4ca5-bfa9-f5477da5cd6c?source=api-scan" ], "published": "2016-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2fee7aa-5289-4bf0-b175-5a64b16fdd40": { "id": "f2fee7aa-5289-4bf0-b175-5a64b16fdd40", "title": "Booking.com Banner Creator <= 1.4.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking.com Banner Creator", "slug": "bookingcom-banner-creator", "affected_versions": { "[*, 1.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2fee7aa-5289-4bf0-b175-5a64b16fdd40?source=api-scan" ], "published": "2021-10-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f2ff2cc6-b584-442b-890b-033a0a047c24": { "id": "f2ff2cc6-b584-442b-890b-033a0a047c24", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f2ff2cc6-b584-442b-890b-033a0a047c24?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3042586-dd23-487f-a79c-7ad5b5e38677": { "id": "f3042586-dd23-487f-a79c-7ad5b5e38677", "title": "Visual Composer Website Builder <= 45.6.0 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Visual Composer Website Builder", "slug": "visualcomposer", "affected_versions": { "* - 45.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "45.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "45.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3042586-dd23-487f-a79c-7ad5b5e38677?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3045ebf-70af-4124-9116-42c07f64a3bf": { "id": "f3045ebf-70af-4124-9116-42c07f64a3bf", "title": "Password Protected \u2013 Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Password Protected \u2013 Password Protect your WordPress Site, Pages, & WooCommerce Products \u2013 Restrict Content, Protect WooCommerce Category, and more", "slug": "password-protected", "affected_versions": { "* - 2.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3045ebf-70af-4124-9116-42c07f64a3bf?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f30af3c4-82be-40d5-be9f-82631b8f3ee2": { "id": "f30af3c4-82be-40d5-be9f-82631b8f3ee2", "title": "Simple History <= 1.0.7 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Simple History \u2013 Track, Log, and Audit WordPress Changes", "slug": "simple-history", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f30af3c4-82be-40d5-be9f-82631b8f3ee2?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3108ef4-f889-4ae1-b86f-cedf46dcea19": { "id": "f3108ef4-f889-4ae1-b86f-cedf46dcea19", "title": "RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'queue_posts'", "software": [ { "type": "plugin", "name": "RapidLoad \u2013 Optimize Web Vitals Automatically", "slug": "unusedcss", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3108ef4-f889-4ae1-b86f-cedf46dcea19?source=api-scan" ], "published": "2023-03-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f314340c-23aa-479f-9a19-f21a14d6da49": { "id": "f314340c-23aa-479f-9a19-f21a14d6da49", "title": "Responsive WordPress Slider <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive WordPress Slider", "slug": "motopress-slider-lite", "affected_versions": { "* - 2.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f314340c-23aa-479f-9a19-f21a14d6da49?source=api-scan" ], "published": "2021-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3154a7a-b8b3-490b-9822-b3a92d1b4fef": { "id": "f3154a7a-b8b3-490b-9822-b3a92d1b4fef", "title": "WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode", "software": [ { "type": "plugin", "name": "WP Ultimate Post Grid", "slug": "wp-ultimate-post-grid", "affected_versions": { "* - 3.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3154a7a-b8b3-490b-9822-b3a92d1b4fef?source=api-scan" ], "published": "2024-10-10 18:52:35", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f315fff8-d616-4a5c-91bc-d8b0ec0f028f": { "id": "f315fff8-d616-4a5c-91bc-d8b0ec0f028f", "title": "Wordfence <= 5.2.2 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "[*, 5.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f315fff8-d616-4a5c-91bc-d8b0ec0f028f?source=api-scan" ], "published": "2014-09-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f31a42c1-afb7-4a44-b4e8-f68c622bc43e": { "id": "f31a42c1-afb7-4a44-b4e8-f68c622bc43e", "title": "DSGVO All in one for WP <= 4.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DSGVO All in one for WP", "slug": "dsgvo-all-in-one-for-wp", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f31a42c1-afb7-4a44-b4e8-f68c622bc43e?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f31b42c8-cf82-49cf-ac4c-d42a28252d66": { "id": "f31b42c8-cf82-49cf-ac4c-d42a28252d66", "title": "UsersWP <= 1.2.3 - Subscriber+ User Avatar Override", "software": [ { "type": "plugin", "name": "UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WP", "slug": "userswp", "affected_versions": { "[*, 1.2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f31b42c8-cf82-49cf-ac4c-d42a28252d66?source=api-scan" ], "published": "2022-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f31bf9cd-fbf3-4f7a-bddd-ddd44c899710": { "id": "f31bf9cd-fbf3-4f7a-bddd-ddd44c899710", "title": "WordPress Ad Widget <= 2.11.0 - Local File Inclusion", "software": [ { "type": "plugin", "name": "WordPress Ad Widget", "slug": "ad-widget", "affected_versions": { "[*, 2.12.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.12.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f31bf9cd-fbf3-4f7a-bddd-ddd44c899710?source=api-scan" ], "published": "2017-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f321b8f6-0712-4932-b861-b208debb368f": { "id": "f321b8f6-0712-4932-b861-b208debb368f", "title": "VaultPress <= 1.8.6 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Jetpack VaultPress", "slug": "vaultpress", "affected_versions": { "* - 1.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f321b8f6-0712-4932-b861-b208debb368f?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f321e41a-3945-47db-a215-aeb001b7b80b": { "id": "f321e41a-3945-47db-a215-aeb001b7b80b", "title": "Accept Stripe Payments <= 2.0.86 - Authenticated (Contributor+) Stored Cross-Site Scripting via accept_stripe_payment_ng Shortcode", "software": [ { "type": "plugin", "name": "Accept Stripe Payments", "slug": "stripe-payments", "affected_versions": { "* - 2.0.86": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.87" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f321e41a-3945-47db-a215-aeb001b7b80b?source=api-scan" ], "published": "2024-08-06 23:21:26", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f328b938-355d-426f-a9cf-646929a7c155": { "id": "f328b938-355d-426f-a9cf-646929a7c155", "title": "Locatoraid Store Locator <= 3.9.30 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Locatoraid Store Locator", "slug": "locatoraid", "affected_versions": { "* - 3.9.30": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.30", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.9.31" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f328b938-355d-426f-a9cf-646929a7c155?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f32c66b3-b26c-4fe3-9171-ca8780391a2a": { "id": "f32c66b3-b26c-4fe3-9171-ca8780391a2a", "title": "Add Link to Facebook <= 2.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Add Link to Facebook", "slug": "add-link-to-facebook", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f32c66b3-b26c-4fe3-9171-ca8780391a2a?source=api-scan" ], "published": "2018-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f32cd8e4-51bf-4fdf-ae14-155f8661dbdb": { "id": "f32cd8e4-51bf-4fdf-ae14-155f8661dbdb", "title": "Awesome Support <= 6.1.4 - Authenticated (Submitter+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f32cd8e4-51bf-4fdf-ae14-155f8661dbdb?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f330bf36-0a39-40d6-a075-c87fdb9dc2da": { "id": "f330bf36-0a39-40d6-a075-c87fdb9dc2da", "title": "ImageRecycle pdf & image compression <= 3.1.14 - Missing Authorization in Several AJAX Actions", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.14": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f330bf36-0a39-40d6-a075-c87fdb9dc2da?source=api-scan" ], "published": "2024-08-23 14:20:02", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f33a13dc-ebff-4033-9b8d-10076b1c2d0d": { "id": "f33a13dc-ebff-4033-9b8d-10076b1c2d0d", "title": "Mmm Simple File List <= 2.3 - Authenticated (Subscriber+) Directory Traversal", "software": [ { "type": "plugin", "name": "Mmm Simple File List", "slug": "mmm-file-list", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f33a13dc-ebff-4033-9b8d-10076b1c2d0d?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f33af49c-30b8-447f-a462-8489415c92bf": { "id": "f33af49c-30b8-447f-a462-8489415c92bf", "title": "Country Flags for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Country Flags for Elementor", "slug": "country-flags-for-elementor", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f33af49c-30b8-447f-a462-8489415c92bf?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f33d080c-6d64-46d1-b01c-ef859106159f": { "id": "f33d080c-6d64-46d1-b01c-ef859106159f", "title": "Themesflat Addons For Elementor <= 2.0.0 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Themesflat Addons For Elementor", "slug": "themesflat-addons-for-elementor", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f33d080c-6d64-46d1-b01c-ef859106159f?source=api-scan" ], "published": "2023-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f33d77b7-5412-47bf-9bed-8617151723c9": { "id": "f33d77b7-5412-47bf-9bed-8617151723c9", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.109": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.109", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.110" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f33d77b7-5412-47bf-9bed-8617151723c9?source=api-scan" ], "published": "2024-06-05 21:21:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f33e8906-c607-40de-8c2a-93ca12519da5": { "id": "f33e8906-c607-40de-8c2a-93ca12519da5", "title": "OAuth 2.0 client for SSO <= 1.11.3 - Authentication Bypass", "software": [ { "type": "plugin", "name": "OAuth 2.0 client for SSO", "slug": "oauth-client", "affected_versions": { "* - 1.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f33e8906-c607-40de-8c2a-93ca12519da5?source=api-scan" ], "published": "2022-06-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f34383c7-1d98-4f8a-aa43-542fe2d9a567": { "id": "f34383c7-1d98-4f8a-aa43-542fe2d9a567", "title": "Starbox Voting <= 2.0.4 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Starbox Voting", "slug": "starbox-voting", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f34383c7-1d98-4f8a-aa43-542fe2d9a567?source=api-scan" ], "published": "2011-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f34722fb-e852-4194-b839-7d885d212fc9": { "id": "f34722fb-e852-4194-b839-7d885d212fc9", "title": "Front User Submit | Front Editor <= 3.7.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Guest posting \/ Frontend Posting wordpress plugin \u2013 WP Front User Submit \/ Front Editor", "slug": "front-editor", "affected_versions": { "[*, 3.8.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f34722fb-e852-4194-b839-7d885d212fc9?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f347a629-523e-4ec4-ad56-6ae9357dd7f5": { "id": "f347a629-523e-4ec4-ad56-6ae9357dd7f5", "title": "Redirect Redirection <= 1.1.3 - Missing Authorization in 'saveRedirectSettings' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f347a629-523e-4ec4-ad56-6ae9357dd7f5?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f34f98a0-9df4-4b50-ae6a-7912e4b12bb2": { "id": "f34f98a0-9df4-4b50-ae6a-7912e4b12bb2", "title": "WPtouch < 1.9.20 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPtouch \u2013 Make your WordPress Website Mobile-Friendly", "slug": "wptouch", "affected_versions": { "[*, 1.9.20)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f34f98a0-9df4-4b50-ae6a-7912e4b12bb2?source=api-scan" ], "published": "2010-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3543ce7-328e-4db8-8993-8cd78af997de": { "id": "f3543ce7-328e-4db8-8993-8cd78af997de", "title": "SEUR Oficial <= 1.6.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEUR Oficial", "slug": "seur", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3543ce7-328e-4db8-8993-8cd78af997de?source=api-scan" ], "published": "2021-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3555702-4427-4569-8fd6-f84113593e9d": { "id": "f3555702-4427-4569-8fd6-f84113593e9d", "title": "WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization", "software": [ { "type": "plugin", "name": "WP Editor", "slug": "wp-editor", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3555702-4427-4569-8fd6-f84113593e9d?source=api-scan" ], "published": "2024-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3559bba-daa2-4a00-958c-6568cdbb592f": { "id": "f3559bba-daa2-4a00-958c-6568cdbb592f", "title": "Carousel, Slider, Gallery by WP Carousel <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce", "slug": "wp-carousel-free", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3559bba-daa2-4a00-958c-6568cdbb592f?source=api-scan" ], "published": "2022-12-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f357fe2a-aa24-42cd-ac2c-c948e18a4710": { "id": "f357fe2a-aa24-42cd-ac2c-c948e18a4710", "title": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.8.6 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", "slug": "gamipress", "affected_versions": { "* - 6.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f357fe2a-aa24-42cd-ac2c-c948e18a4710?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3584b5b-ff93-4a47-b6e6-f95335ee88b6": { "id": "f3584b5b-ff93-4a47-b6e6-f95335ee88b6", "title": "Mailster <= 2.4.5.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mailster WordPress Newsletter Plugin", "slug": "mailster", "affected_versions": { "* - 2.4.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3584b5b-ff93-4a47-b6e6-f95335ee88b6?source=api-scan" ], "published": "2020-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f35c4e21-a6d6-4821-a415-2ff40ea76f99": { "id": "f35c4e21-a6d6-4821-a415-2ff40ea76f99", "title": "Genie WP Favicon <= 0.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Genie WP Favicon", "slug": "genie-wp-favicon", "affected_versions": { "* - 0.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f35c4e21-a6d6-4821-a415-2ff40ea76f99?source=api-scan" ], "published": "2021-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f367a3d2-8ee6-4897-b7bf-a44f57142347": { "id": "f367a3d2-8ee6-4897-b7bf-a44f57142347", "title": "Portfolio Gallery \u2013 Photo Gallery <= 1.1.8 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Portfolio Gallery \u2013 Photo Gallery", "slug": "portfolio-gallery", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f367a3d2-8ee6-4897-b7bf-a44f57142347?source=api-scan" ], "published": "2023-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f36af71c-78af-402c-9d3a-3752368e7584": { "id": "f36af71c-78af-402c-9d3a-3752368e7584", "title": "Contest Gallery <= 13.1.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 13.1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "13.1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "14.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f36af71c-78af-402c-9d3a-3752368e7584?source=api-scan" ], "published": "2022-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f36c785f-9b8c-43c4-b12f-6fb4c0c67eff": { "id": "f36c785f-9b8c-43c4-b12f-6fb4c0c67eff", "title": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce", "slug": "the-plus-addons-for-elementor-page-builder", "affected_versions": { "* - 5.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f36c785f-9b8c-43c4-b12f-6fb4c0c67eff?source=api-scan" ], "published": "2024-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f36fea15-0475-45ee-b913-790db6373aef": { "id": "f36fea15-0475-45ee-b913-790db6373aef", "title": "Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.13.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f36fea15-0475-45ee-b913-790db6373aef?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f371feb6-93ae-4759-ab44-d58106093290": { "id": "f371feb6-93ae-4759-ab44-d58106093290", "title": "Sign-up Sheets <= 1.0.13 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sign-up Sheets", "slug": "sign-up-sheets", "affected_versions": { "[*, 1.0.14)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f371feb6-93ae-4759-ab44-d58106093290?source=api-scan" ], "published": "2021-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f373a1d5-3d7e-4a0a-af03-28ca6ce6a170": { "id": "f373a1d5-3d7e-4a0a-af03-28ca6ce6a170", "title": "All-in-One WP Migration <= 7.14 - Unauthenticated Backup Download", "software": [ { "type": "plugin", "name": "All-in-One WP Migration and Backup", "slug": "all-in-one-wp-migration", "affected_versions": { "[*, 7.15)": { "from_version": "*", "from_inclusive": true, "to_version": "7.15", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f373a1d5-3d7e-4a0a-af03-28ca6ce6a170?source=api-scan" ], "published": "2020-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3781245-14b1-4b1c-a471-a5a413cdb2ed": { "id": "f3781245-14b1-4b1c-a471-a5a413cdb2ed", "title": "NextScripts: Social Networks Auto-Poster <= 4.2.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextScripts: Social Networks Auto-Poster", "slug": "social-networks-auto-poster-facebook-twitter-g", "affected_versions": { "[*, 4.2.8)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3781245-14b1-4b1c-a471-a5a413cdb2ed?source=api-scan" ], "published": "2019-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f37c4b2c-6f41-46b5-8427-b1883b39322e": { "id": "f37c4b2c-6f41-46b5-8427-b1883b39322e", "title": "JetFormBuilder <= 3.0.6 - Cross-Site Request Fogery via 'do_admin_action'", "software": [ { "type": "plugin", "name": "JetFormBuilder \u2014 Dynamic Blocks Form Builder", "slug": "jetformbuilder", "affected_versions": { "* - 3.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f37c4b2c-6f41-46b5-8427-b1883b39322e?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f37cc9d0-345e-4ab7-ae99-d9d7fee6c1e5": { "id": "f37cc9d0-345e-4ab7-ae99-d9d7fee6c1e5", "title": "Product Enquiry for WooCommerce <= 3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Product Enquiry for WooCommerce", "slug": "gm-woocommerce-quote-popup", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f37cc9d0-345e-4ab7-ae99-d9d7fee6c1e5?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f37fb598-72a2-48d3-b2e6-63d6654b1474": { "id": "f37fb598-72a2-48d3-b2e6-63d6654b1474", "title": "Advanced Category and Custom Taxonomy Image <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_tax_image Shortcode", "software": [ { "type": "plugin", "name": "Advanced Category and Custom Taxonomy Image", "slug": "advanced-category-and-custom-taxonomy-image", "affected_versions": { "* - 1.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f37fb598-72a2-48d3-b2e6-63d6654b1474?source=api-scan" ], "published": "2024-10-17 21:27:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3805936-675e-474f-a3f7-acea69bd72f0": { "id": "f3805936-675e-474f-a3f7-acea69bd72f0", "title": "Ultimate Member <= 2.1.11 - Authenticated Privilege Escalation via Profile Update", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.1.12)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3805936-675e-474f-a3f7-acea69bd72f0?source=api-scan" ], "published": "2020-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3855918-960e-487d-9d5f-6dbeba45523e": { "id": "f3855918-960e-487d-9d5f-6dbeba45523e", "title": "Spam protection, AntiSpam, FireWall by CleanTalk <= 5.127.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spam protection, Anti-Spam, FireWall by CleanTalk", "slug": "cleantalk-spam-protect", "affected_versions": { "* - 5.127.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.127.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.127.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3855918-960e-487d-9d5f-6dbeba45523e?source=api-scan" ], "published": "2019-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3855e84-b97e-4729-8a48-55f2a2444e2c": { "id": "f3855e84-b97e-4729-8a48-55f2a2444e2c", "title": "Absolute Privacy <= 2.1 - Cross-Site Request Forgery to User Email\/Password Change", "software": [ { "type": "plugin", "name": "Absolute Privacy", "slug": "absolute-privacy", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3855e84-b97e-4729-8a48-55f2a2444e2c?source=api-scan" ], "published": "2023-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f389f4bf-ffff-4862-b4e2-4465ca0556ef": { "id": "f389f4bf-ffff-4862-b4e2-4465ca0556ef", "title": "Helpie FAQ <= 1.9.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FAQ \/ Accordion \/ Docs \u2013 Helpie WordPress FAQ Accordion plugin", "slug": "helpie-faq", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f389f4bf-ffff-4862-b4e2-4465ca0556ef?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f38fc5ed-d4e7-46a8-9983-9bf28444db99": { "id": "f38fc5ed-d4e7-46a8-9983-9bf28444db99", "title": "Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element Content", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "[*, 2.4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f38fc5ed-d4e7-46a8-9983-9bf28444db99?source=api-scan" ], "published": "2022-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3944b2d-c431-4a53-b4e2-740480e746d6": { "id": "f3944b2d-c431-4a53-b4e2-740480e746d6", "title": "Cyberus Key <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cyberus Key", "slug": "cyberus-key", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3944b2d-c431-4a53-b4e2-740480e746d6?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f397550a-08f6-47d5-8425-e715ad693d6e": { "id": "f397550a-08f6-47d5-8425-e715ad693d6e", "title": "LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion via 'progress_type'", "software": [ { "type": "plugin", "name": "LA-Studio Element Kit for Elementor", "slug": "lastudio-element-kit", "affected_versions": { "* - 1.3.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f397550a-08f6-47d5-8425-e715ad693d6e?source=api-scan" ], "published": "2024-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3a4aeb2-3929-4f6b-ac6e-bccc1c3bf0dd": { "id": "f3a4aeb2-3929-4f6b-ac6e-bccc1c3bf0dd", "title": "WP Statistics <= 2.2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3a4aeb2-3929-4f6b-ac6e-bccc1c3bf0dd?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3a5bb9c-0fc3-4a1b-8b4d-a700cbf9dacc": { "id": "f3a5bb9c-0fc3-4a1b-8b4d-a700cbf9dacc", "title": "EventCalendar <= 1.1.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Calendar WD version", "slug": "event-calendar-wd", "affected_versions": { "* - 1.1.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3a5bb9c-0fc3-4a1b-8b4d-a700cbf9dacc?source=api-scan" ], "published": "2018-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3a8273e-2439-4138-941e-379d130e0c74": { "id": "f3a8273e-2439-4138-941e-379d130e0c74", "title": "Maspik \u2013 Spam blacklist <= 0.10.3 - Bypass", "software": [ { "type": "plugin", "name": "Maspik \u2013 Advanced Spam Protection", "slug": "contact-forms-anti-spam", "affected_versions": { "* - 0.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3a8273e-2439-4138-941e-379d130e0c74?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3abba90-9503-484e-bc2b-c6105bec698b": { "id": "f3abba90-9503-484e-bc2b-c6105bec698b", "title": "CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "CRM Perks Forms \u2013 WordPress Form Builder", "slug": "crm-perks-forms", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3abba90-9503-484e-bc2b-c6105bec698b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3ae3bca-d363-4c4b-809f-0625385bc9a6": { "id": "f3ae3bca-d363-4c4b-809f-0625385bc9a6", "title": "AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth", "slug": "aweber-web-form-widget", "affected_versions": { "* - 7.3.14": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3ae3bca-d363-4c4b-809f-0625385bc9a6?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3b727ba-b39c-4a98-a6a6-ea33785079f6": { "id": "f3b727ba-b39c-4a98-a6a6-ea33785079f6", "title": "WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover", "software": [ { "type": "plugin", "name": "WooCommerce - Social Login", "slug": "woo-social-login", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3b727ba-b39c-4a98-a6a6-ea33785079f6?source=api-scan" ], "published": "2024-08-09 13:23:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3b79fab-208f-4354-89ea-508290dcd851": { "id": "f3b79fab-208f-4354-89ea-508290dcd851", "title": "MailerLite \u2013 Signup forms <= 1.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MailerLite \u2013 Signup forms (official)", "slug": "official-mailerlite-sign-up-forms", "affected_versions": { "[*, 1.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3b79fab-208f-4354-89ea-508290dcd851?source=api-scan" ], "published": "2020-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3ba06f9-de51-49ea-87c1-4583e939314b": { "id": "f3ba06f9-de51-49ea-87c1-4583e939314b", "title": "WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id", "software": [ { "type": "plugin", "name": "WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting", "slug": "erp", "affected_versions": { "* - 1.12.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3ba06f9-de51-49ea-87c1-4583e939314b?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3bbc23b-94af-4f4f-8b5f-6af41108fd93": { "id": "f3bbc23b-94af-4f4f-8b5f-6af41108fd93", "title": "Google Authenticator <= 0.47 - Improper Authentication", "software": [ { "type": "plugin", "name": "Google Authenticator", "slug": "google-authenticator", "affected_versions": { "* - 0.47": { "from_version": "*", "from_inclusive": true, "to_version": "0.47", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.48" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3bbc23b-94af-4f4f-8b5f-6af41108fd93?source=api-scan" ], "published": "2016-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3bddb69-9c63-49e8-9c04-08361423b1c3": { "id": "f3bddb69-9c63-49e8-9c04-08361423b1c3", "title": "Smart Google Code Inserter < 3.5 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Smart Google Code Inserter", "slug": "smart-google-code-inserter", "affected_versions": { "[*, 3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3bddb69-9c63-49e8-9c04-08361423b1c3?source=api-scan" ], "published": "2018-01-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3c5aafc-e75a-472e-9b62-10bb5a9da9b6": { "id": "f3c5aafc-e75a-472e-9b62-10bb5a9da9b6", "title": "Contact Form 7 \u2013 Clockwork SMS < 2.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 \u2013 Clockwork SMS", "slug": "contact-form-7-sms-addon", "affected_versions": { "[*, 2.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3c5aafc-e75a-472e-9b62-10bb5a9da9b6?source=api-scan" ], "published": "2017-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3c8b3fa-dc27-4c00-844f-e95cac028247": { "id": "f3c8b3fa-dc27-4c00-844f-e95cac028247", "title": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress <= 5.11.1 - Cross-Site Request Forgery to Arbitrary Listing Export", "software": [ { "type": "plugin", "name": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "slug": "business-directory-plugin", "affected_versions": { "* - 5.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.11.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3c8b3fa-dc27-4c00-844f-e95cac028247?source=api-scan" ], "published": "2021-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3c9c798-8545-475e-879b-7e44dac493f0": { "id": "f3c9c798-8545-475e-879b-7e44dac493f0", "title": "Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.50": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3c9c798-8545-475e-879b-7e44dac493f0?source=api-scan" ], "published": "2022-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3cdc0ba-d28f-488c-a703-f9d880f0582e": { "id": "f3cdc0ba-d28f-488c-a703-f9d880f0582e", "title": "Regpack <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Regpack", "slug": "regpack", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3cdc0ba-d28f-488c-a703-f9d880f0582e?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3d00464-557f-4177-87aa-f5340b796dbb": { "id": "f3d00464-557f-4177-87aa-f5340b796dbb", "title": "Multi Rating <= 5.0.6 - Missing Authorization to Arbitrary Ratings Value Change", "software": [ { "type": "plugin", "name": "Multi Rating", "slug": "multi-rating", "affected_versions": { "* - 5.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3d00464-557f-4177-87aa-f5340b796dbb?source=api-scan" ], "published": "2023-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3d08ac9-22f7-45f4-9896-05b90f5fce64": { "id": "f3d08ac9-22f7-45f4-9896-05b90f5fce64", "title": "The Ultimate WordPress Toolkit \u2013 WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change", "software": [ { "type": "plugin", "name": "The Ultimate WordPress Toolkit \u2013 WP Extended", "slug": "wpextended", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3d08ac9-22f7-45f4-9896-05b90f5fce64?source=api-scan" ], "published": "2024-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3d4283e-ea57-41e1-baeb-f8f70cad3020": { "id": "f3d4283e-ea57-41e1-baeb-f8f70cad3020", "title": "myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.6.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification", "slug": "mycred", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3d4283e-ea57-41e1-baeb-f8f70cad3020?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3d52baf-0f2b-4791-96ce-ec57502ed646": { "id": "f3d52baf-0f2b-4791-96ce-ec57502ed646", "title": "WP Zillow Review Slider <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Zillow Review Slider", "slug": "wp-zillow-review-slider", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3d52baf-0f2b-4791-96ce-ec57502ed646?source=api-scan" ], "published": "2022-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3d5bc99-2b55-4e19-8304-e56f3d4a2f1a": { "id": "f3d5bc99-2b55-4e19-8304-e56f3d4a2f1a", "title": "Ecwid Ecommerce Shopping Cart <= 6.12.3 - Missing Authorization on multiple functions", "software": [ { "type": "plugin", "name": "Ecwid by Lightspeed Ecommerce Shopping Cart", "slug": "ecwid-shopping-cart", "affected_versions": { "* - 6.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.12.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3d5bc99-2b55-4e19-8304-e56f3d4a2f1a?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3d990ef-5fa8-455d-b35a-2bff82facd45": { "id": "f3d990ef-5fa8-455d-b35a-2bff82facd45", "title": "Send email only on Reply to My Comment <= 1.0.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Send email only on Reply to My Comment", "slug": "send-email-only-on-reply-to-my-comment", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3d990ef-5fa8-455d-b35a-2bff82facd45?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3dac7b6-512d-4fd6-8294-f0b1c0a2efd7": { "id": "f3dac7b6-512d-4fd6-8294-f0b1c0a2efd7", "title": "Editorial Calendar <= 3.8.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via edcal_saveoptions AJAX action", "software": [ { "type": "plugin", "name": "Editorial Calendar", "slug": "editorial-calendar", "affected_versions": { "* - 3.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3dac7b6-512d-4fd6-8294-f0b1c0a2efd7?source=api-scan" ], "published": "2023-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3e1851a-9545-4687-b58b-5cdad3291525": { "id": "f3e1851a-9545-4687-b58b-5cdad3291525", "title": "Email Templates <= 1.4.2 - Cross-Site Request Forgery via send_test_email", "software": [ { "type": "plugin", "name": "Email Templates Customizer and Designer for WordPress and WooCommerce", "slug": "email-templates", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3e1851a-9545-4687-b58b-5cdad3291525?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3e1d66d-34cf-491c-8a07-0f9efd3c9669": { "id": "f3e1d66d-34cf-491c-8a07-0f9efd3c9669", "title": "Post Shortcode <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Post Shortcode", "slug": "post-shortcode", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3e1d66d-34cf-491c-8a07-0f9efd3c9669?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3e2ddde-1421-4352-b93a-1492574f624e": { "id": "f3e2ddde-1421-4352-b93a-1492574f624e", "title": "CM Tooltip Glossary \u2013 Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CM Tooltip Glossary", "slug": "enhanced-tooltipglossary", "affected_versions": { "* - 4.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3e2ddde-1421-4352-b93a-1492574f624e?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3e74fb9-edb5-4602-9aac-375701a82f84": { "id": "f3e74fb9-edb5-4602-9aac-375701a82f84", "title": "Better WP Security <= 3.6.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection", "slug": "better-wp-security", "affected_versions": { "* - 3.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3e74fb9-edb5-4602-9aac-375701a82f84?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3eb1cb5-71ca-44c5-9434-e86301543357": { "id": "f3eb1cb5-71ca-44c5-9434-e86301543357", "title": "Support Board <= 3.3.3 - Multiple Unauthenticated SQL Injections", "software": [ { "type": "plugin", "name": "Support Board", "slug": "supportboard", "affected_versions": { "* - 3.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3eb1cb5-71ca-44c5-9434-e86301543357?source=api-scan" ], "published": "2021-09-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3ebaf25-1bd3-4770-b4bd-30de83b31add": { "id": "f3ebaf25-1bd3-4770-b4bd-30de83b31add", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.0.31 - Arbitrary Wordpress Shortcode Injection", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.0.31": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3ebaf25-1bd3-4770-b4bd-30de83b31add?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3ebbf7f-61f2-403f-8131-8cedeb13c2d4": { "id": "f3ebbf7f-61f2-403f-8131-8cedeb13c2d4", "title": "Mail logging - WP Mail Catcher <= 2.1.3 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Mail logging \u2013 WP Mail Catcher", "slug": "wp-mail-catcher", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3ebbf7f-61f2-403f-8131-8cedeb13c2d4?source=api-scan" ], "published": "2023-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3ef0c46-5765-458e-80c0-ecfc6ead6df6": { "id": "f3ef0c46-5765-458e-80c0-ecfc6ead6df6", "title": "Ultimate WP Query Search Filter <= 1.0.10 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate WP Query Search Filter", "slug": "ultimate-wp-query-search-filter", "affected_versions": { "* - 1.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3ef0c46-5765-458e-80c0-ecfc6ead6df6?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3f821d6-6a4e-4e3b-98e1-e38a34d5c8f9": { "id": "f3f821d6-6a4e-4e3b-98e1-e38a34d5c8f9", "title": "Discy <= 5.1 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "theme", "name": "Discy - Social Questions and Answers WordPress Theme", "slug": "discy", "affected_versions": { "[*, 5.2)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3f821d6-6a4e-4e3b-98e1-e38a34d5c8f9?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3fae909-5564-4e0a-9114-edd0e45865e5": { "id": "f3fae909-5564-4e0a-9114-edd0e45865e5", "title": "ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in stopOptimizeAll", "software": [ { "type": "plugin", "name": "ImageRecycle pdf & image compression", "slug": "imagerecycle-pdf-image-compression", "affected_versions": { "* - 3.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3fae909-5564-4e0a-9114-edd0e45865e5?source=api-scan" ], "published": "2024-02-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3fc1686-06a0-4d48-bb79-470e63cd3600": { "id": "f3fc1686-06a0-4d48-bb79-470e63cd3600", "title": "Echo Sign < 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Echo Sign", "slug": "echosign", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3fc1686-06a0-4d48-bb79-470e63cd3600?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3fe07df-3589-4767-a81d-a6b72c5ab1a8": { "id": "f3fe07df-3589-4767-a81d-a6b72c5ab1a8", "title": "LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.7.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3fe07df-3589-4767-a81d-a6b72c5ab1a8?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f3ff473c-c629-487c-9b18-e074534c7b79": { "id": "f3ff473c-c629-487c-9b18-e074534c7b79", "title": "WordPress Core < 5.5.2 - Spam Embed on Multisite Installations", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f3ff473c-c629-487c-9b18-e074534c7b79?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4050403-6b8c-4023-b170-39f3cb68583e": { "id": "f4050403-6b8c-4023-b170-39f3cb68583e", "title": "Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", "slug": "fluentform", "affected_versions": { "* - 5.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4050403-6b8c-4023-b170-39f3cb68583e?source=api-scan" ], "published": "2024-03-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4083d48-a1a8-4ab7-a67f-308bbbbcb4d5": { "id": "f4083d48-a1a8-4ab7-a67f-308bbbbcb4d5", "title": "USPS Shipping for WooCommerce \u2013 Live Rates <= 1.9.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "USPS Shipping for WooCommerce \u2013 Live Rates", "slug": "flexible-shipping-usps", "affected_versions": { "* - 1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4083d48-a1a8-4ab7-a67f-308bbbbcb4d5?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f40956e0-6e5c-4965-84f8-2420ad14a299": { "id": "f40956e0-6e5c-4965-84f8-2420ad14a299", "title": "Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget", "software": [ { "type": "plugin", "name": "Exclusive Addons for Elementor", "slug": "exclusive-addons-for-elementor", "affected_versions": { "* - 2.6.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f40956e0-6e5c-4965-84f8-2420ad14a299?source=api-scan" ], "published": "2024-02-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f40e7f8a-8bca-4a87-887c-8e11b1da46a1": { "id": "f40e7f8a-8bca-4a87-887c-8e11b1da46a1", "title": "Smart Recent Posts Widget <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Smart Recent Posts Widget", "slug": "smart-recent-posts-widget", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f40e7f8a-8bca-4a87-887c-8e11b1da46a1?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f412bdb0-953d-4375-85c2-b87f3aa77d60": { "id": "f412bdb0-953d-4375-85c2-b87f3aa77d60", "title": "Advanced Custom Fields 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secure Custom Fields", "slug": "advanced-custom-fields", "affected_versions": { "6.1 - 6.1.7": { "from_version": "6.1", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f412bdb0-953d-4375-85c2-b87f3aa77d60?source=api-scan" ], "published": "2023-08-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4143849-1cd1-4241-acf6-a34aaf7d369c": { "id": "f4143849-1cd1-4241-acf6-a34aaf7d369c", "title": "Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Car Rental System", "slug": "car", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4143849-1cd1-4241-acf6-a34aaf7d369c?source=api-scan" ], "published": "2020-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4198c51-4a26-4a50-b2c5-0467f8008b5b": { "id": "f4198c51-4a26-4a50-b2c5-0467f8008b5b", "title": "WP Social Buttons <= 2.1 - Admin+ Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Social Buttons", "slug": "wp-social-buttons", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4198c51-4a26-4a50-b2c5-0467f8008b5b?source=api-scan" ], "published": "2022-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f419b83c-9253-4ca6-a02a-7daad1819581": { "id": "f419b83c-9253-4ca6-a02a-7daad1819581", "title": "WordPress Core < 3.3.2 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f419b83c-9253-4ca6-a02a-7daad1819581?source=api-scan" ], "published": "2012-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f419d14a-90d1-445a-b629-c2e978c3ab81": { "id": "f419d14a-90d1-445a-b629-c2e978c3ab81", "title": "Advanced Blocks Pro <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Advanced Blocks Pro", "slug": "advanced-blocks-pro", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f419d14a-90d1-445a-b629-c2e978c3ab81?source=api-scan" ], "published": "2024-10-09 13:27:58", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f41b8d18-4a20-4b99-b375-3fafb41030ee": { "id": "f41b8d18-4a20-4b99-b375-3fafb41030ee", "title": "WP Table Builder <= 1.5.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Table Builder \u2013 WordPress Table Plugin", "slug": "wp-table-builder", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f41b8d18-4a20-4b99-b375-3fafb41030ee?source=api-scan" ], "published": "2024-08-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f41eecf8-dad9-4f98-91f5-c6ac472b8810": { "id": "f41eecf8-dad9-4f98-91f5-c6ac472b8810", "title": "Email Newsletter <= 20.15 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Email Newsletter", "slug": "email-newsletter", "affected_versions": { "* - 20.15": { "from_version": "*", "from_inclusive": true, "to_version": "20.15", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f41eecf8-dad9-4f98-91f5-c6ac472b8810?source=api-scan" ], "published": "2015-06-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4211712-26b2-4f59-82b8-928e405cd08d": { "id": "f4211712-26b2-4f59-82b8-928e405cd08d", "title": "The Holiday Calendar < 1.11.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "The Holiday Calendar", "slug": "the-holiday-calendar", "affected_versions": { "[*, 1.11.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.11.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4211712-26b2-4f59-82b8-928e405cd08d?source=api-scan" ], "published": "2015-07-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f426c32e-a376-4447-b83f-409a8eb0c499": { "id": "f426c32e-a376-4447-b83f-409a8eb0c499", "title": "IMPress Listings <= 2.6.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "IMPress Listings", "slug": "wp-listings", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f426c32e-a376-4447-b83f-409a8eb0c499?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f42dc6ab-4035-4e9e-b956-40395c7e309f": { "id": "f42dc6ab-4035-4e9e-b956-40395c7e309f", "title": "WP Maintenance Mode <= 1.8.7 - Missing Authorization Checks & Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder", "slug": "wp-maintenance-mode", "affected_versions": { "[*, 1.8.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f42dc6ab-4035-4e9e-b956-40395c7e309f?source=api-scan" ], "published": "2013-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f433edb4-a8df-4548-a401-0089b605bbe5": { "id": "f433edb4-a8df-4548-a401-0089b605bbe5", "title": "Spiffy Calendar <= 4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "* - 4.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f433edb4-a8df-4548-a401-0089b605bbe5?source=api-scan" ], "published": "2023-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f434585c-8533-4788-b0bc-5650390c29a8": { "id": "f434585c-8533-4788-b0bc-5650390c29a8", "title": "Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Cross-Site Request Forgery to Account Logout", "software": [ { "type": "plugin", "name": "Online Booking & Scheduling Calendar for WordPress by vcita", "slug": "meeting-scheduler-by-vcita", "affected_versions": { "* - 4.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f434585c-8533-4788-b0bc-5650390c29a8?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4366cf8-bf50-4d9f-9a85-2c2de7f7e90d": { "id": "f4366cf8-bf50-4d9f-9a85-2c2de7f7e90d", "title": "Action Network <= 1.4.2 - Reflected Cross-Site Scripting via 'search'", "software": [ { "type": "plugin", "name": "Action Network", "slug": "wp-action-network", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4366cf8-bf50-4d9f-9a85-2c2de7f7e90d?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f436ab65-a59c-4b2a-abc8-a7fc038678dd": { "id": "f436ab65-a59c-4b2a-abc8-a7fc038678dd", "title": "weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer", "software": [ { "type": "plugin", "name": "weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress", "slug": "weforms", "affected_versions": { "* - 1.6.21": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4393526-6357-40ee-a024-f461d0430a62": { "id": "f4393526-6357-40ee-a024-f461d0430a62", "title": "WordPress Core <= 2.0.5 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4393526-6357-40ee-a024-f461d0430a62?source=api-scan" ], "published": "2007-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f43b5c02-fb10-48f1-9457-f67c5008fe5b": { "id": "f43b5c02-fb10-48f1-9457-f67c5008fe5b", "title": "Innovs HR <= 1.0.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Innovs HR \u2013 Complete Human Resource Management System for Your Business", "slug": "innovs-hr-manager", "affected_versions": { "* - 1.0.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f43b5c02-fb10-48f1-9457-f67c5008fe5b?source=api-scan" ], "published": "2023-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f43e1eed-09f8-44b3-b6fa-d0344f331dd7": { "id": "f43e1eed-09f8-44b3-b6fa-d0344f331dd7", "title": "Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f43e1eed-09f8-44b3-b6fa-d0344f331dd7?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f440a5c5-2a48-4beb-849f-3f7cde5a8653": { "id": "f440a5c5-2a48-4beb-849f-3f7cde5a8653", "title": "Gerencianet Oficial <= 1.4.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Ef\u00ed Bank", "slug": "woo-gerencianet-official", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f440a5c5-2a48-4beb-849f-3f7cde5a8653?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4421782-8a7a-4bca-8c5a-7152dfafe902": { "id": "f4421782-8a7a-4bca-8c5a-7152dfafe902", "title": "Debug Assistant <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Debug Assistant", "slug": "debug-assistant", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4421782-8a7a-4bca-8c5a-7152dfafe902?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f444568c-fe4c-4fa6-9b83-2d069f851360": { "id": "f444568c-fe4c-4fa6-9b83-2d069f851360", "title": "Advanced Page Visit Counter <= 5.0.8 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress", "slug": "advanced-page-visit-counter", "affected_versions": { "* - 5.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f444568c-fe4c-4fa6-9b83-2d069f851360?source=api-scan" ], "published": "2022-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4454376-7c18-4f0e-a192-80212a59d94b": { "id": "f4454376-7c18-4f0e-a192-80212a59d94b", "title": "Push Notifications for WordPress by PushAssist <= 3.0.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Push Notifications for WordPress by PushAssist", "slug": "push-notification-for-wp-by-pushassist", "affected_versions": { "* - 3.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4454376-7c18-4f0e-a192-80212a59d94b?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f445de97-b6fd-4180-b63e-5b8da40dae6a": { "id": "f445de97-b6fd-4180-b63e-5b8da40dae6a", "title": "WP Edit Username <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "WP Edit Username", "slug": "wp-edit-username", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f445de97-b6fd-4180-b63e-5b8da40dae6a?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4460f0a-9417-48bf-b6b3-27a80632dd71": { "id": "f4460f0a-9417-48bf-b6b3-27a80632dd71", "title": "WPB Show Core <= 2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPB Show Core", "slug": "wpb-show-core", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4460f0a-9417-48bf-b6b3-27a80632dd71?source=api-scan" ], "published": "2024-03-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4494a0f-57fb-4ed7-8fdc-85b5dcee6549": { "id": "f4494a0f-57fb-4ed7-8fdc-85b5dcee6549", "title": "Product Table for WooCommerce <= 3.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Table for WooCommerce by CodeAstrology (wooproducttable.com)", "slug": "woo-product-table", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4494a0f-57fb-4ed7-8fdc-85b5dcee6549?source=api-scan" ], "published": "2022-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f44b8e21-4bfd-487f-96f1-d264d335f54f": { "id": "f44b8e21-4bfd-487f-96f1-d264d335f54f", "title": "GDPR Cookie Consent Notice Box <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GDPR Cookie Consent Notice Box", "slug": "cookie-consent-box", "affected_versions": { "* - 1.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f44b8e21-4bfd-487f-96f1-d264d335f54f?source=api-scan" ], "published": "2023-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f44b9e6d-2f84-45f6-9f74-3f23b03c5a49": { "id": "f44b9e6d-2f84-45f6-9f74-3f23b03c5a49", "title": "Password Reset with Code for WordPress REST API <= 0.0.15 - Weak Password Recovery Mechanism", "software": [ { "type": "plugin", "name": "Password Reset with Code for WordPress REST API", "slug": "bdvs-password-reset", "affected_versions": { "* - 0.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f44b9e6d-2f84-45f6-9f74-3f23b03c5a49?source=api-scan" ], "published": "2023-08-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f44bb823-bbf3-413b-82b5-a351609270bf": { "id": "f44bb823-bbf3-413b-82b5-a351609270bf", "title": "Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Header & Footer Builder", "slug": "header-footer-elementor", "affected_versions": { "* - 1.6.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f44bb823-bbf3-413b-82b5-a351609270bf?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f44d7a90-330f-42fb-a4f3-427e60ed7af8": { "id": "f44d7a90-330f-42fb-a4f3-427e60ed7af8", "title": "Print My Blog \u2013 Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Print My Blog \u2013 Print, PDF, & eBook Converter WordPress Plugin", "slug": "print-my-blog", "affected_versions": { "* - 3.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f44d7a90-330f-42fb-a4f3-427e60ed7af8?source=api-scan" ], "published": "2021-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4505b5a-de80-41e2-852f-d2290c1e42e4": { "id": "f4505b5a-de80-41e2-852f-d2290c1e42e4", "title": "Compact WP Audio Player <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fileurl", "software": [ { "type": "plugin", "name": "Compact WP Audio Player", "slug": "compact-wp-audio-player", "affected_versions": { "* - 1.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4505b5a-de80-41e2-852f-d2290c1e42e4?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f458663f-6b1a-4acd-b2db-c66d7a915ab7": { "id": "f458663f-6b1a-4acd-b2db-c66d7a915ab7", "title": "Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Popup by Supsystic", "slug": "popup-by-supsystic", "affected_versions": { "* - 1.10.19": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f458663f-6b1a-4acd-b2db-c66d7a915ab7?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f45b4c43-c6c4-41da-bd59-9a355800815a": { "id": "f45b4c43-c6c4-41da-bd59-9a355800815a", "title": "Import XML and RSS Feeds <= 2.1.3 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Import XML and RSS Feeds", "slug": "import-xml-feed", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f45b4c43-c6c4-41da-bd59-9a355800815a?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f460d529-f15e-4c23-ad67-94d3f4bc0c2e": { "id": "f460d529-f15e-4c23-ad67-94d3f4bc0c2e", "title": "WordPress Core <= 2.2 - Cross-Site Scripting", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f460d529-f15e-4c23-ad67-94d3f4bc0c2e?source=api-scan" ], "published": "2007-06-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f46b01e4-1022-45aa-8511-6d2519e4e562": { "id": "f46b01e4-1022-45aa-8511-6d2519e4e562", "title": "WP Setup Wizard <= 1.0.8.1 - Authenticated (Subscriber+) Full Database Download", "software": [ { "type": "plugin", "name": "WP Setup Wizard", "slug": "wp-setup-wizard", "affected_versions": { "* - 1.0.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f46b01e4-1022-45aa-8511-6d2519e4e562?source=api-scan" ], "published": "2024-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4703ca7-0677-4128-b9b7-31132ff1804d": { "id": "f4703ca7-0677-4128-b9b7-31132ff1804d", "title": "Jetpack \u2013 WP Security, Backup, Speed, & Growth < 4.2 - CSV Injection", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4703ca7-0677-4128-b9b7-31132ff1804d?source=api-scan" ], "published": "2017-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f477761d-3fad-4d35-8d41-d1710ec090f7": { "id": "f477761d-3fad-4d35-8d41-d1710ec090f7", "title": "Church Admin <= 4.3.6 - Authenticated (Admin+) Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Church Admin", "slug": "church-admin", "affected_versions": { "* - 4.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f477761d-3fad-4d35-8d41-d1710ec090f7?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f478ff7c-7193-4c59-a84f-c7cafff9b6c0": { "id": "f478ff7c-7193-4c59-a84f-c7cafff9b6c0", "title": "Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass", "software": [ { "type": "plugin", "name": "Anonymous Restricted Content", "slug": "anonymous-restricted-content", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f479d889-2c79-43eb-bb9b-f876839c4e07": { "id": "f479d889-2c79-43eb-bb9b-f876839c4e07", "title": "Starter Templates <= 4.4.0 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "slug": "astra-sites", "affected_versions": { "* - 4.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f479d889-2c79-43eb-bb9b-f876839c4e07?source=api-scan" ], "published": "2024-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f47a2ff1-627f-4d1c-b0b6-684be51526f1": { "id": "f47a2ff1-627f-4d1c-b0b6-684be51526f1", "title": "Simple Sitemap <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Sitemap \u2013 Create a Responsive HTML Sitemap", "slug": "simple-sitemap", "affected_versions": { "* - 3.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f47a2ff1-627f-4d1c-b0b6-684be51526f1?source=api-scan" ], "published": "2023-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f47d38d2-d388-4a79-a47b-af41cd85e404": { "id": "f47d38d2-d388-4a79-a47b-af41cd85e404", "title": "Border Loading Bar <= 1.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Border Loading Bar", "slug": "border-loading-bar", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f47d38d2-d388-4a79-a47b-af41cd85e404?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f47d50dc-ec14-40c8-95a2-f393986ed71b": { "id": "f47d50dc-ec14-40c8-95a2-f393986ed71b", "title": "CopySafe Web Protection < 2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CopySafe Web Protection", "slug": "wp-copysafe-web", "affected_versions": { "[*, 2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f47d50dc-ec14-40c8-95a2-f393986ed71b?source=api-scan" ], "published": "2017-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4832fbb-94ed-41c4-8434-1972f4d92476": { "id": "f4832fbb-94ed-41c4-8434-1972f4d92476", "title": "Ultimate Member <= 2.4.1 - Username Enumeration", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4832fbb-94ed-41c4-8434-1972f4d92476?source=api-scan" ], "published": "2022-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4835539-a66c-4d14-b3c3-9a3a64e89ea6": { "id": "f4835539-a66c-4d14-b3c3-9a3a64e89ea6", "title": "Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Asset CleanUp: Page Speed Booster", "slug": "wp-asset-clean-up", "affected_versions": { "* - 1.3.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4835539-a66c-4d14-b3c3-9a3a64e89ea6?source=api-scan" ], "published": "2022-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4895692-3851-4672-85ea-c703e44309d5": { "id": "f4895692-3851-4672-85ea-c703e44309d5", "title": "raindrops <= 1.600 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "raindrops", "slug": "raindrops", "affected_versions": { "* - 1.600": { "from_version": "*", "from_inclusive": true, "to_version": "1.600", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.700" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4895692-3851-4672-85ea-c703e44309d5?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f49408da-79d5-4653-b4c2-a9247f597380": { "id": "f49408da-79d5-4653-b4c2-a9247f597380", "title": "FormCraft <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "FormCraft \u2013 Form Builder", "slug": "formcraft-form-builder", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f49408da-79d5-4653-b4c2-a9247f597380?source=api-scan" ], "published": "2019-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4955368-85bc-4a9c-8d3a-446e09955f6c": { "id": "f4955368-85bc-4a9c-8d3a-446e09955f6c", "title": "Parsi Date <= 4.0.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Parsi Date", "slug": "wp-parsidate", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4955368-85bc-4a9c-8d3a-446e09955f6c?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4986bc3-ee34-43a6-bad2-9f6665adb35c": { "id": "f4986bc3-ee34-43a6-bad2-9f6665adb35c", "title": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox'", "software": [ { "type": "plugin", "name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress", "slug": "wp-user-avatar", "affected_versions": { "* - 4.15.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4986bc3-ee34-43a6-bad2-9f6665adb35c?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f49cafe0-2caf-4148-b7c9-1b78bbfba6e7": { "id": "f49cafe0-2caf-4148-b7c9-1b78bbfba6e7", "title": "Light Messages <= 1.0 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Light Messages", "slug": "light-messages", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f49cafe0-2caf-4148-b7c9-1b78bbfba6e7?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f49fba00-c576-4a1a-8b0b-9ebed3e3d090": { "id": "f49fba00-c576-4a1a-8b0b-9ebed3e3d090", "title": "Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Shariff Wrapper", "slug": "shariff", "affected_versions": { "* - 4.6.13": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f49fba00-c576-4a1a-8b0b-9ebed3e3d090?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4a4e3ef-ee88-4175-8628-c5511c20bf23": { "id": "f4a4e3ef-ee88-4175-8628-c5511c20bf23", "title": "WordPress Core < 4.7.1 - Cross-Site Scripting via Name and Version Header of Plugin", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.16": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.16", "to_inclusive": true }, "3.8 - 3.8.16": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.16", "to_inclusive": true }, "3.9 - 3.9.14": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true }, "4.0 - 4.0.13": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.13", "to_inclusive": true }, "4.1 - 4.1.13": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true }, "4.2 - 4.2.10": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.10", "to_inclusive": true }, "4.3 - 4.3.6": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true }, "4.4 - 4.4.5": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true }, "4.5 - 4.5.4": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true }, "4.6 - 4.6.1": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true }, "4.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.17", "3.8.17", "3.9.15", "4.0.14", "4.1.14", "4.2.11", "4.3.7", "4.4.6", "4.5.5", "4.6.2", "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4a4e3ef-ee88-4175-8628-c5511c20bf23?source=api-scan" ], "published": "2017-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4aac424-abf3-4d6c-a0a4-a95e2cf89864": { "id": "f4aac424-abf3-4d6c-a0a4-a95e2cf89864", "title": "Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions", "software": [ { "type": "plugin", "name": "Visitor Traffic Real Time Statistics", "slug": "visitors-traffic-real-time-statistics", "affected_versions": { "* - 7.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4aac424-abf3-4d6c-a0a4-a95e2cf89864?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4acd261-d924-46d5-8aef-49b026cba8ca": { "id": "f4acd261-d924-46d5-8aef-49b026cba8ca", "title": "EZPZ One Click Backup <= 12.03.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EZPZ One Click Backup", "slug": "ezpz-one-click-backup", "affected_versions": { "* - 12.03.10": { "from_version": "*", "from_inclusive": true, "to_version": "12.03.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4acd261-d924-46d5-8aef-49b026cba8ca?source=api-scan" ], "published": "2012-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4afcb16-9c97-483f-be48-31b5156bcca3": { "id": "f4afcb16-9c97-483f-be48-31b5156bcca3", "title": "Booster Elite for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure", "software": [ { "type": "plugin", "name": "Booster Elite for WooCommerce", "slug": "booster-elite-for-woocommerce", "affected_versions": { "[*, 7.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "7.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4afcb16-9c97-483f-be48-31b5156bcca3?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4b13a45-9141-47e3-ba11-c0ce15235936": { "id": "f4b13a45-9141-47e3-ba11-c0ce15235936", "title": "WooCommerce Shipping \u2013 DPD baltic <= 1.2.54 - Missing Authorization to Arbitrary Options Deletion", "software": [ { "type": "plugin", "name": "DPD Baltic Shipping", "slug": "woo-shipping-dpd-baltic", "affected_versions": { "* - 1.2.56": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4b13a45-9141-47e3-ba11-c0ce15235936?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4b1e7da-dbcd-4206-b908-4c814cde39d9": { "id": "f4b1e7da-dbcd-4206-b908-4c814cde39d9", "title": "Post Grid, Slider & Carousel Ultimate <= 1.4.3 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget", "slug": "post-grid-carousel-ultimate", "affected_versions": { "[*, 1.5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4b1e7da-dbcd-4206-b908-4c814cde39d9?source=api-scan" ], "published": "2022-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4b45791-4b85-4a2d-8019-1d438bd694cb": { "id": "f4b45791-4b85-4a2d-8019-1d438bd694cb", "title": "File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "File Manager Pro", "slug": "wp-file-manager-pro", "affected_versions": { "* - 8.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4b45791-4b85-4a2d-8019-1d438bd694cb?source=api-scan" ], "published": "2024-08-22 14:04:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4b69cff-31ac-4abe-8f03-07ee3fb4c285": { "id": "f4b69cff-31ac-4abe-8f03-07ee3fb4c285", "title": "MoolaMojo <= 0.7.4.1 Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MoolaMojo", "slug": "moolamojo", "affected_versions": { "* - 0.7.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4b69cff-31ac-4abe-8f03-07ee3fb4c285?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4ba4321-23e9-4e53-ab71-e68a0bcd8129": { "id": "f4ba4321-23e9-4e53-ab71-e68a0bcd8129", "title": "Football Pool <= 2.11.10 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Football Pool", "slug": "football-pool", "affected_versions": { "* - 2.11.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4ba4321-23e9-4e53-ab71-e68a0bcd8129?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4bf4e12-5cbb-45bc-938e-62163baaa15d": { "id": "f4bf4e12-5cbb-45bc-938e-62163baaa15d", "title": "Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thumbnail carousel slider", "slug": "wp-responsive-thumbnail-slider", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4bf4e12-5cbb-45bc-938e-62163baaa15d?source=api-scan" ], "published": "2023-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4bffbe6-8317-495b-b349-632c9a4f1f88": { "id": "f4bffbe6-8317-495b-b349-632c9a4f1f88", "title": "Azz Anonim Posting <= 0.9 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Azz Anonim Posting", "slug": "azz-anonim-posting", "affected_versions": { "* - 0.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4bffbe6-8317-495b-b349-632c9a4f1f88?source=api-scan" ], "published": "2024-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4c3f9c5-5086-416b-a601-2890f52547c0": { "id": "f4c3f9c5-5086-416b-a601-2890f52547c0", "title": "Advanced Woo Search <= 1.68 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced Woo Search", "slug": "advanced-woo-search", "affected_versions": { "* - 1.68": { "from_version": "*", "from_inclusive": true, "to_version": "1.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4c3f9c5-5086-416b-a601-2890f52547c0?source=api-scan" ], "published": "2019-05-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4c8932b-ede8-4f17-9612-5493c1130170": { "id": "f4c8932b-ede8-4f17-9612-5493c1130170", "title": "Profile Builder Pro <= 3.10.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Profile Builder Pro", "slug": "profile-builder-pro", "affected_versions": { "* - 3.10.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4c8932b-ede8-4f17-9612-5493c1130170?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4ca1736-7b99-49db-9367-586dbc14df41": { "id": "f4ca1736-7b99-49db-9367-586dbc14df41", "title": "WP User Control <= 1.5.3 - Insecure Password Reset Mechanism", "software": [ { "type": "plugin", "name": "WP User Control", "slug": "wp-user-control", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4ca1736-7b99-49db-9367-586dbc14df41?source=api-scan" ], "published": "2023-09-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4d41f7f-f0c6-4e50-bf5f-37ee25415f43": { "id": "f4d41f7f-f0c6-4e50-bf5f-37ee25415f43", "title": "Gallery Bank \u2013 WordPress Photo Gallery Plugin < 2.0.20 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery Bank \u2013 WordPress Photo Gallery Plugin", "slug": "gallery-bank", "affected_versions": { "[*, 2.0.20)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.20", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.20" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4d41f7f-f0c6-4e50-bf5f-37ee25415f43?source=api-scan" ], "published": "2013-10-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4d421df-310b-4a83-b521-c0d00045df52": { "id": "f4d421df-310b-4a83-b521-c0d00045df52", "title": "W3 Total Cache <= 2.1.4 - Reflected Cross-Site Scripting via extension", "software": [ { "type": "plugin", "name": "W3 Total Cache", "slug": "w3-total-cache", "affected_versions": { "0.5 - 2.1.4": { "from_version": "0.5", "from_inclusive": true, "to_version": "2.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4d421df-310b-4a83-b521-c0d00045df52?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4dad030-41e4-4d67-8650-8d268c44d352": { "id": "f4dad030-41e4-4d67-8650-8d268c44d352", "title": "WP Dummy Content Generator <= 2.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Dummy Content Generator", "slug": "wp-dummy-content-generator", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4dad030-41e4-4d67-8650-8d268c44d352?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4dbab86-926d-4438-8310-19373c9bdd99": { "id": "f4dbab86-926d-4438-8310-19373c9bdd99", "title": "Arigato Autoresponder and Newsletter <= 2.1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4dbab86-926d-4438-8310-19373c9bdd99?source=api-scan" ], "published": "2023-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4dd4479-2f41-426f-b98c-7c654a82ccfe": { "id": "f4dd4479-2f41-426f-b98c-7c654a82ccfe", "title": "Upload File Type Settings Plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Upload File Type Settings Plugin", "slug": "upload-file-type-settings-plugin", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4dd4479-2f41-426f-b98c-7c654a82ccfe?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4dfb4b5-b2a5-40bd-9dfb-863baa563d06": { "id": "f4dfb4b5-b2a5-40bd-9dfb-863baa563d06", "title": "Pinpoint Booking System <= 2.9.9.4.0 - Cross-Site Request Forgery via initBackEndAJAX", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "* - 2.9.9.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4dfb4b5-b2a5-40bd-9dfb-863baa563d06?source=api-scan" ], "published": "2023-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4e6fd53-0c97-4490-ab7a-9f6d195912b2": { "id": "f4e6fd53-0c97-4490-ab7a-9f6d195912b2", "title": "SVGMagic <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload", "software": [ { "type": "plugin", "name": "SVGMagic", "slug": "svgmagic", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4e6fd53-0c97-4490-ab7a-9f6d195912b2?source=api-scan" ], "published": "2024-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4e8ad18-fa25-414c-8a94-9ad9bd3c2e31": { "id": "f4e8ad18-fa25-414c-8a94-9ad9bd3c2e31", "title": "XO Event Calendar <= 2.3.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "XO Event Calendar", "slug": "xo-event-calendar", "affected_versions": { "* - 2.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4e8ad18-fa25-414c-8a94-9ad9bd3c2e31?source=api-scan" ], "published": "2021-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4ea6044-bf7b-469d-89ec-a9b89ef5715e": { "id": "f4ea6044-bf7b-469d-89ec-a9b89ef5715e", "title": "WebinarIgnition <= 3.05.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Webinar Solution: Create live\/evergreen\/automated\/instant webinars, stream & Zoom Meetings | WebinarIgnition", "slug": "webinar-ignition", "affected_versions": { "* - 3.05.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.05.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.05.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4ea6044-bf7b-469d-89ec-a9b89ef5715e?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4ef2ced-3c82-4379-8b14-1cf11482fd35": { "id": "f4ef2ced-3c82-4379-8b14-1cf11482fd35", "title": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4f0bb58-d904-4bf4-9e15-4ee6289c2df4": { "id": "f4f0bb58-d904-4bf4-9e15-4ee6289c2df4", "title": "Kaya QR Code Generator <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via qrCode attribute", "software": [ { "type": "plugin", "name": "Kaya QR Code Generator", "slug": "kaya-qr-code-generator", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4f0bb58-d904-4bf4-9e15-4ee6289c2df4?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4f84b2a-2674-42a1-9db1-d9c1f3db2376": { "id": "f4f84b2a-2674-42a1-9db1-d9c1f3db2376", "title": "Woocommerce Blocker Lite <= 2.1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Fraud Prevention For WooCommerce and EDD", "slug": "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4f84b2a-2674-42a1-9db1-d9c1f3db2376?source=api-scan" ], "published": "2023-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f4f96877-406b-4ec0-ac6b-ee1ffdb436e5": { "id": "f4f96877-406b-4ec0-ac6b-ee1ffdb436e5", "title": "MailChimp Forms by MailMunch <= 3.1.7 - Cross-Site Request Forgery via Multiple AJAX actions", "software": [ { "type": "plugin", "name": "MailChimp Forms by MailMunch", "slug": "mailchimp-forms-by-mailmunch", "affected_versions": { "* - 3.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f4f96877-406b-4ec0-ac6b-ee1ffdb436e5?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f507cec5-d66c-4cb0-8c35-a985aaee1283": { "id": "f507cec5-d66c-4cb0-8c35-a985aaee1283", "title": "EmbedPress <= 4.0.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor", "slug": "embedpress", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f507cec5-d66c-4cb0-8c35-a985aaee1283?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f50bca0a-7089-4b4e-820f-d311fdb88cf1": { "id": "f50bca0a-7089-4b4e-820f-d311fdb88cf1", "title": "WordPress Core 2.0.2 - 2.0.5 - Sensitive Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "2.0.2 - 2.0.5": { "from_version": "2.0.2", "from_inclusive": true, "to_version": "2.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f50bca0a-7089-4b4e-820f-d311fdb88cf1?source=api-scan" ], "published": "2007-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f50f1e64-5015-4e40-912e-92a4f16e1398": { "id": "f50f1e64-5015-4e40-912e-92a4f16e1398", "title": "Top 10 \u2013 Popular posts plugin - <= 3.2.4 - Authenticated(Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f50f1e64-5015-4e40-912e-92a4f16e1398?source=api-scan" ], "published": "2023-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f515ccf8-7231-4728-b155-c47049087d42": { "id": "f515ccf8-7231-4728-b155-c47049087d42", "title": "Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode", "software": [ { "type": "plugin", "name": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor", "slug": "profile-builder", "affected_versions": { "* - 3.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f515ccf8-7231-4728-b155-c47049087d42?source=api-scan" ], "published": "2024-01-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f51f0919-498e-4f86-a933-1b7f2c4a10a4": { "id": "f51f0919-498e-4f86-a933-1b7f2c4a10a4", "title": "WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration", "software": [ { "type": "plugin", "name": "WP Activity Log", "slug": "wp-security-audit-log", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] }, { "type": "plugin", "name": "WP Activity Log Premium", "slug": "wp-security-audit-log-premium", "affected_versions": { "* - 4.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=api-scan" ], "published": "2023-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f51f66d7-ba47-4b7b-9b94-ea4459cf6233": { "id": "f51f66d7-ba47-4b7b-9b94-ea4459cf6233", "title": "WP JobSearch <= 2.3.3 - Authentication Bypass", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f51f66d7-ba47-4b7b-9b94-ea4459cf6233?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5292c55-6445-4aec-b06e-6e625794d842": { "id": "f5292c55-6445-4aec-b06e-6e625794d842", "title": "Slider, Gallery, and Carousel by MetaSlider <= 3.17.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider, Gallery, and Carousel by MetaSlider \u2013 Image Sliders, Video Sliders", "slug": "ml-slider", "affected_versions": { "[*, 3.17.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.17.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.17.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5292c55-6445-4aec-b06e-6e625794d842?source=api-scan" ], "published": "2020-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f529b981-623f-4bd3-9155-ebfab4c65d1d": { "id": "f529b981-623f-4bd3-9155-ebfab4c65d1d", "title": "WordPress Simple HTML Sitemap <= 3.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Simple HTML Sitemap", "slug": "wp-simple-html-sitemap", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f529b981-623f-4bd3-9155-ebfab4c65d1d?source=api-scan" ], "published": "2024-09-24 15:19:19", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f52aede5-21c3-46b9-800e-860a677a4b90": { "id": "f52aede5-21c3-46b9-800e-860a677a4b90", "title": "WordPress Download Manager <= 2.9.45 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 2.9.45": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.45", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f52aede5-21c3-46b9-800e-860a677a4b90?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f52d5c44-4a5e-4a45-b622-66aa4e509fd8": { "id": "f52d5c44-4a5e-4a45-b622-66aa4e509fd8", "title": "Knews Multilingual Newsletters < 1.2.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Knews Multilingual Newsletters", "slug": "knews", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f52d5c44-4a5e-4a45-b622-66aa4e509fd8?source=api-scan" ], "published": "2012-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f52f6d55-d0f5-4eba-bc07-ed94bded8777": { "id": "f52f6d55-d0f5-4eba-bc07-ed94bded8777", "title": "Sabai Discuss <= 1.4.13 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sabai Discuss", "slug": "sabaisdiscuss", "affected_versions": { "* - 1.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f52f6d55-d0f5-4eba-bc07-ed94bded8777?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f531489b-a87d-41e7-a988-8b29840047ec": { "id": "f531489b-a87d-41e7-a988-8b29840047ec", "title": "GS Filterable Portfolio <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Portfolio Plugin \u2013 A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more", "slug": "gs-portfolio", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f531489b-a87d-41e7-a988-8b29840047ec?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f53875aa-9347-464c-aaeb-e8248628fca2": { "id": "f53875aa-9347-464c-aaeb-e8248628fca2", "title": "miniOrange's Google Authenticator <= 5.4.52 - Unauthenticated Arbitrary Options Deletion", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.4.52": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.52", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f53875aa-9347-464c-aaeb-e8248628fca2?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f53cd4a3-a6db-42c2-b4d8-218071c4bcd4": { "id": "f53cd4a3-a6db-42c2-b4d8-218071c4bcd4", "title": "Premmerce User Roles <= 1.0.12 - Missing Authorization via role management functions", "software": [ { "type": "plugin", "name": "Premmerce User Roles", "slug": "premmerce-user-roles", "affected_versions": { "* - 1.0.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f53cd4a3-a6db-42c2-b4d8-218071c4bcd4?source=api-scan" ], "published": "2023-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f53e5192-e809-400c-aed9-36b5d6415a9d": { "id": "f53e5192-e809-400c-aed9-36b5d6415a9d", "title": "Orbit Fox by ThemeIsle <= 2.6.3 - Improper REST Capabilities Checks", "software": [ { "type": "plugin", "name": "Orbit Fox by ThemeIsle", "slug": "themeisle-companion", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f53e5192-e809-400c-aed9-36b5d6415a9d?source=api-scan" ], "published": "2018-11-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f53e9354-248f-4d13-a1c0-8355b268fae2": { "id": "f53e9354-248f-4d13-a1c0-8355b268fae2", "title": "WP News <= 1.1.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "WP News \u2013 WordPress News \/ Magazine Plugin", "slug": "wp-news-magazine", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f53e9354-248f-4d13-a1c0-8355b268fae2?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5442453-6b72-4c8b-8b9f-59b8536aac73": { "id": "f5442453-6b72-4c8b-8b9f-59b8536aac73", "title": "WOOCS <= 1.3.7.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FOX \u2013 Currency Switcher Professional for WooCommerce", "slug": "woocommerce-currency-switcher", "affected_versions": { "* - 1.3.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5442453-6b72-4c8b-8b9f-59b8536aac73?source=api-scan" ], "published": "2021-12-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f54527ce-8137-4ba9-b4e6-52cea6cfe2da": { "id": "f54527ce-8137-4ba9-b4e6-52cea6cfe2da", "title": "Mail Masta <= 1.0 - SQL Injection via list_id parameter", "software": [ { "type": "plugin", "name": "Mail Masta", "slug": "mail-masta", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f54527ce-8137-4ba9-b4e6-52cea6cfe2da?source=api-scan" ], "published": "2017-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5492bff-cfd9-41ed-a59b-4445d5e83e86": { "id": "f5492bff-cfd9-41ed-a59b-4445d5e83e86", "title": "WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection", "software": [ { "type": "plugin", "name": "WP Quick FrontEnd Editor \u2013 WordPress Plugin", "slug": "wp-quick-front-end-editor", "affected_versions": { "* - 5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=api-scan" ], "published": "2021-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f54cdad2-88db-4604-8064-fa6175176760": { "id": "f54cdad2-88db-4604-8064-fa6175176760", "title": "wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f54cdad2-88db-4604-8064-fa6175176760?source=api-scan" ], "published": "2024-05-31 19:39:04", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f54f1e41-788b-45e5-b84f-06e664f5c597": { "id": "f54f1e41-788b-45e5-b84f-06e664f5c597", "title": "Email Marketing for WooCommerce by Omnisend <= 1.14.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Email Marketing for WooCommerce by Omnisend", "slug": "omnisend-connect", "affected_versions": { "* - 1.14.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f54f1e41-788b-45e5-b84f-06e664f5c597?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5500911-52cf-43b5-a15e-e8db5bedd5af": { "id": "f5500911-52cf-43b5-a15e-e8db5bedd5af", "title": "Real Cookie Banner <= 2.18.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real Cookie Banner: GDPR & ePrivacy Cookie Consent", "slug": "real-cookie-banner", "affected_versions": { "* - 2.18.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.18.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.18.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5500911-52cf-43b5-a15e-e8db5bedd5af?source=api-scan" ], "published": "2022-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5531449-c70f-488f-95ee-5208138968d1": { "id": "f5531449-c70f-488f-95ee-5208138968d1", "title": "Post SMTP Mailer\/Email Log <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post SMTP \u2013 WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications \u2013 Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more", "slug": "post-smtp", "affected_versions": { "* - 2.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5531449-c70f-488f-95ee-5208138968d1?source=api-scan" ], "published": "2022-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f557ddf1-cee3-498c-87bc-fa81bf574591": { "id": "f557ddf1-cee3-498c-87bc-fa81bf574591", "title": "ACF Photo Gallery Field <= 2.6 - Missing Authorization in apgf_update_donation", "software": [ { "type": "plugin", "name": "ACF Photo Gallery Field", "slug": "navz-photo-gallery", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f557ddf1-cee3-498c-87bc-fa81bf574591?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f55a9d35-596c-4207-be11-ade1127df369": { "id": "f55a9d35-596c-4207-be11-ade1127df369", "title": "Quiz And Survey Master <= 7.3.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.3.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f55a9d35-596c-4207-be11-ade1127df369?source=api-scan" ], "published": "2022-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f55af49e-82c8-462b-8c0b-a25e966a27af": { "id": "f55af49e-82c8-462b-8c0b-a25e966a27af", "title": "Complianz - GDPR\/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_delete_cookiebanner", "software": [ { "type": "plugin", "name": "Complianz \u2013 GDPR\/CCPA Cookie Consent", "slug": "complianz-gdpr", "affected_versions": { "* - 6.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f55af49e-82c8-462b-8c0b-a25e966a27af?source=api-scan" ], "published": "2023-05-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f55e0471-664c-4fb4-8776-0c8312d8327b": { "id": "f55e0471-664c-4fb4-8776-0c8312d8327b", "title": "MainWP Code Snippets Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "MainWP Code Snippets Extension", "slug": "mainwp-code-snippets-extension", "affected_versions": { "* - 4.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f55e0471-664c-4fb4-8776-0c8312d8327b?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5608f50-e17a-471f-b644-dceb64d82f0c": { "id": "f5608f50-e17a-471f-b644-dceb64d82f0c", "title": "Ziteboard Online Whiteboard <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode", "software": [ { "type": "plugin", "name": "Ziteboard Online Whiteboard", "slug": "ziteboard-online-whiteboard", "affected_versions": { "* - 2.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5608f50-e17a-471f-b644-dceb64d82f0c?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f56494b7-0552-42d3-b3c6-fe26096f6cf5": { "id": "f56494b7-0552-42d3-b3c6-fe26096f6cf5", "title": "Import and export users and customers <= 1.26.2 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Import and export users and customers", "slug": "import-users-from-csv-with-meta", "affected_versions": { "* - 1.26.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.26.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.26.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f56494b7-0552-42d3-b3c6-fe26096f6cf5?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f56a632d-4c5f-4d89-9cd9-8fc3697ff3ca": { "id": "f56a632d-4c5f-4d89-9cd9-8fc3697ff3ca", "title": "Membership by Supsystic <= 1.5.0 - Authenticated (Admin+) Time-Based Blind SQL Injection", "software": [ { "type": "plugin", "name": "Membership by Supsystic", "slug": "membership-by-supsystic", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f56a632d-4c5f-4d89-9cd9-8fc3697ff3ca?source=api-scan" ], "published": "2021-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5733a60-8078-48ed-9395-ea79b4199f7e": { "id": "f5733a60-8078-48ed-9395-ea79b4199f7e", "title": "WP System Log < 1.0.21 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Activity Log WinterLock", "slug": "winterlock", "affected_versions": { "[*, 1.0.21)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5733a60-8078-48ed-9395-ea79b4199f7e?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5740c07-28b3-40ce-997e-e4ec76348cf4": { "id": "f5740c07-28b3-40ce-997e-e4ec76348cf4", "title": "Feed Statistics <= 4.1 - Cross-Site Request Forgery via init", "software": [ { "type": "plugin", "name": "Feed Statistics", "slug": "wordpress-feed-statistics", "affected_versions": { "* - 4.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5740c07-28b3-40ce-997e-e4ec76348cf4?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5779c73-0188-4b8c-9f1d-7d00d234a334": { "id": "f5779c73-0188-4b8c-9f1d-7d00d234a334", "title": "WP eStore <= 8.5.4 - Cross-Site Request Forgery to Coupon Deletion", "software": [ { "type": "plugin", "name": "WP eStore", "slug": "wp-cart-for-digital-products", "affected_versions": { "* - 8.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5779c73-0188-4b8c-9f1d-7d00d234a334?source=api-scan" ], "published": "2024-06-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f57b8ed5-f7cf-451b-b6ee-346b6c92d60b": { "id": "f57b8ed5-f7cf-451b-b6ee-346b6c92d60b", "title": "Easy Digital Downloads <= 3.2.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy", "slug": "easy-digital-downloads", "affected_versions": { "* - 3.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f57b8ed5-f7cf-451b-b6ee-346b6c92d60b?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f57dc0fe-07f3-457e-8080-fe530f6a9f01": { "id": "f57dc0fe-07f3-457e-8080-fe530f6a9f01", "title": "Open Graph <= 1.11.2 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Open Graph", "slug": "opengraph", "affected_versions": { "* - 1.11.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f57dc0fe-07f3-457e-8080-fe530f6a9f01?source=api-scan" ], "published": "2024-06-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f582eb1d-fcd0-4758-9922-969f8eb6efea": { "id": "f582eb1d-fcd0-4758-9922-969f8eb6efea", "title": "WordPress Core <= 2.2.1 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true }, "2.2 - 2.2.1": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11", "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f582eb1d-fcd0-4758-9922-969f8eb6efea?source=api-scan" ], "published": "2007-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5867f37-ae58-4f75-828e-bb99b3e5252e": { "id": "f5867f37-ae58-4f75-828e-bb99b3e5252e", "title": "Currency Switcher for WordPress <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Currency Switcher for WordPress", "slug": "advanced-currency-switcher", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5867f37-ae58-4f75-828e-bb99b3e5252e?source=api-scan" ], "published": "2022-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5880581-3505-4851-b32f-cd2873072f73": { "id": "f5880581-3505-4851-b32f-cd2873072f73", "title": "Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Staff List", "slug": "simple-staff-list", "affected_versions": { "* - 2.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5880581-3505-4851-b32f-cd2873072f73?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f58d5464-b12d-4d01-985a-68854b0b2fdd": { "id": "f58d5464-b12d-4d01-985a-68854b0b2fdd", "title": "Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "* - 1.28.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.28.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.29.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f58d5464-b12d-4d01-985a-68854b0b2fdd?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f58efd6c-58f2-464b-8aaf-f4f5c4c52f09": { "id": "f58efd6c-58f2-464b-8aaf-f4f5c4c52f09", "title": "ProfileGrid <= 5.7.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f58efd6c-58f2-464b-8aaf-f4f5c4c52f09?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f58f994e-0a9b-4b40-9e38-535169c793d3": { "id": "f58f994e-0a9b-4b40-9e38-535169c793d3", "title": "Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculateSeveralProducts function", "software": [ { "type": "plugin", "name": "Advanced Dynamic Pricing for WooCommerce", "slug": "advanced-dynamic-pricing-for-woocommerce", "affected_versions": { "* - 4.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f58f994e-0a9b-4b40-9e38-535169c793d3?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f59004bb-b026-4137-a332-f46a09237e7b": { "id": "f59004bb-b026-4137-a332-f46a09237e7b", "title": "Welcart e-Commerce <= 2.9.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f59004bb-b026-4137-a332-f46a09237e7b?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f59891c7-db1a-4688-8616-8877d7d7960d": { "id": "f59891c7-db1a-4688-8616-8877d7d7960d", "title": "The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f59891c7-db1a-4688-8616-8877d7d7960d?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f59cf3d6-06a0-42ec-a604-5f59c6b2be40": { "id": "f59cf3d6-06a0-42ec-a604-5f59c6b2be40", "title": "Razorpay for WooCommerce <= 4.5.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Razorpay for WooCommerce", "slug": "woo-razorpay", "affected_versions": { "* - 4.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f59cf3d6-06a0-42ec-a604-5f59c6b2be40?source=api-scan" ], "published": "2023-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5a37df3-001b-4acd-91b1-7961896fb71f": { "id": "f5a37df3-001b-4acd-91b1-7961896fb71f", "title": "Mortgage Calculators WP <= 1.56 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Mortgage Calculators WP", "slug": "mortgage-calculators-wp", "affected_versions": { "* - 1.56": { "from_version": "*", "from_inclusive": true, "to_version": "1.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5a37df3-001b-4acd-91b1-7961896fb71f?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5a4a017-52d7-44a5-b00f-ce13eda989bc": { "id": "f5a4a017-52d7-44a5-b00f-ce13eda989bc", "title": "Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL", "software": [ { "type": "plugin", "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)", "slug": "image-hover-effects-ultimate", "affected_versions": { "* - 9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5a4a017-52d7-44a5-b00f-ce13eda989bc?source=api-scan" ], "published": "2022-08-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5a54d1d-3593-4ba1-a747-651278488be6": { "id": "f5a54d1d-3593-4ba1-a747-651278488be6", "title": "Special Feed Items <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Special Feed Items", "slug": "special-feed-items", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5a54d1d-3593-4ba1-a747-651278488be6?source=api-scan" ], "published": "2024-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5a71d0a-e00f-4794-acc2-834334d5b336": { "id": "f5a71d0a-e00f-4794-acc2-834334d5b336", "title": "Easy Social Share Buttons for WordPress <= 3.4.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Social Share Buttons for WordPress", "slug": "easy-social-share-buttons-for-wordpress", "affected_versions": { "[*, 3.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5a71d0a-e00f-4794-acc2-834334d5b336?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5a827b1-7f66-4a24-9e31-c3f3e36b4772": { "id": "f5a827b1-7f66-4a24-9e31-c3f3e36b4772", "title": "Google Maps in Posts <= 1.5.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Maps in Posts", "slug": "google-maps-in-posts", "affected_versions": { "* - 1.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5a827b1-7f66-4a24-9e31-c3f3e36b4772?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5ab7d3e-b0c8-4e30-942b-23d91daff2ac": { "id": "f5ab7d3e-b0c8-4e30-942b-23d91daff2ac", "title": "Secondary Title <= 2.0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Secondary Title", "slug": "secondary-title", "affected_versions": { "* - 2.0.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5ab7d3e-b0c8-4e30-942b-23d91daff2ac?source=api-scan" ], "published": "2023-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5ac3714-27f1-4258-a1ab-12b969b31793": { "id": "f5ac3714-27f1-4258-a1ab-12b969b31793", "title": "Layer Slider <= 1.1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Layer Slider", "slug": "slider-slideshow", "affected_versions": { "* - 1.1.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5ac3714-27f1-4258-a1ab-12b969b31793?source=api-scan" ], "published": "2023-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5ad74c5-93ba-414c-98ad-0987547f172f": { "id": "f5ad74c5-93ba-414c-98ad-0987547f172f", "title": "Simple Download Monitor <= 3.2.8 - Missing Authorization", "software": [ { "type": "plugin", "name": "Simple Download Monitor", "slug": "simple-download-monitor", "affected_versions": { "* - 3.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5ad74c5-93ba-414c-98ad-0987547f172f?source=api-scan" ], "published": "2016-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5afe6ea-93b8-4782-8593-76468e370a45": { "id": "f5afe6ea-93b8-4782-8593-76468e370a45", "title": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers", "slug": "email-encoder-bundle", "affected_versions": { "* - 2.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5afe6ea-93b8-4782-8593-76468e370a45?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5b00784-9120-403d-9788-3cd3c3c020aa": { "id": "f5b00784-9120-403d-9788-3cd3c3c020aa", "title": "WP Dynamic Keywords Injector <= 2.3.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Dynamic Keywords Injector", "slug": "wp-dynamic-keywords-injector", "affected_versions": { "* - 2.3.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5b00784-9120-403d-9788-3cd3c3c020aa?source=api-scan" ], "published": "2023-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5b08a10-f6bc-44a0-865a-5ad71a1772f7": { "id": "f5b08a10-f6bc-44a0-865a-5ad71a1772f7", "title": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.6.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5b08a10-f6bc-44a0-865a-5ad71a1772f7?source=api-scan" ], "published": "2023-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5b28fc2-4551-46dc-baa4-29ff19a1bf77": { "id": "f5b28fc2-4551-46dc-baa4-29ff19a1bf77", "title": "Social Discussions <= 6.1.1 - Remote File Inclusion and Full Path Disclosure", "software": [ { "type": "plugin", "name": "Social Discussions", "slug": "social-discussions", "affected_versions": { "* - 6.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5b28fc2-4551-46dc-baa4-29ff19a1bf77?source=api-scan" ], "published": "2012-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5b8d39c-d307-42c9-a972-29b5521a82a4": { "id": "f5b8d39c-d307-42c9-a972-29b5521a82a4", "title": "Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update", "software": [ { "type": "plugin", "name": "Blog2Social: Social Media Auto Post & Scheduler", "slug": "blog2social", "affected_versions": { "* - 6.9.11": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5ba832e-98bc-421d-9b60-e6260c408815": { "id": "f5ba832e-98bc-421d-9b60-e6260c408815", "title": "Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode", "software": [ { "type": "plugin", "name": "Colibri Page Builder", "slug": "colibri-page-builder", "affected_versions": { "* - 1.0.272": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.272", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.274" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5ba832e-98bc-421d-9b60-e6260c408815?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5bcad01-02ca-46a0-9196-df9f2110bc8a": { "id": "f5bcad01-02ca-46a0-9196-df9f2110bc8a", "title": "404like <= 1.0 - SQL Injection", "software": [ { "type": "plugin", "name": "404Like", "slug": "404like", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5bcad01-02ca-46a0-9196-df9f2110bc8a?source=api-scan" ], "published": "2012-02-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5bdf47a-1116-4d3a-8ded-89d76b5a6f82": { "id": "f5bdf47a-1116-4d3a-8ded-89d76b5a6f82", "title": "User Notes <= 1.0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Notes", "slug": "user-notes", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5bdf47a-1116-4d3a-8ded-89d76b5a6f82?source=api-scan" ], "published": "2021-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5c1f0f4-4557-4ae9-bf0d-14c61721a2c5": { "id": "f5c1f0f4-4557-4ae9-bf0d-14c61721a2c5", "title": "NEX Forms <= 7.8.7 - Authentication Bypass for PDF Reports", "software": [ { "type": "plugin", "name": "nex-forms", "slug": "nex-forms", "affected_versions": { "* - 7.8.7": { "from_version": "*", "from_inclusive": true, "to_version": "7.8.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.8.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5c1f0f4-4557-4ae9-bf0d-14c61721a2c5?source=api-scan" ], "published": "2021-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5c449f1-4715-4033-b0a3-6a8ca968aabc": { "id": "f5c449f1-4715-4033-b0a3-6a8ca968aabc", "title": "Email Templates <= 1.3 - HTML Injection", "software": [ { "type": "plugin", "name": "Email Templates Customizer and Designer for WordPress and WooCommerce", "slug": "email-templates", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=api-scan" ], "published": "2019-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5cdd3c1-6353-4bee-a4f9-5b7972f0970c": { "id": "f5cdd3c1-6353-4bee-a4f9-5b7972f0970c", "title": "Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta", "software": [ { "type": "plugin", "name": "Porto Theme - Functionality", "slug": "porto-functionality", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5cdd3c1-6353-4bee-a4f9-5b7972f0970c?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5d43612-ae16-4fa4-a1f0-91540ebac264": { "id": "f5d43612-ae16-4fa4-a1f0-91540ebac264", "title": "LiveJournal Shortcode <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "LiveJournal Shortcode", "slug": "livejournal-shortcode", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5d43612-ae16-4fa4-a1f0-91540ebac264?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5da3a4f-7084-4ba9-89c9-5a480efc7eca": { "id": "f5da3a4f-7084-4ba9-89c9-5a480efc7eca", "title": "CSprite <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CSprite", "slug": "csprite", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5da3a4f-7084-4ba9-89c9-5a480efc7eca?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5da4cdd-15c7-41a6-be2f-e31bd407ae05": { "id": "f5da4cdd-15c7-41a6-be2f-e31bd407ae05", "title": "Classified Listing \u2013 Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Classified Listing \u2013 Classified ads & Business Directory Plugin", "slug": "classified-listing", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5da4cdd-15c7-41a6-be2f-e31bd407ae05?source=api-scan" ], "published": "2024-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5dc94fc-de11-42e7-a598-956ad345e7ff": { "id": "f5dc94fc-de11-42e7-a598-956ad345e7ff", "title": "Zoho Campaigns <= 2.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Zoho Campaigns", "slug": "zoho-campaigns", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5dc94fc-de11-42e7-a598-956ad345e7ff?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5e400f8-35b4-4be4-bb00-c59e14ddd57f": { "id": "f5e400f8-35b4-4be4-bb00-c59e14ddd57f", "title": "Contest Gallery <= 23.1.2 - Unauthenticated Information Exposure", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 23.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "23.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "23.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5e400f8-35b4-4be4-bb00-c59e14ddd57f?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5e4a172-38de-49d3-8a5d-62253cf6d67c": { "id": "f5e4a172-38de-49d3-8a5d-62253cf6d67c", "title": "WP Media folder <= 5.7.2 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WP Media folder", "slug": "wp-media-folder", "affected_versions": { "* - 5.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5e4a172-38de-49d3-8a5d-62253cf6d67c?source=api-scan" ], "published": "2024-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5e6cb50-8262-406b-b01e-37d62a4bd394": { "id": "f5e6cb50-8262-406b-b01e-37d62a4bd394", "title": "Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ajax Search Lite", "slug": "ajax-search-lite", "affected_versions": { "* - 4.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.11.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5e6cb50-8262-406b-b01e-37d62a4bd394?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5e88393-c76b-49b6-a55c-06094e6f82d8": { "id": "f5e88393-c76b-49b6-a55c-06094e6f82d8", "title": "Login with Cognito <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Login with Cognito", "slug": "login-with-cognito", "affected_versions": { "* - 1.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5e88393-c76b-49b6-a55c-06094e6f82d8?source=api-scan" ], "published": "2022-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5e984d5-2537-4a4a-a071-084e0c1c3b5e": { "id": "f5e984d5-2537-4a4a-a071-084e0c1c3b5e", "title": "Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "26.5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5e984d5-2537-4a4a-a071-084e0c1c3b5e?source=api-scan" ], "published": "2022-11-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5eb066b-8ab4-47e7-b055-4a9d7a897a3c": { "id": "f5eb066b-8ab4-47e7-b055-4a9d7a897a3c", "title": "Booking Calendar Contact Form < 1.0.24 - Blind SQL Injection", "software": [ { "type": "plugin", "name": "Booking Calendar Contact Form", "slug": "booking-calendar-contact-form", "affected_versions": { "[*, 1.0.24)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.24", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5eb066b-8ab4-47e7-b055-4a9d7a897a3c?source=api-scan" ], "published": "2016-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5ec709c-c67d-4067-a118-166e104d148a": { "id": "f5ec709c-c67d-4067-a118-166e104d148a", "title": "Help Center by BestWebSoft <= 1.0.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Help Center by BestWebSoft", "slug": "zendesk-help-center", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5ec709c-c67d-4067-a118-166e104d148a?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5f18cae-b7f8-4afd-adfa-c616c63f9419": { "id": "f5f18cae-b7f8-4afd-adfa-c616c63f9419", "title": "Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "2.2.87 - 2.2.90": { "from_version": "2.2.87", "from_inclusive": true, "to_version": "2.2.90", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.91" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5f18cae-b7f8-4afd-adfa-c616c63f9419?source=api-scan" ], "published": "2024-09-10 14:51:09", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5f19184-60ff-4cf9-85c3-86a6c84a2a63": { "id": "f5f19184-60ff-4cf9-85c3-86a6c84a2a63", "title": "Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Import", "software": [ { "type": "plugin", "name": "Simple 301 Redirects By BetterLinks \u2013 Easy WordPress Redirect Manager for Redirects, 404 Error Log & More", "slug": "simple-301-redirects", "affected_versions": { "2.0.0 - 2.0.3": { "from_version": "2.0.0", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5f19184-60ff-4cf9-85c3-86a6c84a2a63?source=api-scan" ], "published": "2021-05-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5f59b16-b38a-451b-b220-044598872735": { "id": "f5f59b16-b38a-451b-b220-044598872735", "title": "Meta Slider and Carousel with Lightbox <= 1.6.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Meta Slider and Carousel with Lightbox", "slug": "meta-slider-and-carousel-with-lightbox", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5f59b16-b38a-451b-b220-044598872735?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5fba145-5cb6-4ea1-8691-6bad3dcfbcf4": { "id": "f5fba145-5cb6-4ea1-8691-6bad3dcfbcf4", "title": "ARForms <= 6.4 - Missing Authorization to Arbitrary Plugin Activation\/Deactivation", "software": [ { "type": "plugin", "name": "ARforms", "slug": "arforms", "affected_versions": { "* - 6.4": { "from_version": "*", "from_inclusive": true, "to_version": "6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5fba145-5cb6-4ea1-8691-6bad3dcfbcf4?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f5fda67f-2bec-4439-8f7b-892fd89b9390": { "id": "f5fda67f-2bec-4439-8f7b-892fd89b9390", "title": "Woocommerce OpenPos <= 7.0.1 - Missing Authorization to Information Exposure", "software": [ { "type": "plugin", "name": "Openpos - WooCommerce Point Of Sale(POS)", "slug": "woocommerce-openpos", "affected_versions": { "* - 7.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f5fda67f-2bec-4439-8f7b-892fd89b9390?source=api-scan" ], "published": "2024-07-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f600361c-cf7a-498c-aa3d-beeb28d27101": { "id": "f600361c-cf7a-498c-aa3d-beeb28d27101", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Zip Extraction to Arbitrary File Upload in File Manager", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.66": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.66", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.67" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f600361c-cf7a-498c-aa3d-beeb28d27101?source=api-scan" ], "published": "2023-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f603a25f-7d56-4cf4-89aa-de87ee49522a": { "id": "f603a25f-7d56-4cf4-89aa-de87ee49522a", "title": "Delete Duplicate Posts <= 4.8.9 - Missing Authorization via AJAX Actions", "software": [ { "type": "plugin", "name": "Delete Duplicate Posts", "slug": "delete-duplicate-posts", "affected_versions": { "[*, 4.9)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f603a25f-7d56-4cf4-89aa-de87ee49522a?source=api-scan" ], "published": "2023-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6047ae6-b1b4-4b31-aa12-560927e1040b": { "id": "f6047ae6-b1b4-4b31-aa12-560927e1040b", "title": "Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism", "software": [ { "type": "plugin", "name": "Build App Online", "slug": "build-app-online", "affected_versions": { "* - 1.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6047ae6-b1b4-4b31-aa12-560927e1040b?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f607b33a-58ef-4526-9ca1-aaa444aa12bc": { "id": "f607b33a-58ef-4526-9ca1-aaa444aa12bc", "title": "Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Wp-Insert", "slug": "wp-insert", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f607b33a-58ef-4526-9ca1-aaa444aa12bc?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6092987-5f60-42ac-9636-e1e0a2c85147": { "id": "f6092987-5f60-42ac-9636-e1e0a2c85147", "title": "http-cache-semantics < 4.1.1 - Regular Expression Denial of Service (ReDoS)", "software": [ { "type": "plugin", "name": "Simple Local Avatars", "slug": "simple-local-avatars", "affected_versions": { "* - 2.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6092987-5f60-42ac-9636-e1e0a2c85147?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f60df43a-eef3-449d-96fd-b26e28361f81": { "id": "f60df43a-eef3-449d-96fd-b26e28361f81", "title": "Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "software": [ { "type": "plugin", "name": "Easy Menu Manager | WPZest", "slug": "easy-menu-manager-wpzest", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f60df43a-eef3-449d-96fd-b26e28361f81?source=api-scan" ], "published": "2024-10-17 15:42:10", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f60fef0e-5b2d-4672-ab3d-21e4b6708f4a": { "id": "f60fef0e-5b2d-4672-ab3d-21e4b6708f4a", "title": "Custom Website Data < 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Website Data", "slug": "simple-custom-website-data", "affected_versions": { "[*, 1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f60fef0e-5b2d-4672-ab3d-21e4b6708f4a?source=api-scan" ], "published": "2013-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f610d7ef-fb7c-4c3b-bde2-d7071331be70": { "id": "f610d7ef-fb7c-4c3b-bde2-d7071331be70", "title": "Webinar and Video Conference with Jitsi Meet <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Webinar and Video Conference with Jitsi Meet \u2013 Create Branded Webinars for WordPress, Meetings & Livestreaming", "slug": "webinar-and-video-conference-with-jitsi-meet", "affected_versions": { "* - 2.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f610d7ef-fb7c-4c3b-bde2-d7071331be70?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f611d609-97c5-4b77-9657-c8d9d10e786a": { "id": "f611d609-97c5-4b77-9657-c8d9d10e786a", "title": "IP Metaboxes <= 2.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IP Metaboxes", "slug": "ip-metaboxes", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f611d609-97c5-4b77-9657-c8d9d10e786a?source=api-scan" ], "published": "2023-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f613411e-2b2e-401d-87cd-a002e9c2fc08": { "id": "f613411e-2b2e-401d-87cd-a002e9c2fc08", "title": "WP Popup Builder <= 1.2.9 - Missing Authorization and Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Popup Builder \u2013 Popup Forms and Marketing Lead Generation", "slug": "wp-popup-builder", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f613411e-2b2e-401d-87cd-a002e9c2fc08?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f616df94-7839-49db-baa5-88f8f1de208f": { "id": "f616df94-7839-49db-baa5-88f8f1de208f", "title": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)", "slug": "sina-extension-for-elementor", "affected_versions": { "* - 3.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f616df94-7839-49db-baa5-88f8f1de208f?source=api-scan" ], "published": "2024-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f618911f-fd03-41ec-a0e1-dba4aa7178ab": { "id": "f618911f-fd03-41ec-a0e1-dba4aa7178ab", "title": "Post Views <= 2.6.1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "post-views", "slug": "post-views", "affected_versions": { "* - 2.6.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f618911f-fd03-41ec-a0e1-dba4aa7178ab?source=api-scan" ], "published": "2012-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f618a350-e089-40f7-b731-7ffb9ece30b3": { "id": "f618a350-e089-40f7-b731-7ffb9ece30b3", "title": "Contact Form With Captcha <= 1.6.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form With Captcha", "slug": "contact-form-with-captcha", "affected_versions": { "* - 1.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f618a350-e089-40f7-b731-7ffb9ece30b3?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f61bda49-1eb0-49a3-8af1-8cadf088464f": { "id": "f61bda49-1eb0-49a3-8af1-8cadf088464f", "title": "WP Mailster < 1.5.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Mailster", "slug": "wp-mailster", "affected_versions": { "[*, 1.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f61bda49-1eb0-49a3-8af1-8cadf088464f?source=api-scan" ], "published": "2017-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f62063c8-7559-492a-9caf-fae256052d1a": { "id": "f62063c8-7559-492a-9caf-fae256052d1a", "title": "10Web Booster \u2013 Website speed optimization, Cache & Page Speed optimizer <= 2.8.34 - Missing Authorization to Plugin Deactivation", "software": [ { "type": "plugin", "name": "10Web Booster \u2013 Website speed optimization, Cache & Page Speed optimizer", "slug": "tenweb-speed-optimizer", "affected_versions": { "* - 2.8.34": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f62063c8-7559-492a-9caf-fae256052d1a?source=api-scan" ], "published": "2022-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f625b10b-f104-49a8-9dbb-f880f5df8693": { "id": "f625b10b-f104-49a8-9dbb-f880f5df8693", "title": "WHOIS <= 1.4.2.2 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "WHOIS", "slug": "wordpress-whois-search", "affected_versions": { "* - 1.4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f625b10b-f104-49a8-9dbb-f880f5df8693?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f62713c9-bf87-44be-9b7e-c088989bad77": { "id": "f62713c9-bf87-44be-9b7e-c088989bad77", "title": "Themify Builder <= 5.3.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify Builder", "slug": "themify-builder", "affected_versions": { "* - 5.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f62713c9-bf87-44be-9b7e-c088989bad77?source=api-scan" ], "published": "2021-10-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f629fc93-84ce-4c33-b1c0-3a3194aac477": { "id": "f629fc93-84ce-4c33-b1c0-3a3194aac477", "title": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", "slug": "unlimited-elements-for-elementor", "affected_versions": { "* - 1.5.102": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.102", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.103" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f629fc93-84ce-4c33-b1c0-3a3194aac477?source=api-scan" ], "published": "2024-05-09 18:51:51", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f62a486a-137b-48e5-b276-44438958e811": { "id": "f62a486a-137b-48e5-b276-44438958e811", "title": "FULL \u2013 Cliente <= 3.1.22 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FULL \u2013 Cliente", "slug": "full-customer", "affected_versions": { "* - 3.1.22": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f62a486a-137b-48e5-b276-44438958e811?source=api-scan" ], "published": "2024-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f62a9ca0-7077-410f-b005-175348acd133": { "id": "f62a9ca0-7077-410f-b005-175348acd133", "title": "SEO SIMPLE PACK <= 3.2.1 - Information Exposure", "software": [ { "type": "plugin", "name": "SEO SIMPLE PACK", "slug": "seo-simple-pack", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f62a9ca0-7077-410f-b005-175348acd133?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f62d28bd-fa33-4f0b-a116-5aacc05bfa3a": { "id": "f62d28bd-fa33-4f0b-a116-5aacc05bfa3a", "title": "Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "Appointment Hour Booking \u2013 WordPress Booking Plugin", "slug": "appointment-hour-booking", "affected_versions": { "* - 1.3.72": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.72", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.73" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f62d28bd-fa33-4f0b-a116-5aacc05bfa3a?source=api-scan" ], "published": "2022-11-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6374cda-5aa2-4a2c-8d20-5641cfc33529": { "id": "f6374cda-5aa2-4a2c-8d20-5641cfc33529", "title": "WSM Downloader <- 1.4.0 - Domain Bypass", "software": [ { "type": "plugin", "name": "WSM Downloader", "slug": "wsm-downloader", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6374cda-5aa2-4a2c-8d20-5641cfc33529?source=api-scan" ], "published": "2022-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f63bf296-b34c-4f89-90eb-bba2a0461d57": { "id": "f63bf296-b34c-4f89-90eb-bba2a0461d57", "title": "Related Posts for WordPress <= 2.0.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Related Posts for WordPress", "slug": "related-posts-for-wp", "affected_versions": { "* - 2.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f63bf296-b34c-4f89-90eb-bba2a0461d57?source=api-scan" ], "published": "2021-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f63d494c-1d1e-4faa-930a-3fcf2b136182": { "id": "f63d494c-1d1e-4faa-930a-3fcf2b136182", "title": "WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Insecure Direct Object Reference to Booking Manipulation", "software": [ { "type": "plugin", "name": "WP FEvents Book", "slug": "wp-fevents-book", "affected_versions": { "* - 0.46": { "from_version": "*", "from_inclusive": true, "to_version": "0.46", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.47" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f63d494c-1d1e-4faa-930a-3fcf2b136182?source=api-scan" ], "published": "2023-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6409626-c8cb-412c-aff3-cbb2da212e5d": { "id": "f6409626-c8cb-412c-aff3-cbb2da212e5d", "title": "MailMunch \u2013 Grow your Email List <= 3.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "MailMunch \u2013 Grow your Email List", "slug": "mailmunch", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6409626-c8cb-412c-aff3-cbb2da212e5d?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f64336f7-ab2a-4e22-a76f-d077c51f9c57": { "id": "f64336f7-ab2a-4e22-a76f-d077c51f9c57", "title": "Advanced Ads \u2013 Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Advanced Ads \u2013\u00a0Ad Manager & AdSense", "slug": "advanced-ads", "affected_versions": { "* - 1.52.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.52.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.52.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f64336f7-ab2a-4e22-a76f-d077c51f9c57?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6433a17-0017-46a9-a8e6-4d4a4a55f2db": { "id": "f6433a17-0017-46a9-a8e6-4d4a4a55f2db", "title": "WP Search Analytics <= 1.4.7 - Reflected Cross-Site Scripting via 'render_stats_page'", "software": [ { "type": "plugin", "name": "Search Analytics for WP", "slug": "search-analytics", "affected_versions": { "* - 1.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6433a17-0017-46a9-a8e6-4d4a4a55f2db?source=api-scan" ], "published": "2023-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6461a8f-297e-49ad-aa9b-9379f0984423": { "id": "f6461a8f-297e-49ad-aa9b-9379f0984423", "title": "WP-CopyProtect [Protect your blog posts] <= 3.1.0 - Cross-Site Request Forgery via CopyProtect_options_page", "software": [ { "type": "plugin", "name": "WP-CopyProtect [Protect your blog posts]", "slug": "wp-copyprotect", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6461a8f-297e-49ad-aa9b-9379f0984423?source=api-scan" ], "published": "2023-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f655704d-70a1-40d8-ae36-39029185d262": { "id": "f655704d-70a1-40d8-ae36-39029185d262", "title": "RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "* - 10.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f655704d-70a1-40d8-ae36-39029185d262?source=api-scan" ], "published": "2023-09-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f65834c6-6da7-4033-aa2a-a4926d6c955d": { "id": "f65834c6-6da7-4033-aa2a-a4926d6c955d", "title": "Neighborly <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Neighborly", "slug": "neighborly", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f65834c6-6da7-4033-aa2a-a4926d6c955d?source=api-scan" ], "published": "2024-09-12 21:29:52", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f65cb1f6-e72e-4848-b72c-99b83e5401e8": { "id": "f65cb1f6-e72e-4848-b72c-99b83e5401e8", "title": "Cookie Law Bar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Cookie Law Bar", "slug": "cookie-law-bar", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f65cb1f6-e72e-4848-b72c-99b83e5401e8?source=api-scan" ], "published": "2021-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f65fdde9-1133-4e29-a70a-be977f96acce": { "id": "f65fdde9-1133-4e29-a70a-be977f96acce", "title": "Booking Ultra Pro <= 1.1.12 - Authenticated (Contributor+) Privilege Escalation", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f65fdde9-1133-4e29-a70a-be977f96acce?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f661f19d-fdd4-4cd3-8fb3-8b6073d94596": { "id": "f661f19d-fdd4-4cd3-8fb3-8b6073d94596", "title": "Backup Migration <= 1.3.5 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f661f19d-fdd4-4cd3-8fb3-8b6073d94596?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6658edb-11dc-4594-8936-95d60d581f49": { "id": "f6658edb-11dc-4594-8936-95d60d581f49", "title": "OAuth Single Sign On \u2013 SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page", "software": [ { "type": "plugin", "name": "OAuth Single Sign On \u2013 SSO (OAuth Client)", "slug": "miniorange-login-with-eve-online-google-facebook", "affected_versions": { "* - 6.24.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.24.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.24.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6658edb-11dc-4594-8936-95d60d581f49?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f668c3cd-bf64-4e95-8d75-70e4f12cabce": { "id": "f668c3cd-bf64-4e95-8d75-70e4f12cabce", "title": "Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress", "slug": "enhanced-e-commerce-for-woocommerce-store", "affected_versions": { "* - 7.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f668c3cd-bf64-4e95-8d75-70e4f12cabce?source=api-scan" ], "published": "2024-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f670b93e-da2e-43e7-a28a-6cacba4df3a1": { "id": "f670b93e-da2e-43e7-a28a-6cacba4df3a1", "title": "Simple Author Box <= 2.50 - Cross-Site Request Forgery via save_user_profile", "software": [ { "type": "plugin", "name": "Simple Author Box", "slug": "simple-author-box", "affected_versions": { "* - 2.50": { "from_version": "*", "from_inclusive": true, "to_version": "2.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f670b93e-da2e-43e7-a28a-6cacba4df3a1?source=api-scan" ], "published": "2023-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6710f53-34fe-4549-9e1a-7826be74c912": { "id": "f6710f53-34fe-4549-9e1a-7826be74c912", "title": "Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting via job-search", "software": [ { "type": "plugin", "name": "Jobs for WordPress", "slug": "job-postings", "affected_versions": { "* - 2.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6710f53-34fe-4549-9e1a-7826be74c912?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f674d3bf-9927-48d9-85c7-34946e8a2eeb": { "id": "f674d3bf-9927-48d9-85c7-34946e8a2eeb", "title": "Sheet to Table Live Sync for Google Sheet <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via STWT_Sheet_Table Shortcode", "software": [ { "type": "plugin", "name": "Sheet to Table Live Sync for Google Sheet", "slug": "sheet-to-wp-table-for-google-sheet", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f674d3bf-9927-48d9-85c7-34946e8a2eeb?source=api-scan" ], "published": "2024-08-13 21:05:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6754c9a-81e1-4b39-a125-5293ee4ff758": { "id": "f6754c9a-81e1-4b39-a125-5293ee4ff758", "title": "YOP Poll <= 6.1.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "[*, 6.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6754c9a-81e1-4b39-a125-5293ee4ff758?source=api-scan" ], "published": "2020-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f67684cd-3e0f-48bb-967a-16ea2b027843": { "id": "f67684cd-3e0f-48bb-967a-16ea2b027843", "title": "Restrict User Access \u2013 Ultimate Membership & Content Protection <= 2.5 - Information Exposure", "software": [ { "type": "plugin", "name": "Restrict User Access \u2013 Ultimate Membership & Content Protection", "slug": "restrict-user-access", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f67684cd-3e0f-48bb-967a-16ea2b027843?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f67b5cd8-bae8-48ca-87d5-7445724791f6": { "id": "f67b5cd8-bae8-48ca-87d5-7445724791f6", "title": "Simple Ajax Chat <= 20240216 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box", "slug": "simple-ajax-chat", "affected_versions": { "* - 20240216": { "from_version": "*", "from_inclusive": true, "to_version": "20240216", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20240223" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f67b5cd8-bae8-48ca-87d5-7445724791f6?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f67ce101-3b4f-45be-9aed-d9055cc09fd3": { "id": "f67ce101-3b4f-45be-9aed-d9055cc09fd3", "title": "Better Messages <= 1.9.9.148 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", "slug": "bp-better-messages", "affected_versions": { "* - 1.9.9.148": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.9.148", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.9.149" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f67ce101-3b4f-45be-9aed-d9055cc09fd3?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6816cb4-0fad-417a-a980-d35a734bce13": { "id": "f6816cb4-0fad-417a-a980-d35a734bce13", "title": "GS Portfolio for Envato <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "GS Portfolio for Envato", "slug": "gs-envato-portfolio", "affected_versions": { "* - 1.3.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6816cb4-0fad-417a-a980-d35a734bce13?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f682b623-f9c5-44ce-90db-c6ee4c27a93b": { "id": "f682b623-f9c5-44ce-90db-c6ee4c27a93b", "title": "Customer Reviews < 3.0.9 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Customer Reviews", "slug": "wp-customer-reviews", "affected_versions": { "[*, 3.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f682b623-f9c5-44ce-90db-c6ee4c27a93b?source=api-scan" ], "published": "2016-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f68a386b-544f-4aa2-8ae5-4d57ddd07b63": { "id": "f68a386b-544f-4aa2-8ae5-4d57ddd07b63", "title": "Hitsteps Web Analytics <= 5.86 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Hitsteps Web Analytics", "slug": "hitsteps-visitor-manager", "affected_versions": { "* - 5.86": { "from_version": "*", "from_inclusive": true, "to_version": "5.86", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.87" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f68a386b-544f-4aa2-8ae5-4d57ddd07b63?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f68ac2b8-33dc-4cc2-b0f3-8777450e39f9": { "id": "f68ac2b8-33dc-4cc2-b0f3-8777450e39f9", "title": "Pro Mime Types - Manage file media types <= 1.0.7 - Cross-Site Request Forgery via pmt_settings_section_callback_tab_1", "software": [ { "type": "plugin", "name": "Pro Mime Types \u2013 Manage file media types", "slug": "pro-mime-types", "affected_versions": { "[*, 2.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f68ac2b8-33dc-4cc2-b0f3-8777450e39f9?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f68bc7e9-3bfe-4b2f-82a1-92bbde1a133a": { "id": "f68bc7e9-3bfe-4b2f-82a1-92bbde1a133a", "title": "wpDiscuz <= 7.6.12 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.12": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f68bc7e9-3bfe-4b2f-82a1-92bbde1a133a?source=api-scan" ], "published": "2023-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f690e67c-119f-4ea6-9505-101e7f7a3dea": { "id": "f690e67c-119f-4ea6-9505-101e7f7a3dea", "title": "Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f690e67c-119f-4ea6-9505-101e7f7a3dea?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6a0d6df-60a6-42e3-9e9b-6171bb589f4e": { "id": "f6a0d6df-60a6-42e3-9e9b-6171bb589f4e", "title": "CM Download Manager < 2.9.0 - Cross-Site Request Forgery via unpublishHeader", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "[*, 2.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6a0d6df-60a6-42e3-9e9b-6171bb589f4e?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6aead8d-c136-4952-ad03-86fe0f144dea": { "id": "f6aead8d-c136-4952-ad03-86fe0f144dea", "title": "InstaWP Connect \u2013 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "InstaWP Connect \u2013 1-click WP Staging & Migration", "slug": "instawp-connect", "affected_versions": { "* - 0.1.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.1.0.23" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6aead8d-c136-4952-ad03-86fe0f144dea?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6af1e90-9bad-470b-9e00-137000c0450c": { "id": "f6af1e90-9bad-470b-9e00-137000c0450c", "title": "Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider Revolution", "slug": "revslider", "affected_versions": { "* - 6.6.20": { "from_version": "*", "from_inclusive": true, "to_version": "6.6.20", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6af1e90-9bad-470b-9e00-137000c0450c?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6b9e63f-0492-4d51-a8ae-0874ef57e852": { "id": "f6b9e63f-0492-4d51-a8ae-0874ef57e852", "title": "WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Tooltips", "slug": "wordpress-tooltips", "affected_versions": { "* - 8.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6b9e63f-0492-4d51-a8ae-0874ef57e852?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6ba2907-36f4-4c4d-9e25-d13d32e28690": { "id": "f6ba2907-36f4-4c4d-9e25-d13d32e28690", "title": "Custom Post Type Attachment <= 3.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pdf_attachment Shortcode", "software": [ { "type": "plugin", "name": "Custom Post Type Attachment", "slug": "custom-post-type-pdf-attachment", "affected_versions": { "* - 3.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6ba2907-36f4-4c4d-9e25-d13d32e28690?source=api-scan" ], "published": "2024-05-15 18:50:55", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6c14c65-a47c-4dc1-9d5a-f804061152e4": { "id": "f6c14c65-a47c-4dc1-9d5a-f804061152e4", "title": "ShortCodes UI <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "ShortCodes UI", "slug": "shortcodes-ui", "affected_versions": { "* - 1.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6c14c65-a47c-4dc1-9d5a-f804061152e4?source=api-scan" ], "published": "2023-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6c5e3f8-ebbd-4cc3-b9b1-3f1704e3c07a": { "id": "f6c5e3f8-ebbd-4cc3-b9b1-3f1704e3c07a", "title": "Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure", "software": [ { "type": "plugin", "name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", "slug": "paid-memberships-pro", "affected_versions": { "* - 2.12.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6c5e3f8-ebbd-4cc3-b9b1-3f1704e3c07a?source=api-scan" ], "published": "2024-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6c71e38-5ac3-46f1-8292-a49c6e44f1d8": { "id": "f6c71e38-5ac3-46f1-8292-a49c6e44f1d8", "title": "OMGF <= 4.5.11 - Authenticated (Admin+) Arbitrary Folder Deletion via Path Traversal", "software": [ { "type": "plugin", "name": "OMGF | GDPR\/DSGVO Compliant, Faster Google Fonts. Easy.", "slug": "host-webfonts-local", "affected_versions": { "* - 4.5.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6c71e38-5ac3-46f1-8292-a49c6e44f1d8?source=api-scan" ], "published": "2021-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6c94024-20fb-4cc1-a093-1b9974e61220": { "id": "f6c94024-20fb-4cc1-a093-1b9974e61220", "title": "Address Autocomplete Using Google Place Api <= 1.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Address Autocomplete Using Google Place Api", "slug": "address-autocomplete-using-google-place-api", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6c94024-20fb-4cc1-a093-1b9974e61220?source=api-scan" ], "published": "2022-11-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6d24786-676b-478a-ad9a-5c3f5ca3e85b": { "id": "f6d24786-676b-478a-ad9a-5c3f5ca3e85b", "title": "Scarlet (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Scarlet", "slug": "scarlet", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6d24786-676b-478a-ad9a-5c3f5ca3e85b?source=api-scan" ], "published": "2013-02-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6d44749-8b1a-4d22-9917-fee134737063": { "id": "f6d44749-8b1a-4d22-9917-fee134737063", "title": "Just Custom Fields <= 3.3.2 - Missing Authorization on AJAX Actions", "software": [ { "type": "plugin", "name": "Just Custom Fields", "slug": "just-custom-fields", "affected_versions": { "* - 3.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6d44749-8b1a-4d22-9917-fee134737063?source=api-scan" ], "published": "2023-10-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6d6b82d-574d-4a56-9aef-42343c4b7c43": { "id": "f6d6b82d-574d-4a56-9aef-42343c4b7c43", "title": "Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.8.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6d6b82d-574d-4a56-9aef-42343c4b7c43?source=api-scan" ], "published": "2024-09-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6db5e9f-9b3b-44c9-a6d9-78df3ed3b1fc": { "id": "f6db5e9f-9b3b-44c9-a6d9-78df3ed3b1fc", "title": "Stop User Enumeration <= 1.3.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Stop User Enumeration", "slug": "stop-user-enumeration", "affected_versions": { "[*, 1.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6db5e9f-9b3b-44c9-a6d9-78df3ed3b1fc?source=api-scan" ], "published": "2017-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6e2ab69-2714-4bf9-a9ad-035fc15450f2": { "id": "f6e2ab69-2714-4bf9-a9ad-035fc15450f2", "title": "Simple Ajax Chat <= 20220115 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box", "slug": "simple-ajax-chat", "affected_versions": { "* - 20220115": { "from_version": "*", "from_inclusive": true, "to_version": "20220115", "to_inclusive": true } }, "patched": true, "patched_versions": [ "20220216" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6e2ab69-2714-4bf9-a9ad-035fc15450f2?source=api-scan" ], "published": "2022-02-16 09:16:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6e47659-90d9-4990-a19d-3954d65417df": { "id": "f6e47659-90d9-4990-a19d-3954d65417df", "title": "Job Manager <= 0.7.25 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Job Manager", "slug": "job-manager", "affected_versions": { "* - 0.7.25": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.25", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6e47659-90d9-4990-a19d-3954d65417df?source=api-scan" ], "published": "2021-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6e4c583-c0d5-4040-86d5-0f1b4dddcb81": { "id": "f6e4c583-c0d5-4040-86d5-0f1b4dddcb81", "title": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.27.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP", "slug": "videowhisper-live-streaming-integration", "affected_versions": { "* - 4.27.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.27.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.29.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6e4c583-c0d5-4040-86d5-0f1b4dddcb81?source=api-scan" ], "published": "2014-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6e6fda8-e998-4087-8a21-9edb2a0249c8": { "id": "f6e6fda8-e998-4087-8a21-9edb2a0249c8", "title": "All-in-One Video Gallery <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Shortcode", "software": [ { "type": "plugin", "name": "All-in-One Video Gallery", "slug": "all-in-one-video-gallery", "affected_versions": { "* - 3.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6e6fda8-e998-4087-8a21-9edb2a0249c8?source=api-scan" ], "published": "2024-07-23 18:08:46", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6e8d21a-8c67-4e35-b18e-e100f31b2863": { "id": "f6e8d21a-8c67-4e35-b18e-e100f31b2863", "title": "Content Control <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Content Control \u2013 The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More", "slug": "content-control", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6e8d21a-8c67-4e35-b18e-e100f31b2863?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6f0fb78-ad6b-4a9e-ae1a-5793f3426379": { "id": "f6f0fb78-ad6b-4a9e-ae1a-5793f3426379", "title": "Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation", "software": [ { "type": "plugin", "name": "The Events Calendar Countdown Addon", "slug": "countdown-for-the-events-calendar", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4" ] }, { "type": "plugin", "name": "The Events Calendar Events Notification Bar Addon", "slug": "events-notification-bar-addon", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] }, { "type": "plugin", "name": "Cool Timeline (Horizontal & Vertical Timeline)", "slug": "cool-timeline", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4" ] }, { "type": "plugin", "name": "Cryptocurrency Payment & Donation Box \u2013 Accept Payments in any Cryptocurrency on your WP Site for Free", "slug": "cryptocurrency-donation-box", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8" ] }, { "type": "plugin", "name": "Events Search For The Events Calendar", "slug": "events-search-addon-for-the-events-calendar", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] }, { "type": "plugin", "name": "Cryptocurrency Widgets For Elementor", "slug": "cryptocurrency-widgets-for-elementor", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] }, { "type": "plugin", "name": "Event Single Page Builder For The Event Calendar", "slug": "event-page-templates-addon-for-the-events-calendar", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] }, { "type": "plugin", "name": "Events Shortcodes For The Events Calendar", "slug": "template-events-calendar", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "plugin", "name": "Cryptocurrency Widgets \u2013 Price Ticker & Coins List", "slug": "cryptocurrency-price-ticker-widget", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] }, { "type": "plugin", "name": "Events Widgets For Elementor And The Events Calendar", "slug": "events-widgets-for-elementor-and-the-events-calendar", "affected_versions": { "* - 1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan" ], "published": "2022-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6f26854-7e25-4e64-9f03-916ece6fde03": { "id": "f6f26854-7e25-4e64-9f03-916ece6fde03", "title": "ZD YouTube FLV Player <= 1.2.6 - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "ZD YouTube FLV Player", "slug": "zd-youtube-flv-player", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6f26854-7e25-4e64-9f03-916ece6fde03?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6f3f82e-6b1b-4138-b8f3-82e8dcd24479": { "id": "f6f3f82e-6b1b-4138-b8f3-82e8dcd24479", "title": "Phlox Portfolio <= 2.3.1 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "Premium Portfolio Features for Phlox theme", "slug": "auxin-portfolio", "affected_versions": { "* - 2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6f3f82e-6b1b-4138-b8f3-82e8dcd24479?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6f91414-5035-4cab-81ad-18558fe43500": { "id": "f6f91414-5035-4cab-81ad-18558fe43500", "title": "Better Search < 2.2.3 - SQL Injection", "software": [ { "type": "plugin", "name": "Better Search \u2013 Relevant search results for WordPress", "slug": "better-search", "affected_versions": { "[*, 2.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6f91414-5035-4cab-81ad-18558fe43500?source=api-scan" ], "published": "2019-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6f91816-a263-4938-bac1-eeb3bb2fc120": { "id": "f6f91816-a263-4938-bac1-eeb3bb2fc120", "title": "Novo-Map : your WP posts on custom google maps <= 1.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Novo-Map : your WP posts on custom google maps", "slug": "novo-map", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6f91816-a263-4938-bac1-eeb3bb2fc120?source=api-scan" ], "published": "2023-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6fce60b-2920-493a-be29-fa78193db875": { "id": "f6fce60b-2920-493a-be29-fa78193db875", "title": "Typing Text <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Typing Text", "slug": "typing-text", "affected_versions": { "* - 1.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6fce60b-2920-493a-be29-fa78193db875?source=api-scan" ], "published": "2024-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f6fe59e8-78cf-47f4-90eb-920f8e4fd204": { "id": "f6fe59e8-78cf-47f4-90eb-920f8e4fd204", "title": "Ultimate Instagram Feed \u2013 WordPress Plugin < 1.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Instagram Feed \u2013 WordPress Plugin", "slug": "ultimate-instagram-feed", "affected_versions": { "[*, 1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f6fe59e8-78cf-47f4-90eb-920f8e4fd204?source=api-scan" ], "published": "2017-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f70221e6-59a4-4151-9688-f06e194f51ac": { "id": "f70221e6-59a4-4151-9688-f06e194f51ac", "title": "Sheets To WP Table Live Sync <= 2.12.15 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration \u2013 FlexTable", "slug": "sheets-to-wp-table-live-sync", "affected_versions": { "* - 2.12.15": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f70221e6-59a4-4151-9688-f06e194f51ac?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f702fef0-8f07-4c94-bbf7-394d66f9ddde": { "id": "f702fef0-8f07-4c94-bbf7-394d66f9ddde", "title": "Team Showcase <= 1.22.23 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team Showcase", "slug": "team", "affected_versions": { "* - 1.22.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.22.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.22.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f702fef0-8f07-4c94-bbf7-394d66f9ddde?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f708e910-7745-4ff5-9f9f-5552dbaf1113": { "id": "f708e910-7745-4ff5-9f9f-5552dbaf1113", "title": "Elementor Contact Form DB <= 1.5 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Contact Form DB \u2013 Elementor", "slug": "sb-elementor-contact-form-db", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f708e910-7745-4ff5-9f9f-5552dbaf1113?source=api-scan" ], "published": "2022-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f709fca2-b7b6-4567-8055-1156f510d1ca": { "id": "f709fca2-b7b6-4567-8055-1156f510d1ca", "title": "Envo Extra <= 1.8.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Envo Extra", "slug": "envo-extra", "affected_versions": { "[*, 1.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f709fca2-b7b6-4567-8055-1156f510d1ca?source=api-scan" ], "published": "2023-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f70a19a1-d5da-4ed2-b77b-633b6841a6d4": { "id": "f70a19a1-d5da-4ed2-b77b-633b6841a6d4", "title": "Change From Email <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Change From Email", "slug": "wp-from-email", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f70a19a1-d5da-4ed2-b77b-633b6841a6d4?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f70a2a58-d9b8-456d-ae4f-9c60b3d6b8a5": { "id": "f70a2a58-d9b8-456d-ae4f-9c60b3d6b8a5", "title": "Multiple Plugins from Viszt Peter - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Integration for Billingo & Gravity Forms", "slug": "integration-for-billingo-gravity-forms", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] }, { "type": "plugin", "name": "Woo Billingo Plus", "slug": "woo-billingo-plus", "affected_versions": { "* - 4.4.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.5.4" ] }, { "type": "plugin", "name": "Integration for Szamlazz.hu & Gravity Forms", "slug": "integration-for-szamlazz-hu-gravity-forms", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f70a2a58-d9b8-456d-ae4f-9c60b3d6b8a5?source=api-scan" ], "published": "2022-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f70a3776-947f-4322-9e78-100475ed3d7c": { "id": "f70a3776-947f-4322-9e78-100475ed3d7c", "title": "JobSearch <= 2.5.3 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.5.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f70a3776-947f-4322-9e78-100475ed3d7c?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f70b66ad-55fb-45f8-944a-2c8712071113": { "id": "f70b66ad-55fb-45f8-944a-2c8712071113", "title": "Ultimate Addons for Beaver Builder \u2013 Lite <= 1.24.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Addons for Beaver Builder \u2013 Lite", "slug": "ultimate-addons-for-beaver-builder", "affected_versions": { "* - 1.24.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.24.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f70b66ad-55fb-45f8-944a-2c8712071113?source=api-scan" ], "published": "2020-01-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f70ba568-b013-4177-928a-eefb606333ee": { "id": "f70ba568-b013-4177-928a-eefb606333ee", "title": "Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode", "software": [ { "type": "theme", "name": "Tweaker5", "slug": "tweaker5", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f70ba568-b013-4177-928a-eefb606333ee?source=api-scan" ], "published": "2024-09-12 21:30:43", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f70d0bea-3ac2-4235-92a2-09458b85bddd": { "id": "f70d0bea-3ac2-4235-92a2-09458b85bddd", "title": "Quiz Maker <= 6.4.2.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz Maker", "slug": "quiz-maker", "affected_versions": { "* - 6.4.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f70d0bea-3ac2-4235-92a2-09458b85bddd?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f70ec123-fff3-4f03-a424-37e0e579b765": { "id": "f70ec123-fff3-4f03-a424-37e0e579b765", "title": "WP Customer Reviews <= 3.0.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Customer Reviews", "slug": "wp-customer-reviews", "affected_versions": { "[*, 3.0.9)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f70ec123-fff3-4f03-a424-37e0e579b765?source=api-scan" ], "published": "2014-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f713f2f8-545a-4f54-a028-8422c0942a63": { "id": "f713f2f8-545a-4f54-a028-8422c0942a63", "title": "Wholesale Suite <= 2.1.5 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More", "slug": "woocommerce-wholesale-prices", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f713f2f8-545a-4f54-a028-8422c0942a63?source=api-scan" ], "published": "2023-02-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f71453d9-8bbf-4546-b69f-e86cc41da9bd": { "id": "f71453d9-8bbf-4546-b69f-e86cc41da9bd", "title": "Smart App Banner <= 1.1.2 - Cross-Site Request Forgery via wsl_smart_app_banner_options", "software": [ { "type": "plugin", "name": "Smart App Banner", "slug": "smart-app-banner", "affected_versions": { "[*, 1.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f71453d9-8bbf-4546-b69f-e86cc41da9bd?source=api-scan" ], "published": "2023-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f71ab7bb-886a-4661-92b5-d9ac52901494": { "id": "f71ab7bb-886a-4661-92b5-d9ac52901494", "title": "Download Monitor <= 1.6.3 - Directory Listing to Information Disclosure", "software": [ { "type": "plugin", "name": "Download Monitor", "slug": "download-monitor", "affected_versions": { "* - 1.6.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f71ab7bb-886a-4661-92b5-d9ac52901494?source=api-scan" ], "published": "2015-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f71e60b9-68e9-408a-8047-7f74b7fb72b2": { "id": "f71e60b9-68e9-408a-8047-7f74b7fb72b2", "title": "Comments Like Dislike <= 1.1.2 - Add Like\/Dislike Bypass", "software": [ { "type": "plugin", "name": "Comments Like Dislike", "slug": "comments-like-dislike", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f71e60b9-68e9-408a-8047-7f74b7fb72b2?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f71f2096-e4c9-406a-a4e5-0006b380fbaa": { "id": "f71f2096-e4c9-406a-a4e5-0006b380fbaa", "title": "VaultPress <=1.9 - Remote Code Execution", "software": [ { "type": "plugin", "name": "Jetpack VaultPress", "slug": "vaultpress", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f71f2096-e4c9-406a-a4e5-0006b380fbaa?source=api-scan" ], "published": "2017-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7222c7e-939a-4666-9d01-f715d2827954": { "id": "f7222c7e-939a-4666-9d01-f715d2827954", "title": "Premium Addons for Elementor <= 4.10.16 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.16": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7222c7e-939a-4666-9d01-f715d2827954?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f728cc5e-7330-4dda-b5f7-55c33def6f02": { "id": "f728cc5e-7330-4dda-b5f7-55c33def6f02", "title": "Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Interactive Polish Map", "slug": "interactive-polish-map", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f728cc5e-7330-4dda-b5f7-55c33def6f02?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f72ba0e2-a9c4-43b0-a01f-185554090162": { "id": "f72ba0e2-a9c4-43b0-a01f-185554090162", "title": "WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update", "software": [ { "type": "plugin", "name": "WooCommerce CVR Payment Gateway", "slug": "woocommerce-cvr-payment-gateway", "affected_versions": { "[*, 6.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f72ba0e2-a9c4-43b0-a01f-185554090162?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f72de600-b9d8-4d91-9c80-f2df2a2ef435": { "id": "f72de600-b9d8-4d91-9c80-f2df2a2ef435", "title": "onepagewebsite (Unknown Versions) - Full Path Disclosure", "software": [ { "type": "theme", "name": "onepagewebsite", "slug": "onepagewebsite", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f72de600-b9d8-4d91-9c80-f2df2a2ef435?source=api-scan" ], "published": "2012-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7350dc3-82a0-4f61-9ff8-4b622108fa06": { "id": "f7350dc3-82a0-4f61-9ff8-4b622108fa06", "title": "Qwiz Online Quizzes and Flashcards < 3.37 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Qwizcards | online quizzes and flashcards", "slug": "qwiz-online-quizzes-and-flashcards", "affected_versions": { "[*, 3.37)": { "from_version": "*", "from_inclusive": true, "to_version": "3.37", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7350dc3-82a0-4f61-9ff8-4b622108fa06?source=api-scan" ], "published": "2019-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f738ecf3-5f10-43ab-b8ce-34ac41229e9b": { "id": "f738ecf3-5f10-43ab-b8ce-34ac41229e9b", "title": "Auto Affiliate Links <= 6.3 - Cross-Site Request Forgery via aalDeleteLink function", "software": [ { "type": "plugin", "name": "Auto Affiliate Links", "slug": "wp-auto-affiliate-links", "affected_versions": { "* - 6.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f738ecf3-5f10-43ab-b8ce-34ac41229e9b?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f743d15a-a283-4138-9a12-7cf4dd235431": { "id": "f743d15a-a283-4138-9a12-7cf4dd235431", "title": "Videopack (formerly Video Embed & Thumbnail Generator) <= 1.1 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "Videopack", "slug": "video-embed-thumbnail-generator", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f743d15a-a283-4138-9a12-7cf4dd235431?source=api-scan" ], "published": "2012-02-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f745652d-12d6-46cd-8599-0a42696cb45a": { "id": "f745652d-12d6-46cd-8599-0a42696cb45a", "title": "ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities < 2.8.6 - Remote Code Execution", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "[*, 2.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f745652d-12d6-46cd-8599-0a42696cb45a?source=api-scan" ], "published": "2018-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f75093a5-e0cc-4d3b-bdef-a65561127b3d": { "id": "f75093a5-e0cc-4d3b-bdef-a65561127b3d", "title": "WP Recipe Maker <= 8.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Recipe Maker", "slug": "wp-recipe-maker", "affected_versions": { "* - 8.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f75093a5-e0cc-4d3b-bdef-a65561127b3d?source=api-scan" ], "published": "2022-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f753b536-6ccd-4f79-83da-48cabb15b72a": { "id": "f753b536-6ccd-4f79-83da-48cabb15b72a", "title": "Twitter Cards Meta <= 2.4.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Twitter Cards Meta \u2013 Best Twitter Card Plugin for WordPress", "slug": "twitter-cards-meta", "affected_versions": { "* - 2.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f753b536-6ccd-4f79-83da-48cabb15b72a?source=api-scan" ], "published": "2017-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7580145-03da-4aff-b804-39125e7daad1": { "id": "f7580145-03da-4aff-b804-39125e7daad1", "title": "Enter Addons \u2013 Ultimate Template Builder for Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card Widget", "software": [ { "type": "plugin", "name": "Enter Addons \u2013 Ultimate Template Builder for Elementor", "slug": "enteraddons", "affected_versions": { "* - 2.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7580145-03da-4aff-b804-39125e7daad1?source=api-scan" ], "published": "2024-09-06 01:19:29", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f75936d7-12bc-47cc-b901-17fd42c05d66": { "id": "f75936d7-12bc-47cc-b901-17fd42c05d66", "title": "Login rebuilder < 1.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Login rebuilder", "slug": "login-rebuilder", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f75936d7-12bc-47cc-b901-17fd42c05d66?source=api-scan" ], "published": "2014-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f75966a5-e593-4c86-842d-c136ae847eb0": { "id": "f75966a5-e593-4c86-842d-c136ae847eb0", "title": "Post Timeline <= 2.2.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Timeline", "slug": "post-timeline", "affected_versions": { "* - 2.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f75966a5-e593-4c86-842d-c136ae847eb0?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f75f83bf-3c86-44e9-b535-cd721061ee93": { "id": "f75f83bf-3c86-44e9-b535-cd721061ee93", "title": "DirectoryPress <= 3.6.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "DirectoryPress \u2013 Business Directory And Classified Ad Listing", "slug": "directorypress", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f75f83bf-3c86-44e9-b535-cd721061ee93?source=api-scan" ], "published": "2023-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f76411f1-98ea-4d75-9ddd-e41a5d08c698": { "id": "f76411f1-98ea-4d75-9ddd-e41a5d08c698", "title": "SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SRS Simple Hits Counter", "slug": "srs-simple-hits-counter", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f76411f1-98ea-4d75-9ddd-e41a5d08c698?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f765e21e-938a-4110-8fdf-12315e2a79cc": { "id": "f765e21e-938a-4110-8fdf-12315e2a79cc", "title": "Futurio Extra <= 1.8.2 - Cross-Site Request Forgery via 'futurio_extra_reset_mod'", "software": [ { "type": "plugin", "name": "Futurio Extra", "slug": "futurio-extra", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f765e21e-938a-4110-8fdf-12315e2a79cc?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f767d94b-fe92-4b69-9d81-96de51e12983": { "id": "f767d94b-fe92-4b69-9d81-96de51e12983", "title": "Jupiter X Core <= 4.6.6 - Unauthenticated Arbitrary File Download", "software": [ { "type": "plugin", "name": "Jupiter X Core", "slug": "jupiterx-core", "affected_versions": { "* - 4.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f767d94b-fe92-4b69-9d81-96de51e12983?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7686b11-97a8-4f09-bbfa-d77120cc35b7": { "id": "f7686b11-97a8-4f09-bbfa-d77120cc35b7", "title": "Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Go Pricing - WordPress Responsive Pricing Tables", "slug": "go_pricing", "affected_versions": { "* - 3.3.19": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7686b11-97a8-4f09-bbfa-d77120cc35b7?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f771cf62-3aa9-472e-beb5-011a4f28e335": { "id": "f771cf62-3aa9-472e-beb5-011a4f28e335", "title": "Social Media Share Buttons & Social Sharing Icons <= 1.2.1 - Unspecified Vulnerabilities", "software": [ { "type": "plugin", "name": "Social Media Share Buttons & Social Sharing Icons", "slug": "ultimate-social-media-icons", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f771cf62-3aa9-472e-beb5-011a4f28e335?source=api-scan" ], "published": "2015-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f773ef2f-c33d-414e-9c2f-df22b9d00234": { "id": "f773ef2f-c33d-414e-9c2f-df22b9d00234", "title": "Event Calendar <= 1.1.50 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Event Calendar WD version", "slug": "event-calendar-wd", "affected_versions": { "* - 1.1.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f773ef2f-c33d-414e-9c2f-df22b9d00234?source=api-scan" ], "published": "2021-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7750f70-e79c-45fb-b792-ba6a4da59964": { "id": "f7750f70-e79c-45fb-b792-ba6a4da59964", "title": "Easy Ad Manager <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Ad Manager", "slug": "easy-ad-manager", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7750f70-e79c-45fb-b792-ba6a4da59964?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7773b98-537f-4f4e-98d6-db61d2bffe8c": { "id": "f7773b98-537f-4f4e-98d6-db61d2bffe8c", "title": "Essential Addons for Elementor PRO \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel Widget", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor Pro", "slug": "essential-addons-elementor", "affected_versions": { "* - 5.8.14": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7773b98-537f-4f4e-98d6-db61d2bffe8c?source=api-scan" ], "published": "2024-05-28 19:01:16", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f77cc1ed-d30e-4651-af23-29d34d76dc92": { "id": "f77cc1ed-d30e-4651-af23-29d34d76dc92", "title": "Occasions <= 1.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Occasions", "slug": "occasions", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f77cc1ed-d30e-4651-af23-29d34d76dc92?source=api-scan" ], "published": "2013-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f77e2d1e-7925-4343-9c22-5b77ea0d439b": { "id": "f77e2d1e-7925-4343-9c22-5b77ea0d439b", "title": "Multiple Page Generator Plugin \u2013 MPG <= 3.4.7 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f77e2d1e-7925-4343-9c22-5b77ea0d439b?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7857dad-a843-4e5e-9994-41d025b8a5ac": { "id": "f7857dad-a843-4e5e-9994-41d025b8a5ac", "title": "Encyclopedia \/ Glossary \/ Wiki <= 1.7.60 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Encyclopedia \/ Glossary \/ Wiki", "slug": "encyclopedia-lexicon-glossary-wiki-dictionary", "affected_versions": { "* - 1.7.60": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.60", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.61" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7857dad-a843-4e5e-9994-41d025b8a5ac?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f785edc7-b5c1-4c39-bc66-d9d1404a2048": { "id": "f785edc7-b5c1-4c39-bc66-d9d1404a2048", "title": "WP eStore <= 8.5.5 - Cross-Site Request Forgery to Settings Reset", "software": [ { "type": "plugin", "name": "WP eStore", "slug": "wp-cart-for-digital-products", "affected_versions": { "* - 8.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f785edc7-b5c1-4c39-bc66-d9d1404a2048?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f787cad3-cf99-413a-952f-082fae973bef": { "id": "f787cad3-cf99-413a-952f-082fae973bef", "title": "Autoptimize <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Settings", "software": [ { "type": "plugin", "name": "Autoptimize", "slug": "autoptimize", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f787cad3-cf99-413a-952f-082fae973bef?source=api-scan" ], "published": "2022-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f787e299-21f8-4662-935a-ff1e25c7d275": { "id": "f787e299-21f8-4662-935a-ff1e25c7d275", "title": "Gmedia Photo Gallery < 0.9.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gmedia Photo Gallery", "slug": "grand-media", "affected_versions": { "* - 0.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f787e299-21f8-4662-935a-ff1e25c7d275?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f78cc71a-db22-4f5f-9231-52c66561df02": { "id": "f78cc71a-db22-4f5f-9231-52c66561df02", "title": "BuddyPress Global Search <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "BuddyPress Global Search", "slug": "buddypress-global-search", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f78cc71a-db22-4f5f-9231-52c66561df02?source=api-scan" ], "published": "2023-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f78e6faf-ff1d-4944-aa54-7843cc8614f4": { "id": "f78e6faf-ff1d-4944-aa54-7843cc8614f4", "title": "Spiffy Calendar < 3.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Spiffy Calendar", "slug": "spiffy-calendar", "affected_versions": { "[*, 3.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f78e6faf-ff1d-4944-aa54-7843cc8614f4?source=api-scan" ], "published": "2017-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f790114b-d000-4dd3-828d-3d00ee9ab52b": { "id": "f790114b-d000-4dd3-828d-3d00ee9ab52b", "title": "Adicon Server <= 1.2 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Adicon Server", "slug": "adicons", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f790114b-d000-4dd3-828d-3d00ee9ab52b?source=api-scan" ], "published": "2024-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7926afb-b441-49bf-9af2-5bfc434319e3": { "id": "f7926afb-b441-49bf-9af2-5bfc434319e3", "title": "WDSocialWidgets < 1.0.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WDSocialWidgets", "slug": "spider-facebook", "affected_versions": { "[*, 1.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7926afb-b441-49bf-9af2-5bfc434319e3?source=api-scan" ], "published": "2015-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f793b950-3066-45b8-bcf8-a4b4e39d4208": { "id": "f793b950-3066-45b8-bcf8-a4b4e39d4208", "title": "Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.13 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers", "slug": "rafflepress", "affected_versions": { "* - 1.12.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f793b950-3066-45b8-bcf8-a4b4e39d4208?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f795a46c-ba0c-45d5-9ff7-638752f1681b": { "id": "f795a46c-ba0c-45d5-9ff7-638752f1681b", "title": "User Meta Manager < 3.4.7 - Authenticated Blind SQL Injection", "software": [ { "type": "plugin", "name": "User Meta Manager", "slug": "user-meta-manager", "affected_versions": { "[*, 3.4.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f795a46c-ba0c-45d5-9ff7-638752f1681b?source=api-scan" ], "published": "2015-02-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f796b282-0012-4d86-914d-72c7707dce42": { "id": "f796b282-0012-4d86-914d-72c7707dce42", "title": "bbPress Members Only <= 1.2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "bbPress Members Only", "slug": "bbp-members-only", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f796b282-0012-4d86-914d-72c7707dce42?source=api-scan" ], "published": "2019-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f79d3938-bf85-4e0d-80a3-2ff365482d36": { "id": "f79d3938-bf85-4e0d-80a3-2ff365482d36", "title": "DH \u2013 Anti AdBlocker <= 36 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "DH \u2013 Anti AdBlocker", "slug": "dh-anti-adblocker", "affected_versions": { "* - 36": { "from_version": "*", "from_inclusive": true, "to_version": "36", "to_inclusive": true } }, "patched": true, "patched_versions": [ "37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f79d3938-bf85-4e0d-80a3-2ff365482d36?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f79f9385-f8d1-44a0-9e53-7576a9453163": { "id": "f79f9385-f8d1-44a0-9e53-7576a9453163", "title": "Customize My Account for WooCommerce <= 1.8.3 - Cross-Site Request Forgery via restore_my_account_tabs", "software": [ { "type": "plugin", "name": "SysBasics Customize My Account for WooCommerce", "slug": "customize-my-account-for-woocommerce", "affected_versions": { "* - 1.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f79f9385-f8d1-44a0-9e53-7576a9453163?source=api-scan" ], "published": "2023-12-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7ad9f8c-9b76-4b3e-987c-ed99beeb2937": { "id": "f7ad9f8c-9b76-4b3e-987c-ed99beeb2937", "title": "WP Email Users <= 1.7.6 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Email Users", "slug": "wp-email-users", "affected_versions": { "* - 1.7.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7ad9f8c-9b76-4b3e-987c-ed99beeb2937?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7adeee0-30ff-4759-b42e-1ac2dea5a8a4": { "id": "f7adeee0-30ff-4759-b42e-1ac2dea5a8a4", "title": "MW WP Form <= 4.4.2 - Directory Traversal via _file_upload", "software": [ { "type": "plugin", "name": "MW WP Form", "slug": "mw-wp-form", "affected_versions": { "[*, 4.4.3)": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7adeee0-30ff-4759-b42e-1ac2dea5a8a4?source=api-scan" ], "published": "2023-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7ae863c-4638-49ab-bb1f-52346884c3aa": { "id": "f7ae863c-4638-49ab-bb1f-52346884c3aa", "title": "YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Reset", "software": [ { "type": "plugin", "name": "YourChannel: Everything you want in a YouTube plugin.", "slug": "yourchannel", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7ae863c-4638-49ab-bb1f-52346884c3aa?source=api-scan" ], "published": "2023-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7afbe2b-72a8-40da-bc94-ff2a1b9569b4": { "id": "f7afbe2b-72a8-40da-bc94-ff2a1b9569b4", "title": "Brands for WooCommerce <= 3.8.2.2 - Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval", "software": [ { "type": "plugin", "name": "Brands for WooCommerce", "slug": "brands-for-woocommerce", "affected_versions": { "[*, 3.8.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7afbe2b-72a8-40da-bc94-ff2a1b9569b4?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7b24a89-816d-4021-b8de-d1ca14ce3cb9": { "id": "f7b24a89-816d-4021-b8de-d1ca14ce3cb9", "title": "WP Multiple Meta Box <= 1.0.0 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Multiple Meta Box", "slug": "multi-meta-box", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7b24a89-816d-4021-b8de-d1ca14ce3cb9?source=api-scan" ], "published": "2016-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7b24b7c-1a15-4b38-b59e-bcad39cc4340": { "id": "f7b24b7c-1a15-4b38-b59e-bcad39cc4340", "title": "PropertyHive <= 2.0.9 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "plugin", "name": "PropertyHive", "slug": "propertyhive", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7b24b7c-1a15-4b38-b59e-bcad39cc4340?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7b6b59a-366f-4fa6-9e54-01372d6cea8c": { "id": "f7b6b59a-366f-4fa6-9e54-01372d6cea8c", "title": "ImmoPress <= 0.0.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ImmoPress", "slug": "immopress", "affected_versions": { "* - 0.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "0.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7b6b59a-366f-4fa6-9e54-01372d6cea8c?source=api-scan" ], "published": "2014-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7be0fe9-3b6a-47e7-8a18-856b0e164f09": { "id": "f7be0fe9-3b6a-47e7-8a18-856b0e164f09", "title": "Business One Page <= 1.2.9 - Missing Authorization to Notice Dismissal", "software": [ { "type": "theme", "name": "Business One Page", "slug": "business-one-page", "affected_versions": { "* - 1.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7be0fe9-3b6a-47e7-8a18-856b0e164f09?source=api-scan" ], "published": "2024-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7be9241-26b6-4dd0-bd26-fdff59da3b76": { "id": "f7be9241-26b6-4dd0-bd26-fdff59da3b76", "title": "KB Support <= 1.5.84 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "KB Support \u2013 WordPress Help Desk and Knowledge Base", "slug": "kb-support", "affected_versions": { "* - 1.5.84": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.84", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.85" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7be9241-26b6-4dd0-bd26-fdff59da3b76?source=api-scan" ], "published": "2023-02-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7cb3540-ffdb-4b4c-a518-4ca8232ab53f": { "id": "f7cb3540-ffdb-4b4c-a518-4ca8232ab53f", "title": "WP Statistics < 9.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "[*, 9.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "9.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "9.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7cb3540-ffdb-4b4c-a518-4ca8232ab53f?source=api-scan" ], "published": "2015-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7d5a077-8836-4c28-8884-5047585a99e5": { "id": "f7d5a077-8836-4c28-8884-5047585a99e5", "title": "Wallet for WooCommerce <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]'", "software": [ { "type": "plugin", "name": "Wallet for WooCommerce", "slug": "woo-wallet", "affected_versions": { "* - 1.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7d5a077-8836-4c28-8884-5047585a99e5?source=api-scan" ], "published": "2024-07-11 19:55:32", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7d66176-73a8-4076-8ae0-1f1fd8260f8e": { "id": "f7d66176-73a8-4076-8ae0-1f1fd8260f8e", "title": "WordPress Core < 4.7.5 - Mishandling Post Meta Values via XML-RPC", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.20": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.20", "to_inclusive": true }, "3.8 - 3.8.20": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.20", "to_inclusive": true }, "3.9 - 3.9.18": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.18", "to_inclusive": true }, "4.0 - 4.0.17": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.17", "to_inclusive": true }, "4.1 - 4.1.17": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.17", "to_inclusive": true }, "4.2 - 4.2.14": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.14", "to_inclusive": true }, "4.3 - 4.3.10": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.10", "to_inclusive": true }, "4.4 - 4.4.9": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.9", "to_inclusive": true }, "4.5 - 4.5.8": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.8", "to_inclusive": true }, "4.6 - 4.6.5": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.5", "to_inclusive": true }, "4.7 - 4.7.4": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.21", "3.8.21", "3.9.19", "4.0.18", "4.1.18", "4.2.15", "4.3.11", "4.4.10", "4.5.9", "4.6.6", "4.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7d66176-73a8-4076-8ae0-1f1fd8260f8e?source=api-scan" ], "published": "2017-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7d80a23-f55d-4ab8-b139-daf5bc436d4f": { "id": "f7d80a23-f55d-4ab8-b139-daf5bc436d4f", "title": "SI CAPTCHA Anti-Spam < 2.7.6 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SI Captcha Anti-spam", "slug": "si-captcha-for-wordpress", "affected_versions": { "[*, 2.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7d80a23-f55d-4ab8-b139-daf5bc436d4f?source=api-scan" ], "published": "2014-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7df2f38-4831-4cd4-b8ff-27c471775cae": { "id": "f7df2f38-4831-4cd4-b8ff-27c471775cae", "title": "weMail <= 1.14.2 - Missing Authorization to Notice Dismissal", "software": [ { "type": "plugin", "name": "weMail \u2013 Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A\/B Testing, and Automation", "slug": "wemail", "affected_versions": { "* - 1.14.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.14.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.14.3" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7df2f38-4831-4cd4-b8ff-27c471775cae?source=api-scan" ], "published": "2024-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7e0c22a-9e36-430b-8729-990369d2ce60": { "id": "f7e0c22a-9e36-430b-8729-990369d2ce60", "title": "Slider by 10Web <= 1.2.56 - Authenticated (Editor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Slider by 10Web \u2013 Responsive Image Slider", "slug": "slider-wd", "affected_versions": { "* - 1.2.56": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.56", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.57" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7e0c22a-9e36-430b-8729-990369d2ce60?source=api-scan" ], "published": "2024-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7ed53bd-08de-4ec9-a8dd-eef72b788359": { "id": "f7ed53bd-08de-4ec9-a8dd-eef72b788359", "title": "Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.15.3 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation", "slug": "optinmonster", "affected_versions": { "* - 2.15.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.16.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7ed53bd-08de-4ec9-a8dd-eef72b788359?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7f08d0a-b3ac-4363-ba6e-91a8e13605ca": { "id": "f7f08d0a-b3ac-4363-ba6e-91a8e13605ca", "title": "Elementor Website Builder <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Elementor Website Builder \u2013 More than Just a Page Builder", "slug": "elementor", "affected_versions": { "* - 3.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7f08d0a-b3ac-4363-ba6e-91a8e13605ca?source=api-scan" ], "published": "2022-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7f77ca2-c69e-4f59-ad7b-a244863de424": { "id": "f7f77ca2-c69e-4f59-ad7b-a244863de424", "title": "WP2LEADS <= 3.2.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP2LEADS | WordPress und KlickTipp einfach verbinden \u2013 WooCommerce und KlickTipp einfach verbinden", "slug": "wp2leads", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7f77ca2-c69e-4f59-ad7b-a244863de424?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7f810f6-b8dd-4065-8113-9842b33202ef": { "id": "f7f810f6-b8dd-4065-8113-9842b33202ef", "title": "Seriously Simple Stats <= 1.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Seriously Simple Stats", "slug": "seriously-simple-stats", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7f810f6-b8dd-4065-8113-9842b33202ef?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7fc91cc-e529-4362-8269-bf7ee0766e1e": { "id": "f7fc91cc-e529-4362-8269-bf7ee0766e1e", "title": "WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection", "software": [ { "type": "plugin", "name": "WPML", "slug": "sitepress-multilingual-cms", "affected_versions": { "* - 4.6.12": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7fc91cc-e529-4362-8269-bf7ee0766e1e?source=api-scan" ], "published": "2024-08-21 08:00:14", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f7ff27af-2b78-4214-9232-042357287ba8": { "id": "f7ff27af-2b78-4214-9232-042357287ba8", "title": "NextGEN Gallery Plugin <= 1.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery", "slug": "nextgen-gallery", "affected_versions": { "* - 1.9.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f7ff27af-2b78-4214-9232-042357287ba8?source=api-scan" ], "published": "2008-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f80238dc-3caa-420b-92ee-27e690e9ead0": { "id": "f80238dc-3caa-420b-92ee-27e690e9ead0", "title": "Pay With Tweet <= 1.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pay With Tweet", "slug": "pay-with-tweet", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f80238dc-3caa-420b-92ee-27e690e9ead0?source=api-scan" ], "published": "2012-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8035ed9-d267-44da-9de4-cf3d6ece7059": { "id": "f8035ed9-d267-44da-9de4-cf3d6ece7059", "title": "WP Database Backup <= 5.1.2 - Unauthenticated Settings Update to Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP", "slug": "wp-database-backup", "affected_versions": { "* - 5.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8035ed9-d267-44da-9de4-cf3d6ece7059?source=api-scan" ], "published": "2019-03-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8068fb3-5a19-4b17-848b-32cebfff2537": { "id": "f8068fb3-5a19-4b17-848b-32cebfff2537", "title": "Betheme <= 26.6.2 - Missing Authorization Checks to Private Page\/Post Data Disclosure", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "26.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8068fb3-5a19-4b17-848b-32cebfff2537?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f807b605-68a8-4340-a275-776eac0936fa": { "id": "f807b605-68a8-4340-a275-776eac0936fa", "title": "JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget", "software": [ { "type": "plugin", "name": "JetWidgets For Elementor", "slug": "jetwidgets-for-elementor", "affected_versions": { "* - 1.0.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f807b605-68a8-4340-a275-776eac0936fa?source=api-scan" ], "published": "2024-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f80a1f13-c1b9-4259-8d96-71a3cbcaf4ca": { "id": "f80a1f13-c1b9-4259-8d96-71a3cbcaf4ca", "title": "WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action", "software": [ { "type": "plugin", "name": "WordPress Contact Forms by Cimatti", "slug": "contact-forms", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f80a1f13-c1b9-4259-8d96-71a3cbcaf4ca?source=api-scan" ], "published": "2023-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f80fa8b3-f345-4b3f-8a16-ee9f19b07a0b": { "id": "f80fa8b3-f345-4b3f-8a16-ee9f19b07a0b", "title": "SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "SchedulePress \u2013 Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher", "slug": "wp-scheduled-posts", "affected_versions": { "* - 5.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f80fa8b3-f345-4b3f-8a16-ee9f19b07a0b?source=api-scan" ], "published": "2024-07-15 16:16:47", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f80fcadd-d6b7-4d35-bced-ada3514e60fa": { "id": "f80fcadd-d6b7-4d35-bced-ada3514e60fa", "title": "Store Locator Plus <= 4.5.11 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Locator Plus\u00ae for WordPress", "slug": "store-locator-le", "affected_versions": { "[*, 4.5.11)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f80fcadd-d6b7-4d35-bced-ada3514e60fa?source=api-scan" ], "published": "2016-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f80fef43-ffc4-4b9b-ae17-000d14281c43": { "id": "f80fef43-ffc4-4b9b-ae17-000d14281c43", "title": "Moloni <= 4.7.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Moloni", "slug": "moloni", "affected_versions": { "* - 4.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f80fef43-ffc4-4b9b-ae17-000d14281c43?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f810326f-f84a-4066-aa28-5caa915ba877": { "id": "f810326f-f84a-4066-aa28-5caa915ba877", "title": "miniOrange's Google Authenticator <= 5.4.39 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA, Two Factor, OTP SMS and Email | Passwordless login", "slug": "miniorange-2-factor-authentication", "affected_versions": { "* - 5.4.39": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.39", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f810326f-f84a-4066-aa28-5caa915ba877?source=api-scan" ], "published": "2021-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f810cc65-5a19-4ad7-a6b6-41a9b4f30f4c": { "id": "f810cc65-5a19-4ad7-a6b6-41a9b4f30f4c", "title": "affiliate-toolkit <= 3.5.5 - Unauthenticated Full Path Dislcosure", "software": [ { "type": "plugin", "name": "affiliate-toolkit", "slug": "affiliate-toolkit-starter", "affected_versions": { "* - 3.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f810cc65-5a19-4ad7-a6b6-41a9b4f30f4c?source=api-scan" ], "published": "2024-08-08 20:37:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8121633-299d-45f9-88b1-e65e30e897d1": { "id": "f8121633-299d-45f9-88b1-e65e30e897d1", "title": "\u0421\u0442\u0430\u0440\u0442 <= 3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress \u0421\u0442\u0430\u0440\u0442", "slug": "iksweb", "affected_versions": { "* - 3.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8121633-299d-45f9-88b1-e65e30e897d1?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f813cb1a-5922-48a5-a026-66ec9aaac294": { "id": "f813cb1a-5922-48a5-a026-66ec9aaac294", "title": "Slider Pro <= 4.8.6 - Missing Authorization via AJAX actions", "software": [ { "type": "plugin", "name": "Slider Pro", "slug": "sliderpro", "affected_versions": { "* - 4.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.8.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f813cb1a-5922-48a5-a026-66ec9aaac294?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8147f63-91a5-457c-8259-8e4ddf5c67e4": { "id": "f8147f63-91a5-457c-8259-8e4ddf5c67e4", "title": "Simple URLs <= 118 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Simple URLs \u2013 Link Cloaking, Product Displays, and Affiliate Link Management", "slug": "simple-urls", "affected_versions": { "* - 118": { "from_version": "*", "from_inclusive": true, "to_version": "118", "to_inclusive": true } }, "patched": true, "patched_versions": [ "119" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8147f63-91a5-457c-8259-8e4ddf5c67e4?source=api-scan" ], "published": "2023-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8152adf-1ca9-4a19-b539-39e257ab94c8": { "id": "f8152adf-1ca9-4a19-b539-39e257ab94c8", "title": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization", "software": [ { "type": "plugin", "name": "ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce", "slug": "reviewx", "affected_versions": { "* - 1.6.27": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8152adf-1ca9-4a19-b539-39e257ab94c8?source=api-scan" ], "published": "2024-05-16 07:36:25", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f815a4e5-cca2-4b86-96f4-ad956814d685": { "id": "f815a4e5-cca2-4b86-96f4-ad956814d685", "title": "Wow Moodboard Lite <= 1.1.1.1 - Open Redirect", "software": [ { "type": "plugin", "name": "Wow Moodboard Lite", "slug": "wow-moodboard-lite", "affected_versions": { "* - 1.1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f815a4e5-cca2-4b86-96f4-ad956814d685?source=api-scan" ], "published": "2015-05-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f816a32a-3c4d-447e-86a3-942b5e636cce": { "id": "f816a32a-3c4d-447e-86a3-942b5e636cce", "title": "JobBoardWP <= 1.2.1 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JobBoardWP \u2013 Job Board Listings and Submissions", "slug": "jobboardwp", "affected_versions": { "* - 1.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f816a32a-3c4d-447e-86a3-942b5e636cce?source=api-scan" ], "published": "2022-11-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f81950be-de32-4fa1-94fe-42667414fe2d": { "id": "f81950be-de32-4fa1-94fe-42667414fe2d", "title": "WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Customer Reviews", "slug": "wp-customer-reviews", "affected_versions": { "* - 3.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f81950be-de32-4fa1-94fe-42667414fe2d?source=api-scan" ], "published": "2023-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f81df26f-4390-4626-8539-367a52f8a027": { "id": "f81df26f-4390-4626-8539-367a52f8a027", "title": "Simple Like Page Plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Simple Like Page Plugin", "slug": "simple-facebook-plugin", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f81df26f-4390-4626-8539-367a52f8a027?source=api-scan" ], "published": "2023-11-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f821e1e2-9114-4b24-bd87-18ab49aa446e": { "id": "f821e1e2-9114-4b24-bd87-18ab49aa446e", "title": "Annonces <= 1.2.0.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Annonces", "slug": "annonces", "affected_versions": { "* - 1.2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f821e1e2-9114-4b24-bd87-18ab49aa446e?source=api-scan" ], "published": "2012-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8228b0d-be97-4e7c-8346-d203f7130958": { "id": "f8228b0d-be97-4e7c-8346-d203f7130958", "title": "Compfight < 1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Compfight", "slug": "compfight", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8228b0d-be97-4e7c-8346-d203f7130958?source=api-scan" ], "published": "2014-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f822d5b9-46fb-4910-8d92-8c73e01d7e50": { "id": "f822d5b9-46fb-4910-8d92-8c73e01d7e50", "title": "YITH WooCommerce Compare <= 2.37.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "YITH WooCommerce Compare", "slug": "yith-woocommerce-compare", "affected_versions": { "* - 2.37.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.37.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.38.0" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f822d5b9-46fb-4910-8d92-8c73e01d7e50?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8259785-b15b-49df-bf9c-9108a6a59070": { "id": "f8259785-b15b-49df-bf9c-9108a6a59070", "title": "WP Forum <= 2.3 - Multiple SQL Injections", "software": [ { "type": "plugin", "name": "wp-forum", "slug": "wp-forum", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8259785-b15b-49df-bf9c-9108a6a59070?source=api-scan" ], "published": "2009-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8297149-2de3-4e49-80f9-6ea59dea6bce": { "id": "f8297149-2de3-4e49-80f9-6ea59dea6bce", "title": "Recently <= 3.0.4 - Arbitrary File Upload to Remote Code Exectution", "software": [ { "type": "plugin", "name": "Recently", "slug": "recently", "affected_versions": { "* - 3.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8297149-2de3-4e49-80f9-6ea59dea6bce?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8381b6c-46f4-4b9d-9975-c90310d066d7": { "id": "f8381b6c-46f4-4b9d-9975-c90310d066d7", "title": "Option Tree <= 2.7.2 - Object Injection Bypass", "software": [ { "type": "plugin", "name": "OptionTree", "slug": "option-tree", "affected_versions": { "* - 2.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8381b6c-46f4-4b9d-9975-c90310d066d7?source=api-scan" ], "published": "2019-05-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f838dbc9-b31e-46c6-b615-4e8ece9a9cfc": { "id": "f838dbc9-b31e-46c6-b615-4e8ece9a9cfc", "title": "Otter Blocks <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE", "slug": "otter-blocks", "affected_versions": { "* - 2.6.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f838dbc9-b31e-46c6-b615-4e8ece9a9cfc?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8390dc5-24db-4d39-ba26-eaa87d260f1c": { "id": "f8390dc5-24db-4d39-ba26-eaa87d260f1c", "title": "Youzify <= 1.2.6 - Missing Authorization", "software": [ { "type": "plugin", "name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", "slug": "youzify", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8390dc5-24db-4d39-ba26-eaa87d260f1c?source=api-scan" ], "published": "2024-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f83a6631-ff6c-422e-8b6c-49576fadb89f": { "id": "f83a6631-ff6c-422e-8b6c-49576fadb89f", "title": "WP Project Manager <= 2.6.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts", "slug": "wedevs-project-manager", "affected_versions": { "* - 2.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f83a6631-ff6c-422e-8b6c-49576fadb89f?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f83b36fe-4e46-4ab7-a113-6dcfa7cce625": { "id": "f83b36fe-4e46-4ab7-a113-6dcfa7cce625", "title": "Soledad <= 8.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f83b36fe-4e46-4ab7-a113-6dcfa7cce625?source=api-scan" ], "published": "2023-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f83be46f-3b51-4a30-88a4-388bcbfd0d2a": { "id": "f83be46f-3b51-4a30-88a4-388bcbfd0d2a", "title": "SB Child List <= 4.5 - Cross-Site Request Forgery via 'sb_cl_update_settings'", "software": [ { "type": "plugin", "name": "SB Child List", "slug": "sb-child-list", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f83be46f-3b51-4a30-88a4-388bcbfd0d2a?source=api-scan" ], "published": "2023-08-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f83db067-843f-4dd8-b5d1-83e95c6c88cc": { "id": "f83db067-843f-4dd8-b5d1-83e95c6c88cc", "title": "Beaver Builder (Lite Version) <= 2.8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter", "software": [ { "type": "plugin", "name": "Beaver Builder \u2013 WordPress Page Builder", "slug": "beaver-builder-lite-version", "affected_versions": { "* - 2.8.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f83db067-843f-4dd8-b5d1-83e95c6c88cc?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f83f878d-b708-4677-929a-e1ced535d99f": { "id": "f83f878d-b708-4677-929a-e1ced535d99f", "title": "MainWP Child < 3.4.5 - Authentication Bypass", "software": [ { "type": "plugin", "name": "MainWP Child \u2013 Securely Connects to the MainWP Dashboard to Manage Multiple Sites", "slug": "mainwp-child", "affected_versions": { "[*, 3.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f83f878d-b708-4677-929a-e1ced535d99f?source=api-scan" ], "published": "2018-02-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8457aeb-867b-4185-8271-a5452b7c5365": { "id": "f8457aeb-867b-4185-8271-a5452b7c5365", "title": "Animator <= 3.0.10 - Missing Authorization to Plugin Settings Update", "software": [ { "type": "plugin", "name": "Animator \u2013 Scroll Triggered Animations", "slug": "scroll-triggered-animations", "affected_versions": { "* - 3.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8457aeb-867b-4185-8271-a5452b7c5365?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8534891-2269-4afe-b83f-df512ca36456": { "id": "f8534891-2269-4afe-b83f-df512ca36456", "title": "WebARX <= 1.3.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WebARX", "slug": "webarx", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8534891-2269-4afe-b83f-df512ca36456?source=api-scan" ], "published": "2018-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8575c46-e51d-4be9-85bf-024688c4607d": { "id": "f8575c46-e51d-4be9-85bf-024688c4607d", "title": "Advanced WordPress Reset <= 1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Advanced WordPress Reset \u2013 Debug, Recover & Reset WP", "slug": "advanced-wp-reset", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8575c46-e51d-4be9-85bf-024688c4607d?source=api-scan" ], "published": "2022-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f85a0394-cd70-419d-97bd-c75d6f721714": { "id": "f85a0394-cd70-419d-97bd-c75d6f721714", "title": "MyBookTable Bookstore <= 3.2.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MyBookTable Bookstore by Stormhill Media", "slug": "mybooktable", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f85a0394-cd70-419d-97bd-c75d6f721714?source=api-scan" ], "published": "2019-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f85df8f1-9283-48d0-8f19-88a4a839d501": { "id": "f85df8f1-9283-48d0-8f19-88a4a839d501", "title": "TWB Woocommerce Reviews <= 1.7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TWB Woocommerce Reviews", "slug": "twb-woocommerce-reviews", "affected_versions": { "* - 1.7.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f85df8f1-9283-48d0-8f19-88a4a839d501?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f85f2fbb-5bd5-4508-abb0-36543b8ddaa2": { "id": "f85f2fbb-5bd5-4508-abb0-36543b8ddaa2", "title": "Custom Dashboard & Login Page < 6.9.5 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AGCA \u2013 Custom Dashboard & Login Page", "slug": "ag-custom-admin", "affected_versions": { "* - 6.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f85f2fbb-5bd5-4508-abb0-36543b8ddaa2?source=api-scan" ], "published": "2021-12-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f862afea-cd35-4aa4-aba6-df12a3728776": { "id": "f862afea-cd35-4aa4-aba6-df12a3728776", "title": "JobSearch <= 2.5.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 2.5.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f862afea-cd35-4aa4-aba6-df12a3728776?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8650a2e-346f-45fb-b5f5-ee99a470b2fc": { "id": "f8650a2e-346f-45fb-b5f5-ee99a470b2fc", "title": "Jetpack < 2.9.3 - Security Bypass", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "* - 1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.8", "to_inclusive": true }, "1.9 - 1.9.3": { "from_version": "1.9", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true }, "2.0 - 2.0.8": { "from_version": "2.0", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true }, "2.1 - 2.1.3": { "from_version": "2.1", "from_inclusive": true, "to_version": "2.1.3", "to_inclusive": true }, "2.2 - 2.2.6": { "from_version": "2.2", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true }, "2.3 - 2.3.6": { "from_version": "2.3", "from_inclusive": true, "to_version": "2.3.6", "to_inclusive": true }, "2.4 - 2.4.3": { "from_version": "2.4", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true }, "2.5 - 2.5.1": { "from_version": "2.5", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true }, "2.6 - 2.6.2": { "from_version": "2.6", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true }, "2.7 - 2.7.1": { "from_version": "2.7", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true }, "2.8 - 2.8.1": { "from_version": "2.8", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": true }, "2.9 - 2.9.2": { "from_version": "2.9", "from_inclusive": true, "to_version": "2.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4", "2.0.9", "2.1.4", "2.2.7", "2.3.7", "2.4.4", "2.5.2", "2.6.3", "2.7.2", "2.8.2", "2.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8650a2e-346f-45fb-b5f5-ee99a470b2fc?source=api-scan" ], "published": "2014-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8698529-4c55-45ad-a0c2-5f1d01944bf0": { "id": "f8698529-4c55-45ad-a0c2-5f1d01944bf0", "title": "Responsive Tabs with WooCommerce Product Tab Extension <= 3.5.4 - Unauthenticated Arbitrary Option Update", "software": [ { "type": "plugin", "name": "Tabs \u2013 Responsive Tabs with WooCommerce Product Tab Extension", "slug": "vc-tabs", "affected_versions": { "[*, 3.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8698529-4c55-45ad-a0c2-5f1d01944bf0?source=api-scan" ], "published": "2021-12-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f87019bd-4e33-4832-a9f3-4a93157386f8": { "id": "f87019bd-4e33-4832-a9f3-4a93157386f8", "title": "BuddyPress Cover <= 2.1.4.2 - Unauthenticated Arbitrary File Upload", "software": [ { "type": "plugin", "name": "BuddyPress Cover", "slug": "bp-cover", "affected_versions": { "* - 2.1.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.4.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f87019bd-4e33-4832-a9f3-4a93157386f8?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f": { "id": "f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f", "title": "Loan Repayment Calculator and Application Form <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Loan Repayment Calculator and Application Form", "slug": "quick-interest-slider", "affected_versions": { "* - 2.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f?source=api-scan" ], "published": "2023-12-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8758fd2-9f43-4e31-b496-50b77180bc07": { "id": "f8758fd2-9f43-4e31-b496-50b77180bc07", "title": "WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.0.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8758fd2-9f43-4e31-b496-50b77180bc07?source=api-scan" ], "published": "2013-12-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f87b6987-8896-4edf-9b14-8582426adeb0": { "id": "f87b6987-8896-4edf-9b14-8582426adeb0", "title": "My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "My Account Page Editor", "slug": "my-account-page-editor", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f87b6987-8896-4edf-9b14-8582426adeb0?source=api-scan" ], "published": "2023-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f87df7cc-54bb-454c-94be-c8c4768cbe44": { "id": "f87df7cc-54bb-454c-94be-c8c4768cbe44", "title": "Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read", "software": [ { "type": "plugin", "name": "Welcart e-Commerce", "slug": "usc-e-shop", "affected_versions": { "* - 2.8.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f87df7cc-54bb-454c-94be-c8c4768cbe44?source=api-scan" ], "published": "2022-12-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f87e78c5-e7f4-4af6-b64f-444fef23e890": { "id": "f87e78c5-e7f4-4af6-b64f-444fef23e890", "title": "Slimstat Analytics <= 4.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "[*, 4.8.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f87e78c5-e7f4-4af6-b64f-444fef23e890?source=api-scan" ], "published": "2019-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f87efb65-b53b-4e9c-b933-9303461487a3": { "id": "f87efb65-b53b-4e9c-b933-9303461487a3", "title": "Booking calendar, Appointment Booking System <= 3.2.3 - Unauthenticated Bypass Vulnerability", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f87efb65-b53b-4e9c-b933-9303461487a3?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8812cfe-4bbe-44ba-9513-7f81bad68d11": { "id": "f8812cfe-4bbe-44ba-9513-7f81bad68d11", "title": "Sharkdropship for AliExpress Dropship and Affiliate <= 2.2.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "Sharkdropship Dropshipping & Affiliate for for AliExpress", "slug": "wooshark-aliexpress-importer", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8812cfe-4bbe-44ba-9513-7f81bad68d11?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f88286b9-16b2-42a9-b8c6-0a6fe6c136ef": { "id": "f88286b9-16b2-42a9-b8c6-0a6fe6c136ef", "title": "Forminator Plugin <= 1.5.3.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder", "slug": "forminator", "affected_versions": { "[*, 1.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f88286b9-16b2-42a9-b8c6-0a6fe6c136ef?source=api-scan" ], "published": "2019-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f882da12-2db7-481f-9a16-a54e1ab24af5": { "id": "f882da12-2db7-481f-9a16-a54e1ab24af5", "title": "Page View Counts <= 2.4.8 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page View Count", "slug": "page-views-count", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f882da12-2db7-481f-9a16-a54e1ab24af5?source=api-scan" ], "published": "2021-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f883823f-c225-4cd2-a0f6-39013476ed83": { "id": "f883823f-c225-4cd2-a0f6-39013476ed83", "title": "Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Booking Calendar", "slug": "booking", "affected_versions": { "* - 9.7.3": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f883823f-c225-4cd2-a0f6-39013476ed83?source=api-scan" ], "published": "2023-09-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f889342e-03fb-44eb-b5cb-acf115a526c3": { "id": "f889342e-03fb-44eb-b5cb-acf115a526c3", "title": "Sight \u2013 Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title", "software": [ { "type": "plugin", "name": "Sight \u2013 Professional Image Gallery and Portfolio", "slug": "sight", "affected_versions": { "* - 1.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f889342e-03fb-44eb-b5cb-acf115a526c3?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f88b8f3f-b4e0-482e-a2e8-dc0f3529a37e": { "id": "f88b8f3f-b4e0-482e-a2e8-dc0f3529a37e", "title": "Matomo Analytics <= 5.1.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Matomo Analytics \u2013 Ethical Stats. Powerful Insights.", "slug": "matomo", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f88b8f3f-b4e0-482e-a2e8-dc0f3529a37e?source=api-scan" ], "published": "2024-07-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f88eaf82-e5de-43e2-b998-4a6d33be65ac": { "id": "f88eaf82-e5de-43e2-b998-4a6d33be65ac", "title": "Parallelus Unite, Interscet, Traject, & Salutation < 2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Parallelus Intersect", "slug": "parallelus-intersect", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "Parallelus Unite", "slug": "parallelus-unite", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "Salutation Responsive WordPress Theme", "slug": "parallelus-salutation", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] }, { "type": "theme", "name": "Parallelus Traject", "slug": "parallelus-traject", "affected_versions": { "[*, 2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f88eaf82-e5de-43e2-b998-4a6d33be65ac?source=api-scan" ], "published": "2012-10-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f88ef4cf-3f22-40e0-b651-59cb40f148fd": { "id": "f88ef4cf-3f22-40e0-b651-59cb40f148fd", "title": "TJ Shortcodes 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "TJ Shortcodes", "slug": "theme-junkie-shortcodes", "affected_versions": { "* - 0.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f88ef4cf-3f22-40e0-b651-59cb40f148fd?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f891a6c8-3d06-432e-8651-bb689015af1c": { "id": "f891a6c8-3d06-432e-8651-bb689015af1c", "title": "Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider", "software": [ { "type": "plugin", "name": "Premium Addons for Elementor", "slug": "premium-addons-for-elementor", "affected_versions": { "* - 4.10.31": { "from_version": "*", "from_inclusive": true, "to_version": "4.10.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.10.32" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f891a6c8-3d06-432e-8651-bb689015af1c?source=api-scan" ], "published": "2024-05-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f89718f2-e25b-4393-986a-34ef3076a59c": { "id": "f89718f2-e25b-4393-986a-34ef3076a59c", "title": "WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Maps \u2013 Display Google Maps Perfectly with Ease", "slug": "wp-google-map-plugin", "affected_versions": { "[*, 2.3.10)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f89718f2-e25b-4393-986a-34ef3076a59c?source=api-scan" ], "published": "2015-08-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f89ba641-6c78-48d3-8826-96576198274f": { "id": "f89ba641-6c78-48d3-8826-96576198274f", "title": "Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Simple JWT Login \u2013 Allows you to use JWT on REST endpoints.", "slug": "simple-jwt-login", "affected_versions": { "[*, 3.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f89ba641-6c78-48d3-8826-96576198274f?source=api-scan" ], "published": "2021-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f89e9c46-aca3-4b2f-b935-2976c510ed8b": { "id": "f89e9c46-aca3-4b2f-b935-2976c510ed8b", "title": "3DPrint <= 3.5.4.7 - Cross-Site Request Forgery to Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "3DPrint", "slug": "3dprint", "affected_versions": { "* - 3.5.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.4.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f89e9c46-aca3-4b2f-b935-2976c510ed8b?source=api-scan" ], "published": "2022-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8a2a23c-23bf-4f23-8b9d-1d6fe869d705": { "id": "f8a2a23c-23bf-4f23-8b9d-1d6fe869d705", "title": "Image Protector <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Protector", "slug": "image-protector", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8a2a23c-23bf-4f23-8b9d-1d6fe869d705?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8a356db-02a2-4392-baca-46ef1bbfc801": { "id": "f8a356db-02a2-4392-baca-46ef1bbfc801", "title": "Social Connect <= 0.10.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Social Connect", "slug": "social-connect", "affected_versions": { "* - 0.10.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.10.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.10.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8a356db-02a2-4392-baca-46ef1bbfc801?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8a653ab-7703-4e73-8089-a15ba6cf9718": { "id": "f8a653ab-7703-4e73-8089-a15ba6cf9718", "title": "Stop User Enumeration <= 1.2.4 - Security Bypass", "software": [ { "type": "plugin", "name": "Stop User Enumeration", "slug": "stop-user-enumeration", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8a653ab-7703-4e73-8089-a15ba6cf9718?source=api-scan" ], "published": "2014-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8a87f7b-471b-44c0-a0bd-06a9ba24a566": { "id": "f8a87f7b-471b-44c0-a0bd-06a9ba24a566", "title": "WP Review Slider < 11.0 - SQL Injection", "software": [ { "type": "plugin", "name": "WP Review Slider", "slug": "wp-facebook-reviews", "affected_versions": { "[*, 11.0)": { "from_version": "*", "from_inclusive": true, "to_version": "11.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8a87f7b-471b-44c0-a0bd-06a9ba24a566?source=api-scan" ], "published": "2022-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8aa8dd6-abff-4c37-98d5-39a924b15651": { "id": "f8aa8dd6-abff-4c37-98d5-39a924b15651", "title": "Charitable \u2013 Donation Plugin <= 1.6.50 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More", "slug": "charitable", "affected_versions": { "* - 1.6.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.50", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.51" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8aa8dd6-abff-4c37-98d5-39a924b15651?source=api-scan" ], "published": "2021-07-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8aefc77-b5fb-45b0-b3ba-67d850c72e77": { "id": "f8aefc77-b5fb-45b0-b3ba-67d850c72e77", "title": "WP Front End Profile <= 0.2.1 - Privilege Escalation", "software": [ { "type": "plugin", "name": "WP Frontend Profile", "slug": "wp-front-end-profile", "affected_versions": { "* - 0.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8aefc77-b5fb-45b0-b3ba-67d850c72e77?source=api-scan" ], "published": "2016-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8b09933-9634-4a8a-a899-ba500979e5aa": { "id": "f8b09933-9634-4a8a-a899-ba500979e5aa", "title": "Html5 Audio Player <= 2.1.2 - Contributor+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTML5 Audio Player- Best WordPress Audio Player Plugin", "slug": "html5-audio-player", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8b09933-9634-4a8a-a899-ba500979e5aa?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8b69e14-1c21-4f52-a1fb-6da34b00b1fd": { "id": "f8b69e14-1c21-4f52-a1fb-6da34b00b1fd", "title": "Defa Online Image Protector Free Edition <= 3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Defa Online Image Protector Free Edition", "slug": "defa-online-image-protector", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8b69e14-1c21-4f52-a1fb-6da34b00b1fd?source=api-scan" ], "published": "2016-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8ba38c3-51d2-43a7-89ff-c72a8edc946b": { "id": "f8ba38c3-51d2-43a7-89ff-c72a8edc946b", "title": "CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "CPO Shortcodes", "slug": "cpo-shortcodes", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8ba38c3-51d2-43a7-89ff-c72a8edc946b?source=api-scan" ], "published": "2023-10-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8befbf2-0d9d-4d0e-87de-0f1b26c0acd0": { "id": "f8befbf2-0d9d-4d0e-87de-0f1b26c0acd0", "title": "Sales Report Email for WooCommerce <= 2.8.0 - Missing Authorization for Email Functionality", "software": [ { "type": "plugin", "name": "Sales Report Email for WooCommerce", "slug": "woo-advanced-sales-report-email", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8befbf2-0d9d-4d0e-87de-0f1b26c0acd0?source=api-scan" ], "published": "2023-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8bf0933-1c97-4374-b323-c55b91fe4d27": { "id": "f8bf0933-1c97-4374-b323-c55b91fe4d27", "title": "Essential Blocks <= 4.0.6 - Missing Authorization via save", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=api-scan" ], "published": "2023-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8ccf307-3bb8-45c5-91da-7d0f46e96694": { "id": "f8ccf307-3bb8-45c5-91da-7d0f46e96694", "title": "WP Better Permalinks < 3.0.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Better Permalinks", "slug": "wp-better-permalinks", "affected_versions": { "[*, 3.0.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8ccf307-3bb8-45c5-91da-7d0f46e96694?source=api-scan" ], "published": "2019-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8d093ae-e0b1-49c2-a492-e01f2e954ddb": { "id": "f8d093ae-e0b1-49c2-a492-e01f2e954ddb", "title": "MPL-Publisher <= 1.30.2 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "MPL-Publisher \u2014 Ebook & Audiobook Creator", "slug": "mpl-publisher", "affected_versions": { "* - 1.30.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.30.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.30.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8d093ae-e0b1-49c2-a492-e01f2e954ddb?source=api-scan" ], "published": "2021-10-15 19:23:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc": { "id": "f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc", "title": "Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8db6a27-111b-4e6d-966e-0af0833307b1": { "id": "f8db6a27-111b-4e6d-966e-0af0833307b1", "title": "Tweet Wheel < 1.0.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Tweet Wheel", "slug": "tweet-wheel", "affected_versions": { "[*, 1.0.3.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8db6a27-111b-4e6d-966e-0af0833307b1?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8ddb7df-7f74-486d-a55f-9e2d1e91f112": { "id": "f8ddb7df-7f74-486d-a55f-9e2d1e91f112", "title": "SearchWP Live Ajax Search <= 1.6.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "SearchWP Live Ajax Search", "slug": "searchwp-live-ajax-search", "affected_versions": { "* - 1.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8ddb7df-7f74-486d-a55f-9e2d1e91f112?source=api-scan" ], "published": "2022-07-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8e511ec-93d3-45f3-98ee-ffa7a79bf74e": { "id": "f8e511ec-93d3-45f3-98ee-ffa7a79bf74e", "title": "WP Visitor Statistics (Real Time Traffic) <= 6.8.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "WP Visitor Statistics (Real Time Traffic)", "slug": "wp-stats-manager", "affected_versions": { "* - 6.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8e511ec-93d3-45f3-98ee-ffa7a79bf74e?source=api-scan" ], "published": "2023-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8e6beeb-5af9-4713-bf7f-2edc1ddaa12f": { "id": "f8e6beeb-5af9-4713-bf7f-2edc1ddaa12f", "title": "Super Forms - Drag & Drop Form Builder WordPress <= 6.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Super Forms \u2013 Drag & Drop Form Builder", "slug": "super-forms", "affected_versions": { "* - 6.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8e6beeb-5af9-4713-bf7f-2edc1ddaa12f?source=api-scan" ], "published": "2022-01-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8e6bfd4-9003-4ac6-96a1-0c7024b2a800": { "id": "f8e6bfd4-9003-4ac6-96a1-0c7024b2a800", "title": "Link Library <= 7.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.4": { "from_version": "*", "from_inclusive": true, "to_version": "7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8e6bfd4-9003-4ac6-96a1-0c7024b2a800?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8ec4c5e-fb24-4b74-9ed8-0a9060625aba": { "id": "f8ec4c5e-fb24-4b74-9ed8-0a9060625aba", "title": "Happy Addons for Elementor <= 2.23.0 & Pro Version < 1.17.0 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor Pro", "slug": "happy-elementor-addons-pro", "affected_versions": { "[*, 1.17.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.17.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.17.0" ] }, { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "[*, 2.24.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.24.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.24.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8ec4c5e-fb24-4b74-9ed8-0a9060625aba?source=api-scan" ], "published": "2021-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8f27037-5dd6-467e-b633-494f30ec8b7a": { "id": "f8f27037-5dd6-467e-b633-494f30ec8b7a", "title": "Pie Register \u2013 User Registration Forms < 2.0.19 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "[*, 2.0.19)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.19", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8f27037-5dd6-467e-b633-494f30ec8b7a?source=api-scan" ], "published": "2015-10-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8f3ce3d-ae8a-4c0f-a74d-657225a932f1": { "id": "f8f3ce3d-ae8a-4c0f-a74d-657225a932f1", "title": "Buy Me a Coffee \u2013 Button and Widget Plugin <= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Buy Me a Coffee \u2013 Button and Widget Plugin", "slug": "buymeacoffee", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8f3ce3d-ae8a-4c0f-a74d-657225a932f1?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8f7a00e-9cb4-4640-bda9-0cd7341d0c41": { "id": "f8f7a00e-9cb4-4640-bda9-0cd7341d0c41", "title": "Easy Cookies Policy <= 1.6.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Cookies Policy", "slug": "easy-cookies-policy", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8f7a00e-9cb4-4640-bda9-0cd7341d0c41?source=api-scan" ], "published": "2021-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8f86293-a32f-49a6-8c8c-d37354ab040a": { "id": "f8f86293-a32f-49a6-8c8c-d37354ab040a", "title": "Essential Addons for Elementor Pro <= 5.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor Pro", "slug": "essential-addons-elementor", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8f86293-a32f-49a6-8c8c-d37354ab040a?source=api-scan" ], "published": "2023-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f8f92355-e664-4aeb-9094-9c8aa49cd3e7": { "id": "f8f92355-e664-4aeb-9094-9c8aa49cd3e7", "title": "Mojoomla Hospital Management System for WordPress Theme < 22-05-2018 - SQL Injection", "software": [ { "type": "plugin", "name": "Hospital Management System for Wordpress", "slug": "hospital-management", "affected_versions": { "[*, 08-03-2018]": { "from_version": "*", "from_inclusive": true, "to_version": "08-03-2018", "to_inclusive": true } }, "patched": true, "patched_versions": [ "22-05-2018" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f8f92355-e664-4aeb-9094-9c8aa49cd3e7?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f908837d-2bba-45db-b005-f685a33cd71e": { "id": "f908837d-2bba-45db-b005-f685a33cd71e", "title": "postTabs <= 2.10.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "postTabs", "slug": "posttabs", "affected_versions": { "* - 2.10.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.10.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f908837d-2bba-45db-b005-f685a33cd71e?source=api-scan" ], "published": "2022-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f90b6cdb-d929-493e-b078-4762b7e2f76d": { "id": "f90b6cdb-d929-493e-b078-4762b7e2f76d", "title": "Slider by 10Web <= 1.2.35 - SQL Injection", "software": [ { "type": "plugin", "name": "Slider by 10Web \u2013 Responsive Image Slider", "slug": "slider-wd", "affected_versions": { "* - 1.2.35": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.36" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f90b6cdb-d929-493e-b078-4762b7e2f76d?source=api-scan" ], "published": "2020-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f90f5f35-ed84-4284-be21-15bfaf10175f": { "id": "f90f5f35-ed84-4284-be21-15bfaf10175f", "title": "GiveWP <= 2.17.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.17.3)": { "from_version": "*", "from_inclusive": true, "to_version": "2.17.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.17.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f90f5f35-ed84-4284-be21-15bfaf10175f?source=api-scan" ], "published": "2022-01-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9150e6b-2233-4fdb-95b7-1a5a8c083cad": { "id": "f9150e6b-2233-4fdb-95b7-1a5a8c083cad", "title": "MainWP WordPress SEO Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP WordPress SEO Extension", "slug": "mainwp-seo-extension", "affected_versions": { "* - 4.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9150e6b-2233-4fdb-95b7-1a5a8c083cad?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f91838e7-8192-455f-ae79-a8c7e7cc06e3": { "id": "f91838e7-8192-455f-ae79-a8c7e7cc06e3", "title": "Captcha < 4.3.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Captcha", "slug": "captcha", "affected_versions": { "[*, 4.3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f91838e7-8192-455f-ae79-a8c7e7cc06e3?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f918c749-8c3d-4436-9a84-b040e4a2f8ed": { "id": "f918c749-8c3d-4436-9a84-b040e4a2f8ed", "title": "Pie Register <= 3.0.9 - SQL Injection", "software": [ { "type": "plugin", "name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction", "slug": "pie-register", "affected_versions": { "* - 3.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f918c749-8c3d-4436-9a84-b040e4a2f8ed?source=api-scan" ], "published": "2018-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f91d6ad6-82fc-4507-90e2-aedfff26bac5": { "id": "f91d6ad6-82fc-4507-90e2-aedfff26bac5", "title": "Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass", "software": [ { "type": "plugin", "name": "Social Login Lite For WooCommerce", "slug": "social-login-lite-for-woocommerce", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f91d6ad6-82fc-4507-90e2-aedfff26bac5?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f922ea86-5876-40ce-82ee-fb2b6dbddf17": { "id": "f922ea86-5876-40ce-82ee-fb2b6dbddf17", "title": "Sendit WP Newsletter <= 2.5.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Sendit WP Newsletter", "slug": "sendit", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f922ea86-5876-40ce-82ee-fb2b6dbddf17?source=api-scan" ], "published": "2021-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f925833e-06d6-4175-8dca-5cb7baec9364": { "id": "f925833e-06d6-4175-8dca-5cb7baec9364", "title": "EazyDocs <= 2.5.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "EazyDocs \u2013 Most Powerful Knowledge base, wiki, Documentation Builder Plugin", "slug": "eazydocs", "affected_versions": { "* - 2.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f925833e-06d6-4175-8dca-5cb7baec9364?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9259875-c63f-48ed-a3c8-4d6d0ffe8004": { "id": "f9259875-c63f-48ed-a3c8-4d6d0ffe8004", "title": "Bugs Go Viral : Facebook Promotion Generator <= 1.3.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bugs Go Viral : Facebook Promotion Generator", "slug": "fbpromotions", "affected_versions": { "* - 1.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9259875-c63f-48ed-a3c8-4d6d0ffe8004?source=api-scan" ], "published": "2014-05-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f92784a7-f2b3-47f8-b03f-4e234b57e40a": { "id": "f92784a7-f2b3-47f8-b03f-4e234b57e40a", "title": "Subscribe to Comments <= 2.1.2 - Local File Includion", "software": [ { "type": "plugin", "name": "Subscribe to Comments", "slug": "subscribe-to-comments", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f92784a7-f2b3-47f8-b03f-4e234b57e40a?source=api-scan" ], "published": "2015-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f92f614b-162a-4ca5-bf7d-9d7088f59af9": { "id": "f92f614b-162a-4ca5-bf7d-9d7088f59af9", "title": "WP Site Protector <= 2.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Site Protector", "slug": "wp-site-protector", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f92f614b-162a-4ca5-bf7d-9d7088f59af9?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f931cf8e-01dd-4f0b-ac86-6e0654fd1597": { "id": "f931cf8e-01dd-4f0b-ac86-6e0654fd1597", "title": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes", "software": [ { "type": "plugin", "name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", "slug": "bdthemes-element-pack-lite", "affected_versions": { "* - 5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f931cf8e-01dd-4f0b-ac86-6e0654fd1597?source=api-scan" ], "published": "2024-05-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f932e3ea-3d82-47af-924a-b2df15641611": { "id": "f932e3ea-3d82-47af-924a-b2df15641611", "title": "MainWP Staging Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation", "software": [ { "type": "plugin", "name": "MainWP Staging Extension", "slug": "mainwp-staging-extension", "affected_versions": { "* - 4.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f932e3ea-3d82-47af-924a-b2df15641611?source=api-scan" ], "published": "2023-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9337519-0b33-43fa-9be4-2390b8b3afb9": { "id": "f9337519-0b33-43fa-9be4-2390b8b3afb9", "title": "ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection", "software": [ { "type": "plugin", "name": "ProfileGrid \u2013 User Profiles, Groups and Communities", "slug": "profilegrid-user-profiles-groups-and-communities", "affected_versions": { "* - 5.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9337519-0b33-43fa-9be4-2390b8b3afb9?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f938a446-ae0b-4e06-9d55-26e2fea4d1e8": { "id": "f938a446-ae0b-4e06-9d55-26e2fea4d1e8", "title": "Stock in & out <= 1.0.4 - SQL Injection", "software": [ { "type": "plugin", "name": "Stock in & out", "slug": "stock-in", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f938a446-ae0b-4e06-9d55-26e2fea4d1e8?source=api-scan" ], "published": "2021-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f93aa003-5b8b-4836-af65-80df2f9fbdb6": { "id": "f93aa003-5b8b-4836-af65-80df2f9fbdb6", "title": "Voting Record <= 2.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Voting Record", "slug": "voting-record", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f93aa003-5b8b-4836-af65-80df2f9fbdb6?source=api-scan" ], "published": "2024-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9429c04-a1f8-42c4-bc43-df0a96aa5a6d": { "id": "f9429c04-a1f8-42c4-bc43-df0a96aa5a6d", "title": "Super Testimonials <= 3.0.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Super Testimonials", "slug": "sola-testimonials", "affected_versions": { "* - 3.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9429c04-a1f8-42c4-bc43-df0a96aa5a6d?source=api-scan" ], "published": "2024-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9454765-f70b-4d8d-a5cc-28bc34375216": { "id": "f9454765-f70b-4d8d-a5cc-28bc34375216", "title": "Soledad <= 8.4.5 - Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Soledad", "slug": "soledad", "affected_versions": { "* - 8.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "8.4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9454765-f70b-4d8d-a5cc-28bc34375216?source=api-scan" ], "published": "2024-04-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9478d3e-d2f9-458b-a6ca-3baef21db60e": { "id": "f9478d3e-d2f9-458b-a6ca-3baef21db60e", "title": "Accordions \u2013 Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter", "software": [ { "type": "plugin", "name": "Accordion \u2013 Multiple Accordion or FAQs Builder", "slug": "accordions-or-faqs", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9478d3e-d2f9-458b-a6ca-3baef21db60e?source=api-scan" ], "published": "2022-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f94a1671-11f8-4a05-b950-a068edf29f43": { "id": "f94a1671-11f8-4a05-b950-a068edf29f43", "title": "e2pdf <= 1.25.05 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "E2Pdf \u2013 Export Pdf Tool for WordPress", "slug": "e2pdf", "affected_versions": { "* - 1.25.05": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.05", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f94a1671-11f8-4a05-b950-a068edf29f43?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f94eabc5-6e3b-46df-9e36-d7d0fad833de": { "id": "f94eabc5-6e3b-46df-9e36-d7d0fad833de", "title": "Kraken.io Image Optimizer <= 2.6.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update", "software": [ { "type": "plugin", "name": "Kraken.io Image Optimizer", "slug": "kraken-image-optimizer", "affected_versions": { "* - 2.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f94eabc5-6e3b-46df-9e36-d7d0fad833de?source=api-scan" ], "published": "2023-02-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f958ed28-0520-47c7-9b60-94e7c6504d20": { "id": "f958ed28-0520-47c7-9b60-94e7c6504d20", "title": "Easy Digital Downloads \u2013 Recurring Payments <= 2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Digital Downloads - Recurring Payments", "slug": "edd-recurring-payments", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f958ed28-0520-47c7-9b60-94e7c6504d20?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9611732-67aa-4940-8df1-c0ed7baad985": { "id": "f9611732-67aa-4940-8df1-c0ed7baad985", "title": "Download Manager <= 3.2.49 - IP Blocking Bypass", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "* - 3.2.49": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.49", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.50" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9611732-67aa-4940-8df1-c0ed7baad985?source=api-scan" ], "published": "2022-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f962a3ef-205d-42e2-acf1-45eabfdba3ee": { "id": "f962a3ef-205d-42e2-acf1-45eabfdba3ee", "title": "Local Development <=2.8.2 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Local Development", "slug": "local-development", "affected_versions": { "* - 2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f962a3ef-205d-42e2-acf1-45eabfdba3ee?source=api-scan" ], "published": "2023-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f969cb24-734f-46e5-a74d-fddf8e61e096": { "id": "f969cb24-734f-46e5-a74d-fddf8e61e096", "title": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", "slug": "essential-blocks", "affected_versions": { "* - 4.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f969cb24-734f-46e5-a74d-fddf8e61e096?source=api-scan" ], "published": "2024-01-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f96eb21c-7682-47e3-bd3a-37482d1bd37f": { "id": "f96eb21c-7682-47e3-bd3a-37482d1bd37f", "title": "Page Builder KingComposer <= 2.9.6 - Authenticated Arbitrary Profile Creation and Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Page Builder: KingComposer \u2013 Free Drag and Drop page builder by King-Theme", "slug": "kingcomposer", "affected_versions": { "* - 2.9.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f96eb21c-7682-47e3-bd3a-37482d1bd37f?source=api-scan" ], "published": "2022-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f972ab72-8e68-4ab3-aa7f-e2816de33554": { "id": "f972ab72-8e68-4ab3-aa7f-e2816de33554", "title": "WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget", "software": [ { "type": "plugin", "name": "WPZOOM Addons for Elementor (Templates, Widgets)", "slug": "wpzoom-elementor-addons", "affected_versions": { "* - 1.1.38": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.38", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f972ab72-8e68-4ab3-aa7f-e2816de33554?source=api-scan" ], "published": "2024-06-19 14:14:36", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f97d97fd-5eac-4fdb-b65a-4c42c3005a2e": { "id": "f97d97fd-5eac-4fdb-b65a-4c42c3005a2e", "title": "\/\/\/\/ WP BORN BABIES PLUGIN \/\/\/ <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "\/\/\/\/ WP BORN BABIES PLUGIN \/\/\/", "slug": "wp-born-babies", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f97d97fd-5eac-4fdb-b65a-4c42c3005a2e?source=api-scan" ], "published": "2022-05-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f980e902-820b-43e0-8334-fc70c711a126": { "id": "f980e902-820b-43e0-8334-fc70c711a126", "title": "estrutura-basica (All Known Versions) - Path Traversal", "software": [ { "type": "theme", "name": "estrutura-basica", "slug": "estrutura-basica", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f980e902-820b-43e0-8334-fc70c711a126?source=api-scan" ], "published": "2015-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9844b47-427a-4f2f-9f42-00adcbcf133c": { "id": "f9844b47-427a-4f2f-9f42-00adcbcf133c", "title": "WCP Contact Form <= 3.1.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "WCP Contact Form", "slug": "wcp-contact-form", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9844b47-427a-4f2f-9f42-00adcbcf133c?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f98bb2a2-6525-4e0b-8bbd-968cf5b122dc": { "id": "f98bb2a2-6525-4e0b-8bbd-968cf5b122dc", "title": "Superior FAQ <= 1.0.2 - Cross Site Request Forgery", "software": [ { "type": "plugin", "name": "Superior FAQ", "slug": "superior-faq", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f98bb2a2-6525-4e0b-8bbd-968cf5b122dc?source=api-scan" ], "published": "2023-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9900533-0724-445f-9d56-8a0422479448": { "id": "f9900533-0724-445f-9d56-8a0422479448", "title": "Analytics <= 1.7.0 - Multiple Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Analytics by BestWebSoft \u2013 Google Analytics Dashboard and Statistic Plugin for WordPress", "slug": "bws-google-analytics", "affected_versions": { "* - 1.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9900533-0724-445f-9d56-8a0422479448?source=api-scan" ], "published": "2017-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9989f22-d5a0-453a-86e8-dc45c7cdd5dd": { "id": "f9989f22-d5a0-453a-86e8-dc45c7cdd5dd", "title": "TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change", "software": [ { "type": "plugin", "name": "Advance WordPress Search Plugin", "slug": "th-advance-product-search", "affected_versions": { "* - 1.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9989f22-d5a0-453a-86e8-dc45c7cdd5dd?source=api-scan" ], "published": "2022-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9998485-e272-48fc-b2f1-9e30158d0d16": { "id": "f9998485-e272-48fc-b2f1-9e30158d0d16", "title": "Neon text <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Neon text", "slug": "neon-text", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9998485-e272-48fc-b2f1-9e30158d0d16?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f99e9f01-cc98-4af5-bb95-f56f6a550e96": { "id": "f99e9f01-cc98-4af5-bb95-f56f6a550e96", "title": "WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce", "slug": "wc-multivendor-marketplace", "affected_versions": { "* - 3.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f99e9f01-cc98-4af5-bb95-f56f6a550e96?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9a2d45c-397f-4a2b-9d7f-760b7d561c2a": { "id": "f9a2d45c-397f-4a2b-9d7f-760b7d561c2a", "title": "Image Gallery - Responsive Photo Gallery <= 1.0.7 - SQL Injection", "software": [ { "type": "plugin", "name": "Image Gallery - Responsive Photo Gallery", "slug": "gallery-images", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9a2d45c-397f-4a2b-9d7f-760b7d561c2a?source=api-scan" ], "published": "2014-09-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9a3dc87-5309-41fe-bfc3-60b5878b6c57": { "id": "f9a3dc87-5309-41fe-bfc3-60b5878b6c57", "title": "Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory", "software": [ { "type": "plugin", "name": "Categorify \u2013 WordPress Media Library Category & File Manager", "slug": "categorify", "affected_versions": { "* - 1.0.7.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9a3dc87-5309-41fe-bfc3-60b5878b6c57?source=api-scan" ], "published": "2024-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9a60c4e-a524-4a99-858a-14787f37d60c": { "id": "f9a60c4e-a524-4a99-858a-14787f37d60c", "title": "WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Woodmart", "slug": "woodmart", "affected_versions": { "* - 7.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9a60c4e-a524-4a99-858a-14787f37d60c?source=api-scan" ], "published": "2023-05-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9aae623-abff-4216-981f-dcd13f367a8d": { "id": "f9aae623-abff-4216-981f-dcd13f367a8d", "title": "Video Downloader for TikTok < 1.4 - Directory Traversal", "software": [ { "type": "plugin", "name": "Video Downloader for TikTok", "slug": "downloader-tiktok", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9aae623-abff-4216-981f-dcd13f367a8d?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9ab2d12-5ed0-472a-be96-723577b011aa": { "id": "f9ab2d12-5ed0-472a-be96-723577b011aa", "title": "Chic Lite <= 1.1.3 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "theme", "name": "Chic Lite", "slug": "chic-lite", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9ab2d12-5ed0-472a-be96-723577b011aa?source=api-scan" ], "published": "2024-06-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9ab89a5-bc01-446e-8cea-40544ddec4d4": { "id": "f9ab89a5-bc01-446e-8cea-40544ddec4d4", "title": "Realty by BestWebSoft < 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Realty by BestWebSoft", "slug": "realty", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9ab89a5-bc01-446e-8cea-40544ddec4d4?source=api-scan" ], "published": "2017-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9ac2142-7872-4061-9557-d27015403595": { "id": "f9ac2142-7872-4061-9557-d27015403595", "title": "Markup <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Markup (JSON-LD) structured in schema.org", "slug": "wp-structuring-markup", "affected_versions": { "* - 4.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9ac2142-7872-4061-9557-d27015403595?source=api-scan" ], "published": "2023-01-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9ad3a88-fcfd-45c5-a23d-ca544cad3ab2": { "id": "f9ad3a88-fcfd-45c5-a23d-ca544cad3ab2", "title": "Content Repeater \u2013 Custom Posts Simplified <= 1.1.13 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Content Repeater \u2013 Custom Posts Simplified", "slug": "content-repeater", "affected_versions": { "* - 1.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.13", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9ad3a88-fcfd-45c5-a23d-ca544cad3ab2?source=api-scan" ], "published": "2022-11-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9adc83b-b6d3-4ff4-93fb-6236e4a4eaaa": { "id": "f9adc83b-b6d3-4ff4-93fb-6236e4a4eaaa", "title": "Himer <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Himer - Social Questions and Answers WordPress Theme", "slug": "himer", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9adc83b-b6d3-4ff4-93fb-6236e4a4eaaa?source=api-scan" ], "published": "2024-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9ae88f8-88c1-4bb0-af9f-330f9760de1f": { "id": "f9ae88f8-88c1-4bb0-af9f-330f9760de1f", "title": "Modern Events Calendar Lite < 5.22.1 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Modern Events Calendar Lite", "slug": "modern-events-calendar-lite", "affected_versions": { "* - 5.22.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.22.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.22.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9ae88f8-88c1-4bb0-af9f-330f9760de1f?source=api-scan" ], "published": "2021-09-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9ae9aba-fa0e-4a3d-a970-e45216685cc0": { "id": "f9ae9aba-fa0e-4a3d-a970-e45216685cc0", "title": "Duplicator < 1.3.28 - Directory Traversal", "software": [ { "type": "plugin", "name": "Duplicator Pro", "slug": "duplicator-pro", "affected_versions": { "[*, 3.8.7.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.8.7.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.8.7.1" ] }, { "type": "plugin", "name": "Duplicator \u2013 Migration & Backup Plugin", "slug": "duplicator", "affected_versions": { "[*, 1.3.28)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.28", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.28" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9ae9aba-fa0e-4a3d-a970-e45216685cc0?source=api-scan" ], "published": "2020-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9b1c96c-ab87-43a8-a3ac-17fea337b690": { "id": "f9b1c96c-ab87-43a8-a3ac-17fea337b690", "title": "Tweeple <= 0.9.5 - Reflected Cross-Site Scripting via id", "software": [ { "type": "plugin", "name": "Tweeple", "slug": "tweeple", "affected_versions": { "* - 0.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9b1c96c-ab87-43a8-a3ac-17fea337b690?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9b67fc9-87a2-4bd6-a45b-fdfe43ce7ed8": { "id": "f9b67fc9-87a2-4bd6-a45b-fdfe43ce7ed8", "title": "Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Nmedia WordPress Member Conversation", "slug": "wordpress-member-private-conversation", "affected_versions": { "[*, 1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9b67fc9-87a2-4bd6-a45b-fdfe43ce7ed8?source=api-scan" ], "published": "2012-06-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9b6c62f-b53f-44f7-8fe2-22bac0074f9d": { "id": "f9b6c62f-b53f-44f7-8fe2-22bac0074f9d", "title": "Ultimate Member <= 2.0.3 - Cross Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9b6c62f-b53f-44f7-8fe2-22bac0074f9d?source=api-scan" ], "published": "2019-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9b90e03-cdaa-4bd3-9afd-5d5c91a17962": { "id": "f9b90e03-cdaa-4bd3-9afd-5d5c91a17962", "title": "Contest Gallery <= 17.0.4 - Authenticated (Author+) SQL Injection", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 17.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "17.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "17.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9b90e03-cdaa-4bd3-9afd-5d5c91a17962?source=api-scan" ], "published": "2022-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9be7798-31ac-4692-a6ac-ae7f129bcd6d": { "id": "f9be7798-31ac-4692-a6ac-ae7f129bcd6d", "title": "Premmerce Product Filter for WooCommerce <= 3.7.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Premmerce Product Filter for WooCommerce", "slug": "premmerce-woocommerce-product-filter", "affected_versions": { "* - 3.7.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9be7798-31ac-4692-a6ac-ae7f129bcd6d?source=api-scan" ], "published": "2024-04-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9bfa726-40e1-4417-9d59-289dbb3a17ff": { "id": "f9bfa726-40e1-4417-9d59-289dbb3a17ff", "title": "WordPress Core < 5.5.2 - Privilege Escalation via XML-RPC", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.34": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.34", "to_inclusive": true }, "3.8 - 3.8.34": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.34", "to_inclusive": true }, "3.9 - 3.9.32": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.32", "to_inclusive": true }, "4.0 - 4.0.31": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.31", "to_inclusive": true }, "4.1 - 4.1.31": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.31", "to_inclusive": true }, "4.2 - 4.2.28": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.28", "to_inclusive": true }, "4.3 - 4.3.24": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.24", "to_inclusive": true }, "4.4 - 4.4.23": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.23", "to_inclusive": true }, "4.5 - 4.5.22": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.22", "to_inclusive": true }, "4.6 - 4.6.19": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.19", "to_inclusive": true }, "4.7 - 4.7.18": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.18", "to_inclusive": true }, "4.8 - 4.8.14": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.14", "to_inclusive": true }, "4.9 - 4.9.15": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.15", "to_inclusive": true }, "5.0 - 5.0.10": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.10", "to_inclusive": true }, "5.1 - 5.1.6": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.6", "to_inclusive": true }, "5.2 - 5.2.7": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.7", "to_inclusive": true }, "5.3 - 5.3.4": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true }, "5.4 - 5.4.2": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.2", "to_inclusive": true }, "5.5 - 5.5.1": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.35", "3.8.35", "3.9.33", "4.0.32", "4.1.32", "4.2.29", "4.3.25", "4.4.24", "4.5.23", "4.6.20", "4.7.19", "4.8.15", "4.9.16", "5.0.11", "5.1.7", "5.2.8", "5.3.5", "5.4.3", "5.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9bfa726-40e1-4417-9d59-289dbb3a17ff?source=api-scan" ], "published": "2020-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9c0ad1e-380e-4b67-b07e-70bf44e4e614": { "id": "f9c0ad1e-380e-4b67-b07e-70bf44e4e614", "title": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.42": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.42", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.43" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9c0ad1e-380e-4b67-b07e-70bf44e4e614?source=api-scan" ], "published": "2024-06-26 12:09:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9c3ab75-93fb-4c63-a430-61d02a031e46": { "id": "f9c3ab75-93fb-4c63-a430-61d02a031e46", "title": "Variation Swatches for WooCommerce <= 1.0.61 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Variation Swatches for WooCommerce", "slug": "woo-variation-swatches", "affected_versions": { "[*, 1.0.62)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.62", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.62" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9c3ab75-93fb-4c63-a430-61d02a031e46?source=api-scan" ], "published": "2019-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9c6eccc-3f91-4923-b3d3-46070bb3662d": { "id": "f9c6eccc-3f91-4923-b3d3-46070bb3662d", "title": "PixelYourSite <= 9.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager", "slug": "pixelyoursite", "affected_versions": { "* - 9.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "9.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9c6eccc-3f91-4923-b3d3-46070bb3662d?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9c9f8db-26e4-4f79-88a3-9be1f5772ebe": { "id": "f9c9f8db-26e4-4f79-88a3-9be1f5772ebe", "title": "SEO Title Tag <= 3.5.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SEO Title Tag", "slug": "seo-title-tag", "affected_versions": { "* - 3.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9c9f8db-26e4-4f79-88a3-9be1f5772ebe?source=api-scan" ], "published": "2024-03-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9ce0ae8-4729-4236-b4e8-e5726f4d3101": { "id": "f9ce0ae8-4729-4236-b4e8-e5726f4d3101", "title": "WordPress Core <= 2.8.5 - Arbitrary File Upload", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 2.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9ce0ae8-4729-4236-b4e8-e5726f4d3101?source=api-scan" ], "published": "2009-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9ced7f4-9574-40a6-94eb-e5d3bdff8336": { "id": "f9ced7f4-9574-40a6-94eb-e5d3bdff8336", "title": "Image Gallery with Slideshow <= 1.5.2 - SQL Injection via selectMulGallery", "software": [ { "type": "plugin", "name": "Image Gallery with Slideshow Plugin", "slug": "image-gallery-with-slideshow", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9ced7f4-9574-40a6-94eb-e5d3bdff8336?source=api-scan" ], "published": "2017-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9cee379-79f8-4a60-b1bb-ccab1e954512": { "id": "f9cee379-79f8-4a60-b1bb-ccab1e954512", "title": "Tutor LMS \u2013 eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Tutor LMS \u2013 eLearning and online course solution", "slug": "tutor", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=api-scan" ], "published": "2024-03-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9d4ac3d-08ec-4783-8ccd-d64ab07d5d7f": { "id": "f9d4ac3d-08ec-4783-8ccd-d64ab07d5d7f", "title": "Count per Day Plugin < 3.2.3 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "[*, 3.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9d4ac3d-08ec-4783-8ccd-d64ab07d5d7f?source=api-scan" ], "published": "2012-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9d50155-73a5-4489-88c5-c7c2a4e30fef": { "id": "f9d50155-73a5-4489-88c5-c7c2a4e30fef", "title": "Search & Filter <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Search & Filter", "slug": "search-filter", "affected_versions": { "* - 1.2.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9d50155-73a5-4489-88c5-c7c2a4e30fef?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9d70f5c-e05f-47c9-994c-0e1da5b2fe01": { "id": "f9d70f5c-e05f-47c9-994c-0e1da5b2fe01", "title": "WP Super Cache <= 1.2 - Remote Code Execution", "software": [ { "type": "plugin", "name": "WP Super Cache", "slug": "wp-super-cache", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9d70f5c-e05f-47c9-994c-0e1da5b2fe01?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9d90717-fd48-493b-9293-32976bf2cada": { "id": "f9d90717-fd48-493b-9293-32976bf2cada", "title": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.7.34": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.34", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.7.35" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9d90717-fd48-493b-9293-32976bf2cada?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9dc401e-0247-4f49-8092-8841ea6c1f90": { "id": "f9dc401e-0247-4f49-8092-8841ea6c1f90", "title": "Workup \u2013 Job Board WordPress Theme <= 2.1.5 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Workup \u2013 Job Board WordPress Theme", "slug": "workup", "affected_versions": { "* - 2.1.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9dc401e-0247-4f49-8092-8841ea6c1f90?source=api-scan" ], "published": "2020-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9de946c-941a-41d7-b1c4-440b4fcec9b0": { "id": "f9de946c-941a-41d7-b1c4-440b4fcec9b0", "title": "Theme Test Drive <= 2.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Theme Test Drive", "slug": "theme-test-drive", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9de946c-941a-41d7-b1c4-440b4fcec9b0?source=api-scan" ], "published": "2015-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9e45bc2-6db6-49cd-8a4a-58489a8ddac2": { "id": "f9e45bc2-6db6-49cd-8a4a-58489a8ddac2", "title": "User Feedback <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds", "slug": "userfeedback-lite", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9e45bc2-6db6-49cd-8a4a-58489a8ddac2?source=api-scan" ], "published": "2023-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9f17c2b-ca63-4f71-af0f-7bce09ebeb9f": { "id": "f9f17c2b-ca63-4f71-af0f-7bce09ebeb9f", "title": "Answer My Question < 1.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Answer My Question", "slug": "answer-my-question", "affected_versions": { "[*, 1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9f17c2b-ca63-4f71-af0f-7bce09ebeb9f?source=api-scan" ], "published": "2012-11-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9f273ed-2ffd-4632-9886-244c0d55ede5": { "id": "f9f273ed-2ffd-4632-9886-244c0d55ede5", "title": "WP Content Copy Protection & No Right Click <= 3.5.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Content Copy Protection & No Right Click", "slug": "wp-content-copy-protector", "affected_versions": { "* - 3.5.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9f273ed-2ffd-4632-9886-244c0d55ede5?source=api-scan" ], "published": "2024-10-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9f3349e-de64-498e-bb82-5ceff1456265": { "id": "f9f3349e-de64-498e-bb82-5ceff1456265", "title": "Perfect Images <= 5.2.2 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina)", "slug": "wp-retina-2x", "affected_versions": { "[*, 5.2.3)": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9f3349e-de64-498e-bb82-5ceff1456265?source=api-scan" ], "published": "2018-01-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9f5be49-e099-4862-af9d-4ddbb6decfc5": { "id": "f9f5be49-e099-4862-af9d-4ddbb6decfc5", "title": "Contact Form 7 Extension For Mailchimp <= 0.5.70 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Contact Form 7 Extension For Mailchimp", "slug": "contact-form-7-mailchimp-extension", "affected_versions": { "* - 0.5.70": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.70", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9f5be49-e099-4862-af9d-4ddbb6decfc5?source=api-scan" ], "published": "2024-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9fcd12b-bcc8-48cb-a077-ccf1bc4ff276": { "id": "f9fcd12b-bcc8-48cb-a077-ccf1bc4ff276", "title": "mTouch Quiz <= 3.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "mTouch Quiz", "slug": "mtouch-quiz", "affected_versions": { "[*, 3.1.3)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9fcd12b-bcc8-48cb-a077-ccf1bc4ff276?source=api-scan" ], "published": "2015-12-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9fe2885-d9ef-4506-945a-69bdddf41718": { "id": "f9fe2885-d9ef-4506-945a-69bdddf41718", "title": "WP Poll Maker <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings", "software": [ { "type": "plugin", "name": "ePoll \u2013 Best WordPress Voting Plugin for Poll & Contest", "slug": "epoll-wp-voting", "affected_versions": { "* - 3.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9fe2885-d9ef-4506-945a-69bdddf41718?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "f9fe858e-5c89-4cc2-8b66-5c86965f7889": { "id": "f9fe858e-5c89-4cc2-8b66-5c86965f7889", "title": "Travel Light <= 1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Travel Light", "slug": "travel-light", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/f9fe858e-5c89-4cc2-8b66-5c86965f7889?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa05a758-56a0-49e0-868f-a5db27d877a8": { "id": "fa05a758-56a0-49e0-868f-a5db27d877a8", "title": "Woffice <= 5.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Woffice CRM", "slug": "woffice", "affected_versions": { "* - 5.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa05a758-56a0-49e0-868f-a5db27d877a8?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa05ad02-8625-4bf9-983e-548fbb7634f3": { "id": "fa05ad02-8625-4bf9-983e-548fbb7634f3", "title": "Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Qe SEO Handyman", "slug": "qe-seo-handyman", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa05ad02-8625-4bf9-983e-548fbb7634f3?source=api-scan" ], "published": "2022-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa0881ab-d731-4e57-8323-c49b9306bf50": { "id": "fa0881ab-d731-4e57-8323-c49b9306bf50", "title": "Ultimate Member <= 2.0.39 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", "slug": "ultimate-member", "affected_versions": { "[*, 2.0.40)": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.40", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.0.40" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa0881ab-d731-4e57-8323-c49b9306bf50?source=api-scan" ], "published": "2019-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa098919-66ed-41e5-a5f9-291e1859e889": { "id": "fa098919-66ed-41e5-a5f9-291e1859e889", "title": "The Erudite <= 2.7.8 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "The Erudite", "slug": "the-erudite", "affected_versions": { "* - 2.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa098919-66ed-41e5-a5f9-291e1859e889?source=api-scan" ], "published": "2011-09-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa139703-e83e-4a19-a801-464b72a2acc4": { "id": "fa139703-e83e-4a19-a801-464b72a2acc4", "title": "WordPress Core < 6.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting via Comments", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa139703-e83e-4a19-a801-464b72a2acc4?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa15939c-44eb-45e5-95d7-49307912f21c": { "id": "fa15939c-44eb-45e5-95d7-49307912f21c", "title": "Backup and Restore WordPress <= 1.50 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Backup and Restore WordPress \u2013 Backup Plugin", "slug": "wp-backitup", "affected_versions": { "* - 1.50": { "from_version": "*", "from_inclusive": true, "to_version": "1.50", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa15939c-44eb-45e5-95d7-49307912f21c?source=api-scan" ], "published": "2024-08-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa15c0a4-c99d-40c9-a654-f3a910460502": { "id": "fa15c0a4-c99d-40c9-a654-f3a910460502", "title": "WordPress Visitors <= 1.0 - Unauthenticated Stored Cross-Site Scripting via HTTP Header", "software": [ { "type": "plugin", "name": "WordPress Visitors", "slug": "nm-visitors", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa15c0a4-c99d-40c9-a654-f3a910460502?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa15ee50-2cbb-4833-b512-0971eaf12ff2": { "id": "fa15ee50-2cbb-4833-b512-0971eaf12ff2", "title": "Inspiro Pro <= 7.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Inspiro PRO", "slug": "wpzoom-inspiro-pro", "affected_versions": { "* - 7.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "7.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa15ee50-2cbb-4833-b512-0971eaf12ff2?source=api-scan" ], "published": "2022-07-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa181ff8-5324-4782-ad45-4a701ac63b8c": { "id": "fa181ff8-5324-4782-ad45-4a701ac63b8c", "title": "CM Ad Changer < 1.7.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Ad Changer \u2013 Ad Manager and Ad Server", "slug": "cm-ad-changer", "affected_versions": { "[*, 1.7.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa181ff8-5324-4782-ad45-4a701ac63b8c?source=api-scan" ], "published": "2016-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa1d2fac-6e66-46b8-aa0a-1f6b5746b18b": { "id": "fa1d2fac-6e66-46b8-aa0a-1f6b5746b18b", "title": "Multiple Page Generator Plugin \u2013 MPG <= 3.4.0 - Missing Authorization via mpg_get_log_by_project_id", "software": [ { "type": "plugin", "name": "Multiple Page Generator Plugin \u2013 MPG", "slug": "multiple-pages-generator-by-porthas", "affected_versions": { "* - 3.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa1d2fac-6e66-46b8-aa0a-1f6b5746b18b?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa1d953f-6a5c-46af-a1a5-2c4f90da679a": { "id": "fa1d953f-6a5c-46af-a1a5-2c4f90da679a", "title": "Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload", "software": [ { "type": "plugin", "name": "Folders Pro", "slug": "folders-pro", "affected_versions": { "* - 3.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa1d953f-6a5c-46af-a1a5-2c4f90da679a?source=api-scan" ], "published": "2024-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa1e6527-d874-4003-b36b-5769c2950864": { "id": "fa1e6527-d874-4003-b36b-5769c2950864", "title": "Return and Warranty Management System for WooCommerce <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Return and Warranty Management System for WooCommerce", "slug": "wc-return-warrranty", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa1e6527-d874-4003-b36b-5769c2950864?source=api-scan" ], "published": "2023-03-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa2102b3-408b-4278-b542-b5d30685960d": { "id": "fa2102b3-408b-4278-b542-b5d30685960d", "title": "Popup Maker <= 1.19.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.19.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.19.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.20.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa2102b3-408b-4278-b542-b5d30685960d?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa2258e4-f802-490b-8c10-4f008698a032": { "id": "fa2258e4-f802-490b-8c10-4f008698a032", "title": "WooCommerce <= 8.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WooCommerce", "slug": "woocommerce", "affected_versions": { "* - 8.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa2258e4-f802-490b-8c10-4f008698a032?source=api-scan" ], "published": "2024-04-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa22a038-3a7e-4821-952f-c163299ddee0": { "id": "fa22a038-3a7e-4821-952f-c163299ddee0", "title": "WP Tweet Walls <= 1.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Tweet Walls", "slug": "wp-tweet-walls", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa22a038-3a7e-4821-952f-c163299ddee0?source=api-scan" ], "published": "2024-06-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa23a535-f290-4517-b203-86e0331f55e4": { "id": "fa23a535-f290-4517-b203-86e0331f55e4", "title": "Top 10 \u2013 Popular posts plugin for WordPress <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks", "software": [ { "type": "plugin", "name": "Top 10 \u2013 WordPress Popular posts by WebberZone", "slug": "top-10", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa23a535-f290-4517-b203-86e0331f55e4?source=api-scan" ], "published": "2022-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa25e1d2-65eb-450a-967b-3c003fea3464": { "id": "fa25e1d2-65eb-450a-967b-3c003fea3464", "title": "Quiz and Survey Master <= 9.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 9.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa25e1d2-65eb-450a-967b-3c003fea3464?source=api-scan" ], "published": "2024-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa2bb0c0-e412-4e78-a7b5-4517f1c15481": { "id": "fa2bb0c0-e412-4e78-a7b5-4517f1c15481", "title": "Job Board by BestWebSoft <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Job Board by BestWebSoft", "slug": "job-board", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa2bb0c0-e412-4e78-a7b5-4517f1c15481?source=api-scan" ], "published": "2014-08-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa2bc3ae-1162-496b-8bc3-5bee1c0ff702": { "id": "fa2bc3ae-1162-496b-8bc3-5bee1c0ff702", "title": "Cherry Plugin < 1.2.7 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Cherry Plugin", "slug": "cherry-plugin", "affected_versions": { "[*, 1.2.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa2bc3ae-1162-496b-8bc3-5bee1c0ff702?source=api-scan" ], "published": "2015-02-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa2ed43b-cd8f-4d09-8576-d215c835a684": { "id": "fa2ed43b-cd8f-4d09-8576-d215c835a684", "title": "ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa2ed43b-cd8f-4d09-8576-d215c835a684?source=api-scan" ], "published": "2023-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa31e932-7fbf-4933-9747-bd7427db7f5d": { "id": "fa31e932-7fbf-4933-9747-bd7427db7f5d", "title": "Evergreen Content Poster <= 1.4.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media", "slug": "evergreen-content-poster", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa31e932-7fbf-4933-9747-bd7427db7f5d?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa325b30-3799-41b4-bdb8-90f42a659511": { "id": "fa325b30-3799-41b4-bdb8-90f42a659511", "title": "Antisnews <= 1.09 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Antisnews", "slug": "antisnews", "affected_versions": { "* - 1.09": { "from_version": "*", "from_inclusive": true, "to_version": "1.09", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa325b30-3799-41b4-bdb8-90f42a659511?source=api-scan" ], "published": "2011-09-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa3501a4-7975-4f90-8037-f8a06c293c07": { "id": "fa3501a4-7975-4f90-8037-f8a06c293c07", "title": "Comments \u2013 wpDiscuz <= 7.6.21 - Unauthenticated HTML Injection", "software": [ { "type": "plugin", "name": "Comments \u2013 wpDiscuz", "slug": "wpdiscuz", "affected_versions": { "* - 7.6.21": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa3501a4-7975-4f90-8037-f8a06c293c07?source=api-scan" ], "published": "2024-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa3819b1-8e7c-4e97-bac5-96d73d935845": { "id": "fa3819b1-8e7c-4e97-bac5-96d73d935845", "title": "oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "oAuth Twitter Feed for Developers", "slug": "oauth-twitter-feed-for-developers", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa3819b1-8e7c-4e97-bac5-96d73d935845?source=api-scan" ], "published": "2023-07-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa39debf-b2c0-4e85-bef9-90e1365f96f8": { "id": "fa39debf-b2c0-4e85-bef9-90e1365f96f8", "title": "User Photo <= 0.9.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "User Photo", "slug": "user-photo", "affected_versions": { "* - 0.9.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.9.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa39debf-b2c0-4e85-bef9-90e1365f96f8?source=api-scan" ], "published": "2012-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa3d4308-0e34-4749-a7da-935d416ad2d0": { "id": "fa3d4308-0e34-4749-a7da-935d416ad2d0", "title": "Feedweb < 1.9 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Feedweb", "slug": "feedweb", "affected_versions": { "[*, 1.9)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa3d4308-0e34-4749-a7da-935d416ad2d0?source=api-scan" ], "published": "2013-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa41534d-3285-4002-8cca-a390586dface": { "id": "fa41534d-3285-4002-8cca-a390586dface", "title": "Himer <= 2.1.0 - Cross-Site Request Forgery to Private Group Join", "software": [ { "type": "theme", "name": "Himer - Social Questions and Answers WordPress Theme", "slug": "himer", "affected_versions": { "* - 2.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa41534d-3285-4002-8cca-a390586dface?source=api-scan" ], "published": "2024-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa45d830-fa28-4d94-a6d5-2dc2b8456cf2": { "id": "fa45d830-fa28-4d94-a6d5-2dc2b8456cf2", "title": "WordPress Automatic Plugin <= 2.0.3 - Cross-Site Request Forgery to SQL Injection", "software": [ { "type": "plugin", "name": "WordPress Automatic Plugin", "slug": "wp-automatic", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa45d830-fa28-4d94-a6d5-2dc2b8456cf2?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa47a794-e5ce-491d-a10b-c7c5718aa853": { "id": "fa47a794-e5ce-491d-a10b-c7c5718aa853", "title": "FluentSMTP <= 2.2.4 - Unauthenticated Stored Cross-Site Scripting via Email Subject", "software": [ { "type": "plugin", "name": "FluentSMTP \u2013 WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider", "slug": "fluent-smtp", "affected_versions": { "* - 2.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa47a794-e5ce-491d-a10b-c7c5718aa853?source=api-scan" ], "published": "2023-07-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa49346c-726e-41f9-8a74-adaa4a8fa5d9": { "id": "fa49346c-726e-41f9-8a74-adaa4a8fa5d9", "title": "Newsletter <= 7.6.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Newsletter \u2013 Send awesome emails from WordPress", "slug": "newsletter", "affected_versions": { "* - 7.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "7.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa49346c-726e-41f9-8a74-adaa4a8fa5d9?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa4bf7dc-07be-4397-957c-ef0c1d61b40a": { "id": "fa4bf7dc-07be-4397-957c-ef0c1d61b40a", "title": "Check & Log Email <= 1.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Check & Log Email \u2013 Easy Email Testing & Mail logging", "slug": "check-email", "affected_versions": { "[*, 1.0.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa4bf7dc-07be-4397-957c-ef0c1d61b40a?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa4f169a-8970-499d-ad25-028c0d1c9d56": { "id": "fa4f169a-8970-499d-ad25-028c0d1c9d56", "title": "Import Legacy Media <= 0.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Import Legacy Media", "slug": "import-legacy-media", "affected_versions": { "* - 0.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa4f169a-8970-499d-ad25-028c0d1c9d56?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa51a7b8-be74-450f-afb8-6a6c5c8afaa4": { "id": "fa51a7b8-be74-450f-afb8-6a6c5c8afaa4", "title": "Easy Pricing Tables <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables", "slug": "easy-pricing-tables", "affected_versions": { "* - 3.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa51a7b8-be74-450f-afb8-6a6c5c8afaa4?source=api-scan" ], "published": "2023-01-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa530112-a7cd-4c54-aa87-9e7337d01557": { "id": "fa530112-a7cd-4c54-aa87-9e7337d01557", "title": "Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Kit Import", "software": [ { "type": "plugin", "name": "Royal Elementor Addons and Templates", "slug": "royal-elementor-addons", "affected_versions": { "* - 1.3.59": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.59", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.60" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa530112-a7cd-4c54-aa87-9e7337d01557?source=api-scan" ], "published": "2023-01-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa586468-d6ff-46a3-97f3-e2e1d365e5b1": { "id": "fa586468-d6ff-46a3-97f3-e2e1d365e5b1", "title": "Contact Form Generator <= 2.7.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form Generator : Creative form builder for WordPress", "slug": "contact-form-generator", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa586468-d6ff-46a3-97f3-e2e1d365e5b1?source=api-scan" ], "published": "2023-10-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa587df5-9d96-4cac-ae5d-2a0485a3a789": { "id": "fa587df5-9d96-4cac-ae5d-2a0485a3a789", "title": "Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress <= 1.5.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via burst_total_pageviews_count", "software": [ { "type": "plugin", "name": "Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress", "slug": "burst-statistics", "affected_versions": { "* - 1.5.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa587df5-9d96-4cac-ae5d-2a0485a3a789?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa5c97bc-b06f-4ee8-bbc5-72c348d2c92a": { "id": "fa5c97bc-b06f-4ee8-bbc5-72c348d2c92a", "title": "Simple Events Calendar <= 1.4.0 - Authenticated SQL Injection", "software": [ { "type": "plugin", "name": "Simple Events Calendar", "slug": "simple-events-calendar", "affected_versions": { "* - 1.4.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa5c97bc-b06f-4ee8-bbc5-72c348d2c92a?source=api-scan" ], "published": "2021-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa63a325-9e0e-4ce2-996d-37a0637b0471": { "id": "fa63a325-9e0e-4ce2-996d-37a0637b0471", "title": "Floating Div <= 3.0 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Div", "slug": "floating-div", "affected_versions": { "* - 3.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa63a325-9e0e-4ce2-996d-37a0637b0471?source=api-scan" ], "published": "2022-07-29 14:12:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa6fc22e-0d30-4c4b-8c8d-13f04ed1aa7c": { "id": "fa6fc22e-0d30-4c4b-8c8d-13f04ed1aa7c", "title": "ARI Stream Quiz <= 1.3.2 - Authenticated(Contributor+) Content Injection", "software": [ { "type": "plugin", "name": "ARI Stream Quiz \u2013 WordPress Quizzes Builder", "slug": "ari-stream-quiz", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa6fc22e-0d30-4c4b-8c8d-13f04ed1aa7c?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa73c2a0-a692-47db-99ca-7e7159fc96aa": { "id": "fa73c2a0-a692-47db-99ca-7e7159fc96aa", "title": "Swatchly \u2013 WooCommerce Variation Swatches for Products <= 1.2.0 - Cross-Site Request Forgery via plugin_activation", "software": [ { "type": "plugin", "name": "Swatchly \u2013 WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)", "slug": "swatchly", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa73c2a0-a692-47db-99ca-7e7159fc96aa?source=api-scan" ], "published": "2023-03-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa75366a-651c-43d0-a32b-cdabf5b07b66": { "id": "fa75366a-651c-43d0-a32b-cdabf5b07b66", "title": "JS Help Desk \u2013 Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin", "slug": "js-support-ticket", "affected_versions": { "* - 2.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa75366a-651c-43d0-a32b-cdabf5b07b66?source=api-scan" ], "published": "2023-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa7ca972-ddb0-416b-8c5a-b4e9648ca957": { "id": "fa7ca972-ddb0-416b-8c5a-b4e9648ca957", "title": "Booster for WooCommerce <= 5.6.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booster for WooCommerce", "slug": "woocommerce-jetpack", "affected_versions": { "* - 5.6.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa7ca972-ddb0-416b-8c5a-b4e9648ca957?source=api-scan" ], "published": "2022-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa7e74ee-fd66-41e2-babd-06bdfb32d013": { "id": "fa7e74ee-fd66-41e2-babd-06bdfb32d013", "title": "LearnPress <= 4.1.7.1 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "LearnPress \u2013 WordPress LMS Plugin", "slug": "learnpress", "affected_versions": { "* - 4.1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa7e74ee-fd66-41e2-babd-06bdfb32d013?source=api-scan" ], "published": "2022-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa821005-9593-4a84-b4b4-af746da4d6b9": { "id": "fa821005-9593-4a84-b4b4-af746da4d6b9", "title": "Contact Form 7 Dynamic Text Extension <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Contact Form 7 \u2013 Dynamic Text Extension", "slug": "contact-form-7-dynamic-text-extension", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa821005-9593-4a84-b4b4-af746da4d6b9?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa86b98c-9690-4ef6-ac50-895035ed2b55": { "id": "fa86b98c-9690-4ef6-ac50-895035ed2b55", "title": "Smart Slideshow <= 2.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "Smart Slideshow", "slug": "smart-slide-show", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa86b98c-9690-4ef6-ac50-895035ed2b55?source=api-scan" ], "published": "2012-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa918a65-0021-4c32-9f6d-d978926c3ef3": { "id": "fa918a65-0021-4c32-9f6d-d978926c3ef3", "title": "Email Before Download <= 6.9.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Email Before Download", "slug": "email-before-download", "affected_versions": { "* - 6.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.9.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa918a65-0021-4c32-9f6d-d978926c3ef3?source=api-scan" ], "published": "2024-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa91912d-5794-4c96-8a13-bd54ce0f1deb": { "id": "fa91912d-5794-4c96-8a13-bd54ce0f1deb", "title": "Slimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 5.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa91912d-5794-4c96-8a13-bd54ce0f1deb?source=api-scan" ], "published": "2024-10-14 10:42:50", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa9450a4-2b96-45e4-b2dc-9a4b26449d19": { "id": "fa9450a4-2b96-45e4-b2dc-9a4b26449d19", "title": "Contact Form Email <= 1.3.11 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Contact Form Email", "slug": "contact-form-to-email", "affected_versions": { "[*, 1.3.12)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.12", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa9450a4-2b96-45e4-b2dc-9a4b26449d19?source=api-scan" ], "published": "2015-05-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa984d7f-49b9-49c9-9a1c-9e4c8b7f989b": { "id": "fa984d7f-49b9-49c9-9a1c-9e4c8b7f989b", "title": "Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features", "slug": "kadence-blocks", "affected_versions": { "* - 3.2.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa984d7f-49b9-49c9-9a1c-9e4c8b7f989b?source=api-scan" ], "published": "2024-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa9bf653-5932-4a7b-a004-4d4b21c034a1": { "id": "fa9bf653-5932-4a7b-a004-4d4b21c034a1", "title": "EMC2 Custom Help Videos <= 1.2 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "EMC2 Custom Help Videos", "slug": "emc2-custom-help-videos", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa9bf653-5932-4a7b-a004-4d4b21c034a1?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fa9e4635-43f8-4f3c-b62c-628e74028f7e": { "id": "fa9e4635-43f8-4f3c-b62c-628e74028f7e", "title": "Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Gallery \u2013 Image and Video Gallery with Thumbnails", "slug": "gallery-album", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa9e4635-43f8-4f3c-b62c-628e74028f7e?source=api-scan" ], "published": "2023-10-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faa3eb51-fdee-443e-aacb-04900f609efd": { "id": "faa3eb51-fdee-443e-aacb-04900f609efd", "title": "WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Helper Premium", "slug": "wp-helper-lite", "affected_versions": { "[*, 4.6.0)": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faa3eb51-fdee-443e-aacb-04900f609efd?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faa3f6ab-43d6-4874-b16e-93abbb4ba72e": { "id": "faa3f6ab-43d6-4874-b16e-93abbb4ba72e", "title": "Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution", "software": [ { "type": "plugin", "name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder", "slug": "bit-form", "affected_versions": { "* - 1.8.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faa3f6ab-43d6-4874-b16e-93abbb4ba72e?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faa4f041-4740-4ebb-afb3-10019ce571be": { "id": "faa4f041-4740-4ebb-afb3-10019ce571be", "title": "WP-Matomo Integration (WP-Piwik) <= 1.0.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Connect Matomo (WP-Matomo, WP-Piwik)", "slug": "wp-piwik", "affected_versions": { "* - 1.0.28": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.28", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.29" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faa4f041-4740-4ebb-afb3-10019ce571be?source=api-scan" ], "published": "2023-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faa4fba5-cd19-4b96-aa09-07ed6d52a107": { "id": "faa4fba5-cd19-4b96-aa09-07ed6d52a107", "title": "Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Quick Restaurant Menu", "slug": "quick-restaurant-menu", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faa4fba5-cd19-4b96-aa09-07ed6d52a107?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faa9ad87-44b2-47b3-a05c-52e59af7255a": { "id": "faa9ad87-44b2-47b3-a05c-52e59af7255a", "title": "WP Meta and Date Remover <= 2.3.0 - Cross-Site Request Forgery via updateSettings", "software": [ { "type": "plugin", "name": "WP Meta and Date Remover", "slug": "wp-meta-and-date-remover", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faa9ad87-44b2-47b3-a05c-52e59af7255a?source=api-scan" ], "published": "2023-11-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faaade72-35d9-4597-812b-758fa2641472": { "id": "faaade72-35d9-4597-812b-758fa2641472", "title": "DB Backup < 5.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "DB Backup", "slug": "db-backup", "affected_versions": { "[*, 5.0)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faaade72-35d9-4597-812b-758fa2641472?source=api-scan" ], "published": "2014-12-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faac24e5-94f2-40e5-932e-93ddc2c8af7c": { "id": "faac24e5-94f2-40e5-932e-93ddc2c8af7c", "title": "WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)", "slug": "miniorange-login-openid", "affected_versions": { "* - 7.5.14": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.5.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faac24e5-94f2-40e5-932e-93ddc2c8af7c?source=api-scan" ], "published": "2023-02-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faad339f-96d6-4937-a1f3-9d2d19bc6395": { "id": "faad339f-96d6-4937-a1f3-9d2d19bc6395", "title": "Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove", "software": [ { "type": "plugin", "name": "Gallery Metabox", "slug": "gallery-metabox", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faad339f-96d6-4937-a1f3-9d2d19bc6395?source=api-scan" ], "published": "2023-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faad9cf7-5d83-4ade-b121-c38fb0de78a5": { "id": "faad9cf7-5d83-4ade-b121-c38fb0de78a5", "title": "Poll Maker <= 4.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "* - 4.7.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faad9cf7-5d83-4ade-b121-c38fb0de78a5?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fabc7ad3-1d20-493f-aacb-1832d33d8e14": { "id": "fabc7ad3-1d20-493f-aacb-1832d33d8e14", "title": "Porto Theme - Functionality <= 2.11.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Porto Theme - Functionality", "slug": "porto-functionality", "affected_versions": { "* - 2.11.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.12.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fabc7ad3-1d20-493f-aacb-1832d33d8e14?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fabd576c-6990-40a1-9a94-ecb63e2b0189": { "id": "fabd576c-6990-40a1-9a94-ecb63e2b0189", "title": "CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CM Download Manager \u2013 Document and File Management", "slug": "cm-download-manager", "affected_versions": { "* - 2.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fabd576c-6990-40a1-9a94-ecb63e2b0189?source=api-scan" ], "published": "2014-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fac1e55f-7027-494d-8beb-9a23e0fc2e00": { "id": "fac1e55f-7027-494d-8beb-9a23e0fc2e00", "title": "WP eMember <= 10.6.6 - Reflected Cross-Site Scripting via Member Edit", "software": [ { "type": "plugin", "name": "Wp EMember", "slug": "wp-emember", "affected_versions": { "* - 10.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "10.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fac1e55f-7027-494d-8beb-9a23e0fc2e00?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fac29bb3-e534-4bee-9974-5ccac7d445db": { "id": "fac29bb3-e534-4bee-9974-5ccac7d445db", "title": "Daily Edition <= 1.6.2 - Arbitrary File Upload", "software": [ { "type": "theme", "name": "Daily Edition", "slug": "dailyedition", "affected_versions": { "* - 1.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fac29bb3-e534-4bee-9974-5ccac7d445db?source=api-scan" ], "published": "2015-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fac308c6-780d-44ea-ba78-d15e1ee260e4": { "id": "fac308c6-780d-44ea-ba78-d15e1ee260e4", "title": "IP Ban <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "IP Ban", "slug": "simple-ip-ban", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fac308c6-780d-44ea-ba78-d15e1ee260e4?source=api-scan" ], "published": "2014-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "facb10e9-23f3-4152-bc9a-cecaafebea94": { "id": "facb10e9-23f3-4152-bc9a-cecaafebea94", "title": "Backup and Restore WordPress \u2013 Backup Plugin <= 1.9 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Backup and Restore WordPress \u2013 Backup Plugin", "slug": "wp-backitup", "affected_versions": { "* - 1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/facb10e9-23f3-4152-bc9a-cecaafebea94?source=api-scan" ], "published": "2014-07-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "facf765a-ddce-485b-adce-99ee22262951": { "id": "facf765a-ddce-485b-adce-99ee22262951", "title": "All in One Invite Codes <= 1.0.14 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All in One Invite Codes", "slug": "all-in-one-invite-codes", "affected_versions": { "* - 1.0.14": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.14", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.15" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/facf765a-ddce-485b-adce-99ee22262951?source=api-scan" ], "published": "2022-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "facfa21a-4136-4161-ac39-8b18948ec073": { "id": "facfa21a-4136-4161-ac39-8b18948ec073", "title": "CC Custom Taxonomy <= 1.0.1 - Authenticated (Administrator+) Cross Site Scripting", "software": [ { "type": "plugin", "name": "CC Custom Taxonomy", "slug": "cc-custom-taxonmy", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/facfa21a-4136-4161-ac39-8b18948ec073?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fad492f4-7112-4f4f-8825-c42aab552c9b": { "id": "fad492f4-7112-4f4f-8825-c42aab552c9b", "title": "PeepSo Core: Photos < 6.3.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "peepso-photos", "slug": "peepso-photos", "affected_versions": { "[*, 6.3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fad492f4-7112-4f4f-8825-c42aab552c9b?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fad510b7-85f4-4cae-aaf0-eb68a32cf1b4": { "id": "fad510b7-85f4-4cae-aaf0-eb68a32cf1b4", "title": "CF7 Google Sheets Connector <= 5.0.5 - Unauthenticated Sensitive Information Exposure via Debug Log", "software": [ { "type": "plugin", "name": "CF7 Google Sheets Connector", "slug": "cf7-google-sheets-connector", "affected_versions": { "* - 5.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fad510b7-85f4-4cae-aaf0-eb68a32cf1b4?source=api-scan" ], "published": "2023-11-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fadc1374-fe4d-414a-af84-1a4de5b89807": { "id": "fadc1374-fe4d-414a-af84-1a4de5b89807", "title": "404 Solution <= 2.33.0 - Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "404 Solution", "slug": "404-solution", "affected_versions": { "* - 2.33.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.33.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.33.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fadc1374-fe4d-414a-af84-1a4de5b89807?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fadfe181-cc30-407c-baec-dc8f70cffe27": { "id": "fadfe181-cc30-407c-baec-dc8f70cffe27", "title": "Youtube Shortcode <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Youtube shortcode", "slug": "youtube-shortcode", "affected_versions": { "* - 1.8.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fadfe181-cc30-407c-baec-dc8f70cffe27?source=api-scan" ], "published": "2023-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fae1b795-8939-4229-8f89-fedf6f320ec1": { "id": "fae1b795-8939-4229-8f89-fedf6f320ec1", "title": "All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "All-In-One Security (AIOS) \u2013 Security and Firewall", "slug": "all-in-one-wp-security-and-firewall", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fae1b795-8939-4229-8f89-fedf6f320ec1?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fae586f3-dc4b-45ee-83b2-cdaa0336fe07": { "id": "fae586f3-dc4b-45ee-83b2-cdaa0336fe07", "title": "WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Terms Popup \u2013 Terms and Conditions and Privacy Policy WordPress Popups", "slug": "wp-terms-popup", "affected_versions": { "* - 2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fae586f3-dc4b-45ee-83b2-cdaa0336fe07?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fae6e691-0d2a-4784-8ab1-4923d650a703": { "id": "fae6e691-0d2a-4784-8ab1-4923d650a703", "title": "OAuth Single Sign On \u2013 SSO (OAuth Client) <= 6.22.5 - Authentication Bypass", "software": [ { "type": "plugin", "name": "OAuth Single Sign On \u2013 SSO (OAuth Client)", "slug": "miniorange-login-with-eve-online-google-facebook", "affected_versions": { "* - 6.22.5": { "from_version": "*", "from_inclusive": true, "to_version": "6.22.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.22.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fae6e691-0d2a-4784-8ab1-4923d650a703?source=api-scan" ], "published": "2022-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fae9f282-eb67-4ad9-be2d-677238527934": { "id": "fae9f282-eb67-4ad9-be2d-677238527934", "title": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin", "slug": "xcloner-backup-and-restore", "affected_versions": { "[*, 3.1.2)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fae9f282-eb67-4ad9-be2d-677238527934?source=api-scan" ], "published": "2014-10-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faed1198-b8c4-46b1-b6a6-5fc35cd7bdf8": { "id": "faed1198-b8c4-46b1-b6a6-5fc35cd7bdf8", "title": "Formidable Form Builder <= 2.0.21 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 2.0.21": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.21", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.22" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faed1198-b8c4-46b1-b6a6-5fc35cd7bdf8?source=api-scan" ], "published": "2016-02-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faee30bb-ba6e-4d3e-8ca1-79fd676e68f5": { "id": "faee30bb-ba6e-4d3e-8ca1-79fd676e68f5", "title": "Meta Field Block <= 1.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Meta Field Block", "slug": "display-a-meta-field-as-block", "affected_versions": { "* - 1.2.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faee30bb-ba6e-4d3e-8ca1-79fd676e68f5?source=api-scan" ], "published": "2024-08-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faf3fb76-847f-447f-b6c6-49bd0d30d3c7": { "id": "faf3fb76-847f-447f-b6c6-49bd0d30d3c7", "title": "WordPress Core < 1.5.1 - SQL Injection", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 1.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faf3fb76-847f-447f-b6c6-49bd0d30d3c7?source=api-scan" ], "published": "2005-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faf5c00e-e92a-4c1f-9081-20cf36ecabbc": { "id": "faf5c00e-e92a-4c1f-9081-20cf36ecabbc", "title": "Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Booking calendar, Appointment Booking System", "slug": "booking-calendar", "affected_versions": { "* - 3.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faf5c00e-e92a-4c1f-9081-20cf36ecabbc?source=api-scan" ], "published": "2023-01-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fafdd087-9637-41df-bc5a-97e1a02ea744": { "id": "fafdd087-9637-41df-bc5a-97e1a02ea744", "title": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery", "software": [ { "type": "plugin", "name": "Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders", "slug": "essential-addons-for-elementor-lite", "affected_versions": { "* - 5.9.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.9.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fafdd087-9637-41df-bc5a-97e1a02ea744?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "faffd8e3-b110-4ba3-98c1-22aee7f19586": { "id": "faffd8e3-b110-4ba3-98c1-22aee7f19586", "title": "Commenter Emails <= 2.6.1 - Unauthenticated CSV Injection", "software": [ { "type": "plugin", "name": "Commenter Emails", "slug": "commenter-emails", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/faffd8e3-b110-4ba3-98c1-22aee7f19586?source=api-scan" ], "published": "2023-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb037c9f-5d20-46f6-b1ff-34b9d192bad2": { "id": "fb037c9f-5d20-46f6-b1ff-34b9d192bad2", "title": "Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion", "software": [ { "type": "plugin", "name": "Happy Addons for Elementor", "slug": "happy-elementor-addons", "affected_versions": { "* - 3.10.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.10.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.11.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb037c9f-5d20-46f6-b1ff-34b9d192bad2?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb051c9a-939c-44cb-8af2-bf841c334cf8": { "id": "fb051c9a-939c-44cb-8af2-bf841c334cf8", "title": "Thim Elementor Kit <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Thim Elementor Kit", "slug": "thim-elementor-kit", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb051c9a-939c-44cb-8af2-bf841c334cf8?source=api-scan" ], "published": "2024-05-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb057a32-0027-4ca6-b65e-8634509c9a81": { "id": "fb057a32-0027-4ca6-b65e-8634509c9a81", "title": "Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks <= 2.2.78 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.78": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.78", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.79" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb057a32-0027-4ca6-b65e-8634509c9a81?source=api-scan" ], "published": "2024-04-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb0b24b6-38da-4650-b542-a31ba8c98fb9": { "id": "fb0b24b6-38da-4650-b542-a31ba8c98fb9", "title": "GiveWP <= 2.3.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "slug": "give", "affected_versions": { "[*, 2.3.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb0b24b6-38da-4650-b542-a31ba8c98fb9?source=api-scan" ], "published": "2019-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb0d093b-c339-4b19-a6cd-d2589b8e57ff": { "id": "fb0d093b-c339-4b19-a6cd-d2589b8e57ff", "title": "WooCommerce PDF Invoice Builder <= 1.2.103 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PDF Builder for WooCommerce. Create invoices,packing slips and more", "slug": "woo-pdf-invoice-builder", "affected_versions": { "* - 1.2.103": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.103", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.104" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb0d093b-c339-4b19-a6cd-d2589b8e57ff?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb102891-b4a8-4089-b70c-43866ad85b7b": { "id": "fb102891-b4a8-4089-b70c-43866ad85b7b", "title": "Antispam Bee <= 2.11.3 - IP Address Spoofing via get_client_ip", "software": [ { "type": "plugin", "name": "Antispam Bee", "slug": "antispam-bee", "affected_versions": { "* - 2.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb102891-b4a8-4089-b70c-43866ad85b7b?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb11ad61-4ee7-45d2-a8e4-388f86bf4a0e": { "id": "fb11ad61-4ee7-45d2-a8e4-388f86bf4a0e", "title": "Joy Of Text Lite \u2013 SMS messaging for WordPress <= 2.3.0 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "Joy Of Text Lite \u2013 SMS messaging for WordPress.", "slug": "joy-of-text", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb11ad61-4ee7-45d2-a8e4-388f86bf4a0e?source=api-scan" ], "published": "2022-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb147a5d-65ad-4304-b13a-670f11398e63": { "id": "fb147a5d-65ad-4304-b13a-670f11398e63", "title": "WPS Cleaner <= 1.4.4 - Missing Authorization Checks", "software": [ { "type": "plugin", "name": "WPS Cleaner", "slug": "wps-cleaner", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb147a5d-65ad-4304-b13a-670f11398e63?source=api-scan" ], "published": "2019-07-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb165cba-34a9-42d9-bfd5-31a290d02311": { "id": "fb165cba-34a9-42d9-bfd5-31a290d02311", "title": "AADMY \u2013 Add Auto Date Month Year Into Posts <= 2.0.1 - Unauthenticated Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "AADMY \u2013 Add Auto Date Month Year Into Posts", "slug": "auto-date-year-month", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb165cba-34a9-42d9-bfd5-31a290d02311?source=api-scan" ], "published": "2024-10-14 18:51:37", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb1693c7-4c38-4723-868a-9f105dac1561": { "id": "fb1693c7-4c38-4723-868a-9f105dac1561", "title": "Save as Image <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Save as Image Plugin by Pdfcrowd", "slug": "save-as-image-by-pdfcrowd", "affected_versions": { "* - 3.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb1693c7-4c38-4723-868a-9f105dac1561?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb19fd06-7b2c-41a1-a470-230da7ce944d": { "id": "fb19fd06-7b2c-41a1-a470-230da7ce944d", "title": "Malware Scanner <= 4.7.1 - IP Spoofing", "software": [ { "type": "plugin", "name": "Malware Scanner", "slug": "miniorange-malware-protection", "affected_versions": { "* - 4.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb19fd06-7b2c-41a1-a470-230da7ce944d?source=api-scan" ], "published": "2023-12-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb1cf9f1-7b87-4690-80db-0d4b3ccd98f9": { "id": "fb1cf9f1-7b87-4690-80db-0d4b3ccd98f9", "title": "Similar Posts \u2013 Best Related Posts Plugin for WordPress <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Similar Posts \u2013 Best Related Posts Plugin for WordPress", "slug": "similar-posts", "affected_versions": { "* - 3.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb1cf9f1-7b87-4690-80db-0d4b3ccd98f9?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb1f22c2-fdb3-4e3c-b6d5-2e933ec889bd": { "id": "fb1f22c2-fdb3-4e3c-b6d5-2e933ec889bd", "title": "360 Product Rotation < 1.4.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "360 Product Rotation", "slug": "360-product-rotation", "affected_versions": { "[*, 1.4.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb1f22c2-fdb3-4e3c-b6d5-2e933ec889bd?source=api-scan" ], "published": "2019-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb26ea7b-fc54-4cef-aaa8-3a41e8d0c371": { "id": "fb26ea7b-fc54-4cef-aaa8-3a41e8d0c371", "title": "WP Private Content Plus <= 1.31 - Unauthenticated Settings Change", "software": [ { "type": "plugin", "name": "WP Private Content Plus", "slug": "wp-private-content-plus", "affected_versions": { "* - 1.31": { "from_version": "*", "from_inclusive": true, "to_version": "1.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb26ea7b-fc54-4cef-aaa8-3a41e8d0c371?source=api-scan" ], "published": "2019-08-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb291c79-8b8e-476b-b6e4-e8428bf60d6e": { "id": "fb291c79-8b8e-476b-b6e4-e8428bf60d6e", "title": "Filter Portfolio Gallery <= 1.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Filter Portfolio Gallery", "slug": "filter-portfolio-gallery", "affected_versions": { "* - 1.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb291c79-8b8e-476b-b6e4-e8428bf60d6e?source=api-scan" ], "published": "2021-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb2be4cd-2641-4f7f-993c-1c78e5a1d5da": { "id": "fb2be4cd-2641-4f7f-993c-1c78e5a1d5da", "title": "Getwid \u2013 Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb2be4cd-2641-4f7f-993c-1c78e5a1d5da?source=api-scan" ], "published": "2024-07-19 17:42:29", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb2f463f-2c99-4a6c-92b9-45fb2192381d": { "id": "fb2f463f-2c99-4a6c-92b9-45fb2192381d", "title": "Video Thumbnails <= 2.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Thumbnails", "slug": "video-thumbnails", "affected_versions": { "* - 2.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.12.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb2f463f-2c99-4a6c-92b9-45fb2192381d?source=api-scan" ], "published": "2022-11-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb2fffb1-cc8c-46a4-b3ea-2b1aac684fbd": { "id": "fb2fffb1-cc8c-46a4-b3ea-2b1aac684fbd", "title": "Atahualpa <= 3.7.24 - Cross-Site Scripting via Cross-Site Request Forgery", "software": [ { "type": "theme", "name": "Atahualpa", "slug": "atahualpa", "affected_versions": { "* - 3.7.24": { "from_version": "*", "from_inclusive": true, "to_version": "3.7.24", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb2fffb1-cc8c-46a4-b3ea-2b1aac684fbd?source=api-scan" ], "published": "2017-03-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb33f779-d045-48dd-babe-8b1fab903124": { "id": "fb33f779-d045-48dd-babe-8b1fab903124", "title": "Wishful Blog <= 2.0.1 & Raise Mag <= 1.0.7 - Unauthenticated Cross-Site Scripting", "software": [ { "type": "theme", "name": "Raise Mag", "slug": "raise-mag", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "theme", "name": "Wishful Blog", "slug": "wishful-blog", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb33f779-d045-48dd-babe-8b1fab903124?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb364d54-bd44-426f-8f11-8ee5a7527c5d": { "id": "fb364d54-bd44-426f-8f11-8ee5a7527c5d", "title": "WP Club Manager <= 2.2.11 - Authenticated (Player+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Club Manager \u2013 WordPress Sports Club Plugin", "slug": "wp-club-manager", "affected_versions": { "* - 2.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb364d54-bd44-426f-8f11-8ee5a7527c5d?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb3b1429-4d58-41e3-bc99-9d0d38885293": { "id": "fb3b1429-4d58-41e3-bc99-9d0d38885293", "title": "Integration for WooCommerce and Zoho CRM <= 1.3.6 - Open Redirect via setup_plugin", "software": [ { "type": "plugin", "name": "Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin", "slug": "woo-zoho", "affected_versions": { "[*, 1.3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb3b1429-4d58-41e3-bc99-9d0d38885293?source=api-scan" ], "published": "2023-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb4b5165-35a6-47e9-922e-b244b0d006e4": { "id": "fb4b5165-35a6-47e9-922e-b244b0d006e4", "title": "Brizy \u2013 Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.4.40": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.40", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.41" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb4b5165-35a6-47e9-922e-b244b0d006e4?source=api-scan" ], "published": "2024-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6": { "id": "fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6", "title": "Contest Gallery \u2013 Photo Contest Plugin for WordPress <= 10.4.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons", "slug": "contest-gallery", "affected_versions": { "* - 10.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "10.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "10.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6?source=api-scan" ], "published": "2019-06-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb534d86-c477-4a9c-b048-2fbc002168b2": { "id": "fb534d86-c477-4a9c-b048-2fbc002168b2", "title": "CSSTidy - Server-Side Request Forgery", "software": [ { "type": "plugin", "name": "Admin CSS MU", "slug": "admin-css-mu", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] }, { "type": "plugin", "name": "WooSupply \u2013 Suppliers, Supply Orders and Stock Management", "slug": "woosupply", "affected_versions": { "* - 1.2.2.": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooVIP \u2013 Membership plugin for WordPress and WooCommerce", "slug": "woovip", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Page Builder \u2013 Qards", "slug": "qards-free", "affected_versions": { "* - 1.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Confirm Data", "slug": "confirm-data", "affected_versions": { "* - 1.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "AMO for WP \u2013 Membership Management", "slug": "wp-amo", "affected_versions": { "* - 4.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Theme Minifier", "slug": "theme-minifier", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WooVirtualWallet \u2013 A virtual wallet for WooCommerce", "slug": "woovirtualwallet", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "phpfreechat", "slug": "phpfreechat", "affected_versions": { "* - 2.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.8", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Custom Login Admin Front-end CSS", "slug": "custom-login-admin-front-end-css-with-multisite-support", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5" ] }, { "type": "plugin", "name": "Styles", "slug": "styles", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Wpopal Core Features", "slug": "wpopal-core-features", "affected_versions": { "* - 1.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "CSS Adder By Agence-Press", "slug": "css-adder-by-agence-press", "affected_versions": { "* - 1.5.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "AMP Toolbox", "slug": "amp-toolbox", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan" ], "published": "2023-03-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb56c071-d7b9-40e0-8cc5-2dd48c93b8cf": { "id": "fb56c071-d7b9-40e0-8cc5-2dd48c93b8cf", "title": "Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection", "software": [ { "type": "plugin", "name": "Contact Form by WD \u2013 responsive drag & drop contact form builder tool", "slug": "contact-form-maker", "affected_versions": { "* - 1.13.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.23", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb56c071-d7b9-40e0-8cc5-2dd48c93b8cf?source=api-scan" ], "published": "2023-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb5a65a2-e748-4c23-8cae-cb0a7de74911": { "id": "fb5a65a2-e748-4c23-8cae-cb0a7de74911", "title": "WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "* - 4.12.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.12.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.13.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb5a65a2-e748-4c23-8cae-cb0a7de74911?source=api-scan" ], "published": "2020-03-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb5cb7ce-127a-4f9a-b52e-1e957560ca55": { "id": "fb5cb7ce-127a-4f9a-b52e-1e957560ca55", "title": "Slider a SlidersPack <= 2.0.2 - Missing Authorization via wp_spaios_save_attachment_data", "software": [ { "type": "plugin", "name": "Slider a SlidersPack \u2013 Image Slider, Post Slider, ACF Gallery Slider", "slug": "sliderspack-all-in-one-image-sliders", "affected_versions": { "* - 2.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb5cb7ce-127a-4f9a-b52e-1e957560ca55?source=api-scan" ], "published": "2023-07-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb66378c-4e64-4f05-a466-72a3c2d0b330": { "id": "fb66378c-4e64-4f05-a466-72a3c2d0b330", "title": "Events Manager <= 5.5.7.1 - Code Injection", "software": [ { "type": "plugin", "name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", "slug": "events-manager", "affected_versions": { "[*, 5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb66378c-4e64-4f05-a466-72a3c2d0b330?source=api-scan" ], "published": "2015-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb6719d8-18d2-4fa3-9b52-ba11cf567bb2": { "id": "fb6719d8-18d2-4fa3-9b52-ba11cf567bb2", "title": "Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Arigato Autoresponder and Newsletter", "slug": "bft-autoresponder", "affected_versions": { "* - 2.5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb6719d8-18d2-4fa3-9b52-ba11cf567bb2?source=api-scan" ], "published": "2018-09-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb6f4b0b-25b8-4dcd-b002-293ce8ab307e": { "id": "fb6f4b0b-25b8-4dcd-b002-293ce8ab307e", "title": "NitroPack <= 1.9.2 - Missing Authorization via multiple AJAX functions", "software": [ { "type": "plugin", "name": "NitroPack \u2013 Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN", "slug": "nitropack", "affected_versions": { "[*, 1.10.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb6f4b0b-25b8-4dcd-b002-293ce8ab307e?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb70339c-0f1a-4acc-af7a-8a0320fdfe71": { "id": "fb70339c-0f1a-4acc-af7a-8a0320fdfe71", "title": "SendPress Newsletters <= 1.23.11.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "SendPress Newsletters", "slug": "sendpress", "affected_versions": { "* - 1.23.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.11.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb70339c-0f1a-4acc-af7a-8a0320fdfe71?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb7e922a-fae0-46f9-b8c1-0986b88f2813": { "id": "fb7e922a-fae0-46f9-b8c1-0986b88f2813", "title": "WP Statistics <= 13.1.7 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin", "slug": "wp-statistics", "affected_versions": { "[*, 13.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "13.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "13.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb7e922a-fae0-46f9-b8c1-0986b88f2813?source=api-scan" ], "published": "2022-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb7fc87c-4680-477e-94f5-9c502edce61d": { "id": "fb7fc87c-4680-477e-94f5-9c502edce61d", "title": "WooCommerce Affiliate Plugin - Coupon Affiliates < 4.16.4.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce", "slug": "woo-coupon-usage", "affected_versions": { "[*, 4.16.4.5)": { "from_version": "*", "from_inclusive": true, "to_version": "4.16.4.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.16.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb7fc87c-4680-477e-94f5-9c502edce61d?source=api-scan" ], "published": "2022-03-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb863896-5a5a-4c65-b2a5-0901de7961f2": { "id": "fb863896-5a5a-4c65-b2a5-0901de7961f2", "title": "JS & CSS Script Optimizer <= 0.3.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "JS & CSS Script Optimizer", "slug": "js-css-script-optimizer", "affected_versions": { "* - 0.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb863896-5a5a-4c65-b2a5-0901de7961f2?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb87726f-868d-4b2e-b818-d303e695c69c": { "id": "fb87726f-868d-4b2e-b818-d303e695c69c", "title": "amr users <= 4.59.3 - Admin+ Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "amr users", "slug": "amr-users", "affected_versions": { "[*, 4.59.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.59.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.59.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb87726f-868d-4b2e-b818-d303e695c69c?source=api-scan" ], "published": "2022-04-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb88e629-6811-4651-99b9-7394e4a787b6": { "id": "fb88e629-6811-4651-99b9-7394e4a787b6", "title": "Bit Assist <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button \u2013 Bit Assist", "slug": "bit-assist", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb88e629-6811-4651-99b9-7394e4a787b6?source=api-scan" ], "published": "2023-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb892e06-b32c-4cea-92e5-e214acb91a2f": { "id": "fb892e06-b32c-4cea-92e5-e214acb91a2f", "title": "SmokeSignal <= 1.2.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SmokeSignal", "slug": "smokesignal", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb892e06-b32c-4cea-92e5-e214acb91a2f?source=api-scan" ], "published": "2017-09-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb8ac14b-ac65-4169-bef5-36e160e00d62": { "id": "fb8ac14b-ac65-4169-bef5-36e160e00d62", "title": "All-in-One Addons for Elementor \u2013 WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "All-in-One Addons for Elementor \u2013 WidgetKit", "slug": "widgetkit-for-elementor", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb8ac14b-ac65-4169-bef5-36e160e00d62?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb947f1f-8cce-448d-9c86-1d3c01a4637d": { "id": "fb947f1f-8cce-448d-9c86-1d3c01a4637d", "title": "Image Hover Effects <= 5.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Image Hover Effects \u2013 WordPress Plugin", "slug": "image-hover-effects", "affected_versions": { "* - 5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb947f1f-8cce-448d-9c86-1d3c01a4637d?source=api-scan" ], "published": "2023-11-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fb9b8f3a-6f49-455d-99c6-cdf5671af49d": { "id": "fb9b8f3a-6f49-455d-99c6-cdf5671af49d", "title": "eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "eRocket", "slug": "erocket", "affected_versions": { "* - 1.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fb9b8f3a-6f49-455d-99c6-cdf5671af49d?source=api-scan" ], "published": "2023-04-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fba24935-5bab-4395-b05e-7bb5d5a1694d": { "id": "fba24935-5bab-4395-b05e-7bb5d5a1694d", "title": "WP Content Copy Protection & No Right Click (PRO) <= 15.0 - Open Redirect", "software": [ { "type": "plugin", "name": "WP Content Copy Protection & No Right Click (PRO)", "slug": "wccp-pro", "affected_versions": { "* - 15.0": { "from_version": "*", "from_inclusive": true, "to_version": "15.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "15.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fba24935-5bab-4395-b05e-7bb5d5a1694d?source=api-scan" ], "published": "2024-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fba419b8-bab0-4918-8d68-1e5bf75186c2": { "id": "fba419b8-bab0-4918-8d68-1e5bf75186c2", "title": "Tickera <= 3.4.9.9 - Cross-Site Request Forgery to Plugin Data Deletion & Settings Changes", "software": [ { "type": "plugin", "name": "Tickera \u2013 WordPress Event Ticketing", "slug": "tickera-event-ticketing-system", "affected_versions": { "* - 3.4.9.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.9.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fba419b8-bab0-4918-8d68-1e5bf75186c2?source=api-scan" ], "published": "2022-12-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbb601ce-a884-4894-af13-dab14885c7eb": { "id": "fbb601ce-a884-4894-af13-dab14885c7eb", "title": "UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "* - 5.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbb601ce-a884-4894-af13-dab14885c7eb?source=api-scan" ], "published": "2023-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbba15aa-9d65-4cb8-867f-667af09ff826": { "id": "fbba15aa-9d65-4cb8-867f-667af09ff826", "title": "Widget Bundle <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Widget Bundle", "slug": "wp-widget-bundle", "affected_versions": { "* - 2.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbba15aa-9d65-4cb8-867f-667af09ff826?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbba822b-172f-4167-bccf-4697a298178e": { "id": "fbba822b-172f-4167-bccf-4697a298178e", "title": "wpDataTables - Tables & Table Charts (Premium) <= 6.3.1 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "wpDataTables (Premium)", "slug": "wpdatatables", "affected_versions": { "* - 6.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "6.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbba822b-172f-4167-bccf-4697a298178e?source=api-scan" ], "published": "2024-05-31 20:10:54", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbbd3209-7ed6-4409-a24e-9f6225cf10f5": { "id": "fbbd3209-7ed6-4409-a24e-9f6225cf10f5", "title": "Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile'", "software": [ { "type": "plugin", "name": "Paytium: Mollie payment forms & donations", "slug": "paytium", "affected_versions": { "* - 4.3.7": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbbd3209-7ed6-4409-a24e-9f6225cf10f5?source=api-scan" ], "published": "2023-03-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbc14a5f-fa6b-47fa-8e8b-502409b18ed6": { "id": "fbc14a5f-fa6b-47fa-8e8b-502409b18ed6", "title": "WP Popup Builder <= 1.2.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Popup Builder \u2013 Popup Forms and Marketing Lead Generation", "slug": "wp-popup-builder", "affected_versions": { "* - 1.2.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbc14a5f-fa6b-47fa-8e8b-502409b18ed6?source=api-scan" ], "published": "2022-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbc393a6-8357-47b2-9abd-aa611b09eb1c": { "id": "fbc393a6-8357-47b2-9abd-aa611b09eb1c", "title": "Yoast SEO <= 5.7.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Yoast SEO", "slug": "wordpress-seo", "affected_versions": { "* - 5.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "5.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbc393a6-8357-47b2-9abd-aa611b09eb1c?source=api-scan" ], "published": "2017-11-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbc3d194-9e55-4a3d-ac50-024a0b810a50": { "id": "fbc3d194-9e55-4a3d-ac50-024a0b810a50", "title": "Post Grid Master <= 3.4.10 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Post Grid Master \u2013 Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder", "slug": "ajax-filter-posts", "affected_versions": { "* - 3.4.10": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbc3d194-9e55-4a3d-ac50-024a0b810a50?source=api-scan" ], "published": "2024-08-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbc7e515-c712-4a39-a0f7-c3f646083060": { "id": "fbc7e515-c712-4a39-a0f7-c3f646083060", "title": "Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "SharkDropship and Affiliate for AliExpress, Temu, eBay, Amazon and Etsy to woocommerce", "slug": "woo-aliexpress-dropshipping", "affected_versions": { "* - 2.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbc7e515-c712-4a39-a0f7-c3f646083060?source=api-scan" ], "published": "2023-12-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbc8cc43-8509-44e5-bd16-367eca02c24e": { "id": "fbc8cc43-8509-44e5-bd16-367eca02c24e", "title": "Dashboard To-Do List <= 1.3.1 - Cross-Site Request Forgery via ardtdw_widgetupdate()", "software": [ { "type": "plugin", "name": "Dashboard To-Do List", "slug": "dashboard-to-do-list", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbc8cc43-8509-44e5-bd16-367eca02c24e?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbcb33c1-d8f4-4ff9-8148-7bce494b2f0f": { "id": "fbcb33c1-d8f4-4ff9-8148-7bce494b2f0f", "title": "WP Backup+ <= 2018-11-22 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "WP Backup+", "slug": "wp-backup-plus", "affected_versions": { "[*, 2018-11-22]": { "from_version": "*", "from_inclusive": true, "to_version": "2018-11-22", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbcb33c1-d8f4-4ff9-8148-7bce494b2f0f?source=api-scan" ], "published": "2019-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbcd569d-f524-4012-add0-ba0afc19e47e": { "id": "fbcd569d-f524-4012-add0-ba0afc19e47e", "title": "Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbcd569d-f524-4012-add0-ba0afc19e47e?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbd978fd-f759-4983-90b0-af7338e21d30": { "id": "fbd978fd-f759-4983-90b0-af7338e21d30", "title": "RegistrationMagic <= 5.0.1.7 - Authentication Bypass", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.0.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.1.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.0.1.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbd978fd-f759-4983-90b0-af7338e21d30?source=api-scan" ], "published": "2021-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbda7303-2393-438a-9305-5642975f0419": { "id": "fbda7303-2393-438a-9305-5642975f0419", "title": "Shoutbox (Unknown Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Shoutbox", "slug": "shoutbox", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbda7303-2393-438a-9305-5642975f0419?source=api-scan" ], "published": "2012-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbda7670-179a-41ed-8ec9-ae7f5102e645": { "id": "fbda7670-179a-41ed-8ec9-ae7f5102e645", "title": "ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ToolBar to Share", "slug": "toolbar-to-share", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbda7670-179a-41ed-8ec9-ae7f5102e645?source=api-scan" ], "published": "2022-06-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbdd01b3-153b-4783-b686-558874d2856e": { "id": "fbdd01b3-153b-4783-b686-558874d2856e", "title": "SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal", "software": [ { "type": "plugin", "name": "SE HTML5 Album Audio Player", "slug": "se-html5-album-audio-player", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbdd01b3-153b-4783-b686-558874d2856e?source=api-scan" ], "published": "2015-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbe42214-0a01-4b9c-8149-68c47082d9d9": { "id": "fbe42214-0a01-4b9c-8149-68c47082d9d9", "title": "WordPress Core < 1.5.2 - Remote Code Execution", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 1.5.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbe42214-0a01-4b9c-8149-68c47082d9d9?source=api-scan" ], "published": "2005-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbe4688e-19a4-412a-8fe3-167badcfafdf": { "id": "fbe4688e-19a4-412a-8fe3-167badcfafdf", "title": "DMSGuestbook < 1.9.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DMSGuestbook", "slug": "dmsguestbook", "affected_versions": { "[*, 1.9.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbe4688e-19a4-412a-8fe3-167badcfafdf?source=api-scan" ], "published": "2008-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbece1c4-fbb4-47e5-b5b7-482390bcbd13": { "id": "fbece1c4-fbb4-47e5-b5b7-482390bcbd13", "title": "Team <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Team", "slug": "adl-team", "affected_versions": { "* - 1.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbece1c4-fbb4-47e5-b5b7-482390bcbd13?source=api-scan" ], "published": "2022-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbedf0da-699e-429d-9ec7-6803f3c77a84": { "id": "fbedf0da-699e-429d-9ec7-6803f3c77a84", "title": "WP Board <= 1.1(Beta) - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP-Board", "slug": "wp-board", "affected_versions": { "* - 1.1(Beta)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1(Beta)", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbedf0da-699e-429d-9ec7-6803f3c77a84?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbee3720-6ab9-4470-b2d2-09824db8de4d": { "id": "fbee3720-6ab9-4470-b2d2-09824db8de4d", "title": "Where Did You Hear About Us Checkout Field for WooCommerce <= 1.3.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Where Did You Hear About Us Checkout Field for WooCommerce", "slug": "wc-customer-source", "affected_versions": { "* - 1.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbee3720-6ab9-4470-b2d2-09824db8de4d?source=api-scan" ], "published": "2024-04-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbef8738-d639-48a5-98b7-abf9a7e9fec1": { "id": "fbef8738-d639-48a5-98b7-abf9a7e9fec1", "title": "TreePress \u2013 Easy Family Trees & Ancestor Profiles <= 2.0.22 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'post_title' parameter", "software": [ { "type": "plugin", "name": "TreePress \u2013 Easy Family Trees & Ancestor Profiles", "slug": "treepress", "affected_versions": { "* - 2.0.22": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.22", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbef8738-d639-48a5-98b7-abf9a7e9fec1?source=api-scan" ], "published": "2023-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbf25275-eb33-4581-8602-e8a64ba78692": { "id": "fbf25275-eb33-4581-8602-e8a64ba78692", "title": "Safe SVG <= 1.9.9 - Content-Type Bypass", "software": [ { "type": "plugin", "name": "Safe SVG", "slug": "safe-svg", "affected_versions": { "[*, 1.9.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.9.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbf25275-eb33-4581-8602-e8a64ba78692?source=api-scan" ], "published": "2022-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fbf85cbc-88fa-4430-b005-a1f1e141241b": { "id": "fbf85cbc-88fa-4430-b005-a1f1e141241b", "title": "Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 5.4.19": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.19", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.5.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fbf85cbc-88fa-4430-b005-a1f1e141241b?source=api-scan" ], "published": "2022-11-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc04e676-e394-488e-a239-95af5f865613": { "id": "fc04e676-e394-488e-a239-95af5f865613", "title": "Cost Calculator Builder PRO <= 3.1.96 - Unauthenticated Price Manipulation", "software": [ { "type": "plugin", "name": "Cost Calculator Builder PRO", "slug": "cost-calculator-builder-pro", "affected_versions": { "* - 3.1.96": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.96", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc04e676-e394-488e-a239-95af5f865613?source=api-scan" ], "published": "2024-09-06 23:09:21", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc0505a1-c7c4-4cf1-97cd-123a4dddcea3": { "id": "fc0505a1-c7c4-4cf1-97cd-123a4dddcea3", "title": "Poll Maker \u2013 Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email Enumeration", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "* - 5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc0505a1-c7c4-4cf1-97cd-123a4dddcea3?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc06ba09-9562-4d97-90ff-5464399feced": { "id": "fc06ba09-9562-4d97-90ff-5464399feced", "title": "Real Estate Manager \u2013 Property Listing and Agent Management <= 6.8 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Real Estate Manager \u2013 Property Listing and Agent Management", "slug": "real-estate-manager", "affected_versions": { "* - 6.8": { "from_version": "*", "from_inclusive": true, "to_version": "6.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc06ba09-9562-4d97-90ff-5464399feced?source=api-scan" ], "published": "2019-06-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc083b52-06f0-4a18-a581-310ec623184a": { "id": "fc083b52-06f0-4a18-a581-310ec623184a", "title": "MJ Update History <= 1.0.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "MJ Update History", "slug": "mj-update-history", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc083b52-06f0-4a18-a581-310ec623184a?source=api-scan" ], "published": "2024-06-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc085413-db43-43e3-9b60-aeb341eed4e1": { "id": "fc085413-db43-43e3-9b60-aeb341eed4e1", "title": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 9.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "9.0.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.0.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc085413-db43-43e3-9b60-aeb341eed4e1?source=api-scan" ], "published": "2024-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc08e4cf-3964-406e-9046-420e749df4b5": { "id": "fc08e4cf-3964-406e-9046-420e749df4b5", "title": "WP VR <= 8.3.4 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress", "slug": "wpvr", "affected_versions": { "* - 8.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc08e4cf-3964-406e-9046-420e749df4b5?source=api-scan" ], "published": "2023-08-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc0a1bfe-0ead-4333-bb77-0f2f4356626d": { "id": "fc0a1bfe-0ead-4333-bb77-0f2f4356626d", "title": "Peter's Math Anti-Spam Spinoff < 1.0.0 - CAPTCHA Bypass", "software": [ { "type": "plugin", "name": "Peter's Math Anti-Spam", "slug": "peters-math-anti-spam", "affected_versions": { "* - 0.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc0a1bfe-0ead-4333-bb77-0f2f4356626d?source=api-scan" ], "published": "2008-01-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc0acff9-6852-4ecb-84f9-98a15dd30fc6": { "id": "fc0acff9-6852-4ecb-84f9-98a15dd30fc6", "title": "Upload Resume <= 1.2.0 - Captcha Bypass via resume_upload_form", "software": [ { "type": "plugin", "name": "Upload Resume", "slug": "resume-upload-form", "affected_versions": { "* - 1.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc0acff9-6852-4ecb-84f9-98a15dd30fc6?source=api-scan" ], "published": "2023-05-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc186712-5314-4471-bf02-4fd580c338c9": { "id": "fc186712-5314-4471-bf02-4fd580c338c9", "title": "WP Accessibility Helper (WAH) <= 0.6.2.5 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Accessibility Helper (WAH)", "slug": "wp-accessibility-helper", "affected_versions": { "* - 0.6.2.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.6.2.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.6.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc186712-5314-4471-bf02-4fd580c338c9?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc1963cc-7e9e-4998-8338-c3e83b70d441": { "id": "fc1963cc-7e9e-4998-8338-c3e83b70d441", "title": "Consensu.io <= 1.0.2 - Missing Authorization via update_config_db()", "software": [ { "type": "plugin", "name": "Consensu.io | Conformidade e Consentimento de Cookies para LGPD", "slug": "consensu-io", "affected_versions": { "* - 1.0.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc1963cc-7e9e-4998-8338-c3e83b70d441?source=api-scan" ], "published": "2023-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc1d00c2-8b2f-4d6c-bbd3-085ffb495936": { "id": "fc1d00c2-8b2f-4d6c-bbd3-085ffb495936", "title": "PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode", "slug": "paypal-pay-buy-donation-and-cart-buttons-shortcode", "affected_versions": { "* - 1.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc1d00c2-8b2f-4d6c-bbd3-085ffb495936?source=api-scan" ], "published": "2024-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc23d52c-68e5-4f5c-9334-acae70fd4c42": { "id": "fc23d52c-68e5-4f5c-9334-acae70fd4c42", "title": "WP Prayer <= 1.6.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Prayer", "slug": "wp-prayer", "affected_versions": { "[*, 1.6.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc23d52c-68e5-4f5c-9334-acae70fd4c42?source=api-scan" ], "published": "2021-05-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc240e5a-da4b-4705-9d10-14ae2804fdb7": { "id": "fc240e5a-da4b-4705-9d10-14ae2804fdb7", "title": "Base64 Encoder\/Decoder <= 0.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Base64 Encoder\/Decoder", "slug": "base64-encoderdecoder", "affected_versions": { "* - 0.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "0.9.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc240e5a-da4b-4705-9d10-14ae2804fdb7?source=api-scan" ], "published": "2024-04-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc296c70-358e-4908-be49-5ffae83aca9b": { "id": "fc296c70-358e-4908-be49-5ffae83aca9b", "title": "Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings", "software": [ { "type": "plugin", "name": "Ninja Tables \u2013 Easiest Data Table Builder", "slug": "ninja-tables", "affected_versions": { "* - 4.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc296c70-358e-4908-be49-5ffae83aca9b?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc305c48-8337-42b7-ad61-61aea8018def": { "id": "fc305c48-8337-42b7-ad61-61aea8018def", "title": "ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder", "software": [ { "type": "plugin", "name": "AI ChatBot for WordPress \u2013 WPBot", "slug": "chatbot", "affected_versions": { "4.8.6 - 4.9.6": { "from_version": "4.8.6", "from_inclusive": true, "to_version": "4.9.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc305c48-8337-42b7-ad61-61aea8018def?source=api-scan" ], "published": "2023-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc329aee-e777-41eb-8799-539c891bd03b": { "id": "fc329aee-e777-41eb-8799-539c891bd03b", "title": "Testimonial Slider <= 2.2.6 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Testimonial \u2013 Testimonial Slider and Showcase Plugin", "slug": "testimonial-slider-and-showcase", "affected_versions": { "* - 2.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc329aee-e777-41eb-8799-539c891bd03b?source=api-scan" ], "published": "2022-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc34de39-bd2f-4ca2-8363-d436d5e2db8d": { "id": "fc34de39-bd2f-4ca2-8363-d436d5e2db8d", "title": "WooCommerce Multilingual & Multicurrency <= 5.3.4 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Multilingual & Multicurrency with WPML", "slug": "woocommerce-multilingual", "affected_versions": { "* - 5.3.4": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc34de39-bd2f-4ca2-8363-d436d5e2db8d?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc3af81e-7fa3-43a0-a403-87a042253632": { "id": "fc3af81e-7fa3-43a0-a403-87a042253632", "title": "Bulk Price Update for Woocommerce <= 2.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bulk Price Update for Woocommerce", "slug": "woo-bulk-price-update", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc3af81e-7fa3-43a0-a403-87a042253632?source=api-scan" ], "published": "2023-03-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc3d84f3-bd9d-40e6-bc88-90c840a928c0": { "id": "fc3d84f3-bd9d-40e6-bc88-90c840a928c0", "title": "Caldera Forms <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Caldera Forms \u2013 More Than Contact Forms", "slug": "caldera-forms", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc3d84f3-bd9d-40e6-bc88-90c840a928c0?source=api-scan" ], "published": "2016-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc40196e-c0f3-4bc6-ac4b-b866902def61": { "id": "fc40196e-c0f3-4bc6-ac4b-b866902def61", "title": "The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "The Events Calendar", "slug": "the-events-calendar", "affected_versions": { "* - 6.2.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.8.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc40196e-c0f3-4bc6-ac4b-b866902def61?source=api-scan" ], "published": "2024-01-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc4048a9-b69c-4f4c-8a30-e57bb057b00c": { "id": "fc4048a9-b69c-4f4c-8a30-e57bb057b00c", "title": "WP Discord Invite <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Discord Invite", "slug": "wp-discord-invite", "affected_versions": { "* - 2.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc4048a9-b69c-4f4c-8a30-e57bb057b00c?source=api-scan" ], "published": "2023-10-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc40be19-9256-4c90-8438-b71b9481625d": { "id": "fc40be19-9256-4c90-8438-b71b9481625d", "title": "wpCommentTwit Plugin <= 0.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wpCommentTwit", "slug": "wpcommenttwit", "affected_versions": { "* - 0.5": { "from_version": "*", "from_inclusive": true, "to_version": "0.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc40be19-9256-4c90-8438-b71b9481625d?source=api-scan" ], "published": "2014-12-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc4d4103-a19a-45a5-9059-23eb7f72c84b": { "id": "fc4d4103-a19a-45a5-9059-23eb7f72c84b", "title": "TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "TheGem", "slug": "thegem", "affected_versions": { "[*, 5.8.1.1)": { "from_version": "*", "from_inclusive": true, "to_version": "5.8.1.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.8.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc4d4103-a19a-45a5-9059-23eb7f72c84b?source=api-scan" ], "published": "2023-05-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc4f4a78-7224-4f58-a103-7ad4df0eb36e": { "id": "fc4f4a78-7224-4f58-a103-7ad4df0eb36e", "title": "Pixel Cat \u2013 Conversion Pixel Manager <= 3.0.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pixel Cat \u2013 Conversion Pixel Manager", "slug": "facebook-conversion-pixel", "affected_versions": { "* - 3.0.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc4f4a78-7224-4f58-a103-7ad4df0eb36e?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc5a8506-b191-4ab3-9c59-4f1150be6a38": { "id": "fc5a8506-b191-4ab3-9c59-4f1150be6a38", "title": "Checkfront Online Booking System <= 3.6 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Checkfront Online Booking System", "slug": "checkfront-wp-booking", "affected_versions": { "* - 3.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc5a8506-b191-4ab3-9c59-4f1150be6a38?source=api-scan" ], "published": "2023-09-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc5c10ad-c5e7-4b94-8d5d-112703ad05ea": { "id": "fc5c10ad-c5e7-4b94-8d5d-112703ad05ea", "title": "Popup Maker <= 1.16.8 - Authenticated (Contributor+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder", "slug": "popup-maker", "affected_versions": { "* - 1.16.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.16.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.16.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc5c10ad-c5e7-4b94-8d5d-112703ad05ea?source=api-scan" ], "published": "2022-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc626bdb-e962-407c-95c3-3f9e28dc5876": { "id": "fc626bdb-e962-407c-95c3-3f9e28dc5876", "title": "BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter <= 1.49.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Menu Bar Cart Icon For WooCommerce By Binary Carpenter", "slug": "bc-menu-cart-woo", "affected_versions": { "* - 1.49.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.49.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc626bdb-e962-407c-95c3-3f9e28dc5876?source=api-scan" ], "published": "2023-12-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc62adbf-1f04-46b2-9ae9-aac3dbce8759": { "id": "fc62adbf-1f04-46b2-9ae9-aac3dbce8759", "title": "WP SEO TDK <= 2.1.2 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP SEO TDK", "slug": "wp-seo-tdk", "affected_versions": { "* - 2.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc62adbf-1f04-46b2-9ae9-aac3dbce8759?source=api-scan" ], "published": "2021-07-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc64c550-0d19-42d4-aa2b-829e74b166bc": { "id": "fc64c550-0d19-42d4-aa2b-829e74b166bc", "title": "WP Coder <= 2.5.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Coder \u2013 Code Snippets + HTML, CSS, JS and PHP Injection", "slug": "wp-coder", "affected_versions": { "* - 2.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc64c550-0d19-42d4-aa2b-829e74b166bc?source=api-scan" ], "published": "2022-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc661cfd-6290-4b36-858a-cf2269b5fcf9": { "id": "fc661cfd-6290-4b36-858a-cf2269b5fcf9", "title": "Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk", "slug": "themehunk-megamenu-plus", "affected_versions": { "* - 1.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc661cfd-6290-4b36-858a-cf2269b5fcf9?source=api-scan" ], "published": "2024-10-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc6af287-4228-4f05-b439-fac6c057b0a5": { "id": "fc6af287-4228-4f05-b439-fac6c057b0a5", "title": "Timber <= 1.23.0 - Authenticated (Admin+) PHP Object Injection", "software": [ { "type": "plugin", "name": "Timber", "slug": "timber-library", "affected_versions": { "* - 1.23.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.23.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.23.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc6af287-4228-4f05-b439-fac6c057b0a5?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc6dcf93-7f1f-4e87-8ba5-852d23b1f0fd": { "id": "fc6dcf93-7f1f-4e87-8ba5-852d23b1f0fd", "title": "Jetpack \u2013 WP Security, Backup, Speed, & Growth < 4.2 - Timing Attack", "software": [ { "type": "plugin", "name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth", "slug": "jetpack", "affected_versions": { "[*, 4.2)": { "from_version": "*", "from_inclusive": true, "to_version": "4.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc6dcf93-7f1f-4e87-8ba5-852d23b1f0fd?source=api-scan" ], "published": "2017-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc72e388-9ffc-4b99-8835-4b4b6ef46f95": { "id": "fc72e388-9ffc-4b99-8835-4b4b6ef46f95", "title": "moreAds SE <= 1.4.6 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "moreAds SE", "slug": "moreads-se", "affected_versions": { "* - 1.4.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc72e388-9ffc-4b99-8835-4b4b6ef46f95?source=api-scan" ], "published": "2017-01-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc7b19c7-a850-4783-9f8b-e338e03998eb": { "id": "fc7b19c7-a850-4783-9f8b-e338e03998eb", "title": "Store Locator Plus <= 5.12.3 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Store Locator Plus\u00ae for WordPress", "slug": "store-locator-le", "affected_versions": { "* - 5.12.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.12.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.13.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc7b19c7-a850-4783-9f8b-e338e03998eb?source=api-scan" ], "published": "2021-04-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc7bab78-4ebb-4be9-8891-1ac0e3ed0af3": { "id": "fc7bab78-4ebb-4be9-8891-1ac0e3ed0af3", "title": "Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual", "software": [ { "type": "plugin", "name": "Comment Blacklist Updater", "slug": "comment-blacklist-updater", "affected_versions": { "[*, 1.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc7bab78-4ebb-4be9-8891-1ac0e3ed0af3?source=api-scan" ], "published": "2023-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc870ce5-1352-43f2-b80b-45065ceed750": { "id": "fc870ce5-1352-43f2-b80b-45065ceed750", "title": "The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag", "software": [ { "type": "plugin", "name": "The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid", "slug": "the-post-grid", "affected_versions": { "* - 7.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc870ce5-1352-43f2-b80b-45065ceed750?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc8b0944-f669-40d3-899b-d7f91b1a1fea": { "id": "fc8b0944-f669-40d3-899b-d7f91b1a1fea", "title": "Woo Manage Fraud Orders <= 6.1.7 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Woo Manage Fraud Orders", "slug": "woo-manage-fraud-orders", "affected_versions": { "* - 6.1.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.7", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc8b0944-f669-40d3-899b-d7f91b1a1fea?source=api-scan" ], "published": "2024-10-15 17:05:13", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc91cae0-6d54-43f3-8c0e-d1f972573d13": { "id": "fc91cae0-6d54-43f3-8c0e-d1f972573d13", "title": "WP No External Links < 3.5.16 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "wp-noexternallinks", "slug": "wp-noexternallinks", "affected_versions": { "[*, 3.5.16)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.16", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc91cae0-6d54-43f3-8c0e-d1f972573d13?source=api-scan" ], "published": "2016-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc98e78b-5388-4573-b2a1-9bad7901d507": { "id": "fc98e78b-5388-4573-b2a1-9bad7901d507", "title": "Traffic Manager <= 1.4.5 - Missing Authorization to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Traffic Manager", "slug": "traffic-manager", "affected_versions": { "* - 1.4.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc98e78b-5388-4573-b2a1-9bad7901d507?source=api-scan" ], "published": "2022-10-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc9cb292-94cb-4d1e-a0b7-98856db7c28e": { "id": "fc9cb292-94cb-4d1e-a0b7-98856db7c28e", "title": "Merge + Minify + Refresh <= 1.10.7 - Cross-Site Request Forgery leading to Arbitrary File Deletion and Site Reset", "software": [ { "type": "plugin", "name": "Merge + Minify + Refresh", "slug": "merge-minify-refresh", "affected_versions": { "[*, 1.10.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.10.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.10.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc9cb292-94cb-4d1e-a0b7-98856db7c28e?source=api-scan" ], "published": "2020-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fc9dfe96-2d43-4b7b-a91a-87cdaaab8e49": { "id": "fc9dfe96-2d43-4b7b-a91a-87cdaaab8e49", "title": "Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Patreon WordPress", "slug": "patreon-connect", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fc9dfe96-2d43-4b7b-a91a-87cdaaab8e49?source=api-scan" ], "published": "2021-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca11e5b-2b6c-42f0-baf3-4ee023535f83": { "id": "fca11e5b-2b6c-42f0-baf3-4ee023535f83", "title": "lim4wp <= 1.1.1 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "lim4wp", "slug": "lim4wp", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca11e5b-2b6c-42f0-baf3-4ee023535f83?source=api-scan" ], "published": "2012-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca20535-d033-45d5-acc3-72ad53d34b4f": { "id": "fca20535-d033-45d5-acc3-72ad53d34b4f", "title": "Login as User or Customer <= 3.2 - Privilege Escalation", "software": [ { "type": "plugin", "name": "Login as User or Customer", "slug": "login-as-customer-or-user", "affected_versions": { "* - 3.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca20535-d033-45d5-acc3-72ad53d34b4f?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca24e26-149f-4805-9097-f7d11485a690": { "id": "fca24e26-149f-4805-9097-f7d11485a690", "title": "Contact Form by WD \u2013 responsive drag & drop contact form builder tool <= 1.7.18 - Authorization Bypass", "software": [ { "type": "plugin", "name": "Contact Form by WD \u2013 responsive drag & drop contact form builder tool", "slug": "contact-form-maker", "affected_versions": { "* - 1.7.18": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.18", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.19" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca24e26-149f-4805-9097-f7d11485a690?source=api-scan" ], "published": "2014-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca3259b-bf0e-4b4a-815f-1eb399b8b674": { "id": "fca3259b-bf0e-4b4a-815f-1eb399b8b674", "title": "ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection", "software": [ { "type": "plugin", "name": "ConvertPlus", "slug": "convertplug", "affected_versions": { "* - 3.5.25": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca3259b-bf0e-4b4a-815f-1eb399b8b674?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca34e4e-3324-4942-854b-a4511f88af8b": { "id": "fca34e4e-3324-4942-854b-a4511f88af8b", "title": "Glossary <= 3.1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Glossary", "slug": "wp-glossary", "affected_versions": { "* - 3.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca34e4e-3324-4942-854b-a4511f88af8b?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca3d106-49df-49fc-a90d-e0cb26bd34b6": { "id": "fca3d106-49df-49fc-a90d-e0cb26bd34b6", "title": "Modal Popup Box \u2013 Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode", "software": [ { "type": "plugin", "name": "Modal Popup Box \u2013 Popup Builder, Show Offers And News in Popup", "slug": "modal-popup-box", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca3d106-49df-49fc-a90d-e0cb26bd34b6?source=api-scan" ], "published": "2024-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca4040d-3c6c-4e31-9bed-d1b6bf5b2bed": { "id": "fca4040d-3c6c-4e31-9bed-d1b6bf5b2bed", "title": "Quiz and Survey Master <= 7.1.13 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker", "slug": "quiz-master-next", "affected_versions": { "* - 7.1.13": { "from_version": "*", "from_inclusive": true, "to_version": "7.1.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca4040d-3c6c-4e31-9bed-d1b6bf5b2bed?source=api-scan" ], "published": "2021-09-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca6d469-60e7-4866-a53c-d207817c9204": { "id": "fca6d469-60e7-4866-a53c-d207817c9204", "title": "WP Simple HTML Sitemap <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Simple HTML Sitemap", "slug": "wp-simple-html-sitemap", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca6d469-60e7-4866-a53c-d207817c9204?source=api-scan" ], "published": "2023-10-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca7837c-ad24-44ce-b073-7df3f8bc4300": { "id": "fca7837c-ad24-44ce-b073-7df3f8bc4300", "title": "Very Simple Google Maps <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Very Simple Google Maps", "slug": "very-simple-google-maps", "affected_versions": { "* - 2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca7837c-ad24-44ce-b073-7df3f8bc4300?source=api-scan" ], "published": "2023-10-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fca9bd3a-2489-4672-95c1-9e00d60d6525": { "id": "fca9bd3a-2489-4672-95c1-9e00d60d6525", "title": "Availability Calendar < 1.2.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Availability Calendar", "slug": "availability-calendar", "affected_versions": { "[*, 1.2.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fca9bd3a-2489-4672-95c1-9e00d60d6525?source=api-scan" ], "published": "2021-08-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcae647f-7eed-4ecd-83b8-482b55b86ec9": { "id": "fcae647f-7eed-4ecd-83b8-482b55b86ec9", "title": "Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AMP extensions", "slug": "amp-extensions", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Venture Event Manager", "slug": "venture-event-manager", "affected_versions": { "[*, 3.2.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.5" ] }, { "type": "plugin", "name": "Flight Search Widget and Blocks", "slug": "flight-search-widget-blocks", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Stars Menu", "slug": "stars-menu", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "\u041a\u043d\u043e\u043f\u043a\u0430 \u042eMoney", "slug": "yandex-money-button", "affected_versions": { "[*, 2.4.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4.0" ] }, { "type": "plugin", "name": "Disable Image Right Click", "slug": "disable-image-right-click", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "SEO-Dashboard by gutewebsites.de", "slug": "seo-dashboard-by-gutewebsites-de", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Icons with Links Widget", "slug": "icons-with-links-widget", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Request Quote via Whatsapp for Woocommerce", "slug": "woo-whatsapp-request-quote", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Woosaleskit Bar", "slug": "woosaleskit-bar", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "TR Easy Google Analytics", "slug": "tr-easy-google-analytics", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Media Mirror", "slug": "media-mirror", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Custom Scrollbar Designer", "slug": "custom-scroll-bar-designer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Popup Modal For Youtube", "slug": "popup-modal-for-youtube", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Facebook Page Feed Timeline", "slug": "cool-facebook-page-feed-timeline", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WordPress Form Customizer | CF7 Customizer", "slug": "cf7-customizer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Exit Popup Show", "slug": "exit-popup-show", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Border Loading Bar", "slug": "border-loading-bar", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Custom Text Selection Colors", "slug": "custom-text-selection-colors", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Google Map", "slug": "easy-google-map", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Seatgeek Affiliate Tickets", "slug": "seatgeek-affiliate-tickets", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Titan Framework", "slug": "titan-framework", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Ad Blocker Notify Lite", "slug": "adblock-notify-by-bweb", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.11" ] }, { "type": "plugin", "name": "Live Chat for Fanpage", "slug": "live-chat-facebook-fanpage", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] }, { "type": "plugin", "name": "Product Limited Time Availability Date for woocommerce", "slug": "woo-availability-date", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Share Posts To Email", "slug": "email-my-posts", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Easy Gallery Slideshow", "slug": "easy-gallery-slideshow", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu", "slug": "mobile-menu", "affected_versions": { "* - 2.8.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.2.3" ] }, { "type": "plugin", "name": "Sticky Related Posts", "slug": "sticky-related-posts", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "ICustomizer", "slug": "icustomizer", "affected_versions": { "* - 1.4.13": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.0" ] }, { "type": "plugin", "name": "Catchers Helpdesk and Ticket system for Support", "slug": "catchers-helpdesk", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Woocommerce Categories in gallery format", "slug": "categories-gallery-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Bootstrap Categories Gallery", "slug": "categories-gallery", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Total Sales For Woocommerce", "slug": "total-sales-for-woocommerce", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Share Woocommerce to Email", "slug": "share-woocommerce-email", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Events Shortcodes For The Events Calendar", "slug": "template-events-calendar", "affected_versions": { "[*, 1.7.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.2" ] }, { "type": "plugin", "name": "Simple Behance Portfolio", "slug": "simple-behace-portfolio", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "betteroptin", "slug": "betteroptin", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Project2App \u2013 Turn Your WordPress Site into an Android App", "slug": "project-app", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Aoi Tori", "slug": "aoi-tori", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "Station Pro", "slug": "station-pro", "affected_versions": { "2.2.1": { "from_version": "2.2.1", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] }, { "type": "plugin", "name": "Easy Justified Gallery", "slug": "easy-justified-gallery", "affected_versions": { "* - 1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.1" ] }, { "type": "plugin", "name": "ClinicalWP Core", "slug": "clinicalwp-core", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "WebHotelier for WordPress", "slug": "webhotelier", "affected_versions": { "[*, 1.6.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.6.1" ] }, { "type": "plugin", "name": "4k-icon-fonts-for-visual-composer", "slug": "4k-icon-fonts-for-visual-composer", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "tcS3", "slug": "tcs3", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] }, { "type": "plugin", "name": "W3SCloud Contact Form 7 to Zoho CRM", "slug": "w3s-cf7-zoho", "affected_versions": { "[*, 2.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.1.0" ] }, { "type": "plugin", "name": "affiliate-pro", "slug": "affiliate-pro", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan" ], "published": "2021-08-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcb76d10-fc60-4b19-9b47-1b98f8400a96": { "id": "fcb76d10-fc60-4b19-9b47-1b98f8400a96", "title": "bbPress < 2.5.9 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "bbPress", "slug": "bbpress", "affected_versions": { "[*, 2.5.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcb76d10-fc60-4b19-9b47-1b98f8400a96?source=api-scan" ], "published": "2016-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcbd718b-4d7d-48a4-9db2-dd938de7c7eb": { "id": "fcbd718b-4d7d-48a4-9db2-dd938de7c7eb", "title": "WP Fastest Cache <= 0.8.5.7 - Missing Authorization", "software": [ { "type": "plugin", "name": "WP Fastest Cache", "slug": "wp-fastest-cache", "affected_versions": { "* - 0.8.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "0.8.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "0.8.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcbd718b-4d7d-48a4-9db2-dd938de7c7eb?source=api-scan" ], "published": "2016-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcc0fc00-b7d6-429c-9ab3-f08971c48777": { "id": "fcc0fc00-b7d6-429c-9ab3-f08971c48777", "title": "Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions", "software": [ { "type": "plugin", "name": "Media Library Folders", "slug": "media-library-plus", "affected_versions": { "* - 8.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "8.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=api-scan" ], "published": "2024-08-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcc78fa6-a5f0-4f29-ae19-8e783698b19e": { "id": "fcc78fa6-a5f0-4f29-ae19-8e783698b19e", "title": "Create by Mediavine <= 1.9.4 - Unauthenticated SQL Injection via 'id'", "software": [ { "type": "plugin", "name": "Create by Mediavine", "slug": "mediavine-create", "affected_versions": { "* - 1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcc78fa6-a5f0-4f29-ae19-8e783698b19e?source=api-scan" ], "published": "2024-03-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcc96838-dde5-49f2-ac73-977a8347c455": { "id": "fcc96838-dde5-49f2-ac73-977a8347c455", "title": "Custom Colors for Real Estate Manager <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Custom Colors for Real Estate Manager", "slug": "custom-colors-for-real-estate-manager", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcc96838-dde5-49f2-ac73-977a8347c455?source=api-scan" ], "published": "2022-05-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcce0a92-520d-45ac-845e-a1635f763eed": { "id": "fcce0a92-520d-45ac-845e-a1635f763eed", "title": "WooCommerce Product Vendors <= 2.2.1 - Missing Authorization", "software": [ { "type": "plugin", "name": "Product Vendors", "slug": "woocommerce-product-vendors", "affected_versions": { "* - 2.2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcce0a92-520d-45ac-845e-a1635f763eed?source=api-scan" ], "published": "2023-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcce2857-5bc8-4bee-b218-45f56cb0184b": { "id": "fcce2857-5bc8-4bee-b218-45f56cb0184b", "title": "Responsive Lightbox & Gallery <= 1.7.1 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Responsive Lightbox & Gallery", "slug": "responsive-lightbox", "affected_versions": { "* - 1.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcce2857-5bc8-4bee-b218-45f56cb0184b?source=api-scan" ], "published": "2016-12-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fccfe581-16aa-4a6e-a6aa-60c05e4d26cb": { "id": "fccfe581-16aa-4a6e-a6aa-60c05e4d26cb", "title": "Woo Confirmation Email < 3.2.0 - Improper Access Control", "software": [ { "type": "plugin", "name": "User Email Verification for WooCommerce", "slug": "woo-confirmation-email", "affected_versions": { "* - 3.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fccfe581-16aa-4a6e-a6aa-60c05e4d26cb?source=api-scan" ], "published": "2018-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcd02dfa-688e-4375-92cb-8d0e7cbaaa6e": { "id": "fcd02dfa-688e-4375-92cb-8d0e7cbaaa6e", "title": "Shield Security <= 18.5.7 - Unauthenticated Stored Cross-Site Scripting via getColumnContent_Page", "software": [ { "type": "plugin", "name": "Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security", "slug": "wp-simple-firewall", "affected_versions": { "* - 18.5.7": { "from_version": "*", "from_inclusive": true, "to_version": "18.5.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "18.5.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcd02dfa-688e-4375-92cb-8d0e7cbaaa6e?source=api-scan" ], "published": "2024-01-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcdeba37-ba65-400d-9c07-36503a03e857": { "id": "fcdeba37-ba65-400d-9c07-36503a03e857", "title": "SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 4.69": { "from_version": "*", "from_inclusive": true, "to_version": "4.69", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.70" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcdeba37-ba65-400d-9c07-36503a03e857?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fce15e1c-e2eb-4bd9-8b07-78d87a6ae1cc": { "id": "fce15e1c-e2eb-4bd9-8b07-78d87a6ae1cc", "title": "Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode", "software": [ { "type": "plugin", "name": "SlimStat Analytics", "slug": "wp-slimstat", "affected_versions": { "* - 4.9.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.9.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fce15e1c-e2eb-4bd9-8b07-78d87a6ae1cc?source=api-scan" ], "published": "2023-02-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fce76126-0cfd-464f-b644-45d4301e958d": { "id": "fce76126-0cfd-464f-b644-45d4301e958d", "title": "MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings", "software": [ { "type": "plugin", "name": "MapPress Maps for WordPress", "slug": "mappress-google-maps-for-wordpress", "affected_versions": { "* - 2.88.16": { "from_version": "*", "from_inclusive": true, "to_version": "2.88.16", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.88.17" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fce76126-0cfd-464f-b644-45d4301e958d?source=api-scan" ], "published": "2024-01-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fceae728-ea72-4586-848f-3a45b6f9699a": { "id": "fceae728-ea72-4586-848f-3a45b6f9699a", "title": "WordPress Core < 3.4.1 - Information Disclosure", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fceae728-ea72-4586-848f-3a45b6f9699a?source=api-scan" ], "published": "2012-06-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcecd7bb-85cc-406e-9fd8-e671b327dc13": { "id": "fcecd7bb-85cc-406e-9fd8-e671b327dc13", "title": "Style It <= 1.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Style It", "slug": "style-it", "affected_versions": { "* - 1.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcecd7bb-85cc-406e-9fd8-e671b327dc13?source=api-scan" ], "published": "2014-05-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fced0686-f56d-4163-80fd-362ee652d148": { "id": "fced0686-f56d-4163-80fd-362ee652d148", "title": "WP Timeline \u2013 Vertical and Horizontal timeline plugin <= 3.6.7 - Unauthenticated Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Timeline \u2013 Vertical and Horizontal timeline plugin", "slug": "wp-timelines", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fced0686-f56d-4163-80fd-362ee652d148?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcf005ba-2753-43f5-9f2b-24a8c59505c1": { "id": "fcf005ba-2753-43f5-9f2b-24a8c59505c1", "title": "Skaut bazar <= 1.3.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Scout bazar", "slug": "skaut-bazar", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcf005ba-2753-43f5-9f2b-24a8c59505c1?source=api-scan" ], "published": "2021-08-13 15:31:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcf09793-1277-41a0-9ce4-b85b13721729": { "id": "fcf09793-1277-41a0-9ce4-b85b13721729", "title": "nuajik CDN <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "nuajik", "slug": "nuajik-cdn", "affected_versions": { "* - 0.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcf09793-1277-41a0-9ce4-b85b13721729?source=api-scan" ], "published": "2023-05-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fcfb3a6e-7b58-4568-8439-e9c68a2223b9": { "id": "fcfb3a6e-7b58-4568-8439-e9c68a2223b9", "title": "RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fcfb3a6e-7b58-4568-8439-e9c68a2223b9?source=api-scan" ], "published": "2023-02-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd00c5cc-1a28-4d94-815d-46219ce0e0e9": { "id": "fd00c5cc-1a28-4d94-815d-46219ce0e0e9", "title": "Custom My Account for Woocommerce <= 2.1 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Custom My Account for Woocommerce", "slug": "custom-my-account-for-woocommerce", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd00c5cc-1a28-4d94-815d-46219ce0e0e9?source=api-scan" ], "published": "2023-10-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd05991d-382b-460c-b89f-e1f7dfac9e60": { "id": "fd05991d-382b-460c-b89f-e1f7dfac9e60", "title": "SP Projects & Document Manager <= 2.5.9.5 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SP Project & Document Manager", "slug": "sp-client-document-manager", "affected_versions": { "* - 2.6.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd05991d-382b-460c-b89f-e1f7dfac9e60?source=api-scan" ], "published": "2016-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd0c3965-6b35-46a8-8cf0-6726cdb03c8f": { "id": "fd0c3965-6b35-46a8-8cf0-6726cdb03c8f", "title": "Code Snippets < 2.7.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Code Snippets", "slug": "code-snippets", "affected_versions": { "[*, 2.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd0c3965-6b35-46a8-8cf0-6726cdb03c8f?source=api-scan" ], "published": "2016-07-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd0f2802-3273-42e9-a219-911f143b905d": { "id": "fd0f2802-3273-42e9-a219-911f143b905d", "title": "Themify \u2013 WooCommerce Product Filter <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Themify \u2013 WooCommerce Product Filter", "slug": "themify-wc-product-filter", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd0f2802-3273-42e9-a219-911f143b905d?source=api-scan" ], "published": "2024-09-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd12a952-2e99-41f7-b74c-55c2b7d8deed": { "id": "fd12a952-2e99-41f7-b74c-55c2b7d8deed", "title": "Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update", "software": [ { "type": "plugin", "name": "Flexible Checkout Fields for WooCommerce \u2013 WooCommerce Checkout Manager", "slug": "flexible-checkout-fields", "affected_versions": { "[*, 2.3.2)": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.3.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd12a952-2e99-41f7-b74c-55c2b7d8deed?source=api-scan" ], "published": "2020-02-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd12ce4a-585d-4e26-88fb-1ab9dcc8727d": { "id": "fd12ce4a-585d-4e26-88fb-1ab9dcc8727d", "title": "RestroPress <= 2.8.3 - Missing Authorization", "software": [ { "type": "plugin", "name": "RestroPress \u2013 Online Food Ordering System", "slug": "restropress", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd12ce4a-585d-4e26-88fb-1ab9dcc8727d?source=api-scan" ], "published": "2021-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd15268f-7e06-4e0d-baaf-f27348af61ce": { "id": "fd15268f-7e06-4e0d-baaf-f27348af61ce", "title": "Email Log <= 2.4.8 - Unauthenticated Hook Injection", "software": [ { "type": "plugin", "name": "Email Log", "slug": "email-log", "affected_versions": { "* - 2.4.8": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd15268f-7e06-4e0d-baaf-f27348af61ce?source=api-scan" ], "published": "2024-05-23 17:05:18", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd154b26-985b-4e72-976f-1858a783c667": { "id": "fd154b26-985b-4e72-976f-1858a783c667", "title": "Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "[*, 4.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "4.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd154b26-985b-4e72-976f-1858a783c667?source=api-scan" ], "published": "2020-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd15f5c3-f4c3-40d3-b0ae-eee7ed9ed434": { "id": "fd15f5c3-f4c3-40d3-b0ae-eee7ed9ed434", "title": "Spider Facebook <= 1.0.8 - SQL Injection", "software": [ { "type": "plugin", "name": "WDSocialWidgets", "slug": "spider-facebook", "affected_versions": { "* - 1.0.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd15f5c3-f4c3-40d3-b0ae-eee7ed9ed434?source=api-scan" ], "published": "2014-09-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd191128-86c8-4530-b5cf-6681899b9474": { "id": "fd191128-86c8-4530-b5cf-6681899b9474", "title": "Wholesale Suite <= 2.1.12 - Missing Authorization", "software": [ { "type": "plugin", "name": "Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More", "slug": "woocommerce-wholesale-prices", "affected_versions": { "* - 2.1.12": { "from_version": "*", "from_inclusive": true, "to_version": "2.1.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd191128-86c8-4530-b5cf-6681899b9474?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd21b3fb-656d-4060-b7c6-e0b8e79afb4c": { "id": "fd21b3fb-656d-4060-b7c6-e0b8e79afb4c", "title": "Image Gallery - Responsive Photo Gallery <= 1.5.5 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Image Gallery - Responsive Photo Gallery", "slug": "gallery-images", "affected_versions": { "[*, 1.5.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd21b3fb-656d-4060-b7c6-e0b8e79afb4c?source=api-scan" ], "published": "2015-08-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62": { "id": "fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62", "title": "WPS Hide Login <= 1.9.15.2 - Login Page Disclosure", "software": [ { "type": "plugin", "name": "WPS Hide Login", "slug": "wps-hide-login", "affected_versions": { "* - 1.9.15.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.15.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd22babc-f1a9-4f50-9756-fe692105dca3": { "id": "fd22babc-f1a9-4f50-9756-fe692105dca3", "title": "ARMember <= 4.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", "slug": "armember-membership", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd22babc-f1a9-4f50-9756-fe692105dca3?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd235256-e48c-4f1b-a51b-25669b560c77": { "id": "fd235256-e48c-4f1b-a51b-25669b560c77", "title": "gee Search Plus, improved WordPress search <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "gee Search Plus, improved WordPress search", "slug": "gsearch-plus", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd235256-e48c-4f1b-a51b-25669b560c77?source=api-scan" ], "published": "2024-05-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd23b9cd-3492-4f6f-b90d-5215e175c1e3": { "id": "fd23b9cd-3492-4f6f-b90d-5215e175c1e3", "title": "WordPress Core < 4.9.5 - Open Redirect", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.25": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.25", "to_inclusive": true }, "3.8 - 3.8.25": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.25", "to_inclusive": true }, "3.9 - 3.9.23": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.23", "to_inclusive": true }, "4.0 - 4.0.22": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.22", "to_inclusive": true }, "4.1 - 4.1.22": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.22", "to_inclusive": true }, "4.2 - 4.2.19": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.19", "to_inclusive": true }, "4.3 - 4.3.15": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.15", "to_inclusive": true }, "4.4 - 4.4.14": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.14", "to_inclusive": true }, "4.5 - 4.5.13": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.13", "to_inclusive": true }, "4.6 - 4.6.10": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.10", "to_inclusive": true }, "4.7 - 4.7.9": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.9", "to_inclusive": true }, "4.8 - 4.8.5": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.5", "to_inclusive": true }, "4.9 - 4.9.4": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.26", "3.8.26", "3.9.24", "4.0.23", "4.1.23", "4.2.20", "4.3.16", "4.4.15", "4.5.14", "4.6.11", "4.7.10", "4.8.6", "4.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd23b9cd-3492-4f6f-b90d-5215e175c1e3?source=api-scan" ], "published": "2018-04-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd2b816a-fbb1-4c6f-8f0a-4ef2e77f845e": { "id": "fd2b816a-fbb1-4c6f-8f0a-4ef2e77f845e", "title": "Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via Update", "software": [ { "type": "plugin", "name": "Note Press", "slug": "note-press", "affected_versions": { "* - 0.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "0.1.10", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd2b816a-fbb1-4c6f-8f0a-4ef2e77f845e?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd3298dd-af80-481e-8d20-d33e7bb9bb85": { "id": "fd3298dd-af80-481e-8d20-d33e7bb9bb85", "title": "KJM Admin Notices <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "KJM Admin Notices", "slug": "kjm-admin-notices", "affected_versions": { "* - 2.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd3298dd-af80-481e-8d20-d33e7bb9bb85?source=api-scan" ], "published": "2021-10-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd368b2c-ef40-453b-aeef-ad88d847c29b": { "id": "fd368b2c-ef40-453b-aeef-ad88d847c29b", "title": "Open Graphite <= 1.6.0 - Reflected Cross-Site Scripting via topic parameter", "software": [ { "type": "plugin", "name": "Open Graphite", "slug": "open-graphite", "affected_versions": { "* - 1.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd368b2c-ef40-453b-aeef-ad88d847c29b?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd3cd605-6292-4a04-9aee-f4b9a8127e8e": { "id": "fd3cd605-6292-4a04-9aee-f4b9a8127e8e", "title": "WordPress Console <= 0.3.9 - Missing Authorization via reload.php", "software": [ { "type": "plugin", "name": "WordPress Console", "slug": "wordpress-console", "affected_versions": { "* - 0.3.9": { "from_version": "*", "from_inclusive": true, "to_version": "0.3.9", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd3cd605-6292-4a04-9aee-f4b9a8127e8e?source=api-scan" ], "published": "2023-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd3d9ce8-0ebf-490e-8c3a-73883638c3eb": { "id": "fd3d9ce8-0ebf-490e-8c3a-73883638c3eb", "title": "NextGEN Gallery Sell Photo <= 1.0.4 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "NextGEN Gallery Sell Photo", "slug": "nextgen-gallery-sell-photo", "affected_versions": { "* - 1.0.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd3d9ce8-0ebf-490e-8c3a-73883638c3eb?source=api-scan" ], "published": "2020-08-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd4446b0-3274-46c7-865a-0a168acb960f": { "id": "fd4446b0-3274-46c7-865a-0a168acb960f", "title": "Contact Form 7 Integrations 1.0 - 1.3.10 - Multiple Cross-Site scripting", "software": [ { "type": "plugin", "name": "Contact Form 7 Integrations", "slug": "contact-form-7-integrations", "affected_versions": { "1.0 - 1.3.10": { "from_version": "1.0", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd4446b0-3274-46c7-865a-0a168acb960f?source=api-scan" ], "published": "2014-10-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd4ac2b0-120a-4e68-bf8d-e039336fe9dc": { "id": "fd4ac2b0-120a-4e68-bf8d-e039336fe9dc", "title": "WordPress Core < 4.7.1 - Authorization Bypass", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.16": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.16", "to_inclusive": true }, "3.8 - 3.8.16": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.16", "to_inclusive": true }, "3.9 - 3.9.14": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.14", "to_inclusive": true }, "4.0 - 4.0.13": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.13", "to_inclusive": true }, "4.1 - 4.1.13": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.13", "to_inclusive": true }, "4.2 - 4.2.10": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.10", "to_inclusive": true }, "4.3 - 4.3.6": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.6", "to_inclusive": true }, "4.4 - 4.4.5": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.5", "to_inclusive": true }, "4.5 - 4.5.4": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.4", "to_inclusive": true }, "4.6 - 4.6.1": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.1", "to_inclusive": true }, "4.7": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.17", "3.8.17", "3.9.15", "4.0.14", "4.1.14", "4.2.11", "4.3.7", "4.4.6", "4.5.5", "4.6.2", "4.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd4ac2b0-120a-4e68-bf8d-e039336fe9dc?source=api-scan" ], "published": "2017-01-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd53b4e1-c6b7-4111-911a-04b14c7a9c4e": { "id": "fd53b4e1-c6b7-4111-911a-04b14c7a9c4e", "title": "Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Elementor Addon Elements", "slug": "addon-elements-for-elementor-page-builder", "affected_versions": { "* - 1.12.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.12.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.12.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd53b4e1-c6b7-4111-911a-04b14c7a9c4e?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd56e59b-3879-4ab6-ae9a-7a301ee6aa20": { "id": "fd56e59b-3879-4ab6-ae9a-7a301ee6aa20", "title": "Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal", "software": [ { "type": "plugin", "name": "Brizy \u2013 Page Builder", "slug": "brizy", "affected_versions": { "* - 2.3.11": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd56e59b-3879-4ab6-ae9a-7a301ee6aa20?source=api-scan" ], "published": "2021-10-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd60fa87-d3da-4e3f-bd9b-b9d117bdbc4c": { "id": "fd60fa87-d3da-4e3f-bd9b-b9d117bdbc4c", "title": "WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 4.3.4)": { "from_version": "*", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd60fa87-d3da-4e3f-bd9b-b9d117bdbc4c?source=api-scan" ], "published": "2018-04-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd671562-adc8-40b0-af26-9daef70effa6": { "id": "fd671562-adc8-40b0-af26-9daef70effa6", "title": "ScoreMe <= 2016-04-01 - Cross-Site Scripting", "software": [ { "type": "theme", "name": "ScoreMe", "slug": "scoreme", "affected_versions": { "[*, 2016-04-01]": { "from_version": "*", "from_inclusive": true, "to_version": "2016-04-01", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd671562-adc8-40b0-af26-9daef70effa6?source=api-scan" ], "published": "2016-04-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd67e334-88fd-49c7-a20c-9c2f95e9950c": { "id": "fd67e334-88fd-49c7-a20c-9c2f95e9950c", "title": "WP Customer Reviews <= 3.5.5 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Customer Reviews", "slug": "wp-customer-reviews", "affected_versions": { "* - 3.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.5.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd67e334-88fd-49c7-a20c-9c2f95e9950c?source=api-scan" ], "published": "2021-05-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd683a80-2090-4f9b-8342-7cc76675067e": { "id": "fd683a80-2090-4f9b-8342-7cc76675067e", "title": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.25 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder", "slug": "form-maker", "affected_versions": { "* - 1.15.25": { "from_version": "*", "from_inclusive": true, "to_version": "1.15.25", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.15.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd683a80-2090-4f9b-8342-7cc76675067e?source=api-scan" ], "published": "2024-06-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd6b3ebe-a29b-4509-bb8c-d101073f21dc": { "id": "fd6b3ebe-a29b-4509-bb8c-d101073f21dc", "title": "Two Factor Authentication < 1.1.10 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Two Factor Authentication", "slug": "two-factor-authentication", "affected_versions": { "[*, 1.1.10)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.10", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd6b3ebe-a29b-4509-bb8c-d101073f21dc?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd7415b1-846f-41ad-a19f-73d0cee3965f": { "id": "fd7415b1-846f-41ad-a19f-73d0cee3965f", "title": "Just Writing Statistics <= 4.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Just Writing Statistics", "slug": "just-writing-statistics", "affected_versions": { "* - 4.5": { "from_version": "*", "from_inclusive": true, "to_version": "4.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd7415b1-846f-41ad-a19f-73d0cee3965f?source=api-scan" ], "published": "2024-05-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd741e2d-5478-4b9a-83ab-7ccafdc5d12f": { "id": "fd741e2d-5478-4b9a-83ab-7ccafdc5d12f", "title": "Ruby Help Desk <= 1.3.3 - Missing Authorization to Arbitrary Ticket Modification", "software": [ { "type": "plugin", "name": "Ruby Help Desk", "slug": "ruby-help-desk", "affected_versions": { "* - 1.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd741e2d-5478-4b9a-83ab-7ccafdc5d12f?source=api-scan" ], "published": "2023-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd74bcec-df6f-4f82-8f88-6cb1adde35ed": { "id": "fd74bcec-df6f-4f82-8f88-6cb1adde35ed", "title": "Automatic User Roles Switcher <= 1.1.1 - Missing Authorization to Privilege Escalation", "software": [ { "type": "plugin", "name": "Automatic User Roles Switcher", "slug": "automatic-user-roles-switcher", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd74bcec-df6f-4f82-8f88-6cb1adde35ed?source=api-scan" ], "published": "2022-10-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd782479-8eab-439d-9a8e-b4105e49964c": { "id": "fd782479-8eab-439d-9a8e-b4105e49964c", "title": "Hueman Addons <= 2.3.3 - Authenticated (Contributor+) Stored Cross Site Scripting", "software": [ { "type": "plugin", "name": "Hueman Addons", "slug": "hueman-addons", "affected_versions": { "* - 2.3.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd782479-8eab-439d-9a8e-b4105e49964c?source=api-scan" ], "published": "2023-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd7916f3-7844-4f3f-87ae-a8a66a9f3dec": { "id": "fd7916f3-7844-4f3f-87ae-a8a66a9f3dec", "title": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin <= 3.1.6 - Arbitrary Shortcode Execution", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "[*, 3.1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd7916f3-7844-4f3f-87ae-a8a66a9f3dec?source=api-scan" ], "published": "2015-05-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd7a1440-18f5-4bcb-a4cf-c4713375d0a1": { "id": "fd7a1440-18f5-4bcb-a4cf-c4713375d0a1", "title": "Shockingly Simple Favicon <= 1.8.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Shockingly Simple Favicon", "slug": "shockingly-simple-favicon", "affected_versions": { "* - 1.8.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd7a1440-18f5-4bcb-a4cf-c4713375d0a1?source=api-scan" ], "published": "2023-09-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd7da039-f6b8-46b7-a43a-145e9f8844c3": { "id": "fd7da039-f6b8-46b7-a43a-145e9f8844c3", "title": "Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation", "software": [ { "type": "plugin", "name": "Cost Calculator Builder", "slug": "cost-calculator-builder", "affected_versions": { "* - 3.2.12": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd7da039-f6b8-46b7-a43a-145e9f8844c3?source=api-scan" ], "published": "2024-07-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd817fe9-b7be-4252-877a-e9843d62a0a9": { "id": "fd817fe9-b7be-4252-877a-e9843d62a0a9", "title": "NEX-Forms - Ultimate Form Builder <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "slug": "nex-forms-express-wp-form-builder", "affected_versions": { "* - 8.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "8.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "8.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd817fe9-b7be-4252-877a-e9843d62a0a9?source=api-scan" ], "published": "2023-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd8a4296-8a6e-4455-8a69-87cace9199a9": { "id": "fd8a4296-8a6e-4455-8a69-87cace9199a9", "title": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds < 3.0 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress Classifieds Plugin \u2013 Ad Directory & Listings by AWP Classifieds", "slug": "another-wordpress-classifieds-plugin", "affected_versions": { "[*, 3.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd8a4296-8a6e-4455-8a69-87cace9199a9?source=api-scan" ], "published": "2014-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd8e6b8a-0161-4bf7-b480-77258337e9b9": { "id": "fd8e6b8a-0161-4bf7-b480-77258337e9b9", "title": "WordPress File Upload <= 3.4.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 3.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd8e6b8a-0161-4bf7-b480-77258337e9b9?source=api-scan" ], "published": "2015-10-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd8fb3e9-34eb-4b37-9a7e-00309a1ca81d": { "id": "fd8fb3e9-34eb-4b37-9a7e-00309a1ca81d", "title": "Booking Ultra Pro <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Booking Ultra Pro Appointments Booking Calendar Plugin", "slug": "booking-ultra-pro", "affected_versions": { "* - 1.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd8fb3e9-34eb-4b37-9a7e-00309a1ca81d?source=api-scan" ], "published": "2023-05-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd903ec3-893e-4dd8-ad90-2e25a926ac4f": { "id": "fd903ec3-893e-4dd8-ad90-2e25a926ac4f", "title": "FeedStats < 2.4 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FeedStats", "slug": "feedstats-de", "affected_versions": { "[*, 2.4)": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd903ec3-893e-4dd8-ad90-2e25a926ac4f?source=api-scan" ], "published": "2007-07-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd978ac0-42f2-4746-9430-37458375b588": { "id": "fd978ac0-42f2-4746-9430-37458375b588", "title": "JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing", "software": [ { "type": "plugin", "name": "JetBackup \u2013 WP Backup, Migrate & Restore", "slug": "backup", "affected_versions": { "* - 2.0.9.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.9.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd978ac0-42f2-4746-9430-37458375b588?source=api-scan" ], "published": "2024-02-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd97ef7d-80c7-4987-be79-23eb380fa460": { "id": "fd97ef7d-80c7-4987-be79-23eb380fa460", "title": "CAPTCHA 4WP <= 7.0.6.1 - Cross-Site Request Forgery to Local File Inclusion", "software": [ { "type": "plugin", "name": "CAPTCHA 4WP \u2013 Antispam CAPTCHA solution for WordPress", "slug": "advanced-nocaptcha-recaptcha", "affected_versions": { "* - 7.0.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "7.0.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd97ef7d-80c7-4987-be79-23eb380fa460?source=api-scan" ], "published": "2022-06-29 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd97fba9-513b-46e1-9613-2f64c4272f34": { "id": "fd97fba9-513b-46e1-9613-2f64c4272f34", "title": "Block Referer Spam <= 1.1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Block Referer Spam", "slug": "block-referer-spam", "affected_versions": { "* - 1.1.9.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.9.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd97fba9-513b-46e1-9613-2f64c4272f34?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fd9f1385-6457-4bc9-9c75-0fcd399a5956": { "id": "fd9f1385-6457-4bc9-9c75-0fcd399a5956", "title": "Awesome Support <= 6.1.10 - Missing Authorization", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.10": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fd9f1385-6457-4bc9-9c75-0fcd399a5956?source=api-scan" ], "published": "2023-12-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fda10117-b562-496e-8a17-88ee350ce8f2": { "id": "fda10117-b562-496e-8a17-88ee350ce8f2", "title": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update", "software": [ { "type": "plugin", "name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.", "slug": "popup-builder", "affected_versions": { "* - 4.1.11": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.12" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fda10117-b562-496e-8a17-88ee350ce8f2?source=api-scan" ], "published": "2022-06-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fda1be79-ba45-4e8f-bfc3-355f9cdbad82": { "id": "fda1be79-ba45-4e8f-bfc3-355f9cdbad82", "title": "Community by PeepSo <= 6.2.6.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App", "slug": "peepso-core", "affected_versions": { "* - 6.2.6.0": { "from_version": "*", "from_inclusive": true, "to_version": "6.2.6.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.2.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fda1be79-ba45-4e8f-bfc3-355f9cdbad82?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdacd8b2-ef34-424d-bc05-bc059f6ab3b0": { "id": "fdacd8b2-ef34-424d-bc05-bc059f6ab3b0", "title": "WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection", "software": [ { "type": "plugin", "name": "WP Yelp Review Slider", "slug": "wp-yelp-review-slider", "affected_versions": { "* - 7.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdacd8b2-ef34-424d-bc05-bc059f6ab3b0?source=api-scan" ], "published": "2023-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdb184c7-c322-4e05-86db-b398cec1e1b0": { "id": "fdb184c7-c322-4e05-86db-b398cec1e1b0", "title": "Popup Builder <= 1.1.29 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Popup Builder", "slug": "easy-notify-lite", "affected_versions": { "* - 1.1.29": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.29", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.30" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdb184c7-c322-4e05-86db-b398cec1e1b0?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdb3c672-0ac4-42e8-951b-e41dc8bd6231": { "id": "fdb3c672-0ac4-42e8-951b-e41dc8bd6231", "title": "SendGrid for WordPress <= 1.4 - Unauthenticated SQL Injection", "software": [ { "type": "plugin", "name": "SendGrid for WordPress", "slug": "wp-sendgrid-mailer", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdb3c672-0ac4-42e8-951b-e41dc8bd6231?source=api-scan" ], "published": "2024-08-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdb822e8-583e-4437-a735-b116aa8886e2": { "id": "fdb822e8-583e-4437-a735-b116aa8886e2", "title": "WP-Optimize <= 3.2.12 & SrbTransLatin <= 2.4 - Stored\/Reflected Cross-Site Scripting via Third Party Library", "software": [ { "type": "plugin", "name": "SrbTransLatin \u2013 Serbian Latinisation", "slug": "srbtranslatin", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.1" ] }, { "type": "plugin", "name": "WP-Optimize \u2013 Cache, Compress images, Minify & Clean database to boost page speed & performance", "slug": "wp-optimize", "affected_versions": { "[*, 3.2.13)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.13", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdb822e8-583e-4437-a735-b116aa8886e2?source=api-scan" ], "published": "2023-07-04 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdba439d-90ee-413c-842d-19704b08c33e": { "id": "fdba439d-90ee-413c-842d-19704b08c33e", "title": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation", "software": [ { "type": "plugin", "name": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "slug": "ninja-forms", "affected_versions": { "* - 3.4.27": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.27", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.4.27.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdba439d-90ee-413c-842d-19704b08c33e?source=api-scan" ], "published": "2020-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdbb60e5-4d67-4deb-94e0-788c1fb0e42f": { "id": "fdbb60e5-4d67-4deb-94e0-788c1fb0e42f", "title": "WP Photo Album Plus <= 5.4.7 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Photo Album Plus", "slug": "wp-photo-album-plus", "affected_versions": { "* - 5.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "5.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdbb60e5-4d67-4deb-94e0-788c1fb0e42f?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdbd089d-1b7d-42e9-8f47-fec19a4dd7c4": { "id": "fdbd089d-1b7d-42e9-8f47-fec19a4dd7c4", "title": "Ultimate Under Construction <= 1.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Ultimate Under Construction", "slug": "ultimate-under-construction", "affected_versions": { "* - 1.9.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdbd089d-1b7d-42e9-8f47-fec19a4dd7c4?source=api-scan" ], "published": "2024-04-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdc18341-135b-4522-a9db-510e4c4d9704": { "id": "fdc18341-135b-4522-a9db-510e4c4d9704", "title": "Export any WordPress data to XML\/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to PHAR Deserialization", "software": [ { "type": "plugin", "name": "WP All Export Pro", "slug": "wp-all-export-pro", "affected_versions": { "[*, 1.8.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.8.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.8.6" ] }, { "type": "plugin", "name": "Export any WordPress data to XML\/CSV", "slug": "wp-all-export", "affected_versions": { "[*, 1.4.1)": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.4.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdc18341-135b-4522-a9db-510e4c4d9704?source=api-scan" ], "published": "2023-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdc2a31f-19c2-4474-a3b0-16ded1912ddd": { "id": "fdc2a31f-19c2-4474-a3b0-16ded1912ddd", "title": "RSVPMaker < 5.6.4 - SQL Injection", "software": [ { "type": "plugin", "name": "RSVPMaker", "slug": "rsvpmaker", "affected_versions": { "[*, 5.6.4)": { "from_version": "*", "from_inclusive": true, "to_version": "5.6.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.6.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdc2a31f-19c2-4474-a3b0-16ded1912ddd?source=api-scan" ], "published": "2018-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdd0694c-ea7e-4cf8-a8d8-82a2b02fecdf": { "id": "fdd0694c-ea7e-4cf8-a8d8-82a2b02fecdf", "title": "WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure", "software": [ { "type": "plugin", "name": "WordPress Button Plugin MaxButtons", "slug": "maxbuttons", "affected_versions": { "* - 9.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.8.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdd0694c-ea7e-4cf8-a8d8-82a2b02fecdf?source=api-scan" ], "published": "2024-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdd14863-5498-4598-8b22-8e5a607869e4": { "id": "fdd14863-5498-4598-8b22-8e5a607869e4", "title": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP <= 1.3.10 - Authenticated (Admin+) Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP", "slug": "yotuwp-easy-youtube-embed", "affected_versions": { "* - 1.3.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdd14863-5498-4598-8b22-8e5a607869e4?source=api-scan" ], "published": "2022-12-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdd57b3b-bd0a-4b07-831e-72f2329b2577": { "id": "fdd57b3b-bd0a-4b07-831e-72f2329b2577", "title": "Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'instantEditRedirect' function", "software": [ { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdd57b3b-bd0a-4b07-831e-72f2329b2577?source=api-scan" ], "published": "2023-02-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdd73289-f292-4903-951e-6a89049d39a7": { "id": "fdd73289-f292-4903-951e-6a89049d39a7", "title": "Contact Form by FormGet <= 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Contact Form by FormGet \u2013 Best Form Builder Plugin for WordPress", "slug": "formget-contact-form", "affected_versions": { "* - 5.5.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.5.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdd73289-f292-4903-951e-6a89049d39a7?source=api-scan" ], "published": "2023-09-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdde4f0d-a4d7-421c-8579-a93941eea712": { "id": "fdde4f0d-a4d7-421c-8579-a93941eea712", "title": "HashBar \u2013 WordPress Notification Bar <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "HashBar \u2013 WordPress Notification Bar", "slug": "hashbar-wp-notification-bar", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdde4f0d-a4d7-421c-8579-a93941eea712?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fde0ab44-a354-4cbe-8548-0e5c08529082": { "id": "fde0ab44-a354-4cbe-8548-0e5c08529082", "title": "RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fde0ab44-a354-4cbe-8548-0e5c08529082?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fde1157b-5b99-4e9c-9c51-ebaa0eddfd73": { "id": "fde1157b-5b99-4e9c-9c51-ebaa0eddfd73", "title": "CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CM WordPress Search And Replace Plugin", "slug": "cm-on-demand-search-and-replace", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fde1157b-5b99-4e9c-9c51-ebaa0eddfd73?source=api-scan" ], "published": "2023-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fde163fa-2dbf-43bc-8edc-cbbab2a35bd0": { "id": "fde163fa-2dbf-43bc-8edc-cbbab2a35bd0", "title": "DrawBlog <= 0.90 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "DrawBlog", "slug": "drawblog", "affected_versions": { "* - 0.90": { "from_version": "*", "from_inclusive": true, "to_version": "0.90", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fde163fa-2dbf-43bc-8edc-cbbab2a35bd0?source=api-scan" ], "published": "2021-06-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdea1999-a282-4374-a093-5cbd5b05497a": { "id": "fdea1999-a282-4374-a093-5cbd5b05497a", "title": "Digital Publications by Supsystic <= 1.7.7 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WordPress Flipbook by Supsystic", "slug": "digital-publications-by-supsystic", "affected_versions": { "* - 1.7.7": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.7.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdea1999-a282-4374-a093-5cbd5b05497a?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdeab668-9094-485f-aa01-13ba5c10ea89": { "id": "fdeab668-9094-485f-aa01-13ba5c10ea89", "title": "Blocksy <= 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "theme", "name": "Blocksy", "slug": "blocksy", "affected_versions": { "* - 2.0.26": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdeab668-9094-485f-aa01-13ba5c10ea89?source=api-scan" ], "published": "2024-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdf18ae2-f0d4-44d4-9dd1-6ac36d859d68": { "id": "fdf18ae2-f0d4-44d4-9dd1-6ac36d859d68", "title": "WordPress Action Network 1.4.3 -Authentcated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Action Network", "slug": "wp-action-network", "affected_versions": { "1.4.3": { "from_version": "1.4.3", "from_inclusive": true, "to_version": "1.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdf18ae2-f0d4-44d4-9dd1-6ac36d859d68?source=api-scan" ], "published": "2024-03-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdf6d876-631f-493d-a324-3bb8efedd84a": { "id": "fdf6d876-631f-493d-a324-3bb8efedd84a", "title": "WP Hardening \u2013 Fix Your WordPress Security <= 1.2.1 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Hardening (discontinued)", "slug": "wp-security-hardening", "affected_versions": { "[*, 1.2.2)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdf6d876-631f-493d-a324-3bb8efedd84a?source=api-scan" ], "published": "2021-06-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdfa2336-dda2-4945-9278-1a85f8b5f88b": { "id": "fdfa2336-dda2-4945-9278-1a85f8b5f88b", "title": "Wordfence <= 5.2.3 - Stored Cross-Site Scripting via REQUEST_URI", "software": [ { "type": "plugin", "name": "Wordfence Security \u2013 Firewall, Malware Scan, and Login Security", "slug": "wordfence", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdfa2336-dda2-4945-9278-1a85f8b5f88b?source=api-scan" ], "published": "2014-09-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fdfb5e74-e52c-4f44-acdc-9740624af9e7": { "id": "fdfb5e74-e52c-4f44-acdc-9740624af9e7", "title": "Simple File List <= 3.2.4 - Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 3.2.4": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fdfb5e74-e52c-4f44-acdc-9740624af9e7?source=api-scan" ], "published": "2019-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe00b89f-b475-4aec-8df8-89d842d92e4f": { "id": "fe00b89f-b475-4aec-8df8-89d842d92e4f", "title": "Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection", "software": [ { "type": "theme", "name": "Betheme", "slug": "betheme", "affected_versions": { "* - 26.5.1.4": { "from_version": "*", "from_inclusive": true, "to_version": "26.5.1.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "26.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe00b89f-b475-4aec-8df8-89d842d92e4f?source=api-scan" ], "published": "2022-11-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe02377a-8d09-4d86-a049-3002516cf933": { "id": "fe02377a-8d09-4d86-a049-3002516cf933", "title": "YITH WooCommerce Compare <= 2.0.9 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "YITH WooCommerce Compare", "slug": "yith-woocommerce-compare", "affected_versions": { "* - 2.0.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe02377a-8d09-4d86-a049-3002516cf933?source=api-scan" ], "published": "2016-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe023bc0-11b9-4520-874a-4656f633d4ac": { "id": "fe023bc0-11b9-4520-874a-4656f633d4ac", "title": "WordPress GDPR & CCPA < 1.9.26 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WordPress GDPR & CCPA", "slug": "wordpress-gdpr", "affected_versions": { "* - 1.9.26": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.26", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.27" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe023bc0-11b9-4520-874a-4656f633d4ac?source=api-scan" ], "published": "2022-01-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe086290-f3d3-4d28-bb5c-11fbbb1364b4": { "id": "fe086290-f3d3-4d28-bb5c-11fbbb1364b4", "title": "GTranslate <= 2.8.51 - Reflected Cross Site Scripting", "software": [ { "type": "plugin", "name": "Translate WordPress with GTranslate", "slug": "gtranslate", "affected_versions": { "* - 2.8.51": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.51", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.52" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe086290-f3d3-4d28-bb5c-11fbbb1364b4?source=api-scan" ], "published": "2020-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe0def72-affb-4f42-8857-0e2b8b602c7f": { "id": "fe0def72-affb-4f42-8857-0e2b8b602c7f", "title": "Media File Organizer <= 1.0.1 - Directory Traversal", "software": [ { "type": "plugin", "name": "Media File Organizer", "slug": "media-file-organizer", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe0def72-affb-4f42-8857-0e2b8b602c7f?source=api-scan" ], "published": "2021-04-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe0fedc1-d4bd-40bf-8d8f-953db4bf2120": { "id": "fe0fedc1-d4bd-40bf-8d8f-953db4bf2120", "title": "WP RSS Multi Importer < 3.14 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP RSS Multi Importer", "slug": "wp-rss-multi-importer", "affected_versions": { "[*, 3.14)": { "from_version": "*", "from_inclusive": true, "to_version": "3.14", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe0fedc1-d4bd-40bf-8d8f-953db4bf2120?source=api-scan" ], "published": "2014-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe10acf6-2649-4e85-abd1-b6840169eb41": { "id": "fe10acf6-2649-4e85-abd1-b6840169eb41", "title": "Locations <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Locations", "slug": "locations", "affected_versions": { "* - 4.0": { "from_version": "*", "from_inclusive": true, "to_version": "4.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe10acf6-2649-4e85-abd1-b6840169eb41?source=api-scan" ], "published": "2023-09-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe1301d9-738b-485f-b8db-c23c16e4f99d": { "id": "fe1301d9-738b-485f-b8db-c23c16e4f99d", "title": "WordPress Core < 4.8.2 - Cross-Site Scripting via Javascript: and Data: URLs", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.21": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.21", "to_inclusive": true }, "3.8 - 3.8.21": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.21", "to_inclusive": true }, "3.9 - 3.9.19": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.19", "to_inclusive": true }, "4.0 - 4.0.18": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.18", "to_inclusive": true }, "4.1 - 4.1.18": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.18", "to_inclusive": true }, "4.2 - 4.2.15": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.15", "to_inclusive": true }, "4.3 - 4.3.11": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.11", "to_inclusive": true }, "4.4 - 4.4.10": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.10", "to_inclusive": true }, "4.5 - 4.5.9": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.9", "to_inclusive": true }, "4.6 - 4.6.6": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.6", "to_inclusive": true }, "4.7 - 4.7.5": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.5", "to_inclusive": true }, "4.8 - 4.8.1": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.22", "3.8.22", "3.9.20", "4.0.19", "4.1.19", "4.2.16", "4.3.12", "4.4.11", "4.5.10", "4.6.7", "4.7.6", "4.8.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe1301d9-738b-485f-b8db-c23c16e4f99d?source=api-scan" ], "published": "2017-09-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe175315-99ef-438a-b5b0-a5f190403116": { "id": "fe175315-99ef-438a-b5b0-a5f190403116", "title": "Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode", "software": [ { "type": "plugin", "name": "Shortcodes and extra features for Phlox theme", "slug": "auxin-elements", "affected_versions": { "* - 2.15.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.15.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.15.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe175315-99ef-438a-b5b0-a5f190403116?source=api-scan" ], "published": "2024-04-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe17abd8-9ee2-4b9c-a30b-68d95e341722": { "id": "fe17abd8-9ee2-4b9c-a30b-68d95e341722", "title": "ReFlex Gallery \u00bb WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "ReFlex Gallery \u00bb WordPress Photo Gallery", "slug": "reflex-gallery", "affected_versions": { "[*, 3.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe17abd8-9ee2-4b9c-a30b-68d95e341722?source=api-scan" ], "published": "2013-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe1f8c51-d3f1-456b-bf73-362ff33ee879": { "id": "fe1f8c51-d3f1-456b-bf73-362ff33ee879", "title": "WP Timeline \u2013 Vertical and Horizontal timeline plugin <= 3.6.7 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "WP Timeline \u2013 Vertical and Horizontal timeline plugin", "slug": "wp-timelines", "affected_versions": { "* - 3.6.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe1f8c51-d3f1-456b-bf73-362ff33ee879?source=api-scan" ], "published": "2024-09-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe25bfef-34f0-4d57-9cba-9dcbf58281c6": { "id": "fe25bfef-34f0-4d57-9cba-9dcbf58281c6", "title": "Click to Chat \u2013 HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion", "software": [ { "type": "plugin", "name": "Click to Chat \u2013 HoliThemes", "slug": "click-to-chat-for-whatsapp", "affected_versions": { "* - 3.35": { "from_version": "*", "from_inclusive": true, "to_version": "3.35", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe25bfef-34f0-4d57-9cba-9dcbf58281c6?source=api-scan" ], "published": "2024-04-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe275351-a547-440d-9e8c-c464ed333aa9": { "id": "fe275351-a547-440d-9e8c-c464ed333aa9", "title": "WP Lightbox 2 <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Lightbox 2", "slug": "wp-lightbox-2", "affected_versions": { "* - 3.0.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.6.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.6.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe275351-a547-440d-9e8c-c464ed333aa9?source=api-scan" ], "published": "2024-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe2a538b-60a5-4595-b901-4477679e6b8a": { "id": "fe2a538b-60a5-4595-b901-4477679e6b8a", "title": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "slug": "users-ultra", "affected_versions": { "[*, 1.5.63)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.63", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.63" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe2a538b-60a5-4595-b901-4477679e6b8a?source=api-scan" ], "published": "2015-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe2cfc96-63f4-4e4b-bf49-6031594a4805": { "id": "fe2cfc96-63f4-4e4b-bf49-6031594a4805", "title": "PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "PowerPack Elementor Addons (Free Widgets, Extensions and Templates)", "slug": "powerpack-lite-for-elementor", "affected_versions": { "* - 2.7.13": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe2cfc96-63f4-4e4b-bf49-6031594a4805?source=api-scan" ], "published": "2024-01-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe2fcc3f-e7ce-4f9a-b9a9-e6cf9129aec9": { "id": "fe2fcc3f-e7ce-4f9a-b9a9-e6cf9129aec9", "title": "My Sticky Bar (formerly myStickymenu) <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme \u2013 My Sticky Bar (formerly myStickymenu)", "slug": "mystickymenu", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe2fcc3f-e7ce-4f9a-b9a9-e6cf9129aec9?source=api-scan" ], "published": "2024-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe3834a6-a6f5-4cc7-951e-a6ada6346b07": { "id": "fe3834a6-a6f5-4cc7-951e-a6ada6346b07", "title": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload", "software": [ { "type": "plugin", "name": "MStore API \u2013 Create Native Android & iOS Apps On The Cloud", "slug": "mstore-api", "affected_versions": { "* - 4.15.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.15.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.15.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe3834a6-a6f5-4cc7-951e-a6ada6346b07?source=api-scan" ], "published": "2024-09-12 20:50:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe391ac9-e3ea-48b3-8ffe-243972ce89f6": { "id": "fe391ac9-e3ea-48b3-8ffe-243972ce89f6", "title": "Getwid \u2013 Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update", "software": [ { "type": "plugin", "name": "Getwid \u2013 Gutenberg Blocks", "slug": "getwid", "affected_versions": { "* - 2.0.10": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe391ac9-e3ea-48b3-8ffe-243972ce89f6?source=api-scan" ], "published": "2024-07-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe3c897a-c3fb-4d1f-ad4c-c1bbb781a5aa": { "id": "fe3c897a-c3fb-4d1f-ad4c-c1bbb781a5aa", "title": "Pinpoint Booking System <= 2.9.9.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pinpoint Booking System \u2013 #1 WordPress Booking Plugin", "slug": "booking-system", "affected_versions": { "* - 2.9.9.4.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9.4.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.9.4.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe3c897a-c3fb-4d1f-ad4c-c1bbb781a5aa?source=api-scan" ], "published": "2024-07-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe400dbe-43eb-41c1-8e31-c350228e0f8b": { "id": "fe400dbe-43eb-41c1-8e31-c350228e0f8b", "title": "JobSearch WP Job Board <= 1.5.1 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "JobSearch WP Job Board", "slug": "wp-jobsearch", "affected_versions": { "* - 1.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe400dbe-43eb-41c1-8e31-c350228e0f8b?source=api-scan" ], "published": "2020-07-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe4171b9-b17e-4e6e-9ab4-4b1b125e8950": { "id": "fe4171b9-b17e-4e6e-9ab4-4b1b125e8950", "title": "Lana Email Tester <= 1.0.0 - Missing Authorization to Mail Relay & Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Lana Email Tester", "slug": "lana-email-tester", "affected_versions": { "* - 1.0.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe4171b9-b17e-4e6e-9ab4-4b1b125e8950?source=api-scan" ], "published": "2022-06-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe44fe7f-0ccf-4297-a9a7-107695abfe13": { "id": "fe44fe7f-0ccf-4297-a9a7-107695abfe13", "title": "Uji Countdown <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Uji Countdown", "slug": "uji-countdown", "affected_versions": { "* - 2.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe44fe7f-0ccf-4297-a9a7-107695abfe13?source=api-scan" ], "published": "2022-11-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe5227f0-3f7f-4d31-8d46-de2eec44b514": { "id": "fe5227f0-3f7f-4d31-8d46-de2eec44b514", "title": "WP Stripe Checkout <= 1.2.2.41 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WP Stripe Checkout", "slug": "wp-stripe-checkout", "affected_versions": { "* - 1.2.2.41": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2.41", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.2.42" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe5227f0-3f7f-4d31-8d46-de2eec44b514?source=api-scan" ], "published": "2024-04-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe54c37f-1421-48aa-b502-045847d13ae3": { "id": "fe54c37f-1421-48aa-b502-045847d13ae3", "title": "WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Responsive Tabs horizontal vertical and accordion Tabs", "slug": "responsive-horizontal-vertical-and-accordion-tabs", "affected_versions": { "* - 1.1.15": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.15", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.16" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe54c37f-1421-48aa-b502-045847d13ae3?source=api-scan" ], "published": "2023-04-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe668f93-f6b7-4824-ad17-024291d8f535": { "id": "fe668f93-f6b7-4824-ad17-024291d8f535", "title": "Multi Step Form <= 1.2.5 - Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Multi Step Form", "slug": "multi-step-form", "affected_versions": { "[*, 1.2.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.2.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe668f93-f6b7-4824-ad17-024291d8f535?source=api-scan" ], "published": "2018-07-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe685a64-a84c-4d29-b002-05d40f540391": { "id": "fe685a64-a84c-4d29-b002-05d40f540391", "title": "Simple Gmail Login < 1.1.4 - Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Simple Gmail Login", "slug": "simple-gmail-login", "affected_versions": { "[*, 1.1.4)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.4", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe685a64-a84c-4d29-b002-05d40f540391?source=api-scan" ], "published": "2012-11-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe6a09b1-cf2c-4d64-9b81-b2cc02e98d45": { "id": "fe6a09b1-cf2c-4d64-9b81-b2cc02e98d45", "title": "Confetti Fall Animation <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Confetti Fall Animation", "slug": "confetti-fall-animation", "affected_versions": { "* - 1.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe6a09b1-cf2c-4d64-9b81-b2cc02e98d45?source=api-scan" ], "published": "2024-09-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe708e03-334f-4c72-ace9-b5d065ee8c9d": { "id": "fe708e03-334f-4c72-ace9-b5d065ee8c9d", "title": "Pricing Table <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pricing Table", "slug": "pricing-table", "affected_versions": { "* - 1.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe708e03-334f-4c72-ace9-b5d065ee8c9d?source=api-scan" ], "published": "2022-04-05 14:36:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe799030-ec9c-45fd-a5a9-6589364b6056": { "id": "fe799030-ec9c-45fd-a5a9-6589364b6056", "title": "DT Chocolate (All Versions) - Cross-Site Scripting", "software": [ { "type": "theme", "name": "Chocolate WP \u2013 Responsive Photography Theme | Photography", "slug": "dt-chocolate", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe799030-ec9c-45fd-a5a9-6589364b6056?source=api-scan" ], "published": "2014-01-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe7e6a53-36c3-41fc-bae8-a9e1de2494ad": { "id": "fe7e6a53-36c3-41fc-bae8-a9e1de2494ad", "title": "Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "Category Order and Taxonomy Terms Order", "slug": "taxonomy-terms-order", "affected_versions": { "[*, 1.5.3)": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.3", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe7e6a53-36c3-41fc-bae8-a9e1de2494ad?source=api-scan" ], "published": "2018-02-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe7f75b4-f315-44f7-8e67-1680eeee3942": { "id": "fe7f75b4-f315-44f7-8e67-1680eeee3942", "title": "Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Responsive Vertical Icon Menu", "slug": "wpdevart-vertical-menu", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe7f75b4-f315-44f7-8e67-1680eeee3942?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe82e9d2-764b-49da-a062-c5fc7c876396": { "id": "fe82e9d2-764b-49da-a062-c5fc7c876396", "title": "URL Shortify \u2013 Simple, Powerful and Easy URL Shortener Plugin For WordPress <= 1.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "URL Shortify \u2013 Simple, Powerful and Easy URL Shortener Plugin For WordPress", "slug": "url-shortify", "affected_versions": { "[*, 1.7.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe82e9d2-764b-49da-a062-c5fc7c876396?source=api-scan" ], "published": "2023-06-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe8816d8-1687-4a3c-9f2a-23f21d679cc5": { "id": "fe8816d8-1687-4a3c-9f2a-23f21d679cc5", "title": "WP STAGING WordPress Backup Plugin < 3.2.0 - Sensitive Information Exposure via cache files", "software": [ { "type": "plugin", "name": "WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore", "slug": "wp-staging", "affected_versions": { "[*, 3.2.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe8816d8-1687-4a3c-9f2a-23f21d679cc5?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe926435-ef91-4717-8612-31c053771491": { "id": "fe926435-ef91-4717-8612-31c053771491", "title": "AdminOnline (Unspecified Version) - Directly Traversal\/Arbitrary File Read", "software": [ { "type": "plugin", "name": "AdminOnline", "slug": "adminonline", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe926435-ef91-4717-8612-31c053771491?source=api-scan" ], "published": "2014-06-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe93f443-7941-4463-a068-c292c172f071": { "id": "fe93f443-7941-4463-a068-c292c172f071", "title": "S3 Bubble Amazon S3 HTML5 Video with Adverts <= 2.0 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "S3 Bubble Amazon S3 HTML5 Video with Adverts", "slug": "s3bubble-amazon-s3-html-5-video-with-adverts", "affected_versions": { "* - 2.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe93f443-7941-4463-a068-c292c172f071?source=api-scan" ], "published": "2015-04-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe9659ff-7233-44d4-aaff-ad3089511a67": { "id": "fe9659ff-7233-44d4-aaff-ad3089511a67", "title": "WP Migration Plugin DB & Files \u2013 WP Synchro <= 1.11.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "WP Synchro \u2013 WordPress Migration Plugin for Database & Files", "slug": "wpsynchro", "affected_versions": { "* - 1.11.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.11.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.11.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe9659ff-7233-44d4-aaff-ad3089511a67?source=api-scan" ], "published": "2024-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe98bd8c-6db3-4094-8ff2-ab21c8778698": { "id": "fe98bd8c-6db3-4094-8ff2-ab21c8778698", "title": "Catch Themes Demo Import <= 3.0.2 - Authenticated (Admin+) Arbitrary File Upload", "software": [ { "type": "plugin", "name": "One Click Demo Import", "slug": "one-click-demo-import", "affected_versions": { "[*, 3.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe98bd8c-6db3-4094-8ff2-ab21c8778698?source=api-scan" ], "published": "2022-04-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fe996511-f29a-4e28-b6de-3633d45b10c1": { "id": "fe996511-f29a-4e28-b6de-3633d45b10c1", "title": "Calendar <= 1.3.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Calendar", "slug": "calendar", "affected_versions": { "* - 1.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fe996511-f29a-4e28-b6de-3633d45b10c1?source=api-scan" ], "published": "2014-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fea6ddd5-f168-471c-99eb-efc46d1bfeb9": { "id": "fea6ddd5-f168-471c-99eb-efc46d1bfeb9", "title": "wpForo Forum <= 1.4.12 - SQL Injection", "software": [ { "type": "plugin", "name": "wpForo Forum", "slug": "wpforo", "affected_versions": { "* - 1.4.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fea6ddd5-f168-471c-99eb-efc46d1bfeb9?source=api-scan" ], "published": "2018-05-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fea71287-f92e-43e5-adbf-d89fce437e56": { "id": "fea71287-f92e-43e5-adbf-d89fce437e56", "title": "Master Currency WP <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode", "software": [ { "type": "plugin", "name": "Master Currency WP", "slug": "mastercurrency-wp", "affected_versions": { "* - 1.1.61": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.61", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fea71287-f92e-43e5-adbf-d89fce437e56?source=api-scan" ], "published": "2024-07-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fea96f84-f75b-4f02-9ca8-f8fda439d565": { "id": "fea96f84-f75b-4f02-9ca8-f8fda439d565", "title": "Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode", "software": [ { "type": "plugin", "name": "Porto Theme - Functionality", "slug": "porto-functionality", "affected_versions": { "* - 3.1.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.1.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.1.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fea96f84-f75b-4f02-9ca8-f8fda439d565?source=api-scan" ], "published": "2024-05-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feab189a-bd89-461d-b553-f137b8032e94": { "id": "feab189a-bd89-461d-b553-f137b8032e94", "title": "Easy Social Icons <= 1.2.3.1 - SQL Injection", "software": [ { "type": "plugin", "name": "Easy Social Icons", "slug": "easy-social-icons", "affected_versions": { "* - 1.2.3.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feab189a-bd89-461d-b553-f137b8032e94?source=api-scan" ], "published": "2015-07-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feb056b0-5ea0-4257-8d58-0e29b3c304bd": { "id": "feb056b0-5ea0-4257-8d58-0e29b3c304bd", "title": "Download Manager <= 3.2.38 - Unauthenticated Brute Force of File Master Key", "software": [ { "type": "plugin", "name": "Download Manager", "slug": "download-manager", "affected_versions": { "[*, 3.2.39)": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.39", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.2.39" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feb056b0-5ea0-4257-8d58-0e29b3c304bd?source=api-scan" ], "published": "2022-03-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feb25e04-8cd2-49d8-a459-4302c1ec332c": { "id": "feb25e04-8cd2-49d8-a459-4302c1ec332c", "title": "Timed Popup WordPress Plugin <= 1.4 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Timed Popup WordPress Plugin", "slug": "wp-timed-popup", "affected_versions": { "* - 1.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feb25e04-8cd2-49d8-a459-4302c1ec332c?source=api-scan" ], "published": "2014-12-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feb4f3dc-9abf-4ee3-834e-e5516652d810": { "id": "feb4f3dc-9abf-4ee3-834e-e5516652d810", "title": "Google XML Sitemap for Videos <= 2.6.1 - Cross-Site Request Forgery via video_sitemap_generate", "software": [ { "type": "plugin", "name": "Google XML Sitemap for Videos", "slug": "xml-sitemaps-for-videos", "affected_versions": { "* - 2.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feb4f3dc-9abf-4ee3-834e-e5516652d810?source=api-scan" ], "published": "2023-03-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feb63b10-fe23-4f89-9ef3-0a61b4190320": { "id": "feb63b10-fe23-4f89-9ef3-0a61b4190320", "title": "One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure", "software": [ { "type": "plugin", "name": "One Click Close Comments", "slug": "one-click-close-comments", "affected_versions": { "* - 2.7.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.7.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feb63b10-fe23-4f89-9ef3-0a61b4190320?source=api-scan" ], "published": "2024-07-26 13:12:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feb9af10-7df2-4eb1-8546-debaa925df42": { "id": "feb9af10-7df2-4eb1-8546-debaa925df42", "title": "W4 Post List <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w4pl[no_items_text]'", "software": [ { "type": "plugin", "name": "W4 Post List", "slug": "w4-post-list", "affected_versions": { "* - 2.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feb9af10-7df2-4eb1-8546-debaa925df42?source=api-scan" ], "published": "2023-03-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fec015e1-7f64-4917-a242-90bd1135f680": { "id": "fec015e1-7f64-4917-a242-90bd1135f680", "title": "Poll Maker \u2013 Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls", "slug": "poll-maker", "affected_versions": { "* - 5.1.8": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fec015e1-7f64-4917-a242-90bd1135f680?source=api-scan" ], "published": "2024-04-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fec06875-f6b4-4e57-917f-e80ece3744e1": { "id": "fec06875-f6b4-4e57-917f-e80ece3744e1", "title": "Better Follow Button for Jetpack <= 8.0 - Authenticated (Admin+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Better Follow Button for Jetpack", "slug": "better-follow-button-for-jetpack", "affected_versions": { "* - 8.0": { "from_version": "*", "from_inclusive": true, "to_version": "8.0", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fec06875-f6b4-4e57-917f-e80ece3744e1?source=api-scan" ], "published": "2024-01-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fec590e7-c15e-4063-892a-a945333d848e": { "id": "fec590e7-c15e-4063-892a-a945333d848e", "title": "Job Manager <= 0.7.25 - Insecure Direct Object Reference", "software": [ { "type": "plugin", "name": "Job Manager", "slug": "job-manager", "affected_versions": { "* - 0.7.25": { "from_version": "*", "from_inclusive": true, "to_version": "0.7.25", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fec590e7-c15e-4063-892a-a945333d848e?source=api-scan" ], "published": "2015-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fecb12c5-8f8d-4f72-a349-c5df315b523e": { "id": "fecb12c5-8f8d-4f72-a349-c5df315b523e", "title": "CalderaWP License Manager <= 1.2.11 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "CalderaWP License Manager", "slug": "calderawp-license-manager", "affected_versions": { "* - 1.2.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.11", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fecb12c5-8f8d-4f72-a349-c5df315b523e?source=api-scan" ], "published": "2022-04-12 10:56:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fed0e3bc-1401-410a-805d-1ea3e423024b": { "id": "fed0e3bc-1401-410a-805d-1ea3e423024b", "title": "oEmbed Gist <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "oEmbed Gist", "slug": "oembed-gist", "affected_versions": { "* - 4.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fed0e3bc-1401-410a-805d-1ea3e423024b?source=api-scan" ], "published": "2024-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fed4dd54-7a7e-483b-a623-3cf3392572b8": { "id": "fed4dd54-7a7e-483b-a623-3cf3392572b8", "title": "HTTP Headers <= 1.18.11 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "HTTP Headers", "slug": "http-headers", "affected_versions": { "* - 1.18.11": { "from_version": "*", "from_inclusive": true, "to_version": "1.18.11", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.19.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fed4dd54-7a7e-483b-a623-3cf3392572b8?source=api-scan" ], "published": "2023-07-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fedf20b2-6c21-4c91-8f79-9cac334a1313": { "id": "fedf20b2-6c21-4c91-8f79-9cac334a1313", "title": "Auto Limit Posts Reloaded <= 2.5 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Auto Limit Posts Reloaded", "slug": "auto-limit-posts-reloaded", "affected_versions": { "* - 2.5": { "from_version": "*", "from_inclusive": true, "to_version": "2.5", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fedf20b2-6c21-4c91-8f79-9cac334a1313?source=api-scan" ], "published": "2023-10-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fee18df2-75ea-416a-8aa6-139018016b9a": { "id": "fee18df2-75ea-416a-8aa6-139018016b9a", "title": "Bulk Page Creator <= 1.1.3 - Cross-Site Request Forgery to Arbitrary Page Creation", "software": [ { "type": "plugin", "name": "Bulk Page Creator", "slug": "bulk-page-creator", "affected_versions": { "* - 1.1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.1.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fee18df2-75ea-416a-8aa6-139018016b9a?source=api-scan" ], "published": "2022-05-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fee47bb5-5af9-426c-8760-193276e046ea": { "id": "fee47bb5-5af9-426c-8760-193276e046ea", "title": "Inisev Analyst Module <= Various Versions - Missing Authorization", "software": [ { "type": "plugin", "name": "SSL Mixed Content Fix", "slug": "http-https-remover", "affected_versions": { "* - 3.2.6": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.7" ] }, { "type": "plugin", "name": "Duplicate Post", "slug": "copy-delete-posts", "affected_versions": { "* - 1.4.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.5" ] }, { "type": "plugin", "name": "Social Share Icons & Social Share Buttons", "slug": "ultimate-social-media-plus", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.6.2" ] }, { "type": "plugin", "name": "Ultimate Posts Widget", "slug": "ultimate-posts-widget", "affected_versions": { "* - 2.2.9": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.0" ] }, { "type": "plugin", "name": "Backup Migration", "slug": "backup-backup", "affected_versions": { "* - 1.4.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.4.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.2" ] }, { "type": "plugin", "name": "Pop-up", "slug": "pop-up-pop-up", "affected_versions": { "* - 1.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.4" ] }, { "type": "plugin", "name": "Redirection", "slug": "redirect-redirection", "affected_versions": { "* - 1.1.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.0" ] }, { "type": "plugin", "name": "Clone", "slug": "wp-clone-by-wp-academy", "affected_versions": { "* - 2.4.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.4" ] }, { "type": "plugin", "name": "RSS Redirect & Feedburner Alternative", "slug": "feedburner-alternative-and-rss-redirect", "affected_versions": { "* - 3.9": { "from_version": "*", "from_inclusive": true, "to_version": "3.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] }, { "type": "plugin", "name": "Social Media Social Share Icon", "slug": "add-social-share", "affected_versions": { "* - 2.8.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.7" ] }, { "type": "plugin", "name": "Enhanced Text Widget", "slug": "enhanced-text-widget", "affected_versions": { "* - 1.6.4": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan" ], "published": "2024-04-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feeb70e4-b602-40ce-bdeb-d947c6b6784d": { "id": "feeb70e4-b602-40ce-bdeb-d947c6b6784d", "title": "RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change", "software": [ { "type": "plugin", "name": "RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms", "slug": "custom-registration-form-builder-with-submission-manager", "affected_versions": { "* - 5.1.9.2": { "from_version": "*", "from_inclusive": true, "to_version": "5.1.9.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.1.9.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feeb70e4-b602-40ce-bdeb-d947c6b6784d?source=api-scan" ], "published": "2023-01-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feecd1f9-a933-43f5-971b-459bb27340d4": { "id": "feecd1f9-a933-43f5-971b-459bb27340d4", "title": "AnyComment <= 0.2.17 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "AnyComment", "slug": "anycomment", "affected_versions": { "[*, 0.2.18)": { "from_version": "*", "from_inclusive": true, "to_version": "0.2.18", "to_inclusive": false } }, "patched": true, "patched_versions": [ "0.2.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feecd1f9-a933-43f5-971b-459bb27340d4?source=api-scan" ], "published": "2022-01-19 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "feee3268-b384-400c-a76d-e5d7972c05b7": { "id": "feee3268-b384-400c-a76d-e5d7972c05b7", "title": "Post Grid Combo \u2013 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint", "software": [ { "type": "plugin", "name": "Post Grid and Gutenberg Blocks", "slug": "post-grid", "affected_versions": { "* - 2.2.68": { "from_version": "*", "from_inclusive": true, "to_version": "2.2.68", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2.69" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/feee3268-b384-400c-a76d-e5d7972c05b7?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fef2f3fd-d6a3-4cb5-af5f-3fad8a67ca9c": { "id": "fef2f3fd-d6a3-4cb5-af5f-3fad8a67ca9c", "title": "Jobeleon Theme <= 1.9.1 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Jobeleon WPJobBoard", "slug": "jobeleon-wpjobboard", "affected_versions": { "* - 1.9.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.9.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.9.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fef2f3fd-d6a3-4cb5-af5f-3fad8a67ca9c?source=api-scan" ], "published": "2024-03-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fef6c603-2beb-44df-8895-10ad0a9ef644": { "id": "fef6c603-2beb-44df-8895-10ad0a9ef644", "title": "WPGYM - Wordpress Gym Management System (Unknown Version) - SQL Injection", "software": [ { "type": "plugin", "name": "WPGYM - Wordpress Gym Management System", "slug": "gym-management", "affected_versions": { "*": { "from_version": "*", "from_inclusive": true, "to_version": "*", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fef6c603-2beb-44df-8895-10ad0a9ef644?source=api-scan" ], "published": "2017-09-26 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fefab999-12e0-4866-a5a2-60f8faa64f89": { "id": "fefab999-12e0-4866-a5a2-60f8faa64f89", "title": "Easy Admin Menu <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Admin Menu", "slug": "easy-admin-menu", "affected_versions": { "* - 1.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.3", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fefab999-12e0-4866-a5a2-60f8faa64f89?source=api-scan" ], "published": "2023-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fefe4499-8b03-4c07-b248-ae0ae5153b4f": { "id": "fefe4499-8b03-4c07-b248-ae0ae5153b4f", "title": "Link Library <= 7.5.13 - Cross-Site Request Forgery via action_admin_init", "software": [ { "type": "plugin", "name": "Link Library", "slug": "link-library", "affected_versions": { "* - 7.5.13": { "from_version": "*", "from_inclusive": true, "to_version": "7.5.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.6" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fefe4499-8b03-4c07-b248-ae0ae5153b4f?source=api-scan" ], "published": "2024-02-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff129569-223d-4d38-9f3a-eb2596214d3a": { "id": "ff129569-223d-4d38-9f3a-eb2596214d3a", "title": "GS Products Slider for WooCommerce <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Product Views for WooCommerce \u2013 Product Slider, Grid, Ticker, List & Masonry", "slug": "gs-woocommerce-products-slider", "affected_versions": { "* - 1.5.8": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.5.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff129569-223d-4d38-9f3a-eb2596214d3a?source=api-scan" ], "published": "2023-01-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff150706-5fbf-4881-976b-89fdaf637fb1": { "id": "ff150706-5fbf-4881-976b-89fdaf637fb1", "title": "Football pool <= 2.11.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Football Pool", "slug": "football-pool", "affected_versions": { "* - 2.11.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.11.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.11.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff150706-5fbf-4881-976b-89fdaf637fb1?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff2097a9-fe7a-48f3-be9c-dc0caef74262": { "id": "ff2097a9-fe7a-48f3-be9c-dc0caef74262", "title": "WooCommerce Box Office <= 1.2.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "WooCommerce Box Office", "slug": "woocommerce-box-office", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff2097a9-fe7a-48f3-be9c-dc0caef74262?source=api-scan" ], "published": "2024-01-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff210859-a65f-494f-a2bd-36b7ff92dec0": { "id": "ff210859-a65f-494f-a2bd-36b7ff92dec0", "title": "WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WP Affiliate Platform", "slug": "wp-affiliate-platform", "affected_versions": { "[*, 6.5.1)": { "from_version": "*", "from_inclusive": true, "to_version": "6.5.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "6.5.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff210859-a65f-494f-a2bd-36b7ff92dec0?source=api-scan" ], "published": "2024-06-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff21241d-e488-4460-b8c2-d5a070c8c107": { "id": "ff21241d-e488-4460-b8c2-d5a070c8c107", "title": "Simple File List <= 3.2.7 - Arbitrary File Download", "software": [ { "type": "plugin", "name": "Simple File List", "slug": "simple-file-list", "affected_versions": { "* - 3.2.7": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff21241d-e488-4460-b8c2-d5a070c8c107?source=api-scan" ], "published": "2019-05-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff21e539-8ba0-4edd-a90c-27a4cd1cdbc7": { "id": "ff21e539-8ba0-4edd-a90c-27a4cd1cdbc7", "title": "Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress \u2013 Google Language Translator <= 6.0.13 - Missing Authorization to Sensitive Information Disclosure", "software": [ { "type": "plugin", "name": "Translate WordPress with GTranslate", "slug": "gtranslate", "affected_versions": { "[*, 2.9.9)": { "from_version": "*", "from_inclusive": true, "to_version": "2.9.9", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.9.9" ] }, { "type": "plugin", "name": "Translate WordPress \u2013 Google Language Translator", "slug": "google-language-translator", "affected_versions": { "* - 6.0.13": { "from_version": "*", "from_inclusive": true, "to_version": "6.0.13", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.0.14" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff21e539-8ba0-4edd-a90c-27a4cd1cdbc7?source=api-scan" ], "published": "2022-03-07 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff22c969-e580-4290-ab08-7c02b6eac938": { "id": "ff22c969-e580-4290-ab08-7c02b6eac938", "title": "Calendar < 1.3.8 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Calendar", "slug": "calendar", "affected_versions": { "[*, 1.3.8)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.8", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff22c969-e580-4290-ab08-7c02b6eac938?source=api-scan" ], "published": "2016-11-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff2855cb-e4a8-4412-af24-4cee03ae2d43": { "id": "ff2855cb-e4a8-4412-af24-4cee03ae2d43", "title": "Bus Ticket Booking with Seat Reservation <= 5.2.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bus Ticket Booking with Seat Reservation \u2013 WpBusTicketly | WordPress plugin", "slug": "bus-ticket-booking-with-seat-reservation", "affected_versions": { "* - 5.2.3": { "from_version": "*", "from_inclusive": true, "to_version": "5.2.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.2.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=api-scan" ], "published": "2023-08-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff28f33f-85d1-4987-975b-ee3bbcb394f4": { "id": "ff28f33f-85d1-4987-975b-ee3bbcb394f4", "title": "Vuukle Comments, Reactions, Share Bar, Revenue <= 3.4.31 - Cross-Site Request Forgery Bypass", "software": [ { "type": "plugin", "name": "Vuukle Comments, Reactions, Share Bar, Revenue", "slug": "free-comments-for-wordpress-vuukle", "affected_versions": { "* - 3.4.31": { "from_version": "*", "from_inclusive": true, "to_version": "3.4.31", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff28f33f-85d1-4987-975b-ee3bbcb394f4?source=api-scan" ], "published": "2021-07-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6": { "id": "ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6", "title": "Formidable Forms <= 6.7 - HTML Injection", "software": [ { "type": "plugin", "name": "Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder", "slug": "formidable", "affected_versions": { "* - 6.7": { "from_version": "*", "from_inclusive": true, "to_version": "6.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.7.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff29e160-993b-422c-b49b-a216db5a0765": { "id": "ff29e160-993b-422c-b49b-a216db5a0765", "title": "CM Pop-Up banners <= 1.5.10 - Authenticated (Subscriber+) SQL Injection via getStatistics", "software": [ { "type": "plugin", "name": "CM Pop-Up Banners for WordPress", "slug": "cm-pop-up-banners", "affected_versions": { "* - 1.5.10": { "from_version": "*", "from_inclusive": true, "to_version": "1.5.10", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.6.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff29e160-993b-422c-b49b-a216db5a0765?source=api-scan" ], "published": "2023-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff2a14b1-8752-4edf-a807-88aab453451d": { "id": "ff2a14b1-8752-4edf-a807-88aab453451d", "title": "WordPress Shortcodes <= 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "WordPress Shortcodes", "slug": "synved-shortcodes", "affected_versions": { "* - 1.6.36": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.36", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff2a14b1-8752-4edf-a807-88aab453451d?source=api-scan" ], "published": "2023-02-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff32cb12-f010-45ae-97d7-f36ce2003f3c": { "id": "ff32cb12-f010-45ae-97d7-f36ce2003f3c", "title": "UserPro <= 4.9.20 - Privilege Escalation", "software": [ { "type": "plugin", "name": "UserPro - Community and User Profile WordPress Plugin", "slug": "userpro", "affected_versions": { "[*, 4.9.21)": { "from_version": "*", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": false } }, "patched": true, "patched_versions": [ "4.9.21" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff32cb12-f010-45ae-97d7-f36ce2003f3c?source=api-scan" ], "published": "2019-01-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff3aa112-bee2-485f-b5a1-ad156662ab03": { "id": "ff3aa112-bee2-485f-b5a1-ad156662ab03", "title": "MainWP Child Reports <= 2.0.7 - Admin+ SQL Injection", "software": [ { "type": "plugin", "name": "MainWP Child Reports", "slug": "mainwp-child-reports", "affected_versions": { "* - 2.0.7": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.7", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.8" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff3aa112-bee2-485f-b5a1-ad156662ab03?source=api-scan" ], "published": "2021-09-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff449224-d405-453f-8c45-5c6f79bc76d6": { "id": "ff449224-d405-453f-8c45-5c6f79bc76d6", "title": "Geo Mashup <= 1.13.12 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Geo Mashup", "slug": "geo-mashup", "affected_versions": { "* - 1.13.12": { "from_version": "*", "from_inclusive": true, "to_version": "1.13.12", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.13.13" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff449224-d405-453f-8c45-5c6f79bc76d6?source=api-scan" ], "published": "2024-09-16 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c": { "id": "ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c", "title": "ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure", "software": [ { "type": "plugin", "name": "ElementsKit Elementor addons", "slug": "elementskit-lite", "affected_versions": { "* - 3.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=api-scan" ], "published": "2024-01-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff4b47d8-28c1-4706-91d9-0285f419147e": { "id": "ff4b47d8-28c1-4706-91d9-0285f419147e", "title": "WordPress Core < 6.0.3 - SQL Injection via WP_Date_Query", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "* - 3.6.1": { "from_version": "*", "from_inclusive": true, "to_version": "3.6.1", "to_inclusive": true }, "3.7 - 3.7.39": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.39", "to_inclusive": true }, "3.8 - 3.8.39": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.39", "to_inclusive": true }, "3.9 - 3.9.37": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.37", "to_inclusive": true }, "4.0 - 4.0.36": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.36", "to_inclusive": true }, "4.1 - 4.1.36": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.36", "to_inclusive": true }, "4.2 - 4.2.33": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.33", "to_inclusive": true }, "4.3 - 4.3.29": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.29", "to_inclusive": true }, "4.4 - 4.4.28": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.28", "to_inclusive": true }, "4.5 - 4.5.27": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.27", "to_inclusive": true }, "4.6 - 4.6.24": { "from_version": "4.6", "from_inclusive": true, "to_version": "4.6.24", "to_inclusive": true }, "4.7 - 4.7.24": { "from_version": "4.7", "from_inclusive": true, "to_version": "4.7.24", "to_inclusive": true }, "4.8 - 4.8.20": { "from_version": "4.8", "from_inclusive": true, "to_version": "4.8.20", "to_inclusive": true }, "4.9 - 4.9.21": { "from_version": "4.9", "from_inclusive": true, "to_version": "4.9.21", "to_inclusive": true }, "5.0 - 5.0.17": { "from_version": "5.0", "from_inclusive": true, "to_version": "5.0.17", "to_inclusive": true }, "5.1 - 5.1.14": { "from_version": "5.1", "from_inclusive": true, "to_version": "5.1.14", "to_inclusive": true }, "5.2 - 5.2.16": { "from_version": "5.2", "from_inclusive": true, "to_version": "5.2.16", "to_inclusive": true }, "5.3 - 5.3.13": { "from_version": "5.3", "from_inclusive": true, "to_version": "5.3.13", "to_inclusive": true }, "5.4 - 5.4.11": { "from_version": "5.4", "from_inclusive": true, "to_version": "5.4.11", "to_inclusive": true }, "5.5 - 5.5.10": { "from_version": "5.5", "from_inclusive": true, "to_version": "5.5.10", "to_inclusive": true }, "5.6 - 5.6.9": { "from_version": "5.6", "from_inclusive": true, "to_version": "5.6.9", "to_inclusive": true }, "5.7 - 5.7.7": { "from_version": "5.7", "from_inclusive": true, "to_version": "5.7.7", "to_inclusive": true }, "5.8 - 5.8.5": { "from_version": "5.8", "from_inclusive": true, "to_version": "5.8.5", "to_inclusive": true }, "5.9 - 5.9.4": { "from_version": "5.9", "from_inclusive": true, "to_version": "5.9.4", "to_inclusive": true }, "6.0 - 6.0.2": { "from_version": "6.0", "from_inclusive": true, "to_version": "6.0.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.40", "3.8.40", "3.9.38", "4.0.37", "4.1.37", "4.2.34", "4.3.30", "4.4.29", "4.5.28", "4.6.25", "4.7.25", "4.8.21", "4.9.22", "5.0.18", "5.1.15", "5.2.17", "5.3.14", "5.4.12", "5.5.11", "5.6.10", "5.7.8", "5.8.6", "5.9.5", "6.0.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff4b47d8-28c1-4706-91d9-0285f419147e?source=api-scan" ], "published": "2022-10-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff4b757a-9ede-496b-b559-cf952d39fe70": { "id": "ff4b757a-9ede-496b-b559-cf952d39fe70", "title": "GamiPress <= 2.5.6 - Cross-Site Request Forgery to User Earnings Deletion", "software": [ { "type": "plugin", "name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", "slug": "gamipress", "affected_versions": { "* - 2.5.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.5.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff4b757a-9ede-496b-b559-cf952d39fe70?source=api-scan" ], "published": "2023-02-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff5755dc-2262-47f6-ac3a-6bca9529d088": { "id": "ff5755dc-2262-47f6-ac3a-6bca9529d088", "title": "uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route", "software": [ { "type": "plugin", "name": "Directory Listings WordPress plugin \u2013 uListing", "slug": "ulisting", "affected_versions": { "[*, 1.7)": { "from_version": "*", "from_inclusive": true, "to_version": "1.7", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff5755dc-2262-47f6-ac3a-6bca9529d088?source=api-scan" ], "published": "2021-01-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff5d8f5f-c7af-4789-9920-a09d2733b8ee": { "id": "ff5d8f5f-c7af-4789-9920-a09d2733b8ee", "title": "Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated Option Creation", "software": [ { "type": "plugin", "name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", "slug": "email-subscribers", "affected_versions": { "* - 4.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff5d8f5f-c7af-4789-9920-a09d2733b8ee?source=api-scan" ], "published": "2019-11-13 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff656409-2344-4190-a731-5a282e21375c": { "id": "ff656409-2344-4190-a731-5a282e21375c", "title": "Accordion <= 2.6 - Authenticated (Editor+) Stored Cross-Site Scripting via accordion settings", "software": [ { "type": "plugin", "name": "Accordion", "slug": "accordions-wp", "affected_versions": { "* - 2.6": { "from_version": "*", "from_inclusive": true, "to_version": "2.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff656409-2344-4190-a731-5a282e21375c?source=api-scan" ], "published": "2023-11-15 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff6932c6-f3ec-46a8-a03b-95512eee5bf1": { "id": "ff6932c6-f3ec-46a8-a03b-95512eee5bf1", "title": "Shareaholic <= 9.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Professional Social Sharing Buttons, Icons & Related Posts \u2013 Shareaholic", "slug": "shareaholic", "affected_versions": { "* - 9.7.8": { "from_version": "*", "from_inclusive": true, "to_version": "9.7.8", "to_inclusive": true } }, "patched": true, "patched_versions": [ "9.7.9" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff6e6101-8ba5-4cc7-9b02-67a0d9a978b6": { "id": "ff6e6101-8ba5-4cc7-9b02-67a0d9a978b6", "title": "Browser and Operating System Finder <= 1.2 - Missing Authorization", "software": [ { "type": "plugin", "name": "Browser and Operating System Finder", "slug": "browser-and-operating-system-finder", "affected_versions": { "* - 1.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff6e6101-8ba5-4cc7-9b02-67a0d9a978b6?source=api-scan" ], "published": "2022-06-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff6fc652-dcf8-4ff6-b8d8-cb9fad5b34bd": { "id": "ff6fc652-dcf8-4ff6-b8d8-cb9fad5b34bd", "title": "3D Flick Slideshow < 2.2 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "3D Flick Slideshow", "slug": "wp-3dflick-slideshow", "affected_versions": { "* - 2.1": { "from_version": "*", "from_inclusive": true, "to_version": "2.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff6fc652-dcf8-4ff6-b8d8-cb9fad5b34bd?source=api-scan" ], "published": "2012-06-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff6ff104-44c8-49a9-bebd-abb82e8e1cd6": { "id": "ff6ff104-44c8-49a9-bebd-abb82e8e1cd6", "title": "Avada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "theme", "name": "Avada | Website Builder For WordPress & WooCommerce", "slug": "Avada", "affected_versions": { "* - 7.11.6": { "from_version": "*", "from_inclusive": true, "to_version": "7.11.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.11.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff6ff104-44c8-49a9-bebd-abb82e8e1cd6?source=api-scan" ], "published": "2024-03-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff70f7aa-4c2c-4693-8b1f-d6e3ebbb0dad": { "id": "ff70f7aa-4c2c-4693-8b1f-d6e3ebbb0dad", "title": "Googmonify <= 0.5.1 - Cross-Site Request Forgery to Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Googmonify", "slug": "googmonify", "affected_versions": { "* - 0.5.1": { "from_version": "*", "from_inclusive": true, "to_version": "0.5.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff70f7aa-4c2c-4693-8b1f-d6e3ebbb0dad?source=api-scan" ], "published": "2015-08-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff77ffea-6b43-4875-965a-a72d761e93f7": { "id": "ff77ffea-6b43-4875-965a-a72d761e93f7", "title": "Order Delivery Date for WooCommerce <= 3.21.0 - Cross-Site Request Forgery to Notice Dismissal", "software": [ { "type": "plugin", "name": "Order Delivery Date for WooCommerce", "slug": "order-delivery-date-for-woocommerce", "affected_versions": { "* - 3.21.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.21.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.21.1" ] } ], "informational": true, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff77ffea-6b43-4875-965a-a72d761e93f7?source=api-scan" ], "published": "2024-04-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff7e7539-6a09-461a-a9a7-33630c396f1a": { "id": "ff7e7539-6a09-461a-a9a7-33630c396f1a", "title": "Auto YouTube Importer <= 1.0.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Auto YouTube Importer", "slug": "auto-youtube-importer", "affected_versions": { "* - 1.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff7e7539-6a09-461a-a9a7-33630c396f1a?source=api-scan" ], "published": "2023-02-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff840236-4368-45aa-a9a3-7e02f20783d8": { "id": "ff840236-4368-45aa-a9a3-7e02f20783d8", "title": "YOP Poll <= 6.4.2 - IP Spoofing via X-Forwarded-For header", "software": [ { "type": "plugin", "name": "YOP Poll", "slug": "yop-poll", "affected_versions": { "* - 6.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "6.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff840236-4368-45aa-a9a3-7e02f20783d8?source=api-scan" ], "published": "2022-07-11 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff850f88-6e89-48dd-ad70-dda4018c22fc": { "id": "ff850f88-6e89-48dd-ad70-dda4018c22fc", "title": "WooCommerce Canada Post Shipping <= 2.8.3 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Woocommerce Shipping Canada Post", "slug": "woocommerce-shipping-canada-post", "affected_versions": { "* - 2.8.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.8.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff850f88-6e89-48dd-ad70-dda4018c22fc?source=api-scan" ], "published": "2023-11-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff937860-c4e0-4172-9f0f-d66578fa7203": { "id": "ff937860-c4e0-4172-9f0f-d66578fa7203", "title": "Easy Table of Contents <= 2.0.45.2 - Missing Authorization via eztoc_reset_options_to_default", "software": [ { "type": "plugin", "name": "Easy Table of Contents", "slug": "easy-table-of-contents", "affected_versions": { "* - 2.0.45.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.45.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.46" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff937860-c4e0-4172-9f0f-d66578fa7203?source=api-scan" ], "published": "2023-03-21 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff986a66-93f7-4926-8818-7af745c0166c": { "id": "ff986a66-93f7-4926-8818-7af745c0166c", "title": "Happyforms <= 1.25.9 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms", "slug": "happyforms", "affected_versions": { "* - 1.25.9": { "from_version": "*", "from_inclusive": true, "to_version": "1.25.9", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.25.10" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff986a66-93f7-4926-8818-7af745c0166c?source=api-scan" ], "published": "2023-11-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff9c424c-f37f-4c30-aa95-da597008cbb2": { "id": "ff9c424c-f37f-4c30-aa95-da597008cbb2", "title": "Recipe Card Blocks by WPZOOM <= 2.8.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Recipe Card Blocks for Gutenberg & Elementor \u2013 Best WordPress Recipe Plugin", "slug": "recipe-card-blocks-by-wpzoom", "affected_versions": { "[*, 2.8.1)": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.1", "to_inclusive": false } }, "patched": true, "patched_versions": [ "2.8.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff9c424c-f37f-4c30-aa95-da597008cbb2?source=api-scan" ], "published": "2021-08-24 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ff9cfa56-e178-4de7-9e6b-e0a520153eb2": { "id": "ff9cfa56-e178-4de7-9e6b-e0a520153eb2", "title": "Easy Testimonials <= 1.36.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Easy Testimonials", "slug": "easy-testimonials", "affected_versions": { "[*, 1.37)": { "from_version": "*", "from_inclusive": true, "to_version": "1.37", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.37" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ff9cfa56-e178-4de7-9e6b-e0a520153eb2?source=api-scan" ], "published": "2016-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffa0d1ff-a1df-4a90-bfe5-3f4c8a7942c6": { "id": "ffa0d1ff-a1df-4a90-bfe5-3f4c8a7942c6", "title": "BookingPress < 1.0.11 - SQL Injection", "software": [ { "type": "plugin", "name": "Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress", "slug": "bookingpress-appointment-booking", "affected_versions": { "[*, 1.0.11)": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.11", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.0.11" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffa0d1ff-a1df-4a90-bfe5-3f4c8a7942c6?source=api-scan" ], "published": "2022-02-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffa252d6-0fe2-4d1f-802f-b902084822a7": { "id": "ffa252d6-0fe2-4d1f-802f-b902084822a7", "title": "WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name #2", "software": [ { "type": "core", "name": "WordPress", "slug": "wordpress", "affected_versions": { "[*, 3.7)": { "from_version": "*", "from_inclusive": true, "to_version": "3.7", "to_inclusive": false }, "3.7 - 3.7.14": { "from_version": "3.7", "from_inclusive": true, "to_version": "3.7.14", "to_inclusive": true }, "3.8 - 3.8.14": { "from_version": "3.8", "from_inclusive": true, "to_version": "3.8.14", "to_inclusive": true }, "3.9 - 3.9.12": { "from_version": "3.9", "from_inclusive": true, "to_version": "3.9.12", "to_inclusive": true }, "4.0 - 4.0.11": { "from_version": "4.0", "from_inclusive": true, "to_version": "4.0.11", "to_inclusive": true }, "4.1 - 4.1.11": { "from_version": "4.1", "from_inclusive": true, "to_version": "4.1.11", "to_inclusive": true }, "4.2 - 4.2.8": { "from_version": "4.2", "from_inclusive": true, "to_version": "4.2.8", "to_inclusive": true }, "4.3 - 4.3.4": { "from_version": "4.3", "from_inclusive": true, "to_version": "4.3.4", "to_inclusive": true }, "4.4 - 4.4.3": { "from_version": "4.4", "from_inclusive": true, "to_version": "4.4.3", "to_inclusive": true }, "4.5 - 4.5.2": { "from_version": "4.5", "from_inclusive": true, "to_version": "4.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.7.15", "3.8.15", "3.9.13", "4.0.12", "4.1.12", "4.2.9", "4.3.5", "4.4.4", "4.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffa252d6-0fe2-4d1f-802f-b902084822a7?source=api-scan" ], "published": "2016-06-18 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffa3b85c-7d08-4f6a-889e-b75620f72a1a": { "id": "ffa3b85c-7d08-4f6a-889e-b75620f72a1a", "title": "TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "TablePress \u2013 Tables in WordPress made easy", "slug": "tablepress", "affected_versions": { "* - 2.4.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.4.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffa3b85c-7d08-4f6a-889e-b75620f72a1a?source=api-scan" ], "published": "2024-10-11 20:34:39", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffa90aae-c512-4e7f-a041-e3e41cb8a1d8": { "id": "ffa90aae-c512-4e7f-a041-e3e41cb8a1d8", "title": "Count per Day < 3.5.5 - Unauthenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Count per Day", "slug": "count-per-day", "affected_versions": { "[*, 3.5.5)": { "from_version": "*", "from_inclusive": true, "to_version": "3.5.5", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.5.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffa90aae-c512-4e7f-a041-e3e41cb8a1d8?source=api-scan" ], "published": "2016-08-05 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffa92cb6-7444-4794-81c1-264ff5a08fa5": { "id": "ffa92cb6-7444-4794-81c1-264ff5a08fa5", "title": "Popup More Popups <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "AI Popup", "slug": "popup-more", "affected_versions": { "* - 2.3.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.3.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffa92cb6-7444-4794-81c1-264ff5a08fa5?source=api-scan" ], "published": "2024-05-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffac779c-c17f-46bd-9276-a1ce2db4e95c": { "id": "ffac779c-c17f-46bd-9276-a1ce2db4e95c", "title": "WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`", "software": [ { "type": "plugin", "name": "woocommerce-one-page-checkout", "slug": "woocommerce-one-page-checkout", "affected_versions": { "* - 2.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffac779c-c17f-46bd-9276-a1ce2db4e95c?source=api-scan" ], "published": "2023-08-10 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffae2808-454e-4380-af83-b181cf2e8fbd": { "id": "ffae2808-454e-4380-af83-b181cf2e8fbd", "title": "Popup box <= 4.1.2 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups", "slug": "ays-popup-box", "affected_versions": { "* - 4.1.2": { "from_version": "*", "from_inclusive": true, "to_version": "4.1.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.1.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffae2808-454e-4380-af83-b181cf2e8fbd?source=api-scan" ], "published": "2024-05-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffaefd79-57a7-43b8-af1c-e108567eba67": { "id": "ffaefd79-57a7-43b8-af1c-e108567eba67", "title": "FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "FileOrganizer \u2013 Manage WordPress and Website Files", "slug": "fileorganizer", "affected_versions": { "* - 1.0.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffaefd79-57a7-43b8-af1c-e108567eba67?source=api-scan" ], "published": "2024-04-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffaf7a75-de27-4361-ba04-ff17151b7eb5": { "id": "ffaf7a75-de27-4361-ba04-ff17151b7eb5", "title": "Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Site Offline or Coming Soon", "slug": "site-is-offline-plugin", "affected_versions": { "* - 1.6.6": { "from_version": "*", "from_inclusive": true, "to_version": "1.6.6", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffaf7a75-de27-4361-ba04-ff17151b7eb5?source=api-scan" ], "published": "2022-06-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffb70e82-355b-48f3-92d0-19659ed2550e": { "id": "ffb70e82-355b-48f3-92d0-19659ed2550e", "title": "AMP for WP <= 1.0.93.1 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data", "software": [ { "type": "plugin", "name": "AMP for WP \u2013 Accelerated Mobile Pages", "slug": "accelerated-mobile-pages", "affected_versions": { "* - 1.0.93.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.93.1", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.93.2" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffb70e82-355b-48f3-92d0-19659ed2550e?source=api-scan" ], "published": "2024-02-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffb8a285-43c6-4956-ad37-484269463b2d": { "id": "ffb8a285-43c6-4956-ad37-484269463b2d", "title": "Awesome Support <= 6.1.6 - Insufficient Authorization via wpas_can_delete_attachments()", "software": [ { "type": "plugin", "name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", "slug": "awesome-support", "affected_versions": { "* - 6.1.6": { "from_version": "*", "from_inclusive": true, "to_version": "6.1.6", "to_inclusive": true } }, "patched": true, "patched_versions": [ "6.1.7" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffb8a285-43c6-4956-ad37-484269463b2d?source=api-scan" ], "published": "2024-03-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffb97fa2-456c-4bc4-a09c-54daa17be3e8": { "id": "ffb97fa2-456c-4bc4-a09c-54daa17be3e8", "title": "CSS Hero <= 4.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "CSS Hero", "slug": "css-hero", "affected_versions": { "* - 4.03": { "from_version": "*", "from_inclusive": true, "to_version": "4.03", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.07" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffb97fa2-456c-4bc4-a09c-54daa17be3e8?source=api-scan" ], "published": "2019-12-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffbb85c5-e949-4c0f-8c02-2c022b802e05": { "id": "ffbb85c5-e949-4c0f-8c02-2c022b802e05", "title": "Pagination by BestWebSoft <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Pagination by BestWebSoft \u2013 Customizable WordPress Content Splitter and Navigation Plugin", "slug": "pagination", "affected_versions": { "* - 1.2.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.2.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.2.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffbb85c5-e949-4c0f-8c02-2c022b802e05?source=api-scan" ], "published": "2023-03-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffbf5930-50f3-44ca-8333-7b934dcd5ef7": { "id": "ffbf5930-50f3-44ca-8333-7b934dcd5ef7", "title": "Simple Buttons Creator <=1.04 - Unauthenticated Stored Cross-Site Scripting via Add Button", "software": [ { "type": "plugin", "name": "Simple Buttons Creator", "slug": "simple-buttons-creator", "affected_versions": { "* - 1.04": { "from_version": "*", "from_inclusive": true, "to_version": "1.04", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffbf5930-50f3-44ca-8333-7b934dcd5ef7?source=api-scan" ], "published": "2024-03-25 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffc2e04f-6e71-4783-bded-7d7782e2e84e": { "id": "ffc2e04f-6e71-4783-bded-7d7782e2e84e", "title": "Exchange Addon Custom URL Tracking < 1.1.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Exchange Addon Custom URL Tracking", "slug": "exchange-addon-custom-url-tracking", "affected_versions": { "[*, 1.1.0)": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.1.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffc2e04f-6e71-4783-bded-7d7782e2e84e?source=api-scan" ], "published": "2015-04-20 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffc92f28-02bd-48b3-b803-b67feab74db2": { "id": "ffc92f28-02bd-48b3-b803-b67feab74db2", "title": "Bus Ticket Booking with Seat Reservation <= 5.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bus Ticket Booking with Seat Reservation \u2013 WpBusTicketly | WordPress plugin", "slug": "bus-ticket-booking-with-seat-reservation", "affected_versions": { "* - 5.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "5.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "5.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffc92f28-02bd-48b3-b803-b67feab74db2?source=api-scan" ], "published": "2024-08-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffcc85a1-fc79-4bc6-b50e-c87988d4cad3": { "id": "ffcc85a1-fc79-4bc6-b50e-c87988d4cad3", "title": "Nifty Newsletters <= 4.0.23 \u2013 Cross-Site Request Forgery to Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Nifty Newsletters (Formerly Sola Newsletters)", "slug": "sola-newsletters", "affected_versions": { "* - 4.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "4.0.23", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffcc85a1-fc79-4bc6-b50e-c87988d4cad3?source=api-scan" ], "published": "2021-07-31 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffce535f-620d-40f8-a944-11ea87a67380": { "id": "ffce535f-620d-40f8-a944-11ea87a67380", "title": "Sitemap <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "software": [ { "type": "plugin", "name": "Sitemap", "slug": "sitemap", "affected_versions": { "* - 4.3": { "from_version": "*", "from_inclusive": true, "to_version": "4.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "4.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffce535f-620d-40f8-a944-11ea87a67380?source=api-scan" ], "published": "2022-12-27 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffd1cd48-96dc-4b35-8310-a5eb0a82dc19": { "id": "ffd1cd48-96dc-4b35-8310-a5eb0a82dc19", "title": "RokNewsPager <= 1.17 - Path Disclosure", "software": [ { "type": "plugin", "name": "RokNewsPager", "slug": "wp_roknewspager", "affected_versions": { "* - 1.17": { "from_version": "*", "from_inclusive": true, "to_version": "1.17", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.18" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffd1cd48-96dc-4b35-8310-a5eb0a82dc19?source=api-scan" ], "published": "2013-09-17 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffd3ecc8-8b76-453f-b2e9-a9c70c58edbf": { "id": "ffd3ecc8-8b76-453f-b2e9-a9c70c58edbf", "title": "GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "GenerateBlocks", "slug": "generateblocks", "affected_versions": { "* - 1.3.5": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.4.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffd3ecc8-8b76-453f-b2e9-a9c70c58edbf?source=api-scan" ], "published": "2021-11-01 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffd44a71-486b-4182-bd91-e31dd06d0d4d": { "id": "ffd44a71-486b-4182-bd91-e31dd06d0d4d", "title": "WP iCommerce \u2013 the first interactive ecommerce for wordpress <= 1.1.1 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "WP iCommerce \u2013 the first interactive ecommerce for wordpress", "slug": "wp-icommerce", "affected_versions": { "* - 1.1.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.1.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffd44a71-486b-4182-bd91-e31dd06d0d4d?source=api-scan" ], "published": "2021-08-22 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffd592e6-2ac4-4af4-bfc0-d4f834157d71": { "id": "ffd592e6-2ac4-4af4-bfc0-d4f834157d71", "title": "WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection", "software": [ { "type": "plugin", "name": "WooCommerce - Social Login", "slug": "woo-social-login", "affected_versions": { "* - 2.6.2": { "from_version": "*", "from_inclusive": true, "to_version": "2.6.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.6.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffd592e6-2ac4-4af4-bfc0-d4f834157d71?source=api-scan" ], "published": "2024-06-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffd6e18d-9173-4911-af64-5d54c6d2e052": { "id": "ffd6e18d-9173-4911-af64-5d54c6d2e052", "title": "WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion", "software": [ { "type": "plugin", "name": "WooCommerce Google Feed Manager", "slug": "wp-product-feed-manager", "affected_versions": { "* - 2.8.0": { "from_version": "*", "from_inclusive": true, "to_version": "2.8.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.9.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffd6e18d-9173-4911-af64-5d54c6d2e052?source=api-scan" ], "published": "2024-08-22 16:29:45", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffd889b0-ff2e-469a-bd0b-f009cf773ade": { "id": "ffd889b0-ff2e-469a-bd0b-f009cf773ade", "title": "WPFront User Role Editor <= 3.2.0 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "WPFront User Role Editor", "slug": "wpfront-user-role-editor", "affected_versions": { "* - 3.2.0": { "from_version": "*", "from_inclusive": true, "to_version": "3.2.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "3.2.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffd889b0-ff2e-469a-bd0b-f009cf773ade?source=api-scan" ], "published": "2021-11-23 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffde541b-5e2b-437b-a123-8522beca52ef": { "id": "ffde541b-5e2b-437b-a123-8522beca52ef", "title": "Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Current Book", "slug": "current-book", "affected_versions": { "* - 1.0.1": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.1", "to_inclusive": true } }, "patched": false, "patched_versions": [] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffde541b-5e2b-437b-a123-8522beca52ef?source=api-scan" ], "published": "2021-07-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffe1eca0-eba0-4b4c-afe5-9bff4aa2f3f1": { "id": "ffe1eca0-eba0-4b4c-afe5-9bff4aa2f3f1", "title": "Ultimate Product Catalog \u2013 WordPress Catalog Plugin <= 5.0.25 - Cross-Site Request Forgery", "software": [ { "type": "plugin", "name": "Ultimate Product Catalog", "slug": "ultimate-product-catalogue", "affected_versions": { "[*, 5.0.26)": { "from_version": "*", "from_inclusive": true, "to_version": "5.0.26", "to_inclusive": false } }, "patched": true, "patched_versions": [ "5.0.26" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffe1eca0-eba0-4b4c-afe5-9bff4aa2f3f1?source=api-scan" ], "published": "2022-01-06 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffe33097-66fc-45f1-bc08-93a2b2234501": { "id": "ffe33097-66fc-45f1-bc08-93a2b2234501", "title": "Bug Library <= 2.0.3 - Reflected Cross-Site Scripting", "software": [ { "type": "plugin", "name": "Bug Library", "slug": "bug-library", "affected_versions": { "* - 2.0.3": { "from_version": "*", "from_inclusive": true, "to_version": "2.0.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.0.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffe33097-66fc-45f1-bc08-93a2b2234501?source=api-scan" ], "published": "2021-09-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffe6cbba-1f4e-4cfc-abc8-0349def7bbf5": { "id": "ffe6cbba-1f4e-4cfc-abc8-0349def7bbf5", "title": "Booking Calendar Contact Form <= 1.0.23 - Shortcode SQL Injection", "software": [ { "type": "plugin", "name": "Booking Calendar Contact Form", "slug": "booking-calendar-contact-form", "affected_versions": { "* - 1.0.23": { "from_version": "*", "from_inclusive": true, "to_version": "1.0.23", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.0.24" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffe6cbba-1f4e-4cfc-abc8-0349def7bbf5?source=api-scan" ], "published": "2016-02-08 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffe9bfbd-3672-4162-bb1b-675c7eb9e655": { "id": "ffe9bfbd-3672-4162-bb1b-675c7eb9e655", "title": "Konzept - Fullscreen Portfolio WordPress Theme <= 2.4 - Reflected Cross-Site Scripting", "software": [ { "type": "theme", "name": "Konzept - Fullscreen Portfolio WordPress Theme", "slug": "konzept", "affected_versions": { "* - 2.4": { "from_version": "*", "from_inclusive": true, "to_version": "2.4", "to_inclusive": true } }, "patched": true, "patched_versions": [ "2.5" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffe9bfbd-3672-4162-bb1b-675c7eb9e655?source=api-scan" ], "published": "2020-07-30 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffeb4b5e-4c83-4b0e-a513-6b5cada95073": { "id": "ffeb4b5e-4c83-4b0e-a513-6b5cada95073", "title": "WordPress File Upload < 3.0.0 - Arbitrary File Upload", "software": [ { "type": "plugin", "name": "WordPress File Upload", "slug": "wp-file-upload", "affected_versions": { "[*, 3.0.0)": { "from_version": "*", "from_inclusive": true, "to_version": "3.0.0", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.0.0" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffeb4b5e-4c83-4b0e-a513-6b5cada95073?source=api-scan" ], "published": "2015-07-02 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffeb766f-3684-4eec-bacb-bbf0d434aba0": { "id": "ffeb766f-3684-4eec-bacb-bbf0d434aba0", "title": "SiteOrigin Widgets Bundle <= 1.58.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "software": [ { "type": "plugin", "name": "SiteOrigin Widgets Bundle", "slug": "so-widgets-bundle", "affected_versions": { "* - 1.58.3": { "from_version": "*", "from_inclusive": true, "to_version": "1.58.3", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.58.4" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffeb766f-3684-4eec-bacb-bbf0d434aba0?source=api-scan" ], "published": "2024-02-12 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f": { "id": "fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f", "title": "HUSKY \u2013 Products Filter for WooCommerce Professional <= 1.3.5.2 - Authenticated (Contributor+) SQL Injection", "software": [ { "type": "plugin", "name": "HUSKY \u2013 Products Filter Professional for WooCommerce", "slug": "woocommerce-products-filter", "affected_versions": { "* - 1.3.5.2": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.5.2", "to_inclusive": true } }, "patched": true, "patched_versions": [ "1.3.5.3" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f?source=api-scan" ], "published": "2024-03-14 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fff9fee5-3dca-447d-b7a8-981a5818ec12": { "id": "fff9fee5-3dca-447d-b7a8-981a5818ec12", "title": "Simple Events Calendar < 1.3.6 - Authenticated (Admin+) SQL Injection", "software": [ { "type": "plugin", "name": "Simple Events Calendar", "slug": "simple-events-calendar", "affected_versions": { "[*, 1.3.6)": { "from_version": "*", "from_inclusive": true, "to_version": "1.3.6", "to_inclusive": false } }, "patched": true, "patched_versions": [ "1.3.6" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fff9fee5-3dca-447d-b7a8-981a5818ec12?source=api-scan" ], "published": "2017-11-03 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "fffd7d50-6563-4652-8fae-3fe698125c59": { "id": "fffd7d50-6563-4652-8fae-3fe698125c59", "title": "WooCommerce Checkout Manager <= 7.3.0 - Missing Authorization", "software": [ { "type": "plugin", "name": "Checkout Field Manager (Checkout Manager) for WooCommerce", "slug": "woocommerce-checkout-manager", "affected_versions": { "* - 7.3.0": { "from_version": "*", "from_inclusive": true, "to_version": "7.3.0", "to_inclusive": true } }, "patched": true, "patched_versions": [ "7.3.1" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fffd7d50-6563-4652-8fae-3fe698125c59?source=api-scan" ], "published": "2023-11-09 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } }, "ffffedb4-633a-4490-98f1-9bc827c8ba1c": { "id": "ffffedb4-633a-4490-98f1-9bc827c8ba1c", "title": "iMember360 < 3.9.001 - Missing Authorization and Sensitive Data Exposure", "software": [ { "type": "plugin", "name": "iMember360is", "slug": "imember360", "affected_versions": { "[*, 3.9.001)": { "from_version": "*", "from_inclusive": true, "to_version": "3.9.001", "to_inclusive": false } }, "patched": true, "patched_versions": [ "3.9.001" ] } ], "informational": false, "references": [ "https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ffffedb4-633a-4490-98f1-9bc827c8ba1c?source=api-scan" ], "published": "2014-04-28 00:00:00", "copyrights": { "message": "This record contains material that is subject to copyright", "defiant": { "notice": "Copyright 2012-2024 Defiant Inc.", "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.", "license_url": "https:\/\/www.wordfence.com\/wordfence-intelligence-terms-and-conditions\/" } } } }